« back to all changes in this revision
Viewing changes to serverguide/po/is.po
- browse files at revision 99
- compare with another revision
- download diff
- download tarball
- view history from revision 99
- Committer: Jeremy Bicha
- Date: 2012-10-22 19:42:46 UTC
- Revision ID: jbicha@ubuntu.com-20121022194246-bpuxhh9k24p0hig6
Run scripts/get-pot.sh to update pot
Import translations from LP
Import translations from LP
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/is.po
7
7
msgstr ""
8
8
"Project-Id-Version: ubuntu-docs\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-08-16 01:33+0000\n"
10
"POT-Creation-Date: 2012-04-03 07:43+0000\n"
11
"PO-Revision-Date: 2012-05-11 00:52+0000\n"
12
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
13
"Language-Team: Icelandic <is@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:46+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Skjölunarverkefni Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Ubuntu Netþjóna Leiðbeiningar"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30-09-2007"
17
"X-Launchpad-Export-Date: 2012-10-22 19:34+0000\n"
18
"X-Generator: Launchpad (build 16165)\n"
31
19
32
20
#: serverguide/C/windows-networking.xml:13(title)
33
21
msgid "Windows Networking"
53
41
"fyrir þér þau grundvallaratriði og tól sem notuð er þegar þú setur upp "
54
42
"Ubuntu netþjón fyrir deilingu á þjónustum fyrir Windows tölvur."
55
43
56
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
44
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:405(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:20(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title) serverguide/C/installation.xml:1203(title)
57
45
msgid "Introduction"
58
46
msgstr "Inngangur"
59
47
155
143
"netkerfinu án kvaðningu lykilorðs. Ef þitt umhverfi krefst strangari "
156
144
"Aðgangsstýringar þá skoðið <xref linkend=\"samba-fileprint-security\"/>"
157
145
158
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
146
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:294(title) serverguide/C/web-servers.xml:53(title) serverguide/C/web-servers.xml:692(title) serverguide/C/web-servers.xml:835(title) serverguide/C/web-servers.xml:959(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2614(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:48(title) serverguide/C/remote-administration.xml:236(title) serverguide/C/remote-administration.xml:427(title) serverguide/C/network-config.xml:977(title) serverguide/C/network-config.xml:1091(title) serverguide/C/network-auth.xml:121(title) serverguide/C/network-auth.xml:2782(title) serverguide/C/network-auth.xml:3254(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:431(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:492(title) serverguide/C/mail.xml:681(title) serverguide/C/mail.xml:830(title) serverguide/C/mail.xml:1320(title) serverguide/C/lamp-applications.xml:112(title) serverguide/C/lamp-applications.xml:274(title) serverguide/C/lamp-applications.xml:410(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:949(title) serverguide/C/installation.xml:1230(title) serverguide/C/file-server.xml:359(title) serverguide/C/file-server.xml:648(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:39(title) serverguide/C/databases.xml:309(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:598(title)
159
147
msgid "Installation"
160
148
msgstr "Uppsetning"
161
149
167
155
"Fyrsta skrefið er að setja upp <application>samba</application> á tölvunni "
168
156
"þinni. Skrifaðu eftirfarandi í skráalínu:"
169
157
170
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
158
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:306(command)
171
159
msgid "sudo apt-get install samba"
172
160
msgstr "sudo apt-get install samba"
173
161
178
166
msgstr ""
179
167
"Meira var það ekki, og núna er forritið Samba tilbúið til að deila gögnum."
180
168
181
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
169
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:311(title) serverguide/C/web-servers.xml:73(title) serverguide/C/web-servers.xml:745(title) serverguide/C/web-servers.xml:846(title) serverguide/C/web-servers.xml:986(title) serverguide/C/web-servers.xml:1086(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:70(title) serverguide/C/remote-administration.xml:256(title) serverguide/C/package-management.xml:402(title) serverguide/C/network-config.xml:999(title) serverguide/C/network-config.xml:1102(title) serverguide/C/network-auth.xml:2869(title) serverguide/C/network-auth.xml:3275(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:457(title) serverguide/C/mail.xml:501(title) serverguide/C/mail.xml:691(title) serverguide/C/mail.xml:913(title) serverguide/C/mail.xml:1349(title) serverguide/C/lamp-applications.xml:132(title) serverguide/C/lamp-applications.xml:301(title) serverguide/C/lamp-applications.xml:440(title) serverguide/C/installation.xml:1246(title) serverguide/C/file-server.xml:372(title) serverguide/C/file-server.xml:674(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:82(title) serverguide/C/databases.xml:325(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:627(title)
182
170
msgid "Configuration"
183
171
msgstr "Stilling"
184
172
206
194
"eða <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
207
195
"Collection/\">Samba HOWTO Safnið</ulink> fyrir frekari upplýsingar."
208
196
209
#: serverguide/C/windows-networking.xml:116(para)
197
#: serverguide/C/windows-networking.xml:115(para)
210
198
msgid ""
211
199
"First, edit the following key/value pairs in the "
212
200
"<emphasis>[global]</emphasis> section of "
216
204
"<emphasis>[global]</emphasis> hluta af "
217
205
"<filename>/etc/samba/smb.conf</filename>:"
218
206
219
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
207
#: serverguide/C/windows-networking.xml:120(programlisting) serverguide/C/windows-networking.xml:318(programlisting) serverguide/C/windows-networking.xml:786(programlisting) serverguide/C/windows-networking.xml:1025(programlisting)
220
208
#, no-wrap
221
209
msgid ""
222
210
"\n"
229
217
" ...\n"
230
218
" security = user\n"
231
219
232
#: serverguide/C/windows-networking.xml:127(para)
220
#: serverguide/C/windows-networking.xml:126(para)
233
221
msgid ""
234
222
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
235
223
"section, and is commented by default. Also, change "
239
227
"hlutanum, og er sjálfgefið óvirk. Breyttu einnig "
240
228
"<emphasis>EXAMPLE</emphasis> til að það samsvari þínu umhverfi."
241
229
242
#: serverguide/C/windows-networking.xml:135(para)
230
#: serverguide/C/windows-networking.xml:134(para)
243
231
msgid ""
244
232
"Create a new section at the bottom of the file, or uncomment one of the "
245
233
"examples, for the directory to be shared:"
247
235
"Búðu til nýtt svæði neðst í skránni, eða virkjaðu eitt af dæmunum, fyrir "
248
236
"möppuna sem á að deila:"
249
237
250
#: serverguide/C/windows-networking.xml:139(programlisting)
238
#: serverguide/C/windows-networking.xml:138(programlisting)
251
239
#, no-wrap
252
240
msgid ""
253
241
"\n"
268
256
" read only = no\n"
269
257
" create mask = 0755\n"
270
258
271
#: serverguide/C/windows-networking.xml:151(para)
259
#: serverguide/C/windows-networking.xml:150(para)
272
260
msgid ""
273
261
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
274
262
"fit your needs."
276
264
"<emphasis>comment:</emphasis> stutt lýsing á deilingunni. Lagið að ykkur "
277
265
"þörfum."
278
266
279
#: serverguide/C/windows-networking.xml:156(para)
267
#: serverguide/C/windows-networking.xml:155(para)
280
268
msgid "<emphasis>path:</emphasis> the path to the directory to share."
281
269
msgstr "<emphasis>path:</emphasis> slóðin á möppuna sem á að deila."
282
270
283
#: serverguide/C/windows-networking.xml:159(para)
271
#: serverguide/C/windows-networking.xml:158(para)
284
272
msgid ""
285
273
"This example uses <filename>/srv/samba/sharename</filename> because, "
286
274
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
298
286
"upp Samba deilimöppu hvar sem er í skráakerfinu svo lengi sem heimildir "
299
287
"leyfa, en mælt er með að fara eftir stöðlum."
300
288
301
#: serverguide/C/windows-networking.xml:168(para)
289
#: serverguide/C/windows-networking.xml:167(para)
302
290
msgid ""
303
291
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
304
292
"directory using <application>Windows Explorer</application>."
306
294
"<emphasis>browsable:</emphasis> virkjar aðgang Windows útstöðva til að vafra "
307
295
"í gegnum deilda möppu með <application>Windows Explorer</application>."
308
296
309
#: serverguide/C/windows-networking.xml:174(para)
297
#: serverguide/C/windows-networking.xml:173(para)
310
298
msgid ""
311
299
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
312
300
"without supplying a password."
314
302
"<emphasis>guest ok:</emphasis> virkjar aðgang útstöðva til að tengjast "
315
303
"deilingu án notkunar lykilorðs."
316
304
317
#: serverguide/C/windows-networking.xml:179(para)
305
#: serverguide/C/windows-networking.xml:178(para)
318
306
msgid ""
319
307
"<emphasis>read only:</emphasis> determines if the share is read only or if "
320
308
"write privileges are granted. Write privileges are allowed only when the "
322
310
"is <emphasis>yes</emphasis>, then access to the share is read only."
323
311
msgstr ""
324
312
325
#: serverguide/C/windows-networking.xml:184(para)
313
#: serverguide/C/windows-networking.xml:183(para)
326
314
msgid ""
327
315
"<emphasis>create mask:</emphasis> determines the permissions new files will "
328
316
"have when created."
330
318
"<emphasis>create mask:</emphasis> ákveður heimildir nýrra skráa þegar þær "
331
319
"hafa verið skapaðar."
332
320
333
#: serverguide/C/windows-networking.xml:193(para)
321
#: serverguide/C/windows-networking.xml:192(para)
334
322
msgid ""
335
323
"Now that <application>Samba</application> is configured, the directory needs "
336
324
"to be created and the permissions changed. From a terminal enter:"
339
327
"búa til möppuna og heimildum breytt á henni. Í útstöðvarglugga skal slá inn "
340
328
"eftirfarandi:"
341
329
342
#: serverguide/C/windows-networking.xml:199(command)
330
#: serverguide/C/windows-networking.xml:198(command)
343
331
msgid "sudo mkdir -p /srv/samba/share"
344
332
msgstr "sudo mkdir -p /srv/samba/share"
345
333
346
#: serverguide/C/windows-networking.xml:200(command)
334
#: serverguide/C/windows-networking.xml:199(command)
347
335
msgid "sudo chown nobody.nogroup /srv/samba/share/"
348
336
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
349
337
350
#: serverguide/C/windows-networking.xml:204(para)
338
#: serverguide/C/windows-networking.xml:203(para)
351
339
msgid ""
352
340
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
353
"directory tree if it doesn't exist. Change the share name to fit your "
354
"environment."
341
"directory tree if it doesn't exist."
355
342
msgstr ""
356
"<emphasis>-p</emphasis> gildið segir mkdir að búa til alla möppuslóðina ef "
357
"það vantar upp á. Breyttu svo nafni deilingarmöppu fyrir þitt umhverfi."
358
343
359
#: serverguide/C/windows-networking.xml:213(para)
344
#: serverguide/C/windows-networking.xml:211(para)
360
345
msgid ""
361
346
"Finally, restart the <application>samba</application> services to enable the "
362
347
"new configuration:"
364
349
"Nú skal endurræsa <application>samba</application> þjónustuna til að virkja "
365
350
"nýju uppsetninguna:"
366
351
367
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
352
#: serverguide/C/windows-networking.xml:216(command) serverguide/C/windows-networking.xml:338(command) serverguide/C/windows-networking.xml:476(command) serverguide/C/windows-networking.xml:576(command) serverguide/C/windows-networking.xml:927(command) serverguide/C/windows-networking.xml:1082(command) serverguide/C/windows-networking.xml:1189(command) serverguide/C/network-auth.xml:2515(command)
368
353
msgid "sudo restart smbd"
369
354
msgstr ""
370
355
371
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
356
#: serverguide/C/windows-networking.xml:217(command) serverguide/C/windows-networking.xml:339(command) serverguide/C/windows-networking.xml:477(command) serverguide/C/windows-networking.xml:577(command) serverguide/C/windows-networking.xml:928(command) serverguide/C/windows-networking.xml:1083(command) serverguide/C/windows-networking.xml:1190(command) serverguide/C/network-auth.xml:2516(command)
372
357
msgid "sudo restart nmbd"
373
358
msgstr ""
374
359
375
#: serverguide/C/windows-networking.xml:226(para)
360
#: serverguide/C/windows-networking.xml:224(para)
376
361
msgid ""
377
362
"Once again, the above configuration gives all access to any client on the "
378
363
"local network. For a more secure configuration see <xref linkend=\"samba-"
382
367
"staðarnetinu. Fyrir öruggari uppsetningu skoðið <xref linkend=\"samba-"
383
368
"fileprint-security\"/>."
384
369
385
#: serverguide/C/windows-networking.xml:232(para)
370
#: serverguide/C/windows-networking.xml:230(para)
386
371
msgid ""
387
372
"From a Windows client you should now be able to browse to the Ubuntu file "
388
"server and see the shared directory. To check that everything is working try "
389
"creating a directory from Windows."
373
"server and see the shared directory. If your client doesn't show your share "
374
"automatically, try to access your server by its IP address, e.g. \\\\"
375
"192.168.1.1, in a Windows Explorer window. To check that everything is "
376
"working try creating a directory from Windows."
390
377
msgstr ""
391
"Frá Windows útstöð þá ættirðu að geta vafrað inn á Ubuntu skráaþjóninn og "
392
"séð deildu möppunni. Til að athuga hvort all virki sem skyldi, prófaðu að "
393
"búa til möppu frá Windows."
394
378
395
#: serverguide/C/windows-networking.xml:237(para)
379
#: serverguide/C/windows-networking.xml:234(para)
396
380
msgid ""
397
381
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
398
382
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
404
388
"endurræstu svo <emphasis>Samba</emphasis>. Vertu bara viss að mappan sem þú "
405
389
"hyggst deila sé í raun til og að heimildir á henni séu réttar."
406
390
407
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
391
#: serverguide/C/windows-networking.xml:241(para)
392
msgid ""
393
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
394
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
395
"and path names to fit your environment. It is a good idea to name a share "
396
"after a directory on the file system. Another example would be a share name "
397
"of <emphasis>[qa]</emphasis> with a path of "
398
"<filename>/srv/samba/qa</filename>."
399
msgstr ""
400
401
#: serverguide/C/windows-networking.xml:250(title) serverguide/C/windows-networking.xml:349(title) serverguide/C/windows-networking.xml:706(title) serverguide/C/windows-networking.xml:1102(title) serverguide/C/windows-networking.xml:1301(title) serverguide/C/virtualization.xml:369(title) serverguide/C/virtualization.xml:1065(title) serverguide/C/virtualization.xml:2473(title) serverguide/C/virtualization.xml:4385(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:376(title) serverguide/C/network-config.xml:586(title) serverguide/C/network-config.xml:849(title) serverguide/C/network-auth.xml:2115(title) serverguide/C/network-auth.xml:2657(title) serverguide/C/network-auth.xml:3373(title) serverguide/C/network-auth.xml:3926(title) serverguide/C/installation.xml:883(title) serverguide/C/installation.xml:1169(title) serverguide/C/installation.xml:1374(title) serverguide/C/databases.xml:273(title) serverguide/C/databases.xml:411(title) serverguide/C/backups.xml:866(title)
408
402
msgid "Resources"
409
403
msgstr "Tilföng"
410
404
411
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
405
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1106(para)
412
406
msgid ""
413
407
"For in depth Samba configurations see the <ulink "
414
408
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
418
412
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
419
413
"Safnið</ulink>"
420
414
421
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
415
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para) serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1112(para)
422
416
msgid ""
423
417
"The guide is also available in <ulink "
424
418
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
428
422
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">í "
429
423
"prentformi</ulink>."
430
424
431
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
425
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:365(para)
432
426
msgid ""
433
427
"O'Reilly's <ulink "
434
428
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
438
432
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> er "
439
433
"annað gott tilvísunarrit."
440
434
441
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
435
#: serverguide/C/windows-networking.xml:272(para) serverguide/C/windows-networking.xml:376(para) serverguide/C/windows-networking.xml:741(para) serverguide/C/windows-networking.xml:1136(para) serverguide/C/windows-networking.xml:1314(para)
442
436
msgid ""
443
437
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
444
438
"</ulink> page."
445
439
msgstr ""
446
440
447
#: serverguide/C/windows-networking.xml:275(title)
441
#: serverguide/C/windows-networking.xml:281(title)
448
442
msgid "Samba Print Server"
449
443
msgstr "Samba Prentþjónn"
450
444
451
#: serverguide/C/windows-networking.xml:277(para)
445
#: serverguide/C/windows-networking.xml:283(para)
452
446
msgid ""
453
447
"Another common use of Samba is to configure it to share printers installed, "
454
448
"either locally or over the network, on an Ubuntu server. Similar to <xref "
462
456
"leyfa öllum útstöðvum að nota uppsetta prentara án þess að biðja um "
463
457
"notendanafn eða lykilorð."
464
458
465
#: serverguide/C/windows-networking.xml:283(para)
459
#: serverguide/C/windows-networking.xml:289(para)
466
460
msgid ""
467
461
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
468
462
"security\"/>."
470
464
"Fyrir öruggari uppsetningu skoðið <xref linkend=\"samba-fileprint-"
471
465
"security\"/>."
472
466
473
#: serverguide/C/windows-networking.xml:290(para)
467
#: serverguide/C/windows-networking.xml:296(para)
474
468
msgid ""
475
469
"Before installing and configuring Samba it is best to already have a working "
476
470
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
480
474
"grunnþekkingu uppsetningu á <application>CUPS</application>. Skoðið <xref "
481
475
"linkend=\"cups\"/> fyrir ýtarlegri upplýsingar."
482
476
483
#: serverguide/C/windows-networking.xml:295(para)
477
#: serverguide/C/windows-networking.xml:301(para)
484
478
msgid ""
485
479
"To install the <application>samba</application> package, from a terminal "
486
480
"enter:"
488
482
"Til að setja upp <application>samba</application> pakkann, sláið "
489
483
"eftirfarandi inn í útstöðvarglugga."
490
484
491
#: serverguide/C/windows-networking.xml:306(para)
485
#: serverguide/C/windows-networking.xml:312(para)
492
486
msgid ""
493
487
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
494
488
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
495
489
"network, and change <emphasis>security</emphasis> to <emphasis "
496
"role=\"italic\">share</emphasis>:"
490
"role=\"italic\">user</emphasis>:"
497
491
msgstr ""
498
"Eftir uppsetningu Samba breytið <filename>/etc/samba/smb.conf</filename>. "
499
"Breytið <emphasis>workgroup</emphasis> gildinu í það sem passar við þitt net "
500
"og breytið <emphasis>security</emphasis> í <emphasis "
501
"role=\"italic\">share</emphasis>:"
502
492
503
#: serverguide/C/windows-networking.xml:318(para)
493
#: serverguide/C/windows-networking.xml:324(para)
504
494
msgid ""
505
495
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
506
496
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
508
498
"Í <emphasis>[printers]</emphasis> hlutanum breyttu þá <emphasis>guest "
509
499
"ok</emphasis> valkostinum í <emphasis role=\"italic\">yes</emphasis>:"
510
500
511
#: serverguide/C/windows-networking.xml:322(programlisting)
501
#: serverguide/C/windows-networking.xml:328(programlisting)
512
502
#, no-wrap
513
503
msgid ""
514
504
"\n"
519
509
" browsable = yes\n"
520
510
" guest ok = yes\n"
521
511
522
#: serverguide/C/windows-networking.xml:327(para)
512
#: serverguide/C/windows-networking.xml:333(para)
523
513
msgid "After editing <filename>smb.conf</filename> restart Samba:"
524
514
msgstr ""
525
515
"Eftir að hafa breytt <filename>smb.conf</filename> endurræsið þá Samba:"
526
516
527
#: serverguide/C/windows-networking.xml:336(para)
517
#: serverguide/C/windows-networking.xml:342(para)
528
518
msgid ""
529
519
"The default Samba configuration will automatically share any printers "
530
520
"installed. Simply install the printer locally on your Windows clients."
532
522
"Sjálfgefinn Samba uppsetning mun deila öllum uppsettum prenturum sjálfkrafa. "
533
523
"Einfaldlega setjið viðkomandi prentara upp á viðkomandi Windows útstöð."
534
524
535
#: serverguide/C/windows-networking.xml:365(para)
525
#: serverguide/C/windows-networking.xml:371(para)
536
526
msgid ""
537
527
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
538
528
"more information on configuring CUPS."
540
530
"Skoðið einnig <ulink url=\"http://www.cups.org/\">CUPS Heimasíðan</ulink> "
541
531
"fyrir nánari upplýsingar og stillingar fyrir CUPS."
542
532
543
#: serverguide/C/windows-networking.xml:379(title)
533
#: serverguide/C/windows-networking.xml:385(title)
544
534
msgid "Securing a Samba File and Print Server"
545
535
msgstr "Að tryggja öryggi á Samba Skráar og Prentþjóni"
546
536
547
#: serverguide/C/windows-networking.xml:382(title)
537
#: serverguide/C/windows-networking.xml:388(title)
548
538
msgid "Samba Security Modes"
549
539
msgstr "Samba Öryggisvalkostir"
550
540
551
#: serverguide/C/windows-networking.xml:384(para)
541
#: serverguide/C/windows-networking.xml:390(para)
552
542
msgid ""
553
543
"There are two security levels available to the Common Internet Filesystem "
554
544
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
557
547
"security and one way to implement share-level:"
558
548
msgstr ""
559
549
560
#: serverguide/C/windows-networking.xml:393(para)
550
#: serverguide/C/windows-networking.xml:399(para)
561
551
msgid ""
562
552
"<emphasis>security = user:</emphasis> requires clients to supply a username "
563
553
"and password to connect to shares. Samba user accounts are separate from "
565
555
"will sync system users and passwords with the Samba user database."
566
556
msgstr ""
567
557
568
#: serverguide/C/windows-networking.xml:400(para)
558
#: serverguide/C/windows-networking.xml:406(para)
569
559
msgid ""
570
560
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
571
561
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
573
563
"linkend=\"samba-dc\"/> for further information."
574
564
msgstr ""
575
565
576
#: serverguide/C/windows-networking.xml:407(para)
566
#: serverguide/C/windows-networking.xml:413(para)
577
567
msgid ""
578
568
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
579
569
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
580
570
"integration\"/> for details."
581
571
msgstr ""
582
572
583
#: serverguide/C/windows-networking.xml:413(para)
573
#: serverguide/C/windows-networking.xml:419(para)
584
574
msgid ""
585
575
"<emphasis>security = server:</emphasis> this mode is left over from before "
586
576
"Samba could become a member server, and due to some security issues should "
589
579
"of the Samba guide for more details."
590
580
msgstr ""
591
581
592
#: serverguide/C/windows-networking.xml:421(para)
582
#: serverguide/C/windows-networking.xml:427(para)
593
583
msgid ""
594
584
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
595
585
"without supplying a username and password."
596
586
msgstr ""
597
587
598
#: serverguide/C/windows-networking.xml:428(para)
588
#: serverguide/C/windows-networking.xml:434(para)
599
589
msgid ""
600
590
"The security mode you choose will depend on your environment and what you "
601
591
"need the Samba server to accomplish."
602
592
msgstr ""
603
593
604
#: serverguide/C/windows-networking.xml:434(title)
594
#: serverguide/C/windows-networking.xml:440(title)
605
595
msgid "Security = User"
606
596
msgstr ""
607
597
608
#: serverguide/C/windows-networking.xml:436(para)
598
#: serverguide/C/windows-networking.xml:442(para)
609
599
msgid ""
610
600
"This section will reconfigure the Samba file and print server, from <xref "
611
601
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
612
602
"require authentication."
613
603
msgstr ""
614
604
615
#: serverguide/C/windows-networking.xml:441(para)
605
#: serverguide/C/windows-networking.xml:447(para)
616
606
msgid ""
617
607
"First, install the <application>libpam-smbpass</application> package which "
618
608
"will sync the system users to the Samba user database:"
619
609
msgstr ""
620
610
621
#: serverguide/C/windows-networking.xml:447(command)
611
#: serverguide/C/windows-networking.xml:453(command)
622
612
msgid "sudo apt-get install libpam-smbpass"
623
613
msgstr ""
624
614
625
#: serverguide/C/windows-networking.xml:451(para)
615
#: serverguide/C/windows-networking.xml:457(para)
626
616
msgid ""
627
617
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
628
618
"<application>libpam-smbpass</application> is already installed."
629
619
msgstr ""
630
620
631
#: serverguide/C/windows-networking.xml:457(para)
621
#: serverguide/C/windows-networking.xml:463(para)
632
622
msgid ""
633
623
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
634
624
"<emphasis>[share]</emphasis> section change:"
635
625
msgstr ""
636
626
637
#: serverguide/C/windows-networking.xml:461(programlisting)
627
#: serverguide/C/windows-networking.xml:467(programlisting)
638
628
#, no-wrap
639
629
msgid ""
640
630
"\n"
641
631
" guest ok = no\n"
642
632
msgstr ""
643
633
644
#: serverguide/C/windows-networking.xml:465(para)
634
#: serverguide/C/windows-networking.xml:471(para)
645
635
msgid "Finally, restart Samba for the new settings to take effect:"
646
636
msgstr ""
647
637
648
#: serverguide/C/windows-networking.xml:474(para)
638
#: serverguide/C/windows-networking.xml:480(para)
649
639
msgid ""
650
640
"Now when connecting to the shared directories or printers you should be "
651
641
"prompted for a username and password."
652
642
msgstr ""
653
643
654
#: serverguide/C/windows-networking.xml:479(para)
644
#: serverguide/C/windows-networking.xml:485(para)
655
645
msgid ""
656
646
"If you choose to map a network drive to the share you can check the "
657
647
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
658
648
"enter the username and password once, at least until the password changes."
659
649
msgstr ""
660
650
661
#: serverguide/C/windows-networking.xml:487(title)
651
#: serverguide/C/windows-networking.xml:493(title)
662
652
msgid "Share Security"
663
653
msgstr ""
664
654
665
#: serverguide/C/windows-networking.xml:489(para)
655
#: serverguide/C/windows-networking.xml:495(para)
666
656
msgid ""
667
657
"There are several options available to increase the security for each "
668
658
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
669
659
"this section will cover some common options."
670
660
msgstr ""
671
661
672
#: serverguide/C/windows-networking.xml:495(title)
662
#: serverguide/C/windows-networking.xml:501(title)
673
663
msgid "Groups"
674
664
msgstr "Hópar"
675
665
676
#: serverguide/C/windows-networking.xml:497(para)
666
#: serverguide/C/windows-networking.xml:503(para)
677
667
msgid ""
678
668
"Groups define a collection of computers or users which have a common level "
679
669
"of access to particular network resources and offer a level of granularity "
695
685
"have only access to resources explicitly allowing the group they are part of."
696
686
msgstr ""
697
687
698
#: serverguide/C/windows-networking.xml:511(para)
688
#: serverguide/C/windows-networking.xml:517(para)
699
689
msgid ""
700
690
"By default Samba looks for the local system groups defined in "
701
691
"<filename>/etc/group</filename> to determine which users belong to which "
703
693
"<xref linkend=\"adding-deleting-users\"/>."
704
694
msgstr ""
705
695
706
#: serverguide/C/windows-networking.xml:517(para)
696
#: serverguide/C/windows-networking.xml:523(para)
707
697
msgid ""
708
698
"When defining groups in the Samba configuration file, "
709
699
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
714
704
"role=\"bold\">@sysadmin</emphasis>."
715
705
msgstr ""
716
706
717
#: serverguide/C/windows-networking.xml:526(title)
707
#: serverguide/C/windows-networking.xml:532(title)
718
708
msgid "File Permissions"
719
709
msgstr ""
720
710
721
#: serverguide/C/windows-networking.xml:528(para)
711
#: serverguide/C/windows-networking.xml:534(para)
722
712
msgid ""
723
713
"File Permissions define the explicit rights a computer or user has to a "
724
714
"particular directory, file, or set of files. Such permissions may be defined "
726
716
"the explicit permissions of a defined file share."
727
717
msgstr ""
728
718
729
#: serverguide/C/windows-networking.xml:534(para)
719
#: serverguide/C/windows-networking.xml:540(para)
730
720
msgid ""
731
721
"For example, if you have defined a Samba share called "
732
722
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
738
728
"under the <emphasis>[share]</emphasis> entry:"
739
729
msgstr ""
740
730
741
#: serverguide/C/windows-networking.xml:543(programlisting)
731
#: serverguide/C/windows-networking.xml:549(programlisting)
742
732
#, no-wrap
743
733
msgid ""
744
734
"\n"
746
736
" write list = @sysadmin, vincent\n"
747
737
msgstr ""
748
738
749
#: serverguide/C/windows-networking.xml:548(para)
739
#: serverguide/C/windows-networking.xml:554(para)
750
740
msgid ""
751
741
"Another possible Samba permission is to declare "
752
742
"<emphasis>administrative</emphasis> permissions to a particular shared "
755
745
"administrative permissions to."
756
746
msgstr ""
757
747
758
#: serverguide/C/windows-networking.xml:554(para)
748
#: serverguide/C/windows-networking.xml:560(para)
759
749
msgid ""
760
750
"For example, if you wanted to give the user <emphasis "
761
751
"role=\"italic\">melissa</emphasis> administrative permissions to the "
764
754
"under the <emphasis>[share]</emphasis> entry:"
765
755
msgstr ""
766
756
767
#: serverguide/C/windows-networking.xml:561(programlisting)
757
#: serverguide/C/windows-networking.xml:567(programlisting)
768
758
#, no-wrap
769
759
msgid ""
770
760
"\n"
771
761
" admin users = melissa\n"
772
762
msgstr ""
773
763
774
#: serverguide/C/windows-networking.xml:565(para)
764
#: serverguide/C/windows-networking.xml:571(para)
775
765
msgid ""
776
766
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
777
767
"the changes to take effect:"
778
768
msgstr ""
779
769
780
#: serverguide/C/windows-networking.xml:575(para)
770
#: serverguide/C/windows-networking.xml:581(para)
781
771
msgid ""
782
772
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
783
773
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
784
774
"<emphasis role=\"italic\">security = share</emphasis>"
785
775
msgstr ""
786
776
787
#: serverguide/C/windows-networking.xml:581(para)
777
#: serverguide/C/windows-networking.xml:587(para)
788
778
msgid ""
789
779
"Now that Samba has been configured to limit which groups have access to the "
790
780
"shared directory, the filesystem permissions need to be updated."
791
781
msgstr ""
792
782
793
#: serverguide/C/windows-networking.xml:586(para)
783
#: serverguide/C/windows-networking.xml:592(para)
794
784
msgid ""
795
785
"Traditional Linux file permissions do not map well to Windows NT Access "
796
786
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
799
789
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
800
790
msgstr ""
801
791
802
#: serverguide/C/windows-networking.xml:593(programlisting)
792
#: serverguide/C/windows-networking.xml:599(programlisting)
803
793
#, no-wrap
804
794
msgid ""
805
795
"\n"
807
797
"0 1\n"
808
798
msgstr ""
809
799
810
#: serverguide/C/windows-networking.xml:597(para)
800
#: serverguide/C/windows-networking.xml:603(para)
811
801
msgid "Then remount the partition:"
812
802
msgstr ""
813
803
814
#: serverguide/C/windows-networking.xml:602(command)
804
#: serverguide/C/windows-networking.xml:608(command)
815
805
msgid "sudo mount -v -o remount /srv"
816
806
msgstr ""
817
807
818
#: serverguide/C/windows-networking.xml:606(para)
808
#: serverguide/C/windows-networking.xml:612(para)
819
809
msgid ""
820
810
"The above example assumes <filename>/srv</filename> on a separate partition. "
821
811
"If <filename>/srv</filename>, or wherever you have configured your share "
823
813
"required."
824
814
msgstr ""
825
815
826
#: serverguide/C/windows-networking.xml:613(para)
816
#: serverguide/C/windows-networking.xml:619(para)
827
817
msgid ""
828
818
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
829
819
"group will be given read, write, and execute permissions to "
832
822
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
833
823
msgstr ""
834
824
835
#: serverguide/C/windows-networking.xml:621(command)
825
#: serverguide/C/windows-networking.xml:627(command)
836
826
msgid "sudo chown -R melissa /srv/samba/share/"
837
827
msgstr ""
838
828
839
#: serverguide/C/windows-networking.xml:622(command)
829
#: serverguide/C/windows-networking.xml:628(command)
840
830
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
841
831
msgstr ""
842
832
843
#: serverguide/C/windows-networking.xml:623(command)
833
#: serverguide/C/windows-networking.xml:629(command)
844
834
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
845
835
msgstr ""
846
836
847
#: serverguide/C/windows-networking.xml:627(para)
837
#: serverguide/C/windows-networking.xml:633(para)
848
838
msgid ""
849
839
"The <application>setfacl</application> command above gives "
850
840
"<emphasis>execute</emphasis> permissions to all files in the "
852
842
"want."
853
843
msgstr ""
854
844
855
#: serverguide/C/windows-networking.xml:633(para)
845
#: serverguide/C/windows-networking.xml:639(para)
856
846
msgid ""
857
847
"Now from a Windows client you should notice the new file permissions are "
858
848
"implemented. See the <application>acl</application> and "
860
850
"ACLs."
861
851
msgstr ""
862
852
863
#: serverguide/C/windows-networking.xml:641(title)
853
#: serverguide/C/windows-networking.xml:647(title)
864
854
msgid "Samba AppArmor Profile"
865
855
msgstr ""
866
856
867
#: serverguide/C/windows-networking.xml:643(para)
857
#: serverguide/C/windows-networking.xml:649(para)
868
858
msgid ""
869
859
"Ubuntu comes with the <application>AppArmor</application> security module, "
870
860
"which provides mandatory access controls. The default AppArmor profile for "
872
862
"using AppArmor see <xref linkend=\"apparmor\"/>."
873
863
msgstr ""
874
864
875
#: serverguide/C/windows-networking.xml:649(para)
865
#: serverguide/C/windows-networking.xml:655(para)
876
866
msgid ""
877
867
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
878
868
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
880
870
"package, from a terminal prompt enter:"
881
871
msgstr ""
882
872
883
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
884
msgid "sudo apt-get install apparmor-profiles"
873
#: serverguide/C/windows-networking.xml:662(command)
874
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
885
875
msgstr ""
886
876
887
#: serverguide/C/windows-networking.xml:660(para)
877
#: serverguide/C/windows-networking.xml:666(para)
888
878
msgid "This package contains profiles for several other binaries."
889
879
msgstr ""
890
880
891
#: serverguide/C/windows-networking.xml:665(para)
881
#: serverguide/C/windows-networking.xml:671(para)
892
882
msgid ""
893
883
"By default the profiles for <application>smbd</application> and "
894
884
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
898
888
"profile will need to be modified to reflect any directories that are shared."
899
889
msgstr ""
900
890
901
#: serverguide/C/windows-networking.xml:672(para)
891
#: serverguide/C/windows-networking.xml:678(para)
902
892
msgid ""
903
893
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
904
894
"for <emphasis>[share]</emphasis> from the file server example:"
905
895
msgstr ""
906
896
907
#: serverguide/C/windows-networking.xml:677(programlisting)
897
#: serverguide/C/windows-networking.xml:683(programlisting)
908
898
#, no-wrap
909
899
msgid ""
910
900
"\n"
912
902
" /srv/samba/share/** rwkix,\n"
913
903
msgstr ""
914
904
915
#: serverguide/C/windows-networking.xml:682(para)
905
#: serverguide/C/windows-networking.xml:688(para)
916
906
msgid ""
917
907
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
918
908
msgstr ""
919
909
920
#: serverguide/C/windows-networking.xml:687(command)
910
#: serverguide/C/windows-networking.xml:693(command)
921
911
msgid "sudo aa-enforce /usr/sbin/smbd"
922
912
msgstr ""
923
913
924
#: serverguide/C/windows-networking.xml:688(command)
914
#: serverguide/C/windows-networking.xml:694(command)
925
915
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
926
916
msgstr ""
927
917
928
#: serverguide/C/windows-networking.xml:691(para)
918
#: serverguide/C/windows-networking.xml:697(para)
929
919
msgid ""
930
920
"You should now be able to read, write, and execute files in the shared "
931
921
"directory as normal, and the <application>smbd</application> binary will "
934
924
"will be logged to <filename>/var/log/syslog</filename>."
935
925
msgstr ""
936
926
937
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
927
#: serverguide/C/windows-networking.xml:722(para) serverguide/C/windows-networking.xml:1118(para)
938
928
msgid ""
939
929
"O'Reilly's <ulink "
940
930
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
941
931
"also a good reference."
942
932
msgstr ""
943
933
944
#: serverguide/C/windows-networking.xml:722(para)
934
#: serverguide/C/windows-networking.xml:728(para)
945
935
msgid ""
946
936
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
947
937
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
948
938
"security."
949
939
msgstr ""
950
940
951
#: serverguide/C/windows-networking.xml:728(para)
941
#: serverguide/C/windows-networking.xml:734(para)
952
942
msgid ""
953
943
"For more information on Samba and ACLs see the <ulink "
954
944
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
955
945
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
956
946
msgstr ""
957
947
958
#: serverguide/C/windows-networking.xml:744(title)
948
#: serverguide/C/windows-networking.xml:750(title)
959
949
msgid "Samba as a Domain Controller"
960
950
msgstr ""
961
951
962
#: serverguide/C/windows-networking.xml:746(para)
952
#: serverguide/C/windows-networking.xml:752(para)
963
953
msgid ""
964
954
"Although it cannot act as an Active Directory Primary Domain Controller "
965
955
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
968
958
"backends to store the user information."
969
959
msgstr ""
970
960
971
#: serverguide/C/windows-networking.xml:753(title)
961
#: serverguide/C/windows-networking.xml:759(title)
972
962
msgid "Primary Domain Controller"
973
963
msgstr ""
974
964
975
#: serverguide/C/windows-networking.xml:755(para)
965
#: serverguide/C/windows-networking.xml:761(para)
976
966
msgid ""
977
967
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
978
968
"using the default smbpasswd backend."
979
969
msgstr ""
980
970
981
#: serverguide/C/windows-networking.xml:762(para)
971
#: serverguide/C/windows-networking.xml:768(para)
982
972
msgid ""
983
973
"First, install Samba, and <application>libpam-smbpass</application> to sync "
984
974
"the user accounts, by entering the following in a terminal prompt:"
985
975
msgstr ""
986
976
987
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
977
#: serverguide/C/windows-networking.xml:774(command) serverguide/C/windows-networking.xml:1015(command)
988
978
msgid "sudo apt-get install samba libpam-smbpass"
989
979
msgstr ""
990
980
991
#: serverguide/C/windows-networking.xml:774(para)
981
#: serverguide/C/windows-networking.xml:780(para)
992
982
msgid ""
993
983
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
994
984
"The <emphasis>security</emphasis> mode should be set to <emphasis "
996
986
"should relate to your organization:"
997
987
msgstr ""
998
988
999
#: serverguide/C/windows-networking.xml:789(para)
989
#: serverguide/C/windows-networking.xml:795(para)
1000
990
msgid ""
1001
991
"In the commented <quote>Domains</quote> section add or uncomment the "
1002
"following:"
992
"following (the last line has been split to fit the format of this document):"
1003
993
msgstr ""
1004
994
1005
#: serverguide/C/windows-networking.xml:793(programlisting)
995
#: serverguide/C/windows-networking.xml:799(programlisting)
1006
996
#, no-wrap
1007
997
msgid ""
1008
998
"\n"
1011
1001
" logon drive = H:\n"
1012
1002
" logon home = \\\\%N\\%U\n"
1013
1003
" logon script = logon.cmd\n"
1014
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1015
"/var/lib/samba -s /bin/false %u\n"
1016
msgstr ""
1017
1018
#: serverguide/C/windows-networking.xml:804(para)
1004
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d\n"
1005
" /var/lib/samba -s /bin/false %u\n"
1006
msgstr ""
1007
1008
#: serverguide/C/windows-networking.xml:810(para)
1009
msgid ""
1010
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1011
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1012
"commented."
1013
msgstr ""
1014
1015
#: serverguide/C/windows-networking.xml:818(para)
1019
1016
msgid ""
1020
1017
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1021
1018
"Samba to act as a domain controller."
1022
1019
msgstr ""
1023
1020
1024
#: serverguide/C/windows-networking.xml:809(para)
1021
#: serverguide/C/windows-networking.xml:823(para)
1025
1022
msgid ""
1026
1023
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1027
1024
"their home directory. It is also possible to configure a "
1029
1026
"directory."
1030
1027
msgstr ""
1031
1028
1032
#: serverguide/C/windows-networking.xml:815(para)
1029
#: serverguide/C/windows-networking.xml:829(para)
1033
1030
msgid ""
1034
1031
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1035
1032
msgstr ""
1036
1033
1037
#: serverguide/C/windows-networking.xml:820(para)
1034
#: serverguide/C/windows-networking.xml:834(para)
1038
1035
msgid ""
1039
1036
"<emphasis>logon home:</emphasis> specifies the home directory location."
1040
1037
msgstr ""
1041
1038
1042
#: serverguide/C/windows-networking.xml:825(para)
1039
#: serverguide/C/windows-networking.xml:839(para)
1043
1040
msgid ""
1044
1041
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1045
1042
"once a user has logged in. The script needs to be placed in the "
1046
1043
"<emphasis>[netlogon]</emphasis> share."
1047
1044
msgstr ""
1048
1045
1049
#: serverguide/C/windows-networking.xml:831(para)
1046
#: serverguide/C/windows-networking.xml:845(para)
1050
1047
msgid ""
1051
1048
"<emphasis>add machine script:</emphasis> a script that will automatically "
1052
1049
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1053
1050
"workstation to join the domain."
1054
1051
msgstr ""
1055
1052
1056
#: serverguide/C/windows-networking.xml:835(para)
1053
#: serverguide/C/windows-networking.xml:849(para)
1057
1054
msgid ""
1058
1055
"In this example the <emphasis>machines</emphasis> group will need to be "
1059
1056
"created using the <application>addgroup</application> utility see <xref "
1060
1057
"linkend=\"adding-deleting-users\"/> for details."
1061
1058
msgstr ""
1062
1059
1063
#: serverguide/C/windows-networking.xml:839(para)
1064
msgid ""
1065
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1066
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1067
"(and other admin functions) to work. This is achieved by executing:"
1068
msgstr ""
1069
1070
#: serverguide/C/windows-networking.xml:844(command)
1071
msgid ""
1072
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1073
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1074
"SeRemoteShutdownPrivilege"
1075
msgstr ""
1076
1077
#: serverguide/C/windows-networking.xml:851(para)
1078
msgid ""
1079
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1080
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1081
"commented."
1082
msgstr ""
1083
1084
1060
#: serverguide/C/windows-networking.xml:860(para)
1085
1061
msgid ""
1086
1062
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1148
1124
msgstr ""
1149
1125
1150
1126
#: serverguide/C/windows-networking.xml:922(para)
1127
msgid "Restart Samba to enable the new domain controller:"
1128
msgstr ""
1129
1130
#: serverguide/C/windows-networking.xml:934(para)
1131
msgid ""
1132
"Lastly, there are a few additional commands needed to setup the appropriate "
1133
"rights."
1134
msgstr ""
1135
1136
#: serverguide/C/windows-networking.xml:938(para)
1151
1137
msgid ""
1152
1138
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1153
1139
"workstation to the domain, a system group needs to be mapped to the Windows "
1155
1141
"<application>net</application> utility, from a terminal enter:"
1156
1142
msgstr ""
1157
1143
1158
#: serverguide/C/windows-networking.xml:929(command)
1144
#: serverguide/C/windows-networking.xml:945(command)
1159
1145
msgid ""
1160
1146
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1161
1147
"type=d"
1162
1148
msgstr ""
1163
1149
1164
#: serverguide/C/windows-networking.xml:933(para)
1150
#: serverguide/C/windows-networking.xml:949(para)
1165
1151
msgid ""
1166
1152
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1167
1153
"prefer. Also, the user used to join the domain needs to be a member of the "
1170
1156
"allows <application>sudo</application> use."
1171
1157
msgstr ""
1172
1158
1173
#: serverguide/C/windows-networking.xml:944(para)
1174
msgid "Finally, restart Samba to enable the new domain controller:"
1175
msgstr ""
1176
1177
#: serverguide/C/windows-networking.xml:956(para)
1159
#: serverguide/C/windows-networking.xml:955(para)
1160
msgid ""
1161
"If the user does not have Samba credentials yet, you can add them with the "
1162
"<application>smbpasswd</application> utility, change the "
1163
"<emphasis>sysadmin</emphasis> username appropriately: <screen>\n"
1164
"<command>sudo smbpasswd -a sysadmin</command>\n"
1165
"</screen>"
1166
msgstr ""
1167
1168
#: serverguide/C/windows-networking.xml:965(para)
1169
msgid ""
1170
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1171
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1172
"(and other admin functions) to work. This is achieved by executing:"
1173
msgstr ""
1174
1175
#: serverguide/C/windows-networking.xml:970(command)
1176
msgid ""
1177
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
1178
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
1179
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
1180
msgstr ""
1181
1182
#: serverguide/C/windows-networking.xml:978(para)
1178
1183
msgid ""
1179
1184
"You should now be able to join Windows clients to the Domain in the same "
1180
1185
"manner as joining them to an NT4 domain running on a Windows server."
1181
1186
msgstr ""
1182
1187
1183
#: serverguide/C/windows-networking.xml:966(title)
1188
#: serverguide/C/windows-networking.xml:988(title)
1184
1189
msgid "Backup Domain Controller"
1185
1190
msgstr ""
1186
1191
1187
#: serverguide/C/windows-networking.xml:968(para)
1192
#: serverguide/C/windows-networking.xml:990(para)
1188
1193
msgid ""
1189
1194
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1190
1195
"Backup Domain Controller (BDC) as well. This will allow clients to "
1191
1196
"authenticate in case the PDC becomes unavailable."
1192
1197
msgstr ""
1193
1198
1194
#: serverguide/C/windows-networking.xml:973(para)
1199
#: serverguide/C/windows-networking.xml:995(para)
1195
1200
msgid ""
1196
1201
"When configuring Samba as a BDC you need a way to sync account information "
1197
1202
"with the PDC. There are multiple ways of accomplishing this "
1200
1205
"backend</emphasis>."
1201
1206
msgstr ""
1202
1207
1203
#: serverguide/C/windows-networking.xml:979(para)
1208
#: serverguide/C/windows-networking.xml:1001(para)
1204
1209
msgid ""
1205
1210
"Using LDAP is the most robust way to sync account information, because both "
1206
1211
"domain controllers can use the same information in real time. However, "
1208
1213
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1209
1214
msgstr ""
1210
1215
1211
#: serverguide/C/windows-networking.xml:988(para)
1216
#: serverguide/C/windows-networking.xml:1010(para)
1212
1217
msgid ""
1213
1218
"First, install <application>samba</application> and <application>libpam-"
1214
1219
"smbpass</application>. From a terminal enter:"
1215
1220
msgstr ""
1216
1221
1217
#: serverguide/C/windows-networking.xml:999(para)
1222
#: serverguide/C/windows-networking.xml:1021(para)
1218
1223
msgid ""
1219
1224
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1220
1225
"following in the <emphasis>[global]</emphasis>:"
1221
1226
msgstr ""
1222
1227
1223
#: serverguide/C/windows-networking.xml:1012(para)
1228
#: serverguide/C/windows-networking.xml:1034(para)
1224
1229
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1225
1230
msgstr ""
1226
1231
1227
#: serverguide/C/windows-networking.xml:1016(programlisting)
1232
#: serverguide/C/windows-networking.xml:1038(programlisting)
1228
1233
#, no-wrap
1229
1234
msgid ""
1230
1235
"\n"
1232
1237
" domain master = no\n"
1233
1238
msgstr ""
1234
1239
1235
#: serverguide/C/windows-networking.xml:1024(para)
1240
#: serverguide/C/windows-networking.xml:1046(para)
1236
1241
msgid ""
1237
1242
"Make sure a user has rights to read the files in "
1238
1243
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1240
1245
"files, enter:"
1241
1246
msgstr ""
1242
1247
1243
#: serverguide/C/windows-networking.xml:1030(command)
1248
#: serverguide/C/windows-networking.xml:1052(command)
1244
1249
msgid "sudo chgrp -R admin /var/lib/samba"
1245
1250
msgstr ""
1246
1251
1247
#: serverguide/C/windows-networking.xml:1036(para)
1252
#: serverguide/C/windows-networking.xml:1058(para)
1248
1253
msgid ""
1249
1254
"Next, sync the user accounts, using <application>scp</application> to copy "
1250
1255
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1251
1256
msgstr ""
1252
1257
1253
#: serverguide/C/windows-networking.xml:1042(command)
1258
#: serverguide/C/windows-networking.xml:1064(command)
1254
1259
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1255
1260
msgstr ""
1256
1261
1257
#: serverguide/C/windows-networking.xml:1046(para)
1262
#: serverguide/C/windows-networking.xml:1068(para)
1258
1263
msgid ""
1259
1264
"Replace <emphasis>username</emphasis> with a valid username and "
1260
1265
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1261
1266
msgstr ""
1262
1267
1263
#: serverguide/C/windows-networking.xml:1055(para)
1268
#: serverguide/C/windows-networking.xml:1077(para)
1264
1269
msgid "Finally, restart <application>samba</application>:"
1265
1270
msgstr ""
1266
1271
1267
#: serverguide/C/windows-networking.xml:1067(para)
1272
#: serverguide/C/windows-networking.xml:1089(para)
1268
1273
msgid ""
1269
1274
"You can test that your Backup Domain controller is working by stopping the "
1270
1275
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1271
1276
"the domain."
1272
1277
msgstr ""
1273
1278
1274
#: serverguide/C/windows-networking.xml:1072(para)
1279
#: serverguide/C/windows-networking.xml:1094(para)
1275
1280
msgid ""
1276
1281
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1277
1282
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1280
1285
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1281
1286
msgstr ""
1282
1287
1283
#: serverguide/C/windows-networking.xml:1102(para)
1288
#: serverguide/C/windows-networking.xml:1124(para)
1284
1289
msgid ""
1285
1290
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1286
1291
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1287
1292
"up a Primary Domain Controller."
1288
1293
msgstr ""
1289
1294
1290
#: serverguide/C/windows-networking.xml:1108(para)
1295
#: serverguide/C/windows-networking.xml:1130(para)
1291
1296
msgid ""
1292
1297
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1293
1298
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1294
1299
"explains setting up a Backup Domain Controller."
1295
1300
msgstr ""
1296
1301
1297
#: serverguide/C/windows-networking.xml:1123(title)
1302
#: serverguide/C/windows-networking.xml:1145(title)
1298
1303
msgid "Samba Active Directory Integration"
1299
1304
msgstr ""
1300
1305
1301
#: serverguide/C/windows-networking.xml:1126(title)
1306
#: serverguide/C/windows-networking.xml:1148(title)
1302
1307
msgid "Accessing a Samba Share"
1303
1308
msgstr ""
1304
1309
1305
#: serverguide/C/windows-networking.xml:1128(para)
1310
#: serverguide/C/windows-networking.xml:1150(para)
1306
1311
msgid ""
1307
1312
"Another, use for Samba is to integrate into an existing Windows network. "
1308
1313
"Once part of an Active Directory domain, Samba can provide file and print "
1309
1314
"services to AD users."
1310
1315
msgstr ""
1311
1316
1312
#: serverguide/C/windows-networking.xml:1133(para)
1317
#: serverguide/C/windows-networking.xml:1155(para)
1313
1318
msgid ""
1314
1319
"The simplest way to join an AD domain is to use <application>Likewise-"
1315
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1316
"open\"/>."
1320
"open</application>. For detailed instructions see the <ulink "
1321
"url=\"http://www.likewise.com/resources/documentation_library/manuals/open/li"
1322
"kewise-open-guide.html\"> Likewise Open Installation and Administration "
1323
"Guide</ulink>."
1317
1324
msgstr ""
1318
1325
1319
#: serverguide/C/windows-networking.xml:1138(para)
1326
#: serverguide/C/windows-networking.xml:1161(para)
1320
1327
msgid ""
1321
"Once part of the domain, enter the following command in the terminal prompt:"
1328
"Once part of the Active Directory domain, enter the following command in the "
1329
"terminal prompt:"
1322
1330
msgstr ""
1323
1331
1324
#: serverguide/C/windows-networking.xml:1143(command)
1332
#: serverguide/C/windows-networking.xml:1166(command)
1325
1333
msgid "sudo apt-get install samba smbfs smbclient"
1326
1334
msgstr ""
1327
1335
1328
#: serverguide/C/windows-networking.xml:1146(para)
1329
msgid ""
1330
"Since the <application>likewise-open</application> and "
1331
"<application>samba</application> packages use separate "
1332
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1333
"<filename role=\"directory\">/var/lib/samba</filename>:"
1334
msgstr ""
1335
1336
#: serverguide/C/windows-networking.xml:1152(command)
1337
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1338
msgstr ""
1339
1340
#: serverguide/C/windows-networking.xml:1153(command)
1341
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1342
msgstr ""
1343
1344
#: serverguide/C/windows-networking.xml:1156(para)
1336
#: serverguide/C/windows-networking.xml:1169(para)
1345
1337
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1346
1338
msgstr ""
1347
1339
1348
#: serverguide/C/windows-networking.xml:1160(programlisting)
1340
#: serverguide/C/windows-networking.xml:1173(programlisting)
1349
1341
#, no-wrap
1350
1342
msgid ""
1351
1343
"\n"
1359
1351
" idmap gid = 50-9999999999\n"
1360
1352
msgstr ""
1361
1353
1362
#: serverguide/C/windows-networking.xml:1171(para)
1354
#: serverguide/C/windows-networking.xml:1184(para)
1363
1355
msgid ""
1364
1356
"Restart <application>samba</application> for the new settings to take effect:"
1365
1357
msgstr ""
1366
1358
1367
#: serverguide/C/windows-networking.xml:1180(para)
1359
#: serverguide/C/windows-networking.xml:1193(para)
1368
1360
msgid ""
1369
1361
"You should now be able to access any <application>Samba</application> shares "
1370
1362
"from a Windows client. However, be sure to give the appropriate AD users or "
1372
1364
"security\"/> for more details."
1373
1365
msgstr ""
1374
1366
1375
#: serverguide/C/windows-networking.xml:1188(title)
1367
#: serverguide/C/windows-networking.xml:1201(title)
1376
1368
msgid "Accessing a Windows Share"
1377
1369
msgstr ""
1378
1370
1379
#: serverguide/C/windows-networking.xml:1190(para)
1371
#: serverguide/C/windows-networking.xml:1203(para)
1380
1372
msgid ""
1381
1373
"Now that the Samba server is part of the Active Directory domain you can "
1382
1374
"access any Windows server shares:"
1383
1375
msgstr ""
1384
1376
1385
#: serverguide/C/windows-networking.xml:1197(para)
1377
#: serverguide/C/windows-networking.xml:1210(para)
1386
1378
msgid ""
1387
1379
"To mount a Windows file share enter the following in a terminal prompt:"
1388
1380
msgstr ""
1389
1381
1390
#: serverguide/C/windows-networking.xml:1201(command)
1382
#: serverguide/C/windows-networking.xml:1214(command)
1391
1383
msgid "mount.cifs //fs01.example.com/share mount_point"
1392
1384
msgstr ""
1393
1385
1394
#: serverguide/C/windows-networking.xml:1204(para)
1386
#: serverguide/C/windows-networking.xml:1217(para)
1395
1387
msgid ""
1396
1388
"It is also possible to access shares on computers not part of an AD domain, "
1397
1389
"but a username and password will need to be provided."
1398
1390
msgstr ""
1399
1391
1400
#: serverguide/C/windows-networking.xml:1212(para)
1392
#: serverguide/C/windows-networking.xml:1225(para)
1401
1393
msgid ""
1402
1394
"To mount the share during boot place an entry in "
1403
1395
"<filename>/etc/fstab</filename>, for example:"
1404
1396
msgstr ""
1405
1397
1406
#: serverguide/C/windows-networking.xml:1216(programlisting)
1398
#: serverguide/C/windows-networking.xml:1229(programlisting)
1407
1399
#, no-wrap
1408
1400
msgid ""
1409
1401
"\n"
1411
1403
"0 0\n"
1412
1404
msgstr ""
1413
1405
1414
#: serverguide/C/windows-networking.xml:1223(para)
1406
#: serverguide/C/windows-networking.xml:1236(para)
1415
1407
msgid ""
1416
1408
"Another way to copy files from a Windows server is to use the "
1417
1409
"<application>smbclient</application> utility. To list the files in a Windows "
1418
1410
"share:"
1419
1411
msgstr ""
1420
1412
1421
#: serverguide/C/windows-networking.xml:1229(command)
1413
#: serverguide/C/windows-networking.xml:1242(command)
1422
1414
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1423
1415
msgstr ""
1424
1416
1425
#: serverguide/C/windows-networking.xml:1235(para)
1417
#: serverguide/C/windows-networking.xml:1248(para)
1426
1418
msgid "To copy a file from the share, enter:"
1427
1419
msgstr ""
1428
1420
1429
#: serverguide/C/windows-networking.xml:1240(command)
1421
#: serverguide/C/windows-networking.xml:1253(command)
1430
1422
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1431
1423
msgstr ""
1432
1424
1433
#: serverguide/C/windows-networking.xml:1243(para)
1425
#: serverguide/C/windows-networking.xml:1256(para)
1434
1426
msgid ""
1435
1427
"This will copy the <filename>file.txt</filename> into the current directory."
1436
1428
msgstr ""
1437
1429
1438
#: serverguide/C/windows-networking.xml:1250(para)
1430
#: serverguide/C/windows-networking.xml:1263(para)
1439
1431
msgid "And to copy a file to the share:"
1440
1432
msgstr ""
1441
1433
1442
#: serverguide/C/windows-networking.xml:1255(command)
1434
#: serverguide/C/windows-networking.xml:1268(command)
1443
1435
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1444
1436
msgstr ""
1445
1437
1446
#: serverguide/C/windows-networking.xml:1258(para)
1438
#: serverguide/C/windows-networking.xml:1271(para)
1447
1439
msgid ""
1448
1440
"This will copy the <filename>/etc/hosts</filename> to "
1449
1441
"<filename>//fs01.example.com/share/hosts</filename>."
1450
1442
msgstr ""
1451
1443
1452
#: serverguide/C/windows-networking.xml:1265(para)
1444
#: serverguide/C/windows-networking.xml:1278(para)
1453
1445
msgid ""
1454
1446
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1455
1447
"<application>smbclient</application> command all at once. This is useful for "
1458
1450
"and directory commands, simply execute:"
1459
1451
msgstr ""
1460
1452
1461
#: serverguide/C/windows-networking.xml:1272(command)
1453
#: serverguide/C/windows-networking.xml:1285(command)
1462
1454
msgid "smbclient //fs01.example.com/share -k"
1463
1455
msgstr ""
1464
1456
1465
#: serverguide/C/windows-networking.xml:1279(para)
1457
#: serverguide/C/windows-networking.xml:1292(para)
1466
1458
msgid ""
1467
1459
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1468
1460
"<emphasis>//192.168.0.5/share</emphasis>, "
1471
1463
"file name, and an actual username and password with rights to the share."
1472
1464
msgstr ""
1473
1465
1474
#: serverguide/C/windows-networking.xml:1290(para)
1466
#: serverguide/C/windows-networking.xml:1303(para)
1475
1467
msgid ""
1476
1468
"For more <application>smbclient</application> options see the man page: "
1477
1469
"<command>man smbclient</command>, also available <ulink "
1478
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1479
">online</ulink>."
1470
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man1/smbclient.1.html\">"
1471
"online</ulink>."
1480
1472
msgstr ""
1481
1473
1482
#: serverguide/C/windows-networking.xml:1295(para)
1474
#: serverguide/C/windows-networking.xml:1308(para)
1483
1475
msgid ""
1484
1476
"The <application>mount.cifs</application><ulink "
1485
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1486
"\">man page</ulink> is also useful for more detailed information."
1487
msgstr ""
1488
1489
#: serverguide/C/windows-networking.xml:1308(title)
1490
msgid "Likewise Open"
1491
msgstr ""
1492
1493
#: serverguide/C/windows-networking.xml:1310(para)
1494
msgid ""
1495
"<application>Likewise Open</application> simplifies the necessary "
1496
"configuration needed to authenticate a Linux machine to an Active Directory "
1497
"domain. Based on <application>winbind</application>, the "
1498
"<application>likewise-open</application> package takes the pain out of "
1499
"integrating Ubuntu authentication into an existing Windows network."
1500
msgstr ""
1501
1502
#: serverguide/C/windows-networking.xml:1319(para)
1503
msgid ""
1504
"There are two ways to use Likewise Open, <application>likewise-"
1505
"open</application> the command line utility and <application>likewise-open-"
1506
"gui</application>. This section focuses on the command line utility."
1507
msgstr ""
1508
1509
#: serverguide/C/windows-networking.xml:1324(para)
1510
msgid ""
1511
"To install the <application>likewise-open</application> package, open a "
1512
"terminal prompt and enter:"
1513
msgstr ""
1514
1515
#: serverguide/C/windows-networking.xml:1329(command)
1516
msgid "sudo apt-get install likewise-open"
1517
msgstr "sudo apt-get install likewise-open"
1518
1519
#: serverguide/C/windows-networking.xml:1334(title)
1520
msgid "Joining a Domain"
1521
msgstr ""
1522
1523
#: serverguide/C/windows-networking.xml:1336(para)
1524
msgid ""
1525
"The main executable file of the <application>likewise-open</application> "
1526
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1527
"join your computer to the domain. Before you join a domain you will need to "
1528
"make sure you have:"
1529
msgstr ""
1530
1531
#: serverguide/C/windows-networking.xml:1344(para)
1532
msgid ""
1533
"Access to an Active Directory user with appropriate rights to join the "
1534
"domain."
1535
msgstr ""
1536
1537
#: serverguide/C/windows-networking.xml:1349(para)
1538
msgid ""
1539
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1540
"you want to join. If your AD domain does not match a valid domain such as "
1541
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1542
"the form of <emphasis>domainname.local</emphasis>."
1543
msgstr ""
1544
1545
#: serverguide/C/windows-networking.xml:1356(para)
1546
msgid ""
1547
"DNS for the domain setup properly. In a production AD environment this "
1548
"should be the case. Proper Microsoft DNS is needed so that client "
1549
"workstations can determine the Active Directory domain is available."
1550
msgstr ""
1551
1552
#: serverguide/C/windows-networking.xml:1360(para)
1553
msgid ""
1554
"If you don't have a Windows DNS server on your network, see <xref "
1555
"linkend=\"likewise-open-ms-dns\"/> for details."
1556
msgstr ""
1557
1558
#: serverguide/C/windows-networking.xml:1367(para)
1559
msgid "To join a domain, from a terminal prompt enter:"
1560
msgstr ""
1561
1562
#: serverguide/C/windows-networking.xml:1372(command)
1563
msgid "sudo domainjoin-cli join example.com Administrator"
1564
msgstr ""
1565
1566
#: serverguide/C/windows-networking.xml:1376(para)
1567
msgid ""
1568
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1569
"<emphasis>Administrator</emphasis> with the appropriate user name."
1570
msgstr ""
1571
1572
#: serverguide/C/windows-networking.xml:1382(para)
1573
msgid ""
1574
"You will then be prompted for the user's password. If all goes well a "
1575
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1576
msgstr ""
1577
1578
#: serverguide/C/windows-networking.xml:1388(para)
1579
msgid ""
1580
"After joining the domain, it is necessary to reboot before attempting to "
1581
"authenticate against the domain."
1582
msgstr ""
1583
1584
#: serverguide/C/windows-networking.xml:1394(para)
1585
msgid ""
1586
"After successfully joining an Ubuntu machine to an Active Directory domain "
1587
"you can authenticate using any valid AD user. To login you will need to "
1588
"enter the user name as 'domain\\username'. For example to ssh to a server "
1589
"joined to the domain enter:"
1590
msgstr ""
1591
1592
#: serverguide/C/windows-networking.xml:1401(command)
1593
msgid "ssh 'example\\steve'@hostname"
1594
msgstr ""
1595
1596
#: serverguide/C/windows-networking.xml:1405(para)
1597
msgid ""
1598
"If configuring a Desktop the user name will need to be prefixed with "
1599
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1600
msgstr ""
1601
1602
#: serverguide/C/windows-networking.xml:1411(para)
1603
msgid ""
1604
"To make likewise-open use a default domain, you can add the following "
1605
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1606
msgstr ""
1607
1608
#: serverguide/C/windows-networking.xml:1415(programlisting)
1609
#, no-wrap
1610
msgid ""
1611
"\n"
1612
"winbind use default domain = yes\n"
1613
msgstr ""
1614
1615
#: serverguide/C/windows-networking.xml:1419(para)
1616
msgid "Then restart the <application>likewise-open</application> daemons:"
1617
msgstr ""
1618
1619
#: serverguide/C/windows-networking.xml:1424(command)
1620
msgid "sudo /etc/init.d/likewise-open restart"
1621
msgstr ""
1622
1623
#: serverguide/C/windows-networking.xml:1428(para)
1624
msgid ""
1625
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1626
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1627
"using only their username."
1628
msgstr ""
1629
1630
#: serverguide/C/windows-networking.xml:1434(para)
1631
msgid ""
1632
"The <application>domainjoin-cli</application> utility can also be used to "
1633
"leave the domain. From a terminal:"
1634
msgstr ""
1635
1636
#: serverguide/C/windows-networking.xml:1439(command)
1637
msgid "sudo domainjoin-cli leave"
1638
msgstr "sudo domainjoin-cli leave"
1639
1640
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1641
msgid "Other Utilities"
1642
msgstr ""
1643
1644
#: serverguide/C/windows-networking.xml:1446(para)
1645
msgid ""
1646
"The <application>likewise-open</application> package comes with a few other "
1647
"utilities that may be useful for gathering information about the Active "
1648
"Directory environment. These utilities are used to join the machine to the "
1649
"domain, and are the same as those available in the <application>samba-"
1650
"common</application> and <application>winbind</application> packages:"
1651
msgstr ""
1652
1653
#: serverguide/C/windows-networking.xml:1455(para)
1654
msgid ""
1655
"<application>lwinet</application>: Returns information about the network and "
1656
"the domain."
1657
msgstr ""
1658
1659
#: serverguide/C/windows-networking.xml:1460(para)
1660
msgid ""
1661
"<application>lwimsg</application>: Allows interaction with the "
1662
"<application>likewise-winbindd</application> daemon."
1663
msgstr ""
1664
1665
#: serverguide/C/windows-networking.xml:1465(para)
1666
msgid ""
1667
"<application>lwiinfo</application>: Displays information about various parts "
1668
"of the Domain."
1669
msgstr ""
1670
1671
#: serverguide/C/windows-networking.xml:1471(para)
1672
msgid "Please refer to each utility's man page specific for details."
1673
msgstr ""
1674
1675
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1676
msgid "Troubleshooting"
1677
msgstr ""
1678
1679
#: serverguide/C/windows-networking.xml:1481(para)
1680
msgid ""
1681
"If the client has trouble joining the domain, double check that the "
1682
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1683
"example:"
1684
msgstr ""
1685
1686
#: serverguide/C/windows-networking.xml:1486(programlisting)
1687
#, no-wrap
1688
msgid ""
1689
"\n"
1690
"nameserver 192.168.0.1\n"
1691
msgstr ""
1692
1693
#: serverguide/C/windows-networking.xml:1491(para)
1694
msgid ""
1695
"For more information when joining a domain, use the <emphasis>--loglevel "
1696
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1697
"<application>domainjoin-cli</application> utility:"
1698
msgstr ""
1699
1700
#: serverguide/C/windows-networking.xml:1497(command)
1701
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1702
msgstr ""
1703
1704
#: serverguide/C/windows-networking.xml:1501(para)
1705
msgid ""
1706
"If an Active Directory user has trouble logging in, check the "
1707
"<filename>/var/log/auth.log</filename> for details."
1708
msgstr ""
1709
1710
#: serverguide/C/windows-networking.xml:1506(para)
1711
msgid ""
1712
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1713
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1714
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1715
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1716
"<emphasis>hosts</emphasis> option. For example:"
1717
msgstr ""
1718
1719
#: serverguide/C/windows-networking.xml:1512(programlisting)
1720
#, no-wrap
1721
msgid ""
1722
"\n"
1723
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1724
msgstr ""
1725
1726
#: serverguide/C/windows-networking.xml:1516(para)
1727
msgid "Change the above to:"
1728
msgstr ""
1729
1730
#: serverguide/C/windows-networking.xml:1520(programlisting)
1731
#, no-wrap
1732
msgid ""
1733
"\n"
1734
"hosts: files dns [NOTFOUND=return]\n"
1735
msgstr ""
1736
1737
#: serverguide/C/windows-networking.xml:1524(para)
1738
msgid "Then restart networking by entering:"
1739
msgstr ""
1740
1741
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1742
msgid "sudo /etc/init.d/networking restart"
1743
msgstr "sudo /etc/init.d/networking restart"
1744
1745
#: serverguide/C/windows-networking.xml:1532(para)
1746
msgid "You should now be able to join the Active Directory domain."
1747
msgstr ""
1748
1749
#: serverguide/C/windows-networking.xml:1540(title)
1750
msgid "Microsoft DNS"
1751
msgstr ""
1752
1753
#: serverguide/C/windows-networking.xml:1542(para)
1754
msgid ""
1755
"The following are instructions for installing DNS on an Active Directory "
1756
"domain controller running Windows Server 2003, but the instructions should "
1757
"be similar for other versions:"
1758
msgstr ""
1759
1760
#: serverguide/C/windows-networking.xml:1551(para)
1761
msgid ""
1762
"Click "
1763
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1764
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1765
"This will open the <application>Server Role Mangement</application> utility."
1766
msgstr ""
1767
1768
#: serverguide/C/windows-networking.xml:1559(para)
1769
msgid "Click <guilabel>Add or remove a role</guilabel>"
1770
msgstr ""
1771
1772
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1773
msgid "Click Next"
1774
msgstr ""
1775
1776
#: serverguide/C/windows-networking.xml:1561(para)
1777
msgid "Select \"DNS Server\""
1778
msgstr ""
1779
1780
#: serverguide/C/windows-networking.xml:1563(para)
1781
msgid "Click Next again to proceed"
1782
msgstr ""
1783
1784
#: serverguide/C/windows-networking.xml:1564(para)
1785
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1786
msgstr ""
1787
1788
#: serverguide/C/windows-networking.xml:1566(para)
1789
msgid ""
1790
"Make sure \"This server maintains the zone\" is selected and click Next."
1791
msgstr ""
1792
1793
#: serverguide/C/windows-networking.xml:1567(para)
1794
msgid "Enter your domain name and click Next"
1795
msgstr ""
1796
1797
#: serverguide/C/windows-networking.xml:1568(para)
1798
msgid "Click Next to \"Allow only secure dynamic updates\""
1799
msgstr ""
1800
1801
#: serverguide/C/windows-networking.xml:1570(para)
1802
msgid ""
1803
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1804
"should not forward queries\" and click Next."
1805
msgstr ""
1806
1807
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1808
msgid "Click Finish"
1809
msgstr ""
1810
1811
#: serverguide/C/windows-networking.xml:1577(para)
1812
msgid ""
1813
"DNS is now installed and can be further configured using the "
1814
"<application>Microsoft Management Console</application> DNS snap-in."
1815
msgstr ""
1816
1817
#: serverguide/C/windows-networking.xml:1585(para)
1818
msgid "Click Start"
1819
msgstr ""
1820
1821
#: serverguide/C/windows-networking.xml:1586(para)
1822
msgid "Control Panel"
1823
msgstr ""
1824
1825
#: serverguide/C/windows-networking.xml:1587(para)
1826
msgid "Network Connections"
1827
msgstr ""
1828
1829
#: serverguide/C/windows-networking.xml:1588(para)
1830
msgid "Right Click \"Local Area Connection\""
1831
msgstr ""
1832
1833
#: serverguide/C/windows-networking.xml:1589(para)
1834
msgid "Click Properties"
1835
msgstr ""
1836
1837
#: serverguide/C/windows-networking.xml:1590(para)
1838
msgid "Double click \"Internet Protocol (TCP/IP)\""
1839
msgstr ""
1840
1841
#: serverguide/C/windows-networking.xml:1591(para)
1842
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1843
msgstr ""
1844
1845
#: serverguide/C/windows-networking.xml:1592(para)
1846
msgid "Click Ok"
1847
msgstr ""
1848
1849
#: serverguide/C/windows-networking.xml:1593(para)
1850
msgid "Click Ok again to save the settings"
1851
msgstr ""
1852
1853
#: serverguide/C/windows-networking.xml:1582(para)
1854
msgid ""
1855
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1856
msgstr ""
1857
1858
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1859
msgid "References"
1860
msgstr "Tilvitnanir"
1861
1862
#: serverguide/C/windows-networking.xml:1602(para)
1863
msgid ""
1864
"Please refer to the <ulink "
1865
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1866
"further information."
1867
msgstr ""
1868
1869
#: serverguide/C/windows-networking.xml:1606(para)
1870
msgid ""
1871
"For more <application>domainjoin-cli</application> options see the man page: "
1872
"<command>man domainjoin-cli</command>."
1873
msgstr ""
1874
1875
#: serverguide/C/windows-networking.xml:1610(para)
1876
msgid ""
1877
"Also, see the <ulink "
1878
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1879
"LikewiseOpen</ulink> page."
1477
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/mount.cifs.8.html\""
1478
">man page</ulink> is also useful for more detailed information."
1880
1479
msgstr ""
1881
1480
1882
1481
#: serverguide/C/web-servers.xml:13(title)
1900
1499
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1901
1500
"are used to serve Web Pages requested by client computers. Clients typically "
1902
1501
"request and view Web Pages using Web Browser applications such as "
1903
"<application>Firefox</application>, <application>Opera</application>, or "
1904
"<application>Mozilla</application>."
1502
"<application>Firefox</application>, <application>Opera</application>, "
1503
"<application>Chromium</application>, or <application>Mozilla</application>."
1905
1504
msgstr ""
1906
1505
1907
#: serverguide/C/web-servers.xml:24(para)
1506
#: serverguide/C/web-servers.xml:26(para)
1908
1507
msgid ""
1909
1508
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1910
1509
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1911
1510
"resource. For example, to view the home page of the <ulink "
1912
1511
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1913
"the FQDN. To request specific information about <ulink "
1914
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1915
"enter the FQDN followed by a path."
1916
msgstr ""
1917
1918
#: serverguide/C/web-servers.xml:29(para)
1512
"the FQDN:"
1513
msgstr ""
1514
1515
#: serverguide/C/web-servers.xml:31(userinput)
1516
#, no-wrap
1517
msgid "www.ubuntu.com"
1518
msgstr ""
1519
1520
#: serverguide/C/web-servers.xml:34(para)
1521
msgid ""
1522
"To view the <ulink url=\"http://www.ubuntu.com/community\">community</ulink> "
1523
"sub-page, a user will enter the FQDN followed by a path:"
1524
msgstr ""
1525
1526
#: serverguide/C/web-servers.xml:37(userinput)
1527
#, no-wrap
1528
msgid "www.ubuntu.com/community"
1529
msgstr ""
1530
1531
#: serverguide/C/web-servers.xml:40(para)
1919
1532
msgid ""
1920
1533
"The most common protocol used to transfer Web pages is the Hyper Text "
1921
1534
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1923
1536
"protocol for uploading and downloading files, are also supported."
1924
1537
msgstr ""
1925
1538
1926
#: serverguide/C/web-servers.xml:33(para)
1539
#: serverguide/C/web-servers.xml:45(para)
1927
1540
msgid ""
1928
1541
"Apache Web Servers are often used in combination with the "
1929
1542
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1934
1547
"for the development and deployment of Web-based applications."
1935
1548
msgstr ""
1936
1549
1937
#: serverguide/C/web-servers.xml:42(para)
1550
#: serverguide/C/web-servers.xml:54(para)
1938
1551
msgid ""
1939
1552
"The <application>Apache2</application> web server is available in Ubuntu "
1940
1553
"Linux. To install Apache2:"
1941
1554
msgstr ""
1942
1555
1943
#: serverguide/C/web-servers.xml:48(para)
1556
#: serverguide/C/web-servers.xml:60(para) serverguide/C/lamp-applications.xml:39(para)
1944
1557
msgid "At a terminal prompt enter the following command:"
1945
1558
msgstr ""
1946
1559
1947
#: serverguide/C/web-servers.xml:53(command)
1560
#: serverguide/C/web-servers.xml:65(command)
1948
1561
msgid "sudo apt-get install apache2"
1949
1562
msgstr ""
1950
1563
1951
#: serverguide/C/web-servers.xml:63(para)
1564
#: serverguide/C/web-servers.xml:75(para)
1952
1565
msgid ""
1953
1566
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1954
1567
"text configuration files. These <emphasis>directives</emphasis> are "
1955
1568
"separated between the following files and directories:"
1956
1569
msgstr ""
1957
1570
1958
#: serverguide/C/web-servers.xml:71(para)
1571
#: serverguide/C/web-servers.xml:83(para)
1959
1572
msgid ""
1960
1573
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1961
1574
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1962
1575
msgstr ""
1963
1576
1964
#: serverguide/C/web-servers.xml:77(para)
1577
#: serverguide/C/web-servers.xml:89(para)
1965
1578
msgid ""
1966
1579
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1967
1580
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1968
1581
"serve content may add files, or symlinks, to this directory."
1969
1582
msgstr ""
1970
1583
1971
#: serverguide/C/web-servers.xml:83(para)
1584
#: serverguide/C/web-servers.xml:95(para)
1972
1585
msgid ""
1973
1586
"<emphasis>envvars:</emphasis> file where Apache2 "
1974
1587
"<emphasis>environment</emphasis> variables are set."
1975
1588
msgstr ""
1976
1589
1977
#: serverguide/C/web-servers.xml:88(para)
1590
#: serverguide/C/web-servers.xml:100(para)
1978
1591
msgid ""
1979
1592
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1980
"file, named after the <application>httpd</application> daemon. The file can "
1981
"be used for <emphasis>user specific</emphasis> configuration options that "
1982
"globally effect Apache2."
1593
"file, named after the <application>httpd</application> daemon. Now the file "
1594
"is typically empty, as most configuration options have been moved to the "
1595
"below referenced directories. The file can be used for <emphasis>user "
1596
"specific</emphasis> configuration options that globally effect Apache2."
1983
1597
msgstr ""
1984
1598
1985
#: serverguide/C/web-servers.xml:95(para)
1599
#: serverguide/C/web-servers.xml:108(para)
1986
1600
msgid ""
1987
1601
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1988
1602
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1989
1603
"modules will have specific configuration files, however."
1990
1604
msgstr ""
1991
1605
1992
#: serverguide/C/web-servers.xml:101(para)
1606
#: serverguide/C/web-servers.xml:114(para)
1993
1607
msgid ""
1994
1608
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1995
1609
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1997
1611
"<application>apache2</application> is restarted."
1998
1612
msgstr ""
1999
1613
2000
#: serverguide/C/web-servers.xml:108(para)
1614
#: serverguide/C/web-servers.xml:121(para)
2001
1615
msgid ""
2002
1616
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2003
1617
"TCP ports Apache2 is listening on."
2004
1618
msgstr ""
2005
1619
2006
#: serverguide/C/web-servers.xml:113(para)
1620
#: serverguide/C/web-servers.xml:126(para)
2007
1621
msgid ""
2008
1622
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2009
1623
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2010
1624
"to be configured for multiple sites that have separate configurations."
2011
1625
msgstr ""
2012
1626
2013
#: serverguide/C/web-servers.xml:119(para)
1627
#: serverguide/C/web-servers.xml:132(para)
2014
1628
msgid ""
2015
1629
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2016
1630
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2019
1633
"it will be active once Apache2 is restarted."
2020
1634
msgstr ""
2021
1635
2022
#: serverguide/C/web-servers.xml:127(para)
1636
#: serverguide/C/web-servers.xml:140(para)
2023
1637
msgid ""
2024
1638
"In addition, other configuration files may be added using the "
2025
1639
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2028
1642
"recognized by Apache2 when it is started or restarted."
2029
1643
msgstr ""
2030
1644
2031
#: serverguide/C/web-servers.xml:136(para)
1645
#: serverguide/C/web-servers.xml:149(para)
2032
1646
msgid ""
2033
1647
"The server also reads a file containing mime document types; the filename is "
2034
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2035
"<filename>/etc/mime.types</filename> by default."
1648
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
1649
"<filename>/etc/apache2/mods-available/mime.conf</filename>, which might also "
1650
"include additions and overrides, and is <filename>/etc/mime.types</filename> "
1651
"by default."
2036
1652
msgstr ""
2037
1653
2038
#: serverguide/C/web-servers.xml:141(title)
1654
#: serverguide/C/web-servers.xml:157(title)
2039
1655
msgid "Basic Settings"
2040
1656
msgstr "Grunnstillingar"
2041
1657
2042
#: serverguide/C/web-servers.xml:142(para)
1658
#: serverguide/C/web-servers.xml:158(para)
2043
1659
msgid ""
2044
1660
"This section explains Apache2 server essential configuration parameters. "
2045
1661
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2046
1662
"Documentation</ulink> for more details."
2047
1663
msgstr ""
2048
1664
2049
#: serverguide/C/web-servers.xml:150(para)
1665
#: serverguide/C/web-servers.xml:166(para)
2050
1666
msgid ""
2051
1667
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2052
1668
"it is configured with a single default virtual host (using the "
2059
1675
"<filename>/etc/apache2/sites-available/default</filename>."
2060
1676
msgstr ""
2061
1677
2062
#: serverguide/C/web-servers.xml:163(para)
1678
#: serverguide/C/web-servers.xml:179(para)
2063
1679
msgid ""
2064
1680
"The directives set for a virtual host only apply to that particular virtual "
2065
1681
"host. If a directive is set server-wide and not defined within the virtual "
2068
1684
"virtual host."
2069
1685
msgstr ""
2070
1686
2071
#: serverguide/C/web-servers.xml:171(para)
1687
#: serverguide/C/web-servers.xml:187(para)
2072
1688
msgid ""
2073
1689
"If you wish to configure a new virtual host or site, copy that file into the "
2074
1690
"same directory with a name you choose. For example:"
2075
1691
msgstr ""
2076
1692
2077
#: serverguide/C/web-servers.xml:177(command)
1693
#: serverguide/C/web-servers.xml:193(command)
2078
1694
msgid ""
2079
1695
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2080
1696
"available/mynewsite"
2081
1697
msgstr ""
2082
1698
2083
#: serverguide/C/web-servers.xml:180(para)
1699
#: serverguide/C/web-servers.xml:196(para)
2084
1700
msgid ""
2085
1701
"Edit the new file to configure the new site using some of the directives "
2086
1702
"described below."
2087
1703
msgstr ""
2088
1704
2089
#: serverguide/C/web-servers.xml:187(para)
1705
#: serverguide/C/web-servers.xml:203(para)
2090
1706
msgid ""
2091
1707
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2092
1708
"to be advertised for the server's administrator. The default value is "
2097
1713
"configuration file in /etc/apache2/sites-available."
2098
1714
msgstr ""
2099
1715
2100
#: serverguide/C/web-servers.xml:198(para)
1716
#: serverguide/C/web-servers.xml:214(para)
2101
1717
msgid ""
2102
1718
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2103
1719
"the IP address, Apache2 should listen on. If the IP address is not "
2110
1726
"<filename>/etc/apache2/ports.conf</filename>"
2111
1727
msgstr ""
2112
1728
2113
#: serverguide/C/web-servers.xml:211(para)
1729
#: serverguide/C/web-servers.xml:227(para)
2114
1730
msgid ""
2115
1731
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2116
1732
"FQDN your site should answer to. The default virtual host has no ServerName "
2123
1739
"available/mynewsite</filename>)."
2124
1740
msgstr ""
2125
1741
2126
#: serverguide/C/web-servers.xml:223(para)
1742
#: serverguide/C/web-servers.xml:239(para)
2127
1743
msgid ""
2128
1744
"You may also want your site to respond to www.ubunturocks.com, since many "
2129
1745
"users will assume the www prefix is appropriate. Use the "
2131
1747
"wildcards in the ServerAlias directive."
2132
1748
msgstr ""
2133
1749
2134
#: serverguide/C/web-servers.xml:230(para)
1750
#: serverguide/C/web-servers.xml:246(para)
2135
1751
msgid ""
2136
1752
"For example, the following configuration will cause your site to respond to "
2137
1753
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2138
1754
msgstr ""
2139
1755
2140
#: serverguide/C/web-servers.xml:236(programlisting)
1756
#: serverguide/C/web-servers.xml:252(programlisting)
2141
1757
#, no-wrap
2142
1758
msgid ""
2143
1759
"\n"
2144
1760
"ServerAlias *.ubunturocks.com\n"
2145
1761
msgstr ""
2146
1762
2147
#: serverguide/C/web-servers.xml:242(para)
1763
#: serverguide/C/web-servers.xml:258(para)
2148
1764
msgid ""
2149
1765
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2150
1766
"should look for the files that make up the site. The default value is "
2151
"/var/www. No site is configured there, but if you uncomment the "
2152
"<emphasis>RedirectMatch</emphasis> directive in "
2153
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2154
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2155
"this value in your site's virtual host file, and remember to create that "
2156
"directory if necessary!"
2157
msgstr ""
2158
2159
#: serverguide/C/web-servers.xml:254(para)
2160
msgid ""
2161
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2162
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2163
"enabled point to \"available\" sites."
2164
msgstr ""
2165
2166
#: serverguide/C/web-servers.xml:260(para)
1767
"/var/www, as specified in <filename>/etc/apache2/sites-"
1768
"available/default</filename>. If desired, change this value in your site's "
1769
"virtual host file, and remember to create that directory if necessary!"
1770
msgstr ""
1771
1772
#: serverguide/C/web-servers.xml:267(para)
2167
1773
msgid ""
2168
1774
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2169
1775
"<application>a2ensite</application> utility and restart Apache2:"
2170
1776
msgstr ""
2171
1777
2172
#: serverguide/C/web-servers.xml:266(command)
1778
#: serverguide/C/web-servers.xml:273(command)
2173
1779
msgid "sudo a2ensite mynewsite"
2174
1780
msgstr ""
2175
1781
2176
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2177
msgid "sudo /etc/init.d/apache2 restart"
2178
msgstr "sudo /etc/init.d/apache2 restart"
1782
#: serverguide/C/web-servers.xml:274(command) serverguide/C/web-servers.xml:292(command) serverguide/C/web-servers.xml:533(command) serverguide/C/web-servers.xml:542(command) serverguide/C/web-servers.xml:601(command) serverguide/C/mail.xml:937(command) serverguide/C/lamp-applications.xml:224(command)
1783
msgid "sudo service apache2 restart"
1784
msgstr ""
2179
1785
2180
#: serverguide/C/web-servers.xml:271(para)
1786
#: serverguide/C/web-servers.xml:278(para)
2181
1787
msgid ""
2182
1788
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2183
1789
"name for the VirtualHost. One method is to name the file after the "
2184
1790
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2185
1791
msgstr ""
2186
1792
2187
#: serverguide/C/web-servers.xml:278(para)
1793
#: serverguide/C/web-servers.xml:285(para)
2188
1794
msgid ""
2189
1795
"Similarly, use the <application>a2dissite</application> utility to disable "
2190
1796
"sites. This is can be useful when troubleshooting configuration problems "
2191
1797
"with multiple VirtualHosts:"
2192
1798
msgstr ""
2193
1799
2194
#: serverguide/C/web-servers.xml:284(command)
1800
#: serverguide/C/web-servers.xml:291(command)
2195
1801
msgid "sudo a2dissite mynewsite"
2196
1802
msgstr ""
2197
1803
2198
#: serverguide/C/web-servers.xml:290(title)
1804
#: serverguide/C/web-servers.xml:297(title)
2199
1805
msgid "Default Settings"
2200
1806
msgstr "Sjálfgefnar stillingar"
2201
1807
2202
#: serverguide/C/web-servers.xml:292(para)
1808
#: serverguide/C/web-servers.xml:299(para)
2203
1809
msgid ""
2204
1810
"This section explains configuration of the Apache2 server default settings. "
2205
1811
"For example, if you add a virtual host, the settings you configure for the "
2207
1813
"defined within the virtual host settings, the default value is used."
2208
1814
msgstr ""
2209
1815
2210
#: serverguide/C/web-servers.xml:304(para)
1816
#: serverguide/C/web-servers.xml:311(para)
2211
1817
msgid ""
2212
1818
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2213
1819
"server when a user requests an index of a directory by specifying a forward "
2214
1820
"slash (/) at the end of the directory name."
2215
1821
msgstr ""
2216
1822
2217
#: serverguide/C/web-servers.xml:311(para)
1823
#: serverguide/C/web-servers.xml:318(para)
2218
1824
msgid ""
2219
1825
"For example, when a user requests the page "
2220
1826
"http://www.example.com/this_directory/, he or she will get either the "
2231
1837
"the first will be displayed."
2232
1838
msgstr ""
2233
1839
2234
#: serverguide/C/web-servers.xml:332(para)
1840
#: serverguide/C/web-servers.xml:339(para)
2235
1841
msgid ""
2236
1842
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2237
1843
"file for Apache2 to use for specific error events. For example, if a user "
2238
"requests a resource that does not exist, a 404 error will occur, and per "
2239
"Apache2's default configuration, the file "
2240
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2241
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2242
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2243
"redirects requests to the /error directory to "
2244
"<filename>/usr/share/apache2/error/</filename>."
2245
msgstr ""
2246
2247
#: serverguide/C/web-servers.xml:344(para)
2248
msgid ""
2249
"To see a list of the default ErrorDocument directives, use this command:"
2250
msgstr ""
2251
2252
#: serverguide/C/web-servers.xml:350(command)
2253
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2254
msgstr ""
2255
2256
#: serverguide/C/web-servers.xml:355(para)
1844
"requests a resource that does not exist, a 404 error will occur. By default, "
1845
"Apache2 will simply return a HTTP 404 Return code. Read "
1846
"<filename>/etc/apache2/conf.d/localized-error-pages</filename> for detailed "
1847
"instructions for using ErrorDocument, including locations of example files."
1848
msgstr ""
1849
1850
#: serverguide/C/web-servers.xml:349(para)
2257
1851
msgid ""
2258
1852
"By default, the server writes the transfer log to the file "
2259
1853
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2260
1854
"per-site basis in your virtual host configuration files with the "
2261
1855
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2262
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2263
"specify the file to which errors are logged, via the "
2264
"<emphasis>ErrorLog</emphasis> directive, whose default is "
1856
"specified in <filename> /etc/apache2/conf.d/other-vhosts-access-"
1857
"log</filename>. You may also specify the file to which errors are logged, "
1858
"via the <emphasis>ErrorLog</emphasis> directive, whose default is "
2265
1859
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2266
1860
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2267
1861
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2269
1863
"/etc/apache2/apache2.conf</filename> for the default value)."
2270
1864
msgstr ""
2271
1865
2272
#: serverguide/C/web-servers.xml:370(para)
1866
#: serverguide/C/web-servers.xml:364(para)
2273
1867
msgid ""
2274
1868
"Some options are specified on a per-directory basis rather than per-server. "
2275
1869
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2276
1870
"is enclosed in XML-like tags, like so:"
2277
1871
msgstr ""
2278
1872
2279
#: serverguide/C/web-servers.xml:376(programlisting)
1873
#: serverguide/C/web-servers.xml:370(programlisting)
2280
1874
#, no-wrap
2281
1875
msgid ""
2282
1876
"\n"
2285
1879
"</Directory>\n"
2286
1880
msgstr ""
2287
1881
2288
#: serverguide/C/web-servers.xml:382(para)
1882
#: serverguide/C/web-servers.xml:376(para)
2289
1883
msgid ""
2290
1884
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2291
1885
"one or more of the following values (among others), separated by spaces:"
2292
1886
msgstr ""
2293
1887
2294
#: serverguide/C/web-servers.xml:394(para)
1888
#: serverguide/C/web-servers.xml:388(para)
2295
1889
msgid ""
2296
1890
"Most files should not be executed as CGI scripts. This would be very "
2297
1891
"dangerous. CGI scripts should kept in a directory separate from and outside "
2300
1894
"<filename>/usr/lib/cgi-bin</filename>."
2301
1895
msgstr ""
2302
1896
2303
#: serverguide/C/web-servers.xml:389(para)
1897
#: serverguide/C/web-servers.xml:383(para)
2304
1898
msgid ""
2305
1899
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2306
1900
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2307
1901
msgstr ""
2308
1902
2309
#: serverguide/C/web-servers.xml:405(para)
1903
#: serverguide/C/web-servers.xml:399(para)
2310
1904
msgid ""
2311
1905
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2312
1906
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2313
"other files. This is not a common option. See <ulink "
2314
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2315
"HOWTO</ulink> for more information."
1907
"other files. See <ulink "
1908
"url=\"https://help.ubuntu.com/community/ServerSideIncludes\">Apache SSI "
1909
"documentation (Ubuntu community)</ulink> for more information."
2316
1910
msgstr ""
2317
1911
2318
#: serverguide/C/web-servers.xml:414(para)
1912
#: serverguide/C/web-servers.xml:408(para)
2319
1913
msgid ""
2320
1914
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2321
1915
"includes, but disable the <emphasis>#exec</emphasis> and "
2322
1916
"<emphasis>#include</emphasis> commands in CGI scripts."
2323
1917
msgstr ""
2324
1918
2325
#: serverguide/C/web-servers.xml:426(para)
1919
#: serverguide/C/web-servers.xml:420(para)
2326
1920
msgid ""
2327
1921
"For security reasons, this should usually not be set, and certainly should "
2328
1922
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2330
1924
"contents of the directory."
2331
1925
msgstr ""
2332
1926
2333
#: serverguide/C/web-servers.xml:421(para)
1927
#: serverguide/C/web-servers.xml:415(para)
2334
1928
msgid ""
2335
1929
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2336
1930
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2337
1931
"index.html) exists in the requested directory. <placeholder-1/>"
2338
1932
msgstr ""
2339
1933
2340
#: serverguide/C/web-servers.xml:436(para)
1934
#: serverguide/C/web-servers.xml:430(para)
2341
1935
msgid ""
2342
1936
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2343
1937
"multiviews; this option is disabled by default for security reasons. See the "
2346
1940
"Apache2 documentation on this option</ulink>."
2347
1941
msgstr ""
2348
1942
2349
#: serverguide/C/web-servers.xml:444(para)
1943
#: serverguide/C/web-servers.xml:438(para)
2350
1944
msgid ""
2351
1945
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2352
1946
"symbolic links if the target file or directory has the same owner as the "
2353
1947
"link."
2354
1948
msgstr ""
2355
1949
2356
#: serverguide/C/web-servers.xml:456(title)
1950
#: serverguide/C/web-servers.xml:450(title)
2357
1951
msgid "httpd Settings"
2358
1952
msgstr ""
2359
1953
2360
#: serverguide/C/web-servers.xml:458(para)
1954
#: serverguide/C/web-servers.xml:452(para)
2361
1955
msgid ""
2362
1956
"This section explains some basic <application>httpd</application> daemon "
2363
1957
"configuration settings."
2364
1958
msgstr ""
2365
1959
2366
#: serverguide/C/web-servers.xml:462(para)
1960
#: serverguide/C/web-servers.xml:456(para)
2367
1961
msgid ""
2368
1962
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2369
1963
"the path to the lockfile used when the server is compiled with either "
2374
1968
"that is readable only by root."
2375
1969
msgstr ""
2376
1970
2377
#: serverguide/C/web-servers.xml:471(para)
1971
#: serverguide/C/web-servers.xml:465(para)
2378
1972
msgid ""
2379
1973
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2380
1974
"file in which the server records its process ID (pid). This file should only "
2381
1975
"be readable by root. In most cases, it should be left to the default value."
2382
1976
msgstr ""
2383
1977
2384
#: serverguide/C/web-servers.xml:477(para)
1978
#: serverguide/C/web-servers.xml:471(para)
2385
1979
msgid ""
2386
1980
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2387
1981
"used by the server to answer requests. This setting determines the server's "
2388
1982
"access. Any files inaccessible to this user will also be inaccessible to "
2389
"your website's visitors. The default value for User is www-data."
1983
"your website's visitors. The default value for User is \"www-data\"."
2390
1984
msgstr ""
2391
1985
2392
#: serverguide/C/web-servers.xml:484(para)
1986
#: serverguide/C/web-servers.xml:478(para)
2393
1987
msgid ""
2394
1988
"Unless you know exactly what you are doing, do not set the User directive to "
2395
1989
"root. Using root as the User will create large security holes for your Web "
2396
1990
"server."
2397
1991
msgstr ""
2398
1992
2399
#: serverguide/C/web-servers.xml:490(para)
1993
#: serverguide/C/web-servers.xml:484(para)
2400
1994
msgid ""
2401
"The Group directive is similar to the User directive. Group sets the group "
2402
"under which the server will answer requests. The default group is also www-"
2403
"data."
1995
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
1996
"the User directive. Group sets the group under which the server will answer "
1997
"requests. The default group is also \"www-data\"."
2404
1998
msgstr ""
2405
1999
2406
#: serverguide/C/web-servers.xml:496(title)
2000
#: serverguide/C/web-servers.xml:491(title)
2407
2001
msgid "Apache2 Modules"
2408
2002
msgstr ""
2409
2003
2410
#: serverguide/C/web-servers.xml:498(para)
2004
#: serverguide/C/web-servers.xml:493(para)
2411
2005
msgid ""
2412
2006
"Apache2 is a modular server. This implies that only the most basic "
2413
2007
"functionality is included in the core server. Extended features are "
2418
2012
"Apache2 must be recompiled to add or remove modules."
2419
2013
msgstr ""
2420
2014
2421
#: serverguide/C/web-servers.xml:510(para)
2015
#: serverguide/C/web-servers.xml:505(para)
2422
2016
msgid ""
2423
2017
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2424
2018
"Configuration directives may be conditionally included on the presence of a "
2426
2020
"<emphasis><IfModule></emphasis> block."
2427
2021
msgstr ""
2428
2022
2429
#: serverguide/C/web-servers.xml:517(para)
2023
#: serverguide/C/web-servers.xml:512(para)
2430
2024
msgid ""
2431
2025
"You can install additional Apache2 modules and use them with your Web "
2432
2026
"server. For example, run the following command from a terminal prompt to "
2433
2027
"install the <emphasis>MySQL Authentication</emphasis> module:"
2434
2028
msgstr ""
2435
2029
2436
#: serverguide/C/web-servers.xml:524(command)
2030
#: serverguide/C/web-servers.xml:519(command)
2437
2031
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2438
2032
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2439
2033
2440
#: serverguide/C/web-servers.xml:527(para)
2034
#: serverguide/C/web-servers.xml:522(para)
2441
2035
msgid ""
2442
2036
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2443
2037
"additional modules."
2444
2038
msgstr ""
2445
2039
2446
#: serverguide/C/web-servers.xml:531(para)
2040
#: serverguide/C/web-servers.xml:526(para)
2447
2041
msgid ""
2448
2042
"Use the <application>a2enmod</application> utility to enable a module:"
2449
2043
msgstr ""
2450
2044
2451
#: serverguide/C/web-servers.xml:537(command)
2045
#: serverguide/C/web-servers.xml:532(command)
2452
2046
msgid "sudo a2enmod auth_mysql"
2453
2047
msgstr ""
2454
2048
2455
#: serverguide/C/web-servers.xml:541(para)
2049
#: serverguide/C/web-servers.xml:536(para)
2456
2050
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2457
2051
msgstr ""
2458
2052
2459
#: serverguide/C/web-servers.xml:546(command)
2053
#: serverguide/C/web-servers.xml:541(command)
2460
2054
msgid "sudo a2dismod auth_mysql"
2461
2055
msgstr ""
2462
2056
2463
#: serverguide/C/web-servers.xml:553(title)
2057
#: serverguide/C/web-servers.xml:548(title)
2464
2058
msgid "HTTPS Configuration"
2465
2059
msgstr ""
2466
2060
2467
#: serverguide/C/web-servers.xml:555(para)
2061
#: serverguide/C/web-servers.xml:550(para)
2468
2062
msgid ""
2469
2063
"The <application>mod_ssl</application> module adds an important feature to "
2470
2064
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2473
2067
"bar."
2474
2068
msgstr ""
2475
2069
2476
#: serverguide/C/web-servers.xml:564(para)
2070
#: serverguide/C/web-servers.xml:559(para)
2477
2071
msgid ""
2478
2072
"The <application>mod_ssl</application> module is available in "
2479
2073
"<application>apache2-common</application> package. Execute the following "
2481
2075
"<application>mod_ssl</application> module:"
2482
2076
msgstr ""
2483
2077
2484
#: serverguide/C/web-servers.xml:571(command)
2078
#: serverguide/C/web-servers.xml:566(command)
2485
2079
msgid "sudo a2enmod ssl"
2486
2080
msgstr "sudo a2enmod ssl"
2487
2081
2488
#: serverguide/C/web-servers.xml:574(para)
2082
#: serverguide/C/web-servers.xml:569(para)
2489
2083
msgid ""
2490
2084
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2491
2085
"available/default-ssl</filename>. In order for "
2499
2093
"linkend=\"certificates-and-security\"/>"
2500
2094
msgstr ""
2501
2095
2502
#: serverguide/C/web-servers.xml:584(para)
2096
#: serverguide/C/web-servers.xml:579(para)
2503
2097
msgid ""
2504
2098
"To configure <application>Apache2</application> for HTTPS, enter the "
2505
2099
"following:"
2506
2100
msgstr ""
2507
2101
2508
#: serverguide/C/web-servers.xml:589(command)
2102
#: serverguide/C/web-servers.xml:584(command)
2509
2103
msgid "sudo a2ensite default-ssl"
2510
2104
msgstr ""
2511
2105
2512
#: serverguide/C/web-servers.xml:593(para)
2106
#: serverguide/C/web-servers.xml:588(para)
2513
2107
msgid ""
2514
2108
"The directories <filename>/etc/ssl/certs</filename> and "
2515
2109
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2518
2112
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2519
2113
msgstr ""
2520
2114
2521
#: serverguide/C/web-servers.xml:600(para)
2115
#: serverguide/C/web-servers.xml:595(para)
2522
2116
msgid ""
2523
2117
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2524
2118
"settings:"
2525
2119
msgstr ""
2526
2120
2527
#: serverguide/C/web-servers.xml:611(para)
2121
#: serverguide/C/web-servers.xml:606(para)
2528
2122
msgid ""
2529
2123
"Depending on how you obtained your certificate you may need to enter a "
2530
2124
"passphrase when <application>Apache2</application> starts."
2531
2125
msgstr ""
2532
2126
2533
#: serverguide/C/web-servers.xml:617(para)
2127
#: serverguide/C/web-servers.xml:612(para)
2534
2128
msgid ""
2535
2129
"You can access the secure server pages by typing https://your_hostname/url/ "
2536
2130
"in your browser address bar."
2537
2131
msgstr ""
2538
2132
2539
#: serverguide/C/web-servers.xml:628(para)
2133
#: serverguide/C/web-servers.xml:619(title)
2134
msgid "Sharing Write Permission"
2135
msgstr ""
2136
2137
#: serverguide/C/web-servers.xml:620(para)
2138
msgid ""
2139
"For more than one user to be able to write to the same directory it will be "
2140
"necessary to grant write permission to a group they share in common. The "
2141
"following example grants shared write permission to "
2142
"<filename>/var/www</filename> to the group \"webmasters\"."
2143
msgstr ""
2144
2145
#: serverguide/C/web-servers.xml:628(command)
2146
msgid "sudo chgrp -R webmasters /var/www"
2147
msgstr ""
2148
2149
#: serverguide/C/web-servers.xml:629(command)
2150
msgid "sudo find /var/www -type d -exec chmod g=rwxs \"{}\" \\;"
2151
msgstr ""
2152
2153
#: serverguide/C/web-servers.xml:630(command)
2154
msgid "sudo find /var/www -type f -exec chmod g=rws \"{}\" \\;"
2155
msgstr ""
2156
2157
#: serverguide/C/web-servers.xml:634(para)
2158
msgid ""
2159
"If access must be granted to more than one group per directory, enable "
2160
"Access Control Lists (ACLs)."
2161
msgstr ""
2162
2163
#: serverguide/C/web-servers.xml:641(title) serverguide/C/web-servers.xml:791(title) serverguide/C/web-servers.xml:941(title) serverguide/C/web-servers.xml:1036(title) serverguide/C/web-servers.xml:1258(title) serverguide/C/vpn.xml:802(title) serverguide/C/virtualization.xml:2072(title) serverguide/C/vcs.xml:540(title) serverguide/C/security.xml:865(title) serverguide/C/security.xml:1199(title) serverguide/C/security.xml:1613(title) serverguide/C/security.xml:1799(title) serverguide/C/remote-administration.xml:198(title) serverguide/C/remote-administration.xml:764(title) serverguide/C/package-management.xml:468(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1037(title) serverguide/C/network-config.xml:1145(title) serverguide/C/monitoring.xml:394(title) serverguide/C/monitoring.xml:530(title) serverguide/C/mail.xml:455(title) serverguide/C/mail.xml:650(title) serverguide/C/mail.xml:802(title) serverguide/C/mail.xml:1222(title) serverguide/C/mail.xml:1693(title) serverguide/C/lamp-applications.xml:246(title) serverguide/C/lamp-applications.xml:375(title) serverguide/C/lamp-applications.xml:483(title) serverguide/C/file-server.xml:307(title) serverguide/C/file-server.xml:448(title) serverguide/C/file-server.xml:618(title) serverguide/C/file-server.xml:805(title) serverguide/C/dns.xml:607(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
2164
msgid "References"
2165
msgstr "Tilvitnanir"
2166
2167
#: serverguide/C/web-servers.xml:645(para)
2540
2168
msgid ""
2541
2169
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2542
2170
"Documentation</ulink> contains in depth information on Apache2 configuration "
2544
2172
"the official Apache2 docs."
2545
2173
msgstr ""
2546
2174
2547
#: serverguide/C/web-servers.xml:635(para)
2175
#: serverguide/C/web-servers.xml:652(para)
2548
2176
msgid ""
2549
2177
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2550
2178
"Documentation</ulink> site for more SSL related information."
2551
2179
msgstr ""
2552
2180
2553
#: serverguide/C/web-servers.xml:641(para)
2181
#: serverguide/C/web-servers.xml:658(para)
2554
2182
msgid ""
2555
2183
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2556
2184
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2557
2185
"configurations."
2558
2186
msgstr ""
2559
2187
2560
#: serverguide/C/web-servers.xml:647(para)
2188
#: serverguide/C/web-servers.xml:664(para)
2561
2189
msgid ""
2562
2190
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2563
2191
"server</emphasis> IRC channel on <ulink "
2564
2192
"url=\"http://freenode.net/\">freenode.net</ulink>."
2565
2193
msgstr ""
2566
2194
2567
#: serverguide/C/web-servers.xml:653(para)
2195
#: serverguide/C/web-servers.xml:670(para)
2568
2196
msgid ""
2569
2197
"Usually integrated with PHP and MySQL the <ulink "
2570
2198
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2571
2199
"Ubuntu Wiki </ulink> page is a good resource."
2572
2200
msgstr ""
2573
2201
2574
#: serverguide/C/web-servers.xml:664(title)
2202
#: serverguide/C/web-servers.xml:681(title)
2575
2203
msgid "PHP5 - Scripting Language"
2576
2204
msgstr ""
2577
2205
2578
#: serverguide/C/web-servers.xml:665(para)
2206
#: serverguide/C/web-servers.xml:682(para)
2579
2207
msgid ""
2580
2208
"PHP is a general-purpose scripting language suited for Web development. The "
2581
2209
"PHP script can be embedded into HTML. This section explains how to install "
2582
2210
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2583
2211
msgstr ""
2584
2212
2585
#: serverguide/C/web-servers.xml:669(para)
2213
#: serverguide/C/web-servers.xml:686(para)
2586
2214
msgid ""
2587
2215
"This section assumes you have installed and configured Apache2 Web Server "
2588
2216
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2590
2218
"respectively."
2591
2219
msgstr ""
2592
2220
2593
#: serverguide/C/web-servers.xml:676(para)
2594
msgid "The PHP5 is available in Ubuntu Linux."
2221
#: serverguide/C/web-servers.xml:693(para)
2222
msgid ""
2223
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
2224
"installed in the base system, PHP must be added."
2595
2225
msgstr ""
2596
2226
2597
#: serverguide/C/web-servers.xml:678(para)
2227
#: serverguide/C/web-servers.xml:697(para)
2598
2228
msgid ""
2599
2229
"To install PHP5 you can enter the following command in the terminal prompt: "
2600
2230
"<screen>\n"
2602
2232
"</screen>"
2603
2233
msgstr ""
2604
2234
2605
#: serverguide/C/web-servers.xml:687(para)
2235
#: serverguide/C/web-servers.xml:706(para)
2606
2236
msgid ""
2607
2237
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2608
2238
"line you should install <application>php5-cli</application> package. To "
2612
2242
"</screen>"
2613
2243
msgstr ""
2614
2244
2615
#: serverguide/C/web-servers.xml:696(para)
2245
#: serverguide/C/web-servers.xml:715(para)
2616
2246
msgid ""
2617
2247
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2618
2248
"accomplish this, you should install <application>php5-cgi</application> "
2622
2252
"</screen>"
2623
2253
msgstr ""
2624
2254
2625
#: serverguide/C/web-servers.xml:706(para)
2255
#: serverguide/C/web-servers.xml:725(para)
2626
2256
msgid ""
2627
2257
"To use <application>MySQL</application> with PHP5 you should install "
2628
2258
"<application>php5-mysql</application> package. To install <application>php5-"
2632
2262
"</screen>"
2633
2263
msgstr ""
2634
2264
2635
#: serverguide/C/web-servers.xml:714(para)
2265
#: serverguide/C/web-servers.xml:733(para)
2636
2266
msgid ""
2637
2267
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2638
2268
"install <application>php5-pgsql</application> package. To install "
2642
2272
"</screen>"
2643
2273
msgstr ""
2644
2274
2645
#: serverguide/C/web-servers.xml:727(para)
2275
#: serverguide/C/web-servers.xml:746(para)
2646
2276
msgid ""
2647
2277
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2648
2278
"you have installed <application>php5-cli</application> package, you can run "
2649
2279
"PHP5 scripts from your command prompt."
2650
2280
msgstr ""
2651
2281
2652
#: serverguide/C/web-servers.xml:734(para)
2282
#: serverguide/C/web-servers.xml:753(para)
2653
2283
msgid ""
2654
2284
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2655
2285
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2660
2290
"command."
2661
2291
msgstr ""
2662
2292
2663
#: serverguide/C/web-servers.xml:745(para)
2293
#: serverguide/C/web-servers.xml:764(para)
2664
2294
msgid ""
2665
2295
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2666
2296
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2667
2297
"following command at a terminal prompt to restart your web server: "
2668
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2298
"<screen><command>sudo service apache2 restart</command> </screen>"
2669
2299
msgstr ""
2670
2300
2671
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2301
#: serverguide/C/web-servers.xml:772(title) serverguide/C/network-auth.xml:1051(title) serverguide/C/mail.xml:316(title) serverguide/C/mail.xml:1616(title) serverguide/C/dns.xml:378(title) serverguide/C/clustering.xml:184(title)
2672
2302
msgid "Testing"
2673
2303
msgstr "Prófa"
2674
2304
2675
#: serverguide/C/web-servers.xml:754(para)
2305
#: serverguide/C/web-servers.xml:773(para)
2676
2306
msgid ""
2677
2307
"To verify your installation, you can run following PHP5 phpinfo script:"
2678
2308
msgstr ""
2679
2309
2680
#: serverguide/C/web-servers.xml:757(programlisting)
2310
#: serverguide/C/web-servers.xml:776(programlisting)
2681
2311
#, no-wrap
2682
2312
msgid ""
2683
2313
"\n"
2686
2316
"?>\n"
2687
2317
msgstr ""
2688
2318
2689
#: serverguide/C/web-servers.xml:762(para)
2319
#: serverguide/C/web-servers.xml:781(para)
2690
2320
msgid ""
2691
2321
"You can save the content in a file <filename>phpinfo.php</filename> and "
2692
2322
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2695
2325
"various PHP5 configuration parameters."
2696
2326
msgstr ""
2697
2327
2698
#: serverguide/C/web-servers.xml:776(para)
2328
#: serverguide/C/web-servers.xml:795(para)
2699
2329
msgid ""
2700
2330
"For more in depth information see <ulink "
2701
2331
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2702
2332
msgstr ""
2703
2333
2704
#: serverguide/C/web-servers.xml:781(para)
2334
#: serverguide/C/web-servers.xml:800(para)
2705
2335
msgid ""
2706
2336
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2707
2337
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2709
2339
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2710
2340
msgstr ""
2711
2341
2712
#: serverguide/C/web-servers.xml:788(para)
2342
#: serverguide/C/web-servers.xml:807(para)
2713
2343
msgid ""
2714
2344
"Also, see the <ulink "
2715
2345
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2716
2346
"Ubuntu Wiki</ulink> page for more information."
2717
2347
msgstr ""
2718
2348
2719
#: serverguide/C/web-servers.xml:799(title)
2349
#: serverguide/C/web-servers.xml:818(title)
2720
2350
msgid "Squid - Proxy Server"
2721
2351
msgstr ""
2722
2352
2723
#: serverguide/C/web-servers.xml:800(para)
2353
#: serverguide/C/web-servers.xml:819(para)
2724
2354
msgid ""
2725
2355
"Squid is a full-featured web proxy cache server application which provides "
2726
2356
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2733
2363
"Protocol. (WCCP)"
2734
2364
msgstr ""
2735
2365
2736
#: serverguide/C/web-servers.xml:808(para)
2366
#: serverguide/C/web-servers.xml:827(para)
2737
2367
msgid ""
2738
2368
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2739
2369
"and caching server needs, and scales from the branch office to enterprise "
2745
2375
"increased performance."
2746
2376
msgstr ""
2747
2377
2748
#: serverguide/C/web-servers.xml:817(para)
2378
#: serverguide/C/web-servers.xml:836(para)
2749
2379
msgid ""
2750
2380
"At a terminal prompt, enter the following command to install the Squid "
2751
2381
"server:"
2752
2382
msgstr ""
2753
2383
2754
#: serverguide/C/web-servers.xml:822(command)
2384
#: serverguide/C/web-servers.xml:841(command)
2755
2385
msgid "sudo apt-get install squid"
2756
2386
msgstr "sudo apt-get install squid"
2757
2387
2758
#: serverguide/C/web-servers.xml:828(para)
2388
#: serverguide/C/web-servers.xml:847(para)
2759
2389
msgid ""
2760
2390
"Squid is configured by editing the directives contained within the "
2761
2391
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2764
2394
"see the References section."
2765
2395
msgstr ""
2766
2396
2767
#: serverguide/C/web-servers.xml:834(para)
2397
#: serverguide/C/web-servers.xml:853(para)
2768
2398
msgid ""
2769
2399
"Prior to editing the configuration file, you should make a copy of the "
2770
2400
"original file and protect it from writing so you will have the original "
2771
2401
"settings as a reference, and to re-use as necessary."
2772
2402
msgstr ""
2773
2403
2774
#: serverguide/C/web-servers.xml:837(para)
2404
#: serverguide/C/web-servers.xml:856(para)
2775
2405
msgid ""
2776
2406
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2777
2407
"writing with the following commands entered at a terminal prompt:"
2778
2408
msgstr ""
2779
2409
2780
#: serverguide/C/web-servers.xml:842(command)
2410
#: serverguide/C/web-servers.xml:861(command)
2781
2411
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2782
2412
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2783
2413
2784
#: serverguide/C/web-servers.xml:843(command)
2414
#: serverguide/C/web-servers.xml:862(command)
2785
2415
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2786
2416
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
2787
2417
2788
#: serverguide/C/web-servers.xml:849(para)
2418
#: serverguide/C/web-servers.xml:868(para)
2789
2419
msgid ""
2790
2420
"To set your Squid server to listen on TCP port 8888 instead of the default "
2791
2421
"TCP port 3128, change the http_port directive as such:"
2792
2422
msgstr ""
2793
2423
2794
#: serverguide/C/web-servers.xml:853(programlisting)
2424
#: serverguide/C/web-servers.xml:872(programlisting)
2795
2425
#, no-wrap
2796
2426
msgid ""
2797
2427
"\n"
2800
2430
"\n"
2801
2431
"http_port 8888\n"
2802
2432
2803
#: serverguide/C/web-servers.xml:858(para)
2433
#: serverguide/C/web-servers.xml:877(para)
2804
2434
msgid ""
2805
2435
"Change the visible_hostname directive in order to give the Squid server a "
2806
2436
"specific hostname. This hostname does not necessarily need to be the "
2807
2437
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2808
2438
msgstr ""
2809
2439
2810
#: serverguide/C/web-servers.xml:862(programlisting)
2440
#: serverguide/C/web-servers.xml:881(programlisting)
2811
2441
#, no-wrap
2812
2442
msgid ""
2813
2443
"\n"
2814
2444
"visible_hostname weezie\n"
2815
2445
msgstr ""
2816
2446
2817
#: serverguide/C/web-servers.xml:867(para)
2447
#: serverguide/C/web-servers.xml:886(para)
2818
2448
msgid ""
2819
2449
"Using Squid's access control, you may configure use of Internet services "
2820
2450
"proxied by Squid to be available only users with certain Internet Protocol "
2822
2452
"192.168.42.0/24 subnetwork only:"
2823
2453
msgstr ""
2824
2454
2825
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2455
#: serverguide/C/web-servers.xml:891(para) serverguide/C/web-servers.xml:911(para)
2826
2456
msgid ""
2827
2457
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2828
2458
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2829
2459
msgstr ""
2830
2460
2831
#: serverguide/C/web-servers.xml:875(programlisting)
2461
#: serverguide/C/web-servers.xml:894(programlisting)
2832
2462
#, no-wrap
2833
2463
msgid ""
2834
2464
"\n"
2835
2465
"acl fortytwo_network src 192.168.42.0/24\n"
2836
2466
msgstr ""
2837
2467
2838
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2468
#: serverguide/C/web-servers.xml:897(para) serverguide/C/web-servers.xml:918(para)
2839
2469
msgid ""
2840
2470
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2841
2471
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2842
2472
msgstr ""
2843
2473
2844
#: serverguide/C/web-servers.xml:882(programlisting)
2474
#: serverguide/C/web-servers.xml:901(programlisting)
2845
2475
#, no-wrap
2846
2476
msgid ""
2847
2477
"\n"
2848
2478
"http_access allow fortytwo_network\n"
2849
2479
msgstr ""
2850
2480
2851
#: serverguide/C/web-servers.xml:887(para)
2481
#: serverguide/C/web-servers.xml:906(para)
2852
2482
msgid ""
2853
2483
"Using the excellent access control features of Squid, you may configure use "
2854
2484
"of Internet services proxied by Squid to be available only during normal "
2857
2487
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2858
2488
msgstr ""
2859
2489
2860
#: serverguide/C/web-servers.xml:895(programlisting)
2490
#: serverguide/C/web-servers.xml:914(programlisting)
2861
2491
#, no-wrap
2862
2492
msgid ""
2863
2493
"\n"
2868
2498
"acl biz_network src 10.1.42.0/24\n"
2869
2499
"acl biz_hours time M T W T F 9:00-17:00\n"
2870
2500
2871
#: serverguide/C/web-servers.xml:903(programlisting)
2501
#: serverguide/C/web-servers.xml:922(programlisting)
2872
2502
#, no-wrap
2873
2503
msgid ""
2874
2504
"\n"
2875
2505
"http_access allow biz_network biz_hours\n"
2876
2506
msgstr ""
2877
2507
2878
#: serverguide/C/web-servers.xml:910(para)
2508
#: serverguide/C/web-servers.xml:929(para)
2879
2509
msgid ""
2880
2510
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2881
2511
"save the file and restart the <application>squid</application> server "
2883
2513
"terminal prompt:"
2884
2514
msgstr ""
2885
2515
2886
#: serverguide/C/web-servers.xml:917(command)
2516
#: serverguide/C/web-servers.xml:936(command)
2887
2517
msgid "sudo /etc/init.d/squid restart"
2888
2518
msgstr "sudo /etc/init.d/squid restart"
2889
2519
2890
#: serverguide/C/web-servers.xml:924(ulink)
2520
#: serverguide/C/web-servers.xml:943(ulink)
2891
2521
msgid "Squid Website"
2892
2522
msgstr "Heimasíða Squid"
2893
2523
2894
#: serverguide/C/web-servers.xml:926(para)
2524
#: serverguide/C/web-servers.xml:945(para)
2895
2525
msgid ""
2896
2526
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2897
2527
"Squid</ulink> page."
2898
2528
msgstr ""
2899
2529
2900
#: serverguide/C/web-servers.xml:933(title)
2530
#: serverguide/C/web-servers.xml:952(title)
2901
2531
msgid "Ruby on Rails"
2902
2532
msgstr "Ruby on Rails"
2903
2533
2904
#: serverguide/C/web-servers.xml:934(para)
2534
#: serverguide/C/web-servers.xml:953(para)
2905
2535
msgid ""
2906
2536
"Ruby on Rails is an open source web framework for developing database backed "
2907
2537
"web applications. It is optimized for sustainable productivity of the "
2909
2539
"convention over configuration."
2910
2540
msgstr ""
2911
2541
2912
#: serverguide/C/web-servers.xml:941(para)
2542
#: serverguide/C/web-servers.xml:960(para)
2913
2543
msgid ""
2914
2544
"Before installing <application>Rails</application> you should install "
2915
2545
"<application>Apache</application> and <application>MySQL</application>. To "
2918
2548
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2919
2549
msgstr ""
2920
2550
2921
#: serverguide/C/web-servers.xml:949(para)
2551
#: serverguide/C/web-servers.xml:968(para)
2922
2552
msgid ""
2923
2553
"Once you have <application>Apache</application> and "
2924
2554
"<application>MySQL</application> packages installed, you are ready to "
2925
2555
"install <application>Ruby on Rails</application> package."
2926
2556
msgstr ""
2927
2557
2928
#: serverguide/C/web-servers.xml:956(para)
2558
#: serverguide/C/web-servers.xml:975(para)
2929
2559
msgid ""
2930
2560
"To install the <application>Ruby</application> base packages and "
2931
2561
"<application>Ruby on Rails</application>, you can enter the following "
2932
2562
"command in the terminal prompt:"
2933
2563
msgstr ""
2934
2564
2935
#: serverguide/C/web-servers.xml:962(command)
2565
#: serverguide/C/web-servers.xml:981(command)
2936
2566
msgid "sudo apt-get install rails"
2937
2567
msgstr "sudo apt-get install rails"
2938
2568
2939
#: serverguide/C/web-servers.xml:968(para)
2569
#: serverguide/C/web-servers.xml:987(para)
2940
2570
msgid ""
2941
2571
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2942
2572
"configuration file to setup your domains."
2943
2573
msgstr ""
2944
2574
2945
#: serverguide/C/web-servers.xml:972(para)
2575
#: serverguide/C/web-servers.xml:991(para)
2946
2576
msgid ""
2947
2577
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2948
2578
msgstr ""
2949
2579
2950
#: serverguide/C/web-servers.xml:976(programlisting)
2580
#: serverguide/C/web-servers.xml:995(programlisting)
2951
2581
#, no-wrap
2952
2582
msgid ""
2953
2583
"\n"
2954
2584
"DocumentRoot /path/to/rails/application/public\n"
2955
2585
msgstr ""
2956
2586
2957
#: serverguide/C/web-servers.xml:979(para)
2587
#: serverguide/C/web-servers.xml:998(para)
2958
2588
msgid ""
2959
2589
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2960
2590
"directive:"
2961
2591
msgstr ""
2962
2592
2963
#: serverguide/C/web-servers.xml:983(programlisting)
2593
#: serverguide/C/web-servers.xml:1002(programlisting)
2964
2594
#, no-wrap
2965
2595
msgid ""
2966
2596
"\n"
2973
2603
"</Directory>\n"
2974
2604
msgstr ""
2975
2605
2976
#: serverguide/C/web-servers.xml:993(para)
2606
#: serverguide/C/web-servers.xml:1012(para)
2977
2607
msgid ""
2978
2608
"You should also enable the <application>mod_rewrite</application> module for "
2979
2609
"Apache. To enable <application>mod_rewrite</application> module, please "
2980
2610
"enter the following command in a terminal prompt:"
2981
2611
msgstr ""
2982
2612
2983
#: serverguide/C/web-servers.xml:999(command)
2613
#: serverguide/C/web-servers.xml:1018(command)
2984
2614
msgid "sudo a2enmod rewrite"
2985
2615
msgstr "sudo a2enmod rewrite"
2986
2616
2987
#: serverguide/C/web-servers.xml:1002(para)
2617
#: serverguide/C/web-servers.xml:1021(para)
2988
2618
msgid ""
2989
2619
"Finally you will need to change the ownership of the "
2990
2620
"<filename>/path/to/rails/application/public</filename> and "
2992
2622
"used to run the <application>Apache</application> process:"
2993
2623
msgstr ""
2994
2624
2995
#: serverguide/C/web-servers.xml:1008(command)
2625
#: serverguide/C/web-servers.xml:1027(command)
2996
2626
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2997
2627
msgstr ""
2998
2628
2999
#: serverguide/C/web-servers.xml:1009(command)
2629
#: serverguide/C/web-servers.xml:1028(command)
3000
2630
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3001
2631
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3002
2632
3003
#: serverguide/C/web-servers.xml:1012(para)
2633
#: serverguide/C/web-servers.xml:1031(para)
3004
2634
msgid ""
3005
2635
"That's it! Now you have your Server ready for your <application>Ruby on "
3006
2636
"Rails</application> applications."
3007
2637
msgstr ""
3008
2638
3009
#: serverguide/C/web-servers.xml:1021(para)
2639
#: serverguide/C/web-servers.xml:1040(para)
3010
2640
msgid ""
3011
2641
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3012
2642
"for more information."
3013
2643
msgstr ""
3014
2644
3015
#: serverguide/C/web-servers.xml:1026(para)
2645
#: serverguide/C/web-servers.xml:1045(para)
3016
2646
msgid ""
3017
2647
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3018
2648
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3019
2649
"resource."
3020
2650
msgstr ""
3021
2651
3022
#: serverguide/C/web-servers.xml:1032(para)
2652
#: serverguide/C/web-servers.xml:1051(para)
3023
2653
msgid ""
3024
2654
"Another place for more information is the <ulink "
3025
2655
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3026
2656
"Wiki</ulink> page."
3027
2657
msgstr ""
3028
2658
3029
#: serverguide/C/web-servers.xml:1043(title)
2659
#: serverguide/C/web-servers.xml:1062(title)
3030
2660
msgid "Apache Tomcat"
3031
2661
msgstr ""
3032
2662
3033
#: serverguide/C/web-servers.xml:1044(para)
2663
#: serverguide/C/web-servers.xml:1063(para)
3034
2664
msgid ""
3035
2665
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3036
2666
"JSP (Java Server Pages) web applications."
3037
2667
msgstr ""
3038
2668
3039
#: serverguide/C/web-servers.xml:1046(para)
2669
#: serverguide/C/web-servers.xml:1065(para)
3040
2670
msgid ""
3041
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3042
"different ways of running Tomcat. You can install them as a classic unique "
3043
"system-wide instance, that will be started at boot time and will run as the "
3044
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3045
"will run with your own user rights, and that you should start and stop by "
3046
"yourself. This second way is particularly useful in a development server "
3047
"context where multiple users need to test on their own private Tomcat "
3048
"instances."
2671
"The Tomcat 6.0 packages in Ubuntu support two different ways of running "
2672
"Tomcat. You can install them as a classic unique system-wide instance, that "
2673
"will be started at boot time will run as the tomcat6 unprivileged user. But "
2674
"you can also deploy private instances that will run with your own user "
2675
"rights, and that you should start and stop by yourself. This second way is "
2676
"particularly useful in a development server context where multiple users "
2677
"need to test on their own private Tomcat instances."
3049
2678
msgstr ""
3050
2679
3051
#: serverguide/C/web-servers.xml:1056(title)
2680
#: serverguide/C/web-servers.xml:1075(title)
3052
2681
msgid "System-wide installation"
3053
2682
msgstr ""
3054
2683
3055
#: serverguide/C/web-servers.xml:1057(para)
2684
#: serverguide/C/web-servers.xml:1076(para)
3056
2685
msgid ""
3057
"To install the <application>Tomcat</application> server, you can enter the "
3058
"following command in the terminal prompt:"
2686
"To install the Tomcat server, you can enter the following command in the "
2687
"terminal prompt:"
3059
2688
msgstr ""
3060
2689
3061
#: serverguide/C/web-servers.xml:1060(command)
2690
#: serverguide/C/web-servers.xml:1079(command)
3062
2691
msgid "sudo apt-get install tomcat6"
3063
2692
msgstr ""
3064
2693
3065
#: serverguide/C/web-servers.xml:1062(para)
2694
#: serverguide/C/web-servers.xml:1081(para)
3066
2695
msgid ""
3067
2696
"This will install a Tomcat server with just a default ROOT webapp that "
3068
2697
"displays a minimal \"It works\" page by default."
3069
2698
msgstr ""
3070
2699
3071
#: serverguide/C/web-servers.xml:1068(para)
2700
#: serverguide/C/web-servers.xml:1087(para)
3072
2701
msgid ""
3073
2702
"Tomcat configuration files can be found in "
3074
2703
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3077
2706
"documentation</ulink> for more."
3078
2707
msgstr ""
3079
2708
3080
#: serverguide/C/web-servers.xml:1074(title)
2709
#: serverguide/C/web-servers.xml:1093(title)
3081
2710
msgid "Changing default ports"
3082
2711
msgstr ""
3083
2712
3084
#: serverguide/C/web-servers.xml:1075(para)
2713
#: serverguide/C/web-servers.xml:1094(para)
3085
2714
msgid ""
3086
2715
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3087
2716
"connector on port 8009. You might want to change those default ports to "
3089
2718
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3090
2719
msgstr ""
3091
2720
3092
#: serverguide/C/web-servers.xml:1080(programlisting)
2721
#: serverguide/C/web-servers.xml:1099(programlisting)
3093
2722
#, no-wrap
3094
2723
msgid ""
3095
2724
"\n"
3101
2730
"/>\n"
3102
2731
msgstr ""
3103
2732
3104
#: serverguide/C/web-servers.xml:1089(title)
2733
#: serverguide/C/web-servers.xml:1108(title)
3105
2734
msgid "Changing JVM used"
3106
2735
msgstr ""
3107
2736
3108
#: serverguide/C/web-servers.xml:1090(para)
2737
#: serverguide/C/web-servers.xml:1109(para)
3109
2738
msgid ""
3110
2739
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3111
2740
"then try some other JVMs. If you have various JVMs installed, you can set "
3113
2742
"<filename>/etc/default/tomcat6</filename>:"
3114
2743
msgstr ""
3115
2744
3116
#: serverguide/C/web-servers.xml:1094(programlisting)
2745
#: serverguide/C/web-servers.xml:1113(programlisting)
3117
2746
#, no-wrap
3118
2747
msgid ""
3119
2748
"\n"
3120
2749
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3121
2750
msgstr ""
3122
2751
3123
#: serverguide/C/web-servers.xml:1099(title)
2752
#: serverguide/C/web-servers.xml:1118(title)
3124
2753
msgid "Declaring users and roles"
3125
2754
msgstr ""
3126
2755
3127
#: serverguide/C/web-servers.xml:1100(para)
2756
#: serverguide/C/web-servers.xml:1119(para)
3128
2757
msgid ""
3129
2758
"Usernames, passwords and roles (groups) can be defined centrally in a "
3130
2759
"Servlet container. In Tomcat 6.0 this is done in the "
3131
2760
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3132
2761
msgstr ""
3133
2762
3134
#: serverguide/C/web-servers.xml:1103(programlisting)
2763
#: serverguide/C/web-servers.xml:1122(programlisting)
3135
2764
#, no-wrap
3136
2765
msgid ""
3137
2766
"\n"
3139
2768
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3140
2769
msgstr ""
3141
2770
3142
#: serverguide/C/web-servers.xml:1111(title)
2771
#: serverguide/C/web-servers.xml:1130(title)
3143
2772
msgid "Using Tomcat standard webapps"
3144
2773
msgstr ""
3145
2774
3146
#: serverguide/C/web-servers.xml:1112(para)
2775
#: serverguide/C/web-servers.xml:1131(para)
3147
2776
msgid ""
3148
2777
"Tomcat is shipped with webapps that you can install for documentation, "
3149
2778
"administration or demo purposes."
3150
2779
msgstr ""
3151
2780
3152
#: serverguide/C/web-servers.xml:1115(title)
2781
#: serverguide/C/web-servers.xml:1134(title)
3153
2782
msgid "Tomcat documentation"
3154
2783
msgstr ""
3155
2784
3156
#: serverguide/C/web-servers.xml:1116(para)
2785
#: serverguide/C/web-servers.xml:1135(para)
3157
2786
msgid ""
3158
2787
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3159
2788
"documentation, packaged as a webapp that you can access by default at "
3161
2790
"command in the terminal prompt:"
3162
2791
msgstr ""
3163
2792
3164
#: serverguide/C/web-servers.xml:1121(command)
2793
#: serverguide/C/web-servers.xml:1140(command)
3165
2794
msgid "sudo apt-get install tomcat6-docs"
3166
2795
msgstr ""
3167
2796
3168
#: serverguide/C/web-servers.xml:1125(title)
2797
#: serverguide/C/web-servers.xml:1144(title)
3169
2798
msgid "Tomcat administration webapps"
3170
2799
msgstr ""
3171
2800
3172
#: serverguide/C/web-servers.xml:1126(para)
2801
#: serverguide/C/web-servers.xml:1145(para)
3173
2802
msgid ""
3174
2803
"The <application>tomcat6-admin</application> package contains two webapps "
3175
2804
"that can be used to administer the Tomcat server using a web interface. You "
3176
2805
"can install them by entering the following command in the terminal prompt:"
3177
2806
msgstr ""
3178
2807
3179
#: serverguide/C/web-servers.xml:1131(command)
2808
#: serverguide/C/web-servers.xml:1150(command)
3180
2809
msgid "sudo apt-get install tomcat6-admin"
3181
2810
msgstr ""
3182
2811
3183
#: serverguide/C/web-servers.xml:1133(para)
2812
#: serverguide/C/web-servers.xml:1152(para)
3184
2813
msgid ""
3185
2814
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3186
2815
"access by default at http://yourserver:8080/manager/html. It is primarily "
3187
2816
"used to get server status and restart webapps."
3188
2817
msgstr ""
3189
2818
3190
#: serverguide/C/web-servers.xml:1136(para)
2819
#: serverguide/C/web-servers.xml:1155(para)
3191
2820
msgid ""
3192
2821
"Access to the <emphasis>manager</emphasis> application is protected by "
3193
2822
"default: you need to define a user with the role \"manager\" in "
3194
2823
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3195
2824
msgstr ""
3196
2825
3197
#: serverguide/C/web-servers.xml:1140(para)
2826
#: serverguide/C/web-servers.xml:1159(para)
3198
2827
msgid ""
3199
2828
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3200
2829
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3201
2830
"used to create virtual hosts dynamically."
3202
2831
msgstr ""
3203
2832
3204
#: serverguide/C/web-servers.xml:1144(para)
2833
#: serverguide/C/web-servers.xml:1163(para)
3205
2834
msgid ""
3206
2835
"Access to the <emphasis>host-manager</emphasis> application is also "
3207
2836
"protected by default: you need to define a user with the role \"admin\" in "
3208
2837
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3209
2838
msgstr ""
3210
2839
3211
#: serverguide/C/web-servers.xml:1149(para)
2840
#: serverguide/C/web-servers.xml:1168(para)
3212
2841
msgid ""
3213
2842
"For security reasons, the tomcat6 user cannot write to the "
3214
2843
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3217
2846
"the following, to give users in the tomcat6 group the necessary rights:"
3218
2847
msgstr ""
3219
2848
3220
#: serverguide/C/web-servers.xml:1156(command)
2849
#: serverguide/C/web-servers.xml:1175(command)
3221
2850
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3222
2851
msgstr ""
3223
2852
3224
#: serverguide/C/web-servers.xml:1157(command)
2853
#: serverguide/C/web-servers.xml:1176(command)
3225
2854
msgid "sudo chmod -R g+w /etc/tomcat6"
3226
2855
msgstr ""
3227
2856
3228
#: serverguide/C/web-servers.xml:1162(title)
2857
#: serverguide/C/web-servers.xml:1181(title)
3229
2858
msgid "Tomcat examples webapps"
3230
2859
msgstr ""
3231
2860
3232
#: serverguide/C/web-servers.xml:1163(para)
2861
#: serverguide/C/web-servers.xml:1182(para)
3233
2862
msgid ""
3234
2863
"The <application>tomcat6-examples</application> package contains two webapps "
3235
2864
"that can be used to test or demonstrate Servlets and JSP features, which you "
3237
2866
"install them by entering the following command in the terminal prompt:"
3238
2867
msgstr ""
3239
2868
3240
#: serverguide/C/web-servers.xml:1169(command)
2869
#: serverguide/C/web-servers.xml:1188(command)
3241
2870
msgid "sudo apt-get install tomcat6-examples"
3242
2871
msgstr ""
3243
2872
3244
#: serverguide/C/web-servers.xml:1175(title)
2873
#: serverguide/C/web-servers.xml:1194(title)
3245
2874
msgid "Using private instances"
3246
2875
msgstr ""
3247
2876
3248
#: serverguide/C/web-servers.xml:1176(para)
2877
#: serverguide/C/web-servers.xml:1195(para)
3249
2878
msgid ""
3250
2879
"Tomcat is heavily used in development and testing scenarios where using a "
3251
2880
"single system-wide instance doesn't meet the requirements of multiple users "
3255
2884
"using the system-installed libraries."
3256
2885
msgstr ""
3257
2886
3258
#: serverguide/C/web-servers.xml:1183(para)
2887
#: serverguide/C/web-servers.xml:1202(para)
3259
2888
msgid ""
3260
2889
"It is possible to run the system-wide instance and the private instances in "
3261
2890
"parallel, as long as they do not use the same TCP ports."
3262
2891
msgstr ""
3263
2892
3264
#: serverguide/C/web-servers.xml:1187(title)
2893
#: serverguide/C/web-servers.xml:1206(title)
3265
2894
msgid "Installing private instance support"
3266
2895
msgstr ""
3267
2896
3268
#: serverguide/C/web-servers.xml:1188(para)
2897
#: serverguide/C/web-servers.xml:1207(para)
3269
2898
msgid ""
3270
2899
"You can install everything necessary to run private instances by entering "
3271
2900
"the following command in the terminal prompt:"
3272
2901
msgstr ""
3273
2902
3274
#: serverguide/C/web-servers.xml:1191(command)
2903
#: serverguide/C/web-servers.xml:1210(command)
3275
2904
msgid "sudo apt-get install tomcat6-user"
3276
2905
msgstr ""
3277
2906
3278
#: serverguide/C/web-servers.xml:1195(title)
2907
#: serverguide/C/web-servers.xml:1214(title)
3279
2908
msgid "Creating a private instance"
3280
2909
msgstr ""
3281
2910
3282
#: serverguide/C/web-servers.xml:1196(para)
2911
#: serverguide/C/web-servers.xml:1215(para)
3283
2912
msgid ""
3284
2913
"You can create a private instance directory by entering the following "
3285
2914
"command in the terminal prompt:"
3286
2915
msgstr ""
3287
2916
3288
#: serverguide/C/web-servers.xml:1199(command)
2917
#: serverguide/C/web-servers.xml:1218(command)
3289
2918
msgid "tomcat6-instance-create my-instance"
3290
2919
msgstr ""
3291
2920
3292
#: serverguide/C/web-servers.xml:1201(para)
2921
#: serverguide/C/web-servers.xml:1220(para)
3293
2922
msgid ""
3294
2923
"This will create a new <filename>my-instance</filename> directory with all "
3295
2924
"the necessary subdirectories and scripts. You can for example install your "
3298
2927
"are deployed by default."
3299
2928
msgstr ""
3300
2929
3301
#: serverguide/C/web-servers.xml:1209(title)
2930
#: serverguide/C/web-servers.xml:1228(title)
3302
2931
msgid "Configuring your private instance"
3303
2932
msgstr ""
3304
2933
3305
#: serverguide/C/web-servers.xml:1210(para)
2934
#: serverguide/C/web-servers.xml:1229(para)
3306
2935
msgid ""
3307
2936
"You will find the classic Tomcat configuration files for your private "
3308
2937
"instance in the <filename>conf/</filename> subdirectory. You should for "
3311
2940
"conflict with other instances that might be running."
3312
2941
msgstr ""
3313
2942
3314
#: serverguide/C/web-servers.xml:1218(title)
2943
#: serverguide/C/web-servers.xml:1237(title)
3315
2944
msgid "Starting/stopping your private instance"
3316
2945
msgstr ""
3317
2946
3318
#: serverguide/C/web-servers.xml:1219(para)
2947
#: serverguide/C/web-servers.xml:1238(para)
3319
2948
msgid ""
3320
2949
"You can start your private instance by entering the following command in the "
3321
2950
"terminal prompt (supposing your instance is located in the <filename>my-"
3322
2951
"instance</filename> directory):"
3323
2952
msgstr ""
3324
2953
3325
#: serverguide/C/web-servers.xml:1223(command)
2954
#: serverguide/C/web-servers.xml:1242(command)
3326
2955
msgid "my-instance/bin/startup.sh"
3327
2956
msgstr ""
3328
2957
3329
#: serverguide/C/web-servers.xml:1225(para)
2958
#: serverguide/C/web-servers.xml:1244(para)
3330
2959
msgid ""
3331
2960
"You should check the <filename>logs/</filename> subdirectory for any error. "
3332
2961
"If you have a <emphasis>java.net.BindException: Address already in "
3334
2963
"is already taken and that you should change it."
3335
2964
msgstr ""
3336
2965
3337
#: serverguide/C/web-servers.xml:1230(para)
2966
#: serverguide/C/web-servers.xml:1249(para)
3338
2967
msgid ""
3339
2968
"You can stop your instance by entering the following command in the terminal "
3340
2969
"prompt (supposing your instance is located in the <filename>my-"
3341
2970
"instance</filename> directory):"
3342
2971
msgstr ""
3343
2972
3344
#: serverguide/C/web-servers.xml:1234(command)
2973
#: serverguide/C/web-servers.xml:1253(command)
3345
2974
msgid "my-instance/bin/shutdown.sh"
3346
2975
msgstr ""
3347
2976
3348
#: serverguide/C/web-servers.xml:1243(para)
2977
#: serverguide/C/web-servers.xml:1262(para)
3349
2978
msgid ""
3350
2979
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3351
2980
"website for more information."
3352
2981
msgstr ""
3353
2982
3354
#: serverguide/C/web-servers.xml:1248(para)
2983
#: serverguide/C/web-servers.xml:1267(para)
3355
2984
msgid ""
3356
2985
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3357
2986
"Definitive Guide</ulink> is a good resource for building web applications "
3358
2987
"with Tomcat."
3359
2988
msgstr ""
3360
2989
3361
#: serverguide/C/web-servers.xml:1254(para)
2990
#: serverguide/C/web-servers.xml:1273(para)
3362
2991
msgid ""
3363
2992
"For additional books see the <ulink "
3364
2993
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3365
2994
"page."
3366
2995
msgstr ""
3367
2996
3368
#: serverguide/C/web-servers.xml:1259(para)
2997
#: serverguide/C/web-servers.xml:1278(para)
3369
2998
msgid ""
3370
2999
"Also, see the<ulink "
3371
3000
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3378
3007
3379
3008
#: serverguide/C/vpn.xml:15(para)
3380
3009
msgid ""
3381
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3382
"network connection between two or more networks. There are several ways to "
3383
"create a VPN using software as well as dedicated hardware appliances. This "
3384
"chapter will cover installing and configuring "
3385
"<application>OpenVPN</application> to create a VPN between two servers."
3010
"OpenVPN is a Virtual Private Networking (VPN) solution provided in the "
3011
"Ubuntu Repositories. It is flexible, reliable and secure. It belongs to the "
3012
"family of SSL/TLS VPN stacks (different from IPSec VPNs). This chapter will "
3013
"cover installing and configuring <application>OpenVPN</application> to "
3014
"create a VPN."
3386
3015
msgstr ""
3387
3016
3388
#: serverguide/C/vpn.xml:23(title)
3017
#: serverguide/C/vpn.xml:21(title)
3389
3018
msgid "OpenVPN"
3390
3019
msgstr ""
3391
3020
3392
#: serverguide/C/vpn.xml:25(para)
3021
#: serverguide/C/vpn.xml:23(para)
3393
3022
msgid ""
3394
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3395
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3396
"clients through a bridge interface on the VPN server. This guide will assume "
3397
"that one VPN node, the server in this case, has a bridge interface "
3398
"configured. For more information on setting up a bridge see <xref "
3399
"linkend=\"bridging\"/>."
3400
msgstr ""
3401
3402
#: serverguide/C/vpn.xml:35(para)
3023
"If you want more than just pre-shared keys "
3024
"<application>OpenVPN</application> makes it easy to setup and use a Public "
3025
"Key Infrastructure (PKI) to use SSL/TLS certificates for authentication and "
3026
"key exchange between the VPN server and clients. "
3027
"<application>OpenVPN</application> can be used in a routed or bridged VPN "
3028
"mode and can be configured to use either UDP or TCP. The port number can be "
3029
"configured as well, but port 1194 is the official one. And it is only using "
3030
"that single port for all communication. VPN client implementations are "
3031
"available for almost anything including all Linux distributions, OS X, "
3032
"Windows and OpenWRT based WLAN routers."
3033
msgstr ""
3034
3035
#: serverguide/C/vpn.xml:31(title)
3036
msgid "Server Installation"
3037
msgstr ""
3038
3039
#: serverguide/C/vpn.xml:33(para)
3403
3040
msgid "To install <application>openvpn</application> in a terminal enter:"
3404
3041
msgstr ""
3405
3042
3406
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3043
#: serverguide/C/vpn.xml:37(command) serverguide/C/vpn.xml:233(command) serverguide/C/vpn.xml:591(command)
3407
3044
msgid "sudo apt-get install openvpn"
3408
3045
msgstr ""
3409
3046
3410
#: serverguide/C/vpn.xml:45(title)
3411
msgid "Server Certificates"
3412
msgstr ""
3413
3414
#: serverguide/C/vpn.xml:47(para)
3415
msgid ""
3416
"Now that the <application>openvpn</application> package is installed, the "
3417
"certificates for the VPN server need to be created."
3047
#: serverguide/C/vpn.xml:42(title)
3048
msgid "Public Key Infrastructure Setup"
3049
msgstr ""
3050
3051
#: serverguide/C/vpn.xml:44(para)
3052
msgid ""
3053
"The first step in building an OpenVPN configuration is to establish a PKI "
3054
"(public key infrastructure). The PKI consists of:"
3055
msgstr ""
3056
3057
#: serverguide/C/vpn.xml:49(para)
3058
msgid ""
3059
"a separate certificate (also known as a public key) and private key for the "
3060
"server and each client, and"
3418
3061
msgstr ""
3419
3062
3420
3063
#: serverguide/C/vpn.xml:52(para)
3421
3064
msgid ""
3422
"First, copy the <filename>easy-rsa</filename> directory to "
3065
"a master Certificate Authority (CA) certificate and key which is used to "
3066
"sign each of the server and client certificates."
3067
msgstr ""
3068
3069
#: serverguide/C/vpn.xml:57(para)
3070
msgid ""
3071
"OpenVPN supports bidirectional authentication based on certificates, meaning "
3072
"that the client must authenticate the server certificate and the server must "
3073
"authenticate the client certificate before mutual trust is established."
3074
msgstr ""
3075
3076
#: serverguide/C/vpn.xml:61(para)
3077
msgid ""
3078
"Both server and client will authenticate the other by first verifying that "
3079
"the presented certificate was signed by the master certificate authority "
3080
"(CA), and then by testing information in the now-authenticated certificate "
3081
"header, such as the certificate common name or certificate type (client or "
3082
"server)."
3083
msgstr ""
3084
3085
#: serverguide/C/vpn.xml:66(title)
3086
msgid "Certificate Authority Setup"
3087
msgstr ""
3088
3089
#: serverguide/C/vpn.xml:68(para)
3090
msgid ""
3091
"To setup your own Certificate Authority (CA) and generating certificates and "
3092
"keys for an OpenVPN server and multiple clients first copy the "
3093
"<filename>easy-rsa</filename> directory to "
3423
3094
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3424
"scripts will not be lost when the package is updated. You will also need to "
3425
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3426
"the current user permission to create files. From a terminal enter:"
3427
msgstr ""
3428
3429
#: serverguide/C/vpn.xml:59(command)
3430
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3431
msgstr ""
3432
3433
#: serverguide/C/vpn.xml:60(command)
3095
"scripts will not be lost when the package is updated. From a terminal change "
3096
"to user root and:"
3097
msgstr ""
3098
3099
#: serverguide/C/vpn.xml:76(command)
3100
msgid "mkdir /etc/openvpn/easy-rsa/"
3101
msgstr ""
3102
3103
#: serverguide/C/vpn.xml:77(command)
3434
3104
msgid ""
3435
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3436
"rsa/"
3437
msgstr ""
3438
3439
#: serverguide/C/vpn.xml:61(command)
3440
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3441
msgstr ""
3442
3443
#: serverguide/C/vpn.xml:64(para)
3105
"cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/"
3106
msgstr ""
3107
3108
#: serverguide/C/vpn.xml:80(para)
3444
3109
msgid ""
3445
3110
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3446
3111
"following to your environment:"
3447
3112
msgstr ""
3448
3113
3449
#: serverguide/C/vpn.xml:68(programlisting)
3114
#: serverguide/C/vpn.xml:84(programlisting)
3450
3115
#, no-wrap
3451
3116
msgid ""
3452
3117
"\n"
3457
3122
"export KEY_EMAIL=\"steve@example.com\"\n"
3458
3123
msgstr ""
3459
3124
3460
#: serverguide/C/vpn.xml:76(para)
3461
msgid "Enter the following to create the server certificates:"
3125
#: serverguide/C/vpn.xml:92(para)
3126
msgid ""
3127
"Enter the following to generate the master Certificate Authority (CA) "
3128
"certificate and key:"
3462
3129
msgstr ""
3463
3130
3464
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3131
#: serverguide/C/vpn.xml:97(command) serverguide/C/vpn.xml:145(command)
3465
3132
msgid "cd /etc/openvpn/easy-rsa/"
3466
3133
msgstr ""
3467
3134
3468
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3135
#: serverguide/C/vpn.xml:98(command) serverguide/C/vpn.xml:146(command)
3469
3136
msgid "source vars"
3470
3137
msgstr ""
3471
3138
3472
#: serverguide/C/vpn.xml:83(command)
3139
#: serverguide/C/vpn.xml:99(command)
3473
3140
msgid "./clean-all"
3474
3141
msgstr ""
3475
3142
3476
#: serverguide/C/vpn.xml:84(command)
3143
#: serverguide/C/vpn.xml:100(command)
3144
msgid "./build-ca"
3145
msgstr ""
3146
3147
#: serverguide/C/vpn.xml:105(title)
3148
msgid "Server Certificates"
3149
msgstr ""
3150
3151
#: serverguide/C/vpn.xml:107(para)
3152
msgid "Next, we will generate a certificate and private key for the server:"
3153
msgstr ""
3154
3155
#: serverguide/C/vpn.xml:112(command)
3156
msgid "./build-key-server myservername"
3157
msgstr ""
3158
3159
#: serverguide/C/vpn.xml:115(para)
3160
msgid ""
3161
"As in the previous step, most parameters can be defaulted. Two other queries "
3162
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
3163
"certificate requests certified, commit? [y/n]\"."
3164
msgstr ""
3165
3166
#: serverguide/C/vpn.xml:119(para)
3167
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
3168
msgstr ""
3169
3170
#: serverguide/C/vpn.xml:124(command)
3477
3171
msgid "./build-dh"
3478
3172
msgstr ""
3479
3173
3480
#: serverguide/C/vpn.xml:85(command)
3481
msgid "./pkitool --initca"
3482
msgstr ""
3483
3484
#: serverguide/C/vpn.xml:86(command)
3485
msgid "./pkitool --server server"
3486
msgstr ""
3487
3488
#: serverguide/C/vpn.xml:87(command)
3489
msgid "cd keys"
3490
msgstr ""
3491
3492
#: serverguide/C/vpn.xml:88(command)
3493
msgid "openvpn --genkey --secret ta.key"
3494
msgstr ""
3495
3496
#: serverguide/C/vpn.xml:89(command)
3497
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3498
msgstr ""
3499
3500
#: serverguide/C/vpn.xml:94(title)
3174
#: serverguide/C/vpn.xml:127(para)
3175
msgid ""
3176
"All certificates and keys have been generated in the subdirectory keys/. "
3177
"Common practice is to copy them to /etc/openvpn/:"
3178
msgstr ""
3179
3180
#: serverguide/C/vpn.xml:131(command)
3181
msgid "cd keys/"
3182
msgstr ""
3183
3184
#: serverguide/C/vpn.xml:132(command)
3185
msgid "cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/"
3186
msgstr ""
3187
3188
#: serverguide/C/vpn.xml:137(title)
3501
3189
msgid "Client Certificates"
3502
3190
msgstr ""
3503
3191
3504
#: serverguide/C/vpn.xml:96(para)
3192
#: serverguide/C/vpn.xml:139(para)
3505
3193
msgid ""
3506
3194
"The VPN client will also need a certificate to authenticate itself to the "
3507
"server. To create the certificate, enter the following in a terminal:"
3508
msgstr ""
3509
3510
#: serverguide/C/vpn.xml:104(command)
3511
msgid "./pkitool hostname"
3512
msgstr ""
3513
3514
#: serverguide/C/vpn.xml:108(para)
3515
msgid ""
3516
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3517
"machine connecting to the VPN."
3518
msgstr ""
3519
3520
#: serverguide/C/vpn.xml:113(para)
3521
msgid "Copy the following files to the client:"
3522
msgstr ""
3523
3524
#: serverguide/C/vpn.xml:118(para)
3195
"server. Usually you create a different certificate for each client. To "
3196
"create the certificate, enter the following in a terminal while being user "
3197
"root:"
3198
msgstr ""
3199
3200
#: serverguide/C/vpn.xml:147(command)
3201
msgid "./build-key client1"
3202
msgstr ""
3203
3204
#: serverguide/C/vpn.xml:150(para)
3205
msgid "Copy the following files to the client using a secure method:"
3206
msgstr ""
3207
3208
#: serverguide/C/vpn.xml:155(para)
3525
3209
msgid "/etc/openvpn/ca.crt"
3526
3210
msgstr ""
3527
3211
3528
#: serverguide/C/vpn.xml:119(para)
3529
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3530
msgstr ""
3531
3532
#: serverguide/C/vpn.xml:120(para)
3533
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3534
msgstr ""
3535
3536
#: serverguide/C/vpn.xml:121(para)
3537
msgid "/etc/openvpn/ta.key"
3538
msgstr ""
3539
3540
#: serverguide/C/vpn.xml:125(para)
3541
msgid ""
3542
"Remember to adjust the above file names for your client machine's "
3543
"<emphasis>hostname</emphasis>."
3544
msgstr ""
3545
3546
#: serverguide/C/vpn.xml:130(para)
3547
msgid ""
3548
"It is best to use a secure method to copy the certificate and key files. The "
3549
"<application>scp</application> utility is a good choice, but copying the "
3550
"files to removable media then to the client, also works well."
3551
msgstr ""
3552
3553
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3554
msgid "Server Configuration"
3555
msgstr ""
3556
3557
#: serverguide/C/vpn.xml:143(para)
3558
msgid ""
3559
"Now configure the <application>openvpn</application> server by creating "
3560
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3561
"terminal enter:"
3562
msgstr ""
3563
3564
#: serverguide/C/vpn.xml:149(command)
3212
#: serverguide/C/vpn.xml:156(para)
3213
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
3214
msgstr ""
3215
3216
#: serverguide/C/vpn.xml:157(para)
3217
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
3218
msgstr ""
3219
3220
#: serverguide/C/vpn.xml:160(para)
3221
msgid ""
3222
"As the client certificates and keys are only required on the client machine, "
3223
"you should remove them from the server."
3224
msgstr ""
3225
3226
#: serverguide/C/vpn.xml:168(title)
3227
msgid "Simple Server Configuration"
3228
msgstr ""
3229
3230
#: serverguide/C/vpn.xml:170(para)
3231
msgid ""
3232
"Along with your <application>OpenVPN</application> installation you got "
3233
"these sample config files (and many more if if you check):"
3234
msgstr ""
3235
3236
#: serverguide/C/vpn.xml:174(programlisting)
3237
#, no-wrap
3238
msgid ""
3239
"\n"
3240
"root@server:/# ls -l /usr/share/doc/openvpn/examples/sample-config-files/\n"
3241
"total 68\n"
3242
"-rw-r--r-- 1 root root 3427 2011-07-04 15:09 client.conf\n"
3243
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
3244
msgstr ""
3245
3246
#: serverguide/C/vpn.xml:181(para)
3247
msgid ""
3248
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
3249
msgstr ""
3250
3251
#: serverguide/C/vpn.xml:185(command)
3565
3252
msgid ""
3566
3253
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3567
3254
"/etc/openvpn/"
3568
3255
msgstr ""
3569
3256
3570
#: serverguide/C/vpn.xml:150(command)
3257
#: serverguide/C/vpn.xml:186(command)
3571
3258
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3572
3259
msgstr ""
3573
3260
3574
#: serverguide/C/vpn.xml:153(para)
3261
#: serverguide/C/vpn.xml:189(para)
3262
msgid ""
3263
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
3264
"following lines are pointing to the certificates and keys you created in the "
3265
"section above."
3266
msgstr ""
3267
3268
#: serverguide/C/vpn.xml:192(programlisting)
3269
#, no-wrap
3270
msgid ""
3271
"\n"
3272
"ca ca.crt\n"
3273
"cert myservername.crt\n"
3274
"key myservername.key \n"
3275
"dh dh1024.pem\n"
3276
msgstr ""
3277
3278
#: serverguide/C/vpn.xml:199(para)
3279
msgid ""
3280
"That is the minimum you have to configure to get a working OpenVPN server. "
3281
"You can use all the default settings in the sample server.conf file. Now "
3282
"start the server. You will find logging and error messages in your syslog."
3283
msgstr ""
3284
3285
#: serverguide/C/vpn.xml:204(programlisting)
3286
#, no-wrap
3287
msgid ""
3288
"\n"
3289
"root@server:/etc/openvpn# /etc/init.d/openvpn start\n"
3290
" * Starting virtual private network daemon(s)...\n"
3291
" * Autostarting VPN 'server' [ OK ]\n"
3292
msgstr ""
3293
3294
#: serverguide/C/vpn.xml:210(para)
3295
msgid "Now check if OpenVPN created a tun0 interface:"
3296
msgstr ""
3297
3298
#: serverguide/C/vpn.xml:214(programlisting)
3299
#, no-wrap
3300
msgid ""
3301
"\n"
3302
"root@server:/etc/openvpn# ifconfig tun0\n"
3303
"tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-"
3304
"00-00-00 \n"
3305
" inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255\n"
3306
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
3307
"[...]\n"
3308
msgstr ""
3309
3310
#: serverguide/C/vpn.xml:224(title)
3311
msgid "Simple Client Configuration"
3312
msgstr ""
3313
3314
#: serverguide/C/vpn.xml:226(para)
3315
msgid ""
3316
"There are various different <application>OpenVPN</application> client "
3317
"implementations with and without GUIs. You can read more about clients in a "
3318
"later section. For now we use the <application>OpenVPN</application> client "
3319
"for Ubuntu which is the same executable as the server. So you have to "
3320
"install the openvpn package again on the client machine:"
3321
msgstr ""
3322
3323
#: serverguide/C/vpn.xml:236(para)
3324
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
3325
msgstr ""
3326
3327
#: serverguide/C/vpn.xml:240(command)
3328
msgid ""
3329
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3330
"/etc/openvpn/"
3331
msgstr ""
3332
3333
#: serverguide/C/vpn.xml:243(para)
3334
msgid ""
3335
"Copy the client keys and the certificate of the CA you created in the "
3336
"section above to e.g. /etc/openvpn/ and edit "
3337
"<filename>/etc/openvpn/client.conf</filename> to make sure the following "
3338
"lines are pointing to those files. If you have the files in /etc/openvpn/ "
3339
"you can omit the path."
3340
msgstr ""
3341
3342
#: serverguide/C/vpn.xml:246(programlisting)
3343
#, no-wrap
3344
msgid ""
3345
"\n"
3346
"ca ca.crt\n"
3347
"cert client1.crt\n"
3348
"key client1.key\n"
3349
msgstr ""
3350
3351
#: serverguide/C/vpn.xml:252(para)
3352
msgid ""
3353
"And you have to at least specify the OpenVPN server name or address. Make "
3354
"sure the keyword client is in the config. That's what enables client mode."
3355
msgstr ""
3356
3357
#: serverguide/C/vpn.xml:258(programlisting)
3358
#, no-wrap
3359
msgid ""
3360
"\n"
3361
"client\n"
3362
"remote vpnserver.example.com 1194\n"
3363
msgstr ""
3364
3365
#: serverguide/C/vpn.xml:263(para)
3366
msgid "Now start the OpenVPN client:"
3367
msgstr ""
3368
3369
#: serverguide/C/vpn.xml:267(programlisting)
3370
#, no-wrap
3371
msgid ""
3372
"\n"
3373
"root@client:/etc/openvpn# /etc/init.d/openvpn start\n"
3374
" * Starting virtual private network daemon(s)... \n"
3375
" * Autostarting VPN 'client' [ OK ] \n"
3376
msgstr ""
3377
3378
#: serverguide/C/vpn.xml:273(para)
3379
msgid "Check if it created a tun0 interface:"
3380
msgstr ""
3381
3382
#: serverguide/C/vpn.xml:277(programlisting)
3383
#, no-wrap
3384
msgid ""
3385
"\n"
3386
"root@client:/etc/openvpn# ifconfig tun0\n"
3387
"tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-"
3388
"00-00-00 \n"
3389
" inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255\n"
3390
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
3391
msgstr ""
3392
3393
#: serverguide/C/vpn.xml:284(para)
3394
msgid "Check if you can ping the OpenVPN server:"
3395
msgstr ""
3396
3397
#: serverguide/C/vpn.xml:287(programlisting)
3398
#, no-wrap
3399
msgid ""
3400
"\n"
3401
"root@client:/etc/openvpn# ping 10.8.0.1\n"
3402
"PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.\n"
3403
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
3404
msgstr ""
3405
3406
#: serverguide/C/vpn.xml:294(para)
3407
msgid ""
3408
"The OpenVPN server always uses the first usable IP address in the client "
3409
"network and only that IP is pingable. E.g. if you configured a /24 for the "
3410
"client network mask, the .1 address will be used. The P-t-P address you see "
3411
"in the ifconfig output above is usually not answering ping requests."
3412
msgstr ""
3413
3414
#: serverguide/C/vpn.xml:299(para)
3415
msgid "Check out your routes:"
3416
msgstr ""
3417
3418
#: serverguide/C/vpn.xml:302(programlisting)
3419
#, no-wrap
3420
msgid ""
3421
"\n"
3422
"root@client:/etc/openvpn# netstat -rn\n"
3423
"Kernel IP routing table\n"
3424
"Destination Gateway Genmask Flags MSS Window irtt "
3425
"Iface\n"
3426
"10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 "
3427
"tun0\n"
3428
"10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 "
3429
"tun0\n"
3430
"192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 "
3431
"eth0\n"
3432
"0.0.0.0 192.168.42.1 0.0.0.0 UG 0 0 0 "
3433
"eth0\n"
3434
msgstr ""
3435
3436
#: serverguide/C/vpn.xml:314(title)
3437
msgid "First trouble shooting"
3438
msgstr ""
3439
3440
#: serverguide/C/vpn.xml:316(para)
3441
msgid "If the above didn't work for you, check this:"
3442
msgstr ""
3443
3444
#: serverguide/C/vpn.xml:321(para)
3445
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
3446
msgstr ""
3447
3448
#: serverguide/C/vpn.xml:324(para)
3449
msgid ""
3450
"Can the client connect to the server machine? Maybe a firewall is blocking "
3451
"access? Check syslog on server."
3452
msgstr ""
3453
3454
#: serverguide/C/vpn.xml:327(para)
3455
msgid ""
3456
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
3457
"port and proto config option"
3458
msgstr ""
3459
3460
#: serverguide/C/vpn.xml:330(para)
3461
msgid ""
3462
"Client and server must use same config regarding compression, see comp-lzo "
3463
"config option"
3464
msgstr ""
3465
3466
#: serverguide/C/vpn.xml:333(para)
3467
msgid ""
3468
"Client and server must use same config regarding bridged vs routed mode, see "
3469
"server vs server-bridge config option"
3470
msgstr ""
3471
3472
#: serverguide/C/vpn.xml:341(title)
3473
msgid "Advanved configuration"
3474
msgstr ""
3475
3476
#: serverguide/C/vpn.xml:344(title)
3477
msgid "Advanced routed VPN configuration on server"
3478
msgstr ""
3479
3480
#: serverguide/C/vpn.xml:346(para)
3481
msgid ""
3482
"The above is a very simple working VPN. The client can access services on "
3483
"the VPN server machine through an encrypted tunnel. If you want to reach "
3484
"more servers or anything in other networks, push some routes to the clients. "
3485
"E.g. if your company's network can be summarized to the network "
3486
"192.168.0.0/16, you could push this route to the clients. But you will also "
3487
"have to change the routing for the way back - your servers need to know a "
3488
"route to the VPN client-network."
