« back to all changes in this revision
Viewing changes to serverguide/po/th.po
- browse files at revision 377
- compare with another revision
- download diff
- download tarball
- view history from revision 377
- Committer: Doug Smythies
- Date: 2019-09-16 23:27:40 UTC
- Revision ID: dsmythies@telus.net-20190916232740-6q2xgomajmxmwhki
Remove all content from trunk branch, leave behind a README note.
added
removed
serverguide/po/th.po
1
# Thai translation for serverguide
2
# Copyright (c) 2014 Rosetta Contributors and Canonical Ltd 2014
3
# This file is distributed under the same license as the serverguide package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2014.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: serverguide\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2017-12-07 21:16-0800\n"
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
"Language-Team: Thai <th@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2017-12-08 05:33+0000\n"
18
"X-Generator: Launchpad (build 18511)\n"
19
20
#: serverguide/C/web-servers.xml:11(title)
21
msgid "Web Servers"
22
msgstr "เว็บเซิร์ฟเวอร์"
23
24
#: serverguide/C/web-servers.xml:12(para)
25
msgid ""
26
"A Web server is a software responsible for accepting HTTP requests from "
27
"clients, which are known as Web browsers, and serving them HTTP responses "
28
"along with optional data contents, which usually are Web pages such as HTML "
29
"documents and linked objects (images, etc.)."
30
msgstr ""
31
"เว็บเซิร์ฟเวอร์เป็นโปรแกรมที่ตอบสนองคำร้องขอแบบ HTTP จากโปรแกรมเว็บเบราเซอร์ "
32
"และส่งข้อมูลต่างๆที่เว็บเบราเซอร์ได้ร้องขอซึ่งโดยปกติมักจะเป็นหน้าเว็บเพจเช่น"
33
"เอกสาร HTML และข้อมูลอื่นๆเช่นรูปภาพ"
34
35
#: serverguide/C/web-servers.xml:17(title)
36
msgid "HTTPD - Apache2 Web Server"
37
msgstr "HTTPD - Apache2 เว็บเซิร์ฟเวอร์"
38
39
#: serverguide/C/web-servers.xml:18(para)
40
msgid ""
41
"Apache is the most commonly used Web server on Linux systems. Web servers "
42
"are used to serve Web pages requested by client computers. Clients typically "
43
"request and view Web pages using Web browser applications such as "
44
"<application>Firefox</application>, <application>Opera</application>, "
45
"<application>Chromium</application>, or <application>Internet "
46
"Explorer</application>."
47
msgstr ""
48
49
#: serverguide/C/web-servers.xml:24(para)
50
msgid ""
51
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
52
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
53
"resource. For example, to view the home page of the <ulink "
54
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
55
"the FQDN:"
56
msgstr ""
57
58
#: serverguide/C/web-servers.xml:29(userinput)
59
#, no-wrap
60
msgid "www.ubuntu.com"
61
msgstr ""
62
63
#: serverguide/C/web-servers.xml:32(para)
64
msgid ""
65
"To view the <ulink url=\"http://www.ubuntu.com/community\">community</ulink> "
66
"sub-page, a user will enter the FQDN followed by a path:"
67
msgstr ""
68
69
#: serverguide/C/web-servers.xml:35(userinput)
70
#, no-wrap
71
msgid "www.ubuntu.com/community"
72
msgstr ""
73
74
#: serverguide/C/web-servers.xml:38(para)
75
msgid ""
76
"The most common protocol used to transfer Web pages is the Hyper Text "
77
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
78
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
79
"protocol for uploading and downloading files, are also supported."
80
msgstr ""
81
"โปรโตคอลหลักที่ใช้ถ่ายโอนหน้าเว็บต่างๆก็คือ Hyper Text Transfer Protocol "
82
"(HTTP) แต่โปรโตคอลอื่นๆเช่น Hyper Text Transfer Protocol over Secure Sockets "
83
"Layer (HTTPS) และ File Transfer Protocol (FTP) "
84
"ซึ่งเป็นโปรโตคอลสำหรับอัพโหลดและดาวน์โหลดไฟล์ก็สนับสนุนเช่นกัน"
85
86
#: serverguide/C/web-servers.xml:43(para)
87
msgid ""
88
"Apache Web Servers are often used in combination with the "
89
"<application>MySQL</application> database engine, the HyperText Preprocessor "
90
"(<application>PHP</application>) scripting language, and other popular "
91
"scripting languages such as <application>Python</application> and "
92
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
93
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
94
"for the development and deployment of Web-based applications."
95
msgstr ""
96
"บ่อยครั้งที่เว็บเซิร์ฟเวอร์ Apache ถูกใช้ร่วมกับฐานข้อมูล "
97
"<application>MySQL</application>, ภาษา HyperText Preprocessor "
98
"(<application>PHP</application>) และภาษาสำหรับ scripting อื่นๆเช่น "
99
"<application>Python</application> และ <application>Perl</application> "
100
"เป็นต้น ชุดโปรแกรมทั้งหมดนี้รวมกันมีชื่อเรียกว่า LAMP (ซึ่งเป็นคำย่อจาก "
101
"Linux, Apache, MySQL และ Perl/Python/PHP) "
102
"และเป็นแพลทฟอร์มสำหรับพัฒนาแอพพลิเคชั่นบนเว็บที่มีประสิทธิภาพอย่างมาก"
103
104
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:991(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:1000(title) serverguide/C/virtualization.xml:1859(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1153(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2763(title) serverguide/C/network-auth.xml:3235(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:401(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:129(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
105
msgid "Installation"
106
msgstr "การติดตั้ง"
107
108
#: serverguide/C/web-servers.xml:52(para)
109
msgid ""
110
"The <application>Apache2</application> web server is available in Ubuntu "
111
"Linux. To install Apache2:"
112
msgstr ""
113
114
#: serverguide/C/web-servers.xml:58(para) serverguide/C/lamp-applications.xml:37(para)
115
msgid "At a terminal prompt enter the following command:"
116
msgstr "ในพร๊อมต์เทอร์มินัล ให้พิมพ์คำสั่งดังนี้:"
117
118
#: serverguide/C/web-servers.xml:63(command)
119
msgid "sudo apt install apache2"
120
msgstr ""
121
122
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1018(title) serverguide/C/web-servers.xml:1121(title) serverguide/C/virtualization.xml:1031(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:422(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1163(title) serverguide/C/network-auth.xml:2850(title) serverguide/C/network-auth.xml:3256(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:317(title) serverguide/C/lamp-applications.xml:422(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
123
msgid "Configuration"
124
msgstr "การตั้งค่า"
125
126
#: serverguide/C/web-servers.xml:73(para)
127
msgid ""
128
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
129
"text configuration files. These <emphasis>directives</emphasis> are "
130
"separated between the following files and directories:"
131
msgstr ""
132
133
#: serverguide/C/web-servers.xml:81(para)
134
msgid ""
135
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
136
"Contains settings that are <emphasis>global</emphasis> to Apache2."
137
msgstr ""
138
139
#: serverguide/C/web-servers.xml:87(para)
140
msgid ""
141
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
142
"file, named after the <application>httpd</application> daemon. Now the file "
143
"does not exist. In older versions of Ubuntu the file might be present, but "
144
"empty, as all configuration options have been moved to the below referenced "
145
"directories."
146
msgstr ""
147
148
#: serverguide/C/web-servers.xml:94(para)
149
msgid ""
150
"<emphasis>conf-available:</emphasis> this directory contains available "
151
"configuration files. All files that were previously in "
152
"<filename>/etc/apache2/conf.d</filename> should be moved to "
153
"<filename>/etc/apache2/conf-available</filename>."
154
msgstr ""
155
156
#: serverguide/C/web-servers.xml:101(para)
157
msgid ""
158
"<emphasis>conf-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
159
"the files in <filename>/etc/apache2/conf-available</filename>. When a "
160
"configuration file is symlinked, it will be enabled the next time "
161
"<application>apache2</application> is restarted."
162
msgstr ""
163
164
#: serverguide/C/web-servers.xml:108(para)
165
msgid ""
166
"<emphasis>envvars:</emphasis> file where Apache2 "
167
"<emphasis>environment</emphasis> variables are set."
168
msgstr ""
169
170
#: serverguide/C/web-servers.xml:113(para)
171
msgid ""
172
"<emphasis>mods-available:</emphasis> this directory contains configuration "
173
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
174
"modules will have specific configuration files, however."
175
msgstr ""
176
177
#: serverguide/C/web-servers.xml:119(para)
178
msgid ""
179
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
180
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
181
"configuration file is symlinked it will be enabled the next time "
182
"<application>apache2</application> is restarted."
183
msgstr ""
184
185
#: serverguide/C/web-servers.xml:126(para)
186
msgid ""
187
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
188
"TCP ports Apache2 is listening on."
189
msgstr ""
190
191
#: serverguide/C/web-servers.xml:131(para)
192
msgid ""
193
"<emphasis>sites-available:</emphasis> this directory has configuration files "
194
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
195
"to be configured for multiple sites that have separate configurations."
196
msgstr ""
197
198
#: serverguide/C/web-servers.xml:138(para)
199
msgid ""
200
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
201
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
202
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
203
"a configuration file in sites-available is symlinked, the site configured by "
204
"it will be active once Apache2 is restarted."
205
msgstr ""
206
207
#: serverguide/C/web-servers.xml:145(para)
208
msgid ""
209
"<emphasis>magic:</emphasis> instructions for determining MIME type based on "
210
"the first few bytes of a file."
211
msgstr ""
212
213
#: serverguide/C/web-servers.xml:151(para)
214
msgid ""
215
"In addition, other configuration files may be added using the "
216
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
217
"many configuration files. Any directive may be placed in any of these "
218
"configuration files. Changes to the main configuration files are only "
219
"recognized by Apache2 when it is started or restarted."
220
msgstr ""
221
222
#: serverguide/C/web-servers.xml:160(para)
223
msgid ""
224
"The server also reads a file containing mime document types; the filename is "
225
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
226
"<filename>/etc/apache2/mods-available/mime.conf</filename>, which might also "
227
"include additions and overrides, and is <filename>/etc/mime.types</filename> "
228
"by default."
229
msgstr ""
230
231
#: serverguide/C/web-servers.xml:168(title)
232
msgid "Basic Settings"
233
msgstr "การตั้งค่าพื้นฐาน"
234
235
#: serverguide/C/web-servers.xml:169(para)
236
msgid ""
237
"This section explains Apache2 server essential configuration parameters. "
238
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
239
"Documentation</ulink> for more details."
240
msgstr ""
241
242
#: serverguide/C/web-servers.xml:177(para)
243
msgid ""
244
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
245
"it is configured with a single default virtual host (using the "
246
"<emphasis>VirtualHost</emphasis> directive) which can be modified or used as-"
247
"is if you have a single site, or used as a template for additional virtual "
248
"hosts if you have multiple sites. If left alone, the default virtual host "
249
"will serve as your default site, or the site users will see if the URL they "
250
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
251
"your custom sites. To modify the default virtual host, edit the file "
252
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
253
msgstr ""
254
255
#: serverguide/C/web-servers.xml:190(para)
256
msgid ""
257
"The directives set for a virtual host only apply to that particular virtual "
258
"host. If a directive is set server-wide and not defined within the virtual "
259
"host settings, the default setting is used. For example, you can define a "
260
"Webmaster email address and not define individual email addresses for each "
261
"virtual host."
262
msgstr ""
263
"การตั้งค่าของโฮสต์เสมือนอันใดอันหนึ่งจะมีผลเฉพาะกับโฮสต์เสมือนนั้นเท่านั้น "
264
"และจะไม่กระทบกับโฮสต์เสมือนอื่นๆ "
265
"แต่ถ้าคุณตั้งค่าใดที่มีผลสำหรับทั้งเซิร์ฟเวอร์และไม่ได้ตั้งค่าอื่นๆสำหรับโฮสต"
266
"์เสมือน ค่าที่คุณตั้งไว้ในระดับเซิร์ฟเวอร์จะมีผลบังคับใช้แทน "
267
"เช่นคุณสามารถตั้งค่าอีเมล์ของผู้ดูแลเว็บในระดับเซิร์ฟเวอร์แทนที่จะต้องตั้งค่า"
268
"นี้ในทุกๆโฮสต์เสมือนได้"
269
270
#: serverguide/C/web-servers.xml:198(para)
271
msgid ""
272
"If you wish to configure a new virtual host or site, copy that file into the "
273
"same directory with a name you choose. For example:"
274
msgstr ""
275
276
#: serverguide/C/web-servers.xml:204(command)
277
msgid ""
278
"sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-"
279
"available/mynewsite.conf"
280
msgstr ""
281
282
#: serverguide/C/web-servers.xml:207(para)
283
msgid ""
284
"Edit the new file to configure the new site using some of the directives "
285
"described below."
286
msgstr ""
287
288
#: serverguide/C/web-servers.xml:214(para)
289
msgid ""
290
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
291
"to be advertised for the server's administrator. The default value is "
292
"webmaster@localhost. This should be changed to an email address that is "
293
"delivered to you (if you are the server's administrator). If your website "
294
"has a problem, Apache2 will display an error message containing this email "
295
"address to report the problem to. Find this directive in your site's "
296
"configuration file in /etc/apache2/sites-available."
297
msgstr ""
298
"คำสั่ง <emphasis>ServerAdmin</emphasis> ใช้สำหรับระบุอีเมล์ของผู้ดูแลระบบ "
299
"ค่าเริ่มต้นของคำสั่งนี้คือ webmaster@localhost "
300
"ซึ่งเราแนะนำให้คุณเปลี่ยนเป็นอีเมล์ของคุณ (ถ้าคุณเป็นผู้ดูแลระบบ) "
301
"ถ้าเว็บไซต์ของคุณมีปัญหา Apache2 "
302
"จะแสดงข้อความเกี่ยวกับข้อผิดพลาดซึ่งมีอีเมล์ที่คุณระบุเพื่อให้ผู้ใช้สามารถส่ง"
303
"อีเมล์รายงานปัญหาได้ คุณสามารถเปลี่ยนค่าของคำสั่งนี้ในไฟล์ "
304
"/etc/apache2/sites-available"
305
306
#: serverguide/C/web-servers.xml:225(para)
307
msgid ""
308
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
309
"the IP address, Apache2 should listen on. If the IP address is not "
310
"specified, Apache2 will listen on all IP addresses assigned to the machine "
311
"it runs on. The default value for the Listen directive is 80. Change this to "
312
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
313
"that it will not be available to the Internet, to (for example) 81 to change "
314
"the port that it listens on, or leave it as is for normal operation. This "
315
"directive can be found and changed in its own file, "
316
"<filename>/etc/apache2/ports.conf</filename>"
317
msgstr ""
318
"คำสั่ง <emphasis>Listen</emphasis> ใช้เพื่อระบุเลขที่พอร์ต (และ IP address "
319
"ถ้าต้องการ ) ที่ Apache2 ต้องรอรับคำร้องขอ ถ้าคุณไม่ได้ระบุ IP address "
320
"เซิร์ฟเวอร์จะรับคำร้องขอผ่านทุก IP address ที่เครื่องเซิร์ฟเวอร์มี "
321
"ค่าเริ่มต้นสำหรับคำสั่ง Listen นี้คือ 80 คุณสามารถเปลี่ยนค่าเป็น "
322
"127.0.0.1:80 เพื่อให้ Apache2 "
323
"รับคำร้องขอเฉพาะจากการ์ดเน็ตเวิร์คภายในของเครื่องเซิร์ฟเวอร์ (loopback "
324
"interface) ทำให้เครื่องไม่รับคำร้องขอจากอินเตอร์เน็ต หรือเปลี่ยนค่าเป็น 81 "
325
"เพื่อเปลี่ยนพอร์ตที่เซิร์ฟเวอร์จะรับคำร้องขอ "
326
"หรือทิ้งค่าเริ่มต้นเอาไว้สำหรับการทำงานแบบปกติ "
327
"คุณสามารถเปลี่ยนค่าของคำสั่งนี้ได้ในไฟล์ "
328
"<filename>/etc/apache2/ports.conf</filename>"
329
330
#: serverguide/C/web-servers.xml:238(para)
331
msgid ""
332
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
333
"FQDN your site should answer to. The default virtual host has no ServerName "
334
"directive specified, so it will respond to all requests that do not match a "
335
"ServerName directive in another virtual host. If you have just acquired the "
336
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
337
"value of the ServerName directive in your virtual host configuration file "
338
"should be ubunturocks.com. Add this directive to the new virtual host file "
339
"you created earlier (<filename>/etc/apache2/sites-"
340
"available/mynewsite.conf</filename>)."
341
msgstr ""
342
343
#: serverguide/C/web-servers.xml:250(para)
344
msgid ""
345
"You may also want your site to respond to www.ubunturocks.com, since many "
346
"users will assume the www prefix is appropriate. Use the "
347
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
348
"wildcards in the ServerAlias directive."
349
msgstr ""
350
351
#: serverguide/C/web-servers.xml:257(para)
352
msgid ""
353
"For example, the following configuration will cause your site to respond to "
354
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
355
msgstr ""
356
357
#: serverguide/C/web-servers.xml:263(programlisting)
358
#, no-wrap
359
msgid ""
360
"\n"
361
"ServerAlias *.ubunturocks.com\n"
362
msgstr ""
363
364
#: serverguide/C/web-servers.xml:269(para)
365
msgid ""
366
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
367
"should look for the files that make up the site. The default value is "
368
"/var/www/html, as specified in <filename>/etc/apache2/sites-available/000-"
369
"default.conf</filename>. If desired, change this value in your site's "
370
"virtual host file, and remember to create that directory if necessary!"
371
msgstr ""
372
373
#: serverguide/C/web-servers.xml:278(para)
374
msgid ""
375
"Enable the new <emphasis>VirtualHost</emphasis> using the "
376
"<application>a2ensite</application> utility and restart Apache2:"
377
msgstr ""
378
379
#: serverguide/C/web-servers.xml:284(command)
380
msgid "sudo a2ensite mynewsite"
381
msgstr ""
382
383
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:462(command)
384
msgid "sudo systemctl restart apache2.service"
385
msgstr ""
386
387
#: serverguide/C/web-servers.xml:289(para)
388
msgid ""
389
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
390
"name for the VirtualHost. One method is to name the file after the "
391
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
392
msgstr ""
393
394
#: serverguide/C/web-servers.xml:296(para)
395
msgid ""
396
"Similarly, use the <application>a2dissite</application> utility to disable "
397
"sites. This is can be useful when troubleshooting configuration problems "
398
"with multiple VirtualHosts:"
399
msgstr ""
400
401
#: serverguide/C/web-servers.xml:302(command)
402
msgid "sudo a2dissite mynewsite"
403
msgstr ""
404
405
#: serverguide/C/web-servers.xml:308(title)
406
msgid "Default Settings"
407
msgstr "ค่าเริ่มต้น (ที่มาพร้อมกับการติดตั้ง)"
408
409
#: serverguide/C/web-servers.xml:310(para)
410
msgid ""
411
"This section explains configuration of the Apache2 server default settings. "
412
"For example, if you add a virtual host, the settings you configure for the "
413
"virtual host take precedence for that virtual host. For a directive not "
414
"defined within the virtual host settings, the default value is used."
415
msgstr ""
416
"ในส่วนนี้จะอธิบายเกี่ยวกับค่าเริ่มต้นของเซิร์ฟเวอร์ Apache2 "
417
"ที่มากับการติดตั้ง ยกตัวอย่างเช่นถ้าคุณเพิ่ม virtual host ใหม่ "
418
"ค่าที่ตั้งไว้สำหรับ virtual host "
419
"นั้นจะมีผลเหนือค่าเริ่มต้นที่มากับการติดตั้ง ถ้าไม่มีคำสั่งพิเศษสำหรับ "
420
"virtual host เซิร์ฟเวอร์จะใช้ค่าเริ่มต้นที่มากับการติดตั้งแทน"
421
422
#: serverguide/C/web-servers.xml:322(para)
423
msgid ""
424
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
425
"server when a user requests an index of a directory by specifying a forward "
426
"slash (/) at the end of the directory name."
427
msgstr ""
428
"ค่า <emphasis>DirectoryIndex</emphasis> "
429
"เป็นค่าที่ใช้ระบุหน้าเว็บที่เว็บเซิร์ฟเวอร์จะคืนให้เบราเซอร์กรณีที่ผู้ใช้งานร"
430
"้องขอหน้าดัชนีของเว็บไซต์โดยใส่เครื่องหมาย forward slash (/) "
431
"ต่อท้ายชื่อไดเรคทอรี"
432
433
#: serverguide/C/web-servers.xml:329(para)
434
msgid ""
435
"For example, when a user requests the page "
436
"http://www.example.com/this_directory/, he or she will get either the "
437
"DirectoryIndex page if it exists, a server-generated directory list if it "
438
"does not and the Indexes option is specified, or a Permission Denied page if "
439
"neither is true. The server will try to find one of the files listed in the "
440
"DirectoryIndex directive and will return the first one it finds. If it does "
441
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
442
"set for that directory, the server will generate and return a list, in HTML "
443
"format, of the subdirectories and files in the directory. The default value, "
444
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
445
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
446
"Apache2 finds a file in a requested directory matching any of these names, "
447
"the first will be displayed."
448
msgstr ""
449
450
#: serverguide/C/web-servers.xml:350(para)
451
msgid ""
452
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
453
"file for Apache2 to use for specific error events. For example, if a user "
454
"requests a resource that does not exist, a 404 error will occur. By default, "
455
"Apache2 will simply return a HTTP 404 Return code. Read "
456
"<filename>/etc/apache2/conf-available/localized-error-pages.conf</filename> "
457
"for detailed instructions for using ErrorDocument, including locations of "
458
"example files."
459
msgstr ""
460
461
#: serverguide/C/web-servers.xml:360(para)
462
msgid ""
463
"By default, the server writes the transfer log to the file "
464
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
465
"per-site basis in your virtual host configuration files with the "
466
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
467
"specified in <filename> /etc/apache2/conf-available/other-vhosts-access-"
468
"log.conf</filename>. You may also specify the file to which errors are "
469
"logged, via the <emphasis>ErrorLog</emphasis> directive, whose default is "
470
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
471
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
472
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
473
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
474
"/etc/apache2/apache2.conf</filename> for the default value)."
475
msgstr ""
476
477
#: serverguide/C/web-servers.xml:375(para)
478
msgid ""
479
"Some options are specified on a per-directory basis rather than per-server. "
480
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
481
"is enclosed in XML-like tags, like so:"
482
msgstr ""
483
484
#: serverguide/C/web-servers.xml:381(programlisting)
485
#, no-wrap
486
msgid ""
487
"\n"
488
"<Directory /var/www/html/mynewsite>\n"
489
"...\n"
490
"</Directory>\n"
491
msgstr ""
492
493
#: serverguide/C/web-servers.xml:387(para)
494
msgid ""
495
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
496
"one or more of the following values (among others), separated by spaces:"
497
msgstr ""
498
499
#: serverguide/C/web-servers.xml:399(para)
500
msgid ""
501
"Most files should not be executed as CGI scripts. This would be very "
502
"dangerous. CGI scripts should kept in a directory separate from and outside "
503
"your DocumentRoot, and only this directory should have the ExecCGI option "
504
"set. This is the default, and the default location for CGI scripts is "
505
"<filename>/usr/lib/cgi-bin</filename>."
506
msgstr ""
507
508
#: serverguide/C/web-servers.xml:394(para)
509
msgid ""
510
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
511
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
512
msgstr ""
513
"<emphasis role=\"bold\">ExecCGI</emphasis> - อนุญาติให้ใช้งาน CGI สคริปต์ได้ "
514
"ถ้าไม่ได้เลือกตัวเลือกนี้จะไม่สามารถใช้ CGI สคริปต์ได้\r\n"
515
"<placeholder-1/>"
516
517
#: serverguide/C/web-servers.xml:410(para)
518
msgid ""
519
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
520
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
521
"other files. See <ulink "
522
"url=\"https://help.ubuntu.com/community/ServerSideIncludes\">Apache SSI "
523
"documentation (Ubuntu community)</ulink> for more information."
524
msgstr ""
525
526
#: serverguide/C/web-servers.xml:419(para)
527
msgid ""
528
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
529
"includes, but disable the <emphasis>#exec</emphasis> and "
530
"<emphasis>#include</emphasis> commands in CGI scripts."
531
msgstr ""
532
533
#: serverguide/C/web-servers.xml:431(para)
534
msgid ""
535
"For security reasons, this should usually not be set, and certainly should "
536
"not be set on your DocumentRoot directory. Enable this option carefully on a "
537
"per-directory basis only if you are certain you want users to see the entire "
538
"contents of the directory."
539
msgstr ""
540
"เพื่อความปลอดภัย โดยทั่วไปแล้วคุณไม่ควรใช้งานตัวเลือกนี้ "
541
"โดยเฉพาะอย่างยิ่งไม่ควรใช้กับไดเร็คทอรี่ DocumentRoot ของคุณ "
542
"กรุณาใช้ตัวเลือกนี้อย่างระมัดระวังเป็นไดเร็คทอรี่ๆไป "
543
"กรณีที่คุณต้องการให้ผู้ใช้เห็นเนื้อหาที่อยู่ในไดเร็คทอรี่ของคุณ"
544
545
#: serverguide/C/web-servers.xml:426(para)
546
msgid ""
547
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
548
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
549
"index.html) exists in the requested directory. <placeholder-1/>"
550
msgstr ""
551
"<emphasis role=\"bold\">Indexes</emphasis> - แสดงเนื้อหา "
552
"(รายชื่อของไฟล์และไดเร็คทอรี่ย่อย) ถ้าไม่ได้ระบุคำสั่ง "
553
"<emphasis>DirectoryIndex</emphasis> (เช่น index.html) สำหรับไดเร็คทอรี่นี้ "
554
"<placeholder-1/>"
555
556
#: serverguide/C/web-servers.xml:441(para)
557
msgid ""
558
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
559
"multiviews; this option is disabled by default for security reasons. See the "
560
"<ulink "
561
"url=\"http://httpd.apache.org/docs/2.4/mod/mod_negotiation.html#multiviews\">"
562
"Apache2 documentation on this option</ulink>."
563
msgstr ""
564
565
#: serverguide/C/web-servers.xml:449(para)
566
msgid ""
567
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
568
"symbolic links if the target file or directory has the same owner as the "
569
"link."
570
msgstr ""
571
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - ให้ไล่ตาม symbolic "
572
"links ถ้าไฟล์หรือไดเร็คทอรี่ที่ถูกลิงก์หามีเจ้าของเดียวกันกับลิงก์"
573
574
#: serverguide/C/web-servers.xml:461(title)
575
msgid "httpd Settings"
576
msgstr ""
577
578
#: serverguide/C/web-servers.xml:463(para)
579
msgid ""
580
"This section explains some basic <application>httpd</application> daemon "
581
"configuration settings."
582
msgstr ""
583
584
#: serverguide/C/web-servers.xml:467(para)
585
msgid ""
586
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
587
"the path to the lockfile used when the server is compiled with either "
588
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
589
"stored on the local disk. It should be left to the default value unless the "
590
"logs directory is located on an NFS share. If this is the case, the default "
591
"value should be changed to a location on the local disk and to a directory "
592
"that is readable only by root."
593
msgstr ""
594
"<emphasis role=\"bold\">LockFile</emphasis> - คำสั่ง LockFile "
595
"ระบุไดเร็คทอรี่ที่เก็บไฟล์ล็อกที่ถูกใช้ตอนคอมไพล์เซิร์ฟเวอร์ด้วย "
596
"USE_FCNTL_SERIALIZED_ACCEPT หรือ USE_FLOCK_SERIALIZED_ACCEPT "
597
"ค่านี้ไม่ควรถูกเปลี่ยนแปลงนอกเสียจากว่าไดเรคทอรี่ที่ใช้เก็บบันทึก (logs) "
598
"จะอยู่ในแชร์ของเครือข่าย (NFS) "
599
"ถ้าเกิดเป็นเช่นนั้นคุณควรเปลี่ยนค่าเริ่มต้นให้ชี้ไปที่ไฟล์ในฮาร์ดดิสก์ของเครื"
600
"่องซึ่งอยู่ในไดเร็คทอรี่ที่อ่านได้โดย root เท่านั้น"
601
602
#: serverguide/C/web-servers.xml:476(para)
603
msgid ""
604
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
605
"file in which the server records its process ID (pid). This file should only "
606
"be readable by root. In most cases, it should be left to the default value."
607
msgstr ""
608
"<emphasis role=\"bold\">PidFile</emphasis> - คำสั่ง PidFile "
609
"ระบุไฟล์ที่เซิร์ฟเวอร์ใช้เพื่อบันทึกเลขที่โปรเซส (process ID หรือ pid) "
610
"ของตัวเอง ไฟล์นี้ควรถูกอ่านได้โดย root เท่านั้น "
611
"และโดยทั่วไปแล้วคุณไม่ควรแก้ไขค่าเริ่มต้นที่มาพร้อมกับการติดตั้ง"
612
613
#: serverguide/C/web-servers.xml:482(para)
614
msgid ""
615
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
616
"used by the server to answer requests. This setting determines the server's "
617
"access. Any files inaccessible to this user will also be inaccessible to "
618
"your website's visitors. The default value for User is \"www-data\"."
619
msgstr ""
620
621
#: serverguide/C/web-servers.xml:489(para)
622
msgid ""
623
"Unless you know exactly what you are doing, do not set the User directive to "
624
"root. Using root as the User will create large security holes for your Web "
625
"server."
626
msgstr ""
627
"นอกจากว่าคุณจะรู้ตัวว่ากำลังทำอะไรอยู่ อย่าตั้งค่าคำสั่ง User เป็น root "
628
"เพราะการใช้ root "
629
"สำหรับคำสั่งนี้จะทำให้เกิดช่องโหว่ด้านความปลอดภัยกับเว็บเซิร์ฟเวอร์ของคุณเป็น"
630
"อย่างมาก"
631
632
#: serverguide/C/web-servers.xml:495(para)
633
msgid ""
634
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
635
"the User directive. Group sets the group under which the server will answer "
636
"requests. The default group is also \"www-data\"."
637
msgstr ""
638
639
#: serverguide/C/web-servers.xml:502(title)
640
msgid "Apache2 Modules"
641
msgstr ""
642
643
#: serverguide/C/web-servers.xml:504(para)
644
msgid ""
645
"Apache2 is a modular server. This implies that only the most basic "
646
"functionality is included in the core server. Extended features are "
647
"available through modules which can be loaded into Apache2. By default, a "
648
"base set of modules is included in the server at compile-time. If the server "
649
"is compiled to use dynamically loaded modules, then modules can be compiled "
650
"separately, and added at any time using the LoadModule directive. Otherwise, "
651
"Apache2 must be recompiled to add or remove modules."
652
msgstr ""
653
654
#: serverguide/C/web-servers.xml:516(para)
655
msgid ""
656
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
657
"Configuration directives may be conditionally included on the presence of a "
658
"particular module by enclosing them in an "
659
"<emphasis><IfModule></emphasis> block."
660
msgstr ""
661
662
#: serverguide/C/web-servers.xml:523(para)
663
msgid ""
664
"You can install additional Apache2 modules and use them with your Web "
665
"server. For example, run the following command at a terminal prompt to "
666
"install the <emphasis>MySQL Authentication</emphasis> module:"
667
msgstr ""
668
669
#: serverguide/C/web-servers.xml:530(command)
670
msgid "sudo apt install libapache2-mod-auth-mysql"
671
msgstr ""
672
673
#: serverguide/C/web-servers.xml:533(para)
674
msgid ""
675
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
676
"additional modules."
677
msgstr ""
678
679
#: serverguide/C/web-servers.xml:537(para)
680
msgid ""
681
"Use the <application>a2enmod</application> utility to enable a module:"
682
msgstr ""
683
684
#: serverguide/C/web-servers.xml:543(command)
685
msgid "sudo a2enmod auth_mysql"
686
msgstr ""
687
688
#: serverguide/C/web-servers.xml:547(para)
689
msgid "Similarly, <application>a2dismod</application> will disable a module:"
690
msgstr ""
691
692
#: serverguide/C/web-servers.xml:552(command)
693
msgid "sudo a2dismod auth_mysql"
694
msgstr ""
695
696
#: serverguide/C/web-servers.xml:559(title)
697
msgid "HTTPS Configuration"
698
msgstr "การตั้งค่า HTTPS"
699
700
#: serverguide/C/web-servers.xml:561(para)
701
msgid ""
702
"The <application>mod_ssl</application> module adds an important feature to "
703
"the Apache2 server - the ability to encrypt communications. Thus, when your "
704
"browser is communicating using SSL, the https:// prefix is used at the "
705
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
706
"bar."
707
msgstr ""
708
"โมดูล <application>mod_ssl</application> "
709
"นั้นเพิ่มความสามารถที่สำคัญยิ่งให้กับ Apache2 "
710
"นั่นก็คือความสามารถในการเข้ารหัสข้อมูลที่ถูกส่งไปมา "
711
"เพราะฉะนั้นเมื่อเบราเซอร์ของคุณสื่อสารผ่าน SSL ที่อยู่เว็บหรือที่เรียกกันว่า "
712
"Uniform Resource Locator (URL) จะเริ่มต้นด้วย https://"
713
714
#: serverguide/C/web-servers.xml:570(para)
715
msgid ""
716
"The <application>mod_ssl</application> module is available in "
717
"<application>apache2-common</application> package. Execute the following "
718
"command at a terminal prompt to enable the "
719
"<application>mod_ssl</application> module:"
720
msgstr ""
721
722
#: serverguide/C/web-servers.xml:577(command)
723
msgid "sudo a2enmod ssl"
724
msgstr "sudo a2enmod ssl"
725
726
#: serverguide/C/web-servers.xml:580(para)
727
msgid ""
728
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
729
"available/default-ssl.conf</filename>. In order for "
730
"<application>Apache2</application> to provide HTTPS, a "
731
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
732
"needed. The default HTTPS configuration will use a certificate and key "
733
"generated by the <application>ssl-cert</application> package. They are good "
734
"for testing, but the auto-generated certificate and key should be replaced "
735
"by a certificate specific to the site or server. For information on "
736
"generating a key and obtaining a certificate see <xref "
737
"linkend=\"certificates-and-security\"/>"
738
msgstr ""
739
740
#: serverguide/C/web-servers.xml:590(para)
741
msgid ""
742
"To configure <application>Apache2</application> for HTTPS, enter the "
743
"following:"
744
msgstr ""
745
746
#: serverguide/C/web-servers.xml:595(command)
747
msgid "sudo a2ensite default-ssl"
748
msgstr "sudo a2ensite default-ssl"
749
750
#: serverguide/C/web-servers.xml:599(para)
751
msgid ""
752
"The directories <filename>/etc/ssl/certs</filename> and "
753
"<filename>/etc/ssl/private</filename> are the default locations. If you "
754
"install the certificate and key in another directory make sure to change "
755
"<emphasis>SSLCertificateFile</emphasis> and "
756
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
757
msgstr ""
758
"โดยปกติแล้วหนังสือรับรอง (certificate) "
759
"และกุญแจสำหรับเข้าและถอดรหัสจะถูกเก็บอยู่ที่ "
760
"<filename>/etc/ssl/certs</filename> และ "
761
"<filename>/etc/ssl/private</filename> ถ้าคุณเก็บไฟล์เหล่านี้ไว้ที่อื่น "
762
"อย่าลืมเปลี่ยน <emphasis>SSLCertificateFile</emphasis> และ "
763
"<emphasis>SSLCertificateKeyFile</emphasis> ให้ชี้ไปที่เก็บไฟล์ที่ถูกต้องด้วย"
764
765
#: serverguide/C/web-servers.xml:606(para)
766
msgid ""
767
"With Apache2 now configured for HTTPS, restart the service to enable the new "
768
"settings:"
769
msgstr ""
770
771
#: serverguide/C/web-servers.xml:617(para)
772
msgid ""
773
"Depending on how you obtained your certificate you may need to enter a "
774
"passphrase when <application>Apache2</application> starts."
775
msgstr ""
776
777
#: serverguide/C/web-servers.xml:623(para)
778
msgid ""
779
"You can access the secure server pages by typing https://your_hostname/url/ "
780
"in your browser address bar."
781
msgstr ""
782
"คุณสามารถใช้งานหน้าเว็บที่ถูกเข้ารหัสได้โดยพิพม์ https://your_hostname/url/ "
783
"ในแถบที่อยู่ของเบราเซอร์ของคุณ"
784
785
#: serverguide/C/web-servers.xml:630(title)
786
msgid "Sharing Write Permission"
787
msgstr ""
788
789
#: serverguide/C/web-servers.xml:631(para)
790
msgid ""
791
"For more than one user to be able to write to the same directory it will be "
792
"necessary to grant write permission to a group they share in common. The "
793
"following example grants shared write permission to "
794
"<filename>/var/www/html</filename> to the group \"webmasters\"."
795
msgstr ""
796
797
#: serverguide/C/web-servers.xml:639(command)
798
msgid "sudo chgrp -R webmasters /var/www/html"
799
msgstr ""
800
801
#: serverguide/C/web-servers.xml:640(command)
802
msgid "sudo find /var/www/html -type d -exec chmod g=rwxs \"{}\" \\;"
803
msgstr ""
804
805
#: serverguide/C/web-servers.xml:641(command)
806
msgid "sudo find /var/www/html -type f -exec chmod g=rw \"{}\" \\;"
807
msgstr ""
808
809
#: serverguide/C/web-servers.xml:643(para)
810
msgid ""
811
"These commands recursively set the group permission on all files and "
812
"directories in /var/www/html to read write and set user id. This has the "
813
"effect of having the files and directories inherit their group and "
814
"permission from their parrent. Many admins find this useful for allowing "
815
"multiple users to edit files in a directory tree."
816
msgstr ""
817
818
#: serverguide/C/web-servers.xml:652(para)
819
msgid ""
820
"If access must be granted to more than one group per directory, enable "
821
"Access Control Lists (ACLs)."
822
msgstr ""
823
824
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:973(title) serverguide/C/web-servers.xml:1068(title) serverguide/C/web-servers.xml:1293(title) serverguide/C/vpn.xml:921(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:484(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1223(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:370(title) serverguide/C/lamp-applications.xml:525(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
825
msgid "References"
826
msgstr "แหล่งอ้างอิง"
827
828
#: serverguide/C/web-servers.xml:663(para)
829
msgid ""
830
"<ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
831
"Documentation</ulink> contains in depth information on Apache2 configuration "
832
"directives. Also, see the <application>apache2-doc</application> package for "
833
"the official Apache2 docs."
834
msgstr ""
835
836
#: serverguide/C/web-servers.xml:670(para)
837
msgid ""
838
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
839
"Documentation</ulink> site for more SSL related information."
840
msgstr ""
841
842
#: serverguide/C/web-servers.xml:676(para)
843
msgid ""
844
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
845
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
846
"configurations."
847
msgstr ""
848
849
#: serverguide/C/web-servers.xml:682(para)
850
msgid ""
851
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
852
"server</emphasis> IRC channel on <ulink "
853
"url=\"http://freenode.net/\">freenode.net</ulink>."
854
msgstr ""
855
856
#: serverguide/C/web-servers.xml:688(para)
857
msgid ""
858
"Usually integrated with PHP and MySQL the <ulink "
859
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
860
"Ubuntu Wiki </ulink> page is a good resource."
861
msgstr ""
862
863
#: serverguide/C/web-servers.xml:699(title)
864
msgid "PHP - Scripting Language"
865
msgstr ""
866
867
#: serverguide/C/web-servers.xml:700(para)
868
msgid ""
869
"PHP is a general-purpose scripting language suited for Web development. PHP "
870
"scripts can be embedded into HTML. This section explains how to install and "
871
"configure PHP in an Ubuntu System with Apache2 and MySQL."
872
msgstr ""
873
874
#: serverguide/C/web-servers.xml:704(para)
875
msgid ""
876
"This section assumes you have installed and configured Apache2 Web Server "
877
"and MySQL Database Server. You can refer to the Apache2 and MySQL sections "
878
"in this document to install and configure Apache2 and MySQL respectively."
879
msgstr ""
880
881
#: serverguide/C/web-servers.xml:711(para)
882
msgid ""
883
"PHP is available in Ubuntu Linux. Unlike python and perl, which are "
884
"installed in the base system, PHP must be added."
885
msgstr ""
886
887
#: serverguide/C/web-servers.xml:715(para)
888
msgid ""
889
"To install PHP and the Apache PHP module you can enter the following command "
890
"at a terminal prompt: <screen>\n"
891
"<command>sudo apt install php libapache2-mod-php</command>\n"
892
"</screen>"
893
msgstr ""
894
895
#: serverguide/C/web-servers.xml:724(para)
896
msgid ""
897
"You can run PHP scripts at a terminal prompt. To run PHP scripts at a "
898
"terminal prompt you should install the <application>php-cli</application> "
899
"package. To install <application>php-cli</application> you can enter the "
900
"following command at a terminal prompt: <screen>\n"
901
"<command>sudo apt install php-cli</command>\n"
902
"</screen>"
903
msgstr ""
904
905
#: serverguide/C/web-servers.xml:733(para)
906
msgid ""
907
"You can also execute PHP scripts without installing the Apache PHP module. "
908
"To accomplish this, you should install the <application>php-"
909
"cgi</application> package. You can run the following command at a terminal "
910
"prompt to install the <application>php-cgi</application> package: <screen>\n"
911
"<command>sudo apt install php-cgi</command>\n"
912
"</screen>"
913
msgstr ""
914
915
#: serverguide/C/web-servers.xml:743(para)
916
msgid ""
917
"To use <application>MySQL</application> with PHP you should install the "
918
"<application>php-mysql</application> package. To install <application>php-"
919
"mysql</application> you can enter the following command at a terminal "
920
"prompt: <screen>\n"
921
"<command>sudo apt install php-mysql</command>\n"
922
"</screen>"
923
msgstr ""
924
925
#: serverguide/C/web-servers.xml:751(para)
926
msgid ""
927
"Similarly, to use <application>PostgreSQL</application> with PHP you should "
928
"install the <application>php-pgsql</application> package. To install "
929
"<application>php-pgsql</application> you can enter the following command at "
930
"a terminal prompt: <screen>\n"
931
"<command>sudo apt install php-pgsql</command>\n"
932
"</screen>"
933
msgstr ""
934
935
#: serverguide/C/web-servers.xml:764(para)
936
msgid ""
937
"If you have installed the <application>libapache2-mod-php</application> or "
938
"<application>php-cgi</application> packages, you can run PHP scripts from "
939
"your web browser. If you have installed the <application>php-"
940
"cli</application> package, you can run PHP scripts at a terminal prompt."
941
msgstr ""
942
943
#: serverguide/C/web-servers.xml:773(para)
944
msgid ""
945
"By default, when <application>libapache2-mod-php</application> is installed, "
946
"the Apache 2 Web server is configured to run PHP scripts. In other words, "
947
"the PHP module is enabled in the Apache Web server when you install the "
948
"module. Please verify if the files <filename>/etc/apache2/mods-"
949
"enabled/php7.0.conf</filename> and <filename>/etc/apache2/mods-"
950
"enabled/php7.0.load</filename> exist. If they do not exist, you can enable "
951
"the module using the <command>a2enmod</command> command."
952
msgstr ""
953
954
#: serverguide/C/web-servers.xml:785(para)
955
msgid ""
956
"Once you have installed the PHP related packages and enabled the Apache PHP "
957
"module, you should restart the Apache2 Web server to run PHP scripts. You "
958
"can run the following command at a terminal prompt to restart your web "
959
"server: <screen><command>sudo systemctl restart apache2.service</command> "
960
"</screen>"
961
msgstr ""
962
963
#: serverguide/C/web-servers.xml:793(title) serverguide/C/network-auth.xml:1063(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1669(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
964
msgid "Testing"
965
msgstr "ทดสอบ"
966
967
#: serverguide/C/web-servers.xml:794(para)
968
msgid ""
969
"To verify your installation, you can run the following PHP phpinfo script:"
970
msgstr ""
971
972
#: serverguide/C/web-servers.xml:797(programlisting)
973
#, no-wrap
974
msgid ""
975
"\n"
976
"<?php\n"
977
" phpinfo();\n"
978
"?>\n"
979
msgstr ""
980
981
#: serverguide/C/web-servers.xml:802(para)
982
msgid ""
983
"You can save the content in a file <filename>phpinfo.php</filename> and "
984
"place it under the <command>DocumentRoot</command> directory of the Apache2 "
985
"Web server. Pointing your browser to "
986
"<filename>http://hostname/phpinfo.php</filename> will display the values of "
987
"various PHP configuration parameters."
988
msgstr ""
989
990
#: serverguide/C/web-servers.xml:816(para)
991
msgid ""
992
"For more in depth information see the <ulink "
993
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
994
msgstr ""
995
996
#: serverguide/C/web-servers.xml:821(para)
997
msgid ""
998
"There are a plethora of books on PHP. A good book from O'Reilly is <ulink "
999
"url=\"http://oreilly.com/catalog/0636920043034/\">Learning PHP</ulink>. "
1000
"<ulink url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook "
1001
"Book</ulink> is also good, but has no yet been updated for PHP7."
1002
msgstr ""
1003
1004
#: serverguide/C/web-servers.xml:829(para)
1005
msgid ""
1006
"Also, see the <ulink "
1007
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
1008
"Ubuntu Wiki</ulink> page for more information."
1009
msgstr ""
1010
1011
#: serverguide/C/web-servers.xml:840(title)
1012
msgid "Squid - Proxy Server"
1013
msgstr "Squid - พร๊อกซี่เซิร์ฟเวอร์"
1014
1015
#: serverguide/C/web-servers.xml:841(para)
1016
msgid ""
1017
"Squid is a full-featured web proxy cache server application which provides "
1018
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
1019
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
1020
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
1021
"caching of Domain Name Server (DNS) lookups, and perform transparent "
1022
"caching. Squid also supports a wide variety of caching protocols, such as "
1023
"Internet Cache Protocol (ICP), the Hyper Text Caching Protocol (HTCP), the "
1024
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol "
1025
"(WCCP)."
1026
msgstr ""
1027
1028
#: serverguide/C/web-servers.xml:849(para)
1029
msgid ""
1030
"The Squid proxy cache server is an excellent solution to a variety of proxy "
1031
"and caching server needs, and scales from the branch office to enterprise "
1032
"level networks while providing extensive, granular access control "
1033
"mechanisms, and monitoring of critical parameters via the Simple Network "
1034
"Management Protocol (SNMP). When selecting a computer system for use as a "
1035
"dedicated Squid caching proxy server for many users ensure it is configured "
1036
"with a large amount of physical memory as Squid maintains an in-memory cache "
1037
"for increased performance."
1038
msgstr ""
1039
1040
#: serverguide/C/web-servers.xml:858(para)
1041
msgid ""
1042
"At a terminal prompt, enter the following command to install the Squid "
1043
"server:"
1044
msgstr "ในพร๊อมต์เทอร์มินัล พิมพ์คำสั่งดังนี้เพื่อติดตั้ง Squid:"
1045
1046
#: serverguide/C/web-servers.xml:863(command)
1047
msgid "sudo apt install squid"
1048
msgstr ""
1049
1050
#: serverguide/C/web-servers.xml:869(para)
1051
msgid ""
1052
"Squid is configured by editing the directives contained within the "
1053
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
1054
"examples illustrate some of the directives which may be modified to affect "
1055
"the behavior of the Squid server. For more in-depth configuration of Squid, "
1056
"see the References section."
1057
msgstr ""
1058
"คุณสามารถตั้งค่า Squid ได้โดยแก้ไขคำสั่งในไฟล์ "
1059
"<filename>/etc/squid/squid.conf</filename> "
1060
"ตัวอย่างต่อไปนี้จะแสดงคำสั่งบางอันที่คุณสามารถแก้ไขได้เพื่อเปลี่ยนพฤติกรรมของ"
1061
" Squid แต่ถ้าคุณต้องการข้อมูลการตั้งค่าแบบละเอียด กรุณาดูส่วนอ้างอิง"
1062
1063
#: serverguide/C/web-servers.xml:875(para)
1064
msgid ""
1065
"Prior to editing the configuration file, you should make a copy of the "
1066
"original file and protect it from writing so you will have the original "
1067
"settings as a reference, and to re-use as necessary. Make this copy and "
1068
"protect it from writing using the following commands:"
1069
msgstr ""
1070
1071
#: serverguide/C/web-servers.xml:881(command)
1072
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
1073
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
1074
1075
#: serverguide/C/web-servers.xml:882(command)
1076
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
1077
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
1078
1079
#: serverguide/C/web-servers.xml:889(para)
1080
msgid ""
1081
"To set your Squid server to listen on TCP port 8888 instead of the default "
1082
"TCP port 3128, change the http_port directive as such:"
1083
msgstr ""
1084
"เพื่อให้เซิร์ฟเวอร์ Squid ของคุณฟังคำร้องขอที่พอร์ต TCP เลขที่ 8888 "
1085
"แทนที่จะใช้เลขที่ 3128 ที่เป็นค่าเริ่มต้น ให้เปลี่ยนคำสั่ง http_port ดังนี้:"
1086
1087
#: serverguide/C/web-servers.xml:893(programlisting)
1088
#, no-wrap
1089
msgid ""
1090
"\n"
1091
"http_port 8888\n"
1092
msgstr ""
1093
"\n"
1094
"http_port 8888\n"
1095
1096
#: serverguide/C/web-servers.xml:898(para)
1097
msgid ""
1098
"Change the visible_hostname directive in order to give the Squid server a "
1099
"specific hostname. This hostname does not necessarily need to be the "
1100
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
1101
msgstr ""
1102
"เปลี่ยนค่าของคำสั่ง visible_hostname เพื่อให้ชื่อกับเครื่องเซิร์ฟเวอร์ Squid "
1103
"ของคุณ ชื่อนี้ไม่จำเป็นจะต้องเป็นชื่อเดียวกับชื่อคอมพิวเตอร์ "
1104
"ในตัวอย่างนี้เราจะตั้งชื่อเครื่องเป็น <emphasis>weezie</emphasis>"
1105
1106
#: serverguide/C/web-servers.xml:902(programlisting)
1107
#, no-wrap
1108
msgid ""
1109
"\n"
1110
"visible_hostname weezie\n"
1111
msgstr ""
1112
"\n"
1113
"visible_hostname weezie\n"
1114
1115
#: serverguide/C/web-servers.xml:907(para)
1116
msgid ""
1117
"Using Squid's access control, you may configure use of Internet services "
1118
"proxied by Squid to be available only users with certain Internet Protocol "
1119
"(IP) addresses. For example, we will illustrate access by users of the "
1120
"192.168.42.0/24 subnetwork only:"
1121
msgstr ""
1122
1123
#: serverguide/C/web-servers.xml:912(para) serverguide/C/web-servers.xml:932(para)
1124
msgid ""
1125
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1126
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1127
msgstr ""
1128
"เพิ่มบรรทัดนี้<emphasis role=\"bold\">ต่อท้าย</emphasis> หมวด ACL ของไฟล์ "
1129
"<filename>/etc/squid/squid.conf</filename>:"
1130
1131
#: serverguide/C/web-servers.xml:915(programlisting)
1132
#, no-wrap
1133
msgid ""
1134
"\n"
1135
"acl fortytwo_network src 192.168.42.0/24\n"
1136
msgstr ""
1137
"\n"
1138
"acl fortytwo_network src 192.168.42.0/24\n"
1139
1140
#: serverguide/C/web-servers.xml:918(para) serverguide/C/web-servers.xml:939(para)
1141
msgid ""
1142
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1143
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1144
msgstr ""
1145
"จากนั้นให้เพิ่มบรรทัดนี้เป็น<emphasis role=\"bold\">บรรทัดแรก</emphasis> "
1146
"ของหมวด http_access ในไฟล์ <filename>/etc/squid/squid.conf</filename>:"
1147
1148
#: serverguide/C/web-servers.xml:922(programlisting)
1149
#, no-wrap
1150
msgid ""
1151
"\n"
1152
"http_access allow fortytwo_network\n"
1153
msgstr ""
1154
"\n"
1155
"http_access allow fortytwo_network\n"
1156
1157
#: serverguide/C/web-servers.xml:927(para)
1158
msgid ""
1159
"Using the excellent access control features of Squid, you may configure use "
1160
"of Internet services proxied by Squid to be available only during normal "
1161
"business hours. For example, we'll illustrate access by employees of a "
1162
"business which is operating between 9:00AM and 5:00PM, Monday through "
1163
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1164
msgstr ""
1165
1166
#: serverguide/C/web-servers.xml:935(programlisting)
1167
#, no-wrap
1168
msgid ""
1169
"\n"
1170
"acl biz_network src 10.1.42.0/24\n"
1171
"acl biz_hours time M T W T F 9:00-17:00\n"
1172
msgstr ""
1173
"\n"
1174
"acl biz_network src 10.1.42.0/24\n"
1175
"acl biz_hours time M T W T F 9:00-17:00\n"
1176
1177
#: serverguide/C/web-servers.xml:943(programlisting)
1178
#, no-wrap
1179
msgid ""
1180
"\n"
1181
"http_access allow biz_network biz_hours\n"
1182
msgstr ""
1183
"\n"
1184
"http_access allow biz_network biz_hours\n"
1185
1186
#: serverguide/C/web-servers.xml:950(para)
1187
msgid ""
1188
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
1189
"save the file and restart the <application>squid</application> server "
1190
"application to effect the changes using the following command entered at a "
1191
"terminal prompt:"
1192
msgstr ""
1193
"หลังจากคุณแก้ไขไฟล์ <filename>/etc/squid/squid.conf</filename> แล้ว "
1194
"ให้บันทึกไฟล์และเริ่มโปรแกรม <application>squid</application> "
1195
"ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้โดยพิมพ์คำสั่ง:"
1196
1197
#: serverguide/C/web-servers.xml:956(command)
1198
msgid "sudo systemctl restart squid.service"
1199
msgstr ""
1200
1201
#: serverguide/C/web-servers.xml:961(para)
1202
msgid ""
1203
"If formerly a customized squid3 was used that set up the spool at "
1204
"<filename>/var/log/squid3</filename> to be a mountpoint, but otherwise kept "
1205
"the default configuration the upgrade will fail. The upgrade tries to "
1206
"rename/move files as needed, but it can't do so for an active mountpoint. In "
1207
"that case please either adapt the mountpoint or the config in "
1208
"<filename>/etc/squid/squid.conf</filename> so that they match."
1209
msgstr ""
1210
1211
#: serverguide/C/web-servers.xml:966(para)
1212
msgid ""
1213
"The same applies if the <emphasis role=\"bold\">include</emphasis> config "
1214
"statement was used to pull in more files from the old path at "
1215
"<filename>/etc/squid3/</filename>. In those cases you should move and adapt "
1216
"your configuration accordingly."
1217
msgstr ""
1218
1219
#: serverguide/C/web-servers.xml:975(ulink)
1220
msgid "Squid Website"
1221
msgstr "เว็บไซต์ Squid"
1222
1223
#: serverguide/C/web-servers.xml:977(para)
1224
msgid ""
1225
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1226
"Squid</ulink> page."
1227
msgstr ""
1228
1229
#: serverguide/C/web-servers.xml:984(title)
1230
msgid "Ruby on Rails"
1231
msgstr "Ruby on Rails"
1232
1233
#: serverguide/C/web-servers.xml:985(para)
1234
msgid ""
1235
"Ruby on Rails is an open source web framework for developing database backed "
1236
"web applications. It is optimized for sustainable productivity of the "
1237
"programmer since it lets the programmer to write code by favouring "
1238
"convention over configuration."
1239
msgstr ""
1240
"Ruby on Rails เป็นเฟรมเวิร์คโอเพนซอร์สสำหรับพัฒนาเว็บแอพพลิเคชั่น "
1241
"ซึ่งได้ถูกออกแบบมาเพื่อให้นักพัฒนาโปรแกรมเขียนโค๊ดได้อย่างมีประสิทธิภาพยิ่งขึ"
1242
"้นเนื่องจากว่า Ruby on Rails ไม่เน้นการตั้งค่ามากมาย "
1243
"แต่จะใช้รูปแบบการเขียนที่เป็นมาตรฐานของเฟรมเวิร์คเพื่อเขียนแอพพลิเคชั่นแทน"
1244
1245
#: serverguide/C/web-servers.xml:992(para)
1246
msgid ""
1247
"Before installing <application>Rails</application> you should install "
1248
"<application>Apache</application> and <application>MySQL</application>. To "
1249
"install the <application>Apache</application> package, please refer to <xref "
1250
"linkend=\"httpd\"/>. For instructions on installing "
1251
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1252
msgstr ""
1253
"ก่อนที่จะติดตั้ง <application>Rails</application> คุณควรติดตั้งโปรแกรม "
1254
"<application>Apache</application> และ <application>MySQL</application> "
1255
"เสียก่อน สำหรับวิธีการติดตั้ง <application>Apache</application> "
1256
"กรุณาอ่านที่ <xref linkend=\"httpd\"/> และสำหรับวิธีการติดตั้ง "
1257
"<application>MySQL</application> กรุณาอ่านที่ <xref linkend=\"mysql\"/>"
1258
1259
#: serverguide/C/web-servers.xml:1000(para)
1260
msgid ""
1261
"Once you have <application>Apache</application> and "
1262
"<application>MySQL</application> packages installed, you are ready to "
1263
"install <application>Ruby on Rails</application> package."
1264
msgstr ""
1265
"หลังจากที่คุณได้ติดตั้งโปรแกรม <application>Apache</application> และ "
1266
"<application>MySQL</application> แล้ว คุณก็พร้อมที่จะติดตั้ง "
1267
"<application>Ruby on Rails</application>"
1268
1269
#: serverguide/C/web-servers.xml:1007(para)
1270
msgid ""
1271
"To install the <application>Ruby</application> base packages and "
1272
"<application>Ruby on Rails</application>, you can enter the following "
1273
"command in the terminal prompt:"
1274
msgstr ""
1275
"คุณสามารถพิมพ์คำสั่งดังนี้เพื่อติดตั้งแพคเกจ <application>Ruby</application> "
1276
"และ <application>Ruby on Rails</application>"
1277
1278
#: serverguide/C/web-servers.xml:1013(command)
1279
msgid "sudo apt install rails"
1280
msgstr ""
1281
1282
#: serverguide/C/web-servers.xml:1019(para)
1283
msgid ""
1284
"Modify the <filename>/etc/apache2/sites-available/000-"
1285
"default.conf</filename> configuration file to setup your domains."
1286
msgstr ""
1287
1288
#: serverguide/C/web-servers.xml:1023(para)
1289
msgid ""
1290
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1291
msgstr ""
1292
"สิ่งแรกที่ต้องทำคือเปลี่ยนค่าของคำสั่ง <emphasis>DocumentRoot</emphasis>:"
1293
1294
#: serverguide/C/web-servers.xml:1027(programlisting)
1295
#, no-wrap
1296
msgid ""
1297
"\n"
1298
"DocumentRoot /path/to/rails/application/public\n"
1299
msgstr ""
1300
"\n"
1301
"DocumentRoot /path/to/rails/application/public\n"
1302
1303
#: serverguide/C/web-servers.xml:1030(para)
1304
msgid ""
1305
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1306
"directive:"
1307
msgstr ""
1308
"จากนั้นให้แก้ไขค่าของคำสั่ง <Directory "
1309
"\"/path/to/rails/application/public\">"
1310
1311
#: serverguide/C/web-servers.xml:1034(programlisting)
1312
#, no-wrap
1313
msgid ""
1314
"\n"
1315
"<Directory \"/path/to/rails/application/public\">\n"
1316
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
1317
" AllowOverride All\n"
1318
" Order allow,deny\n"
1319
" allow from all\n"
1320
" AddHandler cgi-script .cgi\n"
1321
"</Directory>\n"
1322
msgstr ""
1323
"\n"
1324
"<Directory \"/path/to/rails/application/public\">\n"
1325
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
1326
" AllowOverride All\n"
1327
" Order allow,deny\n"
1328
" allow from all\n"
1329
" AddHandler cgi-script .cgi\n"
1330
"</Directory>\n"
1331
1332
#: serverguide/C/web-servers.xml:1044(para)
1333
msgid ""
1334
"You should also enable the <application>mod_rewrite</application> module for "
1335
"Apache. To enable <application>mod_rewrite</application> module, please "
1336
"enter the following command in a terminal prompt:"
1337
msgstr ""
1338
"คุณควรจะเปิดใช้งานโมดูล <application>mod_rewrite</application> ใน Apache "
1339
"ด้วย โดยพิมพ์คำสั่งดังนี้:"
1340
1341
#: serverguide/C/web-servers.xml:1050(command)
1342
msgid "sudo a2enmod rewrite"
1343
msgstr "sudo a2enmod rewrite"
1344
1345
#: serverguide/C/web-servers.xml:1053(para)
1346
msgid ""
1347
"Finally you will need to change the ownership of the "
1348
"<filename>/path/to/rails/application/public</filename> and "
1349
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
1350
"used to run the <application>Apache</application> process:"
1351
msgstr ""
1352
"ท้ายที่สุดคุณจะต้องแก้ไขเจ้าของๆไดเร็คทอรี่ "
1353
"<filename>/path/to/rails/application/public</filename> และ "
1354
"<filename>/path/to/rails/application/tmp</filename> "
1355
"เป็นผู้ใช้ที่ถูกใช้เพื่อรันโปรเซส <application>Apache</application>"
1356
1357
#: serverguide/C/web-servers.xml:1059(command)
1358
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1359
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
1360
1361
#: serverguide/C/web-servers.xml:1060(command)
1362
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1363
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1364
1365
#: serverguide/C/web-servers.xml:1063(para)
1366
msgid ""
1367
"That's it! Now you have your Server ready for your <application>Ruby on "
1368
"Rails</application> applications."
1369
msgstr ""
1370
"แค่นี้ก็เสร็จแล้ว! ตอนนี้คุณก็ตั้งค่าเซิร์ฟเวอร์ให้พร้อมใช้งานสำหรับ "
1371
"<application>Ruby on Rails</application> แล้ว"
1372
1373
#: serverguide/C/web-servers.xml:1072(para)
1374
msgid ""
1375
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1376
"for more information."
1377
msgstr ""
1378
1379
#: serverguide/C/web-servers.xml:1077(para)
1380
msgid ""
1381
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1382
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1383
"resource."
1384
msgstr ""
1385
1386
#: serverguide/C/web-servers.xml:1083(para)
1387
msgid ""
1388
"Another place for more information is the <ulink "
1389
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1390
"Wiki</ulink> page."
1391
msgstr ""
1392
1393
#: serverguide/C/web-servers.xml:1094(title)
1394
msgid "Apache Tomcat"
1395
msgstr "Apache Tomcat"
1396
1397
#: serverguide/C/web-servers.xml:1095(para)
1398
msgid ""
1399
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1400
"JSP (Java Server Pages) web applications."
1401
msgstr ""
1402
"Apache Tomcat "
1403
"เป็นโปรแกรมที่จะทำให้คุณให้บริการเว็บแอพพลิเคชั่นที่สนับสนุนเทคโนโลยีจาวาเซิร"
1404
"์ฟเล็ต (Java Servlet) และ JSP (Java Server Pages) ได้"
1405
1406
#: serverguide/C/web-servers.xml:1097(para)
1407
msgid ""
1408
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1409
"legacy version, and Tomcat 7 is the current version where new features are "
1410
"implemented. Both are considered stable. This guide will focus on Tomcat 7, "
1411
"but most configuration details are valid for both versions."
1412
msgstr ""
1413
1414
#: serverguide/C/web-servers.xml:1100(para)
1415
msgid ""
1416
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1417
"You can install them as a classic unique system-wide instance, that will be "
1418
"started at boot time will run as the tomcat7 (or tomcat6) unprivileged user. "
1419
"But you can also deploy private instances that will run with your own user "
1420
"rights, and that you should start and stop by yourself. This second way is "
1421
"particularly useful in a development server context where multiple users "
1422
"need to test on their own private Tomcat instances."
1423
msgstr ""
1424
1425
#: serverguide/C/web-servers.xml:1110(title)
1426
msgid "System-wide installation"
1427
msgstr "การติดตั้งแบบ system-wide"
1428
1429
#: serverguide/C/web-servers.xml:1111(para)
1430
msgid ""
1431
"To install the Tomcat server, you can enter the following command in the "
1432
"terminal prompt:"
1433
msgstr ""
1434
1435
#: serverguide/C/web-servers.xml:1114(command)
1436
msgid "sudo apt install tomcat7"
1437
msgstr ""
1438
1439
#: serverguide/C/web-servers.xml:1116(para)
1440
msgid ""
1441
"This will install a Tomcat server with just a default ROOT webapp that "
1442
"displays a minimal \"It works\" page by default."
1443
msgstr ""
1444
"คำสั่งนี้จะติดตั้งเซิร์ฟเวอร์ Tomcat พร้อมกับเว็บแอพพลิเคชั่นชื่อ ROOT "
1445
"ที่จะแสดงหน้า \"It works\" เพื่อแสดงให้ดูว่าใช้งานได้แล้วเท่านั้น"
1446
1447
#: serverguide/C/web-servers.xml:1122(para)
1448
msgid ""
1449
"Tomcat configuration files can be found in "
1450
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1451
"will be described here, please see <ulink "
1452
"url=\"http://tomcat.apache.org/tomcat-7.0-doc/index.html\">Tomcat 7.0 "
1453
"documentation</ulink> for more."
1454
msgstr ""
1455
1456
#: serverguide/C/web-servers.xml:1128(title)
1457
msgid "Changing default ports"
1458
msgstr "เปลี่ยนพอร์ตเริ่มต้นที่มาพร้อมกับการติดตั้ง"
1459
1460
#: serverguide/C/web-servers.xml:1129(para)
1461
msgid ""
1462
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1463
"port 8009. You might want to change those default ports to avoid conflict "
1464
"with another application on the system. This is done by changing the "
1465
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1466
msgstr ""
1467
1468
#: serverguide/C/web-servers.xml:1134(programlisting)
1469
#, no-wrap
1470
msgid ""
1471
"\n"
1472
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
1473
" connectionTimeout=\"20000\" \n"
1474
" redirectPort=\"8443\" />\n"
1475
"...\n"
1476
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
1477
"/>\n"
1478
msgstr ""
1479
"\n"
1480
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
1481
" connectionTimeout=\"20000\" \n"
1482
" redirectPort=\"8443\" />\n"
1483
"...\n"
1484
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
1485
"/>\n"
1486
1487
#: serverguide/C/web-servers.xml:1143(title)
1488
msgid "Changing JVM used"
1489
msgstr "เปลี่ยน JVM ที่ถูกใช้งาน"
1490
1491
#: serverguide/C/web-servers.xml:1144(para)
1492
msgid ""
1493
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1494
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1495
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1496
msgstr ""
1497
1498
#: serverguide/C/web-servers.xml:1148(programlisting)
1499
#, no-wrap
1500
msgid ""
1501
"\n"
1502
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1503
msgstr ""
1504
"\n"
1505
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1506
1507
#: serverguide/C/web-servers.xml:1153(title)
1508
msgid "Declaring users and roles"
1509
msgstr "การสร้างผู้ใช้และบทบาท"
1510
1511
#: serverguide/C/web-servers.xml:1154(para)
1512
msgid ""
1513
"Usernames, passwords and roles (groups) can be defined centrally in a "
1514
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1515
"users.xml</filename> file:"
1516
msgstr ""
1517
1518
#: serverguide/C/web-servers.xml:1157(programlisting)
1519
#, no-wrap
1520
msgid ""
1521
"\n"
1522
"<role rolename=\"admin\"/>\n"
1523
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1524
msgstr ""
1525
"\n"
1526
"<role rolename=\"admin\"/>\n"
1527
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1528
1529
#: serverguide/C/web-servers.xml:1165(title)
1530
msgid "Using Tomcat standard webapps"
1531
msgstr "การใช้งานเว็บแอพพลิเคชั่นมาตรฐานที่มากับ Tomcat"
1532
1533
#: serverguide/C/web-servers.xml:1166(para)
1534
msgid ""
1535
"Tomcat is shipped with webapps that you can install for documentation, "
1536
"administration or demo purposes."
1537
msgstr ""
1538
"Tomcat นั้นมาพร้อมกับเว็บแอพพลิเคชั่นที่คุณสามารถติดตั้งเพื่อดูคู่มือ "
1539
"ดูแลระบบ หรือเพื่อสาธิต"
1540
1541
#: serverguide/C/web-servers.xml:1169(title)
1542
msgid "Tomcat documentation"
1543
msgstr "เอกสารคู่มือ Tomcat"
1544
1545
#: serverguide/C/web-servers.xml:1170(para)
1546
msgid ""
1547
"The <application>tomcat7-docs</application> package contains Tomcat "
1548
"documentation, packaged as a webapp that you can access by default at "
1549
"http://yourserver:8080/docs. You can install it by entering the following "
1550
"command in the terminal prompt:"
1551
msgstr ""
1552
1553
#: serverguide/C/web-servers.xml:1175(command)
1554
msgid "sudo apt install tomcat7-docs"
1555
msgstr ""
1556
1557
#: serverguide/C/web-servers.xml:1179(title)
1558
msgid "Tomcat administration webapps"
1559
msgstr "เว็บแอพพลิเคชั่นสำหรับจัดการ Tomcat"
1560
1561
#: serverguide/C/web-servers.xml:1180(para)
1562
msgid ""
1563
"The <application>tomcat7-admin</application> package contains two webapps "
1564
"that can be used to administer the Tomcat server using a web interface. You "
1565
"can install them by entering the following command in the terminal prompt:"
1566
msgstr ""
1567
1568
#: serverguide/C/web-servers.xml:1185(command)
1569
msgid "sudo apt install tomcat7-admin"
1570
msgstr ""
1571
1572
#: serverguide/C/web-servers.xml:1187(para)
1573
msgid ""
1574
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1575
"access by default at http://yourserver:8080/manager/html. It is primarily "
1576
"used to get server status and restart webapps."
1577
msgstr ""
1578
"แอพพลิเคชั่นแรกคือ <emphasis>manager</emphasis> และคุณสามารถใช้งานได้ที่ "
1579
"http://yourserver:8080/manager/html "
1580
"ประโยชน์หลักของแอพพลิเคชั่นนี้คือเพื่อดูสถานะของเซิร์ฟเวอร์และเพื่อเริ่มต้นเว"
1581
"็บแอพพลิเคชั่นใหม่"
1582
1583
#: serverguide/C/web-servers.xml:1190(para)
1584
msgid ""
1585
"Access to the <emphasis>manager</emphasis> application is protected by "
1586
"default: you need to define a user with the role \"manager-gui\" in "
1587
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1588
msgstr ""
1589
1590
#: serverguide/C/web-servers.xml:1194(para)
1591
msgid ""
1592
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1593
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1594
"used to create virtual hosts dynamically."
1595
msgstr ""
1596
"แอพพลิเคชั่นตัวที่สองคือ <emphasis>host-manager</emphasis> "
1597
"ซึ่งมีไว้เพื่อสร้างโฮสต์เสมือน (virtual hosts) โดยคุณสามารถใช้งานได้ที่ "
1598
"http://yourserver:8080/host-manager/html"
1599
1600
#: serverguide/C/web-servers.xml:1198(para)
1601
msgid ""
1602
"Access to the <emphasis>host-manager</emphasis> application is also "
1603
"protected by default: you need to define a user with the role \"admin-gui\" "
1604
"in <filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access "
1605
"it."
1606
msgstr ""
1607
1608
#: serverguide/C/web-servers.xml:1203(para)
1609
msgid ""
1610
"For security reasons, the tomcat7 user cannot write to the "
1611
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1612
"these admin webapps (application deployment, virtual host creation) need "
1613
"write access to that directory. If you want to use these features execute "
1614
"the following, to give users in the tomcat7 group the necessary rights:"
1615
msgstr ""
1616
1617
#: serverguide/C/web-servers.xml:1210(command)
1618
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1619
msgstr ""
1620
1621
#: serverguide/C/web-servers.xml:1211(command)
1622
msgid "sudo chmod -R g+w /etc/tomcat7"
1623
msgstr ""
1624
1625
#: serverguide/C/web-servers.xml:1216(title)
1626
msgid "Tomcat examples webapps"
1627
msgstr "เว็บแอพพลิเคชั่นตัวอย่างของ Tomcat"
1628
1629
#: serverguide/C/web-servers.xml:1217(para)
1630
msgid ""
1631
"The <application>tomcat7-examples</application> package contains two webapps "
1632
"that can be used to test or demonstrate Servlets and JSP features, which you "
1633
"can access them by default at http://yourserver:8080/examples. You can "
1634
"install them by entering the following command in the terminal prompt:"
1635
msgstr ""
1636
1637
#: serverguide/C/web-servers.xml:1223(command)
1638
msgid "sudo apt install tomcat7-examples"
1639
msgstr ""
1640
1641
#: serverguide/C/web-servers.xml:1229(title)
1642
msgid "Using private instances"
1643
msgstr "การใช้งาน instance ส่วนตัว"
1644
1645
#: serverguide/C/web-servers.xml:1230(para)
1646
msgid ""
1647
"Tomcat is heavily used in development and testing scenarios where using a "
1648
"single system-wide instance doesn't meet the requirements of multiple users "
1649
"on a single system. The Tomcat packages in Ubuntu come with tools to help "
1650
"deploy your own user-oriented instances, allowing every user on a system to "
1651
"run (without root rights) separate private instances while still using the "
1652
"system-installed libraries."
1653
msgstr ""
1654
1655
#: serverguide/C/web-servers.xml:1237(para)
1656
msgid ""
1657
"It is possible to run the system-wide instance and the private instances in "
1658
"parallel, as long as they do not use the same TCP ports."
1659
msgstr ""
1660
"นอกจากนั้นคุณยังสามารถใช้งาน instance ของระบบคู่ไปกับ instance "
1661
"ส่วนตัวได้อีกด้วย ตราบใดที่ instance ทั้งสองไม่ใช้พอร์ต TCP เลขเดียวกัน"
1662
1663
#: serverguide/C/web-servers.xml:1241(title)
1664
msgid "Installing private instance support"
1665
msgstr "การติดตั้ง instance ส่วนตัว"
1666
1667
#: serverguide/C/web-servers.xml:1242(para)
1668
msgid ""
1669
"You can install everything necessary to run private instances by entering "
1670
"the following command in the terminal prompt:"
1671
msgstr ""
1672
"คุณสามารถติดตั้งทุกอย่างที่จะต้องใช้เพื่อใช้งาน instance "
1673
"ส่วนตัวได้โดยพิมพ์คำสั่งดังนี้:"
1674
1675
#: serverguide/C/web-servers.xml:1245(command)
1676
msgid "sudo apt install tomcat7-user"
1677
msgstr ""
1678
1679
#: serverguide/C/web-servers.xml:1249(title)
1680
msgid "Creating a private instance"
1681
msgstr "การสร้าง instance ส่วนตัว"
1682
1683
#: serverguide/C/web-servers.xml:1250(para)
1684
msgid ""
1685
"You can create a private instance directory by entering the following "
1686
"command in the terminal prompt:"
1687
msgstr ""
1688
"คุณสามารถสร้างไดเร็คทอรี่สำหรับ instance ส่วนตัวได้โดยพิมพ์คำสั่งดังนี้:"
1689
1690
#: serverguide/C/web-servers.xml:1253(command)
1691
msgid "tomcat7-instance-create my-instance"
1692
msgstr ""
1693
1694
#: serverguide/C/web-servers.xml:1255(para)
1695
msgid ""
1696
"This will create a new <filename>my-instance</filename> directory with all "
1697
"the necessary subdirectories and scripts. You can for example install your "
1698
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
1699
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
1700
"are deployed by default."
1701
msgstr ""
1702
"คำสั่งนี้จะสร้างไดเร็คทอรี่ใหม่ชื่อ <filename>my-instance</filename> "
1703
"ที่มีไฟล์สคริปต์และไดเร็คทอรี่ย่อยที่จำเป็นอยู่แล้ว "
1704
"คุณสามารถติดตั้งไลบรารี่ต่างๆที่คุณใช้ร่วมกันระหว่างแอพพลิเคชั่นต่างๆในไดเร็ค"
1705
"ทอรี่ย่อยชื่อ <filename>lib/</filename> และ deploy "
1706
"แอพพลิเคชั่นของคุณในไดเร็คทอรี่ย่อยชื่อ <filename>webapps/</filename>"
1707
1708
#: serverguide/C/web-servers.xml:1263(title)
1709
msgid "Configuring your private instance"
1710
msgstr "การตั้งค่า instance ส่วนตัวของคุณ"
1711
1712
#: serverguide/C/web-servers.xml:1264(para)
1713
msgid ""
1714
"You will find the classic Tomcat configuration files for your private "
1715
"instance in the <filename>conf/</filename> subdirectory. You should for "
1716
"example certainly edit the <filename>conf/server.xml</filename> file to "
1717
"change the default ports used by your private Tomcat instance to avoid "
1718
"conflict with other instances that might be running."
1719
msgstr ""
1720
"คุณจะพบไฟล์การตั้งค่าสำหรับ instance ส่วนตัวของ Tomcat "
1721
"ในไดเร็คทอรี่ย่อยที่ชื่อ <filename>conf/</filename> คุณควรจะแก้ไขไฟล์ "
1722
"<filename>conf/server.xml</filename> เพื่อเปลี่ยนตัวเลขพอร์ตที่ใช้ใน Tomcat "
1723
"instance ของคุณเพื่อป้องกันการขัดแย้งกับ instance "
1724
"อื่นๆที่ทำงานอยู่ในเวลาเดียวกัน"
1725
1726
#: serverguide/C/web-servers.xml:1272(title)
1727
msgid "Starting/stopping your private instance"
1728
msgstr "การเริ่ม/หยุด instance ส่วนตัวของคุณ"
1729
1730
#: serverguide/C/web-servers.xml:1273(para)
1731
msgid ""
1732
"You can start your private instance by entering the following command in the "
1733
"terminal prompt (supposing your instance is located in the <filename>my-"
1734
"instance</filename> directory):"
1735
msgstr ""
1736
"คุณสามารถเริ่ม instance ส่วนตัวของคุณได้โดยพิมพ์คำสั่งดังนี้ "
1737
"(ในตัวอย่างจะสมมุติว่า instance ของคุณอยู่ในไดเร็คทอรี่ <filename>my-"
1738
"instance</filename>):"
1739
1740
#: serverguide/C/web-servers.xml:1277(command)
1741
msgid "my-instance/bin/startup.sh"
1742
msgstr "my-instance/bin/startup.sh"
1743
1744
#: serverguide/C/web-servers.xml:1279(para)
1745
msgid ""
1746
"You should check the <filename>logs/</filename> subdirectory for any error. "
1747
"If you have a <emphasis>java.net.BindException: Address already in "
1748
"use<null>:8080</emphasis> error, it means that the port you're using "
1749
"is already taken and that you should change it."
1750
msgstr ""
1751
"คุณควรตรวจสอบไดเร็คทอรี่ย่อยชื่อ <filename>logs/</filename> "
1752
"เพื่อดูว่ามีข้อผิดพลาดใดๆหรือไม่ ถ้าคุณพบข้อผิดพลาด "
1753
"<emphasis>java.net.BindException: Address already in "
1754
"use<null>:8080</emphasis> "
1755
"นั่นหมายความว่าเลขที่พอร์ตที่คุณเลือกใช้นั้นได้ถูกใช้อยู่แล้ว "
1756
"และคุณจะต้องเปลี่ยนเลขที่พอร์ต"
1757
1758
#: serverguide/C/web-servers.xml:1284(para)
1759
msgid ""
1760
"You can stop your instance by entering the following command in the terminal "
1761
"prompt (supposing your instance is located in the <filename>my-"
1762
"instance</filename> directory):"
1763
msgstr ""
1764
"คุณสามารถหยุด instance ของคุณได้โดยพิมพ์คำสั่งดังนี้ (สมมุติว่า instance "
1765
"ของคุณอยู่ในไดเร็คทอรี่ <filename>my-instance</filename>):"
1766
1767
#: serverguide/C/web-servers.xml:1288(command)
1768
msgid "my-instance/bin/shutdown.sh"
1769
msgstr "my-instance/bin/shutdown.sh"
1770
1771
#: serverguide/C/web-servers.xml:1297(para)
1772
msgid ""
1773
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1774
"website for more information."
1775
msgstr ""
1776
1777
#: serverguide/C/web-servers.xml:1302(para)
1778
msgid ""
1779
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1780
"Definitive Guide</ulink> is a good resource for building web applications "
1781
"with Tomcat."
1782
msgstr ""
1783
1784
#: serverguide/C/web-servers.xml:1308(para)
1785
msgid ""
1786
"For additional books see the <ulink "
1787
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1788
"page."
1789
msgstr ""
1790
1791
#: serverguide/C/vpn.xml:11(title)
1792
msgid "VPN"
1793
msgstr ""
1794
1795
#: serverguide/C/vpn.xml:13(para)
1796
msgid ""
1797
"OpenVPN is a Virtual Private Networking (VPN) solution provided in the "
1798
"Ubuntu Repositories. It is flexible, reliable and secure. It belongs to the "
1799
"family of SSL/TLS VPN stacks (different from IPSec VPNs). This chapter will "
1800
"cover installing and configuring <application>OpenVPN</application> to "
1801
"create a VPN."
1802
msgstr ""
1803
1804
#: serverguide/C/vpn.xml:19(title)
1805
msgid "OpenVPN"
1806
msgstr ""
1807
1808
#: serverguide/C/vpn.xml:21(para)
1809
msgid ""
1810
"If you want more than just pre-shared keys "
1811
"<application>OpenVPN</application> makes it easy to setup and use a Public "
1812
"Key Infrastructure (PKI) to use SSL/TLS certificates for authentication and "
1813
"key exchange between the VPN server and clients. "
1814
"<application>OpenVPN</application> can be used in a routed or bridged VPN "
1815
"mode and can be configured to use either UDP or TCP. The port number can be "
1816
"configured as well, but port 1194 is the official one. And it is only using "
1817
"that single port for all communication. VPN client implementations are "
1818
"available for almost anything including all Linux distributions, OS X, "
1819
"Windows and OpenWRT based WLAN routers."
1820
msgstr ""
1821
1822
#: serverguide/C/vpn.xml:29(title)
1823
msgid "Server Installation"
1824
msgstr ""
1825
1826
#: serverguide/C/vpn.xml:31(para)
1827
msgid "To install <application>openvpn</application> in a terminal enter:"
1828
msgstr ""
1829
1830
#: serverguide/C/vpn.xml:35(command)
1831
msgid "sudo apt install openvpn easy-rsa"
1832
msgstr ""
1833
1834
#: serverguide/C/vpn.xml:40(title)
1835
msgid "Public Key Infrastructure Setup"
1836
msgstr ""
1837
1838
#: serverguide/C/vpn.xml:42(para)
1839
msgid ""
1840
"The first step in building an OpenVPN configuration is to establish a PKI "
1841
"(public key infrastructure). The PKI consists of:"
1842
msgstr ""
1843
1844
#: serverguide/C/vpn.xml:47(para)
1845
msgid ""
1846
"a separate certificate (also known as a public key) and private key for the "
1847
"server and each client, and"
1848
msgstr ""
1849
1850
#: serverguide/C/vpn.xml:50(para)
1851
msgid ""
1852
"a master Certificate Authority (CA) certificate and key which is used to "
1853
"sign each of the server and client certificates."
1854
msgstr ""
1855
1856
#: serverguide/C/vpn.xml:55(para)
1857
msgid ""
1858
"OpenVPN supports bidirectional authentication based on certificates, meaning "
1859
"that the client must authenticate the server certificate and the server must "
1860
"authenticate the client certificate before mutual trust is established."
1861
msgstr ""
1862
1863
#: serverguide/C/vpn.xml:59(para)
1864
msgid ""
1865
"Both server and client will authenticate the other by first verifying that "
1866
"the presented certificate was signed by the master certificate authority "
1867
"(CA), and then by testing information in the now-authenticated certificate "
1868
"header, such as the certificate common name or certificate type (client or "
1869
"server)."
1870
msgstr ""
1871
1872
#: serverguide/C/vpn.xml:64(title)
1873
msgid "Certificate Authority Setup"
1874
msgstr ""
1875
1876
#: serverguide/C/vpn.xml:66(para)
1877
msgid ""
1878
"To setup your own Certificate Authority (CA) and generating certificates and "
1879
"keys for an OpenVPN server and multiple clients first copy the "
1880
"<filename>easy-rsa</filename> directory to "
1881
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
1882
"scripts will not be lost when the package is updated. From a terminal change "
1883
"to user root and:"
1884
msgstr ""
1885
1886
#: serverguide/C/vpn.xml:74(command)
1887
msgid "mkdir /etc/openvpn/easy-rsa/"
1888
msgstr ""
1889
1890
#: serverguide/C/vpn.xml:75(command)
1891
msgid "cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/"
1892
msgstr ""
1893
1894
#: serverguide/C/vpn.xml:78(para)
1895
msgid ""
1896
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
1897
"following to your environment:"
1898
msgstr ""
1899
1900
#: serverguide/C/vpn.xml:82(programlisting)
1901
#, no-wrap
1902
msgid ""
1903
"\n"
1904
"export KEY_COUNTRY=\"US\"\n"
1905
"export KEY_PROVINCE=\"NC\"\n"
1906
"export KEY_CITY=\"Winston-Salem\"\n"
1907
"export KEY_ORG=\"Example Company\"\n"
1908
"export KEY_EMAIL=\"steve@example.com\"\n"
1909
"export KEY_CN=MyVPN\n"
1910
"export KEY_ALTNAMES=AltMyVPN\n"
1911
"export KEY_NAME=MyVPN\n"
1912
"export KEY_OU=MyVPN\n"
1913
"\n"
1914
"\n"
1915
msgstr ""
1916
1917
#: serverguide/C/vpn.xml:96(para)
1918
msgid ""
1919
"Enter the following to generate the master Certificate Authority (CA) "
1920
"certificate and key:"
1921
msgstr ""
1922
1923
#: serverguide/C/vpn.xml:101(command) serverguide/C/vpn.xml:149(command)
1924
msgid "cd /etc/openvpn/easy-rsa/"
1925
msgstr ""
1926
1927
#: serverguide/C/vpn.xml:102(command) serverguide/C/vpn.xml:150(command)
1928
msgid "source vars"
1929
msgstr ""
1930
1931
#: serverguide/C/vpn.xml:103(command)
1932
msgid "./clean-all"
1933
msgstr ""
1934
1935
#: serverguide/C/vpn.xml:104(command)
1936
msgid "./build-ca"
1937
msgstr ""
1938
1939
#: serverguide/C/vpn.xml:109(title)
1940
msgid "Server Certificates"
1941
msgstr ""
1942
1943
#: serverguide/C/vpn.xml:111(para)
1944
msgid "Next, we will generate a certificate and private key for the server:"
1945
msgstr ""
1946
1947
#: serverguide/C/vpn.xml:116(command)
1948
msgid "./build-key-server myservername"
1949
msgstr ""
1950
1951
#: serverguide/C/vpn.xml:119(para)
1952
msgid ""
1953
"As in the previous step, most parameters can be defaulted. Two other queries "
1954
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1955
"certificate requests certified, commit? [y/n]\"."
1956
msgstr ""
1957
1958
#: serverguide/C/vpn.xml:123(para)
1959
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1960
msgstr ""
1961
1962
#: serverguide/C/vpn.xml:128(command)
1963
msgid "./build-dh"
1964
msgstr ""
1965
1966
#: serverguide/C/vpn.xml:131(para)
1967
msgid ""
1968
"All certificates and keys have been generated in the subdirectory keys/. "
1969
"Common practice is to copy them to /etc/openvpn/:"
1970
msgstr ""
1971
1972
#: serverguide/C/vpn.xml:135(command)
1973
msgid "cd keys/"
1974
msgstr ""
1975
1976
#: serverguide/C/vpn.xml:136(command)
1977
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1978
msgstr ""
1979
1980
#: serverguide/C/vpn.xml:141(title)
1981
msgid "Client Certificates"
1982
msgstr ""
1983
1984
#: serverguide/C/vpn.xml:143(para)
1985
msgid ""
1986
"The VPN client will also need a certificate to authenticate itself to the "
1987
"server. Usually you create a different certificate for each client. To "
1988
"create the certificate, enter the following in a terminal while being user "
1989
"root:"
1990
msgstr ""
1991
1992
#: serverguide/C/vpn.xml:151(command)
1993
msgid "./build-key client1"
1994
msgstr ""
1995
1996
#: serverguide/C/vpn.xml:154(para)
1997
msgid "Copy the following files to the client using a secure method:"
1998
msgstr ""
1999
2000
#: serverguide/C/vpn.xml:159(para)
2001
msgid "/etc/openvpn/ca.crt"
2002
msgstr ""
2003
2004
#: serverguide/C/vpn.xml:160(para)
2005
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
2006
msgstr ""
2007
2008
#: serverguide/C/vpn.xml:161(para)
2009
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
2010
msgstr ""
2011
2012
#: serverguide/C/vpn.xml:164(para)
2013
msgid ""
2014
"As the client certificates and keys are only required on the client machine, "
2015
"you should remove them from the server."