3489
msgstr ""
3490
3491
#: serverguide/C/vpn.xml:350(para)
3492
msgid ""
3493
"Or you might push a default gateway to all the clients to send all their "
3494
"internet traffic to the VPN gateway first and from there via the company "
3495
"firewall into the internet. This section shows you some possible options."
3496
msgstr ""
3497
3498
#: serverguide/C/vpn.xml:354(para)
3499
msgid ""
3500
"Push routes to the client to allow it to reach other private subnets behind "
3501
"the server. Remember that these private subnets will also need to know to "
3502
"route the OpenVPN client address pool (10.8.0.0/24) back to the OpenVPN "
3503
"server."
3504
msgstr ""
3505
3506
#: serverguide/C/vpn.xml:363(programlisting)
3507
#, no-wrap
3508
msgid ""
3509
"\n"
3510
"push \"route 10.0.0.0 255.0.0.0\"\n"
3511
msgstr ""
3512
3513
#: serverguide/C/vpn.xml:367(para)
3514
msgid ""
3515
"If enabled, this directive will configure all clients to redirect their "
3516
"default network gateway through the VPN, causing all IP traffic such as web "
3517
"browsing and and DNS lookups to go through the VPN (the OpenVPN server "
3518
"machine or your central firewall may need to NAT the TUN/TAP interface to "
3519
"the internet in order for this to work properly)."
3520
msgstr ""
3521
3522
#: serverguide/C/vpn.xml:376(programlisting)
3523
#, no-wrap
3524
msgid ""
3525
"\n"
3526
"push \"redirect-gateway def1 bypass-dhcp\"\n"
3527
msgstr ""
3528
3529
#: serverguide/C/vpn.xml:380(para)
3530
msgid ""
3531
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
3532
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
3533
"made available to clients. Each client will be able to reach the server on "
3534
"10.8.0.1. Comment this line out if you are ethernet bridging."
3535
msgstr ""
3536
3537
#: serverguide/C/vpn.xml:389(programlisting)
3538
#, no-wrap
3539
msgid ""
3540
"\n"
3541
"server 10.8.0.0 255.255.255.0\n"
3542
msgstr ""
3543
3544
#: serverguide/C/vpn.xml:393(para)
3545
msgid ""
3546
"Maintain a record of client to virtual IP address associations in this file. "
3547
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
3548
"the same virtual IP address from the pool that was previously assigned."
3549
msgstr ""
3550
3551
#: serverguide/C/vpn.xml:400(programlisting)
3552
#, no-wrap
3553
msgid ""
3554
"\n"
3555
"ifconfig-pool-persist ipp.txt\n"
3556
msgstr ""
3557
3558
#: serverguide/C/vpn.xml:404(para)
3559
msgid "Push DNS servers to the client."
3560
msgstr ""
3561
3562
#: serverguide/C/vpn.xml:407(programlisting)
3563
#, no-wrap
3564
msgid ""
3565
"\n"
3566
"push \"dhcp-option DNS 10.0.0.2\"\n"
3567
"push \"dhcp-option DNS 10.1.0.2\"\n"
3568
msgstr ""
3569
3570
#: serverguide/C/vpn.xml:412(para)
3571
msgid "Allow client to client communication."
3572
msgstr ""
3573
3574
#: serverguide/C/vpn.xml:415(programlisting)
3575
#, no-wrap
3576
msgid ""
3577
"\n"
3578
"client-to-client\n"
3579
msgstr ""
3580
3581
#: serverguide/C/vpn.xml:419(para)
3582
msgid "Enable compression on the VPN link."
3583
msgstr ""
3584
3585
#: serverguide/C/vpn.xml:422(programlisting)
3586
#, no-wrap
3587
msgid ""
3588
"\n"
3589
"comp-lzo\n"
3590
msgstr ""
3591
3592
#: serverguide/C/vpn.xml:426(para)
3593
msgid ""
3594
"The keepalive directive causes ping-like messages to be sent back and forth "
3595
"over the link so that each side knows when the other side has gone down. "
3596
"Ping every 1 second, assume that remote peer is down if no ping received "
3597
"during a 3 second time period."
3598
msgstr ""
3599
3600
#: serverguide/C/vpn.xml:435(programlisting)
3601
#, no-wrap
3602
msgid ""
3603
"\n"
3604
"keepalive 1 3\n"
3605
msgstr ""
3606
3607
#: serverguide/C/vpn.xml:439(para)
3608
msgid ""
3609
"It's a good idea to reduce the OpenVPN daemon's privileges after "
3610
"initialization."
3611
msgstr ""
3612
3613
#: serverguide/C/vpn.xml:442(programlisting)
3614
#, no-wrap
3615
msgid ""
3616
"\n"
3617
"user nobody\n"
3618
"group nogroup\n"
3619
msgstr ""
3620
3621
#: serverguide/C/vpn.xml:447(para)
3622
msgid ""
3623
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
3624
"obtain a username and password from a connecting client, and to use that "
3625
"information as a basis for authenticating the client. To use this "
3626
"authentication method, first add the auth-user-pass directive to the client "
3627
"configuration. It will direct the OpenVPN client to query the user for a "
3628
"username/password, passing it on to the server over the secure TLS channel."
3629
msgstr ""
3630
3631
#: serverguide/C/vpn.xml:451(programlisting)
3632
#, no-wrap
3633
msgid ""
3634
"\n"
3635
"# client config!\n"
3636
"auth-user-pass\n"
3637
msgstr ""
3638
3639
#: serverguide/C/vpn.xml:456(para)
3640
msgid ""
3641
"This will tell the OpenVPN server to validate the username/password entered "
3642
"by clients using the login PAM module. Useful if you have centralized "
3643
"authentication with e.g. Kerberos."
3644
msgstr ""
3645
3646
#: serverguide/C/vpn.xml:461(programlisting)
3647
#, no-wrap
3648
msgid ""
3649
"\n"
3650
"plugin /usr/lib/openvpn/openvpn-auth-pam.so login\n"
3651
msgstr ""
3652
3653
#: serverguide/C/vpn.xml:465(para)
3654
msgid ""
3655
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
3656
"source/documentation/howto.html#security\">hardening security guide</ulink> "
3657
"for further security advice."
3658
msgstr ""
3659
3660
#: serverguide/C/vpn.xml:471(title)
3661
msgid "Advanced bridged VPN configuration on server"
3662
msgstr ""
3663
3664
#: serverguide/C/vpn.xml:473(para)
3665
msgid ""
3666
"<application>OpenVPN</application> can be setup for either a routed or a "
3667
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
3668
"layer-3 VPN. In a bridged VPN all layer-2 frames - e.g. all ethernet frames -"
3669
" are sent to the VPN partners and in a routed VPN only layer-3 packets are "
3670
"sent to VPN partners. In bridged mode all traffic including traffic which "
3671
"was traditionally LAN-local like local network broadcasts, DHCP requests, "
3672
"ARP requests etc. are sent to VPN partners whereas in routed mode this would "
3673
"be filtered."
3674
msgstr ""
3675
3676
#: serverguide/C/vpn.xml:479(title)
3677
msgid "Prepare interface config for bridging on server"
3678
msgstr ""
3679
3680
#: serverguide/C/vpn.xml:481(para)
3681
msgid "Make sure you have the bridge-utils package installed:"
3682
msgstr ""
3683
3684
#: serverguide/C/vpn.xml:485(command) serverguide/C/virtualization.xml:2179(command) serverguide/C/network-config.xml:540(command)
3685
msgid "sudo apt-get install bridge-utils"
3686
msgstr ""
3687
3688
#: serverguide/C/vpn.xml:488(para)
3689
msgid ""
3690
"Before you setup OpenVPN in bridged mode you need to change your interface "
3691
"configuration. Let's assume your server has an interface eth0 connected to "
3692
"the internet and an interface eth1 connected to the LAN you want to bridge. "
3693
"Your /etc/network/interfaces would like this:"
3694
msgstr ""
3695
3696
#: serverguide/C/vpn.xml:492(programlisting)
3697
#, no-wrap
3698
msgid ""
3699
"\n"
3700
"auto eth0\n"
3701
"iface eth0 inet static\n"
3702
" address 1.2.3.4\n"
3703
" netmask 255.255.255.248\n"
3704
" default 1.2.3.1\n"
3705
"\n"
3706
"auto eth1\n"
3707
"iface eth1 inet static\n"
3708
" address 10.0.0.4\n"
3709
" netmask 255.255.255.0\n"
3710
msgstr ""
3711
3712
#: serverguide/C/vpn.xml:505(para)
3713
msgid ""
3714
"This straight forward interface config needs to be changed into a bridged "
3715
"mode like where the config of interface eth1 moves to the new br0 interface. "
3716
"Plus we configure that br0 should bridge interface eth1. We also need to "
3717
"make sure that interface eth1 is always in promiscuous mode - this tells the "
3718
"interface to forward all ethernet frames to the IP stack."
3719
msgstr ""
3720
3721
#: serverguide/C/vpn.xml:509(programlisting)
3722
#, no-wrap
3723
msgid ""
3724
"\n"
3725
"auto eth0\n"
3726
"iface eth0 inet static\n"
3727
" address 1.2.3.4\n"
3728
" netmask 255.255.255.248\n"
3729
" default 1.2.3.1\n"
3730
"\n"
3731
"auto eth1\n"
3732
"iface eth1 inet manual\n"
3733
" up ip link set $IFACE up promisc on\n"
3734
"\n"
3735
"auto br0\n"
3736
"iface br0 inet static\n"
3737
" address 10.0.0.4\n"
3738
" netmask 255.255.255.0\n"
3739
" bridge_ports eth1\n"
3740
msgstr ""
3741
3742
#: serverguide/C/vpn.xml:527(para)
3743
msgid ""
3744
"At this point you need to restart networking. Be prepared that this might "
3745
"not work as expected and that you will lose remote connectivity. Make sure "
3746
"you can solve problems having local access."
3747
msgstr ""
3748
3749
#: serverguide/C/vpn.xml:531(command)
3750
msgid "sudo /etc/init.d/network restart"
3751
msgstr ""
3752
3753
#: serverguide/C/vpn.xml:536(title)
3754
msgid "Prepare server config for bridging"
3755
msgstr ""
3756
3757
#: serverguide/C/vpn.xml:538(para)
3575
3758
msgid ""
3576
3759
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3577
3760
"options to:"
3578
3761
msgstr ""
3579
3762
3580
#: serverguide/C/vpn.xml:157(programlisting)
3763
#: serverguide/C/vpn.xml:542(programlisting)
3581
3764
#, no-wrap
3582
3765
msgid ""
3583
3766
"\n"
3584
"local 172.18.100.101\n"
3585
"dev tap0\n"
3586
"up \"/etc/openvpn/up.sh br0\"\n"
3587
"down \"/etc/openvpn/down.sh br0\"\n"
3767
";dev tun\n"
3768
"dev tap\n"
3769
"up \"/etc/openvpn/up.sh br0 eth1\"\n"
3588
3770
";server 10.8.0.0 255.255.255.0\n"
3589
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3590
"push \"route 172.18.100.1 255.255.255.0\"\n"
3591
"push \"dhcp-option DNS 172.18.100.20\"\n"
3592
"push \"dhcp-option DOMAIN example.com\"\n"
3593
"tls-auth ta.key 0 # This file is secret\n"
3594
"user nobody\n"
3595
"group nogroup\n"
3596
msgstr ""
3597
3598
#: serverguide/C/vpn.xml:174(para)
3599
msgid ""
3600
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3601
msgstr ""
3602
3603
#: serverguide/C/vpn.xml:179(para)
3604
msgid ""
3605
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3606
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3607
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3608
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3609
"to clients."
3610
msgstr ""
3611
3612
#: serverguide/C/vpn.xml:186(para)
3613
msgid ""
3614
"<emphasis>push</emphasis>: are directives to add networking options for "
3615
"clients."
3616
msgstr ""
3617
3618
#: serverguide/C/vpn.xml:191(para)
3619
msgid ""
3620
"<emphasis>user and group</emphasis>: configure which user and group the "
3621
"<application>openvpn</application> daemon executes as."
3622
msgstr ""
3623
3624
#: serverguide/C/vpn.xml:198(para)
3625
msgid ""
3626
"Replace all IP addresses and domain names above with those of your network."
3627
msgstr ""
3628
3629
#: serverguide/C/vpn.xml:203(para)
3630
msgid ""
3631
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3632
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3633
msgstr ""
3634
3635
#: serverguide/C/vpn.xml:207(programlisting)
3636
#, no-wrap
3637
msgid ""
3638
"\n"
3639
"#!/bin/sh\n"
3640
"\n"
3641
"BR=$1\n"
3642
"DEV=$2\n"
3643
"MTU=$3\n"
3644
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3645
"/usr/sbin/brctl addif $BR $DEV\n"
3646
msgstr ""
3647
3648
#: serverguide/C/vpn.xml:217(para)
3649
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3650
msgstr ""
3651
3652
#: serverguide/C/vpn.xml:221(programlisting)
3653
#, no-wrap
3654
msgid ""
3655
"\n"
3656
"#!/bin/sh\n"
3657
"\n"
3658
"BR=$1\n"
3659
"DEV=$2\n"
3660
"\n"
3661
"/usr/sbin/brctl delif $BR $DEV\n"
3662
"/sbin/ifconfig $DEV down\n"
3663
msgstr ""
3664
3665
#: serverguide/C/vpn.xml:231(para)
3666
msgid "Then make them executable:"
3667
msgstr ""
3668
3669
#: serverguide/C/vpn.xml:236(command)
3670
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3671
msgstr ""
3672
3673
#: serverguide/C/vpn.xml:237(command)
3771
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
3772
msgstr ""
3773
3774
#: serverguide/C/vpn.xml:550(para)
3775
msgid ""
3776
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
3777
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
3778
"<filename>/etc/openvpn/up.sh</filename>:"
3779
msgstr ""
3780
3781
#: serverguide/C/vpn.xml:554(programlisting)
3782
#, no-wrap
3783
msgid ""
3784
"\n"
3785
"#!/bin/sh\n"
3786
"\n"
3787
"BR=$1\n"
3788
"ETHDEV=$2\n"
3789
"TAPDEV=$3\n"
3790
"\n"
3791
"/sbin/ip link set \"$TAPDEV\" up\n"
3792
"/sbin/ip link set \"$ETHDEV\" promisc on\n"
3793
"/sbin/brctl addif $BR $TAPDEV\n"
3794
msgstr ""
3795
3796
#: serverguide/C/vpn.xml:566(para)
3797
msgid "Then make it executable:"
3798
msgstr ""
3799
3800
#: serverguide/C/vpn.xml:571(command)
3674
3801
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3675
3802
msgstr ""
3676
3803
3677
#: serverguide/C/vpn.xml:240(para)
3804
#: serverguide/C/vpn.xml:574(para)
3678
3805
msgid ""
3679
3806
"After configuring the server, restart <application>openvpn</application> by "
3680
3807
"entering:"
3681
3808
msgstr ""
3682
3809
3683
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3810
#: serverguide/C/vpn.xml:579(command) serverguide/C/vpn.xml:617(command)
3684
3811
msgid "sudo /etc/init.d/openvpn restart"
3685
3812
msgstr ""
3686
3813
3687
#: serverguide/C/vpn.xml:250(title)
3814
#: serverguide/C/vpn.xml:584(title)
3688
3815
msgid "Client Configuration"
3689
3816
msgstr ""
3690
3817
3691
#: serverguide/C/vpn.xml:252(para)
3818
#: serverguide/C/vpn.xml:586(para)
3692
3819
msgid "First, install <application>openvpn</application> on the client:"
3693
3820
msgstr ""
3694
3821
3695
#: serverguide/C/vpn.xml:260(para)
3822
#: serverguide/C/vpn.xml:594(para)
3696
3823
msgid ""
3697
3824
"Then with the server configured and the client certificates copied to the "
3698
3825
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3699
3826
"file by copying the example. In a terminal on the client machine enter:"
3700
3827
msgstr ""
3701
3828
3702
#: serverguide/C/vpn.xml:266(command)
3829
#: serverguide/C/vpn.xml:600(command)
3703
3830
msgid ""
3704
3831
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3705
3832
"/etc/openvpn"
3706
3833
msgstr ""
3707
3834
3708
#: serverguide/C/vpn.xml:269(para)
3835
#: serverguide/C/vpn.xml:603(para)
3709
3836
msgid ""
3710
3837
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3711
3838
"following options:"
3712
3839
msgstr ""
3713
3840
3714
#: serverguide/C/vpn.xml:273(programlisting)
3841
#: serverguide/C/vpn.xml:607(programlisting)
3715
3842
#, no-wrap
3716
3843
msgid ""
3717
3844
"\n"
3718
3845
"dev tap\n"
3719
"remote vpn.example.com 1194\n"
3720
"cert hostname.crt\n"
3721
"key hostname.key\n"
3722
"tls-auth ta.key 1\n"
3723
msgstr ""
3724
3725
#: serverguide/C/vpn.xml:282(para)
3726
msgid ""
3727
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3728
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3729
"key filenames."
3730
msgstr ""
3731
3732
#: serverguide/C/vpn.xml:288(para)
3846
";dev tun\n"
3847
msgstr ""
3848
3849
#: serverguide/C/vpn.xml:612(para)
3733
3850
msgid "Finally, restart <application>openvpn</application>:"
3734
3851
msgstr ""
3735
3852
3736
#: serverguide/C/vpn.xml:296(para)
3853
#: serverguide/C/vpn.xml:620(para)
3737
3854
msgid "You should now be able to connect to the remote LAN through the VPN."
3738
3855
msgstr ""
3739
3856
3740
#: serverguide/C/vpn.xml:307(para)
3857
#: serverguide/C/vpn.xml:629(title)
3858
msgid "Client software implementations"
3859
msgstr ""
3860
3861
#: serverguide/C/vpn.xml:632(title)
3862
msgid "Linux Network-Manager GUI for OpenVPN"
3863
msgstr ""
3864
3865
#: serverguide/C/vpn.xml:634(para)
3866
msgid ""
3867
"Many Linux distributions including Ubuntu desktop variants come with Network "
3868
"Manager, a nice GUI to configure your network settings. It also can manage "
3869
"your VPN connections. Make sure you have package network-manager-openvpn "
3870
"installed. Here you see that the installation installs all other required "
3871
"packages as well:"
3872
msgstr ""
3873
3874
#: serverguide/C/vpn.xml:639(programlisting)
3875
#, no-wrap
3876
msgid ""
3877
"\n"
3878
"root@client:~# apt-get install network-manager-openvpn\n"
3879
"Reading package lists... Done\n"
3880
"Building dependency tree \n"
3881
"Reading state information... Done\n"
3882
"The following extra packages will be installed:\n"
3883
" liblzo2-2 libpkcs11-helper1 network-manager-openvpn-gnome openvpn\n"
3884
"Suggested packages:\n"
3885
" resolvconf\n"
3886
"The following NEW packages will be installed:\n"
3887
" liblzo2-2 libpkcs11-helper1 network-manager-openvpn\n"
3888
" network-manager-openvpn-gnome openvpn\n"
3889
"0 upgraded, 5 newly installed, 0 to remove and 631 not upgraded.\n"
3890
"Need to get 700 kB of archives.\n"
3891
"After this operation, 3,031 kB of additional disk space will be used.\n"
3892
"Do you want to continue [Y/n]? \n"
3893
msgstr ""
3894
3895
#: serverguide/C/vpn.xml:657(para)
3896
msgid ""
3897
"To inform network-manager about the new installed packages you will have to "
3898
"restart it:"
3899
msgstr ""
3900
3901
#: serverguide/C/vpn.xml:661(programlisting)
3902
#, no-wrap
3903
msgid ""
3904
"\n"
3905
"root@client:~# restart network-manager \n"
3906
"network-manager start/running, process 3078\n"
3907
msgstr ""
3908
3909
#: serverguide/C/vpn.xml:666(para)
3910
msgid ""
3911
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
3912
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
3913
"In the next window add the OpenVPN's server name as the 'Gateway', set "
3914
"'Type' to 'Certificates (TLS)', point 'User Certificate' to your user "
3915
"certificate, 'CA Certificate' to your CA certificate and 'Private Key' to "
3916
"your private key file. Use the advanced button to enable compression or "
3917
"other special settings you set on the server. Now try to establish your VPN."
3918
msgstr ""
3919
3920
#: serverguide/C/vpn.xml:678(title)
3921
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
3922
msgstr ""
3923
3924
#: serverguide/C/vpn.xml:680(para)
3925
msgid ""
3926
"Tunnelblick is an excellent free, open source implementation of a GUI for "
3927
"OpenVPN for OS X. The project's homepage is at <ulink "
3928
"url=\"http://code.google.com/p/tunnelblick/\">http://code.google.com/p/tunnel"
3929
"blick/</ulink>. Download the latest OS X installer from there and install "
3930
"it. Then put your client.ovpn config file together with the certificates and "
3931
"keys in /Users/username/Library/Application "
3932
"Support/Tunnelblick/Configurations/ and lauch Tunnelblick from your "
3933
"Application folder."
3934
msgstr ""
3935
3936
#: serverguide/C/vpn.xml:686(programlisting)
3937
#, no-wrap
3938
msgid ""
3939
"\n"
3940
"# sample client.ovpn for Tunnelblick\n"
3941
"client\n"
3942
"remote blue.example.com\n"
3943
"port 1194\n"
3944
"proto udp\n"
3945
"dev tun\n"
3946
"dev-type tun\n"
3947
"ns-cert-type server\n"
3948
"reneg-sec 86400\n"
3949
"auth-user-pass\n"
3950
"auth-nocache\n"
3951
"auth-retry interact\n"
3952
"comp-lzo yes\n"
3953
"verb 3\n"
3954
"ca ca.crt\n"
3955
"cert client.crt\n"
3956
"key client.key\n"
3957
msgstr ""
3958
3959
#: serverguide/C/vpn.xml:708(title)
3960
msgid "OpenVPN with GUI for Win 7"
3961
msgstr ""
3962
3963
#: serverguide/C/vpn.xml:710(para)
3964
msgid ""
3965
"First download and install the latest <ulink "
3966
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
3967
"Windows Installer</ulink>. OpenVPN 2.2.1 was the latest when this was "
3968
"written. Additionally download an alternative Open VPN Windows GUI. The "
3969
"OpenVPN MI GUI from <ulink url=\"http://openvpn-mi-gui.inside-"
3970
"security.de\">http://openvpn-mi-gui.inside-security.de</ulink> seems to be a "
3971
"nice one for Windows 7. Download the latest version. 20110624 was the latest "
3972
"version when this was written."
3973
msgstr ""
3974
3975
#: serverguide/C/vpn.xml:716(para)
3976
msgid ""
3977
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
3978
"> Services and Applications > Services. Find the OpenVPN service and "
3979
"start it. Set it's startup type to automatic. When you start the OpenVPN MI "
3980
"GUI the first time you need to run it as an administrator. You have to right "
3981
"click on it and you will see that option."
3982
msgstr ""
3983
3984
#: serverguide/C/vpn.xml:720(para)
3985
msgid ""
3986
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
3987
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
3988
"You could put the user certificate in the user's home directory like in the "
3989
"follwing example."
3990
msgstr ""
3991
3992
#: serverguide/C/vpn.xml:724(programlisting)
3993
#, no-wrap
3994
msgid ""
3995
"\n"
3996
"# C:\\Program Files\\OpenVPN\\config\\client.ovpn\n"
3997
"client\n"
3998
"remote server.example.com\n"
3999
"port 1194\n"
4000
"proto udp\n"
4001
"dev tun\n"
4002
"dev-type tun\n"
4003
"ns-cert-type server\n"
4004
"reneg-sec 86400\n"
4005
"auth-user-pass\n"
4006
"auth-retry interact\n"
4007
"comp-lzo yes\n"
4008
"verb 3\n"
4009
"ca ca.crt\n"
4010
"cert \"C:\\\\Users\\\\username\\\\My Documents\\\\openvpn\\\\client.crt\"\n"
4011
"key \"C:\\\\Users\\\\username\\\\My Documents\\\\openvpn\\\\client.key\"\n"
4012
"management 127.0.0.1 1194\n"
4013
"management-hold\n"
4014
"management-query-passwords\n"
4015
"auth-retry interact\n"
4016
msgstr ""
4017
4018
#: serverguide/C/vpn.xml:749(title)
4019
msgid "OpenVPN for OpenWRT"
4020
msgstr ""
4021
4022
#: serverguide/C/vpn.xml:751(para)
4023
msgid ""
4024
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
4025
"router. There are certain types of WLAN routers who can be flashed to run "
4026
"OpenWRT. Depending on the available memory on your OpenWRT router you can "
4027
"run software like OpenVPN and you could for example build a small "
4028
"inexpensive branch office router with VPN connectivity to the central "
4029
"office. More info on OpenVPN on OpenWRT is <ulink "
4030
"url=\"http://wiki.openwrt.org/doc/howto/vpn.overview\">here</ulink>. And "
4031
"here is the OpenWRT project's homepage: <ulink "
4032
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
4033
msgstr ""
4034
4035
#: serverguide/C/vpn.xml:760(para)
4036
msgid "Log into your OpenWRT router and install OpenVPN:"
4037
msgstr ""
4038
4039
#: serverguide/C/vpn.xml:765(command)
4040
msgid "opkg update"
4041
msgstr ""
4042
4043
#: serverguide/C/vpn.xml:766(command)
4044
msgid "opkg install openvpn"
4045
msgstr ""
4046
4047
#: serverguide/C/vpn.xml:769(para)
4048
msgid ""
4049
"Check out /etc/config/openvpn and put you client config in there. Copy "
4050
"certificated and keys to /etc/openvpn/"
4051
msgstr ""
4052
4053
#: serverguide/C/vpn.xml:774(programlisting)
4054
#, no-wrap
4055
msgid ""
4056
"\n"
4057
"config openvpn client1\n"
4058
" option enable 1 \n"
4059
" option client 1 \n"
4060
"# option dev tap \n"
4061
" option dev tun \n"
4062
" option proto udp \n"
4063
" option ca /etc/openvpn/ca.crt \n"
4064
" option cert /etc/openvpn/client.crt\n"
4065
" option key /etc/openvpn/client.key\n"
4066
" option comp_lzo 1 \n"
4067
msgstr ""
4068
4069
#: serverguide/C/vpn.xml:787(para)
4070
msgid "Restart OpenVPN:"
4071
msgstr ""
4072
4073
#: serverguide/C/vpn.xml:792(command)
4074
msgid "/etc/init.d/openvpn restart"
4075
msgstr ""
4076
4077
#: serverguide/C/vpn.xml:795(para)
4078
msgid ""
4079
"You will have to see if you need to adjust your router's routing and "
4080
"firewall rules."
4081
msgstr ""
4082
4083
#: serverguide/C/vpn.xml:805(para)
3741
4084
msgid ""
3742
4085
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3743
4086
"additional information."
3744
4087
msgstr ""
3745
4088
3746
#: serverguide/C/vpn.xml:312(para)
4089
#: serverguide/C/vpn.xml:811(ulink)
4090
msgid "OpenVPN hardening security guide"
4091
msgstr ""
4092
4093
#: serverguide/C/vpn.xml:815(para)
3747
4094
msgid ""
3748
4095
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3749
4096
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3750
4097
msgstr ""
3751
4098
3752
#: serverguide/C/vpn.xml:318(para)
3753
msgid ""
3754
"Another source of further information is the <ulink "
3755
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3756
"OpenVPN</ulink> page."
3757
msgstr ""
3758
3759
4099
#: serverguide/C/virtualization.xml:13(title)
3760
4100
msgid "Virtualization"
3761
4101
msgstr ""
3882
4222
msgid ""
3883
4223
"There are several ways to automate the Ubuntu installation process, for "
3884
4224
"example using preseeds, kickstart, etc. Refer to the <ulink "
3885
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4225
"url=\"https://help.ubuntu.com/12.04/installation-guide/\">Ubuntu "
3886
4226
"Installation Guide</ulink> for details."
3887
4227
msgstr ""
3888
4228
3901
4241
3902
4242
#: serverguide/C/virtualization.xml:105(para)
3903
4243
msgid ""
3904
"<application>virt-install</application> is part of the <application>python-"
3905
"virtinst</application> package. To install it, from a terminal prompt enter:"
4244
"<application>virt-install</application> is part of the "
4245
"<application>virtinst</application> package. To install it, from a terminal "
4246
"prompt enter:"
3906
4247
msgstr ""
3907
4248
3908
4249
#: serverguide/C/virtualization.xml:109(command)
3909
msgid "sudo apt-get install python-virtinst"
3910
msgstr "sudo apt-get install python-virtinst"
4250
msgid "sudo apt-get install virtinst"
4251
msgstr ""
3911
4252
3912
4253
#: serverguide/C/virtualization.xml:111(para)
3913
4254
msgid ""
3917
4258
3918
4259
#: serverguide/C/virtualization.xml:115(command)
3919
4260
msgid ""
3920
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3921
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4261
"sudo virt-install -n web_devel -r 256 \\ --disk "
4262
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ jeos.iso -"
4263
"-accelerate --network network=default,model=virtio \\ --"
4264
"connect=qemu:///system --vnc --noautoconsole -v"
3922
4265
msgstr ""
3923
4266
3924
4267
#: serverguide/C/virtualization.xml:122(para)
3930
4273
#: serverguide/C/virtualization.xml:127(para)
3931
4274
msgid ""
3932
4275
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3933
"machine will use."
4276
"machine will use in megabytes."
3934
4277
msgstr ""
3935
4278
3936
4279
#: serverguide/C/virtualization.xml:132(para)
3937
4280
msgid ""
3938
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3939
"disk which can be a file, partition, or logical volume. In this example a "
3940
"file named <filename>web_devel.img</filename>."
3941
msgstr ""
3942
3943
#: serverguide/C/virtualization.xml:138(para)
3944
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3945
msgstr ""
3946
3947
#: serverguide/C/virtualization.xml:143(para)
4281
"<emphasis>--disk "
4282
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
4283
"path to the virtual disk which can be a file, partition, or logical volume. "
4284
"In this example a file named <filename>web_devel.img</filename> in the "
4285
"/var/lib/libvirt/images/ directory, with a size of 4 gigabytes, and using "
4286
"<emphasis>virtio</emphasis> for the disk bus."
4287
msgstr ""
4288
4289
#: serverguide/C/virtualization.xml:139(para)
3948
4290
msgid ""
3949
4291
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3950
4292
"file can be either an ISO file or the path to the host's CDROM device."
3951
4293
msgstr ""
3952
4294
3953
#: serverguide/C/virtualization.xml:149(para)
4295
#: serverguide/C/virtualization.xml:145(para)
3954
4296
msgid ""
3955
4297
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3956
4298
"technologies."
3957
4299
msgstr ""
3958
4300
3959
#: serverguide/C/virtualization.xml:154(para)
4301
#: serverguide/C/virtualization.xml:150(para)
4302
msgid ""
4303
"<emphasis>--network</emphasis> provides details related to the VM's network "
4304
"interface. Here the <emphasis>default</emphasis> network is used, and the "
4305
"interface model is configured for <emphasis>virtio</emphasis>."
4306
msgstr ""
4307
4308
#: serverguide/C/virtualization.xml:156(para)
3960
4309
msgid ""
3961
4310
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3962
4311
msgstr ""
3963
4312
3964
#: serverguide/C/virtualization.xml:159(para)
4313
#: serverguide/C/virtualization.xml:161(para)
3965
4314
msgid ""
3966
4315
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3967
4316
"virtual machine's console."
3968
4317
msgstr ""
3969
4318
3970
#: serverguide/C/virtualization.xml:164(para)
4319
#: serverguide/C/virtualization.xml:166(para)
3971
4320
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3972
4321
msgstr ""
3973
4322
3974
#: serverguide/C/virtualization.xml:169(para)
4323
#: serverguide/C/virtualization.xml:171(para)
3975
4324
msgid ""
3976
4325
"After launching <application>virt-install</application> you can connect to "
3977
4326
"the virtual machine's console either locally using a GUI or with the "
3978
4327
"<application>virt-viewer</application> utility."
3979
4328
msgstr ""
3980
4329
3981
#: serverguide/C/virtualization.xml:175(title)
4330
#: serverguide/C/virtualization.xml:177(title)
3982
4331
msgid "virt-clone"
3983
4332
msgstr "virt-clone"
3984
4333
3985
#: serverguide/C/virtualization.xml:176(para)
4334
#: serverguide/C/virtualization.xml:178(para)
3986
4335
msgid ""
3987
4336
"The <application>virt-clone</application> application can be used to copy "
3988
4337
"one virtual machine to another. For example:"
3989
4338
msgstr ""
3990
4339
3991
#: serverguide/C/virtualization.xml:180(command)
4340
#: serverguide/C/virtualization.xml:182(command)
3992
4341
msgid ""
3993
4342
"sudo virt-clone -o web_devel -n database_devel -f "
3994
"/path/to/database_devel.img --connect=qemu:///system"
4343
"/path/to/database_devel.img \\ --connect=qemu:///system"
3995
4344
msgstr ""
3996
"sudo virt-clone -o web_devel -n database_devel -f "
3997
"/path/to/database_devel.img --connect=qemu:///system"
3998
4345
3999
#: serverguide/C/virtualization.xml:184(para)
4346
#: serverguide/C/virtualization.xml:187(para)
4000
4347
msgid "<emphasis>-o:</emphasis> original virtual machine."
4001
4348
msgstr ""
4002
4349
4003
#: serverguide/C/virtualization.xml:189(para)
4350
#: serverguide/C/virtualization.xml:192(para)
4004
4351
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4005
4352
msgstr ""
4006
4353
4007
#: serverguide/C/virtualization.xml:194(para)
4354
#: serverguide/C/virtualization.xml:197(para)
4008
4355
msgid ""
4009
4356
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4010
4357
"be used by the new virtual machine."
4011
4358
msgstr ""
4012
4359
4013
#: serverguide/C/virtualization.xml:199(para)
4360
#: serverguide/C/virtualization.xml:202(para)
4014
4361
msgid ""
4015
4362
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4016
4363
msgstr ""
4017
4364
4018
#: serverguide/C/virtualization.xml:204(para)
4365
#: serverguide/C/virtualization.xml:207(para)
4019
4366
msgid ""
4020
4367
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4021
4368
"help troubleshoot problems with <application>virt-clone</application>."
4022
4369
msgstr ""
4023
4370
4024
#: serverguide/C/virtualization.xml:209(para)
4371
#: serverguide/C/virtualization.xml:212(para)
4025
4372
msgid ""
4026
4373
"Replace <emphasis>web_devel</emphasis> and "
4027
4374
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4028
4375
msgstr ""
4029
4376
4030
#: serverguide/C/virtualization.xml:215(title)
4377
#: serverguide/C/virtualization.xml:218(title)
4031
4378
msgid "Virtual Machine Management"
4032
4379
msgstr ""
4033
4380
4034
#: serverguide/C/virtualization.xml:217(title)
4381
#: serverguide/C/virtualization.xml:220(title)
4035
4382
msgid "virsh"
4036
4383
msgstr "virsh"
4037
4384
4038
#: serverguide/C/virtualization.xml:218(para)
4385
#: serverguide/C/virtualization.xml:221(para)
4039
4386
msgid ""
4040
4387
"There are several utilities available to manage virtual machines and "
4041
4388
"<application>libvirt</application>. The <application>virsh</application> "
4042
4389
"utility can be used from the command line. Some examples:"
4043
4390
msgstr ""
4044
4391
4045
#: serverguide/C/virtualization.xml:224(para)
4392
#: serverguide/C/virtualization.xml:227(para)
4046
4393
msgid "To list running virtual machines:"
4047
4394
msgstr ""
4048
4395
4049
#: serverguide/C/virtualization.xml:228(command)
4396
#: serverguide/C/virtualization.xml:231(command)
4050
4397
msgid "virsh -c qemu:///system list"
4051
4398
msgstr ""
4052
4399
4053
#: serverguide/C/virtualization.xml:232(para)
4400
#: serverguide/C/virtualization.xml:235(para)
4054
4401
msgid "To start a virtual machine:"
4055
4402
msgstr ""
4056
4403
4057
#: serverguide/C/virtualization.xml:236(command)
4404
#: serverguide/C/virtualization.xml:239(command)
4058
4405
msgid "virsh -c qemu:///system start web_devel"
4059
4406
msgstr ""
4060
4407
4061
#: serverguide/C/virtualization.xml:240(para)
4408
#: serverguide/C/virtualization.xml:243(para)
4062
4409
msgid "Similarly, to start a virtual machine at boot:"
4063
4410
msgstr ""
4064
4411
4065
#: serverguide/C/virtualization.xml:244(command)
4412
#: serverguide/C/virtualization.xml:247(command)
4066
4413
msgid "virsh -c qemu:///system autostart web_devel"
4067
4414
msgstr "virsh -c qemu:///system autostart web_devel"
4068
4415
4069
#: serverguide/C/virtualization.xml:248(para)
4416
#: serverguide/C/virtualization.xml:251(para)
4070
4417
msgid "Reboot a virtual machine with:"
4071
4418
msgstr ""
4072
4419
4073
#: serverguide/C/virtualization.xml:252(command)
4420
#: serverguide/C/virtualization.xml:255(command)
4074
4421
msgid "virsh -c qemu:///system reboot web_devel"
4075
4422
msgstr "virsh -c qemu:///system reboot web_devel"
4076
4423
4077
#: serverguide/C/virtualization.xml:256(para)
4424
#: serverguide/C/virtualization.xml:259(para)
4078
4425
msgid ""
4079
4426
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4080
4427
"order to be restored later. The following will save the virtual machine "
4081
4428
"state into a file named according to the date:"
4082
4429
msgstr ""
4083
4430
4084
#: serverguide/C/virtualization.xml:261(command)
4431
#: serverguide/C/virtualization.xml:264(command)
4085
4432
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4086
4433
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
4087
4434
4088
#: serverguide/C/virtualization.xml:263(para)
4435
#: serverguide/C/virtualization.xml:266(para)
4089
4436
msgid "Once saved the virtual machine will no longer be running."
4090
4437
msgstr ""
4091
4438
4092
#: serverguide/C/virtualization.xml:268(para)
4439
#: serverguide/C/virtualization.xml:271(para)
4093
4440
msgid "A saved virtual machine can be restored using:"
4094
4441
msgstr ""
4095
4442
4096
#: serverguide/C/virtualization.xml:272(command)
4443
#: serverguide/C/virtualization.xml:275(command)
4097
4444
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4098
4445
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
4099
4446
4100
#: serverguide/C/virtualization.xml:276(para)
4447
#: serverguide/C/virtualization.xml:279(para)
4101
4448
msgid "To shutdown a virtual machine do:"
4102
4449
msgstr ""
4103
4450
4104
#: serverguide/C/virtualization.xml:280(command)
4451
#: serverguide/C/virtualization.xml:283(command)
4105
4452
msgid "virsh -c qemu:///system shutdown web_devel"
4106
4453
msgstr "virsh -c qemu:///system shutdown web_devel"
4107
4454
4108
#: serverguide/C/virtualization.xml:284(para)
4455
#: serverguide/C/virtualization.xml:287(para)
4109
4456
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4110
4457
msgstr ""
4111
4458
4112
#: serverguide/C/virtualization.xml:288(command)
4459
#: serverguide/C/virtualization.xml:291(command)
4113
4460
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4114
4461
msgstr ""
4115
4462
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4116
4463
4117
#: serverguide/C/virtualization.xml:293(para)
4464
#: serverguide/C/virtualization.xml:296(para)
4118
4465
msgid ""
4119
4466
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4120
4467
"appropriate virtual machine name, and <filename>web_devel-"
4121
4468
"022708.state</filename> with a descriptive file name."
4122
4469
msgstr ""
4123
4470
4124
#: serverguide/C/virtualization.xml:300(title)
4471
#: serverguide/C/virtualization.xml:303(title)
4125
4472
msgid "Virtual Machine Manager"
4126
4473
msgstr ""
4127
4474
4128
#: serverguide/C/virtualization.xml:301(para)
4475
#: serverguide/C/virtualization.xml:304(para)
4129
4476
msgid ""
4130
4477
"The <application>virt-manager</application> package contains a graphical "
4131
4478
"utility to manage local and remote virtual machines. To install virt-manager "
4132
4479
"enter:"
4133
4480
msgstr ""
4134
4481
4135
#: serverguide/C/virtualization.xml:306(command)
4482
#: serverguide/C/virtualization.xml:309(command)
4136
4483
msgid "sudo apt-get install virt-manager"
4137
4484
msgstr "sudo apt-get install virt-manager"
4138
4485
4139
#: serverguide/C/virtualization.xml:308(para)
4486
#: serverguide/C/virtualization.xml:311(para)
4140
4487
msgid ""
4141
4488
"Since <application>virt-manager</application> requires a Graphical User "
4142
4489
"Interface (GUI) environment it is recommended to be installed on a "
4144
4491
"the local <application>libvirt</application> service enter:"
4145
4492
msgstr ""
4146
4493
4147
#: serverguide/C/virtualization.xml:314(command)
4494
#: serverguide/C/virtualization.xml:317(command)
4148
4495
msgid "virt-manager -c qemu:///system"
4149
4496
msgstr "virt-manager -c qemu:///system"
4150
4497
4151
#: serverguide/C/virtualization.xml:316(para)
4498
#: serverguide/C/virtualization.xml:319(para)
4152
4499
msgid ""
4153
4500
"You can connect to the <application>libvirt</application> service running on "
4154
4501
"another host by entering the following in a terminal prompt:"
4155
4502
msgstr ""
4156
4503
4157
#: serverguide/C/virtualization.xml:320(command)
4504
#: serverguide/C/virtualization.xml:323(command)
4158
4505
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4159
4506
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4160
4507
4161
#: serverguide/C/virtualization.xml:323(para)
4508
#: serverguide/C/virtualization.xml:326(para)
4162
4509
msgid ""
4163
4510
"The above example assumes that <application>SSH</application> connectivity "
4164
4511
"between the management system and virtnode1.mydomain.com has already been "
4169
4516
"linkend=\"openssh-server\"/>"
4170
4517
msgstr ""
4171
4518
4172
#: serverguide/C/virtualization.xml:333(title)
4519
#: serverguide/C/virtualization.xml:336(title)
4173
4520
msgid "Virtual Machine Viewer"
4174
4521
msgstr ""
4175
4522
4176
#: serverguide/C/virtualization.xml:334(para)
4523
#: serverguide/C/virtualization.xml:337(para)
4177
4524
msgid ""
4178
4525
"The <application>virt-viewer</application> application allows you to connect "
4179
4526
"to a virtual machine's console. <application>virt-viewer</application> does "
4181
4528
"machine."
4182
4529
msgstr ""
4183
4530
4184
#: serverguide/C/virtualization.xml:338(para)
4531
#: serverguide/C/virtualization.xml:341(para)
4185
4532
msgid ""
4186
4533
"To install <application>virt-viewer</application> from a terminal enter:"
4187
4534
msgstr ""
4188
4535
4189
#: serverguide/C/virtualization.xml:342(command)
4536
#: serverguide/C/virtualization.xml:345(command)
4190
4537
msgid "sudo apt-get install virt-viewer"
4191
4538
msgstr "sudo apt-get install virt-viewer"
4192
4539
4193
#: serverguide/C/virtualization.xml:344(para)
4540
#: serverguide/C/virtualization.xml:347(para)
4194
4541
msgid ""
4195
4542
"Once a virtual machine is installed and running you can connect to the "
4196
4543
"virtual machine's console by using:"
4197
4544
msgstr ""
4198
4545
4199
#: serverguide/C/virtualization.xml:348(command)
4546
#: serverguide/C/virtualization.xml:351(command)
4200
4547
msgid "virt-viewer -c qemu:///system web_devel"
4201
4548
msgstr ""
4202
4549
4203
#: serverguide/C/virtualization.xml:350(para)
4550
#: serverguide/C/virtualization.xml:353(para)
4204
4551
msgid ""
4205
4552
"Similar to <application>virt-manager</application>, <application>virt-"
4206
4553
"viewer</application> can connect to a remote host using "
4207
4554
"<emphasis>SSH</emphasis> with key authentication, as well:"
4208
4555
msgstr ""
4209
4556
4210
#: serverguide/C/virtualization.xml:355(command)
4557
#: serverguide/C/virtualization.xml:358(command)
4211
4558
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4212
4559
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4213
4560
4214
#: serverguide/C/virtualization.xml:357(para)
4561
#: serverguide/C/virtualization.xml:360(para)
4215
4562
msgid ""
4216
4563
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4217
4564
"appropriate virtual machine name."
4218
4565
msgstr ""
4219
4566
4220
#: serverguide/C/virtualization.xml:360(para)
4567
#: serverguide/C/virtualization.xml:363(para)
4221
4568
msgid ""
4222
4569
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4223
4570
"can also setup <application>SSH</application> access to the virtual machine. "
4225
4572
"more details."
4226
4573
msgstr ""
4227
4574
4228
#: serverguide/C/virtualization.xml:369(para)
4575
#: serverguide/C/virtualization.xml:372(para)
4229
4576
msgid ""
4230
4577
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4231
4578
"for more details."
4232
4579
msgstr ""
4233
4580
4234
#: serverguide/C/virtualization.xml:374(para)
4581
#: serverguide/C/virtualization.xml:377(para)
4235
4582
msgid ""
4236
4583
"For more information on <application>libvirt</application> see the <ulink "
4237
4584
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4238
4585
msgstr ""
4239
4586
4240
#: serverguide/C/virtualization.xml:379(para)
4587
#: serverguide/C/virtualization.xml:382(para)
4241
4588
msgid ""
4242
4589
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4243
4590
"Manager</ulink> site has more information on <application>virt-"
4244
4591
"manager</application> development."
4245
4592
msgstr ""
4246
4593
4247
#: serverguide/C/virtualization.xml:385(para)
4594
#: serverguide/C/virtualization.xml:388(para)
4248
4595
msgid ""
4249
4596
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4250
4597
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4251
4598
"technology in Ubuntu."
4252
4599
msgstr ""
4253
4600
4254
#: serverguide/C/virtualization.xml:391(para)
4601
#: serverguide/C/virtualization.xml:394(para)
4255
4602
msgid ""
4256
4603
"Another good resource is the <ulink "
4257
4604
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4258
4605
msgstr ""
4259
4606
4260
#: serverguide/C/virtualization.xml:399(title)
4607
#: serverguide/C/virtualization.xml:402(title)
4261
4608
msgid "JeOS and vmbuilder"
4262
4609
msgstr ""
4263
4610
4264
#: serverguide/C/virtualization.xml:405(title)
4611
#: serverguide/C/virtualization.xml:408(title)
4265
4612
msgid "What is JeOS"
4266
4613
msgstr ""
4267
4614
4268
#: serverguide/C/virtualization.xml:407(para)
4615
#: serverguide/C/virtualization.xml:410(para)
4269
4616
msgid ""
4270
4617
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4271
4618
"variant of the Ubuntu Server operating system, configured specifically for "
4273
4620
"only as an option either:"
4274
4621
msgstr ""
4275
4622
4276
#: serverguide/C/virtualization.xml:414(para)
4623
#: serverguide/C/virtualization.xml:417(para)
4277
4624
msgid ""
4278
4625
"While installing from the Server Edition ISO (pressing "
4279
4626
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4280
4627
"installation\", which is the package selection equivalent to JeOS)."
4281
4628
msgstr ""
4282
4629
4283
#: serverguide/C/virtualization.xml:420(para)
4630
#: serverguide/C/virtualization.xml:423(para)
4284
4631
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4285
4632
msgstr ""
4286
4633
4287
#: serverguide/C/virtualization.xml:426(para)
4634
#: serverguide/C/virtualization.xml:429(para)
4288
4635
msgid ""
4289
4636
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4290
4637
"kernel that only contains the base elements needed to run within a "
4291
4638
"virtualized environment."
4292
4639
msgstr ""
4293
4640
4294
#: serverguide/C/virtualization.xml:431(para)
4641
#: serverguide/C/virtualization.xml:434(para)
4295
4642
msgid ""
4296
4643
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4297
4644
"in the latest virtualization products from VMware. This combination of "
4300
4647
"deployments."
4301
4648
msgstr ""
4302
4649
4303
#: serverguide/C/virtualization.xml:437(para)
4650
#: serverguide/C/virtualization.xml:440(para)
4304
4651
msgid ""
4305
4652
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4306
4653
"can configure their supporting OS exactly as they require. They have the "
4311
4658
"than they would have had to with a standard full installation of a server."
4312
4659
msgstr ""
4313
4660
4314
#: serverguide/C/virtualization.xml:446(title)
4661
#: serverguide/C/virtualization.xml:449(title)
4315
4662
msgid "What is vmbuilder"
4316
4663
msgstr ""
4317
4664
4318
#: serverguide/C/virtualization.xml:448(para)
4665
#: serverguide/C/virtualization.xml:451(para)
4319
4666
msgid ""
4320
4667
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4321
4668
"will fetch the various package and build a virtual machine tailored for your "
4324
4671
"are KVM and Xen."
4325
4672
msgstr ""
4326
4673
4327
#: serverguide/C/virtualization.xml:454(para)
4674
#: serverguide/C/virtualization.xml:457(para)
4328
4675
msgid ""
4329
4676
"You can pass command line options to add extra packages, remove packages, "
4330
4677
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4332
4679
"a local mirror, you can bootstrap a VM in less than a minute."
4333
4680
msgstr ""
4334
4681
4335
#: serverguide/C/virtualization.xml:460(para)
4682
#: serverguide/C/virtualization.xml:463(para)
4336
4683
msgid ""
4337
4684
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4338
4685
"vm-builder</application> started with little emphasis as a hack to help "
4344
4691
"scratch for Intrepid as a python script with a few new design goals:"
4345
4692
msgstr ""
4346
4693
4347
#: serverguide/C/virtualization.xml:470(para)
4694
#: serverguide/C/virtualization.xml:473(para)
4348
4695
msgid "Develop it so that it can be reused by other distributions."
4349
4696
msgstr ""
4350
4697
4351
#: serverguide/C/virtualization.xml:475(para)
4698
#: serverguide/C/virtualization.xml:478(para)
4352
4699
msgid ""
4353
4700
"Use a plugin mechanisms for all virtualization interactions so that others "
4354
4701
"can easily add logic for other virtualization environments."
4355
4702
msgstr ""
4356
4703
4357
#: serverguide/C/virtualization.xml:480(para)
4704
#: serverguide/C/virtualization.xml:483(para)
4358
4705
msgid ""
4359
4706
"Provide an easy to maintain web interface as an option to the command line "
4360
4707
"interface."
4361
4708
msgstr ""
4362
4709
4363
#: serverguide/C/virtualization.xml:486(para)
4710
#: serverguide/C/virtualization.xml:489(para)
4364
4711
msgid "But the general principles and commands remain the same."
4365
4712
msgstr ""
4366
4713
4367
#: serverguide/C/virtualization.xml:493(title)
4714
#: serverguide/C/virtualization.xml:496(title)
4368
4715
msgid "Initial Setup"
4369
4716
msgstr ""
4370
4717
4371
#: serverguide/C/virtualization.xml:495(para)
4718
#: serverguide/C/virtualization.xml:498(para)
4372
4719
msgid ""
4373
4720
"It is assumed that you have installed and configured "
4374
4721
"<application>libvirt</application> and <application>KVM</application> "
4376
4723
"please refer to:"
4377
4724
msgstr ""
4378
4725
4379
#: serverguide/C/virtualization.xml:507(para)
4726
#: serverguide/C/virtualization.xml:510(para)
4380
4727
msgid ""
4381
4728
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4382
4729
"page."
4383
4730
msgstr ""
4384
4731
4385
#: serverguide/C/virtualization.xml:513(para)
4732
#: serverguide/C/virtualization.xml:516(para)
4386
4733
msgid ""
4387
4734
"We also assume that you know how to use a text based text editor such as "
4388
4735
"nano or vi. If you have not used any of them before, you can get an overview "
4392
4739
"principle should remain on other virtualization technologies."
4393
4740
msgstr ""
4394
4741
4395
#: serverguide/C/virtualization.xml:521(title)
4742
#: serverguide/C/virtualization.xml:524(title)
4396
4743
msgid "Install vmbuilder"
4397
4744
msgstr ""
4398
4745
4399
#: serverguide/C/virtualization.xml:523(para)
4746
#: serverguide/C/virtualization.xml:526(para)
4400
4747
msgid ""
4401
4748
"The name of the package that we need to install is <application>python-vm-"
4402
4749
"builder</application>. In a terminal prompt enter:"
4403
4750
msgstr ""
4404
4751
4405
#: serverguide/C/virtualization.xml:528(command)
4752
#: serverguide/C/virtualization.xml:531(command)
4406
4753
msgid "sudo apt-get install python-vm-builder"
4407
4754
msgstr ""
4408
4755
4409
#: serverguide/C/virtualization.xml:532(para)
4756
#: serverguide/C/virtualization.xml:535(para)
4410
4757
msgid ""
4411
4758
"If you are running Hardy, you can still perform most of this using the older "
4412
4759
"version of the package named <application>ubuntu-vm-builder</application>, "
4413
4760
"there are only a few changes to the syntax of the tool."
4414
4761
msgstr ""
4415
4762
4416
#: serverguide/C/virtualization.xml:541(title)
4763
#: serverguide/C/virtualization.xml:544(title)
4417
4764
msgid "Defining Your Virtual Machine"
4418
4765
msgstr ""
4419
4766
4420
#: serverguide/C/virtualization.xml:543(para)
4767
#: serverguide/C/virtualization.xml:546(para)
4421
4768
msgid ""
4422
4769
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4423
4770
"are a few thing to consider:"
4424
4771
msgstr ""
4425
4772
4426
#: serverguide/C/virtualization.xml:549(para)
4773
#: serverguide/C/virtualization.xml:552(para)
4427
4774
msgid ""
4428
4775
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4429
4776
"will know how to extend disk size to fit their need, so either plan for a "
4432
4779
"a good idea to store data on some separate external storage."
4433
4780
msgstr ""
4434
4781
4435
#: serverguide/C/virtualization.xml:556(para)
4782
#: serverguide/C/virtualization.xml:559(para)
4436
4783
msgid ""
4437
4784
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4438
4785
"whatever you think is a safe minimum for your appliance."
4439
4786
msgstr ""
4440
4787
4441
#: serverguide/C/virtualization.xml:562(para)
4788
#: serverguide/C/virtualization.xml:565(para)
4442
4789
msgid ""
4443
4790
"The <application>vmbuilder</application> command has 2 main parameters: the "
4444
4791
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4446
4793
"and can be found using the following command:"
4447
4794
msgstr ""
4448
4795
4449
#: serverguide/C/virtualization.xml:568(command)
4450
msgid "vmbuilder --help"
4796
#: serverguide/C/virtualization.xml:571(command)
4797
msgid "vmbuilder kvm ubuntu --help"
4451
4798
msgstr ""
4452
4799
4453
#: serverguide/C/virtualization.xml:572(title)
4800
#: serverguide/C/virtualization.xml:575(title)
4454
4801
msgid "Base Parameters"
4455
4802
msgstr ""
4456
4803
4457
#: serverguide/C/virtualization.xml:574(para)
4804
#: serverguide/C/virtualization.xml:577(para)
4458
4805
msgid ""
4459
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4460
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4806
"As this example is based on <application>KVM</application> and Ubuntu 12.04 "
4807
"LTS (Oneiric Ocelot), and we are likely to rebuild the same virtual machine "
4461
4808
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4462
4809
msgstr ""
4463
4810
4464
#: serverguide/C/virtualization.xml:580(command)
4811
#: serverguide/C/virtualization.xml:583(command)
4465
4812
msgid ""
4466
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4467
"-libvirt qemu:///system"
4813
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
4814
"o --libvirt qemu:///system"
4468
4815
msgstr ""
4469
4816
4470
#: serverguide/C/virtualization.xml:583(para)
4817
#: serverguide/C/virtualization.xml:587(para)
4471
4818
msgid ""
4472
4819
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4473
4820
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4478
4825
"add the resulting VM to the list of available machines."
4479
4826
msgstr ""
4480
4827
4481
#: serverguide/C/virtualization.xml:591(para)
4828
#: serverguide/C/virtualization.xml:595(para)
4482
4829
msgid "Notes:"
4483
4830
msgstr ""
4484
4831
4485
#: serverguide/C/virtualization.xml:597(para)
4832
#: serverguide/C/virtualization.xml:601(para)
4486
4833
msgid ""
4487
4834
"Because of the nature of operations performed by vmbuilder, it needs to have "
4488
4835
"root privilege, hence the use of sudo."
4489
4836
msgstr ""
4490
4837
4491
#: serverguide/C/virtualization.xml:602(para)
4838
#: serverguide/C/virtualization.xml:606(para)
4492
4839
msgid ""
4493
4840
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4494
4841
"a 64 bit machine (--arch amd64)."
4495
4842
msgstr ""
4496
4843
4497
#: serverguide/C/virtualization.xml:607(para)
4844
#: serverguide/C/virtualization.xml:611(para)
4498
4845
msgid ""
4499
4846
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4500
4847
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4501
4848
"use <emphasis>--flavour</emphasis> server instead."
4502
4849
msgstr ""
4503
4850
4504
#: serverguide/C/virtualization.xml:615(title)
4851
#: serverguide/C/virtualization.xml:619(title)
4505
4852
msgid "JeOS Installation Parameters"
4506
4853
msgstr ""
4507
4854
4508
#: serverguide/C/virtualization.xml:618(title)
4855
#: serverguide/C/virtualization.xml:622(title)
4509
4856
msgid "JeOS Networking"
4510
4857
msgstr ""
4511
4858
4512
#: serverguide/C/virtualization.xml:621(title)
4859
#: serverguide/C/virtualization.xml:625(title)
4513
4860
msgid "Assigning a fixed IP address"
4514
4861
msgstr ""
4515
4862
4516
#: serverguide/C/virtualization.xml:623(para)
4863
#: serverguide/C/virtualization.xml:627(para)
4517
4864
msgid ""
4518
4865
"As a virtual appliance that may be deployed on various very different "
4519
4866
"networks, it is very difficult to know what the actual network will look "
4524
4871
"192.168.0.0/255 is usually a good choice."
4525
4872
msgstr ""
4526
4873
4527
#: serverguide/C/virtualization.xml:630(para)
4874
#: serverguide/C/virtualization.xml:634(para)
4528
4875
msgid "To do this we'll use the following parameters:"
4529
4876
msgstr ""
4530
4877
4531
#: serverguide/C/virtualization.xml:636(para)
4878
#: serverguide/C/virtualization.xml:640(para)
4532
4879
msgid ""
4533
4880
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4534
4881
"dhcp if not specified)"
4535
4882
msgstr ""
4536
4883
4537
#: serverguide/C/virtualization.xml:641(para)
4884
#: serverguide/C/virtualization.xml:645(para)
4885
msgid ""
4886
"<emphasis>--hostname NAME</emphasis>: Set NAME as the hostname of the guest."
4887
msgstr ""
4888
4889
#: serverguide/C/virtualization.xml:650(para)
4538
4890
msgid ""
4539
4891
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4540
4892
"255.255.255.0)"
4541
4893
msgstr ""
4542
4894
4543
#: serverguide/C/virtualization.xml:646(para)
4895
#: serverguide/C/virtualization.xml:655(para)
4544
4896
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4545
4897
msgstr ""
4546
4898
4547
#: serverguide/C/virtualization.xml:651(para)
4899
#: serverguide/C/virtualization.xml:660(para)
4548
4900
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4549
4901
msgstr ""
4550
4902
4551
#: serverguide/C/virtualization.xml:656(para)
4903
#: serverguide/C/virtualization.xml:665(para)
4552
4904
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4553
4905
msgstr ""
4554
4906
4555
#: serverguide/C/virtualization.xml:661(para)
4907
#: serverguide/C/virtualization.xml:670(para)
4556
4908
msgid ""
4557
4909
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4558
4910
msgstr ""
4559
4911
4560
#: serverguide/C/virtualization.xml:667(para)
4912
#: serverguide/C/virtualization.xml:676(para)
4561
4913
msgid ""
4562
4914
"We assume for now that default values are good enough, so the resulting "
4563
4915
"invocation becomes:"
4564
4916
msgstr ""
4565
4917
4566
#: serverguide/C/virtualization.xml:672(command)
4918
#: serverguide/C/virtualization.xml:681(command)
4567
4919
msgid ""
4568
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4569
"-libvirt qemu:///system --ip 192.168.0.100"
4570
msgstr ""
4571
4572
#: serverguide/C/virtualization.xml:677(title)
4573
msgid "Modifying the libvirt Template to use Bridging"
4574
msgstr ""
4575
4576
#: serverguide/C/virtualization.xml:679(para)
4920
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
4921
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm"
4922
msgstr ""
4923
4924
#: serverguide/C/virtualization.xml:687(title) serverguide/C/network-config.xml:525(title)
4925
msgid "Bridging"
4926
msgstr ""
4927
4928
#: serverguide/C/virtualization.xml:689(para)
4577
4929
msgid ""
4578
4930
"Because our appliance will be likely to need to be accessed by remote hosts, "
4579
4931
"we need to configure libvirt so that the appliance uses bridge networking. "
4580
"To do this we use vmbuilder template mechanism to modify the default one."
4581
msgstr ""
4582
4583
#: serverguide/C/virtualization.xml:684(para)
4584
msgid ""
4585
"In our working directory we create the template hierarchy and copy the "
4586
"default template:"
4587
msgstr ""
4588
4589
#: serverguide/C/virtualization.xml:689(command)
4590
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4591
msgstr ""
4592
4593
#: serverguide/C/virtualization.xml:690(command)
4594
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4595
msgstr ""
4596
4597
#: serverguide/C/virtualization.xml:693(para)
4598
msgid ""
4599
"We can then edit "
4600
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4601
"change:"
4602
msgstr ""
4603
4604
#: serverguide/C/virtualization.xml:697(programlisting)
4605
#, no-wrap
4606
msgid ""
4607
"\n"
4608
" <interface type='network'>\n"
4609
" <source network='default'/>\n"
4610
" </interface>\n"
4611
msgstr ""
4612
4613
#: serverguide/C/virtualization.xml:703(para)
4614
msgid "To:"
4615
msgstr ""
4616
4617
#: serverguide/C/virtualization.xml:707(programlisting)
4618
#, no-wrap
4619
msgid ""
4620
"\n"
4621
" <interface type='bridge'>\n"
4622
" <source bridge='br0'/>\n"
4623
" </interface>\n"
4624
msgstr ""
4625
4626
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4932
"To do this add the <emphasis>--bridge</emphasis> option to the command:"
4933
msgstr ""
4934
4935
#: serverguide/C/virtualization.xml:695(command)
4936
msgid ""
4937
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
4938
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm --bridge br0"
4939
msgstr ""
4940
4941
#: serverguide/C/virtualization.xml:700(para)
4942
msgid ""
4943
"You will need to have previously setup a bridge interface, see <xref "
4944
"linkend=\"bridging\"/> for more information. Also, if the interface name is "
4945
"different change <emphasis>br0</emphasis> to the actual bridge interface."
4946
msgstr ""
4947
4948
#: serverguide/C/virtualization.xml:709(title) serverguide/C/installation.xml:443(title)
4627
4949
msgid "Partitioning"
4628
4950
msgstr ""
4629
4951
4630
#: serverguide/C/virtualization.xml:719(para)
4952
#: serverguide/C/virtualization.xml:711(para)
4631
4953
msgid ""
4632
4954
"Partitioning of the virtual appliance will have to take into consideration "
4633
4955
"what you are planning to do with is. Because most appliances want to have a "
4635
4957
"make sense."
4636
4958
msgstr ""
4637
4959
4638
#: serverguide/C/virtualization.xml:724(para)
4960
#: serverguide/C/virtualization.xml:716(para)
4639
4961
msgid ""
4640
4962
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4641
4963
msgstr ""
4642
4964
4643
#: serverguide/C/virtualization.xml:728(programlisting)
4965
#: serverguide/C/virtualization.xml:720(programlisting)
4644
4966
#, no-wrap
4645
4967
msgid ""
4646
4968
"\n"
4647
4969
"--part PATH\n"
4648
4970
" Allows you to specify a partition table in a partition file, located at "
4649
"PATH. Each line of the partition file should specify\n"
4650
" (root first):\n"
4971
"PATH. Each\n"
4972
" line of the partition file should specify (root first):\n"
4651
4973
" mountpoint size\n"
4652
4974
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4653
"disk starts on a\n"
4654
" line with ’---’. ie :\n"
4975
"disk starts\n"
4976
" on a line with ’---’. ie :\n"
4655
4977
" root 1000\n"
4656
4978
" /opt 1000\n"
4657
4979
" swap 256\n"
4660
4982
" /log 1500\n"
4661
4983
msgstr ""
4662
4984
4663
#: serverguide/C/virtualization.xml:743(para)
4985
#: serverguide/C/virtualization.xml:735(para)
4664
4986
msgid ""
4665
4987
"In our case we will define a text file name "
4666
4988
"<filename>vmbuilder.partition</filename> which will contain the following:"
4667
4989
msgstr ""
4668
4990
4669
#: serverguide/C/virtualization.xml:747(programlisting)
4991
#: serverguide/C/virtualization.xml:739(programlisting)
4670
4992
#, no-wrap
4671
4993
msgid ""
4672
4994
"\n"
4676
4998
"/var 20000\n"
4677
4999
msgstr ""
4678
5000
4679
#: serverguide/C/virtualization.xml:755(para)
5001
#: serverguide/C/virtualization.xml:747(para)
4680
5002
msgid ""
4681
5003
"Note that as we are using virtual disk images, the actual sizes that we put "
4682
5004
"here are maximum sizes for these volumes."
4683
5005
msgstr ""
4684
5006
4685
#: serverguide/C/virtualization.xml:760(para)
5007
#: serverguide/C/virtualization.xml:752(para)
4686
5008
msgid "Our command line now looks like:"
4687
5009
msgstr ""
4688
5010
4689
#: serverguide/C/virtualization.xml:765(command)
5011
#: serverguide/C/virtualization.xml:757(command)
4690
5012
msgid ""
4691
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4692
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5013
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
5014
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm --part "
5015
"vmbuilder.partition"
4693
5016
msgstr ""
4694
5017
4695
#: serverguide/C/virtualization.xml:770(para)
5018
#: serverguide/C/virtualization.xml:762(para)
4696
5019
msgid ""
4697
5020
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4698
5021
"next line."
4699
5022
msgstr ""
4700
5023
4701
#: serverguide/C/virtualization.xml:777(title)
5024
#: serverguide/C/virtualization.xml:769(title)
4702
5025
msgid "User and Password"
4703
5026
msgstr ""
4704
5027
4705
#: serverguide/C/virtualization.xml:779(para)
5028
#: serverguide/C/virtualization.xml:771(para)
4706
5029
msgid ""
4707
5030
"Again setting up a virtual appliance, you will need to provide a default "
4708
5031
"user and password that is generic so that you can include it in your "
4713
5036
"as my user name, and <emphasis>'default'</emphasis> as the password."
4714
5037
msgstr ""
4715
5038
4716
#: serverguide/C/virtualization.xml:787(para)
5039
#: serverguide/C/virtualization.xml:779(para)
4717
5040
msgid "To do this we use the following optional parameters:"
4718
5041
msgstr ""
4719
5042
4720
#: serverguide/C/virtualization.xml:793(para)
5043
#: serverguide/C/virtualization.xml:785(para)
4721
5044
msgid ""
4722
5045
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4723
5046
"Default: ubuntu."
4724
5047
msgstr ""
4725
5048
4726
#: serverguide/C/virtualization.xml:798(para)
5049
#: serverguide/C/virtualization.xml:790(para)
4727
5050
msgid ""
4728
5051
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4729
5052
"added. Default: Ubuntu."
4730
5053
msgstr ""
4731
5054
4732
#: serverguide/C/virtualization.xml:803(para)
5055
#: serverguide/C/virtualization.xml:795(para)
4733
5056
msgid ""
4734
5057
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4735
5058
"Default: ubuntu."
4736
5059
msgstr ""
4737
5060
4738
#: serverguide/C/virtualization.xml:809(para)
5061
#: serverguide/C/virtualization.xml:801(para)
4739
5062
msgid "Our resulting command line becomes:"
4740
5063
msgstr ""
4741
5064
4742
#: serverguide/C/virtualization.xml:814(command)
5065
#: serverguide/C/virtualization.xml:806(command)
4743
5066
msgid ""
4744
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4745
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4746
"-user user --name user --pass default"
5067
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
5068
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm --part \\ "
5069
"vmbuilder.partition --user user --name user --pass default"
4747
5070
msgstr ""
4748
5071
4749
#: serverguide/C/virtualization.xml:822(title)
5072
#: serverguide/C/virtualization.xml:814(title)
4750
5073
msgid "Installing Required Packages"
4751
5074
msgstr ""
4752
5075
4753
#: serverguide/C/virtualization.xml:824(para)
5076
#: serverguide/C/virtualization.xml:816(para)
4754
5077
msgid ""
4755
5078
"In this example we will be installing a package "
4756
5079
"<application>(Limesurvey)</application> that accesses a "
4758
5081
"therefore require our OS to provide us with:"
4759
5082
msgstr ""
4760
5083
4761
#: serverguide/C/virtualization.xml:831(para)
5084
#: serverguide/C/virtualization.xml:823(para)
4762
5085
msgid "Apache"
4763
5086
msgstr ""
4764
5087
4765
#: serverguide/C/virtualization.xml:832(para)
5088
#: serverguide/C/virtualization.xml:824(para)
4766
5089
msgid "PHP"
4767
5090
msgstr ""
4768
5091
4769
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5092
#: serverguide/C/virtualization.xml:825(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4770
5093
msgid "MySQL"
4771
5094
msgstr ""
4772
5095
4773
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5096
#: serverguide/C/virtualization.xml:826(para) serverguide/C/remote-administration.xml:18(title)
4774
5097
msgid "OpenSSH Server"
4775
5098
msgstr ""
4776
5099
4777
#: serverguide/C/virtualization.xml:835(para)
5100
#: serverguide/C/virtualization.xml:827(para)
4778
5101
msgid "Limesurvey (as an example application that we have packaged)"
4779
5102
msgstr ""
4780
5103
4781
#: serverguide/C/virtualization.xml:838(para)
5104
#: serverguide/C/virtualization.xml:830(para)
4782
5105
msgid ""
4783
5106
"This is done using vmbuilder by specifying the --addpkg option multiple "
4784
5107
"times:"
4785
5108
msgstr ""
4786
5109
4787
#: serverguide/C/virtualization.xml:842(programlisting)
5110
#: serverguide/C/virtualization.xml:834(programlisting)
4788
5111
#, no-wrap
4789
5112
msgid ""
4790
5113
"\n"
4792
5115
" Install PKG into the guest (can be specfied multiple times)\n"
4793
5116
msgstr ""
4794
5117
4795
#: serverguide/C/virtualization.xml:847(para)
5118
#: serverguide/C/virtualization.xml:839(para)
4796
5119
msgid ""
4797
5120
"However, due to the way vmbuilder operates, packages that have to ask "
4798
5121
"questions to the user during the post install phase are not supported and "
4800
5123
"of Limesurvey, which we will have to install later, once the user logs in."
4801
5124
msgstr ""
4802
5125
4803
#: serverguide/C/virtualization.xml:853(para)
5126
#: serverguide/C/virtualization.xml:845(para)
4804
5127
msgid ""
4805
5128
"Other packages that ask simple debconf question, such as <application>mysql-"
4806
5129
"server</application> asking to set a password, the package can be installed "
4808
5131
"in."
4809
5132
msgstr ""
4810
5133
4811
#: serverguide/C/virtualization.xml:859(para)
5134
#: serverguide/C/virtualization.xml:851(para)
4812
5135
msgid ""
4813
5136
"If some packages that we need to install are not in main, we need to enable "
4814
5137
"the additional repositories using --comp and --ppa:"
4815
5138
msgstr ""
4816
5139
4817
#: serverguide/C/virtualization.xml:863(programlisting)
5140
#: serverguide/C/virtualization.xml:855(programlisting)
4818
5141
#, no-wrap
4819
5142
msgid ""
4820
5143
"\n"
4821
5144
"--components COMP1,COMP2,...,COMPN\n"
4822
5145
" A comma separated list of distro components to include (e.g. "
4823
"main,universe). This defaults\n"
4824
" to \"main\"\n"
5146
"main,universe).\n"
5147
" This defaults to \"main\"\n"
4825
5148
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4826
5149
msgstr ""
4827
5150
4828
#: serverguide/C/virtualization.xml:870(para)
5151
#: serverguide/C/virtualization.xml:862(para)
4829
5152
msgid ""
4830
5153
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4831
5154
"PPA (personal package archive) address so that it is added to the VM "
4833
5156
"to the command line:"
4834
5157
msgstr ""
4835
5158
4836
#: serverguide/C/virtualization.xml:876(command)
5159
#: serverguide/C/virtualization.xml:868(command)
4837
5160
msgid ""
4838
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4839
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4840
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4841
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5161
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils \\ --"
5162
"addpkg apache2.2-common --addpkg dbconfig-common --addpkg libapache2-mod-"
5163
"php5 \\ --addpkg mysql-client --addpkg php5-cli --addpkg php5-gd --addpkg "
5164
"php5-ldap \\ --addpkg php5-mysql --addpkg wwwconfig-common --addpkg mysql-"
4842
5165
"server --ppa nijaba"
4843
5166
msgstr ""
4844
5167
4845
#: serverguide/C/virtualization.xml:883(title)
4846
msgid "OpenSSH"
4847
msgstr ""
4848
4849
#: serverguide/C/virtualization.xml:885(para)
4850
msgid ""
4851
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4852
"it will allow our admins to access the appliance remotely. However, pushing "
4853
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4854
"security risk as all these server will share the same secret key, making it "
4855
"very easy for hackers to target our appliance with all the tools they need "
4856
"to crack it open in a breeze. As for the user password, we will instead rely "
4857
"on a script that will install OpenSSH the first time a user logs in so that "
4858
"the key generated will be different for each appliance. For this we'll use a "
4859
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4860
"interaction."
4861
msgstr ""
4862
4863
#: serverguide/C/virtualization.xml:897(title)
5168
#: serverguide/C/virtualization.xml:876(title)
4864
5169
msgid "Speed Considerations"
4865
5170
msgstr ""
4866
5171
4867
#: serverguide/C/virtualization.xml:900(title)
5172
#: serverguide/C/virtualization.xml:879(title)
4868
5173
msgid "Package Caching"
4869
5174
msgstr ""
4870
5175
4871
#: serverguide/C/virtualization.xml:902(para)
5176
#: serverguide/C/virtualization.xml:881(para)
4872
5177
msgid ""
4873
5178
"When vmbuilder creates builds your system, it has to go fetch each one of "
4874
5179
"the packages that composes it over the network to one of the official "
4881
5186
"we will pick in this tutorial. To install it, simply type:"
4882
5187
msgstr ""
4883
5188
4884
#: serverguide/C/virtualization.xml:912(command)
5189
#: serverguide/C/virtualization.xml:891(command)
4885
5190
msgid "sudo apt-get install apt-proxy"
4886
5191
msgstr ""
4887
5192
4888
#: serverguide/C/virtualization.xml:915(para)
5193
#: serverguide/C/virtualization.xml:894(para)
4889
5194
msgid ""
4890
5195
"Once this is complete, your (empty) proxy is ready for use on "
4891
5196
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4893
5198
"option:"
4894
5199
msgstr ""
4895
5200
4896
#: serverguide/C/virtualization.xml:920(programlisting)
5201
#: serverguide/C/virtualization.xml:899(programlisting)
4897
5202
#, no-wrap
4898
5203
msgid ""
4899
5204
"\n"
4903
5208
" otherwise\n"
4904
5209
msgstr ""
4905
5210
4906
#: serverguide/C/virtualization.xml:927(para)
5211
#: serverguide/C/virtualization.xml:906(para)
4907
5212
msgid "So we add to the command line:"
4908
5213
msgstr ""
4909
5214
4910
#: serverguide/C/virtualization.xml:932(command)
5215
#: serverguide/C/virtualization.xml:911(command)
4911
5216
msgid "--mirror http://mirroraddress:9999/ubuntu"
4912
5217
msgstr ""
4913
5218
4914
#: serverguide/C/virtualization.xml:936(para)
5219
#: serverguide/C/virtualization.xml:915(para)
4915
5220
msgid ""
4916
5221
"The mirror address specified here will also be used in the "
4917
5222
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4918
5223
"is useful to specify here an address that can be resolved by the guest or to "
4919
"plan on reseting this address later on, such as in a <emphasis>--"
4920
"firstboot</emphasis> script."
5224
"plan on reseting this address later on."
4921
5225
msgstr ""
4922
5226
4923
#: serverguide/C/virtualization.xml:945(title)
5227
#: serverguide/C/virtualization.xml:924(title)
4924
5228
msgid "Install a Local Mirror"
4925
5229
msgstr ""
4926
5230
4927
#: serverguide/C/virtualization.xml:947(para)
5231
#: serverguide/C/virtualization.xml:926(para)
4928
5232
msgid ""
4929
5233
"If we are in a larger environment, it may make sense to setup a local mirror "
4930
5234
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4932
5236
"about 20 gigabyte of free space per supported release and architecture."
4933
5237
msgstr ""
4934
5238
4935
#: serverguide/C/virtualization.xml:953(para)
5239
#: serverguide/C/virtualization.xml:932(para)
4936
5240
msgid ""
4937
5241
"By default, <application>apt-mirror</application> uses the configuration "
4938
5242
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4940
5244
"support other architectures on your mirror, simply duplicate the lines "
4941
5245
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4942
5246
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4943
"archives as well, you will have:"
5247
"archives as well, you will have (some lines have been split to fit the "
5248
"format of this document):"
4944
5249
msgstr ""
4945
5250
4946
#: serverguide/C/virtualization.xml:960(programlisting)
5251
#: serverguide/C/virtualization.xml:940(programlisting)
4947
5252
#, no-wrap
4948
5253
msgid ""
4949
5254
"\n"
4950
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5255
"deb http://archive.ubuntu.com/ubuntu precise main restricted universe "
4951
5256
"multiverse \n"
4952
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4953
"universe multiverse\n"
4954
"\n"
4955
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4956
"universe multiverse \n"
4957
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4958
"universe multiverse \n"
4959
"\n"
4960
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4961
"universe multiverse \n"
4962
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4963
"restricted universe multiverse \n"
4964
"\n"
4965
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4966
"universe multiverse \n"
4967
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4968
"restricted universe multiverse \n"
4969
"\n"
4970
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4971
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5257
"/deb-i386 http://archive.ubuntu.com/ubuntu precise main restricted universe "
5258
"multiverse\n"
5259
"\n"
5260
"deb http://archive.ubuntu.com/ubuntu precise-updates main restricted "
5261
"universe multiverse \n"
5262
"/deb-i386 http://archive.ubuntu.com/ubuntu precise-updates main\n"
5263
" restricted universe multiverse \n"
5264
"\n"
5265
"deb http://archive.ubuntu.com/ubuntu/ precise-backports main restricted "
5266
"universe multiverse \n"
5267
"/deb-i386 http://archive.ubuntu.com/ubuntu precise-backports main\n"
5268
" restricted universe multiverse \n"
5269
"\n"
5270
"deb http://security.ubuntu.com/ubuntu precise-security main restricted "
5271
"universe multiverse \n"
5272
"/deb-i386 http://security.ubuntu.com/ubuntu precise-security main\n"
5273
" restricted universe multiverse \n"
5274
"\n"
5275
"deb http://archive.ubuntu.com/ubuntu precise main/debian-installer\n"
5276
" restricted/debian-installer universe/debian-installer multiverse/debian-"
4972
5277
"installer \n"
4973
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4974
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5278
"/deb-i386 http://archive.ubuntu.com/ubuntu precise main/debian-installer\n"
5279
" restricted/debian-installer universe/debian-installer multiverse/debian-"
4975
5280
"installer \n"
4976
5281
msgstr ""
4977
5282
4978
#: serverguide/C/virtualization.xml:977(para)
5283
#: serverguide/C/virtualization.xml:962(para)
4979
5284
msgid ""
4980
5285
"Notice that the source packages are not mirrored as they are seldom used "
4981
5286
"compared to the binaries and they do take a lot more space, but they can be "
4982
5287
"easily added to the list."
4983
5288
msgstr ""
4984
5289
4985
#: serverguide/C/virtualization.xml:982(para)
5290
#: serverguide/C/virtualization.xml:967(para)
4986
5291
msgid ""
4987
5292
"Once the mirror has finished replicating (and this can be quite long), you "
4988
5293
"need to configure Apache so that your mirror files (in "
4991
5296
"Apache see <xref linkend=\"httpd\"/>."
4992
5297
msgstr ""
4993
5298
4994
#: serverguide/C/virtualization.xml:991(title)
4995
msgid "Installing in a RAM Disk"
4996
msgstr ""
4997
4998
#: serverguide/C/virtualization.xml:993(para)
4999
msgid ""
5000
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5001
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5002
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5003
"-tmpfs</emphasis> will help you do just that:"
5004
msgstr ""
5005
5006
#: serverguide/C/virtualization.xml:999(programlisting)
5007
#, no-wrap
5008
msgid ""
5009
"\n"
5010
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5011
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5012
msgstr ""
5013
5014
#: serverguide/C/virtualization.xml:1004(para)
5015
msgid ""
5016
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5017
"have 1G of free ram."
5018
msgstr ""
5019
5020
#: serverguide/C/virtualization.xml:1011(title)
5299
#: serverguide/C/virtualization.xml:977(title)
5021
5300
msgid "Package the Application"
5022
5301
msgstr ""
5023
5302
5024
#: serverguide/C/virtualization.xml:1013(para)
5303
#: serverguide/C/virtualization.xml:979(para)
5025
5304
msgid "Two option are available to us:"
5026
5305
msgstr ""
5027
5306
5028
#: serverguide/C/virtualization.xml:1019(para)
5307
#: serverguide/C/virtualization.xml:985(para)
5029
5308
msgid ""
5030
5309
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5031
5310
"package. Since this is outside of the scope of this tutorial, we will not "
5038
5317
"a tutorial on this."
5039
5318
msgstr ""
5040
5319
5041
#: serverguide/C/virtualization.xml:1028(para)
5320
#: serverguide/C/virtualization.xml:994(para)
5042
5321
msgid ""
5043
5322
"Manually install the application under <filename>/opt</filename> as "
5044
5323
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5045
5324
"guidelines</ulink>."
5046
5325
msgstr ""
5047
5326
5048
#: serverguide/C/virtualization.xml:1035(para)
5327
#: serverguide/C/virtualization.xml:1001(para)
5049
5328
msgid ""
5050
5329
"In our case we'll use <application>Limesurvey</application> as example web "
5051
5330
"application for which we wish to provide a virtual appliance. As noted "
5053
5332
"Package Archive)."
5054
5333
msgstr ""
5055
5334
5056
#: serverguide/C/virtualization.xml:1042(title)
5057
msgid "Finishing Install"
5058
msgstr ""
5059
5060
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5061
msgid "First Boot"
5062
msgstr ""
5063
5064
#: serverguide/C/virtualization.xml:1047(para)
5065
msgid ""
5066
"As we mentioned earlier, the first time the machine boots we'll need to "
5067
"install <application>openssh-server</application> so that the key generated "
5068
"for it is unique for each machine. To do this, we'll write a script called "
5069
"<filename>boot.sh</filename> as follows:"
5070
msgstr ""
5071
5072
#: serverguide/C/virtualization.xml:1053(programlisting)
5073
#, no-wrap
5074
msgid ""
5075
"\n"
5076
"# This script will run the first time the virtual machine boots\n"
5077
"# It is ran as root.\n"
5078
"\n"
5079
"apt-get update\n"
5080
"apt-get install -qqy --force-yes openssh-server\n"
5081
msgstr ""
5082
5083
#: serverguide/C/virtualization.xml:1061(para)
5084
msgid ""
5085
"And we add the <command>--firstboot boot.sh</command> option to our command "
5086
"line."
5087
msgstr ""
5088
5089
#: serverguide/C/virtualization.xml:1067(title)
5090
msgid "First Login"
5091
msgstr ""
5092
5093
#: serverguide/C/virtualization.xml:1069(para)
5094
msgid ""
5095
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5096
"set them up the first time a user logs in using a script named login.sh. "
5097
"We'll also use this script to let the user specify:"
5098
msgstr ""
5099
5100
#: serverguide/C/virtualization.xml:1075(para)
5101
msgid "His own password"
5102
msgstr ""
5103
5104
#: serverguide/C/virtualization.xml:1076(para)
5105
msgid "Define the keyboard and other locale info he wants to use"
5106
msgstr ""
5107
5108
#: serverguide/C/virtualization.xml:1079(para)
5109
msgid "So we'll define <filename>login.sh</filename> as follows:"
5110
msgstr ""
5111
5112
#: serverguide/C/virtualization.xml:1083(programlisting)
5113
#, no-wrap
5114
msgid ""
5115
"\n"
5116
"# This script is ran the first time a user logs in\n"
5117
"\n"
5118
"echo \"Your appliance is about to be finished to be set up.\"\n"
5119
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5120
"echo \"starting by changing your user password.\"\n"
5121
"\n"
5122
"passwd\n"
5123
"\n"
5124
"#give the opportunity to change the keyboard\n"
5125
"sudo dpkg-reconfigure console-setup\n"
5126
"\n"
5127
"#configure the mysql server root password\n"
5128
"sudo dpkg-reconfigure mysql-server-5.0\n"
5129
"\n"
5130
"#install limesurvey\n"
5131
"sudo apt-get install -qqy --force-yes limesurvey\n"
5132
"\n"
5133
"echo \"Your appliance is now configured. To use it point your\"\n"
5134
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5135
msgstr ""
5136
5137
#: serverguide/C/virtualization.xml:1105(para)
5138
msgid ""
5139
"And we add the <command>--firstlogin login.sh</command> option to our "
5140
"command line."
5141
msgstr ""
5142
5143
#: serverguide/C/virtualization.xml:1112(title)
5335
#: serverguide/C/virtualization.xml:1008(title)
5144
5336
msgid "Useful Additions"
5145
5337
msgstr ""
5146
5338
5147
#: serverguide/C/virtualization.xml:1115(title)
5339
#: serverguide/C/virtualization.xml:1011(title)
5148
5340
msgid "Configuring Automatic Updates"
5149
5341
msgstr ""
5150
5342
5151
#: serverguide/C/virtualization.xml:1117(para)
5343
#: serverguide/C/virtualization.xml:1013(para)
5152
5344
msgid ""
5153
5345
"To have your system be configured to update itself on a regular basis, we "
5154
5346
"will just install <application>unattended-upgrades</application>, so we add "
5155
5347
"the following option to our command line:"
5156
5348
msgstr ""
5157
5349
5158
#: serverguide/C/virtualization.xml:1123(command)
5350
#: serverguide/C/virtualization.xml:1019(command)
5159
5351
msgid "--addpkg unattended-upgrades"
5160
5352
msgstr ""
5161
5353
5162
#: serverguide/C/virtualization.xml:1126(para)
5354
#: serverguide/C/virtualization.xml:1022(para)
5163
5355
msgid ""
5164
5356
"As we have put our application package in a PPA, the process will update not "
5165
5357
"only the system, but also the application each time we update the version in "
5166
5358
"the PPA."
5167
5359
msgstr ""
5168
5360
5169
#: serverguide/C/virtualization.xml:1133(title)
5361
#: serverguide/C/virtualization.xml:1029(title)
5170
5362
msgid "ACPI Event Handling"
5171
5363
msgstr ""
5172
5364
5173
#: serverguide/C/virtualization.xml:1135(para)
5365
#: serverguide/C/virtualization.xml:1031(para)
5174
5366
msgid ""
5175
5367
"For your virtual machine to be able to handle restart and shutdown events it "
5176
5368
"is being sent, it is a good idea to install the acpid package as well. To do "
5177
5369
"this we just add the following option:"
5178
5370
msgstr ""
5179
5371
5180
#: serverguide/C/virtualization.xml:1141(command)
5372
#: serverguide/C/virtualization.xml:1037(command)
5181
5373
msgid "--addpkg acpid"
5182
5374
msgstr ""
5183
5375
5184
#: serverguide/C/virtualization.xml:1147(title)
5376
#: serverguide/C/virtualization.xml:1043(title)
5185
5377
msgid "Final Command"
5186
5378
msgstr ""
5187
5379
5188
#: serverguide/C/virtualization.xml:1149(para)
5380
#: serverguide/C/virtualization.xml:1045(para)
5189
5381
msgid "Here is the command with all the options discussed above:"
5190
5382
msgstr ""
5191
5383
5192
#: serverguide/C/virtualization.xml:1154(command)
5384
#: serverguide/C/virtualization.xml:1050(command)
5193
5385
msgid ""
5194
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5195
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5196
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5197
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5198
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5199
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5200
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5201
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5202
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5203
"firstlogin login.sh"
5386
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 -o \\"
5387
" --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm \\ --part "
5388
"vmbuilder.partition --user user --name user --pass default \\ --addpkg "
5389
"apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils \\ --addpkg "
5390
"apache2.2-common --addpkg dbconfig-common \\ --addpkg libapache2-mod-php5 --"
5391
"addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap "
5392
"--addpkg php5-mysql \\ --addpkg wwwconfig-common --addpkg mysql-server \\ --"
5393
"addpkg unattended-upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5394
"http://mirroraddress:9999/ubuntu"
5204
5395
msgstr ""
5205
5396
5206
#: serverguide/C/virtualization.xml:1169(para)
5397
#: serverguide/C/virtualization.xml:1066(para)
5207
5398
msgid ""
5208
5399
"If you are interested in learning more, have questions or suggestions, "
5209
5400
"please contact the Ubuntu Server Team at:"
5210
5401
msgstr ""
5211
5402
5212
#: serverguide/C/virtualization.xml:1174(para)
5403
#: serverguide/C/virtualization.xml:1071(para)
5213
5404
msgid "IRC: #ubuntu-server on freenode"
5214
5405
msgstr ""
5215
5406
5216
#: serverguide/C/virtualization.xml:1179(para)
5407
#: serverguide/C/virtualization.xml:1076(para)
5217
5408
msgid ""
5218
5409
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5219
5410
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5220
5411
msgstr ""
5221
5412
5222
#: serverguide/C/virtualization.xml:1184(para)
5413
#: serverguide/C/virtualization.xml:1081(para)
5223
5414
msgid ""
5224
5415
"Also, see the <ulink "
5225
5416
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5226
5417
"Wiki</ulink> page."
5227
5418
msgstr ""
5228
5419
5229
#: serverguide/C/virtualization.xml:1192(title)
5420
#: serverguide/C/virtualization.xml:1089(title)
5230
5421
msgid "UEC"
5231
5422
msgstr ""
5232
5423
5233
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5424
#: serverguide/C/virtualization.xml:1092(title) serverguide/C/virtualization.xml:2123(title) serverguide/C/network-auth.xml:2713(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:919(title) serverguide/C/dns.xml:64(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:547(title)
5234
5425
msgid "Overview"
5235
5426
msgstr ""
5236
5427
5237
#: serverguide/C/virtualization.xml:1197(para)
5428
#: serverguide/C/virtualization.xml:1095(para)
5429
msgid ""
5430
"UEC (Ubuntu Enterprise Cloud) is now depracated in favour of UC (Ubuntu "
5431
"Cloud). The former is based on Eucalyptus and the latter is based on "
5432
"Openstack. This section of the guide will be removed in future iterations."
5433
msgstr ""
5434
5435
#: serverguide/C/virtualization.xml:1101(para)
5238
5436
msgid ""
5239
5437
"This tutorial covers <application>UEC</application> installation from the "
5240
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5241
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5242
"and one or more nodes attached."
5438
"Ubuntu 12.04 LTS Server Edition CD, and assumes a basic network topology, "
5439
"with a single system serving as the <emphasis>\"all-in-one "
5440
"controller\"</emphasis>, and one or more nodes attached."
5243
5441
msgstr ""
5244
5442
5245
#: serverguide/C/virtualization.xml:1202(para)
5443
#: serverguide/C/virtualization.xml:1106(para)
5246
5444
msgid ""
5247
5445
"From this Tutorial you will learn how to install, configure, register and "
5248
5446
"perform several operations on a basic <application>UEC</application> setup "
5252
5450
"private compute cloud."
5253
5451
msgstr ""
5254
5452
5255
#: serverguide/C/virtualization.xml:1210(title)
5453
#: serverguide/C/virtualization.xml:1114(title) serverguide/C/virtualization.xml:2132(title)
5256
5454
msgid "Prerequisites"
5257
5455
msgstr ""
5258
5456
5259
#: serverguide/C/virtualization.xml:1212(para)
5457
#: serverguide/C/virtualization.xml:1116(para)
5260
5458
msgid ""
5261
5459
"To deploy a minimal cloud infrastructure, you’ll need at least "
5262
5460
"<emphasis>two</emphasis> dedicated systems:"
5263
5461
msgstr ""
5264
5462
5265
#: serverguide/C/virtualization.xml:1218(para)
5463
#: serverguide/C/virtualization.xml:1122(para)
5266
5464
msgid "A front end."
5267
5465
msgstr ""
5268
5466
5269
#: serverguide/C/virtualization.xml:1223(para)
5467
#: serverguide/C/virtualization.xml:1127(para)
5270
5468
msgid "One or more node(s)."
5271
5469
msgstr ""
5272
5470
5273
#: serverguide/C/virtualization.xml:1229(para)
5471
#: serverguide/C/virtualization.xml:1133(para)
5274
5472
msgid ""
5275
5473
"The following are recommendations, rather than fixed requirements. However, "
5276
5474
"our experience in developing this documentation indicated the following "
5277
5475
"suggestions."
5278
5476
msgstr ""
5279
5477
5280
#: serverguide/C/virtualization.xml:1234(title)
5478
#: serverguide/C/virtualization.xml:1138(title)
5281
5479
msgid "Front End Requirements"
5282
5480
msgstr ""
5283
5481
5284
#: serverguide/C/virtualization.xml:1236(para)
5482
#: serverguide/C/virtualization.xml:1140(para)
5285
5483
msgid "Use the following table for a system that will run one or more of:"
5286
5484
msgstr ""
5287
5485
5288
#: serverguide/C/virtualization.xml:1241(para)
5486
#: serverguide/C/virtualization.xml:1145(para)
5289
5487
msgid "Cloud Controller (CLC)"
5290
5488
msgstr ""
5291
5489
5292
#: serverguide/C/virtualization.xml:1242(para)
5490
#: serverguide/C/virtualization.xml:1146(para)
5293
5491
msgid "Cluster Controller (CC)"
5294
5492
msgstr ""
5295
5493
5296
#: serverguide/C/virtualization.xml:1243(para)
5494
#: serverguide/C/virtualization.xml:1147(para)
5297
5495
msgid "Walrus (the S3-like storage service)"
5298
5496
msgstr ""
5299
5497
5300
#: serverguide/C/virtualization.xml:1244(para)
5498
#: serverguide/C/virtualization.xml:1148(para)
5301
5499
msgid "Storage Controller (SC)"
5302
5500
msgstr ""
5303
5501
5304
#: serverguide/C/virtualization.xml:1248(title)
5502
#: serverguide/C/virtualization.xml:1163(title)
5305
5503
msgid "UEC Front End Requirements"
5306
5504
msgstr ""
5307
5505
5308
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5506
#: serverguide/C/virtualization.xml:1171(para) serverguide/C/virtualization.xml:1233(para)
5309
5507
msgid "Hardware"
5310
5508
msgstr ""
5311
5509
5312
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5510
#: serverguide/C/virtualization.xml:1172(para) serverguide/C/virtualization.xml:1234(para)
5313
5511
msgid "Minimum"
5314
5512
msgstr ""
5315
5513
5316
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5514
#: serverguide/C/virtualization.xml:1173(para) serverguide/C/virtualization.xml:1235(para)
5317
5515
msgid "Suggested"
5318
5516
msgstr ""
5319
5517
5320
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5518
#: serverguide/C/virtualization.xml:1174(para) serverguide/C/virtualization.xml:1236(para)
5321
5519
msgid "Notes"
5322
5520
msgstr ""
5323
5521
5324
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5522
#: serverguide/C/virtualization.xml:1179(para) serverguide/C/virtualization.xml:1241(para) serverguide/C/installation.xml:38(para)
5325
5523
msgid "CPU"
5326
5524
msgstr ""
5327
5525
5328
#: serverguide/C/virtualization.xml:1265(para)
5526
#: serverguide/C/virtualization.xml:1180(para)
5329
5527
msgid "1 GHz"
5330
5528
msgstr ""
5331
5529
5332
#: serverguide/C/virtualization.xml:1266(para)
5530
#: serverguide/C/virtualization.xml:1181(para)
5333
5531
msgid "2 x 2 GHz"
5334
5532
msgstr ""
5335
5533
5336
#: serverguide/C/virtualization.xml:1267(para)
5534
#: serverguide/C/virtualization.xml:1182(para)
5337
5535
msgid ""
5338
5536
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5339
5537
"a dual core processor."
5340
5538
msgstr ""
5341
5539
5342
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5540
#: serverguide/C/virtualization.xml:1185(para) serverguide/C/virtualization.xml:1247(para)
5343
5541
msgid "Memory"
5344
5542
msgstr ""
5345
5543
5346
#: serverguide/C/virtualization.xml:1271(para)
5544
#: serverguide/C/virtualization.xml:1186(para)
5347
5545
msgid "2 GB"
5348
5546
msgstr ""
5349
5547
5350
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5548
#: serverguide/C/virtualization.xml:1187(para) serverguide/C/virtualization.xml:1249(para)
5351
5549
msgid "4 GB"
5352
5550
msgstr ""
5353
5551
5354
#: serverguide/C/virtualization.xml:1273(para)
5552
#: serverguide/C/virtualization.xml:1188(para)
5355
5553
msgid "The Java web front end benefits from lots of available memory."
5356
5554
msgstr ""
5357
5555
5358
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5556
#: serverguide/C/virtualization.xml:1191(para) serverguide/C/virtualization.xml:1253(para)
5359
5557
msgid "Disk"
5360
5558
msgstr ""
5361
5559
5362
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5560
#: serverguide/C/virtualization.xml:1192(para) serverguide/C/virtualization.xml:1254(para)
5363
5561
msgid "5400 RPM IDE"
5364
5562
msgstr ""
5365
5563
5366
#: serverguide/C/virtualization.xml:1278(para)
5564
#: serverguide/C/virtualization.xml:1193(para)
5367
5565
msgid "7200 RPM SATA"
5368
5566
msgstr ""
5369
5567
5370
#: serverguide/C/virtualization.xml:1279(para)
5568
#: serverguide/C/virtualization.xml:1194(para)
5371
5569
msgid ""
5372
5570
"Slower disks will work, but will yield much longer instance startup times."
5373
5571
msgstr ""
5374
5572
5375
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5573
#: serverguide/C/virtualization.xml:1197(para) serverguide/C/virtualization.xml:1259(para)
5376
5574
msgid "Disk Space"
5377
5575
msgstr ""
5378
5576
5379
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5577
#: serverguide/C/virtualization.xml:1198(para) serverguide/C/virtualization.xml:1260(para)
5380
5578
msgid "40 GB"
5381
5579
msgstr ""
5382
5580
5383
#: serverguide/C/virtualization.xml:1284(para)
5581
#: serverguide/C/virtualization.xml:1199(para)
5384
5582
msgid "200 GB"
5385
5583
msgstr ""
5386
5584
5387
#: serverguide/C/virtualization.xml:1285(para)
5585
#: serverguide/C/virtualization.xml:1200(para)
5388
5586
msgid ""
5389
5587
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5390
5588
"does not like to run out of disk space."
5391
5589
msgstr ""
5392
5590
5393
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5591
#: serverguide/C/virtualization.xml:1203(para) serverguide/C/virtualization.xml:1265(para) serverguide/C/network-config.xml:13(title)
5394
5592
msgid "Networking"
5395
5593
msgstr ""
5396
5594
5397
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5595
#: serverguide/C/virtualization.xml:1204(para) serverguide/C/virtualization.xml:1266(para)
5398
5596
msgid "100 Mbps"
5399
5597
msgstr ""
5400
5598
5401
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5599
#: serverguide/C/virtualization.xml:1205(para) serverguide/C/virtualization.xml:1267(para)
5402
5600
msgid "1000 Mbps"
5403
5601
msgstr ""
5404
5602
5405
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5603
#: serverguide/C/virtualization.xml:1206(para) serverguide/C/virtualization.xml:1268(para)
5406
5604
msgid ""
5407
5605
"Machine images are hundreds of MB, and need to be copied over the network to "
5408
5606
"nodes."
5409
5607
msgstr ""
5410
5608
5411
#: serverguide/C/virtualization.xml:1299(title)
5609
#: serverguide/C/virtualization.xml:1214(title)
5412
5610
msgid "Node Requirements"
5413
5611
msgstr ""
5414
5612
5415
#: serverguide/C/virtualization.xml:1301(para)
5416
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5613
#: serverguide/C/virtualization.xml:1216(para)
5614
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run:"
5417
5615
msgstr ""
5418
5616
5419
#: serverguide/C/virtualization.xml:1306(para)
5617
#: serverguide/C/virtualization.xml:1221(para)
5420
5618
msgid "the Node Controller (NC)"
5421
5619
msgstr ""
5422
5620
5423
#: serverguide/C/virtualization.xml:1310(title)
5621
#: serverguide/C/virtualization.xml:1225(title)
5424
5622
msgid "UEC Node Requirements"
5425
5623
msgstr ""
5426
5624
5427
#: serverguide/C/virtualization.xml:1327(para)
5625
#: serverguide/C/virtualization.xml:1242(para)
5428
5626
msgid "VT Extensions"
5429
5627
msgstr ""
5430
5628
5431
#: serverguide/C/virtualization.xml:1328(para)
5629
#: serverguide/C/virtualization.xml:1243(para)
5432
5630
msgid "VT, 64-bit, Multicore"
5433
5631
msgstr ""
5434
5632
5435
#: serverguide/C/virtualization.xml:1329(para)
5633
#: serverguide/C/virtualization.xml:1244(para)
5436
5634
msgid ""
5437
5635
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5438
5636
"only run 1 VM per CPU core on a Node."
5439
5637
msgstr ""
5440
5638
5441
#: serverguide/C/virtualization.xml:1333(para)
5639
#: serverguide/C/virtualization.xml:1248(para)
5442
5640
msgid "1 GB"
5443
5641
msgstr ""
5444
5642
5445
#: serverguide/C/virtualization.xml:1335(para)
5643
#: serverguide/C/virtualization.xml:1250(para)
5446
5644
msgid "Additional memory means more, and larger guests."
5447
5645
msgstr ""
5448
5646
5449
#: serverguide/C/virtualization.xml:1340(para)
5647
#: serverguide/C/virtualization.xml:1255(para)
5450
5648
msgid "7200 RPM SATA or SCSI"
5451
5649
msgstr ""
5452
5650
5453
#: serverguide/C/virtualization.xml:1341(para)
5651
#: serverguide/C/virtualization.xml:1256(para)
5454
5652
msgid ""
5455
5653
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5456
5654
"bottleneck."
5457
5655
msgstr ""
5458
5656
5459
#: serverguide/C/virtualization.xml:1346(para)
5657
#: serverguide/C/virtualization.xml:1261(para)
5460
5658
msgid "100 GB"
5461
5659
msgstr ""
5462
5660
5463
#: serverguide/C/virtualization.xml:1347(para)
5661
#: serverguide/C/virtualization.xml:1262(para)
5464
5662
msgid ""
5465
5663
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5466
5664
"space."
5467
5665
msgstr ""
5468
5666
5469
#: serverguide/C/virtualization.xml:1363(title)
5667
#: serverguide/C/virtualization.xml:1278(title)
5470
5668
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5471
5669
msgstr ""
5472
5670
5473
#: serverguide/C/virtualization.xml:1367(para)
5474
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5671
#: serverguide/C/virtualization.xml:1282(para)
5672
msgid "Download the Ubuntu 12.04 LTS Server ISO file, and burn it to a CD."
5475
5673
msgstr ""
5476
5674
5477
#: serverguide/C/virtualization.xml:1372(para)
5675
#: serverguide/C/virtualization.xml:1287(para)
5478
5676
msgid ""
5479
5677
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5480
5678
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5481
5679
"components are present."
5482
5680
msgstr ""
5483
5681
5484
#: serverguide/C/virtualization.xml:1377(para)
5682
#: serverguide/C/virtualization.xml:1292(para)
5485
5683
msgid ""
5486
5684
"You can then choose which components to install, based on your chosen <ulink "
5487
5685
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5488
5686
msgstr ""
5489
5687
5490
#: serverguide/C/virtualization.xml:1382(para)
5688
#: serverguide/C/virtualization.xml:1297(para)
5491
5689
msgid ""
5492
5690
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5493
5691
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5494
5692
msgstr ""
5495
5693
5496
#: serverguide/C/virtualization.xml:1388(para)
5694
#: serverguide/C/virtualization.xml:1303(para)
5497
5695
msgid ""
5498
5696
"It will ask two other cloud-specific questions during the course of the "
5499
5697
"install:"
5500
5698
msgstr ""
5501
5699
5502
#: serverguide/C/virtualization.xml:1393(para)
5700
#: serverguide/C/virtualization.xml:1308(para)
5503
5701
msgid "Name of your cluster."
5504
5702
msgstr ""
5505
5703
5506
#: serverguide/C/virtualization.xml:1396(para)
5704
#: serverguide/C/virtualization.xml:1311(para)
5507
5705
msgid "e.g. <emphasis>cluster1</emphasis>."
5508
5706
msgstr ""
5509
5707
5510
#: serverguide/C/virtualization.xml:1399(para)
5708
#: serverguide/C/virtualization.xml:1314(para)
5511
5709
msgid ""
5512
5710
"A range of public IP addresses on the LAN that the cloud can allocate to "
5513
5711
"instances."
5514
5712
msgstr ""
5515
5713
5516
#: serverguide/C/virtualization.xml:1402(para)
5714
#: serverguide/C/virtualization.xml:1317(para)
5517
5715
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5518
5716
msgstr ""
5519
5717
5520
#: serverguide/C/virtualization.xml:1410(title)
5718
#: serverguide/C/virtualization.xml:1325(title)
5521
5719
msgid "Installing the Node Controller(s)"
5522
5720
msgstr ""
5523
5721
5524
#: serverguide/C/virtualization.xml:1412(para)
5722
#: serverguide/C/virtualization.xml:1327(para)
5525
5723
msgid ""
5526
5724
"The node controller install is even simpler. Just make sure that you are "
5527
5725
"connected to the network on which the cloud/cluster controller is already "
5528
5726
"running."
5529
5727
msgstr ""
5530
5728
5531
#: serverguide/C/virtualization.xml:1418(para)
5729
#: serverguide/C/virtualization.xml:1333(para)
5532
5730
msgid "Boot from the same ISO on the node(s)."
5533
5731
msgstr ""
5534
5732
5535
#: serverguide/C/virtualization.xml:1423(para)
5733
#: serverguide/C/virtualization.xml:1338(para)
5536
5734
msgid ""
5537
5735
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5538
5736
msgstr ""
5539
5737
5540
#: serverguide/C/virtualization.xml:1428(para)
5738
#: serverguide/C/virtualization.xml:1343(para)
5541
5739
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5542
5740
msgstr ""
5543
5741
5544
#: serverguide/C/virtualization.xml:1433(para)
5742
#: serverguide/C/virtualization.xml:1348(para)
5545
5743
msgid ""
5546
5744
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5547
5745
"install for you."
5548
5746
msgstr ""
5549
5747
5550
#: serverguide/C/virtualization.xml:1438(para)
5748
#: serverguide/C/virtualization.xml:1353(para)
5551
5749
msgid "Confirm the partitioning scheme."
5552
5750
msgstr ""
5553
5751
5554
#: serverguide/C/virtualization.xml:1443(para)
5752
#: serverguide/C/virtualization.xml:1358(para)
5555
5753
msgid ""
5556
5754
"The rest of the installation should proceed uninterrupted; complete the "
5557
5755
"installation and reboot the node."
5558
5756
msgstr ""
5559
5757
5560
#: serverguide/C/virtualization.xml:1451(title)
5758
#: serverguide/C/virtualization.xml:1366(title)
5561
5759
msgid "Register the Node(s)"
5562
5760
msgstr ""
5563
5761
5564
#: serverguide/C/virtualization.xml:1456(para)
5762
#: serverguide/C/virtualization.xml:1371(para)
5565
5763
msgid ""
5566
5764
"Nodes are the physical systems within <application>UEC</application> that "
5567
5765
"actually run the virtual machine instances of the cloud."
5568
5766
msgstr ""
5569
5767
5570
#: serverguide/C/virtualization.xml:1460(para)
5768
#: serverguide/C/virtualization.xml:1375(para)
5571
5769
msgid "All component registration should be automatic, assuming:"
5572
5770
msgstr ""
5573
5771
5574
#: serverguide/C/virtualization.xml:1466(para)
5772
#: serverguide/C/virtualization.xml:1381(para)
5575
5773
msgid "Public SSH keys have been exchanged properly."
5576
5774
msgstr ""
5577
5775
5578
#: serverguide/C/virtualization.xml:1471(para)
5776
#: serverguide/C/virtualization.xml:1386(para)
5579
5777
msgid "The services are configured properly."
5580
5778
msgstr ""
5581
5779
5582
#: serverguide/C/virtualization.xml:1476(para)
5780
#: serverguide/C/virtualization.xml:1391(para)
5583
5781
msgid ""
5584
5782
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5585
5783
msgstr ""
5586
5784
5587
#: serverguide/C/virtualization.xml:1481(para)
5785
#: serverguide/C/virtualization.xml:1396(para)
5588
5786
msgid "Verify Registration."
5589
5787
msgstr ""
5590
5788
5591
#: serverguide/C/virtualization.xml:1487(para)
5789
#: serverguide/C/virtualization.xml:1402(para)
5592
5790
msgid ""
5593
5791
"Steps a to e should only be required if you're using the <ulink "
5594
5792
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5597
5795
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5598
5796
msgstr ""
5599
5797
5600
#: serverguide/C/virtualization.xml:1495(para)
5798
#: serverguide/C/virtualization.xml:1410(para)
5601
5799
msgid "Exchange Public Keys"
5602
5800
msgstr ""
5603
5801
5604
#: serverguide/C/virtualization.xml:1497(para)
5802
#: serverguide/C/virtualization.xml:1412(para)
5605
5803
msgid ""
5606
5804
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5607
5805
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5608
5806
"Controller as the eucalyptus user."
5609
5807
msgstr ""
5610
5808
5611
#: serverguide/C/virtualization.xml:1502(para)
5809
#: serverguide/C/virtualization.xml:1417(para)
5612
5810
msgid ""
5613
5811
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5614
5812
"ssh key by:"
5615
5813
msgstr ""
5616
5814
5617
#: serverguide/C/virtualization.xml:1508(para)
5815
#: serverguide/C/virtualization.xml:1423(para)
5618
5816
msgid ""
5619
5817
"On the target controller, temporarily set a password for the eucalyptus user:"
5620
5818
msgstr ""
5621
5819
5622
#: serverguide/C/virtualization.xml:1512(command)
5820
#: serverguide/C/virtualization.xml:1427(command)
5623
5821
msgid "sudo passwd eucalyptus"
5624
5822
msgstr ""
5625
5823
5626
#: serverguide/C/virtualization.xml:1516(para)
5824
#: serverguide/C/virtualization.xml:1431(para)
5627
5825
msgid "Then, on the Cloud Controller:"
5628
5826
msgstr ""
5629
5827
5630
#: serverguide/C/virtualization.xml:1520(command)
5828
#: serverguide/C/virtualization.xml:1435(command)
5631
5829
msgid ""
5632
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5830
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub \\ "
5633
5831
"eucalyptus@<IP_OF_NODE>"
5634
5832
msgstr ""
5635
5833
5636
#: serverguide/C/virtualization.xml:1524(para)
5834
#: serverguide/C/virtualization.xml:1440(para)
5637
5835
msgid ""
5638
5836
"You can now remove the password of the eucalyptus account on the target "
5639
5837
"controller, if you wish:"
5640
5838
msgstr ""
5641
5839
5642
#: serverguide/C/virtualization.xml:1528(command)
5840
#: serverguide/C/virtualization.xml:1444(command)
5643
5841
msgid "sudo passwd -d eucalyptus"
5644
5842
msgstr ""
5645
5843
5646
#: serverguide/C/virtualization.xml:1535(para)
5844
#: serverguide/C/virtualization.xml:1451(para)
5647
5845
msgid "Configuring the Services"
5648
5846
msgstr ""
5649
5847
5650
#: serverguide/C/virtualization.xml:1537(para)
5848
#: serverguide/C/virtualization.xml:1453(para)
5651
5849
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5652
5850
msgstr ""
5653
5851
5654
#: serverguide/C/virtualization.xml:1543(para)
5852
#: serverguide/C/virtualization.xml:1459(para)
5655
5853
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5656
5854
msgstr ""
5657
5855
5658
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5856
#: serverguide/C/virtualization.xml:1463(para) serverguide/C/virtualization.xml:1491(para)
5659
5857
msgid ""
5660
5858
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5661
5859
"cc.conf</filename>"
5662
5860
msgstr ""
5663
5861
5664
#: serverguide/C/virtualization.xml:1549(para)
5862
#: serverguide/C/virtualization.xml:1465(para)
5665
5863
msgid ""
5666
5864
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5667
5865
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5668
5866
"addresses."
5669
5867
msgstr ""
5670
5868
5671
#: serverguide/C/virtualization.xml:1556(para)
5869
#: serverguide/C/virtualization.xml:1472(para)
5672
5870
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5673
5871
msgstr ""
5674
5872
5675
#: serverguide/C/virtualization.xml:1560(para)
5873
#: serverguide/C/virtualization.xml:1476(para)
5676
5874
msgid ""
5677
5875
"Define the shell variable WALRUS_IP_ADDR in "
5678
5876
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5679
5877
"address."
5680
5878
msgstr ""
5681
5879
5682
#: serverguide/C/virtualization.xml:1565(para)
5880
#: serverguide/C/virtualization.xml:1481(para)
5683
5881
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5684
5882
msgstr ""
5685
5883
5686
#: serverguide/C/virtualization.xml:1571(para)
5884
#: serverguide/C/virtualization.xml:1487(para)
5687
5885
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5688
5886
msgstr ""
5689
5887
5690
#: serverguide/C/virtualization.xml:1577(para)
5888
#: serverguide/C/virtualization.xml:1493(para)
5691
5889
msgid ""
5692
5890
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5693
5891
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5694
5892
"addresses."
5695
5893
msgstr ""
5696
5894
5697
#: serverguide/C/virtualization.xml:1587(para)
5895
#: serverguide/C/virtualization.xml:1503(para)
5698
5896
msgid "Publish"
5699
5897
msgstr ""
5700
5898
5701
#: serverguide/C/virtualization.xml:1589(para)
5899
#: serverguide/C/virtualization.xml:1505(para)
5702
5900
msgid "Now start the publication services."
5703
5901
msgstr ""
5704
5902
5705
#: serverguide/C/virtualization.xml:1595(emphasis)
5903
#: serverguide/C/virtualization.xml:1511(emphasis)
5706
5904
msgid "Walrus Controller:"
5707
5905
msgstr ""
5708
5906
5709
#: serverguide/C/virtualization.xml:1597(command)
5907
#: serverguide/C/virtualization.xml:1513(command)
5710
5908
msgid "sudo start eucalyptus-walrus-publication"
5711
5909
msgstr ""
5712
5910
5713
#: serverguide/C/virtualization.xml:1601(emphasis)
5911
#: serverguide/C/virtualization.xml:1517(emphasis)
5714
5912
msgid "Cluster Controller:"
5715
5913
msgstr ""
5716
5914
5717
#: serverguide/C/virtualization.xml:1603(command)
5915
#: serverguide/C/virtualization.xml:1519(command)
5718
5916
msgid "sudo start eucalyptus-cc-publication"
5719
5917
msgstr ""
5720
5918
5721
#: serverguide/C/virtualization.xml:1607(emphasis)
5919
#: serverguide/C/virtualization.xml:1523(emphasis)
5722
5920
msgid "Storage Controller:"
5723
5921
msgstr ""
5724
5922
5725
#: serverguide/C/virtualization.xml:1609(command)
5923
#: serverguide/C/virtualization.xml:1525(command)
5726
5924
msgid "sudo start eucalyptus-sc-publication"
5727
5925
msgstr ""
5728
5926
5729
#: serverguide/C/virtualization.xml:1613(emphasis)
5927
#: serverguide/C/virtualization.xml:1529(emphasis)
5730
5928
msgid "Node Controller:"
5731
5929
msgstr ""
5732
5930
5733
#: serverguide/C/virtualization.xml:1615(command)
5931
#: serverguide/C/virtualization.xml:1531(command)
5734
5932
msgid "sudo start eucalyptus-nc-publication"
5735
5933
msgstr ""
5736
5934
5737
#: serverguide/C/virtualization.xml:1622(para)
5935
#: serverguide/C/virtualization.xml:1538(para)
5738
5936
msgid "Start the Listener"
5739
5937
msgstr ""
5740
5938
5741
#: serverguide/C/virtualization.xml:1624(para)
5939
#: serverguide/C/virtualization.xml:1540(para)
5742
5940
msgid ""
5743
5941
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5744
5942
"Controller(s)</emphasis>, run:"
5745
5943
msgstr ""
5746
5944
5747
#: serverguide/C/virtualization.xml:1629(command)
5945
#: serverguide/C/virtualization.xml:1545(command)
5748
5946
msgid "sudo start uec-component-listener"
5749
5947
msgstr ""
5750
5948
5751
#: serverguide/C/virtualization.xml:1634(para)
5949
#: serverguide/C/virtualization.xml:1550(para)
5752
5950
msgid "Verify Registration"
5753
5951
msgstr ""
5754
5952
5755
#: serverguide/C/virtualization.xml:1637(command)
5953
#: serverguide/C/virtualization.xml:1553(command)
5756
5954
msgid "cat /var/log/eucalyptus/registration.log"
5757
5955
msgstr ""
5758
5956
5759
#: serverguide/C/virtualization.xml:1638(computeroutput)
5957
#: serverguide/C/virtualization.xml:1554(computeroutput)
5760
5958
#, no-wrap
5761
5959
msgid ""
5762
5960
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5774
5972
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5775
5973
msgstr ""
5776
5974
5777
#: serverguide/C/virtualization.xml:1649(para)
5975
#: serverguide/C/virtualization.xml:1565(para)
5778
5976
msgid "The output on your machine will vary from the example above."
5779
5977
msgstr ""
5780
5978
5781
#: serverguide/C/virtualization.xml:1659(title)
5979
#: serverguide/C/virtualization.xml:1575(title)
5782
5980
msgid "Obtain Credentials"
5783
5981
msgstr ""
5784
5982
5785
#: serverguide/C/virtualization.xml:1661(para)
5983
#: serverguide/C/virtualization.xml:1577(para)
5786
5984
msgid ""
5787
5985
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5788
5986
"users of the cloud will need to retrieve their credentials. This can be done "
5789
5987
"either through a web browser, or at the command line."
5790
5988
msgstr ""
5791
5989
5792
#: serverguide/C/virtualization.xml:1667(title)
5990
#: serverguide/C/virtualization.xml:1583(title)
5793
5991
msgid "From a Web Browser"
5794
5992
msgstr ""
5795
5993
5796
#: serverguide/C/virtualization.xml:1671(para)
5994
#: serverguide/C/virtualization.xml:1587(para)
5797
5995
msgid ""
5798
5996
"From your web browser (either remotely or on your Ubuntu server) access the "
5799
5997
"following URL:"
5800
5998
msgstr ""
5801
5999
5802
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6000
#: serverguide/C/virtualization.xml:1590(programlisting) serverguide/C/virtualization.xml:1720(programlisting)
5803
6001
#, no-wrap
5804
6002
msgid ""
5805
6003
"\n"
5806
6004
"https://<cloud-controller-ip-address>:8443/\n"
5807
6005
msgstr ""
5808
6006
5809
#: serverguide/C/virtualization.xml:1679(para)
6007
#: serverguide/C/virtualization.xml:1595(para)
5810
6008
msgid ""
5811
6009
"You must use a secure connection, so make sure you use \"https\" not "
5812
6010
"\"http\" in your URL. You will get a security certificate warning. You will "
5814
6012
"not be able to view the Eucalyptus configuration page."
5815
6013
msgstr ""
5816
6014
5817
#: serverguide/C/virtualization.xml:1687(para)
6015
#: serverguide/C/virtualization.xml:1603(para)
5818
6016
msgid ""
5819
6017
"Use username <emphasis>'admin'</emphasis> and password "
5820
6018
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5821
6019
"to change your password)."
5822
6020
msgstr ""
5823
6021
5824
#: serverguide/C/virtualization.xml:1693(para)
6022
#: serverguide/C/virtualization.xml:1609(para)
5825
6023
msgid ""
5826
6024
"Then follow the on-screen instructions to update the admin password and "
5827
6025
"email address."
5828
6026
msgstr ""
5829
6027
5830
#: serverguide/C/virtualization.xml:1698(para)
6028
#: serverguide/C/virtualization.xml:1614(para)
5831
6029
msgid ""
5832
6030
"Once the first time configuration process is completed, click the "
5833
6031
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5834
6032
"the screen."
5835
6033
msgstr ""
5836
6034
5837
#: serverguide/C/virtualization.xml:1704(para)
6035
#: serverguide/C/virtualization.xml:1620(para)
5838
6036
msgid ""
5839
6037
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5840
6038
"certificates."
5841
6039
msgstr ""
5842
6040
5843
#: serverguide/C/virtualization.xml:1709(para)
6041
#: serverguide/C/virtualization.xml:1625(para)
5844
6042
msgid "Save them to <filename>~/.euca</filename>."
5845
6043
msgstr ""
5846
6044
5847
#: serverguide/C/virtualization.xml:1714(para)
6045
#: serverguide/C/virtualization.xml:1630(para)
5848
6046
msgid ""
5849
6047
"Unzip the downloaded zip file into a safe location "
5850
6048
"(<filename>~/.euca</filename>)."
5851
6049
msgstr ""
5852
6050
5853
#: serverguide/C/virtualization.xml:1718(command)
6051
#: serverguide/C/virtualization.xml:1634(command)
5854
6052
msgid "unzip -d ~/.euca mycreds.zip"
5855
6053
msgstr ""
5856
6054
5857
#: serverguide/C/virtualization.xml:1725(title)
6055
#: serverguide/C/virtualization.xml:1641(title)
5858
6056
msgid "From a Command Line"
5859
6057
msgstr ""
5860
6058
5861
#: serverguide/C/virtualization.xml:1729(para)
6059
#: serverguide/C/virtualization.xml:1645(para)
5862
6060
msgid ""
5863
6061
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5864
6062
"Controller</emphasis>, you can run:"
5865
6063
msgstr ""
5866
6064
5867
#: serverguide/C/virtualization.xml:1733(command)
6065
#: serverguide/C/virtualization.xml:1649(command)
5868
6066
msgid "mkdir -p ~/.euca"
5869
6067
msgstr ""
5870
6068
5871
#: serverguide/C/virtualization.xml:1734(command)
6069
#: serverguide/C/virtualization.xml:1650(command)
5872
6070
msgid "chmod 700 ~/.euca"
5873
6071
msgstr ""
5874
6072
5875
#: serverguide/C/virtualization.xml:1735(command)
6073
#: serverguide/C/virtualization.xml:1651(command)
5876
6074
msgid "cd ~/.euca"
5877
6075
msgstr ""
5878
6076
5879
#: serverguide/C/virtualization.xml:1736(command)
6077
#: serverguide/C/virtualization.xml:1652(command)
5880
6078
msgid "sudo euca_conf --get-credentials mycreds.zip"
5881
6079
msgstr ""
5882
6080
5883
#: serverguide/C/virtualization.xml:1737(command)
6081
#: serverguide/C/virtualization.xml:1653(command)
5884
6082
msgid "unzip mycreds.zip"
5885
6083
msgstr ""
5886
6084
5887
#: serverguide/C/virtualization.xml:1738(command)
6085
#: serverguide/C/virtualization.xml:1654(command)
5888
6086
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5889
6087
msgstr ""
5890
6088
5891
#: serverguide/C/virtualization.xml:1739(command)
6089
#: serverguide/C/virtualization.xml:1655(command)
5892
6090
msgid "cd -"
5893
6091
msgstr ""
5894
6092
5895
#: serverguide/C/virtualization.xml:1746(title)
6093
#: serverguide/C/virtualization.xml:1662(title)
5896
6094
msgid "Extracting and Using Your Credentials"
5897
6095
msgstr ""
5898
6096
5899
#: serverguide/C/virtualization.xml:1748(para)
6097
#: serverguide/C/virtualization.xml:1664(para)
5900
6098
msgid ""
5901
6099
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5902
6100
"certificates."
5903
6101
msgstr ""
5904
6102
5905
#: serverguide/C/virtualization.xml:1754(para)
6103
#: serverguide/C/virtualization.xml:1670(para)
5906
6104
msgid "Install the required cloud user tools:"
5907
6105
msgstr ""
5908
6106
5909
#: serverguide/C/virtualization.xml:1758(command)
6107
#: serverguide/C/virtualization.xml:1674(command)
5910
6108
msgid "sudo apt-get install euca2ools"
5911
6109
msgstr ""
5912
6110
5913
#: serverguide/C/virtualization.xml:1762(para)
6111
#: serverguide/C/virtualization.xml:1678(para)
5914
6112
msgid ""
5915
6113
"To validate that everything is working correctly, get the local cluster "
5916
6114
"availability details:"
5917
6115
msgstr ""
5918
6116
5919
#: serverguide/C/virtualization.xml:1766(command)
6117
#: serverguide/C/virtualization.xml:1682(command)
5920
6118
msgid ". ~/.euca/eucarc"
5921
6119
msgstr ""
5922
6120
5923
#: serverguide/C/virtualization.xml:1767(command)
6121
#: serverguide/C/virtualization.xml:1683(command)
5924
6122
msgid "euca-describe-availability-zones verbose"
5925
6123
msgstr ""
5926
6124
5927
#: serverguide/C/virtualization.xml:1768(computeroutput)
6125
#: serverguide/C/virtualization.xml:1684(computeroutput)
5928
6126
#, no-wrap
5929
6127
msgid ""
5930
6128
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5936
6134
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5937
6135
msgstr ""
5938
6136
5939
#: serverguide/C/virtualization.xml:1778(para)
6137
#: serverguide/C/virtualization.xml:1694(para)
5940
6138
msgid "Your output from the above command will vary."
5941
6139
msgstr ""
5942
6140
5943
#: serverguide/C/virtualization.xml:1788(title)
6141
#: serverguide/C/virtualization.xml:1704(title)
5944
6142
msgid "Install an Image from the Store"
5945
6143
msgstr ""
5946
6144
5947
#: serverguide/C/virtualization.xml:1790(para)
6145
#: serverguide/C/virtualization.xml:1706(para)
5948
6146
msgid ""
5949
6147
"The following is by far the simplest way to install an image. However, "
5950
6148
"advanced users may be interested in learning how to <ulink "
5952
6150
"own image</ulink>."
5953
6151
msgstr ""
5954
6152
5955
#: serverguide/C/virtualization.xml:1795(para)
6153
#: serverguide/C/virtualization.xml:1711(para)
5956
6154
msgid ""
5957
6155
"The simplest way to add an image to <application>UEC</application> is to "
5958
6156
"install it from the Image Store on the UEC web interface."
5959
6157
msgstr ""
5960
6158
5961
#: serverguide/C/virtualization.xml:1801(para)
6159
#: serverguide/C/virtualization.xml:1717(para)
5962
6160
msgid ""
5963
6161
"Access the web interface at the following URL (Make sure you specify https):"
5964
6162
msgstr ""
5965
6163
5966
#: serverguide/C/virtualization.xml:1809(para)
6164
#: serverguide/C/virtualization.xml:1725(para)
5967
6165
msgid ""
5968
6166
"Enter your login and password (if requested, as you may still be logged in "
5969
6167
"from earlier)."
5970
6168
msgstr ""
5971
6169
5972
#: serverguide/C/virtualization.xml:1814(para)
6170
#: serverguide/C/virtualization.xml:1730(para)
5973
6171
msgid "Click on the <emphasis>Store</emphasis> tab."
5974
6172
msgstr ""
5975
6173
5976
#: serverguide/C/virtualization.xml:1819(para)
6174
#: serverguide/C/virtualization.xml:1735(para)
5977
6175
msgid "Browse available images."
5978
6176
msgstr ""
5979
6177
5980
#: serverguide/C/virtualization.xml:1824(para)
6178
#: serverguide/C/virtualization.xml:1740(para)
5981
6179
msgid "Click on <emphasis>install</emphasis> for the image you want."
5982
6180
msgstr ""
5983
6181
5984
#: serverguide/C/virtualization.xml:1830(para)
6182
#: serverguide/C/virtualization.xml:1746(para)
5985
6183
msgid ""
5986
6184
"Once the image has been downloaded and installed, you can click on "
5987
6185
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5990
6188
"tab."
5991
6189
msgstr ""
5992
6190
5993
#: serverguide/C/virtualization.xml:1838(title)
6191
#: serverguide/C/virtualization.xml:1754(title)
5994
6192
msgid "Run an Image"
5995
6193
msgstr ""
5996
6194
5997
#: serverguide/C/virtualization.xml:1840(para)
6195
#: serverguide/C/virtualization.xml:1756(para)
5998
6196
msgid "There are multiple ways to instantiate an image in UEC:"
5999
6197
msgstr ""
6000
6198
6001
#: serverguide/C/virtualization.xml:1845(para)
6199
#: serverguide/C/virtualization.xml:1761(para)
6002
6200
msgid "Use the command line."
6003
6201
msgstr ""
6004
6202
6005
#: serverguide/C/virtualization.xml:1846(para)
6203
#: serverguide/C/virtualization.xml:1762(para)
6006
6204
msgid ""
6007
6205
"Use one of the UEC compatible management tools such as "
6008
6206
"<emphasis>Landscape</emphasis>."
6009
6207
msgstr ""
6010
6208
6011
#: serverguide/C/virtualization.xml:1848(para)
6209
#: serverguide/C/virtualization.xml:1764(para)
6012
6210
msgid ""
6013
6211
"Use the <ulink "
6014
6212
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6015
6213
"extension to Firefox."
6016
6214
msgstr ""
6017
6215
6018
#: serverguide/C/virtualization.xml:1854(para)
6216
#: serverguide/C/virtualization.xml:1770(para)
6019
6217
msgid "Here we will describe the process from the command line:"
6020
6218
msgstr ""
6021
6219
6022
#: serverguide/C/virtualization.xml:1860(para)
6220
#: serverguide/C/virtualization.xml:1776(para)
6023
6221
msgid ""
6024
6222
"Before running an instance of your image, you should first create a "
6025
6223
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6027
6225
"do this once."
6028
6226
msgstr ""
6029
6227
6030
#: serverguide/C/virtualization.xml:1864(para)
6228
#: serverguide/C/virtualization.xml:1780(para)
6031
6229
msgid "Run the following command:"
6032
6230
msgstr ""
6033
6231
6034
#: serverguide/C/virtualization.xml:1867(programlisting)
6232
#: serverguide/C/virtualization.xml:1783(programlisting)
6035
6233
#, no-wrap
6036
6234
msgid ""
6037
6235
"\n"
6043
6241
"fi\n"
6044
6242
msgstr ""
6045
6243
6046
#: serverguide/C/virtualization.xml:1876(para)
6244
#: serverguide/C/virtualization.xml:1792(para)
6047
6245
msgid ""
6048
6246
"You can call your key whatever you like (in this example, the key is called "
6049
6247
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6051
6249
"a list of created keys stored in the system."
6052
6250
msgstr ""
6053
6251
6054
#: serverguide/C/virtualization.xml:1883(para)
6252
#: serverguide/C/virtualization.xml:1799(para)
6055
6253
msgid "You must also allow access to port 22 in your instances:"
6056
6254
msgstr ""
6057
6255
6058
#: serverguide/C/virtualization.xml:1887(command)
6256
#: serverguide/C/virtualization.xml:1803(command) serverguide/C/virtualization.xml:2386(command)
6059
6257
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6060
6258
msgstr ""
6061
6259
6062
#: serverguide/C/virtualization.xml:1891(para)
6260
#: serverguide/C/virtualization.xml:1807(para)
6063
6261
msgid "Next, you can create instances of your registered image:"
6064
6262
msgstr ""
6065
6263
6066
#: serverguide/C/virtualization.xml:1895(command)
6264
#: serverguide/C/virtualization.xml:1811(command)
6067
6265
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6068
6266
msgstr ""
6069
6267
6070
#: serverguide/C/virtualization.xml:1898(para)
6268
#: serverguide/C/virtualization.xml:1814(para)
6071
6269
msgid ""
6072
6270
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6073
6271
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6074
6272
"on the <emphasis>Store</emphasis> page to see the sample command."
6075
6273
msgstr ""
6076
6274
6077
#: serverguide/C/virtualization.xml:1905(para)
6275
#: serverguide/C/virtualization.xml:1821(para)
6078
6276
msgid ""
6079
6277
"The first time you run an instance, the system will be setting up caches for "
6080
6278
"the image from which it will be created. This can often take some time the "
6081
6279
"first time an instance is run given that VM images are usually quite large."
6082
6280
msgstr ""
6083
6281
6084
#: serverguide/C/virtualization.xml:1909(para)
6282
#: serverguide/C/virtualization.xml:1825(para)
6085
6283
msgid "To monitor the state of your instance, run:"
6086
6284
msgstr ""
6087
6285
6088
#: serverguide/C/virtualization.xml:1913(command)
6286
#: serverguide/C/virtualization.xml:1829(command)
6089
6287
msgid "watch -n5 euca-describe-instances"
6090
6288
msgstr ""
6091
6289
6092
#: serverguide/C/virtualization.xml:1915(para)
6290
#: serverguide/C/virtualization.xml:1831(para)
6093
6291
msgid ""
6094
6292
"In the output, you should see information about the instance, including its "
6095
6293
"state. While first-time caching is being performed, the instance's state "
6096
6294
"will be <emphasis>'pending'</emphasis>."
6097
6295
msgstr ""
6098
6296
6099
#: serverguide/C/virtualization.xml:1921(para)
6297
#: serverguide/C/virtualization.xml:1837(para)
6100
6298
msgid ""
6101
6299
"When the instance is fully started, the above state will become "
6102
6300
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6103
6301
"instance in the output, then connect to it:"
6104
6302
msgstr ""
6105
6303
6106
#: serverguide/C/virtualization.xml:1926(command)
6304
#: serverguide/C/virtualization.xml:1842(command)
6107
6305
msgid ""
6108
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6109
"'{print $4}')"
6306
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | \\ tail -n1 | "
6307
"awk '{print $4}')"
6110
6308
msgstr ""
6111
6309
6112
#: serverguide/C/virtualization.xml:1927(command)
6310
#: serverguide/C/virtualization.xml:1844(command)
6113
6311
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6114
6312
msgstr ""
6115
6313
6116
#: serverguide/C/virtualization.xml:1931(para)
6314
#: serverguide/C/virtualization.xml:1848(para)
6117
6315
msgid ""
6118
6316
"And when you are done with this instance, exit your SSH connection, then "
6119
6317
"terminate your instance:"
6120
6318
msgstr ""
6121
6319
6122
#: serverguide/C/virtualization.xml:1935(command)
6320
#: serverguide/C/virtualization.xml:1852(command)
6123
6321
msgid ""
6124
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6125
"awk '{print $2}')"
6322
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | \\ tail -"
6323
"n1 | awk '{print $2}')"
6126
6324
msgstr ""
6127
6325
6128
#: serverguide/C/virtualization.xml:1936(command)
6326
#: serverguide/C/virtualization.xml:1854(command)
6129
6327
msgid "euca-terminate-instances $INSTANCEID"
6130
6328
msgstr ""
6131
6329
6132
#: serverguide/C/virtualization.xml:1944(para)
6330
#: serverguide/C/virtualization.xml:1860(title)
6331
msgid "First Boot"
6332
msgstr ""
6333
6334
#: serverguide/C/virtualization.xml:1862(para)
6133
6335
msgid ""
6134
6336
"The <application>cloud-init</application> package provides \"first boot\" "
6135
6337
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6137
6339
"particular instance. That includes things like:"
6138
6340
msgstr ""
6139
6341
6140
#: serverguide/C/virtualization.xml:1952(para)
6342
#: serverguide/C/virtualization.xml:1870(para)
6141
6343
msgid "Setting the hostname."
6142
6344
msgstr ""
6143
6345
6144
#: serverguide/C/virtualization.xml:1957(para)
6346
#: serverguide/C/virtualization.xml:1875(para)
6145
6347
msgid ""
6146
6348
"Putting the provided ssh public keys into "
6147
6349
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6148
6350
msgstr ""
6149
6351
6150
#: serverguide/C/virtualization.xml:1962(para)
6352
#: serverguide/C/virtualization.xml:1880(para)
6151
6353
msgid "Running a user provided script, or otherwise modifying the image."
6152
6354
msgstr ""
6153
6355
6154
#: serverguide/C/virtualization.xml:1968(para)
6356
#: serverguide/C/virtualization.xml:1886(para)
6155
6357
msgid ""
6156
6358
"Setting hostname and configuring a system so the person who launched it can "
6157
6359
"actually log into it are not terribly interesting. The interesting things "
6161
6363
"85\">user-data</ulink>."
6162
6364
msgstr ""
6163
6365
6164
#: serverguide/C/virtualization.xml:1974(para)
6366
#: serverguide/C/virtualization.xml:1892(para)
6165
6367
msgid "First, install the <application>cloud-init</application> package:"
6166
6368
msgstr ""
6167
6369
6168
#: serverguide/C/virtualization.xml:1979(command)
6370
#: serverguide/C/virtualization.xml:1897(command)
6169
6371
msgid "sudo apt-get install cloud-init"
6170
6372
msgstr ""
6171
6373
6172
#: serverguide/C/virtualization.xml:1982(para)
6374
#: serverguide/C/virtualization.xml:1900(para)
6173
6375
msgid ""
6174
6376
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6175
6377
"stored and executed as root late in the boot process of the instance's first "
6177
6379
"directed to the console."
6178
6380
msgstr ""
6179
6381
6180
#: serverguide/C/virtualization.xml:1987(para)
6382
#: serverguide/C/virtualization.xml:1905(para)
6181
6383
msgid ""
6182
6384
"For example, create a file named <filename>ud.txt</filename> containing:"
6183
6385
msgstr ""
6184
6386
6185
#: serverguide/C/virtualization.xml:1991(programlisting)
6387
#: serverguide/C/virtualization.xml:1909(programlisting)
6186
6388
#, no-wrap
6187
6389
msgid ""
6188
6390
"\n"
6191
6393
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6192
6394
msgstr ""
6193
6395
6194
#: serverguide/C/virtualization.xml:1997(para)
6396
#: serverguide/C/virtualization.xml:1915(para)
6195
6397
msgid ""
6196
6398
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6197
6399
msgstr ""
6198
6400
6199
#: serverguide/C/virtualization.xml:2002(command)
6401
#: serverguide/C/virtualization.xml:1920(command)
6200
6402
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6201
6403
msgstr ""
6202
6404
6203
#: serverguide/C/virtualization.xml:2005(para)
6405
#: serverguide/C/virtualization.xml:1923(para)
6204
6406
msgid ""
6205
6407
"Wait now for the system to come up and console to be available. To see the "
6206
6408
"result of the data file commands enter:"
6207
6409
msgstr ""
6208
6410
6209
#: serverguide/C/virtualization.xml:2010(command)
6411
#: serverguide/C/virtualization.xml:1928(command)
6210
6412
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6211
6413
msgstr ""
6212
6414
6213
#: serverguide/C/virtualization.xml:2011(computeroutput)
6415
#: serverguide/C/virtualization.xml:1929(computeroutput)
6214
6416
#, no-wrap
6215
6417
msgid ""
6216
6418
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6217
6419
"I have been up for 28.26 sec"
6218
6420
msgstr ""
6219
6421
6220
#: serverguide/C/virtualization.xml:2016(para)
6422
#: serverguide/C/virtualization.xml:1934(para)
6221
6423
msgid "Your output may vary."
6222
6424
msgstr ""
6223
6425
6224
#: serverguide/C/virtualization.xml:2021(para)
6426
#: serverguide/C/virtualization.xml:1939(para)
6225
6427
msgid ""
6226
6428
"The simple approach shown above gives a great deal of power. The user-data "
6227
6429
"can contain a script in any language where an interpreter already exists in "
6229
6431
")."
6230
6432
msgstr ""
6231
6433
6232
#: serverguide/C/virtualization.xml:2026(para)
6434
#: serverguide/C/virtualization.xml:1944(para)
6233
6435
msgid ""
6234
6436
"For many cases, the user may not be interested in writing a program. For "
6235
6437
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6238
6440
"config'</emphasis>."
6239
6441
msgstr ""
6240
6442
6241
#: serverguide/C/virtualization.xml:2031(para)
6443
#: serverguide/C/virtualization.xml:1949(para)
6242
6444
msgid ""
6243
"For example, create a text file named <filename>clout-config.txt</filename> "
6445
"For example, create a text file named <filename>cloud-config.txt</filename> "
6244
6446
"containing:"
6245
6447
msgstr ""
6246
6448
6247
#: serverguide/C/virtualization.xml:2035(programlisting)
6449
#: serverguide/C/virtualization.xml:1953(programlisting)
6248
6450
#, no-wrap
6249
6451
msgid ""
6250
6452
"\n"
6262
6464
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6263
6465
msgstr ""
6264
6466
6265
#: serverguide/C/virtualization.xml:2050(para)
6467
#: serverguide/C/virtualization.xml:1968(para)
6266
6468
msgid "Create a new instance:"
6267
6469
msgstr ""
6268
6470
6269
#: serverguide/C/virtualization.xml:2055(command)
6471
#: serverguide/C/virtualization.xml:1973(command)
6270
6472
msgid ""
6271
6473
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6272
6474
"config.txt"
6273
6475
msgstr ""
6274
6476
6275
#: serverguide/C/virtualization.xml:2058(para)
6477
#: serverguide/C/virtualization.xml:1976(para)
6276
6478
msgid "Now, when the above system is booted, it will have:"
6277
6479
msgstr ""
6278
6480
6279
#: serverguide/C/virtualization.xml:2063(para)
6481
#: serverguide/C/virtualization.xml:1981(para)
6280
6482
msgid "Added the Apache Edgers PPA."
6281
6483
msgstr ""
6282
6484
6283
#: serverguide/C/virtualization.xml:2064(para)
6485
#: serverguide/C/virtualization.xml:1982(para)
6284
6486
msgid "Run an upgrade to get all updates available"
6285
6487
msgstr ""
6286
6488
6287
#: serverguide/C/virtualization.xml:2065(para)
6489
#: serverguide/C/virtualization.xml:1983(para)
6288
6490
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6289
6491
msgstr ""
6290
6492
6291
#: serverguide/C/virtualization.xml:2066(para)
6493
#: serverguide/C/virtualization.xml:1984(para)
6292
6494
msgid "Printed a similar message to the script above"
6293
6495
msgstr ""
6294
6496
6295
#: serverguide/C/virtualization.xml:2070(para)
6497
#: serverguide/C/virtualization.xml:1988(para)
6296
6498
msgid ""
6297
6499
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6298
6500
"the latest version of Apache from upstream source repositories. Package "
6302
6504
"Edgers</ulink> web page for more details."
6303
6505
msgstr ""
6304
6506
6305
#: serverguide/C/virtualization.xml:2077(para)
6507
#: serverguide/C/virtualization.xml:1995(para)
6306
6508
msgid ""
6307
6509
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6308
6510
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6310
6512
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6311
6513
msgstr ""
6312
6514
6313
#: serverguide/C/virtualization.xml:2082(para)
6515
#: serverguide/C/virtualization.xml:2000(para)
6314
6516
msgid ""
6315
6517
"For more information on what kinds of things can be done with "
6316
6518
"<application>cloud-config</application>, see <ulink "
6318
6520
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6319
6521
msgstr ""
6320
6522
6321
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6523
#: serverguide/C/virtualization.xml:2009(title) serverguide/C/dns.xml:654(title)
6322
6524
msgid "More Information"
6323
6525
msgstr ""
6324
6526
6325
#: serverguide/C/virtualization.xml:2093(para)
6527
#: serverguide/C/virtualization.xml:2011(para)
6326
6528
msgid ""
6327
6529
"How to use the <ulink "
6328
6530
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6329
6531
"Controller</ulink>"
6330
6532
msgstr ""
6331
6533
6332
#: serverguide/C/virtualization.xml:2097(para)
6534
#: serverguide/C/virtualization.xml:2015(para)
6333
6535
msgid "Controlling eucalyptus services:"
6334
6536
msgstr ""
6335
6537
6336
#: serverguide/C/virtualization.xml:2102(para)
6538
#: serverguide/C/virtualization.xml:2020(para)
6337
6539
msgid ""
6338
6540
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6339
6541
msgstr ""
6340
6542
6341
#: serverguide/C/virtualization.xml:2103(para)
6543
#: serverguide/C/virtualization.xml:2021(para)
6342
6544
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6343
6545
msgstr ""
6344
6546
6345
#: serverguide/C/virtualization.xml:2106(para)
6547
#: serverguide/C/virtualization.xml:2024(para)
6346
6548
msgid "Locations of some important files:"
6347
6549
msgstr ""
6348
6550
6349
#: serverguide/C/virtualization.xml:2113(emphasis)
6551
#: serverguide/C/virtualization.xml:2031(emphasis)
6350
6552
msgid "Log files:"
6351
6553
msgstr ""
6352
6554
6353
#: serverguide/C/virtualization.xml:2116(para)
6555
#: serverguide/C/virtualization.xml:2034(para)
6354
6556
msgid "/var/log/eucalyptus"
6355
6557
msgstr ""
6356
6558
6357
#: serverguide/C/virtualization.xml:2121(emphasis)
6559
#: serverguide/C/virtualization.xml:2039(emphasis)
6358
6560
msgid "Configuration files:"
6359
6561
msgstr ""
6360
6562
6361
#: serverguide/C/virtualization.xml:2124(para)
6563
#: serverguide/C/virtualization.xml:2042(para)
6362
6564
msgid "/etc/eucalyptus"
6363
6565
msgstr ""
6364
6566
6365
#: serverguide/C/virtualization.xml:2129(emphasis)
6567
#: serverguide/C/virtualization.xml:2047(emphasis)
6366
6568
msgid "Database:"
6367
6569
msgstr ""
6368
6570
6369
#: serverguide/C/virtualization.xml:2132(para)
6571
#: serverguide/C/virtualization.xml:2050(para)
6370
6572
msgid "/var/lib/eucalyptus/db"
6371
6573
msgstr ""
6372
6574
6373
#: serverguide/C/virtualization.xml:2137(emphasis)
6575
#: serverguide/C/virtualization.xml:2055(emphasis)
6374
6576
msgid "Keys:"
6375
6577
msgstr ""
6376
6578
6377
#: serverguide/C/virtualization.xml:2140(para)
6579
#: serverguide/C/virtualization.xml:2058(para)
6378
6580
msgid "/var/lib/eucalyptus"
6379
6581
msgstr ""
6380
6582
6381
#: serverguide/C/virtualization.xml:2141(para)
6583
#: serverguide/C/virtualization.xml:2059(para)
6382
6584
msgid "/var/lib/eucalyptus/.ssh"
6383
6585
msgstr ""
6384
6586
6385
#: serverguide/C/virtualization.xml:2147(para)
6587
#: serverguide/C/virtualization.xml:2065(para)
6386
6588
msgid ""
6387
6589
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6388
6590
"running the client tools."
6389
6591
msgstr ""
6390
6592
6391
#: serverguide/C/virtualization.xml:2158(para)
6593
#: serverguide/C/virtualization.xml:2076(para)
6392
6594
msgid ""
6393
6595
"For information on loading instances see the <ulink "
6394
6596
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6395
6597
"page."
6396
6598
msgstr ""
6397
6599
6398
#: serverguide/C/virtualization.xml:2163(para)
6600
#: serverguide/C/virtualization.xml:2081(para)
6399
6601
msgid ""
6400
6602
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6401
6603
"documentation, downloads)</ulink>."
6402
6604
msgstr ""
6403
6605
6404
#: serverguide/C/virtualization.xml:2168(para)
6606
#: serverguide/C/virtualization.xml:2086(para)
6405
6607
msgid ""
6406
6608
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6407
6609
"(bugs, code)</ulink>."
6408
6610
msgstr ""
6409
6611
6410
#: serverguide/C/virtualization.xml:2173(para)
6612
#: serverguide/C/virtualization.xml:2091(para)
6411
6613
msgid ""
6412
6614
"<ulink "
6413
6615
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6414
6616
"ptus Troubleshooting (1.5)</ulink>."
6415
6617
msgstr ""
6416
6618
6417
#: serverguide/C/virtualization.xml:2178(para)
6619
#: serverguide/C/virtualization.xml:2096(para)
6418
6620
msgid ""
6419
6621
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6420
6622
"Cloud_Infrastructures/Eucalyptus/03-"
6422
6624
"RightScale</ulink>."
6423
6625
msgstr ""
6424
6626
6425
#: serverguide/C/virtualization.xml:2184(para)
6627
#: serverguide/C/virtualization.xml:2102(para)
6426
6628
msgid ""
6427
6629
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6428
6630
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6429
6631
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6430
6632
msgstr ""
6431
6633
6432
#: serverguide/C/virtualization.xml:2193(title)
6634
#: serverguide/C/virtualization.xml:2112(title)
6635
msgid "Ubuntu Cloud"
6636
msgstr ""
6637
6638
#: serverguide/C/virtualization.xml:2113(para)
6639
msgid ""
6640
"<application>Cloud computing</application> is a computing model that allows "
6641
"vast pools of resources to be allocated on-demand. These resources such as "
6642
"storage, computing power, network and software are abstracted and delivered "
6643
"as a service over the Internet anywhere, anytime. These services are billed "
6644
"per time consumed similar to the ones used by public services such as "
6645
"electricity, water and telephony. <application>Ubuntu Cloud "
6646
"Infrastructure</application> uses OpenStack open source software to help "
6647
"build highly scalable, cloud computing for both public and private clouds."
6648
msgstr ""
6649
6650
#: serverguide/C/virtualization.xml:2124(para)
6651
msgid ""
6652
"This tutorial covers the OpenStack installation from the Ubuntu 12.04 LTS "
6653
"Server Edition CD, and assumes a basic network topology, with a single "
6654
"system serving as the \"all-in-one cloud infrastructure\".Due to the "
6655
"tutorial's simplicity, the instructions as-is are not intended to set up "
6656
"production servers although it allows you to have a POC (proof of concept) "
6657
"of the Ubuntu Cloud using OpenStack."
6658
msgstr ""
6659
6660
#: serverguide/C/virtualization.xml:2133(para)
6661
msgid ""
6662
"To deploy a minimal Ubuntu Cloud infrastructure, you’ll need at least:"
6663
msgstr ""
6664
6665
#: serverguide/C/virtualization.xml:2139(para)
6666
msgid "One dedicated system."
6667
msgstr ""
6668
6669
#: serverguide/C/virtualization.xml:2144(para)
6670
msgid "Two network address ranges (private network and public network)."
6671
msgstr ""
6672
6673
#: serverguide/C/virtualization.xml:2149(para)
6674
msgid ""
6675
"Make sure the host in question supports VT ( Virtualization Technology ) "
6676
"since we will be using KVM as the virtualization technology. Other "
6677
"hypervisors are also supported such as QEMU, UML, Vmware ESX/ESXi and XEN. "
6678
"LXC (Linux Containers) is also supported through libvirt."
6679
msgstr ""
6680
6681
#: serverguide/C/virtualization.xml:2154(para)
6682
msgid ""
6683
"Check if your system supports kvm issuing <application><command>sudo kvm-"
6684
"ok</command></application> in a linux terminal."
6685
msgstr ""
6686
6687
#: serverguide/C/virtualization.xml:2158(para)
6688
msgid ""
6689
"The <command>\"Minimum Topology\"</command> recommended for production use "
6690
"is using three nodes - One master server running nova services (except "
6691
"compute) and two servers running nova-compute. This setup is not redundant "
6692
"and the master server is a SPoF (Single Point of Failure)."
6693
msgstr ""
6694
6695
#: serverguide/C/virtualization.xml:2166(title)
6696
msgid "Preconfiguring the network"
6697
msgstr ""
6698
6699
#: serverguide/C/virtualization.xml:2167(para)
6700
msgid ""
6701
"Before we start installing OpenStack we need to make sure we have bridging "
6702
"support installed, a MySQL database, and a central time server (ntp). This "
6703
"will assure that we have instantiated machines and hosts in sync."
6704
msgstr ""
6705
6706
#: serverguide/C/virtualization.xml:2171(para)
6707
msgid ""
6708
"In this example the “private network” will be in the 10.0.0.0/24 range on "
6709
"eth1. All the internal communication between instances will happen there "
6710
"while the “public network” will be in the 10.153.107.0/29 range on eth0."
6711
msgstr ""
6712
6713
#: serverguide/C/virtualization.xml:2177(title)
6714
msgid "Install bridging support"
6715
msgstr ""
6716
6717
#: serverguide/C/virtualization.xml:2184(title)
6718
msgid "Install and configure NTP"
6719
msgstr ""
6720
6721
#: serverguide/C/virtualization.xml:2186(command) serverguide/C/network-config.xml:1097(command)
6722
msgid "sudo apt-get install ntp"
6723
msgstr ""
6724
6725
#: serverguide/C/virtualization.xml:2188(para)
6726
msgid ""
6727
"Add these two lines at the end of the <filename>/etc/ntp.conf</filename> "
6728
"file."
6729
msgstr ""
6730
6731
#: serverguide/C/virtualization.xml:2191(programlisting)
6732
#, no-wrap
6733
msgid ""
6734
"\n"
6735
"server 127.127.1.0\n"
6736
"fudge 127.127.1.0 stratum 10\n"
6737
msgstr ""
6738
6739
#: serverguide/C/virtualization.xml:2195(para)
6740
msgid "Restart ntp service"
6741
msgstr ""
6742
6743
#: serverguide/C/virtualization.xml:2199(command)
6744
msgid "sudo service ntp restart"
6745
msgstr ""
6746
6747
#: serverguide/C/virtualization.xml:2204(title)
6748
msgid "Install and configure MySQL"
6749
msgstr ""
6750
6751
#: serverguide/C/virtualization.xml:2206(command) serverguide/C/databases.xml:44(command)
6752
msgid "sudo apt-get install mysql-server"
6753
msgstr ""
6754
6755
#: serverguide/C/virtualization.xml:2208(para)
6756
msgid "Create a database and mysql user for OpenStack"
6757
msgstr ""
6758
6759
#: serverguide/C/virtualization.xml:2212(command)
6760
msgid "sudo mysql -uroot -ppassword -e \"CREATE DATABASE nova;\""
6761
msgstr ""
6762
6763
#: serverguide/C/virtualization.xml:2213(command)
6764
msgid ""
6765
"sudo mysql -uroot -ppassword -e \"GRANT ALL ON nova.* TO novauser@localhost "
6766
"\\"
6767
msgstr ""
6768
6769
#: serverguide/C/virtualization.xml:2214(command)
6770
msgid "IDENTIFIED BY 'novapassword' \";"
6771
msgstr ""
6772
6773
#: serverguide/C/virtualization.xml:2216(para)
6774
msgid ""
6775
"The line continuation character <application>\"\\\"</application> implies "
6776
"that you must include the subsequent line as part of the current command."
6777
msgstr ""
6778
6779
#: serverguide/C/virtualization.xml:2225(title)
6780
msgid "Install OpenStack Compute (Nova)"
6781
msgstr ""
6782
6783
#: serverguide/C/virtualization.xml:2226(para)
6784
msgid ""
6785
"<command>OpenStack Compute (Nova)</command> is a cloud computing fabric "
6786
"controller (the main part of an IaaS system). It is written in Python, using "
6787
"the Eventlet and Twisted frameworks, and relies on the standard AMQP "
6788
"messaging protocol, and SQLAlchemy for data store access."
6789
msgstr ""
6790
6791
#: serverguide/C/virtualization.xml:2231(para)
6792
msgid "Install OpenStack Nova components"
6793
msgstr ""
6794
6795
#: serverguide/C/virtualization.xml:2235(command)
6796
msgid ""
6797
"sudo apt-get install nova-api nova-network nova-volume nova-objectstore nova-"
6798
"scheduler \\"
6799
msgstr ""
6800
6801
#: serverguide/C/virtualization.xml:2236(command)
6802
msgid "nova-compute euca2ools unzip"
6803
msgstr ""
6804
6805
#: serverguide/C/virtualization.xml:2238(para)
6806
msgid "Restart libvirt-bin just to make sure libvirtd is aware of ebtables."
6807
msgstr ""
6808
6809
#: serverguide/C/virtualization.xml:2241(command)
6810
msgid "sudo service libvirt-bin restart"
6811
msgstr ""
6812
6813
#: serverguide/C/virtualization.xml:2243(para)
6814
msgid "Install RabbitMQ – Advanced Message Queuing Protocol (AMQP)"
6815
msgstr ""
6816
6817
#: serverguide/C/virtualization.xml:2247(command)
6818
msgid "sudo apt-get install rabbitmq-server"
6819
msgstr ""
6820
6821
#: serverguide/C/virtualization.xml:2250(para)
6822
msgid "Edit <filename>/etc/nova/nova.conf</filename> and add the following:"
6823
msgstr ""
6824
6825
#: serverguide/C/virtualization.xml:2253(programlisting)
6826
#, no-wrap
6827
msgid ""
6828
"\n"
6829
"# Nova config FlatDHCPManager\n"
6830
"--sql_connection=mysql://novauser:novapassword@localhost/nova\n"
6831
"--flat_injected=true\n"
6832
"--network_manager=nova.network.manager.FlatDHCPManager\n"
6833
"--fixed_range=10.0.0.0/24\n"
6834
"--floating_range=10.153.107.72/29\n"
6835
"--flat_network_dhcp_start=10.0.0.2\n"
6836
"--flat_network_bridge=br100\n"
6837
"--flat_interface=eth1\n"
6838
"--public_interface=eth0\n"
6839
msgstr ""
6840
6841
#: serverguide/C/virtualization.xml:2266(para)
6842
msgid "Restart OpenStack services"
6843
msgstr ""
6844
6845
#: serverguide/C/virtualization.xml:2270(command) serverguide/C/virtualization.xml:2274(command)
6846
msgid ""
6847
"for i in nova-api nova-network nova-objectstore nova-scheduler nova-volume "
6848
"nova-compute; \\"
6849
msgstr ""
6850
6851
#: serverguide/C/virtualization.xml:2271(command)
6852
msgid "do sudo stop $i; sleep 2; done"
6853
msgstr ""
6854
6855
#: serverguide/C/virtualization.xml:2275(command)
6856
msgid "do sudo start $i; sleep 2; done"
6857
msgstr ""
6858
6859
#: serverguide/C/virtualization.xml:2277(para)
6860
msgid ""
6861
"Migrate Nova database from sqlite db to MySQL db. It may take a while."
6862
msgstr ""
6863
6864
#: serverguide/C/virtualization.xml:2281(command)
6865
msgid "sudo nova-manage db sync"
6866
msgstr ""
6867
6868
#: serverguide/C/virtualization.xml:2283(para)
6869
msgid ""
6870
"Define a specific <application>private network</application> where all your "
6871
"Instances will run. This will be used in the network of fixed Ips set inside "
6872
"<filename>nova.conf </filename>."
6873
msgstr ""
6874
6875
#: serverguide/C/virtualization.xml:2288(command)
6876
msgid ""
6877
"sudo nova-manage network create --fixed_range_v4 10.0.0.0/24 --label private "
6878
"\\"
6879
msgstr ""
6880
6881
#: serverguide/C/virtualization.xml:2289(command)
6882
msgid "--bridge_interface br100"
6883
msgstr ""
6884
6885
#: serverguide/C/virtualization.xml:2291(para)
6886
msgid ""
6887
"Define a specific public network and allocate 6 (usable) Floating Public IP "
6888
"addresses for use with the instances starting from 10.153.107.72."
6889
msgstr ""
6890
6891
#: serverguide/C/virtualization.xml:2295(command)
6892
msgid "sudo nova-manage floating create --ip_range=10.153.107.72/29"
6893
msgstr ""
6894
6895
#: serverguide/C/virtualization.xml:2297(para)
6896
msgid ""
6897
"Create a user (user1), a project (project1), download credentials and source "
6898
"its configuration file."
6899
msgstr ""
6900
6901
#: serverguide/C/virtualization.xml:2299(command)
6902
msgid "cd ; mkdir nova ; cd nova"
6903
msgstr ""
6904
6905
#: serverguide/C/virtualization.xml:2300(command)
6906
msgid "sudo nova-manage user admin user1"
6907
msgstr ""
6908
6909
#: serverguide/C/virtualization.xml:2301(command)
6910
msgid "sudo nova-manage project create project1 user1"
6911
msgstr ""
6912
6913
#: serverguide/C/virtualization.xml:2302(command)
6914
msgid "sudo nova-manage project zipfile project1 user1"
6915
msgstr ""
6916
6917
#: serverguide/C/virtualization.xml:2303(command)
6918
msgid "unzip nova.zip"
6919
msgstr ""
6920
6921
#: serverguide/C/virtualization.xml:2304(command) serverguide/C/virtualization.xml:2379(command)
6922
msgid "source novarc"
6923
msgstr ""
6924
6925
#: serverguide/C/virtualization.xml:2307(para)
6926
msgid "Verify the OpenStack Compute installation by typing:"
6927
msgstr ""
6928
6929
#: serverguide/C/virtualization.xml:2309(command)
6930
msgid "sudo nova-manage service list"
6931
msgstr ""
6932
6933
#: serverguide/C/virtualization.xml:2310(command)
6934
msgid "sudo nova-manage version list"
6935
msgstr ""
6936
6937
#: serverguide/C/virtualization.xml:2312(para)
6938
msgid ""
6939
"If nova services don’t show up correctly restart OpenStack services as "
6940
"described previously. For more information please refer to the "
6941
"troubleshooting section on this guide."
6942
msgstr ""
6943
6944
#: serverguide/C/virtualization.xml:2318(title)
6945
msgid "Install Imaging Service (Glance)"
6946
msgstr ""
6947
6948
#: serverguide/C/virtualization.xml:2319(para)
6949
msgid ""
6950
"Nova uses Glance service to manage Operating System images that it needs for "
6951
"bringing up instances. Glance can use several types of storage backends such "
6952
"as filestore, s3 etc. Glance has two components - <emphasis>glance-api and "
6953
"glance-registry</emphasis>. These can be controlled using the concerned "
6954
"upstart service jobs. For this specific case we will be using mysql as a "
6955
"storage backend."
6956
msgstr ""
6957
6958
#: serverguide/C/virtualization.xml:2325(para)
6959
msgid "Install Glance"
6960
msgstr ""
6961
6962
#: serverguide/C/virtualization.xml:2327(command)
6963
msgid "sudo apt-get install glance"
6964
msgstr ""
6965
6966
#: serverguide/C/virtualization.xml:2329(para)
6967
msgid "Create a database and user for glance"
6968
msgstr ""
6969
6970
#: serverguide/C/virtualization.xml:2333(command)
6971
msgid "sudo mysql -uroot -ppassword -e \"CREATE DATABASE glance;\""
6972
msgstr ""
6973
6974
#: serverguide/C/virtualization.xml:2334(command)
6975
msgid ""
6976
"sudo mysql -uroot -ppassword -e \"GRANT ALL ON glance.* TO "
6977
"glanceuser@localhost \\"
6978
msgstr ""
6979
6980
#: serverguide/C/virtualization.xml:2335(command)
6981
msgid "IDENTIFIED BY 'glancepassword' \";"
6982
msgstr ""
6983
6984
#: serverguide/C/virtualization.xml:2337(para)
6985
msgid ""
6986
"Edit the file /etc/glance/glance-registry.conf and edit the line which "
6987
"contains the option \"sql_connection =\" to this:"
6988
msgstr ""
6989
6990
#: serverguide/C/virtualization.xml:2341(programlisting)
6991
#, no-wrap
6992
msgid "sql_connection = mysql://glanceuser:glancepassword@localhost/glance"
6993
msgstr ""
6994
6995
#: serverguide/C/virtualization.xml:2343(para)
6996
msgid "Remove the sqlite database"
6997
msgstr ""
6998
6999
#: serverguide/C/virtualization.xml:2345(command)
7000
msgid "rm -rf /var/lib/glance/glance.sqlite"
7001
msgstr ""
7002
7003
#: serverguide/C/virtualization.xml:2350(para)
7004
msgid ""
7005
"Restart glance-registry after making changes to /etc/glance/glance-"
7006
"registry.conf. The MySQL database will be automatically populated."
7007
msgstr ""
7008
7009
#: serverguide/C/virtualization.xml:2353(command)
7010
msgid "sudo restart glance-registry"
7011
msgstr ""
7012
7013
#: serverguide/C/virtualization.xml:2357(para)
7014
msgid ""
7015
"If you find issues take a look at the log file in /var/log/glance/api.log "
7016
"and /var/log/glance/registry.log."
7017
msgstr ""
7018
7019
#: serverguide/C/virtualization.xml:2362(title)
7020
msgid "Running Instances"
7021
msgstr ""
7022
7023
#: serverguide/C/virtualization.xml:2363(para)
7024
msgid ""
7025
"Before you can instantiate images, you first need to setup user credentials. "
7026
"Once this first step is achieved you also need to upload images that you "
7027
"want to run in the cloud. Once you have these images uploaded to the cloud "
7028
"you will be able to run and connect to them. Here are the steps you should "
7029
"follow to get OpenStack Nova running instances:"
7030
msgstr ""
7031
7032
#: serverguide/C/virtualization.xml:2370(para)
7033
msgid "Download, register and publish an Ubuntu cloud image"
7034
msgstr ""
7035
7036
#: serverguide/C/virtualization.xml:2372(command)
7037
msgid "distro=lucid"
7038
msgstr ""
7039
7040
#: serverguide/C/virtualization.xml:2373(command)
7041
msgid ""
7042
"wget http://cloud-images.ubuntu.com/$distro/current/$distro-server-cloudimg-"
7043
"amd64.tar.gz"
7044
msgstr ""
7045
7046
#: serverguide/C/virtualization.xml:2374(command)
7047
msgid ""
7048
"cloud-publish-tarball \"$distro\"-server-cloudimg-amd64.tar.gz "
7049
"\"$distro\"_amd64"
7050
msgstr ""
7051
7052
#: serverguide/C/virtualization.xml:2376(para)
7053
msgid "Create a key pair and start an instance"
7054
msgstr ""
7055
7056
#: serverguide/C/virtualization.xml:2378(command)
7057
msgid "cd ~/nova"
7058
msgstr ""
7059
7060
#: serverguide/C/virtualization.xml:2380(command)
7061
msgid "euca-add-keypair user1 > user1.priv"
7062
msgstr ""
7063
7064
#: serverguide/C/virtualization.xml:2381(command)
7065
msgid "chmod 0600 user1.priv"
7066
msgstr ""
7067
7068
#: serverguide/C/virtualization.xml:2384(para)
7069
msgid "Allow icmp (ping) and ssh access to instances"
7070
msgstr ""
7071
7072
#: serverguide/C/virtualization.xml:2387(command)
7073
msgid "euca-authorize -P icmp -t -1:-1 default"
7074
msgstr ""
7075
7076
#: serverguide/C/virtualization.xml:2389(para)
7077
msgid "Run an instance"
7078
msgstr ""
7079
7080
#: serverguide/C/virtualization.xml:2392(command)
7081
msgid "ami=`euca-describe-images | awk {'print $2'} | grep -m1 ami`"
7082
msgstr ""
7083
7084
#: serverguide/C/virtualization.xml:2393(command)
7085
msgid "euca-run-instances $ami -k user1 -t m1.tiny"
7086
msgstr ""
7087
7088
#: serverguide/C/virtualization.xml:2394(command) serverguide/C/virtualization.xml:2403(command)
7089
msgid "euca-describe-instances"
7090
msgstr ""
7091
7092
#: serverguide/C/virtualization.xml:2397(para)
7093
msgid "Assign public address to the instance."
7094
msgstr ""
7095
7096
#: serverguide/C/virtualization.xml:2401(command)
7097
msgid "euca-allocate-address"
7098
msgstr ""
7099
7100
#: serverguide/C/virtualization.xml:2402(command)
7101
msgid "euca-associate-address -i instance_id public_ip_address"
7102
msgstr ""
7103
7104
#: serverguide/C/virtualization.xml:2406(para)
7105
msgid ""
7106
"You must enter above the <application>instance_id (ami)</application> and "
7107
"<application>public_ip_address</application> shown above by euca-describe-"
7108
"instances and euca-allocate-address commands."
7109
msgstr ""
7110
7111
#: serverguide/C/virtualization.xml:2410(para)
7112
msgid "Now you should be able to SSH to the instance"
7113
msgstr ""
7114
7115
#: serverguide/C/virtualization.xml:2413(application)
7116
msgid "ipaddress"
7117
msgstr ""
7118
7119
#: serverguide/C/virtualization.xml:2413(command)
7120
msgid "ssh -i user1.priv ubuntu@<placeholder-1/>"
7121
msgstr ""
7122
7123
#: serverguide/C/virtualization.xml:2416(para)
7124
msgid "To terminate instances"
7125
msgstr ""
7126
7127
#: serverguide/C/virtualization.xml:2418(application)
7128
msgid "instance_id"
7129
msgstr ""
7130
7131
#: serverguide/C/virtualization.xml:2418(command)
7132
msgid "euca-terminate-instances <placeholder-1/>"
7133
msgstr ""
7134
7135
#: serverguide/C/virtualization.xml:2424(title)
7136
msgid "Install the Storage Infrastructure (Swift)"
7137
msgstr ""
7138
7139
#: serverguide/C/virtualization.xml:2425(para)
7140
msgid ""
7141
"Swift is a highly available, distributed, eventually consistent object/blob "
7142
"store. It is used by the OpenStack Infrastructure to provide S3 like cloud "
7143
"storage services. It is also S3 api compatible with amazon."
7144
msgstr ""
7145
7146
#: serverguide/C/virtualization.xml:2428(para)
7147
msgid ""
7148
"Organizations use Swift to store lots of data efficiently, safely, and "
7149
"cheaply where applications use an special api to interface between the "
7150
"applications and objects stored in Swift."
7151
msgstr ""
7152
7153
#: serverguide/C/virtualization.xml:2432(para)
7154
msgid ""
7155
"Although you can install Swift on a single server, a multiple-server "
7156
"installation is required for production environments. If you want to install "
7157
"OpenStack Object Storage (Swift) on a single node for development or testing "
7158
"purposes, use the Swift All In One instructions on Ubuntu."
7159
msgstr ""
7160
7161
#: serverguide/C/virtualization.xml:2436(para)
7162
msgid ""
7163
"For more information see: <ulink "
7164
"url=\"http://swift.openstack.org/development_saio.html\">http://swift.opensta"
7165
"ck.org/development_saio.html </ulink> ."
7166
msgstr ""
7167
7168
#: serverguide/C/virtualization.xml:2443(title)
7169
msgid "Support and Troubleshooting"
7170
msgstr ""
7171
7172
#: serverguide/C/virtualization.xml:2444(para)
7173
msgid "Community Support"
7174
msgstr ""
7175
7176
#: serverguide/C/virtualization.xml:2448(ulink)
7177
msgid "OpenStack Mailing list"
7178
msgstr ""
7179
7180
#: serverguide/C/virtualization.xml:2453(ulink)
7181
msgid "The OpenStack Wiki search"
7182
msgstr ""
7183
7184
#: serverguide/C/virtualization.xml:2459(ulink)
7185
msgid "Launchpad bugs area"
7186
msgstr ""
7187
7188
#: serverguide/C/virtualization.xml:2463(para)
7189
msgid "Join the IRC channel #openstack on freenode."
7190
msgstr ""
7191
7192
#: serverguide/C/virtualization.xml:2477(ulink)
7193
msgid "Cloud Computing - Service models"
7194
msgstr ""
7195
7196
#: serverguide/C/virtualization.xml:2482(ulink)
7197
msgid "OpenStack Compute"
7198
msgstr ""
7199
7200
#: serverguide/C/virtualization.xml:2487(ulink)
7201
msgid "OpenStack Image Service"
7202
msgstr ""
7203
7204
#: serverguide/C/virtualization.xml:2492(ulink)
7205
msgid "OpenStack Object Storage Administration Guide"
7206
msgstr ""
7207
7208
#: serverguide/C/virtualization.xml:2497(ulink)
7209
msgid "Installing OpenStack Object Storage on Ubuntu"
7210
msgstr ""
7211
7212
#: serverguide/C/virtualization.xml:2502(ulink)
7213
msgid "http://cloudglossary.com/"
7214
msgstr ""
7215
7216
#: serverguide/C/virtualization.xml:2512(title)
6433
7217
msgid "Glossary"
6434
7218
msgstr ""
6435
7219
6436
#: serverguide/C/virtualization.xml:2195(para)
7220
#: serverguide/C/virtualization.xml:2514(para)
6437
7221
msgid ""
6438
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6439
"unfamiliar to some readers. This page is intended to provide a glossary of "
6440
"such terms and acronyms."
7222
"The Ubuntu Cloud documentation uses terminology that might be unfamiliar to "
7223
"some readers. This page is intended to provide a glossary of such terms and "
7224
"acronyms."
6441
7225
msgstr ""
6442
7226
6443
#: serverguide/C/virtualization.xml:2202(para)
7227
#: serverguide/C/virtualization.xml:2521(para)
6444
7228
msgid ""
6445
7229
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6446
7230
"computing resources through virtual machines, provisioned and recollected "
6447
7231
"dynamically."
6448
7232
msgstr ""
6449
7233
6450
#: serverguide/C/virtualization.xml:2208(para)
6451
msgid ""
6452
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6453
"provides the web UI (an https server on port 8443), and implements the "
6454
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6455
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6456
"cloud</application> package."
6457
msgstr ""
6458
6459
#: serverguide/C/virtualization.xml:2215(para)
6460
msgid ""
6461
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6462
"Cluster Controller. There can be more than one Cluster in an installation of "
6463
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6464
"floor2, floor2)."
6465
msgstr ""
6466
6467
#: serverguide/C/virtualization.xml:2221(para)
6468
msgid ""
6469
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6470
"manages collections of node resources. This service is provided by the "
6471
"Ubuntu <application>eucalyptus-cc</application> package."
6472
msgstr ""
6473
6474
#: serverguide/C/virtualization.xml:2227(para)
7234
#: serverguide/C/virtualization.xml:2527(para)
7235
msgid ""
7236
"<emphasis>IaaS</emphasis> - Infrastructure as a Service — Cloud "
7237
"infrastructure services, whereby a virtualized environment is delivered as a "
7238
"service over the Internet by the provider. The infrastructure can include "
7239
"servers, network equipment, and software."
7240
msgstr ""
7241
7242
#: serverguide/C/virtualization.xml:2534(para)
6475
7243
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6476
7244
msgstr ""
6477
7245
6478
#: serverguide/C/virtualization.xml:2232(para)
7246
#: serverguide/C/virtualization.xml:2539(para)
6479
7247
msgid ""
6480
7248
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6481
7249
"pay-by-the-gigabyte public cloud computing offering."
6482
7250
msgstr ""
6483
7251
6484
#: serverguide/C/virtualization.xml:2237(para)
6485
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6486
msgstr ""
6487
6488
#: serverguide/C/virtualization.xml:2242(para)
6489
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6490
msgstr ""
6491
6492
#: serverguide/C/virtualization.xml:2247(para)
6493
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6494
msgstr ""
6495
6496
#: serverguide/C/virtualization.xml:2252(para)
6497
msgid ""
6498
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6499
"Linking Your Programs To Useful Systems. An open source project originally "
6500
"from the University of California at Santa Barbara, now supported by "
6501
"Eucalyptus Systems, a Canonical Partner."
6502
msgstr ""
6503
6504
#: serverguide/C/virtualization.xml:2259(para)
6505
msgid ""
6506
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6507
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6508
"cluster controller)."
6509
msgstr ""
6510
6511
#: serverguide/C/virtualization.xml:2265(para)
7252
#: serverguide/C/virtualization.xml:2544(para)
6512
7253
msgid ""
6513
7254
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6514
7255
"running virtual machines, running a node controller. Within Ubuntu, this "
6516
7257
"hypervisor."
6517
7258
msgstr ""
6518
7259
6519
#: serverguide/C/virtualization.xml:2271(para)
6520
msgid ""
6521
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6522
"on nodes which host the virtual machines that comprise the cloud. This "
6523
"service is provided by the Ubuntu package <application>eucalyptus-"
6524
"nc</application>."
6525
msgstr ""
6526
6527
#: serverguide/C/virtualization.xml:2277(para)
7260
#: serverguide/C/virtualization.xml:2550(para)
6528
7261
msgid ""
6529
7262
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6530
7263
"gigabyte persistent storage solution for EC2."
6531
7264
msgstr ""
6532
7265
6533
#: serverguide/C/virtualization.xml:2282(para)
6534
msgid ""
6535
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6536
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6537
"installation can have its own Storage Controller. This component is provided "
6538
"by the <application>eucalyptus-sc</application> package."
6539
msgstr ""
6540
6541
#: serverguide/C/virtualization.xml:2289(para)
6542
msgid ""
6543
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6544
"solution, based on Eucalyptus."
6545
msgstr ""
6546
6547
#: serverguide/C/virtualization.xml:2294(para)
7266
#: serverguide/C/virtualization.xml:2555(para)
7267
msgid ""
7268
"<emphasis>Ubuntu Cloud</emphasis> - Ubuntu Cloud. Ubuntu's cloud computing "
7269
"solution, based on OpenStack."
7270
msgstr ""
7271
7272
#: serverguide/C/virtualization.xml:2560(para)
6548
7273
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6549
7274
msgstr ""
6550
7275
6551
#: serverguide/C/virtualization.xml:2299(para)
7276
#: serverguide/C/virtualization.xml:2565(para)
6552
7277
msgid ""
6553
7278
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6554
7279
"some modern CPUs, allowing for accelerated virtual machine hosting."
6555
7280
msgstr ""
6556
7281
6557
#: serverguide/C/virtualization.xml:2304(para)
6558
msgid ""
6559
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6560
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6561
"put/get abstractions."
7282
#: serverguide/C/virtualization.xml:2577(title)
7283
msgid "LXC"
7284
msgstr ""
7285
7286
#: serverguide/C/virtualization.xml:2578(para)
7287
msgid ""
7288
"Containers are a lightweight virtualization technology. They are more akin "
7289
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
7290
"because they do not emulate hardware and because containers share the same "
7291
"operating system as the host. Therefore containers are better compared to "
7292
"Solaris zones or BSD jails. Linux-vserver and OpenVZ are two pre-existing, "
7293
"independently developed implementations of containers-like functionality for "
7294
"Linux. In fact, containers came about as a result of the work to upstream "
7295
"the vserver and OpenVZ functionality. Some vserver and OpenVZ functionality "
7296
"is still missing in containers, however containers can "
7297
"<emphasis>boot</emphasis> many Linux distributions and have the advantage "
7298
"that they can be used with an un-modified upstream kernel."
7299
msgstr ""
7300
7301
#: serverguide/C/virtualization.xml:2593(para)
7302
msgid ""
7303
"There are two user-space implementations of containers, each exploiting the "
7304
"same kernel features. Libvirt allows the use of containers through the LXC "
7305
"driver by connecting to 'lxc:///'. This can be very convenient as it "
7306
"supports the same usage as its other drivers. The other implementation, "
7307
"called simply 'LXC', is not compatible with libvirt, but is more flexible "
7308
"with more userspace tools. It is possible to switch between the two, though "
7309
"there are peculiarities which can cause confusion."
7310
msgstr ""
7311
7312
#: serverguide/C/virtualization.xml:2604(para)
7313
msgid ""
7314
"In this document we will mainly describe the <application>lxc</application> "
7315
"package. Toward the end, we will describe how to use the libvirt LXC driver."
7316
msgstr ""
7317
7318
#: serverguide/C/virtualization.xml:2609(para)
7319
msgid "In this document, a container name will be shown as CN, C1, or C2."
7320
msgstr ""
7321
7322
#: serverguide/C/virtualization.xml:2615(para)
7323
msgid "The <application>lxc</application> package can be installed using"
7324
msgstr ""
7325
7326
#: serverguide/C/virtualization.xml:2620(command)
7327
msgid "sudo apt-get install lxc"
7328
msgstr ""
7329
7330
#: serverguide/C/virtualization.xml:2625(para)
7331
msgid ""
7332
"This will pull in the required and recommended dependencies, including "
7333
"cgroup-lite, lvm2, and debootstrap. To use libvirt-lxc, install libvirt-bin. "
7334
"LXC and libvirt-lxc can be installed and used at the same time."
7335
msgstr ""
7336
7337
#: serverguide/C/virtualization.xml:2633(title)
7338
msgid "Host Setup"
7339
msgstr ""
7340
7341
#: serverguide/C/virtualization.xml:2635(title)
7342
msgid "Basic layout of LXC files"
7343
msgstr ""
7344
7345
#: serverguide/C/virtualization.xml:2636(para)
7346
msgid ""
7347
"Following is a description of the files and directories which are installed "
7348
"and used by LXC."
7349
msgstr ""
7350
7351
#: serverguide/C/virtualization.xml:2643(para)
7352
msgid "There are two upstart jobs:"
7353
msgstr ""
7354
7355
#: serverguide/C/virtualization.xml:2647(para)
7356
msgid ""
7357
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
7358
"runs if <filename> /etc/default/lxc</filename> specifies USE_LXC_BRIDGE "
7359
"(true by default). It sets up a NATed bridge for containers to use."
7360
msgstr ""
7361
7362
#: serverguide/C/virtualization.xml:2656(para)
7363
msgid ""
7364
"<filename>/etc/init/lxc.conf:</filename> runs if LXC_AUTO (true by default) "
7365
"is set to true in <filename>/etc/default/lxc</filename>. It looks for "
7366
"entries under <filename>/etc/lxc/auto/</filename> which are symbolic links "
7367
"to configuration files for the containers which should be started at boot."
7368
msgstr ""
7369
7370
#: serverguide/C/virtualization.xml:2668(para)
7371
msgid ""
7372
"<filename>/etc/lxc/lxc.conf:</filename> There is a default container "
7373
"creation configuration file, <filename>/etc/lxc/lxc.conf</filename>, which "
7374
"directs containers to use the LXC bridge created by the lxc-net upstart job. "
7375
"If no configuration file is specified when creating a container, then this "
7376
"one will be used."
7377
msgstr ""
7378
7379
#: serverguide/C/virtualization.xml:2678(para)
7380
msgid ""
7381
"Examples of other container creation configuration files are found under "
7382
"<filename>/usr/share/doc/lxc/examples</filename>. These show how to create "
7383
"containers without a private network, or using macvlan, vlan, or other "
7384
"network layouts."
7385
msgstr ""
7386
7387
#: serverguide/C/virtualization.xml:2687(para)
7388
msgid ""
7389
"The various container administration tools are found under "
7390
"<filename>/usr/bin</filename>."
7391
msgstr ""
7392
7393
#: serverguide/C/virtualization.xml:2694(para)
7394
msgid ""
7395
"<filename>/usr/lib/lxc/lxc-init</filename> is a very minimal and lightweight "
7396
"init binary which is used by lxc-execute. Rather than `booting' a full "
7397
"container, it manually mounts a few filesystems, especially "
7398
"<filename>/proc</filename>, and executes its arguments. You are not likely "
7399
"to need to manually refer to this file."
7400
msgstr ""
7401
7402
#: serverguide/C/virtualization.xml:2704(para)
7403
msgid ""
7404
"<filename>/usr/lib/lxc/templates/</filename> contains the `templates' which "
7405
"can be used to create new containers of various distributions and flavors. "
7406
"Not all templates are currently supported."
7407
msgstr ""
7408
7409
#: serverguide/C/virtualization.xml:2712(para)
7410
msgid ""
7411
"<filename>/etc/apparmor.d/lxc/lxc-default</filename> contains the default "
7412
"Apparmor MAC policy which works to protect the host from containers. Please "
7413
"see the <xref linkend=\"lxc-apparmor\"/> for more information."
7414
msgstr ""
7415
7416
#: serverguide/C/virtualization.xml:2720(para)
7417
msgid ""
7418
"<filename>/etc/apparmor.d/usr.bin.lxc-start</filename> contains a profile to "
7419
"protect the host from <command>lxc-start</command> while it is setting up "
7420
"the container."
7421
msgstr ""
7422
7423
#: serverguide/C/virtualization.xml:2728(para)
7424
msgid ""
7425
"<filename>/etc/apparmor.d/lxc-containers</filename> causes all the profiles "
7426
"defined under <filename>/etc/apparmor.d/lxc</filename> to be loaded at boot."
7427
msgstr ""
7428
7429
#: serverguide/C/virtualization.xml:2736(para)
7430
msgid ""
7431
"There are various man pages for the LXC administration tools as well as the "
7432
"<filename>lxc.conf</filename> container configuration file."
7433
msgstr ""
7434
7435
#: serverguide/C/virtualization.xml:2743(para)
7436
msgid ""
7437
"<filename>/var/lib/lxc</filename> is where containers and their "
7438
"configuration information are stored."
7439
msgstr ""
7440
7441
#: serverguide/C/virtualization.xml:2750(para)
7442
msgid ""
7443
"<filename>/var/cache/lxc</filename> is where caches of distribution data are "
7444
"stored to speed up multiple container creations."
7445
msgstr ""
7446
7447
#: serverguide/C/virtualization.xml:2759(title)
7448
msgid "lxcbr0"
7449
msgstr ""
7450
7451
#: serverguide/C/virtualization.xml:2760(para)
7452
msgid ""
7453
"When USE_LXC_BRIDGE is set to true in /etc/default/lxc (as it is by "
7454
"default), a bridge called lxcbr0 is created at startup. This bridge is given "
7455
"the private address 10.0.3.1, and containers using this bridge will have a "
7456
"10.0.3.0/24 address. A dnsmasq instance is run listening on that bridge, so "
7457
"if another dnsmasq has bound all interfaces before the lxc-net upstart job "
7458
"runs, lxc-net will fail to start and lxcbr0 will not exist."
7459
msgstr ""
7460
7461
#: serverguide/C/virtualization.xml:2769(para)
7462
msgid ""
7463
"If you have another bridge - libvirt's default virbr0, or a br0 bridge for "
7464
"your default NIC - you can use that bridge in place of lxcbr0 for your "
7465
"containers."
7466
msgstr ""
7467
7468
#: serverguide/C/virtualization.xml:2777(title)
7469
msgid "Using a separate filesystem for the container store"
7470
msgstr ""
7471
7472
#: serverguide/C/virtualization.xml:2778(para)
7473
msgid ""
7474
"LXC stores container information and (with the default backing store) root "
7475
"filesystems under <filename>/var/lib/lxc</filename>. Container creation "
7476
"templates also tend to store cached distribution information under "
7477
"<filename>/var/cache/lxc</filename>."
7478
msgstr ""
7479
7480
#: serverguide/C/virtualization.xml:2785(para)
7481
msgid ""
7482
"If you wish to use another filesystem than <filename>/var</filename>, you "
7483
"can mount a filesystem which has more space into those locations. If you "
7484
"have a disk dedicated for this, you can simply mount it at "
7485
"<filename>/var/lib/lxc</filename>. If you'd like to use another location, "
7486
"like <filename>/srv</filename>, you can bind mount it or use a symbolic "
7487
"link. For instance, if <filename>/srv</filename> is a large mounted "
7488
"filesystem, create and symlink two directories:"
7489
msgstr ""
7490
7491
#: serverguide/C/virtualization.xml:2795(command)
7492
msgid ""
7493
"sudo mkdir /srv/lxclib /srv/lxccache sudo rm -rf /var/lib/lxc /var/cache/lxc "
7494
"sudo ln -s /srv/lxclib /var/lib/lxc sudo ln -s /srv/lxccache /var/cache/lxc"
7495
msgstr ""
7496
7497
#: serverguide/C/virtualization.xml:2803(para)
7498
msgid "or, using bind mounts:"
7499
msgstr ""
7500
7501
#: serverguide/C/virtualization.xml:2808(command)
7502
msgid ""
7503
"sudo mkdir /srv/lxclib /srv/lxccache sudo sed -i '$a \\ /srv/lxclib "
7504
"/var/lib/lxc none defaults,bind 0 0 \\ /srv/lxccache /var/cache/lxc none "
7505
"defaults,bind 0 0' /etc/fstab sudo mount -a"
7506
msgstr ""
7507
7508
#: serverguide/C/virtualization.xml:2820(title)
7509
msgid "Containers backed by lvm"
7510
msgstr ""
7511
7512
#: serverguide/C/virtualization.xml:2822(para)
7513
msgid ""
7514
"It is possible to use LVM partitions as the backing stores for containers. "
7515
"Advantages of this include flexibility in storage management and fast "
7516
"container cloning. The tools default to using a VG (volume group) named "
7517
"<emphasis>lxc</emphasis>, but another VG can be used through command line "
7518
"options. When a LV is used as a container backing store, the container's "
7519
"configuration file is still <filename>/var/lib/lxc/CN/config</filename>, but "
7520
"the root fs entry in that file (<emphasis>lxc.rootfs</emphasis>) will point "
7521
"to the lV block device name, i.e. <filename>/dev/lxc/CN</filename>."
7522
msgstr ""
7523
7524
#: serverguide/C/virtualization.xml:2834(para)
7525
msgid "Containers with directory tree and LVM backing stores can co-exist."
7526
msgstr ""
7527
7528
#: serverguide/C/virtualization.xml:2841(title)
7529
msgid "Btrfs"
7530
msgstr ""
7531
7532
#: serverguide/C/virtualization.xml:2842(para)
7533
msgid ""
7534
"If your host has a btrfs <filename>/var</filename>, the LXC administration "
7535
"tools will detect this and automatically exploit it by cloning containers "
7536
"using btrfs snapshots."
7537
msgstr ""
7538
7539
#: serverguide/C/virtualization.xml:2850(title)
7540
msgid "Apparmor"
7541
msgstr ""
7542
7543
#: serverguide/C/virtualization.xml:2851(para)
7544
msgid ""
7545
"LXC ships with an Apparmor profile intended to protect the host from "
7546
"accidental misuses of privilege inside the container. For instance, the "
7547
"container will not be able to write to <filename>/proc/sysrq-"
7548
"trigger</filename> or to most <filename>/sys</filename> files."
7549
msgstr ""
7550
7551
#: serverguide/C/virtualization.xml:2858(para)
7552
msgid ""
7553
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
7554
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
7555
"start</command> from mounting new filesystems outside of the container's "
7556
"root filesystem. Before executing the container's <command>init</command>, "
7557
"<command>LXC</command> requests a switch to the container's profile. By "
7558
"default, this profile is the <filename>lxc-container-default</filename> "
7559
"policy which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
7560
"default</filename>. This profile prevents the container from accessing many "
7561
"dangerous paths, and from mounting most filesystems."
7562
msgstr ""
7563
7564
#: serverguide/C/virtualization.xml:2870(para)
7565
msgid ""
7566
"If you find that <command>lxc-start</command> is failing due to a legitimate "
7567
"access which is being denied by its Apparmor policy, you can disable the lxc-"
7568
"start profile by doing:"
7569
msgstr ""
7570
7571
#: serverguide/C/virtualization.xml:2876(screen)
7572
#, no-wrap
7573
msgid ""
7574
"\n"
7575
"sudo apparmor_parser -R /etc/apparmor.d/usr.bin.lxc-start\n"
7576
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
7577
msgstr ""
7578
7579
#: serverguide/C/virtualization.xml:2881(para)
7580
msgid ""
7581
"This will make <command>lxc-start</command> run unconfined, but continue to "
7582
"confine the container itself. If you also wish to disable confinement of the "
7583
"container, then in addition to disabling the <filename>usr.bin.lxc-"
7584
"start</filename> profile, you must add:"
7585
msgstr ""
7586
7587
#: serverguide/C/virtualization.xml:2888(screen)
7588
#, no-wrap
7589
msgid ""
7590
"\n"
7591
"lxc.aa_profile = unconfined\n"
7592
msgstr ""
7593
7594
#: serverguide/C/virtualization.xml:2892(para)
7595
msgid ""
7596
"to the container's configuration file. If you wish to run a container in a "
7597
"custom profile, you can create a new profile under "
7598
"<filename>/etc/apparmor.d/lxc/</filename>. Its name must start with "
7599
"<filename>lxc-</filename> in order for <command>lxc-start</command> to be "
7600
"allowed to transition to that profile. After creating the policy, load it "
7601
"using:"
7602
msgstr ""
7603
7604
#: serverguide/C/virtualization.xml:2901(screen)
7605
#, no-wrap
7606
msgid ""
7607
"\n"
7608
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
7609
msgstr ""
7610
7611
#: serverguide/C/virtualization.xml:2905(para)
7612
msgid ""
7613
"The profile will automatically be loaded after a reboot, because it is "
7614
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
7615
"Finally, to make container <filename>CN</filename> use this new "
7616
"<filename>lxc-CN-profile</filename>, add the following line to its "
7617
"configuration file:"
7618
msgstr ""
7619
7620
#: serverguide/C/virtualization.xml:2913(screen)
7621
#, no-wrap
7622
msgid ""
7623
"\n"
7624
"lxc.aa_profile = lxc-CN-profile\n"
7625
msgstr ""
7626
7627
#: serverguide/C/virtualization.xml:2917(para)
7628
msgid ""
7629
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
7630
"container it spawns will be confined."
7631
msgstr ""
7632
7633
#: serverguide/C/virtualization.xml:2925(title)
7634
msgid "Control Groups"
7635
msgstr ""
7636
7637
#: serverguide/C/virtualization.xml:2926(para)
7638
msgid ""
7639
"Control groups (cgroups) are a kernel feature providing hierarchical task "
7640
"grouping and per-cgroup resource accounting and limits. They are used in "
7641
"containers to limit block and character device access and to freeze "
7642
"(suspend) containers. They can be further used to limit memory use and block "
7643
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus. "
7644
"By default, LXC depends on the cgroup-lite package to be installed, which "
7645
"provides the proper cgroup initialization at boot. The cgroup-lite package "
7646
"mounts each cgroup subsystem separately under "
7647
"<filename>/sys/fs/cgroup/SS</filename>, where SS is the subsystem name. For "
7648
"instance the freezer subsystem is mounted under "
7649
"<filename>/sys/fs/cgroup/freezer</filename>. LXC cgroup are kept under "
7650
"<filename>/sys/fs/cgroup/SS/INIT/lxc</filename>, where INIT is the init "
7651
"task's cgroup. This is <filename>/</filename> by default, so in the end the "
7652
"freezer cgroup for container CN would be "
7653
"<filename>/sys/fs/cgroup/freezer/lxc/CN</filename>."
7654
msgstr ""
7655
7656
#: serverguide/C/virtualization.xml:2945(title)
7657
msgid "Privilege"
7658
msgstr ""
7659
7660
#: serverguide/C/virtualization.xml:2946(para)
7661
msgid ""
7662
"The container administration tools must be run with root user privilege. A "
7663
"utility called <filename>lxc-setup</filename> was written with the intention "
7664
"of providing the tools with the needed file capabilities to allow non-root "
7665
"users to run the tools with sufficient privilege. However, as root in a "
7666
"container cannot yet be reliably contained, this is not worthwhile. It is "
7667
"therefore recommended to not use <filename>lxc-setup</filename>, and to "
7668
"provide the LXC administrators the needed sudo privilege."
7669
msgstr ""
7670
7671
#: serverguide/C/virtualization.xml:2957(para)
7672
msgid ""
7673
"The user namespace, which is expected to be available in the next Long Term "
7674
"Support (LTS) release, will allow containment of the container root user, as "
7675
"well as reduce the amount of privilege required for creating and "
7676
"administering containers."
7677
msgstr ""
7678
7679
#: serverguide/C/virtualization.xml:2966(title)
7680
msgid "LXC Upstart Jobs"
7681
msgstr ""
7682
7683
#: serverguide/C/virtualization.xml:2967(para)
7684
msgid ""
7685
"As listed above, the <application>lxc</application> package includes two "
7686
"upstart jobs. The first, <filename>lxc-net</filename>, is always started "
7687
"when the other, <filename>lxc</filename>, is about to begin, and stops when "
7688
"it stops. If the USE_LXC_BRIDGE variable is set to false in "
7689
"<filename>/etc/defaults/lxc</filename>, then it will immediately exit. If it "
7690
"is true, and an error occurs bringing up the LXC bridge, then the "
7691
"<filename>lxc</filename> job will not start. <filename>lxc-net</filename> "
7692
"will bring down the LXC bridge when stopped, unless a container is running "
7693
"which is using that bridge."
7694
msgstr ""
7695
7696
#: serverguide/C/virtualization.xml:2978(para)
7697
msgid ""
7698
"The <filename>lxc</filename> job starts on runlevel 2-5. If the LXC_AUTO "
7699
"variable is set to true, then it will look under "
7700
"<filename>/etc/lxc</filename> for containers which should be started "
7701
"automatically. When the <filename>lxc</filename> job is stopped, either "
7702
"manually or by entering runlevel 0, 1, or 6, it will stop those containers."
7703
msgstr ""
7704
7705
#: serverguide/C/virtualization.xml:2986(para)
7706
msgid ""
7707
"To register a container to start automatically, create a symbolic link "
7708
"<filename>/etc/default/lxc/name.conf</filename> pointing to the container's "
7709
"config file. For instance, the configuration file for a container "
7710
"<filename>CN</filename> is <filename>/var/lib/lxc/CN/config</filename>. To "
7711
"make that container auto-start, use the command:"
7712
msgstr ""
7713
7714
#: serverguide/C/virtualization.xml:2995(command)
7715
msgid "sudo ln -s /var/lib/lxc/CN/config /etc/lxc/auto/CN.conf"
7716
msgstr ""
7717
7718
#: serverguide/C/virtualization.xml:3004(title)
7719
msgid "Container Administration"
7720
msgstr ""
7721
7722
#: serverguide/C/virtualization.xml:3006(title)
7723
msgid "Creating Containers"
7724
msgstr ""
7725
7726
#: serverguide/C/virtualization.xml:3008(para)
7727
msgid ""
7728
"The easiest way to create containers is using <command>lxc-create</command>. "
7729
"This script uses distribution-specific templates under "
7730
"<filename>/usr/lib/lxc/templates/</filename> to set up container-friendly "
7731
"chroots under <filename>/var/lib/lxc/CN/rootfs</filename>, and initialize "
7732
"the configuration in <filename>/var/lib/lxc/CN/fstab</filename> and "
7733
"<filename>/var/lib/lxc/CN/config</filename>, where CN is the container name"
7734
msgstr ""
7735
7736
#: serverguide/C/virtualization.xml:3017(para)
7737
msgid "The simplest container creation command would look like:"
7738
msgstr ""
7739
7740
#: serverguide/C/virtualization.xml:3022(command)
7741
msgid "sudo lxc-create -t ubuntu -n CN"
7742
msgstr ""
7743
7744
#: serverguide/C/virtualization.xml:3027(para)
7745
msgid ""
7746
"This tells lxc-create to use the ubuntu template (-t ubuntu) and to call the "
7747
"container CN (-n CN). Since no configuration file was specified (which would "
7748
"have been done with `-f file'), it will use the default configuration file "
7749
"under <filename>/etc/lxc/lxc.conf</filename>. This gives the container a "
7750
"single veth network interface attached to the lxcbr0 bridge."
7751
msgstr ""
7752
7753
#: serverguide/C/virtualization.xml:3035(para)
7754
msgid ""
7755
"The container creation templates can also accept arguments. These can be "
7756
"listed after --. For instance"
7757
msgstr ""
7758
7759
#: serverguide/C/virtualization.xml:3041(command)
7760
msgid "sudo lxc-create -t ubuntu -n oneiric1 -- -r oneiric"
7761
msgstr ""
7762
7763
#: serverguide/C/virtualization.xml:3046(para)
7764
msgid "passes the arguments '-r oneiric1' to the ubuntu template."
7765
msgstr ""
7766
7767
#: serverguide/C/virtualization.xml:3051(title)
7768
msgid "Help"
7769
msgstr ""
7770
7771
#: serverguide/C/virtualization.xml:3052(para)
7772
msgid ""
7773
"Help on the lxc-create command can be seen by using<command> lxc-create -"
7774
"h</command>. However, the templates also take their own options. If you do"
7775
msgstr ""
7776
7777
#: serverguide/C/virtualization.xml:3058(command)
7778
msgid "sudo lxc-create -t ubuntu -h"
7779
msgstr ""
7780
7781
#: serverguide/C/virtualization.xml:3063(para)
7782
msgid ""
7783
"then the general <command>lxc-create</command> help will be followed by help "
7784
"output specific to the ubuntu template. If no template is specified, then "
7785
"only help for <command>lxc-create</command> itself will be shown."
7786
msgstr ""
7787
7788
#: serverguide/C/virtualization.xml:3071(title)
7789
msgid "Ubuntu template"
7790
msgstr ""
7791
7792
#: serverguide/C/virtualization.xml:3073(para)
7793
msgid ""
7794
"The ubuntu template can be used to create Ubuntu system containers with any "
7795
"release at least as new as 10.04 LTS. It uses debootstrap to create a cached "
7796
"container filesystem which gets copied into place each time a container is "
7797
"created. The cached image is saved and only re-generated when you create a "
7798
"container using the <emphasis>-F</emphasis> (flush) option to the template, "
7799
"i.e.:"
7800
msgstr ""
7801
7802
#: serverguide/C/virtualization.xml:3083(command)
7803
msgid "sudo lxc-create -t ubuntu -n CN -- -F"
7804
msgstr ""
7805
7806
#: serverguide/C/virtualization.xml:3088(para)
7807
msgid ""
7808
"The Ubuntu release installed by the template will be the same as that on the "
7809
"host, unless otherwise specified with the <emphasis>-r</emphasis> option, "
7810
"i.e."
7811
msgstr ""
7812
7813
#: serverguide/C/virtualization.xml:3094(command)
7814
msgid "sudo lxc-create -t ubuntu -n CN -- -r lucid"
7815
msgstr ""
7816
7817
#: serverguide/C/virtualization.xml:3099(para)
7818
msgid ""
7819
"If you want to create a 32-bit container on a 64-bit host, pass <emphasis>-a "
7820
"i386</emphasis> to the container. If you have the qemu-user-static package "
7821
"installed, then you can create a container using any architecture supported "
7822
"by qemu-user-static."
7823
msgstr ""
7824
7825
#: serverguide/C/virtualization.xml:3105(para)
7826
msgid ""
7827
"The container will have a user named <emphasis>ubuntu</emphasis> whose "
7828
"password is <emphasis>ubuntu</emphasis> and who is a member of the "
7829
"<emphasis>sudo</emphasis> group. If you wish to inject a public ssh key for "
7830
"the <emphasis>ubuntu</emphasis> user, you can do so with <emphasis>-S "
7831
"sshkey.pub</emphasis>."
7832
msgstr ""
7833
7834
#: serverguide/C/virtualization.xml:3111(para)
7835
msgid ""
7836
"You can also <emphasis>bind</emphasis> user jdoe from the host into the "
7837
"container using the <emphasis>-b jdoe</emphasis> option. This will copy "
7838
"jdoe's password and shadow entries into the container, make sure his default "
7839
"group and shell are available, add him to the sudo group, and bind-mount his "
7840
"home directory into the container when the container is started."
7841
msgstr ""
7842
7843
#: serverguide/C/virtualization.xml:3119(para)
7844
msgid ""
7845
"When a container is created, the <filename>release-updates</filename> "
7846
"archive is added to the container's <filename>sources.list</filename>, and "
7847
"its package archive will be updated. If the container release is older than "
7848
"12.04 LTS, then the lxcguest package will be automatically installed. "
7849
"Alternatively, if the <emphasis>--trim</emphasis> option is specified, then "
7850
"the lxcguest package will not be installed, and many services will be "
7851
"removed from the container. This will result in a faster-booting, but less "
7852
"upgrade-able container."
7853
msgstr ""
7854
7855
#: serverguide/C/virtualization.xml:3131(title)
7856
msgid "Ubuntu-cloud template"
7857
msgstr ""
7858
7859
#: serverguide/C/virtualization.xml:3133(para)
7860
msgid ""
7861
"The ubuntu-cloud template creates Ubuntu containers by downloading and "
7862
"extracting the published Ubuntu cloud images. It accepts some of the same "
7863
"options as the ubuntu template, namely <emphasis>-r release</emphasis>, "
7864
"<emphasis>-S sshkey.pub</emphasis>, <emphasis>-a arch</emphasis>, and "
7865
"<emphasis>-F</emphasis> to flush the cached image. It also accepts a few "
7866
"extra options. The <emphasis>-C</emphasis> option will create a "
7867
"<emphasis>cloud</emphasis> container, configured for use with a metadata "
7868
"service. The <emphasis>-u</emphasis> option accepts a cloud-init user-data "
7869
"file to configure the container on start. If <emphasis>-L</emphasis> is "
7870
"passed, then no locales will be installed. The <emphasis>-T</emphasis> "
7871
"option can be used to choose a tarball location to extract in place of the "
7872
"published cloud image tarball. Finally the <emphasis>-i</emphasis> option "
7873
"sets a host id for cloud-init, which by default is set to a random string."
7874
msgstr ""
7875
7876
#: serverguide/C/virtualization.xml:3149(title)
7877
msgid "Other templates"
7878
msgstr ""
7879
7880
#: serverguide/C/virtualization.xml:3151(para)
7881
msgid ""
7882
"The ubuntu and ubuntu-cloud templates are well supported. Other templates "
7883
"are available however. The debian template creates a Debian based container, "
7884
"using debootstrap much as the ubuntu template does. By default it installs a "
7885
"<emphasis>debian squeeze</emphasis> image. An alternate release can be "
7886
"chosen by setting the SUITE environment variable, i.e.:"
7887
msgstr ""
7888
7889
#: serverguide/C/virtualization.xml:3161(command)
7890
msgid "sudo SUITE=sid lxc-create -t debian -n d1"
7891
msgstr ""
7892
7893
#: serverguide/C/virtualization.xml:3166(para)
7894
msgid ""
7895
"Since debian cannot be safely booted inside a container, debian containers "
7896
"will be trimmed as with the <emphasis>--trim</emphasis> option to the ubuntu "
7897
"template."
7898
msgstr ""
7899
7900
#: serverguide/C/virtualization.xml:3172(para)
7901
msgid ""
7902
"To purge the container image cache, call the template directly and pass it "
7903
"the <emphasis>--clean</emphasis> option."
7904
msgstr ""
7905
7906
#: serverguide/C/virtualization.xml:3178(command)
7907
msgid "sudo SUITE=sid /usr/lib/lxc/templates/lxc-debian --clean"
7908
msgstr ""
7909
7910
#: serverguide/C/virtualization.xml:3183(para)
7911
msgid ""
7912
"A fedora template exists, which creates containers based on fedora releases "
7913
"<= 14. Fedora release 15 and higher are based on systemd, which the "
7914
"template is not yet able to convert into a container-bootable setup. Before "
7915
"the fedora template is able to run, you'll need to make sure that "
7916
"<command>yum</command> and <command>curl</command> are installed. A fedora "
7917
"12 container can be created with"
7918
msgstr ""
7919
7920
#: serverguide/C/virtualization.xml:3193(command)
7921
msgid "sudo lxc-create -t fedora -n fedora12 -- -R 12"
7922
msgstr ""
7923
7924
#: serverguide/C/virtualization.xml:3198(para)
7925
msgid ""
7926
"A OpenSuSE template exists, but it requires the <command>zypper</command> "
7927
"program, which is not yet packaged. The OpenSuSE template is therefore not "
7928
"supported."
7929
msgstr ""
7930
7931
#: serverguide/C/virtualization.xml:3204(para)
7932
msgid ""
7933
"Two more templates exist mainly for experimental purposes. The busybox "
7934
"template creates a very small system container based entirely on busybox. "
7935
"The sshd template creates an application container running sshd in a private "
7936
"network namespace. The host's library and binary directories are bind-"
7937
"mounted into the container, though not its <filename>/home</filename> or "
7938
"<filename>/root</filename>. To create, start, and ssh into an ssh container, "
7939
"you might:"
7940
msgstr ""
7941
7942
#: serverguide/C/virtualization.xml:3216(command)
7943
msgid ""
7944
"sudo lxc-create -t sshd -n ssh1 ssh-keygen -f id sudo mkdir "
7945
"/var/lib/lxc/ssh1/rootfs/root/.ssh sudo cp id.pub "
7946
"/var/lib/lxc/ssh1/rootfs/root/.ssh/authorized_keys sudo lxc-start -n ssh1 -d "
7947
"ssh -i id root@ssh1."
7948
msgstr ""
7949
7950
#: serverguide/C/virtualization.xml:3229(title)
7951
msgid "Backing Stores"
7952
msgstr ""
7953
7954
#: serverguide/C/virtualization.xml:3231(para)
7955
msgid ""
7956
"By default, <command>lxc-create</command> places the container's root "
7957
"filesystem as a directory tree at "
7958
"<filename>/var/lib/lxc/CN/rootfs.</filename> Another option is to use LVM "
7959
"logical volumes. If a volume group named <emphasis>lxc</emphasis> exists, "
7960
"you can create an lvm-backed container called CN using:"
7961
msgstr ""
7962
7963
#: serverguide/C/virtualization.xml:3239(command)
7964
msgid "sudo lxc-create -t ubuntu -n CN -B lvm"
7965
msgstr ""
7966
7967
#: serverguide/C/virtualization.xml:3244(para)
7968
msgid ""
7969
"If you want to use a volume group named schroots, with a 5G xfs filesystem, "
7970
"then you would use"
7971
msgstr ""
7972
7973
#: serverguide/C/virtualization.xml:3250(command)
7974
msgid ""
7975
"sudo lxc-create -t ubuntu -n CN -B lvm --vgname schroots --fssize 5G --"
7976
"fstype xfs"
7977
msgstr ""
7978
7979
#: serverguide/C/virtualization.xml:3259(title)
7980
msgid "Cloning"
7981
msgstr ""
7982
7983
#: serverguide/C/virtualization.xml:3261(para)
7984
msgid ""
7985
"For rapid provisioning, you may wish to customize a canonical container "
7986
"according to your needs and then make multiple copies of it. This can be "
7987
"done with the <command>lxc-clone</command> program. Given an existing "
7988
"container called C1, a new container called C2 can be created using"
7989
msgstr ""
7990
7991
#: serverguide/C/virtualization.xml:3271(command)
7992
msgid "sudo lxc-clone -o C1 -n C2"
7993
msgstr ""
7994
7995
#: serverguide/C/virtualization.xml:3276(para)
7996
msgid ""
7997
"If <filename>/var/lib/lxc</filename> is a btrfs filesystem, then "
7998
"<command>lxc-clone</command> will create C2's filesystem as a snapshot of "
7999
"C1's. If the container's root filesystem is lvm backed, then you can specify "
8000
"the <emphasis>-s</emphasis> option to create the new rootfs as a lvm "
8001
"snapshot of the original as follows:"
8002
msgstr ""
8003
8004
#: serverguide/C/virtualization.xml:3285(command)
8005
msgid "sudo lxc-clone -s -o C1 -n C2"
8006
msgstr ""
8007
8008
#: serverguide/C/virtualization.xml:3290(para)
8009
msgid ""
8010
"Both lvm and btrfs snapshots will provide fast cloning with very small "
8011
"initial disk usage."
8012
msgstr ""
8013
8014
#: serverguide/C/virtualization.xml:3297(title)
8015
msgid "Starting and stopping"
8016
msgstr ""
8017
8018
#: serverguide/C/virtualization.xml:3299(para)
8019
msgid ""
8020
"To start a container, use <command>lxc-start -n CN</command>. By default "
8021
"<command>lxc-start</command> will execute <filename>/sbin/init</filename> in "
8022
"the container. You can provide a different program to execute, plus "
8023
"arguments, as further arguments to <command>lxc-start</command>:"
8024
msgstr ""
8025
8026
#: serverguide/C/virtualization.xml:3307(command)
8027
msgid "sudo lxc-start -n container /sbin/init loglevel=debug"
8028
msgstr ""
8029
8030
#: serverguide/C/virtualization.xml:3312(para)
8031
msgid ""
8032
"If you do not specify the <emphasis>-d</emphasis> (daemon) option, then you "
8033
"will see a console (on the container's <filename>/dev/console</filename>, "
8034
"see <xref linkend=\"lxc-consoles\"/> for more information) on the terminal. "
8035
"If you specify the <emphasis>-d</emphasis> option, you will not see that "
8036
"console, and lxc-start will immediately exit success - even if a later part "
8037
"of container startup has failed. You can use <command>lxc-wait</command> or "
8038
"<command>lxc-monitor</command> (see <xref linkend=\"lxc-monitoring\"/>) to "
8039
"check on the success or failure of the container startup."
8040
msgstr ""
8041
8042
#: serverguide/C/virtualization.xml:3324(para)
8043
msgid ""
8044
"To obtain LXC debugging information, use <emphasis>-o filename -l "
8045
"debuglevel</emphasis>, for instance:"
8046
msgstr ""
8047
8048
#: serverguide/C/virtualization.xml:3330(command)
8049
msgid "sudo lxc-start -o lxc.debug -l DEBUG -n container"
8050
msgstr ""
8051
8052
#: serverguide/C/virtualization.xml:3335(para)
8053
msgid ""
8054
"Finally, you can specify configuration parameters inline using <emphasis>-"
8055
"s</emphasis>. However, it is generally recommended to place them in the "
8056
"container's configuration file instead. Likewise, an entirely alternate "
8057
"config file can be specified with the <emphasis>-f</emphasis> option, but "
8058
"this is not generally recommended."
8059
msgstr ""
8060
8061
#: serverguide/C/virtualization.xml:3343(para)
8062
msgid ""
8063
"While <command>lxc-start</command> runs the container's "
8064
"<filename>/sbin/init</filename>, <command>lxc-execute</command> uses a "
8065
"minimal init program called <command>lxc-init</command>, which attempts to "
8066
"mount <filename>/proc</filename>, <filename>/dev/mqueue</filename>, and "
8067
"<filename>/dev/shm</filename>, executes the programs specified on the "
8068
"command line, and waits for those to finish executing. <command>lxc-"
8069
"start</command> is intended to be used for <emphasis>system "
8070
"containers</emphasis>, while <command>lxc-execute</command> is intended for "
8071
"<emphasis>application containers</emphasis> (see <ulink "
8072
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-containers/\"> "
8073
"this article</ulink> for more)."
8074
msgstr ""
8075
8076
#: serverguide/C/virtualization.xml:3356(para)
8077
msgid ""
8078
"You can stop a container several ways. You can use "
8079
"<command>shutdown</command>, <command>poweroff</command> and "
8080
"<command>reboot</command> while logged into the container. To cleanly shut "
8081
"down a container externally (i.e. from the host), you can issue the "
8082
"<command>sudo lxc-shutdown -n CN</command> command. This takes an optional "
8083
"timeout value. If not specified, the command issues a SIGPWR signal to the "
8084
"container and immediately returns. If the option is used, as in "
8085
"<command>sudo lxc-shutdown -n CN -t 10</command>, then the command will wait "
8086
"the specified number of seconds for the container to cleanly shut down. "
8087
"Then, if the container is still running, it will kill it (and any running "
8088
"applications). You can also immediately kill the container (without any "
8089
"chance for applications to cleanly shut down) using <command>sudo lxc-stop -"
8090
"n CN</command>. Finally, <command>lxc-kill</command> can be used more "
8091
"generally to send any signal number to the container's init."
8092
msgstr ""
8093
8094
#: serverguide/C/virtualization.xml:3373(para)
8095
msgid ""
8096
"While the container is shutting down, you can expect to see some (harmless) "
8097
"error messages, as follows:"
8098
msgstr ""
8099
8100
#: serverguide/C/virtualization.xml:3378(screen)
8101
#, no-wrap
8102
msgid ""
8103
"\n"
8104
"$ sudo poweroff\n"
8105
"[sudo] password for ubuntu: =\n"
8106
"\n"
8107
"$ =\n"
8108
"\n"
8109
"Broadcast message from ubuntu@cn1\n"
8110
" (/dev/lxc/console) at 18:17 ...\n"
8111
"\n"
8112
"The system is going down for power off NOW!\n"
8113
" * Asking all remaining processes to terminate...\n"
8114
" ...done.\n"
8115
" * All processes ended within 1 seconds....\n"
8116
" ...done.\n"
8117
" * Deconfiguring network interfaces...\n"
8118
" ...done.\n"
8119
" * Deactivating swap...\n"
8120
" ...fail!\n"
8121
"umount: /run/lock: not mounted\n"
8122
"umount: /dev/shm: not mounted\n"
8123
"mount: / is busy\n"
8124
" * Will now halt\n"
8125
msgstr ""
8126
8127
#: serverguide/C/virtualization.xml:3402(para)
8128
msgid ""
8129
"A container can be frozen with <command>sudo lxc-freeze -n CN</command>. "
8130
"This will block all its processes until the container is later unfrozen "
8131
"using <command>sudo lxc-unfreeze -n CN</command>."
8132
msgstr ""
8133
8134
#: serverguide/C/virtualization.xml:3411(title)
8135
msgid "Monitoring container status"
8136
msgstr ""
8137
8138
#: serverguide/C/virtualization.xml:3413(para)
8139
msgid ""
8140
"Two commands are available to monitor container state changes. <command>lxc-"
8141
"monitor</command> monitors one or more containers for any state changes. It "
8142
"takes a container name as usual with the <emphasis>-n</emphasis> option, but "
8143
"in this case the container name can be a posix regular expression to allow "
8144
"monitoring desirable sets of containers. <command>lxc-monitor</command> "
8145
"continues running as it prints container changes. <command>lxc-"
8146
"wait</command> waits for a specific state change and then exits. For "
8147
"instance,"
8148
msgstr ""
8149
8150
#: serverguide/C/virtualization.xml:3426(command)
8151
msgid "sudo lxc-monitor -n cont[0-5]*"
8152
msgstr ""
8153
8154
#: serverguide/C/virtualization.xml:3431(para)
8155
msgid ""
8156
"would print all state changes to any containers matching the listed regular "
8157
"expression, whereas"
8158
msgstr ""
8159
8160
#: serverguide/C/virtualization.xml:3437(command)
8161
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
8162
msgstr ""
8163
8164
#: serverguide/C/virtualization.xml:3442(para)
8165
msgid ""
8166
"will wait until container cont1 enters state STOPPED or state FROZEN and "
8167
"then exit."
8168
msgstr ""
8169
8170
#: serverguide/C/virtualization.xml:3449(title)
8171
msgid "Consoles"
8172
msgstr ""
8173
8174
#: serverguide/C/virtualization.xml:3451(para)
8175
msgid ""
8176
"Containers have a configurable number of consoles. One always exists on the "
8177
"container's <filename>/dev/console.</filename> This is shown on the terminal "
8178
"from which you ran <command>lxc-start</command>, unless the <emphasis>-"
8179
"d</emphasis> option is specified. The output on "
8180
"<filename>/dev/console</filename> can be redirected to a file using the "
8181
"<emphasis>-c console-file</emphasis> option to <command>lxc-start</command>. "
8182
"The number of extra consoles is specified by the <command>lxc.tty</command> "
8183
"variable, and is usually set to 4. Those consoles are shown on "
8184
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
8185
"3 from the host, use"
8186
msgstr ""
8187
8188
#: serverguide/C/virtualization.xml:3464(command)
8189
msgid "sudo lxc-console -n container -t 3"
8190
msgstr ""
8191
8192
#: serverguide/C/virtualization.xml:3469(para)
8193
msgid ""
8194
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
8195
"console will be automatically chosen. To exit the console, use the escape "
8196
"sequence Ctrl-a q. Note that the escape sequence does not work in the "
8197
"console resulting from <command>lxc-start</command> without the <emphasis>-"
8198
"d</emphasis> option."
8199
msgstr ""
8200
8201
#: serverguide/C/virtualization.xml:3477(para)
8202
msgid ""
8203
"Each container console is actually a Unix98 pty in the host's (not the "
8204
"guest's) pty mount, bind-mounted over the guest's "
8205
"<filename>/dev/ttyN</filename> and <filename>/dev/console</filename>. "
8206
"Therefore, if the guest unmounts those or otherwise tries to access the "
8207
"actual character device <command>4:N</command>, it will not be serving getty "
8208
"to the LXC consoles. (With the default settings, the container will not be "
8209
"able to access that character device and getty will therefore fail.) This "
8210
"can easily happen when a boot script blindly mounts a new "
8211
"<filename>/dev</filename>."
8212
msgstr ""
8213
8214
#: serverguide/C/virtualization.xml:3491(title)
8215
msgid "Container Inspection"
8216
msgstr ""
8217
8218
#: serverguide/C/virtualization.xml:3493(para)
8219
msgid ""
8220
"Several commands are available to gather information on existing containers. "
8221
"<command>lxc-ls</command> will report all existing containers in its first "
8222
"line of output, and all running containers in the second line. <command>lxc-"
8223
"list</command> provides the same information in a more verbose format, "
8224
"listing running containers first and stopped containers next. <command>lxc-"
8225
"ps</command> will provide lists of processes in containers. To provide "
8226
"<command>ps</command> arguments to <command>lxc-ps</command>, prepend them "
8227
"with <command>--</command>. For instance, for listing of all processes in "
8228
"container plain,"
8229
msgstr ""
8230
8231
#: serverguide/C/virtualization.xml:3506(command)
8232
msgid "sudo lxc-ps -n plain -- -ef"
8233
msgstr ""
8234
8235
#: serverguide/C/virtualization.xml:3511(para)
8236
msgid ""
8237
"<command>lxc-info</command> provides the state of a container and the pid of "
8238
"its init process. <command>lxc-cgroup</command> can be used to query or set "
8239
"the values of a container's control group limits and information. This can "
8240
"be more convenient than interacting with the <command>cgroup</command> "
8241
"filesystem. For instance, to query the list of devices which a running "
8242
"container is allowed to access, you could use"
8243
msgstr ""
8244
8245
#: serverguide/C/virtualization.xml:3521(command)
8246
msgid "sudo lxc-cgroup -n CN devices.list"
8247
msgstr ""
8248
8249
#: serverguide/C/virtualization.xml:3526(para)
8250
msgid ""
8251
"or to add mknod, read, and write access to <filename>/dev/sda</filename>,"
8252
msgstr ""
8253
8254
#: serverguide/C/virtualization.xml:3531(command)
8255
msgid "sudo lxc-cgroup -n CN devices.allow \"b 8:* rwm\""
8256
msgstr ""
8257
8258
#: serverguide/C/virtualization.xml:3536(para)
8259
msgid "and, to limit it to 300M of RAM,"
8260
msgstr ""
8261
8262
#: serverguide/C/virtualization.xml:3541(command)
8263
msgid "lxc-cgroup -n CN memory.limit_in_bytes 300000000"
8264
msgstr ""
8265
8266
#: serverguide/C/virtualization.xml:3546(para)
8267
msgid ""
8268
"<command>lxc-netstat</command> executes <command>netstat</command> in the "
8269
"running container, giving you a glimpse of its network state."
8270
msgstr ""
8271
8272
#: serverguide/C/virtualization.xml:3551(para)
8273
msgid ""
8274
"<command>lxc-backup</command> will create backups of the root filesystems of "
8275
"all existing containers (except lvm-based ones), using "
8276
"<command>rsync</command> to back the contents up under "
8277
"<filename>/var/lib/lxc/CN/rootfs.backup.1</filename>. These backups can be "
8278
"restored using <command>lxc-restore.</command> However, <command>lxc-"
8279
"backup</command> and <command>lxc-restore</command> are fragile with respect "
8280
"to customizations and therefore their use is not recommended."
8281
msgstr ""
8282
8283
#: serverguide/C/virtualization.xml:3565(title)
8284
msgid "Destroying containers"
8285
msgstr ""
8286
8287
#: serverguide/C/virtualization.xml:3567(para)
8288
msgid "Use <command>lxc-destroy</command> to destroy an existing container."
8289
msgstr ""
8290
8291
#: serverguide/C/virtualization.xml:3572(command)
8292
msgid "sudo lxc-destroy -n CN"
8293
msgstr ""
8294
8295
#: serverguide/C/virtualization.xml:3577(para)
8296
msgid ""
8297
"If the container is running, <command>lxc-destroy</command> will exit with a "
8298
"message informing you that you can force stopping and destroying the "
8299
"container with"
8300
msgstr ""
8301
8302
#: serverguide/C/virtualization.xml:3584(command)
8303
msgid "sudo lxc-destroy -n CN -f"
8304
msgstr ""
8305
8306
#: serverguide/C/virtualization.xml:3592(title)
8307
msgid "Advanced namespace usage"
8308
msgstr ""
8309
8310
#: serverguide/C/virtualization.xml:3594(para)
8311
msgid ""
8312
"One of the Linux kernel features used by LXC to create containers is private "
8313
"namespaces. Namespaces allow a set of tasks to have private mappings of "
8314
"names to resources for things like pathnames and process IDs. (See <xref "
8315
"linkend=\"lxc-resources\"/> for a link to more information). Unlike control "
8316
"groups and other mount features which are also used to create containers, "
8317
"namespaces cannot be manipulated using a filesystem interface. Therefore, "
8318
"LXC ships with the <command>lxc-unshare</command> program, which is mainly "
8319
"for testing. It provides the ability to create new tasks in private "
8320
"namespaces. For instance,"
8321
msgstr ""
8322
8323
#: serverguide/C/virtualization.xml:3607(command)
8324
msgid "sudo lxc-unshare -s 'MOUNT|PID' /bin/bash"
8325
msgstr ""
8326
8327
#: serverguide/C/virtualization.xml:3612(para)
8328
msgid ""
8329
"creates a bash shell with private pid and mount namespaces. In this shell, "
8330
"you can do"
8331
msgstr ""
8332
8333
#: serverguide/C/virtualization.xml:3617(screen)
8334
#, no-wrap
8335
msgid ""
8336
"\n"
8337
"root@ubuntu:~# mount -t proc proc /proc\n"
8338
"root@ubuntu:~# ps -ef\n"
8339
"UID PID PPID C STIME TTY TIME CMD\n"
8340
"root 1 0 6 10:20 pts/9 00:00:00 /bin/bash\n"
8341
"root 110 1 0 10:20 pts/9 00:00:00 ps -ef\n"
8342
msgstr ""
8343
8344
#: serverguide/C/virtualization.xml:3625(para)
8345
msgid ""
8346
"so that <command>ps</command> shows only the tasks in your new namespace."
8347
msgstr ""
8348
8349
#: serverguide/C/virtualization.xml:3631(title)
8350
msgid "Ephemeral containers"
8351
msgstr ""
8352
8353
#: serverguide/C/virtualization.xml:3633(para)
8354
msgid ""
8355
"Ephemeral containers are one-time containers. Given an existing container "
8356
"CN, you can run a command in an ephemeral container created based on CN, "
8357
"with the host's jdoe user bound into the container, using:"
8358
msgstr ""
8359
8360
#: serverguide/C/virtualization.xml:3641(command)
8361
msgid "lxc-start-ephemeral -b jdoe -o CN -- /home/jdoe/run_my_job"
8362
msgstr ""
8363
8364
#: serverguide/C/virtualization.xml:3646(para)
8365
msgid "When the job is finished, the container will be discarded."
8366
msgstr ""
8367
8368
#: serverguide/C/virtualization.xml:3652(title)
8369
msgid "Container Commands"
8370
msgstr ""
8371
8372
#: serverguide/C/virtualization.xml:3653(para)
8373
msgid "Following is a table of all container commands:"
8374
msgstr ""
8375
8376
#: serverguide/C/virtualization.xml:3657(title)
8377
msgid "Container commands"
8378
msgstr ""
8379
8380
#: serverguide/C/virtualization.xml:3663(para)
8381
msgid "Command"
8382
msgstr ""
8383
8384
#: serverguide/C/virtualization.xml:3664(para)
8385
msgid "Synopsis"
8386
msgstr ""
8387
8388
#: serverguide/C/virtualization.xml:3669(para)
8389
msgid "lxc-attach"
8390
msgstr ""
8391
8392
#: serverguide/C/virtualization.xml:3670(para)
8393
msgid "(NOT SUPPORTED) Run a command in a running container"
8394
msgstr ""
8395
8396
#: serverguide/C/virtualization.xml:3673(para)
8397
msgid "lxc-backup"
8398
msgstr ""
8399
8400
#: serverguide/C/virtualization.xml:3674(para)
8401
msgid "Back up the root filesystems for all lvm-backed containers"
8402
msgstr ""
8403
8404
#: serverguide/C/virtualization.xml:3677(para)
8405
msgid "lxc-cgroup"
8406
msgstr ""
8407
8408
#: serverguide/C/virtualization.xml:3678(para)
8409
msgid "View and set container control group settings"
8410
msgstr ""
8411
8412
#: serverguide/C/virtualization.xml:3681(para)
8413
msgid "lxc-checkconfig"
8414
msgstr ""
8415
8416
#: serverguide/C/virtualization.xml:3682(para)
8417
msgid "Verify host support for containers"
8418
msgstr ""
8419
8420
#: serverguide/C/virtualization.xml:3685(para)
8421
msgid "lxc-checkpoint"
8422
msgstr ""
8423
8424
#: serverguide/C/virtualization.xml:3686(para)
8425
msgid "(NOT SUPPORTED) Checkpoint a running container"
8426
msgstr ""
8427
8428
#: serverguide/C/virtualization.xml:3689(para)
8429
msgid "lxc-clone"
8430
msgstr ""
8431
8432
#: serverguide/C/virtualization.xml:3690(para)
8433
msgid "Clone a new container from an existing one"
8434
msgstr ""
8435
8436
#: serverguide/C/virtualization.xml:3693(para)
8437
msgid "lxc-console"
8438
msgstr ""
8439
8440
#: serverguide/C/virtualization.xml:3694(para)
8441
msgid "Open a console in a running container"
8442
msgstr ""
8443
8444
#: serverguide/C/virtualization.xml:3697(para)
8445
msgid "lxc-create"
8446
msgstr ""
8447
8448
#: serverguide/C/virtualization.xml:3698(para)
8449
msgid "Create a new container"
8450
msgstr ""
8451
8452
#: serverguide/C/virtualization.xml:3701(para)
8453
msgid "lxc-destroy"
8454
msgstr ""
8455
8456
#: serverguide/C/virtualization.xml:3702(para)
8457
msgid "Destroy an existing container"
8458
msgstr ""
8459
8460
#: serverguide/C/virtualization.xml:3705(para)
8461
msgid "lxc-execute"
8462
msgstr ""
8463
8464
#: serverguide/C/virtualization.xml:3706(para)
8465
msgid "Run a command in a (not running) application container"
8466
msgstr ""
8467
8468
#: serverguide/C/virtualization.xml:3709(para)
8469
msgid "lxc-freeze"
8470
msgstr ""
8471
8472
#: serverguide/C/virtualization.xml:3710(para)
8473
msgid "Freeze a running container"
8474
msgstr ""
8475
8476
#: serverguide/C/virtualization.xml:3713(para)
8477
msgid "lxc-info"
8478
msgstr ""
8479
8480
#: serverguide/C/virtualization.xml:3714(para)
8481
msgid "Print information on the state of a container"
8482
msgstr ""
8483
8484
#: serverguide/C/virtualization.xml:3717(para)
8485
msgid "lxc-kill"
8486
msgstr ""
8487
8488
#: serverguide/C/virtualization.xml:3718(para)
8489
msgid "Send a signal to a container's init"
8490
msgstr ""
8491
8492
#: serverguide/C/virtualization.xml:3721(para)
8493
msgid "lxc-list"
8494
msgstr ""
8495
8496
#: serverguide/C/virtualization.xml:3722(para)
8497
msgid "List all containers"
8498
msgstr ""
8499
8500
#: serverguide/C/virtualization.xml:3725(para)
8501
msgid "lxc-ls"
8502
msgstr ""
8503
8504
#: serverguide/C/virtualization.xml:3726(para)
8505
msgid "List all containers with shorter output than lxc-list"
8506
msgstr ""
8507
8508
#: serverguide/C/virtualization.xml:3729(para)
8509
msgid "lxc-monitor"
8510
msgstr ""
8511
8512
#: serverguide/C/virtualization.xml:3730(para)
8513
msgid "Monitor state changes of one or more containers"
8514
msgstr ""
8515
8516
#: serverguide/C/virtualization.xml:3733(para)
8517
msgid "lxc-netstat"
8518
msgstr ""
8519
8520
#: serverguide/C/virtualization.xml:3734(para)
8521
msgid "Execute netstat in a running container"
8522
msgstr ""
8523
8524
#: serverguide/C/virtualization.xml:3737(para)
8525
msgid "lxc-ps"
8526
msgstr ""
8527
8528
#: serverguide/C/virtualization.xml:3738(para)
8529
msgid "View process info in a running container"
8530
msgstr ""
8531
8532
#: serverguide/C/virtualization.xml:3741(para)
8533
msgid "lxc-restart"
8534
msgstr ""
8535
8536
#: serverguide/C/virtualization.xml:3742(para)
8537
msgid "(NOT SUPPORTED) Restart a checkpointed container"
8538
msgstr ""
8539
8540
#: serverguide/C/virtualization.xml:3745(para)
8541
msgid "lxc-restore"
8542
msgstr ""
8543
8544
#: serverguide/C/virtualization.xml:3746(para)
8545
msgid "Restore containers from backups made by lxc-backup"
8546
msgstr ""
8547
8548
#: serverguide/C/virtualization.xml:3749(para)
8549
msgid "lxc-setcap"
8550
msgstr ""
8551
8552
#: serverguide/C/virtualization.xml:3750(para)
8553
msgid "(NOT RECOMMENDED) Set file capabilities on LXC tools"
8554
msgstr ""
8555
8556
#: serverguide/C/virtualization.xml:3753(para)
8557
msgid "lxc-setuid"
8558
msgstr ""
8559
8560
#: serverguide/C/virtualization.xml:3754(para)
8561
msgid "(NOT RECOMMENDED) Set or remove setuid bits on LXC tools"
8562
msgstr ""
8563
8564
#: serverguide/C/virtualization.xml:3757(para)
8565
msgid "lxc-shutdown"
8566
msgstr ""
8567
8568
#: serverguide/C/virtualization.xml:3758(para)
8569
msgid "Safely shut down a container"
8570
msgstr ""
8571
8572
#: serverguide/C/virtualization.xml:3761(para)
8573
msgid "lxc-start"
8574
msgstr ""
8575
8576
#: serverguide/C/virtualization.xml:3762(para)
8577
msgid "Start a stopped container"
8578
msgstr ""
8579
8580
#: serverguide/C/virtualization.xml:3765(para)
8581
msgid "lxc-start-ephemeral"
8582
msgstr ""
8583
8584
#: serverguide/C/virtualization.xml:3766(para)
8585
msgid "Start an ephemeral (one-time) container"
8586
msgstr ""
8587
8588
#: serverguide/C/virtualization.xml:3769(para)
8589
msgid "lxc-stop"
8590
msgstr ""
8591
8592
#: serverguide/C/virtualization.xml:3770(para)
8593
msgid "Immediately stop a running container"
8594
msgstr ""
8595
8596
#: serverguide/C/virtualization.xml:3773(para)
8597
msgid "lxc-unfreeze"
8598
msgstr ""
8599
8600
#: serverguide/C/virtualization.xml:3774(para)
8601
msgid "Unfreeze a frozen container"
8602
msgstr ""
8603
8604
#: serverguide/C/virtualization.xml:3777(para)
8605
msgid "lxc-unshare"
8606
msgstr ""
8607
8608
#: serverguide/C/virtualization.xml:3778(para)
8609
msgid "Testing tool to manually unshare namespaces"
8610
msgstr ""
8611
8612
#: serverguide/C/virtualization.xml:3781(para)
8613
msgid "lxc-version"
8614
msgstr ""
8615
8616
#: serverguide/C/virtualization.xml:3782(para)
8617
msgid "Print the version of the LXC tools"
8618
msgstr ""
8619
8620
#: serverguide/C/virtualization.xml:3785(para)
8621
msgid "lxc-wait"
8622
msgstr ""
8623
8624
#: serverguide/C/virtualization.xml:3786(para)
8625
msgid "Wait for a container to reach a particular state"
8626
msgstr ""
8627
8628
#: serverguide/C/virtualization.xml:3796(title)
8629
msgid "Configuration File"
8630
msgstr ""
8631
8632
#: serverguide/C/virtualization.xml:3798(para)
8633
msgid ""
8634
"LXC containers are very flexible. The Ubuntu <application>lxc</application> "
8635
"package sets defaults to make creation of Ubuntu system containers as simple "
8636
"as possible. If you need more flexibility, this chapter will show how to "
8637
"fine-tune your containers as you need."
8638
msgstr ""
8639
8640
#: serverguide/C/virtualization.xml:3805(para)
8641
msgid ""
8642
"Detailed information is available in the <command>lxc.conf(5)</command> man "
8643
"page. Note that the default configurations created by the ubuntu templates "
8644
"are reasonable for a system container and usually do not need customization."
8645
msgstr ""
8646
8647
#: serverguide/C/virtualization.xml:3813(title)
8648
msgid "Choosing configuration files and options"
8649
msgstr ""
8650
8651
#: serverguide/C/virtualization.xml:3815(para)
8652
msgid ""
8653
"The container setup is controlled by the LXC configuration options. Options "
8654
"can be specified at several points:"
8655
msgstr ""
8656
8657
#: serverguide/C/virtualization.xml:3821(para)
8658
msgid ""
8659
"During container creation, a configuration file can be specified. However, "
8660
"creation templates often insert their own configuration options, so we "
8661
"usually specify only network configuration options at this point. For other "
8662
"configuration, it is usually better to edit the configuration file after "
8663
"container creation."
8664
msgstr ""
8665
8666
#: serverguide/C/virtualization.xml:3829(para)
8667
msgid ""
8668
"The file <filename>/var/lib/lxc/CN/config</filename> is used at container "
8669
"startup by default."
8670
msgstr ""
8671
8672
#: serverguide/C/virtualization.xml:3834(para)
8673
msgid ""
8674
"<command>lxc-start</command> accepts an alternate configuration file with "
8675
"the <emphasis>-f filename</emphasis> option."
8676
msgstr ""
8677
8678
#: serverguide/C/virtualization.xml:3839(para)
8679
msgid ""
8680
"Specific configuration variables can be overridden at <command>lxc-"
8681
"start</command> using <emphasis>-s key=value</emphasis>. It is generally "
8682
"better to edit the container configuration file."
8683
msgstr ""
8684
8685
#: serverguide/C/virtualization.xml:3850(title) serverguide/C/network-config.xml:27(title)
8686
msgid "Network Configuration"
8687
msgstr ""
8688
8689
#: serverguide/C/virtualization.xml:3852(para)
8690
msgid ""
8691
"Container networking in LXC is very flexible. It is triggered by the "
8692
"<command>lxc.network.type</command> configuration file entries. If no such "
8693
"entries exist, then the container will share the host's networking stack. "
8694
"Services and connections started in the container will be using the host's "
8695
"IP address. If at least one <command>lxc.network.type</command> entry is "
8696
"present, then the container will have a private (layer 2) network stack. It "
8697
"will have its own network interfaces and firewall rules. There are several "
8698
"options for <command>lxc.network.type</command>:"
8699
msgstr ""
8700
8701
#: serverguide/C/virtualization.xml:3865(para)
8702
msgid ""
8703
"<command>lxc.network.type=empty</command>: The container will have no "
8704
"network interfaces other than loopback."
8705
msgstr ""
8706
8707
#: serverguide/C/virtualization.xml:3870(para)
8708
msgid ""
8709
"<command>lxc.network.type=veth</command>: This is the default when using the "
8710
"ubuntu or ubuntu-cloud templates, and creates a veth network tunnel. One end "
8711
"of this tunnel becomes the network interface inside the container. The other "
8712
"end is attached to a bridged on the host. Any number of such tunnels can be "
8713
"created by adding more <command>lxc.network.type=veth</command> entries in "
8714
"the container configuration file. The bridge to which the host end of the "
8715
"tunnel will be attached is specified with <command>lxc.network.link = "
8716
"lxcbr0</command>."
8717
msgstr ""
8718
8719
#: serverguide/C/virtualization.xml:3882(para)
8720
msgid ""
8721
"<command>lxc.network.type=phys</command> A physical network interface (i.e. "
8722
"eth2) is passed into the container."
8723
msgstr ""
8724
8725
#: serverguide/C/virtualization.xml:3888(para)
8726
msgid ""
8727
"Two other options are to use vlan or macvlan, however their use is more "
8728
"complicated and is not described here. A few other networking options exist:"
8729
msgstr ""
8730
8731
#: serverguide/C/virtualization.xml:3895(para)
8732
msgid ""
8733
"<command>lxc.network.flags</command> can only be set to "
8734
"<emphasis>up</emphasis> and ensures that the network interface is up."
8735
msgstr ""
8736
8737
#: serverguide/C/virtualization.xml:3899(para)
8738
msgid ""
8739
"<command>lxc.network.hwaddr</command> specifies a mac address to assign the "
8740
"the nic inside the container."
8741
msgstr ""
8742
8743
#: serverguide/C/virtualization.xml:3904(para)
8744
msgid ""
8745
"<command>lxc.network.ipv4</command> and <command>lxc.network.ipv6</command> "
8746
"set the respective IP addresses, if those should be static."
8747
msgstr ""
8748
8749
#: serverguide/C/virtualization.xml:3909(para)
8750
msgid ""
8751
"<command>lxc.network.name</command> specifies a name to assign inside the "
8752
"container. If this is not specified, a good default (i.e. eth0 for the first "
8753
"nic) is chosen."
8754
msgstr ""
8755
8756
#: serverguide/C/virtualization.xml:3915(para)
8757
msgid ""
8758
"<command>lxc.network.lxcscript.up</command> specifies a script to be called "
8759
"after the host side of the networking has been set up. See the "
8760
"<command>lxc.conf(5)</command> manual page for details."
8761
msgstr ""
8762
8763
#: serverguide/C/virtualization.xml:3925(title)
8764
msgid "Control group configuration"
8765
msgstr ""
8766
8767
#: serverguide/C/virtualization.xml:3927(para)
8768
msgid ""
8769
"Cgroup options can be specified using <command>lxc.cgroup</command> entries. "
8770
"<command>lxc.cgroup.subsystem.item = value</command> instructs LXC to set "
8771
"cgroup <command>subsystem</command>'s <command>item</command> to "
8772
"<command>value</command>. It is perhaps simpler to realize that this will "
8773
"simply write <command>value</command> to the file <command>item</command> "
8774
"for the container's control group for subsystem "
8775
"<command>subsystem</command>. For instance, to set the memory limit to 320M, "
8776
"you could add"
8777
msgstr ""
8778
8779
#: serverguide/C/virtualization.xml:3939(command)
8780
msgid "lxc.cgroup.memory.limit_in_bytes = 320000000"
8781
msgstr ""
8782
8783
#: serverguide/C/virtualization.xml:3944(para)
8784
msgid ""
8785
"which will cause 320000000 to be written to the file "
8786
"<filename>/sys/fs/cgroup/memory/lxc/CN/limit_in_bytes</filename>."
8787
msgstr ""
8788
8789
#: serverguide/C/virtualization.xml:3951(title)
8790
msgid "Rootfs, mounts and fstab"
8791
msgstr ""
8792
8793
#: serverguide/C/virtualization.xml:3953(para)
8794
msgid ""
8795
"An important part of container setup is the mounting of various filesystems "
8796
"into place. The following is an example configuration file excerpt "
8797
"demonstrating the commonly used configuration options:"
8798
msgstr ""
8799
8800
#: serverguide/C/virtualization.xml:3960(command)
8801
msgid ""
8802
"lxc.rootfs = /var/lib/lxc/CN/rootfs lxc.mount.entry=proc "
8803
"/var/lib/lxc/CN/rootfs/proc proc nodev,noexec,nosuid 0 0 lxc.mount = "
8804
"/var/lib/lxc/CN/fstab"
8805
msgstr ""
8806
8807
#: serverguide/C/virtualization.xml:3967(para)
8808
msgid ""
8809
"The first line says that the container's root filesystem is already mounted "
8810
"at <filename>/var/lib/lxc/CN/rootfs</filename>. If the filesystem is a block "
8811
"device (such as an LVM logical volume), then the path to the block device "
8812
"must be given instead."
8813
msgstr ""
8814
8815
#: serverguide/C/virtualization.xml:3974(para)
8816
msgid ""
8817
"Each <command>lxc.mount.entry</command> line should contain an item to mount "
8818
"in valid fstab format. The target directory should be prefixed by "
8819
"<filename>/var/lib/lxc/CN/rootfs</filename>, even if "
8820
"<command>lxc.rootfs</command> points to a block device."
8821
msgstr ""
8822
8823
#: serverguide/C/virtualization.xml:3981(para)
8824
msgid ""
8825
"Finally, <command>lxc.mount</command> points to a file, in fstab format, "
8826
"containing further items to mount. Note that all of these entries will be "
8827
"mounted by the host before the container init is started. In this way it is "
8828
"possible to bind mount various directories from the host into the container."
8829
msgstr ""
8830
8831
#: serverguide/C/virtualization.xml:3991(title)
8832
msgid "Other configuration options"
8833
msgstr ""
8834
8835
#: serverguide/C/virtualization.xml:3996(para)
8836
msgid ""
8837
"<command>lxc.cap.drop</command> can be used to prevent the container from "
8838
"having or ever obtaining the listed capabilities. For instance, including"
8839
msgstr ""
8840
8841
#: serverguide/C/virtualization.xml:4002(command)
8842
msgid "lxc.cap.drop = sys_admin"
8843
msgstr ""
8844
8845
#: serverguide/C/virtualization.xml:4007(para)
8846
msgid ""
8847
"will prevent the container from mounting filesystems, as well as all other "
8848
"actions which require cap_sys_admin. See the "
8849
"<command>capabilities(7)</command> manual page for a list of capabilities "
8850
"and their meanings."
8851
msgstr ""
8852
8853
#: serverguide/C/virtualization.xml:4014(para)
8854
msgid ""
8855
"<command>lxc.aa_profile = lxc-CN-profile</command> specifies a custom "
8856
"Apparmor profile in which to start the container. See <xref linkend=\"lxc-"
8857
"apparmor\"/> for more information."
8858
msgstr ""
8859
8860
#: serverguide/C/virtualization.xml:4020(para)
8861
msgid ""
8862
"<command>lxc.console=/path/to/consolefile</command> will cause console "
8863
"messages to be written to the specified file."
8864
msgstr ""
8865
8866
#: serverguide/C/virtualization.xml:4025(para)
8867
msgid ""
8868
"<command>lxc.arch</command> specifies the architecture for the container, "
8869
"for instance x86, or x86_64."
8870
msgstr ""
8871
8872
#: serverguide/C/virtualization.xml:4030(para)
8873
msgid ""
8874
"<command>lxc.tty=5</command> specifies that 5 consoles (in addition to "
8875
"<filename>/dev/console</filename>) should be created. That is, consoles will "
8876
"be available on <filename>/dev/tty1</filename> through "
8877
"<filename>/dev/tty5</filename>. The ubuntu templates set this value to 4."
8878
msgstr ""
8879
8880
#: serverguide/C/virtualization.xml:4038(para)
8881
msgid ""
8882
"<command>lxc.pts=1024</command> specifies that the container should have a "
8883
"private (Unix98) devpts filesystem mount. If this is not specified, then the "
8884
"container will share <filename>/dev/pts</filename> with the host, which is "
8885
"rarely desired. The number 1024 means that 1024 ptys should be allowed in "
8886
"the container, however this number is currently ignored. Before starting the "
8887
"container init, LXC will do (essentially) a"
8888
msgstr ""
8889
8890
#: serverguide/C/virtualization.xml:4048(command)
8891
msgid "sudo mount -t devpts -o newinstance devpts /dev/pts"
8892
msgstr ""
8893
8894
#: serverguide/C/virtualization.xml:4053(para)
8895
msgid ""
8896
"inside the container. It is important to realize that the container should "
8897
"not mount devpts filesystems of its own. It may safely do bind or move "
8898
"mounts of its mounted <filename>/dev/pts</filename>. But if it does"
8899
msgstr ""
8900
8901
#: serverguide/C/virtualization.xml:4060(command)
8902
msgid "sudo mount -t devpts devpts /dev/pts"
8903
msgstr ""
8904
8905
#: serverguide/C/virtualization.xml:4065(para)
8906
msgid ""
8907
"it will remount the host's devpts instance. If it adds the newinstance mount "
8908
"option, then it will mount a new private (empty) instance. In neither case "
8909
"will it remount the instance which was set up by LXC. For this reason, and "
8910
"to prevent the container from using the host's ptys, the default Apparmor "
8911
"policy will not allow containers to mount devpts filesystems after the "
8912
"container's init has been started."
8913
msgstr ""
8914
8915
#: serverguide/C/virtualization.xml:4076(para)
8916
msgid ""
8917
"<command>lxc.devttydir</command> specifies a directory under "
8918
"<filename>/dev</filename> in which LXC will create its console devices. If "
8919
"this option is not specified, then the ptys will be bind-mounted over "
8920
"<filename>/dev/console</filename> and <filename>/dev/ttyN.</filename> "
8921
"However, rare package updates may try to blindly <emphasis>rm -f</emphasis> "
8922
"and then <emphasis>mknod</emphasis> those devices. They will fail (because "
8923
"the file has been bind-mounted), causing the package update to fail. When "
8924
"<command>lxc.devttydir</command> is set to LXC, for instance, then LXC will "
8925
"bind-mount the console ptys onto <filename>/dev/lxc/console</filename> and "
8926
"<filename>/dev/lxc/ttyN,</filename> and subsequently symbolically link them "
8927
"to <filename>/dev/console</filename> and <filename>/dev/ttyN.</filename> "
8928
"This allows the package updates to succeed, at the risk of making future "
8929
"gettys on those consoles fail until the next reboot. This problem will be "
8930
"ideally solved with device namespaces."
8931
msgstr ""
8932
8933
#: serverguide/C/virtualization.xml:4100(title)
8934
msgid "Updates in Ubuntu containers"
8935
msgstr ""
8936
8937
#: serverguide/C/virtualization.xml:4102(para)
8938
msgid ""
8939
"Because of some limitations which are placed on containers, package upgrades "
8940
"at times can fail. For instance, a package install or upgrade might fail if "
8941
"it is not allowed to create or open a block device. This often blocks all "
8942
"future upgrades until the issue is resolved. In some cases, you can work "
8943
"around this by chrooting into the container, to avoid the container "
8944
"restrictions, and completing the upgrade in the chroot."
8945
msgstr ""
8946
8947
#: serverguide/C/virtualization.xml:4111(para)
8948
msgid ""
8949
"Some of the specific things known to occasionally impede package upgrades "
8950
"include:"
8951
msgstr ""
8952
8953
#: serverguide/C/virtualization.xml:4117(para)
8954
msgid ""
8955
"The container modifications performed when creating containers with the --"
8956
"trim option."
8957
msgstr ""
8958
8959
#: serverguide/C/virtualization.xml:4121(para)
8960
msgid ""
8961
"Actions performed by lxcguest. For instance, because "
8962
"<filename>/lib/init/fstab</filename> is bind-mounted from another file, "
8963
"mountall upgrades which insist on replacing that file can fail."
8964
msgstr ""
8965
8966
#: serverguide/C/virtualization.xml:4126(para)
8967
msgid ""
8968
"The over-mounting of console devices with ptys from the host can cause "
8969
"trouble with udev upgrades."
8970
msgstr ""
8971
8972
#: serverguide/C/virtualization.xml:4130(para)
8973
msgid ""
8974
"Apparmor policy and devices cgroup restrictions can prevent package upgrades "
8975
"from performing certain actions."
8976
msgstr ""
8977
8978
#: serverguide/C/virtualization.xml:4134(para)
8979
msgid ""
8980
"Capabilities dropped by use of <command>lxc.cap.drop</command> can likewise "
8981
"stop package upgrades from performing certain actions."
8982
msgstr ""
8983
8984
#: serverguide/C/virtualization.xml:4142(title)
8985
msgid "Libvirt LXC"
8986
msgstr ""
8987
8988
#: serverguide/C/virtualization.xml:4144(para)
8989
msgid ""
8990
"Libvirt is a powerful hypervisor management solution with which you can "
8991
"administer Qemu, Xen and LXC virtual machines, both locally and remote. The "
8992
"libvirt LXC driver is a separate implementation from what we normally call "
8993
"<emphasis>LXC</emphasis>. A few differences include:"
8994
msgstr ""
8995
8996
#: serverguide/C/virtualization.xml:4152(para)
8997
msgid "Configuration is stored in xml format"
8998
msgstr ""
8999
9000
#: serverguide/C/virtualization.xml:4155(para)
9001
msgid "There no tools to facilitate container creation"
9002
msgstr ""
9003
9004
#: serverguide/C/virtualization.xml:4158(para)
9005
msgid "By default there is no console on <filename>/dev/console</filename>"
9006
msgstr ""
9007
9008
#: serverguide/C/virtualization.xml:4161(para)
9009
msgid "There is no support (yet) for container reboot or full shutdown"
9010
msgstr ""
9011
9012
#: serverguide/C/virtualization.xml:4179(title)
9013
msgid "Converting a LXC container to libvirt-lxc"
9014
msgstr ""
9015
9016
#: serverguide/C/virtualization.xml:4181(para)
9017
msgid ""
9018
"<xref linkend=\"lxc-creation\"/> showed how to create LXC containers. If "
9019
"you've created a valid LXC container in this way, you can manage it with "
9020
"libvirt. Fetch a sample xml file from"
9021
msgstr ""
9022
9023
#: serverguide/C/virtualization.xml:4189(command) serverguide/C/virtualization.xml:4242(command)
9024
msgid "wget http://people.canonical.com/~serge/o1.xml"
9025
msgstr ""
9026
9027
#: serverguide/C/virtualization.xml:4194(para)
9028
msgid ""
9029
"Edit this file to replace the container name and root filesystem locations. "
9030
"Then you can define the container with:"
9031
msgstr ""
9032
9033
#: serverguide/C/virtualization.xml:4200(command)
9034
msgid "virsh -c lxc:/// define o1.xml"
9035
msgstr ""
9036
9037
#: serverguide/C/virtualization.xml:4207(title)
9038
msgid "Creating a container from cloud image"
9039
msgstr ""
9040
9041
#: serverguide/C/virtualization.xml:4209(para)
9042
msgid ""
9043
"If you prefer to create a pristine new container just for LXC, you can "
9044
"download an ubuntu cloud image, extract it, and point a libvirt LXC xml file "
9045
"to it. For instance, find the url for a root tarball for the latest daily "
9046
"Ubuntu 12.04 LTS cloud image using"
9047
msgstr ""
9048
9049
#: serverguide/C/virtualization.xml:4217(command)
9050
msgid ""
9051
"url1=`ubuntu-cloudimg-query precise daily $arch --format \"%{url}\\n\"` "
9052
"url=`echo $url1 | sed -e 's/.tar.gz/-root\\0/'` wget $url filename=`basename "
9053
"$url`"
9054
msgstr ""
9055
9056
#: serverguide/C/virtualization.xml:4225(para)
9057
msgid "Extract the downloaded tarball, for instance"
9058
msgstr ""
9059
9060
#: serverguide/C/virtualization.xml:4230(command)
9061
msgid "mkdir $HOME/c1 cd $HOME/c1 sudo tar zxf $filename"
9062
msgstr ""
9063
9064
#: serverguide/C/virtualization.xml:4237(para)
9065
msgid "Download the xml template"
9066
msgstr ""
9067
9068
#: serverguide/C/virtualization.xml:4247(para)
9069
msgid ""
9070
"In the xml template, replace the name o1 with c1 and the source directory "
9071
"<filename>/var/lib/lxc/o1/rootfs</filename> with "
9072
"<filename>$HOME/c1</filename>. Then define the container using"
9073
msgstr ""
9074
9075
#: serverguide/C/virtualization.xml:4254(command)
9076
msgid "virsh define o1.xml"
9077
msgstr ""
9078
9079
#: serverguide/C/virtualization.xml:4262(title)
9080
msgid "Interacting with libvirt containers"
9081
msgstr ""
9082
9083
#: serverguide/C/virtualization.xml:4264(para)
9084
msgid "As we've seen, you can create a libvirt-lxc container using"
9085
msgstr ""
9086
9087
#: serverguide/C/virtualization.xml:4269(command)
9088
msgid "virsh -c lxc:/// define container.xml"
9089
msgstr ""
9090
9091
#: serverguide/C/virtualization.xml:4274(para)
9092
msgid "To start a container called <emphasis>container</emphasis>, use"
9093
msgstr ""
9094
9095
#: serverguide/C/virtualization.xml:4279(command)
9096
msgid "virsh -c lxc:/// start container"
9097
msgstr ""
9098
9099
#: serverguide/C/virtualization.xml:4284(para)
9100
msgid "To stop a running container, use"
9101
msgstr ""
9102
9103
#: serverguide/C/virtualization.xml:4289(command)
9104
msgid "virsh -c lxc:/// destroy container"
9105
msgstr ""
9106
9107
#: serverguide/C/virtualization.xml:4294(para)
9108
msgid ""
9109
"Note that whereas the <command>lxc-destroy</command> command deletes the "
9110
"container, the <command>virsh destroy</command> command stops a running "
9111
"container. To delete the container definition, use"
9112
msgstr ""
9113
9114
#: serverguide/C/virtualization.xml:4301(command)
9115
msgid "virsh -c lxc:/// undefine container"
9116
msgstr ""
9117
9118
#: serverguide/C/virtualization.xml:4306(para)
9119
msgid "To get a console to a running container, use"
9120
msgstr ""
9121
9122
#: serverguide/C/virtualization.xml:4311(command)
9123
msgid "virsh -c lxc:/// console container"
9124
msgstr ""
9125
9126
#: serverguide/C/virtualization.xml:4316(para)
9127
msgid "Exit the console by simultaneously pressing control and ]."
9128
msgstr ""
9129
9130
#: serverguide/C/virtualization.xml:4325(title)
9131
msgid "The lxcguest package"
9132
msgstr ""
9133
9134
#: serverguide/C/virtualization.xml:4327(para)
9135
msgid ""
9136
"In the 11.04 (Natty) and 11.10 (Oneiric) releases of Ubuntu, a package was "
9137
"introduced called <emphasis role=\"italic\">lxcguest</emphasis>. An "
9138
"unmodified root image could not be safely booted inside a container, but an "
9139
"image with the lxcguest package installed could be booted as a container, on "
9140
"bare hardware, or in a Xen, kvm, or VMware virtual machine."
9141
msgstr ""
9142
9143
#: serverguide/C/virtualization.xml:4335(para)
9144
msgid ""
9145
"As of the 12.04 LTS release, the work previously done by the lxcguest "
9146
"package was pushed into the core packages, and the lxcguest package was "
9147
"removed. As a result, an unmodified 12.04 LTS image can be booted as a "
9148
"container, on bare hardware, or in a Xen, kvm, or VMware virtual machine. To "
9149
"use an older release, the lxcguest package should still be used."
9150
msgstr ""
9151
9152
#: serverguide/C/virtualization.xml:4346(title) serverguide/C/security.xml:13(title)
9153
msgid "Security"
9154
msgstr "Öryggi"
9155
9156
#: serverguide/C/virtualization.xml:4348(para)
9157
msgid ""
9158
"A namespace maps ids to resources. By not providing a container any id with "
9159
"which to reference a resource, the resource can be protected. This is the "
9160
"basis of some of the security afforded to container users. For instance, IPC "
9161
"namespaces are completely isolated. Other namespaces, however, have various "
9162
"<emphasis role=\"italic\">leaks</emphasis> which allow privilege to be "
9163
"inappropriately exerted from a container into another container or to the "
9164
"host."
9165
msgstr ""
9166
9167
#: serverguide/C/virtualization.xml:4358(para)
9168
msgid ""
9169
"By default, LXC containers are started under a Apparmor policy to restrict "
9170
"some actions. However, while stronger security is a goal for future "
9171
"releases, in 12.04 LTS the goal of the Apparmor policy is not to stop "
9172
"malicious actions but rather to stop accidental harm of the host by the "
9173
"guest."
9174
msgstr ""
9175
9176
#: serverguide/C/virtualization.xml:4366(para)
9177
msgid ""
9178
"See the <ulink url=\"http://wiki.ubuntu.com/LxcSecurity\">LXC "
9179
"security</ulink> wiki page for more, uptodate information."
9180
msgstr ""
9181
9182
#: serverguide/C/virtualization.xml:4372(title)
9183
msgid "Exploitable system calls"
9184
msgstr ""
9185
9186
#: serverguide/C/virtualization.xml:4374(para)
9187
msgid ""
9188
"It is a core container feature that containers share a kernel with the host. "
9189
"Therefore, if the kernel contains any exploitable system calls, the "
9190
"container can exploit these as well. Once the container controls the kernel "
9191
"it can fully control any resource known to the host."
9192
msgstr ""
9193
9194
#: serverguide/C/virtualization.xml:4389(para)
9195
msgid ""
9196
"The DeveloperWorks article <ulink "
9197
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
9198
"containers/\">LXC: Linux container tools</ulink> was an early introduction "
9199
"to the use of containers."
9200
msgstr ""
9201
9202
#: serverguide/C/virtualization.xml:4395(para)
9203
msgid ""
9204
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
9205
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
9206
"use of security modules to make containers more secure."
9207
msgstr ""
9208
9209
#: serverguide/C/virtualization.xml:4404(ulink)
9210
msgid "capabilities"
9211
msgstr ""
9212
9213
#: serverguide/C/virtualization.xml:4405(ulink)
9214
msgid "lxc.conf"
9215
msgstr ""
9216
9217
#: serverguide/C/virtualization.xml:4401(para)
9218
msgid "Manual pages referenced above can be found at: <placeholder-1/>"
9219
msgstr ""
9220
9221
#: serverguide/C/virtualization.xml:4411(para)
9222
msgid ""
9223
"The upstream LXC project is hosted at <ulink "
9224
"url=\"http://lxc.sf.net\">Sourceforge</ulink>."
9225
msgstr ""
9226
9227
#: serverguide/C/virtualization.xml:4417(para)
9228
msgid ""
9229
"LXC security issues are listed and discussed at <ulink "
9230
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
9231
msgstr ""
9232
9233
#: serverguide/C/virtualization.xml:4423(para)
9234
msgid ""
9235
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
9236
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
9237
"Mainstream Linux. SIGOPS Op- erating Systems Review, 42(5), 2008."
6562
9238
msgstr ""
6563
9239
6564
9240
#: serverguide/C/vcs.xml:13(title)
6674
9350
msgid "sudo apt-get install subversion libapache2-svn"
6675
9351
msgstr "sudo apt-get install subversion libapache2-svn"
6676
9352
9353
#: serverguide/C/vcs.xml:107(title)
9354
msgid "Server Configuration"
9355
msgstr ""
9356
6677
9357
#: serverguide/C/vcs.xml:108(para)
6678
9358
msgid ""
6679
9359
"This step assumes you have installed above mentioned packages on your "
6888
9568
msgstr ""
6889
9569
6890
9570
#: serverguide/C/vcs.xml:264(command)
6891
msgid "sudo htpasswd /etc/subversion/password user_name"
9571
msgid "sudo htpasswd /etc/subversion/passwd user_name"
6892
9572
msgstr ""
6893
9573
6894
9574
#: serverguide/C/vcs.xml:268(para)
7109
9789
" wait = no\n"
7110
9790
" type = UNLISTED\n"
7111
9791
" server = /usr/bin/cvs\n"
7112
" server_args = -f --allow-root /var/lib/cvs pserver\n"
9792
" server_args = -f --allow-root /srv/cvs pserver\n"
7113
9793
" disable = no\n"
7114
9794
"}\n"
7115
9795
msgstr ""
7117
9797
#: serverguide/C/vcs.xml:455(para)
7118
9798
msgid ""
7119
9799
"Be sure to edit the repository if you have changed the default repository "
7120
"(<application>/var/lib/cvs</application>) directory."
9800
"(<application>/srv/cvs</application>) directory."
7121
9801
msgstr ""
7122
9802
7123
9803
#: serverguide/C/vcs.xml:424(para)
7124
9804
msgid ""
7125
9805
"Once you install cvs, the repository will be automatically initialized. By "
7126
9806
"default, the repository resides under the "
7127
"<application>/var/lib/cvs</application> directory. You can change this path "
7128
"by running following command: <screen>\n"
9807
"<application>/srv/cvs</application> directory. You can change this path by "
9808
"running following command: <screen>\n"
7129
9809
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7130
9810
"</screen> Once the initial repository is set up, you can configure "
7131
9811
"<application>xinetd</application> to start the CVS server. You can copy the "
7147
9827
msgid "sudo netstat -tap | grep cvs"
7148
9828
msgstr "sudo netstat -tap | grep cvs"
7149
9829
7150
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
9830
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:67(para)
7151
9831
msgid ""
7152
9832
"When you run this command, you should see the following line or something "
7153
9833
"similar:"
7178
9858
msgid "Add Projects"
7179
9859
msgstr "Bæta við verkefnum"
7180
9860
7181
#: serverguide/C/vcs.xml:515(para)
9861
#: serverguide/C/vcs.xml:516(para)
7182
9862
msgid ""
7183
9863
"You can use the CVSROOT environment variable to store the CVS root "
7184
9864
"directory. Once you export the CVSROOT environment variable, you can avoid "
7185
9865
"using -d option in the above cvs command."
7186
9866
msgstr ""
7187
9867
7188
#: serverguide/C/vcs.xml:527(para)
9868
#: serverguide/C/vcs.xml:528(para)
7189
9869
msgid ""
7190
9870
"When you add a new project, the CVS user you use must have write access to "
7191
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7192
"the <application>src</application> group has write access to the CVS "
7193
"repository. So, you can add the user to this group, and he can then add and "
7194
"manage projects in the CVS repository."
9871
"the CVS repository (<application>/srv/cvs</application>). By default, the "
9872
"<application>src</application> group has write access to the CVS repository. "
9873
"So, you can add the user to this group, and he can then add and manage "
9874
"projects in the CVS repository."
7195
9875
msgstr ""
7196
9876
7197
9877
#: serverguide/C/vcs.xml:504(para)
7201
9881
"Now, run the following command to add this project to CVS repository: "
7202
9882
"<screen>\n"
7203
9883
"<command>cd your/project</command>\n"
7204
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
9884
"<command>cvs -d :pserver:username@hostname.com:/srv/cvs import -m \\\n"
7205
9885
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7206
9886
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7207
9887
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7209
9889
"<placeholder-2/>"
7210
9890
msgstr ""
7211
9891
7212
#: serverguide/C/vcs.xml:540(ulink)
9892
#: serverguide/C/vcs.xml:541(ulink)
7213
9893
msgid "Bazaar Home Page"
7214
9894
msgstr "Heimasiða Bazaar"
7215
9895
7216
#: serverguide/C/vcs.xml:541(ulink)
9896
#: serverguide/C/vcs.xml:542(ulink)
7217
9897
msgid "Launchpad"
7218
9898
msgstr "Launchpad"
7219
9899
7220
#: serverguide/C/vcs.xml:542(ulink)
9900
#: serverguide/C/vcs.xml:543(ulink)
7221
9901
msgid "Subversion Home Page"
7222
9902
msgstr ""
7223
9903
7224
#: serverguide/C/vcs.xml:543(ulink)
9904
#: serverguide/C/vcs.xml:544(ulink)
7225
9905
msgid "Subversion Book"
7226
9906
msgstr ""
7227
9907
7228
#: serverguide/C/vcs.xml:545(ulink)
9908
#: serverguide/C/vcs.xml:546(ulink)
7229
9909
msgid "CVS Manual"
7230
9910
msgstr ""
7231
9911
7232
#: serverguide/C/vcs.xml:546(ulink)
9912
#: serverguide/C/vcs.xml:547(ulink)
7233
9913
msgid "Easy Bazaar Ubuntu Wiki page"
7234
9914
msgstr ""
7235
9915
7236
#: serverguide/C/vcs.xml:547(ulink)
9916
#: serverguide/C/vcs.xml:548(ulink)
7237
9917
msgid "Ubuntu Wiki Subversion page"
7238
9918
msgstr ""
7239
9919
7240
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
9920
#: serverguide/C/serverguide.xml:14(title)
9921
msgid "Ubuntu Server Guide"
9922
msgstr "Ubuntu Netþjóna Leiðbeiningar"
9923
9924
#: serverguide/C/serverguide.xml:3(title)
7241
9925
msgid "Credits and License"
7242
9926
msgstr "Heiður og leyfi"
7243
9927
7244
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
9928
#: serverguide/C/serverguide.xml:4(para)
7245
9929
msgid ""
7246
9930
"This document is maintained by the Ubuntu documentation team "
7247
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7248
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
9931
"(https://wiki.ubuntu.com/DocumentationTeam). A list of contributors is below."
7249
9932
msgstr ""
7250
9933
7251
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
9934
#: serverguide/C/serverguide.xml:5(para)
7252
9935
msgid ""
7253
"This document is made available under the Creative Commons ShareAlike 2.5 "
9936
"This document is made available under the Creative Commons ShareAlike 3.0 "
7254
9937
"License (CC-BY-SA)."
7255
9938
msgstr ""
7256
"Þetta skjal er gefið út undir Creative Commons ShareAlike 2.5 License (CC-BY-"
7257
"SA) skilmálunum."
7258
9939
7259
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
9940
#: serverguide/C/serverguide.xml:6(para)
7260
9941
msgid ""
7261
9942
"You are free to modify, extend, and improve the Ubuntu documentation source "
7262
9943
"code under the terms of this license. All derivative works must be released "
7266
9947
"uppfylltum ákvæðum þessa leyfis. Öll afleidd vinna verður að vera gefin út "
7267
9948
"undir þessu leyfi."
7268
9949
7269
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
9950
#: serverguide/C/serverguide.xml:8(para)
7270
9951
msgid ""
7271
9952
"This documentation is distributed in the hope that it will be useful, but "
7272
9953
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7276
9957
"ALLRAR ÁBYRGÐAR; jafnvel án þeirrar ábyrgðar sem fólgin er í SELJANLEIKA eða "
7277
9958
"HÆFNI TIL AÐ GEGNA ÁKVEÐNU HLUTVERKI EINS OG SKÝRT ER Í FYRIRVARA."
7278
9959
7279
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7280
msgid ""
7281
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7282
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7283
msgstr ""
7284
7285
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7286
msgid "2010"
7287
msgstr ""
7288
7289
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7290
msgid "Ubuntu Documentation Project"
7291
msgstr "Skjölunarverkefni Ubuntu"
7292
7293
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7294
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7295
msgstr "Canonical Ltd. og meðlimir <placeholder-1/>"
7296
7297
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
9960
#: serverguide/C/serverguide.xml:11(para)
9961
msgid ""
9962
"A copy of the license is available here: <ulink "
9963
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
9964
"ShareAlike License</ulink>."
9965
msgstr ""
9966
9967
#: serverguide/C/serverguide.xml:14(para)
9968
msgid ""
9969
"Members of the <ulink url=\"https://launchpad.net/~ubuntu-core-doc\">Ubuntu "
9970
"Documentation Project</ulink>"
9971
msgstr ""
9972
9973
#: serverguide/C/serverguide.xml:15(para)
9974
msgid ""
9975
"Members of the <ulink url=\"https://launchpad.net/~ubuntu-server\">Ubuntu "
9976
"Server Team</ulink>"
9977
msgstr ""
9978
9979
#: serverguide/C/serverguide.xml:16(para)
9980
msgid ""
9981
"Contributors to the <ulink url=\"https://help.ubuntu.com/community/\">Ubuntu "
9982
"Documentation Wiki</ulink>"
9983
msgstr ""
9984
9985
#: serverguide/C/serverguide.xml:17(para)
9986
msgid ""
9987
"Other contributors can be found in the revision history of the <ulink "
9988
"url=\"https://code.launchpad.net/serverguide\">serverguide</ulink> and "
9989
"<ulink url=\"https://code.launchpad.net/ubuntu-docs\">ubuntu-docs</ulink> "
9990
"bzr branches available on Launchpad."
9991
msgstr ""
9992
9993
#: serverguide/C/serverguide.xml:12(para)
9994
msgid "Contributors to this document are: <placeholder-1/>"
9995
msgstr ""
9996
9997
#: serverguide/C/serverguide.xml:22(year)
9998
msgid "2012"
9999
msgstr ""
10000
10001
#: serverguide/C/serverguide.xml:23(holder)
10002
msgid "Contributors to the document"
10003
msgstr ""
10004
10005
#: serverguide/C/serverguide.xml:26(publishername)
7298
10006
msgid "The Ubuntu Documentation Project"
7299
10007
msgstr "Skjölunarverkefni Ubuntu"
7300
10008
7306
10014
"guide for configuring and customizing your system."
7307
10015
msgstr ""
7308
10016
7309
#: serverguide/C/security.xml:13(title)
7310
msgid "Security"
7311
msgstr "Öryggi"
7312
7313
10017
#: serverguide/C/security.xml:14(para)
7314
10018
msgid ""
7315
10019
"Security should always be considered when installing, deploying, and using "
7322
10026
#: serverguide/C/security.xml:17(para)
7323
10027
msgid ""
7324
10028
"This chapter provides an overview of security related topics as they pertain "
7325
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7326
"protect your server and network from any number of potential security "
10029
"to Ubuntu 12.04 LTS Server Edition, and outlines simple measures you may use "
10030
"to protect your server and network from any number of potential security "
7327
10031
"threats."
7328
10032
msgstr ""
7329
10033
7381
10085
"password for root as shown below:"
7382
10086
msgstr ""
7383
10087
10088
#: serverguide/C/security.xml:44(computeroutput)
10089
#, no-wrap
10090
msgid "[sudo] password for username:"
10091
msgstr ""
10092
7384
10093
#: serverguide/C/security.xml:44(userinput)
7385
10094
#, no-wrap
7386
10095
msgid "(enter your own password)"
7387
10096
msgstr "(skrifaðu lykilorðið þitt)"
7388
10097
10098
#: serverguide/C/security.xml:45(computeroutput)
10099
#, no-wrap
10100
msgid "Enter new UNIX password:"
10101
msgstr ""
10102
7389
10103
#: serverguide/C/security.xml:45(userinput)
7390
10104
#, no-wrap
7391
10105
msgid "(enter a new password for root)"
7392
10106
msgstr "(skrifaðu nýtt lykilorð fyrir rótina)"
7393
10107
10108
#: serverguide/C/security.xml:46(computeroutput)
10109
#, no-wrap
10110
msgid "Retype new UNIX password:"
10111
msgstr ""
10112
7394
10113
#: serverguide/C/security.xml:46(userinput)
7395
10114
#, no-wrap
7396
10115
msgid "(repeat new password for root)"
7397
10116
msgstr "(endurtaktu nýja lykilorðið fyrir rótina)"
7398
10117
7399
#: serverguide/C/security.xml:44(computeroutput)
10118
#: serverguide/C/security.xml:47(computeroutput)
7400
10119
#, no-wrap
7401
msgid ""
7402
"[sudo] password for username: <placeholder-1/>\n"
7403
"Enter new UNIX password: <placeholder-2/>\n"
7404
"Retype new UNIX password: <placeholder-3/>\n"
7405
"passwd: password updated successfully"
10120
msgid "passwd: password updated successfully"
7406
10121
msgstr ""
7407
10122
7408
10123
#: serverguide/C/security.xml:51(para)
7673
10388
"min=8\n"
7674
10389
msgstr ""
7675
10390
7676
#: serverguide/C/security.xml:215(title)
10391
#: serverguide/C/security.xml:214(para)
10392
msgid ""
10393
"Basic password entropy checks and minimum length rules do not apply to the "
10394
"administrator using sudo level commands to setup a new user."
10395
msgstr ""
10396
10397
#: serverguide/C/security.xml:220(title)
7677
10398
msgid "Password Expiration"
7678
10399
msgstr ""
7679
10400
7680
#: serverguide/C/security.xml:216(para)
10401
#: serverguide/C/security.xml:221(para)
7681
10402
msgid ""
7682
10403
"When creating user accounts, you should make it a policy to have a minimum "
7683
10404
"and maximum password age forcing users to change their passwords when they "
7684
10405
"expire."
7685
10406
msgstr ""
7686
10407
7687
#: serverguide/C/security.xml:221(para)
10408
#: serverguide/C/security.xml:226(para)
7688
10409
msgid ""
7689
10410
"To easily view the current status of a user account, use the following "
7690
10411
"syntax:"
7691
10412
msgstr ""
7692
10413
7693
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
10414
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
7694
10415
msgid "sudo chage -l username"
7695
10416
msgstr "sudo chage -l username"
7696
10417
7697
#: serverguide/C/security.xml:227(para)
10418
#: serverguide/C/security.xml:232(para)
7698
10419
msgid ""
7699
10420
"The output below shows interesting facts about the user account, namely that "
7700
10421
"there are no policies applied:"
7701
10422
msgstr ""
7702
10423
7703
#: serverguide/C/security.xml:230(computeroutput)
10424
#: serverguide/C/security.xml:235(computeroutput)
7704
10425
#, no-wrap
7705
10426
msgid ""
7706
10427
"Last password change : Jan 20, 2008\n"
7712
10433
"Number of days of warning before password expires : 7"
7713
10434
msgstr ""
7714
10435
7715
#: serverguide/C/security.xml:240(para)
10436
#: serverguide/C/security.xml:245(para)
7716
10437
msgid ""
7717
10438
"To set any of these values, simply use the following syntax, and follow the "
7718
10439
"interactive prompts:"
7719
10440
msgstr ""
7720
10441
7721
#: serverguide/C/security.xml:244(command)
10442
#: serverguide/C/security.xml:249(command)
7722
10443
msgid "sudo chage username"
7723
10444
msgstr "sudo chage username"
7724
10445
7725
#: serverguide/C/security.xml:246(para)
10446
#: serverguide/C/security.xml:251(para)
7726
10447
msgid ""
7727
10448
"The following is also an example of how you can manually change the explicit "
7728
10449
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7731
10452
"password expiration."
7732
10453
msgstr ""
7733
10454
7734
#: serverguide/C/security.xml:250(command)
10455
#: serverguide/C/security.xml:255(command)
7735
10456
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7736
10457
msgstr ""
7737
10458
7738
#: serverguide/C/security.xml:254(para)
10459
#: serverguide/C/security.xml:259(para)
7739
10460
msgid "To verify changes, use the same syntax as mentioned previously:"
7740
10461
msgstr ""
7741
10462
7742
#: serverguide/C/security.xml:260(para)
10463
#: serverguide/C/security.xml:265(para)
7743
10464
msgid ""
7744
10465
"The output below shows the new policies that have been established for the "
7745
10466
"account:"
7746
10467
msgstr ""
7747
10468
7748
#: serverguide/C/security.xml:263(computeroutput)
10469
#: serverguide/C/security.xml:268(computeroutput)
7749
10470
#, no-wrap
7750
10471
msgid ""
7751
10472
"Last password change : Jan 20, 2008\n"
7757
10478
"Number of days of warning before password expires : 14"
7758
10479
msgstr ""
7759
10480
7760
#: serverguide/C/security.xml:279(title)
10481
#: serverguide/C/security.xml:284(title)
7761
10482
msgid "Other Security Considerations"
7762
10483
msgstr ""
7763
10484
7764
#: serverguide/C/security.xml:280(para)
10485
#: serverguide/C/security.xml:285(para)
7765
10486
msgid ""
7766
10487
"Many applications use alternate authentication mechanisms that can be easily "
7767
10488
"overlooked by even experienced system administrators. Therefore, it is "
7769
10490
"to services and applications on your server."
7770
10491
msgstr ""
7771
10492
7772
#: serverguide/C/security.xml:285(title)
10493
#: serverguide/C/security.xml:290(title)
7773
10494
msgid "SSH Access by Disabled Users"
7774
10495
msgstr ""
7775
10496
7776
#: serverguide/C/security.xml:286(para)
10497
#: serverguide/C/security.xml:291(para)
7777
10498
msgid ""
7778
10499
"Simply disabling/locking a user account will not prevent a user from logging "
7779
10500
"into your server remotely if they have previously set up RSA public key "
7783
10504
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7784
10505
msgstr ""
7785
10506
7786
#: serverguide/C/security.xml:289(para)
10507
#: serverguide/C/security.xml:294(para)
7787
10508
msgid ""
7788
10509
"Remove or rename the directory <filename "
7789
10510
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7790
10511
"further SSH authentication capabilities."
7791
10512
msgstr ""
7792
10513
7793
#: serverguide/C/security.xml:292(para)
10514
#: serverguide/C/security.xml:297(para)
7794
10515
msgid ""
7795
10516
"Be sure to check for any established SSH connections by the disabled user, "
7796
10517
"as it is possible they may have existing inbound or outbound connections. "
7797
10518
"Kill any that are found."
7798
10519
msgstr ""
7799
10520
7800
#: serverguide/C/security.xml:295(para)
10521
#: serverguide/C/security.xml:300(para)
7801
10522
msgid ""
7802
10523
"Restrict SSH access to only user accounts that should have it. For example, "
7803
10524
"you may create a group called \"sshlogin\" and add the group name as the "
7805
10526
"the file <filename>/etc/ssh/sshd_config</filename>."
7806
10527
msgstr ""
7807
10528
7808
#: serverguide/C/security.xml:298(programlisting)
10529
#: serverguide/C/security.xml:303(programlisting)
7809
10530
#, no-wrap
7810
10531
msgid ""
7811
10532
"\n"
7812
10533
"AllowGroups sshlogin\n"
7813
10534
msgstr ""
7814
10535
7815
#: serverguide/C/security.xml:301(para)
10536
#: serverguide/C/security.xml:306(para)
7816
10537
msgid ""
7817
10538
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7818
10539
"SSH service."
7819
10540
msgstr ""
7820
10541
7821
#: serverguide/C/security.xml:305(command)
10542
#: serverguide/C/security.xml:310(command)
7822
10543
msgid "sudo adduser username sshlogin"
7823
10544
msgstr "sudo adduser username sshlogin"
7824
10545
7825
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7826
msgid "sudo /etc/init.d/ssh restart"
7827
msgstr "sudo /etc/init.d/ssh restart"
10546
#: serverguide/C/security.xml:311(command)
10547
msgid "sudo service ssh restart"
10548
msgstr ""
7828
10549
7829
#: serverguide/C/security.xml:310(title)
10550
#: serverguide/C/security.xml:315(title)
7830
10551
msgid "External User Database Authentication"
7831
10552
msgstr ""
7832
10553
7833
#: serverguide/C/security.xml:311(para)
10554
#: serverguide/C/security.xml:316(para)
7834
10555
msgid ""
7835
10556
"Most enterprise networks require centralized authentication and access "
7836
10557
"controls for all system resources. If you have configured your server to "
7839
10560
"fallback authentication is not possible."
7840
10561
msgstr ""
7841
10562
7842
#: serverguide/C/security.xml:320(title)
10563
#: serverguide/C/security.xml:325(title)
7843
10564
msgid "Console Security"
7844
10565
msgstr ""
7845
10566
7846
#: serverguide/C/security.xml:321(para)
10567
#: serverguide/C/security.xml:326(para)
7847
10568
msgid ""
7848
10569
"As with any other security barrier you put in place to protect your server, "
7849
10570
"it is pretty tough to defend against untold damage caused by someone with "
7850
10571
"physical access to your environment, for example, theft of hard drives, "
7851
"power or service disruption and so on. Therefore, console security should be "
7852
"addressed merely as one component of your overall physical security "
10572
"power or service disruption, and so on. Therefore, console security should "
10573
"be addressed merely as one component of your overall physical security "
7853
10574
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7854
10575
"very least slow down a determined one, so it is still advisable to perform "
7855
10576
"basic precautions with regard to console security."
7856
10577
msgstr ""
7857
10578
7858
#: serverguide/C/security.xml:324(para)
10579
#: serverguide/C/security.xml:329(para)
7859
10580
msgid ""
7860
10581
"The following instructions will help defend your server against issues that "
7861
10582
"could otherwise yield very serious consequences."
7862
10583
msgstr ""
7863
10584
7864
#: serverguide/C/security.xml:329(title)
10585
#: serverguide/C/security.xml:334(title)
7865
10586
msgid "Disable Ctrl+Alt+Delete"
7866
10587
msgstr ""
7867
10588
7868
#: serverguide/C/security.xml:330(para)
10589
#: serverguide/C/security.xml:335(para)
7869
10590
msgid ""
7870
10591
"First and foremost, anyone that has physical access to the keyboard can "
7871
10592
"simply use the "
7877
10598
"prevent accidental reboots at the same time."
7878
10599
msgstr ""
7879
10600
7880
#: serverguide/C/security.xml:335(para)
10601
#: serverguide/C/security.xml:340(para)
7881
10602
msgid ""
7882
10603
"To disable the reboot action taken by pressing the "
7883
10604
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7885
10606
"<filename>/etc/init/control-alt-delete.conf</filename>."
7886
10607
msgstr ""
7887
10608
7888
#: serverguide/C/security.xml:338(programlisting)
10609
#: serverguide/C/security.xml:343(programlisting)
7889
10610
#, no-wrap
7890
10611
msgid ""
7891
10612
"\n"
7892
10613
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7893
10614
msgstr ""
7894
10615
7895
#: serverguide/C/security.xml:347(title)
10616
#: serverguide/C/security.xml:352(title)
7896
10617
msgid "Firewall"
7897
10618
msgstr "Eldveggur"
7898
10619
7899
#: serverguide/C/security.xml:350(para)
10620
#: serverguide/C/security.xml:355(para)
7900
10621
msgid ""
7901
10622
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7902
10623
"which is used to manipulate or decide the fate of network traffic headed "
7904
10625
"system for packet filtering."
7905
10626
msgstr ""
7906
10627
7907
#: serverguide/C/security.xml:355(para)
10628
#: serverguide/C/security.xml:360(para)
7908
10629
msgid ""
7909
10630
"The kernel's packet filtering system would be of little use to "
7910
10631
"administrators without a userspace interface to manage it. This is the "
7915
10636
"but many frontends are available to simplify the task."
7916
10637
msgstr ""
7917
10638
7918
#: serverguide/C/security.xml:365(title)
10639
#: serverguide/C/security.xml:370(title)
7919
10640
msgid "ufw - Uncomplicated Firewall"
7920
10641
msgstr "ufw - Uncomplicated Firewall"
7921
10642
7922
#: serverguide/C/security.xml:366(para)
10643
#: serverguide/C/security.xml:371(para)
7923
10644
msgid ""
7924
10645
"The default firewall configuration tool for Ubuntu is "
7925
10646
"<application>ufw</application>. Developed to ease iptables firewall "
7927
10648
"to create an IPv4 or IPv6 host-based firewall."
7928
10649
msgstr ""
7929
10650
7930
#: serverguide/C/security.xml:370(para)
10651
#: serverguide/C/security.xml:375(para)
7931
10652
msgid ""
7932
10653
"<application>ufw</application> by default is initially disabled. From the "
7933
10654
"<application>ufw</application> man page:"
7934
10655
msgstr ""
7935
10656
7936
#: serverguide/C/security.xml:374(quote)
10657
#: serverguide/C/security.xml:379(quote)
7937
10658
msgid ""
7938
10659
"ufw is not intended to provide complete firewall functionality via its "
7939
10660
"command interface, but instead provides an easy way to add or remove simple "
7940
10661
"rules. It is currently mainly used for host-based firewalls."
7941
10662
msgstr ""
7942
10663
7943
#: serverguide/C/security.xml:378(para)
10664
#: serverguide/C/security.xml:383(para)
7944
10665
msgid ""
7945
10666
"The following are some examples of how to use <application>ufw</application>:"
7946
10667
msgstr ""
7947
10668
7948
#: serverguide/C/security.xml:383(para)
10669
#: serverguide/C/security.xml:388(para)
7949
10670
msgid ""
7950
10671
"First, <application>ufw</application> needs to be enabled. From a terminal "
7951
10672
"prompt enter:"
7952
10673
msgstr ""
7953
10674
7954
#: serverguide/C/security.xml:387(command)
10675
#: serverguide/C/security.xml:392(command)
7955
10676
msgid "sudo ufw enable"
7956
10677
msgstr "sudo ufw enable"
7957
10678
7958
#: serverguide/C/security.xml:391(para)
10679
#: serverguide/C/security.xml:396(para)
7959
10680
msgid "To open a port (ssh in this example):"
7960
10681
msgstr ""
7961
10682
7962
#: serverguide/C/security.xml:395(command)
10683
#: serverguide/C/security.xml:400(command)
7963
10684
msgid "sudo ufw allow 22"
7964
10685
msgstr "sudo ufw allow 22"
7965
10686
7966
#: serverguide/C/security.xml:399(para)
10687
#: serverguide/C/security.xml:404(para)
7967
10688
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7968
10689
msgstr ""
7969
10690
7970
#: serverguide/C/security.xml:403(command)
10691
#: serverguide/C/security.xml:408(command)
7971
10692
msgid "sudo ufw insert 1 allow 80"
7972
10693
msgstr ""
7973
10694
7974
#: serverguide/C/security.xml:407(para)
10695
#: serverguide/C/security.xml:412(para)
7975
10696
msgid "Similarly, to close an opened port:"
7976
10697
msgstr ""
7977
10698
7978
#: serverguide/C/security.xml:411(command)
10699
#: serverguide/C/security.xml:416(command)
7979
10700
msgid "sudo ufw deny 22"
7980
10701
msgstr "sudo ufw deny 22"
7981
10702
7982
#: serverguide/C/security.xml:415(para)
10703
#: serverguide/C/security.xml:420(para)
7983
10704
msgid "To remove a rule, use delete followed by the rule:"
7984
10705
msgstr ""
7985
10706
7986
#: serverguide/C/security.xml:419(command)
10707
#: serverguide/C/security.xml:424(command)
7987
10708
msgid "sudo ufw delete deny 22"
7988
10709
msgstr "sudo ufw delete deny 22"
7989
10710
7990
#: serverguide/C/security.xml:423(para)
10711
#: serverguide/C/security.xml:428(para)
7991
10712
msgid ""
7992
10713
"It is also possible to allow access from specific hosts or networks to a "
7993
10714
"port. The following example allows ssh access from host 192.168.0.2 to any "
7994
10715
"ip address on this host:"
7995
10716
msgstr ""
7996
10717
7997
#: serverguide/C/security.xml:428(command)
10718
#: serverguide/C/security.xml:433(command)
7998
10719
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7999
10720
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8000
10721
8001
#: serverguide/C/security.xml:430(para)
10722
#: serverguide/C/security.xml:435(para)
8002
10723
msgid ""
8003
10724
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8004
10725
"subnet."
8005
10726
msgstr ""
8006
10727
8007
#: serverguide/C/security.xml:436(para)
10728
#: serverguide/C/security.xml:441(para)
8008
10729
msgid ""
8009
10730
"Adding the <emphasis>--dry-run</emphasis> option to a "
8010
10731
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8012
10733
"the HTTP port:"
8013
10734
msgstr ""
8014
10735
8015
#: serverguide/C/security.xml:442(command)
10736
#: serverguide/C/security.xml:447(command)
8016
10737
msgid "sudo ufw --dry-run allow http"
8017
10738
msgstr ""
8018
10739
8019
#: serverguide/C/security.xml:446(computeroutput)
10740
#: serverguide/C/security.xml:451(computeroutput)
8020
10741
#, no-wrap
8021
10742
msgid ""
8022
10743
"*filter\n"
8042
10763
"Rules updated"
8043
10764
msgstr ""
8044
10765
8045
#: serverguide/C/security.xml:470(para)
10766
#: serverguide/C/security.xml:475(para)
8046
10767
msgid "<application>ufw</application> can be disabled by:"
8047
10768
msgstr ""
8048
10769
8049
#: serverguide/C/security.xml:474(command)
10770
#: serverguide/C/security.xml:479(command)
8050
10771
msgid "sudo ufw disable"
8051
10772
msgstr "sudo ufw disable"
8052
10773
8053
#: serverguide/C/security.xml:478(para)
10774
#: serverguide/C/security.xml:483(para)
8054
10775
msgid "To see the firewall status, enter:"
8055
10776
msgstr ""
8056
10777
8057
#: serverguide/C/security.xml:482(command)
10778
#: serverguide/C/security.xml:487(command)
8058
10779
msgid "sudo ufw status"
8059
10780
msgstr ""
8060
10781
8061
#: serverguide/C/security.xml:486(para)
10782
#: serverguide/C/security.xml:491(para)
8062
10783
msgid "And for more verbose status information use:"
8063
10784
msgstr ""
8064
10785
8065
#: serverguide/C/security.xml:490(command)
10786
#: serverguide/C/security.xml:495(command)
8066
10787
msgid "sudo ufw status verbose"
8067
10788
msgstr ""
8068
10789
8069
#: serverguide/C/security.xml:494(para)
10790
#: serverguide/C/security.xml:499(para)
8070
10791
msgid "To view the <emphasis>numbered</emphasis> format:"
8071
10792
msgstr ""
8072
10793
8073
#: serverguide/C/security.xml:498(command)
10794
#: serverguide/C/security.xml:503(command)
8074
10795
msgid "sudo ufw status numbered"
8075
10796
msgstr ""
8076
10797
8077
#: serverguide/C/security.xml:503(para)
10798
#: serverguide/C/security.xml:508(para)
8078
10799
msgid ""
8079
10800
"If the port you want to open or close is defined in "
8080
10801
"<filename>/etc/services</filename>, you can use the port name instead of the "
8082
10803
"<emphasis>ssh</emphasis>."
8083
10804
msgstr ""
8084
10805
8085
#: serverguide/C/security.xml:509(para)
10806
#: serverguide/C/security.xml:514(para)
8086
10807
msgid ""
8087
10808
"This is a quick introduction to using <application>ufw</application>. Please "
8088
10809
"refer to the <application>ufw</application> man page for more information."
8089
10810
msgstr ""
8090
10811
8091
#: serverguide/C/security.xml:515(title)
10812
#: serverguide/C/security.xml:520(title)
8092
10813
msgid "ufw Application Integration"
8093
10814
msgstr ""
8094
10815
8095
#: serverguide/C/security.xml:517(para)
10816
#: serverguide/C/security.xml:522(para)
8096
10817
msgid ""
8097
10818
"Applications that open ports can include an <application>ufw</application> "
8098
10819
"profile, which details the ports needed for the application to function "
8101
10822
"the default ports have been changed."
8102
10823
msgstr ""
8103
10824
8104
#: serverguide/C/security.xml:526(para)
10825
#: serverguide/C/security.xml:531(para)
8105
10826
msgid ""
8106
10827
"To view which applications have installed a profile, enter the following in "
8107
10828
"a terminal:"
8108
10829
msgstr ""
8109
10830
8110
#: serverguide/C/security.xml:531(command)
10831
#: serverguide/C/security.xml:536(command)
8111
10832
msgid "sudo ufw app list"
8112
10833
msgstr ""
8113
10834
8114
#: serverguide/C/security.xml:537(para)
10835
#: serverguide/C/security.xml:542(para)
8115
10836
msgid ""
8116
10837
"Similar to allowing traffic to a port, using an application profile is "
8117
10838
"accomplished by entering:"
8118
10839
msgstr ""
8119
10840
8120
#: serverguide/C/security.xml:542(command)
10841
#: serverguide/C/security.xml:547(command)
8121
10842
msgid "sudo ufw allow Samba"
8122
10843
msgstr ""
8123
10844
8124
#: serverguide/C/security.xml:548(para)
10845
#: serverguide/C/security.xml:553(para)
8125
10846
msgid "An extended syntax is available as well:"
8126
10847
msgstr ""
8127
10848
8128
#: serverguide/C/security.xml:553(command)
10849
#: serverguide/C/security.xml:558(command)
8129
10850
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8130
10851
msgstr ""
8131
10852
8132
#: serverguide/C/security.xml:556(para)
10853
#: serverguide/C/security.xml:561(para)
8133
10854
msgid ""
8134
10855
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8135
10856
"with the application profile you are using and the IP range for your network."
8136
10857
msgstr ""
8137
10858
8138
#: serverguide/C/security.xml:562(para)
10859
#: serverguide/C/security.xml:567(para)
8139
10860
msgid ""
8140
10861
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8141
10862
"application, because that information is detailed in the profile. Also, note "
8143
10864
"<emphasis>port</emphasis> number."
8144
10865
msgstr ""
8145
10866
8146
#: serverguide/C/security.xml:571(para)
10867
#: serverguide/C/security.xml:576(para)
8147
10868
msgid ""
8148
10869
"To view details about which ports, protocols, etc are defined for an "
8149
10870
"application, enter:"
8150
10871
msgstr ""
8151
10872
8152
#: serverguide/C/security.xml:576(command)
10873
#: serverguide/C/security.xml:581(command)
8153
10874
msgid "sudo ufw app info Samba"
8154
10875
msgstr ""
8155
10876
8156
#: serverguide/C/security.xml:582(para)
10877
#: serverguide/C/security.xml:587(para)
8157
10878
msgid ""
8158
10879
"Not all applications that require opening a network port come with "
8159
10880
"<application>ufw</application> profiles, but if you have profiled an "
8160
10881
"application and want the file to be included with the package, please file a "
8161
"bug against the package in <ulink "
8162
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8163
msgstr ""
8164
8165
#: serverguide/C/security.xml:591(title)
10882
"bug against the package in Launchpad."
10883
msgstr ""
10884
10885
#: serverguide/C/security.xml:593(command)
10886
msgid "ubuntu-bug nameofpackage"
10887
msgstr ""
10888
10889
#: serverguide/C/security.xml:599(title)
8166
10890
msgid "IP Masquerading"
8167
10891
msgstr ""
8168
10892
8169
#: serverguide/C/security.xml:592(para)
10893
#: serverguide/C/security.xml:600(para)
8170
10894
msgid ""
8171
10895
"The purpose of IP Masquerading is to allow machines with private, non-"
8172
10896
"routable IP addresses on your network to access the Internet through the "
8183
10907
"to in Microsoft documentation as Internet Connection Sharing."
8184
10908
msgstr ""
8185
10909
8186
#: serverguide/C/security.xml:608(title)
10910
#: serverguide/C/security.xml:616(title)
8187
10911
msgid "ufw Masquerading"
8188
10912
msgstr ""
8189
10913
8190
#: serverguide/C/security.xml:609(para)
10914
#: serverguide/C/security.xml:617(para)
8191
10915
msgid ""
8192
10916
"IP Masquerading can be achieved using custom <application>ufw</application> "
8193
10917
"rules. This is possible because the current back-end for "
8198
10922
"that are more network gateway or bridge related."
8199
10923
msgstr ""
8200
10924
8201
#: serverguide/C/security.xml:615(para)
10925
#: serverguide/C/security.xml:623(para)
8202
10926
msgid ""
8203
10927
"The rules are split into two different files, rules that should be executed "
8204
10928
"before <application>ufw</application> command line rules, and rules that are "
8205
10929
"executed after <application>ufw</application> command line rules."
8206
10930
msgstr ""
8207
10931
8208
#: serverguide/C/security.xml:621(para)
10932
#: serverguide/C/security.xml:629(para)
8209
10933
msgid ""
8210
10934
"First, packet forwarding needs to be enabled in "
8211
10935
"<application>ufw</application>. Two configuration files will need to be "
8213
10937
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8214
10938
msgstr ""
8215
10939
8216
#: serverguide/C/security.xml:625(programlisting)
10940
#: serverguide/C/security.xml:633(programlisting)
8217
10941
#, no-wrap
8218
10942
msgid ""
8219
10943
"\n"
8220
10944
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8221
10945
msgstr ""
8222
10946
8223
#: serverguide/C/security.xml:628(para)
10947
#: serverguide/C/security.xml:636(para)
8224
10948
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8225
10949
msgstr ""
8226
10950
8227
#: serverguide/C/security.xml:631(programlisting)
10951
#: serverguide/C/security.xml:639(programlisting)
8228
10952
#, no-wrap
8229
10953
msgid ""
8230
10954
"\n"
8231
10955
"net/ipv4/ip_forward=1\n"
8232
10956
msgstr ""
8233
10957
8234
#: serverguide/C/security.xml:634(para)
10958
#: serverguide/C/security.xml:642(para)
8235
10959
msgid "Similarly, for IPv6 forwarding uncomment:"
8236
10960
msgstr ""
8237
10961
8238
#: serverguide/C/security.xml:637(programlisting)
10962
#: serverguide/C/security.xml:645(programlisting)
8239
10963
#, no-wrap
8240
10964
msgid ""
8241
10965
"\n"
8242
10966
"net/ipv6/conf/default/forwarding=1\n"
8243
10967
msgstr ""
8244
10968
8245
#: serverguide/C/security.xml:642(para)
10969
#: serverguide/C/security.xml:650(para)
8246
10970
msgid ""
8247
10971
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8248
10972
"file. The default rules only configure the <emphasis>filter</emphasis> "
8251
10975
"the header comments:"
8252
10976
msgstr ""
8253
10977
8254
#: serverguide/C/security.xml:647(programlisting)
10978
#: serverguide/C/security.xml:655(programlisting)
8255
10979
#, no-wrap
8256
10980
msgid ""
8257
10981
"\n"
8267
10991
"COMMIT\n"
8268
10992
msgstr ""
8269
10993
8270
#: serverguide/C/security.xml:658(para)
10994
#: serverguide/C/security.xml:666(para)
8271
10995
msgid ""
8272
10996
"The comments are not strictly necessary, but it is considered good practice "
8273
10997
"to document your configuration. Also, when modifying any of the "
8276
11000
"line for each table modified:"
8277
11001
msgstr ""
8278
11002
8279
#: serverguide/C/security.xml:664(programlisting)
11003
#: serverguide/C/security.xml:672(programlisting)
8280
11004
#, no-wrap
8281
11005
msgid ""
8282
11006
"\n"
8284
11008
"COMMIT\n"
8285
11009
msgstr ""
8286
11010
8287
#: serverguide/C/security.xml:669(para)
11011
#: serverguide/C/security.xml:677(para)
8288
11012
msgid ""
8289
11013
"For each <emphasis>Table</emphasis> a corresponding "
8290
11014
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8293
11017
"<emphasis>mangle</emphasis> tables."
8294
11018
msgstr ""
8295
11019
8296
#: serverguide/C/security.xml:676(para)
11020
#: serverguide/C/security.xml:684(para)
8297
11021
msgid ""
8298
11022
"In the above example replace <emphasis>eth0</emphasis>, "
8299
11023
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8300
11024
"appropriate interfaces and IP range for your network."
8301
11025
msgstr ""
8302
11026
8303
#: serverguide/C/security.xml:684(para)
11027
#: serverguide/C/security.xml:692(para)
8304
11028
msgid ""
8305
11029
"Finally, disable and re-enable <application>ufw</application> to apply the "
8306
11030
"changes:"
8307
11031
msgstr ""
8308
11032
8309
#: serverguide/C/security.xml:688(command)
11033
#: serverguide/C/security.xml:696(command)
8310
11034
msgid "sudo ufw disable && sudo ufw enable"
8311
11035
msgstr "sudo ufw disable && sudo ufw enable"
8312
11036
8313
#: serverguide/C/security.xml:692(para)
11037
#: serverguide/C/security.xml:700(para)
8314
11038
msgid ""
8315
11039
"IP Masquerading should now be enabled. You can also add any additional "
8316
11040
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8318
11042
"forward</emphasis> chain."
8319
11043
msgstr ""
8320
11044
8321
#: serverguide/C/security.xml:699(title)
11045
#: serverguide/C/security.xml:707(title)
8322
11046
msgid "iptables Masquerading"
8323
11047
msgstr ""
8324
11048
8325
#: serverguide/C/security.xml:700(para)
11049
#: serverguide/C/security.xml:708(para)
8326
11050
msgid ""
8327
"<application>iptables</application> can also be used to enable masquerading."
11051
"<application>iptables</application> can also be used to enable Masquerading."
8328
11052
msgstr ""
8329
11053
8330
#: serverguide/C/security.xml:705(para)
11054
#: serverguide/C/security.xml:713(para)
8331
11055
msgid ""
8332
11056
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8333
11057
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8334
11058
"uncomment the following line"
8335
11059
msgstr ""
8336
11060
8337
#: serverguide/C/security.xml:709(programlisting)
11061
#: serverguide/C/security.xml:717(programlisting)
8338
11062
#, no-wrap
8339
11063
msgid ""
8340
11064
"\n"
8341
11065
"net.ipv4.ip_forward=1\n"
8342
11066
msgstr ""
8343
11067
8344
#: serverguide/C/security.xml:712(para)
11068
#: serverguide/C/security.xml:720(para)
8345
11069
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8346
11070
msgstr ""
8347
11071
8348
#: serverguide/C/security.xml:715(programlisting)
11072
#: serverguide/C/security.xml:723(programlisting)
8349
11073
#, no-wrap
8350
11074
msgid ""
8351
11075
"\n"
8352
11076
"net.ipv6.conf.default.forwarding=1\n"
8353
11077
msgstr ""
8354
11078
8355
#: serverguide/C/security.xml:720(para)
11079
#: serverguide/C/security.xml:728(para)
8356
11080
msgid ""
8357
11081
"Next, execute the <application>sysctl</application> command to enable the "
8358
11082
"new settings in the configuration file:"
8359
11083
msgstr ""
8360
11084
8361
#: serverguide/C/security.xml:724(command)
11085
#: serverguide/C/security.xml:732(command)
8362
11086
msgid "sudo sysctl -p"
8363
11087
msgstr "sudo sysctl -p"
8364
11088
8365
#: serverguide/C/security.xml:728(para)
11089
#: serverguide/C/security.xml:736(para)
8366
11090
msgid ""
8367
11091
"IP Masquerading can now be accomplished with a single iptables rule, which "
8368
11092
"may differ slightly based on your network configuration:"
8369
11093
msgstr ""
8370
11094
8371
#: serverguide/C/security.xml:731(screen)
11095
#: serverguide/C/security.xml:739(screen)
8372
11096
#, no-wrap
8373
11097
msgid ""
8374
11098
"\n"
8377
11101
"\n"
8378
11102
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8379
11103
8380
#: serverguide/C/security.xml:734(para)
11104
#: serverguide/C/security.xml:742(para)
8381
11105
msgid ""
8382
11106
"The above command assumes that your private address space is 192.168.0.0/16 "
8383
11107
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8384
11108
"follows:"
8385
11109
msgstr ""
8386
11110
8387
#: serverguide/C/security.xml:739(para)
11111
#: serverguide/C/security.xml:747(para)
8388
11112
msgid "-t nat -- the rule is to go into the nat table"
8389
11113
msgstr ""
8390
11114
8391
#: serverguide/C/security.xml:740(para)
11115
#: serverguide/C/security.xml:748(para)
8392
11116
msgid ""
8393
11117
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8394
11118
msgstr ""
8395
11119
8396
#: serverguide/C/security.xml:741(para)
11120
#: serverguide/C/security.xml:749(para)
8397
11121
msgid ""
8398
11122
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8399
11123
"specified address space"
8400
11124
msgstr ""
8401
11125
8402
#: serverguide/C/security.xml:742(para)
11126
#: serverguide/C/security.xml:750(para)
8403
11127
msgid ""
8404
11128
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8405
11129
"specified network device"
8406
11130
msgstr ""
8407
11131
8408
#: serverguide/C/security.xml:744(para)
11132
#: serverguide/C/security.xml:752(para)
8409
11133
msgid ""
8410
11134
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8411
11135
"MASQUERADE target to be manipulated as described above"
8412
11136
msgstr ""
8413
11137
8414
#: serverguide/C/security.xml:752(para)
11138
#: serverguide/C/security.xml:760(para)
8415
11139
msgid ""
8416
11140
"Also, each chain in the filter table (the default table, and where most or "
8417
11141
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8421
11145
"above rule to work:"
8422
11146
msgstr ""
8423
11147
8424
#: serverguide/C/security.xml:759(screen)
11148
#: serverguide/C/security.xml:767(screen)
8425
11149
#, no-wrap
8426
11150
msgid ""
8427
11151
"\n"
8428
11152
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8429
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8430
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
11153
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state \\\n"
11154
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8431
11155
msgstr ""
8432
11156
8433
#: serverguide/C/security.xml:763(para)
11157
#: serverguide/C/security.xml:772(para)
8434
11158
msgid ""
8435
11159
"The above commands will allow all connections from your local network to the "
8436
11160
"Internet and all traffic related to those connections to return to the "
8437
11161
"machine that initiated them."
8438
11162
msgstr ""
8439
11163
8440
#: serverguide/C/security.xml:770(para)
11164
#: serverguide/C/security.xml:779(para)
8441
11165
msgid ""
8442
11166
"If you want masquerading to be enabled on reboot, which you probably do, "
8443
11167
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8444
11168
"example add the first command with no filtering:"
8445
11169
msgstr ""
8446
11170
8447
#: serverguide/C/security.xml:774(screen)
11171
#: serverguide/C/security.xml:783(screen)
8448
11172
#, no-wrap
8449
11173
msgid ""
8450
11174
"\n"
8451
11175
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8452
11176
msgstr ""
8453
11177
8454
#: serverguide/C/security.xml:782(title)
11178
#: serverguide/C/security.xml:791(title)
8455
11179
msgid "Logs"
8456
11180
msgstr ""
8457
11181
8458
#: serverguide/C/security.xml:783(para)
11182
#: serverguide/C/security.xml:792(para)
8459
11183
msgid ""
8460
11184
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8461
11185
"firewall rules, and noticing unusual activity on your network. You must "
8465
11189
"REJECT)."
8466
11190
msgstr ""
8467
11191
8468
#: serverguide/C/security.xml:790(para)
11192
#: serverguide/C/security.xml:799(para)
8469
11193
msgid ""
8470
11194
"If you are using <application>ufw</application>, you can turn on logging by "
8471
11195
"entering the following in a terminal:"
8472
11196
msgstr ""
8473
11197
8474
#: serverguide/C/security.xml:794(command)
11198
#: serverguide/C/security.xml:803(command)
8475
11199
msgid "sudo ufw logging on"
8476
11200
msgstr ""
8477
11201
8478
#: serverguide/C/security.xml:796(para)
11202
#: serverguide/C/security.xml:805(para)
8479
11203
msgid ""
8480
11204
"To turn logging off in <application>ufw</application>, simply replace "
8481
11205
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8482
11206
"role=\"italic\">off</emphasis> in the above command."
8483
11207
msgstr ""
8484
11208
8485
#: serverguide/C/security.xml:799(para)
11209
#: serverguide/C/security.xml:808(para)
8486
11210
msgid ""
8487
11211
"If using <application>iptables</application> instead of "
8488
11212
"<application>ufw</application>, enter:"
8489
11213
msgstr ""
8490
11214
8491
#: serverguide/C/security.xml:802(screen)
11215
#: serverguide/C/security.xml:811(screen)
8492
11216
#, no-wrap
8493
11217
msgid ""
8494
11218
"\n"
8495
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8496
"prefix \"NEW_HTTP_CONN: \"\n"
11219
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 \\\n"
11220
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
8497
11221
msgstr ""
8498
11222
8499
#: serverguide/C/security.xml:805(para)
11223
#: serverguide/C/security.xml:815(para)
8500
11224
msgid ""
8501
11225
"A request on port 80 from the local machine, then, would generate a log in "
8502
"dmesg that looks like this:"
11226
"dmesg that looks like this (single line split into 3 to fit this document):"
8503
11227
msgstr ""
8504
11228
8505
#: serverguide/C/security.xml:810(programlisting)
11229
#: serverguide/C/security.xml:820(programlisting)
8506
11230
#, no-wrap
8507
11231
msgid ""
8508
11232
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8509
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8510
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8511
"WINDOW=32767 RES=0x00 SYN URGP=0"
11233
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00\n"
11234
" SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF "
11235
"PROTO=TCP\n"
11236
" SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0"
8512
11237
msgstr ""
8513
11238
8514
#: serverguide/C/security.xml:812(para)
11239
#: serverguide/C/security.xml:824(para)
8515
11240
msgid ""
8516
11241
"The above log will also appear in <filename>/var/log/messages</filename>, "
8517
11242
"<filename>/var/log/syslog</filename>, and "
8523
11248
"for firewalls, and can log to any file you like, or even to a "
8524
11249
"<application>PostgreSQL</application> or <application>MySQL</application> "
8525
11250
"database. Making sense of your firewall logs can be simplified by using a "
8526
"log analyzing tool such as <application>fwanalog</application>, "
8527
"<application> fwlogwatch</application>, or <application>lire</application>."
11251
"log analyzing tool such as <application>logwatch</application>, "
11252
"<application>fwanalog</application>, <application>fwlogwatch</application>, "
11253
"or <application>lire</application>."
8528
11254
msgstr ""
8529
11255
8530
#: serverguide/C/security.xml:827(title)
11256
#: serverguide/C/security.xml:839(title)
8531
11257
msgid "Other Tools"
8532
11258
msgstr ""
8533
11259
8534
#: serverguide/C/security.xml:828(para)
11260
#: serverguide/C/security.xml:840(para)
8535
11261
msgid ""
8536
11262
"There are many tools available to help you construct a complete firewall "
8537
11263
"without intimate knowledge of iptables. For the GUI-inclined:"
8538
11264
msgstr ""
8539
11265
8540
#: serverguide/C/security.xml:834(para)
8541
msgid ""
8542
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8543
"popular and easy to use."
8544
msgstr ""
8545
8546
#: serverguide/C/security.xml:839(para)
11266
#: serverguide/C/security.xml:846(para)
8547
11267
msgid ""
8548
11268
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8549
11269
"and will look familiar to an administrator who has used a commercial "
8550
11270
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8551
11271
msgstr ""
8552
11272
8553
#: serverguide/C/security.xml:845(para)
11273
#: serverguide/C/security.xml:852(para)
8554
11274
msgid ""
8555
11275
"If you prefer a command-line tool with plain-text configuration files:"
8556
11276
msgstr ""
8557
11277
8558
#: serverguide/C/security.xml:850(para)
11278
#: serverguide/C/security.xml:857(para)
8559
11279
msgid ""
8560
11280
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8561
11281
"powerful solution to help you configure an advanced firewall for any network."
8562
11282
msgstr ""
8563
11283
8564
#: serverguide/C/security.xml:856(para)
8565
msgid ""
8566
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8567
"a working firewall \"out of the box\" with zero configuration, and will "
8568
"allow you to easily set up a more advanced firewall by editing simple, well-"
8569
"documented configuration files."
8570
msgstr ""
8571
8572
#: serverguide/C/security.xml:863(para)
8573
msgid ""
8574
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8575
"designed to be a desktop firewall application. It is made up of a server "
8576
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8577
"like many popular interactive firewall applications for Windows."
8578
msgstr ""
8579
8580
#: serverguide/C/security.xml:875(para)
8581
msgid ""
8582
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
11284
#: serverguide/C/security.xml:868(para)
11285
msgid ""
11286
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
8583
11287
"Firewall</ulink> wiki page contains information on the development of "
8584
11288
"<application>ufw</application>."
8585
11289
msgstr ""
8586
11290
8587
#: serverguide/C/security.xml:881(para)
11291
#: serverguide/C/security.xml:874(para)
8588
11292
msgid ""
8589
11293
"Also, the <application>ufw</application> manual page contains some very "
8590
11294
"useful information: <command>man ufw</command>."
8591
11295
msgstr ""
8592
11296
8593
#: serverguide/C/security.xml:886(para)
11297
#: serverguide/C/security.xml:879(para)
8594
11298
msgid ""
8595
11299
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8596
11300
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8597
11301
"on using <application>iptables</application>."
8598
11302
msgstr ""
8599
11303
8600
#: serverguide/C/security.xml:892(para)
11304
#: serverguide/C/security.xml:885(para)
8601
11305
msgid ""
8602
11306
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8603
11307
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8604
11308
msgstr ""
8605
11309
8606
#: serverguide/C/security.xml:898(para)
11310
#: serverguide/C/security.xml:891(para)
8607
11311
msgid ""
8608
11312
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8609
11313
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8610
11314
msgstr ""
8611
11315
8612
#: serverguide/C/security.xml:906(title)
11316
#: serverguide/C/security.xml:899(title)
8613
11317
msgid "AppArmor"
8614
11318
msgstr ""
8615
11319
8616
#: serverguide/C/security.xml:907(para)
11320
#: serverguide/C/security.xml:900(para)
8617
11321
msgid ""
8618
11322
"<application>AppArmor</application> is a Linux Security Module "
8619
11323
"implementation of name-based mandatory access controls. AppArmor confines "
8621
11325
"capabilities."
8622
11326
msgstr ""
8623
11327
8624
#: serverguide/C/security.xml:911(para)
11328
#: serverguide/C/security.xml:904(para)
8625
11329
msgid ""
8626
11330
"<application>AppArmor</application> is installed and loaded by default. It "
8627
11331
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8630
11334
"<application>apparmor-profiles</application> package."
8631
11335
msgstr ""
8632
11336
8633
#: serverguide/C/security.xml:916(para)
11337
#: serverguide/C/security.xml:909(para)
8634
11338
msgid ""
8635
11339
"To install the <application>apparmor-profiles</application> package from a "
8636
11340
"terminal prompt:"
8637
11341
msgstr ""
8638
11342
8639
#: serverguide/C/security.xml:922(para)
11343
#: serverguide/C/security.xml:913(command)
11344
msgid "sudo apt-get install apparmor-profiles"
11345
msgstr ""
11346
11347
#: serverguide/C/security.xml:915(para)
8640
11348
msgid "AppArmor profiles have two modes of execution:"
8641
11349
msgstr ""
8642
11350
8643
#: serverguide/C/security.xml:927(para)
11351
#: serverguide/C/security.xml:920(para)
8644
11352
msgid ""
8645
11353
"Complaining/Learning: profile violations are permitted and logged. Useful "
8646
11354
"for testing and developing new profiles."
8647
11355
msgstr ""
8648
11356
8649
#: serverguide/C/security.xml:932(para)
11357
#: serverguide/C/security.xml:925(para)
8650
11358
msgid ""
8651
11359
"Enforced/Confined: enforces profile policy as well as logging the violation."
8652
11360
msgstr ""
8653
11361
8654
#: serverguide/C/security.xml:938(title)
11362
#: serverguide/C/security.xml:931(title)
8655
11363
msgid "Using AppArmor"
8656
11364
msgstr ""
8657
11365
8658
#: serverguide/C/security.xml:939(para)
11366
#: serverguide/C/security.xml:932(para)
8659
11367
msgid ""
8660
11368
"The <application>apparmor-utils</application> package contains command line "
8661
11369
"utilities that you can use to change the <application>AppArmor</application> "
8662
11370
"execution mode, find the status of a profile, create new profiles, etc."
8663
11371
msgstr ""
8664
11372
8665
#: serverguide/C/security.xml:945(para)
11373
#: serverguide/C/security.xml:938(para)
8666
11374
msgid ""
8667
11375
"<application>apparmor_status</application> is used to view the current "
8668
11376
"status of AppArmor profiles."
8669
11377
msgstr ""
8670
11378
8671
#: serverguide/C/security.xml:949(command)
11379
#: serverguide/C/security.xml:942(command)
8672
11380
msgid "sudo apparmor_status"
8673
11381
msgstr ""
8674
11382
8675
#: serverguide/C/security.xml:953(para)
11383
#: serverguide/C/security.xml:946(para)
8676
11384
msgid ""
8677
11385
"<application>aa-complain</application> places a profile into "
8678
11386
"<emphasis>complain</emphasis> mode."
8679
11387
msgstr ""
8680
11388
8681
#: serverguide/C/security.xml:957(command)
11389
#: serverguide/C/security.xml:950(command)
8682
11390
msgid "sudo aa-complain /path/to/bin"
8683
11391
msgstr ""
8684
11392
8685
#: serverguide/C/security.xml:961(para)
11393
#: serverguide/C/security.xml:954(para)
8686
11394
msgid ""
8687
11395
"<application>aa-enforce</application> places a profile into "
8688
11396
"<emphasis>enforce</emphasis> mode."
8689
11397
msgstr ""
8690
11398
8691
#: serverguide/C/security.xml:965(command)
11399
#: serverguide/C/security.xml:958(command)
8692
11400
msgid "sudo aa-enforce /path/to/bin"
8693
11401
msgstr ""
8694
11402
8695
#: serverguide/C/security.xml:969(para)
11403
#: serverguide/C/security.xml:962(para)
8696
11404
msgid ""
8697
11405
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8698
11406
"profiles are located. It can be used to manipulate the "
8699
11407
"<emphasis>mode</emphasis> of all profiles."
8700
11408
msgstr ""
8701
11409
8702
#: serverguide/C/security.xml:973(para)
11410
#: serverguide/C/security.xml:966(para)
8703
11411
msgid "Enter the following to place all profiles into complain mode:"
8704
11412
msgstr ""
8705
11413
8706
#: serverguide/C/security.xml:977(command)
11414
#: serverguide/C/security.xml:970(command)
8707
11415
msgid "sudo aa-complain /etc/apparmor.d/*"
8708
11416
msgstr ""
8709
11417
8710
#: serverguide/C/security.xml:979(para)
11418
#: serverguide/C/security.xml:972(para)
8711
11419
msgid "To place all profiles in enforce mode:"
8712
11420
msgstr ""
8713
11421
8714
#: serverguide/C/security.xml:983(command)
11422
#: serverguide/C/security.xml:976(command)
8715
11423
msgid "sudo aa-enforce /etc/apparmor.d/*"
8716
11424
msgstr ""
8717
11425
8718
#: serverguide/C/security.xml:987(para)
11426
#: serverguide/C/security.xml:980(para)
8719
11427
msgid ""
8720
11428
"<application>apparmor_parser</application> is used to load a profile into "
8721
11429
"the kernel. It can also be used to reload a currently loaded profile using "
8722
11430
"the <emphasis>-r</emphasis> option. To load a profile:"
8723
11431
msgstr ""
8724
11432
8725
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
11433
#: serverguide/C/security.xml:985(command) serverguide/C/security.xml:1017(command)
8726
11434
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8727
11435
msgstr ""
8728
11436
8729
#: serverguide/C/security.xml:994(para)
11437
#: serverguide/C/security.xml:987(para)
8730
11438
msgid "To reload a profile:"
8731
11439
msgstr ""
8732
11440
8733
#: serverguide/C/security.xml:998(command)
11441
#: serverguide/C/security.xml:991(command)
8734
11442
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8735
11443
msgstr ""
8736
11444
8737
#: serverguide/C/security.xml:1002(para)
11445
#: serverguide/C/security.xml:995(para)
8738
11446
msgid ""
8739
11447
"<filename>/etc/init.d/apparmor</filename> can be used to "
8740
11448
"<emphasis>reload</emphasis> all profiles:"
8741
11449
msgstr ""
8742
11450
8743
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
11451
#: serverguide/C/security.xml:999(command)
8744
11452
msgid "sudo /etc/init.d/apparmor reload"
8745
11453
msgstr ""
8746
11454
8747
#: serverguide/C/security.xml:1010(para)
11455
#: serverguide/C/security.xml:1003(para)
8748
11456
msgid ""
8749
11457
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8750
11458
"with the <application>apparmor_parser -R</application> option to "
8751
11459
"<emphasis>disable</emphasis> a profile."
8752
11460
msgstr ""
8753
11461
8754
#: serverguide/C/security.xml:1015(command)
11462
#: serverguide/C/security.xml:1008(command)
8755
11463
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8756
11464
msgstr ""
8757
11465
8758
#: serverguide/C/security.xml:1016(command)
11466
#: serverguide/C/security.xml:1009(command)
8759
11467
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8760
11468
msgstr ""
8761
11469
8762
#: serverguide/C/security.xml:1018(para)
11470
#: serverguide/C/security.xml:1011(para)
8763
11471
msgid ""
8764
11472
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8765
11473
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8766
11474
"load the profile using the <emphasis>-a</emphasis> option."
8767
11475
msgstr ""
8768
11476
8769
#: serverguide/C/security.xml:1023(command)
11477
#: serverguide/C/security.xml:1016(command)
8770
11478
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8771
11479
msgstr ""
8772
11480
8773
#: serverguide/C/security.xml:1028(para)
11481
#: serverguide/C/security.xml:1021(para)
8774
11482
msgid ""
8775
11483
"<application>AppArmor</application> can be disabled, and the kernel module "
8776
11484
"unloaded by entering the following:"
8777
11485
msgstr ""
8778
11486
8779
#: serverguide/C/security.xml:1032(command)
11487
#: serverguide/C/security.xml:1025(command)
8780
11488
msgid "sudo /etc/init.d/apparmor stop"
8781
11489
msgstr ""
8782
11490
8783
#: serverguide/C/security.xml:1033(command)
11491
#: serverguide/C/security.xml:1026(command)
8784
11492
msgid "sudo update-rc.d -f apparmor remove"
8785
11493
msgstr ""
8786
11494
8787
#: serverguide/C/security.xml:1037(para)
11495
#: serverguide/C/security.xml:1030(para)
8788
11496
msgid "To re-enable <application>AppArmor</application> enter:"
8789
11497
msgstr ""
8790
11498
8791
#: serverguide/C/security.xml:1041(command)
11499
#: serverguide/C/security.xml:1034(command)
8792
11500
msgid "sudo /etc/init.d/apparmor start"
8793
11501
msgstr ""
8794
11502
8795
#: serverguide/C/security.xml:1042(command)
11503
#: serverguide/C/security.xml:1035(command)
8796
11504
msgid "sudo update-rc.d apparmor defaults"
8797
11505
msgstr ""
8798
11506
8799
#: serverguide/C/security.xml:1047(para)
11507
#: serverguide/C/security.xml:1040(para)
8800
11508
msgid ""
8801
11509
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8802
11510
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8804
11512
"<application>ping</application> command use <filename>/bin/ping</filename>"
8805
11513
msgstr ""
8806
11514
8807
#: serverguide/C/security.xml:1055(title)
11515
#: serverguide/C/security.xml:1048(title)
8808
11516
msgid "Profiles"
8809
11517
msgstr ""
8810
11518
8811
#: serverguide/C/security.xml:1056(para)
11519
#: serverguide/C/security.xml:1049(para)
8812
11520
msgid ""
8813
11521
"<application>AppArmor</application> profiles are simple text files located "
8814
11522
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8817
11525
"profile for the <filename>/bin/ping</filename> command."
8818
11526
msgstr ""
8819
11527
8820
#: serverguide/C/security.xml:1062(para)
11528
#: serverguide/C/security.xml:1055(para)
8821
11529
msgid "There are two main type of rules used in profiles:"
8822
11530
msgstr ""
8823
11531
8824
#: serverguide/C/security.xml:1067(para)
11532
#: serverguide/C/security.xml:1060(para)
8825
11533
msgid ""
8826
11534
"<emphasis>Path entries:</emphasis> which detail which files an application "
8827
11535
"can access in the file system."
8828
11536
msgstr ""
8829
11537
8830
#: serverguide/C/security.xml:1072(para)
11538
#: serverguide/C/security.xml:1065(para)
8831
11539
msgid ""
8832
11540
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8833
11541
"confined process is allowed to use."
8834
11542
msgstr ""
8835
11543
8836
#: serverguide/C/security.xml:1077(para)
11544
#: serverguide/C/security.xml:1070(para)
8837
11545
msgid ""
8838
11546
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8839
11547
msgstr ""
8840
11548
8841
#: serverguide/C/security.xml:1080(programlisting)
11549
#: serverguide/C/security.xml:1073(programlisting)
8842
11550
#, no-wrap
8843
11551
msgid ""
8844
11552
"\n"
8857
11565
"}\n"
8858
11566
msgstr ""
8859
11567
8860
#: serverguide/C/security.xml:1097(para)
11568
#: serverguide/C/security.xml:1090(para)
8861
11569
msgid ""
8862
11570
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8863
11571
"from other files. This allows statements pertaining to multiple applications "
8864
11572
"to be placed in a common file."
8865
11573
msgstr ""
8866
11574
8867
#: serverguide/C/security.xml:1103(para)
11575
#: serverguide/C/security.xml:1096(para)
8868
11576
msgid ""
8869
11577
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8870
11578
"program, also setting the mode to <emphasis>complain</emphasis>."
8871
11579
msgstr ""
8872
11580
8873
#: serverguide/C/security.xml:1109(para)
11581
#: serverguide/C/security.xml:1102(para)
8874
11582
msgid ""
8875
11583
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8876
11584
"the CAP_NET_RAW Posix.1e capability."
8877
11585
msgstr ""
8878
11586
8879
#: serverguide/C/security.xml:1114(para)
11587
#: serverguide/C/security.xml:1107(para)
8880
11588
msgid ""
8881
11589
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8882
11590
"execute access to the file."
8883
11591
msgstr ""
8884
11592
8885
#: serverguide/C/security.xml:1120(para)
11593
#: serverguide/C/security.xml:1113(para)
8886
11594
msgid ""
8887
11595
"After editing a profile file the profile must be reloaded. See <xref "
8888
11596
"linkend=\"apparmor-usage\"/> for details."
8889
11597
msgstr ""
8890
11598
8891
#: serverguide/C/security.xml:1125(title)
11599
#: serverguide/C/security.xml:1118(title)
8892
11600
msgid "Creating a Profile"
8893
11601
msgstr ""
8894
11602
8895
#: serverguide/C/security.xml:1128(para)
11603
#: serverguide/C/security.xml:1121(para)
8896
11604
msgid ""
8897
11605
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8898
11606
"application should be exercised. The test plan should be divided into small "
8900
11608
"steps to follow."
8901
11609
msgstr ""
8902
11610
8903
#: serverguide/C/security.xml:1132(para)
11611
#: serverguide/C/security.xml:1125(para)
8904
11612
msgid "Some standard test cases are:"
8905
11613
msgstr ""
8906
11614
8907
#: serverguide/C/security.xml:1137(para)
11615
#: serverguide/C/security.xml:1130(para)
8908
11616
msgid "Starting the program."
8909
11617
msgstr ""
8910
11618
8911
#: serverguide/C/security.xml:1142(para)
11619
#: serverguide/C/security.xml:1135(para)
8912
11620
msgid "Stopping the program."
8913
11621
msgstr ""
8914
11622
8915
#: serverguide/C/security.xml:1147(para)
11623
#: serverguide/C/security.xml:1140(para)
8916
11624
msgid "Reloading the program."
8917
11625
msgstr ""
8918
11626
11627
#: serverguide/C/security.xml:1145(para)
11628
msgid "Testing all the commands supported by the init script."
11629
msgstr ""
11630
8919
11631
#: serverguide/C/security.xml:1152(para)
8920
msgid "Testing all the commands supported by the init script."
8921
msgstr ""
8922
8923
#: serverguide/C/security.xml:1159(para)
8924
11632
msgid ""
8925
11633
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8926
11634
"genprof</application> to generate a new profile. From a terminal:"
8927
11635
msgstr ""
8928
11636
8929
#: serverguide/C/security.xml:1164(command)
11637
#: serverguide/C/security.xml:1157(command)
8930
11638
msgid "sudo aa-genprof executable"
8931
11639
msgstr ""
8932
11640
8933
#: serverguide/C/security.xml:1166(para)
11641
#: serverguide/C/security.xml:1159(para)
8934
11642
msgid "For example:"
8935
11643
msgstr ""
8936
11644
8937
#: serverguide/C/security.xml:1170(command)
11645
#: serverguide/C/security.xml:1163(command)
8938
11646
msgid "sudo aa-genprof slapd"
8939
11647
msgstr ""
8940
11648
8941
#: serverguide/C/security.xml:1174(para)
11649
#: serverguide/C/security.xml:1167(para)
8942
11650
msgid ""
8943
11651
"To get your new profile included in the <application>apparmor-"
8944
11652
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8947
11655
"/ulink> package:"
8948
11656
msgstr ""
8949
11657
8950
#: serverguide/C/security.xml:1181(para)
11658
#: serverguide/C/security.xml:1174(para)
8951
11659
msgid "Include your test plan and test cases."