2016
msgstr ""
2017
2018
#: serverguide/C/vpn.xml:172(title)
2019
msgid "Simple Server Configuration"
2020
msgstr ""
2021
2022
#: serverguide/C/vpn.xml:174(para)
2023
msgid ""
2024
"Along with your <application>OpenVPN</application> installation you got "
2025
"these sample config files (and many more if if you check):"
2026
msgstr ""
2027
2028
#: serverguide/C/vpn.xml:178(programlisting)
2029
#, no-wrap
2030
msgid ""
2031
"\n"
2032
"root@server:/# ls -l /usr/share/doc/openvpn/examples/sample-config-files/\n"
2033
"total 68\n"
2034
"-rw-r--r-- 1 root root 3427 2011-07-04 15:09 client.conf\n"
2035
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
2036
msgstr ""
2037
2038
#: serverguide/C/vpn.xml:185(para)
2039
msgid ""
2040
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
2041
msgstr ""
2042
2043
#: serverguide/C/vpn.xml:189(command)
2044
msgid ""
2045
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
2046
"/etc/openvpn/"
2047
msgstr ""
2048
2049
#: serverguide/C/vpn.xml:190(command)
2050
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
2051
msgstr ""
2052
2053
#: serverguide/C/vpn.xml:193(para)
2054
msgid ""
2055
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
2056
"following lines are pointing to the certificates and keys you created in the "
2057
"section above."
2058
msgstr ""
2059
2060
#: serverguide/C/vpn.xml:196(programlisting)
2061
#, no-wrap
2062
msgid ""
2063
"\n"
2064
"ca ca.crt\n"
2065
"cert myservername.crt\n"
2066
"key myservername.key\n"
2067
"dh dh2048.pem\n"
2068
msgstr ""
2069
2070
#: serverguide/C/vpn.xml:203(para)
2071
msgid ""
2072
"Edit <filename>/etc/sysctl.conf</filename> and uncomment the following line "
2073
"to enable IP forwarding."
2074
msgstr ""
2075
2076
#: serverguide/C/vpn.xml:204(programlisting)
2077
#, no-wrap
2078
msgid ""
2079
"\n"
2080
"#net.ipv4.ip_forward=1\n"
2081
msgstr ""
2082
2083
#: serverguide/C/vpn.xml:207(para)
2084
msgid "Then reload sysctl."
2085
msgstr ""
2086
2087
#: serverguide/C/vpn.xml:209(command)
2088
msgid "sudo sysctl -p /etc/sysctl.conf"
2089
msgstr ""
2090
2091
#: serverguide/C/vpn.xml:212(para)
2092
msgid ""
2093
"That is the minimum you have to configure to get a working OpenVPN server. "
2094
"You can use all the default settings in the sample server.conf file. Now "
2095
"start the server. You will find logging and error messages in your via "
2096
"journal. Dependin on what you look for:"
2097
msgstr ""
2098
2099
#: serverguide/C/vpn.xml:218(command)
2100
msgid "sudo journalctl -xe"
2101
msgstr ""
2102
2103
#: serverguide/C/vpn.xml:220(para)
2104
msgid ""
2105
"If you started a templatized service openvpn@server you can filter for this "
2106
"particular message source with:"
2107
msgstr ""
2108
2109
#: serverguide/C/vpn.xml:224(command)
2110
msgid "sudo journalctl --identifier ovpn-server"
2111
msgstr ""
2112
2113
#: serverguide/C/vpn.xml:227(para)
2114
msgid ""
2115
"Be aware that the \"systemctl start openvpn\" is not starting your openvpn "
2116
"you just defined. Openvpn uses templatized systemd jobs, "
2117
"openvpn@CONFIGFILENAME. So if for example your configuration file is "
2118
"\"server.conf\" your service is called openvpn@server. You can run all kind "
2119
"of service and systemctl commands like start/stop/enable/disable/preset "
2120
"against a templatized service like openvpn@server."
2121
msgstr ""
2122
2123
#: serverguide/C/vpn.xml:234(programlisting)
2124
#, no-wrap
2125
msgid ""
2126
"\n"
2127
"ubuntu@testopenvpn-server:~$ sudo systemctl start openvpn@server\n"
2128
"\n"
2129
"ubuntu@testopenvpn-server:~$ sudo systemctl status openvpn@server\n"
2130
". openvpn@server.service - OpenVPN connection to server\n"
2131
"Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor "
2132
"preset: enabled)\n"
2133
" Active: active (running) since Tue 2016-04-12 08:51:14 UTC; 1s ago\n"
2134
" Docs: man:openvpn(8)\n"
2135
" https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage\n"
2136
" https://community.openvpn.net/openvpn/wiki/HOWTO\n"
2137
" Process: 1573 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status "
2138
"/run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config "
2139
"/etc/openvpn/%i.conf --writep\n"
2140
" Main PID: 1575 (openvpn)\n"
2141
" Tasks: 1 (limit: 512)\n"
2142
" CGroup: /system.slice/system-openvpn.slice/openvpn@server.service\n"
2143
" |-1575 /usr/sbin/openvpn --daemon ovpn-server --status "
2144
"/run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config "
2145
"/etc/openvpn/server.conf --wr\n"
2146
"\n"
2147
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: /sbin/ip route add "
2148
"10.8.0.0/24 via 10.8.0.2\n"
2149
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: UDPv4 link local "
2150
"(bound): [undef]\n"
2151
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: UDPv4 link remote: "
2152
"[undef]\n"
2153
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: MULTI: multi_init "
2154
"called, r=256 v=256\n"
2155
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: IFCONFIG POOL: "
2156
"base=10.8.0.4 size=62, ipv6=0\n"
2157
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: ifconfig_pool_read(), "
2158
"in='client1,10.8.0.4', TODO: IPv6\n"
2159
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: succeeded -> "
2160
"ifconfig_pool_set()\n"
2161
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: IFCONFIG POOL LIST\n"
2162
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: client1,10.8.0.4\n"
2163
"Apr 12 08:51:14 testopenvpn-server ovpn-server[1575]: Initialization "
2164
"Sequence Completed\n"
2165
msgstr ""
2166
2167
#: serverguide/C/vpn.xml:262(para)
2168
msgid ""
2169
"You can enable/disable various openvpn services on one system, but you could "
2170
"also let Ubuntu do the heavy lifting. There is config for AUTOSTART in "
2171
"/etc/default/openvpn. Allowed values are \"all\", \"none\" or space "
2172
"separated list of names of the VPNs. If empty, \"all\" is assumed. The VPN "
2173
"name refers to the VPN configutation file name. i.e. \"home\" would be "
2174
"/etc/openvpn/home.conf If you're running systemd, changing this variable "
2175
"will require running \"systemctl daemon-reload\" followed by a restart of "
2176
"the openvpn service (if you removed entries you may have to stop those "
2177
"manually) After \"systemctl daemon-reload\" a restart of the \"generic\" "
2178
"openvon will restart all dependent services that the generator in "
2179
"/lib/systemd/system-generators/openvpn-generator created for your conf files "
2180
"when you called daemon-reload."
2181
msgstr ""
2182
2183
#: serverguide/C/vpn.xml:281(para)
2184
msgid ""
2185
"That is the minimum you have to configure to get a working OpenVPN server. "
2186
"You can use all the default settings in the sample server.conf file. Now "
2187
"start the server. You will find logging and error messages in your journal."
2188
msgstr ""
2189
2190
#: serverguide/C/vpn.xml:286(para)
2191
msgid "Now check if OpenVPN created a tun0 interface:"
2192
msgstr ""
2193
2194
#: serverguide/C/vpn.xml:290(programlisting)
2195
#, no-wrap
2196
msgid ""
2197
"\n"
2198
"root@server:/etc/openvpn# ifconfig tun0\n"
2199
"tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-"
2200
"00-00-00\n"
2201
" inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255\n"
2202
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
2203
"[...]\n"
2204
msgstr ""
2205
2206
#: serverguide/C/vpn.xml:300(title)
2207
msgid "Simple Client Configuration"
2208
msgstr ""
2209
2210
#: serverguide/C/vpn.xml:302(para)
2211
msgid ""
2212
"There are various different <application>OpenVPN</application> client "
2213
"implementations with and without GUIs. You can read more about clients in a "
2214
"later section. For now we use the <application>OpenVPN</application> client "
2215
"for Ubuntu which is the same executable as the server. So you have to "
2216
"install the openvpn package again on the client machine:"
2217
msgstr ""
2218
2219
#: serverguide/C/vpn.xml:309(command) serverguide/C/vpn.xml:698(command)
2220
msgid "sudo apt install openvpn"
2221
msgstr ""
2222
2223
#: serverguide/C/vpn.xml:312(para)
2224
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
2225
msgstr ""
2226
2227
#: serverguide/C/vpn.xml:316(command)
2228
msgid ""
2229
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2230
"/etc/openvpn/"
2231
msgstr ""
2232
2233
#: serverguide/C/vpn.xml:319(para)
2234
msgid ""
2235
"Copy the client keys and the certificate of the CA you created in the "
2236
"section above to e.g. /etc/openvpn/ and edit "
2237
"<filename>/etc/openvpn/client.conf</filename> to make sure the following "
2238
"lines are pointing to those files. If you have the files in /etc/openvpn/ "
2239
"you can omit the path."
2240
msgstr ""
2241
2242
#: serverguide/C/vpn.xml:322(programlisting) serverguide/C/vpn.xml:342(programlisting)
2243
#, no-wrap
2244
msgid ""
2245
"\n"
2246
"ca ca.crt\n"
2247
"cert client1.crt\n"
2248
"key client1.key\n"
2249
msgstr ""
2250
2251
#: serverguide/C/vpn.xml:328(para)
2252
msgid ""
2253
"And you have to at least specify the OpenVPN server name or address. Make "
2254
"sure the keyword client is in the config. That's what enables client mode."
2255
msgstr ""
2256
2257
#: serverguide/C/vpn.xml:334(programlisting)
2258
#, no-wrap
2259
msgid ""
2260
"\n"
2261
"client\n"
2262
"remote vpnserver.example.com 1194\n"
2263
msgstr ""
2264
2265
#: serverguide/C/vpn.xml:339(para)
2266
msgid ""
2267
"Also, make sure you specify the keyfile names you copied from the server"
2268
msgstr ""
2269
2270
#: serverguide/C/vpn.xml:347(para)
2271
msgid "Now start the OpenVPN client:"
2272
msgstr ""
2273
2274
#: serverguide/C/vpn.xml:351(programlisting)
2275
#, no-wrap
2276
msgid ""
2277
"\n"
2278
"ubuntu@testopenvpn-client:~$ sudo systemctl start openvpn@client\n"
2279
"ubuntu@testopenvpn-client:~$ sudo systemctl status openvpn@client\n"
2280
". openvpn@client.service - OpenVPN connection to client\n"
2281
" Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor "
2282
"preset: enabled)\n"
2283
" Active: active (running) since Tue 2016-04-12 08:50:50 UTC; 3s ago\n"
2284
" Docs: man:openvpn(8)\n"
2285
" https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage\n"
2286
" https://community.openvpn.net/openvpn/wiki/HOWTO\n"
2287
" Process: 1677 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status "
2288
"/run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config "
2289
"/etc/openvpn/%i.conf --writep\n"
2290
"Main PID: 1679 (openvpn)\n"
2291
" Tasks: 1 (limit: 512)\n"
2292
" CGroup: /system.slice/system-openvpn.slice/openvpn@client.service\n"
2293
" |-1679 /usr/sbin/openvpn --daemon ovpn-client --status "
2294
"/run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config "
2295
"/etc/openvpn/client.conf --wr\n"
2296
"\n"
2297
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: OPTIONS IMPORT: --"
2298
"ifconfig/up options modified\n"
2299
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: OPTIONS IMPORT: route "
2300
"options modified\n"
2301
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: ROUTE_GATEWAY "
2302
"192.168.122.1/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:89:ca:89\n"
2303
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: TUN/TAP device tun0 "
2304
"opened\n"
2305
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: TUN/TAP TX queue "
2306
"length set to 100\n"
2307
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: do_ifconfig, tt-"
2308
">ipv6=0, tt->did_ifconfig_ipv6_setup=0\n"
2309
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip link set dev "
2310
"tun0 up mtu 1500\n"
2311
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip addr add dev "
2312
"tun0 local 10.8.0.6 peer 10.8.0.5\n"
2313
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: /sbin/ip route add "
2314
"10.8.0.1/32 via 10.8.0.5\n"
2315
"Apr 12 08:50:52 testopenvpn-client ovpn-client[1679]: Initialization "
2316
"Sequence Completed\n"
2317
msgstr ""
2318
2319
#: serverguide/C/vpn.xml:378(para)
2320
msgid "Check if it created a tun0 interface:"
2321
msgstr ""
2322
2323
#: serverguide/C/vpn.xml:382(programlisting)
2324
#, no-wrap
2325
msgid ""
2326
"\n"
2327
"root@client:/etc/openvpn# ifconfig tun0\n"
2328
"tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-"
2329
"00-00-00 \n"
2330
" inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255\n"
2331
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
2332
msgstr ""
2333
2334
#: serverguide/C/vpn.xml:389(para)
2335
msgid "Check if you can ping the OpenVPN server:"
2336
msgstr ""
2337
2338
#: serverguide/C/vpn.xml:392(programlisting)
2339
#, no-wrap
2340
msgid ""
2341
"\n"
2342
"root@client:/etc/openvpn# ping 10.8.0.1\n"
2343
"PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.\n"
2344
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
2345
msgstr ""
2346
2347
#: serverguide/C/vpn.xml:399(para)
2348
msgid ""
2349
"The OpenVPN server always uses the first usable IP address in the client "
2350
"network and only that IP is pingable. E.g. if you configured a /24 for the "
2351
"client network mask, the .1 address will be used. The P-t-P address you see "
2352
"in the ifconfig output above is usually not answering ping requests."
2353
msgstr ""
2354
2355
#: serverguide/C/vpn.xml:404(para)
2356
msgid "Check out your routes:"
2357
msgstr ""
2358
2359
#: serverguide/C/vpn.xml:407(programlisting)
2360
#, no-wrap
2361
msgid ""
2362
"\n"
2363
"root@client:/etc/openvpn# netstat -rn\n"
2364
"Kernel IP routing table\n"
2365
"Destination Gateway Genmask Flags MSS Window irtt "
2366
"Iface\n"
2367
"10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 "
2368
"tun0\n"
2369
"10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 "
2370
"tun0\n"
2371
"192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 "
2372
"eth0\n"
2373
"0.0.0.0 192.168.42.1 0.0.0.0 UG 0 0 0 "
2374
"eth0\n"
2375
msgstr ""
2376
2377
#: serverguide/C/vpn.xml:419(title)
2378
msgid "First trouble shooting"
2379
msgstr ""
2380
2381
#: serverguide/C/vpn.xml:421(para)
2382
msgid "If the above didn't work for you, check this:"
2383
msgstr ""
2384
2385
#: serverguide/C/vpn.xml:426(para)
2386
msgid ""
2387
"Check your journal, e.g. journalctl --identifier ovpn-server (for "
2388
"server.conf)"
2389
msgstr ""
2390
2391
#: serverguide/C/vpn.xml:429(para)
2392
msgid ""
2393
"Check that you have specified the keyfile names correctly in client.conf and "
2394
"server.conf."
2395
msgstr ""
2396
2397
#: serverguide/C/vpn.xml:432(para)
2398
msgid ""
2399
"Can the client connect to the server machine? Maybe a firewall is blocking "
2400
"access? Check journal on server."
2401
msgstr ""
2402
2403
#: serverguide/C/vpn.xml:435(para)
2404
msgid ""
2405
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2406
"port and proto config option"
2407
msgstr ""
2408
2409
#: serverguide/C/vpn.xml:438(para)
2410
msgid ""
2411
"Client and server must use same config regarding compression, see comp-lzo "
2412
"config option"
2413
msgstr ""
2414
2415
#: serverguide/C/vpn.xml:441(para)
2416
msgid ""
2417
"Client and server must use same config regarding bridged vs routed mode, see "
2418
"server vs server-bridge config option"
2419
msgstr ""
2420
2421
#: serverguide/C/vpn.xml:448(title) serverguide/C/databases.xml:161(title)
2422
msgid "Advanced configuration"
2423
msgstr ""
2424
2425
#: serverguide/C/vpn.xml:451(title)
2426
msgid "Advanced routed VPN configuration on server"
2427
msgstr ""
2428
2429
#: serverguide/C/vpn.xml:453(para)
2430
msgid ""
2431
"The above is a very simple working VPN. The client can access services on "
2432
"the VPN server machine through an encrypted tunnel. If you want to reach "
2433
"more servers or anything in other networks, push some routes to the clients. "
2434
"E.g. if your company's network can be summarized to the network "
2435
"192.168.0.0/16, you could push this route to the clients. But you will also "
2436
"have to change the routing for the way back - your servers need to know a "
2437
"route to the VPN client-network."
2438
msgstr ""
2439
2440
#: serverguide/C/vpn.xml:457(para)
2441
msgid ""
2442
"Or you might push a default gateway to all the clients to send all their "
2443
"internet traffic to the VPN gateway first and from there via the company "
2444
"firewall into the internet. This section shows you some possible options."
2445
msgstr ""
2446
2447
#: serverguide/C/vpn.xml:461(para)
2448
msgid ""
2449
"Push routes to the client to allow it to reach other private subnets behind "
2450
"the server. Remember that these private subnets will also need to know to "
2451
"route the OpenVPN client address pool (10.8.0.0/24) back to the OpenVPN "
2452
"server."
2453
msgstr ""
2454
2455
#: serverguide/C/vpn.xml:470(programlisting)
2456
#, no-wrap
2457
msgid ""
2458
"\n"
2459
"push \"route 10.0.0.0 255.0.0.0\"\n"
2460
msgstr ""
2461
2462
#: serverguide/C/vpn.xml:474(para)
2463
msgid ""
2464
"If enabled, this directive will configure all clients to redirect their "
2465
"default network gateway through the VPN, causing all IP traffic such as web "
2466
"browsing and DNS lookups to go through the VPN (the OpenVPN server machine "
2467
"or your central firewall may need to NAT the TUN/TAP interface to the "
2468
"internet in order for this to work properly)."
2469
msgstr ""
2470
2471
#: serverguide/C/vpn.xml:483(programlisting)
2472
#, no-wrap
2473
msgid ""
2474
"\n"
2475
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2476
msgstr ""
2477
2478
#: serverguide/C/vpn.xml:487(para)
2479
msgid ""
2480
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2481
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2482
"made available to clients. Each client will be able to reach the server on "
2483
"10.8.0.1. Comment this line out if you are ethernet bridging."
2484
msgstr ""
2485
2486
#: serverguide/C/vpn.xml:496(programlisting)
2487
#, no-wrap
2488
msgid ""
2489
"\n"
2490
"server 10.8.0.0 255.255.255.0\n"
2491
msgstr ""
2492
2493
#: serverguide/C/vpn.xml:500(para)
2494
msgid ""
2495
"Maintain a record of client to virtual IP address associations in this file. "
2496
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2497
"the same virtual IP address from the pool that was previously assigned."
2498
msgstr ""
2499
2500
#: serverguide/C/vpn.xml:507(programlisting)
2501
#, no-wrap
2502
msgid ""
2503
"\n"
2504
"ifconfig-pool-persist ipp.txt\n"
2505
msgstr ""
2506
2507
#: serverguide/C/vpn.xml:511(para)
2508
msgid "Push DNS servers to the client."
2509
msgstr ""
2510
2511
#: serverguide/C/vpn.xml:514(programlisting)
2512
#, no-wrap
2513
msgid ""
2514
"\n"
2515
"push \"dhcp-option DNS 10.0.0.2\"\n"
2516
"push \"dhcp-option DNS 10.1.0.2\"\n"
2517
msgstr ""
2518
2519
#: serverguide/C/vpn.xml:519(para)
2520
msgid "Allow client to client communication."
2521
msgstr ""
2522
2523
#: serverguide/C/vpn.xml:522(programlisting)
2524
#, no-wrap
2525
msgid ""
2526
"\n"
2527
"client-to-client\n"
2528
msgstr ""
2529
2530
#: serverguide/C/vpn.xml:526(para)
2531
msgid "Enable compression on the VPN link."
2532
msgstr ""
2533
2534
#: serverguide/C/vpn.xml:529(programlisting)
2535
#, no-wrap
2536
msgid ""
2537
"\n"
2538
"comp-lzo\n"
2539
msgstr ""
2540
2541
#: serverguide/C/vpn.xml:533(para)
2542
msgid ""
2543
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2544
"sent back and forth over the link so that each side knows when the other "
2545
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2546
"no ping received during a 3 second time period."
2547
msgstr ""
2548
2549
#: serverguide/C/vpn.xml:542(programlisting)
2550
#, no-wrap
2551
msgid ""
2552
"\n"
2553
"keepalive 1 3\n"
2554
msgstr ""
2555
2556
#: serverguide/C/vpn.xml:546(para)
2557
msgid ""
2558
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2559
"initialization."
2560
msgstr ""
2561
2562
#: serverguide/C/vpn.xml:549(programlisting)
2563
#, no-wrap
2564
msgid ""
2565
"\n"
2566
"user nobody\n"
2567
"group nogroup\n"
2568
msgstr ""
2569
2570
#: serverguide/C/vpn.xml:554(para)
2571
msgid ""
2572
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2573
"obtain a username and password from a connecting client, and to use that "
2574
"information as a basis for authenticating the client. To use this "
2575
"authentication method, first add the auth-user-pass directive to the client "
2576
"configuration. It will direct the OpenVPN client to query the user for a "
2577
"username/password, passing it on to the server over the secure TLS channel."
2578
msgstr ""
2579
2580
#: serverguide/C/vpn.xml:558(programlisting)
2581
#, no-wrap
2582
msgid ""
2583
"\n"
2584
"# client config!\n"
2585
"auth-user-pass\n"
2586
msgstr ""
2587
2588
#: serverguide/C/vpn.xml:563(para)
2589
msgid ""
2590
"This will tell the OpenVPN server to validate the username/password entered "
2591
"by clients using the login PAM module. Useful if you have centralized "
2592
"authentication with e.g. Kerberos."
2593
msgstr ""
2594
2595
#: serverguide/C/vpn.xml:568(programlisting)
2596
#, no-wrap
2597
msgid ""
2598
"\n"
2599
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2600
msgstr ""
2601
2602
#: serverguide/C/vpn.xml:572(para)
2603
msgid ""
2604
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2605
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2606
"for further security advice."
2607
msgstr ""
2608
2609
#: serverguide/C/vpn.xml:578(title)
2610
msgid "Advanced bridged VPN configuration on server"
2611
msgstr ""
2612
2613
#: serverguide/C/vpn.xml:580(para)
2614
msgid ""
2615
"<application>OpenVPN</application> can be setup for either a routed or a "
2616
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2617
"layer-3 VPN. In a bridged VPN all layer-2 frames - e.g. all ethernet frames -"
2618
" are sent to the VPN partners and in a routed VPN only layer-3 packets are "
2619
"sent to VPN partners. In bridged mode all traffic including traffic which "
2620
"was traditionally LAN-local like local network broadcasts, DHCP requests, "
2621
"ARP requests etc. are sent to VPN partners whereas in routed mode this would "
2622
"be filtered."
2623
msgstr ""
2624
2625
#: serverguide/C/vpn.xml:586(title)
2626
msgid "Prepare interface config for bridging on server"
2627
msgstr ""
2628
2629
#: serverguide/C/vpn.xml:588(para)
2630
msgid "Make sure you have the bridge-utils package installed:"
2631
msgstr ""
2632
2633
#: serverguide/C/vpn.xml:592(command) serverguide/C/network-config.xml:542(command)
2634
msgid "sudo apt install bridge-utils"
2635
msgstr ""
2636
2637
#: serverguide/C/vpn.xml:595(para)
2638
msgid ""
2639
"Before you setup OpenVPN in bridged mode you need to change your interface "
2640
"configuration. Let's assume your server has an interface eth0 connected to "
2641
"the internet and an interface eth1 connected to the LAN you want to bridge. "
2642
"Your /etc/network/interfaces would like this:"
2643
msgstr ""
2644
2645
#: serverguide/C/vpn.xml:599(programlisting)
2646
#, no-wrap
2647
msgid ""
2648
"\n"
2649
"auto eth0\n"
2650
"iface eth0 inet static\n"
2651
" address 1.2.3.4\n"
2652
" netmask 255.255.255.248\n"
2653
" default 1.2.3.1\n"
2654
"\n"
2655
"auto eth1\n"
2656
"iface eth1 inet static\n"
2657
" address 10.0.0.4\n"
2658
" netmask 255.255.255.0\n"
2659
msgstr ""
2660
2661
#: serverguide/C/vpn.xml:612(para)
2662
msgid ""
2663
"This straight forward interface config needs to be changed into a bridged "
2664
"mode like where the config of interface eth1 moves to the new br0 interface. "
2665
"Plus we configure that br0 should bridge interface eth1. We also need to "
2666
"make sure that interface eth1 is always in promiscuous mode - this tells the "
2667
"interface to forward all ethernet frames to the IP stack."
2668
msgstr ""
2669
2670
#: serverguide/C/vpn.xml:616(programlisting)
2671
#, no-wrap
2672
msgid ""
2673
"\n"
2674
"auto eth0\n"
2675
"iface eth0 inet static\n"
2676
" address 1.2.3.4\n"
2677
" netmask 255.255.255.248\n"
2678
" default 1.2.3.1\n"
2679
"\n"
2680
"auto eth1\n"
2681
"iface eth1 inet manual\n"
2682
" up ip link set $IFACE up promisc on\n"
2683
"\n"
2684
"auto br0\n"
2685
"iface br0 inet static\n"
2686
" address 10.0.0.4\n"
2687
" netmask 255.255.255.0\n"
2688
" bridge_ports eth1\n"
2689
msgstr ""
2690
2691
#: serverguide/C/vpn.xml:634(para)
2692
msgid ""
2693
"At this point you need to bring up the bridge. Be prepared that this might "
2694
"not work as expected and that you will lose remote connectivity. Make sure "
2695
"you can solve problems having local access."
2696
msgstr ""
2697
2698
#: serverguide/C/vpn.xml:638(command)
2699
msgid "sudo ifdown eth1 && sudo ifup -a"
2700
msgstr ""
2701
2702
#: serverguide/C/vpn.xml:643(title)
2703
msgid "Prepare server config for bridging"
2704
msgstr ""
2705
2706
#: serverguide/C/vpn.xml:645(para)
2707
msgid ""
2708
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2709
"options to:"
2710
msgstr ""
2711
2712
#: serverguide/C/vpn.xml:649(programlisting)
2713
#, no-wrap
2714
msgid ""
2715
"\n"
2716
";dev tun\n"
2717
"dev tap\n"
2718
"up \"/etc/openvpn/up.sh br0 eth1\"\n"
2719
";server 10.8.0.0 255.255.255.0\n"
2720
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2721
msgstr ""
2722
2723
#: serverguide/C/vpn.xml:657(para)
2724
msgid ""
2725
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2726
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2727
"<filename>/etc/openvpn/up.sh</filename>:"
2728
msgstr ""
2729
2730
#: serverguide/C/vpn.xml:661(programlisting)
2731
#, no-wrap
2732
msgid ""
2733
"\n"
2734
"#!/bin/sh\n"
2735
"\n"
2736
"BR=$1\n"
2737
"ETHDEV=$2\n"
2738
"TAPDEV=$3\n"
2739
"\n"
2740
"/sbin/ip link set \"$TAPDEV\" up\n"
2741
"/sbin/ip link set \"$ETHDEV\" promisc on\n"
2742
"/sbin/brctl addif $BR $TAPDEV\n"
2743
msgstr ""
2744
2745
#: serverguide/C/vpn.xml:673(para)
2746
msgid "Then make it executable:"
2747
msgstr ""
2748
2749
#: serverguide/C/vpn.xml:678(command)
2750
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2751
msgstr ""
2752
2753
#: serverguide/C/vpn.xml:681(para)
2754
msgid ""
2755
"After configuring the server, restart <application>openvpn</application> by "
2756
"entering:"
2757
msgstr ""
2758
2759
#: serverguide/C/vpn.xml:686(command)
2760
msgid "sudo systemctl restart openvpn@server"
2761
msgstr ""
2762
2763
#: serverguide/C/vpn.xml:691(title)
2764
msgid "Client Configuration"
2765
msgstr ""
2766
2767
#: serverguide/C/vpn.xml:693(para)
2768
msgid "First, install <application>openvpn</application> on the client:"
2769
msgstr ""
2770
2771
#: serverguide/C/vpn.xml:701(para)
2772
msgid ""
2773
"Then with the server configured and the client certificates copied to the "
2774
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2775
"file by copying the example. In a terminal on the client machine enter:"
2776
msgstr ""
2777
2778
#: serverguide/C/vpn.xml:707(command)
2779
msgid ""
2780
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2781
"/etc/openvpn"
2782
msgstr ""
2783
2784
#: serverguide/C/vpn.xml:710(para)
2785
msgid ""
2786
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2787
"following options:"
2788
msgstr ""
2789
2790
#: serverguide/C/vpn.xml:714(programlisting)
2791
#, no-wrap
2792
msgid ""
2793
"\n"
2794
"dev tap\n"
2795
";dev tun\n"
2796
"ca ca.crt\n"
2797
"cert client1.crt\n"
2798
"key client1.key\n"
2799
msgstr ""
2800
2801
#: serverguide/C/vpn.xml:722(para)
2802
msgid "Finally, restart <application>openvpn</application>:"
2803
msgstr ""
2804
2805
#: serverguide/C/vpn.xml:727(command)
2806
msgid "sudo systemctl restart openvpn@client"
2807
msgstr ""
2808
2809
#: serverguide/C/vpn.xml:730(para)
2810
msgid "You should now be able to connect to the remote LAN through the VPN."
2811
msgstr ""
2812
2813
#: serverguide/C/vpn.xml:739(title)
2814
msgid "Client software implementations"
2815
msgstr ""
2816
2817
#: serverguide/C/vpn.xml:742(title)
2818
msgid "Linux Network-Manager GUI for OpenVPN"
2819
msgstr ""
2820
2821
#: serverguide/C/vpn.xml:744(para)
2822
msgid ""
2823
"Many Linux distributions including Ubuntu desktop variants come with Network "
2824
"Manager, a nice GUI to configure your network settings. It also can manage "
2825
"your VPN connections. Make sure you have package network-manager-openvpn "
2826
"installed. Here you see that the installation installs all other required "
2827
"packages as well:"
2828
msgstr ""
2829
2830
#: serverguide/C/vpn.xml:749(programlisting)
2831
#, no-wrap
2832
msgid ""
2833
"\n"
2834
"root@client:~# apt install network-manager-openvpn\n"
2835
"Reading package lists... Done\n"
2836
"Building dependency tree\n"
2837
"Reading state information... Done\n"
2838
"The following extra packages will be installed:\n"
2839
" liblzo2-2 libpkcs11-helper1 network-manager-openvpn-gnome openvpn\n"
2840
"Suggested packages:\n"
2841
" resolvconf\n"
2842
"The following NEW packages will be installed:\n"
2843
" liblzo2-2 libpkcs11-helper1 network-manager-openvpn\n"
2844
" network-manager-openvpn-gnome openvpn\n"
2845
"0 upgraded, 5 newly installed, 0 to remove and 631 not upgraded.\n"
2846
"Need to get 700 kB of archives.\n"
2847
"After this operation, 3,031 kB of additional disk space will be used.\n"
2848
"Do you want to continue [Y/n]?\n"
2849
msgstr ""
2850
2851
#: serverguide/C/vpn.xml:767(para)
2852
msgid ""
2853
"To inform network-manager about the new installed packages you will have to "
2854
"restart it:"
2855
msgstr ""
2856
2857
#: serverguide/C/vpn.xml:771(programlisting)
2858
#, no-wrap
2859
msgid ""
2860
"\n"
2861
"root@client:~# restart network-manager\n"
2862
"network-manager start/running, process 3078\n"
2863
msgstr ""
2864
2865
#: serverguide/C/vpn.xml:776(para)
2866
msgid ""
2867
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
2868
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
2869
"In the next window add the OpenVPN's server name as the 'Gateway', set "
2870
"'Type' to 'Certificates (TLS)', point 'User Certificate' to your user "
2871
"certificate, 'CA Certificate' to your CA certificate and 'Private Key' to "
2872
"your private key file. Use the advanced button to enable compression (e.g. "
2873
"comp-lzo), dev tap, or other special settings you set on the server. Now try "
2874
"to establish your VPN."
2875
msgstr ""
2876
2877
#: serverguide/C/vpn.xml:788(title)
2878
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2879
msgstr ""
2880
2881
#: serverguide/C/vpn.xml:790(para)
2882
msgid ""
2883
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2884
"OpenVPN for OS X. The project's homepage is at <ulink "
2885
"url=\"http://code.google.com/p/tunnelblick/\">http://code.google.com/p/tunnel"
2886
"blick/</ulink>. Download the latest OS X installer from there and install "
2887
"it. Then put your client.ovpn config file together with the certificates and "
2888
"keys in /Users/username/Library/Application "
2889
"Support/Tunnelblick/Configurations/ and lauch Tunnelblick from your "
2890
"Application folder."
2891
msgstr ""
2892
2893
#: serverguide/C/vpn.xml:796(programlisting)
2894
#, no-wrap
2895
msgid ""
2896
"\n"
2897
"# sample client.ovpn for Tunnelblick\n"
2898
"client\n"
2899
"remote blue.example.com\n"
2900
"port 1194\n"
2901
"proto udp\n"
2902
"dev tun\n"
2903
"dev-type tun\n"
2904
"ns-cert-type server\n"
2905
"reneg-sec 86400\n"
2906
"auth-user-pass\n"
2907
"auth-nocache\n"
2908
"auth-retry interact\n"
2909
"comp-lzo yes\n"
2910
"verb 3\n"
2911
"ca ca.crt\n"
2912
"cert client.crt\n"
2913
"key client.key\n"
2914
msgstr ""
2915
2916
#: serverguide/C/vpn.xml:818(title)
2917
msgid "OpenVPN with GUI for Win 7"
2918
msgstr ""
2919
2920
#: serverguide/C/vpn.xml:820(para)
2921
msgid ""
2922
"First download and install the latest <ulink "
2923
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
2924
"Windows Installer</ulink>. OpenVPN 2.3.2 was the latest when this was "
2925
"written. As of this writing, the management GUI is included with the Windows "
2926
"binary installer."
2927
msgstr ""
2928
2929
#: serverguide/C/vpn.xml:825(para)
2930
msgid ""
2931
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2932
"> Services and Applications > Services. Find the OpenVPN service and "
2933
"start it. Set it's startup type to automatic. When you start the OpenVPN MI "
2934
"GUI the first time you need to run it as an administrator. You have to right "
2935
"click on it and you will see that option."
2936
msgstr ""
2937
2938
#: serverguide/C/vpn.xml:829(para)
2939
msgid ""
2940
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2941
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2942
"You could put the user certificate in the user's home directory like in the "
2943
"follwing example."
2944
msgstr ""
2945
2946
#: serverguide/C/vpn.xml:833(programlisting)
2947
#, no-wrap
2948
msgid ""
2949
"\n"
2950
"# C:\\Program Files\\OpenVPN\\config\\client.ovpn\n"
2951
"client\n"
2952
"remote server.example.com\n"
2953
"port 1194\n"
2954
"proto udp\n"
2955
"dev tun\n"
2956
"dev-type tun\n"
2957
"ns-cert-type server\n"
2958
"reneg-sec 86400\n"
2959
"auth-user-pass\n"
2960
"auth-retry interact\n"
2961
"comp-lzo yes\n"
2962
"verb 3\n"
2963
"ca ca.crt\n"
2964
"cert \"C:\\\\Users\\\\username\\\\My Documents\\\\openvpn\\\\client.crt\"\n"
2965
"key \"C:\\\\Users\\\\username\\\\My Documents\\\\openvpn\\\\client.key\"\n"
2966
"management 127.0.0.1 1194\n"
2967
"management-hold\n"
2968
"management-query-passwords\n"
2969
"auth-retry interact\n"
2970
"; Set the name of the Windows TAP network interface device here\n"
2971
"dev-node MyTAP\n"
2972
"\n"
2973
msgstr ""
2974
2975
#: serverguide/C/vpn.xml:858(para)
2976
msgid ""
2977
"Note: If you are not using user authentication and/or you want to run the "
2978
"service without user interaction, comment out the following options:"
2979
msgstr ""
2980
2981
#: serverguide/C/vpn.xml:861(programlisting)
2982
#, no-wrap
2983
msgid ""
2984
"\n"
2985
"auth-user-pass\n"
2986
"auth-retry interact\n"
2987
"management 127.0.0.1 1194\n"
2988
"management-hold\n"
2989
"management-query-passwords\n"
2990
msgstr ""
2991
2992
#: serverguide/C/vpn.xml:868(para)
2993
msgid "You may want to set the Windows service to \"automatic\"."
2994
msgstr ""
2995
2996
#: serverguide/C/vpn.xml:872(title)
2997
msgid "OpenVPN for OpenWRT"
2998
msgstr ""
2999
3000
#: serverguide/C/vpn.xml:874(para)
3001
msgid ""
3002
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
3003
"router. There are certain types of WLAN routers who can be flashed to run "
3004
"OpenWRT. Depending on the available memory on your OpenWRT router you can "
3005
"run software like OpenVPN and you could for example build a small "
3006
"inexpensive branch office router with VPN connectivity to the central "
3007
"office. More info on OpenVPN on OpenWRT is <ulink "
3008
"url=\"http://wiki.openwrt.org/doc/howto/vpn.overview\">here</ulink>. And "
3009
"here is the OpenWRT project's homepage: <ulink "
3010
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
3011
msgstr ""
3012
3013
#: serverguide/C/vpn.xml:883(para)
3014
msgid "Log into your OpenWRT router and install OpenVPN:"
3015
msgstr ""
3016
3017
#: serverguide/C/vpn.xml:888(command)
3018
msgid "opkg update"
3019
msgstr ""
3020
3021
#: serverguide/C/vpn.xml:889(command)
3022
msgid "opkg install openvpn"
3023
msgstr ""
3024
3025
#: serverguide/C/vpn.xml:892(para)
3026
msgid ""
3027
"Check out /etc/config/openvpn and put your client config in there. Copy "
3028
"certificates and keys to /etc/openvpn/"
3029
msgstr ""
3030
3031
#: serverguide/C/vpn.xml:897(programlisting)
3032
#, no-wrap
3033
msgid ""
3034
"\n"
3035
"config openvpn client1\n"
3036
" option enable 1\n"
3037
" option client 1\n"
3038
"# option dev tap\n"
3039
" option dev tun\n"
3040
" option proto udp\n"
3041
" option ca /etc/openvpn/ca.crt\n"
3042
" option cert /etc/openvpn/client.crt\n"
3043
" option key /etc/openvpn/client.key\n"
3044
" option comp_lzo 1\n"
3045
msgstr ""
3046
3047
#: serverguide/C/vpn.xml:910(para)
3048
msgid "Restart OpenVPN on OpenWRT router to pick up the config"
3049
msgstr ""
3050
3051
#: serverguide/C/vpn.xml:914(para)
3052
msgid ""
3053
"You will have to see if you need to adjust your router's routing and "
3054
"firewall rules."
3055
msgstr ""
3056
3057
#: serverguide/C/vpn.xml:924(para)
3058
msgid ""
3059
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3060
"additional information."
3061
msgstr ""
3062
3063
#: serverguide/C/vpn.xml:930(ulink)
3064
msgid "OpenVPN hardening security guide"
3065
msgstr ""
3066
3067
#: serverguide/C/vpn.xml:934(para)
3068
msgid ""
3069
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3070
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3071
msgstr ""
3072
3073
#: serverguide/C/virtualization.xml:11(title)
3074
msgid "Virtualization"
3075
msgstr ""
3076
3077
#: serverguide/C/virtualization.xml:13(para)
3078
msgid ""
3079
"Virtualization is being adopted in many different environments and "
3080
"situations. If you are a developer, virtualization can provide you with a "
3081
"contained environment where you can safely do almost any sort of development "
3082
"safe from messing up your main working environment. If you are a systems "
3083
"administrator, you can use virtualization to more easily separate your "
3084
"services and move them around based on demand."
3085
msgstr ""
3086
3087
#: serverguide/C/virtualization.xml:20(para)
3088
msgid ""
3089
"The default virtualization technology supported in Ubuntu is "
3090
"<application>KVM</application>. KVM requires virtualization extensions built "
3091
"into Intel and AMD hardware. <application>Xen</application> is also "
3092
"supported on Ubuntu. Xen can take advantage of virtualization extensions, "
3093
"when available, but can also be used on hardware without virtualization "
3094
"extensions. <application>Qemu</application> is another popular solution for "
3095
"hardware without virtualization extensions."
3096
msgstr ""
3097
3098
#: serverguide/C/virtualization.xml:29(title)
3099
msgid "libvirt"
3100
msgstr ""
3101
3102
#: serverguide/C/virtualization.xml:31(para)
3103
msgid ""
3104
"The <application>libvirt</application> library is used to interface with "
3105
"different virtualization technologies. Before getting started with "
3106
"<application>libvirt</application> it is best to make sure your hardware "
3107
"supports the necessary virtualization extensions for "
3108
"<application>KVM</application>. Enter the following from a terminal prompt:"
3109
msgstr ""
3110
3111
#: serverguide/C/virtualization.xml:39(command)
3112
msgid "kvm-ok"
3113
msgstr ""
3114
3115
#: serverguide/C/virtualization.xml:42(para)
3116
msgid ""
3117
"A message will be printed informing you if your CPU "
3118
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3119
"virtualization."
3120
msgstr ""
3121
3122
#: serverguide/C/virtualization.xml:47(para)
3123
msgid ""
3124
"On many computers with processors supporting hardware assisted "
3125
"virtualization, it is necessary to activate an option in the BIOS to enable "
3126
"it."
3127
msgstr ""
3128
3129
#: serverguide/C/virtualization.xml:53(title)
3130
msgid "Virtual Networking"
3131
msgstr ""
3132
3133
#: serverguide/C/virtualization.xml:55(para)
3134
msgid ""
3135
"There are a few different ways to allow a virtual machine access to the "
3136
"external network. The default virtual network configuration includes "
3137
"<emphasis>bridging</emphasis> and <emphasis>iptables</emphasis> rules "
3138
"implementing <emphasis>usermode</emphasis> networking, which uses the SLIRP "
3139
"protocol. Traffic is NATed through the host interface to the outside network."
3140
msgstr ""
3141
3142
#: serverguide/C/virtualization.xml:62(para)
3143
msgid ""
3144
"To enable external hosts to directly access services on virtual machines a "
3145
"different type of <emphasis>bridge</emphasis> than the default needs to be "
3146
"configured. This allows the virtual interfaces to connect to the outside "
3147
"network through the physical interface, making them appear as normal hosts "
3148
"to the rest of the network."
3149
msgstr ""
3150
3151
#: serverguide/C/virtualization.xml:72(para)
3152
msgid "To install the necessary packages, from a terminal prompt enter:"
3153
msgstr ""
3154
3155
#: serverguide/C/virtualization.xml:76(command)
3156
msgid "sudo apt install qemu-kvm libvirt-bin"
3157
msgstr ""
3158
3159
#: serverguide/C/virtualization.xml:79(para)
3160
msgid ""
3161
"After installing <application>libvirt-bin</application>, the user used to "
3162
"manage virtual machines will need to be added to the "
3163
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3164
"the advanced networking options."
3165
msgstr ""
3166
3167
#: serverguide/C/virtualization.xml:84(para)
3168
msgid "In a terminal enter:"
3169
msgstr ""
3170
3171
#: serverguide/C/virtualization.xml:87(command)
3172
msgid "sudo adduser $USER libvirtd"
3173
msgstr ""
3174
3175
#: serverguide/C/virtualization.xml:91(para)
3176
msgid ""
3177
"If the user chosen is the current user, you will need to log out and back in "
3178
"for the new group membership to take effect."
3179
msgstr ""
3180
3181
#: serverguide/C/virtualization.xml:95(para)
3182
msgid ""
3183
"In more recent releases (>= Yakkety) the group was renamed to "
3184
"<emphasis>libvirt</emphasis>. Upgraded systems get a new "
3185
"<emphasis>libvirt</emphasis> group with the same gid as the "
3186
"<emphasis>libvirtd</emphasis> group to match that."
3187
msgstr ""
3188
3189
#: serverguide/C/virtualization.xml:98(para)
3190
msgid ""
3191
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3192
"Installing a virtual machine follows the same process as installing the "
3193
"operating system directly on the hardware. You either need a way to automate "
3194
"the installation, or a keyboard and monitor will need to be attached to the "
3195
"physical machine."
3196
msgstr ""
3197
3198
#: serverguide/C/virtualization.xml:104(para)
3199
msgid ""
3200
"In the case of virtual machines a Graphical User Interface (GUI) is "
3201
"analogous to using a physical keyboard and mouse. Instead of installing a "
3202
"GUI the <application>virt-viewer</application> application can be used to "
3203
"connect to a virtual machine's console using <application>VNC</application>. "
3204
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3205
msgstr ""
3206
3207
#: serverguide/C/virtualization.xml:111(para)
3208
msgid ""
3209
"There are several ways to automate the Ubuntu installation process, for "
3210
"example using preseeds, kickstart, etc. Refer to the <ulink "
3211
"url=\"https://help.ubuntu.com/16.04/installation-guide/\">Ubuntu "
3212
"Installation Guide</ulink> for details."
3213
msgstr ""
3214
3215
#: serverguide/C/virtualization.xml:116(para)
3216
msgid ""
3217
"Yet another way to install an Ubuntu virtual machine is to use "
3218
"<application>uvtool</application>. This application, available as of 14.04, "
3219
"allows you to set up specific VM options, execute custom post-install "
3220
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
3221
msgstr ""
3222
3223
#: serverguide/C/virtualization.xml:122(para)
3224
msgid ""
3225
"Libvirt can also be configured work with <application>Xen</application>. For "
3226
"details, see the Xen Ubuntu community page referenced below."
3227
msgstr ""
3228
3229
#: serverguide/C/virtualization.xml:128(title)
3230
msgid "virt-install"
3231
msgstr ""
3232
3233
#: serverguide/C/virtualization.xml:130(para)
3234
msgid ""
3235
"<application>virt-install</application> is part of the "
3236
"<application>virtinst</application> package. To install it, from a terminal "
3237
"prompt enter:"
3238
msgstr ""
3239
3240
#: serverguide/C/virtualization.xml:135(command)
3241
msgid "sudo apt install virtinst"
3242
msgstr ""
3243
3244
#: serverguide/C/virtualization.xml:138(para)
3245
msgid ""
3246
"There are several options available when using <application>virt-"
3247
"install</application>. For example:"
3248
msgstr ""
3249
3250
#: serverguide/C/virtualization.xml:142(command)
3251
msgid ""
3252
"sudo virt-install -n web_devel -r 512 \\ --disk "
3253
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ ubuntu-"
3254
"16.04-server-i386.iso --network network=default,model=virtio \\ --graphics "
3255
"vnc,listen=0.0.0.0 --noautoconsole -v"
3256
msgstr ""
3257
3258
#: serverguide/C/virtualization.xml:150(para)
3259
msgid ""
3260
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3261
"be <emphasis>web_devel</emphasis> in this example."
3262
msgstr ""
3263
3264
#: serverguide/C/virtualization.xml:156(para)
3265
msgid ""
3266
"<emphasis>-r 512:</emphasis> specifies the amount of memory the virtual "
3267
"machine will use in megabytes."
3268
msgstr ""
3269
3270
#: serverguide/C/virtualization.xml:161(para)
3271
msgid ""
3272
"<emphasis>--disk "
3273
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3274
"path to the virtual disk which can be a file, partition, or logical volume. "
3275
"In this example a file named <filename>web_devel.img</filename> in the "
3276
"/var/lib/libvirt/images/ directory, with a size of 4 gigabytes, and using "
3277
"<emphasis>virtio</emphasis> for the disk bus."
3278
msgstr ""
3279
3280
#: serverguide/C/virtualization.xml:171(para)
3281
msgid ""
3282
"<emphasis>-c ubuntu-16.04-server-i386.iso:</emphasis> file to be used as a "
3283
"virtual CDROM. The file can be either an ISO file or the path to the host's "
3284
"CDROM device."
3285
msgstr ""
3286
3287
#: serverguide/C/virtualization.xml:177(para)
3288
msgid ""
3289
"<emphasis>--network</emphasis> provides details related to the VM's network "
3290
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3291
"interface model is configured for <emphasis>virtio</emphasis>."
3292
msgstr ""
3293
3294
#: serverguide/C/virtualization.xml:184(para)
3295
msgid ""
3296
"<emphasis>--graphics vnc,listen=0.0.0.0:</emphasis> exports the guest's "
3297
"virtual console using VNC and on all host interfaces. Typically servers have "
3298
"no GUI, so another GUI based computer on the Local Area Network (LAN) can "
3299
"connect via VNC to complete the installation."
3300
msgstr ""
3301
3302
#: serverguide/C/virtualization.xml:192(para)
3303
msgid ""
3304
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3305
"virtual machine's console."
3306
msgstr ""
3307
3308
#: serverguide/C/virtualization.xml:197(para)
3309
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3310
msgstr ""
3311
3312
#: serverguide/C/virtualization.xml:202(para)
3313
msgid ""
3314
"After launching <application>virt-install</application> you can connect to "
3315
"the virtual machine's console either locally using a GUI (if your server has "
3316
"a GUI), or via a remote VNC client from a GUI-based computer."
3317
msgstr ""
3318
3319
#: serverguide/C/virtualization.xml:209(title)
3320
msgid "virt-clone"
3321
msgstr ""
3322
3323
#: serverguide/C/virtualization.xml:211(para)
3324
msgid ""
3325
"The <application>virt-clone</application> application can be used to copy "
3326
"one virtual machine to another. For example:"
3327
msgstr ""
3328
3329
#: serverguide/C/virtualization.xml:215(command)
3330
msgid ""
3331
"sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img"
3332
msgstr ""
3333
3334
#: serverguide/C/virtualization.xml:220(para)
3335
msgid "<emphasis>-o:</emphasis> original virtual machine."
3336
msgstr ""
3337
3338
#: serverguide/C/virtualization.xml:224(para)
3339
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3340
msgstr ""
3341
3342
#: serverguide/C/virtualization.xml:229(para)
3343
msgid ""
3344
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3345
"be used by the new virtual machine."
3346
msgstr ""
3347
3348
#: serverguide/C/virtualization.xml:234(para)
3349
msgid ""
3350
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3351
"help troubleshoot problems with <application>virt-clone</application>."
3352
msgstr ""
3353
3354
#: serverguide/C/virtualization.xml:239(para)
3355
msgid ""
3356
"Replace <emphasis>web_devel</emphasis> and "
3357
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3358
msgstr ""
3359
3360
#: serverguide/C/virtualization.xml:246(title)
3361
msgid "Virtual Machine Management"
3362
msgstr ""
3363
3364
#: serverguide/C/virtualization.xml:249(title)
3365
msgid "virsh"
3366
msgstr ""
3367
3368
#: serverguide/C/virtualization.xml:251(para)
3369
msgid ""
3370
"There are several utilities available to manage virtual machines and "
3371
"<application>libvirt</application>. The <application>virsh</application> "
3372
"utility can be used from the command line. Some examples:"
3373
msgstr ""
3374
3375
#: serverguide/C/virtualization.xml:258(para)
3376
msgid "To list running virtual machines:"
3377
msgstr ""
3378
3379
#: serverguide/C/virtualization.xml:261(command)
3380
msgid "virsh list"
3381
msgstr ""
3382
3383
#: serverguide/C/virtualization.xml:266(para)
3384
msgid "To start a virtual machine:"
3385
msgstr ""
3386
3387
#: serverguide/C/virtualization.xml:269(command)
3388
msgid "virsh start web_devel"
3389
msgstr ""
3390
3391
#: serverguide/C/virtualization.xml:274(para)
3392
msgid "Similarly, to start a virtual machine at boot:"
3393
msgstr ""
3394
3395
#: serverguide/C/virtualization.xml:277(command)
3396
msgid "virsh autostart web_devel"
3397
msgstr ""
3398
3399
#: serverguide/C/virtualization.xml:282(para)
3400
msgid "Reboot a virtual machine with:"
3401
msgstr ""
3402
3403
#: serverguide/C/virtualization.xml:285(command)
3404
msgid "virsh reboot web_devel"
3405
msgstr ""
3406
3407
#: serverguide/C/virtualization.xml:290(para)
3408
msgid ""
3409
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3410
"order to be restored later. The following will save the virtual machine "
3411
"state into a file named according to the date:"
3412
msgstr ""
3413
3414
#: serverguide/C/virtualization.xml:296(command)
3415
msgid "virsh save web_devel web_devel-022708.state"
3416
msgstr ""
3417
3418
#: serverguide/C/virtualization.xml:299(para)
3419
msgid "Once saved the virtual machine will no longer be running."
3420
msgstr ""
3421
3422
#: serverguide/C/virtualization.xml:304(para)
3423
msgid "A saved virtual machine can be restored using:"
3424
msgstr ""
3425
3426
#: serverguide/C/virtualization.xml:307(command)
3427
msgid "virsh restore web_devel-022708.state"
3428
msgstr ""
3429
3430
#: serverguide/C/virtualization.xml:312(para)
3431
msgid "To shutdown a virtual machine do:"
3432
msgstr ""
3433
3434
#: serverguide/C/virtualization.xml:315(command)
3435
msgid "virsh shutdown web_devel"
3436
msgstr ""
3437
3438
#: serverguide/C/virtualization.xml:320(para)
3439
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3440
msgstr ""
3441
3442
#: serverguide/C/virtualization.xml:324(command)
3443
msgid "virsh attach-disk web_devel /dev/cdrom /media/cdrom"
3444
msgstr ""
3445
3446
#: serverguide/C/virtualization.xml:330(para)
3447
msgid ""
3448
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3449
"appropriate virtual machine name, and <filename>web_devel-"
3450
"022708.state</filename> with a descriptive file name."
3451
msgstr ""
3452
3453
#: serverguide/C/virtualization.xml:334(para)
3454
msgid ""
3455
"If virsh (or other vir* tools) shall connect to something else than the "
3456
"default qemu-kvm/system hipervisor one can find alternatives for the "
3457
"<emphasis>connect</emphasis> option in <emphasis>man virsh</emphasis> or "
3458
"<ulink url=\"http://libvirt.org/uri.html\">libvirt doc</ulink>"
3459
msgstr ""
3460
3461
#: serverguide/C/virtualization.xml:341(title)
3462
msgid "migration"
3463
msgstr ""
3464
3465
#: serverguide/C/virtualization.xml:342(para)
3466
msgid ""
3467
"There are different types of migration available depending on the versions "
3468
"of libvirt and the hipervisor being used. In general those types are:"
3469
msgstr ""
3470
3471
#: serverguide/C/virtualization.xml:345(ulink)
3472
msgid "offline migration"
3473
msgstr ""
3474
3475
#: serverguide/C/virtualization.xml:346(ulink)
3476
msgid "live migration"
3477
msgstr ""
3478
3479
#: serverguide/C/virtualization.xml:347(ulink)
3480
msgid "postcopy migration"
3481
msgstr ""
3482
3483
#: serverguide/C/virtualization.xml:349(para)
3484
msgid ""
3485
"There are various options to those methods, but the entry point for all of "
3486
"them is <emphasis>virsh migrate</emphasis>. Read the integrated help for "
3487
"more detail."
3488
msgstr ""
3489
3490
#: serverguide/C/virtualization.xml:350(command)
3491
msgid "virsh migrate --help"
3492
msgstr ""
3493
3494
#: serverguide/C/virtualization.xml:351(para)
3495
msgid ""
3496
"Some useful documentation on constraints and considerations about live "
3497
"migration can be found at the <ulink "
3498
"url=\"https://wiki.ubuntu.com/QemuKVMMigration\">Ubuntu Wiki</ulink>"
3499
msgstr ""
3500
3501
#: serverguide/C/virtualization.xml:355(title)
3502
msgid "Device Passthrough / Hotplug"
3503
msgstr ""
3504
3505
#: serverguide/C/virtualization.xml:356(para)
3506
msgid ""
3507
"If instead of the here described hotplugging you want to always pass through "
3508
"a device add the xml content of the device to your static guest xml "
3509
"representation via e.g. <command>virsh edit <guestname></command>. In "
3510
"that case you don't need to use <emphasis>attach/detach</emphasis>. There "
3511
"are different kinds of passthrough. Types available to you depend on your "
3512
"Hardware and software setup."
3513
msgstr ""
3514
3515
#: serverguide/C/virtualization.xml:363(para)
3516
msgid "USB hotplug/passthrough"
3517
msgstr ""
3518
3519
#: serverguide/C/virtualization.xml:364(para)
3520
msgid "VF hotplug/Passthrough"
3521
msgstr ""
3522
3523
#: serverguide/C/virtualization.xml:366(para)
3524
msgid ""
3525
"But both kinds are handled in a very similar way and while there are various "
3526
"way to do it (e.g. also via qemu monitor) driving such a change via libvirt "
3527
"is recommended. That way libvirt can try to manage all sorts of special "
3528
"cases for you and also somewhat masks version differences."
3529
msgstr ""
3530
3531
#: serverguide/C/virtualization.xml:371(para)
3532
msgid ""
3533
"In general when driving hotplug via libvirt you create a xml snippet that "
3534
"describes the device just as you would do in a static <ulink "
3535
"url=\"https://libvirt.org/formatdomain.html\">guest description.</ulink> A "
3536
"usb device is usually identified by Vendor/Product id's: <screen><hostdev "
3537
"mode='subsystem' type='usb' managed='yes'>\n"
3538
" <source>\n"
3539
" <vendor id='0x0b6d'/>\n"
3540
" <product id='0x3880'/>\n"
3541
" </source>\n"
3542
"</hostdev></screen> Virtual functions are usually assigned via their "
3543
"PCI-ID (domain, bus, slot, function). <screen><hostdev mode='subsystem' "
3544
"type='pci' managed='yes'>\n"
3545
" <source>\n"
3546
" <address domain='0x0000' bus='0x04' slot='0x10' function='0x0'/>\n"
3547
" </source>\n"
3548
"</hostdev></screen>"
3549
msgstr ""
3550
3551
#: serverguide/C/virtualization.xml:389(para)
3552
msgid ""
3553
"To get the Virtual function in the first place is very device dependent and "
3554
"can therefore not be fully covered here. But in general it involves setting "
3555
"up an iommu, registering via <ulink "
3556
"url=\"https://www.kernel.org/doc/Documentation/vfio.txt\">VFIO</ulink> and "
3557
"sometimes requesting a number of VFs. Here an example on ppc64el to get 4 "
3558
"VFs on a device: <screen>\n"
3559
"$ sudo modprobe vfio-pci\n"
3560
"# identify device\n"
3561
"$ lspci -n -s 0005:01:01.3\n"
3562
"0005:01:01.3 0200: 10df:e228 (rev 10)\n"
3563
"# register and request VFs\n"
3564
"$ echo 10df e228 | sudo tee /sys/bus/pci/drivers/vfio-pci/new_id\n"
3565
"$ echo 4 | sudo tee /sys/bus/pci/devices/0005\\:01\\:00.0/sriov_numvfs\n"
3566
" </screen>"
3567
msgstr ""
3568
3569
#: serverguide/C/virtualization.xml:404(para)
3570
msgid ""
3571
"You then attach or detach the device via libvirt by relating the guest with "
3572
"the xml snippet. <screen><command>virsh attach-device <guestname> "
3573
"<device-xml></command>\n"
3574
"# Use the Device int the Guest\n"
3575
"<command>virsh detach-device <guestname> <device-"
3576
"xml></command></screen>"
3577
msgstr ""
3578
3579
#: serverguide/C/virtualization.xml:411(para)
3580
msgid ""
3581
"There are several associated known issues in regard to apparmor proetction "
3582
"protecting \"too much\". You might need to tweak exceptions in the apparmor "
3583
"profiles until the bugs <ulink "
3584
"url=\"https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1552241\">155224"
3585
"1</ulink> (for USB) and <ulink "
3586
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1679704\"/> "
3587
"(For VF assignment) are resolved. To check if you are affected watch dmesg "
3588
"while you use the USB/VF passthrough/hotplug feature and verify if you see "
3589
"<ulink "
3590
"url=\"http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Lo"
3591
"g_files\">apparmor denies</ulink>."
3592
msgstr ""
3593
3594
#: serverguide/C/virtualization.xml:422(title)
3595
msgid "Access Qemu Monitor via libvirt"
3596
msgstr ""
3597
3598
#: serverguide/C/virtualization.xml:423(para)
3599
msgid ""
3600
"The <ulink url=\"https://en.wikibooks.org/wiki/QEMU/Monitor\">Qemu "
3601
"Monitor</ulink> is the way to interact with qemu/KVM while a guest is "
3602
"running. This interface has many and very powerful features for experienced "
3603
"users. When running under libvirt that monitor interface is bound by libvirt "
3604
"itself for management purposes, but a user can run qemu monitor commands via "
3605
"libvirt still. The general syntax is <command>virsh qemu-monitor-command "
3606
"[options] [guest] 'command'</command>"
3607
msgstr ""
3608
3609
#: serverguide/C/virtualization.xml:430(para)
3610
msgid ""
3611
"Libvirt covers most use cases needed, but if you every want/need to work "
3612
"around libvirt or want to tweak very special options you can e.g. add a "
3613
"device that way: <screen>virsh qemu-monitor-command --hmp zesty-test-log "
3614
"'drive_add 0 "
3615
"if=none,file=/var/lib/libvirt/images/test.img,format=raw,id=disk1'</screen>"
3616
msgstr ""
3617
3618
#: serverguide/C/virtualization.xml:434(para)
3619
msgid ""
3620
"But since the monitor is so powerful, you can do a lot especially for "
3621
"debugging purposes like showing the guest registers: <screen>virsh qemu-"
3622
"monitor-command --hmp y-ipns 'info registers'\n"
3623
"RAX=00ffffc000000000 RBX=ffff8f0f5d5c7e48 RCX=0000000000000000 "
3624
"RDX=ffffea00007571c0\n"
3625
"RSI=0000000000000000 RDI=ffff8f0fdd5c7e48 RBP=ffff8f0f5d5c7e18 "
3626
"RSP=ffff8f0f5d5c7df8\n"
3627
"[...]</screen>"
3628
msgstr ""
3629
3630
#: serverguide/C/virtualization.xml:444(title)
3631
msgid "Virtual Machine Manager"
3632
msgstr ""
3633
3634
#: serverguide/C/virtualization.xml:446(para)
3635
msgid ""
3636
"The <application>virt-manager</application> package contains a graphical "
3637
"utility to manage local and remote virtual machines. To install virt-manager "
3638
"enter:"
3639
msgstr ""
3640
3641
#: serverguide/C/virtualization.xml:451(command)
3642
msgid "sudo apt install virt-manager"
3643
msgstr ""
3644
3645
#: serverguide/C/virtualization.xml:454(para)
3646
msgid ""
3647
"Since <application>virt-manager</application> requires a Graphical User "
3648
"Interface (GUI) environment it is recommended to be installed on a "
3649
"workstation or test machine instead of a production server. To connect to "
3650
"the local <application>libvirt</application> service enter:"
3651
msgstr ""
3652
3653
#: serverguide/C/virtualization.xml:461(command)
3654
msgid "virt-manager -c qemu:///system"
3655
msgstr ""
3656
3657
#: serverguide/C/virtualization.xml:464(para)
3658
msgid ""
3659
"You can connect to the <application>libvirt</application> service running on "
3660
"another host by entering the following in a terminal prompt:"
3661
msgstr ""
3662
3663
#: serverguide/C/virtualization.xml:469(command)
3664
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3665
msgstr ""
3666
3667
#: serverguide/C/virtualization.xml:473(para)
3668
msgid ""
3669
"The above example assumes that <application>SSH</application> connectivity "
3670
"between the management system and virtnode1.mydomain.com has already been "
3671
"configured, and uses SSH keys for authentication. SSH "
3672
"<emphasis>keys</emphasis> are needed because "
3673
"<application>libvirt</application> sends the password prompt to another "
3674
"process. For details on configuring <application>SSH</application> see <xref "
3675
"linkend=\"openssh-server\"/>"
3676
msgstr ""
3677
3678
#: serverguide/C/virtualization.xml:486(title)
3679
msgid "Virtual Machine Viewer"
3680
msgstr ""
3681
3682
#: serverguide/C/virtualization.xml:488(para)
3683
msgid ""
3684
"The <application>virt-viewer</application> application allows you to connect "
3685
"to a virtual machine's console. <application>virt-viewer</application> does "
3686
"require a Graphical User Interface (GUI) to interface with the virtual "
3687
"machine."
3688
msgstr ""
3689
3690
#: serverguide/C/virtualization.xml:493(para)
3691
msgid ""
3692
"To install <application>virt-viewer</application> from a terminal enter:"
3693
msgstr ""
3694
3695
#: serverguide/C/virtualization.xml:497(command)
3696
msgid "sudo apt install virt-viewer"
3697
msgstr ""
3698
3699
#: serverguide/C/virtualization.xml:500(para)
3700
msgid ""
3701
"Once a virtual machine is installed and running you can connect to the "
3702
"virtual machine's console by using:"
3703
msgstr ""
3704
3705
#: serverguide/C/virtualization.xml:504(command)
3706
msgid "virt-viewer web_devel"
3707
msgstr ""
3708
3709
#: serverguide/C/virtualization.xml:507(para)
3710
msgid ""
3711
"Similar to <application>virt-manager</application>, <application>virt-"
3712
"viewer</application> can connect to a remote host using "
3713
"<emphasis>SSH</emphasis> with key authentication, as well:"
3714
msgstr ""
3715
3716
#: serverguide/C/virtualization.xml:512(command)
3717
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3718
msgstr ""
3719
3720
#: serverguide/C/virtualization.xml:515(para)
3721
msgid ""
3722
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3723
"appropriate virtual machine name."
3724
msgstr ""
3725
3726
#: serverguide/C/virtualization.xml:518(para)
3727
msgid ""
3728
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3729
"can also setup <application>SSH</application> access to the virtual machine."
3730
msgstr ""
3731
3732
#: serverguide/C/virtualization.xml:524(title) serverguide/C/virtualization.xml:836(title) serverguide/C/virtualization.xml:907(title) serverguide/C/virtualization.xml:2842(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1975(title) serverguide/C/network-auth.xml:2123(title) serverguide/C/network-auth.xml:2638(title) serverguide/C/network-auth.xml:3354(title) serverguide/C/network-auth.xml:3919(title) serverguide/C/network-auth.xml:4154(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3733
msgid "Resources"
3734
msgstr "แหล่งข้อมูล"
3735
3736
#: serverguide/C/virtualization.xml:528(para)
3737
msgid ""
3738
"See the <ulink url=\"http://www.linux-kvm.org/\">KVM</ulink> home page for "
3739
"more details."
3740
msgstr ""
3741
3742
#: serverguide/C/virtualization.xml:533(para)
3743
msgid ""
3744
"For more information on <application>libvirt</application> see the <ulink "
3745
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3746
msgstr ""
3747
3748
#: serverguide/C/virtualization.xml:539(para)
3749
msgid ""
3750
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3751
"site has more information on <application>virt-manager</application> "
3752
"development."
3753
msgstr ""
3754
3755
#: serverguide/C/virtualization.xml:545(para)
3756
msgid ""
3757
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3758
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3759
"technology in Ubuntu."
3760
msgstr ""
3761
3762
#: serverguide/C/virtualization.xml:551(para)
3763
msgid ""
3764
"Another good resource is the <ulink "
3765
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3766
msgstr ""
3767
3768
#: serverguide/C/virtualization.xml:557(para)
3769
msgid ""
3770
"For information on Xen, including using Xen with libvirt, please see the "
3771
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3772
"page."
3773
msgstr ""
3774
3775
#: serverguide/C/virtualization.xml:563(para)
3776
msgid ""
3777
"For basics how to assign VT-d devices to qemu/KVM, please see the <ulink "
3778
"url=\"http://www.linux-kvm.org/page/How_to_assign_devices_with_VT-"
3779
"d_in_KVM#Assigning_the_device\">linux-kvm</ulink> page."
3780
msgstr ""
3781
3782
#: serverguide/C/virtualization.xml:572(title)
3783
msgid "Qemu"
3784
msgstr ""
3785
3786
#: serverguide/C/virtualization.xml:573(para)
3787
msgid ""
3788
"<ulink url=\"http://wiki.qemu.org/Main_Page\">Qemu</ulink> is a machine "
3789
"emulator that can run operating systems and programs for one machine on a "
3790
"different machine. Mostly it is not used as emulator but as virtualizer in "
3791
"collaboration with KVM or XEN kernel components. In that case it utilizes "
3792
"the virtualization technology of the hardware to virtualize guests."
3793
msgstr ""
3794
3795
#: serverguide/C/virtualization.xml:577(para)
3796
msgid ""
3797
"While qemu has a <ulink url=\"http://wiki.qemu.org/download/qemu-"
3798
"doc.html#sec_005finvocation\">command line interface</ulink> and a <ulink "
3799
"url=\"http://wiki.qemu.org/download/qemu-"
3800
"doc.html#pcsys_005fmonitor\">monitor</ulink> to interact with running guests "
3801
"those is rarely used that way for other means than development purposes. "
3802
"<link linkend=\"libvirt\">Libvirt</link> provides an abstraction from "
3803
"specific versions and hypervisors and encapsulates some workarounds and best "
3804
"practices."
3805
msgstr ""
3806
3807
#: serverguide/C/virtualization.xml:582(title)
3808
msgid "Upgrading the machine type"
3809
msgstr ""
3810
3811
#: serverguide/C/virtualization.xml:583(para)
3812
msgid ""
3813
"This also is documented along some more constraints and considerations at "
3814
"the <ulink "
3815
"url=\"https://wiki.ubuntu.com/QemuKVMMigration#Upgrade_machine_type\">Ubuntu "
3816
"Wiki</ulink>"
3817
msgstr ""
3818
3819
#: serverguide/C/virtualization.xml:584(para)
3820
msgid ""
3821
"You might want to update your machine type of an existing defined guest to:"
3822
msgstr ""
3823
3824
#: serverguide/C/virtualization.xml:586(para)
3825
msgid "to pick up latest security fixes and features"
3826
msgstr ""
3827
3828
#: serverguide/C/virtualization.xml:587(para)
3829
msgid "continue using a guest created on a now unsupported release"
3830
msgstr ""
3831
3832
#: serverguide/C/virtualization.xml:589(para)
3833
msgid ""
3834
"In general it is recommended to update machine types when upgrading qemu/kvm "
3835
"to a new major version. But this can likely never be an automated task as "
3836
"this change is guest visible. The guest devices might change in appearance, "
3837
"new features will be announced to the guest and so on. Linux is usually very "
3838
"good at tolerating such changes, but it depends so much on the setup and "
3839
"workload of the guest that this has to be evaluated by the owner/admin of "
3840
"the system. Other operating systems where known to often have severe impacts "
3841
"by changing the hardware. Consider a machine type change similar to "
3842
"replacing all devices and firmware of a physical machine to the latest "
3843
"revision - all considerations that apply there apply to evaluating a machine "
3844
"type upgrade as well."
3845
msgstr ""
3846
3847
#: serverguide/C/virtualization.xml:590(para)
3848
msgid ""
3849
"As usual with major configuration changes it is wise to back up your guest "
3850
"definition and disk state to be able to do a rollback just in case. There is "
3851
"no integrated single command to update the machine type via virsh or similar "
3852
"tools. It is a normal part of your machine definition. And therefore updated "
3853
"the same way as most others."
3854
msgstr ""
3855
3856
#: serverguide/C/virtualization.xml:592(para)
3857
msgid "First shutdown your machine and wait until it has reached that state."
3858
msgstr ""
3859
3860
#: serverguide/C/virtualization.xml:593(screen)
3861
#, no-wrap
3862
msgid ""
3863
"\n"
3864
"virsh shutdown <yourmachine>\n"
3865
"# wait\n"
3866
"virsh list --inactive\n"
3867
"# should now list your machine as \"shut off\"\n"
3868
" "
3869
msgstr ""
3870
3871
#: serverguide/C/virtualization.xml:599(para)
3872
msgid ""
3873
"Then edit the machine definition and find the type in the type tag at the "
3874
"machine attribute."
3875
msgstr ""
3876
3877
#: serverguide/C/virtualization.xml:600(screen)
3878
#, no-wrap
3879
msgid ""
3880
"\n"
3881
"virsh edit <yourmachine>\n"
3882
"<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>\n"
3883
" "
3884
msgstr ""
3885
3886
#: serverguide/C/virtualization.xml:604(para)
3887
msgid ""
3888
"Change this to the value you want. If you need to check what types are "
3889
"available via \"-M ?\" Note that while providing upstream types as "
3890
"convenience only Ubuntu types are supported. There you can also see what the "
3891
"current default would be. In general it is strongly recommended that you "
3892
"change to newer types if possible to exploit newer features, but also to "
3893
"benefit of bugfixes that only apply to the newer device virtualization."
3894
msgstr ""
3895
3896
#: serverguide/C/virtualization.xml:605(screen)
3897
#, no-wrap
3898
msgid ""
3899
"\n"
3900
"kvm -M ?\n"
3901
"# lists machine types, e.g.\n"
3902
"pc-i440fx-xenial Ubuntu 16.04 PC (i440FX + PIIX, 1996) (default)\n"
3903
"...\n"
3904
" "
3905
msgstr ""
3906
3907
#: serverguide/C/virtualization.xml:611(para)
3908
msgid ""
3909
"After this you can start your guest again. You can check the current machine "
3910
"type from guest and host depending on your needs."
3911
msgstr ""
3912
3913
#: serverguide/C/virtualization.xml:612(screen)
3914
#, no-wrap
3915
msgid ""
3916
"\n"
3917
"virsh start <yourmachine>\n"
3918
"# check from host, via dumping the active xml definition\n"
3919
"virsh dumpxml <yourmachine> | xmllint --xpath "
3920
"\"string(//domain/os/type/@machine)\" -\n"
3921
"# or from the guest via dmidecode\n"
3922
"sudo dmidecode | grep Product -A 1\n"
3923
" Product Name: Standard PC (i440FX + PIIX, 1996)\n"
3924
" Version: pc-i440fx-xenial\n"
3925
" "
3926
msgstr ""
3927
3928
#: serverguide/C/virtualization.xml:621(para)
3929
msgid ""
3930
"If you keep non-live definitions around like xml files remember to update "
3931
"those as well."
3932
msgstr ""
3933
3934
#: serverguide/C/virtualization.xml:626(title)
3935
msgid "Cloud images and uvtool"
3936
msgstr ""
3937
3938
#: serverguide/C/virtualization.xml:629(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3939
msgid "Introduction"
3940
msgstr "เกริ่นนำ"
3941
3942
#: serverguide/C/virtualization.xml:631(para)
3943
msgid ""
3944
"With Ubuntu being one of the most used operating systems on many cloud "
3945
"platforms, the availability of stable and secure cloud images has become "
3946
"very important. As of 12.04 the utilization of cloud images outside of a "
3947
"cloud infrastructure has been improved. It is now possible to use those "
3948
"images to create a virtual machine without the need of a complete "
3949
"installation."
3950
msgstr ""
3951
3952
#: serverguide/C/virtualization.xml:639(title)
3953
msgid "Creating virtual machines using uvtool"
3954
msgstr ""
3955
3956
#: serverguide/C/virtualization.xml:641(para)
3957
msgid ""
3958
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3959
"of generating virtual machines (VM) using the cloud images. "
3960
"<application>uvtool</application> provides a simple mechanism to synchronize "
3961
"cloud-images locally and use them to create new VMs in minutes."
3962
msgstr ""
3963
3964
#: serverguide/C/virtualization.xml:648(title)
3965
msgid "Uvtool packages"
3966
msgstr ""
3967
3968
#: serverguide/C/virtualization.xml:650(para)
3969
msgid ""
3970
"The following packages and their dependencies will be required in order to "
3971
"use uvtool:"
3972
msgstr ""
3973
3974
#: serverguide/C/virtualization.xml:657(para)
3975
msgid "uvtool"
3976
msgstr ""
3977
3978
#: serverguide/C/virtualization.xml:661(para)
3979
msgid "uvtool-libvirt"
3980
msgstr ""
3981
3982
#: serverguide/C/virtualization.xml:666(para)
3983
msgid "To install <application>uvtool</application>, run:"
3984
msgstr ""
3985
3986
#: serverguide/C/virtualization.xml:667(programlisting)
3987
#, no-wrap
3988
msgid "$ apt -y install uvtool"
3989
msgstr ""
3990
3991
#: serverguide/C/virtualization.xml:669(para)
3992
msgid "This will install uvtool's main commands:"
3993
msgstr ""
3994
3995
#: serverguide/C/virtualization.xml:671(application)
3996
msgid "uvt-simplestreams-libvirt"
3997
msgstr ""
3998
3999
#: serverguide/C/virtualization.xml:672(application)
4000
msgid "uvt-kvm"
4001
msgstr ""
4002
4003
#: serverguide/C/virtualization.xml:677(title)
4004
msgid ""
4005
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
4006
"libvirt</application>"
4007
msgstr ""
4008
4009
#: serverguide/C/virtualization.xml:679(para)
4010
msgid ""
4011
"This is one of the major simplifications that "
4012
"<application>uvtool</application> brings. It is aware of where to find the "
4013
"cloud images so only one command is required to get a new cloud image. For "
4014
"instance, if you want to synchronize all cloud images for the amd64 "
4015
"architecture, the uvtool command would be:"
4016
msgstr ""
4017
4018
#: serverguide/C/virtualization.xml:684(programlisting)
4019
#, no-wrap
4020
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
4021
msgstr ""
4022
4023
#: serverguide/C/virtualization.xml:686(para)
4024
msgid ""
4025
"After an amount of time required to download all the images from the "
4026
"Internet, you will have a complete set of cloud images stored locally. To "
4027
"see what has been downloaded use the following command:"
4028
msgstr ""
4029
4030
#: serverguide/C/virtualization.xml:690(programlisting)
4031
#, no-wrap
4032
msgid ""
4033
"$ uvt-simplestreams-libvirt query\n"
4034
"release=oneiric arch=amd64 label=release (20130509)\n"
4035
"release=precise arch=amd64 label=release (20160315)\n"
4036
"release=quantal arch=amd64 label=release (20140409)\n"
4037
"release=raring arch=amd64 label=release (20140111)\n"
4038
"release=saucy arch=amd64 label=release (20140709)\n"
4039
"release=trusty arch=amd64 label=release (20160314)\n"
4040
"release=utopic arch=amd64 label=release (20150723)\n"
4041
"release=vivid arch=amd64 label=release (20160203)\n"
4042
"release=wily arch=amd64 label=release (20160315)\n"
4043
"release=xenial arch=amd64 label=beta1 (20160223.1)\n"
4044
"\n"
4045
msgstr ""
4046
4047
#: serverguide/C/virtualization.xml:704(para)
4048
msgid ""
4049
"In the case where you want to synchronize only one specific cloud-image, you "
4050
"need to use the release= and arch= filters to identify which image needs to "
4051
"be synchronized."
4052
msgstr ""
4053
4054
#: serverguide/C/virtualization.xml:707(programlisting)
4055
#, no-wrap
4056
msgid "$ uvt-simplestreams-libvirt sync release=xenial arch=amd64\n"
4057
msgstr ""
4058
4059
#: serverguide/C/virtualization.xml:712(title)
4060
msgid "Create the VM using uvt-kvm"
4061
msgstr ""
4062
4063
#: serverguide/C/virtualization.xml:714(para)
4064
msgid ""
4065
"In order to connect to the virtual machine once it has been created, you "
4066
"must have a valid SSH key available for the Ubuntu user. If your environment "
4067
"does not have an SSH key, you can easily create one using the following "
4068
"command:"
4069
msgstr ""
4070
4071
#: serverguide/C/virtualization.xml:716(programlisting)
4072
#, no-wrap
4073
msgid ""
4074
"\n"
4075
"$ ssh-keygen\n"
4076
"Generating public/private rsa key pair.\n"
4077
"Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): \n"
4078
"Enter passphrase (empty for no passphrase): \n"
4079
"Enter same passphrase again: \n"
4080
"Your identification has been saved in /home/ubuntu/.ssh/id_rsa.\n"
4081
"Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub.\n"
4082
"The key fingerprint is:\n"
4083
"4d:ba:5d:57:c9:49:ef:b5:ab:71:14:56:6e:2b:ad:9b ubuntu@xenialS\n"
4084
"The key's randomart image is:\n"
4085
"+--[ RSA 2048]----+\n"
4086
"| ..|\n"
4087
"| o.=|\n"
4088
"| . **|\n"
4089
"| + o+=|\n"
4090
"| S . ...=.|\n"
4091
"| o . .+ .|\n"
4092
"| . . o o |\n"
4093
"| * |\n"
4094
"| E |\n"
4095
"+-----------------+\n"
4096
msgstr ""
4097
4098
#: serverguide/C/virtualization.xml:739(para)
4099
msgid ""
4100
"To create of a new virtual machine using uvtool, run the following in a "
4101
"terminal:"
4102
msgstr ""
4103
4104
#: serverguide/C/virtualization.xml:741(programlisting)
4105
#, no-wrap
4106
msgid "$ uvt-kvm create firsttest"
4107
msgstr ""
4108
4109
#: serverguide/C/virtualization.xml:743(para)
4110
msgid ""
4111
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
4112
"using the current LTS cloud image available locally. If you want to specify "
4113
"a release to be used to create the VM, you need to use the <emphasis "
4114
"role=\"bold\">release=</emphasis> filter:"
4115
msgstr ""
4116
4117
#: serverguide/C/virtualization.xml:746(programlisting)
4118
#, no-wrap
4119
msgid "$ uvt-kvm create secondtest release=xenial"
4120
msgstr ""
4121
4122
#: serverguide/C/virtualization.xml:748(para)
4123
msgid ""
4124
"<application>uvt-kvm wait</application> can be used to wait until the "
4125
"creation of the VM has completed:"
4126
msgstr ""
4127
4128
#: serverguide/C/virtualization.xml:751(programlisting)
4129
#, no-wrap
4130
msgid ""
4131
"$ uvt-kvm wait secondttest --insecure\n"
4132
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
4133
msgstr ""
4134
4135
#: serverguide/C/virtualization.xml:756(title)
4136
msgid "Connect to the running VM"
4137
msgstr ""
4138
4139
#: serverguide/C/virtualization.xml:757(para)
4140
msgid ""
4141
"Once the virtual machine creation is completed, you can connect to it using "
4142
"SSH:"
4143
msgstr ""
4144
4145
#: serverguide/C/virtualization.xml:760(programlisting)
4146
#, no-wrap
4147
msgid "$ uvt-kvm ssh secondtest --insecure"
4148
msgstr ""
4149
4150
#: serverguide/C/virtualization.xml:762(para)
4151
msgid ""
4152
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
4153
"required, so use this mechanism to connect to your VM only if you completely "
4154
"trust your network infrastructure."
4155
msgstr ""
4156
4157
#: serverguide/C/virtualization.xml:764(para)
4158
msgid ""
4159
"You can also connect to your VM using a regular SSH session using the IP "
4160
"address of the VM. The address can be queried using the following command:"
4161
msgstr ""
4162
4163
#: serverguide/C/virtualization.xml:766(programlisting)
4164
#, no-wrap
4165
msgid ""
4166
"\n"
4167
"$ uvt-kvm ip secondtest\n"
4168
"192.168.122.199\n"
4169
"$ ssh -i ~/.ssh/id_rsa ubuntu@192.168.122.199\n"
4170
"The authenticity of host '192.168.122.199 (192.168.122.199)' can't be "
4171
"established.\n"
4172
"ECDSA key fingerprint is "
4173
"SHA256:8oxaztRWzTMtv8SC9LYyjuqBu79Z9JP8bUGh6G8R8cw.\n"
4174
"Are you sure you want to continue connecting (yes/no)? yes\n"
4175
"Warning: Permanently added '192.168.122.199' (ECDSA) to the list of known "
4176
"hosts.\n"
4177
"Welcome to Ubuntu Xenial Xerus (development branch) (GNU/Linux 4.4.0-X-"
4178
"generic ARCH)\n"
4179
"\n"
4180
" * Documentation: https://help.ubuntu.com/\n"
4181
"\n"
4182
" Get cloud support with Ubuntu Advantage Cloud Guest:\n"
4183
" http://www.ubuntu.com/business/services/cloud\n"
4184
"\n"
4185
"0 packages can be updated.\n"
4186
"0 updates are security updates.\n"
4187
"\n"
4188
"\n"
4189
"\n"
4190
"The programs included with the Ubuntu system are free software;\n"
4191
"the exact distribution terms for each program are described in the\n"
4192
"individual files in /usr/share/doc/*/copyright.\n"
4193
"\n"
4194
"Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by\n"
4195
"applicable law.\n"
4196
"\n"
4197
"To run a command as administrator (user \"root\"), use \"sudo "
4198
"<command>\".\n"
4199
"See \"man sudo_root\" for details.\n"
4200
"\n"
4201
"ubuntu@secondtest:~$ \n"
4202
"\n"
4203
msgstr ""
4204
4205
#: serverguide/C/virtualization.xml:801(title)
4206
msgid "Get the list of running VMs"
4207
msgstr ""
4208
4209
#: serverguide/C/virtualization.xml:802(para)
4210
msgid "You can get the list of VMs running on your system with this command:"
4211
msgstr ""
4212
4213
#: serverguide/C/virtualization.xml:804(programlisting)
4214
#, no-wrap
4215
msgid ""
4216
"$ uvt-kvm list\n"
4217
"secondtest\n"
4218
msgstr ""
4219
4220
#: serverguide/C/virtualization.xml:809(title)
4221
msgid "Destroy your VM"
4222
msgstr ""
4223
4224
#: serverguide/C/virtualization.xml:810(para)
4225
msgid "Once you are done with your VM, you can destroy it with:"
4226
msgstr ""
4227
4228
#: serverguide/C/virtualization.xml:812(programlisting)
4229
#, no-wrap
4230
msgid "$ uvt-kvm destroy secondtest"
4231
msgstr ""
4232
4233
#: serverguide/C/virtualization.xml:814(title)
4234
msgid "More uvt-kvm options"
4235
msgstr ""
4236
4237
#: serverguide/C/virtualization.xml:816(para)
4238
msgid ""
4239
"The following options can be used to change some of the characteristics of "
4240
"the VM that you are creating:"
4241
msgstr ""
4242
4243
#: serverguide/C/virtualization.xml:819(para)
4244
msgid "--memory : Amount of RAM in megabytes. Default: 512."
4245
msgstr ""
4246
4247
#: serverguide/C/virtualization.xml:820(para)
4248
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
4249
msgstr ""
4250
4251
#: serverguide/C/virtualization.xml:821(para)
4252
msgid "--cpu : Number of CPU cores. Default: 1."
4253
msgstr ""
4254
4255
#: serverguide/C/virtualization.xml:824(para)
4256
msgid ""
4257
"Some other parameters will have an impact on the cloud-init configuration:"
4258
msgstr ""
4259
4260
#: serverguide/C/virtualization.xml:826(para)
4261
msgid ""
4262
"--password password : Allow login to the VM using the Ubuntu account and "
4263
"this provided password."
4264
msgstr ""
4265
4266
#: serverguide/C/virtualization.xml:827(para)
4267
msgid ""
4268
"--run-script-once script_file : Run script_file as root on the VM the first "
4269
"time it is booted, but never again."
4270
msgstr ""
4271
4272
#: serverguide/C/virtualization.xml:828(para)
4273
msgid ""
4274
"--packages package_list : Install the comma-separated packages specified in "
4275
"package_list on first boot."
4276
msgstr ""
4277
4278
#: serverguide/C/virtualization.xml:831(para)
4279
msgid ""
4280
"A complete description of all available modifiers is available in the "
4281
"manpage of uvt-kvm."
4282
msgstr ""
4283
4284
#: serverguide/C/virtualization.xml:838(para)
4285
msgid ""
4286
"If you are interested in learning more, have questions or suggestions, "
4287
"please contact the Ubuntu Server Team at:"
4288
msgstr ""
4289
4290
#: serverguide/C/virtualization.xml:843(para)
4291
msgid "IRC: #ubuntu-server on freenode"
4292
msgstr ""
4293
4294
#: serverguide/C/virtualization.xml:847(para)
4295
msgid ""
4296
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
4297
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
4298
msgstr ""
4299
4300
#: serverguide/C/virtualization.xml:856(title)
4301
msgid "Ubuntu Cloud"
4302
msgstr ""
4303
4304
#: serverguide/C/virtualization.xml:858(para)
4305
msgid ""
4306
"<application>Cloud computing</application> is a computing model that allows "
4307
"vast pools of resources to be allocated on-demand. These resources such as "
4308
"storage, computing power, network and software are abstracted and delivered "
4309
"as a service over the Internet anywhere, anytime. These services are billed "
4310
"per time consumed similar to the ones used by public services such as "
4311
"electricity, water and telephony. <application>Ubuntu Cloud "
4312
"Infrastructure</application> uses OpenStack open source software to help "
4313
"build highly scalable, cloud computing for both public and private clouds."
4314
msgstr ""
4315
4316
#: serverguide/C/virtualization.xml:869(title)
4317
msgid "Installation and Configuration"
4318
msgstr ""
4319
4320
#: serverguide/C/virtualization.xml:871(para)
4321
msgid ""
4322
"Due to the current high rate of development of this complex technology we "
4323
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
4324
"guide/install/apt/content/\"> upstream documentation</ulink> for all matters "
4325
"concerning installation and configuration."
4326
msgstr ""
4327
4328
#: serverguide/C/virtualization.xml:880(title) serverguide/C/network-config.xml:1728(title)
4329
msgid "Support and Troubleshooting"
4330
msgstr ""
4331
4332
#: serverguide/C/virtualization.xml:882(para)
4333
msgid "Community Support"
4334
msgstr ""
4335
4336
#: serverguide/C/virtualization.xml:886(ulink)
4337
msgid "OpenStack Mailing list"
4338
msgstr ""
4339
4340
#: serverguide/C/virtualization.xml:891(ulink)
4341
msgid "The OpenStack Wiki search"
4342
msgstr ""
4343
4344
#: serverguide/C/virtualization.xml:896(ulink)
4345
msgid "Launchpad bugs area"
4346
msgstr ""
4347
4348
#: serverguide/C/virtualization.xml:901(para)
4349
msgid "Join the IRC channel #openstack on freenode."
4350
msgstr ""
4351
4352
#: serverguide/C/virtualization.xml:912(ulink)
4353
msgid "Cloud Computing - Service models"
4354
msgstr ""
4355
4356
#: serverguide/C/virtualization.xml:918(ulink)
4357
msgid "OpenStack Compute"
4358
msgstr ""
4359
4360
#: serverguide/C/virtualization.xml:924(ulink)
4361
msgid "OpenStack Image Service"
4362
msgstr ""
4363
4364
#: serverguide/C/virtualization.xml:930(ulink)
4365
msgid "OpenStack Object Storage Administration Guide"
4366
msgstr ""
4367
4368
#: serverguide/C/virtualization.xml:936(ulink)
4369
msgid "Installing OpenStack Object Storage on Ubuntu"
4370
msgstr ""
4371
4372
#: serverguide/C/virtualization.xml:942(ulink)
4373
msgid "http://cloudglossary.com/"
4374
msgstr ""
4375
4376
#: serverguide/C/virtualization.xml:952(title)
4377
msgid "LXD"
4378
msgstr ""
4379
4380
#: serverguide/C/virtualization.xml:954(para)
4381
msgid ""
4382
"LXD (pronounced lex-dee) is the lightervisor, or lightweight container "
4383
"hypervisor. While this claim has been controversial, it has been <ulink "
4384
"url=\"http://blog.dustinkirkland.com/2015/09/container-summit-presentation-"
4385
"and-live.html\">quite well justified</ulink> based on the original academic "
4386
"paper. It also nicely distinguishes LXD from <ulink "
4387
"url=\"https://help.ubuntu.com/lts/serverguide/lxc.html\">LXC</ulink>."
4388
msgstr ""
4389
4390
#: serverguide/C/virtualization.xml:963(para)
4391
msgid ""
4392
"LXC (lex-see) is a program which creates and administers \"containers\" on a "
4393
"local system. It also provides an API to allow higher level managers, such "
4394
"as LXD, to administer containers. In a sense, one could compare LXC to QEMU, "
4395
"while comparing LXD to libvirt."
4396
msgstr ""
4397
4398
#: serverguide/C/virtualization.xml:970(para)
4399
msgid ""
4400
"The LXC API deals with a 'container'. The LXD API deals with 'remotes', "
4401
"which serve images and containers. This extends the LXC functionality over "
4402
"the network, and allows concise management of tasks like container migration "
4403
"and container image publishing."
4404
msgstr ""
4405
4406
#: serverguide/C/virtualization.xml:977(para)
4407
msgid ""
4408
"LXD uses LXC under the covers for some container management tasks. However, "
4409
"it keeps its own container configuration information and has its own "
4410
"conventions, so that it is best not to use classic LXC commands by hand with "
4411
"LXD containers. This document will focus on how to configure and administer "
4412
"LXD on Ubuntu systems."
4413
msgstr ""
4414
4415
#: serverguide/C/virtualization.xml:985(title)
4416
msgid "Online Resources"
4417
msgstr ""
4418
4419
#: serverguide/C/virtualization.xml:987(para)
4420
msgid ""
4421
"There is excellent documentation for <ulink "
4422
"url=\"http://github.com/lxc/lxd\">getting started with LXD</ulink> in the "
4423
"online LXD README. There is also an online server allowing you to <ulink "
4424
"url=\"http://linuxcontainers.org/lxd/try-it\">try out LXD remotely</ulink>. "
4425
"Stephane Graber also has an <ulink "
4426
"url=\"https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-"
4427
"012/\">excellent blog series</ulink> on LXD 2.0. Finally, there is great "
4428
"documentation on how to <ulink "
4429
"url=\"https://jujucharms.com/docs/devel/config-LXD\">drive lxd using "
4430
"juju</ulink>."
4431
msgstr ""
4432
4433
#: serverguide/C/virtualization.xml:994(para)
4434
msgid ""
4435
"This document will offer an Ubuntu Server-specific view of LXD, focusing on "
4436
"administration."
4437
msgstr ""
4438
4439
#: serverguide/C/virtualization.xml:1002(para)
4440
msgid ""
4441
"LXD is pre-installed on Ubuntu Server cloud images. On other systems, the "
4442
"lxd package can be installed using:"
4443
msgstr ""
4444
4445
#: serverguide/C/virtualization.xml:1008(command)
4446
msgid "sudo apt install lxd"
4447
msgstr ""
4448
4449
#: serverguide/C/virtualization.xml:1013(para)
4450
msgid ""
4451
"This will install LXD as well as the recommended dependencies, including the "
4452
"LXC library and lxcfs."
4453
msgstr ""
4454
4455
#: serverguide/C/virtualization.xml:1019(title)
4456
msgid "Kernel preparation"
4457
msgstr ""
4458
4459
#: serverguide/C/virtualization.xml:1021(para)
4460
msgid ""
4461
"In general, Ubuntu 16.04 should have all the desired features enabled by "
4462
"default. One exception to this is that in order to enable swap accounting "
4463
"the boot argument <command>swapaccount=1</command> must be set. This can be "
4464
"done by appending it to the "
4465
"<command>GRUB_CMDLINE_LINUX_DEFAULT=</command>variable in /etc/default/grub, "
4466
"then running 'update-grub' as root and rebooting."
4467
msgstr ""
4468
4469
#: serverguide/C/virtualization.xml:1033(para)
4470
msgid ""
4471
"By default, LXD is installed listening on a local UNIX socket, which members "
4472
"of group LXD can talk to. It has no trust password setup. And it uses the "
4473
"filesystem at <filename>/var/lib/lxd</filename> to store containers. To "
4474
"configure LXD with different settings, use <command>lxd init</command>. This "
4475
"will allow you to choose:"
4476
msgstr ""
4477
4478
#: serverguide/C/virtualization.xml:1043(para)
4479
msgid ""
4480
"Directory or <ulink url=\"http://open-zfs.org\">ZFS</ulink> container "
4481
"backend. If you choose ZFS, you can choose which block devices to use, or "
4482
"the size of a file to use as backing store."
4483
msgstr ""
4484
4485
#: serverguide/C/virtualization.xml:1047(para)
4486
msgid "Availability over the network"
4487
msgstr ""
4488
4489
#: serverguide/C/virtualization.xml:1049(para)
4490
msgid ""
4491
"A 'trust password' used by remote clients to vouch for their client "
4492
"certificate"
4493
msgstr ""
4494
4495
#: serverguide/C/virtualization.xml:1053(para)
4496
msgid ""
4497
"You must run 'lxd init' as root. 'lxc' commands can be run as any user who "
4498
"is member of group lxd. If user joe is not a member of group 'lxd', you may "
4499
"run:"
4500
msgstr ""
4501
4502
#: serverguide/C/virtualization.xml:1060(command)
4503
msgid "adduser joe lxd"
4504
msgstr ""
4505
4506
#: serverguide/C/virtualization.xml:1065(para)
4507
msgid ""
4508
"as root to change it. The new membership will take effect on the next login, "
4509
"or after running 'newgrp lxd' from an existing login."
4510
msgstr ""
4511
4512
#: serverguide/C/virtualization.xml:1070(para)
4513
msgid ""
4514
"For more information on server, container, profile, and device "
4515
"configuration, please refer to the definitive configuration provided with "
4516
"the source code, which can be found <ulink "
4517
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\">online</u"
4518
"link>"
4519
msgstr ""
4520
4521
#: serverguide/C/virtualization.xml:1078(title)
4522
msgid "Creating your first container"
4523
msgstr ""
4524
4525
#: serverguide/C/virtualization.xml:1080(para)
4526
msgid "This section will describe the simplest container tasks."
4527
msgstr ""
4528
4529
#: serverguide/C/virtualization.xml:1084(title)
4530
msgid "Creating a container"
4531
msgstr ""
4532
4533
#: serverguide/C/virtualization.xml:1086(para)
4534
msgid ""
4535
"Every new container is created based on either an image, an existing "
4536
"container, or a container snapshot. At install time, LXD is configured with "
4537
"the following image servers:"
4538
msgstr ""
4539
4540
#: serverguide/C/virtualization.xml:1094(para)
4541
msgid ""
4542
"<filename>ubuntu</filename>: this serves official Ubuntu server cloud image "
4543
"releases."
4544
msgstr ""
4545
4546
#: serverguide/C/virtualization.xml:1097(para)
4547
msgid ""
4548
"<filename>ubuntu-daily</filename>: this serves official Ubuntu server cloud "
4549
"images of the daily development releases."
4550
msgstr ""
4551
4552
#: serverguide/C/virtualization.xml:1101(para)
4553
msgid ""
4554
"<filename>images</filename>: this is a default-installed alias for "
4555
"images.linuxcontainers.org. This is serves classical lxc images built using "
4556
"the same images which the LXC 'download' template uses. This includes "
4557
"various distributions and minimal custom-made Ubuntu images. This is not the "
4558
"recommended server for Ubuntu images."
4559
msgstr ""
4560
4561
#: serverguide/C/virtualization.xml:1109(para)
4562
msgid "The command to create and start a container is"
4563
msgstr ""
4564
4565
#: serverguide/C/virtualization.xml:1114(command)
4566
msgid "lxc launch remote:image containername"
4567
msgstr ""
4568
4569
#: serverguide/C/virtualization.xml:1119(para)
4570
msgid ""
4571
"Images are identified by their hash, but are also aliased. The 'ubuntu' "
4572
"server knows many aliases such as '16.04' and 'xenial'. A list of all images "
4573
"available from the Ubuntu Server can be seen using:"
4574
msgstr ""
4575
4576
#: serverguide/C/virtualization.xml:1126(command) serverguide/C/virtualization.xml:1650(command)
4577
msgid "lxc image list ubuntu:"
4578
msgstr ""
4579
4580
#: serverguide/C/virtualization.xml:1131(para)
4581
msgid ""
4582
"To see more information about a particular image, including all the aliases "
4583
"it is known by, you can use:"
4584
msgstr ""
4585
4586
#: serverguide/C/virtualization.xml:1137(command)
4587
msgid "lxc image info ubuntu:xenial"
4588
msgstr ""
4589
4590
#: serverguide/C/virtualization.xml:1142(para)
4591
msgid ""
4592
"You can generally refer to an Ubuntu image using the release name ('xenial') "
4593
"or the release number (16.04). In addition, 'lts' is an alias for the latest "
4594
"supported LTS release. To choose a different architecture, you can specify "
4595
"the desired architecture:"
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:1150(command)
4599
msgid "lxc image info ubuntu:lts/arm64"
4600
msgstr ""
4601
4602
#: serverguide/C/virtualization.xml:1155(para)
4603
msgid "Now, let's start our first container:"
4604
msgstr ""
4605
4606
#: serverguide/C/virtualization.xml:1160(command)
4607
msgid "lxc launch ubuntu:xenial x1"
4608
msgstr ""
4609
4610
#: serverguide/C/virtualization.xml:1165(para)
4611
msgid ""
4612
"This will download the official current Xenial cloud image for your current "
4613
"architecture, then create a container using that image, and finally start "
4614
"it. Once the command returns, you can see it using:"
4615
msgstr ""
4616
4617
#: serverguide/C/virtualization.xml:1172(command)
4618
msgid "lxc list lxc info x1"
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:1178(para)
4622
msgid "and open a shell in it using:"
4623
msgstr ""
4624
4625
#: serverguide/C/virtualization.xml:1183(command)
4626
msgid "lxc exec x1 bash"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:1188(para)
4630
msgid ""
4631
"The try-it page gives a full synopsis of the commands you can use to "
4632
"administer containers."
4633
msgstr ""
4634
4635
#: serverguide/C/virtualization.xml:1193(para)
4636
msgid ""
4637
"Now that the 'xenial' image has been downloaded, it will be kept in sync "
4638
"until no new containers have been created based on it for (by default) 10 "
4639
"days. After that, it will be deleted."
4640
msgstr ""
4641
4642
#: serverguide/C/virtualization.xml:1201(title)
4643
msgid "LXD Server Configuration"
4644
msgstr ""
4645
4646
#: serverguide/C/virtualization.xml:1203(para)
4647
msgid ""
4648
"By default, LXD is socket activated and configured to listen only on a local "
4649
"UNIX socket. While LXD may not be running when you first look at the process "
4650
"listing, any LXC command will start it up. For instance:"
4651
msgstr ""
4652
4653
#: serverguide/C/virtualization.xml:1210(command)
4654
msgid "lxc list"
4655
msgstr ""
4656
4657
#: serverguide/C/virtualization.xml:1215(para)
4658
msgid ""
4659
"This will create your client certificate and contact the LXD server for a "
4660
"list of containers. To make the server accessible over the network you can "
4661
"set the http port using:"
4662
msgstr ""
4663
4664
#: serverguide/C/virtualization.xml:1222(command)
4665
msgid "lxc config set core.https_address :8443"
4666
msgstr ""
4667
4668
#: serverguide/C/virtualization.xml:1227(para)
4669
msgid "This will tell LXD to listen to port 8843 on all addresses."
4670
msgstr ""
4671
4672
#: serverguide/C/virtualization.xml:1231(title)
4673
msgid "Authentication"
4674
msgstr ""
4675
4676
#: serverguide/C/virtualization.xml:1233(para)
4677
msgid ""
4678
"By default, LXD will allow all members of group 'lxd' (which by default "
4679
"includes all members of group admin) to talk to it over the UNIX socket. "
4680
"Communication over the network is authorized using server and client "
4681
"certificates."
4682
msgstr ""
4683
4684
#: serverguide/C/virtualization.xml:1239(para)
4685
msgid ""
4686
"Before client c1 wishes to use remote r1, r1 must be registered using:"
4687
msgstr ""
4688
4689
#: serverguide/C/virtualization.xml:1244(command)
4690
msgid "lxc remote add r1 r1.example.com:8443"
4691
msgstr ""
4692
4693
#: serverguide/C/virtualization.xml:1249(para)
4694
msgid ""
4695
"The fingerprint of r1's certificate will be shown, to allow the user at c1 "
4696
"to reject a false certificate. The server in turn will verify that c1 may be "
4697
"trusted in one of two ways. The first is to register it in advance from any "
4698
"already-registered client, using:"
4699
msgstr ""
4700
4701
#: serverguide/C/virtualization.xml:1257(command)
4702
msgid "lxc config trust add r1 certfile.crt"
4703
msgstr ""
4704
4705
#: serverguide/C/virtualization.xml:1262(para)
4706
msgid ""
4707
"Now when the client adds r1 as a known remote, it will not need to provide a "
4708
"password as it is already trusted by the server."
4709
msgstr ""
4710
4711
#: serverguide/C/virtualization.xml:1267(para)
4712
msgid ""
4713
"The other is to configure a 'trust password' with r1, either at initial "
4714
"configuration using 'lxd init', or after the fact using"
4715
msgstr ""
4716
4717
#: serverguide/C/virtualization.xml:1273(command)
4718
msgid "lxc config set core.trust_password PASSWORD"
4719
msgstr ""
4720
4721
#: serverguide/C/virtualization.xml:1278(para)
4722
msgid ""
4723
"The password can then be provided when the client registers r1 as a known "
4724
"remote."
4725
msgstr ""
4726
4727
#: serverguide/C/virtualization.xml:1285(title)
4728
msgid "Backing store"
4729
msgstr ""
4730
4731
#: serverguide/C/virtualization.xml:1287(para)
4732
msgid ""
4733
"LXD supports several backing stores. The recommended backing store is ZFS, "
4734
"however this is not available on all platforms. Supported backing stores "
4735
"include:"
4736
msgstr ""
4737
4738
#: serverguide/C/virtualization.xml:1295(para)
4739
msgid ""
4740
"ext4: this is the default, and easiest to use. With an ext4 backing store, "
4741
"containers and images are simply stored as directories on the host "
4742
"filesystem. Launching new containers requires copying a whole filesystem, "
4743
"and 10 containers will take up 10 times as much space as one container."
4744
msgstr ""
4745
4746
#: serverguide/C/virtualization.xml:1304(para)
4747
msgid ""
4748
"ZFS: if ZFS is supported on your architecture (amd64, arm64, or ppc64le), "
4749
"you can set LXD up to use it using 'lxd init'. If you already have a ZFS "
4750
"pool configured, you can tell LXD to use it by setting the zfs_pool_name "
4751
"configuration key:"
4752
msgstr ""
4753
4754
#: serverguide/C/virtualization.xml:1312(command)
4755
msgid "lxc config set storage.zfs_pool_name lxd"
4756
msgstr ""
4757
4758
#: serverguide/C/virtualization.xml:1317(para)
4759
msgid ""
4760
"With ZFS, launching a new container is fast because the filesystem starts as "
4761
"a copy on write clone of the images' filesystem. Note that unless the "
4762
"container is privileged (see below) LXD will need to change ownership of all "
4763
"files before the container can start, however this is fast and change very "
4764
"little of the actual filesystem data."
4765
msgstr ""
4766
4767
#: serverguide/C/virtualization.xml:1327(para)
4768
msgid ""
4769
"Btrfs: btrfs can be used with many of the same advantages as ZFS. To use "
4770
"BTRFS as a LXD backing store, simply mount a Btrfs filesystem under "
4771
"<filename>/var/lib/lxd</filename>. LXD will detect this and exploit the "
4772
"Btrfs subvolume feature whenever launching a new container or snapshotting a "
4773
"container."
4774
msgstr ""
4775
4776
#: serverguide/C/virtualization.xml:1337(para)
4777
msgid ""
4778
"LVM: To use a LVM volume group called 'lxd', you may tell LXD to use that "
4779
"for containers and images using the command"
4780
msgstr ""
4781
4782
#: serverguide/C/virtualization.xml:1343(command)
4783
msgid "lxc config set storage.lvm_vg_name lxd"
4784
msgstr ""
4785
4786
#: serverguide/C/virtualization.xml:1348(para)
4787
msgid ""
4788
"When launching a new container, its rootfs will start as a lv clone. It is "
4789
"immediately mounted so that the file uids can be shifted, then unmounted. "
4790
"Container snapshots also are created as lv snapshots."
4791
msgstr ""
4792
4793
#: serverguide/C/virtualization.xml:1358(title)
4794
msgid "Container configuration"
4795
msgstr ""
4796
4797
#: serverguide/C/virtualization.xml:1360(para)
4798
msgid ""
4799
"Containers are configured according to a set of profiles, described in the "
4800
"next section, and a set of container-specific configuration. Profiles are "
4801
"applied first, so that container specific configuration can override profile "
4802
"configuration."
4803
msgstr ""
4804
4805
#: serverguide/C/virtualization.xml:1367(para)
4806
msgid ""
4807
"Container configuration includes properties like the architecture, limits on "
4808
"resources such as CPU and RAM, security details including apparmor "
4809
"restriction overrides, and devices to apply to the container."
4810
msgstr ""
4811
4812
#: serverguide/C/virtualization.xml:1373(para)
4813
msgid ""
4814
"Devices can be of several types, including UNIX character, UNIX block, "
4815
"network interface, or 'disk'. In order to insert a host mount into a "
4816
"container, a 'disk' device type would be used. For instance, to mount /opt "
4817
"in container c1 at /opt, you could use:"
4818
msgstr ""
4819
4820
#: serverguide/C/virtualization.xml:1381(command)
4821
msgid "lxc config device add c1 opt disk source=/opt path=opt"
4822
msgstr ""
4823
4824
#: serverguide/C/virtualization.xml:1386(para)
4825
msgid "See:"
4826
msgstr ""
4827
4828
#: serverguide/C/virtualization.xml:1391(command)
4829
msgid "lxc help config"
4830
msgstr ""
4831
4832
#: serverguide/C/virtualization.xml:1396(para)
4833
msgid ""
4834
"for more information about editing container configurations. You may also "
4835
"use:"
4836
msgstr ""
4837
4838
#: serverguide/C/virtualization.xml:1402(command)
4839
msgid "lxc config edit c1"
4840
msgstr ""
4841
4842
#: serverguide/C/virtualization.xml:1407(para)
4843
msgid ""
4844
"to edit the whole of c1's configuration in your specified $EDITOR. Comments "
4845
"at the top of the configuration will show examples of correct syntax to help "
4846
"administrators hit the ground running. If the edited configuration is not "
4847
"valid when the $EDITOR is exited, then $EDITOR will be restarted."
4848
msgstr ""
4849
4850
#: serverguide/C/virtualization.xml:1417(title) serverguide/C/security.xml:1065(title)
4851
msgid "Profiles"
4852
msgstr ""
4853
4854
#: serverguide/C/virtualization.xml:1419(para)
4855
msgid ""
4856
"Profiles are named collections of configurations which may be applied to "
4857
"more than one container. For instance, all containers created with 'lxc "
4858
"launch', by default, include the 'default' profile, which provides a network "
4859
"interface 'eth0'."
4860
msgstr ""
4861
4862
#: serverguide/C/virtualization.xml:1426(para)
4863
msgid ""
4864
"To mask a device which would be inherited from a profile but which should "
4865
"not be in the final container, define a device by the same name but of type "
4866
"'none':"
4867
msgstr ""
4868
4869
#: serverguide/C/virtualization.xml:1433(command)
4870
msgid "lxc config device add c1 eth1 none"
4871
msgstr ""
4872
4873
#: serverguide/C/virtualization.xml:1439(title) serverguide/C/virtualization.xml:2031(title)
4874
msgid "Nesting"
4875
msgstr ""
4876
4877
#: serverguide/C/virtualization.xml:1441(para)
4878
msgid ""
4879
"Containers all share the same host kernel. This means that there is always "
4880
"an inherent trade-off between features exposed to the container and host "
4881
"security from malicious containers. Containers by default are therefore "
4882
"restricted from features needed to nest child containers. In order to run "
4883
"lxc or lxd containers under a lxd container, the 'security.nesting' feature "
4884
"must be set to true:"
4885
msgstr ""
4886
4887
#: serverguide/C/virtualization.xml:1451(command)
4888
msgid "lxc config set container1 security.nesting true"
4889
msgstr ""
4890
4891
#: serverguide/C/virtualization.xml:1456(para)
4892
msgid "Once this is done, container1 will be able to start sub-containers."
4893
msgstr ""
4894
4895
#: serverguide/C/virtualization.xml:1460(para)
4896
msgid ""
4897
"In order to run unprivileged (the default in LXD) containers nested under an "
4898
"unprivileged container, you will need to ensure a wide enough UID mapping. "
4899
"Please see the 'UID mapping' section below."
4900
msgstr ""
4901
4902
#: serverguide/C/virtualization.xml:1466(title)
4903
msgid "Docker"
4904
msgstr ""
4905
4906
#: serverguide/C/virtualization.xml:1468(para)
4907
msgid ""
4908
"In order to facilitate running docker containers inside a LXD container, a "
4909
"'docker' profile is provided. To launch a new container with the docker "
4910
"profile, you can run:"
4911
msgstr ""
4912
4913
#: serverguide/C/virtualization.xml:1475(command)
4914
msgid "lxc launch xenial container1 -p default -p docker"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:1480(para)
4918
msgid ""
4919
"Note that currently the docker package in Ubuntu 16.04 is patched to "
4920
"facilitate running in a container. This support is expected to land upstream "
4921
"soon."
4922
msgstr ""
4923
4924
#: serverguide/C/virtualization.xml:1486(para)
4925
msgid ""
4926
"Note that 'cgroup namespace' support is also required. This is available in "
4927
"the 16.04 kernel as well as in the 4.6 upstream source."
4928
msgstr ""
4929
4930
#: serverguide/C/virtualization.xml:1495(title)
4931
msgid "Limits"
4932
msgstr ""
4933
4934
#: serverguide/C/virtualization.xml:1497(para)
4935
msgid ""
4936
"LXD supports flexible constraints on the resources which containers can "
4937
"consume. The limits come in the following categories:"
4938
msgstr ""
4939
4940
#: serverguide/C/virtualization.xml:1504(para)
4941
msgid "CPU: limit cpu available to the container in several ways."
4942
msgstr ""
4943
4944
#: serverguide/C/virtualization.xml:1507(para)
4945
msgid "Disk: configure the priority of I/O requests under load"
4946
msgstr ""
4947
4948
#: serverguide/C/virtualization.xml:1510(para)
4949
msgid "RAM: configure memory and swap availability"
4950
msgstr ""
4951
4952
#: serverguide/C/virtualization.xml:1513(para)
4953
msgid "Network: configure the network priority under load"
4954
msgstr ""
4955
4956
#: serverguide/C/virtualization.xml:1516(para)
4957
msgid "Processes: limit the number of concurrent processes in the container."
4958
msgstr ""
4959
4960
#: serverguide/C/virtualization.xml:1520(para)
4961
msgid ""
4962
"For a full list of limits known to LXD, see <ulink "
4963
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\"> the "
4964
"configuration documentation</ulink>."
4965
msgstr ""
4966
4967
#: serverguide/C/virtualization.xml:1528(title)
4968
msgid "UID mappings and Privileged containers"
4969
msgstr ""
4970
4971
#: serverguide/C/virtualization.xml:1530(para)
4972
msgid ""
4973
"By default, LXD creates unprivileged containers. This means that root in the "
4974
"container is a non-root UID on the host. It is privileged against the "
4975
"resources owned by the container, but unprivileged with respect to the host, "
4976
"making root in a container roughly equivalent to an unprivileged user on the "
4977
"host. (The main exception is the increased attack surface exposed through "
4978
"the system call interface)"
4979
msgstr ""
4980
4981
#: serverguide/C/virtualization.xml:1539(para)
4982
msgid ""
4983
"Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the "
4984
"container. For instance, UID 0 in the container may be 100000 on the host, "
4985
"UID 1 in the container is 100001, etc, up to 165535. The starting value for "
4986
"UIDs and GIDs, respectively, is determined by the 'root' entry the "
4987
"<filename>/etc/subuid</filename> and <filename>/etc/subgid</filename> files. "
4988
"(See the <ulink "
4989
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/subuid.5.html\"> "
4990
"subuid(5) manual page</ulink>."
4991
msgstr ""
4992
4993
#: serverguide/C/virtualization.xml:1549(para)
4994
msgid ""
4995
"It is possible to request a container to run without a UID mapping by "
4996
"setting the security.privileged flag to true:"
4997
msgstr ""
4998
4999
#: serverguide/C/virtualization.xml:1555(command)
5000
msgid "lxc config set c1 security.privileged true"
5001
msgstr ""
5002
5003
#: serverguide/C/virtualization.xml:1560(para)
5004
msgid ""
5005
"Note however that in this case the root user in the container is the root "
5006
"user on the host."
5007
msgstr ""
5008
5009
#: serverguide/C/virtualization.xml:1567(title) serverguide/C/virtualization.xml:2306(title)
5010
msgid "Apparmor"
5011
msgstr ""
5012
5013
#: serverguide/C/virtualization.xml:1569(para)
5014
msgid ""
5015
"LXD confines containers by default with an apparmor profile which protects "
5016
"containers from each other and the host from containers. For instance this "
5017
"will prevent root in one container from signaling root in another container, "
5018
"even though they have the same uid mapping. It also prevents writing to "
5019
"dangerous, un-namespaced files such as many sysctls and <filename> "
5020
"/proc/sysrq-trigger</filename>."
5021
msgstr ""
5022
5023
#: serverguide/C/virtualization.xml:1578(para)
5024
msgid ""
5025
"If the apparmor policy for a container needs to be modified for a container "
5026
"c1, specific apparmor policy lines can be added in the 'raw.apparmor' "
5027
"configuration key."
5028
msgstr ""
5029
5030
#: serverguide/C/virtualization.xml:1586(title)
5031
msgid "Seccomp"
5032
msgstr ""
5033
5034
#: serverguide/C/virtualization.xml:1588(para)
5035
msgid ""
5036
"All containers are confined by a default seccomp policy. This policy "
5037
"prevents some dangerous actions such as forced umounts, kernel module "
5038
"loading and unloading, kexec, and the open_by_handle_at system call. The "
5039
"seccomp configuration cannot be modified, however a completely different "
5040
"seccomp policy - or none - can be requested using raw.lxc (see below)."
5041
msgstr ""
5042
5043
#: serverguide/C/virtualization.xml:1598(title)
5044
msgid "Raw LXC configuration"
5045
msgstr ""
5046
5047
#: serverguide/C/virtualization.xml:1600(para)
5048
msgid ""
5049
"LXD configures containers for the best balance of host safety and container "
5050
"usability. Whenever possible it is highly recommended to use the defaults, "
5051
"and use the LXD configuration keys to request LXD to modify as needed. "
5052
"Sometimes, however, it may be necessary to talk to the underlying lxc driver "
5053
"itself. This can be done by specifying LXC configuration items in the "
5054
"'raw.lxc' LXD configuration key. These must be valid items as documented in "
5055
"<ulink "
5056
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/lxc.container.conf.5"
5057
".html\"> the lxc.container.conf(5) manual page</ulink>."
5058
msgstr ""
5059
5060
#: serverguide/C/virtualization.xml:1619(title)
5061
msgid "Images and containers"
5062
msgstr ""
5063
5064
#: serverguide/C/virtualization.xml:1621(para)
5065
msgid ""
5066
"LXD is image based. When you create your first container, you will generally "
5067
"do so using an existing image. LXD comes pre-configured with three default "
5068
"image remotes:"
5069
msgstr ""
5070
5071
#: serverguide/C/virtualization.xml:1629(para)
5072
msgid ""
5073
"ubuntu: This is a <ulink "
5074
"url=\"https://launchpad.net/simplestreams\">simplestreams-based</ulink> "
5075
"remote serving released ubuntu cloud images."
5076
msgstr ""
5077
5078
#: serverguide/C/virtualization.xml:1634(para)
5079
msgid ""
5080
"ubuntu-daily: This is another simplestreams based remote which serves "
5081
"'daily' ubuntu cloud images. These provide quicker but potentially less "
5082
"stable images."
5083
msgstr ""
5084
5085
#: serverguide/C/virtualization.xml:1640(para)
5086
msgid ""
5087
"images: This is a remote publishing best-effort container images for many "
5088
"distributions, created using community-provided build scripts."
5089
msgstr ""
5090
5091
#: serverguide/C/virtualization.xml:1645(para)
5092
msgid "To view the images available on one of these servers, you can use:"
5093
msgstr ""
5094
5095
#: serverguide/C/virtualization.xml:1655(para)
5096
msgid ""
5097
"Most of the images are known by several aliases for easier reference. To see "
5098
"the full list of aliases, you can use"
5099
msgstr ""
5100
5101
#: serverguide/C/virtualization.xml:1661(command)
5102
msgid "lxc image alias list images:"
5103
msgstr ""
5104
5105
#: serverguide/C/virtualization.xml:1666(para)
5106
msgid ""
5107
"Any alias or image fingerprint can be used to specify how to create the new "
5108
"container. For instance, to create an amd64 Ubuntu 14.04 container, some "
5109
"options are:"
5110
msgstr ""
5111
5112
#: serverguide/C/virtualization.xml:1673(command)
5113
msgid ""
5114
"lxc launch ubuntu:14.04 trusty1 lxc launch ubuntu:trusty trusty1 lxc launch "
5115
"ubuntu:trusty/amd64 trusty1 lxc launch ubuntu:lts trusty1"
5116
msgstr ""
5117
5118
#: serverguide/C/virtualization.xml:1681(para)
5119
msgid "The 'lts' alias always refers to the latest released LTS image."
5120
msgstr ""
5121
5122
#: serverguide/C/virtualization.xml:1685(title) serverguide/C/virtualization.xml:2514(title)
5123
msgid "Snapshots"
5124
msgstr ""
5125
5126
#: serverguide/C/virtualization.xml:1687(para)
5127
msgid ""
5128
"Containers can be renamed and live-migrated using the 'lxc move' command:"
5129
msgstr ""
5130
5131
#: serverguide/C/virtualization.xml:1692(command)
5132
msgid "lxc move c1 final-beta"
5133
msgstr ""
5134
5135
#: serverguide/C/virtualization.xml:1697(para)
5136
msgid "They can also be snapshotted:"
5137
msgstr ""
5138
5139
#: serverguide/C/virtualization.xml:1702(command)
5140
msgid "lxc snapshot c1 YYYY-MM-DD"
5141
msgstr ""
5142
5143
#: serverguide/C/virtualization.xml:1707(para)
5144
msgid "Later changes to c1 can then be reverted by restoring the snapshot:"
5145
msgstr ""
5146
5147
#: serverguide/C/virtualization.xml:1712(command)
5148
msgid "lxc restore u1 YYYY-MM-DD"
5149
msgstr ""
5150
5151
#: serverguide/C/virtualization.xml:1717(para)
5152
msgid ""
5153
"New containers can also be created by copying a container or snapshot:"
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:1722(command)
5157
msgid "lxc copy u1/YYYY-MM-DD testcontainer"
5158
msgstr ""
5159
5160
#: serverguide/C/virtualization.xml:1729(title)
5161
msgid "Publishing images"
5162
msgstr ""
5163
5164
#: serverguide/C/virtualization.xml:1731(para)
5165
msgid ""
5166
"When a container or container snapshot is ready for consumption by others, "
5167
"it can be published as a new image using;"
5168
msgstr ""
5169
5170
#: serverguide/C/virtualization.xml:1737(command)
5171
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0"
5172
msgstr ""
5173
5174
#: serverguide/C/virtualization.xml:1742(para)
5175
msgid ""
5176
"The published image will be private by default, meaning that LXD will not "
5177
"allow clients without a trusted certificate to see them. If the image is "
5178
"safe for public viewing (i.e. contains no private information), then the "
5179
"'public' flag can be set, either at publish time using"
5180
msgstr ""
5181
5182
#: serverguide/C/virtualization.xml:1750(command)
5183
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0 public=true"
5184
msgstr ""
5185
5186
#: serverguide/C/virtualization.xml:1755(para)
5187
msgid "or after the fact using"
5188
msgstr ""
5189
5190
#: serverguide/C/virtualization.xml:1760(command)
5191
msgid "lxc image edit foo-2.0"
5192
msgstr ""
5193
5194
#: serverguide/C/virtualization.xml:1765(para)
5195
msgid "and changing the value of the public field."
5196
msgstr ""
5197
5198
#: serverguide/C/virtualization.xml:1771(title)
5199
msgid "Image export and import"
5200
msgstr ""
5201
5202
#: serverguide/C/virtualization.xml:1773(para)
5203
msgid "Image can be exported as, and imported from, tarballs:"
5204
msgstr ""
5205
5206
#: serverguide/C/virtualization.xml:1778(command)
5207
msgid ""
5208
"lxc image export foo-2.0 foo-2.0.tar.gz lxc image import foo-2.0.tar.gz --"
5209
"alias foo-2.0 --public"
5210
msgstr ""
5211
5212
#: serverguide/C/virtualization.xml:1787(title) serverguide/C/virtualization.xml:2667(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
5213
msgid "Troubleshooting"
5214
msgstr "การแก้ปัญหา"
5215
5216
#: serverguide/C/virtualization.xml:1789(para)
5217
msgid ""
5218
"To view debug information about LXD itself, on a systemd based host use"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:1794(command)
5222
msgid "journalctl -u LXD"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:1799(para)
5226
msgid ""
5227
"On an Upstart-based system, you can find the log in "
5228
"<filename>/var/log/upstart/lxd.log</filename>. To make LXD provide much more "
5229
"information about requests it is serving, add '--debug' to LXD's arguments. "
5230
"In systemd, append '--debug' to the 'ExecStart=' line in "
5231
"<filename>/lib/systemd/system/lxd.service</filename>. In Upstart, append it "
5232
"to the <command>exec /usr/bin/lxd</command> line in "
5233
"<filename>/etc/init/lxd.conf</filename>."
5234
msgstr ""
5235
5236
#: serverguide/C/virtualization.xml:1809(para)
5237
msgid "Container logfiles for container c1 may be seen using:"
5238
msgstr ""
5239
5240
#: serverguide/C/virtualization.xml:1814(command)
5241
msgid "lxc info c1 --show-log"
5242
msgstr ""
5243
5244
#: serverguide/C/virtualization.xml:1819(para)
5245
msgid ""
5246
"The configuration file which was used may be found under <filename> "
5247
"/var/log/lxd/c1/lxc.conf</filename> while apparmor profiles can be found in "
5248
"<filename> /var/lib/lxd/security/apparmor/profiles/c1</filename> and seccomp "
5249
"profiles in <filename> /var/lib/lxd/security/seccomp/c1</filename>."
5250
msgstr ""
5251
5252
#: serverguide/C/virtualization.xml:1829(title)
5253
msgid "LXC"
5254
msgstr ""
5255
5256
#: serverguide/C/virtualization.xml:1831(para)
5257
msgid ""
5258
"Containers are a lightweight virtualization technology. They are more akin "
5259
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
5260
"because they do not emulate hardware and because containers share the same "
5261
"operating system as the host. Containers are similar to Solaris zones or BSD "
5262
"jails. Linux-vserver and OpenVZ are two pre-existing, independently "
5263
"developed implementations of containers-like functionality for Linux. In "
5264
"fact, containers came about as a result of the work to upstream the vserver "
5265
"and OpenVZ functionality."
5266
msgstr ""
5267
5268
#: serverguide/C/virtualization.xml:1841(para)
5269
msgid ""
5270
"There are two user-space implementations of containers, each exploiting the "
5271
"same kernel features. Libvirt allows the use of containers through the LXC "
5272
"driver by connecting to 'lxc:///'. This can be very convenient as it "
5273
"supports the same usage as its other drivers. The other implementation, "
5274
"called simply 'LXC', is not compatible with libvirt, but is more flexible "
5275
"with more userspace tools. It is possible to switch between the two, though "
5276
"there are peculiarities which can cause confusion."
5277
msgstr ""
5278
5279
#: serverguide/C/virtualization.xml:1850(para)
5280
msgid ""
5281
"In this document we will mainly describe the <application>lxc</application> "
5282
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
5283
"Apparmor protection for libvirt-lxc containers."
5284
msgstr ""
5285
5286
#: serverguide/C/virtualization.xml:1855(para)
5287
msgid "In this document, a container name will be shown as CN, C1, or C2."
5288
msgstr ""
5289
5290
#: serverguide/C/virtualization.xml:1861(para)
5291
msgid "The <application>lxc</application> package can be installed using"
5292
msgstr ""
5293
5294
#: serverguide/C/virtualization.xml:1865(command)
5295
msgid "sudo apt install lxc"
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1870(para)
5299
msgid ""
5300
"This will pull in the required and recommended dependencies, as well as set "
5301
"up a network bridge for containers to use. If you wish to use unprivileged "
5302
"containers, you will need to ensure that users have sufficient allocated "
5303
"subuids and subgids, and will likely want to allow users to connect "
5304
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
5305
msgstr ""
5306
5307
#: serverguide/C/virtualization.xml:1880(title) serverguide/C/vcs.xml:111(title)
5308
msgid "Basic usage"
5309
msgstr ""
5310
5311
#: serverguide/C/virtualization.xml:1881(para)
5312
msgid ""
5313
"LXC can be used in two distinct ways - privileged, by running the lxc "
5314
"commands as the root user; or unprivileged, by running the lxc commands as a "
5315
"non-root user. (The starting of unprivileged containers by the root user is "
5316
"possible, but not described here.) Unprivileged containers are more limited, "
5317
"for instance being unable to create device nodes or mount block-backed "
5318
"filesystems. However they are less dangerous to the host, as the root userid "
5319
"in the container is mapped to a non-root userid on the host."
5320
msgstr ""
5321
5322
#: serverguide/C/virtualization.xml:1893(title)
5323
msgid "Basic privileged usage"
5324
msgstr ""
5325
5326
#: serverguide/C/virtualization.xml:1894(para)
5327
msgid "To create a privileged container, you can simply do:"
5328
msgstr ""
5329
5330
#: serverguide/C/virtualization.xml:1898(command)
5331
msgid "sudo lxc-create --template download --name u1"
5332
msgstr ""
5333
5334
#: serverguide/C/virtualization.xml:1902(command)
5335
msgid "sudo lxc-create -t download -n u1"
5336
msgstr ""
5337
5338
#: serverguide/C/virtualization.xml:1897(screen)
5339
#, no-wrap
5340
msgid ""
5341
"\n"
5342
"<placeholder-1/>\n"
5343
"or, abbreviated\n"
5344
"<placeholder-2/>\n"
5345
msgstr ""
5346
5347
#: serverguide/C/virtualization.xml:1906(para)
5348
msgid ""
5349
"This will interactively ask for a container root filesystem type to download "
5350
"- in particular the distribution, release, and architecture. To create the "
5351
"container non-interactively, you can specify these values on the command "
5352
"line:"
5353
msgstr ""
5354
5355
#: serverguide/C/virtualization.xml:1913(command)
5356
msgid ""
5357
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release xenial --arch "
5358
"amd64"
5359
msgstr ""
5360
5361
#: serverguide/C/virtualization.xml:1917(command)
5362
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64"
5363
msgstr ""
5364
5365
#: serverguide/C/virtualization.xml:1912(screen)
5366
#, no-wrap
5367
msgid ""
5368
"\n"
5369
"<placeholder-1/>\n"
5370
"or\n"
5371
"<placeholder-2/>\n"
5372
msgstr ""
5373
5374
#: serverguide/C/virtualization.xml:1922(para)
5375
msgid ""
5376
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
5377
"info</command> to obtain detailed container information, <command>lxc-"
5378
"start</command> to start and <command>lxc-stop</command> to stop the "
5379
"container. <command>lxc-attach</command> and <command>lxc-console</command> "
5380
"allow you to enter a container, if ssh is not an option. <command>lxc-"
5381
"destroy</command> removes the container, including its rootfs. See the "
5382
"manual pages for more information on each command. An example session might "
5383
"look like:"
5384
msgstr ""
5385
5386
#: serverguide/C/virtualization.xml:1933(command)
5387
msgid ""
5388
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
5389
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
5390
msgstr ""
5391
5392
#: serverguide/C/virtualization.xml:1945(title)
5393
msgid "User namespaces"
5394
msgstr ""
5395
5396
#: serverguide/C/virtualization.xml:1946(para)
5397
msgid ""
5398
"Unprivileged containers allow users to create and administer containers "
5399
"without having any root privilege. The feature underpinning this is called "
5400
"user namespaces. User namespaces are hierarchical, with privileged tasks in "
5401
"a parent namespace being able to map its ids into child namespaces. By "
5402
"default every task on the host runs in the initial user namespace, where the "
5403
"full range of ids is mapped onto the full range. This can be seen by looking "
5404
"at /proc/self/uid_map and /proc/self/gid_map, which both will show \"0 0 "
5405
"4294967295\" when read from the initial user namespace. As of Ubuntu 14.04, "
5406
"when new users are created they are by default offered a range of userids. "
5407
"The list of assigned ids can be seen in the files "
5408
"<filename>/etc/subuid</filename> and <filename>/etc/subgid</filename> See "
5409
"their respective manpages for more information. Subuids and subgids are by "
5410
"convention started at id 100000 to avoid conflicting with system users."
5411
msgstr ""
5412
5413
#: serverguide/C/virtualization.xml:1964(para)
5414
msgid ""
5415
"If a user was created on an earlier release, it can be granted a range of "
5416
"ids using <command>usermod</command>, as follows:"
5417
msgstr ""
5418
5419
#: serverguide/C/virtualization.xml:1969(command)
5420
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
5421
msgstr ""
5422
5423
#: serverguide/C/virtualization.xml:1974(para)
5424
msgid ""
5425
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
5426
"are setuid-root programs in the <filename>uidmap</filename> package, which "
5427
"are used internally by lxc to map subuids and subgids from the host into the "
5428
"unprivileged container. They ensure that the user only maps ids which are "
5429
"authorized by the host configuration."
5430
msgstr ""
5431
5432
#: serverguide/C/virtualization.xml:1985(title)
5433
msgid "Basic unprivileged usage"
5434
msgstr ""
5435
5436
#: serverguide/C/virtualization.xml:1989(para)
5437
msgid ""
5438
"To create unprivileged containers, a few first steps are needed. You will "
5439
"need to create a default container configuration file, specifying your "
5440
"desired id mappings and network setup, as well as configure the host to "
5441
"allow the unprivileged user to hook into the host network. The example below "
5442
"assumes that your mapped user and group id ranges are 100000-165536. Check "
5443
"your actual user and group id ranges and modify the example accordingly:"
5444
msgstr ""
5445
5446
#: serverguide/C/virtualization.xml:1999(command)
5447
msgid "grep $USER /etc/subuid grep $USER /etc/subgid"
5448
msgstr ""
5449
5450
#: serverguide/C/virtualization.xml:2005(command)
5451
msgid ""
5452
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
5453
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
5454
"~/.config/lxc/default.conf echo \"lxc.network.type = veth\" >> "
5455
"~/.config/lxc/default.conf echo \"lxc.network.link = lxcbr0\" >> "
5456
"~/.config/lxc/default.conf echo \"$USER veth lxcbr0 2\" | sudo tee -a "
5457
"/etc/lxc/lxc-usernet"
5458
msgstr ""
5459
5460
#: serverguide/C/virtualization.xml:2015(para)
5461
msgid ""
5462
"After this, you can create unprivileged containers the same way as "
5463
"privileged ones, simply without using sudo."
5464
msgstr ""
5465
5466
#: serverguide/C/virtualization.xml:2020(command)
5467
msgid ""
5468
"lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64 lxc-start -n u1 "
5469
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
5470
msgstr ""
5471
5472
#: serverguide/C/virtualization.xml:2032(para)
5473
msgid ""
5474
"In order to run containers inside containers - referred to as nested "
5475
"containers - two lines must be present in the parent container configuration "
5476
"file: <screen>\n"
5477
"lxc.mount.auto = cgroup\n"
5478
"lxc.aa_profile = lxc-container-default-with-nesting\n"
5479
"</screen> The first will cause the cgroup manager socket to be bound into "
5480
"the container, so that lxc inside the container is able to administer "
5481
"cgroups for its nested containers. The second causes the container to run in "
5482
"a looser Apparmor policy which allows the container to do the mounting "
5483
"required for starting containers. Note that this policy, when used with a "
5484
"privileged container, is much less safe than the regular policy or an "
5485
"unprivileged container. See <xref linkend=\"lxc-apparmor\"/> for more "
5486
"information."
5487
msgstr ""
5488
5489
#: serverguide/C/virtualization.xml:2054(title)
5490
msgid "Global configuration"
5491
msgstr ""
5492
5493
#: serverguide/C/virtualization.xml:2061(para)
5494
msgid ""
5495
"<filename>lxc.conf</filename> may optionally specify alternate values for "
5496
"several lxc settings, including the lxcpath, the default configuration, "
5497
"cgroups to use, a cgroup creation pattern, and storage backend settings for "
5498
"lvm and zfs."
5499
msgstr ""
5500
5501
#: serverguide/C/virtualization.xml:2067(para)
5502
msgid ""
5503
"<filename>default.conf</filename> specifies configuration which every newly "
5504
"created container should contain. This usually contains at least a network "
5505
"section, and, for unprivileged users, an id mapping section"
5506
msgstr ""
5507
5508
#: serverguide/C/virtualization.xml:2073(para)
5509
msgid ""
5510
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
5511
"connect their containers to the host-owned network."
5512
msgstr ""
5513
5514
#: serverguide/C/virtualization.xml:2055(para)
5515
msgid ""
5516
"The following configuration files are consulted by LXC. For privileged use, "
5517
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
5518
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
5519
msgstr ""
5520
5521
#: serverguide/C/virtualization.xml:2078(para)
5522
msgid ""
5523
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
5524
"under <filename>/etc/lxc</filename> and "
5525
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
5526
"usernet.conf</filename> is only host-wide."
5527
msgstr ""
5528
5529
#: serverguide/C/virtualization.xml:2083(para)
5530
msgid ""
5531
"By default, containers are located under /var/lib/lxc for the root user, and "
5532
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
5533
"commands using the \"-P|--lxcpath\" argument."
5534
msgstr ""
5535
5536
#: serverguide/C/virtualization.xml:2092(title) serverguide/C/network-config.xml:11(title)
5537
msgid "Networking"
5538
msgstr ""
5539
5540
#: serverguide/C/virtualization.xml:2093(para)
5541
msgid ""
5542
"By default LXC creates a private network namespace for each container, which "
5543
"includes a layer 2 networking stack. Containers usually connect to the "
5544
"outside world by either having a physical NIC or a veth tunnel endpoint "
5545
"passed into the container. LXC creates a NATed bridge, lxcbr0, at host "
5546
"startup. Containers created using the default configuration will have one "
5547
"veth NIC with the remote end plugged into the lxcbr0 bridge. A NIC can only "
5548
"exist in one namespace at a time, so a physical NIC passed into the "
5549
"container is not usable on the host."
5550
msgstr ""
5551
5552
#: serverguide/C/virtualization.xml:2101(para)
5553
msgid ""
5554
"It is possible to create a container without a private network namespace. In "
5555
"this case, the container will have access to the host networking like any "
5556
"other application. Note that this is particularly dangerous if the container "
5557
"is running a distribution with upstart, like Ubuntu, since programs which "
5558
"talk to init, like <command>shutdown</command>, will talk over the abstract "
5559
"Unix domain socket to the host's upstart, and shut down the host."
5560
msgstr ""
5561
5562
#: serverguide/C/virtualization.xml:2107(para)
5563
msgid ""
5564
"To give containers on lxcbr0 a persistent ip address based on domain name, "
5565
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
5566
"<screen>\n"
5567
"dhcp-host=lxcmail,10.0.3.100\n"
5568
"dhcp-host=ttrss,10.0.3.101\n"
5569
"</screen>"
5570
msgstr ""
5571
5572
#: serverguide/C/virtualization.xml:2115(para)
5573
msgid ""
5574
"If it is desirable for the container to be publicly accessible, there are a "
5575
"few ways to go about it. One is to use <command>iptables</command> to "
5576
"forward host ports to the container, for instance <screen>\n"
5577
" iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT \\\n"
5578
" \t--to-destination 10.0.3.100:587\n"
5579
" </screen> Another is to bridge the host's network interfaces (see the "
5580
"Ubuntu Server Guide's Network Configuration chapter, <xref "
5581
"linkend=\"bridging\"/>). Then, specify the host's bridge in the container "
5582
"configuration file in place of lxcbr0, for instance <screen>\n"
5583
"lxc.network.type = veth\n"
5584
"lxc.network.link = br0\n"
5585
"</screen> Finally, you can ask LXC to use macvlan for the container's NIC. "
5586
"Note that this has limitations and depending on configuration may not allow "
5587
"the container to talk to the host itself. Therefore the other two options "
5588
"are preferred and more commonly used."
5589
msgstr ""
5590
5591
#: serverguide/C/virtualization.xml:2136(para)
5592
msgid ""
5593
"There are several ways to determine the ip address for a container. First, "
5594
"you can use <command>lxc-ls --fancy</command> which will print the ip "
5595
"addresses for all running containers, or <command>lxc-info -i -H -n "
5596
"C1</command> which will print C1's ip address. If dnsmasq is installed on "
5597
"the host, you can also add an entry to "
5598
"<filename>/etc/dnsmasq.conf</filename> as follows <screen>\n"
5599
"server=/lxc/10.0.3.1\n"
5600
"</screen> after which dnsmasq will resolve C1.lxc locally, so that you can "
5601
"do: <screen>\n"
5602
"ping C1\n"
5603
"ssh C1\n"
5604
"</screen>"
5605
msgstr ""
5606
5607
#: serverguide/C/virtualization.xml:2151(para)
5608
msgid ""
5609
"For more information, see the lxc.conf manpage as well as the example "
5610
"network configurations under "
5611
"<filename>/usr/share/doc/lxc/examples/</filename>."
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:2157(title)
5615
msgid "LXC startup"
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:2159(para)
5619
msgid ""
5620
"LXC does not have a long-running daemon. However it does have three upstart "
5621
"jobs."
5622
msgstr ""
5623
5624
#: serverguide/C/virtualization.xml:2165(para)
5625
msgid ""
5626
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
5627
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
5628
"(true by default). It sets up a NATed bridge for containers to use."
5629
msgstr ""
5630
5631
#: serverguide/C/virtualization.xml:2173(para)
5632
msgid ""
5633
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
5634
"optionally starts any autostart containers. The autostart containers will be "
5635
"ignored if LXC_AUTO (true by default) is set to true in "
5636
"<filename>/etc/default/lxc</filename>. See the lxc-autostart manual page for "
5637
"more information on autostarted containers."
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:2183(para)
5641
msgid ""
5642
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
5643
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
5644
msgstr ""
5645
5646
#: serverguide/C/virtualization.xml:2192(title)
5647
msgid "Backing Stores"
5648
msgstr ""
5649
5650
#: serverguide/C/virtualization.xml:2193(para)
5651
msgid ""
5652
"LXC supports several backing stores for container root filesystems. The "
5653
"default is a simple directory backing store, because it requires no prior "
5654
"host customization, so long as the underlying filesystem is large enough. It "
5655
"also requires no root privilege to create the backing store, so that it is "
5656
"seamless for unprivileged use. The rootfs for a privileged directory backed "
5657
"container is located (by default) under "
5658
"<filename>/var/lib/lxc/C1/rootfs</filename>, while the rootfs for an "
5659
"unprivileged container is under "
5660
"<filename>~/.local/share/lxc/C1/rootfs</filename>. If a custom lxcpath is "
5661
"specified in lxc.system.com, then the container rootfs will be under "
5662
"<filename>$lxcpath/C1/rootfs</filename>."
5663
msgstr ""
5664
5665
#: serverguide/C/virtualization.xml:2207(para)
5666
msgid ""
5667
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
5668
"backed container, with a rootfs called "
5669
"<filename>overlayfs:/var/lib/lxc/C1/rootfs:/var/lib/lxc/C2/delta0</filename>."
5670
" Other backing store types include loop, btrfs, LVM and zfs."
5671
msgstr ""
5672
5673
#: serverguide/C/virtualization.xml:2215(para)
5674
msgid ""
5675
"A btrfs backed container mostly looks like a directory backed container, "
5676
"with its root filesystem in the same location. However, the root filesystem "
5677
"comprises a subvolume, so that a snapshot clone is created using a subvolume "
5678
"snapshot."
5679
msgstr ""
5680
5681
#: serverguide/C/virtualization.xml:2222(para)
5682
msgid ""
5683
"The root filesystem for an LVM backed container can be any separate LV. The "
5684
"default VG name can be specified in lxc.conf. The filesystem type and size "
5685
"are configurable per-container using lxc-create."
5686
msgstr ""
5687
5688
#: serverguide/C/virtualization.xml:2228(para)
5689
msgid ""
5690
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
5691
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
5692
"The zfsroot can be specified at lxc-create, and a default can be specified "
5693
"in lxc.system.conf."
5694
msgstr ""
5695
5696
#: serverguide/C/virtualization.xml:2235(para)
5697
msgid ""
5698
"More information on creating containers with the various backing stores can "
5699
"be found in the lxc-create manual page."
5700
msgstr ""
5701
5702
#: serverguide/C/virtualization.xml:2242(title)
5703
msgid "Templates"
5704
msgstr ""
5705
5706
#: serverguide/C/virtualization.xml:2243(para)
5707
msgid ""
5708
"Creating a container generally involves creating a root filesystem for the "
5709
"container. <command>lxc-create</command> delegates this work to "
5710
"<emphasis>templates</emphasis>, which are generally per-distribution. The "
5711
"lxc templates shipped with lxc can be found under "
5712
"<filename>/usr/share/lxc/templates</filename>, and include templates to "
5713
"create Ubuntu, Debian, Fedora, Oracle, centos, and gentoo containers among "
5714
"others."
5715
msgstr ""
5716
5717
#: serverguide/C/virtualization.xml:2252(para)
5718
msgid ""
5719
"Creating distribution images in most cases requires the ability to create "
5720
"device nodes, often requires tools which are not available in other "
5721
"distributions, and usually is quite time-consuming. Therefore lxc comes with "
5722
"a special <emphasis>download</emphasis> template, which downloads pre-built "
5723
"container images from a central lxc server. The most important use case is "
5724
"to allow simple creation of unprivileged containers by non-root users, who "
5725
"could not for instance easily run the <command>debootstrap</command> command."
5726
msgstr ""
5727
5728
#: serverguide/C/virtualization.xml:2262(para)
5729
msgid ""
5730
"When running <command>lxc-create</command>, all options which come after "
5731
"<emphasis>--</emphasis> are passed to the template. In the following "
5732
"command, <emphasis>--name</emphasis>, <emphasis>--template</emphasis> and "
5733
"<emphasis>--bdev</emphasis> are passed to <command>lxc-create</command>, "
5734
"while <emphasis>--release</emphasis> is passed to the template: <screen>\n"
5735
"<command>\n"
5736
"lxc-create --template ubuntu --name c1 --bdev loop -- --release xenial\n"
5737
"</command>\n"
5738
"</screen>"
5739
msgstr ""
5740
5741
#: serverguide/C/virtualization.xml:2274(para)
5742
msgid ""
5743
"You can obtain help for the options supported by any particular container by "
5744
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
5745
"create</command>. For instance, for help with the download template,"
5746
msgstr ""
5747
5748
#: serverguide/C/virtualization.xml:2281(command)
5749
msgid "lxc-create --template download --help"
5750
msgstr ""
5751
5752
#: serverguide/C/virtualization.xml:2287(title)
5753
msgid "Autostart"
5754
msgstr ""
5755
5756
#: serverguide/C/virtualization.xml:2288(para)
5757
msgid ""
5758
"LXC supports marking containers to be started at system boot. Prior to "
5759
"Ubuntu 14.04, this was done using symbolic links under the directory "
5760
"<filename>/etc/lxc/auto</filename>. Starting with Ubuntu 14.04, it is done "
5761
"through the container configuration files. An entry <screen>\n"
5762
"<command>\n"
5763
"lxc.start.auto = 1\n"
5764
"lxc.start.delay = 5\n"
5765
"</command>\n"
5766
"</screen> would mean that the container should be started at boot, and the "
5767
"system should wait 5 seconds before starting the next container. LXC also "
5768
"supports ordering and grouping of containers, as well as reboot and shutdown "
5769
"by autostart groups. See the manual pages for lxc-autostart and "
5770
"lxc.container.conf for more information."
5771
msgstr ""
5772
5773
#: serverguide/C/virtualization.xml:2308(para)
5774
msgid ""
5775
"LXC ships with a default Apparmor profile intended to protect the host from "
5776
"accidental misuses of privilege inside the container. For instance, the "
5777
"container will not be able to write to <filename>/proc/sysrq-"
5778
"trigger</filename> or to most <filename>/sys</filename> files."
5779
msgstr ""
5780
5781
#: serverguide/C/virtualization.xml:2314(para)
5782
msgid ""
5783
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
5784
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
5785
"start</command> from mounting new filesystems outside of the container's "
5786
"root filesystem. Before executing the container's <command>init</command>, "
5787
"<command>LXC</command> requests a switch to the container's profile. By "
5788
"default, this profile is the <filename>lxc-container-default</filename> "
5789
"policy which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
5790
"default</filename>. This profile prevents the container from accessing many "
5791
"dangerous paths, and from mounting most filesystems."
5792
msgstr ""
5793
5794
#: serverguide/C/virtualization.xml:2325(para)
5795
msgid ""
5796
"Programs in a container cannot be further confined - for instance, MySQL "
5797
"runs under the container profile (protecting the host) but will not be able "
5798
"to enter the MySQL profile (to protect the container)."
5799
msgstr ""
5800
5801
#: serverguide/C/virtualization.xml:2330(para)
5802
msgid ""
5803
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
5804
"container it spawns will be confined."
5805
msgstr ""
5806
5807
#: serverguide/C/virtualization.xml:2333(title)
5808
msgid "Customizing container policies"
5809
msgstr ""
5810
5811
#: serverguide/C/virtualization.xml:2334(para)
5812
msgid ""
5813
"If you find that <command>lxc-start</command> is failing due to a legitimate "
5814
"access which is being denied by its Apparmor policy, you can disable the lxc-"
5815
"start profile by doing:"
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:2338(screen)
5819
#, no-wrap
5820
msgid ""
5821
"\n"
5822
"sudo apparmor_parser -R /etc/apparmor.d/usr.bin.lxc-start\n"
5823
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
5824
msgstr ""
5825
5826
#: serverguide/C/virtualization.xml:2343(para)
5827
msgid ""
5828
"This will make <command>lxc-start</command> run unconfined, but continue to "
5829
"confine the container itself. If you also wish to disable confinement of the "
5830
"container, then in addition to disabling the <filename>usr.bin.lxc-"
5831
"start</filename> profile, you must add:"
5832
msgstr ""
5833
5834
#: serverguide/C/virtualization.xml:2348(screen)
5835
#, no-wrap
5836
msgid ""
5837
"\n"
5838
"lxc.aa_profile = unconfined\n"
5839
msgstr ""
5840
5841
#: serverguide/C/virtualization.xml:2352(para)
5842
msgid "to the container's configuration file."
5843
msgstr ""
5844
5845
#: serverguide/C/virtualization.xml:2354(para)
5846
msgid ""
5847
"LXC ships with a few alternate policies for containers. If you wish to run "
5848
"containers inside containers (nesting), then you can use the lxc-container-"
5849
"default-with-nesting profile by adding the following line to the container "
5850
"configuration file <screen>\n"
5851
"lxc.aa_profile = lxc-container-default-with-nesting\n"
5852
"\t</screen> If you wish to use libvirt inside containers, then you will need "
5853
"to edit that policy (which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
5854
"default-with-nesting</filename>) by uncommenting the following line: "
5855
"<screen>\n"
5856
"mount fstype=cgroup -> /sys/fs/cgroup/**,\n"
5857
"\t</screen> and re-load the policy."
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:2371(para)
5861
msgid ""
5862
"Note that the nesting policy with privileged containers is far less safe "
5863
"than the default policy, as it allows containers to re-mount "
5864
"<filename>/sys</filename> and <filename>/proc</filename> in nonstandard "
5865
"locations, bypassing apparmor protections. Unprivileged containers do not "
5866
"have this drawback since the container root cannot write to root-owned "
5867
"<filename>proc</filename> and <filename>sys</filename> files."
5868
msgstr ""
5869
5870
#: serverguide/C/virtualization.xml:2379(para)
5871
msgid ""
5872
"Another profile shipped with lxc allows containers to mount block filesystem "
5873
"types like ext4. This can be useful in some cases like maas provisioning, "
5874
"but is deemed generally unsafe since the superblock handlers in the kernel "
5875
"have not been audited for safe handling of untrusted input."
5876
msgstr ""
5877
5878
#: serverguide/C/virtualization.xml:2385(para)
5879
msgid ""
5880
"If you need to run a container in a custom profile, you can create a new "
5881
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
5882
"with <filename>lxc-</filename> in order for <command>lxc-start</command> to "
5883
"be allowed to transition to that profile. The <filename>lxc-"
5884
"default</filename> profile includes the re-usable abstractions file "
5885
"<filename>/etc/apparmor.d/abstractions/lxc/container-base</filename>. An "
5886
"easy way to start a new profile therefore is to do the same, then add extra "
5887
"permissions at the bottom of your policy."
5888
msgstr ""
5889
5890
#: serverguide/C/virtualization.xml:2396(para)
5891
msgid "After creating the policy, load it using:"
5892
msgstr ""
5893
5894
#: serverguide/C/virtualization.xml:2398(screen)
5895
#, no-wrap
5896
msgid ""
5897
"\n"
5898
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
5899
msgstr ""
5900
5901
#: serverguide/C/virtualization.xml:2402(para)
5902
msgid ""
5903
"The profile will automatically be loaded after a reboot, because it is "
5904
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
5905
"Finally, to make container <filename>CN</filename> use this new "
5906
"<filename>lxc-CN-profile</filename>, add the following line to its "
5907
"configuration file:"
5908
msgstr ""
5909
5910
#: serverguide/C/virtualization.xml:2409(screen)
5911
#, no-wrap
5912
msgid ""
5913
"\n"
5914
"lxc.aa_profile = lxc-CN-profile\n"
5915
msgstr ""
5916
5917
#: serverguide/C/virtualization.xml:2417(title) serverguide/C/cgroups.xml:11(title)
5918
msgid "Control Groups"
5919
msgstr ""
5920
5921
#: serverguide/C/virtualization.xml:2419(para)
5922
msgid ""
5923
"Control groups (cgroups) are a kernel feature providing hierarchical task "
5924
"grouping and per-cgroup resource accounting and limits. They are used in "
5925
"containers to limit block and character device access and to freeze "
5926
"(suspend) containers. They can be further used to limit memory use and block "
5927
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
5928
msgstr ""
5929
5930
#: serverguide/C/virtualization.xml:2427(para)
5931
msgid ""
5932
"By default, a privileged container CN will be assigned to a cgroup called "
5933
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
5934
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
5935
"at 0, will be appended to the cgroup name."
5936
msgstr ""
5937
5938
#: serverguide/C/virtualization.xml:2433(para)
5939
msgid ""
5940
"By default, a privileged container CN will be assigned to a cgroup called "
5941
"<filename>CN</filename> under the cgroup of the task which started the "
5942
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
5943
"The container root will be given group ownership of the directory (but not "
5944
"all files) so that it is allowed to create new child cgroups."
5945
msgstr ""
5946
5947
#: serverguide/C/virtualization.xml:2440(para)
5948
msgid ""
5949
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
5950
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
5951
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
5952
"nested containers, the line <screen>\n"
5953
"<command>\n"
5954
"lxc.mount.auto = cgroup\n"
5955
"</command>\n"
5956
"</screen> can be added to the container configuration causing the "
5957
"<filename>/sys/fs/cgroup/cgmanager</filename> directory to be bind-mounted "
5958
"into the container. The container in turn should start the cgroup management "
5959
"proxy (done by default if the cgmanager package is installed in the "
5960
"container) which will move the <filename>/sys/fs/cgroup/cgmanager</filename> "
5961
"directory to <filename>/sys/fs/cgroup/cgmanager.lower</filename>, then start "
5962
"listening for requests to proxy on its own socket "
5963
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. The host cgmanager will "
5964
"ensure that nested containers cannot escape their assigned cgroups or make "
5965
"requests for which they are not authorized."
5966
msgstr ""
5967
5968
#: serverguide/C/virtualization.xml:2464(title)
5969
msgid "Cloning"
5970
msgstr ""
5971
5972
#: serverguide/C/virtualization.xml:2466(para)
5973
msgid ""
5974
"For rapid provisioning, you may wish to customize a canonical container "
5975
"according to your needs and then make multiple copies of it. This can be "
5976
"done with the <command>lxc-clone</command> program."
5977
msgstr ""
5978
5979
#: serverguide/C/virtualization.xml:2470(para)
5980
msgid ""
5981
"Clones are either snapshots or copies of another container. A copy is a new "
5982
"container copied from the original, and takes as much space on the host as "
5983
"the original. A snapshot exploits the underlying backing store's "
5984
"snapshotting ability to make a copy-on-write container referencing the "
5985
"first. Snapshots can be created from btrfs, LVM, zfs, and directory backed "
5986
"containers. Each backing store has its own peculiarities - for instance, LVM "
5987
"containers which are not thinpool-provisioned cannot support snapshots of "
5988
"snapshots; zfs containers with snapshots cannot be removed until all "
5989
"snapshots are released; LVM containers must be more carefully planned as the "
5990
"underlying filesystem may not support growing; btrfs does not suffer any of "
5991
"these shortcomings, but suffers from reduced fsync performance causing dpkg "
5992
"and apt to be slower."
5993
msgstr ""
5994
5995
#: serverguide/C/virtualization.xml:2484(para)
5996
msgid ""
5997
"Snapshots of directory-packed containers are created using the overlay "
5998
"filesystem. For instance, a privileged directory-backed container C1 will "
5999
"have its root filesystem under <filename>/var/lib/lxc/C1/rootfs</filename>. "
6000
"A snapshot clone of C1 called C2 will be started with C1's rootfs mounted "
6001
"readonly under <filename>/var/lib/lxc/C2/delta0</filename>. Importantly, in "
6002
"this case C1 should not be allowed to run or be removed while C2 is running. "
6003
"It is advised instead to consider C1 a <emphasis> canonical</emphasis> base "
6004
"container, and to only use its snapshots."
6005
msgstr ""
6006
6007
#: serverguide/C/virtualization.xml:2496(para)
6008
msgid "Given an existing container called C1, a copy can be created using:"
6009
msgstr ""
6010
6011
#: serverguide/C/virtualization.xml:2500(command)
6012
msgid "sudo lxc-clone -o C1 -n C2"
6013
msgstr ""
6014
6015
#: serverguide/C/virtualization.xml:2505(para)
6016
msgid "A snapshot can be created using:"
6017
msgstr ""
6018
6019
#: serverguide/C/virtualization.xml:2507(command)
6020
msgid "sudo lxc-clone -s -o C1 -n C2"
6021
msgstr ""
6022
6023
#: serverguide/C/virtualization.xml:2511(para)
6024
msgid "See the lxc-clone manpage for more information."
6025
msgstr ""
6026
6027
#: serverguide/C/virtualization.xml:2515(para)
6028
msgid ""
6029
"To more easily support the use of snapshot clones for iterative container "
6030
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
6031
"container C1, before making a potentially dangerous or hard-to-revert "
6032
"change, you can create a snapshot <screen>\n"
6033
"<command>\n"
6034
"sudo lxc-snapshot -n C1\n"
6035
"</command>\n"
6036
"</screen> which is a snapshot-clone called 'snap0' under /var/lib/lxcsnaps "
6037
"or $HOME/.local/share/lxcsnaps. The next snapshot will be called 'snap1', "
6038
"etc. Existing snapshots can be listed using <command>lxc-snapshot -L -n "
6039
"C1</command>, and a snapshot can be restored - erasing the current C1 "
6040
"container - using <command>lxc-snapshot -r snap1 -n C1</command>. After the "
6041
"restore command, the snap1 snapshot continues to exist, and the previous C1 "
6042
"is erased and replaced with the snap1 snapshot."
6043
msgstr ""
6044
6045
#: serverguide/C/virtualization.xml:2534(para)
6046
msgid ""
6047
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
6048
"lxc-snapshot is called on a directory-backed container, an error will be "
6049
"logged and the snapshot will be created as a copy-clone. The reason for this "
6050
"is that if the user creates an overlayfs snapshot of a directory-backed "
6051
"container and then makes changes to the directory-backed container, then the "
6052
"original container changes will be partially reflected in the snapshot. If "
6053
"snapshots of a directory backed container C1 are desired, then an overlayfs "
6054
"clone of C1 should be created, C1 should not be touched again, and the "
6055
"overlayfs clone can be edited and snapshotted at will, as such <screen>\n"
6056
"<command>\n"
6057
"lxc-clone -s -o C1 -n C2\n"
6058
"lxc-start -n C2 -d # make some changes\n"
6059
"lxc-stop -n C2\n"
6060
"lxc-snapshot -n C2\n"
6061
"lxc-start -n C2 # etc\n"
6062
"</command>\n"
6063
"</screen>"
6064
msgstr ""
6065
6066
#: serverguide/C/virtualization.xml:2558(title)
6067
msgid "Ephemeral Containers"
6068
msgstr ""
6069
6070
#: serverguide/C/virtualization.xml:2559(para)
6071
msgid ""
6072
"While snapshots are useful for longer-term incremental development of "
6073
"images, ephemeral containers utilize snapshots for quick, single-use "
6074
"throwaway containers. Given a base container C1, you can start an ephemeral "
6075
"container using <screen>\n"
6076
"<command>\n"
6077
"lxc-start-ephemeral -o C1\n"
6078
"</command>\n"
6079
"</screen> The container begins as a snapshot of C1. Instructions for logging "
6080
"into the container will be printed to the console. After shutdown, the "
6081
"ephemeral container will be destroyed. See the lxc-start-ephemeral manual "
6082
"page for more options."
6083
msgstr ""
6084
6085
#: serverguide/C/virtualization.xml:2577(title)
6086
msgid "Lifecycle management hooks"
6087
msgstr ""
6088
6089
#: serverguide/C/virtualization.xml:2579(para)
6090
msgid ""
6091
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
6092
"at specific points in a container's lifetime:"
6093
msgstr ""
6094
6095
#: serverguide/C/virtualization.xml:2584(para)
6096
msgid ""
6097
"Pre-start hooks are run in the host's namespace before the container ttys, "
6098
"consoles, or mounts are up. If any mounts are done in this hook, they should "
6099
"be cleaned up in the post-stop hook."
6100
msgstr ""
6101
6102
#: serverguide/C/virtualization.xml:2591(para)
6103
msgid ""
6104
"Pre-mount hooks are run in the container's namespaces, but before the root "
6105
"filesystem has been mounted. Mounts done in this hook will be automatically "
6106
"cleaned up when the container shuts down."
6107
msgstr ""
6108
6109
#: serverguide/C/virtualization.xml:2598(para)
6110
msgid ""
6111
"Mount hooks are run after the container filesystems have been mounted, but "
6112
"before the container has called <command>pivot_root</command> to change its "
6113
"root filesystem."
6114
msgstr ""
6115
6116
#: serverguide/C/virtualization.xml:2605(para)
6117
msgid ""
6118
"Start hooks are run immediately before executing the container's init. Since "
6119
"these are executed after pivoting into the container's filesystem, the "
6120
"command to be executed must be copied into the container's filesystem."
6121
msgstr ""
6122
6123
#: serverguide/C/virtualization.xml:2612(para)
6124
msgid "Post-stop hooks are executed after the container has been shut down."
6125
msgstr ""
6126
6127
#: serverguide/C/virtualization.xml:2617(para)
6128
msgid ""
6129
"If any hook returns an error, the container's run will be aborted. Any "
6130
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
6131
"generated by the script will be logged at the debug priority."
6132
msgstr ""
6133
6134
#: serverguide/C/virtualization.xml:2622(para)
6135
msgid ""
6136
"Please see the lxc.container.conf manual page for the configuration file "
6137
"format with which to specify hooks. Some sample hooks are shipped with the "
6138
"lxc package to serve as an example of how to write and use such hooks."
6139
msgstr ""
6140
6141
#: serverguide/C/virtualization.xml:2629(title)
6142
msgid "Consoles"
6143
msgstr ""
6144
6145
#: serverguide/C/virtualization.xml:2631(para)
6146
msgid ""
6147
"Containers have a configurable number of consoles. One always exists on the "
6148
"container's <filename>/dev/console</filename>. This is shown on the terminal "
6149
"from which you ran <command>lxc-start</command>, unless the <emphasis>-"
6150
"d</emphasis> option is specified. The output on "
6151
"<filename>/dev/console</filename> can be redirected to a file using the "
6152
"<emphasis>-c console-file</emphasis> option to <command>lxc-start</command>. "
6153
"The number of extra consoles is specified by the <command>lxc.tty</command> "
6154
"variable, and is usually set to 4. Those consoles are shown on "
6155
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
6156
"3 from the host, use:"
6157
msgstr ""
6158
6159
#: serverguide/C/virtualization.xml:2644(command)
6160
msgid "sudo lxc-console -n container -t 3"
6161
msgstr ""
6162
6163
#: serverguide/C/virtualization.xml:2649(para)
6164
msgid ""
6165
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
6166
"console will be automatically chosen. To exit the console, use the escape "
6167
"sequence Ctrl-a q. Note that the escape sequence does not work in the "
6168
"console resulting from <command>lxc-start</command> without the <emphasis>-"
6169
"d</emphasis> option."
6170
msgstr ""
6171
6172
#: serverguide/C/virtualization.xml:2655(para)
6173
msgid ""
6174
"Each container console is actually a Unix98 pty in the host's (not the "
6175
"guest's) pty mount, bind-mounted over the guest's "
6176
"<filename>/dev/ttyN</filename> and <filename>/dev/console</filename>. "
6177
"Therefore, if the guest unmounts those or otherwise tries to access the "
6178
"actual character device <command>4:N</command>, it will not be serving getty "
6179
"to the LXC consoles. (With the default settings, the container will not be "
6180
"able to access that character device and getty will therefore fail.) This "
6181
"can easily happen when a boot script blindly mounts a new "
6182
"<filename>/dev</filename>."
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:2669(title) serverguide/C/network-auth.xml:793(title) serverguide/C/dns.xml:517(title)
6186
msgid "Logging"
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:2670(para)
6190
msgid ""
6191
"If something goes wrong when starting a container, the first step should be "
6192
"to get full logging from LXC: <screen>\n"
6193
"<command>\n"
6194
"sudo lxc-start -n C1 -l trace -o debug.out\n"
6195
"</command>\n"
6196
"</screen> This will cause lxc to log at the most verbose level, "
6197
"<filename>trace</filename>, and to output log information to a file called "
6198
"'debug.out'. If the file <filename>debug.out</filename> already exists, the "
6199
"new log information will be appended."
6200
msgstr ""
6201
6202
#: serverguide/C/virtualization.xml:2685(title)
6203
msgid "Monitoring container status"
6204
msgstr ""
6205
6206
#: serverguide/C/virtualization.xml:2687(para)
6207
msgid ""
6208
"Two commands are available to monitor container state changes. <command>lxc-"
6209
"monitor</command> monitors one or more containers for any state changes. It "
6210
"takes a container name as usual with the <emphasis>-n</emphasis> option, but "
6211
"in this case the container name can be a posix regular expression to allow "
6212
"monitoring desirable sets of containers. <command>lxc-monitor</command> "
6213
"continues running as it prints container changes. <command>lxc-"
6214
"wait</command> waits for a specific state change and then exits. For "
6215
"instance,"
6216
msgstr ""
6217
6218
#: serverguide/C/virtualization.xml:2697(command)
6219
msgid "sudo lxc-monitor -n cont[0-5]*"
6220
msgstr ""
6221
6222
#: serverguide/C/virtualization.xml:2702(para)
6223
msgid ""
6224
"would print all state changes to any containers matching the listed regular "
6225
"expression, whereas"
6226
msgstr ""
6227
6228
#: serverguide/C/virtualization.xml:2706(command)
6229
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
6230
msgstr ""
6231
6232
#: serverguide/C/virtualization.xml:2711(para)
6233
msgid ""
6234
"will wait until container cont1 enters state STOPPED or state FROZEN and "
6235
"then exit."
6236
msgstr ""
6237
6238
#: serverguide/C/virtualization.xml:2716(title)
6239
msgid "Attach"
6240
msgstr ""
6241
6242
#: serverguide/C/virtualization.xml:2717(para)
6243
msgid ""
6244
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
6245
"The simplest case is to simply do <screen>\n"
6246
"<command>\n"
6247
"sudo lxc-attach -n C1\n"
6248
"</command>\n"
6249
"</screen> which will start a shell attached to C1's namespaces, or, "
6250
"effectively inside the container. The attach functionality is very flexible, "
6251
"allowing attaching to a subset of the container's namespaces and security "
6252
"context. See the manual page for more information."
6253
msgstr ""
6254
6255
#: serverguide/C/virtualization.xml:2733(title)
6256
msgid "Container init verbosity"
6257
msgstr ""
6258
6259
#: serverguide/C/virtualization.xml:2734(para)
6260
msgid ""
6261
"If LXC completes the container startup, but the container init fails to "
6262
"complete (for instance, no login prompt is shown), it can be useful to "
6263
"request additional verbosity from the init process. For an upstart "
6264
"container, this might be: <screen>\n"
6265
"<command>\n"
6266
"sudo lxc-start -n C1 /sbin/init loglevel=debug\n"
6267
"</command>\n"
6268
"</screen> You can also start an entirely different program in place of init, "
6269
"for instance <screen>\n"
6270
"<command>\n"
6271
"sudo lxc-start -n C1 /bin/bash\n"
6272
"sudo lxc-start -n C1 /bin/sleep 100\n"
6273
"sudo lxc-start -n C1 /bin/cat /proc/1/status\n"
6274
"</command>\n"
6275
"</screen>"
6276
msgstr ""
6277
6278
#: serverguide/C/virtualization.xml:2758(title)
6279
msgid "LXC API"
6280
msgstr ""
6281
6282
#: serverguide/C/virtualization.xml:2760(para)
6283
msgid ""
6284
"Most of the LXC functionality can now be accessed through an API exported by "
6285
"<filename>liblxc</filename> for which bindings are available in several "
6286
"languages, including Python, lua, ruby, and go."
6287
msgstr ""
6288
6289
#: serverguide/C/virtualization.xml:2764(para)
6290
msgid ""
6291
"Below is an example using the python bindings (which are available in the "
6292
"<application>python3-lxc</application> package) which creates and starts a "
6293
"container, then waits until it has been shut down:"
6294
msgstr ""
6295
6296
#: serverguide/C/virtualization.xml:2770(programlisting)
6297
#, no-wrap
6298
msgid ""
6299
"\n"
6300
"# sudo python3\n"
6301
"Python 3.2.3 (default, Aug 28 2012, 08:26:03)\n"
6302
"[GCC 4.7.1 20120814 (prerelease)] on linux2\n"
6303
"Type \"help\", \"copyright\", \"credits\" or \"license\" for more "
6304
"information.\n"
6305
">>> import lxc\n"
6306
"__main__:1: Warning: The python-lxc API isn't yet stable and may change at "
6307
"any p\n"
6308
"oint in the future.\n"
6309
">>> c=lxc.Container(\"C1\")\n"
6310
">>> c.create(\"ubuntu\")\n"
6311
"True\n"
6312
">>> c.start()\n"
6313
"True\n"
6314
">>> c.wait(\"STOPPED\")\n"
6315
"True\n"
6316
msgstr ""
6317
6318
#: serverguide/C/virtualization.xml:2790(title) serverguide/C/security.xml:11(title)
6319
msgid "Security"
6320
msgstr ""
6321
6322
#: serverguide/C/virtualization.xml:2792(para)
6323
msgid ""
6324
"A namespace maps ids to resources. By not providing a container any id with "
6325
"which to reference a resource, the resource can be protected. This is the "
6326
"basis of some of the security afforded to container users. For instance, IPC "
6327
"namespaces are completely isolated. Other namespaces, however, have various "
6328
"<emphasis role=\"italic\">leaks</emphasis> which allow privilege to be "
6329
"inappropriately exerted from a container into another container or to the "
6330
"host."
6331
msgstr ""
6332
6333
#: serverguide/C/virtualization.xml:2801(para)
6334
msgid ""
6335
"By default, LXC containers are started under a Apparmor policy to restrict "
6336
"some actions. The details of AppArmor integration with lxc are in section "
6337
"<xref linkend=\"lxc-apparmor\"/>. Unprivileged containers go further by "
6338
"mapping root in the container to an unprivileged host userid. This prevents "
6339
"access to <filename>/proc</filename> and <filename>/sys</filename> files "
6340
"representing host resources, as well as any other files owned by root on the "
6341
"host."
6342
msgstr ""
6343
6344
#: serverguide/C/virtualization.xml:2812(title)
6345
msgid "Exploitable system calls"
6346
msgstr ""
6347
6348
#: serverguide/C/virtualization.xml:2814(para)
6349
msgid ""
6350
"It is a core container feature that containers share a kernel with the host. "
6351
"Therefore if the kernel contains any exploitable system calls the container "
6352
"can exploit these as well. Once the container controls the kernel it can "
6353
"fully control any resource known to the host."
6354
msgstr ""
6355
6356
#: serverguide/C/virtualization.xml:2820(para)
6357
msgid ""
6358
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
6359
"seccomp filter. Seccomp is a new kernel feature which filters the system "
6360
"calls which may be used by a task and its children. While improved and "
6361
"simplified policy management is expected in the near future, the current "
6362
"policy consists of a simple whitelist of system call numbers. The policy "
6363
"file begins with a version number (which must be 1) on the first line and a "
6364
"policy type (which must be 'whitelist') on the second line. It is followed "
6365
"by a list of numbers, one per line."
6366
msgstr ""
6367
6368
#: serverguide/C/virtualization.xml:2830(para)
6369
msgid ""
6370
"In general to run a full distribution container a large number of system "
6371
"calls will be needed. However for application containers it may be possible "
6372
"to reduce the number of available system calls to only a few. Even for "
6373
"system containers running a full distribution security gains may be had, for "
6374
"instance by removing the 32-bit compatibility system calls in a 64-bit "
6375
"container. See the lxc.container.conf manual page for details of how to "
6376
"configure a container to use seccomp. By default, no seccomp policy is "
6377
"loaded."
6378
msgstr ""
6379
6380
#: serverguide/C/virtualization.xml:2846(para)
6381
msgid ""
6382
"The DeveloperWorks article <ulink "
6383
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
6384
"containers/\">LXC: Linux container tools</ulink> was an early introduction "
6385
"to the use of containers."
6386
msgstr ""
6387
6388
#: serverguide/C/virtualization.xml:2853(para)
6389
msgid ""
6390
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
6391
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
6392
"use of security modules to make containers more secure."
6393
msgstr ""
6394
6395
#: serverguide/C/virtualization.xml:2860(para) serverguide/C/cgroups.xml:202(para)
6396
msgid "Manual pages referenced above can be found at:"
6397
msgstr ""
6398
6399
#: serverguide/C/virtualization.xml:2862(ulink)
6400
msgid "capabilities"
6401
msgstr ""
6402
6403
#: serverguide/C/virtualization.xml:2863(ulink)
6404
msgid "lxc.conf"
6405
msgstr ""
6406
6407
#: serverguide/C/virtualization.xml:2868(para)
6408
msgid ""
6409
"The upstream LXC project is hosted at <ulink "
6410
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
6411
msgstr ""
6412
6413
#: serverguide/C/virtualization.xml:2873(para)
6414
msgid ""
6415
"LXC security issues are listed and discussed at <ulink "
6416
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
6417
msgstr ""
6418
6419
#: serverguide/C/virtualization.xml:2879(para)
6420
msgid ""
6421
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
6422
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
6423
"Mainstream Linux. SIGOPS Operating Systems Review, 42(5), 2008."
6424
msgstr ""
6425
6426
#: serverguide/C/vcs.xml:11(title)
6427
msgid "Version Control System"
6428
msgstr ""
6429
6430
#: serverguide/C/vcs.xml:12(para)
6431
msgid ""
6432
"Version control is the art of managing changes to information. It has long "
6433
"been a critical tool for programmers, who typically spend their time making "
6434
"small changes to software and then undoing those changes the next day. But "
6435
"the usefulness of version control software extends far beyond the bounds of "
6436
"the software development world. Anywhere you can find people using computers "
6437
"to manage information that changes often, there is room for version control."
6438
msgstr ""
6439
6440
#: serverguide/C/vcs.xml:22(title)
6441
msgid "Bazaar"
6442
msgstr ""
6443
6444
#: serverguide/C/vcs.xml:23(para)
6445
msgid ""
6446
"Bazaar is a new version control system sponsored by Canonical, the "
6447
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6448
"support a central repository model, Bazaar also supports "
6449
"<emphasis>distributed version control</emphasis>, giving people the ability "
6450
"to collaborate more efficiently. In particular, Bazaar is designed to "
6451
"maximize the level of community participation in open source projects."