8952
11660
msgstr ""
8953
11661
8954
#: serverguide/C/security.xml:1186(para)
11662
#: serverguide/C/security.xml:1179(para)
8955
11663
msgid "Attach your new profile to the bug."
8956
11664
msgstr ""
8957
11665
8958
#: serverguide/C/security.xml:1195(title)
11666
#: serverguide/C/security.xml:1188(title)
8959
11667
msgid "Updating Profiles"
8960
11668
msgstr ""
8961
11669
8962
#: serverguide/C/security.xml:1196(para)
11670
#: serverguide/C/security.xml:1189(para)
8963
11671
msgid ""
8964
11672
"When the program is misbehaving, audit messages are sent to the log files. "
8965
11673
"The program <application>aa-logprof</application> can be used to scan log "
8967
11675
"and update the profiles. From a terminal:"
8968
11676
msgstr ""
8969
11677
8970
#: serverguide/C/security.xml:1201(command)
11678
#: serverguide/C/security.xml:1194(command)
8971
11679
msgid "sudo aa-logprof"
8972
11680
msgstr ""
8973
11681
8974
#: serverguide/C/security.xml:1209(para)
11682
#: serverguide/C/security.xml:1202(para)
8975
11683
msgid ""
8976
11684
"See the <ulink "
8977
11685
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8980
11688
"configuration options."
8981
11689
msgstr ""
8982
11690
8983
#: serverguide/C/security.xml:1216(para)
11691
#: serverguide/C/security.xml:1209(para)
8984
11692
msgid ""
8985
11693
"For details using AppArmor with other Ubuntu releases see the <ulink "
8986
11694
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8987
11695
"Wiki</ulink> page."
8988
11696
msgstr ""
8989
11697
11698
#: serverguide/C/security.xml:1217(para)
11699
msgid ""
11700
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
11701
"AppArmor</ulink> page is another introduction to AppArmor."
11702
msgstr ""
11703
8990
11704
#: serverguide/C/security.xml:1224(para)
8991
11705
msgid ""
8992
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8993
"page is another introduction to AppArmor."
8994
msgstr ""
8995
8996
#: serverguide/C/security.xml:1231(para)
8997
msgid ""
8998
11706
"A great place to ask for <application>AppArmor</application> assistance, and "
8999
11707
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9000
11708
"server</emphasis> IRC channel on <ulink "
9001
11709
"url=\"http://freenode.net\">freenode</ulink>."
9002
11710
msgstr ""
9003
11711
9004
#: serverguide/C/security.xml:1241(title)
11712
#: serverguide/C/security.xml:1234(title)
9005
11713
msgid "Certificates"
9006
11714
msgstr ""
9007
11715
9008
#: serverguide/C/security.xml:1242(para)
11716
#: serverguide/C/security.xml:1235(para)
9009
11717
msgid ""
9010
11718
"One of the most common forms of cryptography today is <emphasis>public-"
9011
11719
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9015
11723
"the private key."
9016
11724
msgstr ""
9017
11725
9018
#: serverguide/C/security.xml:1248(para)
11726
#: serverguide/C/security.xml:1241(para)
9019
11727
msgid ""
9020
11728
"A common use for public-key cryptography is encrypting application traffic "
9021
11729
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9024
11732
"encrypt traffic using a protocol that does not itself provide encryption."
9025
11733
msgstr ""
9026
11734
9027
#: serverguide/C/security.xml:1253(para)
11735
#: serverguide/C/security.xml:1246(para)
9028
11736
msgid ""
9029
11737
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9030
11738
"<emphasis>public key</emphasis> and other information about a server and the "
9034
11742
"certificate is accurate."
9035
11743
msgstr ""
9036
11744
9037
#: serverguide/C/security.xml:1260(title)
11745
#: serverguide/C/security.xml:1253(title)
9038
11746
msgid "Types of Certificates"
9039
11747
msgstr ""
9040
11748
9041
#: serverguide/C/security.xml:1261(para)
11749
#: serverguide/C/security.xml:1254(para)
9042
11750
msgid ""
9043
11751
"To set up a secure server using public-key cryptography, in most cases, you "
9044
11752
"send your certificate request (including your public key), proof of your "
9048
11756
"signed</emphasis> certificate."
9049
11757
msgstr ""
9050
11758
9051
#: serverguide/C/security.xml:1271(para)
11759
#: serverguide/C/security.xml:1264(para)
9052
11760
msgid ""
9053
11761
"Note, that self-signed certificates should not be used in most production "
9054
11762
"environments."
9055
11763
msgstr ""
9056
11764
9057
#: serverguide/C/security.xml:1275(para)
11765
#: serverguide/C/security.xml:1268(para)
9058
11766
msgid ""
9059
11767
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9060
11768
"capabilities that a self-signed certificate does not:"
9061
11769
msgstr ""
9062
11770
9063
#: serverguide/C/security.xml:1282(para)
11771
#: serverguide/C/security.xml:1275(para)
9064
11772
msgid ""
9065
11773
"Browsers (usually) automatically recognize the certificate and allow a "
9066
11774
"secure connection to be made without prompting the user."
9067
11775
msgstr ""
9068
11776
9069
#: serverguide/C/security.xml:1289(para)
11777
#: serverguide/C/security.xml:1282(para)
9070
11778
msgid ""
9071
11779
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9072
11780
"the organization that is providing the web pages to the browser."
9073
11781
msgstr ""
9074
11782
9075
#: serverguide/C/security.xml:1297(para)
11783
#: serverguide/C/security.xml:1290(para)
9076
11784
msgid ""
9077
11785
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9078
11786
"certificates they automatically accept. If a browser encounters a "
9081
11789
"may generate an error message when using a self-singed certificate."
9082
11790
msgstr ""
9083
11791
9084
#: serverguide/C/security.xml:1305(para)
11792
#: serverguide/C/security.xml:1298(para)
9085
11793
msgid ""
9086
11794
"The process of getting a certificate from a CA is fairly easy. A quick "
9087
11795
"overview is as follows:"
9088
11796
msgstr ""
9089
11797
9090
#: serverguide/C/security.xml:1312(para)
11798
#: serverguide/C/security.xml:1305(para)
9091
11799
msgid "Create a private and public encryption key pair."
9092
11800
msgstr ""
9093
11801
9094
#: serverguide/C/security.xml:1315(para)
11802
#: serverguide/C/security.xml:1308(para)
9095
11803
msgid ""
9096
11804
"Create a certificate request based on the public key. The certificate "
9097
11805
"request contains information about your server and the company hosting it."
9098
11806
msgstr ""
9099
11807
9100
#: serverguide/C/security.xml:1320(para)
11808
#: serverguide/C/security.xml:1313(para)
9101
11809
msgid ""
9102
11810
"Send the certificate request, along with documents proving your identity, to "
9103
11811
"a CA. We cannot tell you which certificate authority to choose. Your "
9105
11813
"your friends or colleagues, or purely on monetary factors."
9106
11814
msgstr ""
9107
11815
9108
#: serverguide/C/security.xml:1326(para)
11816
#: serverguide/C/security.xml:1319(para)
9109
11817
msgid ""
9110
11818
"Once you have decided upon a CA, you need to follow the instructions they "
9111
11819
"provide on how to obtain a certificate from them."
9112
11820
msgstr ""
9113
11821
9114
#: serverguide/C/security.xml:1331(para)
11822
#: serverguide/C/security.xml:1324(para)
9115
11823
msgid ""
9116
11824
"When the CA is satisfied that you are indeed who you claim to be, they send "
9117
11825
"you a digital certificate."
9118
11826
msgstr ""
9119
11827
9120
#: serverguide/C/security.xml:1335(para)
11828
#: serverguide/C/security.xml:1328(para)
9121
11829
msgid ""
9122
11830
"Install this certificate on your secure server, and configure the "
9123
11831
"appropriate applications to use the certificate."
9124
11832
msgstr ""
9125
11833
9126
#: serverguide/C/security.xml:1344(title)
11834
#: serverguide/C/security.xml:1337(title)
9127
11835
msgid "Generating a Certificate Signing Request (CSR)"
9128
11836
msgstr ""
9129
11837
9130
#: serverguide/C/security.xml:1346(para)
11838
#: serverguide/C/security.xml:1339(para)
9131
11839
msgid ""
9132
11840
"Whether you are getting a certificate from a CA or generating your own self-"
9133
11841
"signed certificate, the first step is to generate a key."
9134
11842
msgstr ""
9135
11843
9136
#: serverguide/C/security.xml:1351(para)
11844
#: serverguide/C/security.xml:1344(para)
9137
11845
msgid ""
9138
11846
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9139
11847
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9141
11849
"the preferred way to start a daemon."
9142
11850
msgstr ""
9143
11851
9144
#: serverguide/C/security.xml:1357(para)
11852
#: serverguide/C/security.xml:1350(para)
9145
11853
msgid ""
9146
11854
"This section will cover generating a key with a passphrase, and one without. "
9147
11855
"The non-passphrase key will then be used to generate a certificate that can "
9148
11856
"be used with various service daemons."
9149
11857
msgstr ""
9150
11858
9151
#: serverguide/C/security.xml:1363(para)
11859
#: serverguide/C/security.xml:1356(para)
9152
11860
msgid ""
9153
11861
"Running your secure service without a passphrase is convenient because you "
9154
11862
"will not need to enter the passphrase every time you start your secure "
9156
11864
"of the server as well."
9157
11865
msgstr ""
9158
11866
9159
#: serverguide/C/security.xml:1370(para)
11867
#: serverguide/C/security.xml:1363(para)
9160
11868
msgid ""
9161
11869
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9162
11870
"Request (CSR) run the following command from a terminal prompt:"
9163
11871
msgstr ""
9164
11872
9165
#: serverguide/C/security.xml:1376(command)
9166
msgid "openssl genrsa -des3 -out server.key 1024"
11873
#: serverguide/C/security.xml:1369(command)
11874
msgid "openssl genrsa -des3 -out server.key 2048"
9167
11875
msgstr ""
9168
11876
9169
#: serverguide/C/security.xml:1379(programlisting)
11877
#: serverguide/C/security.xml:1372(programlisting)
9170
11878
#, no-wrap
9171
11879
msgid ""
9172
11880
"\n"
9173
"Generating RSA private key, 1024 bit long modulus\n"
9174
".....................++++++\n"
9175
".................++++++\n"
9176
"unable to write 'random state'\n"
11881
"Generating RSA private key, 2048 bit long modulus\n"
11882
"..........................++++++\n"
11883
".......++++++\n"
9177
11884
"e is 65537 (0x10001)\n"
9178
11885
"Enter pass phrase for server.key:\n"
9179
11886
msgstr ""
9180
11887
9181
#: serverguide/C/security.xml:1388(para)
11888
#: serverguide/C/security.xml:1380(para)
9182
11889
msgid ""
9183
11890
"You can now enter your passphrase. For best security, it should at least "
9184
11891
"contain eight characters. The minimum length when specifying -des3 is four "
9186
11893
"in a dictionary. Also remember that your passphrase is case-sensitive."
9187
11894
msgstr ""
9188
11895
9189
#: serverguide/C/security.xml:1396(para)
11896
#: serverguide/C/security.xml:1388(para)
9190
11897
msgid ""
9191
11898
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9192
11899
"server key is generated and stored in the <filename>server.key</filename> "
9193
11900
"file."
9194
11901
msgstr ""
9195
11902
9196
#: serverguide/C/security.xml:1402(para)
11903
#: serverguide/C/security.xml:1394(para)
9197
11904
msgid ""
9198
11905
"Now create the insecure key, the one without a passphrase, and shuffle the "
9199
11906
"key names:"
9200
11907
msgstr ""
9201
11908
9202
#: serverguide/C/security.xml:1408(command)
11909
#: serverguide/C/security.xml:1400(command)
9203
11910
msgid "openssl rsa -in server.key -out server.key.insecure"
9204
11911
msgstr ""
9205
11912
9206
#: serverguide/C/security.xml:1409(command)
11913
#: serverguide/C/security.xml:1401(command)
9207
11914
msgid "mv server.key server.key.secure"
9208
11915
msgstr ""
9209
11916
9210
#: serverguide/C/security.xml:1410(command)
11917
#: serverguide/C/security.xml:1402(command)
9211
11918
msgid "mv server.key.insecure server.key"
9212
11919
msgstr ""
9213
11920
9214
#: serverguide/C/security.xml:1413(para)
11921
#: serverguide/C/security.xml:1405(para)
9215
11922
msgid ""
9216
11923
"The insecure key is now named <filename>server.key</filename>, and you can "
9217
11924
"use this file to generate the CSR without passphrase."
9218
11925
msgstr ""
9219
11926
9220
#: serverguide/C/security.xml:1418(para)
11927
#: serverguide/C/security.xml:1410(para)
9221
11928
msgid "To create the CSR, run the following command at a terminal prompt:"
9222
11929
msgstr ""
9223
11930
9224
#: serverguide/C/security.xml:1423(command)
11931
#: serverguide/C/security.xml:1415(command)
9225
11932
msgid "openssl req -new -key server.key -out server.csr"
9226
11933
msgstr ""
9227
11934
9228
#: serverguide/C/security.xml:1426(para)
11935
#: serverguide/C/security.xml:1418(para)
9229
11936
msgid ""
9230
11937
"It will prompt you enter the passphrase. If you enter the correct "
9231
11938
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9233
11940
"be stored in the <filename>server.csr</filename> file."
9234
11941
msgstr ""
9235
11942
9236
#: serverguide/C/security.xml:1434(para)
11943
#: serverguide/C/security.xml:1426(para)
9237
11944
msgid ""
9238
11945
"You can now submit this CSR file to a CA for processing. The CA will use "
9239
11946
"this CSR file and issue the certificate. On the other hand, you can create "
9240
11947
"self-signed certificate using this CSR."
9241
11948
msgstr ""
9242
11949
9243
#: serverguide/C/security.xml:1442(title)
11950
#: serverguide/C/security.xml:1434(title)
9244
11951
msgid "Creating a Self-Signed Certificate"
9245
11952
msgstr ""
9246
11953
9247
#: serverguide/C/security.xml:1443(para)
11954
#: serverguide/C/security.xml:1435(para)
9248
11955
msgid ""
9249
11956
"To create the self-signed certificate, run the following command at a "
9250
11957
"terminal prompt:"
9251
11958
msgstr ""
9252
11959
9253
#: serverguide/C/security.xml:1448(command)
11960
#: serverguide/C/security.xml:1440(command)
9254
11961
msgid ""
9255
11962
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9256
11963
"server.crt"
9257
11964
msgstr ""
9258
11965
9259
#: serverguide/C/security.xml:1451(para)
11966
#: serverguide/C/security.xml:1443(para)
9260
11967
msgid ""
9261
11968
"The above command will prompt you to enter the passphrase. Once you enter "
9262
11969
"the correct passphrase, your certificate will be created and it will be "
9263
11970
"stored in the <filename>server.crt</filename> file."
9264
11971
msgstr ""
9265
11972
9266
#: serverguide/C/security.xml:1456(para)
11973
#: serverguide/C/security.xml:1448(para)
9267
11974
msgid ""
9268
11975
"If your secure server is to be used in a production environment, you "
9269
11976
"probably need a CA-signed certificate. It is not recommended to use self-"
9270
11977
"signed certificate."
9271
11978
msgstr ""
9272
11979
9273
#: serverguide/C/security.xml:1464(title)
11980
#: serverguide/C/security.xml:1456(title)
9274
11981
msgid "Installing the Certificate"
9275
11982
msgstr ""
9276
11983
9277
#: serverguide/C/security.xml:1466(para)
11984
#: serverguide/C/security.xml:1458(para)
9278
11985
msgid ""
9279
11986
"You can install the key file <filename>server.key</filename> and certificate "
9280
11987
"file <filename>server.crt</filename>, or the certificate file issued by your "
9281
11988
"CA, by running following commands at a terminal prompt:"
9282
11989
msgstr ""
9283
11990
9284
#: serverguide/C/security.xml:1472(command)
11991
#: serverguide/C/security.xml:1464(command)
9285
11992
msgid "sudo cp server.crt /etc/ssl/certs"
9286
11993
msgstr ""
9287
11994
9288
#: serverguide/C/security.xml:1473(command)
11995
#: serverguide/C/security.xml:1465(command)
9289
11996
msgid "sudo cp server.key /etc/ssl/private"
9290
11997
msgstr ""
9291
11998
9292
#: serverguide/C/security.xml:1475(para)
11999
#: serverguide/C/security.xml:1467(para)
9293
12000
msgid ""
9294
12001
"Now simply configure any applications, with the ability to use public-key "
9295
12002
"cryptography, to use the <emphasis>certificate</emphasis> and "
9298
12005
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9299
12006
msgstr ""
9300
12007
9301
#: serverguide/C/security.xml:1482(title)
12008
#: serverguide/C/security.xml:1474(title)
9302
12009
msgid "Certification Authority"
9303
12010
msgstr ""
9304
12011
9305
#: serverguide/C/security.xml:1484(para)
12012
#: serverguide/C/security.xml:1476(para)
9306
12013
msgid ""
9307
12014
"If the services on your network require more than a few self-signed "
9308
12015
"certificates it may be worth the additional effort to setup your own "
9312
12019
"the same CA."
9313
12020
msgstr ""
9314
12021
9315
#: serverguide/C/security.xml:1494(para)
12022
#: serverguide/C/security.xml:1486(para)
9316
12023
msgid ""
9317
12024
"First, create the directories to hold the CA certificate and related files:"
9318
12025
msgstr ""
9319
12026
9320
#: serverguide/C/security.xml:1499(command)
12027
#: serverguide/C/security.xml:1491(command)
9321
12028
msgid "sudo mkdir /etc/ssl/CA"
9322
12029
msgstr ""
9323
12030
9324
#: serverguide/C/security.xml:1500(command)
12031
#: serverguide/C/security.xml:1492(command)
9325
12032
msgid "sudo mkdir /etc/ssl/newcerts"
9326
12033
msgstr ""
9327
12034
9328
#: serverguide/C/security.xml:1506(para)
12035
#: serverguide/C/security.xml:1498(para)
9329
12036
msgid ""
9330
12037
"The CA needs a few additional files to operate, one to keep track of the "
9331
12038
"last serial number used by the CA, each certificate must have a unique "
9333
12040
"issued:"
9334
12041
msgstr ""
9335
12042
9336
#: serverguide/C/security.xml:1513(command)
12043
#: serverguide/C/security.xml:1505(command)
9337
12044
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9338
12045
msgstr ""
9339
12046
9340
#: serverguide/C/security.xml:1514(command)
12047
#: serverguide/C/security.xml:1506(command)
9341
12048
msgid "sudo touch /etc/ssl/CA/index.txt"
9342
12049
msgstr ""
9343
12050
9344
#: serverguide/C/security.xml:1520(para)
12051
#: serverguide/C/security.xml:1512(para)
9345
12052
msgid ""
9346
12053
"The third file is a CA configuration file. Though not strictly necessary, it "
9347
12054
"is very convenient when issuing multiple certificates. Edit "
9349
12056
"]</emphasis> change:"
9350
12057
msgstr ""
9351
12058
9352
#: serverguide/C/security.xml:1526(programlisting)
12059
#: serverguide/C/security.xml:1518(programlisting)
9353
12060
#, no-wrap
9354
12061
msgid ""
9355
12062
"\n"
9360
12067
"private_key = $dir/private/cakey.pem# The private key\n"
9361
12068
msgstr ""
9362
12069
9363
#: serverguide/C/security.xml:1537(para)
12070
#: serverguide/C/security.xml:1529(para)
9364
12071
msgid "Next, create the self-singed root certificate:"
9365
12072
msgstr ""
9366
12073
9367
#: serverguide/C/security.xml:1542(command)
12074
#: serverguide/C/security.xml:1534(command)
9368
12075
msgid ""
9369
12076
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9370
12077
"days 3650"
9371
12078
msgstr ""
9372
12079
9373
#: serverguide/C/security.xml:1545(para)
12080
#: serverguide/C/security.xml:1537(para)
9374
12081
msgid "You will then be asked to enter the details about the certificate."
9375
12082
msgstr ""
9376
12083
9377
#: serverguide/C/security.xml:1552(para)
12084
#: serverguide/C/security.xml:1544(para)
9378
12085
msgid "Now install the root certificate and key:"
9379
12086
msgstr ""
9380
12087
9381
#: serverguide/C/security.xml:1557(command)
12088
#: serverguide/C/security.xml:1549(command)
9382
12089
msgid "sudo mv cakey.pem /etc/ssl/private/"
9383
12090
msgstr ""
9384
12091
9385
#: serverguide/C/security.xml:1558(command)
12092
#: serverguide/C/security.xml:1550(command)
9386
12093
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9387
12094
msgstr ""
9388
12095
9389
#: serverguide/C/security.xml:1564(para)
12096
#: serverguide/C/security.xml:1556(para)
9390
12097
msgid ""
9391
12098
"You are now ready to start signing certificates. The first item needed is a "
9392
12099
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9394
12101
"certificate signed by the CA:"
9395
12102
msgstr ""
9396
12103
9397
#: serverguide/C/security.xml:1571(command)
12104
#: serverguide/C/security.xml:1563(command)
9398
12105
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9399
12106
msgstr ""
9400
12107
9401
#: serverguide/C/security.xml:1574(para)
12108
#: serverguide/C/security.xml:1566(para)
9402
12109
msgid ""
9403
12110
"After entering the password for the CA key, you will be prompted to sign the "
9404
12111
"certificate, and again to commit the new certificate. You should then see a "
9405
12112
"somewhat large amount of output related to the certificate creation."
9406
12113
msgstr ""
9407
12114
9408
#: serverguide/C/security.xml:1583(para)
12115
#: serverguide/C/security.xml:1575(para)
9409
12116
msgid ""
9410
12117
"There should now be a new file, "
9411
12118
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9416
12123
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9417
12124
msgstr ""
9418
12125
9419
#: serverguide/C/security.xml:1591(para)
12126
#: serverguide/C/security.xml:1583(para)
9420
12127
msgid ""
9421
12128
"Subsequent certificates will be named <filename>02.pem</filename>, "
9422
12129
"<filename>03.pem</filename>, etc."
9423
12130
msgstr ""
9424
12131
9425
#: serverguide/C/security.xml:1596(para)
12132
#: serverguide/C/security.xml:1588(para)
9426
12133
msgid ""
9427
12134
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9428
12135
"name."
9429
12136
msgstr ""
9430
12137
9431
#: serverguide/C/security.xml:1604(para)
12138
#: serverguide/C/security.xml:1596(para)
9432
12139
msgid ""
9433
12140
"Finally, copy the new certificate to the host that needs it, and configure "
9434
12141
"the appropriate applications to use it. The default location to install "
9437
12144
"complicated file permissions."
9438
12145
msgstr ""
9439
12146
9440
#: serverguide/C/security.xml:1610(para)
12147
#: serverguide/C/security.xml:1602(para)
9441
12148
msgid ""
9442
12149
"For applications that can be configured to use a CA certificate, you should "
9443
12150
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9445
12152
"server."
9446
12153
msgstr ""
9447
12154
9448
#: serverguide/C/security.xml:1624(para)
12155
#: serverguide/C/security.xml:1616(para)
9449
12156
msgid ""
9450
12157
"For more detailed instructions on using cryptography see the <ulink "
9451
12158
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9452
12159
"Certificates HOWTO</ulink> by tlpd.org"
9453
12160
msgstr ""
9454
12161
9455
#: serverguide/C/security.xml:1630(para)
9456
msgid ""
9457
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9458
"of Certificate Authorities."
9459
msgstr ""
9460
9461
#: serverguide/C/security.xml:1635(para)
12162
#: serverguide/C/security.xml:1622(para)
9462
12163
msgid ""
9463
12164
"The Wikipedia <ulink "
9464
12165
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9465
12166
"information regarding HTTPS."
9466
12167
msgstr ""
9467
12168
9468
#: serverguide/C/security.xml:1640(para)
12169
#: serverguide/C/security.xml:1627(para)
9469
12170
msgid ""
9470
12171
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9471
12172
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9472
12173
msgstr ""
9473
12174
9474
#: serverguide/C/security.xml:1645(para)
12175
#: serverguide/C/security.xml:1632(para)
9475
12176
msgid ""
9476
12177
"Also, O'Reilly's <ulink "
9477
12178
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9478
12179
"OpenSSL</ulink> is a good in depth reference."
9479
12180
msgstr ""
9480
12181
9481
#: serverguide/C/security.xml:1654(title)
12182
#: serverguide/C/security.xml:1641(title)
9482
12183
msgid "eCryptfs"
9483
12184
msgstr ""
9484
12185
9485
#: serverguide/C/security.xml:1656(para)
12186
#: serverguide/C/security.xml:1643(para)
9486
12187
msgid ""
9487
12188
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9488
12189
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9490
12191
"filesystem, partition type, etc."
9491
12192
msgstr ""
9492
12193
9493
#: serverguide/C/security.xml:1662(para)
12194
#: serverguide/C/security.xml:1649(para)
9494
12195
msgid ""
9495
12196
"During installation there is an option to encrypt the <filename "
9496
12197
"role=\"directory\">/home</filename> partition. This will automatically "
9497
12198
"configure everything needed to encrypt and mount the partition."
9498
12199
msgstr ""
9499
12200
9500
#: serverguide/C/security.xml:1667(para)
12201
#: serverguide/C/security.xml:1654(para)
9501
12202
msgid ""
9502
12203
"As an example, this section will cover configuring <filename "
9503
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
12204
"role=\"directory\">/srv</filename> to be encrypted using "
12205
"<emphasis>eCryptfs</emphasis>."
9504
12206
msgstr ""
9505
12207
9506
#: serverguide/C/security.xml:1672(title)
12208
#: serverguide/C/security.xml:1659(title)
9507
12209
msgid "Using eCryptfs"
9508
12210
msgstr ""
9509
12211
9510
#: serverguide/C/security.xml:1674(para)
12212
#: serverguide/C/security.xml:1661(para)
9511
12213
msgid "First, install the necessary packages. From a terminal prompt enter:"
9512
12214
msgstr ""
9513
12215
9514
#: serverguide/C/security.xml:1679(command)
12216
#: serverguide/C/security.xml:1666(command)
9515
12217
msgid "sudo apt-get install ecryptfs-utils"
9516
12218
msgstr ""
9517
12219
9518
#: serverguide/C/security.xml:1682(para)
12220
#: serverguide/C/security.xml:1669(para)
9519
12221
msgid "Now mount the partition to be encrypted:"
9520
12222
msgstr ""
9521
12223
9522
#: serverguide/C/security.xml:1687(command)
12224
#: serverguide/C/security.xml:1674(command)
9523
12225
msgid "sudo mount -t ecryptfs /srv /srv"
9524
12226
msgstr ""
9525
12227
9526
#: serverguide/C/security.xml:1690(para)
12228
#: serverguide/C/security.xml:1677(para)
9527
12229
msgid ""
9528
12230
"You will then be prompted for some details on how "
9529
12231
"<application>ecryptfs</application> should encrypt the data."
9530
12232
msgstr ""
9531
12233
9532
#: serverguide/C/security.xml:1694(para)
12234
#: serverguide/C/security.xml:1681(para)
9533
12235
msgid ""
9534
12236
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9535
12237
"copy the <filename>/etc/default</filename> folder to "
9536
12238
"<filename>/srv</filename>:"
9537
12239
msgstr ""
9538
12240
9539
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
12241
#: serverguide/C/security.xml:1687(command) serverguide/C/clustering.xml:192(command)
9540
12242
msgid "sudo cp -r /etc/default /srv"
9541
12243
msgstr ""
9542
12244
9543
#: serverguide/C/security.xml:1703(para)
12245
#: serverguide/C/security.xml:1690(para)
9544
12246
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9545
12247
msgstr ""
9546
12248
9547
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
12249
#: serverguide/C/security.xml:1695(command) serverguide/C/installation.xml:1134(command) serverguide/C/clustering.xml:200(command)
9548
12250
msgid "sudo umount /srv"
9549
12251
msgstr ""
9550
12252
9551
#: serverguide/C/security.xml:1709(command)
12253
#: serverguide/C/security.xml:1696(command)
9552
12254
msgid "cat /srv/default/cron"
9553
12255
msgstr ""
9554
12256
9555
#: serverguide/C/security.xml:1712(para)
12257
#: serverguide/C/security.xml:1699(para)
9556
12258
msgid ""
9557
12259
"Remounting <filename>/srv</filename> using "
9558
12260
"<application>ecryptfs</application> will make the data viewable once again."
9559
12261
msgstr ""
9560
12262
9561
#: serverguide/C/security.xml:1718(title)
12263
#: serverguide/C/security.xml:1705(title)
9562
12264
msgid "Automatically Mounting Encrypted Partitions"
9563
12265
msgstr ""
9564
12266
9565
#: serverguide/C/security.xml:1720(para)
12267
#: serverguide/C/security.xml:1707(para)
9566
12268
msgid ""
9567
12269
"There are a couple of ways to automatically mount an "
9568
12270
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9570
12272
"mount options, along with a passphrase file residing on a USB key."
9571
12273
msgstr ""
9572
12274
9573
#: serverguide/C/security.xml:1726(para)
12275
#: serverguide/C/security.xml:1713(para)
9574
12276
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9575
12277
msgstr ""
9576
12278
9577
#: serverguide/C/security.xml:1730(programlisting)
12279
#: serverguide/C/security.xml:1717(programlisting)
9578
12280
#, no-wrap
9579
12281
msgid ""
9580
12282
"\n"
9586
12288
"ecryptfs_enable_filename_crypto=n\n"
9587
12289
msgstr ""
9588
12290
9589
#: serverguide/C/security.xml:1740(para)
12291
#: serverguide/C/security.xml:1727(para)
9590
12292
msgid ""
9591
12293
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9592
12294
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9593
12295
msgstr ""
9594
12296
9595
#: serverguide/C/security.xml:1745(para)
12297
#: serverguide/C/security.xml:1732(para)
9596
12298
msgid ""
9597
12299
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9598
12300
"file:"
9599
12301
msgstr ""
9600
12302
9601
#: serverguide/C/security.xml:1749(programlisting)
12303
#: serverguide/C/security.xml:1736(programlisting)
9602
12304
#, no-wrap
9603
12305
msgid ""
9604
12306
"\n"
9605
12307
"passphrase_passwd=[secrets]\n"
9606
12308
msgstr ""
9607
12309
9608
#: serverguide/C/security.xml:1753(para)
12310
#: serverguide/C/security.xml:1740(para)
9609
12311
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9610
12312
msgstr ""
9611
12313
9612
#: serverguide/C/security.xml:1757(programlisting)
12314
#: serverguide/C/security.xml:1744(programlisting)
9613
12315
#, no-wrap
9614
12316
msgid ""
9615
12317
"\n"
9617
12319
"/srv /srv ecryptfs defaults 0 0\n"
9618
12320
msgstr ""
9619
12321
9620
#: serverguide/C/security.xml:1762(para)
12322
#: serverguide/C/security.xml:1749(para)
9621
12323
msgid "Make sure the USB drive is mounted before the encrypted partition."
9622
12324
msgstr ""
9623
12325
9624
#: serverguide/C/security.xml:1766(para)
12326
#: serverguide/C/security.xml:1753(para)
9625
12327
msgid ""
9626
12328
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9627
"ecryptfs."
9628
msgstr ""
9629
9630
#: serverguide/C/security.xml:1774(para)
12329
"<emphasis>eCryptfs</emphasis>."
12330
msgstr ""
12331
12332
#: serverguide/C/security.xml:1759(title)
12333
msgid "Other Utilities"
12334
msgstr ""
12335
12336
#: serverguide/C/security.xml:1761(para)
9631
12337
msgid ""
9632
12338
"The <application>ecryptfs-utils</application> package includes several other "
9633
12339
"useful utilities:"
9634
12340
msgstr ""
9635
12341
9636
#: serverguide/C/security.xml:1780(para)
12342
#: serverguide/C/security.xml:1767(para)
9637
12343
msgid ""
9638
12344
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9639
12345
"<filename>~/Private</filename> directory to contain encrypted information. "
9641
12347
"other users on the system."
9642
12348
msgstr ""
9643
12349
9644
#: serverguide/C/security.xml:1787(para)
12350
#: serverguide/C/security.xml:1774(para)
9645
12351
msgid ""
9646
12352
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9647
12353
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9648
12354
"directory."
9649
12355
msgstr ""
9650
12356
9651
#: serverguide/C/security.xml:1793(para)
12357
#: serverguide/C/security.xml:1780(para)
9652
12358
msgid ""
9653
12359
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9654
12360
"kernel keyring."
9655
12361
msgstr ""
9656
12362
9657
#: serverguide/C/security.xml:1798(para)
12363
#: serverguide/C/security.xml:1785(para)
9658
12364
msgid ""
9659
12365
"<emphasis>ecryptfs-manager:</emphasis> manages "
9660
12366
"<application>eCryptfs</application> objects such as keys."
9661
12367
msgstr ""
9662
12368
9663
#: serverguide/C/security.xml:1803(para)
12369
#: serverguide/C/security.xml:1790(para)
9664
12370
msgid ""
9665
12371
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9666
12372
"<application>ecryptfs</application> meta information for a file."
9667
12373
msgstr ""
9668
12374
9669
#: serverguide/C/security.xml:1816(para)
12375
#: serverguide/C/security.xml:1803(para)
9670
12376
msgid ""
9671
"For more information on eCryptfs see the <ulink "
12377
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
9672
12378
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9673
12379
msgstr ""
9674
12380
9675
#: serverguide/C/security.xml:1821(para)
12381
#: serverguide/C/security.xml:1808(para)
9676
12382
msgid ""
9677
12383
"There is also a <ulink "
9678
12384
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9679
"article covering eCryptfs."
12385
"article covering <emphasis>eCryptfs</emphasis>."
9680
12386
msgstr ""
9681
12387
9682
#: serverguide/C/security.xml:1826(para)
12388
#: serverguide/C/security.xml:1813(para)
9683
12389
msgid ""
9684
12390
"Also, for more <application>ecryptfs</application> options see the <ulink "
9685
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9686
"ecryptfs man page</ulink>."
12391
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man7/ecryptfs.7.html\">e"
12392
"cryptfs man page</ulink>."
9687
12393
msgstr ""
9688
12394
9689
#: serverguide/C/security.xml:1832(para)
12395
#: serverguide/C/security.xml:1819(para)
9690
12396
msgid ""
9691
12397
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9692
12398
"Ubuntu Wiki</ulink> page also has more details."
9815
12521
"\n"
9816
12522
"*** To continue, you must visit the following URL:\n"
9817
12523
"\n"
9818
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
12524
"https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9819
12525
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9820
12526
"\n"
9821
12527
"You can launch a browser now, or copy this URL into a browser on another\n"
10029
12735
#: serverguide/C/remote-administration.xml:14(para)
10030
12736
msgid ""
10031
12737
"There are many ways to remotely administer a Linux server. This chapter will "
10032
"cover one of the most popular <application>OpenSSH</application>."
12738
"cover two of the most popular applications "
12739
"<application>OpenSSH</application>, and <application>Puppet</application>."
10033
12740
msgstr ""
10034
12741
10035
#: serverguide/C/remote-administration.xml:22(para)
12742
#: serverguide/C/remote-administration.xml:21(para)
10036
12743
msgid ""
10037
12744
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10038
"tools for the remote control of networked computers and transfer of data "
10039
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10040
"also learn about some of the configuration settings possible with the "
10041
"OpenSSH server application and how to change them on your Ubuntu system."
12745
"tools for the remote control of, and transfer of data between, networked "
12746
"computers called <emphasis>OpenSSH</emphasis>. You will also learn about "
12747
"some of the configuration settings possible with the OpenSSH server "
12748
"application and how to change them on your Ubuntu system."
10042
12749
msgstr ""
10043
12750
10044
#: serverguide/C/remote-administration.xml:29(para)
12751
#: serverguide/C/remote-administration.xml:26(para)
10045
12752
msgid ""
10046
12753
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10047
"family of tools for remotely controlling a computer or transferring files "
10048
"between computers. Traditional tools used to accomplish these functions, "
10049
"such as <application>telnet</application> or <application>rcp</application>, "
10050
"are insecure and transmit the user's password in cleartext when used. "
10051
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10052
"encrypted remote control and file transfer operations, effectively replacing "
10053
"the legacy tools."
12754
"family of tools for remotely controlling, or transferring files between, "
12755
"computers. Traditional tools used to accomplish these functions, such as "
12756
"<application>telnet</application> or <application>rcp</application>, are "
12757
"insecure and transmit the user's password in cleartext when used. OpenSSH "
12758
"provides a server daemon and client tools to facilitate secure, encrypted "
12759
"remote control and file transfer operations, effectively replacing the "
12760
"legacy tools."
10054
12761
msgstr ""
10055
12762
10056
#: serverguide/C/remote-administration.xml:38(para)
12763
#: serverguide/C/remote-administration.xml:35(para)
10057
12764
msgid ""
10058
12765
"The OpenSSH server component, <application>sshd</application>, listens "
10059
12766
"continuously for client connections from any of the client tools. When a "
10068
12775
"password, public key, and <application>Kerberos</application> tickets."
10069
12776
msgstr ""
10070
12777
10071
#: serverguide/C/remote-administration.xml:52(para)
12778
#: serverguide/C/remote-administration.xml:49(para)
10072
12779
msgid ""
10073
12780
"Installation of the OpenSSH client and server applications is simple. To "
10074
12781
"install the OpenSSH client applications on your Ubuntu system, use this "
10075
12782
"command at a terminal prompt:"
10076
12783
msgstr ""
10077
12784
10078
#: serverguide/C/remote-administration.xml:58(command)
12785
#: serverguide/C/remote-administration.xml:55(command)
10079
12786
msgid "sudo apt-get install openssh-client"
10080
12787
msgstr ""
10081
12788
10082
#: serverguide/C/remote-administration.xml:60(para)
12789
#: serverguide/C/remote-administration.xml:57(para)
10083
12790
msgid ""
10084
12791
"To install the OpenSSH server application, and related support files, use "
10085
12792
"this command at a terminal prompt:"
10086
12793
msgstr ""
10087
12794
10088
#: serverguide/C/remote-administration.xml:65(command)
12795
#: serverguide/C/remote-administration.xml:62(command)
10089
12796
msgid "sudo apt-get install openssh-server"
10090
12797
msgstr ""
10091
12798
10092
#: serverguide/C/remote-administration.xml:67(para)
12799
#: serverguide/C/remote-administration.xml:64(para)
10093
12800
msgid ""
10094
12801
"The <application>openssh-server</application> package can also be selected "
10095
12802
"to install during the Server Edition installation process."
10096
12803
msgstr ""
10097
12804
10098
#: serverguide/C/remote-administration.xml:74(para)
12805
#: serverguide/C/remote-administration.xml:71(para)
10099
12806
msgid ""
10100
12807
"You may configure the default behavior of the OpenSSH server application, "
10101
12808
"<application>sshd</application>, by editing the file "
10104
12811
"manual page with the following command, issued at a terminal prompt:"
10105
12812
msgstr ""
10106
12813
10107
#: serverguide/C/remote-administration.xml:82(command)
12814
#: serverguide/C/remote-administration.xml:79(command)
10108
12815
msgid "man sshd_config"
10109
12816
msgstr ""
10110
12817
10111
#: serverguide/C/remote-administration.xml:84(para)
12818
#: serverguide/C/remote-administration.xml:81(para)
10112
12819
msgid ""
10113
12820
"There are many directives in the <application>sshd</application> "
10114
"configuration file controlling such things as communication settings and "
12821
"configuration file controlling such things as communication settings, and "
10115
12822
"authentication modes. The following are examples of configuration directives "
10116
12823
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10117
12824
"file."
10118
12825
msgstr ""
10119
12826
10120
#: serverguide/C/remote-administration.xml:91(para)
12827
#: serverguide/C/remote-administration.xml:88(para)
10121
12828
msgid ""
10122
12829
"Prior to editing the configuration file, you should make a copy of the "
10123
12830
"original file and protect it from writing so you will have the original "
10124
12831
"settings as a reference and to reuse as necessary."
10125
12832
msgstr ""
10126
12833
10127
#: serverguide/C/remote-administration.xml:95(para)
12834
#: serverguide/C/remote-administration.xml:92(para)
10128
12835
msgid ""
10129
12836
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10130
12837
"writing with the following commands, issued at a terminal prompt:"
10131
12838
msgstr ""
10132
12839
10133
#: serverguide/C/remote-administration.xml:100(command)
12840
#: serverguide/C/remote-administration.xml:97(command)
10134
12841
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10135
12842
msgstr ""
10136
12843
10137
#: serverguide/C/remote-administration.xml:101(command)
12844
#: serverguide/C/remote-administration.xml:98(command)
10138
12845
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10139
12846
msgstr ""
10140
12847
10141
#: serverguide/C/remote-administration.xml:103(para)
12848
#: serverguide/C/remote-administration.xml:101(para)
10142
12849
msgid ""
10143
12850
"The following are examples of configuration directives you may change:"
10144
12851
msgstr ""
10145
12852
10146
#: serverguide/C/remote-administration.xml:108(para)
12853
#: serverguide/C/remote-administration.xml:106(para)
10147
12854
msgid ""
10148
12855
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10149
12856
"port 22, change the Port directive as such:"
10150
12857
msgstr ""
10151
12858
10152
#: serverguide/C/remote-administration.xml:112(para)
12859
#: serverguide/C/remote-administration.xml:110(para)
10153
12860
msgid "Port 2222"
10154
12861
msgstr ""
10155
12862
10156
#: serverguide/C/remote-administration.xml:117(para)
12863
#: serverguide/C/remote-administration.xml:115(para)
10157
12864
msgid ""
10158
12865
"To have <application>sshd</application> allow public key-based login "
10159
12866
"credentials, simply add or modify the line:"
10160
12867
msgstr ""
10161
12868
10162
#: serverguide/C/remote-administration.xml:121(para)
12869
#: serverguide/C/remote-administration.xml:119(para)
10163
12870
msgid "PubkeyAuthentication yes"
10164
12871
msgstr ""
10165
12872
10166
#: serverguide/C/remote-administration.xml:124(para)
10167
msgid ""
10168
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10169
"present, ensure the line is not commented out."
12873
#: serverguide/C/remote-administration.xml:122(para)
12874
msgid "If the line is already present, then ensure it is not commented out."
10170
12875
msgstr ""
10171
12876
10172
#: serverguide/C/remote-administration.xml:130(para)
12877
#: serverguide/C/remote-administration.xml:127(para)
10173
12878
msgid ""
10174
12879
"To make your OpenSSH server display the contents of the "
10175
12880
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10176
12881
"or modify the line:"
10177
12882
msgstr ""
10178
12883
12884
#: serverguide/C/remote-administration.xml:132(para)
12885
msgid "Banner /etc/issue.net"
12886
msgstr ""
12887
10179
12888
#: serverguide/C/remote-administration.xml:135(para)
10180
msgid "Banner /etc/issue.net"
10181
msgstr ""
10182
10183
#: serverguide/C/remote-administration.xml:138(para)
10184
12889
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10185
12890
msgstr ""
10186
12891
10187
#: serverguide/C/remote-administration.xml:143(para)
12892
#: serverguide/C/remote-administration.xml:140(para)
10188
12893
msgid ""
10189
12894
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10190
12895
"save the file, and restart the <application>sshd</application> server "
10192
12897
"prompt:"
10193
12898
msgstr ""
10194
12899
10195
#: serverguide/C/remote-administration.xml:152(para)
12900
#: serverguide/C/remote-administration.xml:146(command)
12901
msgid "sudo /etc/init.d/ssh restart"
12902
msgstr "sudo /etc/init.d/ssh restart"
12903
12904
#: serverguide/C/remote-administration.xml:149(para)
10196
12905
msgid ""
10197
12906
"Many other configuration directives for <application>sshd</application> are "
10198
"available for changing the server application's behavior to fit your needs. "
10199
"Be advised, however, if your only method of access to a server is "
12907
"available to change the server application's behavior to fit your needs. Be "
12908
"advised, however, if your only method of access to a server is "
10200
12909
"<application>ssh</application>, and you make a mistake in configuring "
10201
12910
"<application>sshd</application> via the "
10202
12911
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10203
"out of the server upon restarting it, or that the "
10204
"<application>sshd</application> server refuses to start due to an incorrect "
10205
"configuration directive, so be extra careful when editing this file on a "
12912
"out of the server upon restarting it. Additionally, if an incorrect "
12913
"configuration directive is supplied, the <application>sshd</application> "
12914
"server may refuse to start, so be extra careful when editing this file on a "
10206
12915
"remote server."
10207
12916
msgstr ""
10208
12917
10209
#: serverguide/C/remote-administration.xml:167(title)
12918
#: serverguide/C/remote-administration.xml:163(title)
10210
12919
msgid "SSH Keys"
10211
12920
msgstr ""
10212
12921
10213
#: serverguide/C/remote-administration.xml:168(para)
12922
#: serverguide/C/remote-administration.xml:164(para)
10214
12923
msgid ""
10215
12924
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10216
"the need of a password. SSH key authentication uses two keys a "
12925
"the need of a password. SSH key authentication uses two keys, a "
10217
12926
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10218
12927
msgstr ""
10219
12928
10220
#: serverguide/C/remote-administration.xml:172(para)
12929
#: serverguide/C/remote-administration.xml:168(para)
10221
12930
msgid "To generate the keys, from a terminal prompt enter:"
10222
12931
msgstr ""
10223
12932
10224
#: serverguide/C/remote-administration.xml:176(command)
12933
#: serverguide/C/remote-administration.xml:172(command)
10225
12934
msgid "ssh-keygen -t dsa"
10226
12935
msgstr ""
10227
12936
10228
#: serverguide/C/remote-administration.xml:178(para)
12937
#: serverguide/C/remote-administration.xml:174(para)
10229
12938
msgid ""
10230
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10231
"identity of the user. During the process you will be prompted for a "
12939
"This will generate the keys using the <emphasis>Digital Signature Algorithm "
12940
"(DSA)</emphasis> method. During the process you will be prompted for a "
10232
12941
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10233
12942
"key."
10234
12943
msgstr ""
10235
12944
10236
#: serverguide/C/remote-administration.xml:182(para)
12945
#: serverguide/C/remote-administration.xml:178(para)
10237
12946
msgid ""
10238
12947
"By default the <emphasis>public</emphasis> key is saved in the file "
10239
12948
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10242
12951
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10243
12952
msgstr ""
10244
12953
10245
#: serverguide/C/remote-administration.xml:188(command)
12954
#: serverguide/C/remote-administration.xml:184(command)
10246
12955
msgid "ssh-copy-id username@remotehost"
10247
12956
msgstr ""
10248
12957
10249
#: serverguide/C/remote-administration.xml:190(para)
12958
#: serverguide/C/remote-administration.xml:186(para)
10250
12959
msgid ""
10251
12960
"Finally, double check the permissions on the "
10252
12961
"<filename>authorized_keys</filename> file, only the authenticated user "
10254
12963
"change them by:"
10255
12964
msgstr ""
10256
12965
10257
#: serverguide/C/remote-administration.xml:195(command)
12966
#: serverguide/C/remote-administration.xml:191(command)
10258
12967
msgid "chmod 600 .ssh/authorized_keys"
10259
12968
msgstr ""
10260
12969
10261
#: serverguide/C/remote-administration.xml:197(para)
12970
#: serverguide/C/remote-administration.xml:193(para)
10262
12971
msgid ""
10263
12972
"You should now be able to SSH to the host without being prompted for a "
10264
12973
"password."
10265
12974
msgstr ""
10266
12975
10267
#: serverguide/C/remote-administration.xml:206(para)
12976
#: serverguide/C/remote-administration.xml:202(para)
10268
12977
msgid ""
10269
12978
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10270
12979
"page."
10271
12980
msgstr ""
10272
12981
10273
#: serverguide/C/remote-administration.xml:212(ulink)
12982
#: serverguide/C/remote-administration.xml:208(ulink)
10274
12983
msgid "OpenSSH Website"
10275
12984
msgstr ""
10276
12985
10277
#: serverguide/C/remote-administration.xml:217(ulink)
12986
#: serverguide/C/remote-administration.xml:213(ulink)
10278
12987
msgid "Advanced OpenSSH Wiki Page"
10279
12988
msgstr ""
10280
12989
12990
#: serverguide/C/remote-administration.xml:221(title)
12991
msgid "Puppet"
12992
msgstr ""
12993
12994
#: serverguide/C/remote-administration.xml:223(para)
12995
msgid ""
12996
"<application>Puppet</application> is a cross platform framework enabling "
12997
"system administrators to perform common tasks using code. The code can do a "
12998
"variety of tasks from installing new software, to checking file permissions, "
12999
"or updating user accounts. Puppet is great not only during the initial "
13000
"installation of a system, but also throughout the system's entire life "
13001
"cycle. In most circumstances <application>puppet</application> will be used "
13002
"in a client/server configuration."
13003
msgstr ""
13004
13005
#: serverguide/C/remote-administration.xml:230(para)
13006
msgid ""
13007
"This section will cover installing and configuring "
13008
"<application>Puppet</application> in a client/server configuration. This "
13009
"simple example will demonstrate how to install "
13010
"<application>Apache</application> using <application>Puppet</application>."
13011
msgstr ""
13012
13013
#: serverguide/C/remote-administration.xml:238(para)
13014
msgid ""
13015
"To install <application>Puppet</application>, in a terminal on the "
13016
"<emphasis>server</emphasis> enter:"
13017
msgstr ""
13018
13019
#: serverguide/C/remote-administration.xml:243(command)
13020
msgid "sudo apt-get install puppetmaster"
13021
msgstr ""
13022
13023
#: serverguide/C/remote-administration.xml:246(para)
13024
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
13025
msgstr ""
13026
13027
#: serverguide/C/remote-administration.xml:251(command)
13028
msgid "sudo apt-get install puppet"
13029
msgstr ""
13030
13031
#: serverguide/C/remote-administration.xml:258(para)
13032
msgid ""
13033
"Prior to configuring <application>puppet</application> you may want to add a "
13034
"DNS <emphasis>CNAME</emphasis> record for "
13035
"<emphasis>puppet.example.com</emphasis>, where "
13036
"<emphasis>example.com</emphasis> is your domain. By default "
13037
"<application>Puppet</application> clients check DNS for puppet.example.com "
13038
"as the puppet server name, or <emphasis>Puppet Master</emphasis>. See <xref "
13039
"linkend=\"dns\"/> for more DNS details."
13040
msgstr ""
13041
13042
#: serverguide/C/remote-administration.xml:265(para)
13043
msgid ""
13044
"If you do not wish to use DNS, you can add entries to the server and client "
13045
"<filename>/etc/hosts</filename> file. For example, in the "
13046
"<application>Puppet</application> server's <filename>/etc/hosts</filename> "
13047
"file add:"
13048
msgstr ""
13049
13050
#: serverguide/C/remote-administration.xml:270(programlisting)
13051
#, no-wrap
13052
msgid ""
13053
"\n"
13054
"127.0.0.1 localhost.localdomain localhost puppet\n"
13055
"192.168.1.17 meercat02.example.com meercat02\n"
13056
msgstr ""
13057
13058
#: serverguide/C/remote-administration.xml:275(para)
13059
msgid ""
13060
"On each <application>Puppet</application> client, add an entry for the "
13061
"server:"
13062
msgstr ""
13063
13064
#: serverguide/C/remote-administration.xml:279(programlisting)
13065
#, no-wrap
13066
msgid ""
13067
"\n"
13068
"192.168.1.16 meercat.example.com meercat puppet\n"
13069
msgstr ""
13070
13071
#: serverguide/C/remote-administration.xml:284(para)
13072
msgid ""
13073
"Replace the example IP addresses and domain names above with your actual "
13074
"server and client addresses and domain names."
13075
msgstr ""
13076
13077
#: serverguide/C/remote-administration.xml:289(para)
13078
msgid ""
13079
"Now setup some resources for <application>apache2</application>. Create a "
13080
"file <filename>/etc/puppet/manifests/site.pp</filename> containing the "
13081
"following:"
13082
msgstr ""
13083
13084
#: serverguide/C/remote-administration.xml:294(programlisting)
13085
#, no-wrap
13086
msgid ""
13087
"\n"
13088
"package {\n"
13089
" 'apache2':\n"
13090
" ensure => installed\n"
13091
"}\n"
13092
"\n"
13093
"service {\n"
13094
" 'apache2':\n"
13095
" ensure => true,\n"
13096
" enable => true,\n"
13097
" require => Package['apache2']\n"
13098
"}\n"
13099
msgstr ""
13100
13101
#: serverguide/C/remote-administration.xml:309(para)
13102
msgid ""
13103
"Next, create a node file <filename>/etc/puppet/manifests/nodes.pp</filename> "
13104
"with:"
13105
msgstr ""
13106
13107
#: serverguide/C/remote-administration.xml:313(programlisting)
13108
#, no-wrap
13109
msgid ""
13110
"\n"
13111
"node 'meercat02.example.com' {\n"
13112
" include apache2\n"
13113
"}\n"
13114
msgstr ""
13115
13116
#: serverguide/C/remote-administration.xml:320(para)
13117
msgid ""
13118
"Replace <emphasis>meercat02.example.com</emphasis> with your actual "
13119
"<application>Puppet</application> client's host name."
13120
msgstr ""
13121
13122
#: serverguide/C/remote-administration.xml:325(para)
13123
msgid ""
13124
"The final step for this simple <application>Puppet</application> server is "
13125
"to restart the daemon:"
13126
msgstr ""
13127
13128
#: serverguide/C/remote-administration.xml:330(command)
13129
msgid "sudo /etc/init.d/puppetmaster restart"
13130
msgstr ""
13131
13132
#: serverguide/C/remote-administration.xml:333(para)
13133
msgid ""
13134
"Now everything is configured on the <application>Puppet</application> "
13135
"server, it is time to configure the client."
13136
msgstr ""
13137
13138
#: serverguide/C/remote-administration.xml:337(para)
13139
msgid ""
13140
"First, configure the <application>Puppet</application>agent daemon to start. "
13141
"Edit <filename>/etc/default/puppet</filename>, changing "
13142
"<emphasis>START</emphasis> to yes:"
13143
msgstr ""
13144
13145
#: serverguide/C/remote-administration.xml:342(programlisting) serverguide/C/mail.xml:629(programlisting)
13146
#, no-wrap
13147
msgid ""
13148
"\n"
13149
"START=yes\n"
13150
msgstr ""
13151
13152
#: serverguide/C/remote-administration.xml:346(para)
13153
msgid "Then start the service:"
13154
msgstr ""
13155
13156
#: serverguide/C/remote-administration.xml:351(command)
13157
msgid "sudo /etc/init.d/puppet start"
13158
msgstr ""
13159
13160
#: serverguide/C/remote-administration.xml:354(para)
13161
msgid ""
13162
"Back on the <application>Puppet</application> server sign the client "
13163
"certificate by entering:"
13164
msgstr ""
13165
13166
#: serverguide/C/remote-administration.xml:359(command)
13167
msgid "sudo puppetca --sign meercat02.example.com"
13168
msgstr ""
13169
13170
#: serverguide/C/remote-administration.xml:362(para)
13171
msgid ""
13172
"Check <filename>/var/log/syslog</filename> for any errors with the "
13173
"configuration. If all goes well the <application>apache2</application> "
13174
"package and it's dependencies will be installed on the "
13175
"<application>Puppet</application> client."
13176
msgstr ""
13177
13178
#: serverguide/C/remote-administration.xml:368(para)
13179
msgid ""
13180
"This example is <emphasis>very</emphasis> simple, and does not highlight "
13181
"many of <application>Puppet</application>'s features and benefits. For more "
13182
"information see <xref linkend=\"puppet-resources\"/>."
13183
msgstr ""
13184
13185
#: serverguide/C/remote-administration.xml:380(para)
13186
msgid ""
13187
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
13188
"Documentation</ulink> web site."
13189
msgstr ""
13190
13191
#: serverguide/C/remote-administration.xml:385(para)
13192
msgid ""
13193
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
13194
"Puppet</ulink>."
13195
msgstr ""
13196
13197
#: serverguide/C/remote-administration.xml:390(para)
13198
msgid ""
13199
"Another source of additional information is the <ulink "
13200
"url=\"https://help.ubuntu.com/community/Puppet\">Ubuntu Wiki Puppet "
13201
"Page</ulink>."
13202
msgstr ""
13203
13204
#: serverguide/C/remote-administration.xml:399(title)
13205
msgid "Zentyal"
13206
msgstr ""
13207
13208
#: serverguide/C/remote-administration.xml:401(para)
13209
msgid ""
13210
"<application>Zentyal</application> is a Linux small business server, that "
13211
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
13212
"Manager, Office Server, Unified Communication Server or a combination of "
13213
"them. All network services managed by Zentyal are tightly integrated, "
13214
"automating most tasks. This helps to avoid errors in the network "
13215
"configuration and administration and allows to save time. "
13216
"<application>Zentyal</application> is open source, released under the GNU "
13217
"General Public License (GPL) and runs on top of Ubuntu GNU/Linux."
13218
msgstr ""
13219
13220
#: serverguide/C/remote-administration.xml:412(para)
13221
msgid ""
13222
"<application>Zentyal</application> consists of a serie of packages (usually "
13223
"one for each module) that provide a web interface to configure the different "
13224
"servers or services. The configuration is stored on a key-value "
13225
"<application>Redis</application> database but users, groups and domains "
13226
"related configuration is on <application>OpenLDAP </application>. When you "
13227
"configure any of the available parameters through the web interface, final "
13228
"configuration files are overwritten using the configuration templates "
13229
"provided by the modules. The main advantages of using "
13230
"<application>Zentyal</application> are: unified, graphical user interface to "
13231
"configure all network services and high, out-of-the-box integration between "
13232
"them."
13233
msgstr ""
13234
13235
#: serverguide/C/remote-administration.xml:429(para)
13236
msgid ""
13237
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
13238
"available are:"
13239
msgstr ""
13240
13241
#: serverguide/C/remote-administration.xml:436(para)
13242
msgid ""
13243
"zentyal-core & zentyal-common: the core of the "
13244
"<application>Zentyal</application> interface and the common libraries of the "
13245
"framework. Also include the logs and events modules that give the "
13246
"administrator an interface to view the logs and generate events from them."
13247
msgstr ""
13248
13249
#: serverguide/C/remote-administration.xml:445(para)
13250
msgid ""
13251
"zentyal-network: manages the configuration of the network. From the "
13252
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
13253
"gateways when having more than one Internet connection, load balancing and "
13254
"advanced routing, static routes or dynamic DNS."
13255
msgstr ""
13256
13257
#: serverguide/C/remote-administration.xml:453(para)
13258
msgid ""
13259
"zentyal-objects & zentyal-services: provide an abstration level for "
13260
"network addresses (e.g. LAN instead of 192.168.1.0/24) and ports named as "
13261
"services (e.g. HTTP instead of 80/TCP)."
13262
msgstr ""
13263
13264
#: serverguide/C/remote-administration.xml:460(para)
13265
msgid ""
13266
"zentyal-firewall: configures the <application>iptables</application> rules "
13267
"to block forbiden connections, NAT and port redirections."
13268
msgstr ""
13269
13270
#: serverguide/C/remote-administration.xml:466(para)
13271
msgid ""
13272
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
13273
"network clients to synchronize their clocks against the server."
13274
msgstr ""
13275
13276
#: serverguide/C/remote-administration.xml:472(para)
13277
msgid ""
13278
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
13279
"supporting network ranges, static leases and other advanced options like "
13280
"NTP, WINS, dynamic DNS updates and network boot with PXE."
13281
msgstr ""
13282
13283
#: serverguide/C/remote-administration.xml:479(para)
13284
msgid ""
13285
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
13286
"your server for caching local queries as a forwarder or as an authoritative "
13287
"server for the configured domains. Allows to configure A, CNAME, MX, NS, TXT "
13288
"and SRV records."
13289
msgstr ""
13290
13291
#: serverguide/C/remote-administration.xml:487(para)
13292
msgid ""
13293
"zentyal-ca: integrates the management of a Certification Authority within "
13294
"Zentyal so users can use certificates to authenticate against the services, "
13295
"like with <application>OpenVPN</application>."
13296
msgstr ""
13297
13298
#: serverguide/C/remote-administration.xml:494(para)
13299
msgid ""
13300
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
13301
"<application>OpenVPN</application> with dynamic routing configuration using "
13302
"<application>Quagga</application>."
13303
msgstr ""
13304
13305
#: serverguide/C/remote-administration.xml:501(para)
13306
msgid ""
13307
"zentyal-users: provides an interface to configure and manage users and "
13308
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
13309
"authenticated against LDAP having a centralized users and groups management. "
13310
"It is also possible to synchronize users, passwords and groups from a "
13311
"<application>Microsoft Active Directory</application> domain."
13312
msgstr ""
13313
13314
#: serverguide/C/remote-administration.xml:511(para)
13315
msgid ""
13316
"zentyal-squid: configures <application>Squid</application> and "
13317
"<application>Dansguardian</application> for speeding up browsing thanks to "
13318
"the caching capabilities and content filtering."
13319
msgstr ""
13320
13321
#: serverguide/C/remote-administration.xml:518(para)
13322
msgid ""
13323
"zentyal-samba: allows <application>Samba</application> configuration and "
13324
"integration with existing LDAP. From the same interface you can define "
13325
"password policies, create shared resources and assign permissions."
13326
msgstr ""
13327
13328
#: serverguide/C/remote-administration.xml:526(para)
13329
msgid ""
13330
"zentyal-printers: integrates <application>CUPS</application> with "
13331
"<application>Samba</application> and allows not only to configure the "
13332
"printers but also give them permissions based on LDAP users and groups."
13333
msgstr ""
13334
13335
#: serverguide/C/remote-administration.xml:535(para)
13336
msgid ""
13337
"To install <application>Zentyal</application>, in a terminal on the "
13338
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
13339
"the modules from the previous list):"
13340
msgstr ""
13341
13342
#: serverguide/C/remote-administration.xml:542(command)
13343
msgid "sudo apt-get install <zentyal-module>"
13344
msgstr ""
13345
13346
#: serverguide/C/remote-administration.xml:546(para)
13347
msgid ""
13348
"<application>Zentyal</application> publishes one major stable release once a "
13349
"year (in September) based on latest Ubuntu LTS release. Stable releases "
13350
"always have even minor numbers (e.g. 2.2, 3.0) and beta releases have odd "
13351
"minor numbers (e.g. 2.1, 2.3). Ubuntu 12.04 comes with "
13352
"<application>Zentyal</application> 2.3 packages. If you want to upgrade to a "
13353
"new stable release published after the release of Ubuntu 12.04 you can use "
13354
"<ulink url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink>. "
13355
"Upgrading to newer stable releases can provide you minor bugfixes not "
13356
"backported to 2.3 in Precise and newer features."
13357
msgstr ""
13358
13359
#: serverguide/C/remote-administration.xml:560(para)
13360
msgid ""
13361
"If you need more information on how to add packages from a PPA see <ulink "
13362
"url=\"https://help.ubuntu.com/12.04/ubuntu-help/addremove-ppa.html\"> Add a "
13363
"Personal Package Archive (PPA)</ulink>."
13364
msgstr ""
13365
13366
#: serverguide/C/remote-administration.xml:568(para)
13367
msgid ""
13368
"Not present on Ubuntu Universe repositories, but on <ulink "
13369
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
13370
"find these other modules:"
13371
msgstr ""
13372
13373
#: serverguide/C/remote-administration.xml:575(para)
13374
msgid ""
13375
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
13376
"with other modules like the proxy, file sharing or mailfilter."
13377
msgstr ""
13378
13379
#: serverguide/C/remote-administration.xml:582(para)
13380
msgid ""
13381
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
13382
"a simple PBX with LDAP based authentication."
13383
msgstr ""
13384
13385
#: serverguide/C/remote-administration.xml:588(para)
13386
msgid ""
13387
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
13388
msgstr ""
13389
13390
#: serverguide/C/remote-administration.xml:594(para)
13391
msgid ""
13392
"zentyal-captiveportal: integrates a captive portal with the firewall and "
13393
"LDAP users and groups."
13394
msgstr ""
13395
13396
#: serverguide/C/remote-administration.xml:600(para)
13397
msgid ""
13398
"zentyal-ebackup: allows to make scheduled backups of your server using the "
13399
"popular <application>duplicity</application> backup tool."
13400
msgstr ""
13401
13402
#: serverguide/C/remote-administration.xml:606(para)
13403
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
13404
msgstr ""
13405
13406
#: serverguide/C/remote-administration.xml:611(para)
13407
msgid "zentyal-ids: integrates a network intrusion detection system."
13408
msgstr ""
13409
13410
#: serverguide/C/remote-administration.xml:616(para)
13411
msgid ""
13412
"zentyal-ipsec: allows to configure IPsec tunnels using "
13413
"<application>OpenSwan</application>."
13414
msgstr ""
13415
13416
#: serverguide/C/remote-administration.xml:622(para)
13417
msgid ""
13418
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
13419
"with LDAP users and groups."
13420
msgstr ""
13421
13422
#: serverguide/C/remote-administration.xml:628(para)
13423
msgid ""
13424
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
13425
"solution."
13426
msgstr ""
13427
13428
#: serverguide/C/remote-administration.xml:634(para)
13429
msgid ""
13430
"zentyal-mail: a full mail stack including <application>Postfix "
13431
"</application> and <application>Dovecot</application> with LDAP backend."
13432
msgstr ""
13433
13434
#: serverguide/C/remote-administration.xml:641(para)
13435
msgid ""
13436
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
13437
"stack to filter spam and attached virus."
13438
msgstr ""
13439
13440
#: serverguide/C/remote-administration.xml:647(para)
13441
msgid ""
13442
"zentyal-monitor: integrates <application>collectd</application> to monitor "
13443
"server performance and running services."
13444
msgstr ""
13445
13446
#: serverguide/C/remote-administration.xml:653(para)
13447
msgid ""
13448
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
13449
msgstr ""
13450
13451
#: serverguide/C/remote-administration.xml:658(para)
13452
msgid ""
13453
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
13454
"users and groups."
13455
msgstr ""
13456
13457
#: serverguide/C/remote-administration.xml:664(para)
13458
msgid ""
13459
"zentyal-software: simple interface to manage installed "
13460
"<application>Zentyal</application> modules and system updates."
13461
msgstr ""
13462
13463
#: serverguide/C/remote-administration.xml:670(para)
13464
msgid ""
13465
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
13466
"throttling and improve latency."
13467
msgstr ""
13468
13469
#: serverguide/C/remote-administration.xml:676(para)
13470
msgid ""
13471
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
13472
"web browser."
13473
msgstr ""
13474
13475
#: serverguide/C/remote-administration.xml:682(para)
13476
msgid ""
13477
"zentyal-virt: simple interface to create and manage virtual machines based "
13478
"on <application>libvirt</application>."
13479
msgstr ""
13480
13481
#: serverguide/C/remote-administration.xml:688(para)
13482
msgid ""
13483
"zentyal-webmail: allows to access your mail using the popular "
13484
"<application>Roundcube</application> webmail."
13485
msgstr ""
13486
13487
#: serverguide/C/remote-administration.xml:694(para)
13488
msgid ""
13489
"zentyal-webserver: configures <application>Apache</application> webserver to "
13490
"host different sites on your machine."
13491
msgstr ""
13492
13493
#: serverguide/C/remote-administration.xml:700(para)
13494
msgid ""
13495
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
13496
"with <application>Zentyal</application> mail stack and LDAP."
13497
msgstr ""
13498
13499
#: serverguide/C/remote-administration.xml:712(title)
13500
msgid "First steps"
13501
msgstr ""
13502
13503
#: serverguide/C/remote-administration.xml:714(para)
13504
msgid ""
13505
"Any system account belonging to the sudo group is allowed to log into "
13506
"<application>Zentyal</application> web interface. If you are using the user "
13507
"created during the installation, this should be in the sudo group by default."
13508
msgstr ""
13509
13510
#: serverguide/C/remote-administration.xml:722(para)
13511
msgid "If you need to add another user to the sudo group, just execute:"
13512
msgstr ""
13513
13514
#: serverguide/C/remote-administration.xml:727(command)
13515
msgid "sudo adduser username sudo"
13516
msgstr ""
13517
13518
#: serverguide/C/remote-administration.xml:731(para)
13519
msgid ""
13520
"To access <application>Zentyal</application> web interface, browse into "
13521
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
13522
"own self-signed SSL certificate, you will have to accept a security "
13523
"exception on your browser."
13524
msgstr ""
13525
13526
#: serverguide/C/remote-administration.xml:738(para)
13527
msgid ""
13528
"Once logged in you will see the dashboard with an overview of your server. "
13529
"To configure any of the features of your installed modules, go to the "
13530
"different sections on the left menu. When you make any changes, on the upper "
13531
"right corner appears a red <emphasis>Save changes</emphasis> button that you "
13532
"must click to save all configuration changes. To apply these configuration "
13533
"changes in your server, the module needs to be enabled first, you can do so "
13534
"from the <emphasis>Module Status </emphasis> entry on the left menu. Every "
13535
"time you enable a module, a pop-up will appear asking for a confirmation to "
13536
"perform the necessary actions and changes on your server and configuration "
13537
"files."
13538
msgstr ""
13539
13540
#: serverguide/C/remote-administration.xml:752(para)
13541
msgid ""
13542
"If you need to customize any configuration file or run certain actions "
13543
"(scripts or commands) to configure features not available on "
13544
"<application>Zentyal</application> place the custom configuration file "
13545
"templates on /etc/zentyal/stubs/<module>/ and the hooks on "
13546
"/etc/zentyal/hooks/<module>.<action>."
13547
msgstr ""
13548
13549
#: serverguide/C/remote-administration.xml:765(para)
13550
msgid ""
13551
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
13552
"</ulink> page."
13553
msgstr ""
13554
13555
#: serverguide/C/remote-administration.xml:769(para)
13556
msgid ""
13557
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
13558
"Community Documentation</ulink> page."
13559
msgstr ""
13560
13561
#: serverguide/C/remote-administration.xml:773(para)
13562
msgid ""
13563
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
13564
"</ulink> for community support, feedback, feature requests, etc."
13565
msgstr ""
13566
10281
13567
#: serverguide/C/package-management.xml:13(title)
10282
13568
msgid "Package Management"
10283
13569
msgstr ""
10284
13570
10285
13571
#: serverguide/C/package-management.xml:14(para)
10286
13572
msgid ""
10287
"Ubuntu features a comprehensive package management system for the "
10288
"installation, upgrade, configuration, and removal of software. In addition "
10289
"to providing access to an organized base of over 24,000 software packages "
10290
"for your Ubuntu computer, the package management facilities also feature "
10291
"dependency resolution capabilities and software update checking."
13573
"Ubuntu features a comprehensive package management system for installing, "
13574
"upgrading, configuring, and removing software. In addition to providing "
13575
"access to an organized base of over 35,000 software packages for your Ubuntu "
13576
"computer, the package management facilities also feature dependency "
13577
"resolution capabilities and software update checking."
10292
13578
msgstr ""
10293
13579
10294
13580
#: serverguide/C/package-management.xml:16(para)
10309
13595
10310
13596
#: serverguide/C/package-management.xml:24(para)
10311
13597
msgid ""
10312
"Debian package files typically have the extension '.deb', and typically "
10313
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10314
"collections of packages found on various media, such as CD-ROM discs, or "
10315
"online. Packages are normally of the pre-compiled binary format; thus "
10316
"installation is quick and requires no compiling of software."
13598
"Debian package files typically have the extension '.deb', and usually exist "
13599
"in <emphasis role=\"italics\">repositories</emphasis> which are collections "
13600
"of packages found on various media, such as CD-ROM discs, or online. "
13601
"Packages are normally in a pre-compiled binary format; thus installation is "
13602
"quick, and requires no compiling of software."
10317
13603
msgstr ""
10318
13604
10319
13605
#: serverguide/C/package-management.xml:27(para)
10322
13608
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10323
13609
"packages required by the principal package in order to function properly. "
10324
13610
"For example, the speech synthesis package "
10325
"<application>Festival</application> depends upon the package "
13611
"<application>festival</application> depends upon the package "
10326
13612
"<application>libasound2</application>, which is a package supplying the "
10327
13613
"<application>ALSA</application> sound library needed for audio playback. In "
10328
"order for <application>Festival</application> to function, it and all of its "
13614
"order for <application>festival</application> to function, it and all of its "
10329
13615
"dependencies must be installed. The software management tools in Ubuntu will "
10330
13616
"do this automatically."
10331
13617
msgstr ""
10337
13623
#: serverguide/C/package-management.xml:34(para)
10338
13624
msgid ""
10339
13625
"<application>dpkg</application> is a package manager for "
10340
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10341
"packages, but unlike other package management system's it can not "
10342
"automatically download and install packages and their dependencies. This "
13626
"<emphasis>Debian</emphasis>-based systems. It can install, remove, and build "
13627
"packages, but unlike other package management systems, it cannot "
13628
"automatically download and install packages or their dependencies. This "
10343
13629
"section covers using <application>dpkg</application> to manage locally "
10344
13630
"installed packages:"
10345
13631
msgstr ""
10346
13632
10347
13633
#: serverguide/C/package-management.xml:43(para)
10348
13634
msgid ""
10349
"To list all packages installed on the system, from a terminal prompt enter:"
13635
"To list all packages installed on the system, from a terminal prompt type:"
10350
13636
msgstr ""
10351
13637
10352
13638
#: serverguide/C/package-management.xml:48(command)
10404
13690
#: serverguide/C/package-management.xml:96(para)
10405
13691
msgid ""
10406
13692
"Many files are automatically generated during the package install process, "
10407
"and even though they are on the filesystem <command>dpkg -S</command> may "
13693
"and even though they are on the filesystem, <command>dpkg -S</command> may "
10408
13694
"not know which package they belong to."
10409
13695
msgstr ""
10410
13696
10413
13699
msgstr ""
10414
13700
10415
13701
#: serverguide/C/package-management.xml:110(command)
10416
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
13702
msgid "sudo dpkg -i zip_3.0-4_i386.deb"
10417
13703
msgstr ""
10418
13704
10419
13705
#: serverguide/C/package-management.xml:113(para)
10420
13706
msgid ""
10421
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10422
"the local .deb file."
13707
"Change <filename>zip_3.0-4_i386.deb</filename> to the actual file name of "
13708
"the local .deb file you wish to install."
10423
13709
msgstr ""
10424
13710
10425
13711
#: serverguide/C/package-management.xml:120(para)
10434
13720
msgid ""
10435
13721
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10436
13722
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10437
"manager that handles dependencies, to ensure that the system is in a "
10438
"consistent state. For example using <command>dpkg -r</command> you can "
13723
"manager that handles dependencies to ensure that the system is in a "
13724
"consistent state. For example using <command>dpkg -r zip</command> will "
10439
13725
"remove the <application>zip</application> package, but any packages that "
10440
13726
"depend on it will still be installed and may no longer function correctly."
10441
13727
msgstr ""
10453
13739
#: serverguide/C/package-management.xml:147(para)
10454
13740
msgid ""
10455
13741
"The <application>apt-get</application> command is a powerful command-line "
10456
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
13742
"tool, which works with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10457
13743
"(APT) performing such functions as installation of new software packages, "
10458
13744
"upgrade of existing software packages, updating of the package list index, "
10459
13745
"and even upgrading the entire Ubuntu system."
10464
13750
"Being a simple command-line tool, <application>apt-get</application> has "
10465
13751
"numerous advantages over other package management tools available in Ubuntu "
10466
13752
"for server administrators. Some of these advantages include ease of use over "
10467
"simple terminal connections (SSH) and the ability to be used in system "
13753
"simple terminal connections (SSH), and the ability to be used in system "
10468
13754
"administration scripts, which can in turn be automated by the "
10469
13755
"<application>cron</application> scheduling utility."
10470
13756
msgstr ""
10473
13759
msgid ""
10474
13760
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10475
13761
"packages using the <application>apt-get</application> tool is quite simple. "
10476
"For example, to install the network scanner <emphasis "
10477
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
13762
"For example, to install the network scanner <application>nmap</application>, "
13763
"type the following: <screen>\n"
10478
13764
"<command>sudo apt-get install nmap</command>\n"
10479
13765
"</screen>"
10480
13766
msgstr ""
10481
13767
10482
13768
#: serverguide/C/package-management.xml:165(para)
10483
13769
msgid ""
10484
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10485
"packages is also a straightforward and simple process. To remove the nmap "
10486
"package installed in the previous example, type the following: <screen>\n"
13770
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package "
13771
"(or packages) is also straightforward. To remove the package installed in "
13772
"the previous example, type the following: <screen>\n"
10487
13773
"<command>sudo apt-get remove nmap</command>\n"
10488
13774
"</screen>"
10489
13775
msgstr ""
10496
13782
10497
13783
#: serverguide/C/package-management.xml:175(para)
10498
13784
msgid ""
10499
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
13785
"Also, adding the <emphasis>--purge</emphasis> option to <command>apt-get "
10500
13786
"remove</command> will remove the package configuration files as well. This "
10501
"may or may not be the desired effect so use with caution."
13787
"may or may not be the desired effect, so use with caution."
10502
13788
msgstr ""
10503
13789
10504
13790
#: serverguide/C/package-management.xml:181(para)
10505
13791
msgid ""
10506
13792
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10507
13793
"index is essentially a database of available packages from the repositories "
10508
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10509
"the local package index with the latest changes made in repositories, type "
10510
"the following: <screen>\n"
13794
"defined in the <filename>/etc/apt/sources.list</filename> file and in the "
13795
"<filename>/etc/apt/sources.list.d</filename> directory. To update the local "
13796
"package index with the latest changes made in the repositories, type the "
13797
"following: <screen>\n"
10511
13798
"<command>sudo apt-get update</command>\n"
10512
13799
"</screen>"
10513
13800
msgstr ""
10546
13833
msgid ""
10547
13834
"For further information about the use of <application>APT</application>, "
10548
13835
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10549
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10550
"help</screen>"
13836
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>\n"
13837
"<command>apt-get help</command>\n"
13838
"</screen>"
10551
13839
msgstr ""
10552
13840
10553
#: serverguide/C/package-management.xml:208(title)
13841
#: serverguide/C/package-management.xml:212(title)
10554
13842
msgid "Aptitude"
10555
13843
msgstr ""
10556
13844
10557
#: serverguide/C/package-management.xml:209(para)
13845
#: serverguide/C/package-management.xml:213(para)
10558
13846
msgid ""
10559
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10560
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10561
"the common package management functions, such as installation, removal, and "
10562
"upgrade, are performed in <application>Aptitude</application> with single-"
10563
"key commands, which are typically lowercase letters."
13847
"Launching <application>Aptitude</application> with no command-line options, "
13848
"will give you a menu-driven, text-based front-end to the <emphasis>Advanced "
13849
"Packaging Tool</emphasis> (APT) system. Many of the common package "
13850
"management functions, such as installation, removal, and upgrade, can be "
13851
"performed in <application>Aptitude</application> with single-key commands, "
13852
"which are typically lowercase letters."
10564
13853
msgstr ""
10565
13854
10566
#: serverguide/C/package-management.xml:212(para)
13855
#: serverguide/C/package-management.xml:216(para)
10567
13856
msgid ""
10568
13857
"<application>Aptitude</application> is best suited for use in a non-"
10569
13858
"graphical terminal environment to ensure proper functioning of the command "
10570
"keys. You may start <application>Aptitude</application> as a normal user "
10571
"with the following command at a terminal prompt: <screen>\n"
13859
"keys. You may start the menu-driven interface of "
13860
"<application>Aptitude</application> as a normal user by typing the following "
13861
"command at a terminal prompt: <screen>\n"
10572
13862
"<command>sudo aptitude</command>\n"
10573
13863
"</screen>"
10574
13864
msgstr ""
10575
13865
10576
#: serverguide/C/package-management.xml:219(para)
13866
#: serverguide/C/package-management.xml:222(para)
10577
13867
msgid ""
10578
13868
"When <application>Aptitude</application> starts, you will see a menu bar at "
10579
13869
"the top of the screen and two panes below the menu bar. The top pane "
10580
"contains package categories, such as <emphasis role=\"italics\">New "
10581
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10582
"Packages</emphasis>. The bottom pane contains information related to the "
10583
"packages and package categories."
13870
"contains package categories, such as <emphasis>New Packages</emphasis> and "
13871
"<emphasis>Not Installed Packages</emphasis>. The bottom pane contains "
13872
"information related to the packages and package categories."
10584
13873
msgstr ""
10585
13874
10586
#: serverguide/C/package-management.xml:222(para)
13875
#: serverguide/C/package-management.xml:225(para)
10587
13876
msgid ""
10588
13877
"Using <application>Aptitude</application> for package management is "
10589
13878
"relatively straightforward, and the user interface makes common tasks simple "
10591
13880
"functions as performed in <application>Aptitude</application>:"
10592
13881
msgstr ""
10593
13882
10594
#: serverguide/C/package-management.xml:226(para)
13883
#: serverguide/C/package-management.xml:229(para)
10595
13884
msgid ""
10596
13885
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10597
"locate the package via the Not Installed Packages package category, for "
10598
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10599
"key, and highlight the package you wish to install. After highlighting the "
10600
"package you wish to install, press the <keycap>+</keycap> key, and the "
10601
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10602
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10603
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10604
"again, and you will be prompted to become root to complete the installation. "
10605
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10606
"your user password to become root. Finally, press <keycap>g</keycap> once "
10607
"more and you'll be prompted to download the package. Press "
10608
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10609
"prompt, and downloading and installation of the package will commence."
13886
"locate the package via the <emphasis>Not Installed Packages</emphasis> "
13887
"package category, by using the keyboard arrow keys and the "
13888
"<keycap>ENTER</keycap> key. Highlight the desired package, then press the "
13889
"<keycap>+</keycap> key. The package entry should turn "
13890
"<emphasis>green</emphasis>, indicating that it has been marked for "
13891
"installation. Now press <keycap>g</keycap> to be presented with a summary of "
13892
"package actions. Press <keycap>g</keycap> again, and you will be prompted to "
13893
"become root to complete the installation. Press <keycap>ENTER</keycap> which "
13894
"will result in a <emphasis>Password:</emphasis> prompt. Enter your user "
13895
"password to become root. Finally, press <keycap>g</keycap> once more and "
13896
"you'll be prompted to download the package. Press <keycap>ENTER</keycap> on "
13897
"the <emphasis>Continue</emphasis> prompt, and downloading and installation "
13898
"of the package will commence."
10610
13899
msgstr ""
10611
13900
10612
#: serverguide/C/package-management.xml:230(para)
13901
#: serverguide/C/package-management.xml:233(para)
10613
13902
msgid ""
10614
13903
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10615
"locate the package via the Installed Packages package category, for example, "
10616
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10617
"highlight the package you wish to remove. After highlighting the package you "
10618
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10619
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10620
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10621
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10622
"prompted to become root to complete the installation. Press "
10623
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10624
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10625
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10626
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10627
"the package will commence."
13904
"locate the package via the <emphasis role=\"italics\">Installed "
13905
"Packages</emphasis> package category, by using the keyboard arrow keys and "
13906
"the <keycap>ENTER</keycap> key. Highlight the desired package you wish to "
13907
"remove, then press the <keycap>-</keycap> key. The package entry should turn "
13908
"<emphasis role=\"italics\">pink</emphasis>, indicating it has been marked "
13909
"for removal. Now press <keycap>g</keycap> to be presented with a summary of "
13910
"package actions. Press <keycap>g</keycap> again, and you will be prompted to "
13911
"become root to complete the removal. Press <keycap>ENTER</keycap> which will "
13912
"result in a <emphasis>Password:</emphasis> prompt. Enter your user password "
13913
"to become root. Finally, press <keycap>g</keycap> once more, then press "
13914
"<keycap>ENTER</keycap> on the <emphasis>Continue</emphasis> prompt, and "
13915
"removal of the package will commence."
10628
13916
msgstr ""
10629
13917
10630
#: serverguide/C/package-management.xml:234(para)
13918
#: serverguide/C/package-management.xml:237(para)
10631
13919
msgid ""
10632
13920
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10633
13921
"package index, simply press the <keycap>u</keycap> key and you will be "
10634
13922
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10635
"which will result in a Password: prompt. Enter your user password to become "
10636
"root. Updating of the package index will commence. Press "
10637
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10638
"presented to complete the process."
13923
"which will result in a <emphasis role=\"italics\">Password:</emphasis> "
13924
"prompt. Enter your user password to become root. Updating of the package "
13925
"index will commence. Press <keycap>ENTER</keycap> on the "
13926
"<emphasis>OK</emphasis> prompt when the download dialog is presented to "
13927
"complete the process."
10639
13928
msgstr ""
10640
13929
10641
#: serverguide/C/package-management.xml:238(para)
13930
#: serverguide/C/package-management.xml:241(para)
10642
13931
msgid ""
10643
13932
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10644
13933
"perform the update of the package index as detailed above, and then press "
10646
13935
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10647
13936
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10648
13937
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10649
"result in a Password: prompt. Enter your user password to become root. "
10650
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10651
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10652
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10653
"will commence."
13938
"result in a <emphasis>Password:</emphasis> prompt. Enter your user password "
13939
"to become root. Finally, press <keycap>g</keycap> once more, and you'll be "
13940
"prompted to download the packages. Press <keycap>ENTER</keycap> on the "
13941
"<emphasis>Continue</emphasis> prompt, and upgrade of the packages will "
13942
"commence."
10654
13943
msgstr ""
10655
13944
10656
#: serverguide/C/package-management.xml:245(para)
13945
#: serverguide/C/package-management.xml:248(para)
10657
13946
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10658
13947
msgstr ""
10659
13948
10660
#: serverguide/C/package-management.xml:250(para)
13949
#: serverguide/C/package-management.xml:253(para)
10661
13950
msgid ""
10662
13951
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10663
13952
"configuration remains on system"
10664
13953
msgstr ""
10665
13954
10666
#: serverguide/C/package-management.xml:254(para)
13955
#: serverguide/C/package-management.xml:257(para)
10667
13956
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10668
13957
msgstr ""
10669
13958
10670
#: serverguide/C/package-management.xml:258(para)
13959
#: serverguide/C/package-management.xml:261(para)
10671
13960
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10672
13961
msgstr ""
10673
13962
10674
#: serverguide/C/package-management.xml:262(para)
13963
#: serverguide/C/package-management.xml:265(para)
10675
13964
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10676
13965
msgstr ""
10677
13966
10678
#: serverguide/C/package-management.xml:266(para)
13967
#: serverguide/C/package-management.xml:269(para)
10679
13968
msgid ""
10680
13969
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10681
13970
"configured"
10682
13971
msgstr ""
10683
13972
10684
#: serverguide/C/package-management.xml:270(para)
13973
#: serverguide/C/package-management.xml:273(para)
10685
13974
msgid ""
10686
13975
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10687
13976
"and requires fix"
10688
13977
msgstr ""
10689
13978
10690
#: serverguide/C/package-management.xml:274(para)
13979
#: serverguide/C/package-management.xml:277(para)
10691
13980
msgid ""
10692
13981
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10693
13982
"requires fix"
10694
13983
msgstr ""
10695
13984
10696
#: serverguide/C/package-management.xml:242(para)
13985
#: serverguide/C/package-management.xml:245(para)
10697
13986
msgid ""
10698
13987
"The first column of information displayed in the package list in the top "
10699
13988
"pane, when actually viewing packages lists the current state of the package, "
10701
13990
"<placeholder-1/>"
10702
13991
msgstr ""
10703
13992
10704
#: serverguide/C/package-management.xml:280(para)
13993
#: serverguide/C/package-management.xml:283(para)
10705
13994
msgid ""
10706
13995
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10707
13996
"wish to exit. Many other functions are available from the Aptitude menu by "
10708
13997
"pressing the <keycap>F10</keycap> key."
10709
13998
msgstr ""
10710
13999
10711
#: serverguide/C/package-management.xml:285(title)
14000
#: serverguide/C/package-management.xml:286(title)
14001
msgid "Command Line Aptitude"
14002
msgstr ""
14003
14004
#: serverguide/C/package-management.xml:287(para)
14005
msgid ""
14006
"You can also use <application>Aptitude</application> as a command-line tool, "
14007
"similar to <application>apt-get</application>. To install the "
14008
"<application>nmap</application> package with all necessary dependencies, as "
14009
"in the <application>apt-get</application> example, you would use the "
14010
"following command: <screen>\n"
14011
"<command>sudo aptitude install nmap</command>\n"
14012
"</screen> To remove the same package, you would use the command: <screen>\n"
14013
"<command>sudo aptitude remove nmap</command>\n"
14014
"</screen> Consult the <application>man</application> pages for more details "
14015
"of command line options for <application>Aptitude</application>."
14016
msgstr ""
14017
14018
#: serverguide/C/package-management.xml:300(title)
10712
14019
msgid "Automatic Updates"
10713
14020
msgstr ""
10714
14021
10715
#: serverguide/C/package-management.xml:287(para)
14022
#: serverguide/C/package-management.xml:302(para)
10716
14023
msgid ""
10717
14024
"The <application>unattended-upgrades</application> package can be used to "
10718
14025
"automatically install updated packages, and can be configured to update all "
10720
14027
"entering the following in a terminal:"
10721
14028
msgstr ""
10722
14029
10723
#: serverguide/C/package-management.xml:293(command)
14030
#: serverguide/C/package-management.xml:308(command)
10724
14031
msgid "sudo apt-get install unattended-upgrades"
10725
14032
msgstr ""
10726
14033
10727
#: serverguide/C/package-management.xml:296(para)
14034
#: serverguide/C/package-management.xml:311(para)
10728
14035
msgid ""
10729
14036
"To configure <application>unattended-upgrades</application>, edit "
10730
14037
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10731
14038
"the following to fit your needs:"
10732
14039
msgstr ""
10733
14040
10734
#: serverguide/C/package-management.xml:301(programlisting)
14041
#: serverguide/C/package-management.xml:316(programlisting)
10735
14042
#, no-wrap
10736
14043
msgid ""
10737
14044
"\n"
10738
14045
"Unattended-Upgrade::Allowed-Origins {\n"
10739
" \"Ubuntu maverick-security\";\n"
10740
"// \"Ubuntu maverick-updates\";\n"
14046
" \"Ubuntu precise-security\";\n"
14047
"// \"Ubuntu precise-updates\";\n"
10741
14048
"};\n"
10742
14049
msgstr ""
10743
14050
10744
#: serverguide/C/package-management.xml:308(para)
14051
#: serverguide/C/package-management.xml:323(para)
10745
14052
msgid ""
10746
14053
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10747
14054
"will not be automatically updated. To blacklist a package, add it to the "
10748
14055
"list:"
10749
14056
msgstr ""
10750
14057
10751
#: serverguide/C/package-management.xml:313(programlisting)
14058
#: serverguide/C/package-management.xml:328(programlisting)
10752
14059
#, no-wrap
10753
14060
msgid ""
10754
14061
"\n"
10760
14067
"};\n"
10761
14068
msgstr ""
10762
14069
10763
#: serverguide/C/package-management.xml:323(para)
14070
#: serverguide/C/package-management.xml:338(para)
10764
14071
msgid ""
10765
14072
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10766
14073
"whatever follows \"//\" will not be evaluated."
10767
14074
msgstr ""
10768
14075
10769
#: serverguide/C/package-management.xml:328(para)
14076
#: serverguide/C/package-management.xml:343(para)
10770
14077
msgid ""
10771
14078
"To enable automatic updates, edit "
10772
14079
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10773
14080
"<application>apt</application> configuration options:"
10774
14081
msgstr ""
10775
14082
10776
#: serverguide/C/package-management.xml:332(programlisting)
14083
#: serverguide/C/package-management.xml:347(programlisting)
10777
14084
#, no-wrap
10778
14085
msgid ""
10779
14086
"\n"
10783
14090
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10784
14091
msgstr ""
10785
14092
10786
#: serverguide/C/package-management.xml:339(para)
14093
#: serverguide/C/package-management.xml:354(para)
10787
14094
msgid ""
10788
14095
"The above configuration updates the package list, downloads, and installs "
10789
14096
"available upgrades every day. The local download archive is cleaned every "
10790
14097
"week."
10791
14098
msgstr ""
10792
14099
10793
#: serverguide/C/package-management.xml:345(para)
14100
#: serverguide/C/package-management.xml:360(para)
10794
14101
msgid ""
10795
14102
"You can read more about <application>apt</application> Periodic "
10796
14103
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10797
14104
"header."
10798
14105
msgstr ""
10799
14106
10800
#: serverguide/C/package-management.xml:350(para)
14107
#: serverguide/C/package-management.xml:365(para)
10801
14108
msgid ""
10802
14109
"The results of <application>unattended-upgrades</application> will be logged "
10803
14110
"to <filename>/var/log/unattended-upgrades</filename>."
10804
14111
msgstr ""
10805
14112
10806
#: serverguide/C/package-management.xml:355(title)
14113
#: serverguide/C/package-management.xml:370(title)
10807
14114
msgid "Notifications"
10808
14115
msgstr ""
10809
14116
10810
#: serverguide/C/package-management.xml:357(para)
14117
#: serverguide/C/package-management.xml:372(para)
10811
14118
msgid ""
10812
14119
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10813
14120
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10815
14122
"detailing any packages that need upgrading or have problems."
10816
14123
msgstr ""
10817
14124
10818
#: serverguide/C/package-management.xml:362(para)
14125
#: serverguide/C/package-management.xml:377(para)
10819
14126
msgid ""
10820
14127
"Another useful package is <application>apticron</application>. "
10821
14128
"<application>apticron</application> will configure a "
10824
14131
"summary of changes in each package."
10825
14132
msgstr ""
10826
14133
10827
#: serverguide/C/package-management.xml:368(para)
14134
#: serverguide/C/package-management.xml:383(para)
10828
14135
msgid ""
10829
14136
"To install the <application>apticron</application> package, in a terminal "
10830
14137
"enter:"
10831
14138
msgstr ""
10832
14139
10833
#: serverguide/C/package-management.xml:373(command)
14140
#: serverguide/C/package-management.xml:388(command)
10834
14141
msgid "sudo apt-get install apticron"
10835
14142
msgstr ""
10836
14143
10837
#: serverguide/C/package-management.xml:376(para)
14144
#: serverguide/C/package-management.xml:391(para)
10838
14145
msgid ""
10839
14146
"Once the package is installed edit "
10840
14147
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10841
14148
"and other options:"
10842
14149
msgstr ""
10843
14150
10844
#: serverguide/C/package-management.xml:380(programlisting)
14151
#: serverguide/C/package-management.xml:395(programlisting)
10845
14152
#, no-wrap
10846
14153
msgid ""
10847
14154
"\n"
10848
14155
"EMAIL=\"root@example.com\"\n"
10849
14156
msgstr ""
10850
14157
10851
#: serverguide/C/package-management.xml:389(para)
14158
#: serverguide/C/package-management.xml:404(para)
10852
14159
msgid ""
10853
14160
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10854
"system repositories is stored in the /etc/apt/sources.list configuration "
10855
"file. An example of this file is referenced here, along with information on "
10856
"adding or removing repository references from the file."
14161
"system repositories is stored in the "
14162
"<filename>/etc/apt/sources.list</filename> file and the "
14163
"<filename>/etc/apt/sources.list.d</filename> directory. An example of this "
14164
"file is referenced here, along with information on adding or removing "
14165
"repository references from the file."
10857
14166
msgstr ""
10858
14167
10859
#: serverguide/C/package-management.xml:395(para)
14168
#: serverguide/C/package-management.xml:409(para)
10860
14169
msgid ""
10861
14170
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10862
14171
"typical <filename>/etc/apt/sources.list</filename> file."
10863
14172
msgstr ""
10864
14173
10865
#: serverguide/C/package-management.xml:399(para)
14174
#: serverguide/C/package-management.xml:413(para)
10866
14175
msgid ""
10867
14176
"You may edit the file to enable repositories or disable them. For example, "
10868
14177
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10870
14179
"which appears at the top of the file:"
10871
14180
msgstr ""
10872
14181
10873
#: serverguide/C/package-management.xml:404(screen)
14182
#: serverguide/C/package-management.xml:418(screen)
10874
14183
#, no-wrap
10875
14184
msgid ""
10876
14185
"\n"
10877
14186
"# no more prompting for CD-ROM please\n"
10878
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10879
"main restricted\n"
14187
"# deb cdrom:[Ubuntu 12.04 _Precise Pangolin_ - Release i386 (20111013.1)]/ "
14188
"precise main restricted\n"
10880
14189
msgstr ""
10881
14190
10882
#: serverguide/C/package-management.xml:410(title)
14191
#: serverguide/C/package-management.xml:424(title)
10883
14192
msgid "Extra Repositories"
10884
14193
msgstr ""
10885
14194
10886
#: serverguide/C/package-management.xml:411(para)
14195
#: serverguide/C/package-management.xml:425(para)
10887
14196
msgid ""
10888
14197
"In addition to the officially supported package repositories available for "
10889
14198
"Ubuntu, there exist additional community-maintained repositories which add "
10890
"thousands more potential packages for installation. Two of the most popular "
14199
"thousands more packages for potential installation. Two of the most popular "
10891
14200
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10892
14201
"repositories. These repositories are not officially supported by Ubuntu, but "
10893
14202
"because they are maintained by the community they generally provide packages "
10894
14203
"which are safe for use with your Ubuntu computer."
10895
14204
msgstr ""
10896
14205
10897
#: serverguide/C/package-management.xml:414(para)
14206
#: serverguide/C/package-management.xml:428(para)
10898
14207
msgid ""
10899
14208
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10900
14209
"licensing issues that prevent them from being distributed with a free "
10901
14210
"operating system, and they may be illegal in your locality."
10902
14211
msgstr ""
10903
14212
10904
#: serverguide/C/package-management.xml:416(para)
14213
#: serverguide/C/package-management.xml:430(para)
10905
14214
msgid ""
10906
14215
"Be advised that neither the <emphasis>Universe</emphasis> or "
10907
14216
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10909
14218
"packages."
10910
14219
msgstr ""
10911
14220
10912
#: serverguide/C/package-management.xml:420(para)
14221
#: serverguide/C/package-management.xml:434(para)
10913
14222
msgid ""
10914
14223
"Many other package sources are available, sometimes even offering only one "
10915
14224
"package, as in the case of package sources provided by the developer of a "
10920
14229
"functional in some respects."
10921
14230
msgstr ""
10922
14231
10923
#: serverguide/C/package-management.xml:423(para)
14232
#: serverguide/C/package-management.xml:437(para)
10924
14233
msgid ""
10925
14234
"By default, the <emphasis>Universe</emphasis> and "
10926
14235
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10928
14237
"comment the following lines:"
10929
14238
msgstr ""
10930
14239
10931
#: serverguide/C/package-management.xml:430(programlisting)
14240
#: serverguide/C/package-management.xml:444(programlisting)
10932
14241
#, no-wrap
10933
14242
msgid ""
10934
14243
"\n"
10935
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10936
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10937
"\n"
10938
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10939
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10940
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10941
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10942
"\n"
10943
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10944
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10945
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10946
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10947
"\n"
10948
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10949
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10950
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10951
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
14244
"deb http://archive.ubuntu.com/ubuntu precise universe multiverse\n"
14245
"deb-src http://archive.ubuntu.com/ubuntu precise universe multiverse\n"
14246
"\n"
14247
"deb http://us.archive.ubuntu.com/ubuntu/ precise universe\n"
14248
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise universe\n"
14249
"deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe\n"
14250
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates universe\n"
14251
"\n"
14252
"deb http://us.archive.ubuntu.com/ubuntu/ precise multiverse\n"
14253
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise multiverse\n"
14254
"deb http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse\n"
14255
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse\n"
14256
"\n"
14257
"deb http://security.ubuntu.com/ubuntu precise-security universe\n"
14258
"deb-src http://security.ubuntu.com/ubuntu precise-security universe\n"
14259
"deb http://security.ubuntu.com/ubuntu precise-security multiverse\n"
14260
"deb-src http://security.ubuntu.com/ubuntu precise-security multiverse\n"
10952
14261
msgstr ""
10953
14262
10954
#: serverguide/C/package-management.xml:456(para)
14263
#: serverguide/C/package-management.xml:470(para)
10955
14264
msgid ""
10956
14265
"Most of the material covered in this chapter is available in "
10957
14266
"<application>man</application> pages, many of which are available online."
10958
14267
msgstr ""
10959
14268
10960
#: serverguide/C/package-management.xml:463(para)
14269
#: serverguide/C/package-management.xml:477(para)
10961
14270
msgid ""
10962
14271
"The <ulink "
10963
14272
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10964
14273
"re</ulink> Ubuntu wiki page has more information."
10965
14274
msgstr ""
10966
14275
10967
#: serverguide/C/package-management.xml:468(para)
14276
#: serverguide/C/package-management.xml:482(para)
10968
14277
msgid ""
10969
14278
"For more <application>dpkg</application> details see the <ulink "
10970
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10971
" man page</ulink>."
14279
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man1/dpkg.1.html\">dpkg "
14280
"man page</ulink>."
10972
14281
msgstr ""
10973
14282
10974
#: serverguide/C/package-management.xml:474(para)
14283
#: serverguide/C/package-management.xml:488(para)
10975
14284
msgid ""
10976
14285
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10977
14286
"HOWTO</ulink> and <ulink "
10978
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
14287
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/apt-"
10979
14288
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10980
14289
"<application>apt-get</application> usage."
10981
14290
msgstr ""
10982
14291
10983
#: serverguide/C/package-management.xml:481(para)
14292
#: serverguide/C/package-management.xml:495(para)
10984
14293
msgid ""
10985
14294
"See the <ulink "
10986
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10987
"itude man page</ulink> for more <application>aptitude</application> options."
14295
"url=\"http://manpages.ubuntu.com/manpages/precise/man8/aptitude.8.html\">apti"
14296
"tude man page</ulink> for more <application>aptitude</application> options."
10988
14297
msgstr ""
10989
14298
10990
#: serverguide/C/package-management.xml:487(para)
14299
#: serverguide/C/package-management.xml:501(para)
10991
14300
msgid ""
10992
14301
"The <ulink "
10993
14302
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11424
14733
#: serverguide/C/other-apps.xml:334(para)
11425
14734
msgid ""
11426
14735
"See the <ulink "
11427
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
14736
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man1/update-"
11428
14737
"motd.1.html\">update-motd man page</ulink> for more options available to "
11429
14738
"<application>update-motd</application>."
11430
14739
msgstr ""
11490
14799
"discussion of popular network protocols."
11491
14800
msgstr ""
11492
14801
11493
#: serverguide/C/network-config.xml:27(title)
11494
msgid "Network Configuration"
11495
msgstr ""
11496
11497
14802
#: serverguide/C/network-config.xml:28(para)
11498
14803
msgid ""
11499
14804
"Ubuntu ships with a number of graphical utilities to configure your network "
11590
14895
"Reboot the system to commit your changes."
11591
14896
msgstr ""
11592
14897
11593
#: serverguide/C/network-config.xml:92(programlisting)
11594
#, no-wrap
11595
msgid ""
11596
"\n"
11597
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11598
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11599
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11600
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11601
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11602
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11603
msgstr ""
11604
11605
#: serverguide/C/network-config.xml:99(title)
14898
#: serverguide/C/network-config.xml:95(title)
11606
14899
msgid "Ethernet Interface Settings"
11607
14900
msgstr ""
11608
14901
11609
#: serverguide/C/network-config.xml:100(para)
14902
#: serverguide/C/network-config.xml:96(para)
11610
14903
msgid ""
11611
14904
"<application>ethtool</application> is a program that displays and changes "
11612
14905
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11614
14907
"installation in the repositories."
11615
14908
msgstr ""
11616
14909
11617
#: serverguide/C/network-config.xml:106(userinput)
14910
#: serverguide/C/network-config.xml:102(userinput)
11618
14911
#, no-wrap
11619
14912
msgid "sudo apt-get install ethtool"
11620
14913
msgstr ""
11621
14914
11622
#: serverguide/C/network-config.xml:108(para)
14915
#: serverguide/C/network-config.xml:104(para)
11623
14916
msgid ""
11624
14917
"The following is an example of how to view supported features and configured "
11625
14918
"settings of an Ethernet interface."
11626
14919
msgstr ""
11627
14920
11628
#: serverguide/C/network-config.xml:113(userinput)
14921
#: serverguide/C/network-config.xml:109(userinput)
11629
14922
#, no-wrap
11630
14923
msgid "sudo ethtool eth0"
11631
14924
msgstr ""
11632
14925
11633
#: serverguide/C/network-config.xml:112(screen)
14926
#: serverguide/C/network-config.xml:108(screen)
11634
14927
#, no-wrap
11635
14928
msgid ""
11636
14929
"\n"
11657
14950
" Link detected: yes\n"
11658
14951
msgstr ""
11659
14952
11660
#: serverguide/C/network-config.xml:135(para)
14953
#: serverguide/C/network-config.xml:131(para)
11661
14954
msgid ""
11662
14955
"Changes made with the <application>ethtool</application> command are "
11663
14956
"temporary and will be lost after a reboot. If you would like to retain "
11666
14959
"configuration file <filename>/etc/network/interfaces</filename>."
11667
14960
msgstr ""
11668
14961
11669
#: serverguide/C/network-config.xml:141(para)
14962
#: serverguide/C/network-config.xml:137(para)
11670
14963
msgid ""
11671
14964
"The following is an example of how the interface identified as <emphasis "
11672
14965
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11673
14966
"speed of 1000Mb/s running in full duplex mode."
11674
14967
msgstr ""
11675
14968
11676
#: serverguide/C/network-config.xml:145(programlisting)
14969
#: serverguide/C/network-config.xml:141(programlisting)
11677
14970
#, no-wrap
11678
14971
msgid ""
11679
14972
"\n"
11680
14973
"auto eth0\n"
11681
14974
"iface eth0 inet static\n"
11682
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
14975
"pre-up /sbin/ethtool -s eth0 speed 1000 duplex full\n"
11683
14976
msgstr ""
11684
14977
11685
#: serverguide/C/network-config.xml:151(para)
14978
#: serverguide/C/network-config.xml:147(para)
11686
14979
msgid ""
11687
14980
"Although the example above shows the interface configured to use the "
11688
14981
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11691
14984
"statement in relation to the rest of the interface configuration."
11692
14985
msgstr ""
11693
14986
11694
#: serverguide/C/network-config.xml:163(title)
14987
#: serverguide/C/network-config.xml:159(title)
11695
14988
msgid "IP Addressing"
11696
14989
msgstr ""
11697
14990
11698
#: serverguide/C/network-config.xml:164(para)
14991
#: serverguide/C/network-config.xml:160(para)
11699
14992
msgid ""
11700
14993
"The following section describes the process of configuring your systems IP "
11701
14994
"address and default gateway needed for communicating on a local area network "
11702
14995
"and the Internet."
11703
14996
msgstr ""
11704
14997
11705
#: serverguide/C/network-config.xml:171(title)
14998
#: serverguide/C/network-config.xml:167(title)
11706
14999
msgid "Temporary IP Address Assignment"
11707
15000
msgstr ""
11708
15001
11709
#: serverguide/C/network-config.xml:172(para)
15002
#: serverguide/C/network-config.xml:168(para)
11710
15003
msgid ""
11711
15004
"For temporary network configurations, you can use standard commands such as "
11712
15005
"<application>ip</application>, <application>ifconfig</application> and "
11716
15009
"lost after a reboot."
11717
15010
msgstr ""
11718
15011
11719
#: serverguide/C/network-config.xml:180(para)
15012
#: serverguide/C/network-config.xml:176(para)
11720
15013
msgid ""
11721
15014
"To temporarily configure an IP address, you can use the "
11722
15015
"<application>ifconfig</application> command in the following manner. Just "
11723
15016
"modify the IP address and subnet mask to match your network requirements."
11724
15017
msgstr ""
11725
15018
11726
#: serverguide/C/network-config.xml:186(userinput)
15019
#: serverguide/C/network-config.xml:182(userinput)
11727
15020
#, no-wrap
11728
15021
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11729
15022
msgstr ""
11730
15023
11731
#: serverguide/C/network-config.xml:188(para)
15024
#: serverguide/C/network-config.xml:184(para)
11732
15025
msgid ""
11733
15026
"To verify the IP address configuration of <application>eth0</application>, "
11734
15027
"you can use the <application>ifconfig</application> command in the following "
11735
15028
"manner."
11736
15029
msgstr ""
11737
15030
11738
#: serverguide/C/network-config.xml:193(userinput)
15031
#: serverguide/C/network-config.xml:189(userinput)
11739
15032
#, no-wrap
11740
15033
msgid "ifconfig eth0"
11741
15034
msgstr ""
11742
15035
11743
#: serverguide/C/network-config.xml:192(screen)
15036
#: serverguide/C/network-config.xml:188(screen)
11744
15037
#, no-wrap
11745
15038
msgid ""
11746
15039
"\n"
11756
15049
" Interrupt:16 \n"
11757
15050
msgstr ""
11758
15051
11759
#: serverguide/C/network-config.xml:204(para)
15052
#: serverguide/C/network-config.xml:200(para)
11760
15053
msgid ""
11761
15054
"To configure a default gateway, you can use the "
11762
15055
"<application>route</application> command in the following manner. Modify the "
11763
15056
"default gateway address to match your network requirements."
11764
15057
msgstr ""
11765
15058
11766
#: serverguide/C/network-config.xml:210(userinput)
15059
#: serverguide/C/network-config.xml:206(userinput)
11767
15060
#, no-wrap
11768
15061
msgid "sudo route add default gw 10.0.0.1 eth0"
11769
15062
msgstr ""
11770
15063
11771
#: serverguide/C/network-config.xml:212(para)
15064
#: serverguide/C/network-config.xml:208(para)
11772
15065
msgid ""
11773
15066
"To verify your default gateway configuration, you can use the "
11774
15067
"<application>route</application> command in the following manner."
11775
15068
msgstr ""
11776
15069
11777
#: serverguide/C/network-config.xml:217(userinput)
15070
#: serverguide/C/network-config.xml:213(userinput)
11778
15071
#, no-wrap
11779
15072
msgid "route -n"
11780
15073
msgstr ""
11781
15074
11782
#: serverguide/C/network-config.xml:216(screen)
15075
#: serverguide/C/network-config.xml:212(screen)
11783
15076
#, no-wrap
11784
15077
msgid ""
11785
15078
"\n"
11793
15086
"eth0\n"
11794
15087
msgstr ""
11795
15088
11796
#: serverguide/C/network-config.xml:223(para)
15089
#: serverguide/C/network-config.xml:219(para)
11797
15090
msgid ""
11798
15091
"If you require DNS for your temporary network configuration, you can add DNS "
11799
15092
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11803
15096
"configuration is in a following section."
11804
15097
msgstr ""
11805
15098
11806
#: serverguide/C/network-config.xml:230(programlisting)
15099
#: serverguide/C/network-config.xml:226(programlisting)
11807
15100
#, no-wrap
11808
15101
msgid ""
11809
15102
"\n"
11811
15104
"nameserver 8.8.4.4\n"
11812
15105
msgstr ""
11813
15106
11814
#: serverguide/C/network-config.xml:234(para)
15107
#: serverguide/C/network-config.xml:230(para)
11815
15108
msgid ""
11816
15109
"If you no longer need this configuration and wish to purge all IP "
11817
15110
"configuration from an interface, you can use the "
11818
15111
"<application>ip</application> command with the flush option as shown below."
11819
15112
msgstr ""
11820
15113
11821
#: serverguide/C/network-config.xml:240(userinput)
15114
#: serverguide/C/network-config.xml:236(userinput)
11822
15115
#, no-wrap
11823
15116
msgid "ip addr flush eth0"
11824
15117
msgstr ""
11825
15118
11826
#: serverguide/C/network-config.xml:243(para)
15119
#: serverguide/C/network-config.xml:239(para)
11827
15120
msgid ""
11828
15121
"Flushing the IP configuration using the <application>ip</application> "
11829
15122
"command does not clear the contents of "
11831
15124
"entries manually."
11832
15125
msgstr ""
11833
15126
11834
#: serverguide/C/network-config.xml:251(title)
15127
#: serverguide/C/network-config.xml:247(title)
11835
15128
msgid "Dynamic IP Address Assignment (DHCP Client)"
11836
15129
msgstr ""
11837
15130
11838
#: serverguide/C/network-config.xml:252(para)
15131
#: serverguide/C/network-config.xml:248(para)
11839
15132
msgid ""
11840
15133
"To configure your server to use DHCP for dynamic address assignment, add the "
11841
15134
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11845
15138
"role=\"italic\">eth0</emphasis>."
11846
15139
msgstr ""
11847
15140
11848
#: serverguide/C/network-config.xml:259(programlisting)
15141
#: serverguide/C/network-config.xml:255(programlisting)
11849
15142
#, no-wrap
11850
15143
msgid ""
11851
15144
"\n"
11853
15146
"iface eth0 inet dhcp\n"
11854
15147
msgstr ""
11855
15148
11856
#: serverguide/C/network-config.xml:263(para)
15149
#: serverguide/C/network-config.xml:259(para)
11857
15150
msgid ""
11858
15151
"By adding an interface configuration as shown above, you can manually enable "
11859
15152
"the interface through the <application>ifup</application> command which "
11860
15153
"initiates the DHCP process via <application>dhclient</application>."
11861
15154
msgstr ""
11862
15155
11863
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
15156
#: serverguide/C/network-config.xml:265(userinput) serverguide/C/network-config.xml:300(userinput)
11864
15157
#, no-wrap
11865
15158
msgid "sudo ifup eth0"
11866
15159
msgstr ""
11867
15160
11868
#: serverguide/C/network-config.xml:271(para)
15161
#: serverguide/C/network-config.xml:267(para)
11869
15162
msgid ""
11870
15163
"To manually disable the interface, you can use the "
11871
15164
"<application>ifdown</application> command, which in turn will initiate the "
11872
15165
"DHCP release process and shut down the interface."
11873
15166
msgstr ""
11874
15167
11875
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
15168
#: serverguide/C/network-config.xml:273(userinput) serverguide/C/network-config.xml:307(userinput)
11876
15169
#, no-wrap
11877
15170
msgid "sudo ifdown eth0"
11878
15171
msgstr ""
11879
15172
11880
#: serverguide/C/network-config.xml:282(title)
15173
#: serverguide/C/network-config.xml:278(title)
11881
15174
msgid "Static IP Address Assignment"
11882
15175
msgstr ""
11883
15176
11884
#: serverguide/C/network-config.xml:283(para)
15177
#: serverguide/C/network-config.xml:279(para)
11885
15178
msgid ""
11886
15179
"To configure your system to use a static IP address assignment, add the "
11887
15180
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11895
15188
"network."
11896
15189
msgstr ""
11897
15190
11898
#: serverguide/C/network-config.xml:292(programlisting)
15191
#: serverguide/C/network-config.xml:288(programlisting)
11899
15192
#, no-wrap
11900
15193
msgid ""
11901
15194
"\n"
11906
15199
"gateway 10.0.0.1\n"
11907
15200
msgstr ""
11908
15201
11909
#: serverguide/C/network-config.xml:299(para)
15202
#: serverguide/C/network-config.xml:295(para)
11910
15203
msgid ""
11911
15204
"By adding an interface configuration as shown above, you can manually enable "
11912
15205
"the interface through the <application>ifup</application> command."
11913
15206
msgstr ""
11914
15207
11915
#: serverguide/C/network-config.xml:306(para)
15208
#: serverguide/C/network-config.xml:302(para)
11916
15209
msgid ""
11917
15210
"To manually disable the interface, you can use the "
11918
15211
"<application>ifdown</application> command."
11919
15212
msgstr ""
11920
15213
11921
#: serverguide/C/network-config.xml:316(title)
15214
#: serverguide/C/network-config.xml:312(title)
11922
15215
msgid "Loopback Interface"
11923
15216
msgstr ""
11924
15217
11925
#: serverguide/C/network-config.xml:317(para)
15218
#: serverguide/C/network-config.xml:313(para)
11926
15219
msgid ""
11927
15220
"The loopback interface is identified by the system as <emphasis "
11928
15221
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11929
15222
"can be viewed using the ifconfig command."
11930
15223
msgstr ""
11931
15224
11932
#: serverguide/C/network-config.xml:322(userinput)
15225
#: serverguide/C/network-config.xml:318(userinput)
11933
15226
#, no-wrap
11934
15227
msgid "ifconfig lo"
11935
15228
msgstr ""
11936
15229
11937
#: serverguide/C/network-config.xml:321(screen)
15230
#: serverguide/C/network-config.xml:317(screen)
11938
15231
#, no-wrap
11939
15232
msgid ""
11940
15233
"\n"
11949
15242
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11950
15243
msgstr ""
11951
15244
11952
#: serverguide/C/network-config.xml:332(para)
15245
#: serverguide/C/network-config.xml:328(para)
11953
15246
msgid ""
11954
15247
"By default, there should be two lines in "
11955
15248
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11958
15251
"example of the two default lines are shown below."
11959
15252
msgstr ""
11960
15253
11961
#: serverguide/C/network-config.xml:338(programlisting)
15254
#: serverguide/C/network-config.xml:334(programlisting)
11962
15255
#, no-wrap
11963
15256
msgid ""
11964
15257
"\n"
11966
15259
"iface lo inet loopback\n"
11967
15260
msgstr ""
11968
15261
11969
#: serverguide/C/network-config.xml:347(title)
15262
#: serverguide/C/network-config.xml:343(title)
11970
15263
msgid "Name Resolution"
11971
15264
msgstr ""
11972
15265
11973
#: serverguide/C/network-config.xml:348(para)
15266
#: serverguide/C/network-config.xml:344(para)
11974
15267
msgid ""
11975
15268
"Name resolution as it relates to IP networking is the process of mapping IP "
11976
15269
"addresses to hostnames, making it easier to identify resources on a network. "
11978
15271
"name resolution using DNS and static hostname records."
11979
15272
msgstr ""
11980
15273
11981
#: serverguide/C/network-config.xml:356(title)
15274
#: serverguide/C/network-config.xml:352(title)
11982
15275
msgid "DNS Client Configuration"
11983
15276
msgstr ""
11984
15277
11985
#: serverguide/C/network-config.xml:357(para)
11986
msgid ""
11987
"To configure your system to use DNS for name resolution, add the IP "
11988
"addresses of the DNS servers that are appropriate for your network in the "
11989
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11990
"suffix search-lists to match your network domain names."
11991
msgstr ""
11992
11993
#: serverguide/C/network-config.xml:362(para)
11994
msgid ""
11995
"Below is an example of a typical configuration of "
11996
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11997
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11998
msgstr ""
11999
12000
#: serverguide/C/network-config.xml:367(programlisting)
12001
#, no-wrap
12002
msgid ""
12003
"\n"
12004
"search example.com\n"
12005
"nameserver 8.8.8.8\n"
12006
"nameserver 8.8.4.4\n"
12007
msgstr ""
12008
12009
#: serverguide/C/network-config.xml:372(para)
15278
#: serverguide/C/network-config.xml:364(programlisting)
15279
#, no-wrap
15280
msgid ""
15281
"\n"
15282
"/etc/resolv.conf -> ../run/resolvconf/resolv.conf\n"
15283
msgstr ""
15284
15285
#: serverguide/C/network-config.xml:353(para)
15286
msgid ""
15287
"Traditionally, the file <filename>/etc/resolv.conf</filename> was a static "
15288
"configuration file that rarely needed to be changed or automatically changed "
15289
"via DCHP client hooks. Nowadays, a computer can switch from one network to "
15290
"another quite often and the <emphasis>resolvconf</emphasis> framework is now "
15291
"being used to track these changes and update the resolver's configuration "
15292
"automatically. It acts as an intermediary between programs that supply "
15293
"nameserver information and applications that need nameserver information. "
15294
"Resolvconf gets populated with information by a set of hook scripts related "
15295
"to network interface configuration. The most notable difference for the user "
15296
"is that any change manually done to /etc/resolv.conf will be lost as it gets "
15297
"overwritten each time something triggers resolvconf. Instead, resolvconf "
15298
"uses DHCP client hooks, and <filename>/etc/network/interfaces</filename> to "
15299
"generate a list of nameservers and domains to put in /etc/resolv.conf, which "
15300
"is now a symlink: <placeholder-1/> To configure the resolver, add the IP "
15301
"addresses of the nameservers that are appropriate for your network in the "
15302
"file <filename>/etc/network/interfaces</filename>. You can also add an "
15303
"optional DNS suffix search-lists to match your network domain names. For "
15304
"each other valid resolv.conf configuration option, you can include, in the "
15305
"stanza, one line beginning with that option name with a <emphasis "
15306
"role=\"bold\">dns-</emphasis> prefix. The resulting file might look like the "
15307
"following:"
15308
msgstr ""
15309
15310
#: serverguide/C/network-config.xml:375(programlisting)
15311
#, no-wrap
15312
msgid ""
15313
"\n"
15314
"iface eth0 inet static\n"
15315
" address 192.168.3.3\n"
15316
" netmask 255.255.255.0\n"
15317
" gateway 192.168.3.1\n"
15318
" dns-search example.com\n"
15319
" dns-nameservers 192.168.3.45 192.168.8.10\n"
15320
msgstr ""
15321
15322
#: serverguide/C/network-config.xml:384(para)
12010
15323
msgid ""
12011
15324
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12012
15325
"multiple domain names so that DNS queries will be appended in the order in "
12017
15330
"role=\"italic\">dev.example.com</emphasis>."
12018
15331
msgstr ""
12019
15332
12020
#: serverguide/C/network-config.xml:380(para)
15333
#: serverguide/C/network-config.xml:391(para)
12021
15334
msgid ""
12022
15335
"If you have multiple domains you wish to search, your configuration might "
12023
"look like the following."
15336
"look like the following:"
12024
15337
msgstr ""
12025
15338
12026
#: serverguide/C/network-config.xml:383(programlisting)
15339
#: serverguide/C/network-config.xml:395(programlisting)
12027
15340
#, no-wrap
12028
15341
msgid ""
12029
15342
"\n"
12030
"search example.com sales.example.com dev.example.com\n"
12031
"nameserver 8.8.8.8\n"
12032
"nameserver 8.8.4.4\n"
15343
"iface eth0 inet static\n"
15344
" address 192.168.3.3\n"
15345
" netmask 255.255.255.0\n"
15346
" gateway 192.168.3.1\n"
15347
" dns-search example.com sales.example.com dev.example.com\n"
15348
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12033
15349
msgstr ""
12034
15350
12035
#: serverguide/C/network-config.xml:388(para)
15351
#: serverguide/C/network-config.xml:404(para)
12036
15352
msgid ""
12037
15353
"If you try to ping a host with the name of <emphasis "
12038
15354
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12039
15355
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12040
15356
msgstr ""
12041
15357
12042
#: serverguide/C/network-config.xml:394(para)
15358
#: serverguide/C/network-config.xml:411(para)
12043
15359
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12044
15360
msgstr ""
12045
15361
12046
#: serverguide/C/network-config.xml:399(para)
15362
#: serverguide/C/network-config.xml:416(para)
12047
15363
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12048
15364
msgstr ""
12049
15365
12050
#: serverguide/C/network-config.xml:404(para)
15366
#: serverguide/C/network-config.xml:421(para)
12051
15367
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12052
15368
msgstr ""
12053
15369
12054
#: serverguide/C/network-config.xml:409(para)
15370
#: serverguide/C/network-config.xml:426(para)
12055
15371
msgid ""
12056
15372
"If no matches are found, the DNS server will provide a result of <emphasis "
12057
15373
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12058
15374
msgstr ""
12059
15375
12060
#: serverguide/C/network-config.xml:416(title)
15376
#: serverguide/C/network-config.xml:433(title)
12061
15377
msgid "Static Hostnames"
12062
15378
msgstr ""
12063
15379
12064
#: serverguide/C/network-config.xml:417(para)
15380
#: serverguide/C/network-config.xml:434(para)
12065
15381
msgid ""
12066
15382
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12067
15383
"file <filename>/etc/hosts</filename>. Entries in the "
12073
15389
"conveniently set to use static hostnames instead of DNS."
12074
15390
msgstr ""
12075
15391
12076
#: serverguide/C/network-config.xml:424(para)
15392
#: serverguide/C/network-config.xml:441(para)
12077
15393
msgid ""
12078
15394
"The following is an example of a <filename>hosts</filename> file where a "
12079
15395
"number of local servers have been identified by simple hostnames, aliases "
12080
15396
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12081
15397
msgstr ""
12082
15398
12083
#: serverguide/C/network-config.xml:428(programlisting)
15399
#: serverguide/C/network-config.xml:445(programlisting)
12084
15400
#, no-wrap
12085
15401
msgid ""
12086
15402
"\n"
12092
15408
"10.0.0.14\tserver4 file server4.example.com\n"
12093
15409
msgstr ""
12094
15410
12095
#: serverguide/C/network-config.xml:437(para)
15411
#: serverguide/C/network-config.xml:454(para)
12096
15412
msgid ""
12097
15413
"In the above example, notice that each of the servers have been given "
12098
15414
"aliases in addition to their proper names and FQDN's. <emphasis "
12105
15421
"role=\"italic\">file</emphasis>."
12106
15422
msgstr ""
12107
15423
12108
#: serverguide/C/network-config.xml:449(title)
15424
#: serverguide/C/network-config.xml:466(title)
12109
15425
msgid "Name Service Switch Configuration"
12110
15426
msgstr ""
12111
15427
12112
#: serverguide/C/network-config.xml:450(para)
15428
#: serverguide/C/network-config.xml:467(para)
12113
15429
msgid ""
12114
15430
"The order in which your system selects a method of resolving hostnames to IP "
12115
15431
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12120
15436
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12121
15437
msgstr ""
12122
15438
12123
#: serverguide/C/network-config.xml:458(programlisting)
15439
#: serverguide/C/network-config.xml:475(programlisting)
12124
15440
#, no-wrap
12125
15441
msgid ""
12126
15442
"\n"
12127
15443
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12128
15444
msgstr ""
12129
15445
12130
#: serverguide/C/network-config.xml:464(para)
15446
#: serverguide/C/network-config.xml:481(para)
12131
15447
msgid ""
12132
15448
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12133
15449
"hostnames located in <filename>/etc/hosts</filename>."
12134
15450
msgstr ""
12135
15451
12136
#: serverguide/C/network-config.xml:470(para)
15452
#: serverguide/C/network-config.xml:487(para)
12137
15453
msgid ""
12138
15454
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12139
15455
"name using Multicast DNS."
12140
15456
msgstr ""
12141
15457
12142
#: serverguide/C/network-config.xml:475(para)
15458
#: serverguide/C/network-config.xml:492(para)
12143
15459
msgid ""
12144
15460
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12145
15461
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12148
15464
"answer."
12149
15465
msgstr ""
12150
15466
12151
#: serverguide/C/network-config.xml:483(para)
15467
#: serverguide/C/network-config.xml:500(para)
12152
15468
msgid ""
12153
15469
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12154
15470
msgstr ""
12155
15471
12156
#: serverguide/C/network-config.xml:488(para)
15472
#: serverguide/C/network-config.xml:505(para)
12157
15473
msgid ""
12158
15474
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12159
15475
msgstr ""
12160
15476
12161
#: serverguide/C/network-config.xml:494(para)
15477
#: serverguide/C/network-config.xml:511(para)
12162
15478
msgid ""
12163
15479
"To modify the order of the above mentioned name resolution methods, you can "
12164
15480
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12167
15483
"<filename>/etc/nsswitch.conf</filename> as shown below."
12168
15484
msgstr ""
12169
15485
12170
#: serverguide/C/network-config.xml:501(programlisting)
15486
#: serverguide/C/network-config.xml:518(programlisting)
12171
15487
#, no-wrap
12172
15488
msgid ""
12173
15489
"\n"
12174
15490
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12175
15491
msgstr ""
12176
15492
12177
#: serverguide/C/network-config.xml:508(title)
12178
msgid "Bridging"
12179
msgstr ""
12180
12181
#: serverguide/C/network-config.xml:510(para)
15493
#: serverguide/C/network-config.xml:527(para)
12182
15494
msgid ""
12183
15495
"Bridging multiple interfaces is a more advanced configuration, but is very "
12184
15496
"useful in multiple scenarios. One scenario is setting up a bridge with "
12188
15500
"The following example covers the latter scenario."
12189
15501
msgstr ""
12190
15502
12191
#: serverguide/C/network-config.xml:517(para)
15503
#: serverguide/C/network-config.xml:534(para)
12192
15504
msgid ""
12193
15505
"Before configuring a bridge you will need to install the <application>bridge-"
12194
15506
"utils</application> package. To install the package, in a terminal enter:"
12195
15507
msgstr ""
12196
15508
12197
#: serverguide/C/network-config.xml:523(command)
12198
msgid "sudo apt-get install bridge-utils"
12199
msgstr ""
12200
12201
#: serverguide/C/network-config.xml:526(para)
15509
#: serverguide/C/network-config.xml:543(para)
12202
15510
msgid ""
12203
15511
"Next, configure the bridge by editing "
12204
15512
"<filename>/etc/network/interfaces</filename>:"
12205
15513
msgstr ""
12206
15514
12207
#: serverguide/C/network-config.xml:530(programlisting)
15515
#: serverguide/C/network-config.xml:547(programlisting)
12208
15516
#, no-wrap
12209
15517
msgid ""
12210
15518
"\n"
12225
15533
" bridge_stp off\n"
12226
15534
msgstr ""
12227
15535
12228
#: serverguide/C/network-config.xml:549(para)
15536
#: serverguide/C/network-config.xml:566(para)
12229
15537
msgid "Enter the appropriate values for your physical interface and network."
12230
15538
msgstr ""
12231
15539
12232
#: serverguide/C/network-config.xml:554(para)
15540
#: serverguide/C/network-config.xml:571(para)
12233
15541
msgid "Now restart networking to enable the bridge interface:"
12234
15542
msgstr ""
12235
15543
12236
#: serverguide/C/network-config.xml:561(para)
15544
#: serverguide/C/network-config.xml:576(command)
15545
msgid "sudo /etc/init.d/networking restart"
15546
msgstr "sudo /etc/init.d/networking restart"
15547
15548
#: serverguide/C/network-config.xml:578(para)
12237
15549
msgid ""
12238
15550
"The new bridge interface should now be up and running. The "
12239
15551
"<application>brctl</application> provides useful information about the state "
12241
15553
"<command>man brctl</command> for more information."
12242
15554
msgstr ""
12243
15555
12244
#: serverguide/C/network-config.xml:577(para)
15556
#: serverguide/C/network-config.xml:594(para)
12245
15557
msgid ""
12246
15558
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12247
15559
"Network page</ulink> has links to articles covering more advanced network "
12248
15560
"configuration."
12249
15561
msgstr ""
12250
15562
12251
#: serverguide/C/network-config.xml:583(para)
12252
msgid ""
12253
"The <ulink "
12254
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12255
"\">interfaces man page</ulink> has details on more options for "
15563
#: serverguide/C/network-config.xml:600(para)
15564
msgid ""
15565
"The <ulink "
15566
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
15567
" man page</ulink> has more information on resolvconf."
15568
msgstr ""
15569
15570
#: serverguide/C/network-config.xml:606(para)
15571
msgid ""
15572
"The <ulink "
15573
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
15574
" man page</ulink> has details on more options for "
12256
15575
"<filename>/etc/network/interfaces</filename>."
12257
15576
msgstr ""
12258
15577
12259
#: serverguide/C/network-config.xml:589(para)
15578
#: serverguide/C/network-config.xml:612(para)
12260
15579
msgid ""
12261
15580
"The <ulink "
12262
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12263
"dhclient man page</ulink> has details on more options for configuring DHCP "
12264
"client settings."
15581
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
15582
"man page</ulink> has details on more options for configuring DHCP client "
15583
"settings."
12265
15584
msgstr ""
12266
15585
12267
#: serverguide/C/network-config.xml:595(para)
15586
#: serverguide/C/network-config.xml:618(para)
12268
15587
msgid ""
12269
15588
"For more information on DNS client configuration see the <ulink "
12270
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12271
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
15589
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
15590
"man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12272
15591
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12273
15592
"Administrator's Guide</ulink> is a good source of resolver and name service "
12274
15593
"configuration information."
12275
15594
msgstr ""
12276
15595
12277
#: serverguide/C/network-config.xml:603(para)
15596
#: serverguide/C/network-config.xml:626(para)
12278
15597
msgid ""
12279
15598
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12280
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12281
"tl man page</ulink> and the Linux Foundation's <ulink "
15599
"url=\"http://manpages.ubuntu.com/manpages/man8/brctl.8.html\">brctl man "
15600
"page</ulink> and the Linux Foundation's <ulink "
12282
15601
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12283
15602
msgstr ""
12284
15603
12285
#: serverguide/C/network-config.xml:614(title)
15604
#: serverguide/C/network-config.xml:637(title)
12286
15605
msgid "TCP/IP"
12287
15606
msgstr ""
12288
15607
12289
#: serverguide/C/network-config.xml:615(para)
15608
#: serverguide/C/network-config.xml:638(para)
12290
15609
msgid ""
12291
15610
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12292
15611
"standard set of protocols developed in the late 1970s by the Defense "
12296
15615
"network protocols on Earth."
12297
15616
msgstr ""
12298
15617
12299
#: serverguide/C/network-config.xml:623(title)
15618
#: serverguide/C/network-config.xml:646(title)
12300
15619
msgid "TCP/IP Introduction"
12301
15620
msgstr ""
12302
15621
12303
#: serverguide/C/network-config.xml:624(para)
15622
#: serverguide/C/network-config.xml:647(para)
12304
15623
msgid ""
12305
15624
"The two protocol components of TCP/IP deal with different aspects of "
12306
15625
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12315
15634
"host."
12316
15635
msgstr ""
12317
15636
12318
#: serverguide/C/network-config.xml:637(title)
15637
#: serverguide/C/network-config.xml:660(title)
12319
15638
msgid "TCP/IP Configuration"
12320
15639
msgstr ""
12321
15640
12322
#: serverguide/C/network-config.xml:638(para)
15641
#: serverguide/C/network-config.xml:661(para)
12323
15642
msgid ""
12324
15643
"The TCP/IP protocol configuration consists of several elements which must be "
12325
15644
"set by editing the appropriate configuration files, or deploying solutions "
12330
15649
"system."
12331
15650
msgstr ""
12332
15651
12333
#: serverguide/C/network-config.xml:650(para)
15652
#: serverguide/C/network-config.xml:673(para)
12334
15653
msgid ""
12335
15654
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12336
15655
"identifying string expressed as four decimal numbers ranging from zero (0) "
12340
15659
"<emphasis>dotted quad notation</emphasis>."
12341
15660
msgstr ""
12342
15661
12343
#: serverguide/C/network-config.xml:660(para)
15662
#: serverguide/C/network-config.xml:683(para)
12344
15663
msgid ""
12345
15664
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12346
15665
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12351
15670
"remain available for specifying hosts on the subnetwork."
12352
15671
msgstr ""
12353
15672
12354
#: serverguide/C/network-config.xml:671(para)
15673
#: serverguide/C/network-config.xml:694(para)
12355
15674
msgid ""
12356
15675
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12357
15676
"represents the bytes comprising the network portion of an IP address. For "
12364
15683
"network and a zero (0) for all the possible hosts on the network."
12365
15684
msgstr ""
12366
15685
12367
#: serverguide/C/network-config.xml:684(para)
15686
#: serverguide/C/network-config.xml:707(para)
12368
15687
msgid ""
12369
15688
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12370
15689
"is an IP address which allows network data to be sent simultaneously to all "
12378
15697
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12379
15698
msgstr ""
12380
15699
12381
#: serverguide/C/network-config.xml:697(para)
15700
#: serverguide/C/network-config.xml:720(para)
12382
15701
msgid ""
12383
15702
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12384
15703
"IP address through which a particular network, or host on a network, may be "
12391
15710
"not be able to reach any hosts beyond those on the same network."
12392
15711
msgstr ""
12393
15712
12394
#: serverguide/C/network-config.xml:708(para)
15713
#: serverguide/C/network-config.xml:731(para)
12395
15714
msgid ""
12396
15715
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12397
15716
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12407
15726
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12408
15727
msgstr ""
12409
15728
12410
#: serverguide/C/network-config.xml:722(para)
15729
#: serverguide/C/network-config.xml:745(para)
12411
15730
msgid ""
12412
15731
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12413
15732
"Address are typically specified via the appropriate directives in the file "
12419
15738
"typed at a terminal prompt:"
12420
15739
msgstr ""
12421
15740
12422
#: serverguide/C/network-config.xml:729(para)
15741
#: serverguide/C/network-config.xml:752(para)
12423
15742
msgid ""
12424
15743
"Access the system manual page for <filename>interfaces</filename> with the "
12425
15744
"following command:"
12426
15745
msgstr ""
12427
15746
12428
#: serverguide/C/network-config.xml:734(command)
15747
#: serverguide/C/network-config.xml:757(command)
12429
15748
msgid "man interfaces"
12430
15749
msgstr ""
12431
15750
12432
#: serverguide/C/network-config.xml:737(para)
15751
#: serverguide/C/network-config.xml:760(para)
12433
15752
msgid ""
12434
15753
"Access the system manual page for <filename>resolv.conf</filename> with the "
12435
15754
"following command:"
12436
15755
msgstr ""
12437
15756
12438
#: serverguide/C/network-config.xml:741(command)
15757
#: serverguide/C/network-config.xml:765(command)
12439
15758
msgid "man resolv.conf"
12440
15759
msgstr ""
12441
15760
12442
#: serverguide/C/network-config.xml:646(para)
15761
#: serverguide/C/network-config.xml:669(para)
12443
15762
msgid ""
12444
15763
"The common configuration elements of TCP/IP and their purposes are as "
12445
15764
"follows: <placeholder-1/>"
12446
15765
msgstr ""
12447
15766
12448
#: serverguide/C/network-config.xml:748(title)
15767
#: serverguide/C/network-config.xml:773(title)
12449
15768
msgid "IP Routing"
12450
15769
msgstr ""
12451
15770
12452
#: serverguide/C/network-config.xml:749(para)
15771
#: serverguide/C/network-config.xml:774(para)
12453
15772
msgid ""
12454
15773
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12455
15774
"network along which network data may be sent. Routing uses a set of "
12460
15779
"<emphasis>Dynamic Routing.</emphasis>"
12461
15780
msgstr ""
12462
15781
12463
#: serverguide/C/network-config.xml:758(para)
15782
#: serverguide/C/network-config.xml:783(para)
12464
15783
msgid ""
12465
15784
"Static routing involves manually adding IP routes to the system's routing "
12466
15785
"table, and this is usually done by manipulating the routing table with the "
12475
15794
"and failures along the route due to the fixed nature of the route."
12476
15795
msgstr ""
12477
15796
12478
#: serverguide/C/network-config.xml:768(para)
15797
#: serverguide/C/network-config.xml:793(para)
12479
15798
msgid ""
12480
15799
"Dynamic routing depends on large networks with multiple possible IP routes "
12481
15800
"from a source to a destination and makes use of special routing protocols, "
12492
15811
"immediately benefit the end users, but still consumes network bandwidth."
12493
15812
msgstr ""
12494
15813
12495
#: serverguide/C/network-config.xml:782(title)
15814
#: serverguide/C/network-config.xml:807(title)
12496
15815
msgid "TCP and UDP"
12497
15816
msgstr ""
12498
15817
12499
#: serverguide/C/network-config.xml:783(para)
15818
#: serverguide/C/network-config.xml:808(para)
12500
15819
msgid ""
12501
15820
"TCP is a connection-based protocol, offering error correction and guaranteed "
12502
15821
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12507
15826
"important information such as database transactions."
12508
15827
msgstr ""
12509
15828
12510
#: serverguide/C/network-config.xml:791(para)
15829
#: serverguide/C/network-config.xml:816(para)
12511
15830
msgid ""
12512
15831
"The User Datagram Protocol (UDP), on the other hand, is a "
12513
15832
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12518
15837
"loss of a few packets is not generally catastrophic."
12519
15838
msgstr ""
12520
15839
12521
#: serverguide/C/network-config.xml:801(title)
15840
#: serverguide/C/network-config.xml:826(title)
12522
15841
msgid "ICMP"
12523
15842
msgstr ""
12524
15843
12525
#: serverguide/C/network-config.xml:802(para)
15844
#: serverguide/C/network-config.xml:827(para)
12526
15845
msgid ""
12527
15846
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12528
15847
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12535
15854
"<emphasis>Time Exceeded</emphasis>."
12536
15855
msgstr ""
12537
15856
12538
#: serverguide/C/network-config.xml:812(title)
15857
#: serverguide/C/network-config.xml:837(title)
12539
15858
msgid "Daemons"
12540
15859
msgstr ""
12541
15860
12542
#: serverguide/C/network-config.xml:813(para)
15861
#: serverguide/C/network-config.xml:838(para)
12543
15862
msgid ""
12544
15863
"Daemons are special system applications which typically execute continuously "
12545
15864
"in the background and await requests for the functions they provide from "
12553
15872
"Daemon</emphasis> (imapd), which provides E-Mail services."
12554
15873
msgstr ""
12555
15874
12556
#: serverguide/C/network-config.xml:828(para)
15875
#: serverguide/C/network-config.xml:853(para)
12557
15876
msgid ""
12558
15877
"There are man pages for <ulink "
12559
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12560
"ulink> and <ulink "
12561
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12562
"> that contain more useful information."
15878
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man7/tcp.7.html\">TCP</u"
15879
"link> and <ulink "
15880
"url=\"http://manpages.ubuntu.com/manpages/precise/man7/ip.7.html\">IP</ulink>"
15881
" that contain more useful information."
12563
15882
msgstr ""
12564
15883
12565
#: serverguide/C/network-config.xml:834(para)
15884
#: serverguide/C/network-config.xml:859(para)
12566
15885
msgid ""
12567
15886
"Also, see the <ulink "
12568
15887
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12569
15888
"and Technical Overview</ulink> IBM Redbook."
12570
15889
msgstr ""
12571
15890
12572
#: serverguide/C/network-config.xml:840(para)
15891
#: serverguide/C/network-config.xml:865(para)
12573
15892
msgid ""
12574
15893
"Another resource is O'Reilly's <ulink "
12575
15894
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12576
15895
"Administration</ulink>."
12577
15896
msgstr ""
12578
15897
12579
#: serverguide/C/network-config.xml:849(title)
15898
#: serverguide/C/network-config.xml:874(title)
12580
15899
msgid "Dynamic Host Configuration Protocol (DHCP)"
12581
15900
msgstr ""
12582
15901
12583
#: serverguide/C/network-config.xml:850(para)
15902
#: serverguide/C/network-config.xml:875(para)
12584
15903
msgid ""
12585
15904
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12586
15905
"enables host computers to be automatically assigned settings from a server "
12589
15908
"DHCP server, and the configuration is transparent to the computer's user."
12590
15909
msgstr ""
12591
15910
12592
#: serverguide/C/network-config.xml:857(para)
15911
#: serverguide/C/network-config.xml:882(para)
12593
15912
msgid ""
12594
15913
"The most common settings provided by a DHCP server to DHCP clients include:"
12595
15914
msgstr ""
12596
15915
12597
#: serverguide/C/network-config.xml:862(para)
12598
msgid "IP-Address and Netmask"
12599
msgstr ""
12600
12601
#: serverguide/C/network-config.xml:865(para)
12602
msgid "DNS"
12603
msgstr ""
12604
12605
#: serverguide/C/network-config.xml:868(para)
12606
msgid "WINS"
12607
msgstr ""
12608
12609
#: serverguide/C/network-config.xml:871(para)
15916
#: serverguide/C/network-config.xml:887(para)
15917
msgid "IP address and netmask"
15918
msgstr ""
15919
15920
#: serverguide/C/network-config.xml:890(para)
15921
msgid "IP address of the default-gateway to use"
15922
msgstr ""
15923
15924
#: serverguide/C/network-config.xml:893(para)
15925
msgid "IP adresses of the DNS servers to use"
15926
msgstr ""
15927
15928
#: serverguide/C/network-config.xml:896(para)
12610
15929
msgid ""
12611
15930
"However, a DHCP server can also supply configuration properties such as:"
12612
15931
msgstr ""
12613
15932
12614
#: serverguide/C/network-config.xml:876(para)
15933
#: serverguide/C/network-config.xml:901(para)
12615
15934
msgid "Host Name"
12616
15935
msgstr ""
12617
15936
12618
#: serverguide/C/network-config.xml:879(para)
15937
#: serverguide/C/network-config.xml:904(para)
12619
15938
msgid "Domain Name"
12620
15939
msgstr ""
12621
15940
12622
#: serverguide/C/network-config.xml:882(para)
12623
msgid "Default Gateway"
12624
msgstr ""
12625
12626
#: serverguide/C/network-config.xml:885(para)
15941
#: serverguide/C/network-config.xml:907(para)
12627
15942
msgid "Time Server"
12628
15943
msgstr ""
12629
15944
12630
#: serverguide/C/network-config.xml:888(para)
15945
#: serverguide/C/network-config.xml:910(para)
12631
15946
msgid "Print Server"
12632
15947
msgstr ""
12633
15948
12634
#: serverguide/C/network-config.xml:891(para)
15949
#: serverguide/C/network-config.xml:913(para)
12635
15950
msgid ""
12636
15951
"The advantage of using DHCP is that changes to the network, for example a "
12637
15952
"change in the address of the DNS server, need only be changed at the DHCP "
12642
15957
"also reduced."
12643
15958
msgstr ""
12644
15959
12645
#: serverguide/C/network-config.xml:899(para)
12646
msgid "A DHCP server can provide configuration settings using two methods:"
12647
msgstr ""
12648
12649
#: serverguide/C/network-config.xml:904(term)
12650
msgid "MAC Address"
12651
msgstr ""
12652
12653
#: serverguide/C/network-config.xml:906(para)
15960
#: serverguide/C/network-config.xml:921(para)
15961
msgid ""
15962
"A DHCP server can provide configuration settings using the following methods:"
15963
msgstr ""
15964
15965
#: serverguide/C/network-config.xml:926(term)
15966
msgid "Manual allocation (MAC address)"
15967
msgstr ""
15968
15969
#: serverguide/C/network-config.xml:928(para)
12654
15970
msgid ""
12655
15971
"This method entails using DHCP to identify the unique hardware address of "
12656
15972
"each network card connected to the network and then continually supplying a "
12657
15973
"constant configuration each time the DHCP client makes a request to the DHCP "
12658
"server using that network device."
12659
msgstr ""
12660
12661
#: serverguide/C/network-config.xml:915(term)
12662
msgid "Address Pool"
12663
msgstr ""
12664
12665
#: serverguide/C/network-config.xml:917(para)
12666
msgid ""
12667
"This method entails defining a pool (sometimes also called a range or scope) "
12668
"of IP addresses from which DHCP clients are supplied their configuration "
12669
"properties dynamically and on a \"first come, first served\" basis. When a "
12670
"DHCP client is no longer on the network for a specified period, the "
12671
"configuration is expired and released back to the address pool for use by "
12672
"other DHCP Clients."
12673
msgstr ""
12674
12675
#: serverguide/C/network-config.xml:928(para)
12676
msgid ""
12677
"Ubuntu is shipped with both DHCP server and client. The server is "
12678
"<application>dhcpd</application> (dynamic host configuration protocol "
12679
"daemon). The client provided with Ubuntu is "
12680
"<application>dhclient</application> and should be installed on all computers "
12681
"required to be automatically configured. Both programs are easy to install "
12682
"and configure and will be automatically started at system boot."
12683
msgstr ""
12684
12685
#: serverguide/C/network-config.xml:938(para)
15974
"server using that network device. This ensures that a particular address is "
15975
"assigned automatically to that network card, based on it's MAC address."
15976
msgstr ""
15977
15978
#: serverguide/C/network-config.xml:939(term)
15979
msgid "Dynamic allocation (address pool)"
15980
msgstr ""
15981
15982
#: serverguide/C/network-config.xml:941(para)
15983
msgid ""
15984
"In this method, the DHCP server will assign an IP address from a pool of "
15985
"addresses (sometimes also called a range or scope) for a period of time or "
15986
"lease, that is configured on the server or until the client informs the "
15987
"server that it doesn't need the address anymore. This way, the clients will "
15988
"be receiving their configuration properties dynamically and on a \"first "
15989
"come, first served\" basis. When a DHCP client is no longer on the network "
15990
"for a specified period, the configuration is expired and released back to "
15991
"the address pool for use by other DHCP Clients. This way, an address cand be "
15992
"leased or used for a period of time. After this period, the client has to "
15993
"renegociate the lease with the server to maintain use of the address."
15994
msgstr ""
15995
15996
#: serverguide/C/network-config.xml:954(term)
15997
msgid "Automatic allocation"
15998
msgstr ""
15999
16000
#: serverguide/C/network-config.xml:956(para)
16001
msgid ""
16002
"Using this method, the DHCP automatically assigns an IP address permanently "
16003
"to a device, selecting it from a pool of available addresses. Usually DHCP "
16004
"is used to assign a temporary address to a client, but a DHCP server can "
16005
"allow an infinite lease time."
16006
msgstr ""
16007
16008
#: serverguide/C/network-config.xml:963(para)
16009
msgid ""
16010
"The last two methods can be considered “automatic” because in each case the "
16011
"DHCP server assigns an address with no extra intervention needed. The only "
16012
"difference between them is in how long the IP address is leased, in other "
16013
"words whether a client's address varies over time. Ubuntu is shipped with "
16014
"both DHCP server and client. The server is <application>dhcpd</application> "
16015
"(dynamic host configuration protocol daemon). The client provided with "
16016
"Ubuntu is <application>dhclient</application> and should be installed on all "
16017
"computers required to be automatically configured. Both programs are easy to "
16018
"install and configure and will be automatically started at system boot."
16019
msgstr ""
16020
16021
#: serverguide/C/network-config.xml:978(para)
12686
16022
msgid ""
12687
16023
"At a terminal prompt, enter the following command to install "
12688
16024
"<application>dhcpd</application>:"
12689
16025
msgstr ""
12690
16026
12691
#: serverguide/C/network-config.xml:943(command)
12692
msgid "sudo apt-get install dhcp3-server"
16027
#: serverguide/C/network-config.xml:983(command)
16028
msgid "sudo apt-get install isc-dhcp-server"
12693
16029
msgstr ""
12694
16030
12695
#: serverguide/C/network-config.xml:945(para)
16031
#: serverguide/C/network-config.xml:985(para)
12696
16032
msgid ""
12697
16033
"You will probably need to change the default configuration by editing "
12698
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
16034
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
12699
16035
msgstr ""
12700
16036
12701
#: serverguide/C/network-config.xml:949(para)
16037
#: serverguide/C/network-config.xml:989(para)
12702
16038
msgid ""
12703
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12704
"dhcpd should listen to. By default it listens to eth0."
16039
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
16040
"interfaces dhcpd should listen to."
12705
16041
msgstr ""
12706
16042
12707
#: serverguide/C/network-config.xml:953(para)
16043
#: serverguide/C/network-config.xml:993(para)
12708
16044
msgid ""
12709
16045
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12710
16046
"messages."
12711
16047
msgstr ""
12712
16048
12713
#: serverguide/C/network-config.xml:960(para)
16049
#: serverguide/C/network-config.xml:1000(para)
12714
16050
msgid ""
12715
16051
"The error message the installation ends with might be a little confusing, "
12716
16052
"but the following steps will help you configure the service:"
12717
16053
msgstr ""
12718
16054
12719
#: serverguide/C/network-config.xml:964(para)
16055
#: serverguide/C/network-config.xml:1004(para)
12720
16056
msgid ""
12721
16057
"Most commonly, what you want to do is assign an IP address randomly. This "
12722
16058
"can be done with settings as follows:"
12723
16059
msgstr ""
12724
16060
12725
#: serverguide/C/network-config.xml:968(programlisting)
16061
#: serverguide/C/network-config.xml:1008(programlisting)
12726
16062
#, no-wrap
12727
16063
msgid ""
12728
16064
"\n"
12729
"# Sample /etc/dhcpd.conf\n"
12730
"# (add your comments here) \n"
16065
"# minimal sample /etc/dhcp/dhcpd.conf\n"
12731
16066
"default-lease-time 600;\n"
12732
16067
"max-lease-time 7200;\n"
12733
"option subnet-mask 255.255.255.0;\n"
12734
"option broadcast-address 192.168.1.255;\n"
12735
"option routers 192.168.1.254;\n"
12736
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12737
"option domain-name \"mydomain.example\";\n"
12738
16068
"\n"
12739
16069
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12740
"range 192.168.1.10 192.168.1.100;\n"
12741
"range 192.168.1.150 192.168.1.200;\n"
16070
" range 192.168.1.150 192.168.1.200;\n"
16071
" option routers 192.168.1.254;\n"
16072
" option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
16073
" option domain-name \"mydomain.example\";\n"
12742
16074
"} \n"
12743
16075
msgstr ""
12744
16076
12745
#: serverguide/C/network-config.xml:984(para)
12746
msgid ""
12747
"This will result in the DHCP server giving a client an IP address from the "
12748
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12749
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12750
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12751
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12752
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12753
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12754
msgstr ""
12755
12756
#: serverguide/C/network-config.xml:993(para)
12757
msgid ""
12758
"If you need to specify a WINS server for your Windows clients, you will need "
12759
"to include the netbios-name-servers option, e.g."
12760
msgstr ""
12761
12762
#: serverguide/C/network-config.xml:997(programlisting)
12763
#, no-wrap
12764
msgid ""
12765
"\n"
12766
"option netbios-name-servers 192.168.1.1; \n"
12767
msgstr ""
12768
12769
#: serverguide/C/network-config.xml:1000(para)
12770
msgid ""
12771
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12772
"be found <ulink "
12773
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12774
msgstr ""
12775
12776
#: serverguide/C/network-config.xml:1010(para)
16077
#: serverguide/C/network-config.xml:1020(para)
16078
msgid ""
16079
"This will result in the DHCP server giving clients an IP address from the "
16080
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
16081
"seconds if the client doesn't ask for a specific time frame. Otherwise the "
16082
"maximum (allowed) lease will be 7200 seconds. The server will also "
16083
"\"advise\" the client to use 192.168.1.254 as the default-gateway and "
16084
"192.168.1.1 and 192.168.1.2 as its DNS servers."
16085
msgstr ""
16086
16087
#: serverguide/C/network-config.xml:1028(para)
16088
msgid ""
16089
"After changing the config file you have to restart the "
16090
"<application>dhcpd</application>:"
16091
msgstr ""
16092
16093
#: serverguide/C/network-config.xml:1033(command)
16094
msgid "sudo /etc/init.d/isc-dhcp-server restart"
16095
msgstr ""
16096
16097
#: serverguide/C/network-config.xml:1041(para)
12777
16098
msgid ""
12778
16099
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12779
16100
"server Ubuntu Wiki</ulink> page has more information."
12780
16101
msgstr ""
12781
16102
12782
#: serverguide/C/network-config.xml:1015(para)
12783
msgid ""
12784
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12785
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12786
"\">dhcpd.conf man page</ulink>."
12787
msgstr ""
12788
12789
#: serverguide/C/network-config.xml:1021(para)
12790
msgid ""
12791
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12792
"FAQ</ulink>"
12793
msgstr ""
12794
12795
#: serverguide/C/network-config.xml:1031(title)
16103
#: serverguide/C/network-config.xml:1046(para)
16104
msgid ""
16105
"For more <filename>/etc/dhcp/dhcpd.conf</filename> options see the <ulink "
16106
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/dhcpd.conf.5.html\""
16107
">dhcpd.conf man page</ulink>."
16108
msgstr ""
16109
16110
#: serverguide/C/network-config.xml:1053(ulink)
16111
msgid "ISC dhcp-server"
16112
msgstr ""
16113
16114
#: serverguide/C/network-config.xml:1062(title)
12796
16115
msgid "Time Synchronisation with NTP"
12797
16116
msgstr ""
12798
16117
12799
#: serverguide/C/network-config.xml:1032(para)
12800
msgid ""
12801
"This page describes methods for keeping your computer's time accurate. This "
12802
"is useful for servers, but is not necessary (or desirable) for desktop "
12803
"machines."
12804
msgstr ""
12805
12806
#: serverguide/C/network-config.xml:1035(para)
16118
#: serverguide/C/network-config.xml:1063(para)
12807
16119
msgid ""
12808
16120
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12809
16121
"client requests the current time from a server, and uses it to set its own "
12810
16122
"clock."
12811
16123
msgstr ""
12812
16124
12813
#: serverguide/C/network-config.xml:1038(para)
16125
#: serverguide/C/network-config.xml:1066(para)
12814
16126
msgid ""
12815
16127
"Behind this simple description, there is a lot of complexity - there are "
12816
16128
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12817
"clocks (often via GPS), and tier two and three servers spreading the load of "
12818
"actually handling requests across the Internet. Also the client software is "
12819
"a lot more complex than you might think - it has to factor out communication "
16129
"clocks, and tier two and three servers spreading the load of actually "
16130
"handling requests across the Internet. Also the client software is a lot "
16131
"more complex than you might think - it has to factor out communication "
12820
16132
"delays, and adjust the time in a way that does not upset all the other "
12821
16133
"processes that run on the server. But luckily all that complexity is hidden "
12822
16134
"from you!"
12823
16135
msgstr ""
12824
16136
12825
#: serverguide/C/network-config.xml:1041(para)
12826
msgid ""
12827
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
16137
#: serverguide/C/network-config.xml:1069(para)
16138
msgid "Ubuntu uses ntpdate and ntpd."
12828
16139
msgstr ""
12829
16140
12830
#: serverguide/C/network-config.xml:1046(title)
16141
#: serverguide/C/network-config.xml:1074(title)
12831
16142
msgid "ntpdate"
12832
16143
msgstr ""
12833
16144
12834
#: serverguide/C/network-config.xml:1047(para)
16145
#: serverguide/C/network-config.xml:1075(para)
12835
16146
msgid ""
12836
16147
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12837
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12838
"is likely to drift considerably between reboots, so it makes sense to "
12839
"correct the time occasionally. The easiest way to do this is to get cron to "
12840
"run ntpdate every day. With your favorite editor, as root, create a file "
12841
"<code>/etc/cron.daily/ntpdate</code> containing:"
16148
"set up your time according to Ubuntu's NTP server."
12842
16149
msgstr ""
12843
16150
12844
#: serverguide/C/network-config.xml:1052(screen)
16151
#: serverguide/C/network-config.xml:1078(programlisting)
12845
16152
#, no-wrap
12846
msgid "ntpdate ntp.ubuntu.com\n"
12847
msgstr ""
12848
12849
#: serverguide/C/network-config.xml:1054(para)
12850
16153
msgid ""
12851
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12852
msgstr ""
12853
12854
#: serverguide/C/network-config.xml:1057(screen)
12855
#, no-wrap
12856
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12857
msgstr ""
12858
12859
#: serverguide/C/network-config.xml:1061(title)
16154
"\n"
16155
"ntpdate -s ntp.ubuntu.com\n"
16156
msgstr ""
16157
16158
#: serverguide/C/network-config.xml:1084(title)
12860
16159
msgid "ntpd"
12861
16160
msgstr ""
12862
16161
12863
#: serverguide/C/network-config.xml:1062(para)
12864
msgid ""
12865
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12866
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12867
"calculates the drift of your system clock and continuously adjusts it, so "
12868
"there are no large corrections that could lead to inconsistent logs for "
12869
"instance. The cost is a little processing power and memory, but for a modern "
12870
"server this is negligible."
12871
msgstr ""
12872
12873
#: serverguide/C/network-config.xml:1065(para)
12874
msgid "To set up ntpd:"
12875
msgstr ""
12876
12877
#: serverguide/C/network-config.xml:1066(screen)
12878
#, no-wrap
12879
msgid "sudo apt-get install ntp\n"
12880
msgstr ""
12881
12882
#: serverguide/C/network-config.xml:1071(title)
12883
msgid "Changing Time Servers"
12884
msgstr ""
12885
12886
#: serverguide/C/network-config.xml:1072(para)
12887
msgid ""
12888
"In both cases above, your system will use Ubuntu's NTP server at "
12889
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12890
"use several servers to increase accuracy and resilience, and you may want to "
12891
"use time servers that are geographically closer to you. to do this for "
12892
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12893
msgstr ""
12894
12895
#: serverguide/C/network-config.xml:1079(screen)
12896
#, no-wrap
12897
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12898
msgstr ""
12899
12900
#: serverguide/C/network-config.xml:1081(para)
12901
msgid ""
12902
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12903
"lines:"
12904
msgstr ""
12905
12906
#: serverguide/C/network-config.xml:1086(screen)
12907
#, no-wrap
12908
msgid ""
12909
"server ntp.ubuntu.com\n"
12910
"server pool.ntp.org\n"
12911
msgstr ""
12912
12913
#: serverguide/C/network-config.xml:1089(para)
12914
msgid ""
12915
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12916
"really good idea which uses round-robin DNS to return an NTP server from a "
12917
"pool, spreading the load between several different servers. Even better, "
12918
"they have pools for different regions - for instance, if you are in New "
12919
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12920
"<code>pool.ntp.org</code> . Look at <ulink "
12921
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12922
"details."
12923
msgstr ""
12924
12925
#: serverguide/C/network-config.xml:1100(para)
12926
msgid ""
12927
"You can also Google for NTP servers in your region, and add these to your "
12928
"configuration. To test that a server works, just type <code>sudo ntpdate "
12929
"ntp.server.name</code> and see what happens."
12930
msgstr ""
12931
12932
#: serverguide/C/network-config.xml:1111(para)
16162
#: serverguide/C/network-config.xml:1085(para)
16163
msgid ""
16164
"The ntp daemon ntpd calculates the drift of your system clock and "
16165
"continuously adjusts it, so there are no large corrections that could lead "
16166
"to inconsistent logs for instance. The cost is a little processing power and "
16167
"memory, but for a modern server this is negligible."
16168
msgstr ""
16169
16170
#: serverguide/C/network-config.xml:1092(para)
16171
msgid "To install ntpd, from a terminal prompt enter:"
16172
msgstr ""
16173
16174
#: serverguide/C/network-config.xml:1104(para)
16175
msgid ""
16176
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
16177
"default these servers are configured:"
16178
msgstr ""
16179
16180
#: serverguide/C/network-config.xml:1109(programlisting)
16181
#, no-wrap
16182
msgid ""
16183
"\n"
16184
"# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board\n"
16185
"# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for\n"
16186
"# more information.\n"
16187
"server 0.ubuntu.pool.ntp.org\n"
16188
"server 1.ubuntu.pool.ntp.org\n"
16189
"server 2.ubuntu.pool.ntp.org\n"
16190
"server 3.ubuntu.pool.ntp.org\n"
16191
msgstr ""
16192
16193
#: serverguide/C/network-config.xml:1119(para)
16194
msgid ""
16195
"After changing the config file you have to reload the "
16196
"<application>ntpd</application>:"
16197
msgstr ""
16198
16199
#: serverguide/C/network-config.xml:1124(command)
16200
msgid "sudo /etc/init.d/ntp reload"
16201
msgstr ""
16202
16203
#: serverguide/C/network-config.xml:1128(title)
16204
msgid "View status"
16205
msgstr ""
16206
16207
#: serverguide/C/network-config.xml:1129(para)
16208
msgid "Use ntpq to see to see more info:"
16209
msgstr ""
16210
16211
#: serverguide/C/network-config.xml:1133(userinput)
16212
#, no-wrap
16213
msgid "# sudo ntpq -p"
16214
msgstr ""
16215
16216
#: serverguide/C/network-config.xml:1132(screen)
16217
#, no-wrap
16218
msgid ""
16219
"\n"
16220
"<placeholder-1/>\n"
16221
" remote refid st t when poll reach delay offset "
16222
"jitter\n"
16223
"============================================================================="
16224
"=\n"
16225
"+stratum2-2.NTP. 129.70.130.70 2 u 5 64 377 68.461 -44.274 "
16226
"110.334\n"
16227
"+ntp2.m-online.n 212.18.1.106 2 u 5 64 377 54.629 -27.318 "
16228
"78.882\n"
16229
"*145.253.66.170 .DCFa. 1 u 10 64 377 83.607 -30.159 "
16230
"68.343\n"
16231
"+stratum2-3.NTP. 129.70.130.70 2 u 5 64 357 68.795 -68.168 "
16232
"104.612\n"
16233
"+europium.canoni 193.79.237.14 2 u 63 64 337 81.534 -67.968 "
16234
"92.792\n"
16235
msgstr ""
16236
16237
#: serverguide/C/network-config.xml:1149(para)
12933
16238
msgid ""
12934
16239
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12935
16240
"Time</ulink> wiki page for more information."
12936
16241
msgstr ""
12937
16242
12938
#: serverguide/C/network-config.xml:1117(ulink)
12939
msgid "NTP Support"
12940
msgstr ""
12941
12942
#: serverguide/C/network-config.xml:1122(ulink)
12943
msgid "The NTP FAQ and HOWTO"
12944
msgstr ""
12945
12946
#: serverguide/C/network-auth.xml:13(title)
16243
#: serverguide/C/network-config.xml:1155(ulink)
16244
msgid "ntp.org, home of the Network Time Protocol project"
16245
msgstr ""
16246
16247
#: serverguide/C/network-auth.xml:14(title)
12947
16248
msgid "Network Authentication"
12948
16249
msgstr ""
12949
16250
12950
#: serverguide/C/network-auth.xml:15(para)
12951
msgid "This section explains various Network Authentication protocols."
16251
#: serverguide/C/network-auth.xml:16(para)
16252
msgid ""
16253
"This section applies LDAP to network authentication and authorization."