6452
msgstr ""
6453
6454
#: serverguide/C/vcs.xml:34(para)
6455
msgid ""
6456
"At a terminal prompt, enter the following command to install "
6457
"<application>bzr</application>: <screen>\n"
6458
"<command>sudo apt install bzr</command>\n"
6459
"</screen>"
6460
msgstr ""
6461
6462
#: serverguide/C/vcs.xml:45(para)
6463
msgid ""
6464
"To introduce yourself to <application>bzr</application>, use the "
6465
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6466
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6467
"</screen>"
6468
msgstr ""
6469
6470
#: serverguide/C/vcs.xml:54(title)
6471
msgid "Learning Bazaar"
6472
msgstr ""
6473
6474
#: serverguide/C/vcs.xml:55(para)
6475
msgid ""
6476
"Bazaar comes with bundled documentation installed into "
6477
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6478
"is a good place to start. The <application>bzr</application> command also "
6479
"comes with built-in help: <screen>\n"
6480
"<command>$ bzr help</command>\n"
6481
"</screen>"
6482
msgstr ""
6483
6484
#: serverguide/C/vcs.xml:65(para)
6485
msgid ""
6486
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6487
"<command>$ bzr help foo</command>\n"
6488
"</screen>"
6489
msgstr ""
6490
6491
#: serverguide/C/vcs.xml:73(title)
6492
msgid "Launchpad Integration"
6493
msgstr ""
6494
6495
#: serverguide/C/vcs.xml:74(para)
6496
msgid ""
6497
"While highly useful as a stand-alone system, Bazaar has good, optional "
6498
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6499
"the collaborative development system used by Canonical and the broader open "
6500
"source community to manage and extend Ubuntu itself. For information on how "
6501
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6502
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6503
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6504
msgstr ""
6505
6506
#: serverguide/C/vcs.xml:87(title)
6507
msgid "Git"
6508
msgstr ""
6509
6510
#: serverguide/C/vcs.xml:89(para)
6511
msgid ""
6512
"Git is an open source distributed version control system originally "
6513
"developped by Linus Torvalds to support the development of the linux kernel. "
6514
"Every Git working directory is a full-fledged repository with complete "
6515
"history and full version tracking capabilities, not dependent on network "
6516
"access or a central server."
6517
msgstr ""
6518
6519
#: serverguide/C/vcs.xml:95(para)
6520
msgid ""
6521
"The <application>git</application> version control system is installed with "
6522
"the following command"
6523
msgstr ""
6524
6525
#: serverguide/C/vcs.xml:99(command)
6526
msgid "sudo apt install git"
6527
msgstr ""
6528
6529
#: serverguide/C/vcs.xml:104(para)
6530
msgid ""
6531
"Every git user should first introduce himself to git, by running these two "
6532
"commands:"
6533
msgstr ""
6534
6535
#: serverguide/C/vcs.xml:106(command)
6536
msgid "git config --global user.email \"you@example.com\""
6537
msgstr ""
6538
6539
#: serverguide/C/vcs.xml:107(command)
6540
msgid "git config --global user.name \"Your Name\""
6541
msgstr ""
6542
6543
#: serverguide/C/vcs.xml:112(para)
6544
msgid ""
6545
"The above is already sufficient to use git in a distributed and secure way, "
6546
"provided users have access to the machine assuming the server role via SSH. "
6547
"On the server machine, creating a new repository can be done with:"
6548
msgstr ""
6549
6550
#: serverguide/C/vcs.xml:119(command)
6551
msgid "git init --bare /path/to/repository"
6552
msgstr ""
6553
6554
#: serverguide/C/vcs.xml:121(para)
6555
msgid ""
6556
"This creates a bare repository, that cannot be used to edit files directly. "
6557
"If you would rather have a working copy of the contents of the repository on "
6558
"the server, ommit the <emphasis>--bare</emphasis> option."
6559
msgstr ""
6560
6561
#: serverguide/C/vcs.xml:122(para)
6562
msgid ""
6563
"Any client with SSH access to the machine can then clone the repository with:"
6564
msgstr ""
6565
6566
#: serverguide/C/vcs.xml:127(command)
6567
msgid "git clone username@hostname:/path/to/repository"
6568
msgstr ""
6569
6570
#: serverguide/C/vcs.xml:129(para)
6571
msgid ""
6572
"Once cloned to the client's machine, the client can edit files, then commit "
6573
"and share them with:"
6574
msgstr ""
6575
6576
#: serverguide/C/vcs.xml:133(command)
6577
msgid "cd /path/to/repository"
6578
msgstr ""
6579
6580
#: serverguide/C/vcs.xml:134(command)
6581
msgid "#(edit some files"
6582
msgstr ""
6583
6584
#: serverguide/C/vcs.xml:135(command)
6585
msgid ""
6586
"git commit -a # Commit all changes to the local version of the repository"
6587
msgstr ""
6588
6589
#: serverguide/C/vcs.xml:136(command)
6590
msgid ""
6591
"git push origin master # Push changes to the server's version of the "
6592
"repository"
6593
msgstr ""
6594
6595
#: serverguide/C/vcs.xml:141(title)
6596
msgid "Installing a gitolite server"
6597
msgstr ""
6598
6599
#: serverguide/C/vcs.xml:142(para)
6600
msgid ""
6601
"While the above is sufficient to create, clone and edit repositories, users "
6602
"wanting to install git on a server will most likely want to have git work "
6603
"like a more traditional source control management server, with multiple "
6604
"users and access rights management. The suggested solution is to install "
6605
"<application>gitolite</application> with the following command:"
6606
msgstr ""
6607
6608
#: serverguide/C/vcs.xml:148(command)
6609
msgid "sudo apt install gitolite"
6610
msgstr ""
6611
6612
#: serverguide/C/vcs.xml:153(title)
6613
msgid "Gitolite configuration"
6614
msgstr ""
6615
6616
#: serverguide/C/vcs.xml:154(para)
6617
msgid ""
6618
"Configuration of the <application>gitolite</application> server is a little "
6619
"different that most other servers on Unix-like systems. Instead of the "
6620
"traditional configuration files in /etc/, gitolite stores its configuration "
6621
"in a git repository. The first step to configuring a new installation is "
6622
"therefore to allow access to the configuration repository."
6623
msgstr ""
6624
6625
#: serverguide/C/vcs.xml:159(para)
6626
msgid "First of all, let's create a user for gitolite to be accessed as."
6627
msgstr ""
6628
6629
#: serverguide/C/vcs.xml:163(command)
6630
msgid ""
6631
"sudo adduser --system --shell /bin/bash --group --disabled-password --home "
6632
"/home/git git"
6633
msgstr ""
6634
6635
#: serverguide/C/vcs.xml:165(para)
6636
msgid ""
6637
"Now we want to let gitolite know about the repository administrator's public "
6638
"SSH key. This assumes that the current user is the repository administrator. "
6639
"If you have not yet configured an SSH key, refer to <xref linkend=\"openssh-"
6640
"keys\"/>"
6641
msgstr ""
6642
6643
#: serverguide/C/vcs.xml:170(command)
6644
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
6645
msgstr ""
6646
6647
#: serverguide/C/vcs.xml:172(para)
6648
msgid ""
6649
"Let's switch to the git user and import the administrator's key into "
6650
"gitolite."
6651
msgstr ""
6652
6653
#: serverguide/C/vcs.xml:176(command)
6654
msgid "sudo su - git"
6655
msgstr ""
6656
6657
#: serverguide/C/vcs.xml:177(command)
6658
msgid "gl-setup /tmp/*.pub"
6659
msgstr ""
6660
6661
#: serverguide/C/vcs.xml:179(para)
6662
msgid ""
6663
"Gitolite will allow you to make initial changes to its configuration file "
6664
"during the setup process. You can now clone and modify the gitolite "
6665
"configuration repository from your administrator user (the user whose public "
6666
"SSH key you imported). Switch back to that user, then clone the "
6667
"configuration repository:"
6668
msgstr ""
6669
6670
#: serverguide/C/vcs.xml:183(command)
6671
msgid "exit"
6672
msgstr ""
6673
6674
#: serverguide/C/vcs.xml:184(command)
6675
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
6676
msgstr ""
6677
6678
#: serverguide/C/vcs.xml:185(command)
6679
msgid "cd gitolite-admin"
6680
msgstr ""
6681
6682
#: serverguide/C/vcs.xml:187(para)
6683
msgid ""
6684
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
6685
"configuration files are in the conf dir, and the keydir directory contains "
6686
"the list of user's public SSH keys."
6687
msgstr ""
6688
6689
#: serverguide/C/vcs.xml:190(title)
6690
msgid "Managing gitolite users and repositories"
6691
msgstr ""
6692
6693
#: serverguide/C/vcs.xml:191(para)
6694
msgid ""
6695
"Adding new users to gitolite is simple: just obtain their public SSH key and "
6696
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
6697
"gitolite usernames don't have to match the system usernames - they are only "
6698
"used in the gitolite configuration file to manage access control. Similarly, "
6699
"users are deleted by deleting their public key file. After each change, do "
6700
"not forget to commit the changes to git, and push the changes back to the "
6701
"server with"
6702
msgstr ""
6703
6704
#: serverguide/C/vcs.xml:193(command)
6705
msgid "git commit -a"
6706
msgstr ""
6707
6708
#: serverguide/C/vcs.xml:194(command)
6709
msgid "git push origin master"
6710
msgstr ""
6711
6712
#: serverguide/C/vcs.xml:196(para)
6713
msgid ""
6714
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
6715
"is space separated, and simply specifies the list of repositories followed "
6716
"by some access rules. The following is a default example"
6717
msgstr ""
6718
6719
#: serverguide/C/vcs.xml:197(programlisting)
6720
#, no-wrap
6721
msgid ""
6722
"\n"
6723
"repo gitolite-admin\n"
6724
" RW+ = admin\n"
6725
" R = alice\n"
6726
"\n"
6727
"repo project1\n"
6728
" RW+ = alice\n"
6729
" RW = bob\n"
6730
" R = denise\n"
6731
msgstr ""
6732
6733
#: serverguide/C/vcs.xml:209(title)
6734
msgid "Using your server"
6735
msgstr ""
6736
6737
#: serverguide/C/vcs.xml:210(para)
6738
msgid ""
6739
"To use the newly created server, users have to have the gitolite admin "
6740
"import their public key into the gitolite configuration repository, they can "
6741
"then access any project they have access to with the following command:"
6742
msgstr ""
6743
6744
#: serverguide/C/vcs.xml:212(command)
6745
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
6746
msgstr ""
6747
6748
#: serverguide/C/vcs.xml:214(para)
6749
msgid ""
6750
"Or add the server's project as a remote for an existing git repository:"
6751
msgstr ""
6752
6753
#: serverguide/C/vcs.xml:216(command)
6754
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
6755
msgstr ""
6756
6757
#: serverguide/C/vcs.xml:221(title)
6758
msgid "Subversion"
6759
msgstr ""
6760
6761
#: serverguide/C/vcs.xml:222(para)
6762
msgid ""
6763
"Subversion is an open source version control system. Using Subversion, you "
6764
"can record the history of source files and documents. It manages files and "
6765
"directories over time. A tree of files is placed into a central repository. "
6766
"The repository is much like an ordinary file server, except that it "
6767
"remembers every change ever made to files and directories."
6768
msgstr ""
6769
6770
#: serverguide/C/vcs.xml:227(para)
6771
msgid ""
6772
"To access Subversion repository using the HTTP protocol, you must install "
6773
"and configure a web server. Apache2 is proven to work with Subversion. "
6774
"Please refer to the HTTP subsection in the Apache2 section to install and "
6775
"configure Apache2. To access the Subversion repository using the HTTPS "
6776
"protocol, you must install and configure a digital certificate in your "
6777
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6778
"section to install and configure the digital certificate."
6779
msgstr ""
6780
6781
#: serverguide/C/vcs.xml:236(para)
6782
msgid ""
6783
"To install Subversion, run the following command from a terminal prompt:"
6784
msgstr ""
6785
6786
#: serverguide/C/vcs.xml:241(command)
6787
msgid "sudo apt install subversion apache2 libapache2-svn"
6788
msgstr ""
6789
6790
#: serverguide/C/vcs.xml:247(title)
6791
msgid "Server Configuration"
6792
msgstr ""
6793
6794
#: serverguide/C/vcs.xml:248(para)
6795
msgid ""
6796
"This step assumes you have installed above mentioned packages on your "
6797
"system. This section explains how to create a Subversion repository and "
6798
"access the project."
6799
msgstr ""
6800
6801
#: serverguide/C/vcs.xml:251(title)
6802
msgid "Create Subversion Repository"
6803
msgstr ""
6804
6805
#: serverguide/C/vcs.xml:252(para)
6806
msgid ""
6807
"The Subversion repository can be created using the following command from a "
6808
"terminal prompt:"
6809
msgstr ""
6810
6811
#: serverguide/C/vcs.xml:256(command)
6812
msgid "svnadmin create /path/to/repos/project"
6813
msgstr ""
6814
6815
#: serverguide/C/vcs.xml:261(title)
6816
msgid "Importing Files"
6817
msgstr ""
6818
6819
#: serverguide/C/vcs.xml:262(para)
6820
msgid ""
6821
"Once you create the repository you can <emphasis>import</emphasis> files "
6822
"into the repository. To import a directory, enter the following from a "
6823
"terminal prompt: <screen>\n"
6824
"<command>svn import /path/to/import/directory "
6825
"file:///path/to/repos/project</command>\n"
6826
"</screen>"
6827
msgstr ""
6828
6829
#: serverguide/C/vcs.xml:274(title) serverguide/C/vcs.xml:279(title)
6830
msgid "Access Methods"
6831
msgstr ""
6832
6833
#: serverguide/C/vcs.xml:275(para)
6834
msgid ""
6835
"Subversion repositories can be accessed (checked out) through many different "
6836
"methods --on local disk, or through various network protocols. A repository "
6837
"location, however, is always a URL. The table describes how different URL "
6838
"schemes map to the available access methods."
6839
msgstr ""
6840
6841
#: serverguide/C/vcs.xml:286(para)
6842
msgid "Schema"
6843
msgstr ""
6844
6845
#: serverguide/C/vcs.xml:287(para)
6846
msgid "Access Method"
6847
msgstr ""
6848
6849
#: serverguide/C/vcs.xml:292(para)
6850
msgid "file://"
6851
msgstr ""
6852
6853
#: serverguide/C/vcs.xml:293(para)
6854
msgid "direct repository access (on local disk)"
6855
msgstr ""
6856
6857
#: serverguide/C/vcs.xml:296(para)
6858
msgid "http://"
6859
msgstr ""
6860
6861
#: serverguide/C/vcs.xml:297(para)
6862
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6863
msgstr ""
6864
6865
#: serverguide/C/vcs.xml:300(para)
6866
msgid "https://"
6867
msgstr ""
6868
6869
#: serverguide/C/vcs.xml:301(para)
6870
msgid "Same as http://, but with SSL encryption"
6871
msgstr ""
6872
6873
#: serverguide/C/vcs.xml:304(para)
6874
msgid "svn://"
6875
msgstr ""
6876
6877
#: serverguide/C/vcs.xml:305(para)
6878
msgid "Access via custom protocol to an svnserve server"
6879
msgstr ""
6880
6881
#: serverguide/C/vcs.xml:308(para)
6882
msgid "svn+ssh://"
6883
msgstr ""
6884
6885
#: serverguide/C/vcs.xml:309(para)
6886
msgid "Same as svn://, but through an SSH tunnel"
6887
msgstr ""
6888
6889
#: serverguide/C/vcs.xml:315(para)
6890
msgid ""
6891
"In this section, we will see how to configure Subversion for all these "
6892
"access methods. Here, we cover the basics. For more advanced usage details, "
6893
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6894
msgstr ""
6895
6896
#: serverguide/C/vcs.xml:322(title)
6897
msgid "Direct repository access (file://)"
6898
msgstr ""
6899
6900
#: serverguide/C/vcs.xml:323(para)
6901
msgid ""
6902
"This is the simplest of all access methods. It does not require any "
6903
"Subversion server process to be running. This access method is used to "
6904
"access Subversion from the same machine. The syntax of the command, entered "
6905
"at a terminal prompt, is as follows:"
6906
msgstr ""
6907
6908
#: serverguide/C/vcs.xml:330(command)
6909
msgid "svn co file:///path/to/repos/project"
6910
msgstr ""
6911
6912
#: serverguide/C/vcs.xml:333(para)
6913
msgid "or"
6914
msgstr ""
6915
6916
#: serverguide/C/vcs.xml:336(command)
6917
msgid "svn co file://localhost/path/to/repos/project"
6918
msgstr ""
6919
6920
#: serverguide/C/vcs.xml:340(para)
6921
msgid ""
6922
"If you do not specify the hostname, there are three forward slashes (///) -- "
6923
"two for the protocol (file, in this case) plus the leading slash in the "
6924
"path. If you specify the hostname, you must use two forward slashes (//)."
6925
msgstr ""
6926
6927
#: serverguide/C/vcs.xml:342(para)
6928
msgid ""
6929
"The repository permissions depend on filesystem permissions. If the user has "
6930
"read/write permission, he can checkout from and commit to the repository."
6931
msgstr ""
6932
6933
#: serverguide/C/vcs.xml:345(title)
6934
msgid "Access via WebDAV protocol (http://)"
6935
msgstr ""
6936
6937
#: serverguide/C/vcs.xml:346(para)
6938
msgid ""
6939
"To access the Subversion repository via WebDAV protocol, you must configure "
6940
"your Apache 2 web server. Add the following snippet between the "
6941
"<emphasis><VirtualHost></emphasis> and "
6942
"<emphasis></VirtualHost></emphasis> elements in "
6943
"<filename>/etc/apache2/sites-available/000-default.conf</filename>, or "
6944
"another VirtualHost file:"
6945
msgstr ""
6946
6947
#: serverguide/C/vcs.xml:352(programlisting)
6948
#, no-wrap
6949
msgid ""
6950
"\n"
6951
" <Location /svn>\n"
6952
" DAV svn\n"
6953
" SVNParentPath /path/to/repos\n"
6954
" AuthType Basic\n"
6955
" AuthName \"Your repository name\"\n"
6956
" AuthUserFile /etc/subversion/passwd\n"
6957
" Require valid-user\n"
6958
" </Location> \n"
6959
msgstr ""
6960
6961
#: serverguide/C/vcs.xml:363(para)
6962
msgid ""
6963
"The above configuration snippet assumes that Subversion repositories are "
6964
"created under <filename>/path/to/repos</filename> directory using "
6965
"<command>svnadmin</command> command and that the HTTP user has sufficent "
6966
"access rights to the files (see below). They can be accessible using "
6967
"<command>http://hostname/svn/repos_name</command> url."
6968
msgstr ""
6969
6970
#: serverguide/C/vcs.xml:369(para)
6971
msgid ""
6972
"Changing the apache configuration like the above requires to reload the "
6973
"service with the following command"
6974
msgstr ""
6975
6976
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:360(command)
6977
msgid "sudo systemctl reload apache2.service"
6978
msgstr ""
6979
6980
#: serverguide/C/vcs.xml:376(para)
6981
msgid ""
6982
"To import or commit files to your Subversion repository over HTTP, the "
6983
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
6984
"user is <command>www-data</command>. To change the ownership of the "
6985
"repository files enter the following command from terminal prompt:"
6986
msgstr ""
6987
6988
#: serverguide/C/vcs.xml:385(command)
6989
msgid "sudo chown -R www-data:www-data /path/to/repos"
6990
msgstr ""
6991
6992
#: serverguide/C/vcs.xml:388(para)
6993
msgid ""
6994
"By changing the ownership of repository as <command>www-data</command> you "
6995
"will not be able to import or commit files into the repository by running "
6996
"<command>svn import file:///</command> command as any user other than "
6997
"<command>www-data</command>."
6998
msgstr ""
6999
7000
#: serverguide/C/vcs.xml:397(para)
7001
msgid ""
7002
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7003
"that will contain user authentication details. To create a file issue the "
7004
"following command at a command prompt (which will create the file and add "
7005
"the first user):"
7006
msgstr ""
7007
7008
#: serverguide/C/vcs.xml:403(command)
7009
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7010
msgstr ""
7011
7012
#: serverguide/C/vcs.xml:406(para)
7013
msgid ""
7014
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7015
"option replaces the old file. Instead use this form:"
7016
msgstr ""
7017
7018
#: serverguide/C/vcs.xml:411(command)
7019
msgid "sudo htpasswd /etc/subversion/passwd user_name"
7020
msgstr ""
7021
7022
#: serverguide/C/vcs.xml:415(para)
7023
msgid ""
7024
"This command will prompt you to enter the password. Once you enter the "
7025
"password, the user is added. Now, to access the repository you can run the "
7026
"following command:"
7027
msgstr ""
7028
7029
#: serverguide/C/vcs.xml:416(command)
7030
msgid "svn co http://servername/svn"
7031
msgstr ""
7032
7033
#: serverguide/C/vcs.xml:418(para)
7034
msgid ""
7035
"The password is transmitted as plain text. If you are worried about password "
7036
"snooping, you are advised to use SSL encryption. For details, please refer "
7037
"next section."
7038
msgstr ""
7039
7040
#: serverguide/C/vcs.xml:424(title)
7041
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7042
msgstr ""
7043
7044
#: serverguide/C/vcs.xml:425(para)
7045
msgid ""
7046
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7047
"(https://) is similar to http:// except that you must install and configure "
7048
"the digital certificate in your Apache2 web server. To use SSL with "
7049
"Subversion add the above Apache2 configuration to "
7050
"<filename>/etc/apache2/sites-available/default-ssl.conf</filename>. For more "
7051
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7052
"configuration\"/>."
7053
msgstr ""
7054
7055
#: serverguide/C/vcs.xml:434(para)
7056
msgid ""
7057
"You can install a digital certificate issued by a signing authority. "
7058
"Alternatively, you can install your own self-signed certificate."
7059
msgstr ""
7060
7061
#: serverguide/C/vcs.xml:439(para)
7062
msgid ""
7063
"This step assumes you have installed and configured a digital certificate in "
7064
"your Apache 2 web server. Now, to access the Subversion repository, please "
7065
"refer to the above section! The access methods are exactly the same, except "
7066
"the protocol. You must use https:// to access the Subversion repository."
7067
msgstr ""
7068
7069
#: serverguide/C/vcs.xml:449(title)
7070
msgid "Access via custom protocol (svn://)"
7071
msgstr ""
7072
7073
#: serverguide/C/vcs.xml:450(para)
7074
msgid ""
7075
"Once the Subversion repository is created, you can configure the access "
7076
"control. You can edit the <filename> "
7077
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7078
"access control. For example, to set up authentication, you can uncomment the "
7079
"following lines in the configuration file:"
7080
msgstr ""
7081
7082
#: serverguide/C/vcs.xml:457(programlisting)
7083
#, no-wrap
7084
msgid ""
7085
"# [general]\n"
7086
"# password-db = passwd"
7087
msgstr ""
7088
7089
#: serverguide/C/vcs.xml:460(para)
7090
msgid ""
7091
"After uncommenting the above lines, you can maintain the user list in the "
7092
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7093
"directory and add the new user. The syntax is as follows:"
7094
msgstr ""
7095
7096
#: serverguide/C/vcs.xml:466(programlisting)
7097
#, no-wrap
7098
msgid "username = password"
7099
msgstr ""
7100
7101
#: serverguide/C/vcs.xml:467(para)
7102
msgid "For more details, please refer to the file."
7103
msgstr ""
7104
7105
#: serverguide/C/vcs.xml:471(para)
7106
msgid ""
7107
"Now, to access Subversion via the svn:// custom protocol, either from the "
7108
"same machine or a different machine, you can run svnserver using svnserve "
7109
"command. The syntax is as follows:"
7110
msgstr ""
7111
7112
#: serverguide/C/vcs.xml:476(programlisting)
7113
#, no-wrap
7114
msgid ""
7115
"$ svnserve -d --foreground -r /path/to/repos\n"
7116
"# -d -- daemon mode\n"
7117
"# --foreground -- run in foreground (useful for debugging)\n"
7118
"# -r -- root of directory to serve\n"
7119
"\n"
7120
"For more usage details, please refer to:\n"
7121
"$ svnserve --help"
7122
msgstr ""
7123
7124
#: serverguide/C/vcs.xml:484(para)
7125
msgid ""
7126
"Once you run this command, Subversion starts listening on default port "
7127
"(3690). To access the project repository, you must run the following command "
7128
"from a terminal prompt:"
7129
msgstr ""
7130
7131
#: serverguide/C/vcs.xml:487(command)
7132
msgid "svn co svn://hostname/project project --username user_name"
7133
msgstr ""
7134
7135
#: serverguide/C/vcs.xml:490(para)
7136
msgid ""
7137
"Based on server configuration, it prompts for password. Once you are "
7138
"authenticated, it checks out the code from Subversion repository. To "
7139
"synchronize the project repository with the local copy, you can run the "
7140
"<command>update</command> sub-command. The syntax of the command, entered at "
7141
"a terminal prompt, is as follows:"
7142
msgstr ""
7143
7144
#: serverguide/C/vcs.xml:498(command)
7145
msgid "cd project_dir ; svn update"
7146
msgstr ""
7147
7148
#: serverguide/C/vcs.xml:501(para)
7149
msgid ""
7150
"For more details about using each Subversion sub-command, you can refer to "
7151
"the manual. For example, to learn more about the co (checkout) command, "
7152
"please run the following command from a terminal prompt:"
7153
msgstr ""
7154
7155
#: serverguide/C/vcs.xml:505(command)
7156
msgid "svn co help"
7157
msgstr ""
7158
7159
#: serverguide/C/vcs.xml:509(title)
7160
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
7161
msgstr ""
7162
7163
#: serverguide/C/vcs.xml:510(para)
7164
msgid ""
7165
"The configuration and server process is same as in the svn:// method. For "
7166
"details, please refer to the above section. This step assumes you have "
7167
"followed the above step and started the Subversion server using "
7168
"<application>svnserve</application> command."
7169
msgstr ""
7170
7171
#: serverguide/C/vcs.xml:516(para)
7172
msgid ""
7173
"It is also assumed that the ssh server is running on that machine and that "
7174
"it is allowing incoming connections. To confirm, please try to login to that "
7175
"machine using ssh. If you can login, everything is perfect. If you cannot "
7176
"login, please address it before continuing further."
7177
msgstr ""
7178
7179
#: serverguide/C/vcs.xml:522(para)
7180
msgid ""
7181
"The svn+ssh:// protocol is used to access the Subversion repository using "
7182
"SSL encryption. The data transfer is encrypted using this method. To access "
7183
"the project repository (for example with a checkout), you must use the "
7184
"following command syntax:"
7185
msgstr ""
7186
7187
#: serverguide/C/vcs.xml:529(command)
7188
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
7189
msgstr ""
7190
7191
#: serverguide/C/vcs.xml:533(para)
7192
msgid ""
7193
"You must use the full path (/path/to/repos/project) to access the Subversion "
7194
"repository using this access method."
7195
msgstr ""
7196
7197
#: serverguide/C/vcs.xml:536(para)
7198
msgid ""
7199
"Based on server configuration, it prompts for password. You must enter the "
7200
"password you use to login via ssh. Once you are authenticated, it checks out "
7201
"the code from the Subversion repository."
7202
msgstr ""
7203
7204
#: serverguide/C/vcs.xml:551(ulink)
7205
msgid "Bazaar Home Page"
7206
msgstr ""
7207
7208
#: serverguide/C/vcs.xml:556(ulink)
7209
msgid "Launchpad"
7210
msgstr ""
7211
7212
#: serverguide/C/vcs.xml:561(ulink)
7213
msgid "Git homepage"
7214
msgstr ""
7215
7216
#: serverguide/C/vcs.xml:566(ulink)
7217
msgid "Gitolite"
7218
msgstr ""
7219
7220
#: serverguide/C/vcs.xml:571(ulink)
7221
msgid "Subversion Home Page"
7222
msgstr ""
7223
7224
#: serverguide/C/vcs.xml:576(ulink)
7225
msgid "Subversion Book"
7226
msgstr ""
7227
7228
#: serverguide/C/vcs.xml:581(ulink)
7229
msgid "Easy Bazaar Ubuntu Wiki page"
7230
msgstr ""
7231
7232
#: serverguide/C/vcs.xml:586(ulink)
7233
msgid "Ubuntu Wiki Subversion page"
7234
msgstr ""
7235
7236
#: serverguide/C/serverguide.xml:12(title)
7237
msgid "Ubuntu Server Guide"
7238
msgstr "คู่มือ Ubuntu Server"
7239
7240
#: serverguide/C/serverguide.xml:3(title)
7241
msgid "Credits and License"
7242
msgstr ""
7243
7244
#: serverguide/C/serverguide.xml:4(para)
7245
msgid ""
7246
"This document is maintained by the Ubuntu documentation team "
7247
"(https://wiki.ubuntu.com/DocumentationTeam). A list of contributors is below."
7248
msgstr ""
7249
7250
#: serverguide/C/serverguide.xml:5(para)
7251
msgid ""
7252
"This document is made available under the Creative Commons ShareAlike 3.0 "
7253
"License (CC-BY-SA)."
7254
msgstr ""
7255
7256
#: serverguide/C/serverguide.xml:6(para)
7257
msgid ""
7258
"You are free to modify, extend, and improve the Ubuntu documentation source "
7259
"code under the terms of this license. All derivative works must be released "
7260
"under this license."
7261
msgstr ""
7262
7263
#: serverguide/C/serverguide.xml:8(para)
7264
msgid ""
7265
"This documentation is distributed in the hope that it will be useful, but "
7266
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7267
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7268
msgstr ""
7269
7270
#: serverguide/C/serverguide.xml:11(para)
7271
msgid ""
7272
"A copy of the license is available here: <ulink "
7273
"url=\"https://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
7274
"ShareAlike License</ulink>."
7275
msgstr ""
7276
7277
#: serverguide/C/serverguide.xml:14(para)
7278
msgid ""
7279
"Members of the <ulink url=\"https://launchpad.net/~ubuntu-core-doc\">Ubuntu "
7280
"Documentation Project</ulink>"
7281
msgstr ""
7282
7283
#: serverguide/C/serverguide.xml:15(para)
7284
msgid ""
7285
"Members of the <ulink url=\"https://launchpad.net/~ubuntu-server\">Ubuntu "
7286
"Server Team</ulink>"
7287
msgstr ""
7288
7289
#: serverguide/C/serverguide.xml:16(para)
7290
msgid ""
7291
"Contributors to the <ulink "
7292
"url=\"https://help.ubuntu.com/community/\">Community Help Wiki</ulink>"
7293
msgstr ""
7294
7295
#: serverguide/C/serverguide.xml:17(para)
7296
msgid ""
7297
"Other contributors can be found in the revision history of the <ulink "
7298
"url=\"https://bazaar.launchpad.net/~ubuntu-core-"
7299
"doc/serverguide/trunk/changes\">serverguide</ulink> and <ulink "
7300
"url=\"https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-"
7301
"docs/trunk/changes\">ubuntu-docs</ulink> bzr branches available on Launchpad."
7302
msgstr ""
7303
7304
#: serverguide/C/serverguide.xml:12(para)
7305
msgid "Contributors to this document are: <placeholder-1/>"
7306
msgstr ""
7307
7308
#: serverguide/C/serverguide.xml:22(year)
7309
msgid "2016"
7310
msgstr ""
7311
7312
#: serverguide/C/serverguide.xml:23(holder)
7313
msgid "Contributors to the document"
7314
msgstr ""
7315
7316
#: serverguide/C/serverguide.xml:26(publishername)
7317
msgid "The Ubuntu Documentation Project"
7318
msgstr ""
7319
7320
#: serverguide/C/serverguide.xml:15(para)
7321
msgid ""
7322
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7323
"information on how to install and configure various server applications on "
7324
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7325
"guide for configuring and customizing your system."
7326
msgstr ""
7327
7328
#: serverguide/C/security.xml:12(para)
7329
msgid ""
7330
"Security should always be considered when installing, deploying, and using "
7331
"any type of computer system. Although a fresh installation of Ubuntu is "
7332
"relatively safe for immediate use on the Internet, it is important to have a "
7333
"balanced understanding of your system's security posture based on how it "
7334
"will be used after deployment."
7335
msgstr ""
7336
7337
#: serverguide/C/security.xml:15(para)
7338
msgid ""
7339
"This chapter provides an overview of security-related topics as they pertain "
7340
"to Ubuntu 16.04 LTS Server Edition, and outlines simple measures you may use "
7341
"to protect your server and network from any number of potential security "
7342
"threats."
7343
msgstr ""
7344
7345
#: serverguide/C/security.xml:19(title)
7346
msgid "User Management"
7347
msgstr ""
7348
7349
#: serverguide/C/security.xml:20(para)
7350
msgid ""
7351
"User management is a critical part of maintaining a secure system. "
7352
"Ineffective user and privilege management often lead many systems into being "
7353
"compromised. Therefore, it is important that you understand how you can "
7354
"protect your server through simple and effective user account management "
7355
"techniques."
7356
msgstr ""
7357
7358
#: serverguide/C/security.xml:24(title)
7359
msgid "Where is root?"
7360
msgstr ""
7361
7362
#: serverguide/C/security.xml:25(para)
7363
msgid ""
7364
"Ubuntu developers made a conscientious decision to disable the "
7365
"administrative root account by default in all Ubuntu installations. This "
7366
"does not mean that the root account has been deleted or that it may not be "
7367
"accessed. It merely has been given a password which matches no possible "
7368
"encrypted value, therefore may not log in directly by itself."
7369
msgstr ""
7370
7371
#: serverguide/C/security.xml:28(para)
7372
msgid ""
7373
"Instead, users are encouraged to make use of a tool by the name of "
7374
"<application>sudo</application> to carry out system administrative duties. "
7375
"<application>Sudo</application> allows an authorized user to temporarily "
7376
"elevate their privileges using their own password instead of having to know "
7377
"the password belonging to the root account. This simple yet effective "
7378
"methodology provides accountability for all user actions, and gives the "
7379
"administrator granular control over which actions a user can perform with "
7380
"said privileges."
7381
msgstr ""
7382
7383
#: serverguide/C/security.xml:33(para)
7384
msgid ""
7385
"If for some reason you wish to enable the root account, simply give it a "
7386
"password:"
7387
msgstr ""
7388
7389
#: serverguide/C/security.xml:37(para)
7390
msgid "Configurations with root passwords are not supported."
7391
msgstr ""
7392
7393
#: serverguide/C/security.xml:42(command)
7394
msgid "sudo passwd"
7395
msgstr ""
7396
7397
#: serverguide/C/security.xml:44(para)
7398
msgid ""
7399
"Sudo will prompt you for your password, and then ask you to supply a new "
7400
"password for root as shown below:"
7401
msgstr ""
7402
7403
#: serverguide/C/security.xml:47(computeroutput)
7404
#, no-wrap
7405
msgid "[sudo] password for username:"
7406
msgstr ""
7407
7408
#: serverguide/C/security.xml:47(userinput)
7409
#, no-wrap
7410
msgid "(enter your own password)"
7411
msgstr ""
7412
7413
#: serverguide/C/security.xml:48(computeroutput)
7414
#, no-wrap
7415
msgid "Enter new UNIX password:"
7416
msgstr ""
7417
7418
#: serverguide/C/security.xml:48(userinput)
7419
#, no-wrap
7420
msgid "(enter a new password for root)"
7421
msgstr ""
7422
7423
#: serverguide/C/security.xml:49(computeroutput)
7424
#, no-wrap
7425
msgid "Retype new UNIX password:"
7426
msgstr ""
7427
7428
#: serverguide/C/security.xml:49(userinput)
7429
#, no-wrap
7430
msgid "(repeat new password for root)"
7431
msgstr ""
7432
7433
#: serverguide/C/security.xml:50(computeroutput)
7434
#, no-wrap
7435
msgid "passwd: password updated successfully"
7436
msgstr ""
7437
7438
#: serverguide/C/security.xml:54(para)
7439
msgid ""
7440
"To disable the root account password, use the following passwd syntax:"
7441
msgstr ""
7442
7443
#: serverguide/C/security.xml:58(command)
7444
msgid "sudo passwd -l root"
7445
msgstr ""
7446
7447
#: serverguide/C/security.xml:60(para)
7448
msgid ""
7449
"However, to disable the root account itself, use the following command:"
7450
msgstr ""
7451
7452
#: serverguide/C/security.xml:64(command)
7453
msgid "usermod --expiredate 1"
7454
msgstr ""
7455
7456
#: serverguide/C/security.xml:68(para)
7457
msgid ""
7458
"You should read more on <application>Sudo</application> by reading the man "
7459
"page:"
7460
msgstr ""
7461
7462
#: serverguide/C/security.xml:72(command)
7463
msgid "man sudo"
7464
msgstr ""
7465
7466
#: serverguide/C/security.xml:76(para)
7467
msgid ""
7468
"By default, the initial user created by the Ubuntu installer is a member of "
7469
"the group \"<emphasis>sudo</emphasis>\" which is added to the file "
7470
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7471
"give any other account full root access through "
7472
"<application>sudo</application>, simply add them to the "
7473
"<emphasis>sudo</emphasis> group."
7474
msgstr ""
7475
7476
#: serverguide/C/security.xml:82(title)
7477
msgid "Adding and Deleting Users"
7478
msgstr ""
7479
7480
#: serverguide/C/security.xml:83(para)
7481
msgid ""
7482
"The process for managing local users and groups is straightforward and "
7483
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7484
"other Debian based distributions encourage the use of the \"adduser\" "
7485
"package for account management."
7486
msgstr ""
7487
7488
#: serverguide/C/security.xml:88(para)
7489
msgid ""
7490
"To add a user account, use the following syntax, and follow the prompts to "
7491
"give the account a password and identifiable characteristics, such as a full "
7492
"name, phone number, etc."
7493
msgstr ""
7494
7495
#: serverguide/C/security.xml:92(command)
7496
msgid "sudo adduser username"
7497
msgstr ""
7498
7499
#: serverguide/C/security.xml:96(para)
7500
msgid ""
7501
"To delete a user account and its primary group, use the following syntax:"
7502
msgstr ""
7503
7504
#: serverguide/C/security.xml:100(command)
7505
msgid "sudo deluser username"
7506
msgstr ""
7507
7508
#: serverguide/C/security.xml:102(para)
7509
msgid ""
7510
"Deleting an account does not remove their respective home folder. It is up "
7511
"to you whether or not you wish to delete the folder manually or keep it "
7512
"according to your desired retention policies."
7513
msgstr ""
7514
7515
#: serverguide/C/security.xml:105(para)
7516
msgid ""
7517
"Remember, any user added later on with the same UID/GID as the previous "
7518
"owner will now have access to this folder if you have not taken the "
7519
"necessary precautions."
7520
msgstr ""
7521
7522
#: serverguide/C/security.xml:108(para)
7523
msgid ""
7524
"You may want to change these UID/GID values to something more appropriate, "
7525
"such as the root account, and perhaps even relocate the folder to avoid "
7526
"future conflicts:"
7527
msgstr ""
7528
7529
#: serverguide/C/security.xml:112(command)
7530
msgid "sudo chown -R root:root /home/username/"
7531
msgstr ""
7532
7533
#: serverguide/C/security.xml:113(command)
7534
msgid "sudo mkdir /home/archived_users/"
7535
msgstr ""
7536
7537
#: serverguide/C/security.xml:114(command)
7538
msgid "sudo mv /home/username /home/archived_users/"
7539
msgstr ""
7540
7541
#: serverguide/C/security.xml:118(para)
7542
msgid ""
7543
"To temporarily lock or unlock a user account, use the following syntax, "
7544
"respectively:"
7545
msgstr ""
7546
7547
#: serverguide/C/security.xml:122(command)
7548
msgid "sudo passwd -l username"
7549
msgstr ""
7550
7551
#: serverguide/C/security.xml:123(command)
7552
msgid "sudo passwd -u username"
7553
msgstr ""
7554
7555
#: serverguide/C/security.xml:127(para)
7556
msgid ""
7557
"To add or delete a personalized group, use the following syntax, "
7558
"respectively:"
7559
msgstr ""
7560
7561
#: serverguide/C/security.xml:131(command)
7562
msgid "sudo addgroup groupname"
7563
msgstr ""
7564
7565
#: serverguide/C/security.xml:132(command)
7566
msgid "sudo delgroup groupname"
7567
msgstr ""
7568
7569
#: serverguide/C/security.xml:136(para)
7570
msgid "To add a user to a group, use the following syntax:"
7571
msgstr ""
7572
7573
#: serverguide/C/security.xml:140(command)
7574
msgid "sudo adduser username groupname"
7575
msgstr ""
7576
7577
#: serverguide/C/security.xml:147(title)
7578
msgid "User Profile Security"
7579
msgstr ""
7580
7581
#: serverguide/C/security.xml:148(para)
7582
msgid ""
7583
"When a new user is created, the adduser utility creates a brand new home "
7584
"directory named <filename class=\"directory\">/home/username</filename>. The "
7585
"default profile is modeled after the contents found in the directory of "
7586
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
7587
"profile basics."
7588
msgstr ""
7589
7590
#: serverguide/C/security.xml:151(para)
7591
msgid ""
7592
"If your server will be home to multiple users, you should pay close "
7593
"attention to the user home directory permissions to ensure confidentiality. "
7594
"By default, user home directories in Ubuntu are created with world "
7595
"read/execute permissions. This means that all users can browse and access "
7596
"the contents of other users home directories. This may not be suitable for "
7597
"your environment."
7598
msgstr ""
7599
7600
#: serverguide/C/security.xml:156(para)
7601
msgid ""
7602
"To verify your current user home directory permissions, use the following "
7603
"syntax:"
7604
msgstr ""
7605
7606
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
7607
msgid "ls -ld /home/username"
7608
msgstr ""
7609
7610
#: serverguide/C/security.xml:162(para)
7611
msgid ""
7612
"The following output shows that the directory <filename "
7613
"class=\"directory\">/home/username</filename> has world-readable permissions:"
7614
msgstr ""
7615
7616
#: serverguide/C/security.xml:165(computeroutput)
7617
#, no-wrap
7618
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7619
msgstr ""
7620
7621
#: serverguide/C/security.xml:169(para)
7622
msgid ""
7623
"You can remove the world readable-permissions using the following syntax:"
7624
msgstr ""
7625
7626
#: serverguide/C/security.xml:173(command)
7627
msgid "sudo chmod 0750 /home/username"
7628
msgstr ""
7629
7630
#: serverguide/C/security.xml:176(para)
7631
msgid ""
7632
"Some people tend to use the recursive option (-R) indiscriminately which "
7633
"modifies all child folders and files, but this is not necessary, and may "
7634
"yield other undesirable results. The parent directory alone is sufficient "
7635
"for preventing unauthorized access to anything below the parent."
7636
msgstr ""
7637
7638
#: serverguide/C/security.xml:180(para)
7639
msgid ""
7640
"A much more efficient approach to the matter would be to modify the "
7641
"<application>adduser</application> global default permissions when creating "
7642
"user home folders. Simply edit the file "
7643
"<filename>/etc/adduser.conf</filename> and modify the "
7644
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7645
"new home directories will receive the correct permissions."
7646
msgstr ""
7647
7648
#: serverguide/C/security.xml:183(programlisting)
7649
#, no-wrap
7650
msgid ""
7651
"\n"
7652
"DIR_MODE=0750\n"
7653
msgstr ""
7654
7655
#: serverguide/C/security.xml:188(para)
7656
msgid ""
7657
"After correcting the directory permissions using any of the previously "
7658
"mentioned techniques, verify the results using the following syntax:"
7659
msgstr ""
7660
7661
#: serverguide/C/security.xml:194(para)
7662
msgid ""
7663
"The results below show that world-readable permissions have been removed:"
7664
msgstr ""
7665
7666
#: serverguide/C/security.xml:197(computeroutput)
7667
#, no-wrap
7668
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7669
msgstr ""
7670
7671
#: serverguide/C/security.xml:204(title)
7672
msgid "Password Policy"
7673
msgstr ""
7674
7675
#: serverguide/C/security.xml:205(para)
7676
msgid ""
7677
"A strong password policy is one of the most important aspects of your "
7678
"security posture. Many successful security breaches involve simple brute "
7679
"force and dictionary attacks against weak passwords. If you intend to offer "
7680
"any form of remote access involving your local password system, make sure "
7681
"you adequately address minimum password complexity requirements, maximum "
7682
"password lifetimes, and frequent audits of your authentication systems."
7683
msgstr ""
7684
7685
#: serverguide/C/security.xml:209(title)
7686
msgid "Minimum Password Length"
7687
msgstr ""
7688
7689
#: serverguide/C/security.xml:210(para)
7690
msgid ""
7691
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7692
"well as some basic entropy checks. These values are controlled in the file "
7693
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7694
msgstr ""
7695
7696
#: serverguide/C/security.xml:213(programlisting)
7697
#, no-wrap
7698
msgid ""
7699
"\n"
7700
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
7701
msgstr ""
7702
7703
#: serverguide/C/security.xml:216(para)
7704
msgid ""
7705
"If you would like to adjust the minimum length to 8 characters, change the "
7706
"appropriate variable to min=8. The modification is outlined below."
7707
msgstr ""
7708
7709
#: serverguide/C/security.xml:219(programlisting)
7710
#, no-wrap
7711
msgid ""
7712
"\n"
7713
"password [success=1 default=ignore] pam_unix.so obscure sha512 "
7714
"minlen=8\n"
7715
msgstr ""
7716
7717
#: serverguide/C/security.xml:223(para)
7718
msgid ""
7719
"Basic password entropy checks and minimum length rules do not apply to the "
7720
"administrator using sudo level commands to setup a new user."
7721
msgstr ""
7722
7723
#: serverguide/C/security.xml:229(title)
7724
msgid "Password Expiration"
7725
msgstr ""
7726
7727
#: serverguide/C/security.xml:230(para)
7728
msgid ""
7729
"When creating user accounts, you should make it a policy to have a minimum "
7730
"and maximum password age forcing users to change their passwords when they "
7731
"expire."
7732
msgstr ""
7733
7734
#: serverguide/C/security.xml:235(para)
7735
msgid ""
7736
"To easily view the current status of a user account, use the following "
7737
"syntax:"
7738
msgstr ""
7739
7740
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
7741
msgid "sudo chage -l username"
7742
msgstr ""
7743
7744
#: serverguide/C/security.xml:241(para)
7745
msgid ""
7746
"The output below shows interesting facts about the user account, namely that "
7747
"there are no policies applied:"
7748
msgstr ""
7749
7750
#: serverguide/C/security.xml:244(computeroutput)
7751
#, no-wrap
7752
msgid ""
7753
"Last password change : Jan 20, 2015\n"
7754
"Password expires : never\n"
7755
"Password inactive : never\n"
7756
"Account expires : never\n"
7757
"Minimum number of days between password change : 0\n"
7758
"Maximum number of days between password change : 99999\n"
7759
"Number of days of warning before password expires : 7"
7760
msgstr ""
7761
7762
#: serverguide/C/security.xml:254(para)
7763
msgid ""
7764
"To set any of these values, simply use the following syntax, and follow the "
7765
"interactive prompts:"
7766
msgstr ""
7767
7768
#: serverguide/C/security.xml:258(command)
7769
msgid "sudo chage username"
7770
msgstr ""
7771
7772
#: serverguide/C/security.xml:260(para)
7773
msgid ""
7774
"The following is also an example of how you can manually change the explicit "
7775
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
7776
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7777
"password expiration, and a warning time period (-W) of 14 days before "
7778
"password expiration:"
7779
msgstr ""
7780
7781
#: serverguide/C/security.xml:264(command)
7782
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
7783
msgstr ""
7784
7785
#: serverguide/C/security.xml:268(para)
7786
msgid "To verify changes, use the same syntax as mentioned previously:"
7787
msgstr ""
7788
7789
#: serverguide/C/security.xml:274(para)
7790
msgid ""
7791
"The output below shows the new policies that have been established for the "
7792
"account:"
7793
msgstr ""
7794
7795
#: serverguide/C/security.xml:277(computeroutput)
7796
#, no-wrap
7797
msgid ""
7798
"Last password change : Jan 20, 2015\n"
7799
"Password expires : Apr 19, 2015\n"
7800
"Password inactive : May 19, 2015\n"
7801
"Account expires : Jan 31, 2015\n"
7802
"Minimum number of days between password change : 5\n"
7803
"Maximum number of days between password change : 90\n"
7804
"Number of days of warning before password expires : 14"
7805
msgstr ""
7806
7807
#: serverguide/C/security.xml:293(title)
7808
msgid "Other Security Considerations"
7809
msgstr ""
7810
7811
#: serverguide/C/security.xml:294(para)
7812
msgid ""
7813
"Many applications use alternate authentication mechanisms that can be easily "
7814
"overlooked by even experienced system administrators. Therefore, it is "
7815
"important to understand and control how users authenticate and gain access "
7816
"to services and applications on your server."
7817
msgstr ""
7818
7819
#: serverguide/C/security.xml:299(title)
7820
msgid "SSH Access by Disabled Users"
7821
msgstr ""
7822
7823
#: serverguide/C/security.xml:300(para)
7824
msgid ""
7825
"Simply disabling/locking a user account will not prevent a user from logging "
7826
"into your server remotely if they have previously set up RSA public key "
7827
"authentication. They will still be able to gain shell access to the server, "
7828
"without the need for any password. Remember to check the users home "
7829
"directory for files that will allow for this type of authenticated SSH "
7830
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7831
msgstr ""
7832
7833
#: serverguide/C/security.xml:303(para)
7834
msgid ""
7835
"Remove or rename the directory <filename "
7836
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7837
"further SSH authentication capabilities."
7838
msgstr ""
7839
7840
#: serverguide/C/security.xml:306(para)
7841
msgid ""
7842
"Be sure to check for any established SSH connections by the disabled user, "
7843
"as it is possible they may have existing inbound or outbound connections. "
7844
"Kill any that are found."
7845
msgstr ""
7846
7847
#: serverguide/C/security.xml:310(command)
7848
msgid "who | grep username"
7849
msgstr ""
7850
7851
#: serverguide/C/security.xml:311(command)
7852
msgid "sudo pkill -f pts/#"
7853
msgstr ""
7854
7855
#: serverguide/C/security.xml:309(screen)
7856
#, no-wrap
7857
msgid ""
7858
"\n"
7859
"<placeholder-1/> (to get the pts/# terminal)\n"
7860
"<placeholder-2/>\n"
7861
msgstr ""
7862
7863
#: serverguide/C/security.xml:313(para)
7864
msgid ""
7865
"Restrict SSH access to only user accounts that should have it. For example, "
7866
"you may create a group called \"sshlogin\" and add the group name as the "
7867
"value associated with the <varname>AllowGroups</varname> variable located in "
7868
"the file <filename>/etc/ssh/sshd_config</filename>."
7869
msgstr ""
7870
7871
#: serverguide/C/security.xml:316(programlisting)
7872
#, no-wrap
7873
msgid ""
7874
"\n"
7875
"AllowGroups sshlogin\n"
7876
msgstr ""
7877
7878
#: serverguide/C/security.xml:319(para)
7879
msgid ""
7880
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7881
"SSH service."
7882
msgstr ""
7883
7884
#: serverguide/C/security.xml:323(command)
7885
msgid "sudo adduser username sshlogin"
7886
msgstr ""
7887
7888
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
7889
msgid "sudo systemctl restart sshd.service"
7890
msgstr ""
7891
7892
#: serverguide/C/security.xml:328(title)
7893
msgid "External User Database Authentication"
7894
msgstr ""
7895
7896
#: serverguide/C/security.xml:329(para)
7897
msgid ""
7898
"Most enterprise networks require centralized authentication and access "
7899
"controls for all system resources. If you have configured your server to "
7900
"authenticate users against external databases, be sure to disable the user "
7901
"accounts both externally and locally. This way you ensure that local "
7902
"fallback authentication is not possible."
7903
msgstr ""
7904
7905
#: serverguide/C/security.xml:338(title)
7906
msgid "Console Security"
7907
msgstr ""
7908
7909
#: serverguide/C/security.xml:339(para)
7910
msgid ""
7911
"As with any other security barrier you put in place to protect your server, "
7912
"it is pretty tough to defend against untold damage caused by someone with "
7913
"physical access to your environment, for example, theft of hard drives, "
7914
"power or service disruption, and so on. Therefore, console security should "
7915
"be addressed merely as one component of your overall physical security "
7916
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7917
"very least slow down a determined one, so it is still advisable to perform "
7918
"basic precautions with regard to console security."
7919
msgstr ""
7920
7921
#: serverguide/C/security.xml:342(para)
7922
msgid ""
7923
"The following instructions will help defend your server against issues that "
7924
"could otherwise yield very serious consequences."
7925
msgstr ""
7926
7927
#: serverguide/C/security.xml:347(title)
7928
msgid "Disable Ctrl+Alt+Delete"
7929
msgstr ""
7930
7931
#: serverguide/C/security.xml:348(para)
7932
msgid ""
7933
"Anyone that has physical access to the keyboard can simply use the "
7934
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7935
"eycombo> key combination to reboot the server without having to log on. "
7936
"While someone could simply unplug the power source, you should still prevent "
7937
"the use of this key combination on a production server. This forces an "
7938
"attacker to take more drastic measures to reboot the server, and will "
7939
"prevent accidental reboots at the same time."
7940
msgstr ""
7941
7942
#: serverguide/C/security.xml:351(para)
7943
msgid ""
7944
"To disable the reboot action taken by pressing the "
7945
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7946
"eycombo> key combination, run the following two commands: <screen>\n"
7947
"sudo systemctl mask ctrl-alt-del.target\n"
7948
"sudo systemctl daemon-reload\n"
7949
"</screen>"
7950
msgstr ""
7951
7952
#: serverguide/C/security.xml:364(title)
7953
msgid "Firewall"
7954
msgstr ""
7955
7956
#: serverguide/C/security.xml:367(para)
7957
msgid ""
7958
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7959
"which is used to manipulate or decide the fate of network traffic headed "
7960
"into or through your server. All modern Linux firewall solutions use this "
7961
"system for packet filtering."
7962
msgstr ""
7963
7964
#: serverguide/C/security.xml:372(para)
7965
msgid ""
7966
"The kernel's packet filtering system would be of little use to "
7967
"administrators without a userspace interface to manage it. This is the "
7968
"purpose of iptables: When a packet reaches your server, it will be handed "
7969
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7970
"based on the rules supplied to it from userspace via iptables. Thus, "
7971
"iptables is all you need to manage your firewall, if you're familiar with "
7972
"it, but many frontends are available to simplify the task."
7973
msgstr ""
7974
7975
#: serverguide/C/security.xml:382(title)
7976
msgid "ufw - Uncomplicated Firewall"
7977
msgstr ""
7978
7979
#: serverguide/C/security.xml:383(para)
7980
msgid ""
7981
"The default firewall configuration tool for Ubuntu is "
7982
"<application>ufw</application>. Developed to ease iptables firewall "
7983
"configuration, <application>ufw</application> provides a user-friendly way "
7984
"to create an IPv4 or IPv6 host-based firewall."
7985
msgstr ""
7986
7987
#: serverguide/C/security.xml:387(para)
7988
msgid ""
7989
"<application>ufw</application> by default is initially disabled. From the "
7990
"<application>ufw</application> man page:"
7991
msgstr ""
7992
7993
#: serverguide/C/security.xml:391(quote)
7994
msgid ""
7995
"ufw is not intended to provide complete firewall functionality via its "
7996
"command interface, but instead provides an easy way to add or remove simple "
7997
"rules. It is currently mainly used for host-based firewalls."
7998
msgstr ""
7999
8000
#: serverguide/C/security.xml:395(para)
8001
msgid ""
8002
"The following are some examples of how to use <application>ufw</application>:"
8003
msgstr ""
8004
8005
#: serverguide/C/security.xml:400(para)
8006
msgid ""
8007
"First, <application>ufw</application> needs to be enabled. From a terminal "
8008
"prompt enter:"
8009
msgstr ""
8010
8011
#: serverguide/C/security.xml:404(command)
8012
msgid "sudo ufw enable"
8013
msgstr ""
8014
8015
#: serverguide/C/security.xml:408(para)
8016
msgid "To open a port (SSH in this example):"
8017
msgstr ""
8018
8019
#: serverguide/C/security.xml:412(command)
8020
msgid "sudo ufw allow 22"
8021
msgstr ""
8022
8023
#: serverguide/C/security.xml:416(para)
8024
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8025
msgstr ""
8026
8027
#: serverguide/C/security.xml:420(command)
8028
msgid "sudo ufw insert 1 allow 80"
8029
msgstr ""
8030
8031
#: serverguide/C/security.xml:424(para)
8032
msgid "Similarly, to close an opened port:"
8033
msgstr ""
8034
8035
#: serverguide/C/security.xml:428(command)
8036
msgid "sudo ufw deny 22"
8037
msgstr ""
8038
8039
#: serverguide/C/security.xml:432(para)
8040
msgid "To remove a rule, use delete followed by the rule:"
8041
msgstr ""
8042
8043
#: serverguide/C/security.xml:436(command)
8044
msgid "sudo ufw delete deny 22"
8045
msgstr ""
8046
8047
#: serverguide/C/security.xml:440(para)
8048
msgid ""
8049
"It is also possible to allow access from specific hosts or networks to a "
8050
"port. The following example allows SSH access from host 192.168.0.2 to any "
8051
"IP address on this host:"
8052
msgstr ""
8053
8054
#: serverguide/C/security.xml:445(command)
8055
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8056
msgstr ""
8057
8058
#: serverguide/C/security.xml:447(para)
8059
msgid ""
8060
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
8061
"subnet."
8062
msgstr ""
8063
8064
#: serverguide/C/security.xml:453(para)
8065
msgid ""
8066
"Adding the <emphasis>--dry-run</emphasis> option to a "
8067
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8068
"apply them. For example, the following is what would be applied if opening "
8069
"the HTTP port:"
8070
msgstr ""
8071
8072
#: serverguide/C/security.xml:459(command)
8073
msgid "sudo ufw --dry-run allow http"
8074
msgstr ""
8075
8076
#: serverguide/C/security.xml:463(computeroutput)
8077
#, no-wrap
8078
msgid ""
8079
"*filter\n"
8080
":ufw-user-input - [0:0]\n"
8081
":ufw-user-output - [0:0]\n"
8082
":ufw-user-forward - [0:0]\n"
8083
":ufw-user-limit - [0:0]\n"
8084
":ufw-user-limit-accept - [0:0]\n"
8085
"### RULES ###\n"
8086
"\n"
8087
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8088
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
8089
"\n"
8090
"### END RULES ###\n"
8091
"-A ufw-user-input -j RETURN\n"
8092
"-A ufw-user-output -j RETURN\n"
8093
"-A ufw-user-forward -j RETURN\n"
8094
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
8095
"LIMIT]: \"\n"
8096
"-A ufw-user-limit -j REJECT\n"
8097
"-A ufw-user-limit-accept -j ACCEPT\n"
8098
"COMMIT\n"
8099
"Rules updated"
8100
msgstr ""
8101
8102
#: serverguide/C/security.xml:487(para)
8103
msgid "<application>ufw</application> can be disabled by:"
8104
msgstr ""
8105
8106
#: serverguide/C/security.xml:491(command)
8107
msgid "sudo ufw disable"
8108
msgstr ""
8109
8110
#: serverguide/C/security.xml:495(para)
8111
msgid "To see the firewall status, enter:"
8112
msgstr ""
8113
8114
#: serverguide/C/security.xml:499(command)
8115
msgid "sudo ufw status"
8116
msgstr ""
8117
8118
#: serverguide/C/security.xml:503(para)
8119
msgid "And for more verbose status information use:"
8120
msgstr ""
8121
8122
#: serverguide/C/security.xml:507(command)
8123
msgid "sudo ufw status verbose"
8124
msgstr ""
8125
8126
#: serverguide/C/security.xml:511(para)
8127
msgid "To view the <emphasis>numbered</emphasis> format:"
8128
msgstr ""
8129
8130
#: serverguide/C/security.xml:515(command)
8131
msgid "sudo ufw status numbered"
8132
msgstr ""
8133
8134
#: serverguide/C/security.xml:520(para)
8135
msgid ""
8136
"If the port you want to open or close is defined in "
8137
"<filename>/etc/services</filename>, you can use the port name instead of the "
8138
"number. In the above examples, replace <emphasis>22</emphasis> with "
8139
"<emphasis>ssh</emphasis>."
8140
msgstr ""
8141
8142
#: serverguide/C/security.xml:526(para)
8143
msgid ""
8144
"This is a quick introduction to using <application>ufw</application>. Please "
8145
"refer to the <application>ufw</application> man page for more information."
8146
msgstr ""
8147
8148
#: serverguide/C/security.xml:532(title)
8149
msgid "ufw Application Integration"
8150
msgstr ""
8151
8152
#: serverguide/C/security.xml:534(para)
8153
msgid ""
8154
"Applications that open ports can include an <application>ufw</application> "
8155
"profile, which details the ports needed for the application to function "
8156
"properly. The profiles are kept in <filename "
8157
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8158
"the default ports have been changed."
8159
msgstr ""
8160
8161
#: serverguide/C/security.xml:543(para)
8162
msgid ""
8163
"To view which applications have installed a profile, enter the following in "
8164
"a terminal:"
8165
msgstr ""
8166
8167
#: serverguide/C/security.xml:548(command)
8168
msgid "sudo ufw app list"
8169
msgstr ""
8170
8171
#: serverguide/C/security.xml:554(para)
8172
msgid ""
8173
"Similar to allowing traffic to a port, using an application profile is "
8174
"accomplished by entering:"
8175
msgstr ""
8176
8177
#: serverguide/C/security.xml:559(command)
8178
msgid "sudo ufw allow Samba"
8179
msgstr ""
8180
8181
#: serverguide/C/security.xml:565(para)
8182
msgid "An extended syntax is available as well:"
8183
msgstr ""
8184
8185
#: serverguide/C/security.xml:570(command)
8186
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8187
msgstr ""
8188
8189
#: serverguide/C/security.xml:573(para)
8190
msgid ""
8191
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8192
"with the application profile you are using and the IP range for your network."
8193
msgstr ""
8194
8195
#: serverguide/C/security.xml:579(para)
8196
msgid ""
8197
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8198
"application, because that information is detailed in the profile. Also, note "
8199
"that the <emphasis>app</emphasis> name replaces the "
8200
"<emphasis>port</emphasis> number."
8201
msgstr ""
8202
8203
#: serverguide/C/security.xml:588(para)
8204
msgid ""
8205
"To view details about which ports, protocols, etc., are defined for an "
8206
"application, enter:"
8207
msgstr ""
8208
8209
#: serverguide/C/security.xml:593(command)
8210
msgid "sudo ufw app info Samba"
8211
msgstr ""
8212
8213
#: serverguide/C/security.xml:599(para)
8214
msgid ""
8215
"Not all applications that require opening a network port come with "
8216
"<application>ufw</application> profiles, but if you have profiled an "
8217
"application and want the file to be included with the package, please file a "
8218
"bug against the package in Launchpad."
8219
msgstr ""
8220
8221
#: serverguide/C/security.xml:605(command)
8222
msgid "ubuntu-bug nameofpackage"
8223
msgstr ""
8224
8225
#: serverguide/C/security.xml:611(title)
8226
msgid "IP Masquerading"
8227
msgstr ""
8228
8229
#: serverguide/C/security.xml:612(para)
8230
msgid ""
8231
"The purpose of IP Masquerading is to allow machines with private, non-"
8232
"routable IP addresses on your network to access the Internet through the "
8233
"machine doing the masquerading. Traffic from your private network destined "
8234
"for the Internet must be manipulated for replies to be routable back to the "
8235
"machine that made the request. To do this, the kernel must modify the "
8236
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8237
"be routed back to it, rather than to the private IP address that made the "
8238
"request, which is impossible over the Internet. Linux uses "
8239
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8240
"connections belong to which machines and reroute each return packet "
8241
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8242
"having originated from your Ubuntu gateway machine. This process is referred "
8243
"to in Microsoft documentation as Internet Connection Sharing."
8244
msgstr ""
8245
8246
#: serverguide/C/security.xml:628(title)
8247
msgid "ufw Masquerading"
8248
msgstr ""
8249
8250
#: serverguide/C/security.xml:629(para)
8251
msgid ""
8252
"IP Masquerading can be achieved using custom <application>ufw</application> "
8253
"rules. This is possible because the current back-end for "
8254
"<application>ufw</application> is <application>iptables-"
8255
"restore</application> with the rules files located in "
8256
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8257
"legacy iptables rules used without <application>ufw</application>, and rules "
8258
"that are more network gateway or bridge related."
8259
msgstr ""
8260
8261
#: serverguide/C/security.xml:635(para)
8262
msgid ""
8263
"The rules are split into two different files, rules that should be executed "
8264
"before <application>ufw</application> command line rules, and rules that are "
8265
"executed after <application>ufw</application> command line rules."
8266
msgstr ""
8267
8268
#: serverguide/C/security.xml:641(para)
8269
msgid ""
8270
"First, packet forwarding needs to be enabled in "
8271
"<application>ufw</application>. Two configuration files will need to be "
8272
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8273
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8274
msgstr ""
8275
8276
#: serverguide/C/security.xml:645(programlisting)
8277
#, no-wrap
8278
msgid ""
8279
"\n"
8280
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8281
msgstr ""
8282
8283
#: serverguide/C/security.xml:648(para)
8284
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8285
msgstr ""
8286
8287
#: serverguide/C/security.xml:651(programlisting)
8288
#, no-wrap
8289
msgid ""
8290
"\n"
8291
"net/ipv4/ip_forward=1\n"
8292
msgstr ""
8293
8294
#: serverguide/C/security.xml:654(para)
8295
msgid "Similarly, for IPv6 forwarding uncomment:"
8296
msgstr ""
8297
8298
#: serverguide/C/security.xml:657(programlisting)
8299
#, no-wrap
8300
msgid ""
8301
"\n"
8302
"net/ipv6/conf/default/forwarding=1\n"
8303
msgstr ""
8304
8305
#: serverguide/C/security.xml:662(para)
8306
msgid ""
8307
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
8308
"default rules only configure the <emphasis>filter</emphasis> table, and to "
8309
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
8310
"configured. Add the following to the top of the file just after the header "
8311
"comments:"
8312
msgstr ""
8313
8314
#: serverguide/C/security.xml:667(programlisting)
8315
#, no-wrap
8316
msgid ""
8317
"\n"
8318
"# nat Table rules\n"
8319
"*nat\n"
8320
":POSTROUTING ACCEPT [0:0]\n"
8321
"\n"
8322
"# Forward traffic from eth1 through eth0.\n"
8323
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8324
"\n"
8325
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8326
"processed\n"
8327
"COMMIT\n"
8328
msgstr ""
8329
8330
#: serverguide/C/security.xml:678(para)
8331
msgid ""
8332
"The comments are not strictly necessary, but it is considered good practice "
8333
"to document your configuration. Also, when modifying any of the "
8334
"<emphasis>rules</emphasis> files in <filename "
8335
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8336
"line for each table modified:"
8337
msgstr ""
8338
8339
#: serverguide/C/security.xml:684(programlisting)
8340
#, no-wrap
8341
msgid ""
8342
"\n"
8343
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8344
"COMMIT\n"
8345
msgstr ""
8346
8347
#: serverguide/C/security.xml:689(para)
8348
msgid ""
8349
"For each <emphasis>Table</emphasis> a corresponding "
8350
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8351
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8352
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8353
"<emphasis>mangle</emphasis> tables."
8354
msgstr ""
8355
8356
#: serverguide/C/security.xml:696(para)
8357
msgid ""
8358
"In the above example replace <emphasis>eth0</emphasis>, "
8359
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8360
"appropriate interfaces and IP range for your network."
8361
msgstr ""
8362
8363
#: serverguide/C/security.xml:704(para)
8364
msgid ""
8365
"Finally, disable and re-enable <application>ufw</application> to apply the "
8366
"changes:"
8367
msgstr ""
8368
8369
#: serverguide/C/security.xml:708(command)
8370
msgid "sudo ufw disable && sudo ufw enable"
8371
msgstr ""
8372
8373
#: serverguide/C/security.xml:712(para)
8374
msgid ""
8375
"IP Masquerading should now be enabled. You can also add any additional "
8376
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8377
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8378
"forward</emphasis> chain."
8379
msgstr ""
8380
8381
#: serverguide/C/security.xml:719(title)
8382
msgid "iptables Masquerading"
8383
msgstr ""
8384
8385
#: serverguide/C/security.xml:720(para)
8386
msgid ""
8387
"<application>iptables</application> can also be used to enable Masquerading."
8388
msgstr ""
8389
8390
#: serverguide/C/security.xml:725(para)
8391
msgid ""
8392
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8393
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8394
"uncomment the following line:"
8395
msgstr ""
8396
8397
#: serverguide/C/security.xml:729(programlisting)
8398
#, no-wrap
8399
msgid ""
8400
"\n"
8401
"net.ipv4.ip_forward=1\n"
8402
msgstr ""
8403
8404
#: serverguide/C/security.xml:732(para)
8405
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8406
msgstr ""
8407
8408
#: serverguide/C/security.xml:735(programlisting)
8409
#, no-wrap
8410
msgid ""
8411
"\n"
8412
"net.ipv6.conf.default.forwarding=1\n"
8413
msgstr ""
8414
8415
#: serverguide/C/security.xml:740(para)
8416
msgid ""
8417
"Next, execute the <application>sysctl</application> command to enable the "
8418
"new settings in the configuration file:"
8419
msgstr ""
8420
8421
#: serverguide/C/security.xml:744(command)
8422
msgid "sudo sysctl -p"
8423
msgstr ""
8424
8425
#: serverguide/C/security.xml:748(para)
8426
msgid ""
8427
"IP Masquerading can now be accomplished with a single iptables rule, which "
8428
"may differ slightly based on your network configuration:"
8429
msgstr ""
8430
8431
#: serverguide/C/security.xml:751(screen)
8432
#, no-wrap
8433
msgid ""
8434
"\n"
8435
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8436
msgstr ""
8437
8438
#: serverguide/C/security.xml:754(para)
8439
msgid ""
8440
"The above command assumes that your private address space is 192.168.0.0/16 "
8441
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8442
"follows:"
8443
msgstr ""
8444
8445
#: serverguide/C/security.xml:759(para)
8446
msgid "-t nat -- the rule is to go into the nat table"
8447
msgstr ""
8448
8449
#: serverguide/C/security.xml:760(para)
8450
msgid ""
8451
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8452
msgstr ""
8453
8454
#: serverguide/C/security.xml:761(para)
8455
msgid ""
8456
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8457
"specified address space"
8458
msgstr ""
8459
8460
#: serverguide/C/security.xml:762(para)
8461
msgid ""
8462
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8463
"specified network device"
8464
msgstr ""
8465
8466
#: serverguide/C/security.xml:764(para)
8467
msgid ""
8468
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8469
"MASQUERADE target to be manipulated as described above"
8470
msgstr ""
8471
8472
#: serverguide/C/security.xml:772(para)
8473
msgid ""
8474
"Also, each chain in the filter table (the default table, and where most or "
8475
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8476
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8477
"you may have set the policies to DROP or REJECT, in which case your "
8478
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8479
"above rule to work:"
8480
msgstr ""
8481
8482
#: serverguide/C/security.xml:779(screen)
8483
#, no-wrap
8484
msgid ""
8485
"\n"
8486
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8487
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state \\\n"
8488
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8489
msgstr ""
8490
8491
#: serverguide/C/security.xml:784(para)
8492
msgid ""
8493
"The above commands will allow all connections from your local network to the "
8494
"Internet and all traffic related to those connections to return to the "
8495
"machine that initiated them."
8496
msgstr ""
8497
8498
#: serverguide/C/security.xml:791(para)
8499
msgid ""
8500
"If you want masquerading to be enabled on reboot, which you probably do, "
8501
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8502
"example add the first command with no filtering:"
8503
msgstr ""
8504
8505
#: serverguide/C/security.xml:795(screen)
8506
#, no-wrap
8507
msgid ""
8508
"\n"
8509
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8510
msgstr ""
8511
8512
#: serverguide/C/security.xml:803(title)
8513
msgid "Logs"
8514
msgstr ""
8515
8516
#: serverguide/C/security.xml:804(para)
8517
msgid ""
8518
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8519
"firewall rules, and noticing unusual activity on your network. You must "
8520
"include logging rules in your firewall for them to be generated, though, and "
8521
"logging rules must come before any applicable terminating rule (a rule with "
8522
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8523
"REJECT)."
8524
msgstr ""
8525
8526
#: serverguide/C/security.xml:811(para)
8527
msgid ""
8528
"If you are using <application>ufw</application>, you can turn on logging by "
8529
"entering the following in a terminal:"
8530
msgstr ""
8531
8532
#: serverguide/C/security.xml:815(command)
8533
msgid "sudo ufw logging on"
8534
msgstr ""
8535
8536
#: serverguide/C/security.xml:817(para)
8537
msgid ""
8538
"To turn logging off in <application>ufw</application>, simply replace "
8539
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8540
"role=\"italic\">off</emphasis> in the above command."
8541
msgstr ""
8542
8543
#: serverguide/C/security.xml:820(para)
8544
msgid ""
8545
"If using <application>iptables</application> instead of "
8546
"<application>ufw</application>, enter:"
8547
msgstr ""
8548
8549
#: serverguide/C/security.xml:823(screen)
8550
#, no-wrap
8551
msgid ""
8552
"\n"
8553
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 \\\n"
8554
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
8555
msgstr ""
8556
8557
#: serverguide/C/security.xml:827(para)
8558
msgid ""
8559
"A request on port 80 from the local machine, then, would generate a log in "
8560
"dmesg that looks like this (single line split into 3 to fit this document):"
8561
msgstr ""
8562
8563
#: serverguide/C/security.xml:831(programlisting)
8564
#, no-wrap
8565
msgid ""
8566
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8567
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00\n"
8568
"SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF "
8569
"PROTO=TCP\n"
8570
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
8571
msgstr ""
8572
8573
#: serverguide/C/security.xml:835(para)
8574
msgid ""
8575
"The above log will also appear in <filename>/var/log/messages</filename>, "
8576
"<filename>/var/log/syslog</filename>, and "
8577
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8578
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8579
"and configuring <application>ulogd</application> and using the ULOG target "
8580
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8581
"server that listens for logging instructions from the kernel specifically "
8582
"for firewalls, and can log to any file you like, or even to a "
8583
"<application>PostgreSQL</application> or <application>MySQL</application> "
8584
"database. Making sense of your firewall logs can be simplified by using a "
8585
"log analyzing tool such as <application>logwatch</application>, "
8586
"<application>fwanalog</application>, <application>fwlogwatch</application>, "
8587
"or <application>lire</application>."
8588
msgstr ""
8589
8590
#: serverguide/C/security.xml:850(title)
8591
msgid "Other Tools"
8592
msgstr ""
8593
8594
#: serverguide/C/security.xml:851(para)
8595
msgid ""
8596
"There are many tools available to help you construct a complete firewall "
8597
"without intimate knowledge of iptables. For the GUI-inclined:"
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:857(para)
8601
msgid ""
8602
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8603
"and will look familiar to an administrator who has used a commercial "
8604
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8605
msgstr ""
8606
8607
#: serverguide/C/security.xml:863(para)
8608
msgid ""
8609
"If you prefer a command-line tool with plain-text configuration files:"
8610
msgstr ""
8611
8612
#: serverguide/C/security.xml:868(para)
8613
msgid ""
8614
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8615
"powerful solution to help you configure an advanced firewall for any network."
8616
msgstr ""
8617
8618
#: serverguide/C/security.xml:879(para)
8619
msgid ""
8620
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
8621
"Firewall</ulink> wiki page contains information on the development of "
8622
"<application>ufw</application>."
8623
msgstr ""
8624
8625
#: serverguide/C/security.xml:885(para)
8626
msgid ""
8627
"Also, the <application>ufw</application> manual page contains some very "
8628
"useful information: <command>man ufw</command>."
8629
msgstr ""
8630
8631
#: serverguide/C/security.xml:890(para)
8632
msgid ""
8633
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8634
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8635
"on using <application>iptables</application>."
8636
msgstr ""
8637
8638
#: serverguide/C/security.xml:896(para)
8639
msgid ""
8640
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8641
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8642
msgstr ""
8643
8644
#: serverguide/C/security.xml:902(para)
8645
msgid ""
8646
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8647
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8648
msgstr ""
8649
8650
#: serverguide/C/security.xml:910(title)
8651
msgid "AppArmor"
8652
msgstr ""
8653
8654
#: serverguide/C/security.xml:911(para)
8655
msgid ""
8656
"<application>AppArmor</application> is a Linux Security Module "
8657
"implementation of name-based mandatory access controls. AppArmor confines "
8658
"individual programs to a set of listed files and posix 1003.1e draft "
8659
"capabilities."
8660
msgstr ""
8661
8662
#: serverguide/C/security.xml:915(para)
8663
msgid ""
8664
"<application>AppArmor</application> is installed and loaded by default. It "
8665
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8666
"and permissions the application requires. Some packages will install their "
8667
"own profiles, and additional profiles can be found in the "
8668
"<application>apparmor-profiles</application> package."
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:920(para)
8672
msgid ""
8673
"To install the <application>apparmor-profiles</application> package from a "
8674
"terminal prompt:"
8675
msgstr ""
8676
8677
#: serverguide/C/security.xml:924(command)
8678
msgid "sudo apt install apparmor-profiles"
8679
msgstr ""
8680
8681
#: serverguide/C/security.xml:926(para)
8682
msgid "AppArmor profiles have two modes of execution:"
8683
msgstr ""
8684
8685
#: serverguide/C/security.xml:931(para)
8686
msgid ""
8687
"Complaining/Learning: profile violations are permitted and logged. Useful "
8688
"for testing and developing new profiles."
8689
msgstr ""
8690
8691
#: serverguide/C/security.xml:936(para)
8692
msgid ""
8693
"Enforced/Confined: enforces profile policy as well as logging the violation."
8694
msgstr ""
8695
8696
#: serverguide/C/security.xml:942(title)
8697
msgid "Using AppArmor"
8698
msgstr ""
8699
8700
#: serverguide/C/security.xml:944(para)
8701
msgid ""
8702
"This section is plagued by a bug (<ulink "
8703
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1304134\">LP "
8704
"#1304134</ulink>) and instructions will not work as advertised."
8705
msgstr ""
8706
8707
#: serverguide/C/security.xml:949(para)
8708
msgid ""
8709
"The <application>apparmor-utils</application> package contains command line "
8710
"utilities that you can use to change the <application>AppArmor</application> "
8711
"execution mode, find the status of a profile, create new profiles, etc."
8712
msgstr ""
8713
8714
#: serverguide/C/security.xml:955(para)
8715
msgid ""
8716
"<application>apparmor_status</application> is used to view the current "
8717
"status of AppArmor profiles."
8718
msgstr ""
8719
8720
#: serverguide/C/security.xml:959(command)
8721
msgid "sudo apparmor_status"
8722
msgstr ""
8723
8724
#: serverguide/C/security.xml:963(para)
8725
msgid ""
8726
"<application>aa-complain</application> places a profile into "
8727
"<emphasis>complain</emphasis> mode."
8728
msgstr ""
8729
8730
#: serverguide/C/security.xml:967(command)
8731
msgid "sudo aa-complain /path/to/bin"
8732
msgstr ""
8733
8734
#: serverguide/C/security.xml:971(para)
8735
msgid ""
8736
"<application>aa-enforce</application> places a profile into "
8737
"<emphasis>enforce</emphasis> mode."
8738
msgstr ""
8739
8740
#: serverguide/C/security.xml:975(command)
8741
msgid "sudo aa-enforce /path/to/bin"
8742
msgstr ""
8743
8744
#: serverguide/C/security.xml:979(para)
8745
msgid ""
8746
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8747
"profiles are located. It can be used to manipulate the "
8748
"<emphasis>mode</emphasis> of all profiles."
8749
msgstr ""
8750
8751
#: serverguide/C/security.xml:983(para)
8752
msgid "Enter the following to place all profiles into complain mode:"
8753
msgstr ""
8754
8755
#: serverguide/C/security.xml:987(command)
8756
msgid "sudo aa-complain /etc/apparmor.d/*"
8757
msgstr ""
8758
8759
#: serverguide/C/security.xml:989(para)
8760
msgid "To place all profiles in enforce mode:"
8761
msgstr ""
8762
8763
#: serverguide/C/security.xml:993(command)
8764
msgid "sudo aa-enforce /etc/apparmor.d/*"
8765
msgstr ""
8766
8767
#: serverguide/C/security.xml:997(para)
8768
msgid ""
8769
"<application>apparmor_parser</application> is used to load a profile into "
8770
"the kernel. It can also be used to reload a currently loaded profile using "
8771
"the <emphasis>-r</emphasis> option. To load a profile:"
8772
msgstr ""
8773
8774
#: serverguide/C/security.xml:1002(command) serverguide/C/security.xml:1034(command)
8775
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8776
msgstr ""
8777
8778
#: serverguide/C/security.xml:1004(para)
8779
msgid "To reload a profile:"
8780
msgstr ""
8781
8782
#: serverguide/C/security.xml:1008(command)
8783
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8784
msgstr ""
8785
8786
#: serverguide/C/security.xml:1012(para)
8787
msgid ""
8788
"<filename>systemctl</filename> can be used to <emphasis>reload</emphasis> "
8789
"all profiles:"
8790
msgstr ""
8791
8792
#: serverguide/C/security.xml:1016(command)
8793
msgid "sudo systemctl reload apparmor.service"
8794
msgstr ""
8795
8796
#: serverguide/C/security.xml:1020(para)
8797
msgid ""
8798
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8799
"with the <application>apparmor_parser -R</application> option to "
8800
"<emphasis>disable</emphasis> a profile."
8801
msgstr ""
8802
8803
#: serverguide/C/security.xml:1025(command)
8804
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8805
msgstr ""
8806
8807
#: serverguide/C/security.xml:1026(command)
8808
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8809
msgstr ""
8810
8811
#: serverguide/C/security.xml:1028(para)
8812
msgid ""
8813
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8814
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8815
"load the profile using the <emphasis>-a</emphasis> option."
8816
msgstr ""
8817
8818
#: serverguide/C/security.xml:1033(command)
8819
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8820
msgstr ""
8821
8822
#: serverguide/C/security.xml:1038(para)
8823
msgid ""
8824
"<application>AppArmor</application> can be disabled, and the kernel module "
8825
"unloaded by entering the following:"
8826
msgstr ""
8827
8828
#: serverguide/C/security.xml:1042(command)
8829
msgid "sudo systemctl stop apparmor.service"
8830
msgstr ""
8831
8832
#: serverguide/C/security.xml:1043(command)
8833
msgid "sudo update-rc.d -f apparmor remove"
8834
msgstr ""
8835
8836
#: serverguide/C/security.xml:1047(para)
8837
msgid "To re-enable <application>AppArmor</application> enter:"
8838
msgstr ""
8839
8840
#: serverguide/C/security.xml:1051(command)
8841
msgid "sudo systemctl start apparmor.service"
8842
msgstr ""
8843
8844
#: serverguide/C/security.xml:1052(command)
8845
msgid "sudo update-rc.d apparmor defaults"
8846
msgstr ""
8847
8848
#: serverguide/C/security.xml:1057(para)
8849
msgid ""
8850
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8851
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8852
"the actual executable file path. For example for the "
8853
"<application>ping</application> command use <filename>/bin/ping</filename>"
8854
msgstr ""
8855
8856
#: serverguide/C/security.xml:1066(para)
8857
msgid ""
8858
"<application>AppArmor</application> profiles are simple text files located "
8859
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8860
"path to the executable they profile replacing the \"/\" with \".\". For "
8861
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8862
"profile for the <filename>/bin/ping</filename> command."
8863
msgstr ""
8864
8865
#: serverguide/C/security.xml:1072(para)
8866
msgid "There are two main type of rules used in profiles:"
8867
msgstr ""
8868
8869
#: serverguide/C/security.xml:1077(para)
8870
msgid ""
8871
"<emphasis>Path entries:</emphasis> detail which files an application can "
8872
"access in the file system."
8873
msgstr ""
8874
8875
#: serverguide/C/security.xml:1082(para)
8876
msgid ""
8877
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8878
"confined process is allowed to use."
8879
msgstr ""
8880
8881
#: serverguide/C/security.xml:1087(para)
8882
msgid ""
8883
"As an example, take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8884
msgstr ""
8885
8886
#: serverguide/C/security.xml:1090(programlisting)
8887
#, no-wrap
8888
msgid ""
8889
"\n"
8890
"#include <tunables/global>\n"
8891
"/bin/ping flags=(complain) {\n"
8892
" #include <abstractions/base>\n"
8893
" #include <abstractions/consoles>\n"
8894
" #include <abstractions/nameservice>\n"
8895
"\n"
8896
" capability net_raw,\n"
8897
" capability setuid,\n"
8898
" network inet raw,\n"
8899
" \n"
8900
" /bin/ping mixr,\n"
8901
" /etc/modules.conf r,\n"
8902
"}\n"
8903
msgstr ""
8904
8905
#: serverguide/C/security.xml:1107(para)
8906
msgid ""
8907
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8908
"from other files. This allows statements pertaining to multiple applications "
8909
"to be placed in a common file."
8910
msgstr ""
8911
8912
#: serverguide/C/security.xml:1113(para)
8913
msgid ""
8914
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8915
"program, also setting the mode to <emphasis>complain</emphasis>."
8916
msgstr ""
8917
8918
#: serverguide/C/security.xml:1119(para)
8919
msgid ""
8920
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8921
"the CAP_NET_RAW Posix.1e capability."
8922
msgstr ""
8923
8924
#: serverguide/C/security.xml:1124(para)
8925
msgid ""
8926
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8927
"execute access to the file."
8928
msgstr ""
8929
8930
#: serverguide/C/security.xml:1130(para)
8931
msgid ""
8932
"After editing a profile file the profile must be reloaded. See <xref "
8933
"linkend=\"apparmor-usage\"/> for details."
8934
msgstr ""
8935
8936
#: serverguide/C/security.xml:1135(title)
8937
msgid "Creating a Profile"
8938
msgstr ""
8939
8940
#: serverguide/C/security.xml:1138(para)
8941
msgid ""
8942
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8943
"application should be exercised. The test plan should be divided into small "
8944
"test cases. Each test case should have a small description and list the "
8945
"steps to follow."
8946
msgstr ""
8947
8948
#: serverguide/C/security.xml:1142(para)
8949
msgid "Some standard test cases are:"
8950
msgstr ""
8951
8952
#: serverguide/C/security.xml:1147(para)
8953
msgid "Starting the program."
8954
msgstr ""
8955
8956
#: serverguide/C/security.xml:1152(para)
8957
msgid "Stopping the program."
8958
msgstr ""
8959
8960
#: serverguide/C/security.xml:1157(para)
8961
msgid "Reloading the program."
8962
msgstr ""
8963
8964
#: serverguide/C/security.xml:1162(para)
8965
msgid "Testing all the commands supported by the init script."
8966
msgstr ""
8967
8968
#: serverguide/C/security.xml:1169(para)
8969
msgid ""
8970
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8971
"genprof</application> to generate a new profile. From a terminal:"
8972
msgstr ""
8973
8974
#: serverguide/C/security.xml:1174(command)
8975
msgid "sudo aa-genprof executable"
8976
msgstr ""
8977
8978
#: serverguide/C/security.xml:1176(para)
8979
msgid "For example:"
8980
msgstr ""
8981
8982
#: serverguide/C/security.xml:1180(command)
8983
msgid "sudo aa-genprof slapd"
8984
msgstr ""
8985
8986
#: serverguide/C/security.xml:1184(para)
8987
msgid ""
8988
"To get your new profile included in the <application>apparmor-"
8989
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8990
"against the <ulink "
8991
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8992
"/ulink> package:"
8993
msgstr ""
8994
8995
#: serverguide/C/security.xml:1191(para)
8996
msgid "Include your test plan and test cases."
8997
msgstr ""
8998
8999
#: serverguide/C/security.xml:1196(para)
9000
msgid "Attach your new profile to the bug."
9001
msgstr ""
9002
9003
#: serverguide/C/security.xml:1205(title)
9004
msgid "Updating Profiles"
9005
msgstr ""
9006
9007
#: serverguide/C/security.xml:1206(para)
9008
msgid ""
9009
"When the program is misbehaving, audit messages are sent to the log files. "
9010
"The program <application>aa-logprof</application> can be used to scan log "
9011
"files for <application>AppArmor</application> audit messages, review them "
9012
"and update the profiles. From a terminal:"
9013
msgstr ""
9014
9015
#: serverguide/C/security.xml:1211(command)
9016
msgid "sudo aa-logprof"
9017
msgstr ""
9018
9019
#: serverguide/C/security.xml:1219(para)
9020
msgid ""
9021
"See the <ulink "
9022
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9023
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
9024
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
9025
"configuration options."
9026
msgstr ""
9027
9028
#: serverguide/C/security.xml:1226(para)
9029
msgid ""
9030
"For details using AppArmor with other Ubuntu releases see the <ulink "
9031
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9032
"Wiki</ulink> page."
9033
msgstr ""
9034
9035
#: serverguide/C/security.xml:1234(para)
9036
msgid ""
9037
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
9038
"AppArmor</ulink> page is another introduction to AppArmor."
9039
msgstr ""
9040
9041
#: serverguide/C/security.xml:1241(para)
9042
msgid ""
9043
"A great place to ask for <application>AppArmor</application> assistance, and "
9044
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9045
"server</emphasis> IRC channel on <ulink "
9046
"url=\"http://freenode.net\">freenode</ulink>."