12952
16254
msgstr ""
12953
16255
12954
#: serverguide/C/network-auth.xml:19(title)
16256
#: serverguide/C/network-auth.xml:21(title)
12955
16257
msgid "OpenLDAP Server"
12956
16258
msgstr ""
12957
16259
12958
#: serverguide/C/network-auth.xml:20(para)
12959
msgid ""
12960
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12961
"simplified version of the X.500 protocol. The directory setup in this "
12962
"section will be used for authentication. Nevertheless, LDAP can be used in "
12963
"numerous ways: authentication, shared directory (for mail clients), address "
12964
"book, etc."
12965
msgstr ""
12966
12967
#: serverguide/C/network-auth.xml:28(para)
12968
msgid ""
12969
"To describe LDAP quickly, all information is stored in a tree structure. "
12970
"With <application>OpenLDAP</application> you have freedom to determine the "
12971
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12972
"We will begin with a basic tree containing two nodes below the root:"
12973
msgstr ""
12974
12975
#: serverguide/C/network-auth.xml:37(para)
12976
msgid "\"People\" node where your users will be stored"
12977
msgstr ""
12978
12979
#: serverguide/C/network-auth.xml:40(para)
12980
msgid "\"Groups\" node where your groups will be stored"
12981
msgstr ""
12982
12983
#: serverguide/C/network-auth.xml:44(para)
12984
msgid ""
12985
"Before beginning, you should determine what the root of your LDAP directory "
12986
"will be. By default, your tree will be determined by your Fully Qualified "
12987
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12988
"example), your root node will be dc=example,dc=com."
12989
msgstr ""
12990
12991
#: serverguide/C/network-auth.xml:54(para)
12992
msgid ""
12993
"First, install the <application>OpenLDAP</application> server daemon "
12994
"<application>slapd</application> and <application>ldap-utils</application>, "
12995
"a package containing LDAP management utilities:"
12996
msgstr ""
12997
12998
#: serverguide/C/network-auth.xml:60(command)
12999
msgid "sudo apt-get install slapd ldap-utils"
13000
msgstr ""
13001
13002
#: serverguide/C/network-auth.xml:63(para)
13003
msgid ""
13004
"By default <application>slapd</application> is configured with minimal "
13005
"options needed to run the <application>slapd</application> daemon."
16260
#: serverguide/C/network-auth.xml:23(para)
16261
msgid ""
16262
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
16263
"querying and modifying a X.500-based directory service running over TCP/IP. "
16264
"The current LDAP version is LDAPv3, as defined in <ulink "
16265
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the LDAP "
16266
"implementation used in Ubuntu is OpenLDAP, currently at version 2.4.25 "
16267
"(Oneiric)."
16268
msgstr ""
16269
16270
#: serverguide/C/network-auth.xml:29(para)
16271
msgid ""
16272
"So this protocol accesses LDAP directories. Here are some key concepts and "
16273
"terms:"
16274
msgstr ""
16275
16276
#: serverguide/C/network-auth.xml:36(para)
16277
msgid ""
16278
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
16279
"hierarchical in nature and is called the Directory Information Tree (DIT)."
16280
msgstr ""
16281
16282
#: serverguide/C/network-auth.xml:43(para)
16283
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
16284
msgstr ""
16285
16286
#: serverguide/C/network-auth.xml:49(para)
16287
msgid ""
16288
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
16289
"more <emphasis>values</emphasis>."
16290
msgstr ""
16291
16292
#: serverguide/C/network-auth.xml:55(para)
16293
msgid ""
16294
"Every attribute must be defined in at least one "
16295
"<emphasis>objectClass</emphasis>."
16296
msgstr ""
16297
16298
#: serverguide/C/network-auth.xml:61(para)
16299
msgid ""
16300
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
16301
"objectclass is actually considered as a special kind of attribute)."
13006
16302
msgstr ""
13007
16303
13008
16304
#: serverguide/C/network-auth.xml:68(para)
13009
16305
msgid ""
13010
"The configuration example in the following sections will match the domain "
13011
"name of the server. For example, if the machine's Fully Qualified Domain "
13012
"Name (FQDN) is ldap.example.com, the default suffix will be "
16306
"Each entry has a unique identifier: it's <emphasis>Distinguished "
16307
"Name</emphasis> (DN or dn). This consists of it's <emphasis>Relative "
16308
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
16309
msgstr ""
16310
16311
#: serverguide/C/network-auth.xml:75(para)
16312
msgid ""
16313
"The entry's DN is not an attribute. It is not considered part of the entry "
16314
"itself."
16315
msgstr ""
16316
16317
#: serverguide/C/network-auth.xml:83(para)
16318
msgid ""
16319
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
16320
"<emphasis>node</emphasis> have certain connotations but they all essentially "
16321
"mean the same thing as <emphasis>entry</emphasis>, the technically correct "
16322
"term."
16323
msgstr ""
16324
16325
#: serverguide/C/network-auth.xml:89(para)
16326
msgid ""
16327
"For example, below we have a single entry consisting of 11 attributes. It's "
16328
"DN is \"cn=John Doe,dc=example,dc=com\"; it's RDN is \"cn=John Doe\"; and "
16329
"it's parent DN is \"dc=example,dc=com\"."
16330
msgstr ""
16331
16332
#: serverguide/C/network-auth.xml:94(programlisting)
16333
#, no-wrap
16334
msgid ""
16335
"\n"
16336
" dn: cn=John Doe,dc=example,dc=com\n"
16337
" cn: John Doe\n"
16338
" givenName: John\n"
16339
" sn: Doe\n"
16340
" telephoneNumber: +1 888 555 6789\n"
16341
" telephoneNumber: +1 888 555 1232\n"
16342
" mail: john@example.com\n"
16343
" manager: cn=Larry Smith,dc=example,dc=com\n"
16344
" objectClass: inetOrgPerson\n"
16345
" objectClass: organizationalPerson\n"
16346
" objectClass: person\n"
16347
" objectClass: top\n"
16348
msgstr ""
16349
16350
#: serverguide/C/network-auth.xml:109(para)
16351
msgid ""
16352
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
16353
"Interchange Format). Any information that you feed into your DIT must also "
16354
"be in such a format. It is defined in <ulink "
16355
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
16356
msgstr ""
16357
16358
#: serverguide/C/network-auth.xml:114(para)
16359
msgid ""
16360
"Although this guide will describe how to use it for central authentication, "
16361
"LDAP is good for anything that involves a large number of access requests to "
16362
"a mostly-read, attribute-based (name:value) backend. Examples include an "
16363
"address book, a list of email addresses, and a mail server's configuration."
16364
msgstr ""
16365
16366
#: serverguide/C/network-auth.xml:123(para)
16367
msgid ""
16368
"Install the OpenLDAP server daemon and the traditional LDAP management "
16369
"utilities. These are found in packages <application>slapd</application> and "
16370
"<application>ldap-utils</application> respectively."
16371
msgstr ""
16372
16373
#: serverguide/C/network-auth.xml:128(para)
16374
msgid ""
16375
"The installation of slapd will create a working configuration. In "
16376
"particular, it will create a database instance that you can use to store "
16377
"your data. However, the suffix (or base DN) of this instance will be "
16378
"determined from the domain name of the localhost. If you want something "
16379
"different, edit <filename>/etc/hosts</filename> and replace the domain name "
16380
"with one that will give you the suffix you desire. For instance, if you want "
16381
"a suffix of <emphasis>dc=example,dc=com</emphasis> then your file would have "
16382
"a line similar to this:"
16383
msgstr ""
16384
16385
#: serverguide/C/network-auth.xml:136(programlisting)
16386
#, no-wrap
16387
msgid ""
16388
"\n"
16389
"127.0.1.1 hostname.example.com\thostname\n"
16390
msgstr ""
16391
16392
#: serverguide/C/network-auth.xml:140(para)
16393
msgid "You can revert the change after package installation."
16394
msgstr ""
16395
16396
#: serverguide/C/network-auth.xml:145(para)
16397
msgid ""
16398
"This guide will use a database suffix of "
13013
16399
"<emphasis>dc=example,dc=com</emphasis>."
13014
16400
msgstr ""
13015
16401
13016
#: serverguide/C/network-auth.xml:76(title)
13017
msgid "Populating LDAP"
13018
msgstr ""
13019
13020
#: serverguide/C/network-auth.xml:78(para)
13021
msgid ""
13022
"<application>OpenLDAP</application> uses a separate directory which contains "
13023
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13024
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13025
"<application>slapd</application> daemon, allowing the modification of schema "
13026
"definitions, indexes, ACLs, etc without stopping the service."
13027
msgstr ""
13028
13029
#: serverguide/C/network-auth.xml:86(para)
13030
msgid ""
13031
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13032
"configuration and will need additional configuration options in order to "
13033
"populate the frontend directory. The frontend will be populated with a "
13034
"\"classical\" scheme that will be compatible with address book applications "
13035
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13036
"various applications, such as web applications, email Mail Transfer Agent "
13037
"(MTA) applications, etc."
13038
msgstr ""
13039
13040
#: serverguide/C/network-auth.xml:95(para)
13041
msgid ""
13042
"For external applications to authenticate using LDAP they will each need to "
13043
"be specifically configured to do so. Refer to the individual application "
13044
"documentation for details."
13045
msgstr ""
13046
13047
#: serverguide/C/network-auth.xml:103(para)
13048
msgid ""
13049
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13050
"examples to match your LDAP configuration."
13051
msgstr ""
13052
13053
#: serverguide/C/network-auth.xml:108(para)
13054
msgid ""
13055
"First, some additional schema files need to be loaded. In a terminal enter:"
13056
msgstr ""
13057
13058
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13059
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13060
msgstr ""
13061
13062
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13063
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13064
msgstr ""
13065
13066
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13067
msgid ""
13068
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13069
msgstr ""
13070
13071
#: serverguide/C/network-auth.xml:118(para)
13072
msgid ""
13073
"Next, copy the following example LDIF file, naming it "
13074
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13075
msgstr ""
13076
13077
#: serverguide/C/network-auth.xml:123(programlisting)
13078
#, no-wrap
13079
msgid ""
13080
"\n"
13081
"# Load dynamic backend modules\n"
13082
"dn: cn=module,cn=config\n"
13083
"objectClass: olcModuleList\n"
13084
"cn: module\n"
13085
"olcModulepath: /usr/lib/ldap\n"
13086
"olcModuleload: back_hdb\n"
13087
"\n"
13088
"# Database settings\n"
13089
"dn: olcDatabase=hdb,cn=config\n"
13090
"objectClass: olcDatabaseConfig\n"
13091
"objectClass: olcHdbConfig\n"
13092
"olcDatabase: {1}hdb\n"
13093
"olcSuffix: dc=example,dc=com\n"
13094
"olcDbDirectory: /var/lib/ldap\n"
13095
"olcRootDN: cn=admin,dc=example,dc=com\n"
13096
"olcRootPW: secret\n"
13097
"olcDbConfig: set_cachesize 0 2097152 0\n"
13098
"olcDbConfig: set_lk_max_objects 1500\n"
13099
"olcDbConfig: set_lk_max_locks 1500\n"
13100
"olcDbConfig: set_lk_max_lockers 1500\n"
13101
"olcDbIndex: objectClass eq\n"
13102
"olcLastMod: TRUE\n"
13103
"olcDbCheckpoint: 512 30\n"
13104
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13105
"by anonymous auth by self write by * none\n"
13106
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13107
"olcAccess: to dn.base=\"\" by * read\n"
13108
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13109
"\n"
13110
msgstr ""
13111
13112
#: serverguide/C/network-auth.xml:155(para)
13113
msgid ""
13114
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13115
msgstr ""
13116
13117
#: serverguide/C/network-auth.xml:160(para)
13118
msgid "Now add the LDIF to the directory:"
13119
msgstr ""
13120
13121
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13122
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13123
msgstr ""
13124
13125
#: serverguide/C/network-auth.xml:168(para)
13126
msgid ""
13127
"The frontend directory is now ready to be populated. Create a "
13128
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13129
msgstr ""
13130
13131
#: serverguide/C/network-auth.xml:173(programlisting)
13132
#, no-wrap
13133
msgid ""
13134
"\n"
13135
"# Create top-level object in domain\n"
16402
#: serverguide/C/network-auth.xml:150(para)
16403
msgid "Proceed with the install:"
16404
msgstr ""
16405
16406
#: serverguide/C/network-auth.xml:155(command)
16407
msgid "sudo apt-get install slapd ldap-utils"
16408
msgstr ""
16409
16410
#: serverguide/C/network-auth.xml:158(para)
16411
msgid ""
16412
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
16413
"dedicating a separate DIT for that purpose. This allows one to dynamically "
16414
"configure slapd without the need to restart the service. This configuration "
16415
"database consists of a collection of text-based LDIF files located under "
16416
"<filename>/etc/ldap/slapd.d</filename>. This way of working is known by "
16417
"several names: the slapd-config method, the RTC method (Real Time "
16418
"Configuration), or the cn=config method. You can still use the traditional "
16419
"flat-file method (slapd.conf) but it's not recommended; the functionality "
16420
"will be eventually phased out."
16421
msgstr ""
16422
16423
#: serverguide/C/network-auth.xml:167(para)
16424
msgid ""
16425
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
16426
"configuration and this guide reflects that."
16427
msgstr ""
16428
16429
#: serverguide/C/network-auth.xml:173(para)
16430
msgid ""
16431
"During the install you were prompted to define administrative credentials. "
16432
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
16433
"database instance. By default, this user's DN is "
16434
"<emphasis>cn=admin,dc=example,dc=com</emphasis>. Also by default, there is "
16435
"no administrative account created for the slapd-config database and you will "
16436
"therefore need to authenticate externally to LDAP in order to access it. We "
16437
"will see how to do this later on."
16438
msgstr ""
16439
16440
#: serverguide/C/network-auth.xml:180(para)
16441
msgid ""
16442
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
16443
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
16444
"schema to work."
16445
msgstr ""
16446
16447
#: serverguide/C/network-auth.xml:188(title)
16448
msgid "Post-install Inspection"
16449
msgstr ""
16450
16451
#: serverguide/C/network-auth.xml:190(para)
16452
msgid ""
16453
"The installation process set up 2 DITs. One for slapd-config and one for "
16454
"your own data (dc=example,dc=com). Let's take a look."
16455
msgstr ""
16456
16457
#: serverguide/C/network-auth.xml:197(para)
16458
msgid ""
16459
"This is what the slapd-config database/DIT looks like. Recall that this "
16460
"database is LDIF-based and lives under "
16461
"<filename>/etc/ldap/slapd.d</filename>:"
16462
msgstr ""
16463
16464
#: serverguide/C/network-auth.xml:203(computeroutput)
16465
#, no-wrap
16466
msgid ""
16467
"\n"
16468
" /etc/ldap/slapd.d/\n"
16469
"\n"
16470
"\t├── cn=config\n"
16471
"\t│ ├── cn=module{0}.ldif\n"
16472
"\t│ ├── cn=schema\n"
16473
"\t│ │ ├── cn={0}core.ldif\n"
16474
"\t│ │ ├── cn={1}cosine.ldif\n"
16475
"\t│ │ ├── cn={2}nis.ldif\n"
16476
"\t│ │ └── cn={3}inetorgperson.ldif\n"
16477
"\t│ ├── cn=schema.ldif\n"
16478
"\t│ ├── olcBackend={0}hdb.ldif\n"
16479
"\t│ ├── olcDatabase={0}config.ldif\n"
16480
"\t│ ├── olcDatabase={-1}frontend.ldif\n"
16481
"\t│ └── olcDatabase={1}hdb.ldif\n"
16482
"\t└── cn=config.ldif\n"
16483
msgstr ""
16484
16485
#: serverguide/C/network-auth.xml:223(para)
16486
msgid ""
16487
"Do not edit the slapd-config database directly. Make changes via the LDAP "
16488
"protocol (utilities)."
16489
msgstr ""
16490
16491
#: serverguide/C/network-auth.xml:231(para)
16492
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
16493
msgstr ""
16494
16495
#: serverguide/C/network-auth.xml:236(command)
16496
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
16497
msgstr ""
16498
16499
#: serverguide/C/network-auth.xml:237(computeroutput)
16500
#, no-wrap
16501
msgid ""
16502
"\n"
16503
"dn: cn=config\n"
16504
"\n"
16505
"dn: cn=module{0},cn=config\n"
16506
"\n"
16507
"dn: cn=schema,cn=config\n"
16508
"\n"
16509
"dn: cn={0}core,cn=schema,cn=config\n"
16510
"\n"
16511
"dn: cn={1}cosine,cn=schema,cn=config\n"
16512
"\n"
16513
"dn: cn={2}nis,cn=schema,cn=config\n"
16514
"\n"
16515
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
16516
"\n"
16517
"dn: olcBackend={0}hdb,cn=config\n"
16518
"\n"
16519
"dn: olcDatabase={-1}frontend,cn=config\n"
16520
"\n"
16521
"dn: olcDatabase={0}config,cn=config\n"
16522
"\n"
16523
"dn: olcDatabase={1}hdb,cn=config\n"
16524
msgstr ""
16525
16526
#: serverguide/C/network-auth.xml:262(para) serverguide/C/network-auth.xml:353(para)
16527
msgid "Explanation of entries:"
16528
msgstr ""
16529
16530
#: serverguide/C/network-auth.xml:269(para)
16531
msgid "<emphasis>cn=config</emphasis>: global settings"
16532
msgstr ""
16533
16534
#: serverguide/C/network-auth.xml:275(para)
16535
msgid ""
16536
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
16537
msgstr ""
16538
16539
#: serverguide/C/network-auth.xml:281(para)
16540
msgid ""
16541
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
16542
"schema"
16543
msgstr ""
16544
16545
#: serverguide/C/network-auth.xml:287(para)
16546
msgid ""
16547
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
16548
"schema"
16549
msgstr ""
16550
16551
#: serverguide/C/network-auth.xml:293(para)
16552
msgid ""
16553
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
16554
msgstr ""
16555
16556
#: serverguide/C/network-auth.xml:299(para)
16557
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
16558
msgstr ""
16559
16560
#: serverguide/C/network-auth.xml:305(para)
16561
msgid ""
16562
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
16563
"inetorgperson schema"
16564
msgstr ""
16565
16566
#: serverguide/C/network-auth.xml:311(para)
16567
msgid ""
16568
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
16569
"type"
16570
msgstr ""
16571
16572
#: serverguide/C/network-auth.xml:317(para)
16573
msgid ""
16574
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
16575
"default settings for other databases"
16576
msgstr ""
16577
16578
#: serverguide/C/network-auth.xml:323(para)
16579
msgid ""
16580
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
16581
"database (cn=config)"
16582
msgstr ""
16583
16584
#: serverguide/C/network-auth.xml:329(para)
16585
msgid ""
16586
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
16587
"(dc=examle,dc=com)"
16588
msgstr ""
16589
16590
#: serverguide/C/network-auth.xml:340(para)
16591
msgid "This is what the dc=example,dc=com DIT looks like:"
16592
msgstr ""
16593
16594
#: serverguide/C/network-auth.xml:345(command)
16595
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
16596
msgstr ""
16597
16598
#: serverguide/C/network-auth.xml:346(computeroutput)
16599
#, no-wrap
16600
msgid ""
16601
"\n"
13136
16602
"dn: dc=example,dc=com\n"
13137
"objectClass: top\n"
13138
"objectClass: dcObject\n"
13139
"objectclass: organization\n"
13140
"o: Example Organization\n"
13141
"dc: Example\n"
13142
"description: LDAP Example \n"
13143
16603
"\n"
13144
"# Admin user.\n"
13145
16604
"dn: cn=admin,dc=example,dc=com\n"
13146
"objectClass: simpleSecurityObject\n"
13147
"objectClass: organizationalRole\n"
13148
"cn: admin\n"
13149
"description: LDAP administrator\n"
13150
"userPassword: secret\n"
13151
"\n"
13152
"dn: ou=people,dc=example,dc=com\n"
13153
"objectClass: organizationalUnit\n"
13154
"ou: people\n"
13155
"\n"
13156
"dn: ou=groups,dc=example,dc=com\n"
13157
"objectClass: organizationalUnit\n"
13158
"ou: groups\n"
13159
"\n"
13160
"dn: uid=john,ou=people,dc=example,dc=com\n"
16605
msgstr ""
16606
16607
#: serverguide/C/network-auth.xml:360(para)
16608
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
16609
msgstr ""
16610
16611
#: serverguide/C/network-auth.xml:366(para)
16612
msgid ""
16613
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
16614
"this DIT (set up during package install)"
16615
msgstr ""
16616
16617
#: serverguide/C/network-auth.xml:380(title)
16618
msgid "Modifying/Populating your Database"
16619
msgstr ""
16620
16621
#: serverguide/C/network-auth.xml:382(para)
16622
msgid ""
16623
"Let's introduce some content to our database. We will add the following:"
16624
msgstr ""
16625
16626
#: serverguide/C/network-auth.xml:389(para)
16627
msgid "a node called <emphasis>People</emphasis> (to store users)"
16628
msgstr ""
16629
16630
#: serverguide/C/network-auth.xml:395(para)
16631
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
16632
msgstr ""
16633
16634
#: serverguide/C/network-auth.xml:401(para)
16635
msgid "a group called <emphasis>miners</emphasis>"
16636
msgstr ""
16637
16638
#: serverguide/C/network-auth.xml:407(para)
16639
msgid "a user called <emphasis>john</emphasis>"
16640
msgstr ""
16641
16642
#: serverguide/C/network-auth.xml:414(para)
16643
msgid ""
16644
"Create the following LDIF file and call it "
16645
"<filename>add_content.ldif</filename>:"
16646
msgstr ""
16647
16648
#: serverguide/C/network-auth.xml:418(programlisting)
16649
#, no-wrap
16650
msgid ""
16651
"\n"
16652
"dn: ou=People,dc=example,dc=com\n"
16653
"objectClass: organizationalUnit\n"
16654
"ou: People\n"
16655
"\n"
16656
"dn: ou=Groups,dc=example,dc=com\n"
16657
"objectClass: organizationalUnit\n"
16658
"ou: Groups\n"
16659
"\n"
16660
"dn: cn=miners,ou=Groups,dc=example,dc=com\n"
16661
"objectClass: posixGroup\n"
16662
"cn: miners\n"
16663
"gidNumber: 5000\n"
16664
"\n"
16665
"dn: uid=john,ou=People,dc=example,dc=com\n"
13161
16666
"objectClass: inetOrgPerson\n"
13162
16667
"objectClass: posixAccount\n"
13163
16668
"objectClass: shadowAccount\n"
13166
16671
"givenName: John\n"
13167
16672
"cn: John Doe\n"
13168
16673
"displayName: John Doe\n"
13169
"uidNumber: 1000\n"
13170
"gidNumber: 10000\n"
13171
"userPassword: password\n"
16674
"uidNumber: 10000\n"
16675
"gidNumber: 5000\n"
16676
"userPassword: johnldap\n"
13172
16677
"gecos: John Doe\n"
13173
16678
"loginShell: /bin/bash\n"
13174
16679
"homeDirectory: /home/john\n"
13175
"shadowExpire: -1\n"
13176
"shadowFlag: 0\n"
13177
"shadowWarning: 7\n"
13178
"shadowMin: 8\n"
13179
"shadowMax: 999999\n"
13180
"shadowLastChange: 10877\n"
13181
"mail: john.doe@example.com\n"
13182
"postalCode: 31000\n"
13183
"l: Toulouse\n"
13184
"o: Example\n"
13185
"mobile: +33 (0)6 xx xx xx xx\n"
13186
"homePhone: +33 (0)5 xx xx xx xx\n"
13187
"title: System Administrator\n"
13188
"postalAddress: \n"
13189
"initials: JD\n"
13190
"\n"
13191
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13192
"objectClass: posixGroup\n"
13193
"cn: example\n"
13194
"gidNumber: 10000\n"
13195
msgstr ""
13196
13197
#: serverguide/C/network-auth.xml:236(para)
13198
msgid ""
13199
"In this example the directory structure, a user, and a group have been "
13200
"setup. In other examples you might see the <emphasis>objectClass: "
13201
"top</emphasis> added in every entry, but that is the default behaviour so "
13202
"you do not have to add it explicitly."
13203
msgstr ""
13204
13205
#: serverguide/C/network-auth.xml:243(para)
13206
msgid "Add the entries to the LDAP directory:"
13207
msgstr ""
13208
13209
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13210
msgid ""
13211
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13212
msgstr ""
13213
13214
#: serverguide/C/network-auth.xml:252(para)
13215
msgid ""
13216
"We can check that the content has been correctly added with the "
13217
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13218
"directory:"
13219
msgstr ""
13220
13221
#: serverguide/C/network-auth.xml:258(command)
13222
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13223
msgstr ""
13224
13225
#: serverguide/C/network-auth.xml:259(computeroutput)
13226
#, no-wrap
13227
msgid ""
13228
"\n"
13229
"dn: uid=john,ou=people,dc=example,dc=com\n"
13230
"cn: John Doe\n"
13231
"sn: Doe\n"
13232
"givenName: John\n"
13233
msgstr ""
13234
13235
#: serverguide/C/network-auth.xml:267(para)
13236
msgid "Just a quick explanation:"
13237
msgstr ""
13238
13239
#: serverguide/C/network-auth.xml:273(para)
13240
msgid ""
13241
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13242
"the default."
13243
msgstr ""
13244
13245
#: serverguide/C/network-auth.xml:279(para)
13246
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13247
msgstr ""
13248
13249
#: serverguide/C/network-auth.xml:287(title)
13250
msgid "Further Configuration"
13251
msgstr ""
13252
13253
#: serverguide/C/network-auth.xml:290(para)
13254
msgid ""
13255
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13256
"utilities in the <application>ldap-utils</application> package. For example:"
13257
msgstr ""
13258
13259
#: serverguide/C/network-auth.xml:298(para)
13260
msgid ""
13261
"Use <application>ldapsearch</application> to view the tree, entering the "
13262
"admin password set during installation or reconfiguration:"
13263
msgstr ""
13264
13265
#: serverguide/C/network-auth.xml:304(command)
13266
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13267
msgstr ""
13268
13269
#: serverguide/C/network-auth.xml:308(computeroutput)
13270
#, no-wrap
13271
msgid ""
13272
"\n"
13273
"SASL/EXTERNAL authentication started\n"
13274
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13275
"SASL SSF: 0\n"
13276
"dn: cn=config\n"
13277
"\n"
13278
"dn: cn=module{0},cn=config\n"
13279
"\n"
13280
"dn: cn=schema,cn=config\n"
13281
"\n"
13282
"dn: cn={0}core,cn=schema,cn=config\n"
13283
"\n"
13284
"dn: cn={1}cosine,cn=schema,cn=config\n"
13285
"\n"
13286
"dn: cn={2}nis,cn=schema,cn=config\n"
13287
"\n"
13288
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13289
"\n"
13290
"dn: olcDatabase={-1}frontend,cn=config\n"
13291
"\n"
13292
"dn: olcDatabase={0}config,cn=config\n"
13293
"\n"
13294
"dn: olcDatabase={1}hdb,cn=config\n"
13295
msgstr ""
13296
13297
#: serverguide/C/network-auth.xml:334(para)
13298
msgid ""
13299
"The output above is the current configuration options for the "
13300
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13301
msgstr ""
13302
13303
#: serverguide/C/network-auth.xml:342(para)
13304
msgid ""
13305
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13306
"another attribute to the index list using "
13307
"<application>ldapmodify</application>:"
13308
msgstr ""
13309
13310
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13311
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13312
msgstr ""
13313
13314
#: serverguide/C/network-auth.xml:356(userinput)
13315
#, no-wrap
13316
msgid ""
13317
"dn: olcDatabase={1}hdb,cn=config\n"
13318
"add: olcDbIndex\n"
13319
"olcDbIndex: uidNumber eq"
13320
msgstr ""
13321
13322
#: serverguide/C/network-auth.xml:352(computeroutput)
13323
#, no-wrap
13324
msgid ""
13325
"\n"
13326
"SASL/EXTERNAL authentication started\n"
13327
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13328
"SASL SSF: 0\n"
13329
"<placeholder-1/>\n"
13330
"\n"
13331
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13332
msgstr ""
13333
13334
#: serverguide/C/network-auth.xml:364(para)
13335
msgid ""
13336
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13337
"exit the utility."
13338
msgstr ""
13339
13340
#: serverguide/C/network-auth.xml:371(para)
13341
msgid ""
13342
"<application>ldapmodify</application> can also read the changes from a file. "
13343
"Copy and paste the following into a file named "
13344
"<filename>uid_index.ldif</filename>:"
13345
msgstr ""
13346
13347
#: serverguide/C/network-auth.xml:376(programlisting)
13348
#, no-wrap
13349
msgid ""
13350
"\n"
13351
"dn: olcDatabase={1}hdb,cn=config\n"
13352
"add: olcDbIndex\n"
13353
"olcDbIndex: uid eq,pres,sub\n"
13354
msgstr ""
13355
13356
#: serverguide/C/network-auth.xml:382(para)
13357
msgid "Then execute <application>ldapmodify</application>:"
13358
msgstr ""
13359
13360
#: serverguide/C/network-auth.xml:387(command)
13361
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13362
msgstr ""
13363
13364
#: serverguide/C/network-auth.xml:391(computeroutput)
13365
#, no-wrap
13366
msgid ""
13367
"\n"
13368
"SASL/EXTERNAL authentication started\n"
13369
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13370
"SASL SSF: 0\n"
13371
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13372
msgstr ""
13373
13374
#: serverguide/C/network-auth.xml:399(para)
13375
msgid "The file method is very useful for large changes."
13376
msgstr ""
13377
13378
#: serverguide/C/network-auth.xml:406(para)
13379
msgid ""
13380
"Adding additional <emphasis>schemas</emphasis> to "
13381
"<application>slapd</application> requires the schema to be converted to LDIF "
13382
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13383
"directory contains some schema files already converted to LDIF format as "
13384
"demonstrated in the previous section. Fortunately, the "
13385
"<application>slapd</application> program can be used to automate the "
13386
"conversion. The following example will add the "
13387
"<emphasis>dyngroup.schema</emphasis>:"
13388
msgstr ""
13389
13390
#: serverguide/C/network-auth.xml:416(para)
13391
msgid ""
13392
"First, create a conversion <filename>schema_convert.conf</filename> file "
13393
"containing the following lines:"
13394
msgstr ""
13395
13396
#: serverguide/C/network-auth.xml:421(programlisting)
13397
#, no-wrap
13398
msgid ""
13399
"\n"
13400
"include /etc/ldap/schema/core.schema\n"
13401
"include /etc/ldap/schema/collective.schema\n"
13402
"include /etc/ldap/schema/corba.schema\n"
13403
"include /etc/ldap/schema/cosine.schema\n"
13404
"include /etc/ldap/schema/duaconf.schema\n"
13405
"include /etc/ldap/schema/dyngroup.schema\n"
13406
"include /etc/ldap/schema/inetorgperson.schema\n"
13407
"include /etc/ldap/schema/java.schema\n"
13408
"include /etc/ldap/schema/misc.schema\n"
13409
"include /etc/ldap/schema/nis.schema\n"
13410
"include /etc/ldap/schema/openldap.schema\n"
13411
"include /etc/ldap/schema/ppolicy.schema\n"
13412
msgstr ""
13413
13414
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13415
msgid "Next, create a temporary directory to hold the output:"
13416
msgstr ""
13417
13418
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13419
msgid "mkdir /tmp/ldif_output"
13420
16680
msgstr ""
13421
16681
13422
16682
#: serverguide/C/network-auth.xml:450(para)
13423
16683
msgid ""
13424
"Now using <application>slapcat</application> convert the schema files to "
13425
"LDIF:"
13426
msgstr ""
13427
13428
#: serverguide/C/network-auth.xml:455(command)
13429
msgid ""
13430
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13431
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
16684
"It's important that uid and gid values in your directory do not collide with "
16685
"local values. Use high number ranges, such as starting at 5000. By setting "
16686
"the uid and gid values in ldap high, you also allow for easier control of "
16687
"what can be done with a local user vs a ldap one. More on that later."
13432
16688
msgstr ""
13433
16689
13434
16690
#: serverguide/C/network-auth.xml:458(para)
13435
msgid ""
13436
"Adjust the configuration file name and temporary directory names if yours "
13437
"are different. Also, it may be worthwhile to keep the "
13438
"<filename>ldif_output</filename> directory around in case you want to add "
13439
"additional schemas in the future."
13440
msgstr ""
13441
13442
#: serverguide/C/network-auth.xml:467(para)
13443
msgid ""
13444
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13445
"following attributes:"
13446
msgstr ""
13447
13448
#: serverguide/C/network-auth.xml:471(programlisting)
13449
#, no-wrap
13450
msgid ""
13451
"\n"
13452
"dn: cn=dyngroup,cn=schema,cn=config\n"
16691
msgid "Add the content:"
16692
msgstr ""
16693
16694
#: serverguide/C/network-auth.xml:463(command)
16695
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
16696
msgstr ""
16697
16698
#: serverguide/C/network-auth.xml:465(application)
16699
msgid "********"
16700
msgstr ""
16701
16702
#: serverguide/C/network-auth.xml:464(computeroutput)
16703
#, no-wrap
16704
msgid ""
16705
"\n"
16706
"Enter LDAP Password: <placeholder-1/>\n"
16707
"adding new entry \"ou=People,dc=example,dc=com\"\n"
16708
"\n"
16709
"adding new entry \"ou=Groups,dc=example,dc=com\"\n"
16710
"\n"
16711
"adding new entry \"cn=miners,ou=Groups,dc=example,dc=com\"\n"
16712
"\n"
16713
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
16714
msgstr ""
16715
16716
#: serverguide/C/network-auth.xml:476(para)
16717
msgid ""
16718
"We can check that the information has been correctly added with the "
16719
"<application>ldapsearch</application> utility:"
16720
msgstr ""
16721
16722
#: serverguide/C/network-auth.xml:481(command)
16723
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
16724
msgstr ""
16725
16726
#: serverguide/C/network-auth.xml:482(computeroutput)
16727
#, no-wrap
16728
msgid ""
16729
"\n"
16730
"dn: uid=john,ou=People,dc=example,dc=com\n"
16731
"cn: John Doe\n"
16732
"gidNumber: 5000\n"
16733
msgstr ""
16734
16735
#: serverguide/C/network-auth.xml:489(para)
16736
msgid "Explanation of switches:"
16737
msgstr ""
16738
16739
#: serverguide/C/network-auth.xml:496(para)
16740
msgid ""
16741
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
16742
"method"
16743
msgstr ""
16744
16745
#: serverguide/C/network-auth.xml:502(para)
16746
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
16747
msgstr ""
16748
16749
#: serverguide/C/network-auth.xml:508(para)
16750
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
16751
msgstr ""
16752
16753
#: serverguide/C/network-auth.xml:514(para)
16754
msgid ""
16755
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
16756
"displayed (the default is to show all attributes)"
16757
msgstr ""
16758
16759
#: serverguide/C/network-auth.xml:524(title)
16760
msgid "Modifying the slapd Configuration Database"
16761
msgstr ""
16762
16763
#: serverguide/C/network-auth.xml:526(para)
16764
msgid ""
16765
"The slapd-config DIT can also be queried and modified. Here are a few "
16766
"examples."
16767
msgstr ""
16768
16769
#: serverguide/C/network-auth.xml:533(para)
16770
msgid ""
16771
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
16772
"attribute) to your <application>{1}hdb,cn=config</application> database "
16773
"(dc=example,dc=com). Create a file, call it "
16774
"<filename>uid_index.ldif</filename>, with the following contents:"
16775
msgstr ""
16776
16777
#: serverguide/C/network-auth.xml:538(programlisting)
16778
#, no-wrap
16779
msgid ""
16780
"\n"
16781
"dn: olcDatabase={1}hdb,cn=config\n"
16782
"add: olcDbIndex\n"
16783
"olcDbIndex: uid eq,pres,sub\n"
16784
msgstr ""
16785
16786
#: serverguide/C/network-auth.xml:544(para)
16787
msgid "Then issue the command:"
16788
msgstr ""
16789
16790
#: serverguide/C/network-auth.xml:549(command)
16791
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
16792
msgstr ""
16793
16794
#: serverguide/C/network-auth.xml:550(computeroutput)
16795
#, no-wrap
16796
msgid ""
16797
"\n"
16798
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16799
msgstr ""
16800
16801
#: serverguide/C/network-auth.xml:555(para)
16802
msgid "You can confirm the change in this way:"
16803
msgstr ""
16804
16805
#: serverguide/C/network-auth.xml:560(command)
16806
msgid ""
16807
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
16808
"'(olcDatabase={1}hdb)' olcDbIndex"
16809
msgstr ""
16810
16811
#: serverguide/C/network-auth.xml:562(computeroutput)
16812
#, no-wrap
16813
msgid ""
16814
"\n"
16815
"dn: olcDatabase={1}hdb,cn=config\n"
16816
"olcDbIndex: objectClass eq\n"
16817
"olcDbIndex: uid eq,pres,sub\n"
16818
msgstr ""
16819
16820
#: serverguide/C/network-auth.xml:572(para)
16821
msgid ""
16822
"Let's add a schema. It will first need to be converted to LDIF format. You "
16823
"can find unconverted schemas in addition to converted ones in the <filename "
16824
"role=\"directory\">/etc/ldap/schema</filename> directory."
16825
msgstr ""
16826
16827
#: serverguide/C/network-auth.xml:580(para)
16828
msgid ""
16829
"It is not trivial to remove a schema from the slapd-config database. "
16830
"Practice adding schemas on a test system."
16831
msgstr ""
16832
16833
#: serverguide/C/network-auth.xml:586(para)
16834
msgid ""
16835
"Before adding any schema, you should check which schemas are already "
16836
"installed (shown is a default, out-of-the-box output):"
16837
msgstr ""
16838
16839
#: serverguide/C/network-auth.xml:592(command)
16840
msgid ""
16841
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
16842
msgstr ""
16843
16844
#: serverguide/C/network-auth.xml:594(computeroutput)
16845
#, no-wrap
16846
msgid ""
16847
"\n"
16848
"dn: cn=schema,cn=config\n"
16849
"\n"
16850
"dn: cn={0}core,cn=schema,cn=config\n"
16851
"\n"
16852
"dn: cn={1}cosine,cn=schema,cn=config\n"
16853
"\n"
16854
"dn: cn={2}nis,cn=schema,cn=config\n"
16855
"\n"
16856
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
16857
msgstr ""
16858
16859
#: serverguide/C/network-auth.xml:611(para)
16860
msgid "In the following example we'll add the CORBA schema."
16861
msgstr ""
16862
16863
#: serverguide/C/network-auth.xml:618(para)
16864
msgid ""
16865
"Create the conversion configuration file "
16866
"<filename>schema_convert.conf</filename> containing the following lines:"
16867
msgstr ""
16868
16869
#: serverguide/C/network-auth.xml:623(programlisting)
16870
#, no-wrap
16871
msgid ""
16872
"\n"
16873
"include /etc/ldap/schema/core.schema\n"
16874
"include /etc/ldap/schema/collective.schema\n"
16875
"include /etc/ldap/schema/corba.schema\n"
16876
"include /etc/ldap/schema/cosine.schema\n"
16877
"include /etc/ldap/schema/duaconf.schema\n"
16878
"include /etc/ldap/schema/dyngroup.schema\n"
16879
"include /etc/ldap/schema/inetorgperson.schema\n"
16880
"include /etc/ldap/schema/java.schema\n"
16881
"include /etc/ldap/schema/misc.schema\n"
16882
"include /etc/ldap/schema/nis.schema\n"
16883
"include /etc/ldap/schema/openldap.schema\n"
16884
"include /etc/ldap/schema/ppolicy.schema\n"
16885
"include /etc/ldap/schema/ldapns.schema\n"
16886
"include /etc/ldap/schema/pmi.schema\n"
16887
msgstr ""
16888
16889
#: serverguide/C/network-auth.xml:643(para)
16890
msgid "Create the output directory <filename>ldif_output</filename>."
16891
msgstr ""
16892
16893
#: serverguide/C/network-auth.xml:649(para) serverguide/C/network-auth.xml:2299(para)
16894
msgid "Determine the index of the schema:"
16895
msgstr ""
16896
16897
#: serverguide/C/network-auth.xml:654(command)
16898
msgid ""
16899
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
16900
msgstr ""
16901
16902
#: serverguide/C/network-auth.xml:655(computeroutput)
16903
#, no-wrap
16904
msgid ""
16905
"\n"
16906
"cn={1}corba,cn=schema,cn=config\n"
16907
msgstr ""
16908
16909
#: serverguide/C/network-auth.xml:661(para)
16910
msgid ""
16911
"When slapd injests objects with the same parent DN it will create an "
16912
"<emphasis>index</emphasis> for that object. An index is contained within "
16913
"braces: <application>{X}</application>."
16914
msgstr ""
16915
16916
#: serverguide/C/network-auth.xml:670(para)
16917
msgid "Use <application>slapcat</application> to perform the conversion:"
16918
msgstr ""
16919
16920
#: serverguide/C/network-auth.xml:675(command)
16921
msgid ""
16922
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16923
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
16924
msgstr ""
16925
16926
#: serverguide/C/network-auth.xml:679(para)
16927
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
16928
msgstr ""
16929
16930
#: serverguide/C/network-auth.xml:685(para)
16931
msgid ""
16932
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
16933
"attributes:"
16934
msgstr ""
16935
16936
#: serverguide/C/network-auth.xml:689(programlisting)
16937
#, no-wrap
16938
msgid ""
16939
"\n"
16940
"dn: cn=corba,cn=schema,cn=config\n"
13453
16941
"...\n"
13454
"cn: dyngroup\n"
13455
msgstr ""
13456
13457
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13458
msgid "And remove the following lines from the bottom of the file:"
13459
msgstr ""
13460
13461
#: serverguide/C/network-auth.xml:481(programlisting)
16942
"cn: corba\n"
16943
msgstr ""
16944
16945
#: serverguide/C/network-auth.xml:695(para)
16946
msgid "Also remove the following lines from the bottom:"
16947
msgstr ""
16948
16949
#: serverguide/C/network-auth.xml:699(programlisting)
13462
16950
#, no-wrap
13463
16951
msgid ""
13464
16952
"\n"
13465
16953
"structuralObjectClass: olcSchemaConfig\n"
13466
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
16954
"entryUUID: 52109a02-66ab-1030-8be2-bbf166230478\n"
13467
16955
"creatorsName: cn=config\n"
13468
"createTimestamp: 20080826021140Z\n"
13469
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
16956
"createTimestamp: 20110829165435Z\n"
16957
"entryCSN: 20110829165435.935248Z#000000#000#000000\n"
13470
16958
"modifiersName: cn=config\n"
13471
"modifyTimestamp: 20080826021140Z\n"
13472
msgstr ""
13473
13474
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13475
msgid ""
13476
"The attribute values will vary, just be sure the attributes are removed."
13477
msgstr ""
13478
13479
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13480
msgid ""
13481
"Finally, using the <application>ldapadd</application> utility, add the new "
13482
"schema to the directory:"
13483
msgstr ""
13484
13485
#: serverguide/C/network-auth.xml:506(command)
13486
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13487
msgstr ""
13488
13489
#: serverguide/C/network-auth.xml:512(para)
13490
msgid ""
13491
"There should now be a <emphasis>dn: "
13492
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13493
msgstr ""
13494
13495
#: serverguide/C/network-auth.xml:522(title)
13496
msgid "LDAP Replication"
13497
msgstr ""
13498
13499
#: serverguide/C/network-auth.xml:524(para)
13500
msgid ""
13501
"LDAP often quickly becomes a highly critical service to the network. "
13502
"Multiple systems will come to depend on LDAP for authentication, "
13503
"authorization, configuration, etc. It is a good idea to setup a redundant "
13504
"system through replication."
13505
msgstr ""
13506
13507
#: serverguide/C/network-auth.xml:530(para)
13508
msgid ""
13509
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13510
"Syncrepl allows the changes to be synced using a "
13511
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13512
"provider sends directory changes to consumers."
13513
msgstr ""
13514
13515
#: serverguide/C/network-auth.xml:537(title)
16959
"modifyTimestamp: 20110829165435Z\n"
16960
msgstr ""
16961
16962
#: serverguide/C/network-auth.xml:709(para) serverguide/C/network-auth.xml:2349(para)
16963
msgid "Your attribute values will vary."
16964
msgstr ""
16965
16966
#: serverguide/C/network-auth.xml:715(para)
16967
msgid ""
16968
"Finally, use <application>ldapadd</application> to add the new schema to the "
16969
"slapd-config DIT:"
16970
msgstr ""
16971
16972
#: serverguide/C/network-auth.xml:720(command)
16973
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
16974
msgstr ""
16975
16976
#: serverguide/C/network-auth.xml:721(computeroutput)
16977
#, no-wrap
16978
msgid ""
16979
"\n"
16980
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
16981
msgstr ""
16982
16983
#: serverguide/C/network-auth.xml:729(para)
16984
msgid "Confirm currently loaded schemas:"
16985
msgstr ""
16986
16987
#: serverguide/C/network-auth.xml:734(command)
16988
msgid ""
16989
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
16990
msgstr ""
16991
16992
#: serverguide/C/network-auth.xml:735(computeroutput)
16993
#, no-wrap
16994
msgid ""
16995
"\n"
16996
"dn: cn=schema,cn=config\n"
16997
"\n"
16998
"dn: cn={0}core,cn=schema,cn=config\n"
16999
"\n"
17000
"dn: cn={1}cosine,cn=schema,cn=config\n"
17001
"\n"
17002
"dn: cn={2}nis,cn=schema,cn=config\n"
17003
"\n"
17004
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
17005
"\n"
17006
"dn: cn={4}corba,cn=schema,cn=config\n"
17007
msgstr ""
17008
17009
#: serverguide/C/network-auth.xml:759(para)
17010
msgid ""
17011
"For external applications and clients to authenticate using LDAP they will "
17012
"each need to be specifically configured to do so. Refer to the appropriate "
17013
"client-side documentation for details."
17014
msgstr ""
17015
17016
#: serverguide/C/network-auth.xml:768(title) serverguide/C/dns.xml:510(title)
17017
msgid "Logging"
17018
msgstr ""
17019
17020
#: serverguide/C/network-auth.xml:770(para)
17021
msgid ""
17022
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
17023
"based solution yet it must be manually enabled after software installation. "
17024
"Otherwise, only rudimentary messages will appear in the logs. Logging, like "
17025
"any other slapd configuration, is enabled via the slapd-config database."
17026
msgstr ""
17027
17028
#: serverguide/C/network-auth.xml:776(para)
17029
msgid ""
17030
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
17031
"containing the lower one (additive). A good level to try is "
17032
"<emphasis>stats</emphasis>. The <ulink "
17033
"url=\"http://manpages.ubuntu.com/manpages/en/man5/slapd-"
17034
"config.5.html\">slapd-config</ulink> man page has more to say on the "
17035
"different subsystems."
17036
msgstr ""
17037
17038
#: serverguide/C/network-auth.xml:782(para)
17039
msgid ""
17040
"Create the file <filename>logging.ldif</filename> with the following "
17041
"contents:"
17042
msgstr ""
17043
17044
#: serverguide/C/network-auth.xml:786(programlisting)
17045
#, no-wrap
17046
msgid ""
17047
"\n"
17048
"dn: cn=config\n"
17049
"changetype: modify\n"
17050
"add: olcLogLevel\n"
17051
"olcLogLevel: stats\n"
17052
msgstr ""
17053
17054
#: serverguide/C/network-auth.xml:793(para)
17055
msgid "Implement the change:"
17056
msgstr ""
17057
17058
#: serverguide/C/network-auth.xml:798(command)
17059
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
17060
msgstr ""
17061
17062
#: serverguide/C/network-auth.xml:801(para)
17063
msgid ""
17064
"This will produce a significant amount of logging and you will want to "
17065
"throttle back to a less verbose level once your system is in production. "
17066
"While in this verbose mode your host's syslog engine (rsyslog) may have a "
17067
"hard time keeping up and may drop messages:"
17068
msgstr ""
17069
17070
#: serverguide/C/network-auth.xml:807(programlisting)
17071
#, no-wrap
17072
msgid ""
17073
"\n"
17074
"rsyslogd-2177: imuxsock lost 228 messages from pid 2547 due to rate-"
17075
"limiting\n"
17076
msgstr ""
17077
17078
#: serverguide/C/network-auth.xml:811(para)
17079
msgid ""
17080
"You may consider a change to rsyslog's configuration. In "
17081
"<filename>/etc/rsyslog.conf</filename>, put:"
17082
msgstr ""
17083
17084
#: serverguide/C/network-auth.xml:815(programlisting)
17085
#, no-wrap
17086
msgid ""
17087
"\n"
17088
"# Disable rate limiting\n"
17089
"# (default is 200 messages in 5 seconds; below we make the 5 become 0)\n"
17090
"$SystemLogRateLimitInterval 0\n"
17091
msgstr ""
17092
17093
#: serverguide/C/network-auth.xml:821(para)
17094
msgid "And then restart the rsyslog daemon:"
17095
msgstr ""
17096
17097
#: serverguide/C/network-auth.xml:826(command)
17098
msgid "sudo service rsyslog restart"
17099
msgstr ""
17100
17101
#: serverguide/C/network-auth.xml:832(title)
17102
msgid "Replication"
17103
msgstr ""
17104
17105
#: serverguide/C/network-auth.xml:834(para)
17106
msgid ""
17107
"The LDAP service becomes increasingly important as more networked systems "
17108
"begin to depend on it. In such an environment, it is standard practice to "
17109
"build redundancy (high availability) into LDAP to prevent havoc should the "
17110
"LDAP server become unresponsive. This is done through <emphasis>LDAP "
17111
"replication</emphasis>."
17112
msgstr ""
17113
17114
#: serverguide/C/network-auth.xml:840(para)
17115
msgid ""
17116
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
17117
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
17118
"<emphasis>Provider</emphasis> model. The specific kind of replication we "
17119
"will implement in this guide is a combination of the following modes: "
17120
"<emphasis>refreshAndPersist</emphasis> and <emphasis>delta-"
17121
"syncrepl</emphasis>. This has the Provider push changed entries to the "
17122
"Consumer as soon as they're made but, in addition, only actual changes will "
17123
"be sent, not entire entries."
17124
msgstr ""
17125
17126
#: serverguide/C/network-auth.xml:849(title)
13516
17127
msgid "Provider Configuration"
13517
17128
msgstr ""
13518
17129
13519
#: serverguide/C/network-auth.xml:539(para)
13520
msgid ""
13521
"The following is an example of a <emphasis>Single-Master</emphasis> "
13522
"configuration. In this configuration one OpenLDAP server is configured as a "
13523
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
17130
#: serverguide/C/network-auth.xml:851(para)
17131
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
13524
17132
msgstr ""
13525
17133
13526
#: serverguide/C/network-auth.xml:547(para)
17134
#: serverguide/C/network-auth.xml:858(para)
13527
17135
msgid ""
13528
"First, configure the provider server. Copy the following to a file named "
17136
"Create an LDIF file with the following contents and name it "
13529
17137
"<filename>provider_sync.ldif</filename>:"
13530
17138
msgstr ""
13531
17139
13532
#: serverguide/C/network-auth.xml:552(programlisting)
17140
#: serverguide/C/network-auth.xml:862(programlisting)
13533
17141
#, no-wrap
13534
17142
msgid ""
13535
17143
"\n"
13591
17199
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13592
17200
msgstr ""
13593
17201
13594
#: serverguide/C/network-auth.xml:614(para)
13595
msgid ""
13596
"The <application>AppArmor</application> profile for "
13597
"<application>slapd</application> will need to be adjusted for the accesslog "
13598
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13599
"adding:"
13600
msgstr ""
13601
13602
#: serverguide/C/network-auth.xml:619(programlisting)
17202
#: serverguide/C/network-auth.xml:921(para)
17203
msgid ""
17204
"Change the rootDN in the LDIF file to match the one you have for your "
17205
"directory."
17206
msgstr ""
17207
17208
#: serverguide/C/network-auth.xml:928(para)
17209
msgid ""
17210
"The <application>apparmor</application> profile for slapd will need to be "
17211
"adjusted for the accesslog database location. Edit "
17212
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
17213
"following:"
17214
msgstr ""
17215
17216
#: serverguide/C/network-auth.xml:934(programlisting)
13603
17217
#, no-wrap
13604
17218
msgid ""
13605
17219
"\n"
13606
" /var/lib/ldap/accesslog/ r,\n"
13607
" /var/lib/ldap/accesslog/** rwk,\n"
17220
"/var/lib/ldap/accesslog/ r,\n"
17221
"/var/lib/ldap/accesslog/** rwk,\n"
13608
17222
msgstr ""
13609
17223
13610
#: serverguide/C/network-auth.xml:624(para)
17224
#: serverguide/C/network-auth.xml:939(para)
13611
17225
msgid ""
13612
"Then create the directory, reload the <application>apparmor</application> "
13613
"profile, and copy the <filename>DB_CONFIG</filename> file:"
17226
"Create a directory, set up a databse config file, and reload the apparmor "
17227
"profile:"
13614
17228
msgstr ""
13615
17229
13616
#: serverguide/C/network-auth.xml:630(command)
17230
#: serverguide/C/network-auth.xml:944(command)
13617
17231
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13618
17232
msgstr ""
13619
17233
13620
#: serverguide/C/network-auth.xml:631(command)
13621
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13622
msgstr ""
13623
13624
#: serverguide/C/network-auth.xml:636(para)
13625
msgid ""
13626
"Using the <emphasis>-u openldap</emphasis> option with the "
13627
"<application>sudo</application> commands above removes the need to adjust "
13628
"permissions for the new directory later."
13629
msgstr ""
13630
13631
#: serverguide/C/network-auth.xml:645(para)
13632
msgid ""
13633
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13634
"directory:"
13635
msgstr ""
13636
13637
#: serverguide/C/network-auth.xml:649(programlisting)
13638
#, no-wrap
13639
msgid ""
13640
"\n"
13641
"olcRootDN: cn=admin,dc=example,dc=com\n"
13642
msgstr ""
13643
13644
#: serverguide/C/network-auth.xml:657(para)
13645
msgid ""
13646
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13647
msgstr ""
13648
13649
#: serverguide/C/network-auth.xml:662(command)
13650
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13651
msgstr ""
13652
13653
#: serverguide/C/network-auth.xml:669(para)
13654
msgid "Restart <application>slapd</application>:"
13655
msgstr ""
13656
13657
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13658
msgid "sudo /etc/init.d/slapd restart"
13659
msgstr ""
13660
13661
#: serverguide/C/network-auth.xml:680(para)
13662
msgid ""
13663
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13664
"to configure a <emphasis>Consumer</emphasis> server."
13665
msgstr ""
13666
13667
#: serverguide/C/network-auth.xml:687(title)
17234
#: serverguide/C/network-auth.xml:945(command)
17235
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
17236
msgstr ""
17237
17238
#: serverguide/C/network-auth.xml:946(command)
17239
msgid "sudo service apparmor reload"
17240
msgstr ""
17241
17242
#: serverguide/C/network-auth.xml:952(para)
17243
msgid ""
17244
"Add the new content and, due to the apparmor change, restart the daemon:"
17245
msgstr ""
17246
17247
#: serverguide/C/network-auth.xml:957(command)
17248
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
17249
msgstr ""
17250
17251
#: serverguide/C/network-auth.xml:958(command) serverguide/C/network-auth.xml:1480(command) serverguide/C/network-auth.xml:1665(command) serverguide/C/network-auth.xml:3894(command)
17252
msgid "sudo service slapd restart"
17253
msgstr ""
17254
17255
#: serverguide/C/network-auth.xml:965(para)
17256
msgid "The Provider is now configured."
17257
msgstr ""
17258
17259
#: serverguide/C/network-auth.xml:972(title)
13668
17260
msgid "Consumer Configuration"
13669
17261
msgstr ""
13670
17262
13671
#: serverguide/C/network-auth.xml:692(para)
13672
msgid ""
13673
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13674
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13675
"configuration steps."
13676
msgstr ""
13677
13678
#: serverguide/C/network-auth.xml:697(para)
13679
msgid "Add the additional schema files:"
13680
msgstr ""
13681
13682
#: serverguide/C/network-auth.xml:707(para)
13683
msgid ""
13684
"Also, create, or copy from the provider server, the "
13685
"<filename>backend.example.com.ldif</filename>"
13686
msgstr ""
13687
13688
#: serverguide/C/network-auth.xml:711(programlisting)
13689
#, no-wrap
13690
msgid ""
13691
"\n"
13692
"# Load dynamic backend modules\n"
13693
"dn: cn=module,cn=config\n"
13694
"objectClass: olcModuleList\n"
13695
"cn: module\n"
13696
"olcModulepath: /usr/lib/ldap\n"
13697
"olcModuleload: back_hdb\n"
13698
"\n"
13699
"# Database settings\n"
13700
"dn: olcDatabase=hdb,cn=config\n"
13701
"objectClass: olcDatabaseConfig\n"
13702
"objectClass: olcHdbConfig\n"
13703
"olcDatabase: {1}hdb\n"
13704
"olcSuffix: dc=example,dc=com\n"
13705
"olcDbDirectory: /var/lib/ldap\n"
13706
"olcRootDN: cn=admin,dc=example,dc=com\n"
13707
"olcRootPW: secret\n"
13708
"olcDbConfig: set_cachesize 0 2097152 0\n"
13709
"olcDbConfig: set_lk_max_objects 1500\n"
13710
"olcDbConfig: set_lk_max_locks 1500\n"
13711
"olcDbConfig: set_lk_max_lockers 1500\n"
13712
"olcDbIndex: objectClass eq\n"
13713
"olcLastMod: TRUE\n"
13714
"olcDbCheckpoint: 512 30\n"
13715
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13716
"by anonymous auth by self write by * none\n"
13717
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13718
"olcAccess: to dn.base=\"\" by * read\n"
13719
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13720
msgstr ""
13721
13722
#: serverguide/C/network-auth.xml:741(para)
13723
msgid "And add the LDIF by entering:"
13724
msgstr ""
13725
13726
#: serverguide/C/network-auth.xml:752(para)
13727
msgid ""
13728
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13729
"listed above, and add it:"
13730
msgstr ""
13731
13732
#: serverguide/C/network-auth.xml:760(para)
13733
msgid ""
13734
"The two severs should now have the same configuration except for the "
13735
"<emphasis>Syncrepl</emphasis> options."
13736
msgstr ""
13737
13738
#: serverguide/C/network-auth.xml:768(para)
13739
msgid ""
13740
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13741
msgstr ""
13742
13743
#: serverguide/C/network-auth.xml:772(programlisting)
13744
#, no-wrap
13745
msgid ""
13746
"\n"
13747
"#Load the syncprov module.\n"
17263
#: serverguide/C/network-auth.xml:974(para)
17264
msgid "And now configure the <emphasis>Consumer</emphasis>."
17265
msgstr ""
17266
17267
#: serverguide/C/network-auth.xml:981(para)
17268
msgid ""
17269
"Install the software by going through <xref linkend=\"openldap-server-"
17270
"installation\"/>. Make sure the slapd-config databse is identical to the "
17271
"Provider's. In particular, make sure schemas and the databse suffix are the "
17272
"same."
17273
msgstr ""
17274
17275
#: serverguide/C/network-auth.xml:988(para)
17276
msgid ""
17277
"Create an LDIF file with the following contents and name it "
17278
"<filename>consumer_sync.ldif</filename>:"
17279
msgstr ""
17280
17281
#: serverguide/C/network-auth.xml:992(programlisting)
17282
#, no-wrap
17283
msgid ""
17284
"\n"
13748
17285
"dn: cn=module{0},cn=config\n"
13749
17286
"changetype: modify\n"
13750
17287
"add: olcModuleLoad\n"
13751
17288
"olcModuleLoad: syncprov\n"
13752
17289
"\n"
13753
"# syncrepl specific indices\n"
13754
17290
"dn: olcDatabase={1}hdb,cn=config\n"
13755
17291
"changetype: modify\n"
13756
17292
"add: olcDbIndex\n"
13769
17305
"olcUpdateRef: ldap://ldap01.example.com\n"
13770
17306
msgstr ""
13771
17307
13772
#: serverguide/C/network-auth.xml:795(para)
13773
msgid "You will probably want to change the following attributes:"
13774
msgstr ""
13775
13776
#: serverguide/C/network-auth.xml:800(para)
13777
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13778
msgstr ""
13779
13780
#: serverguide/C/network-auth.xml:801(emphasis)
13781
msgid "binddn"
13782
msgstr ""
13783
13784
#: serverguide/C/network-auth.xml:802(emphasis)
13785
msgid "credentials"
13786
msgstr ""
13787
13788
#: serverguide/C/network-auth.xml:803(emphasis)
13789
msgid "searchbase"
13790
msgstr ""
13791
13792
#: serverguide/C/network-auth.xml:804(emphasis)
13793
msgid "olcUpdateRef:"
13794
msgstr ""
13795
13796
#: serverguide/C/network-auth.xml:810(para)
13797
msgid "Add the LDIF file to the configuration tree:"
13798
msgstr ""
13799
13800
#: serverguide/C/network-auth.xml:815(command)
13801
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13802
msgstr ""
13803
13804
#: serverguide/C/network-auth.xml:821(para)
13805
msgid ""
13806
"The frontend database should now sync between servers. You can add "
13807
"additional servers using the steps above as the need arises."
13808
msgstr ""
13809
13810
#: serverguide/C/network-auth.xml:831(programlisting)
13811
#, no-wrap
13812
msgid "127.0.0.1\tldap01.example.com ldap01"
13813
msgstr ""
13814
13815
#: serverguide/C/network-auth.xml:827(para)
13816
msgid ""
13817
"The <application>slapd</application> daemon will send log information to "
13818
"<filename>/var/log/syslog</filename> by default. So if all does "
13819
"<emphasis>not</emphasis> go well check there for errors and other "
13820
"troubleshooting information. Also, be sure that each server knows it's Fully "
13821
"Qualified Domain Name (FQDN). This is configured in "
13822
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13823
msgstr ""
13824
13825
#: serverguide/C/network-auth.xml:839(title)
13826
msgid "Setting up ACL"
13827
msgstr ""
13828
13829
#: serverguide/C/network-auth.xml:841(para)
13830
msgid ""
13831
"Authentication requires access to the password field, that should be not "
13832
"accessible by default. Also, in order for users to change their own "
13833
"password, using <command>passwd</command> or other utilities, "
13834
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13835
"authenticated."
13836
msgstr ""
13837
13838
#: serverguide/C/network-auth.xml:848(para)
13839
msgid ""
13840
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13841
"tree, use the <application>ldapsearch</application> utility:"
13842
msgstr ""
13843
13844
#: serverguide/C/network-auth.xml:854(command)
13845
msgid ""
13846
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13847
"olcDatabase=config olcAccess"
13848
msgstr ""
13849
13850
#: serverguide/C/network-auth.xml:858(computeroutput)
13851
#, no-wrap
13852
msgid ""
13853
"SASL/EXTERNAL authentication started\n"
13854
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13855
"SASL SSF: 0\n"
17308
#: serverguide/C/network-auth.xml:1013(para)
17309
msgid "Ensure the following attributes have the correct values:"
17310
msgstr ""
17311
17312
#: serverguide/C/network-auth.xml:1018(para)
17313
msgid ""
17314
"<emphasis>provider</emphasis> (Provider server's hostname -- "
17315
"ldap01.example.com in this example -- or IP address)"
17316
msgstr ""
17317
17318
#: serverguide/C/network-auth.xml:1019(para)
17319
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
17320
msgstr ""
17321
17322
#: serverguide/C/network-auth.xml:1020(para)
17323
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
17324
msgstr ""
17325
17326
#: serverguide/C/network-auth.xml:1021(para)
17327
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
17328
msgstr ""
17329
17330
#: serverguide/C/network-auth.xml:1022(para)
17331
msgid ""
17332
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
17333
msgstr ""
17334
17335
#: serverguide/C/network-auth.xml:1023(para)
17336
msgid ""
17337
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
17338
"replica. Each consumer should have at least one rid)"
17339
msgstr ""
17340
17341
#: serverguide/C/network-auth.xml:1032(para)
17342
msgid "Add the new content:"
17343
msgstr ""
17344
17345
#: serverguide/C/network-auth.xml:1037(command)
17346
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
17347
msgstr ""
17348
17349
#: serverguide/C/network-auth.xml:1044(para)
17350
msgid ""
17351
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
17352
"synchronizing."
17353
msgstr ""
17354
17355
#: serverguide/C/network-auth.xml:1053(para)
17356
msgid "Once replication starts, you can monitor it by running"
17357
msgstr ""
17358
17359
#: serverguide/C/network-auth.xml:1058(command)
17360
msgid "ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base contextCSN"
17361
msgstr ""
17362
17363
#: serverguide/C/network-auth.xml:1059(computeroutput)
17364
#, no-wrap
17365
msgid ""
17366
"\n"
17367
"dn: dc=example,dc=com\n"
17368
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
17369
msgstr ""
17370
17371
#: serverguide/C/network-auth.xml:1065(para)
17372
msgid ""
17373
"on both the provider and the consumer. Once the output "
17374
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
17375
"in the above example) for both machines match, you have replication. Every "
17376
"time a change is done in the provider, this value will change and so should "
17377
"the one in the consumer(s)."
17378
msgstr ""
17379
17380
#: serverguide/C/network-auth.xml:1074(para)
17381
msgid ""
17382
"If your connection is slow and/or your ldap database large, it might take a "
17383
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
17384
"provider's. But, you will know it is progressing since the consumer's "
17385
"<emphasis>contextCSN</emphasis> will be steadly increasing."
17386
msgstr ""
17387
17388
#: serverguide/C/network-auth.xml:1082(para)
17389
msgid ""
17390
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
17391
"match the provider, you should stop and figure out the issue before "
17392
"continuing. Try checking the slapd (syslog) and the auth log files in the "
17393
"provider to see if the consumer's authentication requests were successful or "
17394
"its requests to retrieve data (they look like a lot of ldapsearch "
17395
"statements) return no errors."
17396
msgstr ""
17397
17398
#: serverguide/C/network-auth.xml:1091(para)
17399
msgid ""
17400
"To test if it worked simply query, on the Consumer, the DNs in the database:"
17401
msgstr ""
17402
17403
#: serverguide/C/network-auth.xml:1096(command)
17404
msgid ""
17405
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
17406
msgstr ""
17407
17408
#: serverguide/C/network-auth.xml:1099(para)
17409
msgid ""
17410
"You should see the user 'john' and the group 'miners' as well as the nodes "
17411
"'People' and 'Groups'."
17412
msgstr ""
17413
17414
#: serverguide/C/network-auth.xml:1108(title)
17415
msgid "Access Control"
17416
msgstr ""
17417
17418
#: serverguide/C/network-auth.xml:1110(para)
17419
msgid ""
17420
"The management of what type of access (read, write, etc) users should be "
17421
"granted to resources is known as <emphasis>access control</emphasis>. The "
17422
"configuration directives involved are called <emphasis>access control "
17423
"lists</emphasis> or ACL."
17424
msgstr ""
17425
17426
#: serverguide/C/network-auth.xml:1115(para)
17427
msgid ""
17428
"When we installed the slapd package various ACL were set up automatically. "
17429
"We will look at a few important consequences of those defaults and, in so "
17430
"doing, we'll get an idea of how ACLs work and how they're configured."
17431
msgstr ""
17432
17433
#: serverguide/C/network-auth.xml:1120(para)
17434
msgid ""
17435
"To get the effective ACL for an LDAP query we need to look at the ACL "
17436
"entries of the database being queried as well as those of the special "
17437
"frontend database instance. The ACLs belonging to the latter act as defaults "
17438
"in case those of the former do not match. The frontend database is the "
17439
"second to be consulted and the ACL to be applied is the first to match "
17440
"(\"first match wins\") among these 2 ACL sources. The following commands "
17441
"will give, respectively, the ACLs of the hdb database "
17442
"(\"dc=example,dc=com\") and those of the frontend database:"
17443
msgstr ""
17444
17445
#: serverguide/C/network-auth.xml:1129(command)
17446
msgid ""
17447
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17448
"'(olcDatabase={1}hdb)' olcAccess"
17449
msgstr ""
17450
17451
#: serverguide/C/network-auth.xml:1131(computeroutput)
17452
#, no-wrap
17453
msgid ""
17454
"\n"
17455
"dn: olcDatabase={1}hdb,cn=config\n"
17456
"olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by "
17457
"anonymous\n"
17458
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
17459
"olcAccess: {1}to dn.base=\"\" by * read\n"
17460
"olcAccess: {2}to * by self write by dn=\"cn=admin,dc=example,dc=com\" write "
17461
"by *\n"
17462
" read\n"
17463
msgstr ""
17464
17465
#: serverguide/C/network-auth.xml:1142(para)
17466
msgid ""
17467
"The rootDN always has full rights to it's database. Including it in an ACL "
17468
"does provide an explicit configuration but it also causes slapd to incur a "
17469
"performance penalty."
17470
msgstr ""
17471
17472
#: serverguide/C/network-auth.xml:1149(command)
17473
msgid ""
17474
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17475
"'(olcDatabase={-1}frontend)' olcAccess"
17476
msgstr ""
17477
17478
#: serverguide/C/network-auth.xml:1151(computeroutput)
17479
#, no-wrap
17480
msgid ""
17481
"\n"
17482
"dn: olcDatabase={-1}frontend,cn=config\n"
17483
"olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,\n"
17484
" cn=external,cn=auth manage by * break\n"
17485
"olcAccess: {1}to dn.exact=\"\" by * read\n"
17486
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
17487
msgstr ""
17488
17489
#: serverguide/C/network-auth.xml:1160(para)
17490
msgid "The very first ACL is crucial:"
17491
msgstr ""
17492
17493
#: serverguide/C/network-auth.xml:1164(programlisting)
17494
#, no-wrap
17495
msgid ""
17496
"\n"
17497
"olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by "
17498
"anonymous\n"
17499
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
17500
msgstr ""
17501
17502
#: serverguide/C/network-auth.xml:1169(para)
17503
msgid "This can be represented differently for easier digestion:"
17504
msgstr ""
17505
17506
#: serverguide/C/network-auth.xml:1173(programlisting)
17507
#, no-wrap
17508
msgid ""
17509
"\n"
17510
"to attrs=userPassword\n"
17511
"\tby self write\n"
17512
"\tby anonymous auth\n"
17513
"\tby dn=\"cn=admin,dc=example,dc=com\" write\n"
17514
"\tby * none\n"
17515
"\n"
17516
"to attrs=shadowLastChange\n"
17517
"\tby self write\n"
17518
"\tby anonymous auth\n"
17519
"\tby dn=\"cn=admin,dc=example,dc=com\" write\n"
17520
"\tby * none\n"
17521
msgstr ""
17522
17523
#: serverguide/C/network-auth.xml:1187(para)
17524
msgid "This compound ACL (there are 2) enforces the following:"
17525
msgstr ""
17526
17527
#: serverguide/C/network-auth.xml:1194(para)
17528
msgid ""
17529
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
17530
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
17531
"'by anonymous auth' is needed even when anonymous access to the DIT is "
17532
"unwanted. Once the remote end is connected, howerver, authentication can "
17533
"occur (see next point)."
17534
msgstr ""
17535
17536
#: serverguide/C/network-auth.xml:1202(para)
17537
msgid ""
17538
"Authentication can happen because all users have 'read' (due to 'by self "
17539
"write') access to the <emphasis>userPassword</emphasis> attribute."
17540
msgstr ""
17541
17542
#: serverguide/C/network-auth.xml:1208(para)
17543
msgid ""
17544
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
17545
"all other users, with the exception of the rootDN, who has complete access "
17546
"to it."
17547
msgstr ""
17548
17549
#: serverguide/C/network-auth.xml:1215(para)
17550
msgid ""
17551
"In order for users to change their own password, using "
17552
"<command>passwd</command> or other utilities, the "
17553
"<emphasis>shadowLastChange</emphasis> attribute needs to be accessible once "
17554
"a user has authenticated."
17555
msgstr ""
17556
17557
#: serverguide/C/network-auth.xml:1223(para)
17558
msgid ""
17559
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
17560
msgstr ""
17561
17562
#: serverguide/C/network-auth.xml:1227(programlisting)
17563
#, no-wrap
17564
msgid ""
17565
"\n"
17566
"to *\n"
17567
"\tby self write\n"
17568
"\tby dn=\"cn=admin,dc=example,dc=com\" write\n"
17569
"\tby * read\n"
17570
msgstr ""
17571
17572
#: serverguide/C/network-auth.xml:1234(para)
17573
msgid ""
17574
"If this is unwanted then you need to change the ACLs. To force "
17575
"authentication during a bind request you can alternatively (or in "
17576
"combination with the modified ACL) use the 'olcRequire: authc' directive."
17577
msgstr ""
17578
17579
#: serverguide/C/network-auth.xml:1239(para)
17580
msgid ""
17581
"As previously mentioned, there is no administrative account created for the "
17582
"slapd-config database. There is, however, a SASL identity that is granted "
17583
"full access to it. It represents the localhost's superuser (root/sudo). Here "
17584
"it is:"
17585
msgstr ""
17586
17587
#: serverguide/C/network-auth.xml:1244(programlisting)
17588
#, no-wrap
17589
msgid ""
17590
"\n"
17591
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
17592
msgstr ""
17593
17594
#: serverguide/C/network-auth.xml:1248(para)
17595
msgid ""
17596
"The following command will display the ACLs of the slapd-config database:"
17597
msgstr ""
17598
17599
#: serverguide/C/network-auth.xml:1253(command)
17600
msgid ""
17601
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17602
"'(olcDatabase={0}config)' olcAccess"
17603
msgstr ""
17604
17605
#: serverguide/C/network-auth.xml:1255(computeroutput)
17606
#, no-wrap
17607
msgid ""
17608
"\n"
13856
17609
"dn: olcDatabase={0}config,cn=config\n"
13857
"olcAccess: {0}to * by "
13858
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13859
" ,cn=auth manage by * break\n"
13860
msgstr ""
13861
13862
#: serverguide/C/network-auth.xml:867(para)
13863
msgid "To see the ACL for the frontend tree enter:"
13864
msgstr ""
13865
13866
#: serverguide/C/network-auth.xml:872(command)
13867
msgid ""
13868
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13869
"olcDatabase={1}hdb olcAccess"
13870
msgstr ""
13871
13872
#: serverguide/C/network-auth.xml:878(title)
13873
msgid "TLS and SSL"
13874
msgstr ""
13875
13876
#: serverguide/C/network-auth.xml:880(para)
17610
"olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,\n"
17611
" cn=external,cn=auth manage by * break\n"
17612
msgstr ""
17613
17614
#: serverguide/C/network-auth.xml:1262(para)
17615
msgid ""
17616
"Since this is a SASL identity we need to use a SASL "
17617
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
17618
"and and we have seen it plenty of times in this guide. It is the EXTERNAL "
17619
"mechanism. See the previous command for an example. Note that:"
17620
msgstr ""
17621
17622
#: serverguide/C/network-auth.xml:1270(para)
17623
msgid ""
17624
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
17625
"for the ACL to match."
17626
msgstr ""
17627
17628
#: serverguide/C/network-auth.xml:1276(para)
17629
msgid ""
17630
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
17631
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
17632
msgstr ""
17633
17634
#: serverguide/C/network-auth.xml:1284(para)
17635
msgid "A succinct way to get all the ACLs is like this:"
17636
msgstr ""
17637
17638
#: serverguide/C/network-auth.xml:1289(command)
17639
msgid ""
17640
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17641
"'(olcAccess=*)' olcAccess olcSuffix"
17642
msgstr ""
17643
17644
#: serverguide/C/network-auth.xml:1293(para)
17645
msgid ""
17646
"There is much to say on the topic of access control. See the man page for "
17647
"<ulink "
17648
"url=\"http://manpages.ubuntu.com/manpages/en/man5/slapd.access.5.html\">slapd"
17649
".access</ulink>."
17650
msgstr ""
17651
17652
#: serverguide/C/network-auth.xml:1301(title)
17653
msgid "TLS"
17654
msgstr ""
17655
17656
#: serverguide/C/network-auth.xml:1303(para)
13877
17657
msgid ""
13878
17658
"When authenticating to an OpenLDAP server it is best to do so using an "
13879
17659
"encrypted session. This can be accomplished using Transport Layer Security "
13880
"(TLS) and/or Secure Sockets Layer (SSL)."
13881
msgstr ""
13882
13883
#: serverguide/C/network-auth.xml:885(para)
13884
msgid ""
13885
"The first step in the process is to obtain or create a "
13886
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13887
"is compiled using the <application>gnutls</application> library, the "
13888
"<application>certtool</application> utility will be used to create "
13889
"certificates."
13890
msgstr ""
13891
13892
#: serverguide/C/network-auth.xml:894(para)
13893
msgid ""
13894
"First, install <application>gnutls-bin</application> by entering the "
13895
"following in a terminal:"
13896
msgstr ""
13897
13898
#: serverguide/C/network-auth.xml:899(command)
13899
msgid "sudo apt-get install gnutls-bin"
13900
msgstr ""
13901
13902
#: serverguide/C/network-auth.xml:905(para)
13903
msgid ""
13904
"Next, create a private key for the <emphasis>Certificate "
13905
"Authority</emphasis> (CA):"
13906
msgstr ""
13907
13908
#: serverguide/C/network-auth.xml:910(command)
17660
"(TLS)."
17661
msgstr ""
17662
17663
#: serverguide/C/network-auth.xml:1308(para)
17664
msgid ""
17665
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
17666
"create and sign our LDAP server certificate as that CA. Since "
17667
"<application>slapd</application> is compiled using the "
17668
"<application>gnutls</application> library, we will use the "
17669
"<application>certtool</application> utility to complete these tasks."
17670
msgstr ""
17671
17672
#: serverguide/C/network-auth.xml:1317(para)
17673
msgid ""
17674
"Install the <application>gnutls-bin</application> and <application>ssl-"
17675
"cert</application> packages:"
17676
msgstr ""
17677
17678
#: serverguide/C/network-auth.xml:1322(command)
17679
msgid "sudo apt-get install gnutls-bin ssl-cert"
17680
msgstr ""
17681
17682
#: serverguide/C/network-auth.xml:1328(para)
17683
msgid "Create a private key for the Certificate Authority:"
17684
msgstr ""
17685
17686
#: serverguide/C/network-auth.xml:1333(command)
13909
17687
msgid ""
13910
17688
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13911
17689
msgstr ""
13912
17690
13913
#: serverguide/C/network-auth.xml:916(para)
17691
#: serverguide/C/network-auth.xml:1339(para)
13914
17692
msgid ""
13915
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13916
"CA certificate containing:"
17693
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
17694
"CA:"
13917
17695
msgstr ""
13918
17696
13919
#: serverguide/C/network-auth.xml:920(programlisting)
17697
#: serverguide/C/network-auth.xml:1343(programlisting)
13920
17698
#, no-wrap
13921
17699
msgid ""
13922
17700
"\n"
13925
17703
"cert_signing_key\n"
13926
17704
msgstr ""
13927
17705
13928
#: serverguide/C/network-auth.xml:929(para)
13929
msgid "Now create the self-signed CA certificate:"
17706
#: serverguide/C/network-auth.xml:1352(para)
17707
msgid "Create the self-signed CA certificate:"
13930
17708
msgstr ""
13931
17709
13932
#: serverguide/C/network-auth.xml:934(command)
17710
#: serverguide/C/network-auth.xml:1357(command)
13933
17711
msgid ""
13934
"sudo certtool --generate-self-signed --load-privkey "
13935
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
17712
"sudo certtool --generate-self-signed \\ --load-privkey "
17713
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
13936
17714
"/etc/ssl/certs/cacert.pem"
13937
17715
msgstr ""
13938
17716
13939
#: serverguide/C/network-auth.xml:941(para)
17717
#: serverguide/C/network-auth.xml:1366(para)
13940
17718
msgid "Make a private key for the server:"
13941
17719
msgstr ""
13942
17720
13943
#: serverguide/C/network-auth.xml:946(command)
17721
#: serverguide/C/network-auth.xml:1371(command)
13944
17722
msgid ""
13945
"sudo sh -c \"certtool --generate-privkey > "
13946
"/etc/ssl/private/ldap01_slapd_key.pem\""
17723
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
17724
"/etc/ssl/private/ldap01_slapd_key.pem"
13947
17725
msgstr ""
13948
17726
13949
#: serverguide/C/network-auth.xml:950(para)
17727
#: serverguide/C/network-auth.xml:1377(para)
13950
17728
msgid ""
13951
17729
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13952
17730
"hostname. Naming the certificate and key for the host and service that will "
13953
"be using them will help keep filenames and paths straight."
17731
"be using them will help keep things clear."
13954
17732
msgstr ""
13955
17733
13956
#: serverguide/C/network-auth.xml:959(para)
17734
#: serverguide/C/network-auth.xml:1386(para)
13957
17735
msgid ""
13958
"To sign the server's certificate with the CA, create the "
13959
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
17736
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
13960
17737
msgstr ""
13961
17738
13962
#: serverguide/C/network-auth.xml:963(programlisting)
17739
#: serverguide/C/network-auth.xml:1390(programlisting)
13963
17740
#, no-wrap
13964
17741
msgid ""
13965
17742
"\n"
13968
17745
"tls_www_server\n"
13969
17746
"encryption_key\n"
13970
17747
"signing_key\n"
13971
msgstr ""
13972
13973
#: serverguide/C/network-auth.xml:974(para)
17748
"expiration_days = 3650\n"
17749
msgstr ""
17750
17751
#: serverguide/C/network-auth.xml:1399(para)
17752
msgid "The above certificate is good for 10 years. Adjust accordingly."
17753
msgstr ""
17754
17755
#: serverguide/C/network-auth.xml:1405(para)
13974
17756
msgid "Create the server's certificate:"
13975
17757
msgstr ""
13976
17758
13977
#: serverguide/C/network-auth.xml:979(command)
13978
msgid ""
13979
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13980
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13981
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13982
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13983
msgstr ""
13984
13985
#: serverguide/C/network-auth.xml:987(para)
13986
msgid ""
13987
"Once you have a certificate, key, and CA cert installed, use "
13988
"<application>ldapmodify</application> to add the new configuration options:"
13989
msgstr ""
13990
13991
#: serverguide/C/network-auth.xml:998(userinput)
17759
#: serverguide/C/network-auth.xml:1410(command)
17760
msgid ""
17761
"sudo certtool --generate-certificate \\ --load-privkey "
17762
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
17763
"/etc/ssl/certs/cacert.pem \\ --load-ca-privkey /etc/ssl/private/cakey.pem \\ "
17764
"--template /etc/ssl/ldap01.info \\ --outfile "
17765
"/etc/ssl/certs/ldap01_slapd_cert.pem"
17766
msgstr ""
17767
17768
#: serverguide/C/network-auth.xml:1422(para)
17769
msgid ""
17770
"Create the file <filename>certinfo.ldif</filename> with the following "
17771
"contents (adjust accordingly, our example assumes we created certs using "
17772
"https://www.cacert.org):"
17773
msgstr ""
17774
17775
#: serverguide/C/network-auth.xml:1426(programlisting)
13992
17776
#, no-wrap
13993
17777
msgid ""
17778
"\n"
13994
17779
"dn: cn=config\n"
13995
17780
"add: olcTLSCACertificateFile\n"
13996
17781
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13999
17784
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14000
17785
"-\n"
14001
17786
"add: olcTLSCertificateKeyFile\n"
14002
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14003
msgstr ""
14004
14005
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
14006
#, no-wrap
14007
msgid ""
14008
"Enter LDAP Password:\n"
14009
"<placeholder-1/>\n"
14010
"\n"
14011
"modifying entry \"cn=config\"\n"
14012
msgstr ""
14013
14014
#: serverguide/C/network-auth.xml:1013(para)
14015
msgid ""
14016
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14017
"<filename>ldap01_slapd_key.pem</filename>, and "
14018
"<filename>cacert.pem</filename> names if yours are different."
14019
msgstr ""
14020
14021
#: serverguide/C/network-auth.xml:1019(para)
14022
msgid ""
14023
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14024
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14025
msgstr ""
14026
14027
#: serverguide/C/network-auth.xml:1023(programlisting)
14028
#, no-wrap
14029
msgid ""
14030
"\n"
14031
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14032
msgstr ""
14033
14034
#: serverguide/C/network-auth.xml:1027(para)
14035
msgid ""
14036
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14037
msgstr ""
14038
14039
#: serverguide/C/network-auth.xml:1032(command)
17787
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
17788
msgstr ""
17789
17790
#: serverguide/C/network-auth.xml:1438(para)
17791
msgid ""
17792
"Use the <application>ldapmodify</application> command to tell slapd about "
17793
"our TLS work via the slapd-config database:"
17794
msgstr ""
17795
17796
#: serverguide/C/network-auth.xml:1443(command)
17797
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
17798
msgstr ""
17799
17800
#: serverguide/C/network-auth.xml:1446(para)
17801
msgid ""
17802
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
17803
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
17804
"should have just:"
17805
msgstr ""
17806
17807
#: serverguide/C/network-auth.xml:1451(programlisting)
17808
#, no-wrap
17809
msgid ""
17810
"\n"
17811
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
17812
msgstr ""
17813
17814
#: serverguide/C/network-auth.xml:1456(para)
17815
msgid ""
17816
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
17817
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
17818
"(listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, "
17819
"like HTTPS, is a distinct encrypted-from-the-start protocol that operates "
17820
"over TCP port 636."
17821
msgstr ""
17822
17823
#: serverguide/C/network-auth.xml:1464(para)
17824
msgid "Tighten up ownership and permissions:"
17825
msgstr ""
17826
17827
#: serverguide/C/network-auth.xml:1469(command) serverguide/C/network-auth.xml:1586(command)
14040
17828
msgid "sudo adduser openldap ssl-cert"
14041
17829
msgstr ""
14042
17830
14043
#: serverguide/C/network-auth.xml:1033(command)
17831
#: serverguide/C/network-auth.xml:1470(command)
14044
17832
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14045
17833
msgstr ""
14046
17834
14047
#: serverguide/C/network-auth.xml:1034(command)
17835
#: serverguide/C/network-auth.xml:1471(command)
14048
17836
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14049
17837
msgstr ""
14050
17838
14051
#: serverguide/C/network-auth.xml:1038(para)
14052
msgid ""
14053
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14054
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14055
"adjust the commands appropriately."
14056
msgstr ""
14057
14058
#: serverguide/C/network-auth.xml:1044(para)
14059
msgid "Finally, restart <application>slapd</application>:"
14060
msgstr ""
14061
14062
#: serverguide/C/network-auth.xml:1052(para)
14063
msgid ""
14064
"The <application>slapd</application> daemon should now be listening for "
14065
"LDAPS connections and be able to use STARTTLS during authentication."
14066
msgstr ""
14067
14068
#: serverguide/C/network-auth.xml:1058(para)
14069
msgid ""
14070
"If you run into troubles with the server not starting, check the "
14071
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14072
"it is likely there is a configuration problem. Check that the certificate is "
14073
"signed by the authority from in the files configured, and that the ssl-cert "
14074
"group has read permissions on the private key."
14075
msgstr ""
14076
14077
#: serverguide/C/network-auth.xml:1070(title)
14078
msgid "TLS Replication"
14079
msgstr ""
14080
14081
#: serverguide/C/network-auth.xml:1072(para)
14082
msgid ""
14083
"If you have setup <application>Syncrepl</application> between servers, it is "
14084
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14085
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14086
"linkend=\"openldap-server-replication\"/>."
14087
msgstr ""
14088
14089
#: serverguide/C/network-auth.xml:1078(para)
14090
msgid ""
14091
"Assuming you have followed the above instructions and created a CA "
14092
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14093
"server. Follow the following instructions to create a certificate and key "
14094
"for the <emphasis>Consumer</emphasis> server."
14095
msgstr ""
14096
14097
#: serverguide/C/network-auth.xml:1087(para)
14098
msgid "Create a new key for the Consumer server:"
14099
msgstr ""
14100
14101
#: serverguide/C/network-auth.xml:1092(command)
17839
#: serverguide/C/network-auth.xml:1472(command)
17840
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
17841
msgstr ""
17842
17843
#: serverguide/C/network-auth.xml:1475(para)
17844
msgid "Restart OpenLDAP:"
17845
msgstr ""
17846
17847
#: serverguide/C/network-auth.xml:1483(para)
17848
msgid ""
17849
"Check your host's logs (/var/log/syslog) to see if the server has started "
17850
"properly."
17851
msgstr ""
17852
17853
#: serverguide/C/network-auth.xml:1490(title)
17854
msgid "Replication and TLS"
17855
msgstr ""
17856
17857
#: serverguide/C/network-auth.xml:1492(para)
17858
msgid ""
17859
"If you have set up replication between servers, it is common practice to "
17860
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
17861
"distinct from using encryption with authentication as we did above. In this "
17862
"section we will build on that TLS-authentication work."
17863
msgstr ""
17864
17865
#: serverguide/C/network-auth.xml:1498(para)
17866
msgid ""
17867
"The assumption here is that you have set up replication between Provider and "
17868
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
17869
"have configured TLS for authentication on the Provider by following <xref "
17870
"linkend=\"openldap-tls\"/>."
17871
msgstr ""
17872
17873
#: serverguide/C/network-auth.xml:1503(para)
17874
msgid ""
17875
"As previously stated, the objective (for us) with replication is high "
17876
"availablity for the LDAP service. Since we have TLS for authentication on "
17877
"the Provider we will require the same on the Consumer. In addition to this, "
17878
"however, we want to encrypt replication traffic. What remains to be done is "
17879
"to create a key and certificate for the Consumer and then configure "
17880
"accordingly. We will generate the key/certificate on the Provider, to avoid "
17881
"having to create another CA certificate, and then transfer the necessary "
17882
"material over to the Consumer."
17883
msgstr ""
17884
17885
#: serverguide/C/network-auth.xml:1514(para) serverguide/C/network-auth.xml:1671(para)
17886
msgid "On the Provider,"
17887
msgstr ""
17888
17889
#: serverguide/C/network-auth.xml:1518(para)
17890
msgid ""
17891
"Create a holding directory (which will be used for the eventual transfer) "
17892
"and then the Consumer's private key:"
17893
msgstr ""
17894
17895
#: serverguide/C/network-auth.xml:1523(command)
14102
17896
msgid "mkdir ldap02-ssl"
14103
17897
msgstr ""
14104
17898
14105
#: serverguide/C/network-auth.xml:1093(command)
17899
#: serverguide/C/network-auth.xml:1524(command)
14106
17900
msgid "cd ldap02-ssl"
14107
17901
msgstr ""
14108
17902
14109
#: serverguide/C/network-auth.xml:1094(command)
14110
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14111
msgstr ""
14112
14113
#: serverguide/C/network-auth.xml:1098(para)
14114
msgid ""
14115
"Creating a new directory is not strictly necessary, but it will help keep "
14116
"things organized and make it easier to copy the files to the Consumer server."
14117
msgstr ""
14118
14119
#: serverguide/C/network-auth.xml:1107(para)
14120
msgid ""
14121
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14122
"server, changing the attributes to match your locality and server:"
14123
msgstr ""
14124
14125
#: serverguide/C/network-auth.xml:1112(programlisting)
17903
#: serverguide/C/network-auth.xml:1525(command)
17904
msgid ""
17905
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
17906
"ldap02_slapd_key.pem"
17907
msgstr ""
17908
17909
#: serverguide/C/network-auth.xml:1530(para)
17910
msgid ""
17911
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
17912
"server, adjusting it's values accordingly:"
17913
msgstr ""
17914
17915
#: serverguide/C/network-auth.xml:1534(programlisting)
14126
17916
#, no-wrap
14127
17917
msgid ""
14128
17918
"\n"
14129
"country = US\n"
14130
"state = North Carolina\n"
14131
"locality = Winston-Salem\n"
14132
17919
"organization = Example Company\n"
14133
"cn = ldap02.salem.edu\n"
14134
"tls_www_client\n"
17920
"cn = ldap02.example.com\n"
17921
"tls_www_server\n"
14135
17922
"encryption_key\n"
14136
17923
"signing_key\n"
14137
msgstr ""
14138
14139
#: serverguide/C/network-auth.xml:1126(para)
14140
msgid "Create the certificate:"
14141
msgstr ""
14142
14143
#: serverguide/C/network-auth.xml:1131(command)
17924
"expiration_days = 3650\n"
17925
msgstr ""
17926
17927
#: serverguide/C/network-auth.xml:1543(para)
17928
msgid "Create the Consumer's certificate:"
17929
msgstr ""
17930
17931
#: serverguide/C/network-auth.xml:1548(command)
14144
17932
msgid ""
14145
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14146
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14147
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
17933
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
17934
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
17935
"/etc/ssl/private/cakey.pem \\ --template ldap02.info \\ --outfile "
14148
17936
"ldap02_slapd_cert.pem"
14149
17937
msgstr ""
14150
17938
14151
#: serverguide/C/network-auth.xml:1139(para)
14152
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
17939
#: serverguide/C/network-auth.xml:1556(para)
17940
msgid "Get a copy of the CA certificate:"
14153
17941
msgstr ""
14154
17942
14155
#: serverguide/C/network-auth.xml:1144(command)
17943
#: serverguide/C/network-auth.xml:1561(command)
14156
17944
msgid "cp /etc/ssl/certs/cacert.pem ."
14157
17945
msgstr ""
14158
17946
14159
#: serverguide/C/network-auth.xml:1150(para)
14160
msgid ""
14161
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14162
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14163
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14164
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14165
"<filename>/etc/ssl/private</filename>."
14166
msgstr ""
14167
14168
#: serverguide/C/network-auth.xml:1159(para)
14169
msgid ""
14170
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14171
"by entering:"
14172
msgstr ""
14173
14174
#: serverguide/C/network-auth.xml:1169(userinput)
17947
#: serverguide/C/network-auth.xml:1564(para)
17948
msgid ""
17949
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
17950
"the Consumer. Here we use scp (adjust accordingly):"
17951
msgstr ""
17952
17953
#: serverguide/C/network-auth.xml:1569(command)
17954
msgid "cd .."
17955
msgstr ""
17956
17957
#: serverguide/C/network-auth.xml:1570(command)
17958
msgid "scp -r ldap02-ssl user@consumer:"
17959
msgstr ""
17960
17961
#: serverguide/C/network-auth.xml:1576(para) serverguide/C/network-auth.xml:1624(para)
17962
msgid "On the Consumer,"
17963
msgstr ""
17964
17965
#: serverguide/C/network-auth.xml:1580(para)
17966
msgid "Configure TLS authentication:"
17967
msgstr ""
17968
17969
#: serverguide/C/network-auth.xml:1585(command)
17970
msgid "sudo apt-get install ssl-cert"
17971
msgstr ""
17972
17973
#: serverguide/C/network-auth.xml:1587(command)
17974
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
17975
msgstr ""
17976
17977
#: serverguide/C/network-auth.xml:1588(command)
17978
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
17979
msgstr ""
17980
17981
#: serverguide/C/network-auth.xml:1589(command)
17982
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
17983
msgstr ""
17984
17985
#: serverguide/C/network-auth.xml:1590(command)
17986
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
17987
msgstr ""
17988
17989
#: serverguide/C/network-auth.xml:1591(command)
17990
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
17991
msgstr ""
17992
17993
#: serverguide/C/network-auth.xml:1594(para)
17994
msgid ""
17995
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
17996
"following contents (adjust accordingly):"
17997
msgstr ""
17998
17999
#: serverguide/C/network-auth.xml:1598(programlisting)
14175
18000
#, no-wrap
14176
18001
msgid ""
18002
"\n"
14177
18003
"dn: cn=config\n"
14178
18004
"add: olcTLSCACertificateFile\n"
14179
18005
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14182
18008
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14183
18009
"-\n"
14184
18010
"add: olcTLSCertificateKeyFile\n"
14185
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14186
msgstr ""
14187
14188
#: serverguide/C/network-auth.xml:1186(para)
14189
msgid ""
14190
"As with the Provider you can now edit "
14191
"<filename>/etc/default/slapd</filename> and add the "
14192
"<emphasis>ldaps:///</emphasis> parameter to the "
14193
"<emphasis>SLAPD_SERVICES</emphasis> option."
14194
msgstr ""
14195
14196
#: serverguide/C/network-auth.xml:1194(para)
14197
msgid ""
14198
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14199
"modify the <emphasis>Consumer</emphasis> server's "
14200
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14201
msgstr ""
14202
14203
#: serverguide/C/network-auth.xml:1207(userinput)
18011
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
18012
msgstr ""
18013
18014
#: serverguide/C/network-auth.xml:1610(para)
18015
msgid "Configure the slapd-config database:"
18016
msgstr ""
18017
18018
#: serverguide/C/network-auth.xml:1615(command)
18019
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
18020
msgstr ""
18021
18022
#: serverguide/C/network-auth.xml:1618(para)
18023
msgid ""
18024
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
18025
"(SLAPD_SERVICES)."
18026
msgstr ""
18027
18028
#: serverguide/C/network-auth.xml:1628(para)
18029
msgid ""
18030
"Configure TLS for Consumer-side replication. Modify the existing "
18031
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
18032
"In so doing, we will see, for the first time, how to change an attribute's "
18033
"value(s)."
18034
msgstr ""
18035
18036
#: serverguide/C/network-auth.xml:1633(para)
18037
msgid ""
18038
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
18039
"following contents:"
18040
msgstr ""
18041
18042
#: serverguide/C/network-auth.xml:1637(programlisting)
14204
18043
#, no-wrap
14205
18044
msgid ""
14206
18045
"\n"
14207
18046
"dn: olcDatabase={1}hdb,cn=config\n"
14208
"replace: olcSyncrepl\n"
14209
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14210
"binddn=\"cn=ad\n"
14211
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14212
"logbas\n"
14213
" e=\"cn=accesslog\" "
14214
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14215
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14216
"starttls=yes"
14217
msgstr ""
14218
14219
#: serverguide/C/network-auth.xml:1204(computeroutput)
14220
#, no-wrap
14221
msgid ""
14222
"SASL/EXTERNAL authentication started\n"
14223
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14224
"SASL SSF: 0\n"
14225
"<placeholder-1/>\n"
14226
"\n"
14227
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14228
msgstr ""
14229
14230
#: serverguide/C/network-auth.xml:1219(para)
14231
msgid ""
14232
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14233
"(FQDN) in the certificate, you may have to edit "
14234
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14235
msgstr ""
14236
14237
#: serverguide/C/network-auth.xml:1224(programlisting)
14238
#, no-wrap
14239
msgid ""
14240
"\n"
14241
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14242
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14243
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14244
msgstr ""
14245
14246
#: serverguide/C/network-auth.xml:1231(para)
14247
msgid ""
14248
"Finally, restart <application>slapd</application> on each of the servers:"
14249
msgstr ""
14250
14251
#: serverguide/C/network-auth.xml:1244(title)
18047
"replace: olcSyncRepl\n"
18048
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple\n"
18049
" binddn=\"cn=admin,dc=example,dc=com\" credentials=secret "
18050
"searchbase=\"dc=example,dc=com\"\n"
18051
" logbase=\"cn=accesslog\" "
18052
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\"\n"
18053
" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
18054
" <application>starttls=critical tls_reqcert=demand</application>\n"
18055
msgstr ""
18056
18057
#: serverguide/C/network-auth.xml:1647(para)
18058
msgid ""
18059
"The extra options specify, respectively, that the consumer must use StartTLS "
18060
"and that the CA certificate is required to verify the Provider's identity. "
18061
"Also note the LDIF syntax for changing the values of an attribute "
18062
"('replace')."
18063
msgstr ""
18064
18065
#: serverguide/C/network-auth.xml:1652(para)
18066
msgid "Implement these changes:"
18067
msgstr ""
18068
18069
#: serverguide/C/network-auth.xml:1657(command)
18070
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
18071
msgstr ""
18072
18073
#: serverguide/C/network-auth.xml:1660(para)
18074
msgid "And restart slapd:"
18075
msgstr ""
18076
18077
#: serverguide/C/network-auth.xml:1675(para)
18078
msgid ""
18079
"Check to see that a TLS session has been established. In "
18080
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
18081
"logging set up, you should see messages similar to:"
18082
msgstr ""
18083
18084
#: serverguide/C/network-auth.xml:1680(programlisting)
18085
#, no-wrap
18086
msgid ""
18087
"\n"
18088
"slapd[3620]: conn=1047 fd=20 ACCEPT from IP=10.153.107.229:57922 "
18089
"(IP=0.0.0.0:389)\n"
18090
"slapd[3620]: conn=1047 op=0 EXT oid=1.3.6.1.4.1.1466.20037\n"
18091
"slapd[3620]: conn=1047 op=0 STARTTLS\n"
18092
"slapd[3620]: conn=1047 op=0 RESULT oid= err=0 text=\n"
18093
"slapd[3620]: conn=1047 fd=20 TLS established tls_ssf=128 ssf=128\n"
18094
"slapd[3620]: conn=1047 op=1 BIND dn=\"cn=admin,dc=example,dc=com\" "
18095
"method=128\n"
18096
"slapd[3620]: conn=1047 op=1 BIND dn=\"cn=admin,dc=example,dc=com\" "
18097
"mech=SIMPLE ssf=0\n"
18098
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
18099
msgstr ""
18100
18101
#: serverguide/C/network-auth.xml:1698(title)
14252
18102
msgid "LDAP Authentication"
14253
18103
msgstr ""
14254
18104
14255
#: serverguide/C/network-auth.xml:1246(para)
18105
#: serverguide/C/network-auth.xml:1700(para)
14256
18106
msgid ""
14257
"Once you have a working LDAP server, the <application>auth-client-"
14258
"config</application> and <application>libnss-ldap</application> packages "
14259
"take the pain out of configuring an Ubuntu client to authenticate using "
14260
"LDAP. To install the packages from, a terminal prompt enter:"
18107
"Once you have a working LDAP server, you will need to install libraries on "
18108
"the client that will know how and when to contact it. On Ubuntu, this has "
18109
"been traditionally accomplishd by installing the <application>libnss-"
18110
"ldap</application> package. This package will bring in other tools that will "
18111
"assist you in the configuration step. Install this package now:"
14261
18112
msgstr ""
14262
18113
14263
#: serverguide/C/network-auth.xml:1253(command)
18114
#: serverguide/C/network-auth.xml:1707(command)
14264
18115
msgid "sudo apt-get install libnss-ldap"
14265
18116
msgstr ""
14266
18117
14267
#: serverguide/C/network-auth.xml:1256(para)
14268
msgid ""
14269
"During the install a menu dialog will ask you connection details about your "
14270
"LDAP server."
14271
msgstr ""
14272
14273
#: serverguide/C/network-auth.xml:1260(para)
14274
msgid ""
14275
"If you make a mistake when entering your information you can execute the "
14276
"dialog again using:"
14277
msgstr ""
14278
14279
#: serverguide/C/network-auth.xml:1265(command)
18118
#: serverguide/C/network-auth.xml:1710(para)
18119
msgid ""
18120
"You will be prompted for details of your LDAP server. If you make a mistake "
18121
"you can try again using:"
18122
msgstr ""
18123
18124
#: serverguide/C/network-auth.xml:1715(command)
14280
18125
msgid "sudo dpkg-reconfigure ldap-auth-config"
14281
18126
msgstr ""
14282
18127
14283
#: serverguide/C/network-auth.xml:1268(para)
18128
#: serverguide/C/network-auth.xml:1718(para)
14284
18129
msgid ""
14285
18130
"The results of the dialog can be seen in "
14286
18131
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14287
18132
"covered in the menu edit this file accordingly."
14288
18133
msgstr ""
14289
18134
14290
#: serverguide/C/network-auth.xml:1273(para)
14291
msgid ""
14292
"Now that <application>libnss-ldap</application> is configured enable the "
14293
"<application>auth-client-config</application> LDAP profile by entering:"
18135
#: serverguide/C/network-auth.xml:1723(para)
18136
msgid "Now configure the LDAP profile for NSS:"
14294
18137
msgstr ""
14295
18138
14296
#: serverguide/C/network-auth.xml:1279(command)
18139
#: serverguide/C/network-auth.xml:1728(command)
14297
18140
msgid "sudo auth-client-config -t nss -p lac_ldap"
14298
18141
msgstr ""
14299
18142
14300
#: serverguide/C/network-auth.xml:1284(para)
14301
msgid ""
14302
"<emphasis>-t:</emphasis> only modifies "
14303
"<filename>/etc/nsswitch.conf</filename>."
14304
msgstr ""
14305
14306
#: serverguide/C/network-auth.xml:1289(para)
14307
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14308
msgstr ""
14309
14310
#: serverguide/C/network-auth.xml:1294(para)
14311
msgid ""
14312
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14313
"config</application> profile that is part of the <application>ldap-auth-"
14314
"config</application> package."
14315
msgstr ""
14316
14317
#: serverguide/C/network-auth.xml:1301(para)
14318
msgid ""
14319
"Using the <application>pam-auth-update</application> utility, configure the "
14320
"system to use LDAP for authentication:"
14321
msgstr ""
14322
14323
#: serverguide/C/network-auth.xml:1306(command)
18143
#: serverguide/C/network-auth.xml:1731(para)
18144
msgid "Configure the system to use LDAP for authentication:"
18145
msgstr ""
18146
18147
#: serverguide/C/network-auth.xml:1736(command)
14324
18148
msgid "sudo pam-auth-update"
14325
18149
msgstr ""
14326
18150
14327
#: serverguide/C/network-auth.xml:1309(para)
14328
msgid ""
14329
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14330
"any other authentication mechanisms you need."
14331
msgstr ""
14332
14333
#: serverguide/C/network-auth.xml:1313(para)
14334
msgid ""
14335
"You should now be able to login using user credentials stored in the LDAP "
14336
"directory."
14337
msgstr ""
14338
14339
#: serverguide/C/network-auth.xml:1318(para)
18151
#: serverguide/C/network-auth.xml:1739(para)
18152
msgid ""
18153
"From the menu, choose LDAP and any other authentication mechanisms you need."
18154
msgstr ""
18155
18156
#: serverguide/C/network-auth.xml:1743(para)
18157
msgid "You should now be able to log in using LDAP-based credentials."
18158
msgstr ""
18159
18160
#: serverguide/C/network-auth.xml:1747(para)
18161
msgid ""
18162
"LDAP clients will need to refer to multiple servers if replication is in "
18163
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
18164
msgstr ""
18165
18166
#: serverguide/C/network-auth.xml:1752(programlisting)
18167
#, no-wrap
18168
msgid ""
18169
"\n"
18170
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
18171
msgstr ""
18172
18173
#: serverguide/C/network-auth.xml:1756(para)
18174
msgid ""
18175
"The request will time out and the Consumer (ldap02) will attempt to be "
18176
"reached if the Provider (ldap01) becomes unresponsive."
18177
msgstr ""
18178
18179
#: serverguide/C/network-auth.xml:1760(para)
14340
18180
msgid ""
14341
18181
"If you are going to use LDAP to store Samba users you will need to configure "
14342
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14343
"for details."
14344
msgstr ""
14345
14346
#: serverguide/C/network-auth.xml:1326(title)
18182
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
18183
"ldap\"/> for details."
18184
msgstr ""
18185
18186
#: serverguide/C/network-auth.xml:1766(para)
18187
msgid ""
18188
"An alternative to the <application>libnss-ldap</application> package is the "
18189
"<application>libnss-ldapd</application> package. This, however, will bring "
18190
"in the <application>nscd</application> package which is problably not "
18191
"wanted. Simply remove it afterwards."
18192
msgstr ""
18193
18194
#: serverguide/C/network-auth.xml:1776(title)
14347
18195
msgid "User and Group Management"
14348
18196
msgstr ""
14349
18197
14350
#: serverguide/C/network-auth.xml:1328(para)
18198
#: serverguide/C/network-auth.xml:1778(para)
14351
18199
msgid ""
14352
"The <application>ldap-utils</application> package comes with multiple "
14353
"utilities to manage the directory, but the long string of options needed, "
14354
"can make them a burden to use. The <application>ldapscripts</application> "
14355
"package contains configurable scripts to easily manage LDAP users and groups."
14356
msgstr ""
14357
14358
#: serverguide/C/network-auth.xml:1334(para)
14359
msgid "To install the package, from a terminal enter:"
14360
msgstr ""
14361
14362
#: serverguide/C/network-auth.xml:1339(command)
18200
"The <application>ldap-utils</application> package comes with enough "
18201
"utilities to manage the directory but the long string of options needed can "
18202
"make them a burden to use. The <application>ldapscripts</application> "
18203
"package contains wrapper scripts to these utilities that some people find "
18204
"easier to use."
18205
msgstr ""
18206
18207
#: serverguide/C/network-auth.xml:1784(para)
18208
msgid "Install the package:"
18209
msgstr ""
18210
18211
#: serverguide/C/network-auth.xml:1789(command)
14363
18212
msgid "sudo apt-get install ldapscripts"
14364
18213
msgstr ""
14365
18214
14366
#: serverguide/C/network-auth.xml:1342(para)
18215
#: serverguide/C/network-auth.xml:1792(para)
14367
18216
msgid ""
14368
"Next, edit the config file "
14369
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14370
"changing the following to match your environment:"
18217
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
18218
"arrive at something similar to the following:"
14371
18219
msgstr ""
14372
18220
14373
#: serverguide/C/network-auth.xml:1347(programlisting)
18221
#: serverguide/C/network-auth.xml:1796(programlisting)
14374
18222
#, no-wrap
14375
18223
msgid ""
14376
18224
"\n"
14386
18234
"MIDSTART=10000\n"
14387
18235
msgstr ""
14388
18236
14389
#: serverguide/C/network-auth.xml:1360(para)
18237
#: serverguide/C/network-auth.xml:1809(para)
14390
18238
msgid ""
14391
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14392
"authenticated access to the directory:"
18239
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
18240
"access to the directory:"
14393
18241
msgstr ""
14394
18242
14395
#: serverguide/C/network-auth.xml:1365(command)
18243
#: serverguide/C/network-auth.xml:1814(command)
14396
18244
msgid ""
14397
18245
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14398
18246
msgstr ""
14399
18247
14400
#: serverguide/C/network-auth.xml:1366(command)
18248
#: serverguide/C/network-auth.xml:1815(command)
14401
18249
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14402
18250
msgstr ""
14403
18251
14404
#: serverguide/C/network-auth.xml:1370(para)
14405
msgid ""
14406
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14407
"user."
14408
msgstr ""
14409
14410
#: serverguide/C/network-auth.xml:1375(para)
14411
msgid ""
14412
"The <application>ldapscripts</application> are now ready to help manage your "
14413
"directory. The following are some examples of how to use the scripts:"
14414
msgstr ""
14415
14416
#: serverguide/C/network-auth.xml:1382(para)
18252
#: serverguide/C/network-auth.xml:1819(para)
18253
msgid ""
18254
"Replace <quote>secret</quote> with the actual password for your database's "
18255
"rootDN user."
18256
msgstr ""
18257
18258
#: serverguide/C/network-auth.xml:1824(para)
18259
msgid ""
18260
"The scripts are now ready to help manage your directory. Here are some "
18261
"examples of how to use them:"
18262
msgstr ""
18263
18264
#: serverguide/C/network-auth.xml:1831(para)
14417
18265
msgid "Create a new user:"
14418
18266
msgstr ""
14419
18267
14420
#: serverguide/C/network-auth.xml:1386(command)
18268
#: serverguide/C/network-auth.xml:1836(command)
14421
18269
msgid "sudo ldapadduser george example"
14422
18270
msgstr ""
14423
18271
14424
#: serverguide/C/network-auth.xml:1388(para)
18272
#: serverguide/C/network-auth.xml:1839(para)
14425
18273
msgid ""
14426
18274
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14427
18275
"and set the user's primary group (gid) to <emphasis "
14428
18276
"role=\"italic\">example</emphasis>"
14429
18277
msgstr ""
14430
18278
14431
#: serverguide/C/network-auth.xml:1394(para)
18279
#: serverguide/C/network-auth.xml:1846(para)
14432
18280
msgid "Change a user's password:"
14433
18281
msgstr ""
14434
18282
14435
#: serverguide/C/network-auth.xml:1398(command)
18283
#: serverguide/C/network-auth.xml:1851(command)
14436
18284
msgid "sudo ldapsetpasswd george"
14437
18285
msgstr ""
14438
18286
14439
#: serverguide/C/network-auth.xml:1399(computeroutput)
18287
#: serverguide/C/network-auth.xml:1852(computeroutput)
14440
18288
#, no-wrap
14441
18289
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14442
18290
msgstr ""
14443
18291
14444
#: serverguide/C/network-auth.xml:1400(userinput)
18292
#: serverguide/C/network-auth.xml:1853(userinput)
14445
18293
#, no-wrap
14446
18294
msgid "New Password: "
14447
18295
msgstr ""
14448
18296
14449
#: serverguide/C/network-auth.xml:1401(userinput)
18297
#: serverguide/C/network-auth.xml:1854(userinput)
14450
18298
#, no-wrap
14451
18299
msgid "New Password (verify): "
14452
18300
msgstr ""
14453
18301
14454
#: serverguide/C/network-auth.xml:1405(para)
18302
#: serverguide/C/network-auth.xml:1860(para)
14455
18303
msgid "Delete a user:"
14456
18304
msgstr ""
14457
18305
14458
#: serverguide/C/network-auth.xml:1409(command)
18306
#: serverguide/C/network-auth.xml:1865(command)
14459
18307
msgid "sudo ldapdeleteuser george"
14460
18308
msgstr ""
14461
18309
14462
#: serverguide/C/network-auth.xml:1414(para)
18310
#: serverguide/C/network-auth.xml:1871(para)
14463
18311
msgid "Add a group:"
14464
18312
msgstr ""
14465
18313
14466
#: serverguide/C/network-auth.xml:1418(command)
18314
#: serverguide/C/network-auth.xml:1876(command)
14467
18315
msgid "sudo ldapaddgroup qa"
14468
18316
msgstr ""
14469
18317
14470
#: serverguide/C/network-auth.xml:1422(para)
18318
#: serverguide/C/network-auth.xml:1882(para)
14471
18319
msgid "Delete a group:"
14472
18320
msgstr ""
14473
18321
14474
#: serverguide/C/network-auth.xml:1426(command)
18322
#: serverguide/C/network-auth.xml:1887(command)
14475
18323
msgid "sudo ldapdeletegroup qa"
14476
18324
msgstr ""
14477
18325
14478
#: serverguide/C/network-auth.xml:1430(para)
18326
#: serverguide/C/network-auth.xml:1893(para)
14479
18327
msgid "Add a user to a group:"
14480
18328
msgstr ""
14481
18329
14482
#: serverguide/C/network-auth.xml:1434(command)
18330
#: serverguide/C/network-auth.xml:1898(command)
14483
18331
msgid "sudo ldapaddusertogroup george qa"
14484
18332
msgstr ""
14485
18333
14486
#: serverguide/C/network-auth.xml:1436(para)
18334
#: serverguide/C/network-auth.xml:1901(para)
14487
18335
msgid ""
14488
18336
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14489
18337
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14490
18338
"role=\"italic\">george</emphasis>."
14491
18339
msgstr ""
14492
18340
14493
#: serverguide/C/network-auth.xml:1442(para)
18341
#: serverguide/C/network-auth.xml:1908(para)
14494
18342
msgid "Remove a user from a group:"
14495
18343
msgstr ""
14496
18344
14497
#: serverguide/C/network-auth.xml:1446(command)
18345
#: serverguide/C/network-auth.xml:1913(command)
14498
18346
msgid "sudo ldapdeleteuserfromgroup george qa"
14499
18347
msgstr ""
14500
18348
14501
#: serverguide/C/network-auth.xml:1448(para)
18349
#: serverguide/C/network-auth.xml:1916(para)
14502
18350
msgid ""
14503
18351
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14504
18352
"<emphasis role=\"italic\">qa</emphasis> group."
14505
18353
msgstr ""
14506
18354
14507
#: serverguide/C/network-auth.xml:1454(para)
18355
#: serverguide/C/network-auth.xml:1923(para)
14508
18356
msgid ""
14509
18357
"The <application>ldapmodifyuser</application> script allows you to add, "
14510
18358
"remove, or replace a user's attributes. The script uses the same syntax as "
14511
18359
"the <application>ldapmodify</application> utility. For example:"
14512
18360
msgstr ""
14513
18361
14514
#: serverguide/C/network-auth.xml:1459(command)
18362
#: serverguide/C/network-auth.xml:1929(command)
14515
18363
msgid "sudo ldapmodifyuser george"
14516
18364
msgstr ""
14517
18365
14518
#: serverguide/C/network-auth.xml:1460(computeroutput)
18366
#: serverguide/C/network-auth.xml:1930(computeroutput)
14519
18367
#, no-wrap
14520
18368
msgid ""
14521
18369
"# About to modify the following entry :\n"
14536
18384
"dn: uid=george,ou=People,dc=example,dc=com"
14537
18385
msgstr ""
14538
18386
14539
#: serverguide/C/network-auth.xml:1476(userinput)
18387
#: serverguide/C/network-auth.xml:1946(userinput)
14540
18388
#, no-wrap
14541
18389
msgid ""
14542
18390
"replace: gecos\n"
14543
18391
"gecos: George Carlin"
14544
18392
msgstr ""
14545
18393
14546
#: serverguide/C/network-auth.xml:1479(para)
18394
#: serverguide/C/network-auth.xml:1950(para)
14547
18395
msgid ""
14548
18396
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14549
18397
"Carlin</quote>."
14550
18398
msgstr ""
14551
18399
14552
#: serverguide/C/network-auth.xml:1484(para)
18400
#: serverguide/C/network-auth.xml:1956(para)
14553
18401
msgid ""
14554
"Another great feature of <application>ldapscripts</application>, is the "
14555
"template system. Templates allow you to customize the attributes of user, "
14556
"group, and machine objectes. For example, to enable the "
14557
"<emphasis>user</emphasis> template edit "
14558
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
18402
"A nice feature of <application>ldapscripts</application> is the template "
18403
"system. Templates allow you to customize the attributes of user, group, and "
18404
"machine objectes. For example, to enable the <emphasis>user</emphasis> "
18405
"template edit <filename>/etc/ldapscripts/ldapscripts.conf</filename> "
18406
"changing:"
14559
18407
msgstr ""
14560
18408
14561
#: serverguide/C/network-auth.xml:1491(programlisting)
18409
#: serverguide/C/network-auth.xml:1962(programlisting)
14562
18410
#, no-wrap
14563
18411
msgid ""
14564
18412
"\n"
14565
18413
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14566
18414
msgstr ""
14567
18415
14568
#: serverguide/C/network-auth.xml:1495(para)
18416
#: serverguide/C/network-auth.xml:1966(para)
14569
18417
msgid ""
14570
18418
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14571
18419
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14573
18421
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14574
18422
msgstr ""
14575
18423
14576
#: serverguide/C/network-auth.xml:1502(command)
18424
#: serverguide/C/network-auth.xml:1973(command)
14577
18425
msgid ""
14578
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
18426
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
14579
18427
"/etc/ldapscripts/ldapadduser.template"
14580
18428
msgstr ""
14581
18429
14582
#: serverguide/C/network-auth.xml:1505(para)
18430
#: serverguide/C/network-auth.xml:1977(para)
14583
18431
msgid ""
14584
18432
"Edit the new template to add the desired attributes. The following will "
14585
"create new user's as with an <emphasis>objectClass</emphasis> of "
14586
"<emphasis>inetOrgPerson</emphasis>:"
18433
"create new users with an objectClass of inetOrgPerson:"
14587
18434
msgstr ""
14588
18435
14589
#: serverguide/C/network-auth.xml:1510(programlisting)
18436
#: serverguide/C/network-auth.xml:1982(programlisting)
14590
18437
#, no-wrap
14591
18438
msgid ""
14592
18439
"\n"
14605
18452
"title: Employee\n"
14606
18453
msgstr ""
14607
18454
14608
#: serverguide/C/network-auth.xml:1526(para)
18455
#: serverguide/C/network-auth.xml:1998(para)
14609
18456
msgid ""
14610
18457
"Notice the <emphasis><ask></emphasis> option used for the "
14611
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14612
"<application>ldapadduser</application> to prompt you for the attribute value "
14613
"during user creation."
14614
msgstr ""
14615
14616
#: serverguide/C/network-auth.xml:1534(para)
14617
msgid ""
14618
"There are more useful scripts in the package, to see a full list enter: "
14619
"<command>dpkg -L ldapscripts | grep bin</command>"
14620
msgstr ""
14621
14622
#: serverguide/C/network-auth.xml:1543(para)
14623
msgid ""
14624
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14625
"Ubuntu Wiki</ulink> page has more details."
14626
msgstr ""
14627
14628
#: serverguide/C/network-auth.xml:1548(para)
14629
msgid ""
14630
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14631
"Home Page</ulink>"
14632
msgstr ""
14633
14634
#: serverguide/C/network-auth.xml:1553(para)
14635
msgid ""
14636
"Though starting to show it's age, a great source for in depth LDAP "
14637
"information is O'Reilly's <ulink "
14638
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14639
"Administration</ulink>"
14640
msgstr ""
14641
14642
#: serverguide/C/network-auth.xml:1559(para)
18458
"<emphasis>sn</emphasis> attribute. This will make "
18459
"<application>ldapadduser</application> prompt you for it's value."
18460
msgstr ""
18461
18462
#: serverguide/C/network-auth.xml:2006(para)
18463
msgid ""
18464
"There are utilities in the package that were not covered here. Here is a "
18465
"complete list:"
18466
msgstr ""
18467
18468
#: serverguide/C/network-auth.xml:2011(ulink)
18469
msgid "ldaprenamemachine"
18470
msgstr ""
18471
18472
#: serverguide/C/network-auth.xml:2012(ulink)
18473
msgid "ldapadduser"
18474
msgstr ""
18475
18476
#: serverguide/C/network-auth.xml:2013(ulink)
18477
msgid "ldapdeleteuserfromgroup"
18478
msgstr ""
18479
18480
#: serverguide/C/network-auth.xml:2014(ulink)
18481
msgid "ldapfinger"
18482
msgstr ""
18483
18484
#: serverguide/C/network-auth.xml:2015(ulink)
18485
msgid "ldapid"
18486
msgstr ""
18487
18488
#: serverguide/C/network-auth.xml:2016(ulink)
18489
msgid "ldapgid"
18490
msgstr ""
18491
18492
#: serverguide/C/network-auth.xml:2017(ulink)
18493
msgid "ldapmodifyuser"
18494
msgstr ""
18495
18496
#: serverguide/C/network-auth.xml:2018(ulink)
18497
msgid "ldaprenameuser"
18498
msgstr ""
18499
18500
#: serverguide/C/network-auth.xml:2019(ulink)
18501
msgid "lsldap"
18502
msgstr ""
18503
18504
#: serverguide/C/network-auth.xml:2020(ulink)
18505
msgid "ldapaddusertogroup"
18506
msgstr ""
18507
18508
#: serverguide/C/network-auth.xml:2021(ulink)
18509
msgid "ldapsetpasswd"
18510
msgstr ""
18511
18512
#: serverguide/C/network-auth.xml:2022(ulink)
18513
msgid "ldapinit"
18514
msgstr ""
18515
18516
#: serverguide/C/network-auth.xml:2023(ulink)
18517
msgid "ldapaddgroup"
18518
msgstr ""
18519
18520
#: serverguide/C/network-auth.xml:2024(ulink)
18521
msgid "ldapdeletegroup"
18522
msgstr ""
18523
18524
#: serverguide/C/network-auth.xml:2025(ulink)
18525
msgid "ldapmodifygroup"
18526
msgstr ""
18527
18528
#: serverguide/C/network-auth.xml:2026(ulink)
18529
msgid "ldapdeletemachine"
18530
msgstr ""
18531
18532
#: serverguide/C/network-auth.xml:2027(ulink)
18533
msgid "ldaprenamegroup"
18534
msgstr ""
18535
18536
#: serverguide/C/network-auth.xml:2028(ulink)
18537
msgid "ldapaddmachine"
18538
msgstr ""
18539
18540
#: serverguide/C/network-auth.xml:2029(ulink)
18541
msgid "ldapmodifymachine"
18542
msgstr ""
18543
18544
#: serverguide/C/network-auth.xml:2030(ulink)
18545
msgid "ldapsetprimarygroup"
18546
msgstr ""
18547
18548
#: serverguide/C/network-auth.xml:2031(ulink)
18549
msgid "ldapdeleteuser"
18550
msgstr ""
18551
18552
#: serverguide/C/network-auth.xml:2037(title)
18553
msgid "Backup and Restore"
18554
msgstr ""
18555
18556
#: serverguide/C/network-auth.xml:2039(para)
18557
msgid ""
18558
"Now we have ldap running just the way we want, it is time to ensure we can "
18559
"save all of our work and restore it as needed."
18560
msgstr ""
18561
18562
#: serverguide/C/network-auth.xml:2044(para)
18563
msgid ""
18564
"What we need is a way to backup the ldap database(s), specifically the "
18565
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
18566
"backup those databases into, say, <filename>/export/backup</filename>, we "
18567
"could use <application>slapcat</application> as shown in the following "
18568
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
18569
msgstr ""
18570
18571
#: serverguide/C/network-auth.xml:2054(programlisting)
18572
#, no-wrap
18573
msgid ""
18574
"\n"
18575
"#!/bin/bash\n"
18576
"\n"
18577
"BACKUP_PATH=/export/backup\n"
18578
"SLAPCAT=/usr/sbin/slapcat\n"
18579
"\n"
18580
"nice ${SLAPCAT} -n 0 > ${BACKUP_PATH}/config.ldif\n"
18581
"nice ${SLAPCAT} -n 1 > ${BACKUP_PATH}/example.com.ldif\n"
18582
"nice ${SLAPCAT} -n 2 > ${BACKUP_PATH}/access.ldif\n"
18583
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
18584
msgstr ""
18585
18586
#: serverguide/C/network-auth.xml:2067(para)
18587
msgid ""
18588
"These files are uncompressed text files containing everything in your ldap "
18589
"databases including the tree layout, usernames, and every password. So, you "
18590
"might want to consider making <filename>/export/backup</filename> an "
18591
"encrypted partition and even having the script encrypt those files as it "
18592
"creates them. Ideally you should do both, but that depends on your security "
18593
"requirements."
18594
msgstr ""
18595
18596
#: serverguide/C/network-auth.xml:2078(para)
18597
msgid ""
18598
"Then, it is just a matter of having a cron script to run this program as "
18599
"often as we feel comfortable with. For many, once a day suffices. For "
18600
"others, more often is required. Here is an example of a cron script called "
18601
"<filename>/etc/cron.d/ldapbackup</filename> that is run every night at "
18602
"22:45h:"
18603
msgstr ""
18604
18605
#: serverguide/C/network-auth.xml:2086(programlisting)
18606
#, no-wrap
18607
msgid ""
18608
"\n"
18609
"MAILTO=backup-emails@domain.com\n"
18610
"45 22 * * * root /usr/local/bin/ldapbackup\n"
18611
msgstr ""
18612
18613
#: serverguide/C/network-auth.xml:2091(para)
18614
msgid "Now the files are created, they should be copied to a backup server."
18615
msgstr ""
18616
18617
#: serverguide/C/network-auth.xml:2096(para)
18618
msgid ""
18619
"Assuming we did a fresh reinstall of ldap, the restore process could be "
18620
"something like this:"
18621
msgstr ""
18622
18623
#: serverguide/C/network-auth.xml:2102(command)
18624
msgid "sudo service slapd stop"
18625
msgstr ""
18626
18627
#: serverguide/C/network-auth.xml:2103(command)
18628
msgid "sudo mkdir /var/lib/ldap/accesslog"
18629
msgstr ""
18630
18631
#: serverguide/C/network-auth.xml:2104(command)
18632
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
18633
msgstr ""
18634
18635
#: serverguide/C/network-auth.xml:2105(command)
18636
msgid ""
18637
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
18638
msgstr ""
18639
18640
#: serverguide/C/network-auth.xml:2106(command)
18641
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
18642
msgstr ""
18643
18644
#: serverguide/C/network-auth.xml:2107(command)
18645
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
18646
msgstr ""
18647
18648
#: serverguide/C/network-auth.xml:2108(command)
18649
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
18650
msgstr ""
18651
18652
#: serverguide/C/network-auth.xml:2109(command)
18653
msgid "sudo service slapd start"
18654
msgstr ""
18655
18656
#: serverguide/C/network-auth.xml:2120(para)
18657
msgid ""
18658
"The primary resource is the upstream documentation: <ulink "
18659
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
18660
msgstr ""
18661
18662
#: serverguide/C/network-auth.xml:2126(para)
18663
msgid ""
18664
"There are many man pages that come with the slapd package. Here are some "
18665
"important ones, especially considering the material presented in this guide:"
18666
msgstr ""
18667
18668
#: serverguide/C/network-auth.xml:2132(ulink)
18669
msgid "slapd"
18670
msgstr ""
18671
18672
#: serverguide/C/network-auth.xml:2133(ulink)
18673
msgid "slapd-config"
18674
msgstr ""
18675
18676
#: serverguide/C/network-auth.xml:2134(ulink)
18677
msgid "slapd.access"
18678
msgstr ""
18679
18680
#: serverguide/C/network-auth.xml:2135(ulink)
18681
msgid "slapo-syncprov"
18682
msgstr ""
18683
18684
#: serverguide/C/network-auth.xml:2141(para)
18685
msgid "Other man pages:"
18686
msgstr ""
18687
18688
#: serverguide/C/network-auth.xml:2146(ulink)
18689
msgid "auth-client-config"
18690
msgstr ""
18691
18692
#: serverguide/C/network-auth.xml:2147(ulink)
18693
msgid "pam-auth-update"
18694
msgstr ""
18695
18696
#: serverguide/C/network-auth.xml:2153(para)
18697
msgid ""
18698
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
18699
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
18700
msgstr ""
18701
18702
#: serverguide/C/network-auth.xml:2159(para)
18703
msgid ""
18704
"A Ubuntu community <ulink "
18705
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
18706
"wiki</ulink> page has a collection of notes"
18707
msgstr ""
18708
18709
#: serverguide/C/network-auth.xml:2165(para)
18710
msgid ""
18711
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
18712
"Administration</ulink> (textbook; 2003)"
18713
msgstr ""
18714
18715
#: serverguide/C/network-auth.xml:2171(para)
14643
18716
msgid ""
14644
18717
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14645
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14646
"newer versions of OpenLDAP."
14647
msgstr ""
14648
14649
#: serverguide/C/network-auth.xml:1565(para)
14650
msgid ""
14651
"For more information on <application>auth-client-config</application> see "
14652
"the man page: <command>man auth-client-config</command>."
14653
msgstr ""
14654
14655
#: serverguide/C/network-auth.xml:1570(para)
14656
msgid ""
14657
"For more details regarding the <application>ldapscripts</application> "
14658
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14659
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14660
msgstr ""
14661
14662
#: serverguide/C/network-auth.xml:1580(title)
18718
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
18719
msgstr ""
18720
18721
#: serverguide/C/network-auth.xml:2182(title)
14663
18722
msgid "Samba and LDAP"
14664
18723
msgstr ""
14665
18724
14666
#: serverguide/C/network-auth.xml:1582(para)
14667
msgid ""
14668
"This section covers configuring Samba to use LDAP for user, group, and "
14669
"machine account information and authentication. The assumption is, you "
14670
"already have a working OpenLDAP directory installed and the server is "
14671
"configured to use it for authentication. See <xref linkend=\"openldap-"
14672
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14673
"setting up OpenLDAP. For more information on installing and configuring "
14674
"Samba see <xref linkend=\"windows-networking\"/>."
14675
msgstr ""
14676
14677
#: serverguide/C/network-auth.xml:1592(para)
14678
msgid ""
14679
"There are three packages needed when integrating Samba with LDAP. "
18725
#: serverguide/C/network-auth.xml:2184(para)
18726
msgid ""
18727
"This section covers the integration of Samba with LDAP. The Samba server's "
18728
"role will be that of a \"standalone\" server and the LDAP directory will "
18729
"provide the authentication layer in addition to containing the user, group, "
18730
"and machine account information that Samba requires in order to function (in "
18731
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
18732
"configured with a directory that can accept authentication requests. See "
18733
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
18734
"requirement. Once this section is completed, you will need to decide what "
18735
"specifically you want Samba to do for you and then configure it accordingly."
18736
msgstr ""
18737
18738
#: serverguide/C/network-auth.xml:2193(title)
18739
msgid "Software Installation"
18740
msgstr ""
18741
18742
#: serverguide/C/network-auth.xml:2195(para)
18743
msgid ""
18744
"There are three packages needed when integrating Samba with LDAP: "
14680
18745
"<application>samba</application>, <application>samba-doc</application>, and "
14681
"<application>smbldap-tools</application> packages . To install the packages, "
14682
"from a terminal enter:"
14683
msgstr ""
14684
14685
#: serverguide/C/network-auth.xml:1598(command)
18746
"<application>smbldap-tools</application> packages."
18747
msgstr ""
18748
18749
#: serverguide/C/network-auth.xml:2200(para)
18750
msgid ""
18751
"Strictly speaking, the <application>smbldap-tools</application> package "
18752
"isn't needed, but unless you have some other way to manage the various "
18753
"Samaba entities (users, groups, computers) in an LDAP context then you "
18754
"should install it."
18755
msgstr ""
18756
18757
#: serverguide/C/network-auth.xml:2205(para)
18758
msgid "Install these packages now:"
18759
msgstr ""
18760
18761
#: serverguide/C/network-auth.xml:2210(command)
14686
18762
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14687
18763
msgstr ""
14688
18764
14689
#: serverguide/C/network-auth.xml:1601(para)
14690
msgid ""
14691
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14692
"needed, but unless you have another package or custom scripts, a method of "
14693
"managing users, groups, and computer accounts is needed."
14694
msgstr ""
14695
14696
#: serverguide/C/network-auth.xml:1608(title)
14697
msgid "OpenLDAP Configuration"
14698
msgstr ""
14699
14700
#: serverguide/C/network-auth.xml:1610(para)
14701
msgid ""
14702
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14703
"the user objects in the directory will need additional attributes. This "
14704
"section assumes you want Samba to be configured as a Windows NT domain "
14705
"controller, and will add the necessary LDAP objects and attributes."
14706
msgstr ""
14707
14708
#: serverguide/C/network-auth.xml:1618(para)
14709
msgid ""
14710
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14711
"file which is part of the <application>samba-doc</application> package. The "
14712
"schema file needs to be unzipped and copied to "
14713
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14714
msgstr ""
14715
14716
#: serverguide/C/network-auth.xml:1625(command)
18765
#: serverguide/C/network-auth.xml:2216(title)
18766
msgid "LDAP Configuration"
18767
msgstr ""
18768
18769
#: serverguide/C/network-auth.xml:2218(para)
18770
msgid ""
18771
"We will now configure the LDAP server so that it can accomodate Samba data. "
18772
"We will perform three tasks in this section:"
18773
msgstr ""
18774
18775
#: serverguide/C/network-auth.xml:2225(para)
18776
msgid "Import a schema"
18777
msgstr ""
18778
18779
#: serverguide/C/network-auth.xml:2229(para)
18780
msgid "Index some entries"
18781
msgstr ""
18782
18783
#: serverguide/C/network-auth.xml:2233(para)
18784
msgid "Add objects"
18785
msgstr ""
18786
18787
#: serverguide/C/network-auth.xml:2239(title)
18788
msgid "Samba schema"
18789
msgstr ""
18790
18791
#: serverguide/C/network-auth.xml:2241(para)
18792
msgid ""
18793
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
18794
"will need to use attributes that can properly describe Samba data. Such "
18795
"attributes can be obtained by introducing a Samba LDAP schema. Let's do this "
18796
"now."
18797
msgstr ""
18798
18799
#: serverguide/C/network-auth.xml:2247(para)
18800
msgid ""
18801
"For more information on schemas and their installation see <xref "
18802
"linkend=\"openldap-configuration\"/>."
18803
msgstr ""
18804
18805
#: serverguide/C/network-auth.xml:2255(para)
18806
msgid ""
18807
"The schema is found in the now-installed <application>samba-"
18808
"doc</application> package. It needs to be unzipped and copied to the "
18809
"<filename>/etc/ldap/schema</filename> directory:"
18810
msgstr ""
18811
18812
#: serverguide/C/network-auth.xml:2261(command)
14717
18813
msgid ""
14718
18814
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14719
"/etc/ldap/schema/"
18815
"/etc/ldap/schema"
14720
18816
msgstr ""
14721
18817
14722
#: serverguide/C/network-auth.xml:1626(command)
18818
#: serverguide/C/network-auth.xml:2262(command)
14723
18819
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14724
18820
msgstr ""
14725
18821
14726
#: serverguide/C/network-auth.xml:1632(para)
14727
msgid ""
14728
"The <emphasis>samba</emphasis> schema needs to be added to the "
14729
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14730
"<application>slapd</application> is also detailed in <xref "
14731
"linkend=\"openldap-configuration\"/>."
14732
msgstr ""
14733
14734
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14735
msgid ""
14736
"First, create a configuration file named "
14737
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14738
"containing the following lines:"
14739
msgstr ""
14740
14741
#: serverguide/C/network-auth.xml:1645(programlisting)
18822
#: serverguide/C/network-auth.xml:2268(para)
18823
msgid ""
18824
"Have the configuration file <filename>schema_convert.conf</filename> that "
18825
"contains the following lines:"
18826
msgstr ""
18827
18828
#: serverguide/C/network-auth.xml:2272(programlisting)
14742
18829
#, no-wrap
14743
18830
msgid ""
14744
18831
"\n"
14754
18841
"include /etc/ldap/schema/nis.schema\n"
14755
18842
"include /etc/ldap/schema/openldap.schema\n"
14756
18843
"include /etc/ldap/schema/ppolicy.schema\n"
18844
"include /etc/ldap/schema/ldapns.schema\n"
18845
"include /etc/ldap/schema/pmi.schema\n"
14757
18846
"include /etc/ldap/schema/samba.schema\n"
14758
18847
msgstr ""
14759
18848
14760
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14761
msgid ""
14762
"Now use <application>slapcat</application> to convert the schema files:"
14763
msgstr ""
14764
14765
#: serverguide/C/network-auth.xml:1680(command)
14766
msgid ""
14767
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14768
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14769
msgstr ""
14770
14771
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14772
msgid ""
14773
"Change the above file and path names to match your own if they are different."
14774
msgstr ""
14775
14776
#: serverguide/C/network-auth.xml:1690(para)
14777
msgid ""
14778
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14779
"the following attributes:"
14780
msgstr ""
14781
14782
#: serverguide/C/network-auth.xml:1694(programlisting)
18849
#: serverguide/C/network-auth.xml:2293(para)
18850
msgid "Have the directory <filename>ldif_output</filename> hold output."
18851
msgstr ""
18852
18853
#: serverguide/C/network-auth.xml:2304(command)
18854
msgid ""
18855
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
18856
msgstr ""
18857
18858
#: serverguide/C/network-auth.xml:2305(computeroutput)
18859
#, no-wrap
18860
msgid ""
18861
"\n"
18862
"dn: cn={14}samba,cn=schema,cn=config\n"
18863
msgstr ""
18864
18865
#: serverguide/C/network-auth.xml:2313(para)
18866
msgid "Convert the schema to LDIF format:"
18867
msgstr ""
18868
18869
#: serverguide/C/network-auth.xml:2318(command)
18870
msgid ""
18871
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
18872
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
18873
msgstr ""
18874
18875
#: serverguide/C/network-auth.xml:2325(para)
18876
msgid ""
18877
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
18878
"information to arrive at:"
18879
msgstr ""
18880
18881
#: serverguide/C/network-auth.xml:2329(programlisting)
14783
18882
#, no-wrap
14784
18883
msgid ""
14785
18884
"\n"
14788
18887
"cn: samba\n"
14789
18888
msgstr ""
14790
18889
14791
#: serverguide/C/network-auth.xml:1704(programlisting)
18890
#: serverguide/C/network-auth.xml:2335(para)
18891
msgid "Remove the bottom lines:"
18892
msgstr ""
18893
18894
#: serverguide/C/network-auth.xml:2339(programlisting)
14792
18895
#, no-wrap
14793
18896
msgid ""
14794
18897
"\n"
14801
18904
"modifyTimestamp: 20080827045234Z\n"
14802
18905
msgstr ""
14803
18906
14804
#: serverguide/C/network-auth.xml:1729(command)
14805
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14806
msgstr ""
14807
14808
#: serverguide/C/network-auth.xml:1735(para)
14809
msgid ""
14810
"There should now be a <emphasis>dn: "
14811
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14812
"sequential schema, entry in the cn=config tree."
14813
msgstr ""
14814
14815
#: serverguide/C/network-auth.xml:1743(para)
14816
msgid ""
14817
"Copy and paste the following into a file named "
14818
"<filename>samba_indexes.ldif</filename>:"
14819
msgstr ""
14820
14821
#: serverguide/C/network-auth.xml:1747(programlisting)
18907
#: serverguide/C/network-auth.xml:2355(para)
18908
msgid "Add the new schema:"
18909
msgstr ""
18910
18911
#: serverguide/C/network-auth.xml:2360(command)
18912
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
18913
msgstr ""
18914
18915
#: serverguide/C/network-auth.xml:2363(para)
18916
msgid "To query and view this new schema:"
18917
msgstr ""
18918
18919
#: serverguide/C/network-auth.xml:2368(command)
18920
msgid ""
18921
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
18922
"'cn=*samba*'"
18923
msgstr ""
18924
18925
#: serverguide/C/network-auth.xml:2378(title)
18926
msgid "Samba indices"
18927
msgstr ""
18928
18929
#: serverguide/C/network-auth.xml:2380(para)
18930
msgid ""
18931
"Now that slapd knows about the Samba attributes, we can set up some indices "
18932
"based on them. Indexing entries is a way to improve performance when a "
18933
"client performs a filtered search on the DIT."
18934
msgstr ""
18935
18936
#: serverguide/C/network-auth.xml:2385(para)
18937
msgid ""
18938
"Create the file <filename>samba_indices.ldif</filename> with the following "
18939
"contents:"
18940
msgstr ""
18941
18942
#: serverguide/C/network-auth.xml:2389(programlisting)
14822
18943
#, no-wrap
14823
18944
msgid ""
14824
18945
"\n"
14839
18960
"olcDbIndex: default sub\n"
14840
18961
msgstr ""
14841
18962
14842
#: serverguide/C/network-auth.xml:1765(para)
14843
msgid ""
14844
"Using the <application>ldapmodify</application> utility load the new indexes:"
14845
msgstr ""
14846
14847
#: serverguide/C/network-auth.xml:1770(command)
14848
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14849
msgstr ""
14850
14851
#: serverguide/C/network-auth.xml:1772(para)
14852
msgid ""
14853
"If all went well you should see the new indexes using "
18963
#: serverguide/C/network-auth.xml:2407(para)
18964
msgid ""
18965
"Using the <application>ldapmodify</application> utility load the new indices:"
18966
msgstr ""
18967
18968
#: serverguide/C/network-auth.xml:2412(command)
18969
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
18970
msgstr ""
18971
18972
#: serverguide/C/network-auth.xml:2415(para)
18973
msgid ""
18974
"If all went well you should see the new indices using "
14854
18975
"<application>ldapsearch</application>:"
14855
18976
msgstr ""
14856
18977
14857
#: serverguide/C/network-auth.xml:1777(command)
18978
#: serverguide/C/network-auth.xml:2420(command)
14858
18979
msgid ""
14859
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14860
msgstr ""
14861
14862
#: serverguide/C/network-auth.xml:1783(para)
18980
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
18981
"olcDatabase={1}hdb olcDbIndex"
18982
msgstr ""
18983
18984
#: serverguide/C/network-auth.xml:2427(title)
18985
msgid "Adding Samba LDAP objects"
18986
msgstr ""
18987
18988
#: serverguide/C/network-auth.xml:2429(para)
14863
18989
msgid ""
14864
18990
"Next, configure the <application>smbldap-tools</application> package to "
14865
18991
"match your environment. The package comes with a configuration script that "
14866
18992
"will ask questions about the needed options. To run the script enter:"
14867
18993
msgstr ""
14868
18994
14869
#: serverguide/C/network-auth.xml:1789(command)
18995
#: serverguide/C/network-auth.xml:2435(command)
14870
18996
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14871
18997
msgstr ""
14872
18998
14873
#: serverguide/C/network-auth.xml:1790(command)
18999
#: serverguide/C/network-auth.xml:2436(command)
14874
19000
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14875
19001
msgstr ""
14876
19002
14877
#: serverguide/C/network-auth.xml:1793(para)
14878
msgid ""
14879
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
19003
#: serverguide/C/network-auth.xml:2439(para)
19004
msgid ""
19005
"You may need to comment out the strict pragma in the "
19006
"<filename>configure.pl</filename> file."
19007
msgstr ""
19008
19009
#: serverguide/C/network-auth.xml:2443(para)
19010
msgid ""
19011
"Once you have answered the questions, the files <filename>/etc/smbldap-"
14880
19012
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14881
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14882
"configure script, so if you made any mistakes while executing the script it "
14883
"may be simpler to edit the file appropriately."
19013
"tools/smbldap_bind.conf</filename> should be generated. If you made any "
19014
"mistakes while executing the script you can always edit the files afterwards."
14884
19015
msgstr ""
14885
19016
14886
#: serverguide/C/network-auth.xml:1803(para)
19017
#: serverguide/C/network-auth.xml:2449(para)
14887
19018
msgid ""
14888
"The <application>smbldap-populate</application> script will add the "
14889
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14890
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14891
"<application>slapcat</application> before executing the command:"
19019
"The <application>smbldap-populate</application> script will add the LDAP "
19020
"objects required for Samba. It is a good idea to first make a backup of your "
19021
"entire directory using <application>slapcat</application>:"
14892
19022
msgstr ""
14893
19023
14894
#: serverguide/C/network-auth.xml:1810(command)
19024
#: serverguide/C/network-auth.xml:2455(command)
14895
19025
msgid "sudo slapcat -l backup.ldif"
14896
19026
msgstr ""
14897
19027
14898
#: serverguide/C/network-auth.xml:1816(para)
14899
msgid ""
14900
"Once you have a current backup execute <application>smbldap-"
14901
"populate</application> by entering:"
19028
#: serverguide/C/network-auth.xml:2458(para)
19029
msgid "Once you have a backup proceed to populate your directory:"
14902
19030
msgstr ""
14903
19031
14904
#: serverguide/C/network-auth.xml:1821(command)
19032
#: serverguide/C/network-auth.xml:2463(command)
14905
19033
msgid "sudo smbldap-populate"
14906
19034
msgstr ""
14907
19035
14908
#: serverguide/C/network-auth.xml:1825(para)
19036
#: serverguide/C/network-auth.xml:2466(para)
14909
19037
msgid ""
14910
"You can create an LDIF file containing the new Samba objects by executing "
19038
"You can create a LDIF file containing the new Samba objects by executing "
14911
19039
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14912
"look over the changes making sure everything is correct."
19040
"look over the changes making sure everything is correct. If it is, rerun the "
19041
"script without the '-e' switch. Alternatively, you can take the LDIF file "
19042
"and import it's data per usual."
14913
19043
msgstr ""
14914
19044
14915
#: serverguide/C/network-auth.xml:1833(para)
19045
#: serverguide/C/network-auth.xml:2472(para)
14916
19046
msgid ""
14917
"Your LDAP directory now has the necessary domain information to authenticate "
14918
"Samba users."
19047
"Your LDAP directory now has the necessary information to authenticate Samba "
19048
"users."
14919
19049
msgstr ""
14920
19050
14921
#: serverguide/C/network-auth.xml:1839(title)
19051
#: serverguide/C/network-auth.xml:2481(title)
14922
19052
msgid "Samba Configuration"
14923
19053
msgstr ""
14924
19054
14925
#: serverguide/C/network-auth.xml:1841(para)
19055
#: serverguide/C/network-auth.xml:2483(para)
14926
19056
msgid ""
14927
"There a multiple ways to configure Samba for details on some common "
19057
"There are multiple ways to configure Samba. For details on some common "
14928
19058
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14929
"Samba to use LDAP, edit the main Samba configuration file "
14930
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14931
"backend</emphasis> option and adding the following:"
19059
"Samba to use LDAP, edit it's configuration file "
19060
"<filename>/etc/samba/smb.conf</filename> commenting out the default "
19061
"<emphasis>passdb backend</emphasis> parameter and adding some ldap-related "
19062
"ones:"
14932
19063
msgstr ""
14933
19064
14934
#: serverguide/C/network-auth.xml:1847(programlisting)
19065
#: serverguide/C/network-auth.xml:2489(programlisting)
14935
19066
#, no-wrap
14936
19067
msgid ""
14937
19068
"\n"
14951
19082
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14952
19083
msgstr ""
14953
19084
14954
#: serverguide/C/network-auth.xml:1864(para)
19085
#: serverguide/C/network-auth.xml:2506(para)
19086
msgid "Change the values to match your environment."
19087
msgstr ""
19088
19089
#: serverguide/C/network-auth.xml:2510(para)
14955
19090
msgid "Restart <application>samba</application> to enable the new settings:"
14956
19091
msgstr ""
14957
19092
14958
#: serverguide/C/network-auth.xml:1873(para)
14959
msgid ""
14960
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14961
"enter:"
14962
msgstr ""
14963
14964
#: serverguide/C/network-auth.xml:1878(command)
14965
msgid "sudo smbpasswd -w secret"
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:1882(para)
14969
msgid ""
14970
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14971
"password."
14972
msgstr ""
14973
14974
#: serverguide/C/network-auth.xml:1887(para)
14975
msgid ""
14976
"If you currently have users in LDAP, and you want them to authenticate using "
14977
"Samba, they will need some Samba attributes defined in the "
14978
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14979
"users using the <application>smbpasswd</application> utility, replacing "
14980
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14981
msgstr ""
14982
14983
#: serverguide/C/network-auth.xml:1895(command)
19093
#: serverguide/C/network-auth.xml:2519(para)
19094
msgid ""
19095
"Now inform Samba about the rootDN user's password (the one set during the "
19096
"installation of the slapd package):"
19097
msgstr ""
19098
19099
#: serverguide/C/network-auth.xml:2524(command)
19100
msgid "sudo smbpasswd -w password"
19101
msgstr ""
19102
19103
#: serverguide/C/network-auth.xml:2527(para)
19104
msgid ""
19105
"If you have existing LDAP users that you want to include in your new LDAP-"
19106
"backed Samba they will, of course, also need to be given some of the extra "
19107
"attributes. The <application>smbpasswd</application> utility can do this as "
19108
"well (your host will need to be able to see (enumerate) those users via NSS; "
19109
"install and configure either <application>libnss-ldapd</application> or "
19110
"<application>libnss-ldap</application>):"
19111
msgstr ""
19112
19113
#: serverguide/C/network-auth.xml:2535(command)
14984
19114
msgid "sudo smbpasswd -a username"
14985
19115
msgstr ""
14986
19116
14987
#: serverguide/C/network-auth.xml:1898(para)
14988
msgid "You will then be asked to enter the user's password."
14989
msgstr ""
14990
14991
#: serverguide/C/network-auth.xml:1902(para)
14992
msgid ""
14993
"To add new user, group, and machine accounts use the utilities from the "
14994
"<application>smbldap-tools</application> package. Here are some examples:"
14995
msgstr ""
14996
14997
#: serverguide/C/network-auth.xml:1909(para)
14998
msgid ""
14999
"To add a new user to LDAP with Samba attributes enter the following, "
15000
"replacing username with an actual username:"
15001
msgstr ""
15002
15003
#: serverguide/C/network-auth.xml:1913(command)
19117
#: serverguide/C/network-auth.xml:2538(para)
19118
msgid ""
19119
"You will prompted to enter a password. It will be considered as the new "
19120
"password for that user. Making it the same as before is reasonable."
19121
msgstr ""
19122
19123
#: serverguide/C/network-auth.xml:2542(para)
19124
msgid ""
19125
"To manage user, group, and machine accounts use the utilities provided by "
19126
"the <application>smbldap-tools</application> package. Here are some examples:"
19127
msgstr ""
19128
19129
#: serverguide/C/network-auth.xml:2550(para)
19130
msgid "To add a new user:"
19131
msgstr ""
19132
19133
#: serverguide/C/network-auth.xml:2555(command)
15004
19134
msgid "sudo smbldap-useradd -a -P username"
15005
19135
msgstr ""
15006
19136
15007
#: serverguide/C/network-auth.xml:1915(para)
19137
#: serverguide/C/network-auth.xml:2558(para)
15008
19138
msgid ""
15009
19139
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15010
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
19140
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
15011
19141
"passwd</application> utility after the user is created allowing you to enter "
15012
19142
"a password for the user."
15013
19143
msgstr ""
15014
19144
15015
#: serverguide/C/network-auth.xml:1921(para)
15016
msgid "To remove a user from the directory enter:"
19145
#: serverguide/C/network-auth.xml:2565(para)
19146
msgid "To remove a user:"
15017
19147
msgstr ""
15018
19148
15019
#: serverguide/C/network-auth.xml:1925(command)
19149
#: serverguide/C/network-auth.xml:2570(command)
15020
19150
msgid "sudo smbldap-userdel username"
15021
19151
msgstr ""
15022
19152
15023
#: serverguide/C/network-auth.xml:1927(para)
15024
msgid ""
15025
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15026
"r</emphasis> option to remove the user's home directory."
15027
msgstr ""
15028
15029
#: serverguide/C/network-auth.xml:1932(para)
15030
msgid ""
15031
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15032
"groupname with an appropriate group:"
15033
msgstr ""
15034
15035
#: serverguide/C/network-auth.xml:1936(command)
19153
#: serverguide/C/network-auth.xml:2573(para)
19154
msgid ""
19155
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
19156
"user's home directory."
19157
msgstr ""
19158
19159
#: serverguide/C/network-auth.xml:2579(para)
19160
msgid "To add a group:"
19161
msgstr ""
19162
19163
#: serverguide/C/network-auth.xml:2584(command)
15036
19164
msgid "sudo smbldap-groupadd -a groupname"
15037
19165
msgstr ""
15038
19166
15039
#: serverguide/C/network-auth.xml:1938(para)
19167
#: serverguide/C/network-auth.xml:2587(para)
15040
19168
msgid ""
15041
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
19169
"As for <application>smbldap-useradd</application>, the <emphasis>-"
15042
19170
"a</emphasis> adds the Samba attributes."
15043
19171
msgstr ""
15044
19172
15045
#: serverguide/C/network-auth.xml:1943(para)
15046
msgid ""
15047
"To add a user to a group use <application>smbldap-groupmod</application>:"
19173
#: serverguide/C/network-auth.xml:2593(para)
19174
msgid "To make an existing user a member of a group:"
15048
19175
msgstr ""
15049
19176
15050
#: serverguide/C/network-auth.xml:1947(command)
19177
#: serverguide/C/network-auth.xml:2598(command)
15051
19178
msgid "sudo smbldap-groupmod -m username groupname"
15052
19179
msgstr ""
15053
19180
15054
#: serverguide/C/network-auth.xml:1949(para)
15055
msgid ""
15056
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15057
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15058
"listing them in <emphasis>comma separated</emphasis> format."
15059
msgstr ""
15060
15061
#: serverguide/C/network-auth.xml:1955(para)
15062
msgid ""
15063
"<application>smbldap-groupmod</application> can also be used to remove a "
15064
"user from a group:"
15065
msgstr ""
15066
15067
#: serverguide/C/network-auth.xml:1959(command)
19181
#: serverguide/C/network-auth.xml:2601(para)
19182
msgid ""
19183
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
19184
"listing them in comma-separated format."
19185
msgstr ""
19186
19187
#: serverguide/C/network-auth.xml:2607(para)
19188
msgid "To remove a user from a group:"
19189
msgstr ""
19190
19191
#: serverguide/C/network-auth.xml:2612(command)
15068
19192
msgid "sudo smbldap-groupmod -x username groupname"
15069
19193
msgstr ""
15070
19194
15071
#: serverguide/C/network-auth.xml:1963(para)
15072
msgid ""
15073
"Additionally, the <application>smbldap-useradd</application> utility can add "
15074
"Samba machine accounts:"
19195
#: serverguide/C/network-auth.xml:2618(para)
19196
msgid "To add a Samba machine account:"
15075
19197
msgstr ""
15076
19198
15077
#: serverguide/C/network-auth.xml:1967(command)
19199
#: serverguide/C/network-auth.xml:2623(command)
15078
19200
msgid "sudo smbldap-useradd -t 0 -w username"
15079
19201
msgstr ""
15080
19202
15081
#: serverguide/C/network-auth.xml:1969(para)
19203
#: serverguide/C/network-auth.xml:2626(para)
15082
19204
msgid ""
15083
19205
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15084
19206
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15085
19207
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15086
19208
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15087
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
19209
"parameter in <filename>/etc/samba/smb.conf</filename> was changed to use "
15088
19210
"<application>smbldap-useradd</application>."
15089
19211
msgstr ""
15090
19212
15091
#: serverguide/C/network-auth.xml:1978(para)
15092
msgid ""
15093
"There are more useful utilities and options in the <application>smbldap-"
15094
"tools</application> package. The man page for each utility provides more "
15095
"details."
15096
msgstr ""
15097
15098
#: serverguide/C/network-auth.xml:1989(para)
15099
msgid ""
15100
"There are multiple places where LDAP and Samba is documented in the <ulink "
15101
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15102
"Collection</ulink>."
15103
msgstr ""
15104
15105
#: serverguide/C/network-auth.xml:1995(para)
15106
msgid ""
15107
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15108
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15109
msgstr ""
15110
15111
#: serverguide/C/network-auth.xml:2001(para)
15112
msgid ""
15113
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15114
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15115
msgstr ""
15116
15117
#: serverguide/C/network-auth.xml:2007(para)
15118
msgid ""
15119
"Again, for more information on <application>smbldap-tools</application> see "
15120
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15121
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15122
msgstr ""
15123
15124
#: serverguide/C/network-auth.xml:2014(para)
15125
msgid ""
15126
"Also, there is a list of <ulink "
15127
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15128
"wiki</ulink> articles with more information."
15129
msgstr ""
15130
15131
#: serverguide/C/network-auth.xml:2023(title)
19213
#: serverguide/C/network-auth.xml:2635(para)
19214
msgid ""
19215
"There are utilities in the <application>smbldap-tools</application> package "
19216
"that were not covered here. Here is a complete list:"
19217
msgstr ""
19218
19219
#: serverguide/C/network-auth.xml:2640(ulink)
19220
msgid "smbldap-groupadd"
19221
msgstr ""
19222
19223
#: serverguide/C/network-auth.xml:2641(ulink)
19224
msgid "smbldap-groupdel"
19225
msgstr ""
19226
19227
#: serverguide/C/network-auth.xml:2642(ulink)
19228
msgid "smbldap-groupmod"
19229
msgstr ""
19230
19231
#: serverguide/C/network-auth.xml:2643(ulink)
19232
msgid "smbldap-groupshow"
19233
msgstr ""
19234
19235
#: serverguide/C/network-auth.xml:2644(ulink)
19236
msgid "smbldap-passwd"
19237
msgstr ""
19238
19239
#: serverguide/C/network-auth.xml:2645(ulink)
19240
msgid "smbldap-populate"
19241
msgstr ""
19242
19243
#: serverguide/C/network-auth.xml:2646(ulink)
19244
msgid "smbldap-useradd"
19245
msgstr ""
19246
19247
#: serverguide/C/network-auth.xml:2647(ulink)
19248
msgid "smbldap-userdel"
19249
msgstr ""
19250
19251
#: serverguide/C/network-auth.xml:2648(ulink)
19252
msgid "smbldap-userinfo"
19253
msgstr ""
19254
19255
#: serverguide/C/network-auth.xml:2649(ulink)
19256
msgid "smbldap-userlist"
19257
msgstr ""
19258
19259
#: serverguide/C/network-auth.xml:2650(ulink)
19260
msgid "smbldap-usermod"
19261
msgstr ""
19262
19263
#: serverguide/C/network-auth.xml:2651(ulink)
19264
msgid "smbldap-usershow"
19265
msgstr ""
19266
19267
#: serverguide/C/network-auth.xml:2662(para)
19268
msgid ""
19269
"For more information on installing and configuring Samba see <xref "
19270
"linkend=\"windows-networking\"/> of this Ubuntu Server Guide."
19271
msgstr ""
19272
19273
#: serverguide/C/network-auth.xml:2668(para)
19274
msgid ""
19275
"There are multiple places where LDAP and Samba is documented in the upstream "
19276
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
19277
"HOWTO Collection</ulink>."
19278
msgstr ""
19279
19280
#: serverguide/C/network-auth.xml:2675(para)
19281
msgid ""
19282
"Regarding the above, see specifically the <ulink "
19283
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
19284
"Collection/passdb.html\">passdb section</ulink>."
19285
msgstr ""
19286
19287
#: serverguide/C/network-auth.xml:2681(para)
19288
msgid ""
19289
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
19290
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
19291
"valuable notes."
19292
msgstr ""
19293
19294
#: serverguide/C/network-auth.xml:2687(para)
19295
msgid ""
19296
"The main page of the <ulink "
19297
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
19298
"community documentation</ulink> has a plethora of links to articles that may "
19299
"prove useful."
19300
msgstr ""
19301
19302
#: serverguide/C/network-auth.xml:2700(title)
15132
19303
msgid "Kerberos"
15133
19304
msgstr "Kerberos"
15134
19305
15135
#: serverguide/C/network-auth.xml:2025(para)
19306
#: serverguide/C/network-auth.xml:2702(para)
15136
19307
msgid ""
15137
19308
"<application>Kerberos</application> is a network authentication system based "
15138
19309
"on the principal of a trusted third party. The other two parties being the "
15141
19312
"network environment one step closer to being Single Sign On (SSO)."
15142
19313
msgstr ""
15143
19314
15144
#: serverguide/C/network-auth.xml:2031(para)
19315
#: serverguide/C/network-auth.xml:2708(para)
15145
19316
msgid ""
15146
19317
"This section covers installation and configuration of a Kerberos server, and "
15147
19318
"some example client configurations."
15148
19319
msgstr ""
15149
19320
15150
#: serverguide/C/network-auth.xml:2038(para)
19321
#: serverguide/C/network-auth.xml:2715(para)
15151
19322
msgid ""
15152
19323
"If you are new to Kerberos there are a few terms that are good to understand "
15153
19324
"before setting up a Kerberos server. Most of the terms will relate to things "
15154
19325
"you may be familiar with in other environments:"
15155
19326
msgstr ""
15156
19327
15157
#: serverguide/C/network-auth.xml:2045(para)
19328
#: serverguide/C/network-auth.xml:2722(para)
15158
19329
msgid ""
15159
19330
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15160
19331
"by servers need to be defined as Kerberos Principals."
15161
19332
msgstr ""
15162
19333
15163
#: serverguide/C/network-auth.xml:2050(para)
19334
#: serverguide/C/network-auth.xml:2727(para)
15164
19335
msgid ""
15165
19336
"<emphasis>Instances:</emphasis> are used for service principals and special "
15166
19337
"administrative principals."
15167
19338
msgstr ""
15168
19339
15169
#: serverguide/C/network-auth.xml:2055(para)
19340
#: serverguide/C/network-auth.xml:2732(para)
15170
19341
msgid ""
15171
19342
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15172
"Kerberos installation. Usually the DNS domain converted to uppercase "
15173
"(EXAMPLE.COM)."
19343
"Kerberos installation. Think of it as the domain or group your hosts and "
19344
"users belong to. Convention dictates the realm should be in uppercase. By "
19345
"default, ubuntu will use the DNS domain converted to uppercase (EXAMPLE.COM) "
19346
"as the realm."
15174
19347
msgstr ""
15175
19348
15176
#: serverguide/C/network-auth.xml:2061(para)
19349
#: serverguide/C/network-auth.xml:2741(para)
15177
19350
msgid ""
15178
19351
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15179
19352
"a database of all principals, the authentication server, and the ticket "
15180
19353
"granting server. For each realm there must be at least one KDC."
15181
19354
msgstr ""
15182
19355
15183
#: serverguide/C/network-auth.xml:2067(para)
19356
#: serverguide/C/network-auth.xml:2747(para)
15184
19357
msgid ""
15185
19358
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15186
19359
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15187
19360
"password which is known only to the user and the KDC."
15188
19361
msgstr ""
15189
19362
15190
#: serverguide/C/network-auth.xml:2073(para)
19363
#: serverguide/C/network-auth.xml:2753(para)
15191
19364
msgid ""
15192
19365
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15193
19366
"clients upon request."
15194
19367
msgstr ""
15195
19368
15196
#: serverguide/C/network-auth.xml:2078(para)
19369
#: serverguide/C/network-auth.xml:2758(para)
15197
19370
msgid ""
15198
19371
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15199
19372
"One principal being a user and the other a service requested by the user. "
15201
19374
"authenticated session."
15202
19375
msgstr ""
15203
19376
15204
#: serverguide/C/network-auth.xml:2084(para)
19377
#: serverguide/C/network-auth.xml:2764(para)
15205
19378
msgid ""
15206
19379
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15207
19380
"principal database and contain the encryption key for a service or host."
15208
19381
msgstr ""
15209
19382
15210
#: serverguide/C/network-auth.xml:2091(para)
19383
#: serverguide/C/network-auth.xml:2771(para)
15211
19384
msgid ""
15212
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15213
"redundancy, which contains a database of Principals. When a user principal "
15214
"logs into a workstation, configured for Kerberos authentication, the KDC "
15215
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15216
"match, the user is authenticated and can then request tickets for Kerberized "
15217
"services from the Ticket Granting Server (TGS). The service tickets allow "
15218
"the user to authenticate to the service without entering another username "
15219
"and password."
19385
"To put the pieces together, a Realm has at least one KDC, preferably more "
19386
"for redundancy, which contains a database of Principals. When a user "
19387
"principal logs into a workstation that is configured for Kerberos "
19388
"authentication, the KDC issues a Ticket Granting Ticket (TGT). If the user "
19389
"supplied credentials match, the user is authenticated and can then request "
19390
"tickets for Kerberized services from the Ticket Granting Server (TGS). The "
19391
"service tickets allow the user to authenticate to the service without "
19392
"entering another username and password."