9047
msgstr ""
9048
9049
#: serverguide/C/security.xml:1251(title)
9050
msgid "Certificates"
9051
msgstr ""
9052
9053
#: serverguide/C/security.xml:1252(para)
9054
msgid ""
9055
"One of the most common forms of cryptography today is <emphasis>public-"
9056
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9057
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
9058
"system works by <emphasis>encrypting</emphasis> information using the public "
9059
"key. The information can then only be <emphasis>decrypted</emphasis> using "
9060
"the private key."
9061
msgstr ""
9062
9063
#: serverguide/C/security.xml:1258(para)
9064
msgid ""
9065
"A common use for public-key cryptography is encrypting application traffic "
9066
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9067
"connection. One example: configuring Apache to provide "
9068
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
9069
"encrypt traffic using a protocol that does not itself provide encryption."
9070
msgstr ""
9071
9072
#: serverguide/C/security.xml:1263(para)
9073
msgid ""
9074
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9075
"<emphasis>public key</emphasis> and other information about a server and the "
9076
"organization who is responsible for it. Certificates can be digitally signed "
9077
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
9078
"third party that has confirmed that the information contained in the "
9079
"certificate is accurate."
9080
msgstr ""
9081
9082
#: serverguide/C/security.xml:1270(title)
9083
msgid "Types of Certificates"
9084
msgstr ""
9085
9086
#: serverguide/C/security.xml:1271(para)
9087
msgid ""
9088
"To set up a secure server using public-key cryptography, in most cases, you "
9089
"send your certificate request (including your public key), proof of your "
9090
"company's identity, and payment to a CA. The CA verifies the certificate "
9091
"request and your identity, and then sends back a certificate for your secure "
9092
"server. Alternatively, you can create your own <emphasis>self-"
9093
"signed</emphasis> certificate."
9094
msgstr ""
9095
9096
#: serverguide/C/security.xml:1281(para)
9097
msgid ""
9098
"Note that self-signed certificates should not be used in most production "
9099
"environments."
9100
msgstr ""
9101
9102
#: serverguide/C/security.xml:1285(para)
9103
msgid ""
9104
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9105
"capabilities that a self-signed certificate does not:"
9106
msgstr ""
9107
9108
#: serverguide/C/security.xml:1292(para)
9109
msgid ""
9110
"Browsers (usually) automatically recognize the certificate and allow a "
9111
"secure connection to be made without prompting the user."
9112
msgstr ""
9113
9114
#: serverguide/C/security.xml:1299(para)
9115
msgid ""
9116
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9117
"the organization that is providing the web pages to the browser."
9118
msgstr ""
9119
9120
#: serverguide/C/security.xml:1307(para)
9121
msgid ""
9122
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9123
"certificates they automatically accept. If a browser encounters a "
9124
"certificate whose authorizing CA is not in the list, the browser asks the "
9125
"user to either accept or decline the connection. Also, other applications "
9126
"may generate an error message when using a self-signed certificate."
9127
msgstr ""
9128
9129
#: serverguide/C/security.xml:1315(para)
9130
msgid ""
9131
"The process of getting a certificate from a CA is fairly easy. A quick "
9132
"overview is as follows:"
9133
msgstr ""
9134
9135
#: serverguide/C/security.xml:1322(para)
9136
msgid "Create a private and public encryption key pair."
9137
msgstr ""
9138
9139
#: serverguide/C/security.xml:1325(para)
9140
msgid ""
9141
"Create a certificate request based on the public key. The certificate "
9142
"request contains information about your server and the company hosting it."
9143
msgstr ""
9144
9145
#: serverguide/C/security.xml:1330(para)
9146
msgid ""
9147
"Send the certificate request, along with documents proving your identity, to "
9148
"a CA. We cannot tell you which certificate authority to choose. Your "
9149
"decision may be based on your past experiences, or on the experiences of "
9150
"your friends or colleagues, or purely on monetary factors."
9151
msgstr ""
9152
9153
#: serverguide/C/security.xml:1336(para)
9154
msgid ""
9155
"Once you have decided upon a CA, you need to follow the instructions they "
9156
"provide on how to obtain a certificate from them."
9157
msgstr ""
9158
9159
#: serverguide/C/security.xml:1341(para)
9160
msgid ""
9161
"When the CA is satisfied that you are indeed who you claim to be, they send "
9162
"you a digital certificate."
9163
msgstr ""
9164
9165
#: serverguide/C/security.xml:1345(para)
9166
msgid ""
9167
"Install this certificate on your secure server, and configure the "
9168
"appropriate applications to use the certificate."
9169
msgstr ""
9170
9171
#: serverguide/C/security.xml:1354(title)
9172
msgid "Generating a Certificate Signing Request (CSR)"
9173
msgstr ""
9174
9175
#: serverguide/C/security.xml:1356(para)
9176
msgid ""
9177
"Whether you are getting a certificate from a CA or generating your own self-"
9178
"signed certificate, the first step is to generate a key."
9179
msgstr ""
9180
9181
#: serverguide/C/security.xml:1361(para)
9182
msgid ""
9183
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9184
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
9185
"passphrase allows the services to start without manual intervention, usually "
9186
"the preferred way to start a daemon."
9187
msgstr ""
9188
9189
#: serverguide/C/security.xml:1367(para)
9190
msgid ""
9191
"This section will cover generating a key with a passphrase, and one without. "
9192
"The non-passphrase key will then be used to generate a certificate that can "
9193
"be used with various service daemons."
9194
msgstr ""
9195
9196
#: serverguide/C/security.xml:1373(para)
9197
msgid ""
9198
"Running your secure service without a passphrase is convenient because you "
9199
"will not need to enter the passphrase every time you start your secure "
9200
"service. But it is insecure and a compromise of the key means a compromise "
9201
"of the server as well."
9202
msgstr ""
9203
9204
#: serverguide/C/security.xml:1380(para)
9205
msgid ""
9206
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9207
"Request (CSR) run the following command from a terminal prompt:"
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:1386(command)
9211
msgid "openssl genrsa -des3 -out server.key 2048"
9212
msgstr ""
9213
9214
#: serverguide/C/security.xml:1389(programlisting)
9215
#, no-wrap
9216
msgid ""
9217
"\n"
9218
"Generating RSA private key, 2048 bit long modulus\n"
9219
"..........................++++++\n"
9220
".......++++++\n"
9221
"e is 65537 (0x10001)\n"
9222
"Enter pass phrase for server.key:\n"
9223
msgstr ""
9224
9225
#: serverguide/C/security.xml:1397(para)
9226
msgid ""
9227
"You can now enter your passphrase. For best security, it should at least "
9228
"contain eight characters. The minimum length when specifying -des3 is four "
9229
"characters. It should include numbers and/or punctuation and not be a word "
9230
"in a dictionary. Also remember that your passphrase is case-sensitive."
9231
msgstr ""
9232
9233
#: serverguide/C/security.xml:1405(para)
9234
msgid ""
9235
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9236
"server key is generated and stored in the <filename>server.key</filename> "
9237
"file."
9238
msgstr ""
9239
9240
#: serverguide/C/security.xml:1411(para)
9241
msgid ""
9242
"Now create the insecure key, the one without a passphrase, and shuffle the "
9243
"key names:"
9244
msgstr ""
9245
9246
#: serverguide/C/security.xml:1417(command)
9247
msgid "openssl rsa -in server.key -out server.key.insecure"
9248
msgstr ""
9249
9250
#: serverguide/C/security.xml:1418(command)
9251
msgid "mv server.key server.key.secure"
9252
msgstr ""
9253
9254
#: serverguide/C/security.xml:1419(command)
9255
msgid "mv server.key.insecure server.key"
9256
msgstr ""
9257
9258
#: serverguide/C/security.xml:1422(para)
9259
msgid ""
9260
"The insecure key is now named <filename>server.key</filename>, and you can "
9261
"use this file to generate the CSR without passphrase."
9262
msgstr ""
9263
9264
#: serverguide/C/security.xml:1427(para)
9265
msgid "To create the CSR, run the following command at a terminal prompt:"
9266
msgstr ""
9267
9268
#: serverguide/C/security.xml:1432(command)
9269
msgid "openssl req -new -key server.key -out server.csr"
9270
msgstr ""
9271
9272
#: serverguide/C/security.xml:1435(para)
9273
msgid ""
9274
"It will prompt you enter the passphrase. If you enter the correct "
9275
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9276
"etc. Once you enter all these details, your CSR will be created and it will "
9277
"be stored in the <filename>server.csr</filename> file."
9278
msgstr ""
9279
9280
#: serverguide/C/security.xml:1443(para)
9281
msgid ""
9282
"You can now submit this CSR file to a CA for processing. The CA will use "
9283
"this CSR file and issue the certificate. On the other hand, you can create "
9284
"self-signed certificate using this CSR."
9285
msgstr ""
9286
9287
#: serverguide/C/security.xml:1451(title)
9288
msgid "Creating a Self-Signed Certificate"
9289
msgstr ""
9290
9291
#: serverguide/C/security.xml:1452(para)
9292
msgid ""
9293
"To create the self-signed certificate, run the following command at a "
9294
"terminal prompt:"
9295
msgstr ""
9296
9297
#: serverguide/C/security.xml:1457(command)
9298
msgid ""
9299
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9300
"server.crt"
9301
msgstr ""
9302
9303
#: serverguide/C/security.xml:1460(para)
9304
msgid ""
9305
"The above command will prompt you to enter the passphrase. Once you enter "
9306
"the correct passphrase, your certificate will be created and it will be "
9307
"stored in the <filename>server.crt</filename> file."
9308
msgstr ""
9309
9310
#: serverguide/C/security.xml:1465(para)
9311
msgid ""
9312
"If your secure server is to be used in a production environment, you "
9313
"probably need a CA-signed certificate. It is not recommended to use self-"
9314
"signed certificate."
9315
msgstr ""
9316
9317
#: serverguide/C/security.xml:1473(title)
9318
msgid "Installing the Certificate"
9319
msgstr ""
9320
9321
#: serverguide/C/security.xml:1475(para)
9322
msgid ""
9323
"You can install the key file <filename>server.key</filename> and certificate "
9324
"file <filename>server.crt</filename>, or the certificate file issued by your "
9325
"CA, by running following commands at a terminal prompt:"
9326
msgstr ""
9327
9328
#: serverguide/C/security.xml:1481(command)
9329
msgid "sudo cp server.crt /etc/ssl/certs"
9330
msgstr ""
9331
9332
#: serverguide/C/security.xml:1482(command)
9333
msgid "sudo cp server.key /etc/ssl/private"
9334
msgstr ""
9335
9336
#: serverguide/C/security.xml:1484(para)
9337
msgid ""
9338
"Now simply configure any applications, with the ability to use public-key "
9339
"cryptography, to use the <emphasis>certificate</emphasis> and "
9340
"<emphasis>key</emphasis> files. For example, "
9341
"<application>Apache</application> can provide HTTPS, "
9342
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9343
msgstr ""
9344
9345
#: serverguide/C/security.xml:1491(title)
9346
msgid "Certification Authority"
9347
msgstr ""
9348
9349
#: serverguide/C/security.xml:1493(para)
9350
msgid ""
9351
"If the services on your network require more than a few self-signed "
9352
"certificates it may be worth the additional effort to setup your own "
9353
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9354
"certificates signed by your own CA, allows the various services using the "
9355
"certificates to easily trust other services using certificates issued from "
9356
"the same CA."
9357
msgstr ""
9358
9359
#: serverguide/C/security.xml:1503(para)
9360
msgid ""
9361
"First, create the directories to hold the CA certificate and related files:"
9362
msgstr ""
9363
9364
#: serverguide/C/security.xml:1508(command)
9365
msgid "sudo mkdir /etc/ssl/CA"
9366
msgstr ""
9367
9368
#: serverguide/C/security.xml:1509(command)
9369
msgid "sudo mkdir /etc/ssl/newcerts"
9370
msgstr ""
9371
9372
#: serverguide/C/security.xml:1515(para)
9373
msgid ""
9374
"The CA needs a few additional files to operate, one to keep track of the "
9375
"last serial number used by the CA, each certificate must have a unique "
9376
"serial number, and another file to record which certificates have been "
9377
"issued:"
9378
msgstr ""
9379
9380
#: serverguide/C/security.xml:1522(command)
9381
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9382
msgstr ""
9383
9384
#: serverguide/C/security.xml:1523(command)
9385
msgid "sudo touch /etc/ssl/CA/index.txt"
9386
msgstr ""
9387
9388
#: serverguide/C/security.xml:1529(para)
9389
msgid ""
9390
"The third file is a CA configuration file. Though not strictly necessary, it "
9391
"is very convenient when issuing multiple certificates. Edit "
9392
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9393
"]</emphasis> change:"
9394
msgstr ""
9395
9396
#: serverguide/C/security.xml:1535(programlisting)
9397
#, no-wrap
9398
msgid ""
9399
"\n"
9400
"dir = /etc/ssl # Where everything is kept\n"
9401
"database = $dir/CA/index.txt # database index file.\n"
9402
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9403
"serial = $dir/CA/serial # The current serial number\n"
9404
"private_key = $dir/private/cakey.pem# The private key\n"
9405
msgstr ""
9406
9407
#: serverguide/C/security.xml:1546(para)
9408
msgid "Next, create the self-signed root certificate:"
9409
msgstr ""
9410
9411
#: serverguide/C/security.xml:1551(command)
9412
msgid ""
9413
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9414
"days 3650"
9415
msgstr ""
9416
9417
#: serverguide/C/security.xml:1554(para)
9418
msgid "You will then be asked to enter the details about the certificate."
9419
msgstr ""
9420
9421
#: serverguide/C/security.xml:1561(para)
9422
msgid "Now install the root certificate and key:"
9423
msgstr ""
9424
9425
#: serverguide/C/security.xml:1566(command)
9426
msgid "sudo mv cakey.pem /etc/ssl/private/"
9427
msgstr ""
9428
9429
#: serverguide/C/security.xml:1567(command)
9430
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9431
msgstr ""
9432
9433
#: serverguide/C/security.xml:1573(para)
9434
msgid ""
9435
"You are now ready to start signing certificates. The first item needed is a "
9436
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9437
"for details. Once you have a CSR, enter the following to generate a "
9438
"certificate signed by the CA:"
9439
msgstr ""
9440
9441
#: serverguide/C/security.xml:1580(command)
9442
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9443
msgstr ""
9444
9445
#: serverguide/C/security.xml:1583(para)
9446
msgid ""
9447
"After entering the password for the CA key, you will be prompted to sign the "
9448
"certificate, and again to commit the new certificate. You should then see a "
9449
"somewhat large amount of output related to the certificate creation."
9450
msgstr ""
9451
9452
#: serverguide/C/security.xml:1592(para)
9453
msgid ""
9454
"There should now be a new file, "
9455
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9456
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9457
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9458
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9459
"the server where the certificate will be installed. For example "
9460
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9461
msgstr ""
9462
9463
#: serverguide/C/security.xml:1600(para)
9464
msgid ""
9465
"Subsequent certificates will be named <filename>02.pem</filename>, "
9466
"<filename>03.pem</filename>, etc."
9467
msgstr ""
9468
9469
#: serverguide/C/security.xml:1605(para)
9470
msgid ""
9471
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9472
"name."
9473
msgstr ""
9474
9475
#: serverguide/C/security.xml:1613(para)
9476
msgid ""
9477
"Finally, copy the new certificate to the host that needs it, and configure "
9478
"the appropriate applications to use it. The default location to install "
9479
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9480
"enables multiple services to use the same certificate without overly "
9481
"complicated file permissions."
9482
msgstr ""
9483
9484
#: serverguide/C/security.xml:1619(para)
9485
msgid ""
9486
"For applications that can be configured to use a CA certificate, you should "
9487
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9488
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9489
"server."
9490
msgstr ""
9491
9492
#: serverguide/C/security.xml:1633(para)
9493
msgid ""
9494
"For more detailed instructions on using cryptography see the <ulink "
9495
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9496
"Certificates HOWTO</ulink> by tldp.org:"
9497
msgstr ""
9498
9499
#: serverguide/C/security.xml:1639(para)
9500
msgid ""
9501
"The Wikipedia <ulink "
9502
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
9503
"information regarding HTTPS."
9504
msgstr ""
9505
9506
#: serverguide/C/security.xml:1644(para)
9507
msgid ""
9508
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9509
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9510
msgstr ""
9511
9512
#: serverguide/C/security.xml:1649(para)
9513
msgid ""
9514
"Also, O'Reilly's <ulink "
9515
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9516
"OpenSSL</ulink> is a good in-depth reference."
9517
msgstr ""
9518
9519
#: serverguide/C/security.xml:1658(title)
9520
msgid "eCryptfs"
9521
msgstr ""
9522
9523
#: serverguide/C/security.xml:1660(para)
9524
msgid ""
9525
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9526
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9527
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9528
"filesystem, partition type, etc."
9529
msgstr ""
9530
9531
#: serverguide/C/security.xml:1666(para)
9532
msgid ""
9533
"During installation there is an option to encrypt the <filename "
9534
"role=\"directory\">/home</filename> partition. This will automatically "
9535
"configure everything needed to encrypt and mount the partition."
9536
msgstr ""
9537
9538
#: serverguide/C/security.xml:1671(para)
9539
msgid ""
9540
"As an example, this section will cover configuring <filename "
9541
"role=\"directory\">/srv</filename> to be encrypted using "
9542
"<emphasis>eCryptfs</emphasis>."
9543
msgstr ""
9544
9545
#: serverguide/C/security.xml:1676(title)
9546
msgid "Using eCryptfs"
9547
msgstr ""
9548
9549
#: serverguide/C/security.xml:1678(para)
9550
msgid "First, install the necessary packages. From a terminal prompt enter:"
9551
msgstr ""
9552
9553
#: serverguide/C/security.xml:1683(command)
9554
msgid "sudo apt install ecryptfs-utils"
9555
msgstr ""
9556
9557
#: serverguide/C/security.xml:1686(para)
9558
msgid "Now mount the partition to be encrypted:"
9559
msgstr ""
9560
9561
#: serverguide/C/security.xml:1691(command)
9562
msgid "sudo mount -t ecryptfs /srv /srv"
9563
msgstr ""
9564
9565
#: serverguide/C/security.xml:1694(para)
9566
msgid ""
9567
"You will then be prompted for some details on how "
9568
"<application>ecryptfs</application> should encrypt the data."
9569
msgstr ""
9570
9571
#: serverguide/C/security.xml:1698(para)
9572
msgid ""
9573
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9574
"copy the <filename>/etc/default</filename> folder to "
9575
"<filename>/srv</filename>:"
9576
msgstr ""
9577
9578
#: serverguide/C/security.xml:1704(command) serverguide/C/clustering.xml:190(command)
9579
msgid "sudo cp -r /etc/default /srv"
9580
msgstr ""
9581
9582
#: serverguide/C/security.xml:1707(para)
9583
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9584
msgstr ""
9585
9586
#: serverguide/C/security.xml:1712(command) serverguide/C/installation.xml:1131(command) serverguide/C/clustering.xml:198(command)
9587
msgid "sudo umount /srv"
9588
msgstr ""
9589
9590
#: serverguide/C/security.xml:1713(command)
9591
msgid "cat /srv/default/cron"
9592
msgstr ""
9593
9594
#: serverguide/C/security.xml:1716(para)
9595
msgid ""
9596
"Remounting <filename>/srv</filename> using "
9597
"<application>ecryptfs</application> will make the data viewable once again."
9598
msgstr ""
9599
9600
#: serverguide/C/security.xml:1722(title)
9601
msgid "Automatically Mounting Encrypted Partitions"
9602
msgstr ""
9603
9604
#: serverguide/C/security.xml:1724(para)
9605
msgid ""
9606
"There are a couple of ways to automatically mount an "
9607
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9608
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9609
"mount options, along with a passphrase file residing on a USB key."
9610
msgstr ""
9611
9612
#: serverguide/C/security.xml:1730(para)
9613
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9614
msgstr ""
9615
9616
#: serverguide/C/security.xml:1734(programlisting)
9617
#, no-wrap
9618
msgid ""
9619
"\n"
9620
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9621
"ecryptfs_sig=5826dd62cf81c615\n"
9622
"ecryptfs_cipher=aes\n"
9623
"ecryptfs_key_bytes=16\n"
9624
"ecryptfs_passthrough=n\n"
9625
"ecryptfs_enable_filename_crypto=n\n"
9626
msgstr ""
9627
9628
#: serverguide/C/security.xml:1744(para)
9629
msgid ""
9630
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9631
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9632
msgstr ""
9633
9634
#: serverguide/C/security.xml:1749(para)
9635
msgid ""
9636
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9637
"file:"
9638
msgstr ""
9639
9640
#: serverguide/C/security.xml:1753(programlisting)
9641
#, no-wrap
9642
msgid ""
9643
"\n"
9644
"passphrase_passwd=[secrets]\n"
9645
msgstr ""
9646
9647
#: serverguide/C/security.xml:1757(para)
9648
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9649
msgstr ""
9650
9651
#: serverguide/C/security.xml:1761(programlisting)
9652
#, no-wrap
9653
msgid ""
9654
"\n"
9655
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9656
"/srv /srv ecryptfs defaults 0 0\n"
9657
msgstr ""
9658
9659
#: serverguide/C/security.xml:1766(para)
9660
msgid "Make sure the USB drive is mounted before the encrypted partition."
9661
msgstr ""
9662
9663
#: serverguide/C/security.xml:1770(para)
9664
msgid ""
9665
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9666
"<emphasis>eCryptfs</emphasis>."
9667
msgstr ""
9668
9669
#: serverguide/C/security.xml:1776(title)
9670
msgid "Other Utilities"
9671
msgstr "เครื่องมืออื่นๆ"
9672
9673
#: serverguide/C/security.xml:1778(para)
9674
msgid ""
9675
"The <application>ecryptfs-utils</application> package includes several other "
9676
"useful utilities:"
9677
msgstr ""
9678
9679
#: serverguide/C/security.xml:1784(para)
9680
msgid ""
9681
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9682
"<filename>~/Private</filename> directory to contain encrypted information. "
9683
"This utility can be run by unprivileged users to keep data private from "
9684
"other users on the system."
9685
msgstr ""
9686
9687
#: serverguide/C/security.xml:1791(para)
9688
msgid ""
9689
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
9690
"private</emphasis> will mount and unmount a user's "
9691
"<filename>~/Private</filename> directory."
9692
msgstr ""
9693
9694
#: serverguide/C/security.xml:1797(para)
9695
msgid ""
9696
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9697
"kernel keyring."
9698
msgstr ""
9699
9700
#: serverguide/C/security.xml:1802(para)
9701
msgid ""
9702
"<emphasis>ecryptfs-manager:</emphasis> manages "
9703
"<application>eCryptfs</application> objects such as keys."
9704
msgstr ""
9705
9706
#: serverguide/C/security.xml:1807(para)
9707
msgid ""
9708
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9709
"<application>ecryptfs</application> meta information for a file."
9710
msgstr ""
9711
9712
#: serverguide/C/security.xml:1820(para)
9713
msgid ""
9714
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
9715
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9716
msgstr ""
9717
9718
#: serverguide/C/security.xml:1825(para)
9719
msgid ""
9720
"There is also a <ulink "
9721
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9722
"article covering <emphasis>eCryptfs</emphasis>."
9723
msgstr ""
9724
9725
#: serverguide/C/security.xml:1830(para)
9726
msgid ""
9727
"Also, for more <application>ecryptfs</application> options and details see "
9728
"the <ulink "
9729
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man7/ecryptfs.7.html\">ec"
9730
"ryptfs man page</ulink>."
9731
msgstr ""
9732
9733
#: serverguide/C/samba.xml:11(title)
9734
msgid "Samba"
9735
msgstr ""
9736
9737
#: serverguide/C/samba.xml:13(para)
9738
msgid ""
9739
"Computer networks are often comprised of diverse systems, and while "
9740
"operating a network made up entirely of Ubuntu desktop and server computers "
9741
"would certainly be fun, some network environments must consist of both "
9742
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
9743
"class=\"registered\">Windows</trademark> systems working together in "
9744
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
9745
"principles and tools used in configuring your Ubuntu Server for sharing "
9746
"network resources with Windows computers."
9747
msgstr ""
9748
"เครือข่ายคอมพิวเตอร์มีส่วนประกอบต่างๆ มากมาย "
9749
"ถึงแม้ว่าการจัดการเครือข่ายที่มีแต่เครื่องที่ใช้ Ubuntu Desktop และ Ubuntu "
9750
"Server จะน่าสนุก แต่ไม่ใช่ทุกเครือข่ายที่เป็นแบบนี้ "
9751
"บางเครือข่ายก็ประกอบไปด้วยเครื่อง Ubuntu และ <trademark "
9752
"class=\"registered\">Microsoft</trademark><trademark "
9753
"class=\"registered\">Windows</trademark> ที่ทำงานร่วมกันได้เป็นอย่างดี "
9754
"เนื้อหาส่วนนี้ของคู่มือ <phrase>Ubuntu</phrase> Server "
9755
"จะแนะนำเกี่ยวกับหลักการและเครื่องมือที่คุณสามารถใช้เพื่อตั้งค่าของเครื่องเซิร"
9756
"์ฟเวอร์ให้ทำงานร่วมกับเครื่อง Windows ได้อย่างราบรื่น"
9757
9758
#: serverguide/C/samba.xml:25(para)
9759
msgid ""
9760
"Successfully networking your Ubuntu system with Windows clients involves "
9761
"providing and integrating with services common to Windows environments. Such "
9762
"services assist the sharing of data and information about the computers and "
9763
"users involved in the network, and may be classified under three major "
9764
"categories of functionality:"
9765
msgstr ""
9766
"การเชื่อมต่อระหว่างระบบ Ubuntu และเครื่องลูกข่าย Windows "
9767
"นั้นจะต้องมีการให้บริการต่างๆ ที่ระบบ Windows ต้องการด้วย เช่น "
9768
"บริการสำหรับแบ่งปันข้อมูลเกี่ยวกับเครื่องลูกข่ายและผู้ใช้ที่อยู่ในเครือข่ายเป"
9769
"็นต้น บริการต่างๆ เหล่านี้สามารถแบ่งออกเป็นสามหมวดคือ:"
9770
9771
#: serverguide/C/samba.xml:33(para)
9772
msgid ""
9773
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
9774
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
9775
"folders, volumes, and the sharing of printers throughout the network."
9776
msgstr ""
9777
"<emphasis role=\"bold\">บริการแบ่งปันแฟ้มและการพิมพ์</emphasis> ใช้โพรโทคอล "
9778
"Server Message Block (SMB) เพื่อสนับสนุนการแบ่งปันแฟ้ม โฟลเดอร์ ดิสก์ "
9779
"และเครื่องพิมพ์ทั่วทั้งเครือข่าย"
9780
9781
#: serverguide/C/samba.xml:39(para)
9782
msgid ""
9783
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
9784
"information about the computers and users of the network with such "
9785
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
9786
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
9787
msgstr ""
9788
"<emphasis role=\"bold\">บริการสมุดหน้าเหลืองหรือไดเรคทอรี เซอร์วิส "
9789
"(Directory Services)</emphasis>. "
9790
"แชร์ข้อมูลเกี่ยวกับเครื่องคอมพิวเตอร์และผู้ใช้ในเครือข่ายด้วยเทคโนโลยีเช่น "
9791
"Lightweight Directory Access Protocol (LDAP) และไมโครซอฟท์ <trademark "
9792
"class=\"registered\">Active Directory</trademark>."
9793
9794
#: serverguide/C/samba.xml:46(para)
9795
msgid ""
9796
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
9797
"the identity of a computer or user of the network and determining the "
9798
"information the computer or user is authorized to access using such "
9799
"principles and technologies as file permissions, group policies, and the "
9800
"Kerberos authentication service."
9801
msgstr ""
9802
"<emphasis role=\"bold\">ยืนยันตัวบุคคลและการเข้าถึง</emphasis> "
9803
"เป็นบริการที่ทำหน้าที่ตรวจสอบเครื่องลูกข่ายหรือผู้ใช้ "
9804
"เพื่ออนุญาติให้เข้าใช้ทรัพยากรในเครือข่ายและมีสิทธิ์ในการเข้าใช้บริการอะไรบ้า"
9805
"งในเครือข่าย โดยใช้เทคโนโลยีต่างๆ เช่น การกำหนดสิทธิ์แฟ้ม, นโยบายกลุ่ม, "
9806
"และการตรวจสอบโดยการใช้บริการการยืนยันตัวบุคคล Kerberos"
9807
9808
#: serverguide/C/samba.xml:54(para)
9809
msgid ""
9810
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
9811
"clients and share network resources among them. One of the principal pieces "
9812
"of software your Ubuntu system includes for Windows networking is the Samba "
9813
"suite of SMB server applications and tools."
9814
msgstr ""
9815
"โชคดีที่ระบบ Ubuntu ของคุณสามารถให้บริการทั้งหมดนี้สำหรับเครื่องลูกข่าย "
9816
"Windows และแบ่งปันทรัพยากรต่างๆ กับเครื่องลูกข่ายได้ "
9817
"โดยหนึ่งในเครื่องมือหลักที่ทำให้ระบบ Ubuntu ทำงานร่วมกันกับ Windows "
9818
"ได้นั้นก็คือชุดโปรแกรมเซิร์ฟเวอร์และเครื่องมือ SMB ที่มีชื่อว่า Samba"
9819
9820
#: serverguide/C/samba.xml:60(para)
9821
msgid ""
9822
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
9823
"of the common Samba use cases, and how to install and configure the "
9824
"necessary packages. Additional detailed documentation and information on "
9825
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
9826
"website</ulink>."
9827
msgstr ""
9828
"เนื้อหาของคู่มือ <phrase>Ubuntu</phrase> Server ส่วนนี้จะแนะนำการใช้ Samba "
9829
"ในกรณีทั่วไป รวมไปถึงการติดตั้งและตั้งค่าต่างๆ "
9830
"คุณสามารถอ่านคู่มืออย่างละเอียดและข้อมูลเพิ่มเติมได้ที่เว็บไซต์ของ Samba ที่ "
9831
"<ulink url=\"http://www.samba.org\">เว็บไซต์ Samba</ulink>"
9832
9833
#: serverguide/C/samba.xml:68(title)
9834
msgid "File Server"
9835
msgstr ""
9836
9837
#: serverguide/C/samba.xml:70(para)
9838
msgid ""
9839
"One of the most common ways to network Ubuntu and Windows computers is to "
9840
"configure Samba as a File Server. This section covers setting up a "
9841
"<application>Samba</application> server to share files with Windows clients."
9842
msgstr ""
9843
"หนึ่งในวิธีที่ง่ายที่สุดเพื่อให้เครื่องอูบุนตูและวินโดว์ทำงานร่วมกันได้คือการ"
9844
"ติดตั้งแซมบ้าเป็นไฟล์เซิร์ฟเวอร์ "
9845
"ส่วนนี้จะอธิบายวิธีการติดตั้งและตั้งค่าต่างๆของ "
9846
"<application>Samba</application> ให้แชร์ไฟล์กับเครื่องลูกข่ายวินโดว์"
9847
9848
#: serverguide/C/samba.xml:75(para)
9849
msgid ""
9850
"The server will be configured to share files with any client on the network "
9851
"without prompting for a password. If your environment requires stricter "
9852
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>."
9853
msgstr ""
9854
9855
#: serverguide/C/samba.xml:83(para)
9856
msgid ""
9857
"The first step is to install the <application>samba</application> package. "
9858
"From a terminal prompt enter:"
9859
msgstr ""
9860
"ขั้นแรก คุณต้องติดตั้งแพกเกจ <application>samba</application> "
9861
"ป้อนคำสั่งในเทอร์มินัล:"
9862
9863
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:303(command)
9864
msgid "sudo apt install samba"
9865
msgstr ""
9866
9867
#: serverguide/C/samba.xml:91(para)
9868
msgid ""
9869
"That's all there is to it; you are now ready to configure Samba to share "
9870
"files."
9871
msgstr "เท่านี้คุณก็พร้อมที่จะตั้งค่า Samba ให้แบ่งปันแฟ้มได้แล้ว"
9872
9873
#: serverguide/C/samba.xml:99(para)
9874
msgid ""
9875
"The main Samba configuration file is located in "
9876
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9877
"a significant number of comments in order to document various configuration "
9878
"directives."
9879
msgstr ""
9880
9881
#: serverguide/C/samba.xml:104(para)
9882
msgid ""
9883
"Not all the available options are included in the default configuration "
9884
"file. See the <filename>smb.conf</filename><application>man</application> "
9885
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9886
"Collection/\">Samba HOWTO Collection</ulink> for more details."
9887
msgstr ""
9888
"ไม่ใช่ทุกตัวเลือกของการตั้งค่าจะรวมอยู่ในแฟ้มตั้งค่าปริยาย ดูที่ "
9889
"<filename>smb.conf</filename><application>man</application> page หรือที่ "
9890
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
9891
"HOWTO Collection</ulink> สำหรับรายละเอียดเพิ่มเติม"
9892
9893
#: serverguide/C/samba.xml:113(para)
9894
msgid ""
9895
"First, edit the following key/value pairs in the "
9896
"<emphasis>[global]</emphasis> section of "
9897
"<filename>/etc/samba/smb.conf</filename>:"
9898
msgstr ""
9899
"ขั้นแรก แก้ไขค่าเหล่านี้ในหมวด <emphasis>[global]</emphasis> ของแฟ้ม "
9900
"<filename>/etc/samba/smb.conf</filename>:"
9901
9902
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:315(programlisting) serverguide/C/samba.xml:780(programlisting) serverguide/C/samba.xml:1018(programlisting)
9903
#, no-wrap
9904
msgid ""
9905
"\n"
9906
" workgroup = EXAMPLE\n"
9907
" ...\n"
9908
" security = user\n"
9909
msgstr ""
9910
"\n"
9911
" workgroup = EXAMPLE\n"
9912
" ...\n"
9913
" security = user\n"
9914
9915
#: serverguide/C/samba.xml:124(para)
9916
msgid ""
9917
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
9918
"section, and is commented by default. Also, change "
9919
"<emphasis>EXAMPLE</emphasis> to better match your environment."
9920
msgstr ""
9921
"ตัวแปร <emphasis>security</emphasis> นั้นอยู่ด้านล่างของหมวด [global] "
9922
"และถูกปิดใช้งานโดยปริยาย และอย่าลืมเปลี่ยน <emphasis>EXAMPLE</emphasis> "
9923
"เป็นชื่อที่เหมาะกับสภาพแวดล้อมของคุณด้วย"
9924
9925
#: serverguide/C/samba.xml:132(para)
9926
msgid ""
9927
"Create a new section at the bottom of the file, or uncomment one of the "
9928
"examples, for the directory to be shared:"
9929
msgstr ""
9930
"สร้างหมวดใหม่ที่ส่วนท้ายของแฟ้ม "
9931
"หรือเปิดใช้บางตัวอย่างที่อยู่ในแฟ้มเพื่อแบ่งปันไดเรกทอรีของคุณ:"
9932
9933
#: serverguide/C/samba.xml:136(programlisting)
9934
#, no-wrap
9935
msgid ""
9936
"\n"
9937
"[share]\n"
9938
" comment = Ubuntu File Server Share\n"
9939
" path = /srv/samba/share\n"
9940
" browsable = yes\n"
9941
" guest ok = yes\n"
9942
" read only = no\n"
9943
" create mask = 0755\n"
9944
msgstr ""
9945
"\n"
9946
"[share]\n"
9947
" comment = Ubuntu File Server Share\n"
9948
" path = /srv/samba/share\n"
9949
" browsable = yes\n"
9950
" guest ok = yes\n"
9951
" read only = no\n"
9952
" create mask = 0755\n"
9953
9954
#: serverguide/C/samba.xml:148(para)
9955
msgid ""
9956
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
9957
"fit your needs."
9958
msgstr ""
9959
"<emphasis>คำแนะนำ:</emphasis> คำอธิบายสั้นๆ เกี่ยวกับการแบ่งปันของคุณ "
9960
"ปรับแก้ตามที่คุณต้องการ"
9961
9962
#: serverguide/C/samba.xml:153(para)
9963
msgid "<emphasis>path:</emphasis> the path to the directory to share."
9964
msgstr "<emphasis>พาธ:</emphasis> พาธของไดเรกทอรีที่จะแบ่งปัน"
9965
9966
#: serverguide/C/samba.xml:156(para)
9967
msgid ""
9968
"This example uses <filename>/srv/samba/sharename</filename> because, "
9969
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
9970
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
9971
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
9972
"specific data should be served. Technically Samba shares can be placed "
9973
"anywhere on the filesystem as long as the permissions are correct, but "
9974
"adhering to standards is recommended."
9975
msgstr ""
9976
"ตัวอย่างนี้ใช้ <filename>/srv/samba/sharename</filename> เพราะว่ามาตรฐาน "
9977
"<emphasis>Filesystem Hierarchy Standard (FHS)</emphasis> "
9978
"แนะนำให้แชร์ข้อมูลต่างๆจาก <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
9979
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> "
9980
"ในทางเทคนิคแล้วแฟ้มข้อมูลที่ถูกแชร์ผ่านแซมบ้าจะอยู่ที่ไหนในะระบบก็ได้ตราบใดที"
9981
"่คุณให้สิทธิ์การเข้าถึงแฟ้มข้อมูลนั้นอย่างถูกต้อง "
9982
"อย่างไรก็ตามเราแนะนำให้คุณตามมาตรฐานถ้าเป็นไปได้"
9983
9984
#: serverguide/C/samba.xml:165(para)
9985
msgid ""
9986
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
9987
"directory using <application>Windows Explorer</application>."
9988
msgstr ""
9989
"<emphasis>browsable:</emphasis> "
9990
"อนุญาติให้เครื่องลูกข่ายวินโดว์สามารถมองเห็นแฟ้มข้อมูลที่ถูกแชร์โดยใช้โปรแกรม"
9991
" <application>Windows Explorer</application>"
9992
9993
#: serverguide/C/samba.xml:171(para)
9994
msgid ""
9995
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
9996
"without supplying a password."
9997
msgstr ""
9998
"<emphasis>guest ok:</emphasis> "
9999
"อนุญาติให้เครื่องลูกข่ายใช้งานแชร์โดยไม่ต้องระบุรหัสผ่าน"
10000
10001
#: serverguide/C/samba.xml:176(para)
10002
msgid ""
10003
"<emphasis>read only:</emphasis> determines if the share is read only or if "
10004
"write privileges are granted. Write privileges are allowed only when the "
10005
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
10006
"is <emphasis>yes</emphasis>, then access to the share is read only."
10007
msgstr ""
10008
10009
#: serverguide/C/samba.xml:181(para)
10010
msgid ""
10011
"<emphasis>create mask:</emphasis> determines the permissions new files will "
10012
"have when created."
10013
msgstr "<emphasis>create mask:</emphasis> ระบุสิทธิ์ของไฟล์ที่ถูกสร้างใหม่"
10014
10015
#: serverguide/C/samba.xml:190(para)
10016
msgid ""
10017
"Now that <application>Samba</application> is configured, the directory needs "
10018
"to be created and the permissions changed. From a terminal enter:"
10019
msgstr ""
10020
"เอาล่ะ หลังจากคุณได้ตั้งค่าต่างๆของ <application>แซมบ้า</application> แล้ว "
10021
"ก็ถึงเวลาที่คุณจะสร้างแฟ้มข้อมูลและแก้ไขสิทธิ์ของแฟ้มข้อมูล ให้พิมพ์คำสั่ง:"
10022
10023
#: serverguide/C/samba.xml:196(command)
10024
msgid "sudo mkdir -p /srv/samba/share"
10025
msgstr "sudo mkdir -p /srv/samba/share"
10026
10027
#: serverguide/C/samba.xml:197(command)
10028
msgid "sudo chown nobody:nogroup /srv/samba/share/"
10029
msgstr ""
10030
10031
#: serverguide/C/samba.xml:201(para)
10032
msgid ""
10033
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
10034
"directory tree if it doesn't exist."
10035
msgstr ""
10036
10037
#: serverguide/C/samba.xml:209(para)
10038
msgid ""
10039
"Finally, restart the <application>samba</application> services to enable the "
10040
"new configuration:"
10041
msgstr ""
10042
"ขั้นตอนสุดท้ายคือการเริ่มโปรแกรม <application>samba</application> "
10043
"เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
10044
10045
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2488(screen) serverguide/C/network-auth.xml:4090(command)
10046
msgid "sudo systemctl restart smbd.service nmbd.service"
10047
msgstr ""
10048
10049
#: serverguide/C/samba.xml:221(para)
10050
msgid ""
10051
"Once again, the above configuration gives all access to any client on the "
10052
"local network. For a more secure configuration see <xref linkend=\"samba-"
10053
"fileprint-security\"/>."
10054
msgstr ""
10055
"การตั้งค่าตามด้านบนนั้นอนุญาติให้เครื่องลูกข่ายทำอะไรกับแฟ้มข้อมูลที่ถูกแชร์ "
10056
" ถ้าคุณต้องการกำหนดสิทธิ์อย่างเคร่งคัดขึ้นกรุณาดู <xref linkend=\"samba-"
10057
"fileprint-security\"/>"
10058
10059
#: serverguide/C/samba.xml:227(para)
10060
msgid ""
10061
"From a Windows client you should now be able to browse to the Ubuntu file "
10062
"server and see the shared directory. If your client doesn't show your share "
10063
"automatically, try to access your server by its IP address, e.g. \\\\"
10064
"192.168.1.1, in a Windows Explorer window. To check that everything is "
10065
"working try creating a directory from Windows."
10066
msgstr ""
10067
10068
#: serverguide/C/samba.xml:231(para)
10069
msgid ""
10070
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
10071
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
10072
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
10073
"share actually exists and the permissions are correct."
10074
msgstr ""
10075
"คุณสามารถสร้างแชร์เพิ่มได้โดยเพิ่มหมวด <emphasis>[dir]</emphasis> ใหม่ในไฟล์ "
10076
"<filename>/etc/samba/smb.conf</filename> จากนั้นให้เริ่มโปรแกรม "
10077
"<emphasis>Samba</emphasis> ใหม่ "
10078
"อย่าลืมตรวจสอบให้แน่ใจว่าแฟ้มที่คุณต้องการแชร์นั้นมีอยู่จริงและคุณได้กำหนดสิท"
10079
"ธิ์ถูกต้อง"
10080
10081
#: serverguide/C/samba.xml:238(para)
10082
msgid ""
10083
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
10084
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
10085
"and path names to fit your environment. It is a good idea to name a share "
10086
"after a directory on the file system. Another example would be a share name "
10087
"of <emphasis>[qa]</emphasis> with a path of "
10088
"<filename>/srv/samba/qa</filename>."
10089
msgstr ""
10090
10091
#: serverguide/C/samba.xml:251(para) serverguide/C/samba.xml:349(para) serverguide/C/samba.xml:704(para) serverguide/C/samba.xml:1098(para)
10092
msgid ""
10093
"For in depth Samba configurations see the <ulink "
10094
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
10095
"Collection</ulink>"
10096
msgstr ""
10097
"สำหรับการตั้งค่าแซมบ้าขั้นสูง กรุณาดูที่ <ulink "
10098
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
10099
"Collection</ulink>"
10100
10101
#: serverguide/C/samba.xml:257(para) serverguide/C/samba.xml:355(para) serverguide/C/samba.xml:710(para) serverguide/C/samba.xml:1104(para)
10102
msgid ""
10103
"The guide is also available in <ulink "
10104
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
10105
"format</ulink>."
10106
msgstr ""
10107
"คุณสามารถอ่านคู่มือนี้<ulink "
10108
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-"
10109
"/0131882228\">ในแบบหนังสือ</ulink>ได้"
10110
10111
#: serverguide/C/samba.xml:263(para) serverguide/C/samba.xml:361(para)
10112
msgid ""
10113
"O'Reilly's <ulink "
10114
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
10115
"another good reference."
10116
msgstr ""
10117
"หนังสือ <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
10118
"Samba</ulink> ของสำนักพิมพ์ O'Reilly ก็เป็นแหล่งข้อมูลที่ดีอีกอันหนึ่ง"
10119
10120
#: serverguide/C/samba.xml:269(para) serverguide/C/samba.xml:372(para) serverguide/C/samba.xml:735(para) serverguide/C/samba.xml:1128(para) serverguide/C/samba.xml:1305(para)
10121
msgid ""
10122
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
10123
"</ulink> page."
10124
msgstr ""
10125
10126
#: serverguide/C/samba.xml:278(title) serverguide/C/network-config.xml:904(para)
10127
msgid "Print Server"
10128
msgstr ""
10129
10130
#: serverguide/C/samba.xml:280(para)
10131
msgid ""
10132
"Another common use of Samba is to configure it to share printers installed, "
10133
"either locally or over the network, on an Ubuntu server. Similar to <xref "
10134
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
10135
"any client on the local network to use the installed printers without "
10136
"prompting for a username and password."
10137
msgstr ""
10138
"ประโยชน์อีกอย่างนึงของแซมบ้าคือคุณสามารถแชร์เครื่องพิมพ์ผ่านแซมบ้าได้ "
10139
"ไม่ว่าจะเป็นเครื่องพิมพ์ที่ต่อกับเซิร์ฟเวอร์อูบุนตูของคุณหรือเครื่องพิมพ์ที่อ"
10140
"ยู่ที่อื่นๆในเครือข่าย เช่นเดียวกับในส่วน <xref linkend=\"samba-"
10141
"fileserver\"/> "
10142
"ส่วนนี้จะอธิบายการตั้งค่าแซมบ้าให้เครื่องลูกข่ายใช้เครื่องพิมพ์ผ่านแซมบ้าได้โ"
10143
"ดยไม่ต้องระบุชื่อผู้ใช้และรหัสผ่าน"
10144
10145
#: serverguide/C/samba.xml:286(para)
10146
msgid ""
10147
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
10148
"security\"/>."
10149
msgstr ""
10150
"ถ้าคุณต้องการตั้งค่าความปลอดภัยเพิ่มเติม กรุณาดู <xref linkend=\"samba-"
10151
"fileprint-security\"/>"
10152
10153
#: serverguide/C/samba.xml:293(para)
10154
msgid ""
10155
"Before installing and configuring Samba it is best to already have a working "
10156
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
10157
"for details."
10158
msgstr ""
10159
"ก่อนติดตั้งและตั้งค่าแซมบ้า คุณควรจะมีโปรแกรม "
10160
"<application>CUPS</application> ที่ทำงานได้เสียก่อน ลองดู <xref "
10161
"linkend=\"cups\"/> สำหรับรายละเอียดเกี่ยวกับ CUPS"
10162
10163
#: serverguide/C/samba.xml:298(para)
10164
msgid ""
10165
"To install the <application>samba</application> package, from a terminal "
10166
"enter:"
10167
msgstr ""
10168
"ติดตั้งชุดโปรแกรม <application>แซมบ้า</application> โดยพิมพ์คำสั่งดังนี้:"
10169
10170
#: serverguide/C/samba.xml:309(para)
10171
msgid ""
10172
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
10173
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
10174
"network, and change <emphasis>security</emphasis> to <emphasis "
10175
"role=\"italic\">user</emphasis>:"
10176
msgstr ""
10177
10178
#: serverguide/C/samba.xml:321(para)
10179
msgid ""
10180
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
10181
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
10182
msgstr ""
10183
"ในหมวด <emphasis>[printers]</emphasis> เปลี่ยนค่า <emphasis>guest "
10184
"ok</emphasis> เป็น <emphasis role=\"italic\">yes</emphasis>:"
10185
10186
#: serverguide/C/samba.xml:325(programlisting)
10187
#, no-wrap
10188
msgid ""
10189
"\n"
10190
" browsable = yes\n"
10191
" guest ok = yes\n"
10192
msgstr ""
10193
"\n"
10194
" browsable = yes\n"
10195
" guest ok = yes\n"
10196
10197
#: serverguide/C/samba.xml:330(para)
10198
msgid "After editing <filename>smb.conf</filename> restart Samba:"
10199
msgstr ""
10200
10201
#: serverguide/C/samba.xml:338(para)
10202
msgid ""
10203
"The default Samba configuration will automatically share any printers "
10204
"installed. Simply install the printer locally on your Windows clients."
10205
msgstr ""
10206
"ค่าที่มากับการติดตั้งแซมบ้านั้นจะแชร์เครื่องพิมพ์ที่ต่อกับเครื่องโดยอัตโนมัติ"
10207
" คุณแค่ต้องเพิ่มเครื่องพิมพ์ในเครื่องลูกข่ายวินโดว์ของคุณเท่านั้น"
10208
10209
#: serverguide/C/samba.xml:367(para)
10210
msgid ""
10211
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
10212
"more information on configuring CUPS."
10213
msgstr ""
10214
"นอกจากนั้นลองดู <ulink url=\"http://www.cups.org/\">เว็บไซต์ของ CUPS</ulink> "
10215
"สำหรับข้อมูลการตั้งค่า CUPS"
10216
10217
#: serverguide/C/samba.xml:381(title)
10218
msgid "Securing File and Print Server"
10219
msgstr ""
10220
10221
#: serverguide/C/samba.xml:384(title)
10222
msgid "Samba Security Modes"
10223
msgstr "โหมดความปลอดภัยของแซมบ้า"
10224
10225
#: serverguide/C/samba.xml:386(para)
10226
msgid ""
10227
"There are two security levels available to the Common Internet Filesystem "
10228
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
10229
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
10230
"allows more flexibility, providing four ways of implementing user-level "
10231
"security and one way to implement share-level:"
10232
msgstr ""
10233
"โปรโตคอลเครือข่าย Common Internet Filesystem (CIFS) "
10234
"ได้ระบุระดับความปลอดภัยไว้สองระดับคือระดับผู้ใช้ (<emphasis>user-"
10235
"level</emphasis>) และระดับแชร์ (<emphasis>share-level</emphasis>) "
10236
"แซมบ้ามีระบบความปลอดภัยที่ยืดหยุ่นกว่าที่เรียกว่าโหมดความปลอดภัย "
10237
"(<emphasis>security mode</emphasis>) ที่มีถึง 4 "
10238
"วิธีในการรักษาความปลอดภัยสำหรับระดับผู้ใช้และอีก 1 วิธีสำหรับระดับแชร์:"
10239
10240
#: serverguide/C/samba.xml:395(para)
10241
msgid ""
10242
"<emphasis>security = user:</emphasis> requires clients to supply a username "
10243
"and password to connect to shares. Samba user accounts are separate from "
10244
"system accounts, but the <application>libpam-winbind</application> package "
10245
"will sync system users and passwords with the Samba user database."
10246
msgstr ""
10247
10248
#: serverguide/C/samba.xml:402(para)
10249
msgid ""
10250
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
10251
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
10252
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
10253
"linkend=\"samba-dc\"/> for further information."
10254
msgstr ""
10255
"<emphasis>security = domain:</emphasis> "
10256
"โหมดนี้ทำให้เซิร์ฟเวอร์แซมบ้าทำตัวเป็น Primary Domain Controller (PDC), "
10257
"Backup Domain Controller (BDC), หรือ Domain Member Server (DMS) "
10258
"สำหรับเครื่องลูกข่ายวินโดว์ได้ กรุณาดูรายละเอียดเพิ่มเติมที่ <xref "
10259
"linkend=\"samba-dc\"/>"
10260
10261
#: serverguide/C/samba.xml:409(para)
10262
msgid ""
10263
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
10264
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
10265
"integration\"/> for details."
10266
msgstr ""
10267
"<emphasis>security = ADS:</emphasis> ทำให้เซิร์ฟเวอร์แซมบ้าเข้าร่วมกับโดเมน "
10268
"Active Directory ในฐานะสมาชิกของโดเมน กรุณาดูรายละเอียดเพิ่มเติมที่ <xref "
10269
"linkend=\"samba-ad-integration\"/>"
10270
10271
#: serverguide/C/samba.xml:415(para)
10272
msgid ""
10273
"<emphasis>security = server:</emphasis> this mode is left over from before "
10274
"Samba could become a member server, and due to some security issues should "
10275
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
10276
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
10277
"of the Samba guide for more details."
10278
msgstr ""
10279
"<emphasis>security = server:</emphasis> "
10280
"โหมดนี้เป็นโหมดที่หลงเหลือก่อนที่แซมบ้าจะสามารถเป็นสมาชิกของโดเมนได้ "
10281
"และเนื่องจากปัญหาเกี่ยวกับความปลอดภัยเราไม่แนะนำให้คุณใช้โหมดนี้ "
10282
"กรุณาอ่านส่วน <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
10283
"Collection/ServerType.html#id349531\">การรักษาความปลอดภัยของเซิร์ฟเวอร์</ulin"
10284
"k>ในคู่มือแซมบ้าเพื่อดูรายละเอียดเพิ่มเติม"
10285
10286
#: serverguide/C/samba.xml:423(para)
10287
msgid ""
10288
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
10289
"without supplying a username and password."
10290
msgstr ""
10291
"<emphasis>security = share:</emphasis> "
10292
"อนุญาติให้เครื่องลูกข่ายเชื่อมต่อเข้าไปที่แชร์โดยไม่ต้องระบุชื่อผู้ใช้และรหัส"
10293
"ผ่าน"
10294
10295
#: serverguide/C/samba.xml:430(para)
10296
msgid ""
10297
"The security mode you choose will depend on your environment and what you "
10298
"need the Samba server to accomplish."
10299
msgstr ""
10300
"โหมดความปลอดภัยที่คุณเลือกขึ้นอยู่กับว่าคุณอยากให้เซิร์ฟเวอร์แซมบ้าของคุณทำอะ"
10301
"ไร"
10302
10303
#: serverguide/C/samba.xml:436(title)
10304
msgid "Security = User"
10305
msgstr "ความปลอดภัยระดับ Security = User"
10306
10307
#: serverguide/C/samba.xml:438(para)
10308
msgid ""
10309
"This section will reconfigure the Samba file and print server, from <xref "
10310
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
10311
"require authentication."
10312
msgstr ""
10313
"ส่วนนี้จะแสดงการตั้งค่าแซมบ้าต่อจาก <xref linkend=\"samba-fileserver\"/> และ "
10314
"<xref linkend=\"samba-printserver\"/> เพื่อให้มีการลงชื่อเข้าใช้แชร์"
10315
10316
#: serverguide/C/samba.xml:443(para)
10317
msgid ""
10318
"First, install the <application>libpam-winbind</application> package which "
10319
"will sync the system users to the Samba user database:"
10320
msgstr ""
10321
10322
#: serverguide/C/samba.xml:449(command)
10323
msgid "sudo apt install libpam-winbind"
10324
msgstr ""
10325
10326
#: serverguide/C/samba.xml:453(para)
10327
msgid ""
10328
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
10329
"<application>libpam-winbind</application> is already installed."
10330
msgstr ""
10331
10332
#: serverguide/C/samba.xml:459(para)
10333
msgid ""
10334
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
10335
"<emphasis>[share]</emphasis> section change:"
10336
msgstr ""
10337
"แก้ไขหมวด <emphasis>[share]</emphasis> ในไฟล์ "
10338
"<filename>/etc/samba/smb.conf</filename>:"
10339
10340
#: serverguide/C/samba.xml:463(programlisting)
10341
#, no-wrap
10342
msgid ""
10343
"\n"
10344
" guest ok = no\n"
10345
msgstr ""
10346
"\n"
10347
" guest ok = no\n"
10348
10349
#: serverguide/C/samba.xml:467(para)
10350
msgid "Finally, restart Samba for the new settings to take effect:"
10351
msgstr "จากนั้นเริ่มโปรแกรมแซมบ้าใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
10352
10353
#: serverguide/C/samba.xml:475(para)
10354
msgid ""
10355
"Now when connecting to the shared directories or printers you should be "
10356
"prompted for a username and password."
10357
msgstr ""
10358
"จากนี้ไปเมื่อคุณเชื่อมต่อเข้าใช้งานแฟ้มข้อมูลหรือเครื่องพิมพ์ที่แชร์ผ่านแซมบ้"
10359
"า คุณจะต้องระบุชื่อผู้ใช้และรหัสผ่าน"
10360
10361
#: serverguide/C/samba.xml:480(para)
10362
msgid ""
10363
"If you choose to map a network drive to the share you can check the "
10364
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
10365
"enter the username and password once, at least until the password changes."
10366
msgstr ""
10367
"ถ้าคุณต้องการให้แฟ้มข้อมูลที่แชร์แสดงเป็นไดรฟ์ในวินโดว์ ให้เช็คเครื่องหมาย "
10368
"<quote>Reconnect at Logon</quote> "
10369
"ซึ่งจะบังคับให้คุณต้องใส่ชื่อผู้ใช้และรหัสผ่านแค่ครั้งเดียว "
10370
"อย่างน้อยก็จนกว่ารหัสผ่านจะเปลี่ยนแปลง"
10371
10372
#: serverguide/C/samba.xml:488(title)
10373
msgid "Share Security"
10374
msgstr "ระดับความปลอดภัยแบบแชร์"
10375
10376
#: serverguide/C/samba.xml:490(para)
10377
msgid ""
10378
"There are several options available to increase the security for each "
10379
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
10380
"this section will cover some common options."
10381
msgstr ""
10382
"มีหลายวิธีที่คุณสามารถใช้ได้เพื่อรักษาความปลอดภัยให้กับแต่ละแฟ้มข้อมูลที่ถูกแ"
10383
"ชร์ หมวดนี้จะแสดงตัวเลือกที่ใช้โดยทั่วไปโดยใช้ตัวอย่าง "
10384
"<emphasis>[share]</emphasis> จากส่วนก่อนหน้า"
10385
10386
#: serverguide/C/samba.xml:496(title)
10387
msgid "Groups"
10388
msgstr "กลุ่ม"
10389
10390
#: serverguide/C/samba.xml:498(para)
10391
msgid ""
10392
"Groups define a collection of computers or users which have a common level "
10393
"of access to particular network resources and offer a level of granularity "
10394
"in controlling access to such resources. For example, if a group <emphasis "
10395
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
10396
"role=\"italic\">freda</emphasis>, <emphasis "
10397
"role=\"italic\">danika</emphasis>, and <emphasis "
10398
"role=\"italic\">rob</emphasis> and a second group <emphasis "
10399
"role=\"italic\">support</emphasis> is defined and consists of users "
10400
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
10401
"role=\"italic\">jeremy</emphasis>, and <emphasis "
10402
"role=\"italic\">vincent</emphasis> then certain network resources configured "
10403
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
10404
"subsequently enable access by freda, danika, and rob, but not jeremy or "
10405
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
10406
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
10407
"role=\"italic\">support</emphasis> groups, she will be able to access "
10408
"resources configured for access by both groups, whereas all other users will "
10409
"have only access to resources explicitly allowing the group they are part of."
10410
msgstr ""
10411
"กลุ่มเป็นตัวแทนของกลุ่มของเครื่องลูกข่ายหรือกลุ่มของผู้ใช้ในเครือข่ายที่สมาชิ"
10412
"กในกลุ่มได้รับสิทธิ์เหมือนๆกันในการใช้งานทรัพยากรเครือข่าย "
10413
"และทำให้การกำหนดสิทธิ์ง่ายขึ้น ยกตัวอย่างเช่น ถ้ามีกลุ่มชื่อ <emphasis "
10414
"role=\"italic\">qa</emphasis> ที่มีผู้ใช้ชื่อ <emphasis "
10415
"role=\"italic\">freda</emphasis>, <emphasis "
10416
"role=\"italic\">danika</emphasis>, และ <emphasis "
10417
"role=\"italic\">rob</emphasis> และอีกกลุ่มหนึ่งชื่อ <emphasis "
10418
"role=\"italic\">support</emphasis> ที่มีสมาชิกชื่อ <emphasis "
10419
"role=\"italic\">danika</emphasis>, <emphasis "
10420
"role=\"italic\">jeremy</emphasis>, และ <emphasis "
10421
"role=\"italic\">vincent</emphasis> ทรัพยากรใดๆก็ตามที่กลุ่ม <emphasis "
10422
"role=\"italic\">qa</emphasis> สามารถใช้งานได้ก็หมายความว่าสมาชิกในกลุ่มคือ "
10423
"freda, danika, และ rob ก็สามารถใช้งานได้เช่นกัน แต่ jeremy และ vincent "
10424
"จะไม่สามารถใช้งานได้เพราะไม่ใช่สมาชิกในกลุ่ม และเนื่องจากว่า <emphasis "
10425
"role=\"italic\">danika</emphasis> เป็นสมาชิกของทั้งกลุ่ม <emphasis "
10426
"role=\"italic\">qa</emphasis> และ <emphasis "
10427
"role=\"italic\">support</emphasis> เธอจึงสามารถใช้ทรัพยากรของทั้งสองกลุ่มได้ "
10428
"ต่างจากคนอื่นๆที่อยู่ในกลุ่มๆเดียวและสามารถใช้งานเฉพาะทรัพยากรที่กลุ่มนั้นๆได"
10429
"้รับอนุญาติ"
10430
10431
#: serverguide/C/samba.xml:512(para)
10432
msgid ""
10433
"By default Samba looks for the local system groups defined in "
10434
"<filename>/etc/group</filename> to determine which users belong to which "
10435
"groups. For more information on adding and removing users from groups see "
10436
"<xref linkend=\"adding-deleting-users\"/>."
10437
msgstr ""
10438
"โดยปกติแซมบ้าจะหากลุ่มผู้ใช้ในระบบจากไฟล์ <filename>/etc/group</filename> "
10439
"เพื่อดูว่าผู้ใช้เป็นสมาชิกของกลุ่มไหน "
10440
"สำหรับข้อมูลเพิ่มเติมเกี่ยวกับการเพิ่งหรือลบผู้ใช้ออกจากกลุ่มลองดูที่ <xref "
10441
"linkend=\"adding-deleting-users\"/>"
10442
10443
#: serverguide/C/samba.xml:518(para)
10444
msgid ""
10445
"When defining groups in the Samba configuration file, "
10446
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
10447
"preface the group name with an \"@\" symbol. For example, if you wished to "
10448
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
10449
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
10450
"do so by entering the group name as <emphasis "
10451
"role=\"bold\">@sysadmin</emphasis>."
10452
msgstr ""
10453
"เมื่อคุณสร้างกลุ่มในไฟล์การตั้งค่าของแซมบ้าที่ "
10454
"<filename>/etc/samba/smb.conf</filename> "
10455
"คุณต้องเริ่มต้นชื่อกลุ่มด้วยเครื่องหมาย \"@\" "
10456
"เช่นถ้าคุณต้องการสร้างกลุ่มชื่อ <emphasis "
10457
"role=\"italic\">sysadmin</emphasis> ในหมวดใดๆของไฟล์ "
10458
"<filename>/etc/samba/smb.conf</filename> คุณต้องใส่ชื่อกลุ่มเป็น <emphasis "
10459
"role=\"bold\">@sysadmin</emphasis>"
10460
10461
#: serverguide/C/samba.xml:527(title)
10462
msgid "File Permissions"
10463
msgstr "สิทธิ์ของไฟล์"
10464
10465
#: serverguide/C/samba.xml:529(para)
10466
msgid ""
10467
"File Permissions define the explicit rights a computer or user has to a "
10468
"particular directory, file, or set of files. Such permissions may be defined "
10469
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
10470
"the explicit permissions of a defined file share."
10471
msgstr ""
10472
"สิทธิ์ของไฟล์เป็นตัวกำหนดว่าเครื่องคอมพิวเตอร์หรือผู้ใช้มีสิทธิ์ในการทำอะไรกั"
10473
"บแฟ้มข้อมูล ไฟล์ หรือกลุ่มของไฟล์ได้บ้าง "
10474
"คุณสามารถกำหนดสิทธิ์เหล่านี้โดยแก้ไฟล์ "
10475
"<filename>/etc/samba/smb.conf</filename> และระบุสิทธิ์ต่างๆสำหรับแต่ละแชร์"
10476
10477
#: serverguide/C/samba.xml:535(para)
10478
msgid ""
10479
"For example, if you have defined a Samba share called "
10480
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
10481
"only</emphasis> permissions to the group of users known as <emphasis "
10482
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
10483
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
10484
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
10485
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
10486
"under the <emphasis>[share]</emphasis> entry:"
10487
msgstr ""
10488
"ยกตัวอย่างเช่น ถ้าคุณสร้างแชร์ในแซมบ้าชื่อ <emphasis>share</emphasis> "
10489
"และต้องการให้สิทธิ์ <emphasis role=\"italic\">read-only</emphasis> "
10490
"หรือให้เฉพาะสิทธิ์การอ่านกับกลุ่มของผู้ใช้ชื่อ <emphasis "
10491
"role=\"italic\">qa</emphasis> "
10492
"แต่ต้องการให้สิทธิ์การอ่านและเขียนกับกลุ่มของผู้ใช้ที่ชื่อ <emphasis "
10493
"role=\"italic\">sysadmin</emphasis> และผู้ใช้ที่ชื่อ <emphasis "
10494
"role=\"italic\">vincent</emphasis> คุณต้องแก้ไขไฟล์ "
10495
"<filename>/etc/samba/smb.conf</filename> และตั้งค่าเหล่านี้ภายใต้หมวด "
10496
"<emphasis>[share]</emphasis>:"
10497
10498
#: serverguide/C/samba.xml:544(programlisting)
10499
#, no-wrap
10500
msgid ""
10501
"\n"
10502
" read list = @qa\n"
10503
" write list = @sysadmin, vincent\n"
10504
msgstr ""
10505
"\n"
10506
" read list = @qa\n"
10507
" write list = @sysadmin, vincent\n"
10508
10509
#: serverguide/C/samba.xml:549(para)
10510
msgid ""
10511
"Another possible Samba permission is to declare "
10512
"<emphasis>administrative</emphasis> permissions to a particular shared "
10513
"resource. Users having administrative permissions may read, write, or modify "
10514
"any information contained in the resource the user has been given explicit "
10515
"administrative permissions to."
10516
msgstr ""
10517
"สิทธิ์อีกแบบนึงที่คุณสามารถใช้ได้คือ "
10518
"<emphasis>administrative</emphasis>หรือสิทธิ์ของผู้ดูแล "
10519
"ซึ่งหมายความว่าใครก็ตามที่ได้สิทธิ์นี้จะสามารถอ่าน เขียน "
10520
"แก้ไขข้อมูลใดๆก็ตามที่อยู่ในแชร์นั้นๆ"
10521
10522
#: serverguide/C/samba.xml:555(para)
10523
msgid ""
10524
"For example, if you wanted to give the user <emphasis "
10525
"role=\"italic\">melissa</emphasis> administrative permissions to the "
10526
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
10527
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
10528
"under the <emphasis>[share]</emphasis> entry:"
10529
msgstr ""
10530
"ยกตัวอย่างเช่น ถ้าคุณต้องการให้สิทธิ์ผู้ดูแลกับ <emphasis "
10531
"role=\"italic\">melissa</emphasis> สำหรับแชร์ในตัวอย่าง <emphasis "
10532
"role=\"italic\">share</emphasis> ก่อนหน้านี้ คุณต้องแก้ไขไฟล์ "
10533
"<filename>/etc/samba/smb.conf</filename> และเพิ่มบรรทัดต่อไปนี้ภายใต้หมวด "
10534
"<emphasis>[share]</emphasis>:"
10535
10536
#: serverguide/C/samba.xml:562(programlisting)
10537
#, no-wrap
10538
msgid ""
10539
"\n"
10540
" admin users = melissa\n"
10541
msgstr ""
10542
"\n"
10543
" admin users = melissa\n"
10544
10545
#: serverguide/C/samba.xml:566(para)
10546
msgid ""
10547
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
10548
"the changes to take effect:"
10549
msgstr ""
10550
"หลังจากแก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
10551
"แล้วให้เริ่มโปรแกรมแซมบ้าใหม่เพื่อให้ข้อเปลี่ยนแปลงมีผลบังคับใช้:"
10552
10553
#: serverguide/C/samba.xml:575(para)
10554
msgid ""
10555
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
10556
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
10557
"<emphasis role=\"italic\">security = share</emphasis>"
10558
msgstr ""
10559
"การตั้งค่า <emphasis>read list</emphasis> และ <emphasis>write "
10560
"list</emphasis> นั้นจะมีผลก็ต่อเมื่อโหมดรักษาความปลอดภัยของแซมบ้า<emphasis>ไม"
10561
"่ใช่</emphasis> <emphasis role=\"italic\">security = share</emphasis> "
10562
"เท่านั้น"
10563
10564
#: serverguide/C/samba.xml:581(para)
10565
msgid ""
10566
"Now that Samba has been configured to limit which groups have access to the "
10567
"shared directory, the filesystem permissions need to be updated."
10568
msgstr ""
10569
"หลังจากคุณตั้งค่าสิทธิ์ต่างๆในแซมบ้าแล้ว "
10570
"คุณต้องไปแก้ไขสิทธิ์ในระบบไฟล์ของอูบุนตูด้วย"
10571
10572
#: serverguide/C/samba.xml:586(para)
10573
msgid ""
10574
"Traditional Linux file permissions do not map well to Windows NT Access "
10575
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
10576
"providing more fine grained control. For example, to enable ACLs on "
10577
"<filename>/srv</filename> an EXT3 filesystem, edit "
10578
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
10579
msgstr ""
10580
"สิทธิ์ของไฟล์ในลีนุกซ์นั้นไม่คล้ายกับสิทธิ์แบบ Access Control Lists (ACLs) "
10581
"ของวินโดว์ซักเท่าไรนัก แต่โชคดีที่อูบุนตูเซิร์ฟเวอร์ก็มี POSIX ACLs "
10582
"ซึ่งเพิ่มความสามารถในการปรับตั้งค่าสิทธิ์แบบละเอียดขึ้น ยกตัวอย่างเช่น "
10583
"ถ้าคุณต้องการใช้งาน ACLs กับ <filename>/srv</filename> ซึ่งเป็นระบบไฟล์แบบ "
10584
"EXT3 ให้เพิ่มตัวเลือก <emphasis>acl</emphasis> ในไฟล์ "
10585
"<filename>/etc/fstab</filename> ดังนี้:"
10586
10587
#: serverguide/C/samba.xml:593(programlisting)
10588
#, no-wrap
10589
msgid ""
10590
"\n"
10591
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
10592
"0 1\n"
10593
msgstr ""
10594
"\n"
10595
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
10596
"0 1\n"
10597
10598
#: serverguide/C/samba.xml:597(para)
10599
msgid "Then remount the partition:"
10600
msgstr "จากนั้นก็ mount พาร์ติชั่นใหม่โดยพิมพ์คำสั่ง:"
10601
10602
#: serverguide/C/samba.xml:602(command)
10603
msgid "sudo mount -v -o remount /srv"
10604
msgstr "sudo mount -v -o remount /srv"
10605
10606
#: serverguide/C/samba.xml:606(para)
10607
msgid ""
10608
"The above example assumes <filename>/srv</filename> on a separate partition. "
10609
"If <filename>/srv</filename>, or wherever you have configured your share "
10610
"path, is part of the <filename>/</filename> partition a reboot may be "
10611
"required."
10612
msgstr ""
10613
"ตัวอย่างด้านบนนั้นสมมุติว่า <filename>/srv</filename> "
10614
"อยู่บนพาร์ติชั่นอีกพาร์ติชั่นนึง ถ้า <filename>/srv</filename> "
10615
"หรือที่ใดก็ตามที่คุณใช้เป็นแชร์เป็นส่วนหนึ่งของพาร์ติชั่น "
10616
"<filename>/</filename> คุณอาจจะต้องบูตเครื่องของคุณหลังแก้ไขค่า"
10617
10618
#: serverguide/C/samba.xml:613(para)
10619
msgid ""
10620
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
10621
"group will be given read, write, and execute permissions to "
10622
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
10623
"will be given read and execute permissions, and the files will be owned by "
10624
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
10625
msgstr ""
10626
"เพื่อให้สิทธิ์ของไฟล์ตรงกับสิทธิ์ของแชร์ที่เราได้ตั้งค่าไว้ด้านบน "
10627
"เราจะให้สิทธิ์การอ่าน เขียน และรันโปรแกรมใน "
10628
"<filename>/srv/samba/share</filename> กับกลุ่มผู้ใช้ "
10629
"<emphasis>sysadmin</emphasis> และให้เฉพาะสิทธิ์อ่านและรันโปรแกรมกับกลุ่ม "
10630
"<emphasis>qa</emphasis> และผู้ใช้ชื่อ <emphasis>melissa</emphasis> "
10631
"จะเป็นเจ้าของไฟล์ทั้งหมดที่อยู่ในแชร์นี้ ให้พิมพ์คำสั่งดังนี้:"
10632
10633
#: serverguide/C/samba.xml:621(command)
10634
msgid "sudo chown -R melissa /srv/samba/share/"
10635
msgstr "sudo chown -R melissa /srv/samba/share/"
10636
10637
#: serverguide/C/samba.xml:622(command)
10638
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
10639
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
10640
10641
#: serverguide/C/samba.xml:623(command)
10642
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
10643
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
10644
10645
#: serverguide/C/samba.xml:627(para)
10646
msgid ""
10647
"The <application>setfacl</application> command above gives "
10648
"<emphasis>execute</emphasis> permissions to all files in the "
10649
"<filename>/srv/samba/share</filename> directory, which you may or may not "
10650
"want."
10651
msgstr ""
10652
"คำสั่ง <application>setfacl</application> ด้านบนนั้นให้สิทธิ์ "
10653
"<emphasis>execute</emphasis> (สิทธิ์ในการรันโปรแกรมจากไฟล์) "
10654
"กับทุกไฟล์ในแฟ้มข้อมูล <filename>/srv/samba/share</filename> "
10655
"ซึ่งอาจเป็นสิ่งที่คุณต้องการหรือไม่ต้องการ"
10656
10657
#: serverguide/C/samba.xml:633(para)
10658
msgid ""
10659
"Now from a Windows client you should notice the new file permissions are "
10660
"implemented. See the <application>acl</application> and "
10661
"<application>setfacl</application> man pages for more information on POSIX "
10662
"ACLs."
10663
msgstr ""
10664
"ตอนนี้ถ้าคุณลองใช้งานแชร์จากเครื่องลูกข่ายวินโดว์คุณจะสั่งเกตุเห็นว่าสิทธิ์ให"
10665
"ม่ได้มีผลบังคับใช้แล้ว ถ้าคุณต้องการข้อมูลเพิ่มเติมเกี่ยวกับ POSIX ACLs "
10666
"กรุณาอ่านคู่มือ (man pages) ของ <application>acl</application> และ "
10667
"<application>setfacl</application>"
10668
10669
#: serverguide/C/samba.xml:641(title)
10670
msgid "Samba AppArmor Profile"
10671
msgstr "โปรไฟล์ AppArmor ของแซมบ้า"
10672
10673
#: serverguide/C/samba.xml:643(para)
10674
msgid ""
10675
"Ubuntu comes with the <application>AppArmor</application> security module, "
10676
"which provides mandatory access controls. The default AppArmor profile for "
10677
"Samba will need to be adapted to your configuration. For more details on "
10678
"using AppArmor see <xref linkend=\"apparmor\"/>."
10679
msgstr ""
10680
"อูบุนตูมาพร้อมกับโมดูลรักษาความปลอดภัยที่เรียกว่า "
10681
"<application>AppArmor</application> "
10682
"ซึ่งบังคับให้มีการกำหนดขอบเขตและสิทธิ์ที่โปรแกรมต่างๆสามารถมีได้ "
10683
"คุณสามารถปรับแต่งโปรไฟล์ AppArmor "
10684
"ของอูบุนตูที่มาพร้อมกับตอนติดตั้งให้เหมาะกับความต้องการของคุณได้ "
10685
"สำหรับรายละเอียดเพิ่มเติมกรุณาดู <xref linkend=\"apparmor\"/>"
10686
10687
#: serverguide/C/samba.xml:649(para)
10688
msgid ""
10689
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
10690
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
10691
"of the <application>apparmor-profiles</application> packages. To install the "
10692
"package, from a terminal prompt enter:"
10693
msgstr ""
10694
"แพคเกจ <application>apparmor-profiles</application> จะทำการสร้างโปรไฟล์ "
10695
"AppArmor สำหรับโปรแกรมของแซมบ้าสองตัวคือ <filename>/usr/sbin/smbd</filename> "
10696
"และ <filename>/usr/sbin/nmbd</filename> "
10697
"ซึ่งเป็นโปรแกรมแซมบ้าที่ทำงานอยู่เบื้องหลัง (daemon) "
10698
"คุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
10699
10700
#: serverguide/C/samba.xml:656(command)
10701
msgid "sudo apt install apparmor-profiles apparmor-utils"
10702
msgstr ""
10703
10704
#: serverguide/C/samba.xml:660(para)
10705
msgid "This package contains profiles for several other binaries."
10706
msgstr "แพคเกจนี้ยังมีโปรไฟล์สำหรับโปรแกรมอื่นๆอีกด้วย"
10707
10708
#: serverguide/C/samba.xml:665(para)
10709
msgid ""
10710
"By default the profiles for <application>smbd</application> and "
10711
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
10712
"allowing Samba to work without modifying the profile, and only logging "
10713
"errors. To place the <application>smbd</application> profile into "
10714
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
10715
"profile will need to be modified to reflect any directories that are shared."
10716
msgstr ""
10717
"ค่าเริ่มต้นของโปรไฟล์สำหรับ <application>smbd</application> และ "
10718
"<application>nmbd</application> จะอยู่ในโหมด <emphasis>complain</emphasis> "
10719
"ซึ่งอนุญาติให้แซมบ้าทำงานโดยห้ามแก้ไขโปรไฟล์และจะเก็บบันทึกของข้อผิดพลาดต่างๆ"
10720
"ที่เกิดขึ้นเท่านั้น ถ้าคุณต้องการให้โปรไฟล์สำหรับ "
10721
"<application>smbd</application> อยู่ในโหมด <emphasis>enforce</emphasis> "
10722
"คุณจะต้องแก้ไขโปรไฟล์และระบุแฟ้มข้อมูลใดๆก็ตามที่ถูกแชร์เพื่อให้แซมบ้าทำงานได"
10723
"้เป็นปกติ"
10724
10725
#: serverguide/C/samba.xml:672(para)
10726
msgid ""
10727
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
10728
"for <emphasis>[share]</emphasis> from the file server example:"
10729
msgstr ""
10730
"แก้ไขไฟล์ <filename>/etc/apparmor.d/usr.sbin.smbd</filename> "
10731
"และเพิ่มข้อมูลเกี่ยวกับ <emphasis>[share]</emphasis> (จากตัวอย่างด้านบน):"
10732
10733
#: serverguide/C/samba.xml:677(programlisting)
10734
#, no-wrap
10735
msgid ""
10736
"\n"
10737
" /srv/samba/share/ r,\n"
10738
" /srv/samba/share/** rwkix,\n"
10739
msgstr ""
10740
"\n"
10741
" /srv/samba/share/ r,\n"
10742
" /srv/samba/share/** rwkix,\n"
10743
10744
#: serverguide/C/samba.xml:682(para)
10745
msgid ""
10746
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
10747
msgstr ""
10748
"จากนั้นคุณต้องโหลดโปรไฟล์ใหม่ในโหมด <emphasis>enforce</emphasis> "
10749
"โดยพิมพ์คำสั่ง:"
10750
10751
#: serverguide/C/samba.xml:687(command)
10752
msgid "sudo aa-enforce /usr/sbin/smbd"
10753
msgstr "sudo aa-enforce /usr/sbin/smbd"
10754
10755
#: serverguide/C/samba.xml:688(command)
10756
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
10757
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
10758
10759
#: serverguide/C/samba.xml:691(para)
10760
msgid ""
10761
"You should now be able to read, write, and execute files in the shared "
10762
"directory as normal, and the <application>smbd</application> binary will "
10763
"have access to only the configured files and directories. Be sure to add "
10764
"entries for each directory you configure Samba to share. Also, any errors "
10765
"will be logged to <filename>/var/log/syslog</filename>."
10766
msgstr ""
10767
10768
#: serverguide/C/samba.xml:716(para) serverguide/C/samba.xml:1110(para)
10769
msgid ""
10770
"O'Reilly's <ulink "
10771
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
10772
"also a good reference."
10773
msgstr ""
10774
"หนังสือ <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
10775
"Samba</ulink> จากสำนักพิพม์ O'Reilly ก็เป็นแหล่งอ้างอิงที่ดี"
10776
10777
#: serverguide/C/samba.xml:722(para)
10778
msgid ""
10779
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
10780
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
10781
"security."
10782
msgstr ""
10783
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
10784
"samba.html\">บทที่ 18</ulink> ของ Samba HOWTO Collection "
10785
"ทั้งบทอธิบายเกี่ยวกับการรักษาความปลอดภัย"
10786
10787
#: serverguide/C/samba.xml:728(para)
10788
msgid ""
10789
"For more information on Samba and ACLs see the <ulink "
10790
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
10791
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
10792
msgstr ""
10793
"สำหรับข้อมูลเพิ่มเติมเกี่ยวกับแซมบ้าและ ACLs กรุณาอ่าน <ulink "
10794
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
10795
"Collection/AccessControls.html#id397568\">หน้า ACLs ของแซมบ้า </ulink>."
10796
10797
#: serverguide/C/samba.xml:744(title)
10798
msgid "As a Domain Controller"
10799
msgstr ""
10800
10801
#: serverguide/C/samba.xml:746(para)
10802
msgid ""
10803
"Although it cannot act as an Active Directory Primary Domain Controller "
10804
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
10805
"domain controller. A major advantage of this configuration is the ability to "
10806
"centralize user and machine credentials. Samba can also use multiple "
10807
"backends to store the user information."
10808
msgstr ""
10809
"ถึงแม้ว่าแซมบ้าไม่สามารถทำงานได้เหมือนกับเครื่องควบคุมโดเมนหลัก (Primary "
10810
"Domain Controller หรือ PDC) ใน Active Directory "
10811
"แต่แซมบ้าก็สามารถทำงานเสมือนเครื่องควบคุมโดเมนแบบวินโดว์ NT4 ได้ "
10812
"โดยประโยชน์หลักของการทำแบบนี้คือการมีที่เดียวที่เป็นศูนย์กลางในการจัดการบัญชี"
10813
"ผู้ใช้และเครื่องคอมพิวเตอร์ในเครือขาย "
10814
"นอกจากนั้นแซมบ้าสามารถใช้ฐานเก็บข้อมูลผู้ใช้ได้หลายแบบอีกด้วย"
10815
10816
#: serverguide/C/samba.xml:753(title)
10817
msgid "Primary Domain Controller"
10818
msgstr "เครื่องควบคุมโดเมนหลัก"
10819
10820
#: serverguide/C/samba.xml:755(para)
10821
msgid ""
10822
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
10823
"using the default smbpasswd backend."
10824
msgstr ""
10825
"ในส่วนนี้จะอธิบายวิธีการตั้งค่าแซมบ้าเป็นเครื่องควบคุมโดเมนหลักหรือ Primary "
10826
"Domain Controller (PDC) โดยใช้ฐานข้อมูลแบบ smbpasswd "
10827
"ที่เป็นแบบเริ่มต้นของแซมบ้า"
10828
10829
#: serverguide/C/samba.xml:762(para)
10830
msgid ""
10831
"First, install Samba, and <application>libpam-winbind</application> to sync "
10832
"the user accounts, by entering the following in a terminal prompt:"
10833
msgstr ""
10834
10835
#: serverguide/C/samba.xml:768(command) serverguide/C/samba.xml:1008(command)
10836
msgid "sudo apt install samba libpam-winbind"
10837
msgstr ""
10838
10839
#: serverguide/C/samba.xml:774(para)
10840
msgid ""
10841
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
10842
"The <emphasis>security</emphasis> mode should be set to <emphasis "
10843
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
10844
"should relate to your organization:"
10845
msgstr ""
10846
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> โดยเปลี่ยนโหมด "
10847
"<emphasis>security</emphasis> เป็น <emphasis role=\"italic\">user</emphasis> "
10848
" และเปลี่ยนชื่อ <emphasis>workgroup</emphasis> เป็นชื่อขององค์กรของคุณ:"
10849
10850
#: serverguide/C/samba.xml:789(para)
10851
msgid ""
10852
"In the commented <quote>Domains</quote> section add or uncomment the "
10853
"following (the last line has been split to fit the format of this document):"
10854
msgstr ""
10855
10856
#: serverguide/C/samba.xml:793(programlisting)
10857
#, no-wrap
10858
msgid ""
10859
"\n"
10860
" domain logons = yes\n"
10861
" logon path = \\\\%N\\%U\\profile\n"
10862
" logon drive = H:\n"
10863
" logon home = \\\\%N\\%U\n"
10864
" logon script = logon.cmd\n"
10865
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d\n"
10866
" /var/lib/samba -s /bin/false %u\n"
10867
msgstr ""
10868
10869
#: serverguide/C/samba.xml:804(para)
10870
msgid ""
10871
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
10872
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
10873
"commented."
10874
msgstr ""
10875
"ถ้าคุณไม่ต้องการจะใช้โปรไฟล์สัญจร (<emphasis>Roaming Profiles</emphasis>) "
10876
"ให้คอมเม้นต์ค่า <emphasis>logon home</emphasis> และ <emphasis>logon "
10877
"path</emphasis> เอาไว้"
10878
10879
#: serverguide/C/samba.xml:812(para)
10880
msgid ""
10881
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
10882
"Samba to act as a domain controller."
10883
msgstr ""
10884
"<emphasis>domain logons:</emphasis> ให้บริการ netlogon "
10885
"ซึ่งทำให้แซมบ้าทำงานเป็นเครื่องควบคุมหลักของโดเมน"
10886
10887
#: serverguide/C/samba.xml:817(para)
10888
msgid ""
10889
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
10890
"their home directory. It is also possible to configure a "
10891
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
10892
"directory."
10893
msgstr ""
10894
"<emphasis>logon path:</emphasis> "
10895
"เก็บโปรไฟล์ของผู้ใช้ในวินโดว์ไว้ในแฟ้มข้อมูลของผู้ใช้บนอูบุนตู (home "
10896
"directory) คุณสามารถแก้ไข <emphasis>[profiles]</emphasis> "
10897
"เพื่อให้ทุกโปรไฟล์อยู่ในแฟ้มข้อมูลเดียวกันได้"
10898
10899
#: serverguide/C/samba.xml:823(para)
10900
msgid ""
10901
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
10902
msgstr ""
10903
"<emphasis>logon drive:</emphasis> "
10904
"ระบุชื่อไดรฟ์ในวินโดว์ที่ชี้ไปหาแฟ้มข้อมูลของผู้ใช้บนอูบุนตู"
10905
10906
#: serverguide/C/samba.xml:828(para)
10907
msgid ""
10908
"<emphasis>logon home:</emphasis> specifies the home directory location."
10909
msgstr ""
10910
"<emphasis>logon home:</emphasis> ระบุตำแหน่งของแฟ้มข้อมูลผู้ใช้บนอูบุนตู"
10911
10912
#: serverguide/C/samba.xml:833(para)
10913
msgid ""
10914
"<emphasis>logon script:</emphasis> determines the script to be run locally "
10915
"once a user has logged in. The script needs to be placed in the "
10916
"<emphasis>[netlogon]</emphasis> share."
10917
msgstr ""
10918
"<emphasis>logon script:</emphasis> "
10919
"ระบุสคริปต์ที่ทำงานที่เครื่องวินโดว์หลังจากผู้ใช้ได้ลงชื่อเข้าใช้ระบบ "
10920
"โดยสคริปต์นี้จะต้องอยู่ในแชร์ชื่อ <emphasis>[netlogon]</emphasis>"
10921
10922
#: serverguide/C/samba.xml:839(para)
10923
msgid ""
10924
"<emphasis>add machine script:</emphasis> a script that will automatically "
10925
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
10926
"workstation to join the domain."
10927
msgstr ""
10928
"<emphasis>add machine script:</emphasis> "
10929
"สคริปต์เพื่อสร้างบัญชีเครื่องคอมพิวเตอร์ลูกข่ายหรือ <emphasis>Machine Trust "
10930
"Account</emphasis> "
10931
"ที่จะต้องมีเพื่อให้เครื่องลูกข่ายเข้าร่วมกับโดเมนได้โดยอัตโนมัติ"
10932
10933
#: serverguide/C/samba.xml:843(para)
10934
msgid ""
10935
"In this example the <emphasis>machines</emphasis> group will need to be "
10936
"created using the <application>addgroup</application> utility see <xref "
10937
"linkend=\"adding-deleting-users\"/> for details."
10938
msgstr ""
10939
"ในตัวอยางนี้กลุ่มชื่อ <emphasis>machines</emphasis> "
10940
"จะถูกสร้างโดยใช้เครื่องมือชื่อ <application>addgroup</application> กรุณาดู "
10941
"<xref linkend=\"adding-deleting-users\"/> "
10942
"สำหรับรายละเอียดเพิ่มเติมในการเพิ่มและลบผู้ใช้"
10943
10944
#: serverguide/C/samba.xml:854(para)
10945
msgid ""
10946
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
10947
"role=\"italic\">logon home</emphasis> to be mapped:"
10948
msgstr ""
10949
"ให้เอาคอมเม้นต์ของแชร์ชื่อ <emphasis>[homes]</emphasis> "
10950
"ออกเพื่ออนุญาติให้วินโดว์สามารถ map <emphasis role=\"italic\">logon "
10951
"home</emphasis> ได้"
10952
10953
#: serverguide/C/samba.xml:859(programlisting)
10954
#, no-wrap
10955
msgid ""
10956
"\n"
10957
"[homes]\n"
10958
" comment = Home Directories\n"
10959
" browseable = no\n"
10960
" read only = no\n"
10961
" create mask = 0700\n"
10962
" directory mask = 0700\n"
10963
" valid users = %S\n"
10964
msgstr ""
10965
"\n"
10966
"[homes]\n"
10967
" comment = Home Directories\n"
10968
" browseable = no\n"
10969
" read only = no\n"
10970
" create mask = 0700\n"
10971
" directory mask = 0700\n"
10972
" valid users = %S\n"
10973
10974
#: serverguide/C/samba.xml:872(para)
10975
msgid ""
10976
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
10977
"share needs to be configured. To enable the share, uncomment:"
10978
msgstr ""
10979
"เมื่อคุณตั้งค่าแซมบ้าเป็นเครื่องควบคุมหลักของโดเมน คุณจะต้องสร้างแชร์ชื่อ "
10980
"<emphasis>[netlogon]</emphasis> "
10981
"โดยให้เอาคอมเม้นต์ของบรรทัดนี้ออกเพื่อให้แชร์ทำงานได้:"
10982
10983
#: serverguide/C/samba.xml:877(programlisting)
10984
#, no-wrap
10985
msgid ""
10986
"\n"
10987
"[netlogon]\n"
10988
" comment = Network Logon Service\n"
10989
" path = /srv/samba/netlogon\n"
10990
" guest ok = yes\n"
10991
" read only = yes\n"
10992
" share modes = no\n"
10993
msgstr ""
10994
"\n"
10995
"[netlogon]\n"
10996
" comment = Network Logon Service\n"
10997
" path = /srv/samba/netlogon\n"
10998
" guest ok = yes\n"
10999
" read only = yes\n"
11000
" share modes = no\n"
11001
11002
#: serverguide/C/samba.xml:887(para)
11003
msgid ""
11004
"The original <emphasis>netlogon</emphasis> share path is "
11005
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
11006
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
11007
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
11008
"location for site-specific data provided by the system."
11009
msgstr ""
11010
"แซมบ้าตั้งค่าของแชร์ <emphasis>netlogon</emphasis> ไปที่ "
11011
"<filename>/home/samba/netlogon</filename> โดยอัตโนมัติ "
11012
"แต่ถ้าคุณจะอ้างอิงตาม Filesystem Hierarchy Standard (FHS) "
11013
"ให้เปลี่ยนการตั้งค่าให้ชี้ไปที่ <ulink "
11014
"url=\"http://www.pathname.com/fhs/pub/fhs-"
11015
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> แทน"
11016
11017
#: serverguide/C/samba.xml:898(para)
11018
msgid ""
11019
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
11020
"and an empty (for now) <filename>logon.cmd</filename> script file:"
11021
msgstr ""
11022
"จากนั้นให้สร้างแฟ้มข้อมูลสำหรับ <filename "
11023
"role=\"directory\">netlogon</filename> และไฟล์ว่างๆที่ยังไม่มีเนื้อหา "
11024
"(สำหรับตอนนี้) ชื่อ <filename>logon.cmd</filename> :"
11025
11026
#: serverguide/C/samba.xml:904(command)
11027
msgid "sudo mkdir -p /srv/samba/netlogon"
11028
msgstr "sudo mkdir -p /srv/samba/netlogon"
11029
11030
#: serverguide/C/samba.xml:905(command)
11031
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
11032
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
11033
11034
#: serverguide/C/samba.xml:908(para)
11035
msgid ""
11036
"You can enter any normal Windows logon script commands in "
11037
"<filename>logon.cmd</filename> to customize the client's environment."
11038
msgstr ""
11039
"คุณสามารถใส่คำสั่งของวินโดว์ที่จะทำงานเมื่อผู้ใช้เข้าใช้ระบบในไฟล์ "
11040
"<filename>logon.cmd</filename> "
11041
"นี้เพื่อปรับค่าของเครื่องลูกข่ายตามที่คุณต้องการ"
11042
11043
#: serverguide/C/samba.xml:916(para)
11044
msgid "Restart Samba to enable the new domain controller:"
11045
msgstr ""
11046
11047
#: serverguide/C/samba.xml:927(para)
11048
msgid ""
11049
"Lastly, there are a few additional commands needed to setup the appropriate "
11050
"rights."
11051
msgstr ""
11052
11053
#: serverguide/C/samba.xml:931(para)
11054
msgid ""
11055
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
11056
"workstation to the domain, a system group needs to be mapped to the Windows "
11057
"<emphasis>Domain Admins</emphasis> group. Using the "
11058
"<application>net</application> utility, from a terminal enter:"
11059
msgstr ""
11060
"เนื่องจากว่าผู้ใช้ <emphasis>root</emphasis> "
11061
"นั้นถูกป้องกันไม่ให้ถูกใช้งานโดยอัตโนมัติ "
11062
"คุณจะต้องสร้างความสัมพันธ์ระหว่างกลุ่มของผู้ดูแลโดเมนในอูบุนตูกับกลุ่มของผู้ด"
11063
"ูแลโดเมนในวินโดว์ (<emphasis>Domain Admins</emphasis>) โดยใช้คำสั่ง "
11064
"<application>net</application> ดังนี้:"
11065
11066
#: serverguide/C/samba.xml:938(command)
11067
msgid ""
11068
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
11069
"type=d"
11070
msgstr ""
11071
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
11072
"type=d"
11073
11074
#: serverguide/C/samba.xml:942(para)
11075
msgid ""
11076
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
11077
"prefer. Also, the user used to join the domain needs to be a member of the "
11078
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
11079
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
11080
"allows <application>sudo</application> use."
11081
msgstr ""
11082
"เปลี่ยนชื่อกลุ่มจาก <emphasis "
11083
"role=\"italic\">sysadmin</emphasis>เป็นชื่อที่คุณต้องการ "
11084
"ผู้ใช้ที่คุณใช้เมื่อทำให้เครื่องลูกข่ายเข้าร่วมกับโดเมนนั้นจะต้องเป็นผู้ใช้ที"
11085
"่อยู่ในกลุ่ม <emphasis>sysadmin</emphasis> และกลุ่ม "
11086
"<emphasis>admin</emphasis> เพราะว่ากลุ่ม <emphasis>admin</emphasis> "
11087
"อนุญาติให้ใช้โปรแกรม <application>sudo</application> ได้"
11088
11089
#: serverguide/C/samba.xml:948(para)
11090
msgid ""
11091
"If the user does not have Samba credentials yet, you can add them with the "
11092
"<application>smbpasswd</application> utility, change the "
11093
"<emphasis>sysadmin</emphasis> username appropriately: <screen>\n"
11094
"<command>sudo smbpasswd -a sysadmin</command>\n"
11095
"</screen>"
11096
msgstr ""
11097
11098
#: serverguide/C/samba.xml:958(para)
11099
msgid ""
11100
"Also, rights need to be explicitly provided to the <emphasis>Domain "
11101
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
11102
"(and other admin functions) to work. This is achieved by executing:"
11103
msgstr ""
11104
11105
#: serverguide/C/samba.xml:963(command)
11106
msgid ""
11107
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
11108
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
11109
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
11110
msgstr ""
11111
11112
#: serverguide/C/samba.xml:971(para)
11113
msgid ""
11114
"You should now be able to join Windows clients to the Domain in the same "
11115
"manner as joining them to an NT4 domain running on a Windows server."
11116
msgstr ""
11117
"หลังจากเริ่มโปรแกรมแซมบ้า "
11118
"คุณน่าจะสามารถให้เครื่องลูกข่ายวินโดว์เข้าร่วมโดเมนเหมือนๆกับที่คุณทำในโดเมน "
11119
"NT4 ได้แล้ว"
11120
11121
#: serverguide/C/samba.xml:981(title)
11122
msgid "Backup Domain Controller"
11123
msgstr "เครื่องควบคุมโดเมนสำรอง (Backup Domain Controller)"
11124
11125
#: serverguide/C/samba.xml:983(para)
11126
msgid ""
11127
"With a Primary Domain Controller (PDC) on the network it is best to have a "
11128
"Backup Domain Controller (BDC) as well. This will allow clients to "
11129
"authenticate in case the PDC becomes unavailable."
11130
msgstr ""
11131
"เราแนะนำให้คุณติดตั้งเครื่องควบคุมโดเมนสำรองหรือ Backup Domain Controller "
11132
"(BDC) เพิ่มกรณีที่คุณมีเครื่องควบคุมโดเมนหลัก (PDC) อยู่ในเครือข่าย "
11133
"เนื่องจากว่าเครื่องลูกข่ายยังจะสามารถลงชื่อเข้าใช้เครือข่ายได้ถึงแม้ว่าเครื่อ"
11134
"งควบคุมโดเมนหลักจะเสียไม่สามารถให้บริการได้"
11135
11136
#: serverguide/C/samba.xml:988(para)
11137
msgid ""
11138
"When configuring Samba as a BDC you need a way to sync account information "
11139
"with the PDC. There are multiple ways of accomplishing this "
11140
"<application>scp</application>, <application>rsync</application>, or by "
11141
"using <application>LDAP</application> as the <emphasis>passdb "
11142
"backend</emphasis>."
11143
msgstr ""
11144
"สำหรับการตั้งค่าแซมบ้าเป็น BDC "
11145
"นั้นคุณจะต้องมีวิธีที่จะคัดลอกข้อมูลเกี่ยวกับบัญชีต่างๆระหว่าง PDC และ BDC "
11146
"ซึ่งคุณสามารถทำได้หลายวิธีเช่นใช้ <application>scp</application>, "
11147
"<application>rsync</application> หรือจะใช้ <application>LDAP</application> "
11148
"เป็น <emphasis>passdb backend</emphasis> ก็ได้"
11149
11150
#: serverguide/C/samba.xml:994(para)
11151
msgid ""
11152
"Using LDAP is the most robust way to sync account information, because both "
11153
"domain controllers can use the same information in real time. However, "
11154
"setting up a LDAP server may be overly complicated for a small number of "
11155
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
11156
msgstr ""
11157
"การใช้ LDAP "
11158
"เป็นวิธีที่ดีที่สุดในการคัดลอกข้อมูลบัญชีเนื่องจากว่าข้อมูลในเครื่องควบคุมโดเ"
11159
"มนทั้งสองจะถ่ายโอนข้อมูลระหว่างกันทันทีเมื่อมีการเปลี่ยนแปลง "
11160
"แต่ว่าการติดตั้งเซิร์ฟเวอร์ LDAP "
11161
"ก็เป็นอะไรที่อาจจะซับซ้อนเกินความจำเป็นสำหรับเครือข่ายที่มีจำนวนผู้ใช้และเครื"
11162
"่องคอมพิวเตอร์ไม่เยอะ สำหรับรายละเอียดเพิ่มเติมกรุณาอ่าน <xref "
11163
"linkend=\"samba-ldap\"/>"
11164
11165
#: serverguide/C/samba.xml:1003(para)
11166
msgid ""
11167
"First, install <application>samba</application> and <application>libpam-"
11168
"winbind</application>. From a terminal enter:"
11169
msgstr ""
11170
11171
#: serverguide/C/samba.xml:1014(para)
11172
msgid ""
11173
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
11174
"following in the <emphasis>[global]</emphasis>:"
11175
msgstr ""
11176
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
11177
"และเอาคอมเม้นต์ของบรรทัดเหล่านี้ในหมวด <emphasis>[global]</emphasis> ออก:"
11178
11179
#: serverguide/C/samba.xml:1027(para)
11180
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
11181
msgstr ""
11182
"ในหมวด <emphasis>Domains</emphasis> ที่ถูกคอมเม้นต์อยู่ ให้เอาคอมเม้นต์ออก "
11183
"หรือจะเพิ่มบรรทัดเหล่านี้ก็ได้:"
11184
11185
#: serverguide/C/samba.xml:1031(programlisting)
11186
#, no-wrap
11187
msgid ""
11188
"\n"
11189
" domain logons = yes\n"
11190
" domain master = no\n"
11191
msgstr ""
11192
"\n"
11193
" domain logons = yes\n"
11194
" domain master = no\n"
11195
11196
#: serverguide/C/samba.xml:1039(para)
11197
msgid ""
11198
"Make sure a user has rights to read the files in "
11199
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
11200
"<emphasis>admin</emphasis> group to <application>scp</application> the "
11201
"files, enter:"
11202
msgstr ""
11203
"อย่าลืมตรวจสอบให้แน่ใจว่าผู้ใช้มีสิทธิ์ในการอ่านไฟล์ใน "
11204
"<filename>/var/lib/samba</filename> ด้วย ยกตัวอย่างเช่น "
11205
"ถ้าคุณต้องการอนุญาติให้ผู้ใช้ในกลุ่ม <emphasis>admin</emphasis> ใช้โปรแกรม "
11206
"<application>scp</application> กับไฟล์ได้ ให้พิมพ์คำสั่ง:"
11207
11208
#: serverguide/C/samba.xml:1045(command)
11209
msgid "sudo chgrp -R admin /var/lib/samba"
11210
msgstr "sudo chgrp -R admin /var/lib/samba"
11211
11212
#: serverguide/C/samba.xml:1051(para)
11213
msgid ""
11214
"Next, sync the user accounts, using <application>scp</application> to copy "
11215
"the <filename>/var/lib/samba</filename> directory from the PDC:"
11216
msgstr ""
11217
"จากนั้นให้ทำการคัดลอกบัญชีผู้ใช้โดยใช้ <application>scp</application> "
11218
"เพื่อคัดลอกแฟ้มข้อมูล <filename>/var/lib/samba</filename> "
11219
"จากเครื่องควบคุมโดเมนหลัก (PDC):"
11220
11221
#: serverguide/C/samba.xml:1057(command)
11222
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
11223
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
11224
11225
#: serverguide/C/samba.xml:1061(para)
11226
msgid ""
11227
"Replace <emphasis>username</emphasis> with a valid username and "
11228
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
11229
msgstr ""
11230
"แทนที่ <emphasis>username</emphasis> ด้วยชื่อผู้ใช้และ "
11231
"<emphasis>pdc</emphasis> ด้วยชื่อเครื่องหรือเลขที่ IP ของเครื่อง PDC ของคุณ"
11232
11233
#: serverguide/C/samba.xml:1070(para)
11234
msgid "Finally, restart <application>samba</application>:"
11235
msgstr "จากนั้นให้เริ่มโปรแกรม <application>แซมบ้า</application> ใหม่"
11236
11237
#: serverguide/C/samba.xml:1081(para)
11238
msgid ""
11239
"You can test that your Backup Domain controller is working by stopping the "
11240
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
11241
"the domain."
11242
msgstr ""
11243
"คุณสามารถทดสอบได้ว่าเครื่องควบคุมโดเมนสำรองทำงานได้อย่างถูกต้องโดยการปิดโปรแก"
11244
"รมแซมบ้าบนเครื่องหลัก (PDC) "
11245
"จากนั้นก็ลองลงชื่อเข้าใช้จากเครื่องลูกข่ายวินโดว์ของคุณที่อยู่ในโดเมน"
11246
11247
#: serverguide/C/samba.xml:1086(para)
11248
msgid ""
11249
"Another thing to keep in mind is if you have configured the <emphasis>logon "
11250
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
11251
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
11252
"be unavailable. For this reason it is best to configure the <emphasis>logon "
11253
"home</emphasis> to reside on a separate file server from the PDC and BDC."
11254
msgstr ""
11255
"อีกอย่างหนึ่งที่คุณต้องคำนึงก็คือถ้าคุณได้ตั้งค่า <emphasis>logon "
11256
"home</emphasis> ที่ชี้ไปที่แฟ้มข้อมูลบนเครื่อง PDC และเครื่อง PDC "
11257
"เกิดเสียหรือไม่สามารถให้บริการได้ขึ้นมา คุณจะไม่สามารถเข้าใช้งานไดรฟ์ "
11258
"<emphasis>Home</emphasis> ของผู้ใช้ได้เช่นกัน "
11259
"ด้วยเหตุนี้เราแนะนำให้คุณเก็บแฟ้มที่เป็น <emphasis>logon home</emphasis> "
11260
"ไว้บนเครื่องที่เป็นไฟล์เซิร์ฟเวอร์อื่นที่ไม่ใช่เครื่อง PDC และ BDC"
11261
11262
#: serverguide/C/samba.xml:1116(para)
11263
msgid ""
11264
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
11265
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
11266
"up a Primary Domain Controller."
11267
msgstr ""
11268
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
11269
"pdc.html\">บทที่ 4</ulink> ของ Samba HOWTO Collection "
11270
"อธิบายวิธีการติดตั้งเครื่องควบคุมโดเมนหลัก (Primary Domain Controller)"
11271
11272
#: serverguide/C/samba.xml:1122(para)
11273
msgid ""
11274
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
11275
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
11276
"explains setting up a Backup Domain Controller."
11277
msgstr ""
11278
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
11279
"Collection/samba-bdc.html\">บทที่ 5</ulink> ของ Samba HOWTO Collection "
11280
"อธิบายวิธีการติดตั้งเครื่องควบคุมโดเมนสำรอง (Backup Domain Controller)"
11281
11282
#: serverguide/C/samba.xml:1137(title)
11283
msgid "Active Directory Integration"
11284
msgstr ""
11285
11286
#: serverguide/C/samba.xml:1140(title)
11287
msgid "Accessing a Samba Share"
11288
msgstr "การเข้าใช้งานแชร์ของแซมบ้า"
11289
11290
#: serverguide/C/samba.xml:1142(para)
11291
msgid ""
11292
"Another, use for Samba is to integrate into an existing Windows network. "
11293
"Once part of an Active Directory domain, Samba can provide file and print "
11294
"services to AD users."
11295
msgstr ""
11296
"การใช้งานแซมบ้าอีกแบบนึงก็คือการเข้าไปทำงานเป็นส่วนหนึ่งของเครือข่ายวินโดว์ที"
11297
"่มีอยู่ เมื่อแซมบ้าได้เป็นส่วนหนึ่งของโดเมน Active Directory "
11298
"แล้วแซมบ้าสามารถให้บริการแชร์ไฟล์และเครื่องพิมพ์กับผู้ใช้ในโดเมนได้"
11299
11300
#: serverguide/C/samba.xml:1147(para)
11301
msgid ""
11302
"The simplest way to join an AD domain is to use <application>Likewise-"
11303
"open</application>. For detailed instructions see the <ulink "
11304
"url=\"http://www.beyondtrust.com/Technical-"
11305
"Support/Downloads/files/pbiso/Manuals/ubuntu-active-directory.html\"> "
11306
"Likewise Open documentation</ulink>."
11307
msgstr ""
11308
11309
#: serverguide/C/samba.xml:1153(para)
11310
msgid ""
11311
"Once part of the Active Directory domain, enter the following command in the "
11312
"terminal prompt:"
11313
msgstr ""
11314
11315
#: serverguide/C/samba.xml:1158(command)
11316
msgid "sudo apt install samba cifs-utils smbclient"
11317
msgstr ""
11318
11319
#: serverguide/C/samba.xml:1161(para)
11320
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
11321
msgstr ""
11322
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
11323
"โดยเปลี่ยนดังนี้:"
11324
11325
#: serverguide/C/samba.xml:1165(programlisting)
11326
#, no-wrap
11327
msgid ""
11328
"\n"
11329
" workgroup = EXAMPLE\n"
11330
" ...\n"
11331
" security = ads\n"
11332
" realm = EXAMPLE.COM\n"
11333
" ...\n"
11334
" idmap backend = lwopen\n"
11335
" idmap uid = 50-9999999999\n"
11336
" idmap gid = 50-9999999999\n"
11337
msgstr ""
11338
"\n"
11339
" workgroup = EXAMPLE\n"
11340
" ...\n"
11341
" security = ads\n"
11342
" realm = EXAMPLE.COM\n"
11343
" ...\n"
11344
" idmap backend = lwopen\n"
11345
" idmap uid = 50-9999999999\n"
11346
" idmap gid = 50-9999999999\n"
11347
11348
#: serverguide/C/samba.xml:1176(para)
11349
msgid ""
11350
"Restart <application>samba</application> for the new settings to take effect:"
11351
msgstr ""
11352
"จากนั้นให้เริ่มโปรแกรม <application>แซมบ้า</application> "
11353
"ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
11354
11355
#: serverguide/C/samba.xml:1184(para)
11356
msgid ""
11357
"You should now be able to access any <application>Samba</application> shares "
11358
"from a Windows client. However, be sure to give the appropriate AD users or "
11359
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
11360
"security\"/> for more details."
11361
msgstr ""
11362
"หลังจากเริ่มโปรแกรมแซมบ้าใหม่ คุณควรที่จะใช้แชร์จาก "
11363
"<application>แซมบ้า</application> ได้จากเครื่องลูกข่ายวินโดว์ "
11364
"อย่างไรก็ตามอย่าลืมตรวจสอบว่าคุณได้ให้สิทธิ์ผู้ใช้หรือกลุ่มผู้ใช้ใน AD "
11365
"ในการเข้าใช้งานแชร์ในแซมบ้าด้วยล่ะ สำหรับรายละเอียดเพิ่มเติมกรุณาอ่าน <xref "
11366
"linkend=\"samba-fileprint-security\"/>"
11367
11368
#: serverguide/C/samba.xml:1192(title)
11369
msgid "Accessing a Windows Share"
11370
msgstr "การเข้าใช้งานแชร์ในวินโดว์"
11371
11372
#: serverguide/C/samba.xml:1194(para)
11373
msgid ""
11374
"Now that the Samba server is part of the Active Directory domain you can "
11375
"access any Windows server shares:"
11376
msgstr ""
11377
"เครื่องเซิร์ฟเวอร์แซมบ้าที่เป็นส่วนหนึ่งของโดเมน Active Directory "
11378
"สามารถใช้งานแชร์ของเครื่องเซิร์ฟเวอร์ที่ทำงานบนระบบวินโดว์ได้:"
11379
11380
#: serverguide/C/samba.xml:1201(para)
11381
msgid ""
11382
"To mount a Windows file share enter the following in a terminal prompt:"
11383
msgstr "คุณสามารถ mount แชร์ในวินโดว์ได้โดยพิมพ์คำสั่ง:"
11384
11385
#: serverguide/C/samba.xml:1205(command)
11386
msgid "mount.cifs //fs01.example.com/share mount_point"
11387
msgstr "mount.cifs //fs01.example.com/share mount_point"
11388
11389
#: serverguide/C/samba.xml:1208(para)
11390
msgid ""
11391
"It is also possible to access shares on computers not part of an AD domain, "
11392
"but a username and password will need to be provided."
11393
msgstr ""
11394
"นอกจากนั้นคุณยังสามารถใช้งานแชร์บนเครื่องคอมพิวเตอร์ที่ไม่ได้อยู่ในโดเมน AD "
11395
"ด้วยเช่นกัน แต่คุณต้องระบุชื่อผู้ใช้และรหัสผ่านสำหรับใช้งานด้วย"
11396
11397
#: serverguide/C/samba.xml:1216(para)
11398
msgid ""
11399
"To mount the share during boot place an entry in "
11400
"<filename>/etc/fstab</filename>, for example:"
11401
msgstr ""
11402
"ถ้าคุณต้องการ mount แชร์เมื่อเปิดเครื่อง ให้ใส่รายการในไฟล์ "
11403
"<filename>/etc/fstab</filename> เช่น:"
11404
11405
#: serverguide/C/samba.xml:1220(programlisting)
11406
#, no-wrap
11407
msgid ""
11408
"\n"
11409
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
11410
"0 0\n"
11411
msgstr ""
11412
"\n"
11413
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
11414
"0 0\n"
11415
11416
#: serverguide/C/samba.xml:1227(para)
11417
msgid ""
11418
"Another way to copy files from a Windows server is to use the "
11419
"<application>smbclient</application> utility. To list the files in a Windows "
11420
"share:"
11421
msgstr ""
11422
"อีกวิธีที่คุณสามารถคัดลอกไฟล์จากเครื่องเซิร์ฟเวอร์วินโดว์คือการใช้โปรแกรม "
11423
"<application>smbclient</application> "
11424
"คุณสามารถแสดงรายชื่อของไฟล์ที่อยู่ในแชร์ของวินโดว์ได้โดยพิมพ์คำสั่ง:"
11425
11426
#: serverguide/C/samba.xml:1233(command)
11427
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
11428
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
11429
11430
#: serverguide/C/samba.xml:1239(para)
11431
msgid "To copy a file from the share, enter:"
11432
msgstr "ถ้าต้องการคัดลอกไฟล์จากแชร์ให้พิมพ์:"
11433
11434
#: serverguide/C/samba.xml:1244(command)
11435
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
11436
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
11437
11438
#: serverguide/C/samba.xml:1247(para)
11439
msgid ""
11440
"This will copy the <filename>file.txt</filename> into the current directory."
11441
msgstr ""
11442
"คำสั่งนี้จะคัดลอกไฟล์ชื่อ <filename>file.txt</filename> "
11443
"ไปที่แฟ้มข้อมูลปัจจุบัน"
11444
11445
#: serverguide/C/samba.xml:1254(para)
11446
msgid "And to copy a file to the share:"
11447
msgstr "และถ้าคุณต้องการคัดลอกไฟล์ไปไว้ที่แชร์ก็พิมพ์:"
11448
11449
#: serverguide/C/samba.xml:1259(command)
11450
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
11451
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
11452
11453
#: serverguide/C/samba.xml:1262(para)
11454
msgid ""
11455
"This will copy the <filename>/etc/hosts</filename> to "
11456
"<filename>//fs01.example.com/share/hosts</filename>."
11457
msgstr ""
11458
11459
#: serverguide/C/samba.xml:1269(para)
11460
msgid ""
11461
"The <emphasis>-c</emphasis> option used above allows you to execute the "
11462
"<application>smbclient</application> command all at once. This is useful for "
11463
"scripting and minor file operations. To enter the <emphasis>smb: \\"
11464
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
11465
"and directory commands, simply execute:"
11466
msgstr ""
11467
"การใช้ตัวเลือก <emphasis>c</emphasis> ด้านบนทำให้คุณสามารถใช้คำสั่ง "
11468
"<application>smbclient</application> ได้ทีเดียวในหนึ่งคำสั่งเลย "
11469
"ซึ่งก็เป็นประโยชน์สำหรับการเขียนสคริปต์หรือทำงานทั่วๆไปกับไฟล์ได้ "
11470
"แต่ถ้าคุณต้องการใช้งานพร๊อมต์ (prompt) <emphasis>smb:\\></emphasis> "
11471
"ซึ่งเป็นพร๊อมต์คล้ายๆ FTP ที่คุณสามารถพิมพ์คำสั่งต่างๆกับไฟล์และแฟ้มข้อมูล "
11472
"คุณต้องพิมพ์:"
11473
11474
#: serverguide/C/samba.xml:1276(command)
11475
msgid "smbclient //fs01.example.com/share -k"
11476
msgstr "smbclient //fs01.example.com/share -k"
11477
11478
#: serverguide/C/samba.xml:1283(para)
11479
msgid ""
11480
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
11481
"<emphasis>//192.168.0.5/share</emphasis>, "
11482
"<emphasis>username=steve,password=secret</emphasis>, and "
11483
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
11484
"file name, and an actual username and password with rights to the share."
11485
msgstr ""
11486
"เปลี่ยน <emphasis>fs01.example.com/share</emphasis>, "
11487
"<emphasis>//192.168.0.5/share</emphasis>, "
11488
"<emphasis>username=steve,password=secret</emphasis> และ "
11489
"<emphasis>file.txt</emphasis> เป็นเลขที่ IP ของเครื่องเซิร์ฟเวอร์คุณ, "
11490
"ชื่อของเครื่องเซิร์ฟเวอร์, ชื่อไฟล์, "
11491
"และชื่อของผู้ใช้และรหัสผ่านที่มีสิทธิ์ในการใช้งานแชร์นั้นๆได้"
11492
11493
#: serverguide/C/samba.xml:1294(para)
11494
msgid ""
11495
"For more <application>smbclient</application> options see the man page: "
11496
"<command>man smbclient</command>, also available <ulink "
11497
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man1/smbclient.1.html\">o"
11498
"nline</ulink>."
11499
msgstr ""
11500
11501
#: serverguide/C/samba.xml:1299(para)
11502
msgid ""
11503
"The <application>mount.cifs</application><ulink "
11504
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man8/mount.cifs.8.html\">"
11505
"man page</ulink> is also useful for more detailed information."
11506
msgstr ""
11507
11508
#: serverguide/C/reporting-bugs.xml:11(title)
11509
msgid "Appendix"
11510
msgstr ""
11511
11512
#: serverguide/C/reporting-bugs.xml:14(title)
11513
msgid "Reporting Bugs in Ubuntu Server Edition"
11514
msgstr ""
11515
11516
#: serverguide/C/reporting-bugs.xml:16(para)
11517
msgid ""
11518
"The Ubuntu Project, and thus Ubuntu Server, uses <ulink "
11519
"url=\"https://launchpad.net/\">Launchpad</ulink> as its bugtracker. In order "
11520
"to file a bug, you will need a Launchpad account. <ulink "
11521
"url=\"https://help.launchpad.net/YourAccount/NewAccount\">Create one "
11522
"here</ulink> if necessary."
11523
msgstr ""
11524
11525
#: serverguide/C/reporting-bugs.xml:23(title)
11526
msgid "Reporting Bugs With apport-cli"
11527
msgstr ""
11528
11529
#: serverguide/C/reporting-bugs.xml:25(para)
11530
msgid ""
11531
"The preferred way to report a bug is with the <application>apport-"
11532
"cli</application> command. It must be invoked on the machine affected by the "
11533
"bug because it collects information from the system on which it is being run "
11534
"and publishes it to the bug report on Launchpad. Getting that information to "
11535
"Launchpad can therefore be a challenge if the system is not running a "
11536
"desktop environment in order to use a browser (common with servers) or if it "
11537
"does not have Internet access. The steps to take in these situations are "
11538
"described below."
11539
msgstr ""
11540
11541
#: serverguide/C/reporting-bugs.xml:33(para)
11542
msgid ""
11543
"The commands <application>apport-cli</application> and <application>ubuntu-"
11544
"bug</application> should give the same results on a CLI server. The latter "
11545
"is actually a symlink to <application>apport-bug</application> which is "
11546
"intelligent enough to know whether a desktop environment is in use and will "
11547
"choose <application>apport-cli</application> if not. Since server systems "
11548
"tend to be CLI-only apport-cli was chosen from the outset in this guide."
11549
msgstr ""
11550
11551
#: serverguide/C/reporting-bugs.xml:40(para)
11552
msgid ""
11553
"Bug reports in Ubuntu need to be filed against a specific software package, "
11554
"so the name of the package (source package or program name/path) affected by "
11555
"the bug needs to be supplied to apport-cli:"
11556
msgstr ""
11557
11558
#: serverguide/C/reporting-bugs.xml:46(command)
11559
msgid "apport-cli PACKAGENAME"
11560
msgstr ""
11561
11562
#: serverguide/C/reporting-bugs.xml:50(para)
11563
msgid ""
11564
"See <xref linkend=\"package-management\"/> for more information about "
11565
"packages in Ubuntu."
11566
msgstr ""
11567
11568
#: serverguide/C/reporting-bugs.xml:55(para)
11569
msgid ""
11570
"Once apport-cli has finished gathering information you will be asked what to "
11571
"do with it. For instance, to report a bug in vim:"
11572
msgstr ""
11573
11574
#: serverguide/C/reporting-bugs.xml:61(command)
11575
msgid "apport-cli vim"
11576
msgstr ""
11577
11578
#: serverguide/C/reporting-bugs.xml:60(screen)
11579
#, no-wrap
11580
msgid ""
11581
"\n"
11582
"<placeholder-1/>\n"
11583
"\n"
11584
"*** Collecting problem information\n"
11585
"\n"
11586
"The collected information can be sent to the developers to improve the\n"
11587
"application. This might take a few minutes.\n"
11588
"...\n"
11589
"\n"
11590
"*** Send problem report to the developers?\n"
11591
"\n"
11592
"After the problem report has been sent, please fill out the form in the\n"
11593
"automatically opened web browser.\n"
11594
"\n"
11595
"What would you like to do? Your options are:\n"
11596
" S: Send report (2.8 KB)\n"
11597
" V: View report\n"
11598
" K: Keep report file for sending later or copying to somewhere else\n"
11599
" I: Cancel and ignore future crashes of this program version\n"
11600
" C: Cancel\n"
11601
"Please choose (S/V/K/I/C):\n"
11602
msgstr ""
11603
11604
#: serverguide/C/reporting-bugs.xml:83(para)
11605
msgid "The first three options are described below:"
11606
msgstr ""
11607
11608
#: serverguide/C/reporting-bugs.xml:90(para)
11609
msgid ""
11610
"<emphasis role=\"bold\">Send:</emphasis> submits the collected information "
11611
"to Launchpad as part of the process of filing a new bug report. You will be "
11612
"given the opportunity to describe the bug in your own words."
11613
msgstr ""
11614
11615
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:858(userinput)
11616
#, no-wrap
11617
msgid "1"
11618
msgstr ""
11619
11620
#: serverguide/C/reporting-bugs.xml:96(screen)
11621
#, no-wrap
11622
msgid ""
11623
"\n"
11624
"\n"
11625
"*** Uploading problem information\n"
11626
"\n"
11627
"The collected information is being sent to the bug tracking system.\n"
11628
"This might take a few minutes.\n"
11629
"94%\n"
11630
"\n"
11631
"*** To continue, you must visit the following URL:\n"
11632
"\n"
11633
" https://bugs.launchpad.net/ubuntu/+source/vim/+filebug/09b2495a-e2ab-11e3-"
11634
"879b-68b5996a96c8?\n"
11635
"\n"
11636
"You can launch a browser now, or copy this URL into a browser on another "
11637
"computer.\n"
11638
"\n"
11639
"\n"
11640
"Choices:\n"
11641
" 1: Launch a browser now\n"
11642
" C: Cancel\n"
11643
"Please choose (1/C): <placeholder-1/>\n"
11644
msgstr ""
11645
11646
#: serverguide/C/reporting-bugs.xml:117(para)
11647
msgid ""
11648
"The browser that will be used when choosing '1' will be the one known on the "
11649
"system as <application>www-browser</application> via the <ulink "
11650
"url=\"http://manpages.ubuntu.com/manpages/en/man8/update-"
11651
"alternatives.8.html\"> Debian alternatives system</ulink>. Examples of text-"
11652
"based browsers to install include <application>links</application>, "
11653
"<application>elinks</application>, <application>lynx</application>, and "
11654
"<application>w3m</application>. You can also manually point an existing "
11655
"browser at the given URL."
11656
msgstr ""
11657
11658
#: serverguide/C/reporting-bugs.xml:128(para)
11659
msgid ""
11660
"<emphasis role=\"bold\">View:</emphasis> displays the collected information "
11661
"on the screen for review. This can be a lot of information. Press 'Enter' to "
11662
"scroll by screenful. Press 'q' to quit and return to the choice menu."
11663
msgstr ""
11664
11665
#: serverguide/C/reporting-bugs.xml:137(para)
11666
msgid ""
11667
"<emphasis role=\"bold\">Keep:</emphasis> writes the collected information to "
11668
"disk. The resulting file can be later used to file the bug report, typically "
11669
"after transferring it to another Ubuntu system."
11670
msgstr ""
11671
11672
#: serverguide/C/reporting-bugs.xml:150(userinput)
11673
#, no-wrap
11674
msgid "k"
11675
msgstr ""
11676
11677
#: serverguide/C/reporting-bugs.xml:143(screen)
11678
#, no-wrap
11679
msgid ""
11680
"\n"
11681
"What would you like to do? Your options are:\n"
11682
" S: Send report (2.8 KB)\n"
11683
" V: View report\n"
11684
" K: Keep report file for sending later or copying to somewhere else\n"
11685
" I: Cancel and ignore future crashes of this program version\n"
11686
" C: Cancel\n"
11687
"Please choose (S/V/K/I/C): <placeholder-1/>\n"
11688
"Problem report file: /tmp/apport.vim.1pg92p02.apport\n"
11689
msgstr ""
11690
11691
#: serverguide/C/reporting-bugs.xml:154(para)
11692
msgid ""
11693
"To report the bug, get the file onto an internet-enabled Ubuntu system and "
11694
"apply apport-cli to it. This will cause the menu to appear immediately (the "
11695
"information is already collected). You should then press 's' to send:"
11696
msgstr ""
11697
11698
#: serverguide/C/reporting-bugs.xml:161(command)
11699
msgid "apport-cli apport.vim.1pg92p02.apport"
11700
msgstr ""
11701
11702
#: serverguide/C/reporting-bugs.xml:164(para)
11703
msgid ""
11704
"To directly save a report to disk (without menus) you can do: <screen>\n"
11705
"<command>apport-cli vim --save apport.vim.test.apport</command>\n"
11706
"</screen> Report names should end in <emphasis>.apport</emphasis> ."
11707
msgstr ""
11708
11709
#: serverguide/C/reporting-bugs.xml:175(para)
11710
msgid ""
11711
"If this internet-enabled system is non-Ubuntu/Debian, apport-cli is not "
11712
"available so the bug will need to be created manually. An apport report is "
11713
"also not to be included as an attachment to a bug either so it is completely "
11714
"useless in this scenario."
11715
msgstr ""
11716
11717
#: serverguide/C/reporting-bugs.xml:189(title)
11718
msgid "Reporting Application Crashes"
11719
msgstr ""
11720
11721
#: serverguide/C/reporting-bugs.xml:191(para)
11722
msgid ""
11723
"The software package that provides the apport-cli utility, "
11724
"<application>apport</application>, can be configured to automatically "
11725
"capture the state of a crashed application. This is enabled by default (in "
11726
"<filename>/etc/default/apport</filename>)."
11727
msgstr ""
11728
11729
#: serverguide/C/reporting-bugs.xml:197(para)
11730
msgid ""
11731
"After an application crashes, if enabled, apport will store a crash report "
11732
"under <filename>/var/crash</filename>:"
11733
msgstr ""
11734
11735
#: serverguide/C/reporting-bugs.xml:201(screen)
11736
#, no-wrap
11737
msgid ""
11738
"\n"
11739
"-rw-r----- 1 peter whoopsie 150K Jul 24 16:17 _usr_lib_x86_64-linux-"
11740
"gnu_libmenu-cache2_libexec_menu-cached.1000.crash\n"
11741
msgstr ""
11742
11743
#: serverguide/C/reporting-bugs.xml:205(para)
11744
msgid ""
11745
"Use the <application>apport-cli</application> command without arguments to "
11746
"process any pending crash reports. It will offer to report them one by one."
11747
msgstr ""
11748
11749
#: serverguide/C/reporting-bugs.xml:211(command)
11750
msgid "apport-cli"
11751
msgstr ""
11752
11753
#: serverguide/C/reporting-bugs.xml:224(userinput)
11754
#, no-wrap
11755
msgid "s"
11756
msgstr ""
11757
11758
#: serverguide/C/reporting-bugs.xml:210(screen)
11759
#, no-wrap
11760
msgid ""
11761
"\n"
11762
"<placeholder-1/>\n"
11763
"\n"
11764
"*** Send problem report to the developers?\n"
11765
"\n"
11766
"After the problem report has been sent, please fill out the form in the\n"
11767
"automatically opened web browser.\n"
11768
"\n"
11769
"What would you like to do? Your options are:\n"
11770
" S: Send report (153.0 KB)\n"
11771
" V: View report\n"
11772
" K: Keep report file for sending later or copying to somewhere else\n"
11773
" I: Cancel and ignore future crashes of this program version\n"
11774
" C: Cancel\n"
11775
"Please choose (S/V/K/I/C): <placeholder-2/>\n"
11776
msgstr ""
11777
11778
#: serverguide/C/reporting-bugs.xml:227(para)
11779
msgid ""
11780
"If you send the report, as was done above, the prompt will be returned "
11781
"immediately and the <filename>/var/crash</filename> directory will then "
11782
"contain 2 extra files:"
11783
msgstr ""
11784
11785
#: serverguide/C/reporting-bugs.xml:232(screen)
11786
#, no-wrap
11787
msgid ""
11788
"\n"
11789
"-rw-r----- 1 peter whoopsie 150K Jul 24 16:17 _usr_lib_x86_64-linux-"
11790
"gnu_libmenu-cache2_libexec_menu-cached.1000.crash\n"
11791
"-rw-rw-r-- 1 peter whoopsie 0 Jul 24 16:37 _usr_lib_x86_64-linux-"
11792
"gnu_libmenu-cache2_libexec_menu-cached.1000.upload\n"
11793
"-rw------- 1 whoopsie whoopsie 0 Jul 24 16:37 _usr_lib_x86_64-linux-"
11794
"gnu_libmenu-cache2_libexec_menu-cached.1000.uploaded\n"
11795
msgstr ""
11796
11797
#: serverguide/C/reporting-bugs.xml:238(para)
11798
msgid ""
11799
"Sending in a crash report like this will not immediately result in the "
11800
"creation of a new public bug. The report will be made private on Launchpad, "
11801
"meaning that it will be visible to only a limited set of bug triagers. These "
11802
"triagers will then scan the report for possible private data before creating "
11803
"a public bug."
11804
msgstr ""
11805
11806
#: serverguide/C/reporting-bugs.xml:256(para)
11807
msgid ""
11808
"See the <ulink "
11809
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
11810
"Bugs</ulink> Ubuntu wiki page."
11811
msgstr ""
11812
11813
#: serverguide/C/reporting-bugs.xml:262(para)
11814
msgid ""
11815
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
11816
"has some useful information. Though some of it pertains to using a GUI."
11817
msgstr ""
11818
11819
#: serverguide/C/remote-administration.xml:11(title)
11820
msgid "Remote Administration"
11821
msgstr ""
11822
11823
#: serverguide/C/remote-administration.xml:12(para)
11824
msgid ""
11825
"There are many ways to remotely administer a Linux server. This chapter will "
11826
"cover three of the most popular applications "
11827
"<application>OpenSSH</application>, <application>Puppet</application>, and "
11828
"<application>Zentyal</application>."
11829
msgstr ""
11830
11831
#: serverguide/C/remote-administration.xml:16(title)
11832
msgid "OpenSSH Server"
11833
msgstr ""
11834
11835
#: serverguide/C/remote-administration.xml:19(para)
11836
msgid ""
11837
"This section of the Ubuntu Server Guide introduces a powerful collection of "
11838
"tools for the remote control of, and transfer of data between, networked "
11839
"computers called <emphasis>OpenSSH</emphasis>. You will also learn about "
11840
"some of the configuration settings possible with the OpenSSH server "
11841
"application and how to change them on your Ubuntu system."
11842
msgstr ""
11843
11844
#: serverguide/C/remote-administration.xml:24(para)
11845
msgid ""
11846
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
11847
"family of tools for remotely controlling, or transferring files between, "
11848
"computers. Traditional tools used to accomplish these functions, such as "
11849
"<application>telnet</application> or <application>rcp</application>, are "
11850
"insecure and transmit the user's password in cleartext when used. OpenSSH "
11851
"provides a server daemon and client tools to facilitate secure, encrypted "
11852
"remote control and file transfer operations, effectively replacing the "
11853
"legacy tools."
11854
msgstr ""
11855
11856
#: serverguide/C/remote-administration.xml:33(para)
11857
msgid ""
11858
"The OpenSSH server component, <application>sshd</application>, listens "
11859
"continuously for client connections from any of the client tools. When a "
11860
"connection request occurs, <application>sshd</application> sets up the "
11861
"correct connection depending on the type of client tool connecting. For "
11862
"example, if the remote computer is connecting with the "
11863
"<application>ssh</application> client application, the OpenSSH server sets "
11864
"up a remote control session after authentication. If a remote user connects "
11865
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
11866
"daemon initiates a secure copy of files between the server and client after "
11867
"authentication. OpenSSH can use many authentication methods, including plain "
11868
"password, public key, and <application>Kerberos</application> tickets."
11869
msgstr ""
11870
11871
#: serverguide/C/remote-administration.xml:47(para)
11872
msgid ""
11873
"Installation of the OpenSSH client and server applications is simple. To "
11874
"install the OpenSSH client applications on your Ubuntu system, use this "
11875
"command at a terminal prompt:"
11876
msgstr ""
11877
11878
#: serverguide/C/remote-administration.xml:53(command)
11879
msgid "sudo apt install openssh-client"
11880
msgstr ""
11881
11882
#: serverguide/C/remote-administration.xml:55(para)
11883
msgid ""
11884
"To install the OpenSSH server application, and related support files, use "
11885
"this command at a terminal prompt:"
11886
msgstr ""
11887
11888
#: serverguide/C/remote-administration.xml:60(command)
11889
msgid "sudo apt install openssh-server"
11890
msgstr ""
11891
11892
#: serverguide/C/remote-administration.xml:62(para)
11893
msgid ""
11894
"The <application>openssh-server</application> package can also be selected "
11895
"to install during the Server Edition installation process."
11896
msgstr ""
11897
11898
#: serverguide/C/remote-administration.xml:69(para)
11899
msgid ""
11900
"You may configure the default behavior of the OpenSSH server application, "
11901
"<application>sshd</application>, by editing the file "
11902
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
11903
"configuration directives used in this file, you may view the appropriate "
11904
"manual page with the following command, issued at a terminal prompt:"
11905
msgstr ""
11906
11907
#: serverguide/C/remote-administration.xml:77(command)
11908
msgid "man sshd_config"
11909
msgstr ""
11910
11911
#: serverguide/C/remote-administration.xml:79(para)
11912
msgid ""
11913
"There are many directives in the <application>sshd</application> "
11914
"configuration file controlling such things as communication settings, and "
11915
"authentication modes. The following are examples of configuration directives "
11916
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
11917
"file."
11918
msgstr ""
11919
11920
#: serverguide/C/remote-administration.xml:86(para)
11921
msgid ""
11922
"Prior to editing the configuration file, you should make a copy of the "
11923
"original file and protect it from writing so you will have the original "
11924
"settings as a reference and to reuse as necessary."
11925
msgstr ""
11926
11927
#: serverguide/C/remote-administration.xml:90(para)
11928
msgid ""
11929
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
11930
"writing with the following commands, issued at a terminal prompt:"
11931
msgstr ""
11932
11933
#: serverguide/C/remote-administration.xml:95(command)
11934
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
11935
msgstr ""
11936
11937
#: serverguide/C/remote-administration.xml:96(command)
11938
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
11939
msgstr ""
11940
11941
#: serverguide/C/remote-administration.xml:99(para)
11942
msgid ""
11943
"The following are examples of configuration directives you may change:"
11944
msgstr ""
11945
11946
#: serverguide/C/remote-administration.xml:104(para)
11947
msgid ""
11948
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
11949
"port 22, change the Port directive as such:"
11950
msgstr ""
11951
11952
#: serverguide/C/remote-administration.xml:108(para)
11953
msgid "Port 2222"
11954
msgstr ""
11955
11956
#: serverguide/C/remote-administration.xml:113(para)
11957
msgid ""
11958
"To have <application>sshd</application> allow public key-based login "
11959
"credentials, simply add or modify the line:"
11960
msgstr ""
11961
11962
#: serverguide/C/remote-administration.xml:117(para)
11963
msgid "PubkeyAuthentication yes"
11964
msgstr ""
11965
11966
#: serverguide/C/remote-administration.xml:120(para)
11967
msgid "If the line is already present, then ensure it is not commented out."
11968
msgstr ""
11969
11970
#: serverguide/C/remote-administration.xml:125(para)
11971
msgid ""
11972
"To make your OpenSSH server display the contents of the "
11973
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
11974
"or modify the line:"
11975
msgstr ""
11976
11977
#: serverguide/C/remote-administration.xml:130(para)
11978
msgid "Banner /etc/issue.net"
11979
msgstr ""
11980
11981
#: serverguide/C/remote-administration.xml:133(para)
11982
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
11983
msgstr ""
11984
11985
#: serverguide/C/remote-administration.xml:138(para)
11986
msgid ""
11987
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
11988
"save the file, and restart the <application>sshd</application> server "
11989
"application to effect the changes using the following command at a terminal "
11990
"prompt:"
11991
msgstr ""
11992
11993
#: serverguide/C/remote-administration.xml:147(para)
11994
msgid ""
11995
"Many other configuration directives for <application>sshd</application> are "
11996
"available to change the server application's behavior to fit your needs. Be "
11997
"advised, however, if your only method of access to a server is "
11998
"<application>ssh</application>, and you make a mistake in configuring "
11999
"<application>sshd</application> via the "
12000
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
12001
"out of the server upon restarting it. Additionally, if an incorrect "
12002
"configuration directive is supplied, the <application>sshd</application> "
12003
"server may refuse to start, so be extra careful when editing this file on a "
12004
"remote server."
12005
msgstr ""
12006
12007
#: serverguide/C/remote-administration.xml:161(title)
12008
msgid "SSH Keys"
12009
msgstr ""
12010
12011
#: serverguide/C/remote-administration.xml:162(para)
12012
msgid ""
12013
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
12014
"the need of a password. SSH key authentication uses two keys, a "
12015
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
12016
msgstr ""
12017
12018
#: serverguide/C/remote-administration.xml:166(para)
12019
msgid "To generate the keys, from a terminal prompt enter:"
12020
msgstr ""
12021
12022
#: serverguide/C/remote-administration.xml:170(command)
12023
msgid "ssh-keygen -t rsa"
12024
msgstr ""
12025
12026
#: serverguide/C/remote-administration.xml:172(para)
12027
msgid ""
12028
"This will generate the keys using the <emphasis>RSA Algorithm</emphasis>. "
12029
"During the process you will be prompted for a password. Simply hit "
12030
"<emphasis>Enter</emphasis> when prompted to create the key."
12031
msgstr ""
12032
12033
#: serverguide/C/remote-administration.xml:176(para)
12034
msgid ""
12035
"By default the <emphasis>public</emphasis> key is saved in the file "
12036
"<filename>~/.ssh/id_rsa.pub</filename>, while "
12037
"<filename>~/.ssh/id_rsa</filename> is the <emphasis>private</emphasis> key. "
12038
"Now copy the <filename>id_rsa.pub</filename> file to the remote host and "
12039
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
12040
msgstr ""
12041
12042
#: serverguide/C/remote-administration.xml:182(command)
12043
msgid "ssh-copy-id username@remotehost"
12044
msgstr ""
12045
12046
#: serverguide/C/remote-administration.xml:184(para)
12047
msgid ""
12048
"Finally, double check the permissions on the "
12049
"<filename>authorized_keys</filename> file, only the authenticated user "
12050
"should have read and write permissions. If the permissions are not correct "
12051
"change them by:"
12052
msgstr ""
12053
12054
#: serverguide/C/remote-administration.xml:189(command)
12055
msgid "chmod 600 .ssh/authorized_keys"
12056
msgstr ""
12057
12058
#: serverguide/C/remote-administration.xml:191(para)
12059
msgid ""
12060
"You should now be able to SSH to the host without being prompted for a "
12061
"password."
12062
msgstr ""
12063
12064
#: serverguide/C/remote-administration.xml:200(para)
12065
msgid ""
12066
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
12067
"page."
12068
msgstr ""
12069
12070
#: serverguide/C/remote-administration.xml:206(ulink)
12071
msgid "OpenSSH Website"
12072
msgstr ""
12073
12074
#: serverguide/C/remote-administration.xml:211(ulink)
12075
msgid "Advanced OpenSSH Wiki Page"
12076
msgstr ""
12077
12078
#: serverguide/C/remote-administration.xml:219(title)
12079
msgid "Puppet"
12080
msgstr ""
12081
12082
#: serverguide/C/remote-administration.xml:221(para)
12083
msgid ""
12084
"<application>Puppet</application> is a cross platform framework enabling "
12085
"system administrators to perform common tasks using code. The code can do a "
12086
"variety of tasks from installing new software, to checking file permissions, "
12087
"or updating user accounts. <application>Puppet</application> is great not "
12088
"only during the initial installation of a system, but also throughout the "
12089
"system's entire life cycle. In most circumstances "
12090
"<application>puppet</application> will be used in a client/server "
12091
"configuration."
12092
msgstr ""
12093
12094
#: serverguide/C/remote-administration.xml:228(para)
12095
msgid ""
12096
"This section will cover installing and configuring "
12097
"<application>Puppet</application> in a client/server configuration. This "
12098
"simple example will demonstrate how to install "
12099
"<application>Apache</application> using <application>Puppet</application>."
12100
msgstr ""
12101
12102
#: serverguide/C/remote-administration.xml:234(title)
12103
msgid "Preconfiguration"
12104
msgstr ""
12105
12106
#: serverguide/C/remote-administration.xml:236(para)
12107
msgid ""
12108
"Prior to configuring <application>puppet</application> you may want to add a "
12109
"DNS <emphasis>CNAME</emphasis> record for "
12110
"<emphasis>puppet.example.com</emphasis>, where "
12111
"<emphasis>example.com</emphasis> is your domain. By default "
12112
"<application>Puppet</application> clients check DNS for puppet.example.com "
12113
"as the puppet server name, or <emphasis>Puppet Master</emphasis>. See <xref "
12114
"linkend=\"dns\"/> for more DNS details."
12115
msgstr ""
12116
12117
#: serverguide/C/remote-administration.xml:243(para)
12118
msgid ""
12119
"If you do not wish to use DNS, you can add entries to the server and client "
12120
"<filename>/etc/hosts</filename> file. For example, in the "
12121
"<application>Puppet</application> server's <filename>/etc/hosts</filename> "
12122
"file add:"
12123
msgstr ""
12124
12125
#: serverguide/C/remote-administration.xml:248(programlisting)
12126
#, no-wrap
12127
msgid ""
12128
"\n"
12129
"127.0.0.1 localhost.localdomain localhost puppet\n"
12130
"192.168.1.17 puppetclient.example.com puppetclient\n"
12131
msgstr ""
12132
12133
#: serverguide/C/remote-administration.xml:253(para)
12134
msgid ""
12135
"On each <application>Puppet</application> client, add an entry for the "
12136
"server:"
12137
msgstr ""
12138
12139
#: serverguide/C/remote-administration.xml:257(programlisting)
12140
#, no-wrap
12141
msgid ""
12142
"\n"
12143
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
12144
msgstr ""
12145
12146
#: serverguide/C/remote-administration.xml:262(para)
12147
msgid ""
12148
"Replace the example IP addresses and domain names above with your actual "
12149
"server and client addresses and domain names."
12150
msgstr ""
12151
12152
#: serverguide/C/remote-administration.xml:271(para)
12153
msgid ""
12154
"To install <application>Puppet</application>, in a terminal on the "
12155
"<emphasis>server</emphasis> enter:"
12156
msgstr ""
12157
12158
#: serverguide/C/remote-administration.xml:276(command)
12159
msgid "sudo apt install puppetmaster"
12160
msgstr ""
12161
12162
#: serverguide/C/remote-administration.xml:279(para)
12163
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
12164
msgstr ""
12165
12166
#: serverguide/C/remote-administration.xml:284(command)
12167
msgid "sudo apt install puppet"
12168
msgstr ""
12169
12170
#: serverguide/C/remote-administration.xml:292(para)
12171
msgid "Create a folder path for the apache2 class:"
12172
msgstr ""
12173
12174
#: serverguide/C/remote-administration.xml:297(command)
12175
msgid "sudo mkdir -p /etc/puppet/modules/apache2/manifests"
12176
msgstr ""
12177
12178
#: serverguide/C/remote-administration.xml:300(para)
12179
msgid ""
12180
"Now setup some resources for <application>apache2</application>. Create a "
12181
"file <filename>/etc/puppet/modules/apache2/manifests/init.pp</filename> "
12182
"containing the following:"
12183
msgstr ""
12184
12185
#: serverguide/C/remote-administration.xml:306(programlisting)
12186
#, no-wrap
12187
msgid ""
12188
"\n"
12189
"class apache2 {\n"
12190
" package { 'apache2':\n"
12191
" ensure => installed,\n"
12192
" }\n"
12193
"\n"
12194
" service { 'apache2':\n"
12195
" ensure => true,\n"
12196
" enable => true,\n"
12197
" require => Package['apache2'],\n"
12198
" }\n"
12199
"}\n"
12200
msgstr ""
12201
12202
#: serverguide/C/remote-administration.xml:321(para)
12203
msgid ""
12204
"Next, create a node file <filename>/etc/puppet/manifests/site.pp</filename> "
12205
"with:"
12206
msgstr ""
12207
12208
#: serverguide/C/remote-administration.xml:325(programlisting)
12209
#, no-wrap
12210
msgid ""
12211
"\n"
12212
"node 'puppetclient.example.com' {\n"
12213
" include apache2\n"
12214
"}\n"
12215
msgstr ""
12216
12217
#: serverguide/C/remote-administration.xml:332(para)
12218
msgid ""
12219
"Replace <emphasis>puppetclient.example.com</emphasis> with your actual "
12220
"<application>Puppet</application> client's host name."
12221
msgstr ""
12222
12223
#: serverguide/C/remote-administration.xml:337(para)
12224
msgid ""
12225
"The final step for this simple <application>Puppet</application> server is "
12226
"to restart the daemon:"
12227
msgstr ""
12228
12229
#: serverguide/C/remote-administration.xml:342(command)
12230
msgid "sudo systemctl restart puppetmaster.service"
12231
msgstr ""
12232
12233
#: serverguide/C/remote-administration.xml:345(para)
12234
msgid ""
12235
"Now everything is configured on the <application>Puppet</application> "
12236
"server, it is time to configure the client."
12237
msgstr ""
12238
12239
#: serverguide/C/remote-administration.xml:349(para)
12240
msgid ""
12241
"First, configure the <application>Puppet</application> agent daemon to "
12242
"start. Edit <filename>/etc/default/puppet</filename>, changing "
12243
"<emphasis>START</emphasis> to yes:"
12244
msgstr ""
12245
12246
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
12247
#, no-wrap
12248
msgid ""
12249
"\n"
12250
"START=yes\n"
12251
msgstr ""
12252
12253
#: serverguide/C/remote-administration.xml:358(para)
12254
msgid "Then start the service:"
12255
msgstr ""
12256
12257
#: serverguide/C/remote-administration.xml:363(command)
12258
msgid "sudo systemctl start puppet.service"
12259
msgstr ""
12260
12261
#: serverguide/C/remote-administration.xml:366(para)
12262
msgid "View the client cert fingerprint"
12263
msgstr ""
12264
12265
#: serverguide/C/remote-administration.xml:371(command)
12266
msgid "sudo puppet agent --fingerprint"
12267
msgstr ""
12268
12269
#: serverguide/C/remote-administration.xml:375(para)
12270
msgid ""
12271
"Back on the <application>Puppet</application> server, view pending "
12272
"certificate signing requests:"
12273
msgstr ""
12274
12275
#: serverguide/C/remote-administration.xml:380(command)
12276
msgid "sudo puppet cert list"
12277
msgstr ""
12278
12279
#: serverguide/C/remote-administration.xml:383(para)
12280
msgid ""
12281
"On the <application>Puppet</application> server, verify the fingerprint of "
12282
"the client and sign puppetclient's cert:"
12283
msgstr ""
12284
12285
#: serverguide/C/remote-administration.xml:388(command)
12286
msgid "sudo puppet cert sign puppetclient.example.com"
12287
msgstr ""
12288
12289
#: serverguide/C/remote-administration.xml:391(para)
12290
msgid ""
12291
"On the <application>Puppet</application> client, run the puppet agent "
12292
"manually in the foreground. This step isn't strictly speaking necessary, but "
12293
"it is the best way to test and debug the puppet service."
12294
msgstr ""
12295
12296
#: serverguide/C/remote-administration.xml:397(command)
12297
msgid "sudo puppet agent --test"
12298
msgstr ""
12299
12300
#: serverguide/C/remote-administration.xml:400(para)
12301
msgid ""
12302
"Check <filename>/var/log/syslog</filename> on both hosts for any errors with "
12303
"the configuration. If all goes well the <application>apache2</application> "
12304
"package and it's dependencies will be installed on the "
12305
"<application>Puppet</application> client."
12306
msgstr ""
12307
12308
#: serverguide/C/remote-administration.xml:406(para)
12309
msgid ""
12310
"This example is <emphasis>very</emphasis> simple, and does not highlight "
12311
"many of <application>Puppet</application>'s features and benefits. For more "
12312
"information see <xref linkend=\"puppet-resources\"/>."
12313
msgstr ""
12314
12315
#: serverguide/C/remote-administration.xml:418(para)
12316
msgid ""
12317
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
12318
"Documentation</ulink> web site."
12319
msgstr ""
12320
12321
#: serverguide/C/remote-administration.xml:423(para)
12322
msgid ""
12323
"See the <ulink url=\"http://forge.puppetlabs.com/\">Puppet forge</ulink>, "
12324
"online repository of puppet modules."
12325
msgstr ""
12326
12327
#: serverguide/C/remote-administration.xml:428(para)
12328
msgid ""
12329
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
12330
"Puppet</ulink>."
12331
msgstr ""
12332
12333
#: serverguide/C/remote-administration.xml:438(title)
12334
msgid "Zentyal"
12335
msgstr ""
12336
12337
#: serverguide/C/remote-administration.xml:440(para)
12338
msgid ""
12339
"<application>Zentyal</application> is a Linux small business server that can "
12340
"be configured as a gateway, infrastructure manager, unified threat manager, "
12341
"office server, unified communication server or a combination of them. All "
12342
"network services managed by <application>Zentyal</application> are tightly "
12343
"integrated, automating most tasks. This saves time and helps to avoid errors "
12344
"in network configuration and administration. "
12345
"<application>Zentyal</application> is open source, released under the GNU "
12346
"General Public License (GPL) and runs on top of Ubuntu GNU/Linux."
12347
msgstr ""
12348
12349
#: serverguide/C/remote-administration.xml:451(para)
12350
msgid ""
12351
"<application>Zentyal</application> consists of a series of packages (usually "
12352
"one for each module) that provide a web interface to configure the different "
12353
"servers or services. The configuration is stored on a key-value "
12354
"<application>Redis</application> database, but users, groups, and domains-"
12355
"related configuration is on <application>OpenLDAP </application>. When you "
12356
"configure any of the available parameters through the web interface, final "
12357
"configuration files are overwritten using the configuration templates "
12358
"provided by the modules. The main advantage of using "
12359
"<application>Zentyal</application> is a unified, graphical user interface to "
12360
"configure all network services and high, out-of-the-box integration between "
12361
"them."
12362
msgstr ""
12363
12364
#: serverguide/C/remote-administration.xml:465(para)
12365
msgid ""
12366
"<application>Zentyal</application> publishes one major stable release once a "
12367
"year based on the latest Ubuntu LTS release."
12368
msgstr ""
12369
12370
#: serverguide/C/remote-administration.xml:473(para)
12371
msgid ""
12372
"If you would like to create a new user to access the "
12373
"<application>Zentyal</application> web interface, run: <screen>\n"
12374
"<command>sudo adduser username sudo</command>\n"
12375
"</screen>"
12376
msgstr ""
12377
12378
#: serverguide/C/remote-administration.xml:481(para)
12379
msgid ""
12380
"Add the <application>Zentyal</application> repository to your repository "
12381
"list: <screen>\n"
12382
"<command>sudo add-apt-repository \"deb http://archive.zentyal.org/zentyal "
12383
"3.5 main extra\"</command>\n"
12384
"</screen>"
12385
msgstr ""
12386
12387
#: serverguide/C/remote-administration.xml:488(para)
12388
msgid ""
12389
"Import the public keys from <application>Zentyal</application>: <screen>\n"
12390
"<command>sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "
12391
"10E239FF</command>\n"
12392
"<command>wget -q http://keys.zentyal.org/zentyal-4.2-archive.asc -O- | sudo "
12393
"apt-key add -</command>\n"
12394
"</screen>"
12395
msgstr ""
12396
12397
#: serverguide/C/remote-administration.xml:496(para)
12398
msgid ""
12399
"Update your packages and install <application>Zentyal</application>: "
12400
"<screen>\n"
12401
"<command>sudo apt update</command>\n"
12402
"<command>sudo apt install zentyal</command>\n"
12403
"</screen> During installation you will be asked to set a root MySQL password "
12404
"and confirm port 443."
12405
msgstr ""
12406
12407
#: serverguide/C/remote-administration.xml:509(title)
12408
msgid "First steps"
12409
msgstr ""
12410
12411
#: serverguide/C/remote-administration.xml:511(para)
12412
msgid ""
12413
"Any system account belonging to the sudo group is allowed to log into the "
12414
"<application>Zentyal</application> web interface. The user created while "
12415
"installing Ubuntu Server will belong to the sudo group by default."
12416
msgstr ""
12417
12418
#: serverguide/C/remote-administration.xml:517(para)
12419
msgid ""
12420
"To access the <application>Zentyal</application> web interface, point a "
12421
"browser to https://localhost/ or to the IP address of your remote server. As "
12422
"<application>Zentyal</application> creates its own self-signed SSL "
12423
"certificate, you will have to accept a security exception on your browser. "
12424
"Log in with the same username and password used to log in to your server."
12425
msgstr ""
12426
12427
#: serverguide/C/remote-administration.xml:526(para)
12428
msgid ""
12429
"Once logged in you will see an overview of your server. Individual modules, "
12430
"such as Antivirus or Firewall, can be installed by simply clicking them and "
12431
"then clicking Install. Selecting server roles like Gateway or Infrastructure "
12432
"can be used to install multiple modules at once."
12433
msgstr ""
12434
12435
#: serverguide/C/remote-administration.xml:534(para)
12436
msgid ""
12437
"Modules can also be installed via the command line: <screen>\n"
12438
"<command>sudo apt install <zentyal-module></command>\n"
12439
"</screen> See the list of available modules below."
12440
msgstr ""
12441
12442
#: serverguide/C/remote-administration.xml:542(para)
12443
msgid ""
12444
"To enable a module, go to the Dashboard, then click Module Status. Click the "
12445
"check box for the module, then Save changes."
12446
msgstr ""
12447
12448
#: serverguide/C/remote-administration.xml:547(para)
12449
msgid ""
12450
"To configure any of the features of your installed modules, click the "
12451
"different sections on the left menu. When you make any changes, a red \"Save "
12452
"changes\" button appears in the upper right corner."
12453
msgstr ""
12454
12455
#: serverguide/C/remote-administration.xml:553(para)
12456
msgid ""
12457
"If you need to customize any configuration file or run certain actions "
12458
"(scripts or commands) to configure features not available on "
12459
"<application>Zentyal</application>, place the custom configuration file "
12460
"templates on /etc/zentyal/stubs/<module>/ and the hooks on "
12461
"/etc/zentyal/hooks/<module>.<action>. Read more about stubs and "
12462
"hooks <ulink "
12463
"url=\"https://wiki.zentyal.org/wiki/En/4.0/Appendix_B:_Development_and_advanc"
12464
"ed_configuration#Advanced_Service_Customization\">here</ulink>."
12465
msgstr ""
12466
12467
#: serverguide/C/remote-administration.xml:565(title)
12468
msgid "Modules"
12469
msgstr ""
12470
12471
#: serverguide/C/remote-administration.xml:572(para)
12472
msgid ""
12473
"zentyal-core & zentyal-common: the core of the "
12474
"<application>Zentyal</application> interface and the common libraries of the "
12475
"framework. Also includes the logs and events modules that give the "
12476
"administrator an interface to view the logs and generate events from them."
12477
msgstr ""
12478
12479
#: serverguide/C/remote-administration.xml:581(para)
12480
msgid ""
12481
"zentyal-network: manages the configuration of the network. From the "
12482
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
12483
"gateways when having more than one Internet connection, load balancing and "
12484
"advanced routing, static routes or dynamic DNS."
12485
msgstr ""
12486
12487
#: serverguide/C/remote-administration.xml:589(para)
12488
msgid ""
12489
"zentyal-objects & zentyal-services: provide an abstraction level for "
12490
"network addresses (e.g. LAN instead of 192.168.1.0/24) and ports named as "
12491
"services (e.g. HTTP instead of 80/TCP)."
12492
msgstr ""
12493
12494
#: serverguide/C/remote-administration.xml:596(para)
12495
msgid ""
12496
"zentyal-firewall: configures the <application>iptables</application> rules "
12497
"to block forbiden connections, NAT and port redirections."
12498
msgstr ""
12499
12500
#: serverguide/C/remote-administration.xml:602(para)
12501
msgid ""
12502
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
12503
"network clients to synchronize their clocks against the server."
12504
msgstr ""
12505
12506
#: serverguide/C/remote-administration.xml:608(para)
12507
msgid ""
12508
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
12509
"supporting network ranges, static leases and other advanced options like "
12510
"NTP, WINS, dynamic DNS updates and network boot with PXE."
12511
msgstr ""
12512
12513
#: serverguide/C/remote-administration.xml:615(para)
12514
msgid ""
12515
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
12516
"your server for caching local queries as a forwarder or as an authoritative "
12517
"server for the configured domains. Allows to configure A, CNAME, MX, NS, TXT "
12518
"and SRV records."
12519
msgstr ""
12520
12521
#: serverguide/C/remote-administration.xml:623(para)
12522
msgid ""
12523
"zentyal-ca: integrates the management of a Certification Authority within "
12524
"Zentyal so users can use certificates to authenticate against the services, "
12525
"like with <application>OpenVPN</application>."
12526
msgstr ""
12527
12528
#: serverguide/C/remote-administration.xml:630(para)
12529
msgid ""
12530
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
12531
"<application>OpenVPN</application> with dynamic routing configuration using "
12532
"<application>Quagga</application>."
12533
msgstr ""
12534
12535
#: serverguide/C/remote-administration.xml:637(para)
12536
msgid ""
12537
"zentyal-users: provides an interface to configure and manage users and "
12538
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
12539
"authenticated against LDAP having a centralized users and groups management. "
12540
"It is also possible to synchronize users, passwords and groups from a "
12541
"<application>Microsoft Active Directory</application> domain."
12542
msgstr ""
12543
12544
#: serverguide/C/remote-administration.xml:647(para)
12545
msgid ""
12546
"zentyal-squid: configures <application>Squid</application> and "
12547
"<application>Dansguardian</application> for speeding up browsing thanks to "
12548
"the caching capabilities and content filtering."
12549
msgstr ""
12550
12551
#: serverguide/C/remote-administration.xml:654(para)
12552
msgid ""
12553
"zentyal-samba: allows <application>Samba</application> configuration and "
12554
"integration with existing LDAP. From the same interface you can define "
12555
"password policies, create shared resources and assign permissions."
12556
msgstr ""
12557
12558
#: serverguide/C/remote-administration.xml:662(para)
12559
msgid ""
12560
"zentyal-printers: integrates <application>CUPS</application> with "
12561
"<application>Samba</application> and allows not only to configure the "
12562
"printers but also give them permissions based on LDAP users and groups."
12563
msgstr ""
12564
12565
#: serverguide/C/remote-administration.xml:567(para)
12566
msgid ""
12567
"<application>Zentyal</application> 2.3 is available on Ubuntu 16.04 Universe "
12568
"repository. The modules available are: <placeholder-1/>"
12569
msgstr ""
12570
12571
#: serverguide/C/remote-administration.xml:673(para)
12572
msgid ""
12573
"Not present on Ubuntu Universe repositories, but on <ulink "
12574
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
12575
"find these other modules:"
12576
msgstr ""
12577
12578
#: serverguide/C/remote-administration.xml:682(para)
12579
msgid ""
12580
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
12581
"with other modules like the proxy, file sharing or mailfilter."
12582
msgstr ""
12583
12584
#: serverguide/C/remote-administration.xml:689(para)
12585
msgid ""
12586
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
12587
"a simple PBX with LDAP based authentication."
12588
msgstr ""
12589
12590
#: serverguide/C/remote-administration.xml:695(para)
12591
msgid ""
12592
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
12593
msgstr ""
12594
12595
#: serverguide/C/remote-administration.xml:701(para)
12596
msgid ""
12597
"zentyal-captiveportal: integrates a captive portal with the firewall and "
12598
"LDAP users and groups."
12599
msgstr ""
12600
12601
#: serverguide/C/remote-administration.xml:707(para)
12602
msgid ""
12603
"zentyal-ebackup: allows to make scheduled backups of your server using the "
12604
"popular <application>duplicity</application> backup tool."
12605
msgstr ""
12606
12607
#: serverguide/C/remote-administration.xml:713(para)
12608
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
12609
msgstr ""
12610
12611
#: serverguide/C/remote-administration.xml:718(para)
12612
msgid "zentyal-ids: integrates a network intrusion detection system."
12613
msgstr ""
12614
12615
#: serverguide/C/remote-administration.xml:723(para)
12616
msgid ""
12617
"zentyal-ipsec: allows to configure IPsec tunnels using "
12618
"<application>OpenSwan</application>."
12619
msgstr ""
12620
12621
#: serverguide/C/remote-administration.xml:729(para)
12622
msgid ""
12623
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
12624
"with LDAP users and groups."
12625
msgstr ""
12626
12627
#: serverguide/C/remote-administration.xml:735(para)
12628
msgid ""
12629
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
12630
"solution."
12631
msgstr ""
12632
12633
#: serverguide/C/remote-administration.xml:741(para)
12634
msgid ""
12635
"zentyal-mail: a full mail stack including <application>Postfix "
12636
"</application> and <application>Dovecot</application> with LDAP backend."
12637
msgstr ""
12638
12639
#: serverguide/C/remote-administration.xml:748(para)
12640
msgid ""
12641
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
12642
"stack to filter spam and attached virus."
12643
msgstr ""
12644
12645
#: serverguide/C/remote-administration.xml:754(para)
12646
msgid ""
12647
"zentyal-monitor: integrates <application>collectd</application> to monitor "
12648
"server performance and running services."
12649
msgstr ""
12650
12651
#: serverguide/C/remote-administration.xml:760(para)
12652
msgid ""
12653
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
12654
msgstr ""
12655
12656
#: serverguide/C/remote-administration.xml:765(para)
12657
msgid ""
12658
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
12659
"users and groups."
12660
msgstr ""
12661
12662
#: serverguide/C/remote-administration.xml:771(para)
12663
msgid ""
12664
"zentyal-software: simple interface to manage installed "
12665
"<application>Zentyal</application> modules and system updates."
12666
msgstr ""
12667
12668
#: serverguide/C/remote-administration.xml:777(para)
12669
msgid ""
12670
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
12671
"throttling and improve latency."
12672
msgstr ""
12673
12674
#: serverguide/C/remote-administration.xml:783(para)
12675
msgid ""
12676
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
12677
"web browser."
12678
msgstr ""
12679
12680
#: serverguide/C/remote-administration.xml:789(para)
12681
msgid ""
12682
"zentyal-virt: simple interface to create and manage virtual machines based "
12683
"on <application>libvirt</application>."
12684
msgstr ""
12685
12686
#: serverguide/C/remote-administration.xml:795(para)
12687
msgid ""
12688
"zentyal-webmail: allows to access your mail using the popular "
12689
"<application>Roundcube</application> webmail."
12690
msgstr ""
12691
12692
#: serverguide/C/remote-administration.xml:801(para)
12693
msgid ""
12694
"zentyal-webserver: configures <application>Apache</application> webserver to "
12695
"host different sites on your machine."
12696
msgstr ""
12697
12698
#: serverguide/C/remote-administration.xml:807(para)
12699
msgid ""
12700
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
12701
"with <application>Zentyal</application> mail stack and LDAP."
12702
msgstr ""
12703
12704
#: serverguide/C/remote-administration.xml:821(para)
12705
msgid ""
12706
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
12707
"</ulink> page."
12708
msgstr ""
12709
12710
#: serverguide/C/remote-administration.xml:825(para)
12711
msgid ""
12712
"<ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal Community "
12713
"Wiki</ulink>."
12714
msgstr ""
12715
12716
#: serverguide/C/remote-administration.xml:829(para)
12717
msgid ""
12718
"Visit the <ulink url=\"http://forum.zentyal.org/\">Zentyal forum </ulink> "
12719
"for community support, feedback, feature requests, etc."
12720
msgstr ""
12721
12722
#: serverguide/C/package-management.xml:11(title)
12723
msgid "Package Management"
12724
msgstr ""
12725
12726
#: serverguide/C/package-management.xml:12(para)
12727
msgid ""
12728
"Ubuntu features a comprehensive package management system for installing, "
12729
"upgrading, configuring, and removing software. In addition to providing "
12730
"access to an organized base of over 45,000 software packages for your Ubuntu "
12731
"computer, the package management facilities also feature dependency "
12732
"resolution capabilities and software update checking."
12733
msgstr ""
12734
12735
#: serverguide/C/package-management.xml:14(para)
12736
msgid ""
12737
"Several tools are available for interacting with Ubuntu's package management "
12738
"system, from simple command-line utilities which may be easily automated by "
12739
"system administrators, to a simple graphical interface which is easy to use "
12740
"by those new to Ubuntu."
12741
msgstr ""
12742
12743
#: serverguide/C/package-management.xml:19(para)
12744
msgid ""
12745
"Ubuntu's package management system is derived from the same system used by "
12746
"the Debian GNU/Linux distribution. The package files contain all of the "
12747
"necessary files, meta-data, and instructions to implement a particular "
12748
"functionality or software application on your Ubuntu computer."
12749
msgstr ""
12750
12751
#: serverguide/C/package-management.xml:22(para)
12752
msgid ""
12753
"Debian package files typically have the extension '.deb', and usually exist "
12754
"in <emphasis role=\"italics\">repositories</emphasis> which are collections "
12755
"of packages found on various media, such as CD-ROM discs, or online. "
12756
"Packages are normally in a pre-compiled binary format; thus installation is "
12757
"quick, and requires no compiling of software."
12758
msgstr ""
12759
12760
#: serverguide/C/package-management.xml:25(para)
12761
msgid ""
12762
"Many complex packages use <emphasis "
12763
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
12764
"packages required by the principal package in order to function properly. "
12765
"For example, the speech synthesis package "
12766
"<application>festival</application> depends upon the package "
12767
"<application>libasound2</application>, which is a package supplying the "
12768
"<application>ALSA</application> sound library needed for audio playback. In "
12769
"order for <application>festival</application> to function, it and all of its "
12770
"dependencies must be installed. The software management tools in Ubuntu will "
12771
"do this automatically."
12772
msgstr ""
12773
12774
#: serverguide/C/package-management.xml:30(title)
12775
msgid "dpkg"
12776
msgstr ""
12777
12778
#: serverguide/C/package-management.xml:32(para)
12779
msgid ""
12780
"<application>dpkg</application> is a package manager for "
12781
"<emphasis>Debian</emphasis>-based systems. It can install, remove, and build "
12782
"packages, but unlike other package management systems, it cannot "
12783
"automatically download and install packages or their dependencies. This "
12784
"section covers using <application>dpkg</application> to manage locally "
12785
"installed packages:"
12786
msgstr ""
12787
12788
#: serverguide/C/package-management.xml:41(para)
12789
msgid ""
12790
"To list all packages installed on the system, from a terminal prompt type:"
12791
msgstr ""
12792
12793
#: serverguide/C/package-management.xml:46(command)
12794
msgid "dpkg -l"
12795
msgstr ""
12796
12797
#: serverguide/C/package-management.xml:52(para)
12798
msgid ""
12799
"Depending on the amount of packages on your system, this can generate a "
12800
"large amount of output. Pipe the output through "
12801
"<application>grep</application> to see if a specific package is installed:"
12802
msgstr ""
12803
12804
#: serverguide/C/package-management.xml:58(command)
12805
msgid "dpkg -l | grep apache2"
12806
msgstr ""
12807
12808
#: serverguide/C/package-management.xml:61(para)
12809
msgid ""
12810
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
12811
"package name, or other regular expression."
12812
msgstr ""
12813
12814
#: serverguide/C/package-management.xml:68(para)
12815
msgid ""
12816
"To list the files installed by a package, in this case the "
12817
"<application>ufw</application> package, enter:"
12818
msgstr ""
12819
12820
#: serverguide/C/package-management.xml:73(command)
12821
msgid "dpkg -L ufw"
12822
msgstr ""
12823
12824
#: serverguide/C/package-management.xml:79(para)
12825
msgid ""
12826
"If you are not sure which package installed a file, <application>dpkg -"
12827
"S</application> may be able to tell you. For example:"
12828
msgstr ""
12829
12830
#: serverguide/C/package-management.xml:85(command)
12831
msgid "dpkg -S /etc/host.conf"
12832
msgstr ""
12833
12834
#: serverguide/C/package-management.xml:86(computeroutput)
12835
#, no-wrap
12836
msgid "base-files: /etc/host.conf"
12837
msgstr ""
12838
12839
#: serverguide/C/package-management.xml:89(para)
12840
msgid ""
12841
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
12842
"<application>base-files</application> package."
12843
msgstr ""
12844
12845
#: serverguide/C/package-management.xml:94(para)
12846
msgid ""
12847
"Many files are automatically generated during the package install process, "
12848
"and even though they are on the filesystem, <command>dpkg -S</command> may "
12849
"not know which package they belong to."
12850
msgstr ""
12851
12852
#: serverguide/C/package-management.xml:103(para)
12853
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
12854
msgstr ""
12855
12856
#: serverguide/C/package-management.xml:108(command)
12857
msgid "sudo dpkg -i zip_3.0-4_i386.deb"
12858
msgstr ""
12859
12860
#: serverguide/C/package-management.xml:111(para)
12861
msgid ""
12862
"Change <filename>zip_3.0-4_i386.deb</filename> to the actual file name of "
12863
"the local .deb file you wish to install."
12864
msgstr ""
12865
12866
#: serverguide/C/package-management.xml:118(para)
12867
msgid "Uninstalling a package can be accomplished by:"
12868
msgstr ""
12869
12870
#: serverguide/C/package-management.xml:123(command)
12871
msgid "sudo dpkg -r zip"
12872
msgstr ""
12873
12874
#: serverguide/C/package-management.xml:127(para)
12875
msgid ""
12876
"Uninstalling packages using <application>dpkg</application>, in most cases, "
12877
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
12878
"manager that handles dependencies to ensure that the system is in a "
12879
"consistent state. For example using <command>dpkg -r zip</command> will "
12880
"remove the <application>zip</application> package, but any packages that "
12881
"depend on it will still be installed and may no longer function correctly."
12882
msgstr ""
12883
12884
#: serverguide/C/package-management.xml:138(para)
12885
msgid ""
12886
"For more <application>dpkg</application> options see the man page: "
12887
"<command>man dpkg</command>."
12888
msgstr ""
12889
12890
#: serverguide/C/package-management.xml:144(title)
12891
msgid "Apt"
12892
msgstr ""
12893
12894
#: serverguide/C/package-management.xml:145(para)
12895
msgid ""
12896
"The <application>apt</application> command is a powerful command-line tool, "
12897
"which works with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> (APT) "
12898
"performing such functions as installation of new software packages, upgrade "
12899
"of existing software packages, updating of the package list index, and even "
12900
"upgrading the entire Ubuntu system."
12901
msgstr ""
12902
12903
#: serverguide/C/package-management.xml:148(para)
12904
msgid ""
12905
"Being a simple command-line tool, <application>apt</application> has "
12906
"numerous advantages over other package management tools available in Ubuntu "
12907
"for server administrators. Some of these advantages include ease of use over "
12908
"simple terminal connections (SSH), and the ability to be used in system "
12909
"administration scripts, which can in turn be automated by the "
12910
"<application>cron</application> scheduling utility."
12911
msgstr ""
12912
12913
#: serverguide/C/package-management.xml:155(para)
12914
msgid ""
12915
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
12916
"packages using the <application>apt</application> tool is quite simple. For "
12917
"example, to install the network scanner <application>nmap</application>, "
12918
"type the following: <screen>\n"
12919
"<command>sudo apt install nmap</command>\n"
12920
"</screen>"
12921
msgstr ""
12922
12923
#: serverguide/C/package-management.xml:163(para)
12924
msgid ""
12925
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package "
12926
"(or packages) is also straightforward. To remove the package installed in "
12927
"the previous example, type the following: <screen>\n"
12928
"<command>sudo apt remove nmap</command>\n"
12929
"</screen>"
12930
msgstr ""
12931
12932
#: serverguide/C/package-management.xml:170(para)
12933
msgid ""
12934
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
12935
"multiple packages to be installed or removed, separated by spaces."
12936
msgstr ""
12937
12938
#: serverguide/C/package-management.xml:173(para)
12939
msgid ""
12940
"Also, adding the <emphasis>--purge</emphasis> option to <command>apt "
12941
"remove</command> will remove the package configuration files as well. This "
12942
"may or may not be the desired effect, so use with caution."
12943
msgstr ""
12944
12945
#: serverguide/C/package-management.xml:179(para)
12946
msgid ""
12947
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
12948
"index is essentially a database of available packages from the repositories "
12949
"defined in the <filename>/etc/apt/sources.list</filename> file and in the "
12950
"<filename>/etc/apt/sources.list.d</filename> directory. To update the local "
12951
"package index with the latest changes made in the repositories, type the "
12952
"following: <screen>\n"
12953
"<command>sudo apt update</command>\n"
12954
"</screen>"
12955
msgstr ""
12956
12957
#: serverguide/C/package-management.xml:187(para)
12958
msgid ""
12959
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
12960
"versions of packages currently installed on your computer may become "
12961
"available from the package repositories (for example security updates). To "
12962
"upgrade your system, first update your package index as outlined above, and "
12963
"then type: <screen>\n"
12964
"<command>sudo apt upgrade</command>\n"
12965
"</screen>"
12966
msgstr ""
12967
12968
#: serverguide/C/package-management.xml:193(para)
12969
msgid ""
12970
"For information on upgrading to a new Ubuntu release see <xref "
12971
"linkend=\"installing-upgrading\"/>."
12972
msgstr ""
12973
12974
#: serverguide/C/package-management.xml:151(para)
12975
msgid ""
12976
"Some examples of popular uses for the <application>apt</application> "
12977
"utility: <placeholder-1/>"
12978
msgstr ""
12979
12980
#: serverguide/C/package-management.xml:199(para)
12981
msgid ""
12982
"Actions of the <application>apt</application> command, such as installation "
12983
"and removal of packages, are logged in the /var/log/dpkg.log log file."
12984
msgstr ""
12985
12986
#: serverguide/C/package-management.xml:202(para)
12987
msgid ""
12988
"For further information about the use of <application>APT</application>, "
12989
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
12990
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>\n"
12991
"<command>apt help</command>\n"
12992
"</screen>"
12993
msgstr ""
12994
12995
#: serverguide/C/package-management.xml:210(title)
12996
msgid "Aptitude"
12997
msgstr ""
12998
12999
#: serverguide/C/package-management.xml:211(para)
13000
msgid ""
13001
"Launching <application>Aptitude</application> with no command-line options, "
13002
"will give you a menu-driven, text-based front-end to the <emphasis>Advanced "
13003
"Packaging Tool</emphasis> (APT) system. Many of the common package "
13004
"management functions, such as installation, removal, and upgrade, can be "
13005
"performed in <application>Aptitude</application> with single-key commands, "
13006
"which are typically lowercase letters."
13007
msgstr ""
13008
13009
#: serverguide/C/package-management.xml:214(para)
13010
msgid ""
13011
"<application>Aptitude</application> is best suited for use in a non-"
13012
"graphical terminal environment to ensure proper functioning of the command "
13013
"keys. You may start the menu-driven interface of "
13014
"<application>Aptitude</application> as a normal user by typing the following "
13015
"command at a terminal prompt: <screen>\n"
13016
"<command>sudo aptitude</command>\n"
13017
"</screen>"
13018
msgstr ""
13019
13020
#: serverguide/C/package-management.xml:220(para)
13021
msgid ""
13022
"When <application>Aptitude</application> starts, you will see a menu bar at "
13023
"the top of the screen and two panes below the menu bar. The top pane "
13024
"contains package categories, such as <emphasis>New Packages</emphasis> and "
13025
"<emphasis>Not Installed Packages</emphasis>. The bottom pane contains "
13026
"information related to the packages and package categories."
13027
msgstr ""
13028
13029
#: serverguide/C/package-management.xml:223(para)
13030
msgid ""
13031
"Using <application>Aptitude</application> for package management is "
13032
"relatively straightforward, and the user interface makes common tasks simple "
13033
"to perform. The following are examples of common package management "
13034
"functions as performed in <application>Aptitude</application>:"
13035
msgstr ""
13036
13037
#: serverguide/C/package-management.xml:227(para)
13038
msgid ""
13039
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
13040
"locate the package via the <emphasis>Not Installed Packages</emphasis> "
13041
"package category, by using the keyboard arrow keys and the "
13042
"<keycap>ENTER</keycap> key. Highlight the desired package, then press the "
13043
"<keycap>+</keycap> key. The package entry should turn "
13044
"<emphasis>green</emphasis>, indicating that it has been marked for "
13045
"installation. Now press <keycap>g</keycap> to be presented with a summary of "
13046
"package actions. Press <keycap>g</keycap> again, and downloading and "
13047
"installation of the package will commence. When finished, press "
13048
"<keycap>ENTER</keycap>, to return to the menu."