15220
19393
msgstr ""
15221
19394
15222
#: serverguide/C/network-auth.xml:2100(title)
19395
#: serverguide/C/network-auth.xml:2780(title)
15223
19396
msgid "Kerberos Server"
15224
19397
msgstr ""
15225
19398
15226
#: serverguide/C/network-auth.xml:2104(para)
19399
#: serverguide/C/network-auth.xml:2784(para)
19400
msgid ""
19401
"For this discussion, we will create a MIT Kerberos domain with the following "
19402
"features (edit them to fit your needs):"
19403
msgstr ""
19404
19405
#: serverguide/C/network-auth.xml:2791(para)
19406
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
19407
msgstr ""
19408
19409
#: serverguide/C/network-auth.xml:2796(para)
19410
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
19411
msgstr ""
19412
19413
#: serverguide/C/network-auth.xml:2801(para)
19414
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
19415
msgstr ""
19416
19417
#: serverguide/C/network-auth.xml:2806(para)
19418
msgid "<emphasis>User principal:</emphasis> steve"
19419
msgstr ""
19420
19421
#: serverguide/C/network-auth.xml:2811(para)
19422
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
19423
msgstr ""
19424
19425
#: serverguide/C/network-auth.xml:2818(para)
19426
msgid ""
19427
"It is <emphasis>strongly</emphasis> recommended that your network-"
19428
"authenticated users have their uid in a different range (say, starting at "
19429
"5000) than that of your local users."
19430
msgstr ""
19431
19432
#: serverguide/C/network-auth.xml:2824(para)
15227
19433
msgid ""
15228
19434
"Before installing the Kerberos server a properly configured DNS server is "
15229
19435
"needed for your domain. Since the Kerberos Realm by convention matches the "
15230
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15231
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
19436
"domain name, this section uses the <emphasis>EXAMPLE.COM</emphasis> domain "
19437
"configured in <xref linkend=\"dns-primarymaster-configuration\"/> of the DNS "
19438
"documentation."
15232
19439
msgstr ""
15233
19440
15234
#: serverguide/C/network-auth.xml:2110(para)
19441
#: serverguide/C/network-auth.xml:2830(para)
15235
19442
msgid ""
15236
19443
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15237
19444
"between a client machine and the server differs by more than five minutes "
15238
19445
"(by default), the workstation will not be able to authenticate. To correct "
15239
"the problem all hosts should have their time synchronized using the "
15240
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15241
"NTP see <xref linkend=\"NTP\"/>."
19446
"the problem all hosts should have their time synchronized using the same "
19447
"<emphasis>Network Time Protocol (NTP)</emphasis> server. For details on "
19448
"setting up NTP see <xref linkend=\"NTP\"/>."
15242
19449
msgstr ""
15243
19450
15244
#: serverguide/C/network-auth.xml:2117(para)
19451
#: serverguide/C/network-auth.xml:2838(para)
15245
19452
msgid ""
15246
"The first step in installing a Kerberos Realm is to install the "
19453
"The first step in creating a Kerberos Realm is to install the "
15247
19454
"<application>krb5-kdc</application> and <application>krb5-admin-"
15248
19455
"server</application> packages. From a terminal enter:"
15249
19456
msgstr ""
15250
19457
15251
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
19458
#: serverguide/C/network-auth.xml:2844(command) serverguide/C/network-auth.xml:3051(command)
15252
19459
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15253
19460
msgstr ""
15254
19461
15255
#: serverguide/C/network-auth.xml:2126(para)
19462
#: serverguide/C/network-auth.xml:2847(para)
15256
19463
msgid ""
15257
"You will be asked at the end of the install to supply a name for the "
19464
"You will be asked at the end of the install to supply the hostname for the "
15258
19465
"Kerberos and Admin servers, which may or may not be the same server, for the "
15259
19466
"realm."
15260
19467
msgstr ""
15261
19468
15262
#: serverguide/C/network-auth.xml:2131(para)
19469
#: serverguide/C/network-auth.xml:2854(para)
19470
msgid "By default the realm is created from the KDC's domain name."
19471
msgstr ""
19472
19473
#: serverguide/C/network-auth.xml:2859(para)
15263
19474
msgid ""
15264
19475
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15265
19476
"utility:"
15266
19477
msgstr ""
15267
19478
15268
#: serverguide/C/network-auth.xml:2136(command)
19479
#: serverguide/C/network-auth.xml:2864(command)
15269
19480
msgid "sudo krb5_newrealm"
15270
19481
msgstr ""
15271
19482
15272
#: serverguide/C/network-auth.xml:2143(para)
19483
#: serverguide/C/network-auth.xml:2871(para)
15273
19484
msgid ""
15274
19485
"The questions asked during installation are used to configure the "
15275
19486
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15276
19487
"Distribution Center (KDC) settings simply edit the file and restart the "
15277
"<application>krb5-kdc</application> daemon."
15278
msgstr ""
15279
15280
#: serverguide/C/network-auth.xml:2151(para)
19488
"<application>krb5-kdc</application> daemon. If you need to reconfigure "
19489
"Kerberos from scratch, perhaps to change the realm name, you can do so by "
19490
"typing"
19491
msgstr ""
19492
19493
#: serverguide/C/network-auth.xml:2878(command)
19494
msgid "sudo dpkg-reconfigure krb5-kdc"
19495
msgstr ""
19496
19497
#: serverguide/C/network-auth.xml:2884(para)
15281
19498
msgid ""
15282
"Now that the KDC running an admin user is needed. It is recommended to use a "
15283
"different username from your everyday username. Using the "
19499
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
19500
"principal</emphasis> -- is needed. It is recommended to use a different "
19501
"username from your everyday username. Using the "
15284
19502
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15285
19503
msgstr ""
15286
19504
15287
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
19505
#: serverguide/C/network-auth.xml:2892(command) serverguide/C/network-auth.xml:3762(command)
15288
19506
msgid "sudo kadmin.local"
15289
19507
msgstr ""
15290
19508
15291
#: serverguide/C/network-auth.xml:2158(computeroutput)
19509
#: serverguide/C/network-auth.xml:2893(computeroutput)
15292
19510
#, no-wrap
15293
19511
msgid ""
15294
19512
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15295
19513
"kadmin.local:"
15296
19514
msgstr ""
15297
19515
15298
#: serverguide/C/network-auth.xml:2159(userinput)
19516
#: serverguide/C/network-auth.xml:2894(userinput)
15299
19517
#, no-wrap
15300
19518
msgid " addprinc steve/admin"
15301
19519
msgstr ""
15302
19520
15303
#: serverguide/C/network-auth.xml:2160(computeroutput)
19521
#: serverguide/C/network-auth.xml:2895(computeroutput)
15304
19522
#, no-wrap
15305
19523
msgid ""
15306
19524
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15311
19529
"kadmin.local:"
15312
19530
msgstr ""
15313
19531
15314
#: serverguide/C/network-auth.xml:2164(userinput)
19532
#: serverguide/C/network-auth.xml:2899(userinput)
15315
19533
#, no-wrap
15316
19534
msgid " quit"
15317
19535
msgstr ""
15318
19536
15319
#: serverguide/C/network-auth.xml:2167(para)
19537
#: serverguide/C/network-auth.xml:2902(para)
15320
19538
msgid ""
15321
19539
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15322
19540
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15323
19541
"is an <emphasis>Instance</emphasis>, and <emphasis "
15324
19542
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15325
"role=\"italic\">\"every day\"</emphasis> Principal would be "
19543
"role=\"italic\">\"every day\"</emphasis> Principal, a.k.a. the <emphasis "
19544
"role=\"italic\">user principal</emphasis>, would be "
15326
19545
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15327
19546
"rights."
15328
19547
msgstr ""
15329
19548
15330
#: serverguide/C/network-auth.xml:2175(para)
19549
#: serverguide/C/network-auth.xml:2912(para)
15331
19550
msgid ""
15332
19551
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15333
19552
"your Realm and admin username."
15334
19553
msgstr ""
15335
19554
15336
#: serverguide/C/network-auth.xml:2183(para)
19555
#: serverguide/C/network-auth.xml:2920(para)
15337
19556
msgid ""
15338
19557
"Next, the new admin user needs to have the appropriate Access Control List "
15339
19558
"(ACL) permissions. The permissions are configured in the "
15340
19559
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15341
19560
msgstr ""
15342
19561
15343
#: serverguide/C/network-auth.xml:2188(programlisting)
19562
#: serverguide/C/network-auth.xml:2925(programlisting)
15344
19563
#, no-wrap
15345
19564
msgid ""
15346
19565
"\n"
15347
19566
"steve/admin@EXAMPLE.COM *\n"
15348
19567
msgstr ""
15349
19568
15350
#: serverguide/C/network-auth.xml:2192(para)
19569
#: serverguide/C/network-auth.xml:2929(para)
15351
19570
msgid ""
15352
19571
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15353
"any operation on all principals in the realm."
19572
"any operation on all principals in the realm. You can configure principals "
19573
"with more restrictive privileges, which is convenient if you need an admin "
19574
"principal that junior staff can use in Kerberos clients. Please see the "
19575
"<emphasis>kadm5.acl</emphasis> man page for details."
15354
19576
msgstr ""
15355
19577
15356
#: serverguide/C/network-auth.xml:2199(para)
19578
#: serverguide/C/network-auth.xml:2941(para)
15357
19579
msgid ""
15358
19580
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15359
19581
"to take affect:"
15360
19582
msgstr ""
15361
19583
15362
#: serverguide/C/network-auth.xml:2204(command)
19584
#: serverguide/C/network-auth.xml:2946(command)
15363
19585
msgid "sudo /etc/init.d/krb5-admin-server restart"
15364
19586
msgstr ""
15365
19587
15366
#: serverguide/C/network-auth.xml:2210(para)
19588
#: serverguide/C/network-auth.xml:2952(para)
15367
19589
msgid ""
15368
19590
"The new user principal can be tested using the <application>kinit "
15369
19591
"utility</application>:"
15370
19592
msgstr ""
15371
19593
15372
#: serverguide/C/network-auth.xml:2215(command)
19594
#: serverguide/C/network-auth.xml:2957(command)
15373
19595
msgid "kinit steve/admin"
15374
19596
msgstr ""
15375
19597
15376
#: serverguide/C/network-auth.xml:2216(computeroutput)
19598
#: serverguide/C/network-auth.xml:2958(computeroutput)
15377
19599
#, no-wrap
15378
19600
msgid "steve/admin@EXAMPLE.COM's Password:"
15379
19601
msgstr ""
15380
19602
15381
#: serverguide/C/network-auth.xml:2219(para)
19603
#: serverguide/C/network-auth.xml:2961(para)
15382
19604
msgid ""
15383
19605
"After entering the password, use the <application>klist</application> "
15384
19606
"utility to view information about the Ticket Granting Ticket (TGT):"
15385
19607
msgstr ""
15386
19608
15387
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
19609
#: serverguide/C/network-auth.xml:2967(command) serverguide/C/network-auth.xml:3344(command)
15388
19610
msgid "klist"
15389
19611
msgstr ""
15390
19612
15391
#: serverguide/C/network-auth.xml:2226(computeroutput)
19613
#: serverguide/C/network-auth.xml:2968(computeroutput)
15392
19614
#, no-wrap
15393
19615
msgid ""
15394
19616
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15398
19620
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15399
19621
msgstr ""
15400
19622
15401
#: serverguide/C/network-auth.xml:2233(para)
19623
#: serverguide/C/network-auth.xml:2975(para)
15402
19624
msgid ""
15403
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15404
"the KDC. For example:"
19625
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
19626
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
19627
"case is <filename>1000</filename>. You may need to add an entry into the "
19628
"<filename>/etc/hosts</filename> for the KDC so the client can find the KDC. "
19629
"For example:"
15405
19630
msgstr ""
15406
19631
15407
#: serverguide/C/network-auth.xml:2237(programlisting)
19632
#: serverguide/C/network-auth.xml:2984(programlisting)
15408
19633
#, no-wrap
15409
19634
msgid ""
15410
19635
"\n"
15411
19636
"192.168.0.1 kdc01.example.com kdc01\n"
15412
19637
msgstr ""
15413
19638
15414
#: serverguide/C/network-auth.xml:2241(para)
19639
#: serverguide/C/network-auth.xml:2988(para)
15415
19640
msgid ""
15416
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
19641
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
19642
"This usually happens when you have a Kerberos realm encompassing different "
19643
"networks separated by routers."
15417
19644
msgstr ""
15418
19645
15419
#: serverguide/C/network-auth.xml:2248(para)
19646
#: serverguide/C/network-auth.xml:2997(para)
15420
19647
msgid ""
15421
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15422
"are needed. Add the following to "
19648
"The best way to allow clients to automatically determine the KDC for the "
19649
"Realm is using DNS SRV records. Add the following to "
15423
19650
"<filename>/etc/named/db.example.com</filename>:"
15424
19651
msgstr ""
15425
19652
15426
#: serverguide/C/network-auth.xml:2253(programlisting)
19653
#: serverguide/C/network-auth.xml:3003(programlisting)
15427
19654
#, no-wrap
15428
19655
msgid ""
15429
19656
"\n"
15435
19662
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15436
19663
msgstr ""
15437
19664
15438
#: serverguide/C/network-auth.xml:2263(para)
19665
#: serverguide/C/network-auth.xml:3013(para)
15439
19666
msgid ""
15440
19667
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15441
19668
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15442
19669
"KDC."
15443
19670
msgstr ""
15444
19671
15445
#: serverguide/C/network-auth.xml:2269(para)
19672
#: serverguide/C/network-auth.xml:3019(para)
15446
19673
msgid ""
15447
19674
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15448
19675
msgstr ""
15449
19676
15450
#: serverguide/C/network-auth.xml:2276(para)
19677
#: serverguide/C/network-auth.xml:3026(para)
15451
19678
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15452
19679
msgstr ""
15453
19680
15454
#: serverguide/C/network-auth.xml:2283(title)
19681
#: serverguide/C/network-auth.xml:3033(title)
15455
19682
msgid "Secondary KDC"
15456
19683
msgstr ""
15457
19684
15458
#: serverguide/C/network-auth.xml:2285(para)
19685
#: serverguide/C/network-auth.xml:3035(para)
15459
19686
msgid ""
15460
19687
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15461
"practice to have a Secondary KDC in case the primary becomes unavailable."
19688
"practice to have a Secondary KDC in case the primary becomes unavailable. "
19689
"Also, if you have Kerberos clients that are in different networks (possibly "
19690
"separated by routers using NAT), it is wise to place a secondary KDC in each "
19691
"of those networks."
15462
19692
msgstr ""
15463
19693
15464
#: serverguide/C/network-auth.xml:2293(para)
19694
#: serverguide/C/network-auth.xml:3046(para)
15465
19695
msgid ""
15466
19696
"First, install the packages, and when asked for the Kerberos and Admin "
15467
19697
"server names enter the name of the Primary KDC:"
15468
19698
msgstr ""
15469
19699
15470
#: serverguide/C/network-auth.xml:2304(para)
19700
#: serverguide/C/network-auth.xml:3057(para)
15471
19701
msgid ""
15472
19702
"Once you have the packages installed, create the Secondary KDC's host "
15473
19703
"principal. From a terminal prompt, enter:"
15474
19704
msgstr ""
15475
19705
15476
#: serverguide/C/network-auth.xml:2309(command)
19706
#: serverguide/C/network-auth.xml:3062(command)
15477
19707
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15478
19708
msgstr ""
15479
19709
15480
#: serverguide/C/network-auth.xml:2313(para)
19710
#: serverguide/C/network-auth.xml:3066(para)
15481
19711
msgid ""
15482
19712
"After, issuing any <application>kadmin</application> commands you will be "
15483
19713
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15484
19714
"password."
15485
19715
msgstr ""
15486
19716
15487
#: serverguide/C/network-auth.xml:2322(para)
19717
#: serverguide/C/network-auth.xml:3075(para)
15488
19718
msgid "Extract the <emphasis>keytab</emphasis> file:"
15489
19719
msgstr ""
15490
19720
15491
#: serverguide/C/network-auth.xml:2327(command)
15492
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
19721
#: serverguide/C/network-auth.xml:3080(command)
19722
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
15493
19723
msgstr ""
15494
19724
15495
#: serverguide/C/network-auth.xml:2333(para)
19725
#: serverguide/C/network-auth.xml:3086(para)
15496
19726
msgid ""
15497
19727
"There should now be a <filename>keytab.kdc02</filename> in the current "
15498
19728
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15499
19729
msgstr ""
15500
19730
15501
#: serverguide/C/network-auth.xml:2339(command)
19731
#: serverguide/C/network-auth.xml:3092(command)
15502
19732
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15503
19733
msgstr ""
15504
19734
15505
#: serverguide/C/network-auth.xml:2343(para)
19735
#: serverguide/C/network-auth.xml:3096(para)
15506
19736
msgid ""
15507
19737
"If the path to the <filename>keytab.kdc02</filename> file is different "
15508
19738
"adjust accordingly."
15509
19739
msgstr ""
15510
19740
15511
#: serverguide/C/network-auth.xml:2348(para)
19741
#: serverguide/C/network-auth.xml:3101(para)
15512
19742
msgid ""
15513
19743
"Also, you can list the principals in a Keytab file, which can be useful when "
15514
19744
"troubleshooting, using the <application>klist</application> utility:"
15515
19745
msgstr ""
15516
19746
15517
#: serverguide/C/network-auth.xml:2354(command)
19747
#: serverguide/C/network-auth.xml:3107(command)
15518
19748
msgid "sudo klist -k /etc/krb5.keytab"
15519
19749
msgstr ""
15520
19750
15521
#: serverguide/C/network-auth.xml:2360(para)
19751
#: serverguide/C/network-auth.xml:3110(para)
19752
msgid ""
19753
"The <application>-k</application> option indicates the file is a keytab file."
19754
msgstr ""
19755
19756
#: serverguide/C/network-auth.xml:3117(para)
15522
19757
msgid ""
15523
19758
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15524
19759
"that lists all KDCs for the Realm. For example, on both primary and "
15525
19760
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15526
19761
msgstr ""
15527
19762
15528
#: serverguide/C/network-auth.xml:2365(programlisting)
19763
#: serverguide/C/network-auth.xml:3122(programlisting)
15529
19764
#, no-wrap
15530
19765
msgid ""
15531
19766
"\n"
15533
19768
"host/kdc02.example.com@EXAMPLE.COM\n"
15534
19769
msgstr ""
15535
19770
15536
#: serverguide/C/network-auth.xml:2373(para)
19771
#: serverguide/C/network-auth.xml:3130(para)
15537
19772
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15538
19773
msgstr ""
15539
19774
15540
#: serverguide/C/network-auth.xml:2378(command)
19775
#: serverguide/C/network-auth.xml:3135(command)
15541
19776
msgid "sudo kdb5_util -s create"
15542
19777
msgstr ""
15543
19778
15544
#: serverguide/C/network-auth.xml:2384(para)
19779
#: serverguide/C/network-auth.xml:3141(para)
15545
19780
msgid ""
15546
19781
"Now start the <application>kpropd</application> daemon, which listens for "
15547
19782
"connections from the <application>kprop</application> utility. "
15548
19783
"<application>kprop</application> is used to transfer dump files:"
15549
19784
msgstr ""
15550
19785
15551
#: serverguide/C/network-auth.xml:2391(command)
19786
#: serverguide/C/network-auth.xml:3148(command)
15552
19787
msgid "sudo kpropd -S"
15553
19788
msgstr ""
15554
19789
15555
#: serverguide/C/network-auth.xml:2397(para)
19790
#: serverguide/C/network-auth.xml:3154(para)
15556
19791
msgid ""
15557
19792
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15558
19793
"of the principal database:"
15559
19794
msgstr ""
15560
19795
15561
#: serverguide/C/network-auth.xml:2402(command)
19796
#: serverguide/C/network-auth.xml:3159(command)
15562
19797
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15563
19798
msgstr ""
15564
19799
15565
#: serverguide/C/network-auth.xml:2408(para)
19800
#: serverguide/C/network-auth.xml:3165(para)
15566
19801
msgid ""
15567
19802
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15568
19803
"<filename>/etc/krb5.keytab</filename>:"
15569
19804
msgstr ""
15570
19805
15571
#: serverguide/C/network-auth.xml:2413(command)
19806
#: serverguide/C/network-auth.xml:3170(command)
15572
19807
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15573
19808
msgstr ""
15574
19809
15575
#: serverguide/C/network-auth.xml:2414(command)
19810
#: serverguide/C/network-auth.xml:3171(command)
15576
19811
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15577
19812
msgstr ""
15578
19813
15579
#: serverguide/C/network-auth.xml:2418(para)
19814
#: serverguide/C/network-auth.xml:3175(para)
15580
19815
msgid ""
15581
19816
"Make sure there is a <emphasis>host</emphasis> for "
15582
19817
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15583
19818
msgstr ""
15584
19819
15585
#: serverguide/C/network-auth.xml:2426(para)
19820
#: serverguide/C/network-auth.xml:3183(para)
15586
19821
msgid ""
15587
19822
"Using the <application>kprop</application> utility push the database to the "
15588
19823
"Secondary KDC:"
15589
19824
msgstr ""
15590
19825
15591
#: serverguide/C/network-auth.xml:2431(command)
19826
#: serverguide/C/network-auth.xml:3188(command)
15592
19827
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15593
19828
msgstr ""
15594
19829
15595
#: serverguide/C/network-auth.xml:2435(para)
19830
#: serverguide/C/network-auth.xml:3192(para)
15596
19831
msgid ""
15597
19832
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15598
19833
"worked. If there is an error message check "
15600
19835
"information."
15601
19836
msgstr ""
15602
19837
15603
#: serverguide/C/network-auth.xml:2441(para)
19838
#: serverguide/C/network-auth.xml:3198(para)
15604
19839
msgid ""
15605
19840
"You may also want to create a <application>cron</application> job to "
15606
19841
"periodically update the database on the Secondary KDC. For example, the "
15607
"following will push the database every hour:"
19842
"following will push the database every hour (note the long line has been "
19843
"split to fit the format of this document):"
15608
19844
msgstr ""
15609
19845
15610
#: serverguide/C/network-auth.xml:2446(programlisting)
19846
#: serverguide/C/network-auth.xml:3203(programlisting)
15611
19847
#, no-wrap
15612
19848
msgid ""
15613
19849
"\n"
15614
19850
"# m h dom mon dow command\n"
15615
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
19851
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && \n"
15616
19852
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15617
19853
msgstr ""
15618
19854
15619
#: serverguide/C/network-auth.xml:2454(para)
19855
#: serverguide/C/network-auth.xml:3212(para)
15620
19856
msgid ""
15621
19857
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15622
19858
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15623
19859
msgstr ""
15624
19860
15625
#: serverguide/C/network-auth.xml:2460(command)
19861
#: serverguide/C/network-auth.xml:3218(command)
15626
19862
msgid "sudo kdb5_util stash"
15627
19863
msgstr ""
15628
19864
15629
#: serverguide/C/network-auth.xml:2466(para)
19865
#: serverguide/C/network-auth.xml:3224(para)
15630
19866
msgid ""
15631
19867
"Finally, start the <application>krb5-kdc</application> daemon on the "
15632
19868
"Secondary KDC:"
15633
19869
msgstr ""
15634
19870
15635
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
19871
#: serverguide/C/network-auth.xml:3229(command) serverguide/C/network-auth.xml:3905(command)
15636
19872
msgid "sudo /etc/init.d/krb5-kdc start"
15637
19873
msgstr ""
15638
19874
15639
#: serverguide/C/network-auth.xml:2477(para)
19875
#: serverguide/C/network-auth.xml:3235(para)
15640
19876
msgid ""
15641
19877
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15642
19878
"for the Realm. You can test this by stopping the <application>krb5-"
15643
"kdc</application> daemon on the Primary KDC, then use "
19879
"kdc</application> daemon on the Primary KDC, then by using "
15644
19880
"<application>kinit</application> to request a ticket. If all goes well you "
15645
"should receive a ticket from the Secondary KDC."
19881
"should receive a ticket from the Secondary KDC. Otherwise, check "
19882
"<filename>/var/log/syslog</filename> and "
19883
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
15646
19884
msgstr ""
15647
19885
15648
#: serverguide/C/network-auth.xml:2485(title)
19886
#: serverguide/C/network-auth.xml:3246(title)
15649
19887
msgid "Kerberos Linux Client"
15650
19888
msgstr ""
15651
19889
15652
#: serverguide/C/network-auth.xml:2487(para)
19890
#: serverguide/C/network-auth.xml:3248(para)
15653
19891
msgid ""
15654
19892
"This section covers configuring a Linux system as a "
15655
19893
"<application>Kerberos</application> client. This will allow access to any "
15656
19894
"kerberized services once a user has successfully logged into the system."
15657
19895
msgstr ""
15658
19896
15659
#: serverguide/C/network-auth.xml:2495(para)
19897
#: serverguide/C/network-auth.xml:3256(para)
15660
19898
msgid ""
15661
19899
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15662
19900
"user</application> and <application>libpam-krb5</application> packages are "
15665
19903
"prompt:"
15666
19904
msgstr ""
15667
19905
15668
#: serverguide/C/network-auth.xml:2502(command)
19906
#: serverguide/C/network-auth.xml:3263(command)
15669
19907
msgid ""
15670
19908
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15671
19909
msgstr ""
15672
19910
15673
#: serverguide/C/network-auth.xml:2505(para)
19911
#: serverguide/C/network-auth.xml:3266(para)
15674
19912
msgid ""
15675
19913
"The <application>auth-client-config</application> package allows simple "
15676
19914
"configuration of PAM for authentication from multiple sources, and the "
15681
19919
"be accessed off the network as well."
15682
19920
msgstr ""
15683
19921
15684
#: serverguide/C/network-auth.xml:2516(para)
19922
#: serverguide/C/network-auth.xml:3277(para)
15685
19923
msgid "To configure the client in a terminal enter:"
15686
19924
msgstr ""
15687
19925
15688
#: serverguide/C/network-auth.xml:2521(command)
19926
#: serverguide/C/network-auth.xml:3282(command)
15689
19927
msgid "sudo dpkg-reconfigure krb5-config"
15690
19928
msgstr ""
15691
19929
15692
#: serverguide/C/network-auth.xml:2524(para)
19930
#: serverguide/C/network-auth.xml:3285(para)
15693
19931
msgid ""
15694
19932
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15695
19933
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15697
19935
"Center (KDC) and Realm Administration server."
15698
19936
msgstr ""
15699
19937
15700
#: serverguide/C/network-auth.xml:2530(para)
19938
#: serverguide/C/network-auth.xml:3291(para)
15701
19939
msgid ""
15702
19940
"The <application>dpkg-reconfigure</application> adds entries to the "
15703
19941
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15704
19942
"entries similar to the following:"
15705
19943
msgstr ""
15706
19944
15707
#: serverguide/C/network-auth.xml:2535(programlisting)
19945
#: serverguide/C/network-auth.xml:3296(programlisting)
15708
19946
#, no-wrap
15709
19947
msgid ""
15710
19948
"\n"
15718
19956
" }\n"
15719
19957
msgstr ""
15720
19958
15721
#: serverguide/C/network-auth.xml:2546(para)
19959
#: serverguide/C/network-auth.xml:3308(para)
19960
msgid ""
19961
"If you set the uid of each of your network-authenticated users to start at "
19962
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
19963
"can then tell pam to only try to authenticate using Kerberos users with uid "
19964
"> 5000:"
19965
msgstr ""
19966
19967
#: serverguide/C/network-auth.xml:3316(command)
19968
msgid ""
19969
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
19970
"for i in common-auth common-session common-account common-password; do sudo "
19971
"sed -i -r \\ -e 's/pam_krb5.so minimum_uid=1000/pam_krb5.so "
19972
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
19973
msgstr ""
19974
19975
#: serverguide/C/network-auth.xml:3323(para)
19976
msgid ""
19977
"This will avoid being asked for the (non-existent) Kerberos password of a "
19978
"locally authenticated user when changing its password using "
19979
"<command>passwd</command>."
19980
msgstr ""
19981
19982
#: serverguide/C/network-auth.xml:3330(para)
15722
19983
msgid ""
15723
19984
"You can test the configuration by requesting a ticket using the "
15724
19985
"<application>kinit</application> utility. For example:"
15725
19986
msgstr ""
15726
19987
15727
#: serverguide/C/network-auth.xml:2551(command)
19988
#: serverguide/C/network-auth.xml:3335(command)
15728
19989
msgid "kinit steve@EXAMPLE.COM"
15729
19990
msgstr ""
15730
19991
15731
#: serverguide/C/network-auth.xml:2552(computeroutput)
19992
#: serverguide/C/network-auth.xml:3336(computeroutput)
15732
19993
#, no-wrap
15733
19994
msgid "Password for steve@EXAMPLE.COM:"
15734
19995
msgstr ""
15735
19996
15736
#: serverguide/C/network-auth.xml:2555(para)
19997
#: serverguide/C/network-auth.xml:3339(para)
15737
19998
msgid ""
15738
19999
"When a ticket has been granted, the details can be viewed using "
15739
20000
"<application>klist</application>:"
15740
20001
msgstr ""
15741
20002
15742
#: serverguide/C/network-auth.xml:2561(computeroutput)
20003
#: serverguide/C/network-auth.xml:3345(computeroutput)
15743
20004
#, no-wrap
15744
20005
msgid ""
15745
20006
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15754
20015
"klist: You have no tickets cached"
15755
20016
msgstr ""
15756
20017
15757
#: serverguide/C/network-auth.xml:2573(para)
20018
#: serverguide/C/network-auth.xml:3357(para)
15758
20019
msgid ""
15759
20020
"Next, use the <application>auth-client-config</application> to configure the "
15760
20021
"<application>libpam-krb5</application> module to request a ticket during "
15761
20022
"login:"
15762
20023
msgstr ""
15763
20024
15764
#: serverguide/C/network-auth.xml:2579(command)
20025
#: serverguide/C/network-auth.xml:3363(command)
15765
20026
msgid "sudo auth-client-config -a -p kerberos_example"
15766
20027
msgstr ""
15767
20028
15768
#: serverguide/C/network-auth.xml:2582(para)
20029
#: serverguide/C/network-auth.xml:3366(para)
15769
20030
msgid ""
15770
20031
"You will should now receive a ticket upon successful login authentication."
15771
20032
msgstr ""
15772
20033
15773
#: serverguide/C/network-auth.xml:2593(para)
20034
#: serverguide/C/network-auth.xml:3377(para)
15774
20035
msgid ""
15775
"For more information on Kerberos see the <ulink "
20036
"For more information on MIT's version of Kerberos, see the <ulink "
15776
20037
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15777
20038
msgstr ""
15778
20039
15779
#: serverguide/C/network-auth.xml:2598(para)
20040
#: serverguide/C/network-auth.xml:3382(para)
15780
20041
msgid ""
15781
20042
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15782
20043
"Kerberos</ulink> page has more details."
15783
20044
msgstr ""
15784
20045
15785
#: serverguide/C/network-auth.xml:2603(para)
20046
#: serverguide/C/network-auth.xml:3387(para)
15786
20047
msgid ""
15787
20048
"O'Reilly's <ulink "
15788
20049
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15789
20050
"Guide</ulink> is a great reference when setting up Kerberos."
15790
20051
msgstr ""
15791
20052
15792
#: serverguide/C/network-auth.xml:2609(para)
20053
#: serverguide/C/network-auth.xml:3393(para)
15793
20054
msgid ""
15794
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15795
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15796
"Kerberos questions."
20055
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
20056
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
20057
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
15797
20058
msgstr ""
15798
20059
15799
#: serverguide/C/network-auth.xml:2619(title)
20060
#: serverguide/C/network-auth.xml:3405(title)
15800
20061
msgid "Kerberos and LDAP"
15801
20062
msgstr ""
15802
20063
15803
#: serverguide/C/network-auth.xml:2621(para)
20064
#: serverguide/C/network-auth.xml:3407(para)
20065
msgid ""
20066
"Most people will not use Kerberos by itself; once an user is authenticated "
20067
"(Kerberos), we need to figure out what this user can do (authorization). And "
20068
"that would be the job of programs such as <application>LDAP</application>."
20069
msgstr ""
20070
20071
#: serverguide/C/network-auth.xml:3414(para)
15804
20072
msgid ""
15805
20073
"Replicating a Kerberos principal database between two servers can be "
15806
20074
"complicated, and adds an additional user database to your network. "
15810
20078
"<application>OpenLDAP</application> for the principal database."
15811
20079
msgstr ""
15812
20080
15813
#: serverguide/C/network-auth.xml:2629(title)
20081
#: serverguide/C/network-auth.xml:3422(para)
20082
msgid ""
20083
"The examples presented here assume <application>MIT Kerberos</application> "
20084
"and <application>OpenLDAP</application>."
20085
msgstr ""
20086
20087
#: serverguide/C/network-auth.xml:3430(title)
15814
20088
msgid "Configuring OpenLDAP"
15815
20089
msgstr ""
15816
20090
15817
#: serverguide/C/network-auth.xml:2631(para)
20091
#: serverguide/C/network-auth.xml:3432(para)
15818
20092
msgid ""
15819
20093
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15820
20094
"<application>OpenLDAP</application> server that has network connectivity to "
15823
20097
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15824
20098
msgstr ""
15825
20099
15826
#: serverguide/C/network-auth.xml:2638(para)
20100
#: serverguide/C/network-auth.xml:3438(para)
15827
20101
msgid ""
15828
20102
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15829
20103
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15830
20104
"linkend=\"openldap-tls\"/> for details."
15831
20105
msgstr ""
15832
20106
15833
#: serverguide/C/network-auth.xml:2645(para)
20107
#: serverguide/C/network-auth.xml:3444(para)
20108
msgid ""
20109
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
20110
"edit the ldap database. Many times it is the RootDN. Change its value to "
20111
"reflect your setup."
20112
msgstr ""
20113
20114
#: serverguide/C/network-auth.xml:3453(para)
15834
20115
msgid ""
15835
20116
"To load the schema into LDAP, on the LDAP server install the "
15836
20117
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15837
20118
msgstr ""
15838
20119
15839
#: serverguide/C/network-auth.xml:2651(command)
20120
#: serverguide/C/network-auth.xml:3459(command)
15840
20121
msgid "sudo apt-get install krb5-kdc-ldap"
15841
20122
msgstr ""
15842
20123
15843
#: serverguide/C/network-auth.xml:2656(para)
20124
#: serverguide/C/network-auth.xml:3464(para)
15844
20125
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15845
20126
msgstr ""
15846
20127
15847
#: serverguide/C/network-auth.xml:2661(command)
20128
#: serverguide/C/network-auth.xml:3469(command)
15848
20129
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15849
20130
msgstr ""
15850
20131
15851
#: serverguide/C/network-auth.xml:2662(command)
20132
#: serverguide/C/network-auth.xml:3470(command)
15852
20133
msgid ""
15853
20134
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15854
20135
msgstr ""
15855
20136
15856
#: serverguide/C/network-auth.xml:2668(para)
20137
#: serverguide/C/network-auth.xml:3476(para)
15857
20138
msgid ""
15858
20139
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15859
20140
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15861
20142
"linkend=\"openldap-configuration\"/>."
15862
20143
msgstr ""
15863
20144
15864
#: serverguide/C/network-auth.xml:2681(programlisting)
20145
#: serverguide/C/network-auth.xml:3484(para)
20146
msgid ""
20147
"First, create a configuration file named "
20148
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
20149
"containing the following lines:"
20150
msgstr ""
20151
20152
#: serverguide/C/network-auth.xml:3489(programlisting)
15865
20153
#, no-wrap
15866
20154
msgid ""
15867
20155
"\n"
15880
20168
"include /etc/ldap/schema/kerberos.schema\n"
15881
20169
msgstr ""
15882
20170
15883
#: serverguide/C/network-auth.xml:2701(para)
20171
#: serverguide/C/network-auth.xml:3509(para)
15884
20172
msgid "Create a temporary directory to hold the LDIF files:"
15885
20173
msgstr ""
15886
20174
15887
#: serverguide/C/network-auth.xml:2716(command)
15888
msgid ""
15889
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
20175
#: serverguide/C/network-auth.xml:3513(command)
20176
msgid "mkdir /tmp/ldif_output"
20177
msgstr ""
20178
20179
#: serverguide/C/network-auth.xml:3519(para)
20180
msgid ""
20181
"Now use <application>slapcat</application> to convert the schema files:"
20182
msgstr ""
20183
20184
#: serverguide/C/network-auth.xml:3524(command)
20185
msgid ""
20186
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
15890
20187
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15891
20188
msgstr ""
15892
20189
15893
#: serverguide/C/network-auth.xml:2726(para)
20190
#: serverguide/C/network-auth.xml:3528(para)
20191
msgid ""
20192
"Change the above file and path names to match your own if they are different."
20193
msgstr ""
20194
20195
#: serverguide/C/network-auth.xml:3535(para)
15894
20196
msgid ""
15895
20197
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15896
20198
"changing the following attributes:"
15897
20199
msgstr ""
15898
20200
15899
#: serverguide/C/network-auth.xml:2730(programlisting)
20201
#: serverguide/C/network-auth.xml:3539(programlisting)
15900
20202
#, no-wrap
15901
20203
msgid ""
15902
20204
"\n"
15905
20207
"cn: kerberos\n"
15906
20208
msgstr ""
15907
20209
15908
#: serverguide/C/network-auth.xml:2736(para)
20210
#: serverguide/C/network-auth.xml:3545(para)
15909
20211
msgid "And remove the following lines from the end of the file:"
15910
20212
msgstr ""
15911
20213
15912
#: serverguide/C/network-auth.xml:2740(programlisting)
20214
#: serverguide/C/network-auth.xml:3549(programlisting)
15913
20215
#, no-wrap
15914
20216
msgid ""
15915
20217
"\n"
15922
20224
"modifyTimestamp: 20090111203515Z\n"
15923
20225
msgstr ""
15924
20226
15925
#: serverguide/C/network-auth.xml:2759(para)
20227
#: serverguide/C/network-auth.xml:3559(para)
20228
msgid ""
20229
"The attribute values will vary, just be sure the attributes are removed."
20230
msgstr ""
20231
20232
#: serverguide/C/network-auth.xml:3566(para)
15926
20233
msgid "Load the new schema with <application>ldapadd</application>:"
15927
20234
msgstr ""
15928
20235
15929
#: serverguide/C/network-auth.xml:2764(command)
20236
#: serverguide/C/network-auth.xml:3571(command)
15930
20237
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15931
20238
msgstr ""
15932
20239
15933
#: serverguide/C/network-auth.xml:2770(para)
20240
#: serverguide/C/network-auth.xml:3577(para)
15934
20241
msgid ""
15935
20242
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15936
20243
msgstr ""
15937
20244
15938
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
20245
#: serverguide/C/network-auth.xml:3582(command) serverguide/C/network-auth.xml:3599(command)
15939
20246
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15940
20247
msgstr ""
15941
20248
15942
#: serverguide/C/network-auth.xml:2777(userinput)
20249
#: serverguide/C/network-auth.xml:3584(userinput)
15943
20250
#, no-wrap
15944
20251
msgid ""
15945
20252
"dn: olcDatabase={1}hdb,cn=config\n"
15947
20254
"olcDbIndex: krbPrincipalName eq,pres,sub"
15948
20255
msgstr ""
15949
20256
15950
#: serverguide/C/network-auth.xml:2776(computeroutput)
20257
#: serverguide/C/network-auth.xml:3583(computeroutput)
15951
20258
#, no-wrap
15952
20259
msgid ""
15953
20260
"Enter LDAP Password:\n"
15956
20263
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15957
20264
msgstr ""
15958
20265
15959
#: serverguide/C/network-auth.xml:2787(para)
20266
#: serverguide/C/network-auth.xml:3594(para)
15960
20267
msgid "Finally, update the Access Control Lists (ACL):"
15961
20268
msgstr ""
15962
20269
15963
#: serverguide/C/network-auth.xml:2794(userinput)
20270
#: serverguide/C/network-auth.xml:3601(userinput)
15964
20271
#, no-wrap
15965
20272
msgid ""
15966
20273
"dn: olcDatabase={1}hdb,cn=config\n"
15967
20274
"replace: olcAccess\n"
15968
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15969
"dn=\"cn=admin,dc=exampl\n"
15970
" e,dc=com\" write by anonymous auth by self write by * none\n"
20275
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by\n"
20276
" dn=\"cn=admin,dc=example,dc=com\" write by anonymous auth by self write by "
20277
"* none\n"
15971
20278
"-\n"
15972
20279
"add: olcAccess\n"
15973
20280
"olcAccess: to dn.base=\"\" by * read\n"
15976
20283
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15977
20284
msgstr ""
15978
20285
15979
#: serverguide/C/network-auth.xml:2793(computeroutput)
20286
#: serverguide/C/network-auth.xml:3600(computeroutput)
15980
20287
#, no-wrap
15981
20288
msgid ""
15982
20289
"Enter LDAP Password: \n"
15985
20292
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15986
20293
msgstr ""
15987
20294
15988
#: serverguide/C/network-auth.xml:2814(para)
20295
#: serverguide/C/network-auth.xml:3621(para)
15989
20296
msgid ""
15990
20297
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15991
20298
"database."
15992
20299
msgstr ""
15993
20300
15994
#: serverguide/C/network-auth.xml:2820(title)
20301
#: serverguide/C/network-auth.xml:3627(title)
15995
20302
msgid "Primary KDC Configuration"
15996
20303
msgstr ""
15997
20304
15998
#: serverguide/C/network-auth.xml:2822(para)
20305
#: serverguide/C/network-auth.xml:3629(para)
15999
20306
msgid ""
16000
20307
"With <application>OpenLDAP</application> configured it is time to configure "
16001
20308
"the KDC."
16002
20309
msgstr ""
16003
20310
16004
#: serverguide/C/network-auth.xml:2828(para)
20311
#: serverguide/C/network-auth.xml:3635(para)
16005
20312
msgid "First, install the necessary packages, from a terminal enter:"
16006
20313
msgstr ""
16007
20314
16008
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
20315
#: serverguide/C/network-auth.xml:3640(command) serverguide/C/network-auth.xml:3799(command)
16009
20316
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16010
20317
msgstr ""
16011
20318
16012
#: serverguide/C/network-auth.xml:2839(para)
20319
#: serverguide/C/network-auth.xml:3646(para)
16013
20320
msgid ""
16014
20321
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16015
20322
"under the appropriate sections:"
16016
20323
msgstr ""
16017
20324
16018
#: serverguide/C/network-auth.xml:2843(programlisting)
20325
#: serverguide/C/network-auth.xml:3650(programlisting)
16019
20326
#, no-wrap
16020
20327
msgid ""
16021
20328
"\n"
16065
20372
" }\n"
16066
20373
msgstr ""
16067
20374
16068
#: serverguide/C/network-auth.xml:2888(para)
20375
#: serverguide/C/network-auth.xml:3695(para)
16069
20376
msgid ""
16070
20377
"Change <emphasis>example.com</emphasis>, "
16071
20378
"<emphasis>dc=example,dc=com</emphasis>, "
16074
20381
"object, and LDAP server for your network."
16075
20382
msgstr ""
16076
20383
16077
#: serverguide/C/network-auth.xml:2897(para)
20384
#: serverguide/C/network-auth.xml:3704(para)
16078
20385
msgid ""
16079
20386
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16080
20387
"the realm:"
16081
20388
msgstr ""
16082
20389
16083
#: serverguide/C/network-auth.xml:2902(command)
20390
#: serverguide/C/network-auth.xml:3709(command)
16084
20391
msgid ""
16085
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
20392
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
16086
20393
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16087
20394
msgstr ""
16088
20395
16089
#: serverguide/C/network-auth.xml:2908(para)
20396
#: serverguide/C/network-auth.xml:3716(para)
16090
20397
msgid ""
16091
20398
"Create a stash of the password used to bind to the LDAP server. This "
16092
20399
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16094
20401
"<filename>/etc/krb5.conf</filename>:"
16095
20402
msgstr ""
16096
20403
16097
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
20404
#: serverguide/C/network-auth.xml:3722(command) serverguide/C/network-auth.xml:3861(command)
16098
20405
msgid ""
16099
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
20406
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
16100
20407
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16101
20408
msgstr ""
16102
20409
16103
#: serverguide/C/network-auth.xml:2920(para)
20410
#: serverguide/C/network-auth.xml:3729(para)
16104
20411
msgid "Copy the CA certificate from the LDAP server:"
16105
20412
msgstr ""
16106
20413
16107
#: serverguide/C/network-auth.xml:2925(command)
20414
#: serverguide/C/network-auth.xml:3734(command)
16108
20415
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16109
20416
msgstr ""
16110
20417
16111
#: serverguide/C/network-auth.xml:2926(command)
20418
#: serverguide/C/network-auth.xml:3735(command)
16112
20419
msgid "sudo cp cacert.pem /etc/ssl/certs"
16113
20420
msgstr ""
16114
20421
16115
#: serverguide/C/network-auth.xml:2929(para)
20422
#: serverguide/C/network-auth.xml:3738(para)
16116
20423
msgid ""
16117
20424
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16118
20425
msgstr ""
16119
20426
16120
#: serverguide/C/network-auth.xml:2933(programlisting)
20427
#: serverguide/C/network-auth.xml:3742(programlisting)
16121
20428
#, no-wrap
16122
20429
msgid ""
16123
20430
"\n"
16124
20431
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16125
20432
msgstr ""
16126
20433
16127
#: serverguide/C/network-auth.xml:2938(para)
20434
#: serverguide/C/network-auth.xml:3747(para)
16128
20435
msgid ""
16129
20436
"The certificate will also need to be copied to the Secondary KDC, to allow "
16130
20437
"the connection to the LDAP servers using LDAPS."
16131
20438
msgstr ""
16132
20439
16133
#: serverguide/C/network-auth.xml:2947(para)
20440
#: serverguide/C/network-auth.xml:3756(para)
16134
20441
msgid ""
16135
20442
"You can now add Kerberos principals to the LDAP database, and they will be "
16136
20443
"copied to any other LDAP servers configured for replication. To add a "
16137
20444
"principal using the <application>kadmin.local</application> utility enter:"
16138
20445
msgstr ""
16139
20446
16140
#: serverguide/C/network-auth.xml:2955(userinput)
20447
#: serverguide/C/network-auth.xml:3764(userinput)
16141
20448
#, no-wrap
16142
20449
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16143
20450
msgstr ""
16144
20451
16145
#: serverguide/C/network-auth.xml:2954(computeroutput)
20452
#: serverguide/C/network-auth.xml:3763(computeroutput)
16146
20453
#, no-wrap
16147
20454
msgid ""
16148
20455
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16153
20460
"Principal \"steve@EXAMPLE.COM\" created."
16154
20461
msgstr ""
16155
20462
16156
#: serverguide/C/network-auth.xml:2962(para)
20463
#: serverguide/C/network-auth.xml:3771(para)
16157
20464
msgid ""
16158
20465
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16159
20466
"krbExtraData attributes added to the "
16162
20469
"utilities to test that the user is indeed issued a ticket."
16163
20470
msgstr ""
16164
20471
16165
#: serverguide/C/network-auth.xml:2969(para)
20472
#: serverguide/C/network-auth.xml:3778(para)
16166
20473
msgid ""
16167
20474
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16168
20475
"option is needed to add the Kerberos attributes. Otherwise a new "
16169
20476
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16170
20477
msgstr ""
16171
20478
16172
#: serverguide/C/network-auth.xml:2977(title)
20479
#: serverguide/C/network-auth.xml:3786(title)
16173
20480
msgid "Secondary KDC Configuration"
16174
20481
msgstr ""
16175
20482
16176
#: serverguide/C/network-auth.xml:2979(para)
20483
#: serverguide/C/network-auth.xml:3788(para)
16177
20484
msgid ""
16178
20485
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16179
20486
"one using the normal Kerberos database."
16180
20487
msgstr ""
16181
20488
16182
#: serverguide/C/network-auth.xml:2985(para)
20489
#: serverguide/C/network-auth.xml:3794(para)
16183
20490
msgid "First, install the necessary packages. In a terminal enter:"
16184
20491
msgstr ""
16185
20492
16186
#: serverguide/C/network-auth.xml:2996(para)
20493
#: serverguide/C/network-auth.xml:3805(para)
16187
20494
msgid ""
16188
20495
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16189
20496
msgstr ""
16190
20497
16191
#: serverguide/C/network-auth.xml:3000(programlisting)
20498
#: serverguide/C/network-auth.xml:3809(programlisting)
16192
20499
#, no-wrap
16193
20500
msgid ""
16194
20501
"\n"
16237
20544
" }\n"
16238
20545
msgstr ""
16239
20546
16240
#: serverguide/C/network-auth.xml:3047(para)
20547
#: serverguide/C/network-auth.xml:3856(para)
16241
20548
msgid "Create the stash for the LDAP bind password:"
16242
20549
msgstr ""
16243
20550
16244
#: serverguide/C/network-auth.xml:3058(para)
20551
#: serverguide/C/network-auth.xml:3868(para)
16245
20552
msgid ""
16246
20553
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16247
20554
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16250
20557
"media."
16251
20558
msgstr ""
16252
20559
16253
#: serverguide/C/network-auth.xml:3065(command)
20560
#: serverguide/C/network-auth.xml:3875(command)
16254
20561
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16255
20562
msgstr ""
16256
20563
16257
#: serverguide/C/network-auth.xml:3066(command)
20564
#: serverguide/C/network-auth.xml:3876(command)
16258
20565
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16259
20566
msgstr ""
16260
20567
16261
#: serverguide/C/network-auth.xml:3070(para)
20568
#: serverguide/C/network-auth.xml:3880(para)
16262
20569
msgid ""
16263
20570
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16264
20571
msgstr ""
16265
20572
16266
#: serverguide/C/network-auth.xml:3078(para)
20573
#: serverguide/C/network-auth.xml:3888(para)
20574
msgid ""
20575
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
20576
"only,"
20577
msgstr ""
20578
20579
#: serverguide/C/network-auth.xml:3900(para)
16267
20580
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16268
20581
msgstr ""
16269
20582
16270
#: serverguide/C/network-auth.xml:3089(para)
20583
#: serverguide/C/network-auth.xml:3911(para)
20584
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20585
msgstr ""
20586
20587
#: serverguide/C/network-auth.xml:3918(para)
16271
20588
msgid ""
16272
20589
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16273
20590
"you should be able to continue to authenticate users if one LDAP server, one "
16274
20591
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16275
20592
msgstr ""
16276
20593
16277
#: serverguide/C/network-auth.xml:3101(para)
20594
#: serverguide/C/network-auth.xml:3930(para)
16278
20595
msgid ""
16279
20596
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16280
20597
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16281
20598
"Guide</ulink> has some additional details."
16282
20599
msgstr ""
16283
20600
16284
#: serverguide/C/network-auth.xml:3107(para)
20601
#: serverguide/C/network-auth.xml:3936(para)
16285
20602
msgid ""
16286
20603
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16287
20604
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16288
20605
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16289
20606
"5.6</ulink> and the <ulink "
16290
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16291
"tml\">kdb5_ldap_util man page</ulink>."
20607
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/kdb5_ldap_util.8.ht"
20608
"ml\">kdb5_ldap_util man page</ulink>."
16292
20609
msgstr ""
16293
20610
16294
#: serverguide/C/network-auth.xml:3115(para)
20611
#: serverguide/C/network-auth.xml:3944(para)
16295
20612
msgid ""
16296
20613
"Another useful link is the <ulink "
16297
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16298
">krb5.conf man page</ulink>."
20614
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/krb5.conf.5.html\">"
20615
"krb5.conf man page</ulink>."
16299
20616
msgstr ""
16300
20617
16301
#: serverguide/C/network-auth.xml:3120(para)
20618
#: serverguide/C/network-auth.xml:3949(para)
16302
20619
msgid ""
16303
20620
"Also, see the <ulink "
16304
20621
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16305
20622
"and LDAP</ulink> Ubuntu wiki page."
16306
20623
msgstr ""
16307
20624
20625
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
20626
msgid "Device Attributes"
20627
msgstr ""
20628
20629
#: serverguide/C/multipath-device-attributes-table.xml:8(entry) serverguide/C/multipath-config-defaults-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:8(entry)
20630
msgid "Attribute"
20631
msgstr ""
20632
20633
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
20634
msgid "Description"
20635
msgstr ""
20636
20637
#: serverguide/C/multipath-device-attributes-table.xml:15(emphasis)
20638
msgid "vendor"
20639
msgstr ""
20640
20641
#: serverguide/C/multipath-device-attributes-table.xml:17(emphasis)
20642
msgid "COMPAQ"
20643
msgstr ""
20644
20645
#: serverguide/C/multipath-device-attributes-table.xml:17(entry)
20646
msgid ""
20647
"Specifies the vendor name of the storage device to which the device "
20648
"attributes apply, for example <placeholder-1/>."
20649
msgstr ""
20650
20651
#: serverguide/C/multipath-device-attributes-table.xml:21(emphasis)
20652
msgid "product"
20653
msgstr ""
20654
20655
#: serverguide/C/multipath-device-attributes-table.xml:23(emphasis)
20656
msgid "HSV110 (C)COMPAQ"
20657
msgstr ""
20658
20659
#: serverguide/C/multipath-device-attributes-table.xml:23(entry)
20660
msgid ""
20661
"Specifies the product name of the storage device to which the device "
20662
"attributes apply, for example <placeholder-1/>."
20663
msgstr ""
20664
20665
#: serverguide/C/multipath-device-attributes-table.xml:27(emphasis)
20666
msgid "revision"
20667
msgstr ""
20668
20669
#: serverguide/C/multipath-device-attributes-table.xml:29(entry)
20670
msgid "Specifies the product revision identifier of the storage device."
20671
msgstr ""
20672
20673
#: serverguide/C/multipath-device-attributes-table.xml:33(emphasis)
20674
msgid "product_blacklist"
20675
msgstr ""
20676
20677
#: serverguide/C/multipath-device-attributes-table.xml:35(entry)
20678
msgid "Specifies a regular expression used to blacklist devices by product."
20679
msgstr ""
20680
20681
#: serverguide/C/multipath-device-attributes-table.xml:39(emphasis)
20682
msgid "hardware_handler"
20683
msgstr ""
20684
20685
#: serverguide/C/multipath-device-attributes-table.xml:41(para)
20686
msgid ""
20687
"Specifies a module that will be used to perform hardware specific actions "
20688
"when switching path groups or handling I/O errors. Possible values include:"
20689
msgstr ""
20690
20691
#: serverguide/C/multipath-device-attributes-table.xml:44(para)
20692
msgid ""
20693
"<emphasis role=\"bold\">1 emc</emphasis>: hardware handler for EMC storage "
20694
"arrays"
20695
msgstr ""
20696
20697
#: serverguide/C/multipath-device-attributes-table.xml:47(para)
20698
msgid ""
20699
"<emphasis role=\"bold\">1 alua</emphasis>: hardware handler for SCSI-3 ALUA "
20700
"arrays."
20701
msgstr ""
20702
20703
#: serverguide/C/multipath-device-attributes-table.xml:49(para)
20704
msgid ""
20705
"<emphasis role=\"bold\">1 hp_sw</emphasis>: hardware handler for Compaq/HP "
20706
"controllers."
20707
msgstr ""
20708
20709
#: serverguide/C/multipath-device-attributes-table.xml:53(para)
20710
msgid ""
20711
"<emphasis role=\"bold\">1 rdac</emphasis>: hardware handler for the "
20712
"LSI/Engenio RDAC controllers."
20713
msgstr ""
20714
20715
#: serverguide/C/multipath-config-defaults-table.xml:3(title)
20716
msgid "Multipath Configuration Defaults"
20717
msgstr ""
20718
20719
#: serverguide/C/multipath-config-defaults-table.xml:21(emphasis) serverguide/C/multipath-config-defaults-table.xml:26(emphasis)
20720
msgid "polling_interval"
20721
msgstr ""
20722
20723
#: serverguide/C/multipath-config-defaults-table.xml:27(emphasis)
20724
msgid "5"
20725
msgstr ""
20726
20727
#: serverguide/C/multipath-config-defaults-table.xml:24(entry)
20728
msgid ""
20729
"Specifies the interval between two path checks in seconds. For properly "
20730
"functioning paths, the interval between checks will gradually increase to (4 "
20731
"* <placeholder-1/>). The default value is <placeholder-2/>."
20732
msgstr ""
20733
20734
#: serverguide/C/multipath-config-defaults-table.xml:32(emphasis)
20735
msgid "udev_dir"
20736
msgstr ""
20737
20738
#: serverguide/C/multipath-config-defaults-table.xml:35(entry)
20739
msgid ""
20740
"The directory where udev device nodes are created. The default value is /dev."
20741
msgstr ""
20742
20743
#: serverguide/C/multipath-config-defaults-table.xml:41(emphasis)
20744
msgid "multipath_dir"
20745
msgstr ""
20746
20747
#: serverguide/C/multipath-config-defaults-table.xml:46(filename)
20748
msgid "/lib/multipath"
20749
msgstr ""
20750
20751
#: serverguide/C/multipath-config-defaults-table.xml:44(entry)
20752
msgid ""
20753
"The directory where the dynamic shared objects are stored. The default value "
20754
"is system dependent, commonly <placeholder-1/>."
20755
msgstr ""
20756
20757
#: serverguide/C/multipath-config-defaults-table.xml:51(emphasis)
20758
msgid "verbosity"
20759
msgstr ""
20760
20761
#: serverguide/C/multipath-config-defaults-table.xml:54(entry)
20762
msgid ""
20763
"The default verbosity. Higher values increase the verbosity level. Valid "
20764
"levels are between 0 and 6. The default value is 2."
20765
msgstr ""
20766
20767
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
20768
msgid "path_selector"
20769
msgstr ""
20770
20771
#: serverguide/C/multipath-config-defaults-table.xml:65(para)
20772
msgid ""
20773
"Specifies the default algorithm to use in determining what path to use for "
20774
"the next I/O operation. Possible values include:"
20775
msgstr ""
20776
20777
#: serverguide/C/multipath-config-defaults-table.xml:71(para)
20778
msgid ""
20779
"<emphasis role=\"bold\">round-robin 0</emphasis>: Loop through every path in "
20780
"the path group, sending the same amount of I/O to each."
20781
msgstr ""
20782
20783
#: serverguide/C/multipath-config-defaults-table.xml:77(para)
20784
msgid ""
20785
"<emphasis role=\"bold\">queue-length 0</emphasis>: Send the next bunch of "
20786
"I/O down the path with the least number of outstanding I/O requests."
20787
msgstr ""
20788
20789
#: serverguide/C/multipath-config-defaults-table.xml:83(para)
20790
msgid ""
20791
"<emphasis role=\"bold\">service-time 0</emphasis>: Send the next bunch of "
20792
"I/O down the path with the shortest estimated service time, which is "
20793
"determined by dividing the total size of the outstanding I/O to each path by "
20794
"its relative throughput."
20795
msgstr ""
20796
20797
#: serverguide/C/multipath-config-defaults-table.xml:91(para)
20798
msgid ""
20799
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
20800
msgstr ""
20801
20802
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
20803
msgid "path_grouping_policy"
20804
msgstr ""
20805
20806
#: serverguide/C/multipath-config-defaults-table.xml:102(para)
20807
msgid ""
20808
"Specifies the default path grouping policy to apply to unspecified "
20809
"multipaths. Possible values include:"
20810
msgstr ""
20811
20812
#: serverguide/C/multipath-config-defaults-table.xml:107(para)
20813
msgid ""
20814
"<emphasis role=\"bold\">failover</emphasis> = 1 path per priority group"
20815
msgstr ""
20816
20817
#: serverguide/C/multipath-config-defaults-table.xml:112(para)
20818
msgid ""
20819
"<emphasis role=\"bold\">multibus</emphasis> = all valid paths in 1 priority "
20820
"group"
20821
msgstr ""
20822
20823
#: serverguide/C/multipath-config-defaults-table.xml:117(para)
20824
msgid ""
20825
"<emphasis role=\"bold\">group_by_serial</emphasis> = 1 priority group per "
20826
"detected serial number"
20827
msgstr ""
20828
20829
#: serverguide/C/multipath-config-defaults-table.xml:122(para)
20830
msgid ""
20831
"<emphasis role=\"bold\">group_by_prio</emphasis> = 1 priority group per path "
20832
"priority value"
20833
msgstr ""
20834
20835
#: serverguide/C/multipath-config-defaults-table.xml:127(para)
20836
msgid ""
20837
"<emphasis role=\"bold\">group_by_node_name</emphasis> = 1 priority group per "
20838
"target node name."
20839
msgstr ""
20840
20841
#: serverguide/C/multipath-config-defaults-table.xml:132(para)
20842
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
20843
msgstr ""
20844
20845
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
20846
msgid "getuid_callout"
20847
msgstr ""
20848
20849
#: serverguide/C/multipath-config-defaults-table.xml:144(para)
20850
msgid ""
20851
"The default value is <emphasis role=\"bold\">/lib/udev/scsi_id --whitelisted "
20852
"--device=/dev/%n.</emphasis>"
20853
msgstr ""
20854
20855
#: serverguide/C/multipath-config-defaults-table.xml:142(entry)
20856
msgid ""
20857
"Specifies the default program and arguments to call out to obtain a unique "
20858
"path identifier. An absolute path is required. <placeholder-1/>"
20859
msgstr ""
20860
20861
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
20862
msgid "prio"
20863
msgstr ""
20864
20865
#: serverguide/C/multipath-config-defaults-table.xml:154(para)
20866
msgid ""
20867
"Specifies the default function to call to obtain a path priority value. For "
20868
"example, the ALUA bits in SPC-3 provide an exploitable prio value. Possible "
20869
"values include:"
20870
msgstr ""
20871
20872
#: serverguide/C/multipath-config-defaults-table.xml:160(para)
20873
msgid ""
20874
"<emphasis role=\"bold\">const</emphasis>: Set a priority of 1 to all paths."
20875
msgstr ""
20876
20877
#: serverguide/C/multipath-config-defaults-table.xml:165(para)
20878
msgid ""
20879
"<emphasis role=\"bold\">emc</emphasis>: Generate the path priority for EMC "
20880
"arrays."
20881
msgstr ""
20882
20883
#: serverguide/C/multipath-config-defaults-table.xml:170(para)
20884
msgid ""
20885
"<emphasis role=\"bold\">alua</emphasis>: Generate the path priority based on "
20886
"the SCSI-3 ALUA settings."
20887
msgstr ""
20888
20889
#: serverguide/C/multipath-config-defaults-table.xml:175(para)
20890
msgid ""
20891
"<emphasis role=\"bold\">netapp</emphasis>: Generate the path priority for "
20892
"NetApp arrays."
20893
msgstr ""
20894
20895
#: serverguide/C/multipath-config-defaults-table.xml:180(para)
20896
msgid ""
20897
"<emphasis role=\"bold\">rdac</emphasis>: Generate the path priority for "
20898
"LSI/Engenio RDAC controller."
20899
msgstr ""
20900
20901
#: serverguide/C/multipath-config-defaults-table.xml:185(para)
20902
msgid ""
20903
"<emphasis role=\"bold\">hp_sw</emphasis>: Generate the path priority for "
20904
"Compaq/HP controller in active/standby mode."
20905
msgstr ""
20906
20907
#: serverguide/C/multipath-config-defaults-table.xml:190(para)
20908
msgid ""
20909
"<emphasis role=\"bold\">hds</emphasis>: Generate the path priority for "
20910
"Hitachi HDS Modular storage arrays."
20911
msgstr ""
20912
20913
#: serverguide/C/multipath-config-defaults-table.xml:195(para)
20914
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
20915
msgstr ""
20916
20917
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
20918
msgid "prio_args"
20919
msgstr ""
20920
20921
#: serverguide/C/multipath-config-defaults-table.xml:206(para)
20922
msgid ""
20923
"The arguments string passed to the prio function Most prio functions do not "
20924
"need arguments. The datacore prioritizer need one. Example, <emphasis "
20925
"role=\"bold\">\"timeout=1000 preferredsds=foo\"</emphasis>. The default "
20926
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
20927
msgstr ""
20928
20929
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
20930
msgid "features"
20931
msgstr ""
20932
20933
#: serverguide/C/multipath-config-defaults-table.xml:220(emphasis)
20934
msgid "queue_if_no_path"
20935
msgstr ""
20936
20937
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
20938
msgid "no_path_retry"
20939
msgstr ""
20940
20941
#: serverguide/C/multipath-config-defaults-table.xml:222(emphasis) serverguide/C/multipath-config-defaults-table.xml:341(emphasis)
20942
msgid "queue"
20943
msgstr ""
20944
20945
#: serverguide/C/multipath-config-defaults-table.xml:223(link)
20946
msgid "\"Issues with queue_if_no_path feature\""
20947
msgstr ""
20948
20949
#: serverguide/C/multipath-config-defaults-table.xml:219(entry)
20950
msgid ""
20951
"The extra features of multipath devices. The only existing feature is "
20952
"<placeholder-1/>, which is the same as setting <placeholder-2/> to "
20953
"<placeholder-3/>. For information on issues that may arise when using this "
20954
"feature, see Section, <placeholder-4/>."
20955
msgstr ""
20956
20957
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
20958
msgid "path_checker"
20959
msgstr ""
20960
20961
#: serverguide/C/multipath-config-defaults-table.xml:232(para)
20962
msgid ""
20963
"Specifies the default method used to determine the state of the paths. "
20964
"Possible values include:"
20965
msgstr ""
20966
20967
#: serverguide/C/multipath-config-defaults-table.xml:237(para)
20968
msgid ""
20969
"<emphasis role=\"bold\">readsector0</emphasis>: Read the first sector of the "
20970
"device."
20971
msgstr ""
20972
20973
#: serverguide/C/multipath-config-defaults-table.xml:242(para)
20974
msgid ""
20975
"<emphasis role=\"bold\">tur</emphasis>: Issue a TEST UNIT READY to the "
20976
"device."
20977
msgstr ""
20978
20979
#: serverguide/C/multipath-config-defaults-table.xml:247(para)
20980
msgid ""
20981
"<emphasis role=\"bold\">emc_clariion</emphasis>: Query the EMC Clariion "
20982
"specific EVPD page 0xC0 to determine the path."
20983
msgstr ""
20984
20985
#: serverguide/C/multipath-config-defaults-table.xml:253(para)
20986
msgid ""
20987
"<emphasis role=\"bold\">hp_sw</emphasis>: Check the path state for HP "
20988
"storage arrays with Active/Standby firmware."
20989
msgstr ""
20990
20991
#: serverguide/C/multipath-config-defaults-table.xml:258(para)
20992
msgid ""
20993
"<emphasis role=\"bold\">rdac</emphasis>: Check the path stat for LSI/Engenio "
20994
"RDAC storage controller."
20995
msgstr ""
20996
20997
#: serverguide/C/multipath-config-defaults-table.xml:263(para)
20998
msgid ""
20999
"<emphasis role=\"bold\">directio</emphasis>: Read the first sector with "
21000
"direct I/O."
21001
msgstr ""
21002
21003
#: serverguide/C/multipath-config-defaults-table.xml:268(para)
21004
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
21005
msgstr ""
21006
21007
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
21008
msgid "failback"
21009
msgstr ""
21010
21011
#: serverguide/C/multipath-config-defaults-table.xml:279(para)
21012
msgid "Manages path group failback."
21013
msgstr ""
21014
21015
#: serverguide/C/multipath-config-defaults-table.xml:283(para)
21016
msgid ""
21017
"A value of <emphasis role=\"bold\">immediate</emphasis> specifies immediate "
21018
"failback to the highest priority path group that contains active paths."
21019
msgstr ""
21020
21021
#: serverguide/C/multipath-config-defaults-table.xml:289(para)
21022
msgid ""
21023
"A value of <emphasis role=\"bold\">manual</emphasis> specifies that there "
21024
"should not be immediate failback but that failback can happen only with "
21025
"operator intervention."
21026
msgstr ""
21027
21028
#: serverguide/C/multipath-config-defaults-table.xml:295(para)
21029
msgid ""
21030
"A numeric value greater than zero specifies deferred failback, expressed in "
21031
"seconds."
21032
msgstr ""
21033
21034
#: serverguide/C/multipath-config-defaults-table.xml:300(para)
21035
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
21036
msgstr ""
21037
21038
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
21039
msgid "rr_min_io"
21040
msgstr ""
21041
21042
#: serverguide/C/multipath-config-defaults-table.xml:311(para)
21043
msgid "The default value is <literal>1000</literal>."
21044
msgstr ""
21045
21046
#: serverguide/C/multipath-config-defaults-table.xml:310(entry)
21047
msgid ""
21048
"Specifies the number of I/O requests to route to a path before switching to "
21049
"the next path in the current path group.<placeholder-1/>"
21050
msgstr ""
21051
21052
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
21053
msgid "rr_weight"
21054
msgstr ""
21055
21056
#: serverguide/C/multipath-config-defaults-table.xml:320(emphasis)
21057
msgid "priorities"
21058
msgstr ""
21059
21060
#: serverguide/C/multipath-config-defaults-table.xml:327(emphasis)
21061
msgid "uniform"
21062
msgstr ""
21063
21064
#: serverguide/C/multipath-config-defaults-table.xml:327(para)
21065
msgid "The default value is <emphasis role=\"bold\">uniform</emphasis>."
21066
msgstr ""
21067
21068
#: serverguide/C/multipath-config-defaults-table.xml:320(entry)
21069
msgid ""
21070
"If set to <placeholder-1/>, then instead of sending <placeholder-2/> "
21071
"requests to a path before calling <placeholder-3/> to choose the next path, "
21072
"the number of requests to send is determined by <placeholder-4/> times the "
21073
"path's priority, as determined by the prio function. If set to <placeholder-"
21074
"5/>, all path weights are equal. <placeholder-6/>"
21075
msgstr ""
21076
21077
#: serverguide/C/multipath-config-defaults-table.xml:340(emphasis)
21078
msgid "immediate"
21079
msgstr ""
21080
21081
#: serverguide/C/multipath-config-defaults-table.xml:342(para)
21082
msgid "The default value is <literal>0</literal>."
21083
msgstr ""
21084
21085
#: serverguide/C/multipath-config-defaults-table.xml:337(entry)
21086
msgid ""
21087
"A numeric value for this attribute specifies the number of times the system "
21088
"should attempt to use a failed path before disabling queueing. A value of "
21089
"fail indicates <placeholder-1/> failure, without queueing. A value of "
21090
"<placeholder-2/> indicates that queueing should not stop until the path is "
21091
"fixed. <placeholder-3/>"
21092
msgstr ""
21093
21094
#: serverguide/C/multipath-config-defaults-table.xml:348(emphasis) serverguide/C/multipath-attributes-table.xml:30(emphasis)
21095
msgid "user_friendly_names"
21096
msgstr ""
21097
21098
#: serverguide/C/multipath-config-defaults-table.xml:352(filename)
21099
msgid "/etc/multipath/bindings"
21100
msgstr ""
21101
21102
#: serverguide/C/multipath-config-defaults-table.xml:353(emphasis) serverguide/C/multipath-config-defaults-table.xml:356(emphasis) serverguide/C/multipath-attributes-table.xml:25(emphasis)
21103
msgid "alias"
21104
msgstr ""
21105
21106
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
21107
msgid "multipath"
21108
msgstr ""
21109
21110
#: serverguide/C/multipath-config-defaults-table.xml:359(para) serverguide/C/multipath-config-defaults-table.xml:381(para)
21111
msgid "The default value is <emphasis role=\"bold\">no</emphasis>."
21112
msgstr ""
21113
21114
#: serverguide/C/multipath-config-defaults-table.xml:351(entry)
21115
msgid ""
21116
"If set to yes, specifies that the system should use the <placeholder-1/> "
21117
"file to assign a persistent and unique <placeholder-2/> to the <placeholder-"
21118
"3/>, in the form of mpathn. If set to no, specifies that the system should "
21119
"use the WWID as the <placeholder-4/> for the <placeholder-5/>. In either "
21120
"case, what is specified here will be overridden by any device-specific "
21121
"aliases you specify in the multipaths section of the configuration file. "
21122
"<placeholder-6/>"
21123
msgstr ""
21124
21125
#: serverguide/C/multipath-config-defaults-table.xml:365(emphasis)
21126
msgid "queue_without_daemon"
21127
msgstr ""
21128
21129
#: serverguide/C/multipath-config-defaults-table.xml:368(emphasis) serverguide/C/multipath-config-defaults-table.xml:392(emphasis)
21130
msgid "multipathd"
21131
msgstr ""
21132
21133
#: serverguide/C/multipath-config-defaults-table.xml:370(para)
21134
msgid "The default value is <emphasis role=\"bold\">yes</emphasis>."
21135
msgstr ""
21136
21137
#: serverguide/C/multipath-config-defaults-table.xml:368(entry)
21138
msgid ""
21139
"If set to no, the <placeholder-1/> daemon will disable queueing for all "
21140
"devices when it is shut down. <placeholder-2/>"
21141
msgstr ""
21142
21143
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
21144
msgid "flush_on_last_del"
21145
msgstr ""
21146
21147
#: serverguide/C/multipath-config-defaults-table.xml:379(entry)
21148
msgid ""
21149
"If set to yes, then <placeholder-1/> will disable queueing when the last "
21150
"path to a device has been deleted. <placeholder-2/>"
21151
msgstr ""
21152
21153
#: serverguide/C/multipath-config-defaults-table.xml:387(emphasis)
21154
msgid "max_fds"
21155
msgstr ""
21156
21157
#: serverguide/C/multipath-config-defaults-table.xml:394(filename)
21158
msgid "/proc/sys/fs/nr_open"
21159
msgstr ""
21160
21161
#: serverguide/C/multipath-config-defaults-table.xml:390(entry)
21162
msgid ""
21163
"Sets the maximum number of open file descriptors that can be opened by "
21164
"<placeholder-1/> and the <placeholder-2/> daemon. This is equivalent to the "
21165
"ulimit -n command. A value of max will set this to the system limit from "
21166
"<placeholder-3/>. If this is not set, the maximum number of open file "
21167
"descriptors is taken from the calling process; it is usually 1024. To be "
21168
"safe, this should be set to the maximum number of paths plus 32, if that "
21169
"number is greater than 1024."
21170
msgstr ""
21171
21172
#: serverguide/C/multipath-config-defaults-table.xml:402(emphasis)
21173
msgid "checker_timer"
21174
msgstr ""
21175
21176
#: serverguide/C/multipath-config-defaults-table.xml:406(para)
21177
msgid ""
21178
"The default value is taken from "
21179
"<filename>/sys/block/sdx/device/timeout</filename>, which is "
21180
"<literal>30</literal> seconds as of 12.04 LTS"
21181
msgstr ""
21182
21183
#: serverguide/C/multipath-config-defaults-table.xml:405(entry)
21184
msgid ""
21185
"The timeout to use for path checkers that issue SCSI commands with an "
21186
"explicit timeout, in seconds. <placeholder-1/>"
21187
msgstr ""
21188
21189
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
21190
msgid "fast_io_fail_tmo"
21191
msgstr ""
21192
21193
#: serverguide/C/multipath-config-defaults-table.xml:419(para)
21194
msgid "The default value is determined by the OS."
21195
msgstr ""
21196
21197
#: serverguide/C/multipath-config-defaults-table.xml:416(entry)
21198
msgid ""
21199
"The number of seconds the SCSI layer will wait after a problem has been "
21200
"detected on an FC remote port before failing I/O to devices on that remote "
21201
"port. This value should be smaller than the value of dev_loss_tmo. Setting "
21202
"this to off will disable the timeout. <placeholder-1/>"
21203
msgstr ""
21204
21205
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
21206
msgid "dev_loss_tmo"
21207
msgstr ""
21208
21209
#: serverguide/C/multipath-config-defaults-table.xml:428(entry)
21210
msgid ""
21211
"The number of seconds the SCSI layer will wait after a problem has been "
21212
"detected on an FC remote port before removing it from the system. Setting "
21213
"this to infinity will set this to 2147483647 seconds, or 68 years. The "
21214
"default value is determined by the OS."
21215
msgstr ""
21216
21217
#: serverguide/C/multipath-components-table.xml:3(title)
21218
msgid "DM-Multipath Components"
21219
msgstr ""
21220
21221
#: serverguide/C/multipath-components-table.xml:11(entry)
21222
msgid "Component"
21223
msgstr ""
21224
21225
#: serverguide/C/multipath-components-table.xml:19(emphasis)
21226
msgid "dm_multipath kernel module"
21227
msgstr ""
21228
21229
#: serverguide/C/multipath-components-table.xml:23(emphasis)
21230
msgid "failover"
21231
msgstr ""
21232
21233
#: serverguide/C/multipath-components-table.xml:22(entry)
21234
msgid "Reroutes I/O and supports <placeholder-1/> for paths and path groups."
21235
msgstr ""
21236
21237
#: serverguide/C/multipath-components-table.xml:28(emphasis)
21238
msgid "multipath command"
21239
msgstr ""
21240
21241
#: serverguide/C/multipath-components-table.xml:32(filename)
21242
msgid "/etc/rc.sysinit"
21243
msgstr ""
21244
21245
#: serverguide/C/multipath-components-table.xml:31(entry)
21246
msgid ""
21247
"Lists and configures <placeholder-1/> devices. Normally started up with "
21248
"<placeholder-2/>, it can also be started up by a udev program whenever a "
21249
"block device is added or it can be run by the initramfs file system."
21250
msgstr ""
21251
21252
#: serverguide/C/multipath-components-table.xml:39(emphasis)
21253
msgid "multipathd daemon"
21254
msgstr ""
21255
21256
#: serverguide/C/multipath-components-table.xml:45(filename)
21257
msgid "/etc/multipath.conf"
21258
msgstr ""
21259
21260
#: serverguide/C/multipath-components-table.xml:42(entry)
21261
msgid ""
21262
"Monitors paths; as paths fail and come back, it may initiate path group "
21263
"switches. Provides for interactive changes to <placeholder-1/> devices. This "
21264
"daemon must be restarted for any changes to the <placeholder-2/> file to "
21265
"take effect."
21266
msgstr ""
21267
21268
#: serverguide/C/multipath-components-table.xml:50(emphasis)
21269
msgid "kpartx command"
21270
msgstr ""
21271
21272
#: serverguide/C/multipath-components-table.xml:56(emphasis)
21273
msgid "multipath-tools"
21274
msgstr ""
21275
21276
#: serverguide/C/multipath-components-table.xml:53(entry)
21277
msgid ""
21278
"Creates device mapper devices for the partitions on a device It is necessary "
21279
"to use this command for DOS-based partitions with DM-Multipath. The kpartx "
21280
"is provided in its own package, but the <placeholder-1/> package depends on "
21281
"it."
21282
msgstr ""
21283
21284
#: serverguide/C/multipath-attributes-table.xml:2(title)
21285
msgid "Multipath Attributes"
21286
msgstr ""
21287
21288
#: serverguide/C/multipath-attributes-table.xml:15(emphasis)
21289
msgid "wwid"
21290
msgstr ""
21291
21292
#: serverguide/C/multipath-attributes-table.xml:21(filename)
21293
msgid "multipath.conf"
21294
msgstr ""
21295
21296
#: serverguide/C/multipath-attributes-table.xml:17(entry)
21297
msgid ""
21298
"Specifies the WWID of the <placeholder-1/> device to which the <placeholder-"
21299
"2/> attributes apply. This parameter is mandatory for this section of the "
21300
"<placeholder-3/> file."
21301
msgstr ""
21302
21303
#: serverguide/C/multipath-attributes-table.xml:27(entry)
21304
msgid ""
21305
"Specifies the symbolic name for the <placeholder-1/> device to which the "
21306
"<placeholder-2/> attributes apply. If you are using <placeholder-3/>, do not "
21307
"set this value to mpathn; this may conflict with an automatically assigned "
21308
"user friendly name and give you incorrect device node names."
21309
msgstr ""
21310
16308
21311
#: serverguide/C/monitoring.xml:13(title)
16309
21312
msgid "Monitoring"
16310
21313
msgstr ""
16504
21507
#: serverguide/C/monitoring.xml:194(para)
16505
21508
msgid ""
16506
21509
"First, create a <emphasis>host</emphasis> configuration file for "
16507
"<emphasis>server02</emphasis>. In a terminal enter:"
21510
"<emphasis>server02</emphasis>. Unless otherwise specified, run all these "
21511
"commands on <emphasis>server01</emphasis>. In a terminal enter:"
16508
21512
msgstr ""
16509
21513
16510
#: serverguide/C/monitoring.xml:199(command)
21514
#: serverguide/C/monitoring.xml:201(command)
16511
21515
msgid ""
16512
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
21516
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg \\ "
16513
21517
"/etc/nagios3/conf.d/server02.cfg"
16514
21518
msgstr ""
16515
21519
16516
#: serverguide/C/monitoring.xml:203(para)
21520
#: serverguide/C/monitoring.xml:206(para)
16517
21521
msgid ""
16518
21522
"In the above and following command examples, replace "
16519
21523
"<emphasis>\"server01\"</emphasis>, "
16522
21526
"your servers."
16523
21527
msgstr ""
16524
21528
16525
#: serverguide/C/monitoring.xml:212(para)
21529
#: serverguide/C/monitoring.xml:215(para)
16526
21530
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16527
21531
msgstr ""
16528
21532
16529
#: serverguide/C/monitoring.xml:216(programlisting)
21533
#: serverguide/C/monitoring.xml:219(programlisting)
16530
21534
#, no-wrap
16531
21535
msgid ""
16532
21536
"\n"
16533
21537
"define host{\n"
16534
" use generic-host ; Name of host "
16535
"template to use\n"
21538
" use generic-host ; Name of host template to "
21539
"use\n"
16536
21540
" host_name server02\n"
16537
21541
" alias Server 02\n"
16538
21542
" address 172.18.100.101\n"
16547
21551
"}\n"
16548
21552
msgstr ""
16549
21553
16550
#: serverguide/C/monitoring.xml:236(para)
21554
#: serverguide/C/monitoring.xml:239(para)
16551
21555
msgid ""
16552
21556
"Restart the <application>nagios</application> daemon to enable the new "
16553
21557
"configuration:"
16554
21558
msgstr ""
16555
21559
16556
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
21560
#: serverguide/C/monitoring.xml:244(command) serverguide/C/monitoring.xml:311(command) serverguide/C/monitoring.xml:378(command)
16557
21561
msgid "sudo /etc/init.d/nagios3 restart"
16558
21562
msgstr ""
16559
21563
16560
#: serverguide/C/monitoring.xml:251(para)
21564
#: serverguide/C/monitoring.xml:254(para)
16561
21565
msgid ""
16562
21566
"Now add a service definition for the MySQL check by adding the following to "
16563
21567
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16564
21568
msgstr ""
16565
21569
16566
#: serverguide/C/monitoring.xml:255(programlisting)
21570
#: serverguide/C/monitoring.xml:258(programlisting)
16567
21571
#, no-wrap
16568
21572
msgid ""
16569
21573
"\n"
16570
21574
"# check MySQL servers.\n"
16571
21575
"define service {\n"
16572
" hostgroup_name mysql-servers\n"
16573
" service_description MySQL\n"
16574
" check_command "
21576
" hostgroup_name mysql-servers\n"
21577
" service_description MySQL\n"
21578
" check_command "
16575
21579
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16576
" use generic-service\n"
16577
" notification_interval 0 ; set > 0 if you want to be "
16578
"renotified\n"
21580
" use generic-service\n"
21581
" notification_interval 0 ; set > 0 if you want to be renotified\n"
16579
21582
"}\n"
16580
21583
msgstr ""
16581
21584
16582
#: serverguide/C/monitoring.xml:269(para)
21585
#: serverguide/C/monitoring.xml:272(para)
16583
21586
msgid ""
16584
21587
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16585
21588
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16586
21589
msgstr ""
16587
21590
16588
#: serverguide/C/monitoring.xml:274(programlisting)
21591
#: serverguide/C/monitoring.xml:277(programlisting)
16589
21592
#, no-wrap
16590
21593
msgid ""
16591
21594
"\n"
16597
21600
" }\n"
16598
21601
msgstr ""
16599
21602
16600
#: serverguide/C/monitoring.xml:286(para)
21603
#: serverguide/C/monitoring.xml:289(para)
16601
21604
msgid ""
16602
21605
"The Nagios check needs to authenticate to MySQL. To add a "
16603
21606
"<emphasis>nagios</emphasis> user to MySQL enter:"
16604
21607
msgstr ""
16605
21608
16606
#: serverguide/C/monitoring.xml:291(command)
21609
#: serverguide/C/monitoring.xml:294(command)
16607
21610
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16608
21611
msgstr ""
16609
21612
16610
#: serverguide/C/monitoring.xml:295(para)
21613
#: serverguide/C/monitoring.xml:298(para)
16611
21614
msgid ""
16612
21615
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16613
21616
"<emphasis>mysql-servers</emphasis> hostgroup."
16614
21617
msgstr ""
16615
21618
16616
#: serverguide/C/monitoring.xml:303(para)
21619
#: serverguide/C/monitoring.xml:306(para)
16617
21620
msgid ""
16618
21621
"Restart <application>nagios</application> to start checking the MySQL "
16619
21622
"servers."
16620
21623
msgstr ""
16621
21624
16622
#: serverguide/C/monitoring.xml:318(para)
21625
#: serverguide/C/monitoring.xml:321(para)
16623
21626
msgid ""
16624
21627
"Lastly configure NRPE to check the disk space on "
16625
21628
"<emphasis>server02</emphasis>."
16626
21629
msgstr ""
16627
21630
16628
#: serverguide/C/monitoring.xml:322(para)
21631
#: serverguide/C/monitoring.xml:325(para)
16629
21632
msgid ""
16630
21633
"On <emphasis>server01</emphasis> add the service check to "
16631
21634
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16632
21635
msgstr ""
16633
21636
16634
#: serverguide/C/monitoring.xml:327(programlisting)
21637
#: serverguide/C/monitoring.xml:330(programlisting)
16635
21638
#, no-wrap
16636
21639
msgid ""
16637
21640
"\n"
16638
21641
"# NRPE disk check.\n"
16639
21642
"define service {\n"
16640
" use generic-service\n"
16641
" host_name server02\n"
16642
" service_description nrpe-disk\n"
16643
" check_command "
21643
" use generic-service\n"
21644
" host_name server02\n"
21645
" service_description nrpe-disk\n"
21646
" check_command "
16644
21647
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16645
21648
"}\n"
16646
21649
msgstr ""
16647
21650
16648
#: serverguide/C/monitoring.xml:340(para)
21651
#: serverguide/C/monitoring.xml:343(para)
16649
21652
msgid ""
16650
21653
"Now on <emphasis>server02</emphasis> edit "
16651
21654
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16652
21655
msgstr ""
16653
21656
16654
#: serverguide/C/monitoring.xml:344(programlisting)
21657
#: serverguide/C/monitoring.xml:347(programlisting)
16655
21658
#, no-wrap
16656
21659
msgid ""
16657
21660
"\n"
16658
21661
"allowed_hosts=172.18.100.100\n"
16659
21662
msgstr ""
16660
21663
16661
#: serverguide/C/monitoring.xml:348(para)
21664
#: serverguide/C/monitoring.xml:351(para)
16662
21665
msgid "And below in the command definition area add:"
16663
21666
msgstr ""
16664
21667
16665
#: serverguide/C/monitoring.xml:352(programlisting)
21668
#: serverguide/C/monitoring.xml:355(programlisting)
16666
21669
#, no-wrap
16667
21670
msgid ""
16668
21671
"\n"
16670
21673
"e\n"
16671
21674
msgstr ""
16672
21675
16673
#: serverguide/C/monitoring.xml:359(para)
21676
#: serverguide/C/monitoring.xml:362(para)
16674
21677
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16675
21678
msgstr ""
16676
21679
16677
#: serverguide/C/monitoring.xml:364(command)
21680
#: serverguide/C/monitoring.xml:367(command)
16678
21681
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16679
21682
msgstr ""
16680
21683
16681
#: serverguide/C/monitoring.xml:370(para)
21684
#: serverguide/C/monitoring.xml:373(para)
16682
21685
msgid ""
16683
21686
"Also, on <emphasis>server01</emphasis> restart "
16684
21687
"<application>nagios</application>:"
16685
21688
msgstr ""
16686
21689
16687
#: serverguide/C/monitoring.xml:383(para)
21690
#: serverguide/C/monitoring.xml:386(para)
16688
21691
msgid ""
16689
21692
"You should now be able to see the host and service checks in the Nagios CGI "
16690
21693
"files. To access them point a browser to http://server01/nagios3. You will "
16692
21695
"password."
16693
21696
msgstr ""
16694
21697
16695
#: serverguide/C/monitoring.xml:393(para)
21698
#: serverguide/C/monitoring.xml:396(para)
16696
21699
msgid ""
16697
21700
"This section has just scratched the surface of Nagios' features. The "
16698
21701
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16699
21702
"plugins</application> contain many more service checks."
16700
21703
msgstr ""
16701
21704
16702
#: serverguide/C/monitoring.xml:400(para)
21705
#: serverguide/C/monitoring.xml:403(para)
16703
21706
msgid ""
16704
21707
"For more information see <ulink "
16705
21708
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16706
21709
msgstr ""
16707
21710
16708
#: serverguide/C/monitoring.xml:405(para)
21711
#: serverguide/C/monitoring.xml:408(para)
16709
21712
msgid ""
16710
21713
"Specifically the <ulink "
16711
21714
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16712
21715
"site."
16713
21716
msgstr ""
16714
21717
16715
#: serverguide/C/monitoring.xml:410(para)
21718
#: serverguide/C/monitoring.xml:413(para)
16716
21719
msgid ""
16717
21720
"There is also a list of <ulink "
16718
21721
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16719
21722
"Nagios and network monitoring:"
16720
21723
msgstr ""
16721
21724
16722
#: serverguide/C/monitoring.xml:416(para)
21725
#: serverguide/C/monitoring.xml:419(para)
16723
21726
msgid ""
16724
21727
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16725
21728
"Wiki</ulink> page also has more details."
16726
21729
msgstr ""
16727
21730
16728
#: serverguide/C/monitoring.xml:425(title)
21731
#: serverguide/C/monitoring.xml:428(title)
16729
21732
msgid "Munin"
16730
21733
msgstr ""
16731
21734
16732
#: serverguide/C/monitoring.xml:430(para)
21735
#: serverguide/C/monitoring.xml:433(para)
16733
21736
msgid ""
16734
21737
"Before installing <application>Munin</application> on "
16735
21738
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16738
21741
"linkend=\"httpd\"/>."
16739
21742
msgstr ""
16740
21743
16741
#: serverguide/C/monitoring.xml:436(para)
21744
#: serverguide/C/monitoring.xml:439(para)
16742
21745
msgid ""
16743
21746
"First, on <emphasis>server01</emphasis> install "
16744
21747
"<application>munin</application>. In a terminal enter:"
16745
21748
msgstr ""
16746
21749
16747
#: serverguide/C/monitoring.xml:441(command)
21750
#: serverguide/C/monitoring.xml:444(command)
16748
21751
msgid "sudo apt-get install munin"
16749
21752
msgstr ""
16750
21753
16751
#: serverguide/C/monitoring.xml:444(para)
21754
#: serverguide/C/monitoring.xml:447(para)
16752
21755
msgid ""
16753
21756
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16754
21757
"node</application> package:"
16755
21758
msgstr ""
16756
21759
16757
#: serverguide/C/monitoring.xml:449(command)
21760
#: serverguide/C/monitoring.xml:452(command)
16758
21761
msgid "sudo apt-get install munin-node"
16759
21762
msgstr ""
16760
21763
16761
#: serverguide/C/monitoring.xml:456(para)
21764
#: serverguide/C/monitoring.xml:459(para)
16762
21765
msgid ""
16763
21766
"On <emphasis>server01</emphasis> edit the "
16764
21767
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16765
21768
"<emphasis>server02</emphasis>:"
16766
21769
msgstr ""
16767
21770
16768
#: serverguide/C/monitoring.xml:461(programlisting)
21771
#: serverguide/C/monitoring.xml:464(programlisting)
16769
21772
#, no-wrap
16770
21773
msgid ""
16771
21774
"\n"
16774
21777
" address 172.18.100.101\n"
16775
21778
msgstr ""
16776
21779
16777
#: serverguide/C/monitoring.xml:468(para)
21780
#: serverguide/C/monitoring.xml:471(para)
16778
21781
msgid ""
16779
21782
"Replace <emphasis>server02</emphasis> and "
16780
21783
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16781
21784
"for your server."
16782
21785
msgstr ""
16783
21786
16784
#: serverguide/C/monitoring.xml:474(para)
21787
#: serverguide/C/monitoring.xml:477(para)
16785
21788
msgid ""
16786
21789
"Next, configure <application>munin-node</application> on "
16787
21790
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16788
21791
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16789
21792
msgstr ""
16790
21793
16791
#: serverguide/C/monitoring.xml:479(programlisting)
21794
#: serverguide/C/monitoring.xml:482(programlisting)
16792
21795
#, no-wrap
16793
21796
msgid ""
16794
21797
"\n"
16795
21798
"allow ^172\\.18\\.100\\.100$\n"
16796
21799
msgstr ""
16797
21800
16798
#: serverguide/C/monitoring.xml:484(para)
21801
#: serverguide/C/monitoring.xml:487(para)
16799
21802
msgid ""
16800
21803
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16801
21804
"<application>munin</application> server."
16802
21805
msgstr ""
16803
21806
16804
#: serverguide/C/monitoring.xml:489(para)
21807
#: serverguide/C/monitoring.xml:492(para)
16805
21808
msgid ""
16806
21809
"Now restart <application>munin-node</application> on "
16807
21810
"<emphasis>server02</emphasis> for the changes to take effect:"
16808
21811
msgstr ""
16809
21812
16810
#: serverguide/C/monitoring.xml:494(command)
21813
#: serverguide/C/monitoring.xml:497(command)
16811
21814
msgid "sudo /etc/init.d/munin-node restart"
16812
21815
msgstr ""
16813
21816
16814
#: serverguide/C/monitoring.xml:497(para)
21817
#: serverguide/C/monitoring.xml:500(para)
16815
21818
msgid ""
16816
21819
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16817
21820
"you should see links to nice graphs displaying information from the standard "
16818
21821
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16819
21822
msgstr ""
16820
21823
16821
#: serverguide/C/monitoring.xml:503(para)
21824
#: serverguide/C/monitoring.xml:506(para)
16822
21825
msgid ""
16823
21826
"Since this is a new install it may take some time for the graphs to display "
16824
21827
"anything useful."
16825
21828
msgstr ""
16826
21829
16827
#: serverguide/C/monitoring.xml:510(title)
21830
#: serverguide/C/monitoring.xml:513(title)
16828
21831
msgid "Additional Plugins"
16829
21832
msgstr ""
16830
21833
16831
#: serverguide/C/monitoring.xml:512(para)
21834
#: serverguide/C/monitoring.xml:515(para)
16832
21835
msgid ""
16833
21836
"The <application>munin-plugins-extra</application> package contains "
16834
21837
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16835
21838
"install the package, from a terminal enter:"
16836
21839
msgstr ""
16837
21840
16838
#: serverguide/C/monitoring.xml:518(command)
21841
#: serverguide/C/monitoring.xml:521(command)
16839
21842
msgid "sudo apt-get install munin-plugins-extra"
16840
21843
msgstr ""
16841
21844
16842
#: serverguide/C/monitoring.xml:521(para)
21845
#: serverguide/C/monitoring.xml:524(para)
16843
21846
msgid "Be sure to install the package on both the server and node machines."
16844
21847
msgstr ""
16845
21848
16846
#: serverguide/C/monitoring.xml:531(para)
21849
#: serverguide/C/monitoring.xml:534(para)
16847
21850
msgid ""
16848
21851
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16849
21852
"website for more details."
16850
21853
msgstr ""
16851
21854
16852
#: serverguide/C/monitoring.xml:536(para)
21855
#: serverguide/C/monitoring.xml:539(para)
16853
21856
msgid ""
16854
21857
"Specifically the <ulink "
16855
21858
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16857
21860
"writing plugins, etc."
16858
21861
msgstr ""
16859
21862
16860
#: serverguide/C/monitoring.xml:542(para)
21863
#: serverguide/C/monitoring.xml:545(para)
16861
21864
msgid ""
16862
21865
"Also, there is a book in German by Open Source Press: <ulink "
16863
21866
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16864
21867
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16865
21868
msgstr ""
16866
21869
16867
#: serverguide/C/monitoring.xml:548(para)
21870
#: serverguide/C/monitoring.xml:551(para)
16868
21871
msgid ""
16869
21872
"Another resource is the <ulink "
16870
21873
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16888
21891
"IMAP server."
16889
21892
msgstr ""
16890
21893
16891
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
21894
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:839(application) serverguide/C/mail.xml:871(title) serverguide/C/mail.xml:949(title) serverguide/C/mail.xml:1524(title)
16892
21895
msgid "Postfix"
16893
21896
msgstr ""
16894
21897
17011
22014
"your Mail Delivery Agent (MDA) to use the same path."
17012
22015
msgstr ""
17013
22016
17014
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
22017
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:552(title)
17015
22018
msgid "SMTP Authentication"
17016
22019
msgstr ""
17017
22020
17037
22040
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17038
22041
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17039
22042
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17040
"sudo postconf -e 'smtpd_recipient_restrictions = "
22043
"sudo postconf -e 'smtpd_recipient_restrictions = \\\n"
17041
22044
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17042
"sudo postconf -e 'inet_interfaces = all'\n"
17043
22045
msgstr ""
17044
22046
17045
22047
#: serverguide/C/mail.xml:131(para)
17050
22052
17051
22053
#: serverguide/C/mail.xml:137(para)
17052
22054
msgid ""
17053
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17054
"and-security\"/> for details. This example also uses a Certificate Authority "
17055
"(CA). For information on generating a CA certificate see <xref "
17056
"linkend=\"certificate-authority\"/>."
22055
"Next, generate or obtain a digital certificate for TLS. See <xref "
22056
"linkend=\"certificates-and-security\"/> for details. This example also uses "
22057
"a Certificate Authority (CA). For information on generating a CA certificate "
22058
"see <xref linkend=\"certificate-authority\"/>."
17057
22059
msgstr ""
17058
22060
17059
22061
#: serverguide/C/mail.xml:143(para)
17060
22062
msgid ""
17061
"You can get the digital certificate from a certificate authority. But unlike "
17062
"web clients, SMTP clients rarely complain about \"self-signed "
17063
"certificates\", so alternatively, you can create the certificate yourself. "
17064
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17065
"details."
22063
"MUAs connecting to your mail server via TLS will need to recognize the "
22064
"certificate used for TLS. This can either be done using a certificate from a "
22065
"commercial CA or with a self-signed certificate that users manually "
22066
"install/accept. For MTA to MTA TLS certficates are never validated without "
22067
"advance agreement from the affected organizations. For MTA to MTA TLS, "
22068
"unless local policy requires it, there is no reason not to use a self-signed "
22069
"certificate. Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> "
22070
"for more details."
17066
22071
msgstr ""
17067
22072
17068
#: serverguide/C/mail.xml:155(para)
22073
#: serverguide/C/mail.xml:153(para)
17069
22074
msgid ""
17070
22075
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17071
22076
"both incoming and outgoing mail:"
17072
22077
msgstr ""
17073
22078
17074
#: serverguide/C/mail.xml:158(screen)
22079
#: serverguide/C/mail.xml:156(screen)
17075
22080
#, no-wrap
17076
22081
msgid ""
17077
22082
"\n"
17078
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17079
"sudo postconf -e 'smtp_use_tls = yes'\n"
17080
"sudo postconf -e 'smtpd_use_tls = yes'\n"
22083
"sudo postconf -e 'smtp_tls_security_level = may'\n"
22084
"sudo postconf -e 'smtpd_tls_security_level = may'\n"
17081
22085
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17082
22086
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17083
22087
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17084
22088
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17085
22089
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17086
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17087
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17088
22090
"sudo postconf -e 'myhostname = mail.example.com'\n"
17089
22091
msgstr ""
17090
22092
17091
#: serverguide/C/mail.xml:173(para)
22093
#: serverguide/C/mail.xml:168(para)
17092
22094
msgid ""
17093
22095
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17094
22096
"the certificate enter:"
17095
22097
msgstr ""
17096
22098
17097
#: serverguide/C/mail.xml:177(command)
22099
#: serverguide/C/mail.xml:172(command)
17098
22100
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17099
22101
msgstr ""
17100
22102
17101
#: serverguide/C/mail.xml:180(para)
22103
#: serverguide/C/mail.xml:175(para)
17102
22104
msgid ""
17103
22105
"Again, for more details about certificates see <xref linkend=\"certificates-"
17104
22106
"and-security\"/>."
17105
22107
msgstr ""
17106
22108
17107
#: serverguide/C/mail.xml:186(para)
22109
#: serverguide/C/mail.xml:181(para)
17108
22110
msgid ""
17109
22111
"After running all the commands, <application>Postfix</application> is "
17110
22112
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17111
22113
"TLS encryption."
17112
22114
msgstr ""
17113
22115
17114
#: serverguide/C/mail.xml:191(para)
22116
#: serverguide/C/mail.xml:186(para)
17115
22117
msgid ""
17116
22118
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17117
22119
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17118
22120
msgstr ""
17119
22121
17120
#: serverguide/C/mail.xml:195(para)
22122
#: serverguide/C/mail.xml:190(para)
17121
22123
msgid ""
17122
22124
"The postfix initial configuration is complete. Run the following command to "
17123
22125
"restart the postfix daemon:"
17124
22126
msgstr ""
17125
22127
17126
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
22128
#: serverguide/C/mail.xml:196(command) serverguide/C/mail.xml:311(command) serverguide/C/mail.xml:374(command) serverguide/C/mail.xml:989(command) serverguide/C/mail.xml:1575(command)
17127
22129
msgid "sudo /etc/init.d/postfix restart"
17128
22130
msgstr ""
17129
22131
17130
#: serverguide/C/mail.xml:204(para)
22132
#: serverguide/C/mail.xml:199(para)
17131
22133
msgid ""
17132
22134
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17133
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17134
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17135
"However it is still necessary to set up SASL authentication before you can "
17136
"use SMTP-AUTH."
22135
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
22136
"<ulink url=\"http://www.ietf.org/rfc/rfc2222.txt\">SASL</ulink>. However it "
22137
"is still necessary to set up SASL authentication before you can use SMTP-"
22138
"AUTH."
17137
22139
msgstr ""
17138
22140
17139
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
22141
#: serverguide/C/mail.xml:209(title) serverguide/C/mail.xml:616(title)
17140
22142
msgid "Configuring SASL"
17141
22143
msgstr ""
17142
22144
17143
#: serverguide/C/mail.xml:215(para)
22145
#: serverguide/C/mail.xml:210(para)
17144
22146
msgid ""
17145
22147
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17146
22148
"enable Dovecot SASL the <application>dovecot-common</application> package "
17147
22149
"will need to be installed. From a terminal prompt enter the following:"
17148
22150
msgstr ""
17149
22151
17150
#: serverguide/C/mail.xml:221(command)
22152
#: serverguide/C/mail.xml:216(command)
17151
22153
msgid "sudo apt-get install dovecot-common"
17152
22154
msgstr ""
17153
22155
17154
#: serverguide/C/mail.xml:223(para)
22156
#: serverguide/C/mail.xml:218(para)
17155
22157
msgid ""
17156
22158
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17157
22159
"In the <emphasis>auth default</emphasis> section uncomment the "
17158
22160
"<emphasis>socket listen</emphasis> option and change the following:"
17159
22161
msgstr ""
17160
22162
17161
#: serverguide/C/mail.xml:227(programlisting)
22163
#: serverguide/C/mail.xml:222(programlisting)
17162
22164
#, no-wrap
17163
22165
msgid ""
17164
22166
"\n"
17186
22188
" }\n"
17187
22189
msgstr ""
17188
22190
17189
#: serverguide/C/mail.xml:251(para)
22191
#: serverguide/C/mail.xml:246(para)
17190
22192
msgid ""
17191
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
22193
"In order to let <application>Outlook</application> clients use SMTP-AUTH, in "
17192
22194
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17193
22195
"add <emphasis>\"login\"</emphasis>:"
17194
22196
msgstr ""
17195
22197
17196
#: serverguide/C/mail.xml:256(programlisting)
22198
#: serverguide/C/mail.xml:251(programlisting)
17197
22199
#, no-wrap
17198
22200
msgid ""
17199
22201
"\n"
17200
22202
" mechanisms = plain login\n"
17201
22203
msgstr ""
17202
22204
17203
#: serverguide/C/mail.xml:260(para)
22205
#: serverguide/C/mail.xml:255(para)
17204
22206
msgid ""
17205
22207
"Once you have <application>Dovecot</application> configured restart it with:"
17206
22208
msgstr ""
17207
22209
17208
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
22210
#: serverguide/C/mail.xml:259(command) serverguide/C/mail.xml:742(command)
17209
22211
msgid "sudo /etc/init.d/dovecot restart"
17210
22212
msgstr ""
17211
22213
17212
#: serverguide/C/mail.xml:269(title)
17213
msgid "Postfix-Dovecot"
22214
#: serverguide/C/mail.xml:264(title)
22215
msgid "Mail-Stack Delivery"
17214
22216
msgstr ""
17215
22217
17216
#: serverguide/C/mail.xml:271(para)
22218
#: serverguide/C/mail.xml:266(para)
17217
22219
msgid ""
17218
22220
"Another option for configuring <application>Postfix</application> for SMTP-"
17219
"AUTH is using the <application>dovecot-postfix</application> package. This "
17220
"package will install <application>Dovecot</application> and configure "
22221
"AUTH is using the <application>mail-stack-delivery</application> package "
22222
"(previously packaged as dovecot-postfix). This package will install "
22223
"<application>Dovecot</application> and configure "
17221
22224
"<application>Postfix</application> to use it for both SASL authentication "
17222
22225
"and as a Mail Delivery Agent (MDA). The package also configures "
17223
22226
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17224
22227
msgstr ""
17225
22228
17226
#: serverguide/C/mail.xml:280(para)
22229
#: serverguide/C/mail.xml:276(para)
17227
22230
msgid ""
17228
22231
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17229
22232
"server. For example, if you are configuring your server to be a mail "
17230
22233
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17231
"the above commands to configure Postfix for SMTPAUTH."
22234
"the above commands to configure Postfix for SMTP-AUTH."
17232
22235
msgstr ""
17233
22236
17234
#: serverguide/C/mail.xml:287(para)
22237
#: serverguide/C/mail.xml:283(para)
17235
22238
msgid "To install the package, from a terminal prompt enter:"
17236
22239
msgstr ""
17237
22240
17238
#: serverguide/C/mail.xml:292(command)
17239
msgid "sudo apt-get install dovecot-postfix"
22241
#: serverguide/C/mail.xml:288(command)
22242
msgid "sudo apt-get install mail-stack-delivery"
17240
22243
msgstr ""
17241
22244
17242
#: serverguide/C/mail.xml:295(para)
22245
#: serverguide/C/mail.xml:291(para)
17243
22246
msgid ""
17244
22247
"You should now have a working mail server, but there are a few options that "
17245
22248
"you may wish to further customize. For example, the package uses the "
17249
22252
"for more details."
17250
22253
msgstr ""
17251
22254
17252
#: serverguide/C/mail.xml:301(para)
22255
#: serverguide/C/mail.xml:297(para)
17253
22256
msgid ""
17254
22257
"Once you have a customized certificate and key for the host, change the "
17255
22258
"following options in <filename>/etc/postfix/main.cf</filename>:"
17256
22259
msgstr ""
17257
22260
17258
#: serverguide/C/mail.xml:305(programlisting)
22261
#: serverguide/C/mail.xml:301(programlisting)
17259
22262
#, no-wrap
17260
22263
msgid ""
17261
22264
"\n"
17263
22266
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17264
22267
msgstr ""
17265
22268
17266
#: serverguide/C/mail.xml:310(para)
22269
#: serverguide/C/mail.xml:306(para)
17267
22270
msgid "Then restart Postfix:"
17268
22271
msgstr ""
17269
22272
17270
#: serverguide/C/mail.xml:321(para)
22273
#: serverguide/C/mail.xml:317(para)
17271
22274
msgid ""
17272
22275
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17273
22276
msgstr ""
17274
22277
17275
#: serverguide/C/mail.xml:324(para)
22278
#: serverguide/C/mail.xml:320(para)
17276
22279
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17277
22280
msgstr ""
17278
22281
17279
#: serverguide/C/mail.xml:329(command)
22282
#: serverguide/C/mail.xml:325(command)
17280
22283
msgid "telnet mail.example.com 25"
17281
22284
msgstr ""
17282
22285
17283
#: serverguide/C/mail.xml:331(para)
22286
#: serverguide/C/mail.xml:327(para)
17284
22287
msgid ""
17285
22288
"After you have established the connection to the postfix mail server, type:"
17286
22289
msgstr ""
17287
22290
17288
#: serverguide/C/mail.xml:335(screen)
22291
#: serverguide/C/mail.xml:331(screen)
17289
22292
#, no-wrap
17290
22293
msgid ""
17291
22294
"\n"
17292
22295
"ehlo mail.example.com\n"
17293
22296
msgstr ""
17294
22297
17295
#: serverguide/C/mail.xml:338(para)
22298
#: serverguide/C/mail.xml:334(para)
17296
22299
msgid ""
17297
22300
"If you see the following lines among others, then everything is working "
17298
22301
"perfectly. Type <command>quit</command> to exit."
17299
22302
msgstr ""
17300
22303
17301
#: serverguide/C/mail.xml:342(programlisting)
22304
#: serverguide/C/mail.xml:338(programlisting)
17302
22305
#, no-wrap
17303
22306
msgid ""
17304
22307
"\n"
17308
22311
"250 8BITMIME\n"
17309
22312
msgstr ""
17310
22313
17311
#: serverguide/C/mail.xml:352(para)
22314
#: serverguide/C/mail.xml:347(title) serverguide/C/mail.xml:1645(title) serverguide/C/dns.xml:373(title)
22315
msgid "Troubleshooting"
22316
msgstr ""
22317
22318
#: serverguide/C/mail.xml:348(para)
17312
22319
msgid ""
17313
22320
"This section introduces some common ways to determine the cause if problems "
17314
22321
"arise."
17315
22322
msgstr ""
17316
22323
17317
#: serverguide/C/mail.xml:356(title)
22324
#: serverguide/C/mail.xml:352(title)
17318
22325
msgid "Escaping chroot"
17319
22326
msgstr ""
17320
22327
17321
#: serverguide/C/mail.xml:357(para)
22328
#: serverguide/C/mail.xml:353(para)
17322
22329
msgid ""
17323
22330
"The Ubuntu <application>postfix</application> package will by default "
17324
22331
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17325
22332
"This can add greater complexity when troubleshooting problems."
17326
22333
msgstr ""
17327
22334
17328
#: serverguide/C/mail.xml:361(para)
22335
#: serverguide/C/mail.xml:357(para)
17329
22336
msgid ""
17330
22337
"To turn off the chroot operation locate for the following line in the "
17331
22338
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17332
22339
msgstr ""
17333
22340
17334
#: serverguide/C/mail.xml:365(screen)
22341
#: serverguide/C/mail.xml:361(screen)
17335
22342
#, no-wrap
17336
22343
msgid ""
17337
22344
"\n"
17338
22345
"smtp inet n - - - - smtpd\n"
17339
22346
msgstr ""
17340
22347
17341
#: serverguide/C/mail.xml:368(para)
22348
#: serverguide/C/mail.xml:364(para)
17342
22349
msgid "and modify it as follows:"
17343
22350
msgstr ""
17344
22351
17345
#: serverguide/C/mail.xml:371(screen)
22352
#: serverguide/C/mail.xml:367(screen)
17346
22353
#, no-wrap
17347
22354
msgid ""
17348
22355
"\n"
17349
22356
"smtp inet n - n - - smtpd\n"
17350
22357
msgstr ""
17351
22358
17352
#: serverguide/C/mail.xml:374(para)
22359
#: serverguide/C/mail.xml:370(para)
17353
22360
msgid ""
17354
22361
"You will then need to restart Postfix to use the new configuration. From a "
17355
22362
"terminal prompt enter:"
17356
22363
msgstr ""
17357
22364
17358
#: serverguide/C/mail.xml:382(title)
22365
#: serverguide/C/mail.xml:378(title)
17359
22366
msgid "Log Files"
17360
22367
msgstr ""
17361
22368
17362
#: serverguide/C/mail.xml:383(para)
22369
#: serverguide/C/mail.xml:379(para)
17363
22370
msgid ""
17364
22371
"<application>Postfix</application> sends all log messages to "
17365
22372
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17368
22375
"<filename>/var/log/mail.warn</filename> respectively."
17369
22376
msgstr ""
17370
22377
17371
#: serverguide/C/mail.xml:388(para)
22378
#: serverguide/C/mail.xml:384(para)
17372
22379
msgid ""
17373
22380
"To see messages entered into the logs in real time you can use the "
17374
22381
"<application>tail -f</application> command:"
17375
22382
msgstr ""
17376
22383
17377
#: serverguide/C/mail.xml:393(command)
22384
#: serverguide/C/mail.xml:389(command)
17378
22385
msgid "tail -f /var/log/mail.err"
17379
22386
msgstr ""
17380
22387
17381
#: serverguide/C/mail.xml:395(para)
22388
#: serverguide/C/mail.xml:391(para)
17382
22389
msgid ""
17383
22390
"The amount of detail that is recorded in the logs can be increased. Below "
17384
22391
"are some configuration options for increasing the log level for some of the "
17385
22392
"areas covered above."
17386
22393
msgstr ""
17387
22394
17388
#: serverguide/C/mail.xml:401(para)
22395
#: serverguide/C/mail.xml:397(para)
17389
22396
msgid ""
17390
22397
"To increase <emphasis>TLS</emphasis> activity logging set the "
17391
22398
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17392
22399
msgstr ""
17393
22400
17394
#: serverguide/C/mail.xml:405(command)
22401
#: serverguide/C/mail.xml:401(command)
17395
22402
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17396
22403
msgstr ""
17397
22404
17398
#: serverguide/C/mail.xml:409(para)
22405
#: serverguide/C/mail.xml:405(para)
17399
22406
msgid ""
17400
22407
"If you are having trouble sending or receiving mail from a specific domain "
17401
22408
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17402
22409
msgstr ""
17403
22410
17404
#: serverguide/C/mail.xml:414(command)
22411
#: serverguide/C/mail.xml:410(command)
17405
22412
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17406
22413
msgstr ""
17407
22414
17408
#: serverguide/C/mail.xml:418(para)
22415
#: serverguide/C/mail.xml:414(para)
17409
22416
msgid ""
17410
22417
"You can increase the verbosity of any <application>Postfix</application> "
17411
22418
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17413
22420
"<emphasis>smtp</emphasis> entry:"
17414
22421
msgstr ""
17415
22422
17416
#: serverguide/C/mail.xml:422(programlisting)
22423
#: serverguide/C/mail.xml:418(programlisting)
17417
22424
#, no-wrap
17418
22425
msgid ""
17419
22426
"\n"
17420
22427
"smtp unix - - - - - smtp -v\n"
17421
22428
msgstr ""
17422
22429
17423
#: serverguide/C/mail.xml:428(para)
22430
#: serverguide/C/mail.xml:424(para)
17424
22431
msgid ""
17425
22432
"It is important to note that after making one of the logging changes above "
17426
22433
"the <application>Postfix</application> process will need to be reloaded in "
17428
22435
"reload</command>"
17429
22436
msgstr ""
17430
22437
17431
#: serverguide/C/mail.xml:435(para)
22438
#: serverguide/C/mail.xml:431(para)
17432
22439
msgid ""
17433
22440
"To increase the amount of information logged when troubleshooting "
17434
22441
"<emphasis>SASL</emphasis> issues you can set the following options in "
17435
22442
"<filename>/etc/dovecot/dovecot.conf</filename>"
17436
22443
msgstr ""
17437
22444
17438
#: serverguide/C/mail.xml:439(programlisting)
22445
#: serverguide/C/mail.xml:435(programlisting)
17439
22446
#, no-wrap
17440
22447
msgid ""
17441
22448
"\n"
17443
22450
"auth_debug_passwords=yes\n"
17444
22451
msgstr ""
17445
22452
17446
#: serverguide/C/mail.xml:446(para)
22453
#: serverguide/C/mail.xml:442(para)
17447
22454
msgid ""
17448
22455
"Just like <application>Postfix</application> if you change a "
17449
22456
"<application>Dovecot</application> configuration the process will need to be "
17450
22457
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17451
22458
msgstr ""
17452
22459
17453
#: serverguide/C/mail.xml:452(para)
22460
#: serverguide/C/mail.xml:448(para)
17454
22461
msgid ""
17455
22462
"Some of the options above can drastically increase the amount of information "
17456
22463
"sent to the log files. Remember to return the log level back to normal after "
17458
22465
"new configuration to take affect."
17459
22466
msgstr ""
17460
22467
17461
#: serverguide/C/mail.xml:460(para)
22468
#: serverguide/C/mail.xml:456(para)
17462
22469
msgid ""
17463
22470
"Administering a <application>Postfix</application> server can be a very "
17464
22471
"complicated task. At some point you may need to turn to the Ubuntu community "
17465
22472
"for more experienced help."
17466
22473
msgstr ""
17467
22474
17468
#: serverguide/C/mail.xml:464(para)
22475
#: serverguide/C/mail.xml:460(para)
17469
22476
msgid ""
17470
22477
"A great place to ask for <application>Postfix</application> assistance, and "
17471
22478
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17475
22482
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17476
22483
msgstr ""
17477
22484
17478
#: serverguide/C/mail.xml:469(para)
22485
#: serverguide/C/mail.xml:465(para)
17479
22486
msgid ""
17480
22487
"For in depth <application>Postfix</application> information Ubuntu "
17481
22488
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17482
22489
"Book of Postfix</ulink>."
17483
22490
msgstr ""
17484
22491
17485
#: serverguide/C/mail.xml:473(para)
22492
#: serverguide/C/mail.xml:469(para)
17486
22493
msgid ""
17487
22494
"Finally, the <ulink "
17488
22495
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17490
22497
"available."
17491
22498
msgstr ""
17492
22499
17493
#: serverguide/C/mail.xml:477(para)
22500
#: serverguide/C/mail.xml:473(para)
17494
22501
msgid ""
17495
22502
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17496
22503
"Wiki Postifx</ulink> page has more information."
17497
22504
msgstr ""
17498
22505
17499
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
22506
#: serverguide/C/mail.xml:481(title) serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:993(title)
17500
22507
msgid "Exim4"
17501
22508
msgstr ""
17502
22509
17503
#: serverguide/C/mail.xml:486(para)
22510
#: serverguide/C/mail.xml:482(para)
17504
22511
msgid ""
17505
22512
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17506
22513
"developed at the University of Cambridge for use on Unix systems connected "
17510
22517
"<application>sendmail</application>."
17511
22518
msgstr ""
17512
22519
17513
#: serverguide/C/mail.xml:497(para)
22520
#: serverguide/C/mail.xml:493(para)
17514
22521
msgid ""
17515
22522
"To install <application>exim4</application>, run the following command: "
17516
22523
"<screen>\n"
17518
22525
"</screen>"
17519
22526
msgstr ""
17520
22527
17521
#: serverguide/C/mail.xml:506(para)
22528
#: serverguide/C/mail.xml:502(para)
17522
22529
msgid ""
17523
22530
"To configure <application>Exim4</application>, run the following command:"
17524
22531
msgstr ""
17525
22532
17526
#: serverguide/C/mail.xml:510(command)
22533
#: serverguide/C/mail.xml:506(command)
17527
22534
msgid "sudo dpkg-reconfigure exim4-config"
17528
22535
msgstr ""
17529
22536
17530
#: serverguide/C/mail.xml:512(para)
22537
#: serverguide/C/mail.xml:508(para)
17531
22538
msgid ""
17532
22539
"The user interface will be displayed. The user interface lets you configure "
17533
22540
"many parameters. For example, In <application>Exim4</application> the "
17535
22542
"in one file you can configure accordingly in this user interface."
17536
22543
msgstr ""
17537
22544
17538
#: serverguide/C/mail.xml:520(para)
22545
#: serverguide/C/mail.xml:516(para)
17539
22546
msgid ""
17540
22547
"All the parameters you configure in the user interface are stored in "
17541
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17542
"re-configure, either you re-run the configuration wizard or manually edit "
17543
"this file using your favorite editor. Once you configure, you can run the "
22548
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
22549
"configure, either you re-run the configuration wizard or manually edit this "
22550
"file using your favorite editor. Once you configure, you can run the "
17544
22551
"following command to generate the master configuration file:"
17545
22552
msgstr ""
17546
22553
17547
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
22554
#: serverguide/C/mail.xml:527(command) serverguide/C/mail.xml:611(command)
17548
22555
msgid "sudo update-exim4.conf"
17549
22556
msgstr ""
17550
22557
17551
#: serverguide/C/mail.xml:533(para)
22558
#: serverguide/C/mail.xml:529(para)
17552
22559
msgid ""
17553
22560
"The master configuration file, is generated and it is stored in "
17554
22561
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17555
22562
msgstr ""
17556
22563
17557
#: serverguide/C/mail.xml:539(para)
22564
#: serverguide/C/mail.xml:535(para)
17558
22565
msgid ""
17559
22566
"At any time, you should not edit the master configuration file, "
17560
22567
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17561
22568
"updated automatically every time you run <command>update-exim4.conf</command>"
17562
22569
msgstr ""
17563
22570
17564
#: serverguide/C/mail.xml:547(para)
22571
#: serverguide/C/mail.xml:543(para)
17565
22572
msgid ""
17566
22573
"You can run the following command to start <application>Exim4</application> "
17567
22574
"daemon."
17568
22575
msgstr ""
17569
22576
17570
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
22577
#: serverguide/C/mail.xml:548(command) serverguide/C/mail.xml:999(command)
17571
22578
msgid "sudo /etc/init.d/exim4 start"
17572
22579
msgstr ""
17573
22580
17574
#: serverguide/C/mail.xml:557(para)
22581
#: serverguide/C/mail.xml:553(para)
17575
22582
msgid ""
17576
22583
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17577
22584
msgstr ""
17578
22585
17579
#: serverguide/C/mail.xml:560(para)
22586
#: serverguide/C/mail.xml:556(para)
17580
22587
msgid ""
17581
22588
"The first step is to create a certificate for use with TLS. Enter the "
17582
22589
"following into a terminal prompt:"
17583
22590
msgstr ""
17584
22591
17585
#: serverguide/C/mail.xml:564(command)
22592
#: serverguide/C/mail.xml:560(command)
17586
22593
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17587
22594
msgstr ""
17588
22595
17589
#: serverguide/C/mail.xml:566(para)
22596
#: serverguide/C/mail.xml:562(para)
17590
22597
msgid ""
17591
22598
"Now Exim4 needs to be configured for TLS by editing "
17592
22599
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17593
22600
"the following:"
17594
22601
msgstr ""
17595
22602
17596
#: serverguide/C/mail.xml:570(programlisting)
22603
#: serverguide/C/mail.xml:566(programlisting)
17597
22604
#, no-wrap
17598
22605
msgid ""
17599
22606
"\n"
17600
22607
"MAIN_TLS_ENABLE = yes\n"
17601
22608
msgstr ""
17602
22609
17603
#: serverguide/C/mail.xml:573(para)
22610
#: serverguide/C/mail.xml:569(para)
17604
22611
msgid ""
17605
22612
"Next you need to configure <application>Exim4</application> to use the "
17606
22613
"<application>saslauthd</application> for authentication. Edit "
17609
22616
"<emphasis>login_saslauthd_server</emphasis> sections:"
17610
22617
msgstr ""
17611
22618
17612
#: serverguide/C/mail.xml:578(programlisting)
22619
#: serverguide/C/mail.xml:574(programlisting)
17613
22620
#, no-wrap
17614
22621
msgid ""
17615
22622
"\n"
17635
22642
" .endif\n"
17636
22643
msgstr ""
17637
22644
17638
#: serverguide/C/mail.xml:600(para)
22645
#: serverguide/C/mail.xml:596(para)
22646
msgid ""
22647
"Additionally, in order for outside mail client to be able to connect to new "
22648
"exim server, new user needs to be added into exim by using the following "
22649
"commands."
22650
msgstr ""
22651
22652
#: serverguide/C/mail.xml:600(command)
22653
msgid "sudo /usr/share/doc/exim4/examples/exim-adduser"
22654
msgstr ""
22655
22656
#: serverguide/C/mail.xml:602(para)
22657
msgid ""
22658
"Users should protect the new exim password files with the following commands."
22659
msgstr ""
22660
22661
#: serverguide/C/mail.xml:604(command)
22662
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
22663
msgstr ""
22664
22665
#: serverguide/C/mail.xml:605(command)
22666
msgid "sudo chmod 640 /etc/exim4/passwd"
22667
msgstr ""
22668
22669
#: serverguide/C/mail.xml:607(para)
17639
22670
msgid "Finally, update the Exim4 configuration and restart the service:"
17640
22671
msgstr ""
17641
22672
17642
#: serverguide/C/mail.xml:605(command)
22673
#: serverguide/C/mail.xml:612(command)
17643
22674
msgid "sudo /etc/init.d/exim4 restart"
17644
22675
msgstr ""
17645
22676
17646
#: serverguide/C/mail.xml:610(para)
22677
#: serverguide/C/mail.xml:617(para)
17647
22678
msgid ""
17648
22679
"This section provides details on configuring the saslauthd to provide "
17649
22680
"authentication for <application>Exim4</application>."
17650
22681
msgstr ""
17651
22682
17652
#: serverguide/C/mail.xml:613(para)
22683
#: serverguide/C/mail.xml:620(para)
17653
22684
msgid ""
17654
22685
"The first step is to install the sasl2-bin package. From a terminal prompt "
17655
22686
"enter the following:"
17656
22687
msgstr ""
17657
22688
17658
#: serverguide/C/mail.xml:617(command)
22689
#: serverguide/C/mail.xml:624(command)
17659
22690
msgid "sudo apt-get install sasl2-bin"
17660
22691
msgstr ""
17661
22692
17662
#: serverguide/C/mail.xml:619(para)
22693
#: serverguide/C/mail.xml:626(para)
17663
22694
msgid ""
17664
22695
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17665
22696
"and set START=no to:"
17666
22697
msgstr ""
17667
22698
17668
#: serverguide/C/mail.xml:622(programlisting)
17669
#, no-wrap
17670
msgid ""
17671
"\n"
17672
"START=yes\n"
17673
msgstr ""
17674
17675
#: serverguide/C/mail.xml:625(para)
22699
#: serverguide/C/mail.xml:632(para)
17676
22700
msgid ""
17677
22701
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17678
22702
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17679
22703
"service:"
17680
22704
msgstr ""
17681
22705
17682
#: serverguide/C/mail.xml:630(command)
22706
#: serverguide/C/mail.xml:637(command)
17683
22707
msgid "sudo adduser Debian-exim sasl"
17684
22708
msgstr ""
17685
22709
17686
#: serverguide/C/mail.xml:632(para)
22710
#: serverguide/C/mail.xml:639(para)
17687
22711
msgid "Now start the <application>saslauthd</application> service:"
17688
22712
msgstr ""
17689
22713
17690
#: serverguide/C/mail.xml:636(command)
22714
#: serverguide/C/mail.xml:643(command)
17691
22715
msgid "sudo /etc/init.d/saslauthd start"
17692
22716
msgstr ""
17693
22717
17694
#: serverguide/C/mail.xml:638(para)
22718
#: serverguide/C/mail.xml:645(para)
17695
22719
msgid ""
17696
22720
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17697
22721
"and SASL authentication."
17698
22722
msgstr ""
17699
22723
17700
#: serverguide/C/mail.xml:647(para)
22724
#: serverguide/C/mail.xml:654(para)
17701
22725
msgid ""
17702
22726
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17703
22727
"information."
17704
22728
msgstr ""
17705
22729
17706
#: serverguide/C/mail.xml:652(para)
22730
#: serverguide/C/mail.xml:659(para)
17707
22731
msgid ""
17708
22732
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17709
22733
"server\">Exim4 Book</ulink> available."
17710
22734
msgstr ""
17711
22735
17712
#: serverguide/C/mail.xml:657(para)
22736
#: serverguide/C/mail.xml:664(para)
17713
22737
msgid ""
17714
22738
"Another resource is the <ulink "
17715
22739
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17716
22740
"page."
17717
22741
msgstr ""
17718
22742
17719
#: serverguide/C/mail.xml:666(title)
22743
#: serverguide/C/mail.xml:673(title)
17720
22744
msgid "Dovecot Server"
17721
22745
msgstr ""
17722
22746
17723
#: serverguide/C/mail.xml:667(para)
22747
#: serverguide/C/mail.xml:674(para)
17724
22748
msgid ""
17725
22749
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17726
22750
"security primarily in mind. It supports the major mailbox formats: mbox or "
17727
22751
"Maildir. This section explain how to set it up as an imap or pop3 server."
17728
22752
msgstr ""
17729
22753
17730
#: serverguide/C/mail.xml:675(para)
22754
#: serverguide/C/mail.xml:682(para)
17731
22755
msgid ""
17732
22756
"To install <application>dovecot</application>, run the following command in "
17733
22757
"the command prompt:"
17734
22758
msgstr ""
17735
22759
17736
#: serverguide/C/mail.xml:680(command)
22760
#: serverguide/C/mail.xml:687(command)
17737
22761
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17738
22762
msgstr ""
17739
22763
17740
#: serverguide/C/mail.xml:685(para)
22764
#: serverguide/C/mail.xml:692(para)
17741
22765
msgid ""
17742
22766
"To configure <application>dovecot</application>, you can edit the file "
17743
22767
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17749
22773
"link>."
17750
22774
msgstr ""
17751
22775
17752
#: serverguide/C/mail.xml:695(para)
22776
#: serverguide/C/mail.xml:702(para)
17753
22777
msgid ""
17754
22778
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17755
22779
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17756
22780
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17757
22781
msgstr ""
17758
22782
17759
#: serverguide/C/mail.xml:701(programlisting)
22783
#: serverguide/C/mail.xml:708(programlisting)
17760
22784
#, no-wrap
17761
22785
msgid ""
17762
22786
"\n"
17763
22787
"protocols = pop3 pop3s imap imaps\n"
17764
22788
msgstr ""
17765
22789
17766
#: serverguide/C/mail.xml:704(para)
22790
#: serverguide/C/mail.xml:711(para)
17767
22791
msgid ""
17768
22792
"Next, choose the mailbox you would like to use. "
17769
22793
"<application>Dovecot</application> supports <emphasis "
17774
22798
"site</ulink>."
17775
22799
msgstr ""
17776
22800
17777
#: serverguide/C/mail.xml:712(para)
22801
#: serverguide/C/mail.xml:719(para)
17778
22802
msgid ""
17779
22803
"Once you have chosen your mailbox type, edit the file "
17780
22804
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17781
22805
msgstr ""
17782
22806
17783
#: serverguide/C/mail.xml:717(programlisting)
22807
#: serverguide/C/mail.xml:724(programlisting)
17784
22808
#, no-wrap
17785
22809
msgid ""
17786
22810
"\n"
17789
22813
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17790
22814
msgstr ""
17791
22815
17792
#: serverguide/C/mail.xml:723(para)
22816
#: serverguide/C/mail.xml:730(para)
17793
22817
msgid ""
17794
22818
"You should configure your Mail Transport Agent (MTA) to transfer the "
17795
22819
"incoming mail to this type of mailbox if it is different from the one you "
17796
22820
"have configured."
17797
22821
msgstr ""
17798
22822
17799
#: serverguide/C/mail.xml:729(para)
22823
#: serverguide/C/mail.xml:736(para)
17800
22824
msgid ""
17801
22825
"Once you have configured dovecot, restart the "
17802
22826
"<application>dovecot</application> daemon in order to test your setup:"
17803
22827
msgstr ""
17804
22828
17805
#: serverguide/C/mail.xml:738(para)
22829
#: serverguide/C/mail.xml:745(para)
17806
22830
msgid ""
17807
22831
"If you have enabled imap, or pop3, you can also try to log in with the "
17808
22832
"commands <command>telnet localhost pop3</command> or <command>telnet "
17810
22834
"installation has been successful:"
17811
22835
msgstr ""
17812
22836
17813
#: serverguide/C/mail.xml:745(programlisting)
22837
#: serverguide/C/mail.xml:752(programlisting)
17814
22838
#, no-wrap
17815
22839
msgid ""
17816
22840
"\n"
17821
22845
"+OK Dovecot ready.\n"
17822
22846
msgstr ""
17823
22847
17824
#: serverguide/C/mail.xml:754(title)
22848
#: serverguide/C/mail.xml:761(title)
17825
22849
msgid "Dovecot SSL Configuration"
17826
22850
msgstr ""
17827
22851
17828
#: serverguide/C/mail.xml:755(para)
22852
#: serverguide/C/mail.xml:762(para)
17829
22853
msgid ""
17830
22854
"To configure <application>dovecot</application> to use SSL, you can edit the "
17831
22855
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17832
22856
"lines:"
17833
22857
msgstr ""
17834
22858
17835
#: serverguide/C/mail.xml:760(programlisting)
22859
#: serverguide/C/mail.xml:767(programlisting)
17836
22860
#, no-wrap
17837
22861
msgid ""
17838
22862
"\n"
17842
22866
"disable_plaintext_auth = no\n"
17843
22867
msgstr ""
17844
22868
17845
#: serverguide/C/mail.xml:766(para)
22869
#: serverguide/C/mail.xml:773(para)
17846
22870
msgid ""
17847
22871
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17848
22872
"can create self signed SSL certificate. The latter is a good option for "
17854
22878
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17855
22879
msgstr ""
17856
22880
17857
#: serverguide/C/mail.xml:781(title)
22881
#: serverguide/C/mail.xml:788(title)
17858
22882
msgid "Firewall Configuration for an Email Server"
17859
22883
msgstr ""
17860
22884
17861
#: serverguide/C/mail.xml:787(para)
22885
#: serverguide/C/mail.xml:794(para)
17862
22886
msgid "IMAP - 143"
17863
22887
msgstr ""
17864
22888
17865
#: serverguide/C/mail.xml:788(para)
22889
#: serverguide/C/mail.xml:795(para)
17866
22890
msgid "IMAPS - 993"
17867
22891
msgstr ""
17868
22892
17869
#: serverguide/C/mail.xml:789(para)
22893
#: serverguide/C/mail.xml:796(para)
17870
22894
msgid "POP3 - 110"
17871
22895
msgstr ""
17872
22896
17873
#: serverguide/C/mail.xml:790(para)
22897
#: serverguide/C/mail.xml:797(para)
17874
22898
msgid "POP3S - 995"
17875
22899
msgstr ""
17876
22900
17877
#: serverguide/C/mail.xml:782(para)
22901
#: serverguide/C/mail.xml:789(para)
17878
22902
msgid ""
17879
22903
"To access your mail server from another computer, you must configure your "
17880
22904
"firewall to allow connections to the server on the necessary ports. "
17881
22905
"<placeholder-1/>"
17882
22906
msgstr ""
17883
22907
17884
#: serverguide/C/mail.xml:799(para)
22908
#: serverguide/C/mail.xml:806(para)
17885
22909
msgid ""
17886
22910
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17887
22911
"more information."
17888
22912
msgstr ""
17889
22913
17890
#: serverguide/C/mail.xml:804(para)
22914
#: serverguide/C/mail.xml:811(para)
17891
22915
msgid ""
17892
22916
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17893
22917
"Ubuntu Wiki</ulink> page has more details."
17894
22918
msgstr ""
17895
22919
17896
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
22920
#: serverguide/C/mail.xml:820(title) serverguide/C/mail.xml:895(title) serverguide/C/mail.xml:1118(title)
17897
22921
msgid "Mailman"
17898
22922
msgstr ""
17899
22923
17900
#: serverguide/C/mail.xml:814(para)
22924
#: serverguide/C/mail.xml:821(para)
17901
22925
msgid ""
17902
22926
"Mailman is an open source program for managing electronic mail discussions "
17903
22927
"and e-newsletter lists. Many open source mailing lists (including all the "
17906
22930
"and maintain."
17907
22931
msgstr ""
17908
22932
17909
#: serverguide/C/mail.xml:824(para)
22933
#: serverguide/C/mail.xml:831(para)
17910
22934
msgid ""
17911
22935
"Mailman provides a web interface for the administrators and users, using an "
17912
22936
"external mail server to send and receive emails. It works perfectly with the "
17913
22937
"following mail servers:"
17914
22938
msgstr ""
17915
22939
17916
#: serverguide/C/mail.xml:835(application)
22940
#: serverguide/C/mail.xml:842(application)
17917
22941
msgid "Exim"
17918
22942
msgstr ""
17919
22943
17920
#: serverguide/C/mail.xml:838(application)
22944
#: serverguide/C/mail.xml:845(application)
17921
22945
msgid "Sendmail"
17922
22946
msgstr ""
17923
22947
17924
#: serverguide/C/mail.xml:841(application)
22948
#: serverguide/C/mail.xml:848(application)
17925
22949
msgid "Qmail"
17926
22950
msgstr ""
17927
22951
17928
#: serverguide/C/mail.xml:846(para)
22952
#: serverguide/C/mail.xml:853(para)
17929
22953
msgid ""
17930
22954
"We will see how to install and configure Mailman with, the Apache web "
17931
22955
"server, and either the Postfix or Exim mail server. If you wish to install "
17932
22956
"Mailman with a different mail server, please refer to the references section."
17933
22957
msgstr ""
17934
22958
17935
#: serverguide/C/mail.xml:853(para)
22959
#: serverguide/C/mail.xml:860(para)
17936
22960
msgid ""
17937
22961
"You only need to install one mail server and "
17938
22962
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17939
22963
msgstr ""
17940
22964
17941
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
22965
#: serverguide/C/mail.xml:865(title) serverguide/C/mail.xml:922(title)
17942
22966
msgid "Apache2"
17943
22967
msgstr ""
17944
22968
17945
#: serverguide/C/mail.xml:859(para)
22969
#: serverguide/C/mail.xml:866(para)
17946
22970
msgid ""
17947
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17948
"installation\">HTTPD Installation</ulink> section for details."
22971
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
22972
"details."
17949
22973
msgstr ""
17950
22974
17951
#: serverguide/C/mail.xml:867(para)
22975
#: serverguide/C/mail.xml:872(para)
17952
22976
msgid ""
17953
22977
"For instructions on installing and configuring Postfix refer to <xref "
17954
22978
"linkend=\"postfix\"/>"
17955
22979
msgstr ""
17956
22980
17957
#: serverguide/C/mail.xml:873(para)
22981
#: serverguide/C/mail.xml:878(para)
17958
22982
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17959
22983
msgstr ""
17960
22984
17961
#: serverguide/C/mail.xml:884(application)
17962
msgid "dc_use_split_config='true'"
17963
msgstr ""
17964
17965
#: serverguide/C/mail.xml:876(para)
22985
#: serverguide/C/mail.xml:881(para)
17966
22986
msgid ""
17967
22987
"Once exim4 is installed, the configuration files are stored in the "
17968
22988
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17969
22989
"configuration files are split across different files. You can change this "
17970
22990
"behavior by changing the following variable in the "
17971
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17972
msgstr ""
17973
17974
#: serverguide/C/mail.xml:891(para)
22991
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
22992
msgstr ""
22993
22994
#: serverguide/C/mail.xml:888(programlisting)
22995
#, no-wrap
22996
msgid ""
22997
"\n"
22998
"dc_use_split_config='true'\n"
22999
msgstr ""
23000
23001
#: serverguide/C/mail.xml:896(para)
17975
23002
msgid ""
17976
23003
"To install <application>Mailman</application>, run following command at a "
17977
23004
"terminal prompt:"
17978
23005
msgstr ""
17979
23006
17980
#: serverguide/C/mail.xml:895(command)
23007
#: serverguide/C/mail.xml:900(command)
17981
23008
msgid "sudo apt-get install mailman"
17982
23009
msgstr ""
17983
23010
17984
#: serverguide/C/mail.xml:897(para)
23011
#: serverguide/C/mail.xml:902(para)
17985
23012
msgid ""
17986
23013
"It copies the installation files in "
17987
23014
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17991
23018
"this user."
17992
23019
msgstr ""
17993
23020
17994
#: serverguide/C/mail.xml:909(para)
23021
#: serverguide/C/mail.xml:914(para)
17995
23022
msgid ""
17996
23023
"This section assumes you have successfully installed "
17997
23024
"<application>mailman</application>, <application>apache2</application>, and "
17999
23026
"you just need to configure them."
18000
23027
msgstr ""
18001
23028
18002
#: serverguide/C/mail.xml:918(para)
23029
#: serverguide/C/mail.xml:923(para)
18003
23030
msgid ""
18004
23031
"An example Apache configuration file comes with "
18005
23032
"<application>Mailman</application> and is placed in "
18008
23035
"available</filename>:"
18009
23036
msgstr ""
18010
23037
18011
#: serverguide/C/mail.xml:924(command)
23038
#: serverguide/C/mail.xml:929(command)
18012
23039
msgid ""
18013
23040
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18014
23041
msgstr ""
18015
23042
18016
#: serverguide/C/mail.xml:926(para)
23043
#: serverguide/C/mail.xml:931(para)
18017
23044
msgid ""
18018
23045
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18019
23046
"Mailman administration site. Now enable the new configuration and restart "
18020
23047
"Apache:"
18021
23048
msgstr ""
18022
23049
18023
#: serverguide/C/mail.xml:931(command)
23050
#: serverguide/C/mail.xml:936(command)
18024
23051
msgid "sudo a2ensite mailman.conf"
18025
23052
msgstr ""
18026
23053
18027
#: serverguide/C/mail.xml:934(para)
23054
#: serverguide/C/mail.xml:939(para)
18028
23055
msgid ""
18029
23056
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18030
23057
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18033
23060
"available/mailman.conf</filename> file if you wish to change this behavior."
18034
23061
msgstr ""
18035
23062
18036
#: serverguide/C/mail.xml:945(para)
23063
#: serverguide/C/mail.xml:950(para)
18037
23064
msgid ""
18038
23065
"For <application>Postfix</application> integration, we will associate the "
18039
23066
"domain lists.example.com with the mailing lists. Please replace "
18040
23067
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18041
23068
msgstr ""
18042
23069
18043
#: serverguide/C/mail.xml:949(para)
23070
#: serverguide/C/mail.xml:954(para)
18044
23071
msgid ""
18045
23072
"You can use the postconf command to add the necessary configuration to "
18046
23073
"<filename>/etc/postfix/main.cf</filename>:"
18047
23074
msgstr ""
18048
23075
18049
#: serverguide/C/mail.xml:953(command)
23076
#: serverguide/C/mail.xml:958(command)
18050
23077
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18051
23078
msgstr ""
18052
23079
18053
#: serverguide/C/mail.xml:954(command)
23080
#: serverguide/C/mail.xml:959(command)
18054
23081
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18055
23082
msgstr ""
18056
23083
18057
#: serverguide/C/mail.xml:955(command)
23084
#: serverguide/C/mail.xml:960(command)
18058
23085
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18059
23086
msgstr ""
18060
23087
18061
#: serverguide/C/mail.xml:957(para)
23088
#: serverguide/C/mail.xml:962(para)
18062
23089
msgid ""
18063
23090
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18064
23091
"the following transport:"
18065
23092
msgstr ""
18066
23093
18067
#: serverguide/C/mail.xml:960(programlisting)
23094
#: serverguide/C/mail.xml:965(programlisting)
18068
23095
#, no-wrap
18069
23096
msgid ""
18070
23097
"\n"
18073
23100
" ${nexthop} ${user}\n"
18074
23101
msgstr ""
18075
23102
18076
#: serverguide/C/mail.xml:965(para)
23103
#: serverguide/C/mail.xml:970(para)
18077
23104
msgid ""
18078
23105
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18079
23106
"is delivered to a list."
18080
23107
msgstr ""
18081
23108
18082
#: serverguide/C/mail.xml:968(para)
23109
#: serverguide/C/mail.xml:973(para)
18083
23110
msgid ""
18084
23111
"Associate the domain lists.example.com to the Mailman transport with the "
18085
23112
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18086
23113
msgstr ""
18087
23114
18088
#: serverguide/C/mail.xml:971(programlisting)
23115
#: serverguide/C/mail.xml:976(programlisting)
18089
23116
#, no-wrap
18090
23117
msgid ""
18091
23118
"\n"
18092
23119
"lists.example.com mailman:\n"
18093
23120
msgstr ""
18094
23121
18095
#: serverguide/C/mail.xml:974(para)
23122
#: serverguide/C/mail.xml:979(para)
18096
23123
msgid ""
18097
23124
"Now have <application>Postfix</application> build the transport map by "
18098
23125
"entering the following from a terminal prompt:"
18099
23126
msgstr ""
18100
23127
18101
#: serverguide/C/mail.xml:978(command)
23128
#: serverguide/C/mail.xml:983(command)
18102
23129
msgid "sudo postmap -v /etc/postfix/transport"
18103
23130
msgstr ""
18104
23131
18105
#: serverguide/C/mail.xml:980(para)
23132
#: serverguide/C/mail.xml:985(para)
18106
23133
msgid "Then restart Postfix to enable the new configurations:"
18107
23134
msgstr ""
18108
23135
18109
#: serverguide/C/mail.xml:989(para)
23136
#: serverguide/C/mail.xml:994(para)
18110
23137
msgid ""
18111
23138
"Once Exim4 is installed, you can start the Exim server using the following "
18112
23139
"command from a terminal prompt:"
18113
23140
msgstr ""
18114
23141
18115
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
23142
#: serverguide/C/mail.xml:1010(para) serverguide/C/mail.xml:1025(title)
18116
23143
msgid "Main"
18117
23144
msgstr ""
18118
23145
18119
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
23146
#: serverguide/C/mail.xml:1013(para) serverguide/C/mail.xml:1065(title)
18120
23147
msgid "Transport"
18121
23148
msgstr ""
18122
23149
18123
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
23150
#: serverguide/C/mail.xml:1016(para) serverguide/C/mail.xml:1088(title)
18124
23151
msgid "Router"
18125
23152
msgstr ""
18126
23153
18127
#: serverguide/C/mail.xml:996(para)
23154
#: serverguide/C/mail.xml:1001(para)
18128
23155
msgid ""
18129
23156
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18130
23157
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18136
23163
"is very important."
18137
23164
msgstr ""
18138
23165
18139
#: serverguide/C/mail.xml:1027(programlisting)
23166
#: serverguide/C/mail.xml:1032(programlisting)
18140
23167
#, no-wrap
18141
23168
msgid ""
18142
23169
"\n"
18170
23197
"# end\n"
18171
23198
msgstr ""
18172
23199
18173
#: serverguide/C/mail.xml:1021(para)
23200
#: serverguide/C/mail.xml:1026(para)
18174
23201
msgid ""
18175
23202
"All the configuration files belonging to the main type are stored in the "
18176
23203
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18178
23205
"config_mailman</filename>: <placeholder-1/>"
18179
23206
msgstr ""
18180
23207
18181
#: serverguide/C/mail.xml:1067(programlisting)
23208
#: serverguide/C/mail.xml:1072(programlisting)
18182
23209
#, no-wrap
18183
23210
msgid ""
18184
23211
"\n"
18196
23223
" group = MM_GID\n"
18197
23224
msgstr ""
18198
23225
18199
#: serverguide/C/mail.xml:1061(para)
23226
#: serverguide/C/mail.xml:1066(para)
18200
23227
msgid ""
18201
23228
"All the configuration files belonging to transport type are stored in the "
18202
23229
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18204
23231
"config_mailman</filename>: <placeholder-1/>"
18205
23232
msgstr ""
18206
23233
18207
#: serverguide/C/mail.xml:1088(programlisting)
23234
#: serverguide/C/mail.xml:1093(programlisting)
18208
23235
#, no-wrap
18209
23236
msgid ""
18210
23237
"\n"
18218
23245
" transport = mailman_transport\n"
18219
23246
msgstr ""
18220
23247
18221
#: serverguide/C/mail.xml:1084(para)
23248
#: serverguide/C/mail.xml:1089(para)
18222
23249
msgid ""
18223
23250
"All the configuration files belonging to router type are stored in the "
18224
23251
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18226
23253
"config_mailman</filename>: <placeholder-1/>"
18227
23254
msgstr ""
18228
23255
18229
#: serverguide/C/mail.xml:1101(para)
23256
#: serverguide/C/mail.xml:1106(para)
18230
23257
msgid ""
18231
23258
"The order of main and transport configuration files can be in any order. "
18232
23259
"But, the order of router configuration files must be the same. This "
18236
23263
"details, please refer to the references section."
18237
23264
msgstr ""
18238
23265
18239
#: serverguide/C/mail.xml:1114(para)
23266
#: serverguide/C/mail.xml:1119(para)
18240
23267
msgid ""
18241
23268
"Once mailman is installed, you can run it using the following command:"
18242
23269
msgstr ""
18243
23270
18244
#: serverguide/C/mail.xml:1118(command)
23271
#: serverguide/C/mail.xml:1123(command)
18245
23272
msgid "sudo /etc/init.d/mailman start"
18246
23273
msgstr ""
18247
23274
18248
#: serverguide/C/mail.xml:1120(para)
23275
#: serverguide/C/mail.xml:1125(para)
18249
23276
msgid ""
18250
23277
"Once mailman is installed, you should create the default mailing list. Run "
18251
23278
"the following command to create the mailing list:"
18252
23279
msgstr ""
18253
23280
18254
#: serverguide/C/mail.xml:1126(command)
23281
#: serverguide/C/mail.xml:1131(command)
18255
23282
msgid "sudo /usr/sbin/newlist mailman"
18256
23283
msgstr ""
18257
23284
18258
#: serverguide/C/mail.xml:1129(programlisting)
23285
#: serverguide/C/mail.xml:1134(programlisting)
18259
23286
#, no-wrap
18260
23287
msgid ""
18261
23288
"\n"
18286
23313
" # \n"
18287
23314
msgstr ""
18288
23315
18289
#: serverguide/C/mail.xml:1152(para)
23316
#: serverguide/C/mail.xml:1157(para)
18290
23317
msgid ""
18291
23318
"We have configured either Postfix or Exim4 to recognize all emails from "
18292
23319
"mailman. So, it is not mandatory to make any new entries in "
18295
23322
"continuing to next section."
18296
23323
msgstr ""
18297
23324
18298
#: serverguide/C/mail.xml:1160(para)
23325
#: serverguide/C/mail.xml:1165(para)
18299
23326
msgid ""
18300
23327
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18301
23328
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18303
23330
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18304
23331
msgstr ""
18305
23332
18306
#: serverguide/C/mail.xml:1171(title)
23333
#: serverguide/C/mail.xml:1176(title)
18307
23334
msgid "Administration"
18308
23335
msgstr ""
18309
23336
18310
#: serverguide/C/mail.xml:1172(para)
23337
#: serverguide/C/mail.xml:1177(para)
18311
23338
msgid ""
18312
23339
"We assume you have a default installation. The mailman cgi scripts are still "
18313
23340
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18315
23342
"point your browser to the following url:"
18316
23343
msgstr ""
18317
23344
18318
#: serverguide/C/mail.xml:1180(para)
23345
#: serverguide/C/mail.xml:1185(para)
18319
23346
msgid "http://hostname/cgi-bin/mailman/admin"
18320
23347
msgstr ""
18321
23348
18322
#: serverguide/C/mail.xml:1184(para)
23349
#: serverguide/C/mail.xml:1189(para)
18323
23350
msgid ""
18324
23351
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18325
23352
"screen. If you click the mailing list name, it will ask for your "
18330
23357
"mailing list using the web interface."
18331
23358
msgstr ""
18332
23359
18333
#: serverguide/C/mail.xml:1197(title)
23360
#: serverguide/C/mail.xml:1202(title)
18334
23361
msgid "Users"
18335
23362
msgstr ""
18336
23363
18337
#: serverguide/C/mail.xml:1198(para)
23364
#: serverguide/C/mail.xml:1203(para)
18338
23365
msgid ""
18339
23366
"Mailman provides a web based interface for users. To access this page, point "
18340
23367
"your browser to the following url:"
18341
23368
msgstr ""
18342
23369
18343
#: serverguide/C/mail.xml:1203(para)
23370
#: serverguide/C/mail.xml:1208(para)
18344
23371
msgid "http://hostname/cgi-bin/mailman/listinfo"
18345
23372
msgstr ""
18346
23373
18347
#: serverguide/C/mail.xml:1207(para)
23374
#: serverguide/C/mail.xml:1212(para)
18348
23375
msgid ""
18349
23376
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18350
23377
"screen. If you click the mailing list name, it will display the subscription "
18353
23380
"instructions in the email to subscribe."
18354
23381
msgstr ""
18355
23382
18356
#: serverguide/C/mail.xml:1219(ulink)
23383
#: serverguide/C/mail.xml:1224(ulink)
18357
23384
msgid "GNU Mailman - Installation Manual"
18358
23385
msgstr ""
18359
23386
18360
#: serverguide/C/mail.xml:1223(ulink)
23387
#: serverguide/C/mail.xml:1228(ulink)
18361
23388
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18362
23389
msgstr ""
18363
23390
18364
#: serverguide/C/mail.xml:1226(para)
23391
#: serverguide/C/mail.xml:1231(para)
18365
23392
msgid ""
18366
23393
"Also, see the <ulink "
18367
23394
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18368
23395
"Wiki</ulink> page."
18369
23396
msgstr ""
18370
23397
18371
#: serverguide/C/mail.xml:1232(title)
23398
#: serverguide/C/mail.xml:1237(title)
18372
23399
msgid "Mail Filtering"
18373
23400
msgstr ""
18374
23401
18375
#: serverguide/C/mail.xml:1233(para)
23402
#: serverguide/C/mail.xml:1238(para)
18376
23403
msgid ""
18377
23404
"One of the largest issues with email today is the problem of Unsolicited "
18378
23405
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18380
23407
"the bulk of all email traffic on the Internet."
18381
23408
msgstr ""
18382
23409
18383
#: serverguide/C/mail.xml:1238(para)
23410
#: serverguide/C/mail.xml:1243(para)
18384
23411
msgid ""
18385
23412
"This section will cover integrating <application>Amavisd-new</application>, "
18386
23413
"<application>Spamassassin</application>, and "
18394
23421
"spf</application>."
18395
23422
msgstr ""
18396
23423
18397
#: serverguide/C/mail.xml:1248(para)
23424
#: serverguide/C/mail.xml:1253(para)
18398
23425
msgid ""
18399
23426
"<application>Amavisd-new</application> is a wrapper program that can call "
18400
23427
"any number of content filtering programs for spam detection, antivirus, etc."
18401
23428
msgstr ""
18402
23429
18403
#: serverguide/C/mail.xml:1254(para)
23430
#: serverguide/C/mail.xml:1259(para)
18404
23431
msgid ""
18405
23432
"<application>Spamassassin</application> uses a variety of mechanisms to "
18406
23433
"filter email based on the message content."
18407
23434
msgstr ""
18408
23435
18409
#: serverguide/C/mail.xml:1259(para)
23436
#: serverguide/C/mail.xml:1264(para)
18410
23437
msgid ""
18411
23438
"<application>ClamAV</application> is an open source antivirus application."
18412
23439
msgstr ""
18413
23440
18414
#: serverguide/C/mail.xml:1264(para)
23441
#: serverguide/C/mail.xml:1269(para)
18415
23442
msgid ""
18416
23443
"<application>opendkim</application> implements a Sendmail Mail Filter "
18417
23444
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18418
23445
msgstr ""
18419
23446
18420
#: serverguide/C/mail.xml:1270(para)
23447
#: serverguide/C/mail.xml:1275(para)
18421
23448
msgid ""
18422
23449
"<application>python-policyd-spf</application> enables Sender Policy "
18423
23450
"Framework (SPF) checking with <application>Postfix</application>."
18424
23451
msgstr ""
18425
23452
18426
#: serverguide/C/mail.xml:1275(para)
23453
#: serverguide/C/mail.xml:1280(para)
18427
23454
msgid "This is how the pieces fit together:"
18428
23455
msgstr ""
18429
23456
18430
#: serverguide/C/mail.xml:1280(para)
23457
#: serverguide/C/mail.xml:1285(para)
18431
23458
msgid "An email message is accepted by <application>Postfix</application>."
18432
23459
msgstr ""
18433
23460
18434
#: serverguide/C/mail.xml:1285(para)
23461
#: serverguide/C/mail.xml:1290(para)
18435
23462
msgid ""
18436
23463
"The message is passed through any external filters "
18437
23464
"<application>opendkim</application> and <application>python-policyd-"
18438
23465
"spf</application> in this case."
18439
23466
msgstr ""
18440
23467
18441
#: serverguide/C/mail.xml:1291(para)
23468
#: serverguide/C/mail.xml:1296(para)
18442
23469
msgid "<application>Amavisd-new</application> then processes the message."
18443
23470
msgstr ""
18444
23471
18445
#: serverguide/C/mail.xml:1296(para)
23472
#: serverguide/C/mail.xml:1301(para)
18446
23473
msgid ""
18447
23474
"<application>ClamAV</application> is used to scan the message. If the "
18448
23475
"message contains a virus <application>Postfix</application> will reject the "
18449
23476
"message."
18450
23477
msgstr ""
18451
23478
18452
#: serverguide/C/mail.xml:1302(para)
23479
#: serverguide/C/mail.xml:1307(para)
18453
23480
msgid ""
18454
23481
"Clean messages will then be analyzed by "
18455
23482
"<application>Spamassassin</application> to find out if the message is spam. "
18458
23485
"message."
18459
23486
msgstr ""
18460
23487
18461
#: serverguide/C/mail.xml:1309(para)
23488
#: serverguide/C/mail.xml:1314(para)
18462
23489
msgid ""
18463
23490
"For example, if a message has a Spam score of over fifty the message could "
18464
23491
"be automatically dropped from the queue without the recipient ever having to "
18467
23494
"see fit."
18468
23495
msgstr ""
18469
23496
18470
#: serverguide/C/mail.xml:1316(para)
23497
#: serverguide/C/mail.xml:1321(para)
18471
23498
msgid ""
18472
23499
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18473
23500
"configuring Postfix."
18474
23501
msgstr ""
18475
23502
18476
#: serverguide/C/mail.xml:1319(para)
23503
#: serverguide/C/mail.xml:1324(para)
18477
23504
msgid ""
18478
23505
"To install the rest of the applications enter the following from a terminal "
18479
23506
"prompt:"
18480
23507
msgstr ""
18481
23508
18482
#: serverguide/C/mail.xml:1323(command)
23509
#: serverguide/C/mail.xml:1328(command)
18483
23510
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18484
23511
msgstr ""
18485
23512
18486
#: serverguide/C/mail.xml:1324(command)
18487
msgid "sudo apt-get install opendkim python-policyd-spf"
23513
#: serverguide/C/mail.xml:1329(command)
23514
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
18488
23515
msgstr ""
18489
23516
18490
#: serverguide/C/mail.xml:1326(para)
23517
#: serverguide/C/mail.xml:1331(para)
18491
23518
msgid ""
18492
23519
"There are some optional packages that integrate with "
18493
23520
"<application>Spamassassin</application> for better spam detection:"
18494
23521
msgstr ""
18495
23522
18496
#: serverguide/C/mail.xml:1330(command)
23523
#: serverguide/C/mail.xml:1335(command)
18497
23524
msgid "sudo apt-get install pyzor razor"
18498
23525
msgstr ""
18499
23526
18500
#: serverguide/C/mail.xml:1332(para)
23527
#: serverguide/C/mail.xml:1337(para)
18501
23528
msgid ""
18502
23529
"Along with the main filtering applications compression utilities are needed "
18503
23530
"to process some email attachments:"
18504
23531
msgstr ""
18505
23532
18506
#: serverguide/C/mail.xml:1336(command)
23533
#: serverguide/C/mail.xml:1341(command)
18507
23534
msgid ""
18508
23535
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18509
23536
msgstr ""
18510
23537
18511
#: serverguide/C/mail.xml:1339(para)
23538
#: serverguide/C/mail.xml:1344(para)
18512
23539
msgid ""
18513
23540
"If some packages are not found, check that the "
18514
23541
"<emphasis>multiverse</emphasis> repository is enabled in "
18515
23542
"<filename>/etc/apt/sources.list</filename>"
18516
23543
msgstr ""
18517
23544
18518
#: serverguide/C/mail.xml:1340(para)
23545
#: serverguide/C/mail.xml:1345(para)
18519
23546
msgid ""
18520
23547
"If you make changes to the file, be sure to run <command>sudo apt-get "
18521
23548
"update</command> before trying to install again."
18522
23549
msgstr ""
18523
23550
18524
#: serverguide/C/mail.xml:1345(para)
23551
#: serverguide/C/mail.xml:1350(para)
18525
23552
msgid "Now configure everything to work together and filter email."
18526
23553
msgstr ""
18527
23554
18528
#: serverguide/C/mail.xml:1349(title)
23555
#: serverguide/C/mail.xml:1354(title)
18529
23556
msgid "ClamAV"
18530
23557
msgstr ""
18531
23558
18532
#: serverguide/C/mail.xml:1350(para)
23559
#: serverguide/C/mail.xml:1355(para)
18533
23560
msgid ""
18534
23561
"The default behaviour of <application>ClamAV</application> will fit our "
18535
23562
"needs. For more ClamAV configuration options, check the configuration files "
18536
23563
"in <filename>/etc/clamav</filename>."
18537
23564
msgstr ""
18538
23565
18539
#: serverguide/C/mail.xml:1355(para)
23566
#: serverguide/C/mail.xml:1360(para)
18540
23567
msgid ""
18541
23568
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18542
23569
"group in order for <application>Amavisd-new</application> to have the "
18543
23570
"appropriate access to scan files:"
18544
23571
msgstr ""
18545
23572
18546
#: serverguide/C/mail.xml:1360(command)
23573
#: serverguide/C/mail.xml:1365(command)
18547
23574
msgid "sudo adduser clamav amavis"
18548
23575
msgstr ""
18549
23576
18550
#: serverguide/C/mail.xml:1364(title)
23577
#: serverguide/C/mail.xml:1366(command)
23578
msgid "sudo adduser amavis clamav"
23579
msgstr ""
23580
23581
#: serverguide/C/mail.xml:1370(title)
18551
23582
msgid "Spamassassin"
18552
23583
msgstr ""
18553
23584
18554
#: serverguide/C/mail.xml:1365(para)
23585
#: serverguide/C/mail.xml:1371(para)
18555
23586
msgid ""
18556
23587
"Spamassassin automatically detects optional components and will use them if "
18557
23588
"they are present. This means that there is no need to configure "
18558
23589
"<application>pyzor</application> and <application>razor</application>."
18559
23590
msgstr ""
18560
23591
18561
#: serverguide/C/mail.xml:1369(para)
23592
#: serverguide/C/mail.xml:1375(para)
18562
23593
msgid ""
18563
23594
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18564
23595
"<application>Spamassassin</application> daemon. Change "
18565
23596
"<emphasis>ENABLED=0</emphasis> to:"
18566
23597
msgstr ""
18567
23598
18568
#: serverguide/C/mail.xml:1373(programlisting)
23599
#: serverguide/C/mail.xml:1379(programlisting)
18569
23600
#, no-wrap
18570
23601
msgid ""
18571
23602
"\n"
18572
23603
"ENABLED=1\n"
18573
23604
msgstr ""
18574
23605
18575
#: serverguide/C/mail.xml:1376(para)
23606
#: serverguide/C/mail.xml:1382(para)
18576
23607
msgid "Now start the daemon:"
18577
23608
msgstr ""
18578
23609
18579
#: serverguide/C/mail.xml:1380(command)
23610
#: serverguide/C/mail.xml:1386(command)
18580
23611
msgid "sudo /etc/init.d/spamassassin start"
18581
23612
msgstr ""
18582
23613
18583
#: serverguide/C/mail.xml:1384(title)
23614
#: serverguide/C/mail.xml:1390(title)
18584
23615
msgid "Amavisd-new"
18585
23616
msgstr ""
18586
23617
18587
#: serverguide/C/mail.xml:1385(para)
23618
#: serverguide/C/mail.xml:1391(para)
18588
23619
msgid ""
18589
23620
"First activate spam and antivirus detection in <application>Amavisd-"
18590
23621
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18591
23622
"content_filter_mode</filename>:"
18592
23623
msgstr ""
18593
23624
18594
#: serverguide/C/mail.xml:1389(programlisting)
23625
#: serverguide/C/mail.xml:1395(programlisting)
18595
23626
#, no-wrap
18596
23627
msgid ""
18597
23628
"\n"
18622
23653
"1; # insure a defined return\n"
18623
23654
msgstr ""
18624
23655
18625
#: serverguide/C/mail.xml:1414(para)
23656
#: serverguide/C/mail.xml:1420(para)
18626
23657
msgid ""
18627
23658
"Bouncing spam can be a bad idea as the return address is often faked. "
18628
23659
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18630
23661
"D_BOUNCE, as follows:"
18631
23662
msgstr ""
18632
23663
18633
#: serverguide/C/mail.xml:1420(programlisting)
23664
#: serverguide/C/mail.xml:1426(programlisting)
18634
23665
#, no-wrap
18635
23666
msgid ""
18636
23667
"\n"
18637
23668
"$final_spam_destiny = D_DISCARD;\n"
18638
23669
msgstr ""
18639
23670
18640
#: serverguide/C/mail.xml:1424(para)
23671
#: serverguide/C/mail.xml:1430(para)
18641
23672
msgid ""
18642
23673
"Additionally, you may want to adjust the following options to flag more "
18643
23674
"messages as spam:"
18644
23675
msgstr ""
18645
23676
18646
#: serverguide/C/mail.xml:1428(programlisting)
23677
#: serverguide/C/mail.xml:1434(programlisting)
18647
23678
#, no-wrap
18648
23679
msgid ""
18649
23680
"\n"
18654
23685
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18655
23686
msgstr ""
18656
23687
18657
#: serverguide/C/mail.xml:1435(para)
23688
#: serverguide/C/mail.xml:1441(para)
18658
23689
msgid ""
18659
23690
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18660
23691
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18663
23694
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18664
23695
msgstr ""
18665
23696
18666
#: serverguide/C/mail.xml:1442(programlisting)
23697
#: serverguide/C/mail.xml:1448(programlisting)
18667
23698
#, no-wrap
18668
23699
msgid ""
18669
23700
"\n"
18671
23702
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18672
23703
msgstr ""
18673
23704
18674
#: serverguide/C/mail.xml:1447(para)
23705
#: serverguide/C/mail.xml:1453(para)
23706
msgid ""
23707
"If you want to cover multiple domains you can use the following in "
23708
"the<filename>/etc/amavis/conf.d/50-user</filename>"
23709
msgstr ""
23710
23711
#: serverguide/C/mail.xml:1456(programlisting)
23712
#, no-wrap
23713
msgid ""
23714
"\n"
23715
"@local_domains_acl = qw(.);\n"
23716
msgstr ""
23717
23718
#: serverguide/C/mail.xml:1460(para)
18675
23719
msgid ""
18676
23720
"After configuration <application>Amavisd-new</application> needs to be "
18677
23721
"restarted:"
18678
23722
msgstr ""
18679
23723
18680
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
23724
#: serverguide/C/mail.xml:1464(command) serverguide/C/mail.xml:1511(command)
18681
23725
msgid "sudo /etc/init.d/amavis restart"
18682
23726
msgstr ""
18683
23727
18684
#: serverguide/C/mail.xml:1454(title)
23728
#: serverguide/C/mail.xml:1467(title)
18685
23729
msgid "DKIM Whitelist"
18686
23730
msgstr ""
18687
23731
18688
#: serverguide/C/mail.xml:1456(para)
23732
#: serverguide/C/mail.xml:1469(para)
18689
23733
msgid ""
18690
23734
"<application>Amavisd-new</application> can be configured to automatically "
18691
23735
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18693
23737
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18694
23738
msgstr ""
18695
23739
18696
#: serverguide/C/mail.xml:1462(para)
23740
#: serverguide/C/mail.xml:1475(para)
18697
23741
msgid "There are multiple ways to configure the Whitelist for a domain:"
18698
23742
msgstr ""
18699
23743
18700
#: serverguide/C/mail.xml:1468(para)
23744
#: serverguide/C/mail.xml:1481(para)
18701
23745
msgid ""
18702
23746
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18703
23747
"address from the \"example.com\" domain."