13049
msgstr ""
13050
13051
#: serverguide/C/package-management.xml:237(para)
13052
msgid ""
13053
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
13054
"locate the package via the <emphasis role=\"italics\">Installed "
13055
"Packages</emphasis> package category, by using the keyboard arrow keys and "
13056
"the <keycap>ENTER</keycap> key. Highlight the desired package you wish to "
13057
"remove, then press the <keycap>-</keycap> key. The package entry should turn "
13058
"<emphasis role=\"italics\">pink</emphasis>, indicating it has been marked "
13059
"for removal. Now press <keycap>g</keycap> to be presented with a summary of "
13060
"package actions. Press <keycap>g</keycap> again, and removal of the package "
13061
"will commence. When finished, press <keycap>ENTER</keycap>, to return to the "
13062
"menu."
13063
msgstr ""
13064
13065
#: serverguide/C/package-management.xml:247(para)
13066
msgid ""
13067
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
13068
"package index, simply press the <keycap>u</keycap> key. Updating of the "
13069
"package index will commence."
13070
msgstr ""
13071
13072
#: serverguide/C/package-management.xml:252(para)
13073
msgid ""
13074
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
13075
"perform the update of the package index as detailed above, and then press "
13076
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
13077
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
13078
"actions. Press <keycap>g</keycap> again, and the download and installation "
13079
"will commence. When finished, press <keycap>ENTER</keycap>, to return to the "
13080
"menu."
13081
msgstr ""
13082
13083
#: serverguide/C/package-management.xml:263(para)
13084
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
13085
msgstr ""
13086
13087
#: serverguide/C/package-management.xml:268(para)
13088
msgid ""
13089
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
13090
"configuration remains on system"
13091
msgstr ""
13092
13093
#: serverguide/C/package-management.xml:272(para)
13094
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
13095
msgstr ""
13096
13097
#: serverguide/C/package-management.xml:276(para)
13098
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
13099
msgstr ""
13100
13101
#: serverguide/C/package-management.xml:280(para)
13102
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
13103
msgstr ""
13104
13105
#: serverguide/C/package-management.xml:284(para)
13106
msgid ""
13107
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
13108
"configured"
13109
msgstr ""
13110
13111
#: serverguide/C/package-management.xml:288(para)
13112
msgid ""
13113
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
13114
"and requires fix"
13115
msgstr ""
13116
13117
#: serverguide/C/package-management.xml:292(para)
13118
msgid ""
13119
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
13120
"requires fix"
13121
msgstr ""
13122
13123
#: serverguide/C/package-management.xml:260(para)
13124
msgid ""
13125
"The first column of information displayed in the package list in the top "
13126
"pane, when actually viewing packages lists the current state of the package, "
13127
"and uses the following key to describe the state of the package: "
13128
"<placeholder-1/>"
13129
msgstr ""
13130
13131
#: serverguide/C/package-management.xml:298(para)
13132
msgid ""
13133
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
13134
"wish to exit. Many other functions are available from the Aptitude menu by "
13135
"pressing the <keycap>F10</keycap> key."
13136
msgstr ""
13137
13138
#: serverguide/C/package-management.xml:301(title)
13139
msgid "Command Line Aptitude"
13140
msgstr ""
13141
13142
#: serverguide/C/package-management.xml:302(para)
13143
msgid ""
13144
"You can also use <application>Aptitude</application> as a command-line tool, "
13145
"similar to <application>apt</application>. To install the "
13146
"<application>nmap</application> package with all necessary dependencies, as "
13147
"in the <application>apt</application> example, you would use the following "
13148
"command: <screen>\n"
13149
"<command>sudo aptitude install nmap</command>\n"
13150
"</screen> To remove the same package, you would use the command: <screen>\n"
13151
"<command>sudo aptitude remove nmap</command>\n"
13152
"</screen> Consult the <application>man</application> pages for more details "
13153
"of command line options for <application>Aptitude</application>."
13154
msgstr ""
13155
13156
#: serverguide/C/package-management.xml:315(title)
13157
msgid "Automatic Updates"
13158
msgstr ""
13159
13160
#: serverguide/C/package-management.xml:317(para)
13161
msgid ""
13162
"The <application>unattended-upgrades</application> package can be used to "
13163
"automatically install updated packages, and can be configured to update all "
13164
"packages or just install security updates. First, install the package by "
13165
"entering the following in a terminal:"
13166
msgstr ""
13167
13168
#: serverguide/C/package-management.xml:323(command)
13169
msgid "sudo apt install unattended-upgrades"
13170
msgstr ""
13171
13172
#: serverguide/C/package-management.xml:326(para)
13173
msgid ""
13174
"To configure <application>unattended-upgrades</application>, edit "
13175
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
13176
"the following to fit your needs:"
13177
msgstr ""
13178
13179
#: serverguide/C/package-management.xml:331(programlisting)
13180
#, no-wrap
13181
msgid ""
13182
"\n"
13183
"Unattended-Upgrade::Allowed-Origins {\n"
13184
" \"${distro_id}:${distro_codename}\";\n"
13185
" \"${distro_id}:${distro_codename}-security\";\n"
13186
"// \"${distro_id}:${distro_codename}-updates\";\n"
13187
"// \"${distro_id}:${distro_codename}-proposed\";\n"
13188
"// \"${distro_id}:${distro_codename}-backports\";\n"
13189
"};\n"
13190
msgstr ""
13191
13192
#: serverguide/C/package-management.xml:341(para)
13193
msgid ""
13194
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
13195
"will not be automatically updated. To blacklist a package, add it to the "
13196
"list:"
13197
msgstr ""
13198
13199
#: serverguide/C/package-management.xml:346(programlisting)
13200
#, no-wrap
13201
msgid ""
13202
"\n"
13203
"Unattended-Upgrade::Package-Blacklist {\n"
13204
"// \"vim\";\n"
13205
"// \"libc6\";\n"
13206
"// \"libc6-dev\";\n"
13207
"// \"libc6-i686\";\n"
13208
"};\n"
13209
msgstr ""
13210
13211
#: serverguide/C/package-management.xml:356(para)
13212
msgid ""
13213
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
13214
"whatever follows \"//\" will not be evaluated."
13215
msgstr ""
13216
13217
#: serverguide/C/package-management.xml:361(para)
13218
msgid ""
13219
"To enable automatic updates, edit <filename>/etc/apt/apt.conf.d/20auto-"
13220
"upgrades</filename> and set the appropriate <application>apt</application> "
13221
"configuration options:"
13222
msgstr ""
13223
13224
#: serverguide/C/package-management.xml:365(programlisting)
13225
#, no-wrap
13226
msgid ""
13227
"\n"
13228
"APT::Periodic::Update-Package-Lists \"1\";\n"
13229
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
13230
"APT::Periodic::AutocleanInterval \"7\";\n"
13231
"APT::Periodic::Unattended-Upgrade \"1\";\n"
13232
msgstr ""
13233
13234
#: serverguide/C/package-management.xml:372(para)
13235
msgid ""
13236
"The above configuration updates the package list, downloads, and installs "
13237
"available upgrades every day. The local download archive is cleaned every "
13238
"week. On servers upgraded to newer versions of Ubuntu, depending on your "
13239
"responses, the file listed above may not be there. In this case, creating a "
13240
"new file of this name should also work."
13241
msgstr ""
13242
13243
#: serverguide/C/package-management.xml:380(para)
13244
msgid ""
13245
"You can read more about <application>apt</application> Periodic "
13246
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
13247
"header."
13248
msgstr ""
13249
13250
#: serverguide/C/package-management.xml:385(para)
13251
msgid ""
13252
"The results of <application>unattended-upgrades</application> will be logged "
13253
"to <filename>/var/log/unattended-upgrades</filename>."
13254
msgstr ""
13255
13256
#: serverguide/C/package-management.xml:390(title)
13257
msgid "Notifications"
13258
msgstr ""
13259
13260
#: serverguide/C/package-management.xml:392(para)
13261
msgid ""
13262
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
13263
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
13264
"<application>unattended-upgrades</application> to email an administrator "
13265
"detailing any packages that need upgrading or have problems."
13266
msgstr ""
13267
13268
#: serverguide/C/package-management.xml:397(para)
13269
msgid ""
13270
"Another useful package is <application>apticron</application>. "
13271
"<application>apticron</application> will configure a "
13272
"<application>cron</application> job to email an administrator information "
13273
"about any packages on the system that have updates available, as well as a "
13274
"summary of changes in each package."
13275
msgstr ""
13276
13277
#: serverguide/C/package-management.xml:403(para)
13278
msgid ""
13279
"To install the <application>apticron</application> package, in a terminal "
13280
"enter:"
13281
msgstr ""
13282
13283
#: serverguide/C/package-management.xml:408(command)
13284
msgid "sudo apt install apticron"
13285
msgstr ""
13286
13287
#: serverguide/C/package-management.xml:411(para)
13288
msgid ""
13289
"Once the package is installed edit "
13290
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
13291
"and other options:"
13292
msgstr ""
13293
13294
#: serverguide/C/package-management.xml:415(programlisting)
13295
#, no-wrap
13296
msgid ""
13297
"\n"
13298
"EMAIL=\"root@example.com\"\n"
13299
msgstr ""
13300
13301
#: serverguide/C/package-management.xml:424(para)
13302
msgid ""
13303
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
13304
"system repositories is stored in the "
13305
"<filename>/etc/apt/sources.list</filename> file and the "
13306
"<filename>/etc/apt/sources.list.d</filename> directory. An example of this "
13307
"file is referenced here, along with information on adding or removing "
13308
"repository references from the file."
13309
msgstr ""
13310
13311
#: serverguide/C/package-management.xml:429(para)
13312
msgid ""
13313
"You may edit the file to enable repositories or disable them. For example, "
13314
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
13315
"operations occur, simply comment out the appropriate line for the CD-ROM, "
13316
"which appears at the top of the file:"
13317
msgstr ""
13318
13319
#: serverguide/C/package-management.xml:434(screen)
13320
#, no-wrap
13321
msgid ""
13322
"\n"
13323
"# no more prompting for CD-ROM please\n"
13324
"# deb cdrom:[Ubuntu 16.04 _Xenial Xerus_ - Release i386 (20111013.1)]/ "
13325
"xenial main restricted\n"
13326
msgstr ""
13327
13328
#: serverguide/C/package-management.xml:440(title)
13329
msgid "Extra Repositories"
13330
msgstr ""
13331
13332
#: serverguide/C/package-management.xml:441(para)
13333
msgid ""
13334
"In addition to the officially supported package repositories available for "
13335
"Ubuntu, there exist additional community-maintained repositories which add "
13336
"thousands more packages for potential installation. Two of the most popular "
13337
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
13338
"repositories. These repositories are not officially supported by Ubuntu, but "
13339
"because they are maintained by the community they generally provide packages "
13340
"which are safe for use with your Ubuntu computer."
13341
msgstr ""
13342
13343
#: serverguide/C/package-management.xml:444(para)
13344
msgid ""
13345
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
13346
"licensing issues that prevent them from being distributed with a free "
13347
"operating system, and they may be illegal in your locality."
13348
msgstr ""
13349
13350
#: serverguide/C/package-management.xml:446(para)
13351
msgid ""
13352
"Be advised that neither the <emphasis>Universe</emphasis> or "
13353
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
13354
"packages. In particular, there may not be security updates for these "
13355
"packages."
13356
msgstr ""
13357
13358
#: serverguide/C/package-management.xml:450(para)
13359
msgid ""
13360
"Many other package sources are available, sometimes even offering only one "
13361
"package, as in the case of package sources provided by the developer of a "
13362
"single application. You should always be very careful and cautious when "
13363
"using non-standard package sources, however. Research the source and "
13364
"packages carefully before performing any installation, as some package "
13365
"sources and their packages could render your system unstable or non-"
13366
"functional in some respects."
13367
msgstr ""
13368
13369
#: serverguide/C/package-management.xml:453(para)
13370
msgid ""
13371
"By default, the <emphasis>Universe</emphasis> and "
13372
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
13373
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
13374
"comment the following lines:"
13375
msgstr ""
13376
13377
#: serverguide/C/package-management.xml:460(programlisting)
13378
#, no-wrap
13379
msgid ""
13380
"\n"
13381
"deb http://archive.ubuntu.com/ubuntu xenial universe multiverse\n"
13382
"deb-src http://archive.ubuntu.com/ubuntu xenial universe multiverse\n"
13383
"\n"
13384
"deb http://us.archive.ubuntu.com/ubuntu/ xenial universe\n"
13385
"deb-src http://us.archive.ubuntu.com/ubuntu/ xenial universe\n"
13386
"deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe\n"
13387
"deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe\n"
13388
"\n"
13389
"deb http://us.archive.ubuntu.com/ubuntu/ xenial multiverse\n"
13390
"deb-src http://us.archive.ubuntu.com/ubuntu/ xenial multiverse\n"
13391
"deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates multiverse\n"
13392
"deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates multiverse\n"
13393
"\n"
13394
"deb http://security.ubuntu.com/ubuntu xenial-security universe\n"
13395
"deb-src http://security.ubuntu.com/ubuntu xenial-security universe\n"
13396
"deb http://security.ubuntu.com/ubuntu xenial-security multiverse\n"
13397
"deb-src http://security.ubuntu.com/ubuntu xenial-security multiverse\n"
13398
msgstr ""
13399
13400
#: serverguide/C/package-management.xml:486(para)
13401
msgid ""
13402
"Most of the material covered in this chapter is available in "
13403
"<application>man</application> pages, many of which are available online."
13404
msgstr ""
13405
13406
#: serverguide/C/package-management.xml:493(para)
13407
msgid ""
13408
"The <ulink "
13409
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
13410
"re</ulink> Ubuntu wiki page has more information."
13411
msgstr ""
13412
13413
#: serverguide/C/package-management.xml:498(para)
13414
msgid ""
13415
"For more <application>dpkg</application> details see the <ulink "
13416
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man1/dpkg.1.html\">dpkg "
13417
"man page</ulink>."
13418
msgstr ""
13419
13420
#: serverguide/C/package-management.xml:504(para)
13421
msgid ""
13422
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
13423
"HOWTO</ulink> and <ulink "
13424
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man8/apt.8.html\">apt "
13425
"man page</ulink> contain useful information regarding "
13426
"<application>apt</application> usage."
13427
msgstr ""
13428
13429
#: serverguide/C/package-management.xml:511(para)
13430
msgid ""
13431
"See the <ulink "
13432
"url=\"http://manpages.ubuntu.com/manpages/xenial/man8/aptitude.8.html\">aptit"
13433
"ude man page</ulink> for more <application>aptitude</application> options."
13434
msgstr ""
13435
13436
#: serverguide/C/package-management.xml:517(para)
13437
msgid ""
13438
"The <ulink "
13439
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
13440
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
13441
"adding repositories."
13442
msgstr ""
13443
13444
#: serverguide/C/other-apps.xml:11(title)
13445
msgid "Other Useful Applications"
13446
msgstr ""
13447
13448
#: serverguide/C/other-apps.xml:13(para)
13449
msgid ""
13450
"There are many very useful applications developed by the Ubuntu Server Team, "
13451
"and others that are well integrated with Ubuntu Server Edition, that might "
13452
"not be well known. This chapter will showcase some useful applications that "
13453
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
13454
"easier."
13455
msgstr ""
13456
13457
#: serverguide/C/other-apps.xml:21(title)
13458
msgid "pam_motd"
13459
msgstr ""
13460
13461
#: serverguide/C/other-apps.xml:23(para)
13462
msgid ""
13463
"When logging into an Ubuntu server you may have noticed the informative "
13464
"Message Of The Day (MOTD). This information is obtained and displayed using "
13465
"a couple of packages:"
13466
msgstr ""
13467
13468
#: serverguide/C/other-apps.xml:30(para)
13469
msgid ""
13470
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
13471
"<application>landscape-client</application>, which is needed to manage "
13472
"systems with <ulink "
13473
"url=\"http://landscape.canonical.com/\">Landscape</ulink> (proprietary). Yet "
13474
"the package also includes the <application>landscape-sysinfo</application> "
13475
"utility which is responsible for displaying core system data involving cpu, "
13476
"memory, disk space, etc. For instance:"
13477
msgstr ""
13478
13479
#: serverguide/C/other-apps.xml:37(computeroutput)
13480
#, no-wrap
13481
msgid ""
13482
"\n"
13483
"\t System load: 0.0 Processes: 76\n"
13484
"\t Usage of /: 30.2% of 3.11GB Users logged in: 1\n"
13485
"\t Memory usage: 20% IP address for eth0: 10.153.107.115\n"
13486
"\t Swap usage: 0%\n"
13487
"\n"
13488
"\t Graph this data and manage this system at "
13489
"https://landscape.canonical.com/\n"
13490
msgstr ""
13491
13492
#: serverguide/C/other-apps.xml:48(para)
13493
msgid "You can run landscape-sysinfo manually at any time."
13494
msgstr ""
13495
13496
#: serverguide/C/other-apps.xml:55(para)
13497
msgid ""
13498
"<emphasis>update-notifier-common:</emphasis> provides information on "
13499
"available package updates, impending filesystem checks (fsck), and required "
13500
"reboots (e.g.: after a kernel upgrade)."
13501
msgstr ""
13502
13503
#: serverguide/C/other-apps.xml:61(para)
13504
msgid ""
13505
"<application>pam_motd</application> executes the scripts in "
13506
"<filename>/etc/update-motd.d</filename> in order based on the number "
13507
"prepended to the script. The output of the scripts is written to "
13508
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
13509
"concatenated with <filename>/etc/motd.tail</filename>."
13510
msgstr ""
13511
13512
#: serverguide/C/other-apps.xml:67(para)
13513
msgid ""
13514
"You can add your own dynamic information to the MOTD. For example, to add "
13515
"local weather information:"
13516
msgstr ""
13517
13518
#: serverguide/C/other-apps.xml:73(para)
13519
msgid "First, install the <application>weather-util</application> package:"
13520
msgstr ""
13521
13522
#: serverguide/C/other-apps.xml:78(command)
13523
msgid "sudo apt install weather-util"
13524
msgstr ""
13525
13526
#: serverguide/C/other-apps.xml:83(para)
13527
msgid ""
13528
"The <application>weather</application> utility uses METAR data from the "
13529
"National Oceanic and Atmospheric Administration and forecasts from the "
13530
"National Weather Service. In order to find local information you will need "
13531
"the 4-character ICAO location indicator. This can be determined by browsing "
13532
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
13533
"Weather Service</ulink> site."
13534
msgstr ""
13535
13536
#: serverguide/C/other-apps.xml:90(para)
13537
msgid ""
13538
"Although the National Weather Service is a United States government agency "
13539
"there are weather stations available world wide. However, local weather "
13540
"information for all locations outside the U.S. may not be available."
13541
msgstr ""
13542
13543
#: serverguide/C/other-apps.xml:96(para)
13544
msgid ""
13545
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
13546
"script to use <application>weather</application> with your local ICAO "
13547
"indicator:"
13548
msgstr ""
13549
13550
#: serverguide/C/other-apps.xml:101(programlisting)
13551
#, no-wrap
13552
msgid ""
13553
"\n"
13554
"#!/bin/sh\n"
13555
"#\n"
13556
"#\n"
13557
"# Prints the local weather information for the MOTD.\n"
13558
"#\n"
13559
"#\n"
13560
"\n"
13561
"# Replace KINT with your local weather station.\n"
13562
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
13563
"\n"
13564
"echo\n"
13565
"weather -i KINT\n"
13566
"echo\n"
13567
"\n"
13568
msgstr ""
13569
13570
#: serverguide/C/other-apps.xml:119(para)
13571
msgid "Make the script executable:"
13572
msgstr ""
13573
13574
#: serverguide/C/other-apps.xml:124(command)
13575
msgid "sudo chmod 755 /usr/local/bin/local-weather"
13576
msgstr ""
13577
13578
#: serverguide/C/other-apps.xml:128(para)
13579
msgid ""
13580
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
13581
"weather</filename>:"
13582
msgstr ""
13583
13584
#: serverguide/C/other-apps.xml:133(command)
13585
msgid ""
13586
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
13587
msgstr ""
13588
13589
#: serverguide/C/other-apps.xml:137(para)
13590
msgid "Finally, exit the server and re-login to view the new MOTD."
13591
msgstr ""
13592
13593
#: serverguide/C/other-apps.xml:143(para)
13594
msgid ""
13595
"You should now be greeted with some useful information, and some information "
13596
"about the local weather that may not be quite so useful. Hopefully the "
13597
"<application>local-weather</application> example demonstrates the "
13598
"flexibility of <application>pam_motd</application>."
13599
msgstr ""
13600
13601
#: serverguide/C/other-apps.xml:156(para)
13602
msgid ""
13603
"See the <ulink "
13604
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/update-"
13605
"motd.5.html\">update-motd man page</ulink> for more options available to "
13606
"<application>update-motd</application>."
13607
msgstr ""
13608
13609
#: serverguide/C/other-apps.xml:163(para)
13610
msgid ""
13611
"The Debian Package of the Day <ulink "
13612
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
13613
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
13614
"details about using the <application>weather</application>utility."
13615
msgstr ""
13616
13617
#: serverguide/C/other-apps.xml:178(title)
13618
msgid "etckeeper"
13619
msgstr ""
13620
13621
#: serverguide/C/other-apps.xml:180(para)
13622
msgid ""
13623
"<application>etckeeper</application> allows the contents of <filename "
13624
"role=\"directory\">/etc</filename> to be stored in a Version Control System "
13625
"(VCS) repository. It integrates with <application>APT</application> and "
13626
"automatically commits changes to <filename>/etc</filename> when packages are "
13627
"installed or upgraded. Placing <filename>/etc</filename> under version "
13628
"control is considered an industry best practice, and the goal of "
13629
"<application>etckeeper</application> is to make this process as painless as "
13630
"possible."
13631
msgstr ""
13632
13633
#: serverguide/C/other-apps.xml:188(para)
13634
msgid ""
13635
"Install <application>etckeeper</application> by entering the following in a "
13636
"terminal:"
13637
msgstr ""
13638
13639
#: serverguide/C/other-apps.xml:193(command)
13640
msgid "sudo apt install etckeeper"
13641
msgstr ""
13642
13643
#: serverguide/C/other-apps.xml:196(para)
13644
msgid ""
13645
"The main configuration file, "
13646
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
13647
"main option is which VCS to use and by default "
13648
"<application>etckeeper</application> is configured to use "
13649
"<application>Bazaar</application>. The repository is automatically "
13650
"initialized (and committed for the first time) during package installation. "
13651
"It is possible to undo this by entering the following command:"
13652
msgstr ""
13653
13654
#: serverguide/C/other-apps.xml:204(command)
13655
msgid "sudo etckeeper uninit"
13656
msgstr ""
13657
13658
#: serverguide/C/other-apps.xml:207(para)
13659
msgid ""
13660
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
13661
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
13662
"It will also automatically commit changes before and after package "
13663
"installation. For a more precise tracking of changes, it is recommended to "
13664
"commit your changes manually, together with a commit message, using:"
13665
msgstr ""
13666
13667
#: serverguide/C/other-apps.xml:214(command)
13668
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
13669
msgstr ""
13670
13671
#: serverguide/C/other-apps.xml:217(para)
13672
msgid "Using bzr's VCS commands you can view log information:"
13673
msgstr ""
13674
13675
#: serverguide/C/other-apps.xml:222(command)
13676
msgid "sudo bzr log /etc/passwd"
13677
msgstr ""
13678
13679
#: serverguide/C/other-apps.xml:225(para)
13680
msgid ""
13681
"To demonstrate the integration with the package management system (APT), "
13682
"install <application>postfix</application>:"
13683
msgstr ""
13684
13685
#: serverguide/C/other-apps.xml:230(command) serverguide/C/mail.xml:43(command)
13686
msgid "sudo apt install postfix"
13687
msgstr ""
13688
13689
#: serverguide/C/other-apps.xml:233(para)
13690
msgid ""
13691
"When the installation is finished, all the "
13692
"<application>postfix</application> configuration files should be committed "
13693
"to the repository:"
13694
msgstr ""
13695
13696
#: serverguide/C/other-apps.xml:239(computeroutput)
13697
#, no-wrap
13698
msgid ""
13699
"Committing to: /etc/\n"
13700
"added aliases.db\n"
13701
"modified group\n"
13702
"modified group-\n"
13703
"modified gshadow\n"
13704
"modified gshadow-\n"
13705
"modified passwd\n"
13706
"modified passwd-\n"
13707
"added postfix\n"
13708
"added resolvconf\n"
13709
"added rsyslog.d\n"
13710
"modified shadow\n"
13711
"modified shadow-\n"
13712
"added init.d/postfix\n"
13713
"added network/if-down.d/postfix\n"
13714
"added network/if-up.d/postfix\n"
13715
"added postfix/dynamicmaps.cf\n"
13716
"added postfix/main.cf\n"
13717
"added postfix/master.cf\n"
13718
"added postfix/post-install\n"
13719
"added postfix/postfix-files\n"
13720
"added postfix/postfix-script\n"
13721
"added postfix/sasl\n"
13722
"added ppp/ip-down.d\n"
13723
"added ppp/ip-down.d/postfix\n"
13724
"added ppp/ip-up.d/postfix\n"
13725
"added rc0.d/K20postfix\n"
13726
"added rc1.d/K20postfix\n"
13727
"added rc2.d/S20postfix\n"
13728
"added rc3.d/S20postfix\n"
13729
"added rc4.d/S20postfix\n"
13730
"added rc5.d/S20postfix\n"
13731
"added rc6.d/K20postfix\n"
13732
"added resolvconf/update-libc.d\n"
13733
"added resolvconf/update-libc.d/postfix\n"
13734
"added rsyslog.d/postfix.conf\n"
13735
"added ufw/applications.d/postfix\n"
13736
"Committed revision 2."
13737
msgstr ""
13738
13739
#: serverguide/C/other-apps.xml:279(para)
13740
msgid ""
13741
"For an example of how <application>etckeeper</application> tracks manual "
13742
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
13743
"<application>bzr</application> you can see which files have been modified:"
13744
msgstr ""
13745
13746
#: serverguide/C/other-apps.xml:285(command)
13747
msgid "sudo bzr status /etc/"
13748
msgstr ""
13749
13750
#: serverguide/C/other-apps.xml:286(computeroutput)
13751
#, no-wrap
13752
msgid ""
13753
"modified:\n"
13754
" hosts"
13755
msgstr ""
13756
13757
#: serverguide/C/other-apps.xml:290(para)
13758
msgid "Now commit the changes:"
13759
msgstr ""
13760
13761
#: serverguide/C/other-apps.xml:295(command)
13762
msgid "sudo etckeeper commit \"added new host\""
13763
msgstr ""
13764
13765
#: serverguide/C/other-apps.xml:298(para)
13766
msgid ""
13767
"For more information on <application>bzr</application> see <xref "
13768
"linkend=\"bazaar\"/>."
13769
msgstr ""
13770
13771
#: serverguide/C/other-apps.xml:310(para)
13772
msgid ""
13773
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
13774
"site for more details on using <application>etckeeper</application>."
13775
msgstr ""
13776
13777
#: serverguide/C/other-apps.xml:317(para)
13778
msgid ""
13779
"For the latest news and information about <application>bzr</application> see "
13780
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
13781
msgstr ""
13782
13783
#: serverguide/C/other-apps.xml:329(title)
13784
msgid "Byobu"
13785
msgstr ""
13786
13787
#: serverguide/C/other-apps.xml:331(para)
13788
msgid ""
13789
"One of the most useful applications for any system administrator is an xterm "
13790
"multiplexor such as <application>screen</application> or "
13791
"<application>tmux</application>. It allows for the execution of multiple "
13792
"shells in one terminal. To make some of the advanced multiplexor features "
13793
"more user-friendly and provide some useful information about the system, the "
13794
"<application>byobu</application> package was created. It acts as a wrapper "
13795
"to these programs. By default Byobu uses tmux (if installed) but this can be "
13796
"changed by the user."
13797
msgstr ""
13798
13799
#: serverguide/C/other-apps.xml:338(para)
13800
msgid "Invoke it simply with:"
13801
msgstr ""
13802
13803
#: serverguide/C/other-apps.xml:343(command)
13804
msgid "byobu"
13805
msgstr ""
13806
13807
#: serverguide/C/other-apps.xml:346(para)
13808
msgid ""
13809
"Now bring up the configuration menu. By default this is done by pressing the "
13810
"<emphasis>F9</emphasis> key. This will allow you to:"
13811
msgstr ""
13812
13813
#: serverguide/C/other-apps.xml:351(para)
13814
msgid "View the Help menu"
13815
msgstr ""
13816
13817
#: serverguide/C/other-apps.xml:352(para)
13818
msgid "Change Byobu's background color"
13819
msgstr ""
13820
13821
#: serverguide/C/other-apps.xml:353(para)
13822
msgid "Change Byobu's foreground color"
13823
msgstr ""
13824
13825
#: serverguide/C/other-apps.xml:354(para)
13826
msgid "Toggle status notifications"
13827
msgstr ""
13828
13829
#: serverguide/C/other-apps.xml:355(para)
13830
msgid "Change the key binding set"
13831
msgstr ""
13832
13833
#: serverguide/C/other-apps.xml:356(para)
13834
msgid "Change the escape sequence"
13835
msgstr ""
13836
13837
#: serverguide/C/other-apps.xml:357(para)
13838
msgid "Create new windows"
13839
msgstr ""
13840
13841
#: serverguide/C/other-apps.xml:358(para)
13842
msgid "Manage the default windows"
13843
msgstr ""
13844
13845
#: serverguide/C/other-apps.xml:359(para)
13846
msgid "Byobu currently does not launch at login (toggle on)"
13847
msgstr ""
13848
13849
#: serverguide/C/other-apps.xml:362(para)
13850
msgid ""
13851
"The <emphasis>key bindings</emphasis> determine such things as the escape "
13852
"sequence, new window, change window, etc. There are two key binding sets to "
13853
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
13854
"keys</emphasis>. If you wish to use the original key bindings choose the "
13855
"<emphasis>none</emphasis> set."
13856
msgstr ""
13857
13858
#: serverguide/C/other-apps.xml:368(para)
13859
msgid ""
13860
"<application>byobu</application> provides a menu which displays the Ubuntu "
13861
"release, processor information, memory information, and the time and date. "
13862
"The effect is similar to a desktop menu."
13863
msgstr ""
13864
13865
#: serverguide/C/other-apps.xml:373(para)
13866
msgid ""
13867
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
13868
"on)\"</emphasis> option will cause <application>byobu</application> to be "
13869
"executed any time a terminal is opened. Changes made to "
13870
"<application>byobu</application> are on a per user basis, and will not "
13871
"affect other users on the system."
13872
msgstr ""
13873
13874
#: serverguide/C/other-apps.xml:379(para)
13875
msgid ""
13876
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
13877
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
13878
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
13879
"commands. Here is a quick list of movement commands:"
13880
msgstr ""
13881
13882
#: serverguide/C/other-apps.xml:386(para)
13883
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
13884
msgstr ""
13885
13886
#: serverguide/C/other-apps.xml:387(para)
13887
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
13888
msgstr ""
13889
13890
#: serverguide/C/other-apps.xml:388(para)
13891
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
13892
msgstr ""
13893
13894
#: serverguide/C/other-apps.xml:389(para)
13895
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
13896
msgstr ""
13897
13898
#: serverguide/C/other-apps.xml:390(para)
13899
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
13900
msgstr ""
13901
13902
#: serverguide/C/other-apps.xml:391(para)
13903
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
13904
msgstr ""
13905
13906
#: serverguide/C/other-apps.xml:392(para)
13907
msgid ""
13908
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
13909
"the buffer)"
13910
msgstr ""
13911
13912
#: serverguide/C/other-apps.xml:393(para)
13913
msgid "<emphasis>/</emphasis> - Search forward"
13914
msgstr ""
13915
13916
#: serverguide/C/other-apps.xml:394(para)
13917
msgid "<emphasis>?</emphasis> - Search backward"
13918
msgstr ""
13919
13920
#: serverguide/C/other-apps.xml:395(para)
13921
msgid ""
13922
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
13923
msgstr ""
13924
13925
#: serverguide/C/other-apps.xml:403(para)
13926
msgid ""
13927
"For more information on <application>screen</application> see the <ulink "
13928
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
13929
msgstr ""
13930
13931
#: serverguide/C/other-apps.xml:408(para)
13932
msgid ""
13933
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
13934
"screen</ulink> page."
13935
msgstr ""
13936
13937
#: serverguide/C/other-apps.xml:413(para)
13938
msgid ""
13939
"Also, see the <application>byobu</application><ulink "
13940
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
13941
"information."
13942
msgstr ""
13943
13944
#: serverguide/C/network-config.xml:12(para)
13945
msgid ""
13946
"Networks consist of two or more devices, such as computer systems, printers, "
13947
"and related equipment which are connected by either physical cabling or "
13948
"wireless links for the purpose of sharing and distributing information among "
13949
"the connected devices."
13950
msgstr ""
13951
13952
#: serverguide/C/network-config.xml:18(para)
13953
msgid ""
13954
"This section provides general and specific information pertaining to "
13955
"networking, including an overview of network concepts and detailed "
13956
"discussion of popular network protocols."
13957
msgstr ""
13958
13959
#: serverguide/C/network-config.xml:25(title)
13960
msgid "Network Configuration"
13961
msgstr ""
13962
13963
#: serverguide/C/network-config.xml:26(para)
13964
msgid ""
13965
"Ubuntu ships with a number of graphical utilities to configure your network "
13966
"devices. This document is geared toward server administrators and will focus "
13967
"on managing your network on the command line."
13968
msgstr ""
13969
13970
#: serverguide/C/network-config.xml:33(title)
13971
msgid "Ethernet Interfaces"
13972
msgstr ""
13973
13974
#: serverguide/C/network-config.xml:34(para)
13975
msgid ""
13976
"Ethernet interfaces are identified by the system using the naming convention "
13977
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
13978
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
13979
"interface is typically identified as <emphasis "
13980
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
13981
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
13982
"order."
13983
msgstr ""
13984
13985
#: serverguide/C/network-config.xml:44(title)
13986
msgid "Identify Ethernet Interfaces"
13987
msgstr ""
13988
13989
#: serverguide/C/network-config.xml:45(para)
13990
msgid ""
13991
"To quickly identify all available Ethernet interfaces, you can use the "
13992
"<application>ifconfig</application> command as shown below."
13993
msgstr ""
13994
13995
#: serverguide/C/network-config.xml:50(command)
13996
msgid "ifconfig -a | grep eth"
13997
msgstr ""
13998
13999
#: serverguide/C/network-config.xml:51(computeroutput)
14000
#, no-wrap
14001
msgid "eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a"
14002
msgstr ""
14003
14004
#: serverguide/C/network-config.xml:53(para)
14005
msgid ""
14006
"Another application that can help identify all network interfaces available "
14007
"to your system is the <application>lshw</application> command. In the "
14008
"example below, <application>lshw</application> shows a single Ethernet "
14009
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
14010
"along with bus information, driver details and all supported capabilities."
14011
msgstr ""
14012
14013
#: serverguide/C/network-config.xml:60(command)
14014
msgid "sudo lshw -class network"
14015
msgstr ""
14016
14017
#: serverguide/C/network-config.xml:61(computeroutput)
14018
#, no-wrap
14019
msgid ""
14020
" *-network\n"
14021
" description: Ethernet interface\n"
14022
" product: BCM4401-B0 100Base-TX\n"
14023
" vendor: Broadcom Corporation\n"
14024
" physical id: 0\n"
14025
" bus info: pci@0000:03:00.0\n"
14026
" logical name: eth0\n"
14027
" version: 02\n"
14028
" serial: 00:15:c5:4a:16:5a\n"
14029
" size: 10MB/s\n"
14030
" capacity: 100MB/s\n"
14031
" width: 32 bits\n"
14032
" clock: 33MHz\n"
14033
" capabilities: (snipped for brevity)\n"
14034
" configuration: (snipped for brevity)\n"
14035
" resources: irq:17 memory:ef9fe000-ef9fffff"
14036
msgstr ""
14037
14038
#: serverguide/C/network-config.xml:81(title)
14039
msgid "Ethernet Interface Logical Names"
14040
msgstr ""
14041
14042
#: serverguide/C/network-config.xml:82(para)
14043
msgid ""
14044
"Interface logical names are configured in the file "
14045
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
14046
"like control which interface receives a particular logical name, find the "
14047
"line matching the interfaces physical MAC address and modify the value of "
14048
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
14049
"Reboot the system to commit your changes."
14050
msgstr ""
14051
14052
#: serverguide/C/network-config.xml:93(title)
14053
msgid "Ethernet Interface Settings"
14054
msgstr ""
14055
14056
#: serverguide/C/network-config.xml:94(para)
14057
msgid ""
14058
"<application>ethtool</application> is a program that displays and changes "
14059
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
14060
"and Wake-on-LAN. It is not installed by default, but is available for "
14061
"installation in the repositories."
14062
msgstr ""
14063
14064
#: serverguide/C/network-config.xml:100(command)
14065
msgid "sudo apt install ethtool"
14066
msgstr ""
14067
14068
#: serverguide/C/network-config.xml:102(para)
14069
msgid ""
14070
"The following is an example of how to view supported features and configured "
14071
"settings of an Ethernet interface."
14072
msgstr ""
14073
14074
#: serverguide/C/network-config.xml:107(command)
14075
msgid "sudo ethtool eth0"
14076
msgstr ""
14077
14078
#: serverguide/C/network-config.xml:108(computeroutput)
14079
#, no-wrap
14080
msgid ""
14081
"Settings for eth0:\n"
14082
" Supported ports: [ TP ]\n"
14083
" Supported link modes: 10baseT/Half 10baseT/Full \n"
14084
" 100baseT/Half 100baseT/Full \n"
14085
" 1000baseT/Half 1000baseT/Full \n"
14086
" Supports auto-negotiation: Yes\n"
14087
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
14088
" 100baseT/Half 100baseT/Full \n"
14089
" 1000baseT/Half 1000baseT/Full \n"
14090
" Advertised auto-negotiation: Yes\n"
14091
" Speed: 1000Mb/s\n"
14092
" Duplex: Full\n"
14093
" Port: Twisted Pair\n"
14094
" PHYAD: 1\n"
14095
" Transceiver: internal\n"
14096
" Auto-negotiation: on\n"
14097
" Supports Wake-on: g\n"
14098
" Wake-on: d\n"
14099
" Current message level: 0x000000ff (255)\n"
14100
" Link detected: yes"
14101
msgstr ""
14102
14103
#: serverguide/C/network-config.xml:129(para)
14104
msgid ""
14105
"Changes made with the <application>ethtool</application> command are "
14106
"temporary and will be lost after a reboot. If you would like to retain "
14107
"settings, simply add the desired <application>ethtool</application> command "
14108
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
14109
"configuration file <filename>/etc/network/interfaces</filename>."
14110
msgstr ""
14111
14112
#: serverguide/C/network-config.xml:135(para)
14113
msgid ""
14114
"The following is an example of how the interface identified as <emphasis "
14115
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
14116
"speed of 1000Mb/s running in full duplex mode."
14117
msgstr ""
14118
14119
#: serverguide/C/network-config.xml:139(programlisting)
14120
#, no-wrap
14121
msgid ""
14122
"\n"
14123
"auto eth0\n"
14124
"iface eth0 inet static\n"
14125
"pre-up /sbin/ethtool -s eth0 speed 1000 duplex full\n"
14126
msgstr ""
14127
14128
#: serverguide/C/network-config.xml:145(para)
14129
msgid ""
14130
"Although the example above shows the interface configured to use the "
14131
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
14132
"other methods as well, such as DHCP. The example is meant to demonstrate "
14133
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
14134
"statement in relation to the rest of the interface configuration."
14135
msgstr ""
14136
14137
#: serverguide/C/network-config.xml:157(title)
14138
msgid "IP Addressing"
14139
msgstr ""
14140
14141
#: serverguide/C/network-config.xml:158(para)
14142
msgid ""
14143
"The following section describes the process of configuring your systems IP "
14144
"address and default gateway needed for communicating on a local area network "
14145
"and the Internet."
14146
msgstr ""
14147
14148
#: serverguide/C/network-config.xml:165(title)
14149
msgid "Temporary IP Address Assignment"
14150
msgstr ""
14151
14152
#: serverguide/C/network-config.xml:166(para)
14153
msgid ""
14154
"For temporary network configurations, you can use standard commands such as "
14155
"<application>ip</application>, <application>ifconfig</application> and "
14156
"<application>route</application>, which are also found on most other "
14157
"GNU/Linux operating systems. These commands allow you to configure settings "
14158
"which take effect immediately, however they are not persistent and will be "
14159
"lost after a reboot."
14160
msgstr ""
14161
14162
#: serverguide/C/network-config.xml:174(para)
14163
msgid ""
14164
"To temporarily configure an IP address, you can use the "
14165
"<application>ifconfig</application> command in the following manner. Just "
14166
"modify the IP address and subnet mask to match your network requirements."
14167
msgstr ""
14168
14169
#: serverguide/C/network-config.xml:180(command)
14170
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
14171
msgstr ""
14172
14173
#: serverguide/C/network-config.xml:182(para)
14174
msgid ""
14175
"To verify the IP address configuration of <application>eth0</application>, "
14176
"you can use the <application>ifconfig</application> command in the following "
14177
"manner."
14178
msgstr ""
14179
14180
#: serverguide/C/network-config.xml:187(command)
14181
msgid "ifconfig eth0"
14182
msgstr ""
14183
14184
#: serverguide/C/network-config.xml:188(computeroutput)
14185
#, no-wrap
14186
msgid ""
14187
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
14188
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
14189
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
14190
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
14191
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
14192
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
14193
" collisions:0 txqueuelen:1000 \n"
14194
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
14195
" Interrupt:16"
14196
msgstr ""
14197
14198
#: serverguide/C/network-config.xml:198(para)
14199
msgid ""
14200
"To configure a default gateway, you can use the "
14201
"<application>route</application> command in the following manner. Modify the "
14202
"default gateway address to match your network requirements."
14203
msgstr ""
14204
14205
#: serverguide/C/network-config.xml:204(command)
14206
msgid "sudo route add default gw 10.0.0.1 eth0"
14207
msgstr ""
14208
14209
#: serverguide/C/network-config.xml:206(para)
14210
msgid ""
14211
"To verify your default gateway configuration, you can use the "
14212
"<application>route</application> command in the following manner."
14213
msgstr ""
14214
14215
#: serverguide/C/network-config.xml:211(command)
14216
msgid "route -n"
14217
msgstr ""
14218
14219
#: serverguide/C/network-config.xml:212(computeroutput)
14220
#, no-wrap
14221
msgid ""
14222
"Kernel IP routing table\n"
14223
"Destination Gateway Genmask Flags Metric Ref Use "
14224
"Iface\n"
14225
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
14226
"eth0\n"
14227
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0"
14228
msgstr ""
14229
14230
#: serverguide/C/network-config.xml:217(para)
14231
msgid ""
14232
"If you require DNS for your temporary network configuration, you can add DNS "
14233
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. In "
14234
"general, editing <filename>/etc/resolv.conf</filename> directly is not "
14235
"recommanded, but this is a temporary and non-persistent configuration. The "
14236
"example below shows how to enter two DNS servers to "
14237
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
14238
"appropriate for your network. A more lengthy description of the proper "
14239
"persistent way to do DNS client configuration is in a following section."
14240
msgstr ""
14241
14242
#: serverguide/C/network-config.xml:226(programlisting)
14243
#, no-wrap
14244
msgid ""
14245
"\n"
14246
"nameserver 8.8.8.8\n"
14247
"nameserver 8.8.4.4\n"
14248
msgstr ""
14249
14250
#: serverguide/C/network-config.xml:230(para)
14251
msgid ""
14252
"If you no longer need this configuration and wish to purge all IP "
14253
"configuration from an interface, you can use the "
14254
"<application>ip</application> command with the flush option as shown below."
14255
msgstr ""
14256
14257
#: serverguide/C/network-config.xml:236(command)
14258
msgid "ip addr flush eth0"
14259
msgstr ""
14260
14261
#: serverguide/C/network-config.xml:239(para)
14262
msgid ""
14263
"Flushing the IP configuration using the <application>ip</application> "
14264
"command does not clear the contents of "
14265
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
14266
"entries manually, or re-boot which should also cause "
14267
"<filename>/etc/resolv.conf</filename>, which is actually now a symlink to "
14268
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
14269
msgstr ""
14270
14271
#: serverguide/C/network-config.xml:249(title)
14272
msgid "Dynamic IP Address Assignment (DHCP Client)"
14273
msgstr ""
14274
14275
#: serverguide/C/network-config.xml:250(para)
14276
msgid ""
14277
"To configure your server to use DHCP for dynamic address assignment, add the "
14278
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
14279
"statement for the appropriate interface in the file "
14280
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
14281
"are configuring your first Ethernet interface identified as <emphasis "
14282
"role=\"italic\">eth0</emphasis>."
14283
msgstr ""
14284
14285
#: serverguide/C/network-config.xml:257(programlisting)
14286
#, no-wrap
14287
msgid ""
14288
"\n"
14289
"auto eth0\n"
14290
"iface eth0 inet dhcp\n"
14291
msgstr ""
14292
14293
#: serverguide/C/network-config.xml:261(para)
14294
msgid ""
14295
"By adding an interface configuration as shown above, you can manually enable "
14296
"the interface through the <application>ifup</application> command which "
14297
"initiates the DHCP process via <application>dhclient</application>."
14298
msgstr ""
14299
14300
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
14301
msgid "sudo ifup eth0"
14302
msgstr ""
14303
14304
#: serverguide/C/network-config.xml:269(para)
14305
msgid ""
14306
"To manually disable the interface, you can use the "
14307
"<application>ifdown</application> command, which in turn will initiate the "
14308
"DHCP release process and shut down the interface."
14309
msgstr ""
14310
14311
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
14312
msgid "sudo ifdown eth0"
14313
msgstr ""
14314
14315
#: serverguide/C/network-config.xml:280(title)
14316
msgid "Static IP Address Assignment"
14317
msgstr ""
14318
14319
#: serverguide/C/network-config.xml:281(para)
14320
msgid ""
14321
"To configure your system to use a static IP address assignment, add the "
14322
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
14323
"family statement for the appropriate interface in the file "
14324
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
14325
"are configuring your first Ethernet interface identified as <emphasis "
14326
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
14327
"role=\"italic\">address</emphasis>, <emphasis "
14328
"role=\"italic\">netmask</emphasis>, and <emphasis "
14329
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
14330
"network."
14331
msgstr ""
14332
14333
#: serverguide/C/network-config.xml:290(programlisting)
14334
#, no-wrap
14335
msgid ""
14336
"\n"
14337
"auto eth0\n"
14338
"iface eth0 inet static\n"
14339
"address 10.0.0.100\n"
14340
"netmask 255.255.255.0\n"
14341
"gateway 10.0.0.1\n"
14342
msgstr ""
14343
14344
#: serverguide/C/network-config.xml:297(para)
14345
msgid ""
14346
"By adding an interface configuration as shown above, you can manually enable "
14347
"the interface through the <application>ifup</application> command."
14348
msgstr ""
14349
14350
#: serverguide/C/network-config.xml:304(para)
14351
msgid ""
14352
"To manually disable the interface, you can use the "
14353
"<application>ifdown</application> command."
14354
msgstr ""
14355
14356
#: serverguide/C/network-config.xml:314(title)
14357
msgid "Loopback Interface"
14358
msgstr ""
14359
14360
#: serverguide/C/network-config.xml:315(para)
14361
msgid ""
14362
"The loopback interface is identified by the system as <emphasis "
14363
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
14364
"can be viewed using the ifconfig command."
14365
msgstr ""
14366
14367
#: serverguide/C/network-config.xml:320(command)
14368
msgid "ifconfig lo"
14369
msgstr ""
14370
14371
#: serverguide/C/network-config.xml:321(computeroutput)
14372
#, no-wrap
14373
msgid ""
14374
"lo Link encap:Local Loopback \n"
14375
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
14376
" inet6 addr: ::1/128 Scope:Host\n"
14377
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
14378
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
14379
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
14380
" collisions:0 txqueuelen:0 \n"
14381
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
14382
msgstr ""
14383
14384
#: serverguide/C/network-config.xml:330(para)
14385
msgid ""
14386
"By default, there should be two lines in "
14387
"<filename>/etc/network/interfaces</filename> responsible for automatically "
14388
"configuring your loopback interface. It is recommended that you keep the "
14389
"default settings unless you have a specific purpose for changing them. An "
14390
"example of the two default lines are shown below."
14391
msgstr ""
14392
14393
#: serverguide/C/network-config.xml:336(programlisting)
14394
#, no-wrap
14395
msgid ""
14396
"\n"
14397
"auto lo\n"
14398
"iface lo inet loopback\n"
14399
msgstr ""
14400
14401
#: serverguide/C/network-config.xml:345(title)
14402
msgid "Name Resolution"
14403
msgstr ""
14404
14405
#: serverguide/C/network-config.xml:346(para)
14406
msgid ""
14407
"Name resolution as it relates to IP networking is the process of mapping IP "
14408
"addresses to hostnames, making it easier to identify resources on a network. "
14409
"The following section will explain how to properly configure your system for "
14410
"name resolution using DNS and static hostname records."
14411
msgstr ""
14412
14413
#: serverguide/C/network-config.xml:354(title)
14414
msgid "DNS Client Configuration"
14415
msgstr ""
14416
14417
#: serverguide/C/network-config.xml:366(programlisting)
14418
#, no-wrap
14419
msgid ""
14420
"\n"
14421
"/etc/resolv.conf -> ../run/resolvconf/resolv.conf\n"
14422
msgstr ""
14423
14424
#: serverguide/C/network-config.xml:355(para)
14425
msgid ""
14426
"Traditionally, the file <filename>/etc/resolv.conf</filename> was a static "
14427
"configuration file that rarely needed to be changed or automatically changed "
14428
"via DCHP client hooks. Nowadays, a computer can switch from one network to "
14429
"another quite often and the <emphasis>resolvconf</emphasis> framework is now "
14430
"being used to track these changes and update the resolver's configuration "
14431
"automatically. It acts as an intermediary between programs that supply "
14432
"nameserver information and applications that need nameserver information. "
14433
"Resolvconf gets populated with information by a set of hook scripts related "
14434
"to network interface configuration. The most notable difference for the user "
14435
"is that any change manually done to <filename>/etc/resolv.conf</filename> "
14436
"will be lost as it gets overwritten each time something triggers resolvconf. "
14437
"Instead, resolvconf uses DHCP client hooks, and "
14438
"<filename>/etc/network/interfaces</filename> to generate a list of "
14439
"nameservers and domains to put in <filename>/etc/resolv.conf</filename>, "
14440
"which is now a symlink: <placeholder-1/> To configure the resolver, add the "
14441
"IP addresses of the nameservers that are appropriate for your network in the "
14442
"file <filename>/etc/network/interfaces</filename>. You can also add an "
14443
"optional DNS suffix search-lists to match your network domain names. For "
14444
"each other valid resolv.conf configuration option, you can include, in the "
14445
"stanza, one line beginning with that option name with a <emphasis "
14446
"role=\"bold\">dns-</emphasis> prefix. The resulting file might look like the "
14447
"following:"
14448
msgstr ""
14449
14450
#: serverguide/C/network-config.xml:377(programlisting)
14451
#, no-wrap
14452
msgid ""
14453
"\n"
14454
"iface eth0 inet static\n"
14455
" address 192.168.3.3\n"
14456
" netmask 255.255.255.0\n"
14457
" gateway 192.168.3.1\n"
14458
" dns-search example.com\n"
14459
" dns-nameservers 192.168.3.45 192.168.8.10\n"
14460
msgstr ""
14461
14462
#: serverguide/C/network-config.xml:386(para)
14463
msgid ""
14464
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
14465
"multiple domain names so that DNS queries will be appended in the order in "
14466
"which they are entered. For example, your network may have multiple sub-"
14467
"domains to search; a parent domain of <emphasis "
14468
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
14469
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
14470
"role=\"italic\">dev.example.com</emphasis>."
14471
msgstr ""
14472
14473
#: serverguide/C/network-config.xml:393(para)
14474
msgid ""
14475
"If you have multiple domains you wish to search, your configuration might "
14476
"look like the following:"
14477
msgstr ""
14478
14479
#: serverguide/C/network-config.xml:397(programlisting)
14480
#, no-wrap
14481
msgid ""
14482
"\n"
14483
"iface eth0 inet static\n"
14484
" address 192.168.3.3\n"
14485
" netmask 255.255.255.0\n"
14486
" gateway 192.168.3.1\n"
14487
" dns-search example.com sales.example.com dev.example.com\n"
14488
" dns-nameservers 192.168.3.45 192.168.8.10\n"
14489
msgstr ""
14490
14491
#: serverguide/C/network-config.xml:406(para)
14492
msgid ""
14493
"If you try to ping a host with the name of <emphasis "
14494
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
14495
"for its Fully Qualified Domain Name (FQDN) in the following order:"
14496
msgstr ""
14497
14498
#: serverguide/C/network-config.xml:413(para)
14499
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
14500
msgstr ""
14501
14502
#: serverguide/C/network-config.xml:418(para)
14503
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
14504
msgstr ""
14505
14506
#: serverguide/C/network-config.xml:423(para)
14507
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
14508
msgstr ""
14509
14510
#: serverguide/C/network-config.xml:428(para)
14511
msgid ""
14512
"If no matches are found, the DNS server will provide a result of <emphasis "
14513
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
14514
msgstr ""
14515
14516
#: serverguide/C/network-config.xml:435(title)
14517
msgid "Static Hostnames"
14518
msgstr ""
14519
14520
#: serverguide/C/network-config.xml:436(para)
14521
msgid ""
14522
"Static hostnames are locally defined hostname-to-IP mappings located in the "
14523
"file <filename>/etc/hosts</filename>. Entries in the "
14524
"<filename>hosts</filename> file will have precedence over DNS by default. "
14525
"This means that if your system tries to resolve a hostname and it matches an "
14526
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
14527
"some configurations, especially when Internet access is not required, "
14528
"servers that communicate with a limited number of resources can be "
14529
"conveniently set to use static hostnames instead of DNS."
14530
msgstr ""
14531
14532
#: serverguide/C/network-config.xml:443(para)
14533
msgid ""
14534
"The following is an example of a <filename>hosts</filename> file where a "
14535
"number of local servers have been identified by simple hostnames, aliases "
14536
"and their equivalent Fully Qualified Domain Names (FQDN's)."
14537
msgstr ""
14538
14539
#: serverguide/C/network-config.xml:447(programlisting)
14540
#, no-wrap
14541
msgid ""
14542
"\n"
14543
"127.0.0.1\tlocalhost\n"
14544
"127.0.1.1\tubuntu-server\n"
14545
"10.0.0.11\tserver1 server1.example.com vpn\n"
14546
"10.0.0.12\tserver2 server2.example.com mail\n"
14547
"10.0.0.13\tserver3 server3.example.com www\n"
14548
"10.0.0.14\tserver4 server4.example.com file\n"
14549
msgstr ""
14550
14551
#: serverguide/C/network-config.xml:456(para)
14552
msgid ""
14553
"In the above example, notice that each of the servers have been given "
14554
"aliases in addition to their proper names and FQDN's. <emphasis "
14555
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
14556
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
14557
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
14558
"role=\"italic\">server3</emphasis> as <emphasis "
14559
"role=\"italic\">www</emphasis>, and <emphasis "
14560
"role=\"italic\">server4</emphasis> as <emphasis "
14561
"role=\"italic\">file</emphasis>."
14562
msgstr ""
14563
14564
#: serverguide/C/network-config.xml:468(title)
14565
msgid "Name Service Switch Configuration"
14566
msgstr ""
14567
14568
#: serverguide/C/network-config.xml:469(para)
14569
msgid ""
14570
"The order in which your system selects a method of resolving hostnames to IP "
14571
"addresses is controlled by the Name Service Switch (NSS) configuration file "
14572
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
14573
"section, typically static hostnames defined in the systems "
14574
"<filename>/etc/hosts</filename> file have precedence over names resolved "
14575
"from DNS. The following is an example of the line responsible for this order "
14576
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
14577
msgstr ""
14578
14579
#: serverguide/C/network-config.xml:477(programlisting)
14580
#, no-wrap
14581
msgid ""
14582
"\n"
14583
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
14584
msgstr ""
14585
14586
#: serverguide/C/network-config.xml:483(para)
14587
msgid ""
14588
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
14589
"hostnames located in <filename>/etc/hosts</filename>."
14590
msgstr ""
14591
14592
#: serverguide/C/network-config.xml:489(para)
14593
msgid ""
14594
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
14595
"name using Multicast DNS."
14596
msgstr ""
14597
14598
#: serverguide/C/network-config.xml:494(para)
14599
msgid ""
14600
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
14601
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
14602
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
14603
"authoritative and that the system should not try to continue hunting for an "
14604
"answer."
14605
msgstr ""
14606
14607
#: serverguide/C/network-config.xml:502(para)
14608
msgid ""
14609
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
14610
msgstr ""
14611
14612
#: serverguide/C/network-config.xml:507(para)
14613
msgid ""
14614
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
14615
msgstr ""
14616
14617
#: serverguide/C/network-config.xml:513(para)
14618
msgid ""
14619
"To modify the order of the above mentioned name resolution methods, you can "
14620
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
14621
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
14622
"versus Multicast DNS, you can change the string in "
14623
"<filename>/etc/nsswitch.conf</filename> as shown below."
14624
msgstr ""
14625
14626
#: serverguide/C/network-config.xml:520(programlisting)
14627
#, no-wrap
14628
msgid ""
14629
"\n"
14630
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
14631
msgstr ""
14632
14633
#: serverguide/C/network-config.xml:527(title)
14634
msgid "Bridging"
14635
msgstr ""
14636
14637
#: serverguide/C/network-config.xml:529(para)
14638
msgid ""
14639
"Bridging multiple interfaces is a more advanced configuration, but is very "
14640
"useful in multiple scenarios. One scenario is setting up a bridge with "
14641
"multiple network interfaces, then using a firewall to filter traffic between "
14642
"two network segments. Another scenario is using bridge on a system with one "
14643
"interface to allow virtual machines direct access to the outside network. "
14644
"The following example covers the latter scenario."
14645
msgstr ""
14646
14647
#: serverguide/C/network-config.xml:536(para)
14648
msgid ""
14649
"Before configuring a bridge you will need to install the <application>bridge-"
14650
"utils</application> package. To install the package, in a terminal enter:"
14651
msgstr ""
14652
14653
#: serverguide/C/network-config.xml:545(para)
14654
msgid ""
14655
"Next, configure the bridge by editing "
14656
"<filename>/etc/network/interfaces</filename>:"
14657
msgstr ""
14658
14659
#: serverguide/C/network-config.xml:549(programlisting)
14660
#, no-wrap
14661
msgid ""
14662
"\n"
14663
"auto lo\n"
14664
"iface lo inet loopback\n"
14665
"\n"
14666
"auto br0\n"
14667
"iface br0 inet static\n"
14668
" address 192.168.0.10\n"
14669
" network 192.168.0.0\n"
14670
" netmask 255.255.255.0\n"
14671
" broadcast 192.168.0.255\n"
14672
" gateway 192.168.0.1\n"
14673
" bridge_ports eth0\n"
14674
" bridge_fd 9\n"
14675
" bridge_hello 2\n"
14676
" bridge_maxage 12\n"
14677
" bridge_stp off\n"
14678
msgstr ""
14679
14680
#: serverguide/C/network-config.xml:568(para)
14681
msgid "Enter the appropriate values for your physical interface and network."
14682
msgstr ""
14683
14684
#: serverguide/C/network-config.xml:573(para)
14685
msgid "Now bring up the bridge:"
14686
msgstr ""
14687
14688
#: serverguide/C/network-config.xml:578(command)
14689
msgid "sudo ifup br0"
14690
msgstr ""
14691
14692
#: serverguide/C/network-config.xml:580(para)
14693
msgid ""
14694
"The new bridge interface should now be up and running. The "
14695
"<application>brctl</application> provides useful information about the state "
14696
"of the bridge, controls which interfaces are part of the bridge, etc. See "
14697
"<command>man brctl</command> for more information."
14698
msgstr ""
14699
14700
#: serverguide/C/network-config.xml:596(para)
14701
msgid ""
14702
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
14703
"Network page</ulink> has links to articles covering more advanced network "
14704
"configuration."
14705
msgstr ""
14706
14707
#: serverguide/C/network-config.xml:602(para)
14708
msgid ""
14709
"The <ulink "
14710
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
14711
" man page</ulink> has more information on resolvconf."
14712
msgstr ""
14713
14714
#: serverguide/C/network-config.xml:608(para)
14715
msgid ""
14716
"The <ulink "
14717
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
14718
" man page</ulink> has details on more options for "
14719
"<filename>/etc/network/interfaces</filename>."
14720
msgstr ""
14721
14722
#: serverguide/C/network-config.xml:614(para)
14723
msgid ""
14724
"The <ulink "
14725
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
14726
"man page</ulink> has details on more options for configuring DHCP client "
14727
"settings."
14728
msgstr ""
14729
14730
#: serverguide/C/network-config.xml:620(para)
14731
msgid ""
14732
"For more information on DNS client configuration see the <ulink "
14733
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
14734
"man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
14735
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
14736
"Administrator's Guide</ulink> is a good source of resolver and name service "
14737
"configuration information."
14738
msgstr ""
14739
14740
#: serverguide/C/network-config.xml:628(para)
14741
msgid ""
14742
"For more information on <emphasis>bridging</emphasis> see the <ulink "
14743
"url=\"http://manpages.ubuntu.com/manpages/man8/brctl.8.html\">brctl man "
14744
"page</ulink> and the Linux Foundation's <ulink "
14745
"url=\"http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge"
14746
"\">Networking-Bridge</ulink> page."
14747
msgstr ""
14748
14749
#: serverguide/C/network-config.xml:639(title)
14750
msgid "TCP/IP"
14751
msgstr ""
14752
14753
#: serverguide/C/network-config.xml:640(para)
14754
msgid ""
14755
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
14756
"standard set of protocols developed in the late 1970s by the Defense "
14757
"Advanced Research Projects Agency (DARPA) as a means of communication "
14758
"between different types of computers and computer networks. TCP/IP is the "
14759
"driving force of the Internet, and thus it is the most popular set of "
14760
"network protocols on Earth."
14761
msgstr ""
14762
14763
#: serverguide/C/network-config.xml:648(title)
14764
msgid "TCP/IP Introduction"
14765
msgstr ""
14766
14767
#: serverguide/C/network-config.xml:649(para)
14768
msgid ""
14769
"The two protocol components of TCP/IP deal with different aspects of "
14770
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
14771
"TCP/IP is a connectionless protocol which deals only with network packet "
14772
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
14773
"basic unit of networking information. The IP Datagram consists of a header "
14774
"followed by a message. The <emphasis> Transmission Control "
14775
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
14776
"establish connections which may be used to exchange data streams. TCP also "
14777
"guarantees that the data between connections is delivered and that it "
14778
"arrives at one network host in the same order as sent from another network "
14779
"host."
14780
msgstr ""
14781
14782
#: serverguide/C/network-config.xml:662(title)
14783
msgid "TCP/IP Configuration"
14784
msgstr ""
14785
14786
#: serverguide/C/network-config.xml:663(para)
14787
msgid ""
14788
"The TCP/IP protocol configuration consists of several elements which must be "
14789
"set by editing the appropriate configuration files, or deploying solutions "
14790
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
14791
"can be configured to provide the proper TCP/IP configuration settings to "
14792
"network clients automatically. These configuration values must be set "
14793
"correctly in order to facilitate the proper network operation of your Ubuntu "
14794
"system."
14795
msgstr ""
14796
14797
#: serverguide/C/network-config.xml:675(para)
14798
msgid ""
14799
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
14800
"identifying string expressed as four decimal numbers ranging from zero (0) "
14801
"to two-hundred and fifty-five (255), separated by periods, with each of the "
14802
"four numbers representing eight (8) bits of the address for a total length "
14803
"of thirty-two (32) bits for the whole address. This format is called "
14804
"<emphasis>dotted quad notation</emphasis>."
14805
msgstr ""
14806
14807
#: serverguide/C/network-config.xml:685(para)
14808
msgid ""
14809
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
14810
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
14811
"separate the portions of an IP address significant to the network from the "
14812
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
14813
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
14814
"three bytes of the IP address and allows the last byte of the IP address to "
14815
"remain available for specifying hosts on the subnetwork."
14816
msgstr ""
14817
14818
#: serverguide/C/network-config.xml:696(para)
14819
msgid ""
14820
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
14821
"represents the bytes comprising the network portion of an IP address. For "
14822
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
14823
"network address, where twelve (12) represents the first byte of the IP "
14824
"address, (the network part) and zeroes (0) in all of the remaining three "
14825
"bytes to represent the potential host values. A network host using the "
14826
"private IP address 192.168.1.100 would in turn use a Network Address of "
14827
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
14828
"network and a zero (0) for all the possible hosts on the network."
14829
msgstr ""
14830
14831
#: serverguide/C/network-config.xml:709(para)
14832
msgid ""
14833
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
14834
"is an IP address which allows network data to be sent simultaneously to all "
14835
"hosts on a given subnetwork rather than specifying a particular host. The "
14836
"standard general broadcast address for IP networks is 255.255.255.255, but "
14837
"this broadcast address cannot be used to send a broadcast message to every "
14838
"host on the Internet because routers block it. A more appropriate broadcast "
14839
"address is set to match a specific subnetwork. For example, on the private "
14840
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
14841
"Broadcast messages are typically produced by network protocols such as the "
14842
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
14843
msgstr ""
14844
14845
#: serverguide/C/network-config.xml:722(para)
14846
msgid ""
14847
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
14848
"IP address through which a particular network, or host on a network, may be "
14849
"reached. If one network host wishes to communicate with another network "
14850
"host, and that host is not located on the same network, then a "
14851
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
14852
"Address will be that of a router on the same network, which will in turn "
14853
"pass traffic on to other networks or hosts, such as Internet hosts. The "
14854
"value of the Gateway Address setting must be correct, or your system will "
14855
"not be able to reach any hosts beyond those on the same network."
14856
msgstr ""
14857
14858
#: serverguide/C/network-config.xml:733(para)
14859
msgid ""
14860
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
14861
"represent the IP addresses of Domain Name Service (DNS) systems, which "
14862
"resolve network hostnames into IP addresses. There are three levels of "
14863
"Nameserver Addresses, which may be specified in order of precedence: The "
14864
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
14865
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
14866
"your system to be able to resolve network hostnames into their corresponding "
14867
"IP addresses, you must specify valid Nameserver Addresses which you are "
14868
"authorized to use in your system's TCP/IP configuration. In many cases these "
14869
"addresses can and will be provided by your network service provider, but "
14870
"many free and publicly accessible nameservers are available for use, such as "
14871
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
14872
msgstr ""
14873
14874
#: serverguide/C/network-config.xml:747(para)
14875
msgid ""
14876
"The IP address, Netmask, Network Address, Broadcast Address, Gateway "
14877
"Address, and Nameserver Addresses are typically specified via the "
14878
"appropriate directives in the file "
14879
"<filename>/etc/network/interfaces</filename>. For more information, view the "
14880
"system manual page for <filename>interfaces</filename>, with the following "
14881
"command typed at a terminal prompt:"
14882
msgstr ""
14883
14884
#: serverguide/C/network-config.xml:754(para)
14885
msgid ""
14886
"Access the system manual page for <filename>interfaces</filename> with the "
14887
"following command:"
14888
msgstr ""
14889
14890
#: serverguide/C/network-config.xml:759(command)
14891
msgid "man interfaces"
14892
msgstr ""
14893
14894
#: serverguide/C/network-config.xml:671(para)
14895
msgid ""
14896
"The common configuration elements of TCP/IP and their purposes are as "
14897
"follows: <placeholder-1/>"
14898
msgstr ""
14899
14900
#: serverguide/C/network-config.xml:767(title)
14901
msgid "IP Routing"
14902
msgstr ""
14903
14904
#: serverguide/C/network-config.xml:768(para)
14905
msgid ""
14906
"IP routing is a means of specifying and discovering paths in a TCP/IP "
14907
"network along which network data may be sent. Routing uses a set of "
14908
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
14909
"packets from their source to the destination, often via many intermediary "
14910
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
14911
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
14912
"<emphasis>Dynamic Routing.</emphasis>"
14913
msgstr ""
14914
14915
#: serverguide/C/network-config.xml:777(para)
14916
msgid ""
14917
"Static routing involves manually adding IP routes to the system's routing "
14918
"table, and this is usually done by manipulating the routing table with the "
14919
"<application>route</application> command. Static routing enjoys many "
14920
"advantages over dynamic routing, such as simplicity of implementation on "
14921
"smaller networks, predictability (the routing table is always computed in "
14922
"advance, and thus the route is precisely the same each time it is used), and "
14923
"low overhead on other routers and network links due to the lack of a dynamic "
14924
"routing protocol. However, static routing does present some disadvantages as "
14925
"well. For example, static routing is limited to small networks and does not "
14926
"scale well. Static routing also fails completely to adapt to network outages "
14927
"and failures along the route due to the fixed nature of the route."
14928
msgstr ""
14929
14930
#: serverguide/C/network-config.xml:787(para)
14931
msgid ""
14932
"Dynamic routing depends on large networks with multiple possible IP routes "
14933
"from a source to a destination and makes use of special routing protocols, "
14934
"such as the Router Information Protocol (RIP), which handle the automatic "
14935
"adjustments in routing tables that make dynamic routing possible. Dynamic "
14936
"routing has several advantages over static routing, such as superior "
14937
"scalability and the ability to adapt to failures and outages along network "
14938
"routes. Additionally, there is less manual configuration of the routing "
14939
"tables, since routers learn from one another about their existence and "
14940
"available routes. This trait also eliminates the possibility of introducing "
14941
"mistakes in the routing tables via human error. Dynamic routing is not "
14942
"perfect, however, and presents disadvantages such as heightened complexity "
14943
"and additional network overhead from router communications, which does not "
14944
"immediately benefit the end users, but still consumes network bandwidth."
14945
msgstr ""
14946
14947
#: serverguide/C/network-config.xml:801(title)
14948
msgid "TCP and UDP"
14949
msgstr ""
14950
14951
#: serverguide/C/network-config.xml:802(para)
14952
msgid ""
14953
"TCP is a connection-based protocol, offering error correction and guaranteed "
14954
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
14955
"Flow control determines when the flow of a data stream needs to be stopped, "
14956
"and previously sent data packets should to be re-sent due to problems such "
14957
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
14958
"accurate delivery of the data. TCP is typically used in the exchange of "
14959
"important information such as database transactions."
14960
msgstr ""
14961
14962
#: serverguide/C/network-config.xml:810(para)
14963
msgid ""
14964
"The User Datagram Protocol (UDP), on the other hand, is a "
14965
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
14966
"transmission of important data because it lacks flow control or any other "
14967
"method to ensure reliable delivery of the data. UDP is commonly used in such "
14968
"applications as audio and video streaming, where it is considerably faster "
14969
"than TCP due to the lack of error correction and flow control, and where the "
14970
"loss of a few packets is not generally catastrophic."
14971
msgstr ""
14972
14973
#: serverguide/C/network-config.xml:820(title)
14974
msgid "ICMP"
14975
msgstr ""
14976
14977
#: serverguide/C/network-config.xml:821(para)
14978
msgid ""
14979
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
14980
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
14981
"supports network packets containing control, error, and informational "
14982
"messages. ICMP is used by such network applications as the "
14983
"<application>ping</application> utility, which can determine the "
14984
"availability of a network host or device. Examples of some error messages "
14985
"returned by ICMP which are useful to both network hosts and devices such as "
14986
"routers, include <emphasis>Destination Unreachable</emphasis> and "
14987
"<emphasis>Time Exceeded</emphasis>."
14988
msgstr ""
14989
14990
#: serverguide/C/network-config.xml:831(title)
14991
msgid "Daemons"
14992
msgstr ""
14993
14994
#: serverguide/C/network-config.xml:832(para)
14995
msgid ""
14996
"Daemons are special system applications which typically execute continuously "
14997
"in the background and await requests for the functions they provide from "
14998
"other applications. Many daemons are network-centric; that is, a large "
14999
"number of daemons executing in the background on an Ubuntu system may "
15000
"provide network-related functionality. Some examples of such network daemons "
15001
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
15002
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
15003
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
15004
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
15005
"Daemon</emphasis> (imapd), which provides E-Mail services."
15006
msgstr ""
15007
15008
#: serverguide/C/network-config.xml:847(para)
15009
msgid ""
15010
"There are man pages for <ulink "
15011
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man7/tcp.7.html\">TCP</ul"
15012
"ink> and <ulink "
15013
"url=\"http://manpages.ubuntu.com/manpages/xenial/man7/ip.7.html\">IP</ulink> "
15014
"that contain more useful information."
15015
msgstr ""
15016
15017
#: serverguide/C/network-config.xml:853(para)
15018
msgid ""
15019
"Also, see the <ulink "
15020
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
15021
"and Technical Overview</ulink> IBM Redbook."
15022
msgstr ""
15023
15024
#: serverguide/C/network-config.xml:859(para)
15025
msgid ""
15026
"Another resource is O'Reilly's <ulink "
15027
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
15028
"Administration</ulink>."
15029
msgstr ""
15030
15031
#: serverguide/C/network-config.xml:868(title)
15032
msgid "Dynamic Host Configuration Protocol (DHCP)"
15033
msgstr ""
15034
15035
#: serverguide/C/network-config.xml:869(para)
15036
msgid ""
15037
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
15038
"enables host computers to be automatically assigned settings from a server "
15039
"as opposed to manually configuring each network host. Computers configured "
15040
"to be DHCP clients have no control over the settings they receive from the "
15041
"DHCP server, and the configuration is transparent to the computer's user."
15042
msgstr ""
15043
15044
#: serverguide/C/network-config.xml:876(para)
15045
msgid ""
15046
"The most common settings provided by a DHCP server to DHCP clients include:"
15047
msgstr ""
15048
15049
#: serverguide/C/network-config.xml:881(para)
15050
msgid "IP address and netmask"
15051
msgstr ""
15052
15053
#: serverguide/C/network-config.xml:884(para)
15054
msgid "IP address of the default-gateway to use"
15055
msgstr ""
15056
15057
#: serverguide/C/network-config.xml:887(para)
15058
msgid "IP adresses of the DNS servers to use"
15059
msgstr ""
15060
15061
#: serverguide/C/network-config.xml:890(para)
15062
msgid ""
15063
"However, a DHCP server can also supply configuration properties such as:"
15064
msgstr ""
15065
15066
#: serverguide/C/network-config.xml:895(para)
15067
msgid "Host Name"
15068
msgstr ""
15069
15070
#: serverguide/C/network-config.xml:898(para)
15071
msgid "Domain Name"
15072
msgstr ""
15073
15074
#: serverguide/C/network-config.xml:901(para)
15075
msgid "Time Server"
15076
msgstr ""
15077
15078
#: serverguide/C/network-config.xml:907(para)
15079
msgid ""
15080
"The advantage of using DHCP is that changes to the network, for example a "
15081
"change in the address of the DNS server, need only be changed at the DHCP "
15082
"server, and all network hosts will be reconfigured the next time their DHCP "
15083
"clients poll the DHCP server. As an added advantage, it is also easier to "
15084
"integrate new computers into the network, as there is no need to check for "
15085
"the availability of an IP address. Conflicts in IP address allocation are "
15086
"also reduced."
15087
msgstr ""
15088
15089
#: serverguide/C/network-config.xml:915(para)
15090
msgid ""
15091
"A DHCP server can provide configuration settings using the following methods:"
15092
msgstr ""
15093
15094
#: serverguide/C/network-config.xml:920(term)
15095
msgid "Manual allocation (MAC address)"
15096
msgstr ""
15097
15098
#: serverguide/C/network-config.xml:922(para)
15099
msgid ""
15100
"This method entails using DHCP to identify the unique hardware address of "
15101
"each network card connected to the network and then continually supplying a "
15102
"constant configuration each time the DHCP client makes a request to the DHCP "
15103
"server using that network device. This ensures that a particular address is "
15104
"assigned automatically to that network card, based on it's MAC address."
15105
msgstr ""
15106
15107
#: serverguide/C/network-config.xml:933(term)
15108
msgid "Dynamic allocation (address pool)"
15109
msgstr ""
15110
15111
#: serverguide/C/network-config.xml:935(para)
15112
msgid ""
15113
"In this method, the DHCP server will assign an IP address from a pool of "
15114
"addresses (sometimes also called a range or scope) for a period of time or "
15115
"lease, that is configured on the server or until the client informs the "
15116
"server that it doesn't need the address anymore. This way, the clients will "
15117
"be receiving their configuration properties dynamically and on a \"first "
15118
"come, first served\" basis. When a DHCP client is no longer on the network "
15119
"for a specified period, the configuration is expired and released back to "
15120
"the address pool for use by other DHCP Clients. This way, an address can be "
15121
"leased or used for a period of time. After this period, the client has to "
15122
"renegociate the lease with the server to maintain use of the address."
15123
msgstr ""
15124
15125
#: serverguide/C/network-config.xml:949(term)
15126
msgid "Automatic allocation"
15127
msgstr ""
15128
15129
#: serverguide/C/network-config.xml:951(para)
15130
msgid ""
15131
"Using this method, the DHCP automatically assigns an IP address permanently "
15132
"to a device, selecting it from a pool of available addresses. Usually DHCP "
15133
"is used to assign a temporary address to a client, but a DHCP server can "
15134
"allow an infinite lease time."
15135
msgstr ""
15136
15137
#: serverguide/C/network-config.xml:959(para)
15138
msgid ""
15139
"The last two methods can be considered \"automatic\" because in each case "
15140
"the DHCP server assigns an address with no extra intervention needed. The "
15141
"only difference between them is in how long the IP address is leased, in "
15142
"other words whether a client's address varies over time. Ubuntu is shipped "
15143
"with both DHCP server and client. The server is "
15144
"<application>dhcpd</application> (dynamic host configuration protocol "
15145
"daemon). The client provided with Ubuntu is "
15146
"<application>dhclient</application> and should be installed on all computers "
15147
"required to be automatically configured. Both programs are easy to install "
15148
"and configure and will be automatically started at system boot."
15149
msgstr ""
15150
15151
#: serverguide/C/network-config.xml:974(para)
15152
msgid ""
15153
"At a terminal prompt, enter the following command to install "
15154
"<application>dhcpd</application>:"
15155
msgstr ""
15156
15157
#: serverguide/C/network-config.xml:979(command)
15158
msgid "sudo apt install isc-dhcp-server"
15159
msgstr ""
15160
15161
#: serverguide/C/network-config.xml:981(para)
15162
msgid ""
15163
"You will probably need to change the default configuration by editing "
15164
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
15165
msgstr ""
15166
15167
#: serverguide/C/network-config.xml:985(para)
15168
msgid ""
15169
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
15170
"interfaces dhcpd should listen to."
15171
msgstr ""
15172
15173
#: serverguide/C/network-config.xml:989(para)
15174
msgid ""
15175
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
15176
"messages."
15177
msgstr ""
15178
15179
#: serverguide/C/network-config.xml:996(para)
15180
msgid ""
15181
"The error message the installation ends with might be a little confusing, "
15182
"but the following steps will help you configure the service:"
15183
msgstr ""
15184
15185
#: serverguide/C/network-config.xml:1000(para)
15186
msgid ""
15187
"Most commonly, what you want to do is assign an IP address randomly. This "
15188
"can be done with settings as follows:"
15189
msgstr ""
15190
15191
#: serverguide/C/network-config.xml:1004(programlisting)
15192
#, no-wrap
15193
msgid ""
15194
"\n"
15195
"# minimal sample /etc/dhcp/dhcpd.conf\n"
15196
"default-lease-time 600;\n"
15197
"max-lease-time 7200;\n"
15198
"\n"
15199
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
15200
" range 192.168.1.150 192.168.1.200;\n"
15201
" option routers 192.168.1.254;\n"
15202
" option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
15203
" option domain-name \"mydomain.example\";\n"
15204
"} \n"
15205
msgstr ""
15206
15207
#: serverguide/C/network-config.xml:1016(para)
15208
msgid ""
15209
"This will result in the DHCP server giving clients an IP address from the "
15210
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
15211
"seconds if the client doesn't ask for a specific time frame. Otherwise the "
15212
"maximum (allowed) lease will be 7200 seconds. The server will also "
15213
"\"advise\" the client to use 192.168.1.254 as the default-gateway and "
15214
"192.168.1.1 and 192.168.1.2 as its DNS servers."
15215
msgstr ""
15216
15217
#: serverguide/C/network-config.xml:1024(para)
15218
msgid ""
15219
"After changing the config file you have to restart the "
15220
"<application>dhcpd</application>:"
15221
msgstr ""
15222
15223
#: serverguide/C/network-config.xml:1029(command)
15224
msgid "sudo systemctl restart isc-dhcp-server.service"
15225
msgstr ""
15226
15227
#: serverguide/C/network-config.xml:1037(para)
15228
msgid ""
15229
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
15230
"server Ubuntu Wiki</ulink> page has more information."
15231
msgstr ""
15232
15233
#: serverguide/C/network-config.xml:1042(para)
15234
msgid ""
15235
"For more <filename>/etc/dhcp/dhcpd.conf</filename> options see the <ulink "
15236
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/dhcpd.conf.5.html\">"
15237
"dhcpd.conf man page</ulink>."
15238
msgstr ""
15239
15240
#: serverguide/C/network-config.xml:1049(ulink)
15241
msgid "ISC dhcp-server"
15242
msgstr ""
15243
15244
#: serverguide/C/network-config.xml:1058(title)
15245
msgid "Time Synchronisation"
15246
msgstr ""
15247
15248
#: serverguide/C/network-config.xml:1059(para)
15249
msgid ""
15250
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
15251
"client requests the current time from a server, and uses it to set its own "
15252
"clock."
15253
msgstr ""
15254
15255
#: serverguide/C/network-config.xml:1062(para)
15256
msgid ""
15257
"Behind this simple description, there is a lot of complexity - there are "
15258
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
15259
"clocks, and tier two and three servers spreading the load of actually "
15260
"handling requests across the Internet. Also the client software is a lot "
15261
"more complex than you might think - it has to factor out communication "
15262
"delays, and adjust the time in a way that does not upset all the other "
15263
"processes that run on the server. But luckily all that complexity is hidden "
15264
"from you!"
15265
msgstr ""
15266
15267
#: serverguide/C/network-config.xml:1065(para)
15268
msgid ""
15269
"Ubuntu by default uses <emphasis>timedatectl / timesyncd</emphasis> to "
15270
"synchronize time and users can optionally use ntpd to serve network time "
15271
"info."
15272
msgstr ""
15273
15274
#: serverguide/C/network-config.xml:1070(title)
15275
msgid "Synchronizing your systems time"
15276
msgstr ""
15277
15278
#: serverguide/C/network-config.xml:1071(para)
15279
msgid ""
15280
"Starting with Ubuntu 16.04 <emphasis>timedatectl / timesyncd</emphasis> "
15281
"(which are part of systemd) replace most of <emphasis>ntpdate / "
15282
"ntp</emphasis>."
15283
msgstr ""
15284
15285
#: serverguide/C/network-config.xml:1074(para)
15286
msgid ""
15287
"<application>timesyncd</application> is available by default and replaces "
15288
"not only <application>ntpdate</application>, but also the client portion of "
15289
"<application>ntpd</application>. So on top of the one-shot action that "
15290
"<application>ntpdate</application> provided on boot and network activation, "
15291
"now <application>timesyncd</application> by default regularly checks and "
15292
"keeps your local time in sync. It also stores time updates locally, so that "
15293
"after reboots monotonically advances if applicable."
15294
msgstr ""
15295
15296
#: serverguide/C/network-config.xml:1079(para)
15297
msgid ""
15298
"If <application>ntpdate / ntp</application> are installed "
15299
"<application>timedatectl</application> steps back to let you keep your old "
15300
"setup. That shall ensure that no two time syncing services are fighting and "
15301
"also to retain any kind of old behaviour/config that you had through an "
15302
"upgrade. But it also implies that on an upgrade from a former release "
15303
"ntp/ntpdate might still be installed and therefore renders the new systemd "
15304
"based services disabled."
15305
msgstr ""
15306
15307
#: serverguide/C/network-config.xml:1084(para)
15308
msgid ""
15309
"<application>ntpdate</application> is considered deprecated in favour of "
15310
"<application>timedatectl</application> and thereby no more installed by "
15311
"default."
15312
msgstr ""
15313
15314
#: serverguide/C/network-config.xml:1089(title)
15315
msgid "Configuring timedatectl and timesyncd"
15316
msgstr ""
15317
15318
#: serverguide/C/network-config.xml:1090(para)
15319
msgid ""
15320
"The current status of time and time configuration via "
15321
"<application>timedatectl</application> and "
15322
"<application>timesyncd</application> can be checked with "
15323
"<command>timedatectl status</command>."
15324
msgstr ""
15325
15326
#: serverguide/C/network-config.xml:1093(screen)
15327
#, no-wrap
15328
msgid ""
15329
"\n"
15330
"$ timedatectl status\n"
15331
" Local time: Mo 2017-06-26 12:16:16 CEST\n"
15332
" Universal time: Mo 2017-06-26 10:16:16 UTC\n"
15333
" RTC time: Mo 2017-06-26 10:16:16\n"
15334
" Time zone: Europe/Berlin (CEST, +0200)\n"
15335
" Network time on: yes\n"
15336
"NTP synchronized: yes\n"
15337
" RTC in local TZ: no\n"
15338
msgstr ""
15339
15340
#: serverguide/C/network-config.xml:1103(para)
15341
msgid ""
15342
"Via <application>timedatectl</application> an admin can control the "
15343
"timezone, how the system clock should relate to the hwclock and if permanent "
15344
"synronization should be enabled or not. See <command>man "
15345
"timedatectl</command> for more details."
15346
msgstr ""
15347
15348
#: serverguide/C/network-config.xml:1107(para)
15349
msgid ""
15350
"timesyncd itself is still a normal service, so you can check its status also "
15351
"more in detail via. <screen>\n"
15352
"$ systemctl status systemd-timesyncd\n"
15353
". systemd-timesyncd.service - Network Time Synchronization\n"
15354
" Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; "
15355
"vendor preset: enabled)\n"
15356
" Drop-In: /lib/systemd/system/systemd-timesyncd.service.d\n"
15357
" |_disable-with-time-daemon.conf\n"
15358
" Active: active (running) since Mo 2017-06-26 11:12:19 CEST; 30min ago\n"
15359
" Docs: man:systemd-timesyncd.service(8)\n"
15360
" Main PID: 12379 (systemd-timesyn)\n"
15361
" Status: \"Synchronized to time server [2001:67c:1560:8003::c8]:123 "
15362
"(ntp.ubuntu.com).\"\n"
15363
" Tasks: 2\n"
15364
" Memory: 424.0K\n"
15365
" CPU: 12ms\n"
15366
" CGroup: /system.slice/systemd-timesyncd.service\n"
15367
" |_12379 /lib/systemd/systemd-timesyncd\n"
15368
"\n"
15369
"Jun 26 11:12:19 lap systemd[1]: Starting Network Time Synchronization...\n"
15370
"Jun 26 11:12:19 lap systemd[1]: Started Network Time Synchronization.\n"
15371
"Jun 26 11:12:19 lap systemd-timesyncd[12379]: Synchronized to time server "
15372
"[2001:67c:1560:8003::c8]:123 (ntp.ubuntu.com).\n"
15373
"</screen>"
15374
msgstr ""
15375
15376
#: serverguide/C/network-config.xml:1130(para)
15377
msgid ""
15378
"The nameserver to fetch time for <application>timedatectl</application> and "
15379
"<application>timesyncd</application> from can be specified in "
15380
"<filename>/etc/systemd/timesyncd.conf</filename> and additional config files "
15381
"can be stored in <filename>/etc/systemd/timesyncd.conf.d/</filename>. The "
15382
"entries for NTP= and FallbackNTP= are space separated lists."
15383
msgstr ""
15384
15385
#: serverguide/C/network-config.xml:1139(title)
15386
msgid "Serving NTP"
15387
msgstr ""
15388
15389
#: serverguide/C/network-config.xml:1140(para)
15390
msgid ""
15391
"If on top of synchronizing your system you also want to serve NTP "
15392
"information you need an ntp server. The most classic and supported one is "
15393
"<application>ntpd</application>, but it is also very old so there also are "
15394
"<application>openntpd</application> and <application>chrony</application> as "
15395
"alternatives available in the archive."