18704
23748
msgstr ""
18705
23749
18706
#: serverguide/C/mail.xml:1473(para)
23750
#: serverguide/C/mail.xml:1486(para)
18707
23751
msgid ""
18708
23752
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18709
23753
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18710
23754
"have a valid signature."
18711
23755
msgstr ""
18712
23756
18713
#: serverguide/C/mail.xml:1479(para)
23757
#: serverguide/C/mail.xml:1492(para)
18714
23758
msgid ""
18715
23759
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18716
23760
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18717
23761
"role=\"italic\">example.com</emphasis> the parent domain."
18718
23762
msgstr ""
18719
23763
18720
#: serverguide/C/mail.xml:1485(para)
23764
#: serverguide/C/mail.xml:1498(para)
18721
23765
msgid ""
18722
23766
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18723
23767
"that have a valid signature from \"example.com\". This is usually used for "
18724
23768
"discussion groups that sign their messages."
18725
23769
msgstr ""
18726
23770
18727
#: serverguide/C/mail.xml:1492(para)
23771
#: serverguide/C/mail.xml:1505(para)
18728
23772
msgid ""
18729
"A domain can also have multiple Whitelist configurations. After, editing the "
18730
"file restart <application>amaisd-new</application>:"
23773
"A domain can also have multiple Whitelist configurations. After editing the "
23774
"file, restart <application>amavisd-new</application>:"
18731
23775
msgstr ""
18732
23776
18733
#: serverguide/C/mail.xml:1501(para)
23777
#: serverguide/C/mail.xml:1515(para)
18734
23778
msgid ""
18735
23779
"In this context, once a domain has been added to the Whitelist the message "
18736
23780
"will not receive any anti-virus or spam filtering. This may or may not be "
18737
23781
"the intended behavior you wish for a domain."
18738
23782
msgstr ""
18739
23783
18740
#: serverguide/C/mail.xml:1511(para)
23784
#: serverguide/C/mail.xml:1525(para)
18741
23785
msgid ""
18742
23786
"For <application>Postfix</application> integration, enter the following from "
18743
23787
"a terminal prompt:"
18744
23788
msgstr ""
18745
23789
18746
#: serverguide/C/mail.xml:1515(command)
23790
#: serverguide/C/mail.xml:1529(command)
18747
23791
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18748
23792
msgstr ""
18749
23793
18750
#: serverguide/C/mail.xml:1517(para)
23794
#: serverguide/C/mail.xml:1531(para)
18751
23795
msgid ""
18752
23796
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18753
23797
"to the end of the file:"
18754
23798
msgstr ""
18755
23799
18756
#: serverguide/C/mail.xml:1520(programlisting)
23800
#: serverguide/C/mail.xml:1534(programlisting)
18757
23801
#, no-wrap
18758
23802
msgid ""
18759
23803
"\n"
18785
23829
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18786
23830
msgstr ""
18787
23831
18788
#: serverguide/C/mail.xml:1547(para)
23832
#: serverguide/C/mail.xml:1561(para)
18789
23833
msgid ""
18790
23834
"Also add the following two lines immediately below the "
18791
23835
"<emphasis>\"pickup\"</emphasis> transport service:"
18792
23836
msgstr ""
18793
23837
18794
#: serverguide/C/mail.xml:1550(programlisting)
23838
#: serverguide/C/mail.xml:1564(programlisting)
18795
23839
#, no-wrap
18796
23840
msgid ""
18797
23841
"\n"
18799
23843
" -o receive_override_options=no_header_body_checks\n"
18800
23844
msgstr ""
18801
23845
18802
#: serverguide/C/mail.xml:1554(para)
23846
#: serverguide/C/mail.xml:1568(para)
18803
23847
msgid ""
18804
23848
"This will prevent messages that are generated to report on spam from being "
18805
23849
"classified as spam."
18806
23850
msgstr ""
18807
23851
18808
#: serverguide/C/mail.xml:1557(para)
23852
#: serverguide/C/mail.xml:1571(para)
18809
23853
msgid "Now restart <application>Postfix</application>:"
18810
23854
msgstr ""
18811
23855
18812
#: serverguide/C/mail.xml:1563(para)
23856
#: serverguide/C/mail.xml:1577(para)
18813
23857
msgid "Content filtering with spam and virus detection is now enabled."
18814
23858
msgstr ""
18815
23859
18816
#: serverguide/C/mail.xml:1569(title)
23860
#: serverguide/C/mail.xml:1583(title)
18817
23861
msgid "Amavisd-new and Spamassassin"
18818
23862
msgstr ""
18819
23863
18820
#: serverguide/C/mail.xml:1571(para)
23864
#: serverguide/C/mail.xml:1585(para)
18821
23865
msgid ""
18822
23866
"When integrating <application>Amavisd-new</application> with "
18823
23867
"<application>Spamassassin</application>, if you choose to disable the bayes "
18828
23872
"<application>cron</application> job."
18829
23873
msgstr ""
18830
23874
18831
#: serverguide/C/mail.xml:1578(para)
23875
#: serverguide/C/mail.xml:1592(para)
18832
23876
msgid "There are several ways to handle this situation:"
18833
23877
msgstr ""
18834
23878
18835
#: serverguide/C/mail.xml:1584(para)
23879
#: serverguide/C/mail.xml:1598(para)
18836
23880
msgid "Configure your MDA to filter messages you do not wish to see."
18837
23881
msgstr ""
18838
23882
18839
#: serverguide/C/mail.xml:1589(para)
23883
#: serverguide/C/mail.xml:1603(para)
18840
23884
msgid ""
18841
23885
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18842
23886
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18844
23888
"the top before the <emphasis>test</emphasis> statements:"
18845
23889
msgstr ""
18846
23890
18847
#: serverguide/C/mail.xml:1593(programlisting)
23891
#: serverguide/C/mail.xml:1607(programlisting)
18848
23892
#, no-wrap
18849
23893
msgid ""
18850
23894
"\n"
18852
23896
"exit 0\n"
18853
23897
msgstr ""
18854
23898
18855
#: serverguide/C/mail.xml:1603(para)
23899
#: serverguide/C/mail.xml:1617(para)
18856
23900
msgid ""
18857
23901
"First, test that the <application>Amavisd-new</application> SMTP is "
18858
23902
"listening:"
18859
23903
msgstr ""
18860
23904
18861
#: serverguide/C/mail.xml:1606(programlisting)
23905
#: serverguide/C/mail.xml:1620(programlisting)
18862
23906
#, no-wrap
18863
23907
msgid ""
18864
23908
"\n"
18870
23914
"^]\n"
18871
23915
msgstr ""
18872
23916
18873
#: serverguide/C/mail.xml:1614(para)
23917
#: serverguide/C/mail.xml:1628(para)
18874
23918
msgid ""
18875
23919
"In the Header of messages that go through the content filter you should see:"
18876
23920
msgstr ""
18877
23921
18878
#: serverguide/C/mail.xml:1617(programlisting)
23922
#: serverguide/C/mail.xml:1631(programlisting)
18879
23923
#, no-wrap
18880
23924
msgid ""
18881
23925
"\n"
18886
23930
"X-Spam-Level: \n"
18887
23931
msgstr ""
18888
23932
18889
#: serverguide/C/mail.xml:1624(para)
23933
#: serverguide/C/mail.xml:1638(para)
18890
23934
msgid ""
18891
23935
"Your output will vary, but the important thing is that there are <emphasis>X-"
18892
23936
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18893
23937
msgstr ""
18894
23938
18895
#: serverguide/C/mail.xml:1632(para)
23939
#: serverguide/C/mail.xml:1646(para)
18896
23940
msgid ""
18897
23941
"The best way to figure out why something is going wrong is to check the log "
18898
23942
"files."
18899
23943
msgstr ""
18900
23944
18901
#: serverguide/C/mail.xml:1637(para)
23945
#: serverguide/C/mail.xml:1651(para)
18902
23946
msgid ""
18903
23947
"For instructions on <application>Postfix</application> logging see the <xref "
18904
23948
"linkend=\"postfix-troubleshooting\"/> section."
18905
23949
msgstr ""
18906
23950
18907
#: serverguide/C/mail.xml:1643(para)
23951
#: serverguide/C/mail.xml:1657(para)
18908
23952
msgid ""
18909
23953
"<application>Amavisd-new</application> uses "
18910
23954
"<application>Syslog</application> to send messages to "
18914
23958
"1 to 5."
18915
23959
msgstr ""
18916
23960
18917
#: serverguide/C/mail.xml:1648(programlisting)
23961
#: serverguide/C/mail.xml:1662(programlisting)
18918
23962
#, no-wrap
18919
23963
msgid ""
18920
23964
"\n"
18921
23965
"$log_level = 2;\n"
18922
23966
msgstr ""
18923
23967
18924
#: serverguide/C/mail.xml:1652(para)
23968
#: serverguide/C/mail.xml:1666(para)
18925
23969
msgid ""
18926
23970
"When the <application>Amavisd-new</application> log output is increased "
18927
23971
"<application>Spamassassin</application> log output is also increased."
18928
23972
msgstr ""
18929
23973
18930
#: serverguide/C/mail.xml:1659(para)
23974
#: serverguide/C/mail.xml:1673(para)
18931
23975
msgid ""
18932
23976
"The <application>ClamAV</application> log level can be increased by editing "
18933
23977
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18934
23978
msgstr ""
18935
23979
18936
#: serverguide/C/mail.xml:1663(programlisting)
23980
#: serverguide/C/mail.xml:1677(programlisting)
18937
23981
#, no-wrap
18938
23982
msgid ""
18939
23983
"\n"
18940
23984
"LogVerbose true\n"
18941
23985
msgstr ""
18942
23986
18943
#: serverguide/C/mail.xml:1666(para)
23987
#: serverguide/C/mail.xml:1680(para)
18944
23988
msgid ""
18945
23989
"By default <application>ClamAV</application> will send log messages to "
18946
23990
"<filename>/var/log/clamav/clamav.log</filename>."
18947
23991
msgstr ""
18948
23992
18949
#: serverguide/C/mail.xml:1672(para)
23993
#: serverguide/C/mail.xml:1686(para)
18950
23994
msgid ""
18951
23995
"After changing an applications log settings remember to restart the service "
18952
23996
"for the new settings to take affect. Also, once the issue you are "
18954
23998
"back to normal."
18955
23999
msgstr ""
18956
24000
18957
#: serverguide/C/mail.xml:1680(para)
24001
#: serverguide/C/mail.xml:1694(para)
18958
24002
msgid "For more information on filtering mail see the following links:"
18959
24003
msgstr ""
18960
24004
18961
#: serverguide/C/mail.xml:1686(ulink)
24005
#: serverguide/C/mail.xml:1700(ulink)
18962
24006
msgid "Amavisd-new Documentation"
18963
24007
msgstr ""
18964
24008
18965
#: serverguide/C/mail.xml:1690(para)
24009
#: serverguide/C/mail.xml:1704(para)
18966
24010
msgid ""
18967
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
24011
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
18968
24012
"Documentation</ulink> and <ulink "
18969
24013
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18970
24014
msgstr ""
18971
24015
18972
#: serverguide/C/mail.xml:1697(ulink)
24016
#: serverguide/C/mail.xml:1711(ulink)
18973
24017
msgid "Spamassassin Wiki"
18974
24018
msgstr ""
18975
24019
18976
#: serverguide/C/mail.xml:1702(ulink)
24020
#: serverguide/C/mail.xml:1716(ulink)
18977
24021
msgid "Pyzor Homepage"
18978
24022
msgstr ""
18979
24023
18980
#: serverguide/C/mail.xml:1707(ulink)
24024
#: serverguide/C/mail.xml:1721(ulink)
18981
24025
msgid "Razor Homepage"
18982
24026
msgstr ""
18983
24027
18984
#: serverguide/C/mail.xml:1712(ulink)
24028
#: serverguide/C/mail.xml:1726(ulink)
18985
24029
msgid "DKIM.org"
18986
24030
msgstr ""
18987
24031
18988
#: serverguide/C/mail.xml:1717(ulink)
24032
#: serverguide/C/mail.xml:1731(ulink)
18989
24033
msgid "Postfix Amavis New"
18990
24034
msgstr ""
18991
24035
18992
#: serverguide/C/mail.xml:1721(para)
24036
#: serverguide/C/mail.xml:1735(para)
18993
24037
msgid ""
18994
24038
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18995
24039
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19001
24045
19002
24046
#: serverguide/C/lamp-applications.xml:19(para)
19003
24047
msgid ""
19004
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19005
"Ubuntu servers. There is a plethora of Open Source applications written "
19006
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19007
"Content Management Systems, and Management Software such as phpMyAdmin."
24048
"LAMP installations (Linux + Apache + MySQL + PHP/Perl/Python) are a popular "
24049
"setup for Ubuntu servers. There is a plethora of Open Source applications "
24050
"written using the LAMP application stack. Some popular LAMP applications are "
24051
"Wiki's, Content Management Systems, and Management Software such as "
24052
"phpMyAdmin."
19008
24053
msgstr ""
19009
24054
19010
24055
#: serverguide/C/lamp-applications.xml:26(para)
19011
24056
msgid ""
19012
24057
"One advantage of LAMP is the substantial flexibility for different database, "
19013
24058
"web server, and scripting languages. Popular substitutes for MySQL include "
19014
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19015
"instead of PHP."
24059
"PostgreSQL and SQLite. Python, Perl, and Ruby are also frequently used "
24060
"instead of PHP. While Nginx, Cherokee and Lighttpd can replace Apache."
19016
24061
msgstr ""
19017
24062
19018
24063
#: serverguide/C/lamp-applications.xml:32(para)
19019
24064
msgid ""
19020
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19021
"is:"
19022
msgstr ""
19023
19024
#: serverguide/C/lamp-applications.xml:38(para)
24065
"The fastest way to get started is to install LAMP using "
24066
"<application>tasksel</application>. Tasksel is a Debian/Ubuntu tool that "
24067
"installs multiple related packages as a co-ordinated \"task\" onto your "
24068
"system. To install a LAMP server:"
24069
msgstr ""
24070
24071
#: serverguide/C/lamp-applications.xml:43(command)
24072
msgid "sudo tasksel install lamp-server"
24073
msgstr ""
24074
24075
#: serverguide/C/lamp-applications.xml:48(para)
24076
msgid ""
24077
"After installing it you'll be able to install most <emphasis>LAMP</emphasis> "
24078
"applications in this way:"
24079
msgstr ""
24080
24081
#: serverguide/C/lamp-applications.xml:54(para)
19025
24082
msgid "Download an archive containing the application source files."
19026
24083
msgstr ""
19027
24084
19028
#: serverguide/C/lamp-applications.xml:43(para)
24085
#: serverguide/C/lamp-applications.xml:59(para)
19029
24086
msgid ""
19030
24087
"Unpack the archive, usually in a directory accessible to a web server."
19031
24088
msgstr ""
19032
24089
19033
#: serverguide/C/lamp-applications.xml:48(para)
24090
#: serverguide/C/lamp-applications.xml:64(para)
19034
24091
msgid ""
19035
24092
"Depending on where the source was extracted, configure a web server to serve "
19036
24093
"the files."
19037
24094
msgstr ""
19038
24095
19039
#: serverguide/C/lamp-applications.xml:53(para)
24096
#: serverguide/C/lamp-applications.xml:69(para)
19040
24097
msgid "Configure the application to connect to the database."
19041
24098
msgstr ""
19042
24099
19043
#: serverguide/C/lamp-applications.xml:58(para)
24100
#: serverguide/C/lamp-applications.xml:74(para)
19044
24101
msgid ""
19045
24102
"Run a script, or browse to a page of the application, to install the "
19046
24103
"database needed by the application."
19047
24104
msgstr ""
19048
24105
19049
#: serverguide/C/lamp-applications.xml:63(para)
24106
#: serverguide/C/lamp-applications.xml:79(para)
19050
24107
msgid ""
19051
24108
"Once the steps above, or similar steps, are completed you are ready to begin "
19052
24109
"using the application."
19053
24110
msgstr ""
19054
24111
19055
#: serverguide/C/lamp-applications.xml:69(para)
24112
#: serverguide/C/lamp-applications.xml:85(para)
19056
24113
msgid ""
19057
24114
"A disadvantage of using this approach is that the application files are not "
19058
24115
"placed in the file system in a standard way, which can cause confusion as to "
19061
24118
"install the application is needed to apply updates."
19062
24119
msgstr ""
19063
24120
19064
#: serverguide/C/lamp-applications.xml:76(para)
24121
#: serverguide/C/lamp-applications.xml:92(para)
19065
24122
msgid ""
19066
24123
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19067
24124
"packaged for Ubuntu, and are available for installation in the same way as "
19069
24126
"and setup steps may be needed, however."
19070
24127
msgstr ""
19071
24128
19072
#: serverguide/C/lamp-applications.xml:82(para)
19073
msgid ""
19074
"This section covers howto install and configure the Wiki applications "
19075
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19076
"and the MySQL management application <application>phpMyAdmin</application>."
19077
msgstr ""
19078
19079
#: serverguide/C/lamp-applications.xml:88(para)
19080
msgid ""
19081
"A Wiki is a website that allows the visitors to easily add, remove and "
19082
"modify available content easily. The ease of interaction and operation makes "
19083
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19084
"also referred to the collaborative software."
19085
msgstr ""
19086
19087
#: serverguide/C/lamp-applications.xml:100(title)
24129
#: serverguide/C/lamp-applications.xml:98(para)
24130
msgid ""
24131
"This section covers how to install some <emphasis>LAMP</emphasis> "
24132
"applications."
24133
msgstr ""
24134
24135
#: serverguide/C/lamp-applications.xml:104(title)
19088
24136
msgid "Moin Moin"
19089
24137
msgstr "Moin Moin"
19090
24138
19091
#: serverguide/C/lamp-applications.xml:102(para)
24139
#: serverguide/C/lamp-applications.xml:106(para)
19092
24140
msgid ""
19093
24141
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19094
24142
"engine, and licensed under the GNU GPL."
19095
24143
msgstr ""
19096
24144
19097
#: serverguide/C/lamp-applications.xml:110(para)
24145
#: serverguide/C/lamp-applications.xml:114(para)
19098
24146
msgid ""
19099
24147
"To install <application>MoinMoin</application>, run the following command in "
19100
24148
"the command prompt:"
19101
24149
msgstr ""
19102
24150
19103
#: serverguide/C/lamp-applications.xml:116(command)
24151
#: serverguide/C/lamp-applications.xml:120(command)
19104
24152
msgid "sudo apt-get install python-moinmoin"
19105
24153
msgstr "sudo apt-get install python-moinmoin"
19106
24154
19107
#: serverguide/C/lamp-applications.xml:119(para)
24155
#: serverguide/C/lamp-applications.xml:123(para)
19108
24156
msgid ""
19109
24157
"You should also install <application>apache2</application> web server. For "
19110
24158
"installing <application>apache2</application> web server, please refer to "
19112
24160
"linkend=\"httpd\"/> section."
19113
24161
msgstr ""
19114
24162
19115
#: serverguide/C/lamp-applications.xml:130(para)
24163
#: serverguide/C/lamp-applications.xml:134(para)
19116
24164
msgid ""
19117
24165
"For configuring your first Wiki application, please run the following set of "
19118
24166
"commands. Let us assume that you are creating a Wiki named "
19119
24167
"<emphasis>mywiki</emphasis>:"
19120
24168
msgstr ""
19121
24169
19122
#: serverguide/C/lamp-applications.xml:137(command)
24170
#: serverguide/C/lamp-applications.xml:141(command)
19123
24171
msgid "cd /usr/share/moin"
19124
24172
msgstr ""
19125
24173
19126
#: serverguide/C/lamp-applications.xml:138(command)
24174
#: serverguide/C/lamp-applications.xml:142(command)
19127
24175
msgid "sudo mkdir mywiki"
19128
24176
msgstr ""
19129
24177
19130
#: serverguide/C/lamp-applications.xml:139(command)
24178
#: serverguide/C/lamp-applications.xml:143(command)
19131
24179
msgid "sudo cp -R data mywiki"
19132
24180
msgstr ""
19133
24181
19134
#: serverguide/C/lamp-applications.xml:140(command)
24182
#: serverguide/C/lamp-applications.xml:144(command)
19135
24183
msgid "sudo cp -R underlay mywiki"
19136
24184
msgstr ""
19137
24185
19138
#: serverguide/C/lamp-applications.xml:141(command)
24186
#: serverguide/C/lamp-applications.xml:145(command)
19139
24187
msgid "sudo cp server/moin.cgi mywiki"
19140
24188
msgstr ""
19141
24189
19142
#: serverguide/C/lamp-applications.xml:142(command)
24190
#: serverguide/C/lamp-applications.xml:146(command)
19143
24191
msgid "sudo chown -R www-data.www-data mywiki"
19144
24192
msgstr ""
19145
24193
19146
#: serverguide/C/lamp-applications.xml:143(command)
24194
#: serverguide/C/lamp-applications.xml:147(command)
19147
24195
msgid "sudo chmod -R ug+rwX mywiki"
19148
24196
msgstr ""
19149
24197
19150
#: serverguide/C/lamp-applications.xml:144(command)
24198
#: serverguide/C/lamp-applications.xml:148(command)
19151
24199
msgid "sudo chmod -R o-rwx mywiki"
19152
24200
msgstr ""
19153
24201
19154
#: serverguide/C/lamp-applications.xml:147(para)
24202
#: serverguide/C/lamp-applications.xml:151(para)
19155
24203
msgid ""
19156
24204
"Now you should configure <application>MoinMoin</application> to find your "
19157
24205
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19159
24207
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19160
24208
msgstr ""
19161
24209
19162
#: serverguide/C/lamp-applications.xml:155(programlisting)
24210
#: serverguide/C/lamp-applications.xml:159(programlisting)
19163
24211
#, no-wrap
19164
24212
msgid "data_dir = '/org/mywiki/data'"
19165
24213
msgstr ""
19166
24214
19167
#: serverguide/C/lamp-applications.xml:157(para)
24215
#: serverguide/C/lamp-applications.xml:161(para)
19168
24216
msgid "to"
19169
24217
msgstr "við"
19170
24218
19171
#: serverguide/C/lamp-applications.xml:161(programlisting)
24219
#: serverguide/C/lamp-applications.xml:165(programlisting)
19172
24220
#, no-wrap
19173
24221
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19174
24222
msgstr ""
19175
24223
19176
#: serverguide/C/lamp-applications.xml:163(para)
24224
#: serverguide/C/lamp-applications.xml:167(para)
19177
24225
msgid ""
19178
24226
"Also, below the <emphasis>data_dir</emphasis> option add the "
19179
24227
"<emphasis>data_underlay_dir</emphasis>:"
19180
24228
msgstr ""
19181
24229
19182
#: serverguide/C/lamp-applications.xml:167(programlisting)
24230
#: serverguide/C/lamp-applications.xml:171(programlisting)
19183
24231
#, no-wrap
19184
24232
msgid ""
19185
24233
"\n"
19186
24234
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19187
24235
msgstr ""
19188
24236
19189
#: serverguide/C/lamp-applications.xml:172(para)
24237
#: serverguide/C/lamp-applications.xml:176(para)
19190
24238
msgid ""
19191
24239
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19192
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19193
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19194
"change."
24240
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
24241
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
24242
"mentioned change."
19195
24243
msgstr ""
19196
24244
19197
#: serverguide/C/lamp-applications.xml:181(para)
24245
#: serverguide/C/lamp-applications.xml:184(para)
19198
24246
msgid ""
19199
24247
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19200
24248
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19202
24250
"<quote>(\"mywiki\", r\".*\")</quote>."
19203
24251
msgstr ""
19204
24252
19205
#: serverguide/C/lamp-applications.xml:189(para)
24253
#: serverguide/C/lamp-applications.xml:192(para)
19206
24254
msgid ""
19207
24255
"Once you have configured <application>MoinMoin</application> to find your "
19208
24256
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19210
24258
"application."
19211
24259
msgstr ""
19212
24260
19213
#: serverguide/C/lamp-applications.xml:196(para)
24261
#: serverguide/C/lamp-applications.xml:199(para)
19214
24262
msgid ""
19215
24263
"You should add the following lines in <filename>/etc/apache2/sites-"
19216
24264
"available/default</filename> file inside the <quote><VirtualHost "
19217
24265
"*></quote> tag:"
19218
24266
msgstr ""
19219
24267
19220
#: serverguide/C/lamp-applications.xml:202(programlisting)
24268
#: serverguide/C/lamp-applications.xml:205(programlisting)
19221
24269
#, no-wrap
19222
24270
msgid ""
19223
24271
"\n"
19224
24272
"### moin\n"
19225
24273
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19226
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
24274
" alias /moin_static193 \"/usr/share/moin/htdocs\"\n"
19227
24275
" <Directory /usr/share/moin/htdocs>\n"
19228
24276
" Order allow,deny\n"
19229
24277
" allow from all\n"
19231
24279
"### end moin\n"
19232
24280
msgstr ""
19233
24281
19234
#: serverguide/C/lamp-applications.xml:214(para)
19235
msgid ""
19236
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19237
"<emphasis>alias</emphasis> line above, to the "
19238
"<application>moinmoin</application> version installed."
19239
msgstr ""
19240
19241
#: serverguide/C/lamp-applications.xml:220(para)
24282
#: serverguide/C/lamp-applications.xml:216(para)
19242
24283
msgid ""
19243
24284
"Once you configure the <application>apache2</application> web server and "
19244
24285
"make it ready for your Wiki application, you should restart it. You can run "
19246
24287
"server:"
19247
24288
msgstr ""
19248
24289
19249
#: serverguide/C/lamp-applications.xml:233(title)
24290
#: serverguide/C/lamp-applications.xml:229(title) serverguide/C/installation.xml:1255(title)
19250
24291
msgid "Verification"
19251
24292
msgstr ""
19252
24293
19253
#: serverguide/C/lamp-applications.xml:235(para)
24294
#: serverguide/C/lamp-applications.xml:231(para)
19254
24295
msgid ""
19255
24296
"You can verify the Wiki application and see if it works by pointing your web "
19256
24297
"browser to the following URL:"
19257
24298
msgstr ""
19258
24299
19259
#: serverguide/C/lamp-applications.xml:239(programlisting)
24300
#: serverguide/C/lamp-applications.xml:235(programlisting)
19260
24301
#, no-wrap
19261
24302
msgid ""
19262
24303
"\n"
19263
24304
"http://localhost/mywiki\n"
19264
24305
msgstr ""
19265
24306
19266
#: serverguide/C/lamp-applications.xml:243(para)
19267
msgid ""
19268
"You can also run the test command by pointing your web browser to the "
19269
"following URL:"
19270
msgstr ""
19271
19272
#: serverguide/C/lamp-applications.xml:248(programlisting)
19273
#, no-wrap
19274
msgid ""
19275
"\n"
19276
"http://localhost/mywiki?action=test\n"
19277
msgstr ""
19278
19279
#: serverguide/C/lamp-applications.xml:252(para)
24307
#: serverguide/C/lamp-applications.xml:239(para)
19280
24308
msgid ""
19281
24309
"For more details, please refer to the <ulink "
19282
24310
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19283
24311
msgstr ""
19284
24312
19285
#: serverguide/C/lamp-applications.xml:263(para)
24313
#: serverguide/C/lamp-applications.xml:250(para)
19286
24314
msgid ""
19287
24315
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19288
24316
"Wiki</ulink>."
19289
24317
msgstr ""
19290
24318
19291
#: serverguide/C/lamp-applications.xml:268(para)
24319
#: serverguide/C/lamp-applications.xml:255(para)
19292
24320
msgid ""
19293
24321
"Also, see the <ulink "
19294
24322
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19295
24323
"MoinMoin</ulink> page."
19296
24324
msgstr ""
19297
24325
19298
#: serverguide/C/lamp-applications.xml:277(title)
24326
#: serverguide/C/lamp-applications.xml:264(title)
19299
24327
msgid "MediaWiki"
19300
24328
msgstr "MediaWiki"
19301
24329
19302
#: serverguide/C/lamp-applications.xml:279(para)
24330
#: serverguide/C/lamp-applications.xml:266(para)
19303
24331
msgid ""
19304
24332
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19305
24333
"either use <application>MySQL</application> or "
19306
24334
"<application>PostgreSQL</application> Database Management System."
19307
24335
msgstr ""
19308
24336
19309
#: serverguide/C/lamp-applications.xml:289(para)
24337
#: serverguide/C/lamp-applications.xml:276(para)
19310
24338
msgid ""
19311
24339
"Before installing <application>MediaWiki</application> you should also "
19312
24340
"install <application>Apache2</application>, the "
19317
24345
"installation instructions."
19318
24346
msgstr ""
19319
24347
19320
#: serverguide/C/lamp-applications.xml:297(para)
24348
#: serverguide/C/lamp-applications.xml:284(para)
19321
24349
msgid ""
19322
24350
"To install <application>MediaWiki</application>, run the following command "
19323
24351
"in the command prompt:"
19324
24352
msgstr ""
19325
24353
19326
#: serverguide/C/lamp-applications.xml:303(command)
24354
#: serverguide/C/lamp-applications.xml:290(command)
19327
24355
msgid "sudo apt-get install mediawiki php5-gd"
19328
24356
msgstr "sudo apt-get install mediawiki php5-gd"
19329
24357
19330
#: serverguide/C/lamp-applications.xml:306(para)
24358
#: serverguide/C/lamp-applications.xml:293(para)
19331
24359
msgid ""
19332
24360
"For additional <application>MediaWiki</application> functionality see the "
19333
24361
"<application>mediawiki-extensions</application> package."
19334
24362
msgstr ""
19335
24363
19336
#: serverguide/C/lamp-applications.xml:316(para)
24364
#: serverguide/C/lamp-applications.xml:303(para)
19337
24365
msgid ""
19338
24366
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19339
24367
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19341
24369
"MediaWiki application."
19342
24370
msgstr ""
19343
24371
19344
#: serverguide/C/lamp-applications.xml:324(screen)
24372
#: serverguide/C/lamp-applications.xml:311(screen)
19345
24373
#, no-wrap
19346
24374
msgid ""
19347
24375
"\n"
19348
24376
"# Alias /mediawiki /var/lib/mediawiki\n"
19349
24377
msgstr ""
19350
24378
19351
#: serverguide/C/lamp-applications.xml:328(para)
24379
#: serverguide/C/lamp-applications.xml:315(para)
19352
24380
msgid ""
19353
24381
"After you uncomment the above line, restart Apache server and access "
19354
24382
"MediaWiki using the following url:"
19355
24383
msgstr ""
19356
24384
19357
#: serverguide/C/lamp-applications.xml:333(programlisting)
24385
#: serverguide/C/lamp-applications.xml:320(programlisting)
19358
24386
#, no-wrap
19359
24387
msgid ""
19360
24388
"\n"
19361
24389
"http://localhost/mediawiki/config/index.php\n"
19362
24390
msgstr ""
19363
24391
19364
#: serverguide/C/lamp-applications.xml:338(para)
24392
#: serverguide/C/lamp-applications.xml:325(para)
19365
24393
msgid ""
19366
24394
"Please read the <quote>Checking environment...</quote> section in this page. "
19367
24395
"You should be able to fix many issues by carefully reading this section."
19368
24396
msgstr ""
19369
24397
19370
#: serverguide/C/lamp-applications.xml:345(para)
24398
#: serverguide/C/lamp-applications.xml:332(para)
19371
24399
msgid ""
19372
24400
"Once the configuration is complete, you should copy the "
19373
24401
"<filename>LocalSettings.php</filename> file to "
19374
24402
"<filename>/etc/mediawiki</filename> directory:"
19375
24403
msgstr ""
19376
24404
19377
#: serverguide/C/lamp-applications.xml:352(command)
24405
#: serverguide/C/lamp-applications.xml:339(command)
19378
24406
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19379
24407
msgstr ""
19380
24408
19381
#: serverguide/C/lamp-applications.xml:355(para)
24409
#: serverguide/C/lamp-applications.xml:342(para)
19382
24410
msgid ""
19383
24411
"You may also want to edit "
19384
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
24412
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
24413
"memory limit (disabled by default):"
19385
24414
msgstr ""
19386
24415
19387
#: serverguide/C/lamp-applications.xml:360(programlisting)
24416
#: serverguide/C/lamp-applications.xml:347(programlisting)
19388
24417
#, no-wrap
19389
24418
msgid ""
19390
24419
"\n"
19391
24420
"ini_set( 'memory_limit', '64M' );\n"
19392
24421
msgstr ""
19393
24422
19394
#: serverguide/C/lamp-applications.xml:367(title)
24423
#: serverguide/C/lamp-applications.xml:354(title)
19395
24424
msgid "Extensions"
19396
24425
msgstr ""
19397
24426
19398
#: serverguide/C/lamp-applications.xml:368(para)
24427
#: serverguide/C/lamp-applications.xml:355(para)
19399
24428
msgid ""
19400
24429
"The extensions add new features and enhancements for the MediaWiki "
19401
24430
"application. The extensions give wiki administrators and end users the "
19402
24431
"ability to customize MediaWiki to their requirements."
19403
24432
msgstr ""
19404
24433
19405
#: serverguide/C/lamp-applications.xml:374(para)
24434
#: serverguide/C/lamp-applications.xml:361(para)
19406
24435
msgid ""
19407
24436
"You can download MediaWiki extensions as an archive file or checkout from "
19408
24437
"the Subversion repository. You should copy it to "
19411
24440
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19412
24441
msgstr ""
19413
24442
19414
#: serverguide/C/lamp-applications.xml:382(programlisting)
24443
#: serverguide/C/lamp-applications.xml:369(programlisting)
19415
24444
#, no-wrap
19416
24445
msgid ""
19417
24446
"\n"
19418
24447
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19419
24448
msgstr ""
19420
24449
19421
#: serverguide/C/lamp-applications.xml:392(para)
24450
#: serverguide/C/lamp-applications.xml:379(para)
19422
24451
msgid ""
19423
24452
"For more details, please refer to the <ulink "
19424
24453
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19425
24454
msgstr ""
19426
24455
19427
#: serverguide/C/lamp-applications.xml:398(para)
24456
#: serverguide/C/lamp-applications.xml:385(para)
19428
24457
msgid ""
19429
24458
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19430
24459
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19431
24460
"new MediaWiki administrators."
19432
24461
msgstr ""
19433
24462
19434
#: serverguide/C/lamp-applications.xml:404(para)
24463
#: serverguide/C/lamp-applications.xml:391(para)
19435
24464
msgid ""
19436
24465
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19437
24466
"Wiki MediaWiki</ulink> page is a good resource."
19438
24467
msgstr ""
19439
24468
19440
#: serverguide/C/lamp-applications.xml:414(title)
24469
#: serverguide/C/lamp-applications.xml:401(title)
19441
24470
msgid "phpMyAdmin"
19442
24471
msgstr ""
19443
24472
19444
#: serverguide/C/lamp-applications.xml:416(para)
24473
#: serverguide/C/lamp-applications.xml:403(para)
19445
24474
msgid ""
19446
24475
"<application>phpMyAdmin</application> is a LAMP application specifically "
19447
24476
"written for administering <application>MySQL</application> servers. Written "
19449
24478
"phpMyAdmin provides a graphical interface for database administration tasks."
19450
24479
msgstr ""
19451
24480
19452
#: serverguide/C/lamp-applications.xml:425(para)
24481
#: serverguide/C/lamp-applications.xml:412(para)
19453
24482
msgid ""
19454
24483
"Before installing <application>phpMyAdmin</application> you will need access "
19455
24484
"to a <application>MySQL</application> database either on the same host as "
19458
24487
"enter:"
19459
24488
msgstr ""
19460
24489
19461
#: serverguide/C/lamp-applications.xml:432(command)
24490
#: serverguide/C/lamp-applications.xml:419(command)
19462
24491
msgid "sudo apt-get install phpmyadmin"
19463
24492
msgstr ""
19464
24493
19465
#: serverguide/C/lamp-applications.xml:435(para)
24494
#: serverguide/C/lamp-applications.xml:422(para)
19466
24495
msgid ""
19467
24496
"At the prompt choose which web server to be configured for "
19468
24497
"<application>phpMyAdmin</application>. The rest of this section will use "
19469
24498
"<application>Apache2</application> for the web server."
19470
24499
msgstr ""
19471
24500
19472
#: serverguide/C/lamp-applications.xml:440(para)
24501
#: serverguide/C/lamp-applications.xml:427(para)
19473
24502
msgid ""
19474
24503
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19475
24504
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19479
24508
"password."
19480
24509
msgstr ""
19481
24510
19482
#: serverguide/C/lamp-applications.xml:447(para)
24511
#: serverguide/C/lamp-applications.xml:434(para)
19483
24512
msgid ""
19484
24513
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19485
24514
"needed, create users, create/destroy databases and tables, etc."
19486
24515
msgstr ""
19487
24516
19488
#: serverguide/C/lamp-applications.xml:455(para)
24517
#: serverguide/C/lamp-applications.xml:442(para)
19489
24518
msgid ""
19490
24519
"The configuration files for <application>phpMyAdmin</application> are "
19491
24520
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19494
24523
"<application>phpMyAdmin</application>."
19495
24524
msgstr ""
19496
24525
19497
#: serverguide/C/lamp-applications.xml:461(para)
24526
#: serverguide/C/lamp-applications.xml:448(para)
19498
24527
msgid ""
19499
24528
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19500
24529
"hosted on another server, adjust the following in "
19501
24530
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19502
24531
msgstr ""
19503
24532
19504
#: serverguide/C/lamp-applications.xml:466(programlisting)
24533
#: serverguide/C/lamp-applications.xml:453(programlisting)
19505
24534
#, no-wrap
19506
24535
msgid ""
19507
24536
"\n"
19508
24537
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19509
24538
msgstr ""
19510
24539
19511
#: serverguide/C/lamp-applications.xml:471(para)
24540
#: serverguide/C/lamp-applications.xml:458(para)
19512
24541
msgid ""
19513
24542
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19514
24543
"remote database server name or IP address. Also, be sure that the "
19516
24545
"remote database."
19517
24546
msgstr ""
19518
24547
19519
#: serverguide/C/lamp-applications.xml:477(para)
24548
#: serverguide/C/lamp-applications.xml:464(para)
19520
24549
msgid ""
19521
24550
"Once configured, log out of <application>phpMyAdmin</application> and back "
19522
24551
"in, and you should be accessing the new server."
19523
24552
msgstr ""
19524
24553
19525
#: serverguide/C/lamp-applications.xml:481(para)
24554
#: serverguide/C/lamp-applications.xml:468(para)
19526
24555
msgid ""
19527
24556
"The <filename>config.header.inc.php</filename> and "
19528
24557
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19529
24558
"header and footer to <application>phpMyAdmin</application>."
19530
24559
msgstr ""
19531
24560
19532
#: serverguide/C/lamp-applications.xml:486(para)
24561
#: serverguide/C/lamp-applications.xml:473(para)
19533
24562
msgid ""
19534
24563
"Another important configuration file is "
19535
24564
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19541
24570
"linkend=\"httpd\"/>."
19542
24571
msgstr ""
19543
24572
19544
#: serverguide/C/lamp-applications.xml:500(para)
24573
#: serverguide/C/lamp-applications.xml:487(para)
19545
24574
msgid ""
19546
24575
"The <application>phpMyAdmin</application> documentation comes installed with "
19547
24576
"the package and can be accessed from the <emphasis>phpMyAdmin "
19550
24579
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19551
24580
msgstr ""
19552
24581
19553
#: serverguide/C/lamp-applications.xml:507(para)
24582
#: serverguide/C/lamp-applications.xml:494(para)
19554
24583
msgid ""
19555
24584
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19556
24585
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19557
24586
msgstr ""
19558
24587
19559
#: serverguide/C/lamp-applications.xml:512(para)
24588
#: serverguide/C/lamp-applications.xml:499(para)
19560
24589
msgid ""
19561
24590
"A third resource is the <ulink "
19562
24591
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19579
24608
"This guide assumes you have a basic understanding of your Ubuntu system. "
19580
24609
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19581
24610
"but if you need detailed instructions installing Ubuntu please refer to the "
19582
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
24611
"<ulink url=\"https://help.ubuntu.com/12.04/installation-guide/\">Ubuntu "
19583
24612
"Installation Guide</ulink>."
19584
24613
msgstr ""
19585
24614
19586
24615
#: serverguide/C/introduction.xml:25(para)
19587
24616
msgid ""
19588
24617
"A HTML version of the manual is available online at <ulink "
19589
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19590
"HTML files are also available in the <application>ubuntu-"
19591
"serverguide</application> package. See <xref linkend=\"package-"
19592
"management\"/> for details on installing packages."
19593
msgstr ""
19594
19595
#: serverguide/C/introduction.xml:32(para)
19596
msgid ""
19597
"If you choose to install the <application>ubuntu-serverguide</application> "
19598
"you can view this document from a console by:"
19599
msgstr ""
19600
19601
#: serverguide/C/introduction.xml:36(command)
19602
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19603
msgstr ""
19604
19605
#: serverguide/C/introduction.xml:39(para)
19606
msgid ""
19607
"If you are using a localized version of Ubuntu, replace "
19608
"<emphasis>C</emphasis> with your language localization (e.g. "
19609
"<emphasis>en_GB</emphasis>)."
19610
msgstr ""
19611
19612
#: serverguide/C/introduction.xml:53(title)
24618
"url=\"https://help.ubuntu.com\">the Ubuntu Documentation website</ulink>."
24619
msgstr ""
24620
24621
#: serverguide/C/introduction.xml:31(title)
19613
24622
msgid "Support"
19614
24623
msgstr ""
19615
24624
19616
#: serverguide/C/introduction.xml:55(para)
24625
#: serverguide/C/introduction.xml:33(para)
19617
24626
msgid ""
19618
24627
"There are a couple of different ways that Ubuntu Server Edition is "
19619
24628
"supported, commercial support and community support. The main commercial "
19624
24633
"page."
19625
24634
msgstr ""
19626
24635
19627
#: serverguide/C/introduction.xml:62(para)
24636
#: serverguide/C/introduction.xml:40(para)
19628
24637
msgid ""
19629
24638
"Community support is also provided by dedicated individuals, and companies, "
19630
24639
"that wish to make Ubuntu the best distribution possible. Support is provided "
19637
24646
19638
24647
#: serverguide/C/installation.xml:14(para)
19639
24648
msgid ""
19640
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
24649
"This chapter provides a quick overview of installing Ubuntu 12.04 LTS Server "
19641
24650
"Edition. For more detailed instructions, please refer to the <ulink "
19642
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
24651
"url=\"https://help.ubuntu.com/12.04/installation-guide/\">Ubuntu "
19643
24652
"Installation Guide</ulink>."
19644
24653
msgstr ""
19645
24654
19659
24668
19660
24669
#: serverguide/C/installation.xml:25(para)
19661
24670
msgid ""
19662
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19663
"and AMD64. The table below lists recommended hardware specifications. "
19664
"Depending on your needs, you might manage with less than this. However, most "
19665
"users risk being frustrated if they ignore these suggestions."
24671
"Ubuntu 12.04 LTS Server Edition supports three (3) major architectures: "
24672
"Intel x86, AMD64 and ARM. The table below lists recommended hardware "
24673
"specifications. Depending on your needs, you might manage with less than "
24674
"this. However, most users risk being frustrated if they ignore these "
24675
"suggestions."
19666
24676
msgstr ""
19667
24677
19668
#: serverguide/C/installation.xml:27(title)
24678
#: serverguide/C/installation.xml:28(title)
19669
24679
msgid "Recommended Minimum Requirements"
19670
24680
msgstr ""
19671
24681
19672
#: serverguide/C/installation.xml:35(para)
24682
#: serverguide/C/installation.xml:37(para)
19673
24683
msgid "Install Type"
19674
24684
msgstr ""
19675
24685
19676
#: serverguide/C/installation.xml:36(para)
24686
#: serverguide/C/installation.xml:39(para)
19677
24687
msgid "RAM"
19678
24688
msgstr ""
19679
24689
19680
#: serverguide/C/installation.xml:37(para)
24690
#: serverguide/C/installation.xml:40(para)
19681
24691
msgid "Hard Drive Space"
19682
24692
msgstr ""
19683
24693
19684
#: serverguide/C/installation.xml:40(para)
24694
#: serverguide/C/installation.xml:43(para)
19685
24695
msgid "Base System"
19686
24696
msgstr ""
19687
24697
19688
#: serverguide/C/installation.xml:41(para)
24698
#: serverguide/C/installation.xml:44(para)
19689
24699
msgid "All Tasks Installed"
19690
24700
msgstr ""
19691
24701
19692
#: serverguide/C/installation.xml:46(para)
24702
#: serverguide/C/installation.xml:49(para)
19693
24703
msgid "Server"
19694
24704
msgstr "Þjónn"
19695
24705
19696
#: serverguide/C/installation.xml:47(para)
24706
#: serverguide/C/installation.xml:50(para)
24707
msgid "300 megahertz"
24708
msgstr ""
24709
24710
#: serverguide/C/installation.xml:51(para)
19697
24711
msgid "128 megabytes"
19698
24712
msgstr ""
19699
24713
19700
#: serverguide/C/installation.xml:48(para)
24714
#: serverguide/C/installation.xml:52(para)
19701
24715
msgid "500 megabytes"
19702
24716
msgstr ""
19703
24717
19704
#: serverguide/C/installation.xml:49(para)
24718
#: serverguide/C/installation.xml:53(para)
19705
24719
msgid "1 gigabyte"
19706
24720
msgstr ""
19707
24721
19708
#: serverguide/C/installation.xml:54(para)
24722
#: serverguide/C/installation.xml:58(para)
19709
24723
msgid ""
19710
24724
"The Server Edition provides a common base for all sorts of server "
19711
24725
"applications. It is a minimalist design providing a platform for the desired "
19712
24726
"services, such as file/print services, web hosting, email hosting, etc."
19713
24727
msgstr ""
19714
24728
19715
#: serverguide/C/installation.xml:60(para)
24729
#: serverguide/C/installation.xml:64(para)
19716
24730
msgid ""
19717
"The requirements for UEC are slightly different for Front End requirements "
19718
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
24731
"The requirements for UEC are slightly different; for Front End requirements "
24732
"see <xref linkend=\"uec-frontend-requirements\"/>, and for UEC Node "
19719
24733
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19720
24734
msgstr ""
19721
24735
19722
#: serverguide/C/installation.xml:68(title)
24736
#: serverguide/C/installation.xml:72(title)
19723
24737
msgid "Server and Desktop Differences"
19724
24738
msgstr ""
19725
24739
19726
#: serverguide/C/installation.xml:69(para)
24740
#: serverguide/C/installation.xml:73(para)
19727
24741
msgid ""
19728
24742
"There are a few differences between the <emphasis>Ubuntu Server "
19729
24743
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19730
24744
"should be noted that both editions use the same "
19731
"<application>apt</application> repositories. Making it just as easy to "
24745
"<application>apt</application> repositories, making it just as easy to "
19732
24746
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19733
24747
"Desktop Edition as it is on the Server Edition."
19734
24748
msgstr ""
19735
24749
19736
#: serverguide/C/installation.xml:75(para)
24750
#: serverguide/C/installation.xml:79(para)
19737
24751
msgid ""
19738
24752
"The differences between the two editions are the lack of an X window "
19739
24753
"environment in the Server Edition, the installation process, and different "
19740
24754
"Kernel options."
19741
24755
msgstr ""
19742
24756
19743
#: serverguide/C/installation.xml:82(title)
24757
#: serverguide/C/installation.xml:86(title)
19744
24758
msgid "Kernel Differences:"
19745
24759
msgstr ""
19746
24760
19747
#: serverguide/C/installation.xml:85(para)
24761
#: serverguide/C/installation.xml:89(para)
19748
24762
msgid ""
19749
24763
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19750
24764
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19751
24765
"Edition."
19752
24766
msgstr ""
19753
24767
19754
#: serverguide/C/installation.xml:91(para)
24768
#: serverguide/C/installation.xml:95(para)
19755
24769
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19756
24770
msgstr ""
19757
24771
19758
#: serverguide/C/installation.xml:96(para)
24772
#: serverguide/C/installation.xml:100(para)
19759
24773
msgid ""
19760
24774
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19761
24775
"Desktop Edition."
19762
24776
msgstr ""
19763
24777
19764
#: serverguide/C/installation.xml:102(para)
24778
#: serverguide/C/installation.xml:106(para)
19765
24779
msgid ""
19766
24780
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19767
24781
"limited by memory addressing space."
19768
24782
msgstr ""
19769
24783
19770
#: serverguide/C/installation.xml:107(para)
24784
#: serverguide/C/installation.xml:111(para)
19771
24785
msgid ""
19772
24786
"To see all kernel configuration options you can look through "
19773
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19774
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19775
"is a great resource on the options available."
24787
"<filename>/boot/config-3.2.0-server</filename>. Also, <ulink "
24788
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
24789
"great resource on the options available."
19776
24790
msgstr ""
19777
24791
19778
#: serverguide/C/installation.xml:116(title)
24792
#: serverguide/C/installation.xml:120(title)
19779
24793
msgid "Backing Up"
19780
24794
msgstr ""
19781
24795
19782
#: serverguide/C/installation.xml:119(para)
24796
#: serverguide/C/installation.xml:123(para)
19783
24797
msgid ""
19784
24798
"Before installing <application>Ubuntu Server Edition</application> you "
19785
24799
"should make sure all data on the system is backed up. See <xref "
19786
24800
"linkend=\"backups\"/> for backup options."
19787
24801
msgstr ""
19788
24802
19789
#: serverguide/C/installation.xml:123(para)
24803
#: serverguide/C/installation.xml:127(para)
19790
24804
msgid ""
19791
24805
"If this is not the first time an operating system has been installed on your "
19792
24806
"computer, it is likely you will need to re-partition your disk to make room "
19793
24807
"for Ubuntu."
19794
24808
msgstr ""
19795
24809
19796
#: serverguide/C/installation.xml:127(para)
24810
#: serverguide/C/installation.xml:131(para)
19797
24811
msgid ""
19798
24812
"Any time you partition your disk, you should be prepared to lose everything "
19799
24813
"on the disk should you make a mistake or something goes wrong during "
19801
24815
"have seen years of use, but they also perform destructive actions."
19802
24816
msgstr ""
19803
24817
19804
#: serverguide/C/installation.xml:139(title)
24818
#: serverguide/C/installation.xml:143(title)
19805
24819
msgid "Installing from CD"
19806
24820
msgstr ""
19807
24821
19808
#: serverguide/C/installation.xml:140(para)
24822
#: serverguide/C/installation.xml:144(para)
19809
24823
msgid ""
19810
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19811
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19812
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19813
"a graphical installation program. Instead the Server Edition uses a console "
19814
"menu based process."
24824
"The basic steps to install Ubuntu Server Edition from CD are the same as "
24825
"those for installing any operating system from CD. Unlike the "
24826
"<emphasis>Desktop Edition</emphasis>, the <emphasis>Server "
24827
"Edition</emphasis> does not include a graphical installation program. The "
24828
"Server Edition uses a console menu based process instead."
19815
24829
msgstr ""
19816
24830
19817
#: serverguide/C/installation.xml:147(para)
24831
#: serverguide/C/installation.xml:151(para)
19818
24832
msgid ""
19819
24833
"First, download and burn the appropriate ISO file from the <ulink "
19820
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
24834
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
24835
"site</ulink>."
19821
24836
msgstr ""
19822
24837
19823
#: serverguide/C/installation.xml:153(para)
24838
#: serverguide/C/installation.xml:157(para)
19824
24839
msgid "Boot the system from the CD-ROM drive."
19825
24840
msgstr ""
19826
24841
19827
#: serverguide/C/installation.xml:158(para)
19828
msgid ""
19829
"At the boot prompt you will be asked to select the language. Afterwards the "
19830
"installation process begins by asking for your keyboard layout."
24842
#: serverguide/C/installation.xml:162(para)
24843
msgid "At the boot prompt you will be asked to select a language."
19831
24844
msgstr ""
19832
24845
19833
#: serverguide/C/installation.xml:164(para)
24846
#: serverguide/C/installation.xml:167(para)
19834
24847
msgid ""
19835
24848
"From the main boot menu there are some additional options to install Ubuntu "
19836
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19837
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19838
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19839
"will cover the basic Ubuntu Server install."
19840
msgstr ""
19841
19842
#: serverguide/C/installation.xml:172(para)
24849
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
24850
"defects, check the system's RAM, boot from first hard disk, or rescue a "
24851
"broken system. The rest of this section will cover the basic Ubuntu Server "
24852
"install."
24853
msgstr ""
24854
24855
#: serverguide/C/installation.xml:174(para)
24856
msgid ""
24857
"The installer asks for which language it should use. Afterwards, you are "
24858
"asked to select your location."
24859
msgstr ""
24860
24861
#: serverguide/C/installation.xml:180(para)
24862
msgid ""
24863
"Next, the installation process begins by asking for your keyboard layout. "
24864
"You can ask the installer to attempt auto-detecting it, or you can select it "
24865
"manually from a list."
24866
msgstr ""
24867
24868
#: serverguide/C/installation.xml:186(para)
19843
24869
msgid ""
19844
24870
"The installer then discovers your hardware configuration, and configures the "
19845
24871
"network settings using DHCP. If you do not wish to use DHCP at the next "
19847
24873
"network manually\"."
19848
24874
msgstr ""
19849
24875
19850
#: serverguide/C/installation.xml:179(para)
24876
#: serverguide/C/installation.xml:193(para)
19851
24877
msgid "Next, the installer asks for the system's hostname and Time Zone."
19852
24878
msgstr ""
19853
24879
19854
#: serverguide/C/installation.xml:184(para)
24880
#: serverguide/C/installation.xml:198(para)
19855
24881
msgid ""
19856
24882
"You can then choose from several options to configure the hard drive layout. "
19857
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
24883
"Afterwards you are asked for which disk to install to. You may get "
24884
"confirmation prompts before rewriting the partition table or setting up LVM "
24885
"depending on disk layout. If you choose LVM, you will be asked for the size "
24886
"of the root logical volume. For advanced disk options see <xref "
24887
"linkend=\"advanced-installation\"/>."
19858
24888
msgstr ""
19859
24889
19860
#: serverguide/C/installation.xml:190(para)
24890
#: serverguide/C/installation.xml:206(para)
19861
24891
msgid "The Ubuntu base system is then installed."
19862
24892
msgstr ""
19863
24893
19864
#: serverguide/C/installation.xml:195(para)
24894
#: serverguide/C/installation.xml:211(para)
19865
24895
msgid ""
19866
"A new user is setup, this user will have <emphasis>root</emphasis> access "
24896
"A new user is set up; this user will have <emphasis>root</emphasis> access "
19867
24897
"through the <application>sudo</application> utility."
19868
24898
msgstr ""
19869
24899
19870
#: serverguide/C/installation.xml:201(para)
24900
#: serverguide/C/installation.xml:217(para)
19871
24901
msgid ""
19872
"After the user is setup, you will be asked to encrypt your <filename "
19873
"role=\"directory\">home</filename> directory."
24902
"After the user settings have been completed, you will be asked to encrypt "
24903
"your <filename role=\"directory\">home</filename> directory."
19874
24904
msgstr ""
19875
24905
19876
#: serverguide/C/installation.xml:207(para)
24906
#: serverguide/C/installation.xml:223(para)
19877
24907
msgid ""
19878
24908
"The next step in the installation process is to decide how you want to "
19879
24909
"update the system. There are three options:"
19880
24910
msgstr ""
19881
24911
19882
#: serverguide/C/installation.xml:213(para)
24912
#: serverguide/C/installation.xml:229(para)
19883
24913
msgid ""
19884
24914
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19885
24915
"log into the machine and manually install updates."
19886
24916
msgstr ""
19887
24917
19888
#: serverguide/C/installation.xml:219(para)
24918
#: serverguide/C/installation.xml:235(para)
19889
24919
msgid ""
19890
"<emphasis>Install security updates Automatically</emphasis>: will install "
19891
"the <application>unattended-upgrades</application> package, which will "
19892
"install security updates without the intervention of an administrator. For "
19893
"more details see <xref linkend=\"automatic-updates\"/>."
24920
"<emphasis>Install security updates automatically</emphasis>: this will "
24921
"install the <application>unattended-upgrades</application> package, which "
24922
"will install security updates without the intervention of an administrator. "
24923
"For more details see <xref linkend=\"automatic-updates\"/>."
19894
24924
msgstr ""
19895
24925
19896
#: serverguide/C/installation.xml:226(para)
24926
#: serverguide/C/installation.xml:242(para)
19897
24927
msgid ""
19898
24928
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19899
24929
"service provided by Canonical to help manage your Ubuntu machines. See the "
19901
24931
"site for details."
19902
24932
msgstr ""
19903
24933
19904
#: serverguide/C/installation.xml:235(para)
24934
#: serverguide/C/installation.xml:251(para)
19905
24935
msgid ""
19906
24936
"You now have the option to install, or not install, several package tasks. "
19907
24937
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19909
24939
"install. For more information see <xref linkend=\"aptitude\"/>."
19910
24940
msgstr ""
19911
24941
19912
#: serverguide/C/installation.xml:243(para)
24942
#: serverguide/C/installation.xml:259(para)
19913
24943
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19914
24944
msgstr ""
19915
24945
19916
#: serverguide/C/installation.xml:249(para)
24946
#: serverguide/C/installation.xml:265(para)
19917
24947
msgid ""
19918
24948
"If at any point during installation you are not satisfied by the default "
19919
24949
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19921
24951
"settings."
19922
24952
msgstr ""
19923
24953
19924
#: serverguide/C/installation.xml:254(para)
24954
#: serverguide/C/installation.xml:270(para)
19925
24955
msgid ""
19926
24956
"At some point during the installation process you may want to read the help "
19927
24957
"screen provided by the installation system. To do this, press F1."
19928
24958
msgstr ""
19929
24959
19930
#: serverguide/C/installation.xml:259(para)
24960
#: serverguide/C/installation.xml:275(para)
19931
24961
msgid ""
19932
24962
"Once again, for detailed instructions see the <ulink "
19933
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
24963
"url=\"https://help.ubuntu.com/12.04/installation-guide/\"> Ubuntu "
19934
24964
"Installation Guide</ulink>."
19935
24965
msgstr ""
19936
24966
19937
#: serverguide/C/installation.xml:265(title)
24967
#: serverguide/C/installation.xml:281(title)
19938
24968
msgid "Package Tasks"
19939
24969
msgstr ""
19940
24970
19941
#: serverguide/C/installation.xml:266(para)
24971
#: serverguide/C/installation.xml:282(para)
19942
24972
msgid ""
19943
24973
"During the Server Edition installation you have the option of installing "
19944
24974
"additional packages from the CD. The packages are grouped by the type of "
19945
24975
"service they provide."
19946
24976
msgstr ""
19947
24977
19948
#: serverguide/C/installation.xml:272(para)
19949
msgid "Cloud computing: Walrus storage service"
19950
msgstr ""
19951
19952
#: serverguide/C/installation.xml:277(para)
19953
msgid "Cloud computing: all-in-one cluster"
19954
msgstr ""
19955
19956
#: serverguide/C/installation.xml:282(para)
19957
msgid "Cloud computing: Cluster controller"
19958
msgstr ""
19959
19960
#: serverguide/C/installation.xml:287(para)
19961
msgid "Cloud computing: Node controller"
19962
msgstr ""
19963
19964
#: serverguide/C/installation.xml:292(para)
19965
msgid "Cloud computing: Storage controller"
19966
msgstr ""
19967
19968
#: serverguide/C/installation.xml:297(para)
19969
msgid "Cloud computing: top-level cloud controller"
19970
msgstr ""
19971
19972
#: serverguide/C/installation.xml:302(para)
24978
#: serverguide/C/installation.xml:288(para)
19973
24979
msgid "DNS server: Selects the BIND DNS server and its documentation."
19974
24980
msgstr ""
19975
24981
19976
#: serverguide/C/installation.xml:307(para)
24982
#: serverguide/C/installation.xml:293(para)
19977
24983
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19978
24984
msgstr ""
19979
24985
19980
#: serverguide/C/installation.xml:312(para)
24986
#: serverguide/C/installation.xml:298(para)
19981
24987
msgid ""
19982
"Mail server: This task selects a variety of package useful for a general "
24988
"Mail server: This task selects a variety of packages useful for a general "
19983
24989
"purpose mail server system."
19984
24990
msgstr ""
19985
24991
19986
#: serverguide/C/installation.xml:317(para)
24992
#: serverguide/C/installation.xml:303(para)
19987
24993
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19988
24994
msgstr ""
19989
24995
19990
#: serverguide/C/installation.xml:322(para)
24996
#: serverguide/C/installation.xml:308(para)
19991
24997
msgid ""
19992
24998
"PostgreSQL database: This task selects client and server packages for the "
19993
24999
"PostgreSQL database."
19994
25000
msgstr ""
19995
25001
19996
#: serverguide/C/installation.xml:327(para)
25002
#: serverguide/C/installation.xml:313(para)
19997
25003
msgid "Print server: This task sets up your system to be a print server."
19998
25004
msgstr ""
19999
25005
20000
#: serverguide/C/installation.xml:332(para)
25006
#: serverguide/C/installation.xml:318(para)
20001
25007
msgid ""
20002
25008
"Samba File server: This task sets up your system to be a Samba file server, "
20003
25009
"which is especially suitable in networks with both Windows and Linux systems."
20004
25010
msgstr ""
20005
25011
20006
#: serverguide/C/installation.xml:338(para)
20007
msgid ""
20008
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20009
"etc."
20010
msgstr ""
20011
20012
#: serverguide/C/installation.xml:343(para)
20013
msgid ""
20014
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20015
msgstr ""
20016
20017
#: serverguide/C/installation.xml:348(para)
20018
msgid ""
20019
"Manually select packages: Executes <application>apptitude</application> "
25012
#: serverguide/C/installation.xml:324(para)
25013
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
25014
msgstr ""
25015
25016
#: serverguide/C/installation.xml:329(para)
25017
msgid ""
25018
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
25019
msgstr ""
25020
25021
#: serverguide/C/installation.xml:334(para)
25022
msgid ""
25023
"Manually select packages: Executes <application>aptitude</application> "
20020
25024
"allowing you to individually select packages."
20021
25025
msgstr ""
20022
25026
20023
#: serverguide/C/installation.xml:353(para)
25027
#: serverguide/C/installation.xml:339(para)
20024
25028
msgid ""
20025
25029
"Installing the package groups is accomplished using the "
20026
"<application>tasksel</application> utility. One of the important difference "
25030
"<application>tasksel</application> utility. One of the important differences "
20027
25031
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20028
25032
"installed, a package is also configured to reasonable defaults, eventually "
20029
25033
"prompting you for additional required information. Likewise, when installing "
20031
25035
"a fully integrated service."
20032
25036
msgstr ""
20033
25037
20034
#: serverguide/C/installation.xml:360(para)
20035
msgid ""
20036
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20037
"<xref linkend=\"uec\"/>."
20038
msgstr ""
20039
20040
#: serverguide/C/installation.xml:363(para)
25038
#: serverguide/C/installation.xml:346(para)
20041
25039
msgid ""
20042
25040
"Once the installation process has finished you can view a list of available "
20043
25041
"tasks by entering the following from a terminal prompt:"
20044
25042
msgstr ""
20045
25043
20046
#: serverguide/C/installation.xml:368(command)
25044
#: serverguide/C/installation.xml:351(command)
20047
25045
msgid "tasksel --list-tasks"
20048
25046
msgstr ""
20049
25047
20050
#: serverguide/C/installation.xml:371(para)
25048
#: serverguide/C/installation.xml:354(para)
20051
25049
msgid ""
20052
25050
"The output will list tasks from other Ubuntu based distributions such as "
20053
25051
"Kubuntu and Edubuntu. Note that you can also invoke the "
20055
25053
"the different tasks available."
20056
25054
msgstr ""
20057
25055
20058
#: serverguide/C/installation.xml:377(para)
25056
#: serverguide/C/installation.xml:360(para)
20059
25057
msgid ""
20060
25058
"You can view a list of which packages are installed with each task using the "
20061
25059
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20063
25061
"following:"
20064
25062
msgstr ""
20065
25063
20066
#: serverguide/C/installation.xml:382(command)
25064
#: serverguide/C/installation.xml:365(command)
20067
25065
msgid "tasksel --task-packages dns-server"
20068
25066
msgstr ""
20069
25067
20070
#: serverguide/C/installation.xml:384(para)
25068
#: serverguide/C/installation.xml:367(para)
20071
25069
msgid "The output of the command should list:"
20072
25070
msgstr ""
20073
25071
20074
#: serverguide/C/installation.xml:387(programlisting)
25072
#: serverguide/C/installation.xml:370(programlisting)
20075
25073
#, no-wrap
20076
25074
msgid ""
20077
25075
"\n"
20080
25078
"bind9\n"
20081
25079
msgstr ""
20082
25080
20083
#: serverguide/C/installation.xml:392(para)
25081
#: serverguide/C/installation.xml:375(para)
20084
25082
msgid ""
20085
"Also, if you did not install one of the tasks during the installation "
20086
"process, but for example you decide to make your new LAMP server a DNS "
20087
"server as well. Simply insert the installation CD and from a terminal:"
25083
"If you did not install one of the tasks during the installation process, but "
25084
"for example you decide to make your new LAMP server a DNS server as well, "
25085
"simply insert the installation CD and from a terminal:"
20088
25086
msgstr ""
20089
25087
20090
#: serverguide/C/installation.xml:397(command)
25088
#: serverguide/C/installation.xml:380(command)
20091
25089
msgid "sudo tasksel install dns-server"
20092
25090
msgstr ""
20093
25091
20094
#: serverguide/C/installation.xml:402(title)
25092
#: serverguide/C/installation.xml:385(title)
20095
25093
msgid "Upgrading"
20096
25094
msgstr ""
20097
25095
20098
#: serverguide/C/installation.xml:403(para)
25096
#: serverguide/C/installation.xml:386(para)
20099
25097
msgid ""
20100
25098
"There are several ways to upgrade from one Ubuntu release to another. This "
20101
25099
"section gives an overview of the recommended upgrade method."
20102
25100
msgstr ""
20103
25101
20104
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
25102
#: serverguide/C/installation.xml:390(title) serverguide/C/installation.xml:405(command)
20105
25103
msgid "do-release-upgrade"
20106
25104
msgstr ""
20107
25105
20108
#: serverguide/C/installation.xml:408(para)
25106
#: serverguide/C/installation.xml:391(para)
20109
25107
msgid ""
20110
25108
"The recommended way to upgrade a Server Edition installation is to use the "
20111
25109
"<application>do-release-upgrade</application> utility. Part of the "
20113
25111
"graphical dependencies and is installed by default."
20114
25112
msgstr ""
20115
25113
20116
#: serverguide/C/installation.xml:413(para)
25114
#: serverguide/C/installation.xml:396(para)
20117
25115
msgid ""
20118
25116
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20119
25117
"upgrade</command>. However, using <application>do-release-"
20121
25119
"system configuration changes sometimes needed between releases."
20122
25120
msgstr ""
20123
25121
20124
#: serverguide/C/installation.xml:418(para)
25122
#: serverguide/C/installation.xml:401(para)
20125
25123
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20126
25124
msgstr ""
20127
25125
20128
#: serverguide/C/installation.xml:424(para)
25126
#: serverguide/C/installation.xml:407(para)
20129
25127
msgid ""
20130
25128
"It is also possible to use <application>do-release-upgrade</application> to "
20131
25129
"upgrade to a development version of Ubuntu. To accomplish this use the "
20132
25130
"<emphasis>-d</emphasis> switch:"
20133
25131
msgstr ""
20134
25132
20135
#: serverguide/C/installation.xml:429(command)
25133
#: serverguide/C/installation.xml:412(command)
20136
25134
msgid "do-release-upgrade -d"
20137
25135
msgstr ""
20138
25136
20139
#: serverguide/C/installation.xml:432(para)
25137
#: serverguide/C/installation.xml:415(para)
20140
25138
msgid ""
20141
25139
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20142
25140
"for production environments."
20143
25141
msgstr ""
20144
25142
20145
#: serverguide/C/installation.xml:439(title)
25143
#: serverguide/C/installation.xml:422(title)
20146
25144
msgid "Advanced Installation"
20147
25145
msgstr ""
20148
25146
20149
#: serverguide/C/installation.xml:442(title)
25147
#: serverguide/C/installation.xml:425(title)
20150
25148
msgid "Software RAID"
20151
25149
msgstr ""
20152
25150
20153
#: serverguide/C/installation.xml:444(para)
25151
#: serverguide/C/installation.xml:427(para)
20154
25152
msgid ""
20155
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20156
"the probability of catastrophic data loss in case of drive failure. RAID is "
20157
"implemented in either software (where the operating system knows about both "
20158
"drives and actively maintains both of them) or hardware (where a special "
20159
"controller makes the OS think there's only one drive and maintains the "
20160
"drives 'invisibly')."
25153
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
25154
"disks to provide different balances of increasing data reliability and/or "
25155
"increasing input/output performance, depending on the RAID level being used. "
25156
"RAID is implemented in either software (where the operating system knows "
25157
"about both drives and actively maintains both of them) or hardware (where a "
25158
"special controller makes the OS think there's only one drive and maintains "
25159
"the drives 'invisibly')."
20161
25160
msgstr ""
20162
25161
20163
#: serverguide/C/installation.xml:451(para)
25162
#: serverguide/C/installation.xml:435(para)
20164
25163
msgid ""
20165
25164
"The RAID software included with current versions of Linux (and Ubuntu) is "
20166
25165
"based on the <application>'mdadm'</application> driver and works very well, "
20170
25169
"another for <emphasis>swap</emphasis>."
20171
25170
msgstr ""
20172
25171
20173
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
25172
#: serverguide/C/installation.xml:445(para) serverguide/C/installation.xml:967(para)
20174
25173
msgid ""
20175
25174
"Follow the installation steps until you get to the <emphasis>Partition "
20176
25175
"disks</emphasis> step, then:"
20177
25176
msgstr ""
20178
25177
20179
#: serverguide/C/installation.xml:468(para)
25178
#: serverguide/C/installation.xml:452(para)
20180
25179
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20181
25180
msgstr ""
20182
25181
20183
#: serverguide/C/installation.xml:475(para)
25182
#: serverguide/C/installation.xml:459(para)
20184
25183
msgid ""
20185
25184
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20186
25185
"partition table on this device?\"</emphasis>."
20187
25186
msgstr ""
20188
25187
20189
#: serverguide/C/installation.xml:479(para)
25188
#: serverguide/C/installation.xml:463(para)
20190
25189
msgid ""
20191
25190
"Repeat this step for each drive you wish to be part of the RAID array."
20192
25191
msgstr ""
20193
25192
20194
#: serverguide/C/installation.xml:486(para)
25193
#: serverguide/C/installation.xml:470(para)
20195
25194
msgid ""
20196
25195
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20197
25196
"select <emphasis>\"Create a new partition\"</emphasis>."
20198
25197
msgstr ""
20199
25198
20200
#: serverguide/C/installation.xml:493(para)
25199
#: serverguide/C/installation.xml:477(para)
20201
25200
msgid ""
20202
25201
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20203
25202
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20205
25204
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20206
25205
msgstr ""
20207
25206
20208
#: serverguide/C/installation.xml:502(para)
25207
#: serverguide/C/installation.xml:484(para)
25208
msgid ""
25209
"A swap partition size of twice the available RAM capacity may not always be "
25210
"desirable, especially on systems with large amounts of RAM. Calculating the "
25211
"swap partition size for servers is highly dependent on how the system is "
25212
"going to be used."
25213
msgstr ""
25214
25215
#: serverguide/C/installation.xml:493(para)
20209
25216
msgid ""
20210
25217
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20211
25218
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20213
25220
"<emphasis>\"Done setting up partition\"</emphasis>."
20214
25221
msgstr ""
20215
25222
20216
#: serverguide/C/installation.xml:511(para)
25223
#: serverguide/C/installation.xml:502(para)
20217
25224
msgid ""
20218
25225
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20219
25226
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20220
25227
"partition\"</emphasis>."
20221
25228
msgstr ""
20222
25229
20223
#: serverguide/C/installation.xml:519(para)
25230
#: serverguide/C/installation.xml:510(para)
20224
25231
msgid ""
20225
25232
"Use the rest of the free space on the drive and choose "
20226
25233
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20227
25234
msgstr ""
20228
25235
20229
#: serverguide/C/installation.xml:526(para)
25236
#: serverguide/C/installation.xml:517(para)
20230
25237
msgid ""
20231
25238
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20232
25239
"at the top, changing it to <emphasis>\"physical volume for "
20235
25242
"<emphasis>\"Done setting up partition\"</emphasis>."
20236
25243
msgstr ""
20237
25244
20238
#: serverguide/C/installation.xml:536(para)
25245
#: serverguide/C/installation.xml:527(para)
20239
25246
msgid "Repeat steps three through eight for the other disk and partitions."
20240
25247
msgstr ""
20241
25248
20242
#: serverguide/C/installation.xml:545(title)
25249
#: serverguide/C/installation.xml:536(title)
20243
25250
msgid "RAID Configuration"
20244
25251
msgstr ""
20245
25252
20246
#: serverguide/C/installation.xml:547(para)
25253
#: serverguide/C/installation.xml:538(para)
20247
25254
msgid "With the partitions setup the arrays are ready to be configured:"
20248
25255
msgstr ""
20249
25256
20250
#: serverguide/C/installation.xml:554(para)
25257
#: serverguide/C/installation.xml:545(para)
20251
25258
msgid ""
20252
25259
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20253
25260
"Software RAID\"</emphasis> at the top."
20254
25261
msgstr ""
20255
25262
20256
#: serverguide/C/installation.xml:561(para)
25263
#: serverguide/C/installation.xml:552(para)
20257
25264
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20258
25265
msgstr ""
20259
25266
20260
#: serverguide/C/installation.xml:568(para)
25267
#: serverguide/C/installation.xml:559(para)
20261
25268
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20262
25269
msgstr ""
20263
25270
20264
#: serverguide/C/installation.xml:575(para)
25271
#: serverguide/C/installation.xml:566(para)
20265
25272
msgid ""
20266
25273
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20267
25274
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20268
25275
msgstr ""
20269
25276
20270
#: serverguide/C/installation.xml:581(para)
25277
#: serverguide/C/installation.xml:572(para)
20271
25278
msgid ""
20272
25279
"In order to use <emphasis>RAID5</emphasis> you need at least "
20273
25280
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20274
25281
"<emphasis>two</emphasis> drives are required."
20275
25282
msgstr ""
20276
25283
20277
#: serverguide/C/installation.xml:590(para)
25284
#: serverguide/C/installation.xml:581(para)
20278
25285
msgid ""
20279
25286
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20280
25287
"of hard drives you have, for the array. Then select "
20281
25288
"<emphasis>\"Continue\"</emphasis>."
20282
25289
msgstr ""
20283
25290
20284
#: serverguide/C/installation.xml:598(para)
25291
#: serverguide/C/installation.xml:589(para)
20285
25292
msgid ""
20286
25293
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20287
25294
"default, then choose <emphasis>\"Continue\"</emphasis>."
20288
25295
msgstr ""
20289
25296
20290
#: serverguide/C/installation.xml:605(para)
25297
#: serverguide/C/installation.xml:596(para)
20291
25298
msgid ""
20292
25299
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20293
25300
"etc. The numbers will usually match and the different letters correspond to "
20294
25301
"different hard drives."
20295
25302
msgstr ""
20296
25303
20297
#: serverguide/C/installation.xml:610(para)
25304
#: serverguide/C/installation.xml:601(para)
20298
25305
msgid ""
20299
25306
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20300
25307
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20301
25308
"go to the next step."
20302
25309
msgstr ""
20303
25310
20304
#: serverguide/C/installation.xml:618(para)
25311
#: serverguide/C/installation.xml:609(para)
20305
25312
msgid ""
20306
25313
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20307
25314
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20308
25315
"and <emphasis>sdb2</emphasis>."
20309
25316
msgstr ""
20310
25317
20311
#: serverguide/C/installation.xml:626(para)
25318
#: serverguide/C/installation.xml:617(para)
20312
25319
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20313
25320
msgstr ""
20314
25321
20315
#: serverguide/C/installation.xml:636(title)
25322
#: serverguide/C/installation.xml:627(title)
20316
25323
msgid "Formatting"
20317
25324
msgstr ""
20318
25325
20319
#: serverguide/C/installation.xml:638(para)
25326
#: serverguide/C/installation.xml:629(para)
20320
25327
msgid ""
20321
25328
"There should now be a list of hard drives and RAID devices. The next step is "
20322
25329
"to format and set the mount point for the RAID devices. Treat the RAID "
20323
25330
"device as a local hard drive, format and mount accordingly."
20324
25331
msgstr ""
20325
25332
20326
#: serverguide/C/installation.xml:646(para)
25333
#: serverguide/C/installation.xml:637(para)
20327
25334
msgid ""
20328
25335
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20329
25336
"#0\"</emphasis> partition."
20330
25337
msgstr ""
20331
25338
20332
#: serverguide/C/installation.xml:653(para)
25339
#: serverguide/C/installation.xml:644(para)
20333
25340
msgid ""
20334
25341
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20335
25342
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20336
25343
msgstr ""
20337
25344
20338
#: serverguide/C/installation.xml:661(para)
25345
#: serverguide/C/installation.xml:652(para)
20339
25346
msgid ""
20340
25347
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20341
25348
"#1\"</emphasis> partition."
20342
25349
msgstr ""
20343
25350
20344
#: serverguide/C/installation.xml:668(para)
25351
#: serverguide/C/installation.xml:659(para)
20345
25352
msgid ""
20346
25353
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20347
25354
"journaling file system\"</emphasis>."
20348
25355
msgstr ""
20349
25356
20350
#: serverguide/C/installation.xml:675(para)
25357
#: serverguide/C/installation.xml:666(para)
20351
25358
msgid ""
20352
25359
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20353
25360
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20355
25362
"partition\"</emphasis>."
20356
25363
msgstr ""
20357
25364
20358
#: serverguide/C/installation.xml:683(para)
25365
#: serverguide/C/installation.xml:674(para)
20359
25366
msgid ""
20360
25367
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20361
25368
"disk\"</emphasis>."
20362
25369
msgstr ""
20363
25370
20364
#: serverguide/C/installation.xml:690(para)
25371
#: serverguide/C/installation.xml:681(para)
20365
25372
msgid ""
20366
25373
"If you choose to place the root partition on a RAID array, the installer "
20367
25374
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20368
25375
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20369
25376
msgstr ""
20370
25377
20371
#: serverguide/C/installation.xml:695(para)
25378
#: serverguide/C/installation.xml:686(para)
20372
25379
msgid "The installation process will then continue normally."
20373
25380
msgstr ""
20374
25381
20375
#: serverguide/C/installation.xml:701(title)
25382
#: serverguide/C/installation.xml:692(title)
20376
25383
msgid "Degraded RAID"
20377
25384
msgstr ""
20378
25385
20379
#: serverguide/C/installation.xml:703(para)
25386
#: serverguide/C/installation.xml:694(para)
20380
25387
msgid ""
20381
25388
"At some point in the life of the computer a disk failure event may occur. "
20382
25389
"When this happens, using Software RAID, the operating system will place the "
20383
25390
"array into what is known as a <emphasis>degraded</emphasis> state."
20384
25391
msgstr ""
20385
25392
20386
#: serverguide/C/installation.xml:708(para)
25393
#: serverguide/C/installation.xml:699(para)
20387
25394
msgid ""
20388
25395
"If the array has become degraded, due to the chance of data corruption, by "
20389
25396
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20394
25401
"Booting to a degraded array can be configured several ways:"
20395
25402
msgstr ""
20396
25403
20397
#: serverguide/C/installation.xml:719(para)
25404
#: serverguide/C/installation.xml:710(para)
20398
25405
msgid ""
20399
25406
"The <application>dpkg-reconfigure</application> utility can be used to "
20400
25407
"configure the default behavior, and during the process you will be queried "
20403
25410
"following:"
20404
25411
msgstr ""
20405
25412
20406
#: serverguide/C/installation.xml:726(command)
25413
#: serverguide/C/installation.xml:717(command)
20407
25414
msgid "sudo dpkg-reconfigure mdadm"
20408
25415
msgstr ""
20409
25416
20410
#: serverguide/C/installation.xml:732(para)
25417
#: serverguide/C/installation.xml:723(para)
20411
25418
msgid ""
20412
25419
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20413
25420
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20415
25422
"behavior, and can also be manually edited:"
20416
25423
msgstr ""
20417
25424
20418
#: serverguide/C/installation.xml:738(programlisting)
25425
#: serverguide/C/installation.xml:729(programlisting)
20419
25426
#, no-wrap
20420
25427
msgid ""
20421
25428
"\n"
20422
25429
"BOOT_DEGRADED=true\n"
20423
25430
msgstr ""
20424
25431
20425
#: serverguide/C/installation.xml:743(para)
25432
#: serverguide/C/installation.xml:734(para)
20426
25433
msgid "The configuration file can be overridden by using a Kernel argument."
20427
25434
msgstr ""
20428
25435
20429
#: serverguide/C/installation.xml:751(para)
25436
#: serverguide/C/installation.xml:742(para)
20430
25437
msgid ""
20431
25438
"Using a Kernel argument will allow the system to boot to a degraded array as "
20432
25439
"well:"
20433
25440
msgstr ""
20434
25441
20435
#: serverguide/C/installation.xml:757(para)
25442
#: serverguide/C/installation.xml:748(para)
20436
25443
msgid ""
20437
25444
"When the server is booting press <keycap>Shift</keycap> to open the "
20438
25445
"<application>Grub</application> menu."
20439
25446
msgstr ""
20440
25447
20441
#: serverguide/C/installation.xml:762(para)
25448
#: serverguide/C/installation.xml:753(para)
20442
25449
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20443
25450
msgstr ""
20444
25451
20445
#: serverguide/C/installation.xml:767(para)
25452
#: serverguide/C/installation.xml:758(para)
20446
25453
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20447
25454
msgstr ""
20448
25455
20449
#: serverguide/C/installation.xml:772(para)
25456
#: serverguide/C/installation.xml:763(para)
20450
25457
msgid ""
20451
25458
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20452
25459
"end of the line."
20453
25460
msgstr ""
20454
25461
20455
#: serverguide/C/installation.xml:777(para)
25462
#: serverguide/C/installation.xml:768(para)
20456
25463
msgid ""
20457
25464
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20458
25465
"the system."
20459
25466
msgstr ""
20460
25467
20461
#: serverguide/C/installation.xml:786(para)
25468
#: serverguide/C/installation.xml:777(para)
20462
25469
msgid ""
20463
25470
"Once the system has booted you can either repair the array see <xref "
20464
25471
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20465
25472
"another machine due to major hardware failure."
20466
25473
msgstr ""
20467
25474
20468
#: serverguide/C/installation.xml:793(title)
25475
#: serverguide/C/installation.xml:784(title)
20469
25476
msgid "RAID Maintenance"
20470
25477
msgstr ""
20471
25478
20472
#: serverguide/C/installation.xml:795(para)
25479
#: serverguide/C/installation.xml:786(para)
20473
25480
msgid ""
20474
25481
"The <application>mdadm</application> utility can be used to view the status "
20475
25482
"of an array, add disks to an array, remove disks, etc:"
20476
25483
msgstr ""
20477
25484
20478
#: serverguide/C/installation.xml:802(para)
25485
#: serverguide/C/installation.xml:793(para)
20479
25486
msgid "To view the status of an array, from a terminal prompt enter:"
20480
25487
msgstr ""
20481
25488
20482
#: serverguide/C/installation.xml:806(command)
25489
#: serverguide/C/installation.xml:797(command)
20483
25490
msgid "sudo mdadm -D /dev/md0"
20484
25491
msgstr ""
20485
25492
20486
#: serverguide/C/installation.xml:809(para)
25493
#: serverguide/C/installation.xml:800(para)
20487
25494
msgid ""
20488
25495
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20489
25496
"display <emphasis>detailed</emphasis> information about the "
20491
25498
"with the appropriate RAID device."
20492
25499
msgstr ""
20493
25500
20494
#: serverguide/C/installation.xml:815(para)
25501
#: serverguide/C/installation.xml:806(para)
20495
25502
msgid "To view the status of a disk in an array:"
20496
25503
msgstr ""
20497
25504
20498
#: serverguide/C/installation.xml:819(command)
25505
#: serverguide/C/installation.xml:810(command)
20499
25506
msgid "sudo mdadm -E /dev/sda1"
20500
25507
msgstr ""
20501
25508
20502
#: serverguide/C/installation.xml:821(para)
25509
#: serverguide/C/installation.xml:812(para)
20503
25510
msgid ""
20504
25511
"The output if very similar to the <command>mdadm -D</command> command, "
20505
25512
"adjust <filename>/dev/sda1</filename> for each disk."
20506
25513
msgstr ""
20507
25514
20508
#: serverguide/C/installation.xml:826(para)
25515
#: serverguide/C/installation.xml:817(para)
20509
25516
msgid "If a disk fails and needs to be removed from an array enter:"
20510
25517
msgstr ""
20511
25518
20512
#: serverguide/C/installation.xml:830(command)
25519
#: serverguide/C/installation.xml:821(command)
20513
25520
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20514
25521
msgstr ""
20515
25522
20516
#: serverguide/C/installation.xml:832(para)
25523
#: serverguide/C/installation.xml:823(para)
20517
25524
msgid ""
20518
25525
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20519
25526
"the appropriate RAID device and disk."
20520
25527
msgstr ""
20521
25528
20522
#: serverguide/C/installation.xml:837(para)
25529
#: serverguide/C/installation.xml:828(para)
20523
25530
msgid "Similarly, to add a new disk:"
20524
25531
msgstr ""
20525
25532
20526
#: serverguide/C/installation.xml:841(command)
25533
#: serverguide/C/installation.xml:832(command)
20527
25534
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20528
25535
msgstr ""
20529
25536
20530
#: serverguide/C/installation.xml:846(para)
25537
#: serverguide/C/installation.xml:837(para)
20531
25538
msgid ""
20532
25539
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20533
25540
"though there is nothing physically wrong with the drive. It is usually "
20536
25543
"the array, it is a good indication of hardware failure."
20537
25544
msgstr ""
20538
25545
20539
#: serverguide/C/installation.xml:852(para)
25546
#: serverguide/C/installation.xml:843(para)
20540
25547
msgid ""
20541
25548
"The <filename>/proc/mdstat</filename> file also contains useful information "
20542
25549
"about the system's RAID devices:"
20543
25550
msgstr ""
20544
25551
20545
#: serverguide/C/installation.xml:857(command)
25552
#: serverguide/C/installation.xml:848(command)
20546
25553
msgid "cat /proc/mdstat"
20547
25554
msgstr ""
20548
25555
20549
#: serverguide/C/installation.xml:858(computeroutput)
25556
#: serverguide/C/installation.xml:849(computeroutput)
20550
25557
#, no-wrap
20551
25558
msgid ""
20552
25559
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20557
25564
"unused devices: <none>"
20558
25565
msgstr ""
20559
25566
20560
#: serverguide/C/installation.xml:865(para)
25567
#: serverguide/C/installation.xml:856(para)
20561
25568
msgid ""
20562
25569
"The following command is great for watching the status of a syncing drive:"
20563
25570
msgstr ""
20564
25571
20565
#: serverguide/C/installation.xml:870(command)
25572
#: serverguide/C/installation.xml:861(command)
20566
25573
msgid "watch -n1 cat /proc/mdstat"
20567
25574
msgstr ""
20568
25575
20569
#: serverguide/C/installation.xml:873(para)
25576
#: serverguide/C/installation.xml:864(para)
20570
25577
msgid ""
20571
25578
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20572
25579
"<application>watch</application> command."
20573
25580
msgstr ""
20574
25581
20575
#: serverguide/C/installation.xml:877(para)
25582
#: serverguide/C/installation.xml:868(para)
20576
25583
msgid ""
20577
25584
"If you do need to replace a faulty drive, after the drive has been replaced "
20578
25585
"and synced, <application>grub</application> will need to be installed. To "
20580
25587
"following:"
20581
25588
msgstr ""
20582
25589
20583
#: serverguide/C/installation.xml:883(command)
25590
#: serverguide/C/installation.xml:874(command)
20584
25591
msgid "sudo grub-install /dev/md0"
20585
25592
msgstr ""
20586
25593
20587
#: serverguide/C/installation.xml:886(para)
25594
#: serverguide/C/installation.xml:877(para)
20588
25595
msgid ""
20589
25596
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20590
25597
msgstr ""
20591
25598
20592
#: serverguide/C/installation.xml:894(para)
25599
#: serverguide/C/installation.xml:885(para)
20593
25600
msgid ""
20594
25601
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20595
25602
"can be configured. Please see the following links for more information:"
20596
25603
msgstr ""
20597
25604
20598
#: serverguide/C/installation.xml:901(para)
25605
#: serverguide/C/installation.xml:892(para)
20599
25606
msgid ""
20600
25607
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20601
25608
"Wiki Articles on RAID</ulink>."
20602
25609
msgstr ""
20603
25610
20604
#: serverguide/C/installation.xml:907(ulink)
25611
#: serverguide/C/installation.xml:898(ulink)
20605
25612
msgid "Software RAID HOWTO"
20606
25613
msgstr ""
20607
25614
20608
#: serverguide/C/installation.xml:912(ulink)
25615
#: serverguide/C/installation.xml:903(ulink)
20609
25616
msgid "Managing RAID on Linux"
20610
25617
msgstr ""
20611
25618
20612
#: serverguide/C/installation.xml:919(title)
25619
#: serverguide/C/installation.xml:910(title)
20613
25620
msgid "Logical Volume Manager (LVM)"
20614
25621
msgstr ""
20615
25622
20616
#: serverguide/C/installation.xml:921(para)
25623
#: serverguide/C/installation.xml:912(para)
20617
25624
msgid ""
20618
25625
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20619
25626
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20622
25629
"giving greater flexibility to systems as requirements change."
20623
25630
msgstr ""
20624
25631
20625
#: serverguide/C/installation.xml:930(para)
25632
#: serverguide/C/installation.xml:921(para)
20626
25633
msgid ""
20627
25634
"A side effect of LVM's power and flexibility is a greater degree of "
20628
25635
"complication. Before diving into the LVM installation process, it is best to "
20629
25636
"get familiar with some terms."
20630
25637
msgstr ""
20631
25638
20632
#: serverguide/C/installation.xml:937(para)
20633
msgid ""
20634
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20635
"Volumes (LV)."
20636
msgstr ""
20637
20638
#: serverguide/C/installation.xml:942(para)
25639
#: serverguide/C/installation.xml:928(para)
25640
msgid ""
25641
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
25642
"partition or software RAID partition formatted as LVM PV."
25643
msgstr ""
25644
25645
#: serverguide/C/installation.xml:934(para)
25646
msgid ""
25647
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
25648
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
25649
"disk drive, from which one or more logical volumes are carved."
25650
msgstr ""
25651
25652
#: serverguide/C/installation.xml:940(para)
20639
25653
msgid ""
20640
25654
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20641
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20642
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20643
msgstr ""
20644
20645
#: serverguide/C/installation.xml:948(para)
20646
msgid ""
20647
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20648
"RAID partition. The Volume Group can be extended by adding more PVs."
20649
msgstr ""
20650
20651
#: serverguide/C/installation.xml:959(para)
25655
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
25656
"etc), it is then available for mounting and data storage."
25657
msgstr ""
25658
25659
#: serverguide/C/installation.xml:951(para)
20652
25660
msgid ""
20653
25661
"As an example this section covers installing Ubuntu Server Edition with "
20654
25662
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20657
25665
"can be extended."
20658
25666
msgstr ""
20659
25667
20660
#: serverguide/C/installation.xml:965(para)
25668
#: serverguide/C/installation.xml:957(para)
20661
25669
msgid ""
20662
25670
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20663
25671
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20668
25676
"the Manual approach."
20669
25677
msgstr ""
20670
25678
20671
#: serverguide/C/installation.xml:982(para)
25679
#: serverguide/C/installation.xml:974(para)
20672
25680
msgid ""
20673
25681
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20674
25682
"<emphasis>\"Manual\"</emphasis>."
20675
25683
msgstr ""
20676
25684
20677
#: serverguide/C/installation.xml:989(para)
25685
#: serverguide/C/installation.xml:981(para)
20678
25686
msgid ""
20679
25687
"Select the hard disk and on the next screen choose \"yes\" to "
20680
25688
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20681
25689
msgstr ""
20682
25690
20683
#: serverguide/C/installation.xml:996(para)
25691
#: serverguide/C/installation.xml:988(para)
20684
25692
msgid ""
20685
25693
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20686
25694
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20687
25695
msgstr ""
20688
25696
20689
#: serverguide/C/installation.xml:1004(para)
25697
#: serverguide/C/installation.xml:996(para)
20690
25698
msgid ""
20691
25699
"For the LVM <emphasis>/srv</emphasis>, create a new "
20692
25700
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20694
25702
"<emphasis>\"Done setting up the partition\"</emphasis>."
20695
25703
msgstr ""
20696
25704
20697
#: serverguide/C/installation.xml:1012(para)
25705
#: serverguide/C/installation.xml:1004(para)
20698
25706
msgid ""
20699
25707
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20700
25708
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20701
25709
"disk."
20702
25710
msgstr ""
20703
25711
20704
#: serverguide/C/installation.xml:1020(para)
25712
#: serverguide/C/installation.xml:1012(para)
20705
25713
msgid ""
20706
25714
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20707
25715
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20710
25718
"<emphasis>\"Continue\"</emphasis>."
20711
25719
msgstr ""
20712
25720
20713
#: serverguide/C/installation.xml:1029(para)
25721
#: serverguide/C/installation.xml:1021(para)
20714
25722
msgid ""
20715
25723
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20716
25724
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20721
25729
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20722
25730
msgstr ""
20723
25731
20724
#: serverguide/C/installation.xml:1039(para)
25732
#: serverguide/C/installation.xml:1031(para)
20725
25733
msgid ""
20726
25734
"Now add a filesystem to the new LVM. Select the partition under "
20727
25735
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20730
25738
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20731
25739
msgstr ""
20732
25740
20733
#: serverguide/C/installation.xml:1048(para)
25741
#: serverguide/C/installation.xml:1040(para)
20734
25742
msgid ""
20735
25743
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20736
25744
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20737
25745
"the installation."
20738
25746
msgstr ""
20739
25747
20740
#: serverguide/C/installation.xml:1056(para)
25748
#: serverguide/C/installation.xml:1048(para)
20741
25749
msgid "There are some useful utilities to view information about LVM:"
20742
25750
msgstr ""
20743
25751
20744
#: serverguide/C/installation.xml:1061(para)
25752
#: serverguide/C/installation.xml:1053(para)
25753
msgid ""
25754
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
25755
msgstr ""
25756
25757
#: serverguide/C/installation.xml:1054(para)
20745
25758
msgid ""
20746
25759
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20747
25760
msgstr ""
20748
25761
25762
#: serverguide/C/installation.xml:1055(para)
25763
msgid ""
25764
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
25765
msgstr ""
25766
25767
#: serverguide/C/installation.xml:1060(title)
25768
msgid "Extending Volume Groups"
25769
msgstr ""
25770
20749
25771
#: serverguide/C/installation.xml:1062(para)
20750
25772
msgid ""
20751
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20752
msgstr ""
20753
20754
#: serverguide/C/installation.xml:1063(para)
20755
msgid ""
20756
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20757
"Physical Volumes."
20758
msgstr ""
20759
20760
#: serverguide/C/installation.xml:1068(title)
20761
msgid "Extending Volume Groups"
20762
msgstr ""
20763
20764
#: serverguide/C/installation.xml:1070(para)
20765
msgid ""
20766
25773
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20767
25774
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20768
25775
"adding it to the volume group (VG), extending the logical volume <filename "
20769
25776
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20770
"example assumes a second hard disk has been added to the system. This hard "
20771
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20772
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
25777
"example assumes a second hard disk has been added to the system. In this "
25778
"example, this hard disk will be named <filename>/dev/sdb</filename> and we "
25779
"will use the entire disk as a physical volume (you could choose to create "
25780
"partitions and use them as different physical volumes)"
25781
msgstr ""
25782
25783
#: serverguide/C/installation.xml:1070(para)
25784
msgid ""
25785
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
20773
25786
"before issuing the commands below. You could lose some data if you issue "
20774
"those commands on a non-empty disk. In our example we will use the entire "
20775
"disk as a physical volume (you could choose to create partitions and use "
20776
"them as different physical volumes)"
25787
"those commands on a non-empty disk."
20777
25788
msgstr ""
20778
25789
20779
#: serverguide/C/installation.xml:1082(para)
25790
#: serverguide/C/installation.xml:1078(para)
20780
25791
msgid "First, create the physical volume, in a terminal execute:"
20781
25792
msgstr ""
20782
25793
20783
#: serverguide/C/installation.xml:1087(command)
25794
#: serverguide/C/installation.xml:1083(command)
20784
25795
msgid "sudo pvcreate /dev/sdb"
20785
25796
msgstr ""
20786
25797
20787
#: serverguide/C/installation.xml:1093(para)
25798
#: serverguide/C/installation.xml:1089(para)
20788
25799
msgid "Now extend the Volume Group (VG):"
20789
25800
msgstr ""
20790
25801
20791
#: serverguide/C/installation.xml:1098(command)
25802
#: serverguide/C/installation.xml:1094(command)
20792
25803
msgid "sudo vgextend vg01 /dev/sdb"
20793
25804
msgstr ""
20794
25805
20795
#: serverguide/C/installation.xml:1104(para)
25806
#: serverguide/C/installation.xml:1100(para)
20796
25807
msgid ""
20797
25808
"Use <application>vgdisplay</application> to find out the free physical "
20798
25809
"extents - Free PE / size (the size you can allocate). We will assume a free "
20800
25811
"whole free space available. Use your own PE and/or free space."
20801
25812
msgstr ""
20802
25813
20803
#: serverguide/C/installation.xml:1110(para)
25814
#: serverguide/C/installation.xml:1106(para)
20804
25815
msgid ""
20805
25816
"The Logical Volume (LV) can now be extended by different methods, we will "
20806
25817
"only see how to use the PE to extend the LV:"
20807
25818
msgstr ""
20808
25819
20809
#: serverguide/C/installation.xml:1115(command)
25820
#: serverguide/C/installation.xml:1111(command)
20810
25821
msgid "sudo lvextend /dev/vg01/srv -l +511"
20811
25822
msgstr ""
20812
25823
20813
#: serverguide/C/installation.xml:1118(para)
25824
#: serverguide/C/installation.xml:1114(para)
20814
25825
msgid ""
20815
25826
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20816
25827
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20817
25828
"Gig, Tera, etc bytes."
20818
25829
msgstr ""
20819
25830
20820
#: serverguide/C/installation.xml:1126(para)
25831
#: serverguide/C/installation.xml:1122(para)
20821
25832
msgid ""
20822
25833
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20823
25834
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20826
25837
"first is compulsory)."
20827
25838
msgstr ""
20828
25839
20829
#: serverguide/C/installation.xml:1132(para)
25840
#: serverguide/C/installation.xml:1128(para)
20830
25841
msgid ""
20831
25842
"The following commands are for an <emphasis>EXT3</emphasis> or "
20832
25843
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20833
25844
"there may be other utilities available."
20834
25845
msgstr ""
20835
25846
20836
#: serverguide/C/installation.xml:1139(command)
25847
#: serverguide/C/installation.xml:1135(command)
20837
25848
msgid "sudo e2fsck -f /dev/vg01/srv"
20838
25849
msgstr ""
20839
25850
20840
#: serverguide/C/installation.xml:1142(para)
25851
#: serverguide/C/installation.xml:1138(para)
20841
25852
msgid ""
20842
25853
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20843
25854
"forces checking even if the system seems clean."
20844
25855
msgstr ""
20845
25856
20846
#: serverguide/C/installation.xml:1149(para)
25857
#: serverguide/C/installation.xml:1145(para)
20847
25858
msgid "Finally, resize the filesystem:"
20848
25859
msgstr ""
20849
25860
20850
#: serverguide/C/installation.xml:1154(command)
25861
#: serverguide/C/installation.xml:1150(command)
20851
25862
msgid "sudo resize2fs /dev/vg01/srv"
20852
25863
msgstr ""
20853
25864
20854
#: serverguide/C/installation.xml:1160(para)
25865
#: serverguide/C/installation.xml:1156(para)
20855
25866
msgid "Now mount the partition and check its size."
20856
25867
msgstr ""
20857
25868
20858
#: serverguide/C/installation.xml:1165(command)
25869
#: serverguide/C/installation.xml:1161(command)
20859
25870
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20860
25871
msgstr ""
20861
25872
20862
#: serverguide/C/installation.xml:1177(para)
25873
#: serverguide/C/installation.xml:1173(para)
20863
25874
msgid ""
20864
25875
"See the <ulink "
20865
25876
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20866
25877
"Articles</ulink>."
20867
25878
msgstr ""
20868
25879
20869
#: serverguide/C/installation.xml:1182(para)
25880
#: serverguide/C/installation.xml:1178(para)
20870
25881
msgid ""
20871
25882
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20872
25883
"HOWTO</ulink> for more information."
20873
25884
msgstr ""
20874
25885
20875
#: serverguide/C/installation.xml:1187(para)
25886
#: serverguide/C/installation.xml:1183(para)
20876
25887
msgid ""
20877
25888
"Another good article is <ulink "
20878
25889
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20880
25891
"linuxdevcenter.com site."
20881
25892
msgstr ""
20882
25893
20883
#: serverguide/C/installation.xml:1194(para)
25894
#: serverguide/C/installation.xml:1190(para)
20884
25895
msgid ""
20885
25896
"For more information on <application>fdisk</application> see the <ulink "
20886
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20887
"sk man page</ulink>."
25897
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/fdisk.8.html\">fdis"
25898
"k man page</ulink>."
25899
msgstr ""
25900
25901
#: serverguide/C/installation.xml:1201(title)
25902
msgid "Kernel Crash Dump"
25903
msgstr ""
25904
25905
#: serverguide/C/installation.xml:1208(para)
25906
msgid "Kernel Panic"
25907
msgstr ""
25908
25909
#: serverguide/C/installation.xml:1209(para)
25910
msgid "Non Maskable Interrupts (NMI)"
25911
msgstr ""
25912
25913
#: serverguide/C/installation.xml:1210(para)
25914
msgid "Machine Check Exceptions (MCE)"
25915
msgstr ""
25916
25917
#: serverguide/C/installation.xml:1211(para)
25918
msgid "Hardware failure"
25919
msgstr ""
25920
25921
#: serverguide/C/installation.xml:1212(para)
25922
msgid "Manual intervention"
25923
msgstr ""
25924
25925
#: serverguide/C/installation.xml:1204(para)
25926
msgid ""
25927
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
25928
"(RAM) that is copied to disk whenever the execution of the kernel is "
25929
"disrupted. The following events can cause a kernel disruption : <placeholder-"
25930
"1/> For some of those events (panic, NMI) the kernel will react "
25931
"automatically and trigger the crash dump mechanism through "
25932
"<emphasis>kexec</emphasis>. In other situations a manual intervention is "
25933
"required in order to capture the memory. Whenever one of the above events "
25934
"occurs, it is important to find out the root cause in order to prevent it "
25935
"from happening again. The cause can be determined by inspecting the copied "
25936
"memory contents."
25937
msgstr ""
25938
25939
#: serverguide/C/installation.xml:1221(title)
25940
msgid "Kernel Crash Dump Mechanism"
25941
msgstr ""
25942
25943
#: serverguide/C/installation.xml:1223(para)
25944
msgid ""
25945
"When a kernel panic occurs, the kernel relies on the "
25946
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
25947
"kernel in a pre-reserved section of memory that had been allocated when the "
25948
"system booted (see below). This permits the existing memory area to remain "
25949
"untouched in order to safely copy its contents to storage."
25950
msgstr ""
25951
25952
#: serverguide/C/installation.xml:1232(para)
25953
msgid ""
25954
"The kernel crash dump utility is installed with the following command:"
25955
msgstr ""
25956
25957
#: serverguide/C/installation.xml:1237(command)
25958
msgid "sudo apt-get install linux-crashdump"
25959
msgstr ""
25960
25961
#: serverguide/C/installation.xml:1240(para)
25962
msgid "A reboot is then needed."
25963
msgstr ""
25964
25965
#: serverguide/C/installation.xml:1248(para)
25966
msgid ""
25967
"No further configuration is required in order to have the kernel dump "
25968
"mechanism enabled."
25969
msgstr ""
25970
25971
#: serverguide/C/installation.xml:1257(para)
25972
msgid ""
25973
"To confirm that the kernel dump mechanism is enabled, there are a few things "
25974
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
25975
"parameter is present (note: The following line has been split into two to "
25976
"fit the format of this document:"
25977
msgstr ""
25978
25979
#: serverguide/C/installation.xml:1264(command)
25980
msgid "cat /proc/cmdline"
25981
msgstr ""
25982
25983
#: serverguide/C/installation.xml:1265(computeroutput)
25984
#, no-wrap
25985
msgid ""
25986
"\n"
25987
"BOOT_IMAGE=/vmlinuz-3.2.0-17-server root=/dev/mapper/PreciseS-root ro\n"
25988
" crashkernel=384M-2G:64M,2G-:128M\n"
25989
msgstr ""
25990
25991
#: serverguide/C/installation.xml:1273(programlisting)
25992
#, no-wrap
25993
msgid ""
25994
"\n"
25995
"crashkernel=<range1>:<size1>[,<range2>:<size2>,...][@"
25996
"offset]\n"
25997
" range=start-[end] 'start' is inclusive and 'end' is exclusive.\n"
25998
" "
25999
msgstr ""
26000
26001
#: serverguide/C/installation.xml:1271(para)
26002
msgid ""
26003
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
26004
"<placeholder-1/>"
26005
msgstr ""
26006
26007
#: serverguide/C/installation.xml:1281(programlisting)
26008
#, no-wrap
26009
msgid ""
26010
"\n"
26011
"crashkernel=384M-2G:64M,2G-:128M\n"
26012
msgstr ""
26013
26014
#: serverguide/C/installation.xml:1279(para)
26015
msgid ""
26016
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
26017
"we would have : <placeholder-1/>"
26018
msgstr ""
26019
26020
#: serverguide/C/installation.xml:1286(para)
26021
msgid "The above value means:"
26022
msgstr ""
26023
26024
#: serverguide/C/installation.xml:1288(para)
26025
msgid ""
26026
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
26027
"\"rescue\" case)"
26028
msgstr ""
26029
26030
#: serverguide/C/installation.xml:1290(para)
26031
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
26032
msgstr ""
26033
26034
#: serverguide/C/installation.xml:1291(para)
26035
msgid "if the RAM size is larger than 2G, then reserve 128M"
26036
msgstr ""
26037
26038
#: serverguide/C/installation.xml:1294(para)
26039
msgid ""
26040
"Second, verify that the kernel has reserved the requested memory area for "
26041
"the kdump kernel by doing:"
26042
msgstr ""
26043
26044
#: serverguide/C/installation.xml:1299(command)
26045
msgid "dmesg | grep -i crash"
26046
msgstr ""
26047
26048
#: serverguide/C/installation.xml:1300(computeroutput)
26049
#, no-wrap
26050
msgid ""
26051
"\n"
26052
"...\n"
26053
"[ 0.000000] Reserving 64MB of memory at 800MB for crashkernel (System "
26054
"RAM: 1023MB)\n"
26055
msgstr ""
26056
26057
#: serverguide/C/installation.xml:1309(title)
26058
msgid "Testing the Crash Dump Mechanism"
26059
msgstr ""
26060
26061
#: serverguide/C/installation.xml:1312(para)
26062
msgid ""
26063
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
26064
"reboot.</emphasis> In certain situations, this can cause data loss if the "
26065
"system is under heavy load. If you want to test the mechanism, make sure "
26066
"that the system is idle or under very light load."
26067
msgstr ""
26068
26069
#: serverguide/C/installation.xml:1319(para)
26070
msgid ""
26071
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
26072
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
26073
"parameter :"
26074
msgstr ""
26075
26076
#: serverguide/C/installation.xml:1325(command)
26077
msgid "cat /proc/sys/kernel/sysrq"
26078
msgstr ""
26079
26080
#: serverguide/C/installation.xml:1328(para)
26081
msgid ""
26082
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
26083
"Enable it with the following command :"
26084
msgstr ""
26085
26086
#: serverguide/C/installation.xml:1333(command)
26087
msgid "sudo sysctl -w kernel.sysrq=1"
26088
msgstr ""
26089
26090
#: serverguide/C/installation.xml:1336(para)
26091
msgid ""
26092
"Once this is done, you must become root, as just using "
26093
"<command>sudo</command> will not be sufficient. As the "
26094
"<emphasis>root</emphasis> user, you will have to issue the command "
26095
"<command>echo c > /proc/sysrq-trigger</command>. If you are using a "
26096
"network connection, you will lose contact with the system. This is why it is "
26097
"better to do the test while being connected to the system console. This has "
26098
"the advantage of making the kernel dump process visible."
26099
msgstr ""
26100
26101
#: serverguide/C/installation.xml:1343(para)
26102
msgid "A typical test output should look like the following :"
26103
msgstr ""
26104
26105
#: serverguide/C/installation.xml:1348(command)
26106
msgid "sudo -s"
26107
msgstr ""
26108
26109
#: serverguide/C/installation.xml:1350(command)
26110
msgid "echo c > /proc/sysrq-trigger"
26111
msgstr ""
26112
26113
#: serverguide/C/installation.xml:1347(screen)
26114
#, no-wrap
26115
msgid ""
26116
"\n"
26117
"<placeholder-1/>\n"
26118
"[sudo] password for ubuntu: \n"
26119
"# <placeholder-2/>\n"
26120
"[ 31.659002] SysRq : Trigger a crash\n"
26121
"[ 31.659749] BUG: unable to handle kernel NULL pointer dereference at "
26122
" (null)\n"
26123
"[ 31.662668] IP: [<ffffffff8139f166>] sysrq_handle_crash+0x16/0x20\n"
26124
"[ 31.662668] PGD 3bfb9067 PUD 368a7067 PMD 0 \n"
26125
"[ 31.662668] Oops: 0002 [#1] SMP \n"
26126
"[ 31.662668] CPU 1 \n"
26127
"....\n"
26128
msgstr ""
26129
26130
#: serverguide/C/installation.xml:1360(para)
26131
msgid ""
26132
"The rest of the output is truncated, but you should see the system rebooting "
26133
"and somewhere in the log, you will see the following line : <screen>Begin: "
26134
"Saving vmcore from kernel crash ...</screen> Once completed, the system will "
26135
"reboot to its normal operational mode. You will then find Kernel Crash Dump "
26136
"file in the <filename>/var/crash</filename> directory :"
26137
msgstr ""
26138
26139
#: serverguide/C/installation.xml:1367(command)
26140
msgid "ls /var/crash"
26141
msgstr ""
26142
26143
#: serverguide/C/installation.xml:1366(screen)
26144
#, no-wrap
26145
msgid ""
26146
"\n"
26147
"<placeholder-1/>\n"
26148
"linux-image-3.0.0-12-server.0.crash\n"
26149
msgstr ""
26150
26151
#: serverguide/C/installation.xml:1376(para)
26152
msgid ""
26153
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
26154
"kernel. You can find more information on the topic here :"
26155
msgstr ""
26156
26157
#: serverguide/C/installation.xml:1382(para)
26158
msgid ""
26159
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
26160
"kernel documentation</ulink>."
26161
msgstr ""
26162
26163
#: serverguide/C/installation.xml:1388(ulink)
26164
msgid "The crash tool"
26165
msgstr ""
26166
26167
#: serverguide/C/installation.xml:1392(para)
26168
msgid ""
26169
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
26170
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
26171
"still gives a good walkthrough of kernel dump analysis)"
20888
26172
msgstr ""
20889
26173
20890
26174
#: serverguide/C/file-server.xml:13(title)
20904
26188
20905
26189
#: serverguide/C/file-server.xml:24(para)
20906
26190
msgid ""
20907
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20908
"files between computers. FTP works on a client/server model. The server "
20909
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20910
"listens for FTP requests from remote clients. When a request is received, it "
20911
"manages the login and sets up the connection. For the duration of the "
20912
"session it executes any of commands sent by the FTP client."
26191
"File Transfer Protocol (FTP) is a TCP protocol for downloading files between "
26192
"computers. In the past, it has also been used for uploading but, as that "
26193
"method does not use encryption, user credentials as well as data transferred "
26194
"in the clear and are easily intercepted. So if you are here looking for a "
26195
"way to upload and download files securely, see the section on "
26196
"<application>OpenSSH</application> in <xref linkend=\"remote-"
26197
"administration\"/> instead."
20913
26198
msgstr ""
20914
26199
20915
26200
#: serverguide/C/file-server.xml:33(para)
26201
msgid ""
26202
"FTP works on a client/server model. The server component is called an "
26203
"<emphasis>FTP daemon</emphasis>. It continuously listens for FTP requests "
26204
"from remote clients. When a request is received, it manages the login and "
26205
"sets up the connection. For the duration of the session it executes any of "
26206
"commands sent by the FTP client."
26207
msgstr ""
26208
26209
#: serverguide/C/file-server.xml:42(para)
20916
26210
msgid "Access to an FTP server can be managed in two ways:"
20917
26211
msgstr ""
20918
26212
20919
#: serverguide/C/file-server.xml:37(para)
26213
#: serverguide/C/file-server.xml:46(para)
20920
26214
msgid "Anonymous"
20921
26215
msgstr ""
20922
26216
20923
#: serverguide/C/file-server.xml:40(para)
26217
#: serverguide/C/file-server.xml:49(para)
20924
26218
msgid "Authenticated"
20925
26219
msgstr ""
20926
26220
20927
#: serverguide/C/file-server.xml:43(para)
26221
#: serverguide/C/file-server.xml:52(para)
20928
26222
msgid ""
20929
26223
"In the Anonymous mode, remote clients can access the FTP server by using the "
20930
26224
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20931
26225
"address as the password. In the Authenticated mode a user must have an "
20932
"account and a password. User access to the FTP server directories and files "
20933
"is dependent on the permissions defined for the account used at login. As a "
20934
"general rule, the FTP daemon will hide the root directory of the FTP server "
20935
"and change it to the FTP Home directory. This hides the rest of the file "
20936
"system from remote sessions."
26226
"account and a password. This latter choice is very insecure and should not "
26227
"be used except in special circumstances. If you are looking to transfer "
26228
"files securely see SFTP in the section on OpenSSH-Server. User access to the "
26229
"FTP server directories and files is dependent on the permissions defined for "
26230
"the account used at login. As a general rule, the FTP daemon will hide the "
26231
"root directory of the FTP server and change it to the FTP Home directory. "
26232
"This hides the rest of the file system from remote sessions."
20937
26233
msgstr ""
20938
26234
20939
#: serverguide/C/file-server.xml:55(title)
26235
#: serverguide/C/file-server.xml:70(title)
20940
26236
msgid "vsftpd - FTP Server Installation"
20941
26237
msgstr ""
20942
26238
20943
#: serverguide/C/file-server.xml:57(para)
26239
#: serverguide/C/file-server.xml:72(para)
20944
26240
msgid ""
20945
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20946
"and maintain. To install <application>vsftpd</application> you can run the "
20947
"following command:"
26241
"<application>vsftpd</application> is an FTP daemon available in Ubuntu. It "
26242
"is easy to install, set up, and maintain. To install "
26243
"<application>vsftpd</application> you can run the following command:"
20948
26244
msgstr ""
20949
26245
20950
#: serverguide/C/file-server.xml:65(command)
26246
#: serverguide/C/file-server.xml:80(command)
20951
26247
msgid "sudo apt-get install vsftpd"
20952
26248
msgstr ""
20953
26249
20954
#: serverguide/C/file-server.xml:71(title)
26250
#: serverguide/C/file-server.xml:86(title)
20955
26251
msgid "Anonymous FTP Configuration"
20956
26252
msgstr ""
20957
26253
20958
#: serverguide/C/file-server.xml:73(para)
20959
msgid ""
20960
"By default <application>vsftpd</application> is configured to only allow "
20961
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20962
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20963
"default FTP directory."
20964
msgstr ""
20965
20966
#: serverguide/C/file-server.xml:80(para)
20967
msgid ""
20968
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20969
"example, simply create a directory in another location and change the "
26254
#: serverguide/C/file-server.xml:88(para)
26255
msgid ""
26256
"By default <application>vsftpd</application> is <emphasis>not</emphasis> "
26257
"configured to allow anonymous download. If you wish to enable anonymous "
26258
"download edit <filename>/etc/vsftpd.conf</filename> by changing:"
26259
msgstr ""
26260
26261
#: serverguide/C/file-server.xml:93(programlisting)
26262
#, no-wrap
26263
msgid ""
26264
"\n"
26265
"anonymous_enable=Yes\n"
26266
msgstr ""
26267
26268
#: serverguide/C/file-server.xml:97(para)
26269
msgid ""
26270
"During installation a <emphasis>ftp</emphasis> user is created with a home "
26271
"directory of <filename>/srv/ftp</filename>. This is the default FTP "
26272
"directory."
26273
msgstr ""
26274
26275
#: serverguide/C/file-server.xml:102(para)
26276
msgid ""
26277
"If you wish to change this location, to <filename>/srv/files/ftp</filename> "
26278
"for example, simply create a directory in another location and change the "
20970
26279
"<emphasis>ftp</emphasis> user's home directory:"
20971
26280
msgstr ""
20972
26281
20973
#: serverguide/C/file-server.xml:87(command)
20974
msgid "sudo mkdir /srv/ftp"
20975
msgstr ""
20976
20977
#: serverguide/C/file-server.xml:88(command)
20978
msgid "sudo usermod -d /srv/ftp ftp"
20979
msgstr ""
20980
20981
#: serverguide/C/file-server.xml:91(para)
26282
#: serverguide/C/file-server.xml:109(command)
26283
msgid "sudo mkdir /srv/files/ftp"
26284
msgstr ""
26285
26286
#: serverguide/C/file-server.xml:110(command)
26287
msgid "sudo usermod -d /srv/files/ftp ftp"
26288
msgstr ""
26289
26290
#: serverguide/C/file-server.xml:113(para)
20982
26291
msgid "After making the change restart <application>vsftpd</application>:"
20983
26292
msgstr ""
20984
26293
20985
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20986
msgid "sudo /etc/init.d/vsftpd restart"
26294
#: serverguide/C/file-server.xml:118(command) serverguide/C/file-server.xml:146(command) serverguide/C/file-server.xml:211(command) serverguide/C/file-server.xml:260(command)
26295
msgid "sudo restart vsftpd"
20987
26296
msgstr ""
20988
26297
20989
#: serverguide/C/file-server.xml:99(para)
26298
#: serverguide/C/file-server.xml:121(para)
20990
26299
msgid ""
20991
26300
"Finally, copy any files and directories you would like to make available "
20992
"through anonymous FTP to <filename>/srv/ftp</filename>."
26301
"through anonymous FTP to <filename>/srv/files/ftp</filename>, or "
26302
"<filename>/srv/ftp</filename> if you wish to use the default."
20993
26303
msgstr ""
20994
26304
20995
#: serverguide/C/file-server.xml:106(title)
26305
#: serverguide/C/file-server.xml:129(title)
20996
26306
msgid "User Authenticated FTP Configuration"
20997
26307
msgstr ""
20998
26308
20999
#: serverguide/C/file-server.xml:108(para)
26309
#: serverguide/C/file-server.xml:131(para)
21000
26310
msgid ""
21001
"To configure <application>vsftpd</application> to authenticate system users "
21002
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
26311
"By default <application>vsftpd</application> is configured to authenticate "
26312
"system users and allow them to download files. If you want users to be able "
26313
"to upload files, edit <filename>/etc/vsftpd.conf</filename>:"
21003
26314
msgstr ""
21004
26315
21005
#: serverguide/C/file-server.xml:114(programlisting)
26316
#: serverguide/C/file-server.xml:137(programlisting)
21006
26317
#, no-wrap
21007
26318
msgid ""
21008
26319
"\n"
21009
"local_enable=YES\n"
21010
26320
"write_enable=YES\n"
21011
26321
msgstr ""
21012
26322
21013
#: serverguide/C/file-server.xml:119(para)
26323
#: serverguide/C/file-server.xml:141(para)
21014
26324
msgid "Now restart <application>vsftpd</application>:"
21015
26325
msgstr ""
21016
26326
21017
#: serverguide/C/file-server.xml:127(para)
26327
#: serverguide/C/file-server.xml:149(para)
21018
26328
msgid ""
21019
26329
"Now when system users login to FTP they will start in their "
21020
26330
"<emphasis>home</emphasis> directories where they can download, upload, "
21021
26331
"create directories, etc."
21022
26332
msgstr ""
21023
26333
21024
#: serverguide/C/file-server.xml:133(para)
26334
#: serverguide/C/file-server.xml:155(para)
21025
26335
msgid ""
21026
"Similarly, by default, the anonymous users are not allowed to upload files "
21027
"to FTP server. To change this setting, you should uncomment the following "
21028
"line, and restart <application>vsftpd</application>:"
26336
"Similarly, by default, anonymous users are not allowed to upload files to "
26337
"FTP server. To change this setting, you should uncomment the following line, "
26338
"and restart <application>vsftpd</application>:"
21029
26339
msgstr ""
21030
26340
21031
#: serverguide/C/file-server.xml:140(programlisting)
26341
#: serverguide/C/file-server.xml:162(programlisting)
21032
26342
#, no-wrap
21033
26343
msgid ""
21034
26344
"\n"
21035
26345
"anon_upload_enable=YES\n"
21036
26346
msgstr ""
21037
26347
21038
#: serverguide/C/file-server.xml:145(para)
26348
#: serverguide/C/file-server.xml:167(para)
21039
26349
msgid ""
21040
26350
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21041
26351
"not enable anonymous upload on servers accessed directly from the Internet."
21042
26352
msgstr ""
21043
26353
21044
#: serverguide/C/file-server.xml:151(para)
26354
#: serverguide/C/file-server.xml:173(para)
21045
26355
msgid ""
21046
26356
"The configuration file consists of many configuration parameters. The "
21047
26357
"information about each parameter is available in the configuration file. "
21049
26359
"vsftpd.conf</command> for details of each parameter."
21050
26360
msgstr ""
21051
26361
21052
#: serverguide/C/file-server.xml:162(title)
26362
#: serverguide/C/file-server.xml:184(title)
21053
26363
msgid "Securing FTP"
21054
26364
msgstr ""
21055
26365
21056
#: serverguide/C/file-server.xml:164(para)
26366
#: serverguide/C/file-server.xml:186(para)
21057
26367
msgid ""
21058
26368
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21059
26369
"<application>vsftpd</application> more secure. For example users can be "
21060
26370
"limited to their home directories by uncommenting:"
21061
26371
msgstr ""
21062
26372
21063
#: serverguide/C/file-server.xml:170(programlisting)
26373
#: serverguide/C/file-server.xml:192(programlisting)
21064
26374
#, no-wrap
21065
26375
msgid ""
21066
26376
"\n"
21067
26377
"chroot_local_user=YES\n"
21068
26378
msgstr ""
21069
26379
21070
#: serverguide/C/file-server.xml:174(para)
26380
#: serverguide/C/file-server.xml:196(para)
21071
26381
msgid ""
21072
26382
"You can also limit a specific list of users to just their home directories:"
21073
26383
msgstr ""
21074
26384
21075
#: serverguide/C/file-server.xml:178(programlisting)
26385
#: serverguide/C/file-server.xml:200(programlisting)
21076
26386
#, no-wrap
21077
26387
msgid ""
21078
26388
"\n"
21080
26390
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21081
26391
msgstr ""
21082
26392
21083
#: serverguide/C/file-server.xml:183(para)
26393
#: serverguide/C/file-server.xml:205(para)
21084
26394
msgid ""
21085
26395
"After uncommenting the above options, create a "
21086
26396
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21087
26397
"per line. Then restart <application>vsftpd</application>:"
21088
26398
msgstr ""
21089
26399
21090
#: serverguide/C/file-server.xml:192(para)
26400
#: serverguide/C/file-server.xml:214(para)
21091
26401
msgid ""
21092
26402
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21093
26403
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21095
26405
"add them to the list."
21096
26406
msgstr ""
21097
26407
21098
#: serverguide/C/file-server.xml:199(para)
26408
#: serverguide/C/file-server.xml:221(para)
21099
26409
msgid ""
21100
26410
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21101
26411
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21104
26414
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21105
26415
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21106
26416
"with a shell may not be ideal for some environments, such as a shared web "
21107
"host."
26417
"host. However, it is possible to restrict such accounts to only SFTP and "
26418
"disable shell interaction. See the section on OpenSSH-Server for more."
21108
26419
msgstr ""
21109
26420
21110
#: serverguide/C/file-server.xml:208(para)
26421
#: serverguide/C/file-server.xml:231(para)
21111
26422
msgid ""
21112
26423
"To configure <emphasis>FTPS</emphasis>, edit "
21113
26424
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21114
26425
msgstr ""
21115
26426
21116
#: serverguide/C/file-server.xml:212(programlisting)
26427
#: serverguide/C/file-server.xml:235(programlisting)
21117
26428
#, no-wrap
21118
26429
msgid ""
21119
26430
"\n"
21120
26431
"ssl_enable=Yes\n"
21121
26432
msgstr ""
21122
26433
21123
#: serverguide/C/file-server.xml:216(para)
26434
#: serverguide/C/file-server.xml:239(para)
21124
26435
msgid "Also, notice the certificate and key related options:"
21125
26436
msgstr ""
21126
26437
21127
#: serverguide/C/file-server.xml:220(programlisting)
26438
#: serverguide/C/file-server.xml:243(programlisting)
21128
26439
#, no-wrap
21129
26440
msgid ""
21130
26441
"\n"
21132
26443
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21133
26444
msgstr ""
21134
26445
21135
#: serverguide/C/file-server.xml:225(para)
26446
#: serverguide/C/file-server.xml:248(para)
21136
26447
msgid ""
21137
"By default these options are set the certificate and key provided by the "
26448
"By default these options are set to the certificate and key provided by the "
21138
26449
"<application>ssl-cert</application> package. In a production environment "
21139
26450
"these should be replaced with a certificate and key generated for the "
21140
26451
"specific host. For more information on certificates see <xref "
21141
26452
"linkend=\"certificates-and-security\"/>."
21142
26453
msgstr ""
21143
26454
21144
#: serverguide/C/file-server.xml:231(para)
26455
#: serverguide/C/file-server.xml:254(para)
21145
26456
msgid ""
21146
26457
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21147
26458
"be forced to use <emphasis>FTPS</emphasis>:"
21148
26459
msgstr ""
21149
26460
21150
#: serverguide/C/file-server.xml:240(para)
26461
#: serverguide/C/file-server.xml:263(para)
21151
26462
msgid ""
21152
26463
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21153
26464
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21154
26465
"adding the <emphasis>nologin</emphasis> shell:"
21155
26466
msgstr ""
21156
26467
21157
#: serverguide/C/file-server.xml:245(programlisting)
26468
#: serverguide/C/file-server.xml:268(programlisting)
21158
26469
#, no-wrap
21159
26470
msgid ""
21160
26471
"\n"
21175
26486
"/usr/sbin/nologin\n"
21176
26487
msgstr ""
21177
26488
21178
#: serverguide/C/file-server.xml:263(para)
26489
#: serverguide/C/file-server.xml:286(para)
21179
26490
msgid ""
21180
26491
"This is necessary because, by default <application>vsftpd</application> uses "
21181
26492
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21182
26493
"configuration file contains:"
21183
26494
msgstr ""
21184
26495
21185
#: serverguide/C/file-server.xml:268(programlisting)
26496
#: serverguide/C/file-server.xml:291(programlisting)
21186
26497
#, no-wrap
21187
26498
msgid ""
21188
26499
"\n"
21189
26500
"auth required pam_shells.so\n"
21190
26501
msgstr ""
21191
26502
21192
#: serverguide/C/file-server.xml:272(para)
26503
#: serverguide/C/file-server.xml:295(para)
21193
26504
msgid ""
21194
26505
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21195
26506
"in the <filename>/etc/shells</filename> file."
21196
26507
msgstr ""
21197
26508
21198
#: serverguide/C/file-server.xml:277(para)
26509
#: serverguide/C/file-server.xml:300(para)
21199
26510
msgid ""
21200
"Most popular FTP clients can be configured connect using FTPS. The "
26511
"Most popular FTP clients can be configured to connect using FTPS. The "
21201
26512
"<application>lftp</application> command line FTP client has the ability to "
21202
26513
"use FTPS as well."
21203
26514
msgstr ""
21204
26515
21205
#: serverguide/C/file-server.xml:288(para)
26516
#: serverguide/C/file-server.xml:311(para)
21206
26517
msgid ""
21207
26518
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21208
26519
"website</ulink> for more information."
21209
26520
msgstr ""
21210
26521
21211
#: serverguide/C/file-server.xml:293(para)
26522
#: serverguide/C/file-server.xml:316(para)
21212
26523
msgid ""
21213
26524
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21214
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
26525
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/vsftpd.conf.5.html"
21215
26526
"\">vsftpd.conf man page</ulink>."
21216
26527
msgstr ""
21217
26528
21218
#: serverguide/C/file-server.xml:299(para)
21219
msgid ""
21220
"The CodeGurus article <ulink "
21221
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21222
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21223
"contrasting FTPS and SFTP."
21224
msgstr ""
21225
21226
#: serverguide/C/file-server.xml:305(para)
21227
msgid ""
21228
"Also, for more information see the <ulink "
21229
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21230
"page."
21231
msgstr ""
21232
21233
#: serverguide/C/file-server.xml:315(title)
26529
#: serverguide/C/file-server.xml:327(title)
21234
26530
msgid "Network File System (NFS)"
21235
26531
msgstr ""
21236
26532
21237
#: serverguide/C/file-server.xml:316(para)
26533
#: serverguide/C/file-server.xml:328(para)
21238
26534
msgid ""
21239
26535
"NFS allows a system to share directories and files with others over a "
21240
26536
"network. By using NFS, users and programs can access files on remote systems "
21241
26537
"almost as if they were local files."
21242
26538
msgstr ""
21243
26539
21244
#: serverguide/C/file-server.xml:322(para)
26540
#: serverguide/C/file-server.xml:334(para)
21245
26541
msgid "Some of the most notable benefits that NFS can provide are:"
21246
26542
msgstr ""
21247
26543
21248
#: serverguide/C/file-server.xml:328(para)
26544
#: serverguide/C/file-server.xml:340(para)
21249
26545
msgid ""
21250
26546
"Local workstations use less disk space because commonly used data can be "
21251
26547
"stored on a single machine and still remain accessible to others over the "
21252
26548
"network."
21253
26549
msgstr ""
21254
26550
21255
#: serverguide/C/file-server.xml:333(para)
26551
#: serverguide/C/file-server.xml:345(para)
21256
26552
msgid ""
21257
26553
"There is no need for users to have separate home directories on every "
21258
26554
"network machine. Home directories could be set up on the NFS server and made "
21259
26555
"available throughout the network."
21260
26556
msgstr ""
21261
26557
21262
#: serverguide/C/file-server.xml:339(para)
26558
#: serverguide/C/file-server.xml:351(para)
21263
26559
msgid ""
21264
26560
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21265
26561
"be used by other machines on the network. This may reduce the number of "
21266
26562
"removable media drives throughout the network."
21267
26563
msgstr ""
21268
26564
21269
#: serverguide/C/file-server.xml:349(para)
26565
#: serverguide/C/file-server.xml:361(para)
21270
26566
msgid ""
21271
26567
"At a terminal prompt enter the following command to install the NFS Server:"
21272
26568
msgstr ""
21273
26569
21274
#: serverguide/C/file-server.xml:355(command)
26570
#: serverguide/C/file-server.xml:367(command)
21275
26571
msgid "sudo apt-get install nfs-kernel-server"
21276
26572
msgstr ""
21277
26573
21278
#: serverguide/C/file-server.xml:361(para)
26574
#: serverguide/C/file-server.xml:373(para)
21279
26575
msgid ""
21280
26576
"You can configure the directories to be exported by adding them to the "
21281
26577
"<filename>/etc/exports</filename> file. For example:"
21282
26578
msgstr ""
21283
26579
21284
#: serverguide/C/file-server.xml:366(screen)
26580
#: serverguide/C/file-server.xml:378(screen)
21285
26581
#, no-wrap
21286
26582
msgid ""
21287
26583
"\n"
21289
26585
"/home *(rw,sync,no_root_squash)\n"
21290
26586
msgstr ""
21291
26587
21292
#: serverguide/C/file-server.xml:372(para)
26588
#: serverguide/C/file-server.xml:384(para)
21293
26589
msgid ""
21294
26590
"You can replace * with one of the hostname formats. Make the hostname "
21295
26591
"declaration as specific as possible so unwanted systems cannot access the "
21296
26592
"NFS mount."
21297
26593
msgstr ""
21298
26594
21299
#: serverguide/C/file-server.xml:378(para)
26595
#: serverguide/C/file-server.xml:390(para)
21300
26596
msgid ""
21301
26597
"To start the NFS server, you can run the following command at a terminal "
21302
26598
"prompt:"
21303
26599
msgstr ""
21304
26600
21305
#: serverguide/C/file-server.xml:383(command)
26601
#: serverguide/C/file-server.xml:395(command)
21306
26602
msgid "sudo /etc/init.d/nfs-kernel-server start"
21307
26603
msgstr ""
21308
26604
21309
#: serverguide/C/file-server.xml:388(title)
26605
#: serverguide/C/file-server.xml:400(title)
21310
26606
msgid "NFS Client Configuration"
21311
26607
msgstr ""
21312
26608
21313
#: serverguide/C/file-server.xml:389(para)
26609
#: serverguide/C/file-server.xml:401(para)
21314
26610
msgid ""
21315
26611
"Use the <application>mount</application> command to mount a shared NFS "
21316
26612
"directory from another machine, by typing a command line similar to the "
21317
26613
"following at a terminal prompt:"
21318
26614
msgstr ""
21319
26615
21320
#: serverguide/C/file-server.xml:395(command)
26616
#: serverguide/C/file-server.xml:407(command)
21321
26617
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21322
26618
msgstr ""
21323
26619
21324
#: serverguide/C/file-server.xml:399(para)
26620
#: serverguide/C/file-server.xml:411(para)
21325
26621
msgid ""
21326
26622
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21327
26623
"There should be no files or subdirectories in the "
21328
26624
"<filename>/local/ubuntu</filename> directory."
21329
26625
msgstr ""
21330
26626
21331
#: serverguide/C/file-server.xml:406(para)
26627
#: serverguide/C/file-server.xml:418(para)
21332
26628
msgid ""
21333
26629
"An alternate way to mount an NFS share from another machine is to add a line "
21334
26630
"to the <filename>/etc/fstab</filename> file. The line must state the "
21336
26632
"the directory on the local machine where the NFS share is to be mounted."
21337
26633
msgstr ""
21338
26634
21339
#: serverguide/C/file-server.xml:414(para)
26635
#: serverguide/C/file-server.xml:426(para)
21340
26636
msgid ""
21341
26637
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21342
26638
"as follows:"
21343
26639
msgstr ""
21344
26640
21345
#: serverguide/C/file-server.xml:420(programlisting)
26641
#: serverguide/C/file-server.xml:432(programlisting)
21346
26642
#, no-wrap
21347
26643
msgid ""
21348
26644
"\n"
21350
26646
"rsize=8192,wsize=8192,timeo=14,intr\n"
21351
26647
msgstr ""
21352
26648
21353
#: serverguide/C/file-server.xml:424(para)
26649
#: serverguide/C/file-server.xml:436(para)
21354
26650
msgid ""
21355
26651
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21356
26652
"common</application> package is installed on your client. To install "
21360
26656
"</screen>"
21361
26657
msgstr ""
21362
26658
21363
#: serverguide/C/file-server.xml:437(ulink)
26659
#: serverguide/C/file-server.xml:449(ulink)
21364
26660
msgid "Linux NFS faq"
21365
26661
msgstr ""
21366
26662
21367
#: serverguide/C/file-server.xml:439(ulink)
26663
#: serverguide/C/file-server.xml:451(ulink)
21368
26664
msgid "Ubuntu Wiki NFS Howto"
21369
26665
msgstr ""
21370
26666
21371
#: serverguide/C/file-server.xml:445(title)
26667
#: serverguide/C/file-server.xml:457(title)
26668
msgid "iSCSI Initiator"
26669
msgstr ""
26670
26671
#: serverguide/C/file-server.xml:459(para)
26672
msgid ""
26673
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
26674
"protocol that allows SCSI commands to be transmitted over a network. "
26675
"Typically iSCSI is implemented in a SAN (Storage Area Network) to allow "
26676
"servers to access a large store of hard drive space. The iSCSI protocol "
26677
"refers to clients as <emphasis>initiators</emphasis> and iSCSI servers as "
26678
"<emphasis>targets</emphasis>."
26679
msgstr ""
26680
26681
#: serverguide/C/file-server.xml:465(para)
26682
msgid ""
26683
"Ubuntu Server can be configured as both an iSCSI iniator and a target. This "
26684
"guide provides commands and configuration options to setup an iSCSI "
26685
"initiator. It is assumed that you already have an iSCSI target on your local "
26686
"network and have the appropriate rights to connect to it. The instructions "
26687
"for setting up a target vary greatly between hardware providers, so consult "
26688
"your vendor documentation to configure your specific iSCSI target."
26689
msgstr ""
26690
26691
#: serverguide/C/file-server.xml:473(title)
26692
msgid "iSCSI Initiator Install"
26693
msgstr ""
26694
26695
#: serverguide/C/file-server.xml:475(para)
26696
msgid ""
26697
"To configure Ubuntu Server as an iSCSI initiator install the "
26698
"<application>open-iscsi</application> package. In a terminal enter:"
26699
msgstr ""
26700
26701
#: serverguide/C/file-server.xml:480(command)
26702
msgid "sudo apt-get install open-iscsi"
26703
msgstr ""
26704
26705
#: serverguide/C/file-server.xml:485(title)
26706
msgid "iSCSI Initiator Configuration"
26707
msgstr ""
26708
26709
#: serverguide/C/file-server.xml:487(para)
26710
msgid ""
26711
"Once the <application>open-iscsi</application> package is installed, edit "
26712
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
26713
msgstr ""
26714
26715
#: serverguide/C/file-server.xml:491(programlisting)
26716
#, no-wrap
26717
msgid ""
26718
"\n"
26719
"node.startup = automatic\n"
26720
msgstr ""
26721
26722
#: serverguide/C/file-server.xml:495(para)
26723
msgid ""
26724
"You can check which targets are available by using the "
26725
"<application>iscsiadm</application> utility. Enter the following in a "
26726
"terminal:"
26727
msgstr ""
26728
26729
#: serverguide/C/file-server.xml:500(command)
26730
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
26731
msgstr ""
26732
26733
#: serverguide/C/file-server.xml:504(para)
26734
msgid ""
26735
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
26736
msgstr ""
26737
26738
#: serverguide/C/file-server.xml:505(para)
26739
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
26740
msgstr ""
26741
26742
#: serverguide/C/file-server.xml:506(para)
26743
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
26744
msgstr ""
26745
26746
#: serverguide/C/file-server.xml:510(para)
26747
msgid ""
26748
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
26749
"your network."
26750
msgstr ""
26751
26752
#: serverguide/C/file-server.xml:515(para)
26753
msgid ""
26754
"If the target is available you should see output similar to the following:"
26755
msgstr ""
26756
26757
#: serverguide/C/file-server.xml:520(computeroutput)
26758
#, no-wrap
26759
msgid ""
26760
"\n"
26761
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
26762
msgstr ""
26763
26764
#: serverguide/C/file-server.xml:526(para)
26765
msgid ""
26766
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
26767
"on your hardware."
26768
msgstr ""
26769
26770
#: serverguide/C/file-server.xml:531(para)
26771
msgid ""
26772
"You should now be able to connect to the iSCSI target, and depending on your "
26773
"target setup you may have to enter user credentials. Login to the iSCSI node:"
26774
msgstr ""
26775
26776
#: serverguide/C/file-server.xml:537(command)
26777
msgid "sudo iscsiadm -m node --login"
26778
msgstr ""
26779
26780
#: serverguide/C/file-server.xml:540(para)
26781
msgid ""
26782
"Check to make sure that the new disk has been detected using "
26783
"<application>dmesg</application>:"
26784
msgstr ""
26785
26786
#: serverguide/C/file-server.xml:545(command)
26787
msgid "dmesg | grep sd"
26788
msgstr ""
26789
26790
#: serverguide/C/file-server.xml:546(computeroutput)
26791
#, no-wrap
26792
msgid ""
26793
"\n"
26794
"[ 4.322384] sd 2:0:0:0: Attached scsi generic sg1 type 0\n"
26795
"[ 4.322797] sd 2:0:0:0: [sda] 41943040 512-byte logical blocks: (21.4 "
26796
"GB/20.0 GiB)\n"
26797
"[ 4.322843] sd 2:0:0:0: [sda] Write Protect is off\n"
26798
"[ 4.322846] sd 2:0:0:0: [sda] Mode Sense: 03 00 00 00\n"
26799
"[ 4.322896] sd 2:0:0:0: [sda] Cache data unavailable\n"
26800
"[ 4.322899] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
26801
"[ 4.323230] sd 2:0:0:0: [sda] Cache data unavailable\n"
26802
"[ 4.323233] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
26803
"[ 4.325312] sda: sda1 sda2 < sda5 >\n"
26804
"[ 4.325729] sd 2:0:0:0: [sda] Cache data unavailable\n"
26805
"[ 4.325732] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
26806
"[ 4.325735] sd 2:0:0:0: [sda] Attached SCSI disk\n"
26807
"[ 2486.941805] sd 4:0:0:3: Attached scsi generic sg3 type 0\n"
26808
"[ 2486.952093] sd 4:0:0:3: [sdb] 1126400000 512-byte logical blocks: (576 "
26809
"GB/537 GiB)\n"
26810
"[ 2486.954195] sd 4:0:0:3: [sdb] Write Protect is off\n"
26811
"[ 2486.954200] sd 4:0:0:3: [sdb] Mode Sense: 8f 00 00 08\n"
26812
"[ 2486.954692] sd 4:0:0:3: [sdb] Write cache: disabled, read cache: enabled, "
26813
"doesn't\n"
26814
" support DPO or FUA\n"
26815
"[ 2486.960577] sdb: sdb1\n"
26816
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
26817
msgstr ""
26818
26819
#: serverguide/C/file-server.xml:570(para)
26820
msgid ""
26821
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
26822
"this is just an example; the output you see on your screen will vary."
26823
msgstr ""
26824
26825
#: serverguide/C/file-server.xml:575(para)
26826
msgid ""
26827
"Next, create a partition, format the file system, and mount the new iSCSI "
26828
"disk. In a terminal enter:"
26829
msgstr ""
26830
26831
#: serverguide/C/file-server.xml:580(command)
26832
msgid "sudo fdisk /dev/sdb"
26833
msgstr ""
26834
26835
#: serverguide/C/file-server.xml:581(command)
26836
msgid "n"
26837
msgstr ""
26838
26839
#: serverguide/C/file-server.xml:582(command)
26840
msgid "p"
26841
msgstr ""
26842
26843
#: serverguide/C/file-server.xml:583(command)
26844
msgid "enter"
26845
msgstr ""
26846
26847
#: serverguide/C/file-server.xml:584(command)
26848
msgid "w"
26849
msgstr ""
26850
26851
#: serverguide/C/file-server.xml:588(para)
26852
msgid ""
26853
"The above commands are from inside the <application>fdisk</application> "
26854
"utility; see <command>man fdisk</command> for more detailed instructions. "
26855
"Also, the <application>cfdisk</application> utility is sometimes more user "
26856
"friendly."
26857
msgstr ""
26858
26859
#: serverguide/C/file-server.xml:594(para)
26860
msgid ""
26861
"Now format the file system and mount it to <filename>/srv</filename> as an "
26862
"example:"
26863
msgstr ""
26864
26865
#: serverguide/C/file-server.xml:599(command)
26866
msgid "sudo mkfs.ext4 /dev/sdb1"
26867
msgstr ""
26868
26869
#: serverguide/C/file-server.xml:600(command)
26870
msgid "sudo mount /dev/sdb1 /srv"
26871
msgstr ""
26872
26873
#: serverguide/C/file-server.xml:604(para)
26874
msgid ""
26875
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
26876
"drive during boot:"
26877
msgstr ""
26878
26879
#: serverguide/C/file-server.xml:608(programlisting)
26880
#, no-wrap
26881
msgid ""
26882
"\n"
26883
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
26884
msgstr ""
26885
26886
#: serverguide/C/file-server.xml:612(para)
26887
msgid ""
26888
"It is a good idea to make sure everything is working as expected by "
26889
"rebooting the server."
26890
msgstr ""
26891
26892
#: serverguide/C/file-server.xml:621(ulink)
26893
msgid "Open-iSCSI Website"
26894
msgstr ""
26895
26896
#: serverguide/C/file-server.xml:624(ulink) serverguide/C/file-server.xml:810(ulink)
26897
msgid "Debian Open-iSCSI page"
26898
msgstr ""
26899
26900
#: serverguide/C/file-server.xml:631(title)
21372
26901
msgid "CUPS - Print Server"
21373
26902
msgstr ""
21374
26903
21375
#: serverguide/C/file-server.xml:446(para)
26904
#: serverguide/C/file-server.xml:632(para)
21376
26905
msgid ""
21377
26906
"The primary mechanism for Ubuntu printing and print services is the "
21378
26907
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21380
26909
"become the new standard for printing in most Linux distributions."
21381
26910
msgstr ""
21382
26911
21383
#: serverguide/C/file-server.xml:453(para)
26912
#: serverguide/C/file-server.xml:639(para)
21384
26913
msgid ""
21385
26914
"CUPS manages print jobs and queues and provides network printing using the "
21386
26915
"standard Internet Printing Protocol (IPP), while offering support for a very "
21390
26919
"administration tool."
21391
26920
msgstr ""
21392
26921
21393
#: serverguide/C/file-server.xml:463(para)
26922
#: serverguide/C/file-server.xml:649(para)
21394
26923
msgid ""
21395
26924
"To install CUPS on your Ubuntu computer, simply use "
21396
26925
"<application>sudo</application> with the <application>apt-get</application> "
21400
26929
"CUPS:"
21401
26930
msgstr ""
21402
26931
21403
#: serverguide/C/file-server.xml:468(command)
26932
#: serverguide/C/file-server.xml:654(command)
21404
26933
msgid "sudo apt-get install cups"
21405
26934
msgstr ""
21406
26935
21407
#: serverguide/C/file-server.xml:471(para)
26936
#: serverguide/C/file-server.xml:657(para)
21408
26937
msgid ""
21409
26938
"Upon authenticating with your user password, the packages should be "
21410
26939
"downloaded and installed without error. Upon the conclusion of installation, "
21411
26940
"the CUPS server will be started automatically."
21412
26941
msgstr ""
21413
26942
21414
#: serverguide/C/file-server.xml:476(para)
26943
#: serverguide/C/file-server.xml:662(para)
21415
26944
msgid ""
21416
26945
"For troubleshooting purposes, you can access CUPS server errors via the "
21417
26946
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21424
26953
"from becoming overly large."
21425
26954
msgstr ""
21426
26955
21427
#: serverguide/C/file-server.xml:489(para)
26956
#: serverguide/C/file-server.xml:675(para)
21428
26957
msgid ""
21429
26958
"The Common UNIX Printing System server's behavior is configured through the "
21430
26959
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21435
26964
"initially will be presented here."
21436
26965
msgstr ""
21437
26966
21438
#: serverguide/C/file-server.xml:499(para)
26967
#: serverguide/C/file-server.xml:685(para)
21439
26968
msgid ""
21440
26969
"Prior to editing the configuration file, you should make a copy of the "
21441
26970
"original file and protect it from writing, so you will have the original "
21442
26971
"settings as a reference, and to reuse as necessary."
21443
26972
msgstr ""
21444
26973
21445
#: serverguide/C/file-server.xml:503(para)
26974
#: serverguide/C/file-server.xml:689(para)
21446
26975
msgid ""
21447
26976
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21448
26977
"writing with the following commands, issued at a terminal prompt:"
21449
26978
msgstr ""
21450
26979
21451
#: serverguide/C/file-server.xml:509(command)
26980
#: serverguide/C/file-server.xml:695(command)
21452
26981
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21453
26982
msgstr ""
21454
26983
21455
#: serverguide/C/file-server.xml:510(command)
26984
#: serverguide/C/file-server.xml:696(command)
21456
26985
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21457
26986
msgstr ""
21458
26987
21459
#: serverguide/C/file-server.xml:515(para)
26988
#: serverguide/C/file-server.xml:701(para)
21460
26989
msgid ""
21461
26990
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21462
26991
"address of the designated administrator of the CUPS server, simply edit the "
21468
26997
"as such:"
21469
26998
msgstr ""
21470
26999
21471
#: serverguide/C/file-server.xml:526(screen)
27000
#: serverguide/C/file-server.xml:712(screen)
21472
27001
#, no-wrap
21473
27002
msgid ""
21474
27003
"\n"
21475
27004
"ServerAdmin bjoy@somebigco.com\n"
21476
27005
msgstr ""
21477
27006
21478
#: serverguide/C/file-server.xml:532(para)
27007
#: serverguide/C/file-server.xml:718(para)
21479
27008
msgid ""
21480
27009
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21481
27010
"server installation listens only on the loopback interface at IP address "
21490
27019
"such:"
21491
27020
msgstr ""
21492
27021
21493
#: serverguide/C/file-server.xml:546(screen)
27022
#: serverguide/C/file-server.xml:732(screen)
21494
27023
#, no-wrap
21495
27024
msgid ""
21496
27025
"\n"
21500
27029
"(IPP)\n"
21501
27030
msgstr ""
21502
27031
21503
#: serverguide/C/file-server.xml:552(para)
27032
#: serverguide/C/file-server.xml:738(para)
21504
27033
msgid ""
21505
27034
"In the example above, you may comment out or remove the reference to the "
21506
27035
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21511
27040
"<emphasis>socrates</emphasis> as such:"
21512
27041
msgstr ""
21513
27042
21514
#: serverguide/C/file-server.xml:562(screen)
27043
#: serverguide/C/file-server.xml:748(screen)
21515
27044
#, no-wrap
21516
27045
msgid ""
21517
27046
"\n"
21518
27047
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21519
27048
msgstr ""
21520
27049
21521
#: serverguide/C/file-server.xml:566(para)
27050
#: serverguide/C/file-server.xml:752(para)
21522
27051
msgid ""
21523
27052
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21524
27053
"instead, as in:"
21525
27054
msgstr ""
21526
27055
21527
#: serverguide/C/file-server.xml:568(screen)
27056
#: serverguide/C/file-server.xml:754(screen)
21528
27057
#, no-wrap
21529
27058
msgid ""
21530
27059
"\n"
21531
27060
"Port 631 # Listen on port 631 on all interfaces\n"
21532
27061
msgstr ""
21533
27062
21534
#: serverguide/C/file-server.xml:575(para)
27063
#: serverguide/C/file-server.xml:761(para)
21535
27064
msgid ""
21536
27065
"For more examples of configuration directives in the CUPS server "
21537
27066
"configuration file, view the associated system manual page by entering the "
21538
27067
"following command at a terminal prompt:"
21539
27068
msgstr ""
21540
27069
21541
#: serverguide/C/file-server.xml:582(command)
27070
#: serverguide/C/file-server.xml:768(command)
21542
27071
msgid "man cupsd.conf"
21543
27072
msgstr ""
21544
27073
21545
#: serverguide/C/file-server.xml:586(para)
27074
#: serverguide/C/file-server.xml:772(para)
21546
27075
msgid ""
21547
27076
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21548
27077
"configuration file, you'll need to restart the CUPS server by typing the "
21549
27078
"following command at a terminal prompt:"
21550
27079
msgstr ""
21551
27080
21552
#: serverguide/C/file-server.xml:592(command)
27081
#: serverguide/C/file-server.xml:778(command)
21553
27082
msgid "sudo /etc/init.d/cups restart"
21554
27083
msgstr ""
21555
27084
21556
#: serverguide/C/file-server.xml:598(title)
27085
#: serverguide/C/file-server.xml:784(title)
21557
27086
msgid "Web Interface"
21558
27087
msgstr ""
21559
27088
21560
#: serverguide/C/file-server.xml:600(para)
27089
#: serverguide/C/file-server.xml:786(para)
21561
27090
msgid ""
21562
27091
"CUPS can be configured and monitored using a web interface, which by default "
21563
27092
"is available at <ulink "
21565
27094
"web interface can be used to perform all printer management tasks."
21566
27095
msgstr ""
21567
27096
21568
#: serverguide/C/file-server.xml:604(para)
27097
#: serverguide/C/file-server.xml:790(para)
21569
27098
msgid ""
21570
27099
"In order to perform administrative tasks via the web interface, you must "
21571
27100
"either have the root account enabled on your server, or authenticate as a "
21573
27102
"reasons, CUPS won't authenticate a user that doesn't have a password."
21574
27103
msgstr ""
21575
27104
21576
#: serverguide/C/file-server.xml:607(para)
27105
#: serverguide/C/file-server.xml:793(para)
21577
27106
msgid ""
21578
27107
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21579
27108
"at the terminal prompt: <screen>\n"
21581
27110
"</screen>"
21582
27111
msgstr ""
21583
27112
21584
#: serverguide/C/file-server.xml:613(para)
27113
#: serverguide/C/file-server.xml:799(para)
21585
27114
msgid ""
21586
27115
"Further documentation is available in the <emphasis "
21587
27116
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21588
27117
msgstr ""
21589
27118
21590
#: serverguide/C/file-server.xml:621(ulink)
27119
#: serverguide/C/file-server.xml:807(ulink)
21591
27120
msgid "CUPS Website"
21592
27121
msgstr ""
21593
27122
21594
#: serverguide/C/file-server.xml:624(ulink)
21595
msgid "Ubuntu Wiki CUPS page"
21596
msgstr ""
21597
21598
27123
#: serverguide/C/dns.xml:13(title)
21599
27124
msgid "Domain Name Service (DNS)"
21600
27125
msgstr ""
21622
27147
#: serverguide/C/dns.xml:30(para)
21623
27148
msgid ""
21624
27149
"A very useful package for testing and troubleshooting DNS issues is the "
21625
"dnsutils package. To install <application>dnsutils</application> enter the "
21626
"following:"
27150
"dnsutils package. Very often these tools will be installed already, but to "
27151
"check and/or install <application>dnsutils</application> enter the following:"
21627
27152
msgstr ""
21628
27153
21629
27154
#: serverguide/C/dns.xml:35(command)
21722
27247
"prompt:"
21723
27248
msgstr ""
21724
27249
21725
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21726
msgid "sudo /etc/init.d/bind9 restart"
27250
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:197(command) serverguide/C/dns.xml:255(command) serverguide/C/dns.xml:291(command) serverguide/C/dns.xml:319(command) serverguide/C/dns.xml:596(command)
27251
msgid "sudo service bind9 restart"
21727
27252
msgstr ""
21728
27253
21729
27254
#: serverguide/C/dns.xml:120(para)
21781
27306
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21782
27307
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21783
27308
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21784
"leaving the \".\" at the end."
27309
"leaving the \".\" at the end. Change the comment to indicate the domain that "
27310
"this file is for."
21785
27311
msgstr ""
21786
27312
21787
#: serverguide/C/dns.xml:155(para)
27313
#: serverguide/C/dns.xml:156(para)
21788
27314
msgid ""
21789
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21790
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
27315
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
27316
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
27317
"record</emphasis> for <emphasis role=\"italic\">ns.example.com</emphasis>, "
27318
"the name server in this example:"
21791
27319
msgstr ""
21792
27320
21793
#: serverguide/C/dns.xml:159(programlisting)
27321
#: serverguide/C/dns.xml:161(programlisting)
21794
27322
#, no-wrap
21795
27323
msgid ""
21796
27324
"\n"
21797
27325
";\n"
21798
"; BIND data file for local loopback interface\n"
27326
"; BIND data file for example.com\n"
21799
27327
";\n"
21800
27328
"$TTL 604800\n"
21801
"@ IN SOA ns.example.com. root.example.com. (\n"
27329
"@ IN SOA example.com. root.example.com. (\n"
21802
27330
" 2 ; Serial\n"
21803
27331
" 604800 ; Refresh\n"
21804
27332
" 86400 ; Retry\n"
21805
27333
" 2419200 ; Expire\n"
21806
27334
" 604800 ) ; Negative Cache TTL\n"
27335
" IN A 192.168.1.10\n"
21807
27336
";\n"
21808
27337
"@ IN NS ns.example.com.\n"
21809
"@ IN A 127.0.0.1\n"
27338
"@ IN A 192.168.1.10\n"
21810
27339
"@ IN AAAA ::1\n"
21811
27340
"ns IN A 192.168.1.10\n"
21812
27341
msgstr ""
21813
27342
21814
#: serverguide/C/dns.xml:176(para)
27343
#: serverguide/C/dns.xml:179(para)
21815
27344
msgid ""
21816
27345
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21817
27346
"make changes to the zone file. If you make multiple changes before "
21818
27347
"restarting BIND9, simply increment the Serial once."
21819
27348
msgstr ""
21820
27349
21821
#: serverguide/C/dns.xml:180(para)
27350
#: serverguide/C/dns.xml:183(para)
21822
27351
msgid ""
21823
27352
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21824
27353
"linkend=\"dns-record-types\"/> for details."
21825
27354
msgstr ""
21826
27355
21827
#: serverguide/C/dns.xml:184(para)
27356
#: serverguide/C/dns.xml:187(para)
21828
27357
msgid ""
21829
27358
"Many admins like to use the last date edited as the serial of a zone, such "
21830
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
27359
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
21831
27360
"<emphasis>ss</emphasis> is the Serial Number)"
21832
27361
msgstr ""
21833
27362
21834
#: serverguide/C/dns.xml:189(para)
27363
#: serverguide/C/dns.xml:192(para)
21835
27364
msgid ""
21836
"Once you have made a change to the zone file "
21837
"<application>BIND9</application> will need to be restarted for the changes "
21838
"to take effect:"
27365
"Once you have made changes to the zone file <application>BIND9</application> "
27366
"needs to be restarted for the changes to take effect:"
21839
27367
msgstr ""
21840
27368
21841
#: serverguide/C/dns.xml:198(title)
27369
#: serverguide/C/dns.xml:201(title)
21842
27370
msgid "Reverse Zone File"
21843
27371
msgstr ""
21844
27372
21845
#: serverguide/C/dns.xml:199(para)
27373
#: serverguide/C/dns.xml:202(para)
21846
27374
msgid ""
21847
27375
"Now that the zone is setup and resolving names to IP Adresses a "
21848
27376
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21849
27377
"DNS to resolve an address to a name."
21850
27378
msgstr ""
21851
27379
21852
#: serverguide/C/dns.xml:203(para)
27380
#: serverguide/C/dns.xml:206(para)
21853
27381
msgid "Edit /etc/bind/named.conf.local and add the following:"
21854
27382
msgstr ""
21855
27383
21856
#: serverguide/C/dns.xml:206(programlisting)
27384
#: serverguide/C/dns.xml:209(programlisting)
21857
27385
#, no-wrap
21858
27386
msgid ""
21859
27387
"\n"
21860
27388
"zone \"1.168.192.in-addr.arpa\" {\n"
21861
27389
" type master;\n"
21862
" notify no;\n"
21863
27390
" file \"/etc/bind/db.192\";\n"
21864
27391
"};\n"
21865
27392
msgstr ""
21866
27393
21867
#: serverguide/C/dns.xml:214(para)
27394
#: serverguide/C/dns.xml:216(para)
21868
27395
msgid ""
21869
27396
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21870
27397
"whatever network you are using. Also, name the zone file "
21872
27399
"first octet of your network."
21873
27400
msgstr ""
21874
27401
21875
#: serverguide/C/dns.xml:219(para)
27402
#: serverguide/C/dns.xml:221(para)
21876
27403
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21877
27404
msgstr ""
21878
27405
21879
#: serverguide/C/dns.xml:223(command)
27406
#: serverguide/C/dns.xml:225(command)
21880
27407
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21881
27408
msgstr ""
21882
27409
21883
#: serverguide/C/dns.xml:225(para)
27410
#: serverguide/C/dns.xml:227(para)
21884
27411
msgid ""
21885
27412
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21886
27413
"same options as <filename>/etc/bind/db.example.com</filename>:"
21887
27414
msgstr ""
21888
27415
21889
#: serverguide/C/dns.xml:229(programlisting)
27416
#: serverguide/C/dns.xml:231(programlisting)
21890
27417
#, no-wrap
21891
27418
msgid ""
21892
27419
"\n"
21893
27420
";\n"
21894
"; BIND reverse data file for local loopback interface\n"
27421
"; BIND reverse data file for local 192.168.1.XXX net\n"
21895
27422
";\n"
21896
27423
"$TTL 604800\n"
21897
27424
"@ IN SOA ns.example.com. root.example.com. (\n"
21905
27432
"10 IN PTR ns.example.com.\n"
21906
27433
msgstr ""
21907
27434
21908
#: serverguide/C/dns.xml:244(para)
27435
#: serverguide/C/dns.xml:246(para)
21909
27436
msgid ""
21910
27437
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21911
27438
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21912
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21913
"create a <emphasis>PTR record</emphasis> in "
27439
"you configure in <filename>/etc/bind/db.example.com</filename>, that is for "
27440
"a different address, you need to create a <emphasis>PTR record</emphasis> in "
21914
27441
"<filename>/etc/bind/db.192</filename>."
21915
27442
msgstr ""
21916
27443
21917
#: serverguide/C/dns.xml:249(para)
27444
#: serverguide/C/dns.xml:251(para)
21918
27445
msgid ""
21919
27446
"After creating the reverse zone file restart "
21920
27447
"<application>BIND9</application>:"
21921
27448
msgstr ""
21922
27449
21923
#: serverguide/C/dns.xml:258(title)
27450
#: serverguide/C/dns.xml:260(title)
21924
27451
msgid "Secondary Master"
21925
27452
msgstr ""
21926
27453
21927
#: serverguide/C/dns.xml:259(para)
27454
#: serverguide/C/dns.xml:261(para)
21928
27455
msgid ""
21929
27456
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21930
27457
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21931
27458
"availability of the domain should the Primary become unavailable."
21932
27459
msgstr ""
21933
27460
21934
#: serverguide/C/dns.xml:263(para)
27461
#: serverguide/C/dns.xml:265(para)
21935
27462
msgid ""
21936
27463
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21937
27464
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21939
27466
"<filename>/etc/bind/named.conf.local</filename>:"
21940
27467
msgstr ""
21941
27468
21942
#: serverguide/C/dns.xml:267(programlisting)
27469
#: serverguide/C/dns.xml:269(programlisting)
21943
27470
#, no-wrap
21944
27471
msgid ""
21945
27472
"\n"
21951
27478
"\n"
21952
27479
"zone \"1.168.192.in-addr.arpa\" {\n"
21953
27480
" type master;\n"
21954
" notify no;\n"
21955
27481
" file \"/etc/bind/db.192\";\n"
21956
27482
"\tallow-transfer { 192.168.1.11; };\n"
21957
27483
"};\n"
21958
27484
msgstr ""
21959
27485
21960
#: serverguide/C/dns.xml:282(para)
27486
#: serverguide/C/dns.xml:283(para)
21961
27487
msgid ""
21962
27488
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21963
27489
"Secondary nameserver."
21964
27490
msgstr ""
21965
27491
21966
#: serverguide/C/dns.xml:286(para)
27492
#: serverguide/C/dns.xml:287(para)
27493
msgid "Restart <application>BIND9</application> on the Primary Master:"
27494
msgstr ""
27495
27496
#: serverguide/C/dns.xml:293(para)
21967
27497
msgid ""
21968
27498
"Next, on the Secondary Master, install the <application>bind9</application> "
21969
27499
"package the same way as on the Primary. Then edit the "
21971
27501
"declarations for the Forward and Reverse zones:"
21972
27502
msgstr ""
21973
27503
21974
#: serverguide/C/dns.xml:290(programlisting)
27504
#: serverguide/C/dns.xml:297(programlisting)
21975
27505
#, no-wrap
21976
27506
msgid ""
21977
27507
"\n"
21978
27508
"zone \"example.com\" {\n"
21979
27509
"\ttype slave;\n"
21980
" file \"/var/cache/bind/db.example.com\";\n"
27510
" file \"db.example.com\";\n"
21981
27511
" masters { 192.168.1.10; };\n"
21982
27512
"}; \n"
21983
27513
" \n"
21984
27514
"zone \"1.168.192.in-addr.arpa\" {\n"
21985
27515
"\ttype slave;\n"
21986
" file \"/var/cache/bind/db.192\";\n"
27516
" file \"db.192\";\n"
21987
27517
" masters { 192.168.1.10; };\n"
21988
27518
"};\n"
21989
27519
msgstr ""
21990
27520
21991
#: serverguide/C/dns.xml:304(para)
27521
#: serverguide/C/dns.xml:311(para)
21992
27522
msgid ""
21993
27523
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21994
27524
"Primary nameserver."
21995
27525
msgstr ""
21996
27526
21997
#: serverguide/C/dns.xml:308(para)
27527
#: serverguide/C/dns.xml:315(para)
21998
27528
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21999
27529
msgstr ""
22000
27530
22001
#: serverguide/C/dns.xml:314(para)
27531
#: serverguide/C/dns.xml:321(para)
22002
27532
msgid ""
22003
"In <filename>/var/log/syslog</filename> you should see something similar to:"
27533
"In <filename>/var/log/syslog</filename> you should see something similar to "
27534
"(some lines have been split to fit the format of this document):"
22004
27535
msgstr ""
22005
27536
22006
#: serverguide/C/dns.xml:317(programlisting)
27537
#: serverguide/C/dns.xml:324(programlisting)
22007
27538
#, no-wrap
22008
27539
msgid ""
22009
27540
"\n"
22010
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22011
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
27541
"client 192.168.1.10#39448: received notify for zone '1.168.192.in-"
27542
"addr.arpa'\n"
27543
"zone 1.168.192.in-addr.arpa/IN: Transfer started.\n"
27544
"transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:\n"
27545
" connected using 192.168.1.11#37531\n"
27546
"zone 1.168.192.in-addr.arpa/IN: transferred serial 5\n"
27547
"transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:\n"
27548
" Transfer completed: 1 messages, \n"
27549
"6 records, 212 bytes, 0.002 secs (106000 bytes/sec)\n"
27550
"zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 5)\n"
27551
"\n"
27552
"client 192.168.1.10#20329: received notify for zone 'example.com'\n"
27553
"zone example.com/IN: Transfer started.\n"
27554
"transfer of 'example.com/IN' from 192.168.1.10#53: connected using "
27555
"192.168.1.11#38577\n"
27556
"zone example.com/IN: transferred serial 5\n"
27557
"transfer of 'example.com/IN' from 192.168.1.10#53: Transfer completed: 1 "
27558
"messages, \n"
27559
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
22012
27560
msgstr ""
22013
27561
22014
#: serverguide/C/dns.xml:322(para)
27562
#: serverguide/C/dns.xml:343(para)
22015
27563
msgid ""
22016
27564
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22017
"on the Primary is larger than the one on the Secondary."
22018
msgstr ""
22019
22020
#: serverguide/C/dns.xml:328(para)
27565
"on the Primary is larger than the one on the Secondary. If you want to have "
27566
"your Primary Master DNS notifying Secondary DNS Servers of zone changes, you "
27567
"can add <emphasis>also-notify { ipaddress; };</emphasis> in to "
27568
"<filename>/etc/bind/named.conf.local</filename> as shown in the example "
27569
"below:"
27570
msgstr ""
27571
27572
#: serverguide/C/dns.xml:347(programlisting)
27573
#, no-wrap
27574
msgid ""
27575
"\n"
27576
"zone \"example.com\" {\n"
27577
"\ttype master;\n"
27578
"\tfile \"/etc/bind/db.example.com\";\n"
27579
"\tallow-transfer { 192.168.1.11; };\n"
27580
"\talso-notify { 192.168.1.11; }; \n"
27581
"\t};\n"
27582
"\n"
27583
"zone \"1.168.192.in-addr.arpa\" {\n"
27584
"\ttype master;\n"
27585
"\tfile \"/etc/bind/db.192\";\n"
27586
"\tallow-transfer { 192.168.1.11; };\n"
27587
"\talso-notify { 192.168.1.11; }; \n"
27588
"\t};\n"
27589
"\t"
27590
msgstr ""
27591
27592
#: serverguide/C/dns.xml:363(para)
22021
27593
msgid ""
22022
27594
"The default directory for non-authoritative zone files is "
22023
27595
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22026
27598
"on AppArmor see <xref linkend=\"apparmor\"/>."
22027
27599
msgstr ""
22028
27600
22029
#: serverguide/C/dns.xml:339(para)
27601
#: serverguide/C/dns.xml:374(para)
22030
27602
msgid ""
22031
27603
"This section covers ways to help determine the cause when problems happen "
22032
27604
"with DNS and <application>BIND9</application>."
22033
27605
msgstr ""
22034
27606
22035
#: serverguide/C/dns.xml:345(title)
27607
#: serverguide/C/dns.xml:380(title)
22036
27608
msgid "resolv.conf"
22037
27609
msgstr ""
22038
27610
22039
#: serverguide/C/dns.xml:346(para)
27611
#: serverguide/C/dns.xml:381(para)
22040
27612
msgid ""
22041
27613
"The first step in testing <application>BIND9</application> is to add the "
22042
27614
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22044
27616
"<filename>/etc/resolv.conf</filename> and add the following:"
22045
27617
msgstr ""
22046
27618
22047
#: serverguide/C/dns.xml:351(programlisting)
27619
#: serverguide/C/dns.xml:386(programlisting)
22048
27620
#, no-wrap
22049
27621
msgid ""
22050
27622
"\n"
22052
27624
"nameserver\t192.168.1.11\n"
22053
27625
msgstr ""
22054
27626
22055
#: serverguide/C/dns.xml:356(para)
27627
#: serverguide/C/dns.xml:391(para)
22056
27628
msgid ""
22057
27629
"You should also add the IP Address of the Secondary nameserver in case the "
22058
27630
"Primary becomes unavailable."
22059
27631
msgstr ""
22060
27632
22061
#: serverguide/C/dns.xml:362(title)
27633
#: serverguide/C/dns.xml:397(title)
22062
27634
msgid "dig"
22063
27635
msgstr ""
22064
27636
22065
#: serverguide/C/dns.xml:363(para)
27637
#: serverguide/C/dns.xml:398(para)
22066
27638
msgid ""
22067
27639
"If you installed the <application>dnsutils</application> package you can "
22068
27640
"test your setup using the DNS lookup utility <application>dig</application>:"
22069
27641
msgstr ""
22070
27642
22071
#: serverguide/C/dns.xml:369(para)
27643
#: serverguide/C/dns.xml:404(para)
22072
27644
msgid ""
22073
27645
"After installing <application>BIND9</application> use "
22074
27646
"<application>dig</application> against the loopback interface to make sure "
22075
27647
"it is listening on port 53. From a terminal prompt:"
22076
27648
msgstr ""
22077
27649
22078
#: serverguide/C/dns.xml:374(command)
27650
#: serverguide/C/dns.xml:409(command)
22079
27651
msgid "dig -x 127.0.0.1"
22080
27652
msgstr ""
22081
27653
22082
#: serverguide/C/dns.xml:376(para)
27654
#: serverguide/C/dns.xml:411(para)
22083
27655
msgid "You should see lines similar to the following in the command output:"
22084
27656
msgstr ""
22085
27657
22086
#: serverguide/C/dns.xml:379(programlisting)
27658
#: serverguide/C/dns.xml:414(programlisting)
22087
27659
#, no-wrap
22088
27660
msgid ""
22089
27661
"\n"
22091
27663
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22092
27664
msgstr ""
22093
27665
22094
#: serverguide/C/dns.xml:385(para)
27666
#: serverguide/C/dns.xml:420(para)
22095
27667
msgid ""
22096
27668
"If you have configured <application>BIND9</application> as a "
22097
27669
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22098
27670
"the query time:"
22099
27671
msgstr ""
22100
27672
22101
#: serverguide/C/dns.xml:390(command)
27673
#: serverguide/C/dns.xml:425(command)
22102
27674
msgid "dig ubuntu.com"
22103
27675
msgstr ""
22104
27676
22105
#: serverguide/C/dns.xml:392(para)
27677
#: serverguide/C/dns.xml:427(para)
22106
27678
msgid "Note the query time toward the end of the command output:"
22107
27679
msgstr ""
22108
27680
22109
#: serverguide/C/dns.xml:395(programlisting)
27681
#: serverguide/C/dns.xml:430(programlisting)
22110
27682
#, no-wrap
22111
27683
msgid ""
22112
27684
"\n"
22113
27685
";; Query time: 49 msec\n"
22114
27686
msgstr ""
22115
27687
22116
#: serverguide/C/dns.xml:398(para)
27688
#: serverguide/C/dns.xml:433(para)
22117
27689
msgid "After a second dig there should be improvement:"
22118
27690
msgstr ""
22119
27691
22120
#: serverguide/C/dns.xml:401(programlisting)
27692
#: serverguide/C/dns.xml:436(programlisting)
22121
27693
#, no-wrap
22122
27694
msgid ""
22123
27695
"\n"
22124
27696
";; Query time: 1 msec\n"
22125
27697
msgstr ""
22126
27698
22127
#: serverguide/C/dns.xml:408(title)
27699
#: serverguide/C/dns.xml:443(title)
22128
27700
msgid "ping"
22129
27701
msgstr ""
22130
27702
22131
#: serverguide/C/dns.xml:410(para)
27703
#: serverguide/C/dns.xml:445(para)
22132
27704
msgid ""
22133
27705
"Now to demonstrate how applications make use of DNS to resolve a host name "
22134
27706
"use the <application>ping</application> utility to send an ICMP echo "
22135
27707
"request. From a terminal prompt enter:"
22136
27708
msgstr ""
22137
27709
22138
#: serverguide/C/dns.xml:416(command)
27710
#: serverguide/C/dns.xml:451(command)
22139
27711
msgid "ping example.com"
22140
27712
msgstr ""
22141
27713
22142
#: serverguide/C/dns.xml:418(para)
27714
#: serverguide/C/dns.xml:453(para)
22143
27715
msgid ""
22144
27716
"This tests if the nameserver can resolve the name "
22145
27717
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22146
27718
"should resemble:"
22147
27719
msgstr ""
22148
27720
22149
#: serverguide/C/dns.xml:422(programlisting)
27721
#: serverguide/C/dns.xml:457(programlisting)
22150
27722
#, no-wrap
22151
27723
msgid ""
22152
27724
"\n"
22155
27727
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22156
27728
msgstr ""
22157
27729
22158
#: serverguide/C/dns.xml:429(title)
27730
#: serverguide/C/dns.xml:464(title)
22159
27731
msgid "named-checkzone"
22160
27732
msgstr ""
22161
27733
22162
#: serverguide/C/dns.xml:430(para)
27734
#: serverguide/C/dns.xml:465(para)
22163
27735
msgid ""
22164
27736
"A great way to test your zone files is by using the <application>named-"
22165
27737
"checkzone</application> utility installed with the "
22168
27740
"<application>BIND9</application> and making the changes live."
22169
27741
msgstr ""
22170
27742
22171
#: serverguide/C/dns.xml:437(para)
27743
#: serverguide/C/dns.xml:472(para)
22172
27744
msgid ""
22173
27745
"To test our example Forward zone file enter the following from a command "
22174
27746
"prompt:"
22175
27747
msgstr ""
22176
27748
22177
#: serverguide/C/dns.xml:441(command)
27749
#: serverguide/C/dns.xml:476(command)
22178
27750
msgid "named-checkzone example.com /etc/bind/db.example.com"
22179
27751
msgstr ""
22180
27752
22181
#: serverguide/C/dns.xml:443(para)
27753
#: serverguide/C/dns.xml:478(para)
22182
27754
msgid ""
22183
27755
"If everything is configured correctly you should see output similar to:"
22184
27756
msgstr ""
22185
27757
22186
#: serverguide/C/dns.xml:446(programlisting)
27758
#: serverguide/C/dns.xml:481(programlisting)
22187
27759
#, no-wrap
22188
27760
msgid ""
22189
27761
"\n"
22191
27763
"OK\n"
22192
27764
msgstr ""
22193
27765
22194
#: serverguide/C/dns.xml:452(para)
27766
#: serverguide/C/dns.xml:487(para)
22195
27767
msgid "Similarly, to test the Reverse zone file enter the following:"
22196
27768
msgstr ""
22197
27769
22198
#: serverguide/C/dns.xml:456(command)
22199
msgid "named-checkzone example.com /etc/bind/db.192"
27770
#: serverguide/C/dns.xml:491(command)
27771
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
22200
27772
msgstr ""
22201
27773
22202
#: serverguide/C/dns.xml:458(para)
27774
#: serverguide/C/dns.xml:493(para)
22203
27775
msgid "The output should be similar to:"
22204
27776
msgstr ""
22205
27777
22206
#: serverguide/C/dns.xml:461(programlisting)
27778
#: serverguide/C/dns.xml:496(programlisting)
22207
27779
#, no-wrap
22208
27780
msgid ""
22209
27781
"\n"
22210
"zone example.com/IN: loaded serial 3\n"
27782
"zone 1.168.192.in-addr.arpa/IN: loaded serial 3\n"
22211
27783
"OK\n"
22212
27784
msgstr ""
22213
27785
22214
#: serverguide/C/dns.xml:468(para)
27786
#: serverguide/C/dns.xml:503(para)
22215
27787
msgid ""
22216
27788
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22217
27789
"different."
22218
27790
msgstr ""
22219
27791
22220
#: serverguide/C/dns.xml:475(title)
22221
msgid "Logging"
22222
msgstr ""
22223
22224
#: serverguide/C/dns.xml:476(para)
27792
#: serverguide/C/dns.xml:511(para)
22225
27793
msgid ""
22226
27794
"<application>BIND9</application> has a wide variety of logging configuration "
22227
27795
"options available. There are two main options. The "
22229
27797
"<emphasis>category</emphasis> option determines what information to log."
22230
27798
msgstr ""
22231
27799
22232
#: serverguide/C/dns.xml:480(para)
27800
#: serverguide/C/dns.xml:515(para)
22233
27801
msgid "If no logging option is configured the default option is:"
22234
27802
msgstr ""
22235
27803
22236
#: serverguide/C/dns.xml:483(programlisting)
27804
#: serverguide/C/dns.xml:518(programlisting)
22237
27805
#, no-wrap
22238
27806
msgid ""
22239
27807
"\n"
22243
27811
"};\n"
22244
27812
msgstr ""
22245
27813
22246
#: serverguide/C/dns.xml:489(para)
27814
#: serverguide/C/dns.xml:524(para)
22247
27815
msgid ""
22248
27816
"This section covers configuring <application>BIND9</application> to send "
22249
27817
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22250
27818
"file."
22251
27819
msgstr ""
22252
27820
22253
#: serverguide/C/dns.xml:494(para)
27821
#: serverguide/C/dns.xml:529(para)
22254
27822
msgid ""
22255
27823
"First, we need to configure a channel to specify which file to send the "
22256
27824
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22257
27825
"the following:"
22258
27826
msgstr ""
22259
27827
22260
#: serverguide/C/dns.xml:498(programlisting)
27828
#: serverguide/C/dns.xml:533(programlisting)
22261
27829
#, no-wrap
22262
27830
msgid ""
22263
27831
"\n"
22269
27837
"};\n"
22270
27838
msgstr ""
22271
27839
22272
#: serverguide/C/dns.xml:508(para)
27840
#: serverguide/C/dns.xml:543(para)
22273
27841
msgid "Next, configure a category to send all DNS queries to the query file:"
22274
27842
msgstr ""
22275
27843
22276
#: serverguide/C/dns.xml:511(programlisting)
27844
#: serverguide/C/dns.xml:546(programlisting)
22277
27845
#, no-wrap
22278
27846
msgid ""
22279
27847
"\n"
22286
27854
"};\n"
22287
27855
msgstr ""
22288
27856
22289
#: serverguide/C/dns.xml:523(para)
27857
#: serverguide/C/dns.xml:558(para)
22290
27858
msgid ""
22291
27859
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22292
27860
"level isn't specified level 1 is the default."
22293
27861
msgstr ""
22294
27862
22295
#: serverguide/C/dns.xml:529(para)
27863
#: serverguide/C/dns.xml:564(para)
22296
27864
msgid ""
22297
27865
"Since the <emphasis>named daemon</emphasis> runs as the "
22298
27866
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22299
27867
"file must be created and the ownership changed:"
22300
27868
msgstr ""
22301
27869
22302
#: serverguide/C/dns.xml:534(command)
27870
#: serverguide/C/dns.xml:569(command)
22303
27871
msgid "sudo touch /var/log/query.log"
22304
27872
msgstr ""
22305
27873
22306
#: serverguide/C/dns.xml:535(command)
27874
#: serverguide/C/dns.xml:570(command)
22307
27875
msgid "sudo chown bind /var/log/query.log"
22308
27876
msgstr ""
22309
27877
22310
#: serverguide/C/dns.xml:539(para)
27878
#: serverguide/C/dns.xml:574(para)
22311
27879
msgid ""
22312
27880
"Before <application>named</application> daemon can write to the new log file "
22313
27881
"the <application>AppArmor</application> profile must be updated. First, edit "
22314
27882
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22315
27883
msgstr ""
22316
27884
22317
#: serverguide/C/dns.xml:543(programlisting)
27885
#: serverguide/C/dns.xml:578(programlisting)
22318
27886
#, no-wrap
22319
27887
msgid ""
22320
27888
"\n"
22321
27889
"/var/log/query.log w,\n"
22322
27890
msgstr ""
22323
27891
22324
#: serverguide/C/dns.xml:546(para)
27892
#: serverguide/C/dns.xml:581(para)
22325
27893
msgid "Next, reload the profile:"
22326
27894
msgstr ""
22327
27895
22328
#: serverguide/C/dns.xml:550(command)
27896
#: serverguide/C/dns.xml:585(command)
22329
27897
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22330
27898
msgstr ""
22331
27899
22332
#: serverguide/C/dns.xml:552(para)
27900
#: serverguide/C/dns.xml:587(para)
22333
27901
msgid ""
22334
27902
"For more information on <application>AppArmor</application> see <xref "
22335
27903
"linkend=\"apparmor\"/>"
22336
27904
msgstr ""
22337
27905
22338
#: serverguide/C/dns.xml:557(para)
27906
#: serverguide/C/dns.xml:592(para)
22339
27907
msgid ""
22340
27908
"Now restart <application>BIND9</application> for the changes to take effect:"
22341
27909
msgstr ""
22342
27910
22343
#: serverguide/C/dns.xml:565(para)
27911
#: serverguide/C/dns.xml:600(para)
22344
27912
msgid ""
22345
27913
"You should see the file <filename>/var/log/query.log</filename> fill with "
22346
27914
"query information. This is a simple example of the "
22348
27916
"options see <xref linkend=\"dns-more-info\"/>."
22349
27917
msgstr ""
22350
27918
22351
#: serverguide/C/dns.xml:574(title)
27919
#: serverguide/C/dns.xml:609(title)
22352
27920
msgid "Common Record Types"
22353
27921
msgstr ""
22354
27922
22355
#: serverguide/C/dns.xml:575(para)
27923
#: serverguide/C/dns.xml:610(para)
22356
27924
msgid "This section covers some of the most common DNS record types."
22357
27925
msgstr ""
22358
27926
22359
#: serverguide/C/dns.xml:580(para)
27927
#: serverguide/C/dns.xml:615(para)
22360
27928
msgid ""
22361
27929
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22362
27930
msgstr ""
22363
27931
22364
#: serverguide/C/dns.xml:583(programlisting)
27932
#: serverguide/C/dns.xml:618(programlisting)
22365
27933
#, no-wrap
22366
27934
msgid ""
22367
27935
"\n"
22368
27936
"www IN A 192.168.1.12\n"
22369
27937
msgstr ""
22370
27938
22371
#: serverguide/C/dns.xml:588(para)
27939
#: serverguide/C/dns.xml:623(para)
22372
27940
msgid ""
22373
27941
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22374
27942
"record. You cannot create a CNAME record pointing to another CNAME record."
22375
27943
msgstr ""
22376
27944
22377
#: serverguide/C/dns.xml:591(programlisting)
27945
#: serverguide/C/dns.xml:626(programlisting)
22378
27946
#, no-wrap
22379
27947
msgid ""
22380
27948
"\n"
22381
27949
"web IN CNAME www\n"
22382
27950
msgstr ""
22383
27951
22384
#: serverguide/C/dns.xml:596(para)
27952
#: serverguide/C/dns.xml:631(para)
22385
27953
msgid ""
22386
27954
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22387
27955
"to. Must point to an A record, not a CNAME."
22388
27956
msgstr ""
22389
27957
22390
#: serverguide/C/dns.xml:599(programlisting)
27958
#: serverguide/C/dns.xml:634(programlisting)
22391
27959
#, no-wrap
22392
27960
msgid ""
22393
27961
"\n"
22395
27963
"mail IN A 192.168.1.13\n"
22396
27964
msgstr ""
22397
27965
22398
#: serverguide/C/dns.xml:605(para)
27966
#: serverguide/C/dns.xml:640(para)
22399
27967
msgid ""
22400
27968
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22401
27969
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22402
27970
"Secondary servers are defined."
22403
27971
msgstr ""
22404
27972
22405
#: serverguide/C/dns.xml:609(programlisting)
27973
#: serverguide/C/dns.xml:644(programlisting)
22406
27974
#, no-wrap
22407
27975
msgid ""
22408
27976
"\n"
22409
27977
" IN NS ns.example.com.\n"
22410
"\tIN NS ns2.example.com.\n"
27978
" IN NS ns2.example.com.\n"
22411
27979
"ns IN A 192.168.1.10\n"
22412
"ns2\tIN A\t 192.168.1.11\n"
27980
"ns2 IN A 192.168.1.11\n"
22413
27981
msgstr ""
22414
27982
22415
#: serverguide/C/dns.xml:622(para)
27983
#: serverguide/C/dns.xml:657(para)
22416
27984
msgid ""
22417
27985
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22418
27986
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22419
27987
msgstr ""
22420
27988
22421
#: serverguide/C/dns.xml:627(para)
27989
#: serverguide/C/dns.xml:662(para)
22422
27990
msgid ""
22423
27991
"For in depth coverage of <emphasis>DNS</emphasis> and "
22424
27992
"<application>BIND9</application> see <ulink "
22425
27993
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22426
27994
msgstr ""
22427
27995
22428
#: serverguide/C/dns.xml:632(para)
27996
#: serverguide/C/dns.xml:667(para)
22429
27997
msgid ""
22430
27998
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22431
27999
"BIND</ulink> is a popular book now in it's fifth edition."
22432
28000
msgstr ""
22433
28001
22434
#: serverguide/C/dns.xml:637(para)
28002
#: serverguide/C/dns.xml:672(para)
22435
28003
msgid ""
22436
28004
"A great place to ask for <application>BIND9</application> assistance, and "
22437
28005
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22439
28007
"url=\"http://freenode.net\">freenode</ulink>."
22440
28008
msgstr ""
22441
28009
22442
#: serverguide/C/dns.xml:643(para)
28010
#: serverguide/C/dns.xml:678(para)
22443
28011
msgid ""
22444
28012
"Also, see the <ulink "
22445
28013
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22446
28014
"HOWTO</ulink> in the Ubuntu Wiki."
22447
28015
msgstr ""
22448
28016
28017
#: serverguide/C/dm-multipath.xml:24(title)
28018
msgid "DM-Multipath"
28019
msgstr ""
28020
28021
#: serverguide/C/dm-multipath.xml:27(title)
28022
msgid "Device Mapper Multipathing"
28023
msgstr ""
28024
28025
#: serverguide/C/dm-multipath.xml:29(para)
28026
msgid ""
28027
"Device mapper multipathing (DM-Multipath) allows you to configure multiple "
28028
"I/O paths between server nodes and storage arrays into a single device. "
28029
"These I/O paths are physical SAN connections that can include separate "
28030
"cables, switches, and controllers. Multipathing aggregates the I/O paths, "
28031
"creating a new device that consists of the aggregated paths. This chapter "
28032
"provides a summary of the features of DM-Multipath that are new for the "
28033
"initial release of Ubuntu Server 12.04. Following that, this chapter "
28034
"provides a high-level overview of DM Multipath and its components, as well "
28035
"as an overview of DM-Multipath setup."
28036
msgstr ""
28037
28038
#: serverguide/C/dm-multipath.xml:40(title)
28039
msgid "New and Changed Features for Ubuntu Server 12.04"
28040
msgstr ""
28041
28042
#: serverguide/C/dm-multipath.xml:42(para)
28043
msgid "Migrated from multipath-0.4.8 to multipath-0.4.9"
28044
msgstr ""
28045
28046
#: serverguide/C/dm-multipath.xml:45(title)
28047
msgid "Migration from 0.4.8"
28048
msgstr ""
28049
28050
#: serverguide/C/dm-multipath.xml:47(para)
28051
msgid ""
28052
"The priority checkers are no longer run as standalone binaries, but as "
28053
"shared libraries. The key value name for this feature has also slightly "
28054
"changed. Copy the attribute named <emphasis "
28055
"role=\"bold\">prio_callout</emphasis> to <emphasis "
28056
"role=\"bold\">prio</emphasis>, also modify the argument the name of the "
28057
"priority checker, a system path is no longer necessary. Example "
28058
"conversion:<screen>device {\n"
28059
" vendor \"NEC\"\n"
28060
" product \"DISK ARRAY\"\n"
28061
" prio_callout mpath_prio_alua /dev/%n\n"
28062
" prio alua\n"
28063
"}</screen>"
28064
msgstr ""
28065
28066
#: serverguide/C/dm-multipath.xml:60(para)
28067
msgid ""
28068
"See Table <link linkend=\"priority-checker-conversion-table\">\"Priority "
28069
"Checker Conversion\"</link> for a complete listing"
28070
msgstr ""
28071
28072
#: serverguide/C/dm-multipath.xml:65(title)
28073
msgid "Priority Checker Conversion"
28074
msgstr ""
28075
28076
#: serverguide/C/dm-multipath.xml:71(entry)
28077
msgid "v0.4.8"
28078
msgstr ""
28079
28080
#: serverguide/C/dm-multipath.xml:73(entry)
28081
msgid "v0.4.9"
28082
msgstr ""
28083
28084
#: serverguide/C/dm-multipath.xml:79(emphasis)
28085
msgid "prio_callout mpath_prio_emc /dev/%n"
28086
msgstr ""
28087
28088
#: serverguide/C/dm-multipath.xml:82(emphasis)
28089
msgid "prio emc"
28090
msgstr ""
28091
28092
#: serverguide/C/dm-multipath.xml:86(emphasis)
28093
msgid "prio_callout mpath_prio_alua /dev/%n"
28094
msgstr ""
28095
28096
#: serverguide/C/dm-multipath.xml:89(emphasis)
28097
msgid "prio alua"
28098
msgstr ""
28099
28100
#: serverguide/C/dm-multipath.xml:93(emphasis)
28101
msgid "prio_callout mpath_prio_netapp /dev/%n"
28102
msgstr ""
28103
28104
#: serverguide/C/dm-multipath.xml:96(emphasis)
28105
msgid "prio netapp"
28106
msgstr ""
28107
28108
#: serverguide/C/dm-multipath.xml:100(emphasis)
28109
msgid "prio_callout mpath_prio_rdac /dev/%n"
28110
msgstr ""
28111
28112
#: serverguide/C/dm-multipath.xml:103(emphasis)
28113
msgid "prio rdac"
28114
msgstr ""
28115
28116
#: serverguide/C/dm-multipath.xml:107(emphasis)
28117
msgid "prio_callout mpath_prio_hp_sw /dev/%n"
28118
msgstr ""
28119
28120
#: serverguide/C/dm-multipath.xml:110(emphasis)
28121
msgid "prio hp_sw"
28122
msgstr ""
28123
28124
#: serverguide/C/dm-multipath.xml:114(emphasis)
28125
msgid "prio_callout mpath_prio_hds_modular %b"
28126
msgstr ""
28127
28128
#: serverguide/C/dm-multipath.xml:117(emphasis)
28129
msgid "prio hds"
28130
msgstr ""
28131
28132
#: serverguide/C/dm-multipath.xml:123(para)
28133
msgid ""
28134
"Since the multipath config file parser essentially parses all key/value "
28135
"pairs it finds and then makes use of them, it is safe for both <emphasis "
28136
"role=\"bold\">prio_callout</emphasis> and <emphasis "
28137
"role=\"bold\">prio</emphasis> to coexist and is recommended that the "
28138
"<emphasis role=\"bold\">prio</emphasis> attribute be inserted before "
28139
"beginning migration. After which you can safely delete the legacy <emphasis "
28140
"role=\"bold\">prio_calliout</emphasis> attribute without interrupting "
28141
"service."
28142
msgstr ""
28143
28144
#: serverguide/C/dm-multipath.xml:137(para)
28145
msgid "DM-Multipath can be used to provide:"
28146
msgstr ""
28147
28148
#: serverguide/C/dm-multipath.xml:141(para)
28149
msgid ""
28150
"<emphasis> Redundancy </emphasis> DM-Multipath can provide failover in an "
28151
"active/passive configuration. In an active/passive configuration, only half "
28152
"the paths are used at any time for I/O. If any element of an I/O path (the "
28153
"cable, switch, or controller) fails, DM-Multipath switches to an alternate "
28154
"path."
28155
msgstr ""
28156
28157
#: serverguide/C/dm-multipath.xml:149(para)
28158
msgid ""
28159
"<emphasis> Improved Performance </emphasis> Performance DM-Multipath can be "
28160
"configured in active/active mode, where I/O is spread over the paths in a "
28161
"round-robin fashion. In some configurations, DM-Multipath can detect loading "
28162
"on the I/O paths and dynamically re-balance the load."
28163
msgstr ""
28164
28165
#: serverguide/C/dm-multipath.xml:159(title)
28166
msgid "Storage Array Overview"
28167
msgstr ""
28168
28169
#: serverguide/C/dm-multipath.xml:161(para)
28170
msgid ""
28171
"By default, DM-Multipath includes support for the most common storage arrays "
28172
"that support DM-Multipath. The supported devices can be found in the "
28173
"multipath.conf.defaults file. If your storage array supports DM-Multipath "
28174
"and is not configured by default in this file, you may need to add them to "
28175
"the DM-Multipath configuration file, multipath.conf. For information on the "
28176
"DM-Multipath configuration file, see Section, <link linkend=\"multipath-dm-"
28177
"multipath-config-file\">The DM-Multipath Configuration File</link>. Some "
28178
"storage arrays require special handling of I/O errors and path switching. "
28179
"These require separate hardware handler kernel modules."
28180
msgstr ""
28181
28182
#: serverguide/C/dm-multipath.xml:174(title)
28183
msgid "DM-Multipath components"
28184
msgstr ""
28185
28186
#: serverguide/C/dm-multipath.xml:176(para)
28187
msgid ""
28188
"Table “<link linkend=\"multipath-components-table\">DM-Multipath "
28189
"Components”</link> describes the components of the DM-Multipath package. "
28190
"<include href=\"multipath-components-table.xml\"/>"
28191
msgstr ""
28192
28193
#: serverguide/C/dm-multipath.xml:183(title)
28194
msgid "DM-Multipath Setup Overview"
28195
msgstr ""
28196
28197
#: serverguide/C/dm-multipath.xml:190(para)
28198
msgid ""
28199
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
28200
"role=\"bold\">multipath-tools-boot</emphasis> packages"
28201
msgstr ""
28202
28203
#: serverguide/C/dm-multipath.xml:196(para)
28204
msgid ""
28205
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
28206
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
28207
msgstr ""
28208
28209
#: serverguide/C/dm-multipath.xml:202(para)
28210
msgid ""
28211
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
28212
"configuration file to modify default values and save the updated file."
28213
msgstr ""
28214
28215
#: serverguide/C/dm-multipath.xml:208(para)
28216
msgid "Start the multipath daemon"
28217
msgstr ""
28218
28219
#: serverguide/C/dm-multipath.xml:212(para)
28220
msgid "Update initial ramdisk"
28221
msgstr ""
28222
28223
#: serverguide/C/dm-multipath.xml:185(para)
28224
msgid ""
28225
"DM-Multipath includes compiled-in default settings that are suitable for "
28226
"common multipath configurations. Setting up DM-multipath is often a simple "
28227
"procedure. The basic procedure for configuring your system with DM-Multipath "
28228
"is as follows: <placeholder-1/> For detailed setup instructions for "
28229
"multipath configuration see Section, <link linkend=\"multipath-setup-"
28230
"overview\">Setting Up DM-Multipath</link>."
28231
msgstr ""
28232
28233
#: serverguide/C/dm-multipath.xml:222(title)
28234
msgid "Multipath Devices"
28235
msgstr ""
28236
28237
#: serverguide/C/dm-multipath.xml:224(para)
28238
msgid ""
28239
"Without DM-Multipath, each path from a server node to a storage controller "
28240
"is treated by the system as a separate device, even when the I/O path "
28241
"connects the same server node to the same storage controller. DM-Multipath "
28242
"provides a way of organizing the I/O paths logically, by creating a single "
28243
"multipath device on top of the underlying devices."
28244
msgstr ""
28245
28246
#: serverguide/C/dm-multipath.xml:232(title)
28247
msgid "Multipath Device Identifiers"
28248
msgstr ""
28249
28250
#: serverguide/C/dm-multipath.xml:260(para)
28251
msgid ""
28252
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
28253
"early in the boot process. Use these devices to access the multipathed "
28254
"devices, for example when creating logical volumes."
28255
msgstr ""
28256
28257
#: serverguide/C/dm-multipath.xml:267(para)
28258
msgid ""
28259
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
28260
"internal use only and should never be used."
28261
msgstr ""
28262
28263
#: serverguide/C/dm-multipath.xml:234(para)
28264
msgid ""
28265
"Each multipath device has a World Wide Identifier (WWID), which is "
28266
"guaranteed to be globally unique and unchanging. By default, the name of a "
28267
"multipath device is set to its WWID. Alternately, you can set the <emphasis "
28268
"role=\"bold\"><link linkend=\"attribute-"
28269
"user_friendly_names\">user_friendly_names</link></emphasis>option in the "
28270
"multipath configuration file, which causes DM-Multipath to use a node-unique "
28271
"alias of the form <emphasis role=\"bold\">mpathn</emphasis> as the name. For "
28272
"example, a node with two HBAs attached to a storage controller with two "
28273
"ports via a single unzoned FC switch sees four devices: <emphasis "
28274
"role=\"bold\">/dev/sda</emphasis>, <emphasis "
28275
"role=\"bold\">/dev/sdb</emphasis>, <emphasis "
28276
"role=\"bold\">/dev/sdc</emphasis>, and <emphasis "
28277
"role=\"bold\">/dev/sdd</emphasis>. DM-Multipath creates a single device with "
28278
"a unique WWID that reroutes I/O to those four underlying devices according "
28279
"to the multipath configuration. When the <emphasis role=\"bold\"><link "
28280
"linkend=\"attribute-"
28281
"user_friendly_names\">user_friendly_names</link></emphasis> configuration "
28282
"option is set to <emphasis role=\"bold\">yes</emphasis>, the name of the "
28283
"multipath device is set to <emphasis role=\"bold\">mpathn</emphasis>. When "
28284
"new devices are brought under the control of DM-Multipath, the new devices "
28285
"may be seen in two different places under the <emphasis "
28286
"role=\"bold\">/dev</emphasis> directory: <emphasis "
28287
"role=\"bold\">/dev/mapper/mpathn</emphasis> and <emphasis "
28288
"role=\"bold\">/dev/dm-n</emphasis>. <placeholder-1/>For information on the "
28289
"multipath configuration defaults, including the <emphasis "
28290
"role=\"bold\"><link linkend=\"attribute-"
28291
"user_friendly_names\">user_friendly_names</link></emphasis> configuration "
28292
"option, see Section , <link linkend=\"multipath-config-"
28293
"defaults\">“Configuration File Defaults”</link>. You can also set the name "
28294
"of a multipath device to a name of your choosing by using the <emphasis "
28295
"role=\"bold\"><link linkend=\"attribute-alias\">alias</link></emphasis> "
28296
"option in the <emphasis role=\"bold\">multipaths</emphasis> section of the "
28297
"multipath configuration file. For information on the <emphasis "
28298
"role=\"bold\">multipaths</emphasis> section of the multipath configuration "
28299
"file, see Section, <link linkend=\"multipath-config-multipath\">“Multipaths "
28300
"Device Configuration Attributes”</link>."
28301
msgstr ""
28302
28303
#: serverguide/C/dm-multipath.xml:288(title)
28304
msgid "Consistent Multipath Device Names in a Cluster"
28305
msgstr ""
28306
28307
#: serverguide/C/dm-multipath.xml:290(para)
28308
msgid ""
28309
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
28310
"configuration option is set to yes, the name of the multipath device is "
28311
"unique to a node, but it is not guaranteed to be the same on all nodes using "
28312
"the multipath device. Similarly, if you set the <emphasis "
28313
"role=\"bold\">alias</emphasis> option for a device in the <emphasis "
28314
"role=\"bold\">multipaths</emphasis> section of the "
28315
"<filename>multipath.conf</filename> configuration file, the name is not "
28316
"automatically consistent across all nodes in the cluster. This should not "
28317
"cause any difficulties if you use LVM to create logical devices from the "
28318
"multipath device, but if you require that your multipath device names be "
28319
"consistent in every node it is recommended that you leave the <emphasis "
28320
"role=\"bold\">user_friendly_names</emphasis> option set to <emphasis "
28321
"role=\"bold\">no</emphasis> and that you not configure aliases for the "
28322
"devices. By default, if you do not set <emphasis "
28323
"role=\"bold\">user_friendly_names</emphasis> to yes or configure an alias "
28324
"for a device, a device name will be the WWID for the device, which is always "
28325
"the same. If you want the system-defined user-friendly names to be "
28326
"consistent across all nodes in the cluster, however, you can follow this "
28327
"procedure:"
28328
msgstr ""
28329
28330
#: serverguide/C/dm-multipath.xml:312(para)
28331
msgid "Set up all of the multipath devices on one machine."
28332
msgstr ""
28333
28334
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
28335
msgid ""
28336
"Disable all of your multipath devices on your other machines by running the "
28337
"following commands:"
28338
msgstr ""
28339
28340
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
28341
#, no-wrap
28342
msgid ""
28343
"# service multipath-tools stop\n"
28344
"# multipath -F\n"
28345
msgstr ""
28346
28347
#: serverguide/C/dm-multipath.xml:325(para)
28348
msgid ""
28349
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
28350
"machine to all the other machines in the cluster."
28351
msgstr ""
28352
28353
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
28354
msgid ""
28355
"Re-enable the multipathd daemon on all the other machines in the cluster by "
28356
"running the following command:"
28357
msgstr ""
28358
28359
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
28360
#, no-wrap
28361
msgid "# service multipath-tools start"
28362
msgstr ""
28363
28364
#: serverguide/C/dm-multipath.xml:338(para)
28365
msgid "If you add a new device, you will need to repeat this process."
28366
msgstr ""
28367
28368
#: serverguide/C/dm-multipath.xml:341(para)
28369
msgid ""
28370
"Similarly, if you configure an alias for a device that you would like to be "
28371
"consistent across the nodes in the cluster, you should ensure that the "
28372
"<filename>/etc/multipath.conf</filename> file is the same for each node in "
28373
"the cluster by following the same procedure:"
28374
msgstr ""
28375
28376
#: serverguide/C/dm-multipath.xml:348(para)
28377
msgid ""
28378
"Configure the aliases for the multipath devices in the in the "
28379
"<filename>multipath.conf</filename> file on one machine."
28380
msgstr ""
28381
28382
#: serverguide/C/dm-multipath.xml:362(para)
28383
msgid ""
28384
"Copy the <filename>multipath.conf</filename> file from the first machine to "
28385
"all the other machines in the cluster."
28386
msgstr ""
28387
28388
#: serverguide/C/dm-multipath.xml:374(para)
28389
msgid "When you add a new device you will need to repeat this process."
28390
msgstr ""
28391
28392
#: serverguide/C/dm-multipath.xml:379(title)
28393
msgid "Multipath Device attributes"
28394
msgstr ""
28395
28396
#: serverguide/C/dm-multipath.xml:381(para)
28397
msgid ""
28398
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
28399
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
28400
"numerous attributes. You can modify these attributes for a specific "
28401
"multipath device by creating an entry for that device in the <emphasis "
28402
"role=\"bold\">multipaths</emphasis> section of the <emphasis "
28403
"role=\"bold\">multipath</emphasis> configuration file. For information on "
28404
"the <emphasis role=\"bold\">multipaths</emphasis> section of the multipath "
28405
"configuration file, see Section, \"<link endterm=\"config-multipath-title\" "
28406
"linkend=\"multipath-config-multipath\"/>\"."
28407
msgstr ""
28408
28409
#: serverguide/C/dm-multipath.xml:394(title)
28410
msgid "Multipath Devices in Logical Volumes"
28411
msgstr ""
28412
28413
#: serverguide/C/dm-multipath.xml:396(para)
28414
msgid ""
28415
"After creating multipath devices, you can use the multipath device names "
28416
"just as you would use a physical device name when creating an LVM physical "
28417
"volume. For example, if /dev/mapper/mpatha is the name of a multipath "
28418
"device, the following command will mark /dev/mapper/mpatha as a physical "
28419
"volume. <screen># pvcreate /dev/mapper/mpatha</screen> You can use the "
28420
"resulting LVM physical device when you create an LVM volume group just as "
28421
"you would use any other LVM physical device."
28422
msgstr ""
28423
28424
#: serverguide/C/dm-multipath.xml:405(para)
28425
msgid ""
28426
"If you attempt to create an LVM physical volume on a whole device on which "
28427
"you have configured partitions, the pvcreate command will fail."
28428
msgstr ""
28429
28430
#: serverguide/C/dm-multipath.xml:425(para)
28431
msgid ""
28432
"Every time either <filename>/etc/lvm.conf</filename> or "
28433
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
28434
"rebuilt to reflect these changes. This is imperative when blacklists and "
28435
"filters are necessary to maintain a stable storage configuration."
28436
msgstr ""
28437
28438
#: serverguide/C/dm-multipath.xml:410(para)
28439
msgid ""
28440
"When you create an LVM logical volume that uses active/passive multipath "
28441
"arrays as the underlying physical devices, you should include filters in the "
28442
"<emphasis role=\"bold\">lvm.conf</emphasis> to exclude the disks that "
28443
"underlie the multipath devices. This is because if the array automatically "
28444
"changes the active path to the passive path when it receives I/O, multipath "
28445
"will failover and failback whenever LVM scans the passive path if these "
28446
"devices are not filtered. For active/passive arrays that require a command "
28447
"to make the passive path active, LVM prints a warning message when this "
28448
"occurs. To filter all SCSI devices in the LVM configuration file (lvm.conf), "
28449
"include the following filter in the devices section of the file. "
28450
"<screen>filter = [ \"r/block/\", \"r/disk/\", \"r/sd.*/\", \"a/.*/\" "
28451
"]</screen>After updating <filename>/etc/lvm.conf</filename>, it's necessary "
28452
"to update the <emphasis role=\"bold\">initrd</emphasis> so that this file "
28453
"will be copied there, where the filter matters the most, during boot. "
28454
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
28455
msgstr ""
28456
28457
#: serverguide/C/dm-multipath.xml:435(title)
28458
msgid "Setting up DM-Multipath Overview"
28459
msgstr ""
28460
28461
#: serverguide/C/dm-multipath.xml:437(para)
28462
msgid ""
28463
"This section provides step-by-step example procedures for configuring DM-"
28464
"Multipath. It includes the following procedures:"
28465
msgstr ""
28466
28467
#: serverguide/C/dm-multipath.xml:442(para)
28468
msgid "Basic DM-Multipath setup"
28469
msgstr ""
28470
28471
#: serverguide/C/dm-multipath.xml:446(para)
28472
msgid "Ignoring local disks"
28473
msgstr ""
28474
28475
#: serverguide/C/dm-multipath.xml:450(para)
28476
msgid "Adding more devices to the configuration file"
28477
msgstr ""
28478
28479
#: serverguide/C/dm-multipath.xml:455(title)
28480
msgid "Setting Up DM-Multipath"
28481
msgstr ""
28482
28483
#: serverguide/C/dm-multipath.xml:457(para)
28484
msgid ""
28485
"Before setting up DM-Multipath on your system, ensure that your system has "
28486
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
28487
"tools</application></emphasis> package. If boot from SAN is desired, then "
28488
"the <emphasis role=\"bold\"><application>multipath-tools-"
28489
"boot</application></emphasis> package is also required."
28490
msgstr ""
28491
28492
#: serverguide/C/dm-multipath.xml:475(para)
28493
msgid ""
28494
"To work around a quirk in multipathd, when an "
28495
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
28496
"will return nothing, as it is the result of a <emphasis>merge</emphasis> "
28497
"between the <filename>/etc/multipath.conf</filename> and the database in "
28498
"memory. To remedy this, either define an empty "
28499
"<filename>/etc/multipath.conf</filename>, by using <emphasis "
28500
"role=\"bold\">touch</emphasis>, or create one that redefines a default value "
28501
"like:<screen>defaults {\n"
28502
" user_friendly_names no\n"
28503
"}\n"
28504
"</screen>and restart multipathd:<screen># service multipath-tools "
28505
"restart</screen>Now the \"show config\" command will return the live "
28506
"database."
28507
msgstr ""
28508
28509
#: serverguide/C/dm-multipath.xml:464(para)
28510
msgid ""
28511
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
28512
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
28513
"an accompanying <filename>/etc/multipath.conf</filename>, it draws from it's "
28514
"internal database to find a suitable configuration, it also draws from it's "
28515
"internal blacklist. If after running <emphasis role=\"bold\">multipath -"
28516
"ll</emphasis> without a config file, no multipaths are discovered. One must "
28517
"proceed to increase the verbosity to discover why a multipath was not "
28518
"created. Consider referencing the SAN vendor's documentation, the multipath "
28519
"example config files found in <filename>/usr/share/doc/multipath-"
28520
"tools/examples</filename>, and the live multipathd database:<screen "
28521
"id=\"multipath-skel-config\"># echo 'show config' | multipathd -k > "
28522
"multipath.conf-live</screen><placeholder-1/>"
28523
msgstr ""
28524
28525
#: serverguide/C/dm-multipath.xml:492(title)
28526
msgid "Installing with Multipath Support"
28527
msgstr ""
28528
28529
#: serverguide/C/dm-multipath.xml:494(para)
28530
msgid ""
28531
"To enable <ulink "
28532
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
28533
"support during installation</ulink> use<screen>install disk-"
28534
"detect/multipath/enable=true</screen>at the installer prompt. If multipath "
28535
"devices are found these will show up as <emphasis "
28536
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
28537
msgstr ""
28538
28539
#: serverguide/C/dm-multipath.xml:503(title)
28540
msgid "Ignoring Local Disks When Generating Multipath Devices"
28541
msgstr ""
28542
28543
#: serverguide/C/dm-multipath.xml:505(para)
28544
msgid ""
28545
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
28546
"is not recommended for these devices. The following procedure shows how to "
28547
"modify the multipath configuration file to ignore the local disks when "
28548
"configuring multipath."
28549
msgstr ""
28550
28551
#: serverguide/C/dm-multipath.xml:512(para)
28552
msgid ""
28553
"Determine which disks are the internal disks and mark them as the ones to "
28554
"blacklist. In this example, <emphasis "
28555
"role=\"bold\"><filename>/dev/sda</filename></emphasis> is the internal disk. "
28556
"Note that as originally configured in the default multipath configuration "
28557
"file, executing the <emphasis role=\"bold\">multipath -v2</emphasis> shows "
28558
"the local disk, <emphasis role=\"bold\">/dev/sda</emphasis>, in the "
28559
"multipath map. For further information on the <emphasis "
28560
"role=\"bold\">multipath</emphasis> command output, see Section <link "
28561
"linkend=\"multipath-command-output\">“Multipath Command Output”</link>."
28562
msgstr ""
28563
28564
#: serverguide/C/dm-multipath.xml:524(screen)
28565
#, no-wrap
28566
msgid ""
28567
"\n"
28568
"# multipath -v2\n"
28569
"create: SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1 undef WINSYS,SF2372\n"
28570
"size=33 GB features=\"0\" hwhandler=\"0\" wp=undef\n"
28571
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28572
" |- 0:0:0:0 sda 8:0 [--------- \n"
28573
"\n"
28574
"device-mapper ioctl cmd 9 failed: Invalid argument\n"
28575
"device-mapper ioctl cmd 14 failed: No such device or address\n"
28576
"create: 3600a0b80001327d80000006d43621677 undef WINSYS,SF2372\n"
28577
"size=12G features='0' hwhandler='0' wp=undef\n"
28578
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28579
" |- 2:0:0:0 sdb 8:16 undef ready running\n"
28580
" `- 3:0:0:0 sdf 8:80 undef ready running\n"
28581
"\n"
28582
"create: 3600a0b80001327510000009a436215ec undef WINSYS,SF2372\n"
28583
"size=12G features='0' hwhandler='0' wp=undef\n"
28584
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28585
" |- 2:0:0:1 sdc 8:32 undef ready running\n"
28586
" `- 3:0:0:1 sdg 8:96 undef ready running\n"
28587
"\n"
28588
"create: 3600a0b80001327d800000070436216b3 undef WINSYS,SF2372\n"
28589
"size=12G features='0' hwhandler='0' wp=undef\n"
28590
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28591
" |- 2:0:0:2 sdd 8:48 undef ready running\n"
28592
" `- 3:0:0:2 sdg 8:112 undef ready running\n"
28593
"\n"
28594
"create: 3600a0b80001327510000009b4362163e undef WINSYS,SF2372\n"
28595
"size=12G features='0' hwhandler='0' wp=undef\n"
28596
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28597
" |- 2:0:0:3 sdd 8:64 undef ready running\n"
28598
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
28599
msgstr ""
28600
28601
#: serverguide/C/dm-multipath.xml:560(para)
28602
msgid ""
28603
"In order to prevent the device mapper from mapping <emphasis "
28604
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
28605
"section of the <filename>/etc/multipath.conf</filename> file to include this "
28606
"device. Although you could blacklist the <emphasis "
28607
"role=\"bold\">sda</emphasis> device using a <emphasis "
28608
"role=\"bold\">devnode</emphasis> type, that would not be safe procedure "
28609
"since <emphasis role=\"bold\">/dev/sda</emphasis> is not guaranteed to be "
28610
"the same on reboot. To blacklist individual devices, you can blacklist using "
28611
"the WWID of that device. Note that in the output to the <emphasis "
28612
"role=\"bold\">multipath -v2</emphasis> command, the WWID of the "
28613
"<filename>/dev/sda</filename> device is SIBM-"
28614
"ESXSST336732LC____F3ET0EP0Q000072428BX1. To blacklist this device, include "
28615
"the following in the <filename>/etc/multipath.conf</filename> file."
28616
msgstr ""
28617
28618
#: serverguide/C/dm-multipath.xml:575(screen)
28619
#, no-wrap
28620
msgid ""
28621
"\n"
28622
"blacklist {\n"
28623
" wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1\n"
28624
"}\n"
28625
msgstr ""
28626
28627
#: serverguide/C/dm-multipath.xml:583(para)
28628
msgid ""
28629
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
28630
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
28631
"daemon to reload the file. The following command reloads the updated "
28632
"<filename>/etc/multipath.conf</filename> file."
28633
msgstr ""
28634
28635
#: serverguide/C/dm-multipath.xml:588(screen)
28636
#, no-wrap
28637
msgid "# service multipath-tools reload"
28638
msgstr ""
28639
28640
#: serverguide/C/dm-multipath.xml:592(para)
28641
msgid "Run the following command to remove the multipath device:"
28642
msgstr ""
28643
28644
#: serverguide/C/dm-multipath.xml:595(screen)
28645
#, no-wrap
28646
msgid ""
28647
"\n"
28648
"# multipath -f SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1\n"
28649
msgstr ""
28650
28651
#: serverguide/C/dm-multipath.xml:601(para)
28652
msgid ""
28653
"To check whether the device removal worked, you can run the "
28654
"<command>multipath -ll</command> command to display the current multipath "
28655
"configuration. For information on the <command>multipath -ll</command> "
28656
"command, see Section <link linkend=\"multipath-queries-and-"
28657
"commands\">“Multipath Queries with multipath Command”</link>. To check that "
28658
"the blacklisted device was not added back, you can run the multipath "
28659
"command, as in the following example. The multipath command defaults to a "
28660
"verbosity level of <emphasis role=\"bold\">v2</emphasis> if you do not "
28661
"specify a <emphasis role=\"bold\">-v</emphasis> option."
28662
msgstr ""
28663
28664
#: serverguide/C/dm-multipath.xml:612(screen)
28665
#, no-wrap
28666
msgid ""
28667
"\n"
28668
"# multipath\n"
28669
"\n"
28670
"create: 3600a0b80001327d80000006d43621677 undef WINSYS,SF2372\n"
28671
"size=12G features='0' hwhandler='0' wp=undef\n"
28672
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28673
" |- 2:0:0:0 sdb 8:16 undef ready running\n"
28674
" `- 3:0:0:0 sdf 8:80 undef ready running\n"
28675
"\n"
28676
"create: 3600a0b80001327510000009a436215ec undef WINSYS,SF2372\n"
28677
"size=12G features='0' hwhandler='0' wp=undef\n"
28678
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28679
" |- 2:0:0:1 sdc 8:32 undef ready running\n"
28680
" `- 3:0:0:1 sdg 8:96 undef ready running\n"
28681
"\n"
28682
"create: 3600a0b80001327d800000070436216b3 undef WINSYS,SF2372\n"
28683
"size=12G features='0' hwhandler='0' wp=undef\n"
28684
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28685
" |- 2:0:0:2 sdd 8:48 undef ready running\n"
28686
" `- 3:0:0:2 sdg 8:112 undef ready running\n"
28687
"\n"
28688
"create: 3600a0b80001327510000009b4362163e undef WINSYS,SF2372\n"
28689
"size=12G features='0' hwhandler='0' wp=undef\n"
28690
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28691
" |- 2:0:0:3 sdd 8:64 undef ready running\n"
28692
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
28693
msgstr ""
28694
28695
#: serverguide/C/dm-multipath.xml:644(title)
28696
msgid "Configuring Storage Devices"
28697
msgstr ""
28698
28699
#: serverguide/C/dm-multipath.xml:646(para)
28700
msgid ""
28701
"By default, DM-Multipath includes support for the most common storage arrays "
28702
"that support DM-Multipath. The default configuration values, including "
28703
"supported devices, can be found in the "
28704
"<filename>multipath.conf.defaults</filename> file."
28705
msgstr ""
28706
28707
#: serverguide/C/dm-multipath.xml:651(para)
28708
msgid ""
28709
"If you need to add a storage device that is not supported by default as a "
28710
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
28711
"file and insert the appropriate device information."
28712
msgstr ""
28713
28714
#: serverguide/C/dm-multipath.xml:655(para)
28715
msgid ""
28716
"For example, to add information about the HP Open-V series the entry looks "
28717
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
28718
msgstr ""
28719
28720
#: serverguide/C/dm-multipath.xml:659(screen)
28721
#, no-wrap
28722
msgid ""
28723
"devices {\n"
28724
" device {\n"
28725
" vendor \"HP\"\n"
28726
" product \"OPEN-V.\"\n"
28727
" getuid_callout \"/lib/udev/scsi_id --whitelisted --"
28728
"device=/dev/%n\"\n"
28729
" }\n"
28730
"}\n"
28731
msgstr ""
28732
28733
#: serverguide/C/dm-multipath.xml:668(para)
28734
msgid ""
28735
"For more information on the devices section of the configuration file, see "
28736
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
28737
"device\"/>."
28738
msgstr ""
28739
28740
#: serverguide/C/dm-multipath.xml:675(title)
28741
msgid "The DM-Multipath Configuration File"
28742
msgstr ""
28743
28744
#: serverguide/C/dm-multipath.xml:677(para)
28745
msgid ""
28746
"By default, DM-Multipath provides configuration values for the most common "
28747
"uses of multipathing. In addition, DM-Multipath includes support for the "
28748
"most common storage arrays that support DM-Multipath. The default "
28749
"configuration values and the supported devices can be found in the "
28750
"<filename>multipath.conf.defaults</filename> file."
28751
msgstr ""
28752
28753
#: serverguide/C/dm-multipath.xml:683(para)
28754
msgid ""
28755
"You can override the default configuration values for DM-Multipath by "
28756
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
28757
"necessary, you can also add a storage array that is not supported by default "
28758
"to the configuration file. This chapter provides information on parsing and "
28759
"modifying the <filename>multipath.conf</filename> file. It contains sections "
28760
"on the following topics: <placeholder-1/>"
28761
msgstr ""
28762
28763
#: serverguide/C/dm-multipath.xml:715(para)
28764
msgid ""
28765
"In the multipath configuration file, you need to specify only the sections "
28766
"that you need for your configuration, or that you wish to change from the "
28767
"default values specified in the <filename>multipath.conf.defaults</filename> "
28768
"file. If there are sections of the file that are not relevant to your "
28769
"environment or for which you do not need to override the default values, you "
28770
"can leave them commented out, as they are in the initial file."
28771
msgstr ""
28772
28773
#: serverguide/C/dm-multipath.xml:723(para)
28774
msgid "The configuration file allows regular expression description syntax."
28775
msgstr ""
28776
28777
#: serverguide/C/dm-multipath.xml:726(para)
28778
msgid ""
28779
"An annotated version of the configuration file can be found in "
28780
"<filename><filename>/usr/share/doc/multipath-"
28781
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
28782
msgstr ""
28783
28784
#: serverguide/C/dm-multipath.xml:730(title)
28785
msgid "Configuration File Overview"
28786
msgstr ""
28787
28788
#: serverguide/C/dm-multipath.xml:732(para)
28789
msgid ""
28790
"The multipath configuration file is divided into the following sections:"
28791
msgstr ""
28792
28793
#: serverguide/C/dm-multipath.xml:737(emphasis)
28794
msgid "blacklist"
28795
msgstr ""
28796
28797
#: serverguide/C/dm-multipath.xml:740(para)
28798
msgid ""
28799
"Listing of specific devices that will not be considered for multipath."
28800
msgstr ""
28801
28802
#: serverguide/C/dm-multipath.xml:746(emphasis)
28803
msgid "blacklist_exceptions"
28804
msgstr ""
28805
28806
#: serverguide/C/dm-multipath.xml:749(para)
28807
msgid ""
28808
"Listing of multipath candidates that would otherwise be blacklisted "
28809
"according to the parameters of the blacklist section."
28810
msgstr ""
28811
28812
#: serverguide/C/dm-multipath.xml:756(emphasis)
28813
msgid "defaults"
28814
msgstr ""
28815
28816
#: serverguide/C/dm-multipath.xml:759(para)
28817
msgid "General default settings for DM-Multipath."
28818
msgstr ""
28819
28820
#: serverguide/C/dm-multipath.xml:767(para)
28821
msgid ""
28822
"Settings for the characteristics of individual multipath devices. These "
28823
"values overwrite what is specified in the <emphasis "
28824
"role=\"bold\">defaults</emphasis> and <emphasis "
28825
"role=\"bold\">devices</emphasis> sections of the configuration file."
28826
msgstr ""
28827
28828
#: serverguide/C/dm-multipath.xml:776(emphasis)
28829
msgid "devices"
28830
msgstr ""
28831
28832
#: serverguide/C/dm-multipath.xml:779(para)
28833
msgid ""
28834
"Settings for the individual storage controllers. These values overwrite what "
28835
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
28836
"the configuration file. If you are using a storage array that is not "
28837
"supported by default, you may need to create a devices subsection for your "
28838
"array."
28839
msgstr ""
28840
28841
#: serverguide/C/dm-multipath.xml:788(para)
28842
msgid ""
28843
"When the system determines the attributes of a multipath device, first it "
28844
"checks the multipath settings, then the per devices settings, then the "
28845
"multipath system defaults."
28846
msgstr ""
28847
28848
#: serverguide/C/dm-multipath.xml:794(title)
28849
msgid "Configuration File Blacklist"
28850
msgstr ""
28851
28852
#: serverguide/C/dm-multipath.xml:796(para)
28853
msgid ""
28854
"The blacklist section of the multipath configuration file specifies the "
28855
"devices that will not be used when the system configures multipath devices. "
28856
"Devices that are blacklisted will not be grouped into a multipath device."
28857
msgstr ""
28858
28859
#: serverguide/C/dm-multipath.xml:803(para)
28860
msgid ""
28861
"If you do need to blacklist devices, you can do so according to the "
28862
"following criteria:"
28863
msgstr ""
28864
28865
#: serverguide/C/dm-multipath.xml:808(para)
28866
msgid ""
28867
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
28868
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
28869
msgstr ""
28870
28871
#: serverguide/C/dm-multipath.xml:814(para)
28872
msgid ""
28873
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
28874
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
28875
msgstr ""
28876
28877
#: serverguide/C/dm-multipath.xml:820(para)
28878
msgid ""
28879
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
28880
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
28881
msgstr ""
28882
28883
#: serverguide/C/dm-multipath.xml:826(para)
28884
msgid ""
28885
"By default, a variety of device types are blacklisted, even after you "
28886
"comment out the initial blacklist section of the configuration file. For "
28887
"information, see <xref endterm=\"config-blacklist-by-device-name-title\" "
28888
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
28889
msgstr ""
28890
28891
#: serverguide/C/dm-multipath.xml:835(title)
28892
msgid "Blacklisting By WWID"
28893
msgstr ""
28894
28895
#: serverguide/C/dm-multipath.xml:838(para)
28896
msgid ""
28897
"You can specify individual devices to blacklist by their World-Wide "
28898
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
28899
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
28900
"file."
28901
msgstr ""
28902
28903
#: serverguide/C/dm-multipath.xml:843(para)
28904
msgid ""
28905
"The following example shows the lines in the configuration file that would "
28906
"blacklist a device with a WWID of 26353900f02796769."
28907
msgstr ""
28908
28909
#: serverguide/C/dm-multipath.xml:846(screen)
28910
#, no-wrap
28911
msgid ""
28912
"\n"
28913
"blacklist {\n"
28914
" wwid 26353900f02796769\n"
28915
"}\n"
28916
msgstr ""
28917
28918
#: serverguide/C/dm-multipath.xml:854(title)
28919
msgid "Blacklisting By Device Name"
28920
msgstr ""
28921
28922
#: serverguide/C/dm-multipath.xml:857(para)
28923
msgid ""
28924
"You can blacklist device types by device name so that they will not be "
28925
"grouped into a multipath device by specifying a <emphasis "
28926
"role=\"bold\">devnode</emphasis> entry in the <emphasis "
28927
"role=\"bold\">blacklist</emphasis> section of the configuration file."
28928
msgstr ""
28929
28930
#: serverguide/C/dm-multipath.xml:863(para)
28931
msgid ""
28932
"The following example shows the lines in the configuration file that would "
28933
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
28934
"blacklist {\n"
28935
" devnode \"^sd[a-z]\"\n"
28936
"}</screen>"
28937
msgstr ""
28938
28939
#: serverguide/C/dm-multipath.xml:870(para)
28940
msgid ""
28941
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
28942
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
28943
"file to specify individual devices to blacklist rather than all devices of a "
28944
"specific type. This is not recommended, however, since unless it is "
28945
"statically mapped by udev rules, there is no guarantee that a specific "
28946
"device will have the same name on reboot. For example, a device name could "
28947
"change from <filename>/dev/sda</filename> to <filename>/dev/sdb</filename> "
28948
"on reboot."
28949
msgstr ""
28950
28951
#: serverguide/C/dm-multipath.xml:880(para)
28952
msgid ""
28953
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
28954
"are compiled in the default blacklist; the devices that these entries "
28955
"blacklist do not generally support DM-Multipath. To enable multipathing on "
28956
"any of these devices, you would need to specify them in the <emphasis "
28957
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
28958
"file, as described in <xref endterm=\"config-blacklist-exceptions-title\" "
28959
"linkend=\"multipath-config-blacklist-exceptions\"/><screen>\n"
28960
"blacklist {\n"
28961
" devnode \"^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*\"\n"
28962
" devnode \"^hd[a-z]\"\n"
28963
"}\n"
28964
"</screen>"
28965
msgstr ""
28966
28967
#: serverguide/C/dm-multipath.xml:897(title)
28968
msgid "Blacklisting By Device Type"
28969
msgstr ""
28970
28971
#: serverguide/C/dm-multipath.xml:900(para)
28972
msgid ""
28973
"You can specify specific device types in the <emphasis "
28974
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
28975
"device section. The following example blacklists all IBM DS4200 and HP "
28976
"devices. <screen>\n"
28977
"blacklist {\n"
28978
" device {\n"
28979
" vendor \"IBM\"\n"
28980
" product \"3S42\" #DS4200 Product 10\n"
28981
" }\n"
28982
" device {\n"
28983
" vendor \"HP\"\n"
28984
" product \"*\"\n"
28985
" }\n"
28986
"}\n"
28987
"</screen>"
28988
msgstr ""
28989
28990
#: serverguide/C/dm-multipath.xml:918(title)
28991
msgid "Blacklist Exceptions"
28992
msgstr ""
28993
28994
#: serverguide/C/dm-multipath.xml:921(para)
28995
msgid ""
28996
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
28997
"section of the configuration file to enable multipathing on devices that "
28998
"have been blacklisted by default."
28999
msgstr ""
29000
29001
#: serverguide/C/dm-multipath.xml:926(para)
29002
msgid ""
29003
"For example, if you have a large number of devices and want to multipath "
29004
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
29005
"instead of individually blacklisting each of the devices except the one you "
29006
"want, you could instead blacklist all of them, and then allow only the one "
29007
"you want by adding the following lines to the "
29008
"<filename>/etc/multipath.conf</filename> file. <screen>\n"
29009
"blacklist {\n"
29010
" wwid \"*\"\n"
29011
"}\n"
29012
"\n"
29013
"blacklist_exceptions {\n"
29014
" wwid \"3600d0230000000000e13955cc3757803\"\n"
29015
"}\n"
29016
"</screen>"
29017
msgstr ""
29018
29019
#: serverguide/C/dm-multipath.xml:941(para)
29020
msgid ""
29021
"When specifying devices in the <emphasis "
29022
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
29023
"file, you must specify the exceptions in the same way they were specified in "
29024
"the <emphasis role=\"bold\">blacklist</emphasis>. For example, a WWID "
29025
"exception will not apply to devices specified by a <emphasis "
29026
"role=\"bold\">devnode</emphasis> blacklist entry, even if the blacklisted "
29027
"device is associated with that WWID. Similarly, devnode exceptions apply "
29028
"only to devnode entries, and device exceptions apply only to device entries."
29029
msgstr ""
29030
29031
#: serverguide/C/dm-multipath.xml:954(title)
29032
msgid "Configuration File Defaults"
29033
msgstr ""
29034
29035
#: serverguide/C/dm-multipath.xml:956(para)
29036
msgid ""
29037
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
29038
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
29039
"role=\"bold\">user_friendly_names</emphasis> parameter to <emphasis "
29040
"role=\"bold\">yes</emphasis>, as follows."
29041
msgstr ""
29042
29043
#: serverguide/C/dm-multipath.xml:961(screen)
29044
#, no-wrap
29045
msgid ""
29046
"\n"
29047
"defaults {\n"
29048
" user_friendly_names yes\n"
29049
"}\n"
29050
msgstr ""
29051
29052
#: serverguide/C/dm-multipath.xml:967(para)
29053
msgid ""
29054
"This overwrites the default value of the <emphasis "
29055
"role=\"bold\">user_friendly_names</emphasis> parameter."
29056
msgstr ""
29057
29058
#: serverguide/C/dm-multipath.xml:970(para)
29059
msgid ""
29060
"The configuration file includes a template of configuration defaults. This "
29061
"section is commented out, as follows."
29062
msgstr ""
29063
29064
#: serverguide/C/dm-multipath.xml:973(screen)
29065
#, no-wrap
29066
msgid ""
29067
"\n"
29068
"#defaults {\n"
29069
"# udev_dir /dev\n"
29070
"# polling_interval 5\n"
29071
"# selector \"round-robin 0\"\n"
29072
"# path_grouping_policy failover\n"
29073
"# getuid_callout \"/lib/dev/scsi_id --whitelisted --"
29074
"device=/dev/%n\"\n"
29075
"#\tprio\t\t\tconst\n"
29076
"#\tpath_checker\t\tdirectio\n"
29077
"#\trr_min_io\t\t1000\n"
29078
"#\trr_weight\t\tuniform\n"
29079
"#\tfailback\t\tmanual\n"
29080
"#\tno_path_retry\t\tfail\n"
29081
"#\tuser_friendly_names\tno\n"
29082
"#}\n"
29083
msgstr ""
29084
29085
#: serverguide/C/dm-multipath.xml:990(para)
29086
msgid ""
29087
"To overwrite the default value for any of the configuration parameters, you "
29088
"can copy the relevant line from this template into the <emphasis "
29089
"role=\"bold\">defaults</emphasis> section and uncomment it. For example, to "
29090
"overwrite the <emphasis role=\"bold\">path_grouping_policy</emphasis> "
29091
"parameter so that it is <emphasis role=\"bold\">multibus</emphasis> rather "
29092
"than the default value of <emphasis role=\"bold\">failover</emphasis>, copy "
29093
"the appropriate line from the template to the initial <emphasis "
29094
"role=\"bold\">defaults</emphasis> section of the configuration file, and "
29095
"uncomment it, as follows."
29096
msgstr ""
29097
29098
#: serverguide/C/dm-multipath.xml:1001(screen)
29099
#, no-wrap
29100
msgid ""
29101
"\n"
29102
"defaults {\n"
29103
" user_friendly_names yes\n"
29104
" path_grouping_policy multibus\n"
29105
"}\n"
29106
msgstr ""
29107
29108
#: serverguide/C/dm-multipath.xml:1008(para)
29109
msgid ""
29110
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
29111
"config-defaults-table\"/> describes the attributes that are set in the "
29112
"<emphasis role=\"bold\">defaults</emphasis> section of the "
29113
"<filename>multipath.conf</filename> configuration file. These values are "
29114
"used by DM-Multipath unless they are overwritten by the attributes specified "
29115
"in the <emphasis role=\"bold\">devices</emphasis> and <emphasis "
29116
"role=\"bold\">multipaths</emphasis> sections of the "
29117
"<filename>multipath.conf</filename> file."
29118
msgstr ""
29119
29120
#: serverguide/C/dm-multipath.xml:1022(title)
29121
msgid "Configuration File Multipath Attributes"
29122
msgstr ""
29123
29124
#: serverguide/C/dm-multipath.xml:1025(para)
29125
msgid ""
29126
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
29127
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
29128
"role=\"bold\">multipaths</emphasis> section of the "
29129
"<filename>multipath.conf</filename> configuration file for each specific "
29130
"multipath device. These attributes apply only to the one specified "
29131
"multipath. These defaults are used by DM-Multipath and override attributes "
29132
"set in the <emphasis role=\"bold\">defaults</emphasis> and <emphasis "
29133
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
29134
msgstr ""
29135
29136
#: serverguide/C/dm-multipath.xml:1038(para)
29137
msgid ""
29138
"In addition, the following parameters may be overridden in this <emphasis "
29139
"role=\"bold\">multipath</emphasis> section"
29140
msgstr ""
29141
29142
#: serverguide/C/dm-multipath.xml:1087(para)
29143
msgid ""
29144
"The following example shows multipath attributes specified in the "
29145
"configuration file for two specific multipath devices. The first device has "
29146
"a WWID of 3600508b4000156d70001200000b0000 and a symbolic name of yellow."
29147
msgstr ""
29148
29149
#: serverguide/C/dm-multipath.xml:1092(para)
29150
msgid ""
29151
"The second multipath device in the example has a WWID of "
29152
"1DEC_____321816758474 and a symbolic name of red. In this example, the <link "
29153
"linkend=\"attribute-rr_weight\" role=\"bold\">rr_weight</link> attributes is "
29154
"set to priorities."
29155
msgstr ""
29156
29157
#: serverguide/C/dm-multipath.xml:1097(screen)
29158
#, no-wrap
29159
msgid ""
29160
"\n"
29161
"multipaths {\n"
29162
" multipath {\n"
29163
" wwid 3600508b4000156d70001200000b0000\n"
29164
" alias yellow\n"
29165
" path_grouping_policy multibus\n"
29166
" path_selector \"round-robin 0\"\n"
29167
" failback manual\n"
29168
" rr_weight priorities\n"
29169
" no_path_retry 5\n"
29170
" }\n"
29171
" multipath {\n"
29172
" wwid 1DEC_____321816758474\n"
29173
" alias red\n"
29174
" rr_weight priorities\n"
29175
" }\n"
29176
"}\n"
29177
msgstr ""
29178
29179
#: serverguide/C/dm-multipath.xml:1118(title)
29180
msgid "Configuration File Devices"
29181
msgstr ""
29182
29183
#: serverguide/C/dm-multipath.xml:1120(para)
29184
msgid ""
29185
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
29186
"device-attributes-table\"/> shows the attributes that you can set for each "
29187
"individual storage device in the devices section of the multipath.conf "
29188
"configuration file. These attributes are used by DM-Multipath unless they "
29189
"are overwritten by the attributes specified in the <emphasis "
29190
"role=\"bold\">multipaths</emphasis> section of the "
29191
"<filename>multipath.conf</filename> file for paths that contain the device. "
29192
"These attributes override the attributes set in the <emphasis "
29193
"role=\"bold\">defaults</emphasis> section of the "
29194
"<filename>multipath.conf</filename> file."
29195
msgstr ""
29196
29197
#: serverguide/C/dm-multipath.xml:1131(para)
29198
msgid ""
29199
"Many devices that support multipathing are included by default in a "
29200
"multipath configuration. The values for the devices that are supported by "
29201
"default are listed in the <filename>multipath.conf.defaults</filename> file. "
29202
"You probably will not need to modify the values for these devices, but if "
29203
"you do you can overwrite the default values by including an entry in the "
29204
"configuration file for the device that overwrites those values. You can copy "
29205
"the device configuration defaults from the "
29206
"<filename>multipath.conf.annotated.gz</filename> or if you wish to have a "
29207
"brief config file, <filename>multipath.conf.synthetic</filename> file for "
29208
"the device and override the values that you want to change."
29209
msgstr ""
29210
29211
#: serverguide/C/dm-multipath.xml:1143(para)
29212
msgid ""
29213
"To add a device to this section of the configuration file that is not "
29214
"configured automatically by default, you must set the <emphasis "
29215
"role=\"bold\">vendor</emphasis> and <emphasis "
29216
"role=\"bold\">product</emphasis> parameters. You can find these values by "
29217
"looking at <emphasis "
29218
"role=\"bold\">/sys/block/device_name/device/vendor</emphasis> and <emphasis "
29219
"role=\"bold\">/sys/block/device_name/device/model</emphasis> where "
29220
"device_name is the device to be multipathed, as in the following example:"
29221
msgstr ""
29222
29223
#: serverguide/C/dm-multipath.xml:1153(screen)
29224
#, no-wrap
29225
msgid ""
29226
"\n"
29227
"# cat /sys/block/sda/device/vendor\n"
29228
"WINSYS \n"
29229
"# cat /sys/block/sda/device/model\n"
29230
"SF2372\n"
29231
msgstr ""
29232
29233
#: serverguide/C/dm-multipath.xml:1160(para)
29234
msgid ""
29235
"The additional parameters to specify depend on your specific device. If the "
29236
"device is active/active, you will usually not need to set additional "
29237
"parameters. You may want to set <link linkend=\"attribute-"
29238
"path_grouping_policy\">path_grouping_policy</link> to <emphasis "
29239
"role=\"bold\">multibus</emphasis>. Other parameters you may need to set are "
29240
"<link linkend=\"attribute-no_path_retry\">no_path_retry</link> and <link "
29241
"linkend=\"attribute-rr_min_io\">rr_min_io</link>, as described in Table "
29242
"<xref endterm=\"attributes-table-title\" linkend=\"multipath-attributes-"
29243
"table\"/>."
29244
msgstr ""
29245
29246
#: serverguide/C/dm-multipath.xml:1170(para)
29247
msgid ""
29248
"If the device is active/passive, but it automatically switches paths with "
29249
"I/O to the passive path, you need to change the checker function to one that "
29250
"does not send I/O to the path to test if it is working (otherwise, your "
29251
"device will keep failing over). This almost always means that you set the "
29252
"<link linkend=\"attribute-path_checker\">path_checker</link> to <emphasis "
29253
"role=\"bold\">tur</emphasis>; this works for all SCSI devices that support "
29254
"the Test Unit Ready command, which most do."
29255
msgstr ""
29256
29257
#: serverguide/C/dm-multipath.xml:1179(para)
29258
msgid ""
29259
"If the device needs a special command to switch paths, then configuring this "
29260
"device for multipath requires a hardware handler kernel module. The current "
29261
"available hardware handler is emc. If this is not sufficient for your "
29262
"device, you may not be able to configure the device for multipath."
29263
msgstr ""
29264
29265
#: serverguide/C/dm-multipath.xml:1188(para)
29266
msgid ""
29267
"In addition, the following parameters may be overridden in this <emphasis "
29268
"role=\"bold\">device</emphasis> section"
29269
msgstr ""
29270
29271
#: serverguide/C/dm-multipath.xml:1263(para)
29272
msgid ""
29273
"Whenever a hardware_handler is specified, it is your responsibility to "
29274
"ensure that the appropriate kernel module is loaded to support the specified "
29275
"interface. These modules can be found in <emphasis "
29276
"role=\"bold\"><filename>/lib/modules/`uname -"
29277
"r`/kernel/drivers/scsi/device_handler/ </filename></emphasis>. The requisite "
29278
"module should be integrated into the initrd to ensure the necessary "
29279
"discovery and failover-failback capacity is available during boot time. "
29280
"Example,<screen># cat scsi_dh_alua >> /etc/initramfs-tools/modules ## "
29281
"append module to file\n"
29282
"# update-initramfs -u -k all</screen>"
29283
msgstr ""
29284
29285
#: serverguide/C/dm-multipath.xml:1274(para)
29286
msgid ""
29287
"The following example shows a device entry in the multipath configuration "
29288
"file."
29289
msgstr ""
29290
29291
#: serverguide/C/dm-multipath.xml:1277(screen)
29292
#, no-wrap
29293
msgid ""
29294
"\n"
29295
"\n"
29296
"#devices {\n"
29297
"#\tdevice {\n"
29298
"#\t\tvendor\t\t\t\"COMPAQ \"\n"
29299
"#\t\tproduct\t\t\t\"MSA1000 \"\n"
29300
"#\t\tpath_grouping_policy\tmultibus\n"
29301
"#\t\tpath_checker\t\ttur\n"
29302
"#\t\trr_weight\t\tpriorities\n"
29303
"#\t}\n"
29304
"#}\n"
29305
msgstr ""
29306
29307
#: serverguide/C/dm-multipath.xml:1290(para)
29308
msgid ""
29309
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
29310
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
29311
"role=\"bold\">revision</emphasis> fields are significant as multipath is "
29312
"performing a direct match against these attributes, whose format is defined "
29313
"by the SCSI specification, specifically the <ulink "
29314
"url=\"http://en.wikipedia.org/wiki/SCSI_Inquiry_Command\">Standard "
29315
"INQUIRY</ulink> command. When quotes are used, the vendor, product, and "
29316
"revision fields will be interpreted strictly according to the spec. Regular "
29317
"expressions may be integrated into the quoted strings. Should a field be "
29318
"defined without the requisite spacing, multipath will copy the string into "
29319
"the properly sized buffer and pad with the appropriate number of spaces. The "
29320
"specification expects the entire field to be populated by printable "
29321
"characters or spaces, as seen in the example above"
29322
msgstr ""
29323
29324
#: serverguide/C/dm-multipath.xml:1307(para)
29325
msgid "vendor: 8 characters"
29326
msgstr ""
29327
29328
#: serverguide/C/dm-multipath.xml:1311(para)
29329
msgid "product: 16 characters"
29330
msgstr ""
29331
29332
#: serverguide/C/dm-multipath.xml:1315(para)
29333
msgid "revision: 4 characters"
29334
msgstr ""
29335
29336
#: serverguide/C/dm-multipath.xml:1319(para)
29337
msgid ""
29338
"To create a more robust configuration file, regular expressions can also be "
29339
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
29340
"Examples of functional regular expressions can be found by examining the "
29341
"live multipath database and <filename>multipath.conf </filename>example "
29342
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
29343
msgstr ""
29344
29345
#: serverguide/C/dm-multipath.xml:1326(screen)
29346
#, no-wrap
29347
msgid "# echo 'show config' | multipathd -k"
29348
msgstr ""
29349
29350
#: serverguide/C/dm-multipath.xml:1331(title)
29351
msgid "DM-Multipath Administration and Troubleshooting"
29352
msgstr ""
29353
29354
#: serverguide/C/dm-multipath.xml:1334(title)
29355
msgid "Resizing an Online Multipath Device"
29356
msgstr ""
29357
29358
#: serverguide/C/dm-multipath.xml:1336(para)
29359
msgid ""
29360
"If you need to resize an online multipath device, use the following procedure"
29361
msgstr ""
29362
29363
#: serverguide/C/dm-multipath.xml:1341(para)
29364
msgid "Resize your physical device. This is storage platform specific."
29365
msgstr ""
29366
29367
#: serverguide/C/dm-multipath.xml:1346(para)
29368
msgid "Use the following command to find the paths to the LUN:"
29369
msgstr ""
29370
29371
#: serverguide/C/dm-multipath.xml:1348(screen)
29372
#, no-wrap
29373
msgid "# multipath -l"
29374
msgstr ""
29375
29376
#: serverguide/C/dm-multipath.xml:1352(para)
29377
msgid ""
29378
"Resize your paths. For SCSI devices, writing 1 to the "
29379
"<filename>rescan</filename> file for the device causes the SCSI driver to "
29380
"rescan, as in the following command:"
29381
msgstr ""
29382
29383
#: serverguide/C/dm-multipath.xml:1356(screen)
29384
#, no-wrap
29385
msgid "# echo 1 > /sys/block/device_name/device/rescan"
29386
msgstr ""
29387
29388
#: serverguide/C/dm-multipath.xml:1360(para)
29389
msgid ""
29390
"Resize your multipath device by running the multipathd resize command:"
29391
msgstr ""
29392
29393
#: serverguide/C/dm-multipath.xml:1363(screen)
29394
#, no-wrap
29395
msgid "# multipathd -k 'resize map mpatha'"
29396
msgstr ""
29397
29398
#: serverguide/C/dm-multipath.xml:1367(para)
29399
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
29400
msgstr ""
29401
29402
#: serverguide/C/dm-multipath.xml:1370(screen)
29403
#, no-wrap
29404
msgid "# resize2fs /dev/mapper/mpatha"
29405
msgstr ""
29406
29407
#: serverguide/C/dm-multipath.xml:1376(title)
29408
msgid ""
29409
"Moving root File Systems from a Single Path Device to a Multipath Device"
29410
msgstr ""
29411
29412
#: serverguide/C/dm-multipath.xml:1379(para)
29413
msgid ""
29414
"This is dramatically simplified by the use of UUIDs to identify devices as "
29415
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
29416
"boot</emphasis> and reboot. This will rebuild the initial ramdisk and afford "
29417
"multipath the opportunity to build it's paths before the root file system is "
29418
"mounted by UUID."
29419
msgstr ""
29420
29421
#: serverguide/C/dm-multipath.xml:1386(para)
29422
msgid ""
29423
"Whenever <filename>multipath.conf</filename> is updated, so should the "
29424
"initrd by executing <command>update-initramfs -u -k all</command>. The "
29425
"reason being is <filename>multipath.conf</filename> is copied to the ramdisk "
29426
"and is integral to determining the available devices for grouping via it's "
29427
"blacklist and device sections."
29428
msgstr ""
29429
29430
#: serverguide/C/dm-multipath.xml:1395(title)
29431
msgid ""
29432
"Moving swap File Systems from a Single Path Device to a Multipath Device"
29433
msgstr ""
29434
29435
#: serverguide/C/dm-multipath.xml:1398(para)
29436
msgid ""
29437
"The procedure is exactly the same as illustrated in the previous section "
29438
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
29439
"device\">Moving root File Systems from a Single Path to a Multipath "
29440
"Device</link>."
29441
msgstr ""
29442
29443
#: serverguide/C/dm-multipath.xml:1406(title)
29444
msgid "The Multipath Daemon"
29445
msgstr ""
29446
29447
#: serverguide/C/dm-multipath.xml:1408(para)
29448
msgid ""
29449
"If you find you have trouble implementing a multipath configuration, you "
29450
"should ensure the multipath daemon is running as described in <link "
29451
"linkend=\"multipath-setting-up-dm-multipath\">\"Setting up DM-"
29452
"Multipath\"</link>. The <command>multipathd</command> daemon must be running "
29453
"in order to use multipathd devices. Also see section <link "
29454
"linkend=\"multipath-interacting-with-multipathd\">Troubleshooting with the "
29455
"multipathd interactive console</link> concerning interacting with "
29456
"<command>multipathd</command> as a debugging aid."
29457
msgstr ""
29458
29459
#: serverguide/C/dm-multipath.xml:1448(title)
29460
msgid "Issues with queue_if_no_path"
29461
msgstr ""
29462
29463
#: serverguide/C/dm-multipath.xml:1450(para)
29464
msgid ""
29465
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
29466
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
29467
"process that uses I/O will hang until one or more paths are restored. To "
29468
"avoid this, set the <emphasis role=\"bold\"><link linkend=\"attribute-"
29469
"no_path_retry\">no_path_retry</link> N</emphasis> parameter in the "
29470
"<filename>/etc/multipath.conf</filename>."
29471
msgstr ""
29472
29473
#: serverguide/C/dm-multipath.xml:1457(para)
29474
msgid ""
29475
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
29476
"remove the <emphasis role=\"bold\">features \"1 "
29477
"queue_if_no_path\"</emphasis> option from the "
29478
"<filename>/etc/multipath.conf</filename> file as well. If, however, you are "
29479
"using a multipathed device for which the <option>features \"1 "
29480
"queue_if_no_path\"</option> option is set as a compiled in default, as it is "
29481
"for many SAN devices, you must add <option>features \"0\"</option> to "
29482
"override this default. You can do this by copying the existing <emphasis "
29483
"role=\"bold\">devices</emphasis> section, and just that section (not the "
29484
"entire file), from <filename>/usr/share/doc/multipath-"
29485
"tools/examples/multipath.conf.annotated.gz</filename> into "
29486
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
29487
msgstr ""
29488
29489
#: serverguide/C/dm-multipath.xml:1471(para)
29490
msgid ""
29491
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
29492
"option and you experience the issue noted here, use the "
29493
"<command>dmsetup</command> command to edit the policy at runtime for a "
29494
"particular LUN (that is, for which all the paths are unavailable). For "
29495
"example, if you want to change the policy on the multipath device "
29496
"<filename>mpathc</filename> from <option>\"queue_if_no_path\"</option> to "
29497
"<option> \"fail_if_no_path\"</option>, execute the following command."
29498
msgstr ""
29499
29500
#: serverguide/C/dm-multipath.xml:1480(screen)
29501
#, no-wrap
29502
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
29503
msgstr ""
29504
29505
#: serverguide/C/dm-multipath.xml:1483(para)
29506
msgid ""
29507
"You must specify the <filename>mpathN</filename> alias rather than the path"
29508
msgstr ""
29509
29510
#: serverguide/C/dm-multipath.xml:1489(title)
29511
msgid "Multipath Command Output"
29512
msgstr ""
29513
29514
#: serverguide/C/dm-multipath.xml:1491(para)
29515
msgid ""
29516
"When you create, modify, or list a multipath device, you get a printout of "
29517
"the current device setup. The format is as follows. For each multipath "
29518
"device:"
29519
msgstr ""
29520
29521
#: serverguide/C/dm-multipath.xml:1495(screen)
29522
#, no-wrap
29523
msgid ""
29524
" action_if_any: alias (wwid_if_different_from_alias) "
29525
"dm_device_name_if_known vendor,product\n"
29526
" size=size features='features' hwhandler='hardware_handler' "
29527
"wp=write_permission_if_known"
29528
msgstr ""
29529
29530
#: serverguide/C/dm-multipath.xml:1498(para)
29531
msgid "For each path group:"
29532
msgstr ""
29533
29534
#: serverguide/C/dm-multipath.xml:1500(screen)
29535
#, no-wrap
29536
msgid ""
29537
" -+- policy='scheduling_policy' prio=prio_if_known\n"
29538
" status=path_group_status_if_known"
29539
msgstr ""
29540
29541
#: serverguide/C/dm-multipath.xml:1503(para)
29542
msgid "For each path:"
29543
msgstr ""
29544
29545
#: serverguide/C/dm-multipath.xml:1505(screen)
29546
#, no-wrap
29547
msgid ""
29548
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
29549
"path_status\n"
29550
" online_status"
29551
msgstr ""
29552
29553
#: serverguide/C/dm-multipath.xml:1508(para)
29554
msgid ""
29555
"For example, the output of a multipath command might appear as follows:"
29556
msgstr ""
29557
29558
#: serverguide/C/dm-multipath.xml:1511(screen)
29559
#, no-wrap
29560
msgid ""
29561
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
29562
" size=269G features='0' hwhandler='0' wp=rw\n"
29563
" |-+- policy='round-robin 0' prio=1 status=active\n"
29564
" | `- 6:0:0:0 sdb 8:16 active ready running\n"
29565
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
29566
" `- 7:0:0:0 sdf 8:80 active ready running"
29567
msgstr ""
29568
29569
#: serverguide/C/dm-multipath.xml:1518(para)
29570
msgid ""
29571
"If the path is up and ready for I/O, the status of the path is <emphasis "
29572
"role=\"bold\">ready</emphasis> or <emphasis "
29573
"role=\"emphasis\">ghost</emphasis>. If the path is down, the status is "
29574
"<emphasis role=\"bold\">faulty</emphasis> or <emphasis "
29575
"role=\"bold\">shaky</emphasis>. The path status is updated periodically by "
29576
"the <command>multipathd</command> daemon based on the polling interval "
29577
"defined in the <filename>/etc/multipath.conf</filename> file."
29578
msgstr ""
29579
29580
#: serverguide/C/dm-multipath.xml:1526(para)
29581
msgid ""
29582
"The dm status is similar to the path status, but from the kernel's point of "
29583
"view. The dm status has two states: <emphasis "
29584
"role=\"bold\">failed</emphasis>, which is analogous to <emphasis "
29585
"role=\"bold\">faulty</emphasis>, and <emphasis "
29586
"role=\"bold\">active</emphasis> which covers all other path states. "
29587
"Occasionally, the path state and the dm state of a device will temporarily "
29588
"not agree."
29589
msgstr ""
29590
29591
#: serverguide/C/dm-multipath.xml:1534(para)
29592
msgid ""
29593
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
29594
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
29595
"role=\"bold\">offline</emphasis>. A status of <emphasis "
29596
"role=\"emphasis\">offline</emphasis> means that the SCSI device has been "
29597
"disabled."
29598
msgstr ""
29599
29600
#: serverguide/C/dm-multipath.xml:1542(para)
29601
msgid ""
29602
"When a multipath device is being created or modified , the path group "
29603
"status, the dm device name, the write permissions, and the dm status are not "
29604
"known. Also, the features are not always correct"
29605
msgstr ""
29606
29607
#: serverguide/C/dm-multipath.xml:1549(title)
29608
msgid "Multipath Queries with multipath Command"
29609
msgstr ""
29610
29611
#: serverguide/C/dm-multipath.xml:1551(para)
29612
msgid ""
29613
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
29614
"role=\"bold\">-ll</emphasis> options of the <emphasis "
29615
"role=\"bold\">multipath</emphasis> command to display the current multipath "
29616
"configuration. The <emphasis role=\"bold\">-l</emphasis> option displays "
29617
"multipath topology gathered from information in sysfs and the device mapper. "
29618
"The <emphasis role=\"bold\">-ll</emphasis> option displays the information "
29619
"the <emphasis role=\"bold\">-l</emphasis> displays in addition to all other "
29620
"available components of the system."
29621
msgstr ""
29622
29623
#: serverguide/C/dm-multipath.xml:1560(para)
29624
msgid ""
29625
"When displaying the multipath configuration, there are three verbosity "
29626
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
29627
"of the multipath command. Specifying <emphasis role=\"bold\">-v0</emphasis> "
29628
"yields no output. Specifying<emphasis role=\"bold\"> -v1</emphasis> outputs "
29629
"the created or updated multipath names only, which you can then feed to "
29630
"other tools such as kpartx. Specifying <emphasis role=\"bold\">-"
29631
"v2</emphasis> prints all detected paths, multipaths, and device maps."
29632
msgstr ""
29633
29634
#: serverguide/C/dm-multipath.xml:1570(para)
29635
msgid ""
29636
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
29637
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
29638
"defining the <link linkend=\"attribute-verbosity\">verbosity "
29639
"attribute</link> in the <emphasis role=\"bold\">defaults</emphasis> section "
29640
"of <filename>multipath.conf</filename>."
29641
msgstr ""
29642
29643
#: serverguide/C/dm-multipath.xml:1577(para)
29644
msgid ""
29645
"The following example shows the output of a <emphasis "
29646
"role=\"bold\">multipath -l</emphasis> command."
29647
msgstr ""
29648
29649
#: serverguide/C/dm-multipath.xml:1580(screen)
29650
#, no-wrap
29651
msgid ""
29652
"# multipath -l\n"
29653
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
29654
" size=269G features='0' hwhandler='0' wp=rw\n"
29655
" |-+- policy='round-robin 0' prio=1 status=active\n"
29656
" | `- 6:0:0:0 sdb 8:16 active ready running\n"
29657
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
29658
" `- 7:0:0:0 sdf 8:80 active ready running"
29659
msgstr ""
29660
29661
#: serverguide/C/dm-multipath.xml:1588(para)
29662
msgid ""
29663
"The following example shows the output of a <emphasis "
29664
"role=\"bold\">multipath -ll</emphasis> command."
29665
msgstr ""
29666
29667
#: serverguide/C/dm-multipath.xml:1591(screen)
29668
#, no-wrap
29669
msgid ""
29670
"# multipath -ll\n"
29671
" 3600d0230000000000e13955cc3757801 dm-10 WINSYS,SF2372\n"
29672
" size=269G features='0' hwhandler='0' wp=rw\n"
29673
" |-+- policy='round-robin 0' prio=1 status=enabled\n"
29674
" | `- 19:0:0:1 sdc 8:32 active ready running\n"
29675
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
29676
" `- 18:0:0:1 sdh 8:112 active ready running\n"
29677
" 3600d0230000000000e13955cc3757803 dm-2 WINSYS,SF2372\n"
29678
" size=125G features='0' hwhandler='0' wp=rw\n"
29679
" `-+- policy='round-robin 0' prio=1 status=active\n"
29680
" |- 19:0:0:3 sde 8:64 active ready running\n"
29681
" `- 18:0:0:3 sdj 8:144 active ready running"
29682
msgstr ""
29683
29684
#: serverguide/C/dm-multipath.xml:1606(title)
29685
msgid "Multipath Command Options"
29686
msgstr ""
29687
29688
#: serverguide/C/dm-multipath.xml:1608(para)
29689
msgid ""
29690
"Table <link linkend=\"useful-multipath-command-options\">\"Useful multipath "
29691
"Command Options\"</link> describes some options of the <emphasis "
29692
"role=\"bold\">multipath</emphasis> command that you find useful"
29693
msgstr ""
29694
29695
#: serverguide/C/dm-multipath.xml:1614(title)
29696
msgid "Useful multipath Command Options"
29697
msgstr ""
29698
29699
#: serverguide/C/dm-multipath.xml:1623(entry)
29700
msgid "Option"
29701
msgstr ""
29702
29703
#: serverguide/C/dm-multipath.xml:1630(emphasis)
29704
msgid "-l"
29705
msgstr ""
29706
29707
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
29708
msgid "sysfs"
29709
msgstr ""
29710
29711
#: serverguide/C/dm-multipath.xml:1631(entry)
29712
msgid ""
29713
"Display the current multipath configuration gathered from <placeholder-1/> "
29714
"and the device mapper."
29715
msgstr ""
29716
29717
#: serverguide/C/dm-multipath.xml:1637(emphasis)
29718
msgid "-ll"
29719
msgstr ""
29720
29721
#: serverguide/C/dm-multipath.xml:1638(entry)
29722
msgid ""
29723
"Display the current multipath configuration gathered from <placeholder-1/>, "
29724
"the device mapper, and all other available components on the system."
29725
msgstr ""
29726
29727
#: serverguide/C/dm-multipath.xml:1644(emphasis)
29728
msgid "-f device"
29729
msgstr ""
29730
29731
#: serverguide/C/dm-multipath.xml:1645(entry)
29732
msgid "Remove the named multipath device."
29733
msgstr ""
29734
29735
#: serverguide/C/dm-multipath.xml:1649(emphasis)
29736
msgid "-F"
29737
msgstr ""
29738
29739
#: serverguide/C/dm-multipath.xml:1650(entry)
29740
msgid "Remove all unused multipath devices."
29741
msgstr ""
29742
29743
#: serverguide/C/dm-multipath.xml:1658(title)
29744
msgid "Determining Device Mapper Entries with dmsetup Command"
29745
msgstr ""
29746
29747
#: serverguide/C/dm-multipath.xml:1660(para)
29748
msgid ""
29749
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
29750
"out which device mapper entries match the <emphasis "
29751
"role=\"bold\">multipathed</emphasis> devices."
29752
msgstr ""
29753
29754
#: serverguide/C/dm-multipath.xml:1664(para)
29755
msgid ""
29756
"The following command displays all the device mapper devices and their major "
29757
"and minor numbers. The minor numbers determine the name of the dm device. "
29758
"For example, a minor number of <emphasis role=\"bold\">3</emphasis> "
29759
"corresponds to the multipathed device <emphasis "
29760
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
29761
msgstr ""
29762
29763
#: serverguide/C/dm-multipath.xml:1670(screen)
29764
#, no-wrap
29765
msgid ""
29766
"\n"
29767
"# dmsetup ls\n"
29768
"mpathd (253, 4)\n"
29769
"mpathep1 (253, 12)\n"
29770
"mpathfp1 (253, 11)\n"
29771
"mpathb (253, 3)\n"
29772
"mpathgp1 (253, 14)\n"
29773
"mpathhp1 (253, 13)\n"
29774
"mpatha (253, 2)\n"
29775
"mpathh (253, 9)\n"
29776
"mpathg (253, 8)\n"
29777
"VolGroup00-LogVol01 (253, 1)\n"
29778
"mpathf (253, 7)\n"
29779
"VolGroup00-LogVol00 (253, 0)\n"
29780
"mpathe (253, 6)\n"
29781
"mpathbp1 (253, 10)\n"
29782
"mpathd (253, 5)\n"
29783
" "
29784
msgstr ""
29785
29786
#: serverguide/C/dm-multipath.xml:1691(title)
29787
msgid "Troubleshooting with the multipathd interactive console"
29788
msgstr ""
29789
29790
#: serverguide/C/dm-multipath.xml:1693(para)
29791
msgid ""
29792
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
29793
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
29794
"daemon. Entering this command brings up an interactive multipath console. "
29795
"After entering this command, you can enter help to get a list of available "
29796
"commands, you can enter a interactive command, or you can enter <emphasis "
29797
"role=\"bold\">CTRL-D</emphasis> to quit."
29798
msgstr ""
29799
29800
#: serverguide/C/dm-multipath.xml:1700(para)
29801
msgid ""
29802
"The multipathd interactive console can be used to troubleshoot problems you "
29803
"may be having with your system. For example, the following command sequence "
29804
"displays the multipath configuration, including the defaults, before exiting "
29805
"the console. See the IBM article <ulink url=\"http://www-"
29806
"01.ibm.com/support/docview.wss?uid=isg3T1011985\">\"Tricks with "
29807
"Multipathd\"</ulink> for more examples."
29808
msgstr ""
29809
29810
#: serverguide/C/dm-multipath.xml:1707(screen)
29811
#, no-wrap
29812
msgid ""
29813
"# multipathd -k\n"
29814
" > > show config\n"
29815
" > > CTRL-D"
29816
msgstr ""
29817
29818
#: serverguide/C/dm-multipath.xml:1711(para)
29819
msgid ""
29820
"The following command sequence ensures that multipath has picked up any "
29821
"changes to the multipath.conf,"
29822
msgstr ""
29823
29824
#: serverguide/C/dm-multipath.xml:1714(screen)
29825
#, no-wrap
29826
msgid ""
29827
"\n"
29828
"# multipathd -k\n"
29829
"> > reconfigure\n"
29830
"> > CTRL-D\n"
29831
msgstr ""
29832
29833
#: serverguide/C/dm-multipath.xml:1720(para)
29834
msgid ""
29835
"Use the following command sequence to ensure that the path checker is "
29836
"working properly."
29837
msgstr ""
29838
29839
#: serverguide/C/dm-multipath.xml:1723(screen)
29840
#, no-wrap
29841
msgid ""
29842
"\n"
29843
"# multipathd -k\n"
29844
"> > show paths\n"
29845
"> > CTRL-D\n"
29846
msgstr ""
29847
29848
#: serverguide/C/dm-multipath.xml:1729(para)
29849
msgid ""
29850
"Commands can also be streamed into multipathd using stdin like so:<screen># "
29851
"echo 'show config' | multipathd -k</screen>"
29852
msgstr ""
29853
22449
29854
#: serverguide/C/databases.xml:13(title)
22450
29855
msgid "Databases"
22451
29856
msgstr ""
22454
29859
msgid "Ubuntu provides two popular database servers. They are:"
22455
29860
msgstr ""
22456
29861
22457
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
29862
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:302(title)
22458
29863
msgid "PostgreSQL"
22459
29864
msgstr ""
22460
29865
22466
29871
22467
29872
#: serverguide/C/databases.xml:32(para)
22468
29873
msgid ""
22469
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22470
"It is intended for mission-critical, heavy-load production systems as well "
22471
"as for embedding into mass-deployed software."
29874
"<application>MySQL</application> is a fast, multi-threaded, multi-user, and "
29875
"robust SQL database server. It is intended for mission-critical, heavy-load "
29876
"production systems as well as for embedding into mass-deployed software."
22472
29877
msgstr ""
22473
29878
22474
#: serverguide/C/databases.xml:41(para)
29879
#: serverguide/C/databases.xml:40(para)
22475
29880
msgid "To install MySQL, run the following command from a terminal prompt:"
22476
29881
msgstr ""
22477
29882
22478
#: serverguide/C/databases.xml:46(command)
22479
msgid "sudo apt-get install mysql-server"
29883
#: serverguide/C/databases.xml:47(para)
29884
msgid ""
29885
"As of Ubuntu 12.04, MySQL 5.5 is installed by default. Whilst this is 100% "
29886
"compatible with MySQL 5.1 should you need to install 5.1 (for example to be "
29887
"a slave to other MySQL 5.1 servers) you can install the mysql-server-5.1 "
29888
"package instead."
22480
29889
msgstr ""
22481
29890
22482
#: serverguide/C/databases.xml:48(para)
29891
#: serverguide/C/databases.xml:53(para)
22483
29892
msgid ""
22484
29893
"During the installation process you will be prompted to enter a password for "
22485
"the <application>MySQL</application> root user."
29894
"the MySQL root user."
22486
29895
msgstr ""
22487
29896
22488
#: serverguide/C/databases.xml:53(para)
29897
#: serverguide/C/databases.xml:57(para)
22489
29898
msgid ""
22490
29899
"Once the installation is complete, the MySQL server should be started "
22491
29900
"automatically. You can run the following command from a terminal prompt to "
22492
29901
"check whether the MySQL server is running:"
22493
29902
msgstr ""
22494
29903
22495
#: serverguide/C/databases.xml:61(command)
29904
#: serverguide/C/databases.xml:64(command)
22496
29905
msgid "sudo netstat -tap | grep mysql"
22497
29906
msgstr ""
22498
29907
22499
#: serverguide/C/databases.xml:70(programlisting)
29908
#: serverguide/C/databases.xml:71(programlisting)
22500
29909
#, no-wrap
22501
29910
msgid ""
22502
29911
"\n"
22503
"tcp 0 0 localhost:mysql *:* LISTEN "
22504
" 2556/mysqld\n"
29912
"tcp 0 0 localhost:mysql *:* LISTEN "
29913
"2556/mysqld\n"
22505
29914
msgstr ""
22506
29915
22507
29916
#: serverguide/C/databases.xml:74(para)
22510
29919
"to start it:"
22511
29920
msgstr ""
22512
29921
22513
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22514
msgid "sudo /etc/init.d/mysql restart"
29922
#: serverguide/C/databases.xml:78(command) serverguide/C/databases.xml:102(command)
29923
msgid "sudo service mysql restart"
22515
29924
msgstr ""
22516
29925
22517
#: serverguide/C/databases.xml:85(para)
29926
#: serverguide/C/databases.xml:83(para)
22518
29927
msgid ""
22519
29928
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22520
29929
"the basic settings -- log file, port number, etc. For example, to configure "
22521
"<application>MySQL</application> to listen for connections from network "
22522
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22523
"server's IP address:"
29930
"MySQL to listen for connections from network hosts, change the "
29931
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
22524
29932
msgstr ""
22525
29933
22526
#: serverguide/C/databases.xml:91(programlisting)
29934
#: serverguide/C/databases.xml:89(programlisting)
22527
29935
#, no-wrap
22528
29936
msgid ""
22529
29937
"\n"
22530
29938
"bind-address = 192.168.0.5\n"
22531
29939
msgstr ""
22532
29940
22533
#: serverguide/C/databases.xml:95(para)
29941
#: serverguide/C/databases.xml:93(para)
22534
29942
msgid "Replace 192.168.0.5 with the appropriate address."
22535
29943
msgstr ""
22536
29944
22537
#: serverguide/C/databases.xml:99(para)
22538
msgid ""
22539
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22540
"<application>mysql</application> daemon will need to be restarted:"
22541
msgstr ""
22542
22543
#: serverguide/C/databases.xml:107(para)
22544
msgid ""
22545
"If you would like to change the "
22546
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22547
"terminal enter:"
22548
msgstr ""
22549
22550
#: serverguide/C/databases.xml:113(command)
22551
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22552
msgstr ""
22553
22554
#: serverguide/C/databases.xml:116(para)
22555
msgid ""
22556
"The <application>mysql</application> daemon will be stopped, and you will be "
22557
"prompted to enter a new password."
22558
msgstr ""
22559
22560
#: serverguide/C/databases.xml:125(para)
29945
#: serverguide/C/databases.xml:97(para)
29946
msgid ""
29947
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
29948
"daemon will need to be restarted:"
29949
msgstr ""
29950
29951
#: serverguide/C/databases.xml:104(para)
29952
msgid ""
29953
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
29954
"a terminal enter:"
29955
msgstr ""
29956
29957
#: serverguide/C/databases.xml:109(command)
29958
msgid "sudo dpkg-reconfigure mysql-server-5.5"
29959
msgstr ""
29960
29961
#: serverguide/C/databases.xml:111(para)
29962
msgid ""
29963
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
29964
"password."
29965
msgstr ""
29966
29967
#: serverguide/C/databases.xml:116(title)
29968
msgid "Database Engines"
29969
msgstr ""
29970
29971
#: serverguide/C/databases.xml:117(para)
29972
msgid ""
29973
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
29974
"perfectly functional and performs well there are things you may wish to "
29975
"consider before you proceed."
29976
msgstr ""
29977
29978
#: serverguide/C/databases.xml:121(para)
29979
msgid ""
29980
"MySQL is designed to allow data to be stored in different ways. These "
29981
"methods are referred to as either database or storage engines. There are two "
29982
"main engines that you'll be interested in: InnoDB and MyISAM. Storage "
29983
"engines are transparent to the end user. MySQL will handle things "
29984
"differently under the surface, but regardless of which storage engine is in "
29985
"use, you will interact with the database in the same way."
29986
msgstr ""
29987
29988
#: serverguide/C/databases.xml:128(para)
29989
msgid "Each engine has its own advantages and disadvantages."
29990
msgstr ""
29991
29992
#: serverguide/C/databases.xml:131(para)
29993
msgid ""
29994
"While it is possible, and may be advantageous to mix and match database "
29995
"engines on a table level, doing so reduces the effectiveness of the "
29996
"performance tuning you can do as you'll be splitting the resources between "
29997
"two engines instead of dedicating them to one."
29998
msgstr ""
29999
30000
#: serverguide/C/databases.xml:138(para)
30001
msgid ""
30002
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
30003
"circumstances and favours a read only workload. Some web applications have "
30004
"been tuned around MyISAM (though that's not to imply that they will slow "
30005
"under InnoDB). MyISAM also supports the FULLTEXT data type, which allows "
30006
"very fast searches of large quantities of text data. However MyISAM is only "
30007
"capable of locking an entire table for writing. This means only one process "
30008
"can update a table at a time. As any application that uses the table scales "
30009
"this may prove to be a hindrance. It also lacks journaling, which makes it "
30010
"harder for data to be recovered after a crash. The following link provides "
30011
"some points for consideration about using <ulink "
30012
"url=\"http://www.mysqlperformanceblog.com/2006/06/17/using-myisam-in-"
30013
"production/\">MyISAM on a production database</ulink>."
30014
msgstr ""
30015
30016
#: serverguide/C/databases.xml:152(para)
30017
msgid ""
30018
"InnoDB is a more modern database engine, designed to be <ulink "
30019
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
30020
"guarantees database transactions are processed reliably. Write locking can "
30021
"occur on a row level basis within a table. That means multiple updates can "
30022
"occur on a single table simultaneously. Data caching is also handled in "
30023
"memory within the database engine, allowing caching on a more efficient row "
30024
"level basis rather than file block. To meet ACID compliance all transactions "
30025
"are journaled independently of the main tables. This allows for much more "
30026
"reliable data recovery as data consistency can be checked."
30027
msgstr ""
30028
30029
#: serverguide/C/databases.xml:165(para)
30030
msgid ""
30031
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
30032
"MyISAM unless you have specific need for features unique to the engine."
30033
msgstr ""
30034
30035
#: serverguide/C/databases.xml:170(title)
30036
msgid "Advanced configuration"
30037
msgstr ""
30038
30039
#: serverguide/C/databases.xml:172(title)
30040
msgid "Creating a tuned my.cnf file"
30041
msgstr ""
30042
30043
#: serverguide/C/databases.xml:173(para)
30044
msgid ""
30045
"There are a number of parameters that can be adjusted within MySQL's "
30046
"configuration file that will allow you to improve the performance of the "
30047
"server over time. For initial set-up you may find <ulink "
30048
"url=\"http://tools.percona.com/members/wizard\">Percona's my.cnf generating "
30049
"tool</ulink> useful. This tool will help generate a my.cnf file that will be "
30050
"much more optimised for your specific server capabilities and your "
30051
"requirements."
30052
msgstr ""
30053
30054
#: serverguide/C/databases.xml:178(para)
30055
msgid ""
30056
"<emphasis>Do not</emphasis> replace your existing my.cnf file with Percona's "
30057
"one if you have already loaded data into the database. Some of the changes "
30058
"that will be in the file will be incompatible as they alter how data is "
30059
"stored on the hard disk and you'll be unable to start MySQL. If you do wish "
30060
"to use it and you have existing data, you will need to carry out a mysqldump "
30061
"and reload: <screen>\n"
30062
"mysqldump --all-databases --all-routines -u root -p > ~/fulldump.sql\n"
30063
"</screen> This will then prompt you for the root password before creating a "
30064
"copy of the data. It is advisable to make sure there are no other users or "
30065
"processes using the database whilst this takes place. Depending on how much "
30066
"data you've got in your database, this may take a while. You won't see "
30067
"anything on the screen during this process."
30068
msgstr ""
30069
30070
#: serverguide/C/databases.xml:189(para)
30071
msgid ""
30072
"Once the dump has been completed, shut down MySQL: <screen>\n"
30073
"<command>sudo service mysql stop</command>\n"
30074
"</screen> Now backup the original my.cnf file and replace with the new one: "
30075
"<screen>\n"
30076
"<command>sudo cp /etc/my.cnf /etc/my.cnf.backup</command>\n"
30077
"<command>sudo cp /path/to/new/my.cnf /etc/my.cnf</command>\n"
30078
"</screen> Then delete and re-initialise the database space and make sure "
30079
"ownership is correct before restarting MySQL: <screen>\n"
30080
"<command>sudo rm -rf /var/lib/mysql/*</command>\n"
30081
"<command>sudo mysql_install_db</command>\n"
30082
"<command>sudo chown -R mysql: /var/lib/mysql</command>\n"
30083
"<command>sudo service start mysql</command>\n"
30084
"</screen> Finally all that's left is to re-import your data. To give us an "
30085
"idea of how far the import process has got you may find the 'Pipe Viewer' "
30086
"utility, pv, useful. The following shows how to install and use pv for this "
30087
"case, but if you'd rather not use it just replace pv with cat in the "
30088
"following command. Ignore any ETA times produced by pv, they're based on the "
30089
"average time taken to handle each row of the file, but the speed of "
30090
"inserting can vary wildly from row to row with mysqldumps: <screen>\n"
30091
"<command>sudo apt-get install pv</command>\n"
30092
"<command>pv ~/fulldump.sql | mysql</command>\n"
30093
"</screen> Once that is complete all is good to go!"
30094
msgstr ""
30095
30096
#: serverguide/C/databases.xml:215(para)
30097
msgid ""
30098
"This is not necessary for all my.cnf changes. Most of the variables you may "
30099
"wish to change to improve performance are adjustable even whilst the server "
30100
"is running. As with anything, make sure to have a good backup copy of config "
30101
"files and data before making changes."
30102
msgstr ""
30103
30104
#: serverguide/C/databases.xml:224(title)
30105
msgid "MySQL Tuner"
30106
msgstr ""
30107
30108
#: serverguide/C/databases.xml:225(para)
30109
msgid ""
30110
"<application>MySQL Tuner</application> is a useful tool that will connect to "
30111
"a running MySQL instance and offer suggestions for how it can be best "
30112
"configured for your workload. The longer the server has been running for, "
30113
"the better the advice mysqltuner can provide. In a production environment, "
30114
"consider waiting for at least 24 hours before running the tool. You can get "
30115
"install mysqltuner from the Ubuntu repositories: <screen>\n"
30116
"<command>sudo apt-get install mysqltuner</command>\n"
30117
"</screen> Then once its been installed, run it: <screen>\n"
30118
"<command>mysqltuner</command>\n"
30119
"</screen> and wait for its final report. The top section provides general "
30120
"information about the database server, and the bottom section provides "
30121
"tuning suggestions to alter in your my.cnf. Most of these can be altered "
30122
"live on the server without restarting, look through the official MySQL "
30123
"documentation (link in Resources section) for the relevant variables to "
30124
"change in production. The following is part of an example report from a "
30125
"production database which shows there may be some benefit from increasing "
30126
"the amount of query cache: <screen>\n"
30127
"-------- Recommendations ----------------------------------------------------"
30128
"-\n"
30129
"General recommendations:\n"
30130
" Run OPTIMIZE TABLE to defragment tables for better performance\n"
30131
" Increase table_cache gradually to avoid file descriptor limits\n"
30132
"Variables to adjust:\n"
30133
" key_buffer_size (> 1.4G)\n"
30134
" query_cache_size (> 32M)\n"
30135
" table_cache (> 64)\n"
30136
" innodb_buffer_pool_size (>= 22G)\n"
30137
"</screen>"
30138
msgstr ""
30139
30140
#: serverguide/C/databases.xml:259(para)
30141
msgid ""
30142
"One final comment on tuning databases: Whilst we can broadly say that "
30143
"certain settings are the best, performance can vary from application to "
30144
"application. For example, what works best for Wordpress might not be the "
30145
"best for Drupal, Joomla or proprietary applications. Performance is "
30146
"dependent on the types of queries, use of indexes, how efficient the "
30147
"database design is and so on. You may find it useful to spend some time "
30148
"searching for database tuning tips based on what applications you're using "
30149
"it for. Once you get past a certain point any adjustments you make will only "
30150
"result in minor improvements, and you'll be better off either improving the "
30151
"application, or looking at scaling up your database environment through "
30152
"either using more powerful hardware or by adding slave servers."
30153
msgstr ""
30154
30155
#: serverguide/C/databases.xml:276(para)
22561
30156
msgid ""
22562
30157
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22563
30158
"more information."
22564
30159
msgstr ""
22565
30160
22566
#: serverguide/C/databases.xml:130(para)
22567
msgid ""
22568
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22569
"<application>mysql-doc-5.0</application> package. To install the package "
22570
"enter the following in a terminal:"
22571
msgstr ""
22572
22573
#: serverguide/C/databases.xml:135(command)
22574
msgid "sudo apt-get install mysql-doc-5.0"
22575
msgstr ""
22576
22577
#: serverguide/C/databases.xml:137(para)
22578
msgid ""
22579
"The documentation is in HTML format, to view them enter "
22580
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22581
"chapter/index.html</command> in your browser's address bar."
22582
msgstr ""
22583
22584
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
30161
#: serverguide/C/databases.xml:281(para)
30162
msgid ""
30163
"Full documentation is available in both online and offline formats from the "
30164
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
30165
msgstr ""
30166
30167
#: serverguide/C/databases.xml:287(para)
22585
30168
msgid ""
22586
30169
"For general SQL information see <ulink "
22587
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22588
"Special Edition</ulink> by Rafe Colburn."
30170
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
30171
"SQL Special Edition</ulink> by Rafe Colburn."
22589
30172
msgstr ""
22590
30173
22591
#: serverguide/C/databases.xml:149(para)
30174
#: serverguide/C/databases.xml:293(para)
22592
30175
msgid ""
22593
30176
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22594
30177
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22595
30178
msgstr ""
22596
30179
22597
#: serverguide/C/databases.xml:158(para)
30180
#: serverguide/C/databases.xml:303(para)
22598
30181
msgid ""
22599
30182
"PostgreSQL is an object-relational database system that has the features of "
22600
30183
"traditional commercial database systems with enhancements to be found in "
22601
30184
"next-generation DBMS systems."
22602
30185
msgstr ""
22603
30186
22604
#: serverguide/C/databases.xml:165(para)
30187
#: serverguide/C/databases.xml:310(para)
22605
30188
msgid ""
22606
30189
"To install PostgreSQL, run the following command in the command prompt:"
22607
30190
msgstr ""
22608
30191
22609
#: serverguide/C/databases.xml:172(command)
30192
#: serverguide/C/databases.xml:316(command)
22610
30193
msgid "sudo apt-get install postgresql"
22611
30194
msgstr ""
22612
30195
22613
#: serverguide/C/databases.xml:176(para)
30196
#: serverguide/C/databases.xml:319(para)
22614
30197
msgid ""
22615
30198
"Once the installation is complete, you should configure the PostgreSQL "
22616
30199
"server based on your needs, although the default configuration is viable."
22617
30200
msgstr ""
22618
30201
22619
#: serverguide/C/databases.xml:184(para)
30202
#: serverguide/C/databases.xml:326(para)
22620
30203
msgid ""
22621
30204
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22622
"client authentication methods. By default, IDENT authentication method is "
22623
"used for <application>postgres</application> and local users. Please refer "
22624
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22625
"PostgreSQL Administrator's Guide</ulink>."
30205
"client authentication methods. IDENT authentication method is used for "
30206
"<application>postgres</application> and local users, unless otherwise "
30207
"configured. Please refer <ulink "
30208
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
30209
"Administrator's Guide if you would like to configure alternatives like "
30210
"Kerberos</ulink>."
22626
30211
msgstr ""
22627
30212
22628
#: serverguide/C/databases.xml:191(para)
30213
#: serverguide/C/databases.xml:332(para)
22629
30214
msgid ""
22630
30215
"The following discussion assumes that you wish to enable TCP/IP connections "
22631
30216
"and use the MD5 method for client authentication. PostgreSQL configuration "
22635
30220
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22636
30221
msgstr ""
22637
30222
22638
#: serverguide/C/databases.xml:201(para)
30223
#: serverguide/C/databases.xml:341(para)
22639
30224
msgid ""
22640
30225
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22641
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
30226
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file. There are "
30227
"detailed comments in the file to guide you."
22642
30228
msgstr ""
22643
30229
22644
#: serverguide/C/databases.xml:208(para)
30230
#: serverguide/C/databases.xml:347(para)
22645
30231
msgid ""
22646
30232
"To enable TCP/IP connections, edit the file "
22647
30233
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22648
30234
msgstr ""
22649
30235
22650
#: serverguide/C/databases.xml:210(para)
30236
#: serverguide/C/databases.xml:348(para)
22651
30237
msgid ""
22652
30238
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22653
30239
"change it to:"
22654
30240
msgstr ""
22655
30241
22656
#: serverguide/C/databases.xml:213(programlisting)
30242
#: serverguide/C/databases.xml:351(programlisting)
22657
30243
#, no-wrap
22658
30244
msgid ""
22659
30245
"\n"
22660
30246
"listen_addresses = 'localhost'\n"
22661
30247
msgstr ""
22662
30248
22663
#: serverguide/C/databases.xml:217(para)
30249
#: serverguide/C/databases.xml:355(para)
22664
30250
msgid ""
22665
30251
"To allow other computers to connect to your "
22666
30252
"<application>PostgreSQL</application> server replace 'localhost' with the "
22667
"<emphasis>IP Address</emphasis> of your server."
30253
"<emphasis>IP Address</emphasis> of your server, or alternatively to "
30254
"'0.0.0.0' to bind to all interfaces."
22668
30255
msgstr ""
22669
30256
22670
#: serverguide/C/databases.xml:222(para)
30257
#: serverguide/C/databases.xml:360(para)
22671
30258
msgid ""
22672
30259
"You may also edit all other parameters, if you know what you are doing! For "
22673
30260
"details, refer to the configuration file or to the PostgreSQL documentation."
22674
30261
msgstr ""
22675
30262
22676
#: serverguide/C/databases.xml:227(para)
30263
#: serverguide/C/databases.xml:365(para)
22677
30264
msgid ""
22678
30265
"Now that we can connect to our <application>PostgreSQL</application> server, "
22679
30266
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22681
30268
"default PostgreSQL template database:"
22682
30269
msgstr ""
22683
30270
22684
#: serverguide/C/databases.xml:234(command)
30271
#: serverguide/C/databases.xml:372(command)
22685
30272
msgid "sudo -u postgres psql template1"
22686
30273
msgstr ""
22687
30274
22688
#: serverguide/C/databases.xml:236(para)
30275
#: serverguide/C/databases.xml:374(para)
22689
30276
msgid ""
22690
30277
"The above command connects to PostgreSQL database "
22691
30278
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22695
30282
"role=\"italics\">postgres</emphasis>."
22696
30283
msgstr ""
22697
30284
22698
#: serverguide/C/databases.xml:244(command)
30285
#: serverguide/C/databases.xml:382(command)
22699
30286
msgid "ALTER USER postgres with encrypted password 'your_password';"
22700
30287
msgstr ""
22701
30288
22702
#: serverguide/C/databases.xml:246(para)
30289
#: serverguide/C/databases.xml:384(para)
22703
30290
msgid ""
22704
30291
"After configuring the password, edit the file "
22705
30292
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22707
30294
"<emphasis>postgres</emphasis> user:"
22708
30295
msgstr ""
22709
30296
22710
#: serverguide/C/databases.xml:252(programlisting)
30297
#: serverguide/C/databases.xml:390(programlisting)
22711
30298
#, no-wrap
22712
30299
msgid ""
22713
30300
"\n"
22714
30301
"local all postgres md5\n"
22715
30302
msgstr ""
22716
30303
22717
#: serverguide/C/databases.xml:256(para)
30304
#: serverguide/C/databases.xml:394(para)
22718
30305
msgid ""
22719
30306
"Finally, you should restart the <application>PostgreSQL</application> "
22720
30307
"service to initialize the new configuration. From a terminal prompt enter "
22721
30308
"the following to restart <application>PostgreSQL</application>:"
22722
30309
msgstr ""
22723
30310
22724
#: serverguide/C/databases.xml:262(command)
30311
#: serverguide/C/databases.xml:400(command)
22725
30312
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22726
30313
msgstr ""
22727
30314
22728
#: serverguide/C/databases.xml:265(para)
30315
#: serverguide/C/databases.xml:403(para)
22729
30316
msgid ""
22730
30317
"The above configuration is not complete by any means. Please refer <ulink "
22731
30318
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22732
30319
"Administrator's Guide</ulink> to configure more parameters."
22733
30320
msgstr ""
22734
30321
22735
#: serverguide/C/databases.xml:276(para)
30322
#: serverguide/C/databases.xml:414(para)
22736
30323
msgid ""
22737
30324
"As mentioned above the <ulink "
22738
30325
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22741
30328
"in a terminal to install the package:"
22742
30329
msgstr ""
22743
30330
22744
#: serverguide/C/databases.xml:282(command)
30331
#: serverguide/C/databases.xml:420(command)
22745
30332
msgid "sudo apt-get install postgresql-doc-8.4"
22746
30333
msgstr ""
22747
30334
22748
#: serverguide/C/databases.xml:284(para)
30335
#: serverguide/C/databases.xml:422(para)
22749
30336
msgid ""
22750
30337
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22751
30338
"8.4/html/index.html</command> into the address bar of your browser."
22752
30339
msgstr ""
22753
30340
22754
#: serverguide/C/databases.xml:296(para)
30341
#: serverguide/C/databases.xml:428(para)
30342
msgid ""
30343
"For general SQL information see <ulink "
30344
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
30345
"Special Edition</ulink> by Rafe Colburn."
30346
msgstr ""
30347
30348
#: serverguide/C/databases.xml:434(para)
22755
30349
msgid ""
22756
30350
"Also, see the <ulink "
22757
30351
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22872
30466
22873
30467
#: serverguide/C/clustering.xml:120(para)
22874
30468
msgid ""
22875
"Next, on both hosts, start the <application>drbd</application> daemon:"
22876
msgstr ""
22877
22878
#: serverguide/C/clustering.xml:125(command)
22879
msgid "sudo /etc/init.d/drbd start"
22880
msgstr ""
22881
22882
#: serverguide/C/clustering.xml:131(para)
22883
msgid ""
22884
30469
"Now using the <application>drbdadm</application> utility initialize the meta "
22885
30470
"data storage. On each server execute:"
22886
30471
msgstr ""
22887
30472
30473
#: serverguide/C/clustering.xml:126(command)
30474
msgid "sudo drbdadm create-md r0"
30475
msgstr ""
30476
30477
#: serverguide/C/clustering.xml:132(para)
30478
msgid ""
30479
"Next, on both hosts, start the <application>drbd</application> daemon:"
30480
msgstr ""
30481
22888
30482
#: serverguide/C/clustering.xml:137(command)
22889
msgid "sudo drbdadm create-md r0"
30483
msgid "sudo /etc/init.d/drbd start"
22890
30484
msgstr ""
22891
30485
22892
30486
#: serverguide/C/clustering.xml:143(para)
22978
30572
#: serverguide/C/clustering.xml:243(para)
22979
30573
msgid ""
22980
30574
"The <ulink "
22981
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22982
">drbd.conf man page</ulink> contains details on the options not covered in "
30575
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/drbd.conf.5.html\">"
30576
"drbd.conf man page</ulink> contains details on the options not covered in "
22983
30577
"this guide."
22984
30578
msgstr ""
22985
30579
22986
30580
#: serverguide/C/clustering.xml:249(para)
22987
30581
msgid ""
22988
30582
"Also, see the <ulink "
22989
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22990
"rbdadm man page</ulink>."
30583
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/drbdadm.8.html\">dr"
30584
"bdadm man page</ulink>."
22991
30585
msgstr ""
22992
30586
22993
30587
#: serverguide/C/clustering.xml:254(para)
23110
30704
"FAQ</ulink> for more details about the IRC Server."
23111
30705
msgstr ""
23112
30706
23113
#: serverguide/C/chat.xml:124(para)
23114
msgid ""
23115
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23116
"IRCD</ulink> page has more information."
23117
msgstr ""
23118
23119
#: serverguide/C/chat.xml:132(title)
30707
#: serverguide/C/chat.xml:127(title)
23120
30708
msgid "Jabber Instant Messaging Server"
23121
30709
msgstr ""
23122
30710
23123
#: serverguide/C/chat.xml:134(para)
30711
#: serverguide/C/chat.xml:129(para)
23124
30712
msgid ""
23125
30713
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23126
30714
"XMPP, an open standard for instant messaging, and used by many popular "
23129
30717
"to providing messaging services to users over the Internet."
23130
30718
msgstr ""
23131
30719
23132
#: serverguide/C/chat.xml:143(para)
30720
#: serverguide/C/chat.xml:138(para)
23133
30721
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23134
30722
msgstr ""
23135
30723
23136
#: serverguide/C/chat.xml:148(command)
30724
#: serverguide/C/chat.xml:143(command)
23137
30725
msgid "sudo apt-get install jabberd2"
23138
30726
msgstr ""
23139
30727
23140
#: serverguide/C/chat.xml:155(para)
30728
#: serverguide/C/chat.xml:150(para)
23141
30729
msgid ""
23142
30730
"A couple of XML configuration files will be used to configure "
23143
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23144
"authentication. This is a very simple form of authentication. However, "
30731
"<application>jabberd2</application> for <emphasis>Berkeley DB</emphasis> "
30732
"user authentication. This is a very simple form of authentication. However, "
23145
30733
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23146
"Postgresql, etc for for user authentication."
30734
"PostgreSQL, etc for for user authentication."
23147
30735
msgstr ""
23148
30736
23149
#: serverguide/C/chat.xml:162(para)
30737
#: serverguide/C/chat.xml:157(para)
23150
30738
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23151
30739
msgstr ""
23152
30740
23153
#: serverguide/C/chat.xml:166(programlisting)
30741
#: serverguide/C/chat.xml:161(programlisting)
23154
30742
#, no-wrap
23155
30743
msgid ""
23156
30744
"\n"
23157
30745
" <id>jabber.example.com</id>\n"
23158
30746
msgstr ""
23159
30747
23160
#: serverguide/C/chat.xml:171(para)
30748
#: serverguide/C/chat.xml:166(para)
23161
30749
msgid ""
23162
30750
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23163
30751
"id, of your server."
23164
30752
msgstr ""
23165
30753
23166
#: serverguide/C/chat.xml:176(para)
30754
#: serverguide/C/chat.xml:171(para)
23167
30755
msgid "Now in the <storage> section change the <driver> to:"
23168
30756
msgstr ""
23169
30757
23170
#: serverguide/C/chat.xml:180(programlisting)
30758
#: serverguide/C/chat.xml:175(programlisting)
23171
30759
#, no-wrap
23172
30760
msgid ""
23173
30761
"\n"
23174
30762
" <driver>db</driver>\n"
23175
30763
msgstr ""
23176
30764
23177
#: serverguide/C/chat.xml:184(para)
30765
#: serverguide/C/chat.xml:179(para)
23178
30766
msgid ""
23179
30767
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23180
30768
"<emphasis><local></emphasis> section change:"
23181
30769
msgstr ""
23182
30770
23183
#: serverguide/C/chat.xml:188(programlisting)
30771
#: serverguide/C/chat.xml:183(programlisting)
23184
30772
#, no-wrap
23185
30773
msgid ""
23186
30774
"\n"
23187
30775
" <id>jabber.example.com</id>\n"
23188
30776
msgstr ""
23189
30777
23190
#: serverguide/C/chat.xml:192(para)
30778
#: serverguide/C/chat.xml:187(para)
23191
30779
msgid ""
23192
30780
"And in the <authreg> section adjust the <module> section to:"
23193
30781
msgstr ""
23194
30782
23195
#: serverguide/C/chat.xml:196(programlisting)
30783
#: serverguide/C/chat.xml:191(programlisting)
23196
30784
#, no-wrap
23197
30785
msgid ""
23198
30786
"\n"
23199
30787
" <module>db</module>\n"
23200
30788
msgstr ""
23201
30789
23202
#: serverguide/C/chat.xml:200(para)
30790
#: serverguide/C/chat.xml:195(para)
23203
30791
msgid ""
23204
30792
"Finally, restart <application>jabberd2</application> to enable the new "
23205
30793
"settings:"
23206
30794
msgstr ""
23207
30795
23208
#: serverguide/C/chat.xml:205(command)
30796
#: serverguide/C/chat.xml:200(command)
23209
30797
msgid "sudo /etc/init.d/jabberd2 restart"
23210
30798
msgstr ""
23211
30799
23212
#: serverguide/C/chat.xml:208(para)
30800
#: serverguide/C/chat.xml:203(para)
23213
30801
msgid ""
23214
30802
"You should now be able to connect to the server using a Jabber client like "
23215
30803
"<application>Pidgin</application> for example."
23216
30804
msgstr ""
23217
30805
23218
#: serverguide/C/chat.xml:213(para)
30806
#: serverguide/C/chat.xml:208(para)
23219
30807
msgid ""
23220
30808
"The advantage of using Berkeley DB for user data is that after being "
23221
30809
"configured no additional maintenance is required. If you need more control "
23223
30811
"recommended."
23224
30812
msgstr ""
23225
30813
23226
#: serverguide/C/chat.xml:225(para)
30814
#: serverguide/C/chat.xml:220(para)
23227
30815
msgid ""
23228
30816
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23229
30817
"Site</ulink> contains more details on configuring "
23230
30818
"<application>Jabberd2</application>."
23231
30819
msgstr ""
23232
30820
30821
#: serverguide/C/chat.xml:226(para)
30822
msgid ""
30823
"For more authentication options see the <ulink "
30824
"url=\"http://www.jabberdoc.org/\">Jabberd2 Install Guide</ulink>."
30825
msgstr ""
30826
23233
30827
#: serverguide/C/chat.xml:231(para)
23234
30828
msgid ""
23235
"For more authentication options see the <ulink "
23236
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23237
"Guide</ulink>."
23238
msgstr ""
23239
23240
#: serverguide/C/chat.xml:236(para)
23241
msgid ""
23242
30829
"Also, the <ulink "
23243
30830
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23244
30831
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23268
30855
msgid ""
23269
30856
"One of the simplest ways to backup a system is using a <emphasis>shell "
23270
30857
"script</emphasis>. For example, a script can be used to configure which "
23271
"directories to backup, and use those directories as arguments to the "
23272
"<application>tar</application> utility creating an archive file. The archive "
23273
"file can then be moved or copied to another location. The archive can also "
23274
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
30858
"directories to backup, and pass those directories as arguments to the "
30859
"<application>tar</application> utility, which creates an archive file. The "
30860
"archive file can then be moved or copied to another location. The archive "
30861
"can also be created on a remote file system such as an "
30862
"<emphasis>NFS</emphasis> mount."
23275
30863
msgstr ""
23276
30864
23277
30865
#: serverguide/C/backups.xml:29(para)
23278
30866
msgid ""
23279
30867
"The <application>tar</application> utility creates one archive file out of "
23280
30868
"many files or directories. <application>tar</application> can also filter "
23281
"the files through compression utilities reducing the size of the archive "
23282
"file."
30869
"the files through compression utilities, thus reducing the size of the "
30870
"archive file."
23283
30871
msgstr ""
23284
30872
23285
30873
#: serverguide/C/backups.xml:35(title)
23343
30931
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23344
30932
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23345
30933
"day of the week, giving a backup history of seven days. There are other ways "
23346
"to accomplish this including other ways using the "
23347
"<application>date</application> utility."
30934
"to accomplish this including using the <application>date</application> "
30935
"utility."
23348
30936
msgstr ""
23349
30937
23350
30938
#: serverguide/C/backups.xml:90(para)
23364
30952
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23365
30953
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23366
30954
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23367
"details using <emphasis>NFS</emphasis>."
30955
"details of using <emphasis>NFS</emphasis>."
23368
30956
msgstr ""
23369
30957
23370
30958
#: serverguide/C/backups.xml:109(para)
23391
30979
23392
30980
#: serverguide/C/backups.xml:131(para)
23393
30981
msgid ""
23394
"<emphasis>f:</emphasis> use archive file. Otherwise the "
30982
"<emphasis>f:</emphasis> output to an archive file. Otherwise the "
23395
30983
"<application>tar</application> output will be sent to STDOUT."
23396
30984
msgstr ""
23397
30985
23405
30993
23406
30994
#: serverguide/C/backups.xml:145(para)
23407
30995
msgid ""
23408
"This is a simple example of a backup shell script. There are large amount of "
23409
"options that can be included in a backup script. See <xref linkend=\"backup-"
23410
"shellscript-references\"/> for links to resources providing more in depth "
30996
"This is a simple example of a backup shell script; however there are many "
30997
"options that can be included in such a script. See <xref linkend=\"backup-"
30998
"shellscript-references\"/> for links to resources providing more in-depth "
23411
30999
"shell scripting information."
23412
31000
msgstr ""
23413
31001
23463
31051
23464
31052
#: serverguide/C/backups.xml:181(para)
23465
31053
msgid ""
23466
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
31054
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
23467
31055
msgstr ""
23468
31056
23469
31057
#: serverguide/C/backups.xml:186(para)
23470
31058
msgid ""
23471
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
31059
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
23472
31060
msgstr ""
23473
31061
23474
31062
#: serverguide/C/backups.xml:191(para)
23477
31065
23478
31066
#: serverguide/C/backups.xml:196(para)
23479
31067
msgid ""
23480
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
31068
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
31069
"12."
23481
31070
msgstr ""
23482
31071
23483
31072
#: serverguide/C/backups.xml:201(para)
23484
31073
msgid ""
23485
"<emphasis>dow:</emphasis> the day of the week the command executes on "
31074
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
23486
31075
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23487
31076
"valid."
23488
31077
msgstr ""
23540
31129
msgid ""
23541
31130
"The <application>backup.sh</application> script will need to be copied to "
23542
31131
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23543
"to execute properly. The script can reside anywhere on the file system "
31132
"to execute properly. The script can reside anywhere on the file system, "
23544
31133
"simply change the script path appropriately."
23545
31134
msgstr ""
23546
31135
23547
31136
#: serverguide/C/backups.xml:244(para)
23548
31137
msgid ""
23549
"For more in depth <application>crontab</application> options see <xref "
31138
"For more in-depth <application>crontab</application> options see <xref "
23550
31139
"linkend=\"backup-shellscript-references\"/>."
23551
31140
msgstr ""
23552
31141
23562
31151
msgstr ""
23563
31152
23564
31153
#: serverguide/C/backups.xml:257(para)
23565
msgid "To see a listing of the archive contents. From a terminal prompt:"
31154
msgid ""
31155
"To see a listing of the archive contents. From a terminal prompt type:"
23566
31156
msgstr ""
23567
31157
23568
31158
#: serverguide/C/backups.xml:261(command)
23657
31247
msgid ""
23658
31248
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23659
31249
"the <application>coreutils</application> package. A low level utility that "
23660
"can copy data from one format to another"
31250
"can copy data from one format to another."
23661
31251
msgstr ""
23662
31252
23663
31253
#: serverguide/C/backups.xml:347(para)
23664
31254
msgid ""
23665
31255
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23666
"snap shot utility used to create copies of an entire file system."
23667
msgstr ""
23668
23669
#: serverguide/C/backups.xml:358(title)
31256
"snapshot utility used to create copies of an entire file system."
31257
msgstr ""
31258
31259
#: serverguide/C/backups.xml:353(para)
31260
msgid ""
31261
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
31262
"flexible utility used to create incremental copies of files."
31263
msgstr ""
31264
31265
#: serverguide/C/backups.xml:364(title)
23670
31266
msgid "Archive Rotation"
23671
31267
msgstr ""
23672
31268
23673
#: serverguide/C/backups.xml:359(para)
31269
#: serverguide/C/backups.xml:365(para)
23674
31270
msgid ""
23675
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23676
"allows for seven different archives. For a server whose data doesn't change "
23677
"often this may be enough. If the server has a large amount of data a more "
23678
"robust rotation scheme should be used."
31271
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
31272
"seven different archives. For a server whose data doesn't change often, this "
31273
"may be enough. If the server has a large amount of data, a more complex "
31274
"rotation scheme should be used."
23679
31275
msgstr ""
23680
31276
23681
#: serverguide/C/backups.xml:365(title)
31277
#: serverguide/C/backups.xml:371(title)
23682
31278
msgid "Rotating NFS Archives"
23683
31279
msgstr ""
23684
31280
23685
#: serverguide/C/backups.xml:366(para)
31281
#: serverguide/C/backups.xml:372(para)
23686
31282
msgid ""
23687
"In this section the shell script will be slightly modified to implement a "
31283
"In this section, the shell script will be slightly modified to implement a "
23688
31284
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23689
31285
msgstr ""
23690
31286
23691
#: serverguide/C/backups.xml:372(para)
31287
#: serverguide/C/backups.xml:378(para)
23692
31288
msgid ""
23693
31289
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23694
31290
"Friday."
23695
31291
msgstr ""
23696
31292
23697
#: serverguide/C/backups.xml:377(para)
31293
#: serverguide/C/backups.xml:383(para)
23698
31294
msgid ""
23699
31295
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23700
31296
"weekly backups a month."
23701
31297
msgstr ""
23702
31298
23703
#: serverguide/C/backups.xml:382(para)
31299
#: serverguide/C/backups.xml:388(para)
23704
31300
msgid ""
23705
31301
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23706
31302
"rotating two monthly backups based on if the month is odd or even."
23707
31303
msgstr ""
23708
31304
23709
#: serverguide/C/backups.xml:388(para)
31305
#: serverguide/C/backups.xml:394(para)
23710
31306
msgid "Here is the new script:"
23711
31307
msgstr ""
23712
31308
23713
#: serverguide/C/backups.xml:391(programlisting)
31309
#: serverguide/C/backups.xml:397(programlisting)
23714
31310
#, no-wrap
23715
31311
msgid ""
23716
31312
"\n"
23779
31375
"ls -lh $dest/\n"
23780
31376
msgstr ""
23781
31377
23782
#: serverguide/C/backups.xml:456(para)
31378
#: serverguide/C/backups.xml:462(para)
23783
31379
msgid ""
23784
31380
"The script can be executed using the same methods as in <xref "
23785
31381
"linkend=\"backup-executing-shellscript\"/>."
23786
31382
msgstr ""
23787
31383
23788
#: serverguide/C/backups.xml:459(para)
31384
#: serverguide/C/backups.xml:465(para)
23789
31385
msgid ""
23790
"It is good practice to take backup media off site in case of a disaster. In "
31386
"It is good practice to take backup media off-site in case of a disaster. In "
23791
31387
"the shell script example the backup media is another server providing an NFS "
23792
31388
"share. In all likelihood taking the NFS server to another location would not "
23793
31389
"be practical. Depending upon connection speeds it may be an option to copy "
23794
31390
"the archive file over a WAN link to a server in another location."
23795
31391
msgstr ""
23796
31392
23797
#: serverguide/C/backups.xml:465(para)
31393
#: serverguide/C/backups.xml:471(para)
23798
31394
msgid ""
23799
31395
"Another option is to copy the archive file to an external hard drive which "
23800
"can then be taken off site. Since the price of external hard drives continue "
23801
"to decrease it may be cost-effective to use two drives for each archive "
31396
"can then be taken off-site. Since the price of external hard drives continue "
31397
"to decrease, it may be cost-effective to use two drives for each archive "
23802
31398
"level. This would allow you to have one external drive attached to the "
23803
31399
"backup server and one in another location."
23804
31400
msgstr ""
23805
31401
23806
#: serverguide/C/backups.xml:472(title)
31402
#: serverguide/C/backups.xml:478(title)
23807
31403
msgid "Tape Drives"
23808
31404
msgstr ""
23809
31405
23810
#: serverguide/C/backups.xml:473(para)
31406
#: serverguide/C/backups.xml:479(para)
23811
31407
msgid ""
23812
"A tape drive attached to the server can be used instead of a NFS share. "
23813
"Using a tape drive simplifies archive rotation, and taking the media off "
23814
"site as well."
31408
"A tape drive attached to the server can be used instead of an NFS share. "
31409
"Using a tape drive simplifies archive rotation, and makes taking the media "
31410
"off-site easier as well."
23815
31411
msgstr ""
23816
31412
23817
#: serverguide/C/backups.xml:477(para)
31413
#: serverguide/C/backups.xml:483(para)
23818
31414
msgid ""
23819
"When using a tape drive the filename portions of the script aren't needed "
23820
"because the date is sent directly to the tape device. Some commands to "
31415
"When using a tape drive, the filename portions of the script aren't needed "
31416
"because the data is sent directly to the tape device. Some commands to "
23821
31417
"manipulate the tape are needed. This is accomplished using "
23822
31418
"<application>mt</application>, a magnetic tape control utility part of the "
23823
31419
"<application>cpio</application> package."
23824
31420
msgstr ""
23825
31421
23826
#: serverguide/C/backups.xml:482(para)
31422
#: serverguide/C/backups.xml:488(para)
23827
31423
msgid "Here is the shell script modified to use a tape drive:"
23828
31424
msgstr ""
23829
31425
23830
#: serverguide/C/backups.xml:485(programlisting)
31426
#: serverguide/C/backups.xml:491(programlisting)
23831
31427
#, no-wrap
23832
31428
msgid ""
23833
31429
"\n"
23864
31460
"date\n"
23865
31461
msgstr ""
23866
31462
23867
#: serverguide/C/backups.xml:519(para)
31463
#: serverguide/C/backups.xml:525(para)
23868
31464
msgid ""
23869
31465
"The default device name for a SCSI tape drive is "
23870
31466
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23871
31467
"system."
23872
31468
msgstr ""
23873
31469
23874
#: serverguide/C/backups.xml:524(para)
31470
#: serverguide/C/backups.xml:530(para)
23875
31471
msgid ""
23876
31472
"Restoring from a tape drive is basically the same as restoring from a file. "
23877
31473
"Simply rewind the tape and use the device path instead of a file path. For "
23879
31475
"<filename>/tmp/etc/hosts</filename>:"
23880
31476
msgstr ""
23881
31477
23882
#: serverguide/C/backups.xml:529(command)
31478
#: serverguide/C/backups.xml:535(command)
23883
31479
msgid "mt -f /dev/st0 rewind"
23884
31480
msgstr ""
23885
31481
23886
#: serverguide/C/backups.xml:530(command)
31482
#: serverguide/C/backups.xml:536(command)
23887
31483
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23888
31484
msgstr ""
23889
31485
23890
#: serverguide/C/backups.xml:535(title)
31486
#: serverguide/C/backups.xml:541(title)
23891
31487
msgid "Bacula"
23892
31488
msgstr ""
23893
31489
23894
#: serverguide/C/backups.xml:536(para)
31490
#: serverguide/C/backups.xml:542(para)
23895
31491
msgid ""
23896
31492
"<application>Bacula</application> is a backup program enabling you to "
23897
31493
"backup, restore, and verify data across your network. There are Bacula "
23898
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23899
"wide solution."
31494
"clients for Linux, Windows, and Mac OS X - making it a cross-platform "
31495
"network wide solution."
23900
31496
msgstr ""
23901
31497
23902
#: serverguide/C/backups.xml:542(para)
31498
#: serverguide/C/backups.xml:548(para)
23903
31499
msgid ""
23904
31500
"<application>Bacula</application> is made up of several components and "
23905
"services used to manage which files to backup and where to back them up to:"
31501
"services used to manage which files to backup and backup locations:"
23906
31502
msgstr ""
23907
31503
23908
#: serverguide/C/backups.xml:548(para)
31504
#: serverguide/C/backups.xml:553(para)
23909
31505
msgid ""
23910
31506
"<application>Bacula Director:</application> a service that controls all "
23911
31507
"backup, restore, verify, and archive operations."
23912
31508
msgstr ""
23913
31509
23914
#: serverguide/C/backups.xml:553(para)
31510
#: serverguide/C/backups.xml:558(para)
23915
31511
msgid ""
23916
31512
"<application>Bacula Console:</application> an application allowing "
23917
31513
"communication with the Director. There are three versions of the Console:"
23918
31514
msgstr ""
23919
31515
23920
#: serverguide/C/backups.xml:558(para)
31516
#: serverguide/C/backups.xml:563(para)
23921
31517
msgid "Text based command line version."
23922
31518
msgstr ""
23923
31519
23924
#: serverguide/C/backups.xml:559(para)
31520
#: serverguide/C/backups.xml:564(para)
23925
31521
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23926
31522
msgstr ""
23927
31523
23928
#: serverguide/C/backups.xml:560(para)
31524
#: serverguide/C/backups.xml:565(para)
23929
31525
msgid "wxWidgets GUI interface."
23930
31526
msgstr ""
23931
31527
23932
#: serverguide/C/backups.xml:564(para)
31528
#: serverguide/C/backups.xml:569(para)
23933
31529
msgid ""
23934
31530
"<application>Bacula File:</application> also known as the "
23935
31531
"<application>Bacula Client</application> program. This application is "
23937
31533
"requested by the Director."
23938
31534
msgstr ""
23939
31535
23940
#: serverguide/C/backups.xml:570(para)
31536
#: serverguide/C/backups.xml:575(para)
23941
31537
msgid ""
23942
31538
"<application>Bacula Storage:</application> the programs that perform the "
23943
31539
"storage and recovery of data to the physical media."
23944
31540
msgstr ""
23945
31541
23946
#: serverguide/C/backups.xml:575(para)
31542
#: serverguide/C/backups.xml:580(para)
23947
31543
msgid ""
23948
31544
"<application>Bacula Catalog:</application> is responsible for maintaining "
23949
31545
"the file indexes and volume databases for all files backed up, enabling "
23951
31547
"different databases MySQL, PostgreSQL, and SQLite."
23952
31548
msgstr ""
23953
31549
23954
#: serverguide/C/backups.xml:581(para)
31550
#: serverguide/C/backups.xml:586(para)
23955
31551
msgid ""
23956
31552
"<application>Bacula Monitor:</application> allows the monitoring of the "
23957
31553
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23958
31554
"available as a GTK+ GUI application."
23959
31555
msgstr ""
23960
31556
23961
#: serverguide/C/backups.xml:587(para)
31557
#: serverguide/C/backups.xml:592(para)
23962
31558
msgid ""
23963
31559
"These services and applications can be run on multiple servers and clients, "
23964
31560
"or they can be installed on one machine if backing up a single disk or "
23965
31561
"volume."
23966
31562
msgstr ""
23967
31563
23968
#: serverguide/C/backups.xml:594(para)
31564
#: serverguide/C/backups.xml:600(para)
31565
msgid ""
31566
"If using MySQL or PostgreSQL as your database, you should already have the "
31567
"services available. <application>Bacula</application> will not install them "
31568
"for you."
31569
msgstr ""
31570
31571
#: serverguide/C/backups.xml:605(para)
23969
31572
msgid ""
23970
31573
"There are multiple packages containing the different "
23971
31574
"<application>Bacula</application> components. To install Bacula, from a "
23972
31575
"terminal prompt enter:"
23973
31576
msgstr ""
23974
31577
23975
#: serverguide/C/backups.xml:599(command)
31578
#: serverguide/C/backups.xml:610(command)
23976
31579
msgid "sudo apt-get install bacula"
23977
31580
msgstr ""
23978
31581
23979
#: serverguide/C/backups.xml:601(para)
31582
#: serverguide/C/backups.xml:612(para)
23980
31583
msgid ""
23981
31584
"By default installing the <application>bacula</application> package will use "
23982
31585
"a <application>MySQL</application> database for the Catalog. If you want to "
23985
31588
"pgsql</application> respectively."
23986
31589
msgstr ""
23987
31590
23988
#: serverguide/C/backups.xml:607(para)
31591
#: serverguide/C/backups.xml:618(para)
23989
31592
msgid ""
23990
31593
"During the install process you will be asked to supply credentials for the "
23991
31594
"database <emphasis>administrator</emphasis> and the "
23994
31597
"database, see <xref linkend=\"mysql\"/> for more information."
23995
31598
msgstr ""
23996
31599
23997
#: serverguide/C/backups.xml:617(para)
31600
#: serverguide/C/backups.xml:628(para)
23998
31601
msgid ""
23999
31602
"<application>Bacula</application> configuration files are formatted based on "
24000
31603
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24003
31606
"directory."
24004
31607
msgstr ""
24005
31608
24006
#: serverguide/C/backups.xml:622(para)
31609
#: serverguide/C/backups.xml:633(para)
24007
31610
msgid ""
24008
31611
"The various <application>Bacula</application> components must authorize "
24009
31612
"themselves to each other. This is accomplished using the "
24014
31617
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24015
31618
msgstr ""
24016
31619
24017
#: serverguide/C/backups.xml:628(para)
31620
#: serverguide/C/backups.xml:639(para)
24018
31621
msgid ""
24019
31622
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24020
31623
"to archive the <application>Bacula</application> Catalog. If you plan on "
24023
31626
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24024
31627
msgstr ""
24025
31628
24026
#: serverguide/C/backups.xml:633(programlisting)
31629
#: serverguide/C/backups.xml:644(programlisting)
24027
31630
#, no-wrap
24028
31631
msgid ""
24029
31632
"\n"
24037
31640
"}\n"
24038
31641
msgstr ""
24039
31642
24040
#: serverguide/C/backups.xml:644(para)
31643
#: serverguide/C/backups.xml:655(para)
24041
31644
msgid ""
24042
31645
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24043
31646
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24044
31647
"your appropriate hostname, or other descriptive name."
24045
31648
msgstr ""
24046
31649
24047
#: serverguide/C/backups.xml:649(para)
31650
#: serverguide/C/backups.xml:660(para)
24048
31651
msgid ""
24049
31652
"The <emphasis>Console</emphasis> can be used to query the "
24050
31653
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24053
31656
"the following from a terminal:"
24054
31657
msgstr ""
24055
31658
24056
#: serverguide/C/backups.xml:655(command)
31659
#: serverguide/C/backups.xml:666(command)
24057
31660
msgid "sudo adduser $username bacula"
24058
31661
msgstr ""
24059
31662
24060
#: serverguide/C/backups.xml:658(para)
31663
#: serverguide/C/backups.xml:669(para)
24061
31664
msgid ""
24062
31665
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24063
31666
"you are adding the current user to the group you should log out and back in "
24064
31667
"for the new permissions to take effect."
24065
31668
msgstr ""
24066
31669
24067
#: serverguide/C/backups.xml:665(title)
31670
#: serverguide/C/backups.xml:676(title)
24068
31671
msgid "Localhost Backup"
24069
31672
msgstr ""
24070
31673
24071
#: serverguide/C/backups.xml:666(para)
31674
#: serverguide/C/backups.xml:677(para)
24072
31675
msgid ""
24073
31676
"This section describes how to backup specified directories on a single host "
24074
31677
"to a local tape drive."
24075
31678
msgstr ""
24076
31679
24077
#: serverguide/C/backups.xml:671(para)
31680
#: serverguide/C/backups.xml:682(para)
24078
31681
msgid ""
24079
31682
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24080
31683
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24081
31684
msgstr ""
24082
31685
24083
#: serverguide/C/backups.xml:674(programlisting)
31686
#: serverguide/C/backups.xml:685(programlisting)
24084
31687
#, no-wrap
24085
31688
msgid ""
24086
31689
"\n"
24098
31701
"}\n"
24099
31702
msgstr ""
24100
31703
24101
#: serverguide/C/backups.xml:688(para)
31704
#: serverguide/C/backups.xml:699(para)
24102
31705
msgid ""
24103
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24104
"Type and Archive Device to match your hardware."
31706
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
31707
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
31708
"hardware."
24105
31709
msgstr ""
24106
31710
24107
#: serverguide/C/backups.xml:691(para)
31711
#: serverguide/C/backups.xml:702(para)
24108
31712
msgid "You could also uncomment one of the other examples in the file."
24109
31713
msgstr ""
24110
31714
24111
#: serverguide/C/backups.xml:696(para)
31715
#: serverguide/C/backups.xml:707(para)
24112
31716
msgid ""
24113
31717
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24114
31718
"<application>Storage</application> daemon will need to be restarted:"
24115
31719
msgstr ""
24116
31720
24117
#: serverguide/C/backups.xml:701(command)
31721
#: serverguide/C/backups.xml:712(command)
24118
31722
msgid "sudo /etc/init.d/bacula-sd restart"
24119
31723
msgstr ""
24120
31724
24121
#: serverguide/C/backups.xml:705(para)
31725
#: serverguide/C/backups.xml:716(para)
24122
31726
msgid ""
24123
31727
"Now add a <emphasis>Storage</emphasis> resource in "
24124
31728
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24125
31729
msgstr ""
24126
31730
24127
#: serverguide/C/backups.xml:708(programlisting)
31731
#: serverguide/C/backups.xml:719(programlisting)
24128
31732
#, no-wrap
24129
31733
msgid ""
24130
31734
"\n"
24135
31739
" Address = backupserver # N.B. Use a fully qualified name "
24136
31740
"here\n"
24137
31741
" SDPort = 9103\n"
24138
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
31742
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyjc\"\n"
24139
31743
" Device = \"Tape Drive\"\n"
24140
31744
" Media Type = tape\n"
24141
31745
"}\n"
24142
31746
msgstr ""
24143
31747
24144
#: serverguide/C/backups.xml:720(para)
31748
#: serverguide/C/backups.xml:731(para)
24145
31749
msgid ""
24146
31750
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24147
31751
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24148
31752
"to the actual host name."
24149
31753
msgstr ""
24150
31754
24151
#: serverguide/C/backups.xml:724(para)
31755
#: serverguide/C/backups.xml:735(para)
24152
31756
msgid ""
24153
31757
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24154
31758
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24155
31759
msgstr ""
24156
31760
24157
#: serverguide/C/backups.xml:730(para)
31761
#: serverguide/C/backups.xml:741(para)
24158
31762
msgid ""
24159
31763
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24160
31764
"directories to backup, by adding:"
24161
31765
msgstr ""
24162
31766
24163
#: serverguide/C/backups.xml:733(programlisting)
31767
#: serverguide/C/backups.xml:744(programlisting)
24164
31768
#, no-wrap
24165
31769
msgid ""
24166
31770
"\n"
24178
31782
"}\n"
24179
31783
msgstr ""
24180
31784
24181
#: serverguide/C/backups.xml:747(para)
31785
#: serverguide/C/backups.xml:758(para)
24182
31786
msgid ""
24183
31787
"This <emphasis>FileSet</emphasis> will backup the <filename "
24184
31788
"role=\"directory\">/etc</filename> and <filename "
24185
31789
"role=\"directory\">/home</filename> directories. The "
24186
31790
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24187
"create a MD5 signature for each file backed up, and to compress the files "
31791
"create an MD5 signature for each file backed up, and to compress the files "
24188
31792
"using GZIP."
24189
31793
msgstr ""
24190
31794
24191
#: serverguide/C/backups.xml:754(para)
31795
#: serverguide/C/backups.xml:765(para)
24192
31796
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24193
31797
msgstr ""
24194
31798
24195
#: serverguide/C/backups.xml:757(programlisting)
31799
#: serverguide/C/backups.xml:768(programlisting)
24196
31800
#, no-wrap
24197
31801
msgid ""
24198
31802
"\n"
24203
31807
"}\n"
24204
31808
msgstr ""
24205
31809
24206
#: serverguide/C/backups.xml:764(para)
31810
#: serverguide/C/backups.xml:775(para)
24207
31811
msgid ""
24208
31812
"The job will run every day at 00:01 or 12:01 am. There are many other "
24209
31813
"scheduling options available."
24210
31814
msgstr ""
24211
31815
24212
#: serverguide/C/backups.xml:769(para)
31816
#: serverguide/C/backups.xml:780(para)
24213
31817
msgid "Finally create the <emphasis>Job</emphasis>:"
24214
31818
msgstr ""
24215
31819
24216
#: serverguide/C/backups.xml:772(programlisting)
31820
#: serverguide/C/backups.xml:783(programlisting)
24217
31821
#, no-wrap
24218
31822
msgid ""
24219
31823
"\n"
24230
31834
"} \n"
24231
31835
msgstr ""
24232
31836
24233
#: serverguide/C/backups.xml:785(para)
31837
#: serverguide/C/backups.xml:796(para)
24234
31838
msgid ""
24235
31839
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24236
31840
"drive."
24237
31841
msgstr ""
24238
31842
24239
#: serverguide/C/backups.xml:790(para)
31843
#: serverguide/C/backups.xml:801(para)
24240
31844
msgid ""
24241
31845
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24242
31846
"current tape does not have a label <application>Bacula</application> will "
24244
31848
"<application>Console</application> enter the following from a terminal:"
24245
31849
msgstr ""
24246
31850
24247
#: serverguide/C/backups.xml:796(command)
31851
#: serverguide/C/backups.xml:807(command)
24248
31852
msgid "bconsole"
24249
31853
msgstr ""
24250
31854
24251
#: serverguide/C/backups.xml:800(para)
31855
#: serverguide/C/backups.xml:811(para)
24252
31856
msgid "At the Bacula Console prompt enter:"
24253
31857
msgstr ""
24254
31858
24255
#: serverguide/C/backups.xml:804(command)
31859
#: serverguide/C/backups.xml:815(command)
24256
31860
msgid "label"
24257
31861
msgstr ""
24258
31862
24259
#: serverguide/C/backups.xml:808(para)
31863
#: serverguide/C/backups.xml:819(para)
24260
31864
msgid ""
24261
31865
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24262
31866
msgstr ""
24263
31867
24264
#: serverguide/C/backups.xml:818(userinput)
31868
#: serverguide/C/backups.xml:829(userinput)
24265
31869
#, no-wrap
24266
31870
msgid "2"
24267
31871
msgstr ""
24268
31872
24269
#: serverguide/C/backups.xml:812(computeroutput)
31873
#: serverguide/C/backups.xml:823(computeroutput)
24270
31874
#, no-wrap
24271
31875
msgid ""
24272
31876
"\n"
24278
31882
"Select Storage resource (1-2):<placeholder-1/>\n"
24279
31883
msgstr ""
24280
31884
24281
#: serverguide/C/backups.xml:823(para)
31885
#: serverguide/C/backups.xml:834(para)
24282
31886
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24283
31887
msgstr ""
24284
31888
24285
#: serverguide/C/backups.xml:828(userinput)
31889
#: serverguide/C/backups.xml:839(userinput)
24286
31890
#, no-wrap
24287
31891
msgid "Sunday"
24288
31892
msgstr ""
24289
31893
24290
#: serverguide/C/backups.xml:827(computeroutput)
31894
#: serverguide/C/backups.xml:838(computeroutput)
24291
31895
#, no-wrap
24292
31896
msgid ""
24293
31897
"\n"
24297
31901
" 2: Scratch"
24298
31902
msgstr ""
24299
31903
24300
#: serverguide/C/backups.xml:833(para)
31904
#: serverguide/C/backups.xml:844(para)
24301
31905
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24302
31906
msgstr ""
24303
31907
24304
#: serverguide/C/backups.xml:838(para)
31908
#: serverguide/C/backups.xml:849(para)
24305
31909
msgid "Now, select the <emphasis>Pool</emphasis>:"
24306
31910
msgstr ""
24307
31911
24308
#: serverguide/C/backups.xml:843(userinput)
31912
#: serverguide/C/backups.xml:854(userinput)
24309
31913
#, no-wrap
24310
31914
msgid "1"
24311
31915
msgstr ""
24312
31916
24313
#: serverguide/C/backups.xml:842(computeroutput)
31917
#: serverguide/C/backups.xml:853(computeroutput)
24314
31918
#, no-wrap
24315
31919
msgid ""
24316
31920
"\n"
24319
31923
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24320
31924
msgstr ""
24321
31925
24322
#: serverguide/C/backups.xml:850(para)
31926
#: serverguide/C/backups.xml:861(para)
24323
31927
msgid ""
24324
31928
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24325
31929
"backup the localhost to an attached tape drive."
24326
31930
msgstr ""
24327
31931
24328
#: serverguide/C/backups.xml:858(para)
31932
#: serverguide/C/backups.xml:869(para)
24329
31933
msgid ""
24330
31934
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24331
31935
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24332
31936
"Manual</ulink>"
24333
31937
msgstr ""
24334
31938
24335
#: serverguide/C/backups.xml:864(para)
31939
#: serverguide/C/backups.xml:875(para)
24336
31940
msgid ""
24337
31941
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24338
31942
"the latest Bacula news and developments."
24339
31943
msgstr ""
24340
31944
24341
#: serverguide/C/backups.xml:869(para)
31945
#: serverguide/C/backups.xml:880(para)
24342
31946
msgid ""
24343
31947
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24344
31948
"Ubuntu Wiki</ulink> page."
24349
31953
msgid "translator-credits"
24350
31954
msgstr ""
24351
31955
"Launchpad Contributions:\n"
24352
" Elísabet Einarsdóttir https://launchpad.net/~eeinarsdottir\n"
24353
31956
" Matthew East https://launchpad.net/~mdke"
24354
24355
#~ msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
24356
#~ msgstr "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
24357
24358
#~ msgid "sudo /etc/init.d/samba restart"
24359
#~ msgstr "sudo /etc/init.d/samba restart"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1