15396
msgstr ""
15397
15398
#: serverguide/C/network-config.xml:1145(title)
15399
msgid "ntpd"
15400
msgstr ""
15401
15402
#: serverguide/C/network-config.xml:1146(para)
15403
msgid ""
15404
"The ntp daemon ntpd calculates the drift of your system clock and "
15405
"continuously adjusts it, so there are no large corrections that could lead "
15406
"to inconsistent logs for instance. The cost is a little processing power and "
15407
"memory, but for a modern server this is negligible."
15408
msgstr ""
15409
15410
#: serverguide/C/network-config.xml:1154(para)
15411
msgid "To install ntpd, from a terminal prompt enter:"
15412
msgstr ""
15413
15414
#: serverguide/C/network-config.xml:1158(command)
15415
msgid "sudo apt install ntp"
15416
msgstr ""
15417
15418
#: serverguide/C/network-config.xml:1165(para)
15419
msgid ""
15420
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
15421
"default these servers are configured:"
15422
msgstr ""
15423
15424
#: serverguide/C/network-config.xml:1170(programlisting)
15425
#, no-wrap
15426
msgid ""
15427
"\n"
15428
"# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board\n"
15429
"# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for\n"
15430
"# more information.\n"
15431
"server 0.ubuntu.pool.ntp.org\n"
15432
"server 1.ubuntu.pool.ntp.org\n"
15433
"server 2.ubuntu.pool.ntp.org\n"
15434
"server 3.ubuntu.pool.ntp.org\n"
15435
msgstr ""
15436
15437
#: serverguide/C/network-config.xml:1180(para)
15438
msgid ""
15439
"After changing the config file you have to reload the "
15440
"<application>ntpd</application>:"
15441
msgstr ""
15442
15443
#: serverguide/C/network-config.xml:1185(command)
15444
msgid "sudo systemctl reload ntp.service"
15445
msgstr ""
15446
15447
#: serverguide/C/network-config.xml:1187(para)
15448
msgid ""
15449
"Of the pool number 2.ubuntu.pool.ntp.org as well as ntp.ubuntu.com also "
15450
"support ipv6 if needed. If one needs to force ipv6 there also is "
15451
"ipv6.ntp.ubuntu.com which is not configured by default."
15452
msgstr ""
15453
15454
#: serverguide/C/network-config.xml:1195(title)
15455
msgid "View status"
15456
msgstr ""
15457
15458
#: serverguide/C/network-config.xml:1196(para)
15459
msgid "Use ntpq to see more info:"
15460
msgstr ""
15461
15462
#: serverguide/C/network-config.xml:1200(command)
15463
msgid "# sudo ntpq -p"
15464
msgstr ""
15465
15466
#: serverguide/C/network-config.xml:1201(computeroutput)
15467
#, no-wrap
15468
msgid ""
15469
" remote refid st t when poll reach delay offset "
15470
"jitter\n"
15471
"============================================================================="
15472
"=\n"
15473
"+stratum2-2.NTP. 129.70.130.70 2 u 5 64 377 68.461 -44.274 "
15474
"110.334\n"
15475
"+ntp2.m-online.n 212.18.1.106 2 u 5 64 377 54.629 -27.318 "
15476
"78.882\n"
15477
"*145.253.66.170 .DCFa. 1 u 10 64 377 83.607 -30.159 "
15478
"68.343\n"
15479
"+stratum2-3.NTP. 129.70.130.70 2 u 5 64 357 68.795 -68.168 "
15480
"104.612\n"
15481
"+europium.canoni 193.79.237.14 2 u 63 64 337 81.534 -67.968 "
15482
"92.792"
15483
msgstr ""
15484
15485
#: serverguide/C/network-config.xml:1213(title)
15486
msgid "PPS Support"
15487
msgstr ""
15488
15489
#: serverguide/C/network-config.xml:1214(para)
15490
msgid ""
15491
"Since 16.04 ntp supports PPS discipline which can be used to augment ntp "
15492
"with local timesources for better accuracy. For more details on "
15493
"configuration see the external pps ressource listed below."
15494
msgstr ""
15495
15496
#: serverguide/C/network-config.xml:1227(para)
15497
msgid ""
15498
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
15499
"Time</ulink> wiki page for more information."
15500
msgstr ""
15501
15502
#: serverguide/C/network-config.xml:1233(ulink)
15503
msgid "ntp.org, home of the Network Time Protocol project"
15504
msgstr ""
15505
15506
#: serverguide/C/network-config.xml:1238(ulink)
15507
msgid "Freedesktop.org info on timedatectl"
15508
msgstr ""
15509
15510
#: serverguide/C/network-config.xml:1243(ulink)
15511
msgid "Freedesktop.org info on systemd-timesyncd service"
15512
msgstr ""
15513
15514
#: serverguide/C/network-config.xml:1248(ulink)
15515
msgid "ntp.org faq on configuring PPS"
15516
msgstr ""
15517
15518
#: serverguide/C/network-config.xml:1257(title)
15519
msgid "Data Plane Development Kit"
15520
msgstr ""
15521
15522
#: serverguide/C/network-config.xml:1258(para)
15523
msgid ""
15524
"The DPDK is a set of libraries and drivers for fast packet processing and "
15525
"runs mostly in Linux userland. It is a set of libraries that provide the so "
15526
"called \"Environment Abstraction Layer\" (EAL). The EAL hides the details of "
15527
"the environment and provides a standard programming interface. Common use "
15528
"cases are around special solutions for instance network function "
15529
"virtualization and advanced high-throughput network switching. The DPDK uses "
15530
"a run-to-completion model for fast data plane performance and accesses "
15531
"devices via polling to eliminate the latency of interrupt processing at the "
15532
"tradeoff of higher cpu consumption. It was designed to run on any "
15533
"processors. The first supported CPU was Intel x86 and it is now extended to "
15534
"IBM Power 8, EZchip TILE-Gx and ARM."
15535
msgstr ""
15536
15537
#: serverguide/C/network-config.xml:1269(para)
15538
msgid ""
15539
"Ubuntu currently supports DPDK version 2.2 and provides some infrastructure "
15540
"to ease its usability."
15541
msgstr ""
15542
15543
#: serverguide/C/network-config.xml:1274(title)
15544
msgid "Prerequisites"
15545
msgstr ""
15546
15547
#: serverguide/C/network-config.xml:1275(para)
15548
msgid ""
15549
"This package is currently compiled for the lowest possible CPU requirements. "
15550
"Which still requires at least SSE3 to be supported by the CPU."
15551
msgstr ""
15552
15553
#: serverguide/C/network-config.xml:1278(para)
15554
msgid ""
15555
"The list of upstream DPDK supported network cards can be found at <ulink "
15556
"url=\"http://dpdk.org/doc/nics\">supported NICs</ulink>. But a lot of those "
15557
"are disabled by default in the upstream Project as they are not yet in a "
15558
"stable state. The subset of network cards that DPDK has enabled in the "
15559
"package as available in Ubuntu 16.04 is:"
15560
msgstr ""
15561
15562
#: serverguide/C/network-config.xml:1283(para)
15563
msgid "Intel"
15564
msgstr ""
15565
15566
#: serverguide/C/network-config.xml:1288(para)
15567
msgid ""
15568
"<ulink url=\"http://dpdk.org/doc/guides/nics/e1000em.html\">e1000</ulink> "
15569
"(82540, 82545, 82546)"
15570
msgstr ""
15571
15572
#: serverguide/C/network-config.xml:1291(para)
15573
msgid ""
15574
"<ulink "
15575
"url=\"http://dpdk.org/browse/dpdk/tree/drivers/net/e1000/\">e1000e</ulink> "
15576
"(82571..82574, 82583, ICH8..ICH10, PCH..PCH2)"
15577
msgstr ""
15578
15579
#: serverguide/C/network-config.xml:1294(para)
15580
msgid ""
15581
"<ulink "
15582
"url=\"http://dpdk.org/browse/dpdk/tree/drivers/net/e1000/\">igb</ulink> "
15583
"(82575..82576, 82580, I210, I211, I350, I354, DH89xx)"
15584
msgstr ""
15585
15586
#: serverguide/C/network-config.xml:1297(para)
15587
msgid ""
15588
"<ulink url=\"http://dpdk.org/doc/guides/nics/ixgbe.html\">ixgbe</ulink> "
15589
"(82598..82599, X540, X550)"
15590
msgstr ""
15591
15592
#: serverguide/C/network-config.xml:1300(para)
15593
msgid ""
15594
"<ulink "
15595
"url=\"http://dpdk.org/browse/dpdk/tree/drivers/net/i40e/\">i40e</ulink> "
15596
"(X710, XL710, X722)"
15597
msgstr ""
15598
15599
#: serverguide/C/network-config.xml:1303(para)
15600
msgid ""
15601
"<ulink url=\"http://dpdk.org/doc/guides/nics/fm10k.html\">fm10k</ulink> "
15602
"(FM10420)"
15603
msgstr ""
15604
15605
#: serverguide/C/network-config.xml:1306(para)
15606
msgid "Chelsio"
15607
msgstr ""
15608
15609
#: serverguide/C/network-config.xml:1311(para)
15610
msgid ""
15611
"<ulink url=\"http://dpdk.org/doc/guides/nics/cxgbe.html\">cxgbe</ulink> "
15612
"(Terminator 5)"
15613
msgstr ""
15614
15615
#: serverguide/C/network-config.xml:1314(para)
15616
msgid "Cisco"
15617
msgstr ""
15618
15619
#: serverguide/C/network-config.xml:1319(para)
15620
msgid ""
15621
"<ulink "
15622
"url=\"http://dpdk.org/browse/dpdk/tree/drivers/net/enic\">enic</ulink> (UCS "
15623
"Virtual Interface Card)"
15624
msgstr ""
15625
15626
#: serverguide/C/network-config.xml:1322(para) serverguide/C/network-config.xml:1347(para)
15627
msgid "Paravirtualization"
15628
msgstr ""
15629
15630
#: serverguide/C/network-config.xml:1327(para)
15631
msgid ""
15632
"<ulink url=\"http://dpdk.org/doc/guides/nics/virtio.html\">virtio-"
15633
"net</ulink> (QEMU)"
15634
msgstr ""
15635
15636
#: serverguide/C/network-config.xml:1330(ulink)
15637
msgid "vmxnet3"
15638
msgstr ""
15639
15640
#: serverguide/C/network-config.xml:1333(para) serverguide/C/network-config.xml:1355(para)
15641
msgid "Others"
15642
msgstr ""
15643
15644
#: serverguide/C/network-config.xml:1338(para)
15645
msgid ""
15646
"<ulink "
15647
"url=\"http://dpdk.org/browse/dpdk/tree/drivers/net/af_packet\">af_packet</uli"
15648
"nk> (Linux AF_PACKET socket)"
15649
msgstr ""
15650
15651
#: serverguide/C/network-config.xml:1341(para)
15652
msgid ""
15653
"<ulink url=\"http://dpdk.org/doc/guides/nics/pcap_ring.html#rings-based-"
15654
"pmd\">ring</ulink> (memory)"
15655
msgstr ""
15656
15657
#: serverguide/C/network-config.xml:1344(para)
15658
msgid ""
15659
"On top it experimentally enables the following two PMD drivers as they "
15660
"represent (virtual) devices that are very accessible to end users."
15661
msgstr ""
15662
15663
#: serverguide/C/network-config.xml:1352(para)
15664
msgid ""
15665
"<ulink url=\"http://dpdk.org/doc/guides/xen/pkt_switch.html#xen-pmd-frontend-"
15666
"prerequisites\">xenvirt</ulink> (Xen)"
15667
msgstr ""
15668
15669
#: serverguide/C/network-config.xml:1360(para)
15670
msgid ""
15671
"<ulink url=\"http://dpdk.org/doc/guides/nics/pcap_ring.html#libpcap-based-"
15672
"pmd\">pcap</ulink> (file or kernel driver)"
15673
msgstr ""
15674
15675
#: serverguide/C/network-config.xml:1363(para)
15676
msgid ""
15677
"Cards have to be unassigned from their kernel driver and instead be assigned "
15678
"to uio_pci_generic of vfio-pci. uio_pci_generic is older and usually getting "
15679
"to work more easily."
15680
msgstr ""
15681
15682
#: serverguide/C/network-config.xml:1367(para)
15683
msgid ""
15684
"The newer vfio-pci requires that you activate the following kernel "
15685
"parameters to enable iommu."
15686
msgstr ""
15687
15688
#: serverguide/C/network-config.xml:1370(programlisting)
15689
#, no-wrap
15690
msgid ""
15691
"\n"
15692
"iommu=pt intel_iommu=on\n"
15693
"\t\t "
15694
msgstr ""
15695
15696
#: serverguide/C/network-config.xml:1373(para)
15697
msgid ""
15698
"On top for vfio-pci you then have to configure and assign the iommu groups "
15699
"accordingly."
15700
msgstr ""
15701
15702
#: serverguide/C/network-config.xml:1376(para)
15703
msgid ""
15704
"Note: In virtio based environment it is enough to \"unassign\" devices from "
15705
"the kernel driver. Without that DPDK will reject to use the device to avoid "
15706
"issues with kernel and DPDK working on the device at the same time. Since "
15707
"DPDK can work directly on virtio devices it is not required to assign e.g. "
15708
"uio_pci_generic to those devices."
15709
msgstr ""
15710
15711
#: serverguide/C/network-config.xml:1381(para)
15712
msgid ""
15713
"Manual configuration and status checks can be done via sysfs or with the "
15714
"tool dpdk_nic_bind"
15715
msgstr ""
15716
15717
#: serverguide/C/network-config.xml:1384(programlisting)
15718
#, no-wrap
15719
msgid ""
15720
"\n"
15721
"dpdk_nic_bind --help\n"
15722
"\n"
15723
"Usage:\n"
15724
"------\n"
15725
"\n"
15726
" dpdk_nic_bind [options] DEVICE1 DEVICE2 ....\n"
15727
"\n"
15728
" where DEVICE1, DEVICE2 etc, are specified via PCI "
15729
"\"domain:bus:slot.func\" syntax\n"
15730
" or \"bus:slot.func\" syntax. For devices bound to Linux kernel drivers, "
15731
"they may\n"
15732
" also be referred to by Linux interface name e.g. eth0, eth1, em0, em1, "
15733
"etc.\n"
15734
"\n"
15735
" Options:\n"
15736
" --help, --usage:\n"
15737
" Display usage information and quit\n"
15738
"\n"
15739
" -s, --status:\n"
15740
" Print the current status of all known network interfaces.\n"
15741
" For each device, it displays the PCI domain, bus, slot and "
15742
"function,\n"
15743
" along with a text description of the device. Depending upon "
15744
"whether the\n"
15745
" device is being used by a kernel driver, the igb_uio driver, or "
15746
"no\n"
15747
" driver, other relevant information will be displayed:\n"
15748
" * the Linux interface name e.g. if=eth0\n"
15749
" * the driver being used e.g. drv=igb_uio\n"
15750
" * any suitable drivers not currently using that device\n"
15751
" e.g. unused=igb_uio\n"
15752
" NOTE: if this flag is passed along with a bind/unbind option, the "
15753
"status\n"
15754
" display will always occur after the other operations have taken "
15755
"place.\n"
15756
"\n"
15757
" -b driver, --bind=driver:\n"
15758
" Select the driver to use or \"none\" to unbind the device\n"
15759
"\n"
15760
" -u, --unbind:\n"
15761
" Unbind a device (Equivalent to \"-b none\")\n"
15762
"\n"
15763
" --force:\n"
15764
" By default, devices which are used by Linux - as indicated by "
15765
"having\n"
15766
" routes in the routing table - cannot be modified. Using the --"
15767
"force\n"
15768
" flag overrides this behavior, allowing active links to be "
15769
"forcibly\n"
15770
" unbound.\n"
15771
" WARNING: This can lead to loss of network connection and should "
15772
"be used\n"
15773
" with caution.\n"
15774
"\n"
15775
" Examples:\n"
15776
" ---------\n"
15777
"\n"
15778
" To display current device status:\n"
15779
" dpdk_nic_bind --status\n"
15780
"\n"
15781
" To bind eth1 from the current driver and move to use igb_uio\n"
15782
" dpdk_nic_bind --bind=igb_uio eth1\n"
15783
"\n"
15784
" To unbind 0000:01:00.0 from using any driver\n"
15785
" dpdk_nic_bind -u 0000:01:00.0\n"
15786
"\n"
15787
" To bind 0000:02:00.0 and 0000:02:00.1 to the ixgbe kernel driver\n"
15788
" dpdk_nic_bind -b ixgbe 02:00.0 02:00.\n"
15789
msgstr ""
15790
15791
#: serverguide/C/network-config.xml:1445(title)
15792
msgid "DPDK Device configuration"
15793
msgstr ""
15794
15795
#: serverguide/C/network-config.xml:1446(para)
15796
msgid ""
15797
"The package <emphasis>dpdk</emphasis> provides init scripts that ease "
15798
"configuration of device assignment and huge pages. It also makes them "
15799
"persistent accross reboots."
15800
msgstr ""
15801
15802
#: serverguide/C/network-config.xml:1450(para)
15803
msgid ""
15804
"The following is an example of the file /etc/dpdk/interfaces configuring two "
15805
"ports of a network card. One with uio_pci_generic and the other one with "
15806
"vfio-pci"
15807
msgstr ""
15808
15809
#: serverguide/C/network-config.xml:1454(programlisting)
15810
#, no-wrap
15811
msgid ""
15812
"\n"
15813
"# <bus> Currently only \"pci\" is supported\n"
15814
"# <id> Device ID on the specified bus\n"
15815
"# <driver> Driver to bind against (vfio-pci or uio_pci_generic)\n"
15816
"#\n"
15817
"# Be aware that the two DPDK compatible drivers uio_pci_generic and vfio-pci "
15818
"are\n"
15819
"# part of linux-image-extra-<VERSION> package.\n"
15820
"# This package is not always installed by default - for example in cloud-"
15821
"images.\n"
15822
"# So please install it in case you run into missing module issues.\n"
15823
"#\n"
15824
"# <bus> <id> <driver>\n"
15825
"pci 0000:04:00.0 uio_pci_generic\n"
15826
"pci 0000:04:00.1 vfio-pci\n"
15827
"\t\t "
15828
msgstr ""
15829
15830
#: serverguide/C/network-config.xml:1468(para)
15831
msgid ""
15832
"Cards are identified by their PCI-ID. If you are unsure you might use the "
15833
"tool dpdk_nic_bind to show the current available devices and the drivers "
15834
"they are assigned to."
15835
msgstr ""
15836
15837
#: serverguide/C/network-config.xml:1472(command)
15838
msgid "dpdk_nic_bind --status"
15839
msgstr ""
15840
15841
#: serverguide/C/network-config.xml:1473(computeroutput)
15842
#, no-wrap
15843
msgid ""
15844
"\n"
15845
"Network devices using DPDK-compatible driver\n"
15846
"============================================\n"
15847
"0000:04:00.0 'Ethernet Controller 10-Gigabit X540-AT2' drv=uio_pci_generic "
15848
"unused=ixgbe\n"
15849
"\n"
15850
"Network devices using kernel driver\n"
15851
"===================================\n"
15852
"0000:02:00.0 'NetXtreme BCM5719 Gigabit Ethernet PCIe' if=eth0 drv=tg3 "
15853
"unused=uio_pci_generic *Active*\n"
15854
"0000:02:00.1 'NetXtreme BCM5719 Gigabit Ethernet PCIe' if=eth1 drv=tg3 "
15855
"unused=uio_pci_generic \n"
15856
"0000:02:00.2 'NetXtreme BCM5719 Gigabit Ethernet PCIe' if=eth2 drv=tg3 "
15857
"unused=uio_pci_generic \n"
15858
"0000:02:00.3 'NetXtreme BCM5719 Gigabit Ethernet PCIe' if=eth3 drv=tg3 "
15859
"unused=uio_pci_generic \n"
15860
"0000:04:00.1 'Ethernet Controller 10-Gigabit X540-AT2' if=eth5 drv=ixgbe "
15861
"unused=uio_pci_generic \n"
15862
"\n"
15863
"Other network devices\n"
15864
"=====================\n"
15865
"<none>\n"
15866
msgstr ""
15867
15868
#: serverguide/C/network-config.xml:1494(title)
15869
msgid "DPDK HugePage configuration"
15870
msgstr ""
15871
15872
#: serverguide/C/network-config.xml:1495(para)
15873
msgid ""
15874
"DPDK makes heavy use of huge pages to eliminate pressure on the TLB. "
15875
"Therefore hugepages have to be configured in your system."
15876
msgstr ""
15877
15878
#: serverguide/C/network-config.xml:1499(para)
15879
msgid ""
15880
"The <emphasis>dpdk</emphasis> package has a config file and scripts that try "
15881
"to ease hugepage configuration for DPDK in the form of "
15882
"<emphasis>/etc/dpdk/dpdk.conf</emphasis>. If you have more consumers of "
15883
"hugepages than just DPDK in your system or very special requirements how "
15884
"your hugepages are going to be set up you likely want to allocate/control "
15885
"them by yourself. If not this can be a great simplification to get DPDK "
15886
"configured for your needs."
15887
msgstr ""
15888
15889
#: serverguide/C/network-config.xml:1504(para)
15890
msgid "Here an example configuring 1024 Hugepages of 2M each and 4 1G pages."
15891
msgstr ""
15892
15893
#: serverguide/C/network-config.xml:1507(programlisting)
15894
#, no-wrap
15895
msgid ""
15896
"\n"
15897
"NR_2M_PAGES=1024\n"
15898
"NR_1G_PAGES=4\n"
15899
"\t\t "
15900
msgstr ""
15901
15902
#: serverguide/C/network-config.xml:1511(para)
15903
msgid ""
15904
"As shown this supports configuring 2M and the larger 1G hugepages (or a mix "
15905
"of both). It will make sure there are proper hugetlbfs mountpoints for DPDK "
15906
"to find both sizes no matter what your default huge page size is. The config "
15907
"file itself holds more details on certain corner cases and a few hints if "
15908
"you want to allocate hugepages manually via a kernel parameter."
15909
msgstr ""
15910
15911
#: serverguide/C/network-config.xml:1516(para)
15912
msgid ""
15913
"It depends on your needs which size you want - 1G pages are certainly more "
15914
"effective regarding TLB pressure. But there were reports of them fragmenting "
15915
"inside the DPDK memory alloactions. Also it can be harder to grab enough "
15916
"free space to set up a certain amount of 1G pages later in the lifecycle of "
15917
"a system."
15918
msgstr ""
15919
15920
#: serverguide/C/network-config.xml:1524(title)
15921
msgid "Compile DPDK Applications"
15922
msgstr ""
15923
15924
#: serverguide/C/network-config.xml:1525(para)
15925
msgid ""
15926
"Currently there are not a lot consumers of the DPDK library that are stable "
15927
"and released. OpenVswitch-DPDK being an exception to that (see below), but "
15928
"in general it is very likely that you might want / have to compile an app "
15929
"against the library."
15930
msgstr ""
15931
15932
#: serverguide/C/network-config.xml:1529(para)
15933
msgid ""
15934
"You will often find guides that tell you to fetch the DPDK sources, build "
15935
"them to your needs and eventually build your application based on DPDK by "
15936
"setting values RTE_* for the build system. Since Ubunutu provides an already "
15937
"compiled DPDK for you can can skip all that. To simplify setting the proper "
15938
"variables you can source the file /usr/share/dpdk/dpdk-sdk-env.sh before "
15939
"building your application. Here an excerpt building the l2fwd example "
15940
"application delivered with the dpdk-doc package."
15941
msgstr ""
15942
15943
#: serverguide/C/network-config.xml:1535(programlisting)
15944
#, no-wrap
15945
msgid ""
15946
"\n"
15947
"sudo apt-get install dpdk-dev libdpdk-dev\n"
15948
". /usr/share/dpdk/dpdk-sdk-env.sh\n"
15949
"make -C /usr/share/dpdk/examples/l2fwd\n"
15950
"\t\t "
15951
msgstr ""
15952
15953
#: serverguide/C/network-config.xml:1540(para)
15954
msgid ""
15955
"Depending on what you build it might be a good addition to install all of "
15956
"DPDK build dependencies before the make."
15957
msgstr ""
15958
15959
#: serverguide/C/network-config.xml:1543(programlisting)
15960
#, no-wrap
15961
msgid ""
15962
"\n"
15963
"sudo apt-get install build-dep dpdk\n"
15964
"\t\t "
15965
msgstr ""
15966
15967
#: serverguide/C/network-config.xml:1549(title)
15968
msgid "OpenVswitch-DPDK"
15969
msgstr ""
15970
15971
#: serverguide/C/network-config.xml:1550(para)
15972
msgid ""
15973
"Being a library it doesn't do a lot on its own, so it depends on emerging "
15974
"projects making use of it. One consumer of the library that already is "
15975
"bundled in the Ubuntu 16.04 release is OpenVswitch with DPDK support in the "
15976
"package openvswitch-switch-dpdk."
15977
msgstr ""
15978
15979
#: serverguide/C/network-config.xml:1554(para)
15980
msgid ""
15981
"Here an example how to install and configure a basic OpenVswitch using DPDK "
15982
"for later use via libvirt/qemu-kvm."
15983
msgstr ""
15984
15985
#: serverguide/C/network-config.xml:1557(programlisting)
15986
#, no-wrap
15987
msgid ""
15988
"\n"
15989
"sudo apt-get install openvswitch-switch-dpdk\n"
15990
"sudo update-alternatives --set ovs-vswitchd /usr/lib/openvswitch-switch-"
15991
"dpdk/ovs-vswitchd-dpdk\n"
15992
"echo \"DPDK_OPTS='--dpdk -c 0x1 -n 4 -m 2048 --vhost-owner libvirt-qemu:kvm -"
15993
"-vhost-perm 0664'\" | sudo tee -a /etc/default/openvswitch-switch\n"
15994
"sudo service openvswitch-switch restart\n"
15995
"\t\t "
15996
msgstr ""
15997
15998
#: serverguide/C/network-config.xml:1563(para)
15999
msgid ""
16000
"Please remember that you have to assign devices to DPDK compatible drivers "
16001
"(see above) before restarting."
16002
msgstr ""
16003
16004
#: serverguide/C/network-config.xml:1566(para)
16005
msgid ""
16006
"The section <emphasis>--vhost-owner libvirt-qemu:kvm --vhost-perm "
16007
"0664</emphasis> will set vhost_user ports up with owner/permissions to be "
16008
"compatible with Ubuntus way of running qemu-kvm/libvirt with reduced "
16009
"privileges for more security."
16010
msgstr ""
16011
16012
#: serverguide/C/network-config.xml:1569(para)
16013
msgid ""
16014
"Please note that the section <emphasis>-m 2048</emphasis> is the most basic "
16015
"numa setup for a single socket system. If you have multiple sockets you "
16016
"might want to define how to split your memory among them, for example "
16017
"<emphasis>-m 1024, 1024</emphasis>. Please be aware that DPDK will try to "
16018
"work only with local memory to the network cards it works with (for "
16019
"performance reasons). That said if you have multiple nodes, but all network "
16020
"cards on one, you should consider spreading your cards. If not at least "
16021
"allocate your memory to the node where the cards reside, for example in a "
16022
"two node all to node #2: <emphasis>-m 0, 2048</emphasis>. You can use the "
16023
"tool <emphasis>lstopo</emphasis> from the package <emphasis>hwloc-"
16024
"nox</emphasis> to see on which socket your cards are located."
16025
msgstr ""
16026
16027
#: serverguide/C/network-config.xml:1577(para)
16028
msgid ""
16029
"The OpenVswitch you now started supports all port types OpenVswitch usually "
16030
"does, plus DPDK port types. Here an example how to create a bridge and - "
16031
"instead of a normal external port - add an external DPDK port to it."
16032
msgstr ""
16033
16034
#: serverguide/C/network-config.xml:1581(programlisting)
16035
#, no-wrap
16036
msgid ""
16037
"\n"
16038
"ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 datapath_type=netdev\n"
16039
"ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 type=dpdk\n"
16040
"\t\t "
16041
msgstr ""
16042
16043
#: serverguide/C/network-config.xml:1586(para)
16044
msgid ""
16045
"The enablement of DPDK in Open vSwitch has changed in version 2.6. So for "
16046
"users of releases >=16.10, but also for users of the <ulink "
16047
"url=\"https://wiki.ubuntu.com/OpenStack/CloudArchive\">Ubuntu Cloud "
16048
"Archive</ulink> >=neutron the enablement has changed compared to that for "
16049
"users of Ubuntu 16.04. The options formerly passed via "
16050
"<emphasis>DPDK_OPTS</emphasis> are now configured via ovs-vsctl into the "
16051
"Open vSwitch configuration database."
16052
msgstr ""
16053
16054
#: serverguide/C/network-config.xml:1591(para)
16055
msgid "The same example as above would in the new way look like:"
16056
msgstr ""
16057
16058
#: serverguide/C/network-config.xml:1594(programlisting)
16059
#, no-wrap
16060
msgid ""
16061
"\n"
16062
"# Enable DPDK\n"
16063
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-init=true\"\n"
16064
"# run on core 0\n"
16065
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-lcore-mask=0x1\"\n"
16066
"# Allocate 2G huge pages (not Numa node aware)\n"
16067
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-alloc-mem=2048\"\n"
16068
"# group/permissions for vhost-user sockets (required to work with "
16069
"libvirt/qemu)\n"
16070
"ovs-vsctl set Open_vSwitch . \\\n"
16071
" \"other_config:dpdk-extra=--vhost-owner libvirt-qemu:kvm --vhost-perm "
16072
"0666\"\n"
16073
"\t\t "
16074
msgstr ""
16075
16076
#: serverguide/C/network-config.xml:1609(filename)
16077
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK.md.gz"
16078
msgstr ""
16079
16080
#: serverguide/C/network-config.xml:1610(filename)
16081
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK-ADVANCED.md.gz"
16082
msgstr ""
16083
16084
#: serverguide/C/network-config.xml:1611(command)
16085
msgid "man ovs-vswitchd.conf.db"
16086
msgstr ""
16087
16088
#: serverguide/C/network-config.xml:1605(para)
16089
msgid ""
16090
"Please see the associated upstream documentation and the man page of the "
16091
"vswitch configuration as provided by the package for more details: "
16092
"<placeholder-1/>"
16093
msgstr ""
16094
16095
#: serverguide/C/network-config.xml:1618(title)
16096
msgid "OpenVswitch DPDK to KVM Guests"
16097
msgstr ""
16098
16099
#: serverguide/C/network-config.xml:1619(para)
16100
msgid ""
16101
"If you are not building some sort of SDN switch or NFV on top of DPDK it is "
16102
"very likely that you want to forward traffic to KVM guests. The good news "
16103
"is, that with the new qemu/libvirt/dpdk/openvswitch versions in Ubuntu 16.04 "
16104
"this is no more about manually appending commandline string. This chapter "
16105
"covers a basic configuration how to connect a KVM guest to a OpenVswitch-"
16106
"DPDK instance."
16107
msgstr ""
16108
16109
#: serverguide/C/network-config.xml:1624(para)
16110
msgid ""
16111
"The Guest has to be backed by shared hugepages for DPDK/vhost_user to work. "
16112
"To ensure in general that libvirt/qemu-kvm finds a proper hugepage "
16113
"mountpoint you can just enable KVM_HUGEPAGES in /etc/default/qemu-kvm. "
16114
"Afterwards restart the service to pick up the changed configuration."
16115
msgstr ""
16116
16117
#: serverguide/C/network-config.xml:1629(programlisting)
16118
#, no-wrap
16119
msgid ""
16120
"\n"
16121
"sed -ri -e 's,(KVM_HUGEPAGES=).*,\\11,' /etc/default/qemu-kvm\n"
16122
"service qemu-kvm restart\n"
16123
"\t\t "
16124
msgstr ""
16125
16126
#: serverguide/C/network-config.xml:1633(para)
16127
msgid ""
16128
"To let a guest be backed by hugepages is now also supported via recent "
16129
"libvirt, just add the following snippet to your virsh xml (or the equivalent "
16130
"libvirt interface you use). Those xmls can also be used as templates to "
16131
"easily spawn guests with \"uvt-kvm create\"."
16132
msgstr ""
16133
16134
#: serverguide/C/network-config.xml:1637(programlisting)
16135
#, no-wrap
16136
msgid ""
16137
"\n"
16138
"<numa>\n"
16139
"<cell id='0' cpus='0' memory='6291456' unit='KiB' "
16140
"memAccess='shared'/>\n"
16141
"</numa>\n"
16142
"[...]\n"
16143
"<memoryBacking>\n"
16144
"<hugepages>\n"
16145
"<page size=\"2\" unit=\"M\" nodeset=\"0\"/>\n"
16146
"</hugepages>\n"
16147
"</memoryBacking>\n"
16148
"\t\t "
16149
msgstr ""
16150
16151
#: serverguide/C/network-config.xml:1648(para)
16152
msgid ""
16153
"The new and recommended way to get to a KVM guest is using vhost_user. This "
16154
"will cause DPDK to create a socket that qemu will connect the guest to. Here "
16155
"an example how to add such a port to the bridge you created (see above)."
16156
msgstr ""
16157
16158
#: serverguide/C/network-config.xml:1653(programlisting)
16159
#, no-wrap
16160
msgid ""
16161
"\n"
16162
"ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-user-1 "
16163
"type=dpdkvhostuser\n"
16164
"\t\t "
16165
msgstr ""
16166
16167
#: serverguide/C/network-config.xml:1656(para)
16168
msgid ""
16169
"This will create a vhost_user socket at /var/run/openvswitch/vhost-user-1"
16170
msgstr ""
16171
16172
#: serverguide/C/network-config.xml:1659(para)
16173
msgid ""
16174
"To let libvirt/kvm consume this socket and create a guest virtio network "
16175
"device for it add a snippet like this to your guest definition as the "
16176
"network definition."
16177
msgstr ""
16178
16179
#: serverguide/C/network-config.xml:1662(programlisting)
16180
#, no-wrap
16181
msgid ""
16182
"\n"
16183
"<interface type='vhostuser'>\n"
16184
"<source type='unix'\n"
16185
"path='/var/run/openvswitch/vhost-user-1'\n"
16186
"mode='client'/>\n"
16187
"<model type='virtio'/>\n"
16188
"</interface>\n"
16189
"\t\t "
16190
msgstr ""
16191
16192
#: serverguide/C/network-config.xml:1673(title)
16193
msgid "DPDK in KVM Guests"
16194
msgstr ""
16195
16196
#: serverguide/C/network-config.xml:1674(para)
16197
msgid ""
16198
"If you have no access to DPDK supported network cards you can still work "
16199
"with DPDK by using its support for virtio. To do so you have to create "
16200
"guests backed by hugepages (see above)."
16201
msgstr ""
16202
16203
#: serverguide/C/network-config.xml:1678(para)
16204
msgid ""
16205
"On top of that there it is required to have at least SSE3. The default CPU "
16206
"model qemu/libvirt uses is only up to SSE2. So you will have to define a "
16207
"model that passed the proper feature flag - and of course have a Host system "
16208
"that supportes it. An example can be found in following snippet to your "
16209
"virsh xml (or the equivalent virsh interface you use)."
16210
msgstr ""
16211
16212
#: serverguide/C/network-config.xml:1684(programlisting)
16213
#, no-wrap
16214
msgid ""
16215
"\n"
16216
"<cpu mode='host-passthrough'>\n"
16217
"\t\t "
16218
msgstr ""
16219
16220
#: serverguide/C/network-config.xml:1687(para)
16221
msgid ""
16222
"This example is rather offensive and passes all host features. That in turn "
16223
"makes the guest not very migratable as the target would need all the "
16224
"features as well. A \"softer\" way is to just add sse3 to the default model "
16225
"like the following example."
16226
msgstr ""
16227
16228
#: serverguide/C/network-config.xml:1692(programlisting)
16229
#, no-wrap
16230
msgid ""
16231
"\n"
16232
"<cpu mode='custom' match='exact'>\n"
16233
"<model fallback='allow'>qemu64</model>\n"
16234
"<feature policy='require' name='ssse3'/>\n"
16235
"</cpu>\n"
16236
"\t\t "
16237
msgstr ""
16238
16239
#: serverguide/C/network-config.xml:1698(para)
16240
msgid ""
16241
"Also virtio nowadays supports multiqueue which DPDK in turn can exploit for "
16242
"better speed. To modify a normal virtio definition to have multiple queues "
16243
"add the following to your interface definition. This is about enhancing a "
16244
"normal virtio nic to have multiple queues, to later on be consumed e.g. by "
16245
"DPDK in the guest."
16246
msgstr ""
16247
16248
#: serverguide/C/network-config.xml:1703(programlisting)
16249
#, no-wrap
16250
msgid ""
16251
"\n"
16252
"<driver name=\"vhost\" queues=\"4\"/>\n"
16253
"\t\t "
16254
msgstr ""
16255
16256
#: serverguide/C/network-config.xml:1709(title)
16257
msgid "Tuning Openvswitch-DPDK"
16258
msgstr ""
16259
16260
#: serverguide/C/network-config.xml:1710(para)
16261
msgid ""
16262
"DPDK has plenty of options - in combination with Openvswitch-DPDK the two "
16263
"most commonly used are:"
16264
msgstr ""
16265
16266
#: serverguide/C/network-config.xml:1713(programlisting)
16267
#, no-wrap
16268
msgid ""
16269
"\n"
16270
"ovs-vsctl set Open_vSwitch . other_config:n-dpdk-rxqs=2\n"
16271
"ovs-vsctl set Open_vSwitch . other_config:pmd-cpu-mask=0x6\n"
16272
"\t\t "
16273
msgstr ""
16274
16275
#: serverguide/C/network-config.xml:1717(para)
16276
msgid ""
16277
"The first select how many rx queues are to be used for each DPDK interface, "
16278
"while the second controls how many and where to run PMD threads. The example "
16279
"above will utilize two rx queues and run PMD threads on CPU 1 and 2. See the "
16280
"referred links to \"EAL Command-line Options\" and \"OpenVswitch DPDK "
16281
"installation\" at the end of this document for more."
16282
msgstr ""
16283
16284
#: serverguide/C/network-config.xml:1722(para)
16285
msgid ""
16286
"As usual with tunings you have to know your system and workload really well -"
16287
" so please verify any tunings with workloads matching your real use case."
16288
msgstr ""
16289
16290
#: serverguide/C/network-config.xml:1729(para)
16291
msgid ""
16292
"DPDK is a fast evolving project. In any case of a search for support and "
16293
"further guides it is highly recommended to first check if they apply to the "
16294
"current version."
16295
msgstr ""
16296
16297
#: serverguide/C/network-config.xml:1737(ulink)
16298
msgid "DPDK Mailing Lists"
16299
msgstr ""
16300
16301
#: serverguide/C/network-config.xml:1741(para)
16302
msgid ""
16303
"For OpenVswitch-DPDK <ulink url=\"http://openvswitch.org/mlists\">OpenStack "
16304
"Mailing Lists</ulink>"
16305
msgstr ""
16306
16307
#: serverguide/C/network-config.xml:1746(para)
16308
msgid ""
16309
"Known issues in <ulink "
16310
"url=\"https://bugs.launchpad.net/ubuntu/+source/dpdk\">DPDK Launchpad "
16311
"Area</ulink>"
16312
msgstr ""
16313
16314
#: serverguide/C/network-config.xml:1751(para)
16315
msgid "Join the IRC channels #DPDK or #openvswitch on freenode."
16316
msgstr ""
16317
16318
#: serverguide/C/network-config.xml:1757(para)
16319
msgid ""
16320
"Issues are often due to missing small details in the general setup. Later "
16321
"on, these missing details cause problems which can be hard to track down to "
16322
"their root cause. A common case seems to be the \"could not open network "
16323
"device dpdk0 (No such device)\" issue. This occurs rather late when setting "
16324
"up a port in Open vSwitch with DPDK. But the root cause most of the time is "
16325
"very early in the setup and initialization. Here an example how a proper "
16326
"initialization of a device looks - this can be found in the syslog/journal "
16327
"when starting Open vSwitch with DPDK enabled."
16328
msgstr ""
16329
16330
#: serverguide/C/network-config.xml:1768(programlisting)
16331
#, no-wrap
16332
msgid ""
16333
"\n"
16334
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
16335
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16336
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
16337
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
16338
"\t\t "
16339
msgstr ""
16340
16341
#: serverguide/C/network-config.xml:1775(para)
16342
msgid ""
16343
"If this is missing, either by ignored cards, failed initialization or other "
16344
"reasons, later on there will be no DPDK device to refer to. Unfortunately "
16345
"the logging is spread across syslog/journal and the openvswitch log. To "
16346
"allow some cross checking here an example what can be found in these logs, "
16347
"relative to the entered command."
16348
msgstr ""
16349
16350
#: serverguide/C/network-config.xml:1783(programlisting)
16351
#, no-wrap
16352
msgid ""
16353
"\n"
16354
"#Note: This log was taken with dpdk 2.2 and openvswitch 2.5\n"
16355
"Captions:\n"
16356
"CMD: that you enter\n"
16357
"SYSLOG: (Inlcuding EAL and OVS Messages)\n"
16358
"OVS-LOG: (Openvswitch messages)\n"
16359
"\n"
16360
"#PREPARATION\n"
16361
"Bind an interface to DPDK UIO drivers, make Hugepages available, enable DPDK "
16362
"on OVS\n"
16363
"\n"
16364
"CMD: sudo service openvswitch-switch restart\n"
16365
"\n"
16366
"SYSLOG:\n"
16367
"2016-01-22T08:58:31.372Z|00003|daemon_unix(monitor)|INFO|pid 3329 died, "
16368
"killed (Terminated), exiting\n"
16369
"2016-01-22T08:58:33.377Z|00002|vlog|INFO|opened log file "
16370
"/var/log/openvswitch/ovs-vswitchd.log\n"
16371
"2016-01-22T08:58:33.381Z|00003|ovs_numa|INFO|Discovered 12 CPU cores on NUMA "
16372
"node 0\n"
16373
"2016-01-22T08:58:33.381Z|00004|ovs_numa|INFO|Discovered 1 NUMA nodes and 12 "
16374
"CPU cores\n"
16375
"2016-01-"
16376
"22T08:58:33.381Z|00005|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
16377
"connecting...\n"
16378
"2016-01-"
16379
"22T08:58:33.383Z|00006|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
16380
"connected\n"
16381
"2016-01-22T08:58:33.386Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) "
16382
"2.5.0\n"
16383
"\n"
16384
"OVS-LOG:\n"
16385
"systemd[1]: Stopping Open vSwitch...\n"
16386
"systemd[1]: Stopped Open vSwitch.\n"
16387
"systemd[1]: Stopping Open vSwitch Internal Unit...\n"
16388
"ovs-ctl[3541]: * Killing ovs-vswitchd (3329)\n"
16389
"ovs-ctl[3541]: * Killing ovsdb-server (3318)\n"
16390
"systemd[1]: Stopped Open vSwitch Internal Unit.\n"
16391
"systemd[1]: Starting Open vSwitch Internal Unit...\n"
16392
"ovs-ctl[3560]: * Starting ovsdb-server\n"
16393
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set "
16394
"Open_vSwitch . db-version=7.12.1\n"
16395
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set "
16396
"Open_vSwitch . ovs-version=2.5.0 \"external-ids:system-id=\\\"e7c5ba80-bb14-"
16397
"45c1-b8eb-628f3ad03903\\\"\" \"system-type=\\\"Ubuntu\\\"\" \"system-"
16398
"version=\\\"16.04-xenial\\\"\"\n"
16399
"ovs-ctl[3560]: * Configuring Open vSwitch system IDs\n"
16400
"ovs-ctl[3560]: 2016-01-22T08:58:31Z|00001|dpdk|INFO|No -vhost_sock_dir "
16401
"provided - defaulting to /var/run/openvswitch\n"
16402
"ovs-vswitchd: ovs|00001|dpdk|INFO|No -vhost_sock_dir provided - defaulting "
16403
"to /var/run/openvswitch\n"
16404
"ovs-ctl[3560]: EAL: Detected lcore 0 as core 0 on socket 0\n"
16405
"ovs-ctl[3560]: EAL: Detected lcore 1 as core 1 on socket 0\n"
16406
"ovs-ctl[3560]: EAL: Detected lcore 2 as core 2 on socket 0\n"
16407
"ovs-ctl[3560]: EAL: Detected lcore 3 as core 3 on socket 0\n"
16408
"ovs-ctl[3560]: EAL: Detected lcore 4 as core 4 on socket 0\n"
16409
"ovs-ctl[3560]: EAL: Detected lcore 5 as core 5 on socket 0\n"
16410
"ovs-ctl[3560]: EAL: Detected lcore 6 as core 0 on socket 0\n"
16411
"ovs-ctl[3560]: EAL: Detected lcore 7 as core 1 on socket 0\n"
16412
"ovs-ctl[3560]: EAL: Detected lcore 8 as core 2 on socket 0\n"
16413
"ovs-ctl[3560]: EAL: Detected lcore 9 as core 3 on socket 0\n"
16414
"ovs-ctl[3560]: EAL: Detected lcore 10 as core 4 on socket 0\n"
16415
"ovs-ctl[3560]: EAL: Detected lcore 11 as core 5 on socket 0\n"
16416
"ovs-ctl[3560]: EAL: Support maximum 128 logical core(s) by configuration.\n"
16417
"ovs-ctl[3560]: EAL: Detected 12 lcore(s)\n"
16418
"ovs-ctl[3560]: EAL: VFIO modules not all loaded, skip VFIO support...\n"
16419
"ovs-ctl[3560]: EAL: Setting up physically contiguous memory...\n"
16420
"ovs-ctl[3560]: EAL: Ask a virtual area of 0x100000000 bytes\n"
16421
"ovs-ctl[3560]: EAL: Virtual area found at 0x7f2040000000 (size = "
16422
"0x100000000)\n"
16423
"ovs-ctl[3560]: EAL: Requesting 4 pages of size 1024MB from socket 0\n"
16424
"ovs-ctl[3560]: EAL: TSC frequency is ~2397202 KHz\n"
16425
"ovs-vswitchd[3592]: EAL: TSC frequency is ~2397202 KHz\n"
16426
"ovs-vswitchd[3592]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
16427
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
16428
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16429
"ovs-vswitchd[3592]: EAL: Not managed by a supported kernel driver, "
16430
"skipped\n"
16431
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
16432
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16433
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140000000\n"
16434
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140200000\n"
16435
"ovs-ctl[3560]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
16436
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
16437
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16438
"ovs-ctl[3560]: EAL: Not managed by a supported kernel driver, skipped\n"
16439
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
16440
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16441
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
16442
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
16443
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
16444
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
16445
"deviceID=0x1528\n"
16446
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
16447
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
16448
"deviceID=0x1528\n"
16449
"ovs-ctl[3560]: Zone 0: name:<RG_MP_log_history>, phys:0x83fffdec0, "
16450
"len:0x2080, virt:0x7f213fffdec0, socket_id:0, flags:0\n"
16451
"ovs-ctl[3560]: Zone 1: name:<MP_log_history>, phys:0x83fd73d40, "
16452
"len:0x28a0c0, virt:0x7f213fd73d40, socket_id:0, flags:0\n"
16453
"ovs-ctl[3560]: Zone 2: name:<rte_eth_dev_data>, phys:0x83fd43380, "
16454
"len:0x2f700, virt:0x7f213fd43380, socket_id:0, flags:0\n"
16455
"ovs-ctl[3560]: * Starting ovs-vswitchd\n"
16456
"ovs-ctl[3560]: * Enabling remote OVSDB managers\n"
16457
"systemd[1]: Started Open vSwitch Internal Unit.\n"
16458
"systemd[1]: Starting Open vSwitch...\n"
16459
"systemd[1]: Started Open vSwitch.\n"
16460
"\n"
16461
"\n"
16462
"CMD: sudo ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 "
16463
"datapath_type=netdev\n"
16464
"\n"
16465
"SYSLOG:\n"
16466
"2016-01-22T08:58:56.344Z|00008|memory|INFO|37256 kB peak resident set size "
16467
"after 24.5 seconds\n"
16468
"2016-01-22T08:58:56.346Z|00009|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16469
"supports recirculation\n"
16470
"2016-01-22T08:58:56.346Z|00010|ofproto_dpif|INFO|netdev@ovs-netdev: MPLS "
16471
"label stack length probed as 3\n"
16472
"2016-01-22T08:58:56.346Z|00011|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16473
"supports unique flow ids\n"
16474
"2016-01-22T08:58:56.346Z|00012|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16475
"does not support ct_state\n"
16476
"2016-01-22T08:58:56.346Z|00013|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16477
"does not support ct_zone\n"
16478
"2016-01-22T08:58:56.346Z|00014|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16479
"does not support ct_mark\n"
16480
"2016-01-22T08:58:56.346Z|00015|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16481
"does not support ct_label\n"
16482
"2016-01-22T08:58:56.360Z|00016|bridge|INFO|bridge ovsdpdkbr0: added "
16483
"interface ovsdpdkbr0 on port 65534\n"
16484
"2016-01-22T08:58:56.361Z|00017|bridge|INFO|bridge ovsdpdkbr0: using datapath "
16485
"ID 00005a4a1ed0a14d\n"
16486
"2016-01-22T08:58:56.361Z|00018|connmgr|INFO|ovsdpdkbr0: added service "
16487
"controller \"punix:/var/run/openvswitch/ovsdpdkbr0.mgmt\"\n"
16488
"\n"
16489
"OVS-LOG:\n"
16490
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-br ovsdpdkbr0 -- set "
16491
"bridge ovsdpdkbr0 datapath_type=netdev\n"
16492
"systemd-udevd[3607]: Could not generate persistent MAC address for ovs-"
16493
"netdev: No such file or directory\n"
16494
"kernel: [50165.886554] device ovs-netdev entered promiscuous mode\n"
16495
"kernel: [50165.901261] device ovsdpdkbr0 entered promiscuous mode\n"
16496
"\n"
16497
"\n"
16498
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 "
16499
"type=dpdk\n"
16500
"\n"
16501
"SYSLOG:\n"
16502
"2016-01-22T08:59:06.369Z|00019|memory|INFO|peak resident set size grew 155% "
16503
"in last 10.0 seconds, from 37256 kB to 95008 kB\n"
16504
"2016-01-22T08:59:06.369Z|00020|memory|INFO|handlers:4 ports:1 revalidators:2 "
16505
"rules:5\n"
16506
"2016-01-22T08:59:30.989Z|00021|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
16507
"2016-01-22T08:59:31.520Z|00022|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
16508
"2016-01-22T08:59:31.521Z|00023|dpif_netdev|INFO|Created 1 pmd threads on "
16509
"numa node 0\n"
16510
"2016-01-22T08:59:31.522Z|00001|dpif_netdev(pmd16)|INFO|Core 0 processing "
16511
"port 'dpdk0'\n"
16512
"2016-01-22T08:59:31.522Z|00024|bridge|INFO|bridge ovsdpdkbr0: added "
16513
"interface dpdk0 on port 1\n"
16514
"2016-01-22T08:59:31.522Z|00025|bridge|INFO|bridge ovsdpdkbr0: using datapath "
16515
"ID 00008cdcd4b36de9\n"
16516
"2016-01-22T08:59:31.523Z|00002|dpif_netdev(pmd16)|INFO|Core 0 processing "
16517
"port 'dpdk0'\n"
16518
"\n"
16519
"OVS-LOG:\n"
16520
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
16521
"dpdk0 -- set Interface dpdk0 type=dpdk\n"
16522
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
16523
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
16524
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16525
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16526
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
16527
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
16528
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
16529
"make sure RX burst size no less than 4 (port=0).\n"
16530
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
16531
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
16532
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16533
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16534
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a76e4c0 "
16535
"hw_ring=0x7f211a776500 dma_addr=0x81a776500\n"
16536
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16537
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16538
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a756440 "
16539
"hw_ring=0x7f211a75e480 dma_addr=0x81a75e480\n"
16540
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16541
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16542
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a73e3c0 "
16543
"hw_ring=0x7f211a746400 dma_addr=0x81a746400\n"
16544
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16545
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16546
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a726340 "
16547
"hw_ring=0x7f211a72e380 dma_addr=0x81a72e380\n"
16548
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16549
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16550
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a70e2c0 "
16551
"hw_ring=0x7f211a716300 dma_addr=0x81a716300\n"
16552
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16553
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16554
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6f6240 "
16555
"hw_ring=0x7f211a6fe280 dma_addr=0x81a6fe280\n"
16556
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16557
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16558
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6de1c0 "
16559
"hw_ring=0x7f211a6e6200 dma_addr=0x81a6e6200\n"
16560
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16561
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16562
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6c6140 "
16563
"hw_ring=0x7f211a6ce180 dma_addr=0x81a6ce180\n"
16564
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16565
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16566
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6ae0c0 "
16567
"hw_ring=0x7f211a6b6100 dma_addr=0x81a6b6100\n"
16568
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16569
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16570
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a696040 "
16571
"hw_ring=0x7f211a69e080 dma_addr=0x81a69e080\n"
16572
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16573
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16574
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a67dfc0 "
16575
"hw_ring=0x7f211a686000 dma_addr=0x81a686000\n"
16576
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16577
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16578
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a665e40 "
16579
"hw_ring=0x7f211a66de80 dma_addr=0x81a66de80\n"
16580
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16581
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16582
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
16583
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
16584
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
16585
"make sure RX burst size no less than 4 (port=0).\n"
16586
"\n"
16587
"\n"
16588
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-"
16589
"user-1 type=dpdkvhostuser\n"
16590
"\n"
16591
"OVS-LOG:\n"
16592
"2016-01-22T09:00:35.145Z|00026|dpdk|INFO|Socket /var/run/openvswitch/vhost-"
16593
"user-1 created for vhost-user port vhost-user-1\n"
16594
"2016-01-22T09:00:35.145Z|00003|dpif_netdev(pmd16)|INFO|Core 0 processing "
16595
"port 'dpdk0'\n"
16596
"2016-01-22T09:00:35.145Z|00004|dpif_netdev(pmd16)|INFO|Core 0 processing "
16597
"port 'vhost-user-1'\n"
16598
"2016-01-22T09:00:35.145Z|00027|bridge|INFO|bridge ovsdpdkbr0: added "
16599
"interface vhost-user-1 on port 2\n"
16600
"\n"
16601
"SYSLOG:\n"
16602
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
16603
"vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser\n"
16604
"ovs-vswitchd[3595]: VHOST_CONFIG: socket created, fd:46\n"
16605
"ovs-vswitchd[3595]: VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1\n"
16606
"\n"
16607
"Eventually we can see the poll thread in top\n"
16608
" PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND\n"
16609
" 3595 root 10 -10 4975344 103936 9916 S 100.0 0.3 33:13.56 ovs-"
16610
"vswitchd\n"
16611
"\t\t "
16612
msgstr ""
16613
16614
#: serverguide/C/network-config.xml:1980(ulink)
16615
msgid "DPDK Documentation"
16616
msgstr ""
16617
16618
#: serverguide/C/network-config.xml:1985(ulink)
16619
msgid "Release Notes matching the version packages in Ubuntu 16.04"
16620
msgstr ""
16621
16622
#: serverguide/C/network-config.xml:1990(ulink)
16623
msgid "Linux DPDK User Getting Started"
16624
msgstr ""
16625
16626
#: serverguide/C/network-config.xml:1995(ulink)
16627
msgid "EAL Command-line Options"
16628
msgstr ""
16629
16630
#: serverguide/C/network-config.xml:2000(ulink)
16631
msgid "DPDK Api Documentation"
16632
msgstr ""
16633
16634
#: serverguide/C/network-config.xml:2005(ulink)
16635
msgid "OpenVswitch DPDK installation"
16636
msgstr ""
16637
16638
#: serverguide/C/network-config.xml:2010(ulink)
16639
msgid "Wikipedias definition of DPDK"
16640
msgstr ""
16641
16642
#: serverguide/C/network-auth.xml:12(title)
16643
msgid "Network Authentication"
16644
msgstr ""
16645
16646
#: serverguide/C/network-auth.xml:14(para)
16647
msgid ""
16648
"This section applies LDAP to network authentication and authorization."
16649
msgstr ""
16650
16651
#: serverguide/C/network-auth.xml:19(title)
16652
msgid "OpenLDAP Server"
16653
msgstr ""
16654
16655
#: serverguide/C/network-auth.xml:21(para)
16656
msgid ""
16657
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
16658
"querying and modifying a X.500-based directory service running over TCP/IP. "
16659
"The current LDAP version is LDAPv3, as defined in <ulink "
16660
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
16661
"implementation in Ubuntu is OpenLDAP.\""
16662
msgstr ""
16663
16664
#: serverguide/C/network-auth.xml:29(para)
16665
msgid ""
16666
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
16667
"and terms:"
16668
msgstr ""
16669
16670
#: serverguide/C/network-auth.xml:36(para)
16671
msgid ""
16672
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
16673
"hierarchical in nature and is called the Directory Information Tree (DIT)."
16674
msgstr ""
16675
16676
#: serverguide/C/network-auth.xml:43(para)
16677
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
16678
msgstr ""
16679
16680
#: serverguide/C/network-auth.xml:49(para)
16681
msgid ""
16682
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
16683
"more <emphasis>values</emphasis>."
16684
msgstr ""
16685
16686
#: serverguide/C/network-auth.xml:55(para)
16687
msgid ""
16688
"Every attribute must be defined in at least one "
16689
"<emphasis>objectClass</emphasis>."
16690
msgstr ""
16691
16692
#: serverguide/C/network-auth.xml:61(para)
16693
msgid ""
16694
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
16695
"objectclass is actually considered as a special kind of attribute)."
16696
msgstr ""
16697
16698
#: serverguide/C/network-auth.xml:68(para)
16699
msgid ""
16700
"Each entry has a unique identifier: its <emphasis>Distinguished "
16701
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
16702
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
16703
msgstr ""
16704
16705
#: serverguide/C/network-auth.xml:75(para)
16706
msgid ""
16707
"The entry's DN is not an attribute. It is not considered part of the entry "
16708
"itself."
16709
msgstr ""
16710
16711
#: serverguide/C/network-auth.xml:83(para)
16712
msgid ""
16713
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
16714
"<emphasis>node</emphasis> have certain connotations but they all essentially "
16715
"mean the same thing as <emphasis>entry</emphasis>, the technically correct "
16716
"term."
16717
msgstr ""
16718
16719
#: serverguide/C/network-auth.xml:89(para)
16720
msgid ""
16721
"For example, below we have a single entry consisting of 11 attributes where "
16722
"the following is true:"
16723
msgstr ""
16724
16725
#: serverguide/C/network-auth.xml:96(para)
16726
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
16727
msgstr ""
16728
16729
#: serverguide/C/network-auth.xml:102(para)
16730
msgid "RDN is \"cn=John Doe\""
16731
msgstr ""
16732
16733
#: serverguide/C/network-auth.xml:108(para)
16734
msgid "parent DN is \"dc=example,dc=com\""
16735
msgstr ""
16736
16737
#: serverguide/C/network-auth.xml:115(programlisting)
16738
#, no-wrap
16739
msgid ""
16740
"\n"
16741
" dn: cn=John Doe,dc=example,dc=com\n"
16742
" cn: John Doe\n"
16743
" givenName: John\n"
16744
" sn: Doe\n"
16745
" telephoneNumber: +1 888 555 6789\n"
16746
" telephoneNumber: +1 888 555 1232\n"
16747
" mail: john@example.com\n"
16748
" manager: cn=Larry Smith,dc=example,dc=com\n"
16749
" objectClass: inetOrgPerson\n"
16750
" objectClass: organizationalPerson\n"
16751
" objectClass: person\n"
16752
" objectClass: top\n"
16753
msgstr ""
16754
16755
#: serverguide/C/network-auth.xml:130(para)
16756
msgid ""
16757
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
16758
"Interchange Format). Any information that you feed into your DIT must also "
16759
"be in such a format. It is defined in <ulink "
16760
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
16761
msgstr ""
16762
16763
#: serverguide/C/network-auth.xml:135(para)
16764
msgid ""
16765
"Although this guide will describe how to use it for central authentication, "
16766
"LDAP is good for anything that involves a large number of access requests to "
16767
"a mostly-read, attribute-based (name:value) backend. Examples include an "
16768
"address book, a list of email addresses, and a mail server's configuration."
16769
msgstr ""
16770
16771
#: serverguide/C/network-auth.xml:144(para)
16772
msgid ""
16773
"Install the OpenLDAP server daemon and the traditional LDAP management "
16774
"utilities. These are found in packages <application>slapd</application> and "
16775
"<application>ldap-utils</application> respectively."
16776
msgstr ""
16777
16778
#: serverguide/C/network-auth.xml:149(para)
16779
msgid ""
16780
"The installation of slapd will create a working configuration. In "
16781
"particular, it will create a database instance that you can use to store "
16782
"your data. However, the suffix (or base DN) of this instance will be "
16783
"determined from the domain name of the host. If you want something "
16784
"different, you can change it right after the installation when you still "
16785
"don't have any useful data."
16786
msgstr ""
16787
16788
#: serverguide/C/network-auth.xml:156(para)
16789
msgid ""
16790
"This guide will use a database suffix of "
16791
"<emphasis>dc=example,dc=com</emphasis>."
16792
msgstr ""
16793
16794
#: serverguide/C/network-auth.xml:161(para)
16795
msgid "Proceed with the install:"
16796
msgstr ""
16797
16798
#: serverguide/C/network-auth.xml:166(command)
16799
msgid "sudo apt install slapd ldap-utils"
16800
msgstr ""
16801
16802
#: serverguide/C/network-auth.xml:169(para)
16803
msgid ""
16804
"If you want to change your DIT suffix, now would be a good time, because "
16805
"changing it discards your existing one. To change the suffix, run the "
16806
"following command:"
16807
msgstr ""
16808
16809
#: serverguide/C/network-auth.xml:175(command)
16810
msgid "sudo dpkg-reconfigure slapd"
16811
msgstr ""
16812
16813
#: serverguide/C/network-auth.xml:177(para)
16814
msgid ""
16815
"To switch your DIT suffix to <emphasis>dc=example,dc=com</emphasis>, for "
16816
"example, so you can follow this guide more closely, answer "
16817
"<emphasis>example.com</emphasis> when asked about the DNS domain name."
16818
msgstr ""
16819
16820
#: serverguide/C/network-auth.xml:181(para)
16821
msgid ""
16822
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
16823
"dedicating a separate DIT for that purpose. This allows one to dynamically "
16824
"configure slapd without the need to restart the service. This configuration "
16825
"database consists of a collection of text-based LDIF files located under "
16826
"<filename>/etc/ldap/slapd.d</filename>. This way of working is known by "
16827
"several names: the slapd-config method, the RTC method (Real Time "
16828
"Configuration), or the cn=config method. You can still use the traditional "
16829
"flat-file method (slapd.conf) but it's not recommended; the functionality "
16830
"will be eventually phased out."
16831
msgstr ""
16832
16833
#: serverguide/C/network-auth.xml:190(para)
16834
msgid ""
16835
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
16836
"configuration and this guide reflects that."
16837
msgstr ""
16838
16839
#: serverguide/C/network-auth.xml:196(para)
16840
msgid ""
16841
"During the install you were prompted to define administrative credentials. "
16842
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
16843
"database instance. By default, this user's DN is "
16844
"<emphasis>cn=admin,dc=example,dc=com</emphasis>. Also by default, there is "
16845
"no administrative account created for the slapd-config database and you will "
16846
"therefore need to authenticate externally to LDAP in order to access it. We "
16847
"will see how to do this later on."
16848
msgstr ""
16849
16850
#: serverguide/C/network-auth.xml:203(para)
16851
msgid ""
16852
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
16853
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
16854
"schema to work."
16855
msgstr ""
16856
16857
#: serverguide/C/network-auth.xml:211(title)
16858
msgid "Post-install Inspection"
16859
msgstr ""
16860
16861
#: serverguide/C/network-auth.xml:213(para)
16862
msgid ""
16863
"The installation process set up 2 DITs. One for slapd-config and one for "
16864
"your own data (dc=example,dc=com). Let's take a look."
16865
msgstr ""
16866
16867
#: serverguide/C/network-auth.xml:220(para)
16868
msgid ""
16869
"This is what the slapd-config database/DIT looks like. Recall that this "
16870
"database is LDIF-based and lives under "
16871
"<filename>/etc/ldap/slapd.d</filename>:"
16872
msgstr ""
16873
16874
#: serverguide/C/network-auth.xml:226(computeroutput)
16875
#, no-wrap
16876
msgid ""
16877
"\n"
16878
" /etc/ldap/slapd.d/\n"
16879
" /etc/ldap/slapd.d/cn=config.ldif\n"
16880
" /etc/ldap/slapd.d/cn=config\n"
16881
" /etc/ldap/slapd.d/cn=config/cn=schema\n"
16882
" /etc/ldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif\n"
16883
" /etc/ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif\n"
16884
" /etc/ldap/slapd.d/cn=config/cn=schema/cn={2}nis.ldif\n"
16885
" /etc/ldap/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif\n"
16886
" /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif\n"
16887
" /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif\n"
16888
" /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif\n"
16889
" /etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif\n"
16890
" /etc/ldap/slapd.d/cn=config/olcBackend={0}mdb.ldif\n"
16891
" /etc/ldap/slapd.d/cn=config/cn=schema.ldif\n"
16892
msgstr ""
16893
16894
#: serverguide/C/network-auth.xml:245(para)
16895
msgid ""
16896
"Do not edit the slapd-config database directly. Make changes via the LDAP "
16897
"protocol (utilities)."
16898
msgstr ""
16899
16900
#: serverguide/C/network-auth.xml:253(para)
16901
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
16902
msgstr ""
16903
16904
#: serverguide/C/network-auth.xml:258(command)
16905
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
16906
msgstr ""
16907
16908
#: serverguide/C/network-auth.xml:259(computeroutput)
16909
#, no-wrap
16910
msgid ""
16911
"\n"
16912
"dn: cn=config\n"
16913
"\n"
16914
"dn: cn=module{0},cn=config\n"
16915
"\n"
16916
"dn: cn=schema,cn=config\n"
16917
"\n"
16918
"dn: cn={0}core,cn=schema,cn=config\n"
16919
"\n"
16920
"dn: cn={1}cosine,cn=schema,cn=config\n"
16921
"\n"
16922
"dn: cn={2}nis,cn=schema,cn=config\n"
16923
"\n"
16924
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
16925
"\n"
16926
"dn: olcBackend={0}mdb,cn=config\n"
16927
"\n"
16928
"dn: olcDatabase={-1}frontend,cn=config\n"
16929
"\n"
16930
"dn: olcDatabase={0}config,cn=config\n"
16931
"\n"
16932
"dn: olcDatabase={1}mdb,cn=config\n"
16933
msgstr ""
16934
16935
#: serverguide/C/network-auth.xml:284(para) serverguide/C/network-auth.xml:375(para)
16936
msgid "Explanation of entries:"
16937
msgstr ""
16938
16939
#: serverguide/C/network-auth.xml:291(para)
16940
msgid "<emphasis>cn=config</emphasis>: global settings"
16941
msgstr ""
16942
16943
#: serverguide/C/network-auth.xml:297(para)
16944
msgid ""
16945
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
16946
msgstr ""
16947
16948
#: serverguide/C/network-auth.xml:303(para)
16949
msgid ""
16950
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
16951
"schema"
16952
msgstr ""
16953
16954
#: serverguide/C/network-auth.xml:309(para)
16955
msgid ""
16956
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
16957
"schema"
16958
msgstr ""
16959
16960
#: serverguide/C/network-auth.xml:315(para)
16961
msgid ""
16962
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
16963
msgstr ""
16964
16965
#: serverguide/C/network-auth.xml:321(para)
16966
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
16967
msgstr ""
16968
16969
#: serverguide/C/network-auth.xml:327(para)
16970
msgid ""
16971
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
16972
"inetorgperson schema"
16973
msgstr ""
16974
16975
#: serverguide/C/network-auth.xml:333(para)
16976
msgid ""
16977
"<emphasis>olcBackend={0}mdb,cn=config</emphasis>: the 'mdb' backend storage "
16978
"type"
16979
msgstr ""
16980
16981
#: serverguide/C/network-auth.xml:339(para)
16982
msgid ""
16983
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
16984
"default settings for other databases"
16985
msgstr ""
16986
16987
#: serverguide/C/network-auth.xml:345(para)
16988
msgid ""
16989
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
16990
"database (cn=config)"
16991
msgstr ""
16992
16993
#: serverguide/C/network-auth.xml:351(para)
16994
msgid ""
16995
"<emphasis>olcDatabase={1}mdb,cn=config</emphasis>: your database instance "
16996
"(dc=example,dc=com)"
16997
msgstr ""
16998
16999
#: serverguide/C/network-auth.xml:362(para)
17000
msgid "This is what the dc=example,dc=com DIT looks like:"
17001
msgstr ""
17002
17003
#: serverguide/C/network-auth.xml:367(command)
17004
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
17005
msgstr ""
17006
17007
#: serverguide/C/network-auth.xml:368(computeroutput)
17008
#, no-wrap
17009
msgid ""
17010
"\n"
17011
"dn: dc=example,dc=com\n"
17012
"\n"
17013
"dn: cn=admin,dc=example,dc=com\n"
17014
msgstr ""
17015
17016
#: serverguide/C/network-auth.xml:382(para)
17017
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
17018
msgstr ""
17019
17020
#: serverguide/C/network-auth.xml:388(para)
17021
msgid ""
17022
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
17023
"this DIT (set up during package install)"
17024
msgstr ""
17025
17026
#: serverguide/C/network-auth.xml:402(title)
17027
msgid "Modifying/Populating your Database"
17028
msgstr ""
17029
17030
#: serverguide/C/network-auth.xml:404(para)
17031
msgid ""
17032
"Let's introduce some content to our database. We will add the following:"
17033
msgstr ""
17034
17035
#: serverguide/C/network-auth.xml:411(para)
17036
msgid "a node called <emphasis>People</emphasis> (to store users)"
17037
msgstr ""
17038
17039
#: serverguide/C/network-auth.xml:417(para)
17040
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
17041
msgstr ""
17042
17043
#: serverguide/C/network-auth.xml:423(para)
17044
msgid "a group called <emphasis>miners</emphasis>"
17045
msgstr ""
17046
17047
#: serverguide/C/network-auth.xml:429(para)
17048
msgid "a user called <emphasis>john</emphasis>"
17049
msgstr ""
17050
17051
#: serverguide/C/network-auth.xml:436(para)
17052
msgid ""
17053
"Create the following LDIF file and call it "
17054
"<filename>add_content.ldif</filename>:"
17055
msgstr ""
17056
17057
#: serverguide/C/network-auth.xml:440(programlisting)
17058
#, no-wrap
17059
msgid ""
17060
"\n"
17061
"dn: ou=People,dc=example,dc=com\n"
17062
"objectClass: organizationalUnit\n"
17063
"ou: People\n"
17064
"\n"
17065
"dn: ou=Groups,dc=example,dc=com\n"
17066
"objectClass: organizationalUnit\n"
17067
"ou: Groups\n"
17068
"\n"
17069
"dn: cn=miners,ou=Groups,dc=example,dc=com\n"
17070
"objectClass: posixGroup\n"
17071
"cn: miners\n"
17072
"gidNumber: 5000\n"
17073
"\n"
17074
"dn: uid=john,ou=People,dc=example,dc=com\n"
17075
"objectClass: inetOrgPerson\n"
17076
"objectClass: posixAccount\n"
17077
"objectClass: shadowAccount\n"
17078
"uid: john\n"
17079
"sn: Doe\n"
17080
"givenName: John\n"
17081
"cn: John Doe\n"
17082
"displayName: John Doe\n"
17083
"uidNumber: 10000\n"
17084
"gidNumber: 5000\n"
17085
"userPassword: johnldap\n"
17086
"gecos: John Doe\n"
17087
"loginShell: /bin/bash\n"
17088
"homeDirectory: /home/john\n"
17089
msgstr ""
17090
17091
#: serverguide/C/network-auth.xml:472(para)
17092
msgid ""
17093
"It's important that uid and gid values in your directory do not collide with "
17094
"local values. Use high number ranges, such as starting at 5000. By setting "
17095
"the uid and gid values in ldap high, you also allow for easier control of "
17096
"what can be done with a local user vs a ldap one. More on that later."
17097
msgstr ""
17098
17099
#: serverguide/C/network-auth.xml:480(para)
17100
msgid "Add the content:"
17101
msgstr ""
17102
17103
#: serverguide/C/network-auth.xml:485(command)
17104
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
17105
msgstr ""
17106
17107
#: serverguide/C/network-auth.xml:487(application)
17108
msgid "********"
17109
msgstr ""
17110
17111
#: serverguide/C/network-auth.xml:486(computeroutput)
17112
#, no-wrap
17113
msgid ""
17114
"\n"
17115
"Enter LDAP Password: <placeholder-1/>\n"
17116
"adding new entry \"ou=People,dc=example,dc=com\"\n"
17117
"\n"
17118
"adding new entry \"ou=Groups,dc=example,dc=com\"\n"
17119
"\n"
17120
"adding new entry \"cn=miners,ou=Groups,dc=example,dc=com\"\n"
17121
"\n"
17122
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
17123
msgstr ""
17124
17125
#: serverguide/C/network-auth.xml:498(para)
17126
msgid ""
17127
"We can check that the information has been correctly added with the "
17128
"<application>ldapsearch</application> utility:"
17129
msgstr ""
17130
17131
#: serverguide/C/network-auth.xml:503(command)
17132
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
17133
msgstr ""
17134
17135
#: serverguide/C/network-auth.xml:504(computeroutput)
17136
#, no-wrap
17137
msgid ""
17138
"\n"
17139
"dn: uid=john,ou=People,dc=example,dc=com\n"
17140
"cn: John Doe\n"
17141
"gidNumber: 5000\n"
17142
msgstr ""
17143
17144
#: serverguide/C/network-auth.xml:511(para)
17145
msgid "Explanation of switches:"
17146
msgstr ""
17147
17148
#: serverguide/C/network-auth.xml:518(para)
17149
msgid ""
17150
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
17151
"method"
17152
msgstr ""
17153
17154
#: serverguide/C/network-auth.xml:524(para)
17155
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
17156
msgstr ""
17157
17158
#: serverguide/C/network-auth.xml:530(para)
17159
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
17160
msgstr ""
17161
17162
#: serverguide/C/network-auth.xml:536(para)
17163
msgid ""
17164
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
17165
"displayed (the default is to show all attributes)"
17166
msgstr ""
17167
17168
#: serverguide/C/network-auth.xml:546(title)
17169
msgid "Modifying the slapd Configuration Database"
17170
msgstr ""
17171
17172
#: serverguide/C/network-auth.xml:548(para)
17173
msgid ""
17174
"The slapd-config DIT can also be queried and modified. Here are a few "
17175
"examples."
17176
msgstr ""
17177
17178
#: serverguide/C/network-auth.xml:555(para)
17179
msgid ""
17180
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
17181
"attribute) to your <application>{1}mdb,cn=config</application> database "
17182
"(dc=example,dc=com). Create a file, call it "
17183
"<filename>uid_index.ldif</filename>, with the following contents:"
17184
msgstr ""
17185
17186
#: serverguide/C/network-auth.xml:560(programlisting)
17187
#, no-wrap
17188
msgid ""
17189
"\n"
17190
"dn: olcDatabase={1}mdb,cn=config\n"
17191
"add: olcDbIndex\n"
17192
"olcDbIndex: mail eq,sub\n"
17193
msgstr ""
17194
17195
#: serverguide/C/network-auth.xml:566(para)
17196
msgid "Then issue the command:"
17197
msgstr ""
17198
17199
#: serverguide/C/network-auth.xml:571(command)
17200
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
17201
msgstr ""
17202
17203
#: serverguide/C/network-auth.xml:572(computeroutput)
17204
#, no-wrap
17205
msgid ""
17206
"\n"
17207
"modifying entry \"olcDatabase={1}mdb,cn=config\"\n"
17208
msgstr ""
17209
17210
#: serverguide/C/network-auth.xml:577(para)
17211
msgid "You can confirm the change in this way:"
17212
msgstr ""
17213
17214
#: serverguide/C/network-auth.xml:582(command)
17215
msgid ""
17216
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17217
"'(olcDatabase={1}mdb)' olcDbIndex"
17218
msgstr ""
17219
17220
#: serverguide/C/network-auth.xml:584(computeroutput)
17221
#, no-wrap
17222
msgid ""
17223
"\n"
17224
"dn: olcDatabase={1}mdb,cn=config\n"
17225
"olcDbIndex: objectClass eq\n"
17226
"olcDbIndex: cn,uid eq\n"
17227
"olcDbIndex: uidNumber,gidNumber eq\n"
17228
"olcDbIndex: member,memberUid eq\n"
17229
"olcDbIndex: mail eq,sub\n"
17230
msgstr ""
17231
17232
#: serverguide/C/network-auth.xml:597(para)
17233
msgid ""
17234
"Let's add a schema. It will first need to be converted to LDIF format. You "
17235
"can find unconverted schemas in addition to converted ones in the <filename "
17236
"role=\"directory\">/etc/ldap/schema</filename> directory."
17237
msgstr ""
17238
17239
#: serverguide/C/network-auth.xml:605(para)
17240
msgid ""
17241
"It is not trivial to remove a schema from the slapd-config database. "
17242
"Practice adding schemas on a test system."
17243
msgstr ""
17244
17245
#: serverguide/C/network-auth.xml:611(para)
17246
msgid ""
17247
"Before adding any schema, you should check which schemas are already "
17248
"installed (shown is a default, out-of-the-box output):"
17249
msgstr ""
17250
17251
#: serverguide/C/network-auth.xml:617(command)
17252
msgid ""
17253
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
17254
msgstr ""
17255
17256
#: serverguide/C/network-auth.xml:619(computeroutput)
17257
#, no-wrap
17258
msgid ""
17259
"\n"
17260
"dn: cn=schema,cn=config\n"
17261
"\n"
17262
"dn: cn={0}core,cn=schema,cn=config\n"
17263
"\n"
17264
"dn: cn={1}cosine,cn=schema,cn=config\n"
17265
"\n"
17266
"dn: cn={2}nis,cn=schema,cn=config\n"
17267
"\n"
17268
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
17269
msgstr ""
17270
17271
#: serverguide/C/network-auth.xml:636(para)
17272
msgid "In the following example we'll add the CORBA schema."
17273
msgstr ""
17274
17275
#: serverguide/C/network-auth.xml:643(para)
17276
msgid ""
17277
"Create the conversion configuration file "
17278
"<filename>schema_convert.conf</filename> containing the following lines:"
17279
msgstr ""
17280
17281
#: serverguide/C/network-auth.xml:648(programlisting)
17282
#, no-wrap
17283
msgid ""
17284
"\n"
17285
"include /etc/ldap/schema/core.schema\n"
17286
"include /etc/ldap/schema/collective.schema\n"
17287
"include /etc/ldap/schema/corba.schema\n"
17288
"include /etc/ldap/schema/cosine.schema\n"
17289
"include /etc/ldap/schema/duaconf.schema\n"
17290
"include /etc/ldap/schema/dyngroup.schema\n"
17291
"include /etc/ldap/schema/inetorgperson.schema\n"
17292
"include /etc/ldap/schema/java.schema\n"
17293
"include /etc/ldap/schema/misc.schema\n"
17294
"include /etc/ldap/schema/nis.schema\n"
17295
"include /etc/ldap/schema/openldap.schema\n"
17296
"include /etc/ldap/schema/ppolicy.schema\n"
17297
"include /etc/ldap/schema/ldapns.schema\n"
17298
"include /etc/ldap/schema/pmi.schema\n"
17299
msgstr ""
17300
17301
#: serverguide/C/network-auth.xml:668(para)
17302
msgid "Create the output directory <filename>ldif_output</filename>."
17303
msgstr ""
17304
17305
#: serverguide/C/network-auth.xml:674(para)
17306
msgid "Determine the index of the schema:"
17307
msgstr ""
17308
17309
#: serverguide/C/network-auth.xml:679(command)
17310
msgid ""
17311
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
17312
msgstr ""
17313
17314
#: serverguide/C/network-auth.xml:680(computeroutput)
17315
#, no-wrap
17316
msgid ""
17317
"\n"
17318
"cn={2}corba,cn=schema,cn=config\n"
17319
msgstr ""
17320
17321
#: serverguide/C/network-auth.xml:686(para)
17322
msgid ""
17323
"When slapd ingests objects with the same parent DN it will create an "
17324
"<emphasis>index</emphasis> for that object. An index is contained within "
17325
"braces: <application>{X}</application>."
17326
msgstr ""
17327
17328
#: serverguide/C/network-auth.xml:695(para)
17329
msgid "Use <application>slapcat</application> to perform the conversion:"
17330
msgstr ""
17331
17332
#: serverguide/C/network-auth.xml:700(command)
17333
msgid ""
17334
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
17335
"ldap:///cn={2}corba,cn=schema,cn=config -l cn=corba.ldif"
17336
msgstr ""
17337
17338
#: serverguide/C/network-auth.xml:704(para)
17339
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
17340
msgstr ""
17341
17342
#: serverguide/C/network-auth.xml:710(para)
17343
msgid ""
17344
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
17345
"attributes:"
17346
msgstr ""
17347
17348
#: serverguide/C/network-auth.xml:714(programlisting)
17349
#, no-wrap
17350
msgid ""
17351
"\n"
17352
"dn: cn=corba,cn=schema,cn=config\n"
17353
"...\n"
17354
"cn: corba\n"
17355
msgstr ""
17356
17357
#: serverguide/C/network-auth.xml:720(para)
17358
msgid "Also remove the following lines from the bottom:"
17359
msgstr ""
17360
17361
#: serverguide/C/network-auth.xml:724(programlisting)
17362
#, no-wrap
17363
msgid ""
17364
"\n"
17365
"structuralObjectClass: olcSchemaConfig\n"
17366
"entryUUID: 52109a02-66ab-1030-8be2-bbf166230478\n"
17367
"creatorsName: cn=config\n"
17368
"createTimestamp: 20110829165435Z\n"
17369
"entryCSN: 20110829165435.935248Z#000000#000#000000\n"
17370
"modifiersName: cn=config\n"
17371
"modifyTimestamp: 20110829165435Z\n"
17372
msgstr ""
17373
17374
#: serverguide/C/network-auth.xml:734(para)
17375
msgid "Your attribute values will vary."
17376
msgstr ""
17377
17378
#: serverguide/C/network-auth.xml:740(para)
17379
msgid ""
17380
"Finally, use <application>ldapadd</application> to add the new schema to the "
17381
"slapd-config DIT:"
17382
msgstr ""
17383
17384
#: serverguide/C/network-auth.xml:745(command)
17385
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
17386
msgstr ""
17387
17388
#: serverguide/C/network-auth.xml:746(computeroutput)
17389
#, no-wrap
17390
msgid ""
17391
"\n"
17392
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
17393
msgstr ""
17394
17395
#: serverguide/C/network-auth.xml:754(para)
17396
msgid "Confirm currently loaded schemas:"
17397
msgstr ""
17398
17399
#: serverguide/C/network-auth.xml:759(command)
17400
msgid ""
17401
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
17402
msgstr ""
17403
17404
#: serverguide/C/network-auth.xml:760(computeroutput)
17405
#, no-wrap
17406
msgid ""
17407
"\n"
17408
"dn: cn=schema,cn=config\n"
17409
"\n"
17410
"dn: cn={0}core,cn=schema,cn=config\n"
17411
"\n"
17412
"dn: cn={1}cosine,cn=schema,cn=config\n"
17413
"\n"
17414
"dn: cn={2}nis,cn=schema,cn=config\n"
17415
"\n"
17416
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
17417
"\n"
17418
"dn: cn={4}corba,cn=schema,cn=config\n"
17419
msgstr ""
17420
17421
#: serverguide/C/network-auth.xml:784(para)
17422
msgid ""
17423
"For external applications and clients to authenticate using LDAP they will "
17424
"each need to be specifically configured to do so. Refer to the appropriate "
17425
"client-side documentation for details."
17426
msgstr ""
17427
17428
#: serverguide/C/network-auth.xml:795(para)
17429
msgid ""
17430
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
17431
"based solution yet it must be manually enabled after software installation. "
17432
"Otherwise, only rudimentary messages will appear in the logs. Logging, like "
17433
"any other slapd configuration, is enabled via the slapd-config database."
17434
msgstr ""
17435
17436
#: serverguide/C/network-auth.xml:801(para)
17437
msgid ""
17438
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
17439
"containing the lower one (additive). A good level to try is "
17440
"<emphasis>stats</emphasis>. The <ulink "
17441
"url=\"http://manpages.ubuntu.com/manpages/en/man5/slapd-"
17442
"config.5.html\">slapd-config</ulink> man page has more to say on the "
17443
"different subsystems."
17444
msgstr ""
17445
17446
#: serverguide/C/network-auth.xml:807(para)
17447
msgid ""
17448
"Create the file <filename>logging.ldif</filename> with the following "
17449
"contents:"
17450
msgstr ""
17451
17452
#: serverguide/C/network-auth.xml:811(programlisting)
17453
#, no-wrap
17454
msgid ""
17455
"\n"
17456
"dn: cn=config\n"
17457
"changetype: modify\n"
17458
"replace: olcLogLevel\n"
17459
"olcLogLevel: stats\n"
17460
msgstr ""
17461
17462
#: serverguide/C/network-auth.xml:818(para)
17463
msgid "Implement the change:"
17464
msgstr ""
17465
17466
#: serverguide/C/network-auth.xml:823(command)
17467
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
17468
msgstr ""
17469
17470
#: serverguide/C/network-auth.xml:826(para)
17471
msgid ""
17472
"This will produce a significant amount of logging and you will want to "
17473
"throttle back to a less verbose level once your system is in production. "
17474
"While in this verbose mode your host's syslog engine (rsyslog) may have a "
17475
"hard time keeping up and may drop messages:"
17476
msgstr ""
17477
17478
#: serverguide/C/network-auth.xml:832(programlisting)
17479
#, no-wrap
17480
msgid ""
17481
"\n"
17482
"rsyslogd-2177: imuxsock lost 228 messages from pid 2547 due to rate-"
17483
"limiting\n"
17484
msgstr ""
17485
17486
#: serverguide/C/network-auth.xml:836(para)
17487
msgid ""
17488
"You may consider a change to rsyslog's configuration. In "
17489
"<filename>/etc/rsyslog.conf</filename>, put:"
17490
msgstr ""
17491
17492
#: serverguide/C/network-auth.xml:840(programlisting)
17493
#, no-wrap
17494
msgid ""
17495
"\n"
17496
"# Disable rate limiting\n"
17497
"# (default is 200 messages in 5 seconds; below we make the 5 become 0)\n"
17498
"$SystemLogRateLimitInterval 0\n"
17499
msgstr ""
17500
17501
#: serverguide/C/network-auth.xml:846(para)
17502
msgid "And then restart the rsyslog daemon:"
17503
msgstr ""
17504
17505
#: serverguide/C/network-auth.xml:851(command)
17506
msgid "sudo systemctl restart syslog.service"
17507
msgstr ""
17508
17509
#: serverguide/C/network-auth.xml:857(title)
17510
msgid "Replication"
17511
msgstr ""
17512
17513
#: serverguide/C/network-auth.xml:859(para)
17514
msgid ""
17515
"The LDAP service becomes increasingly important as more networked systems "
17516
"begin to depend on it. In such an environment, it is standard practice to "
17517
"build redundancy (high availability) into LDAP to prevent havoc should the "
17518
"LDAP server become unresponsive. This is done through <emphasis>LDAP "
17519
"replication</emphasis>."
17520
msgstr ""
17521
17522
#: serverguide/C/network-auth.xml:865(para)
17523
msgid ""
17524
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
17525
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
17526
"<emphasis>Provider</emphasis> model. The specific kind of replication we "
17527
"will implement in this guide is a combination of the following modes: "
17528
"<emphasis>refreshAndPersist</emphasis> and <emphasis>delta-"
17529
"syncrepl</emphasis>. This has the Provider push changed entries to the "
17530
"Consumer as soon as they're made but, in addition, only actual changes will "
17531
"be sent, not entire entries."
17532
msgstr ""
17533
17534
#: serverguide/C/network-auth.xml:874(title)
17535
msgid "Provider Configuration"
17536
msgstr ""
17537
17538
#: serverguide/C/network-auth.xml:876(para)
17539
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
17540
msgstr ""
17541
17542
#: serverguide/C/network-auth.xml:883(para)
17543
msgid ""
17544
"Create an LDIF file with the following contents and name it "
17545
"<filename>provider_sync.ldif</filename>:"
17546
msgstr ""
17547
17548
#: serverguide/C/network-auth.xml:887(programlisting)
17549
#, no-wrap
17550
msgid ""
17551
"\n"
17552
"# Add indexes to the frontend db.\n"
17553
"dn: olcDatabase={1}mdb,cn=config\n"
17554
"changetype: modify\n"
17555
"add: olcDbIndex\n"
17556
"olcDbIndex: entryCSN eq\n"
17557
"-\n"
17558
"add: olcDbIndex\n"
17559
"olcDbIndex: entryUUID eq\n"
17560
"\n"
17561
"#Load the syncprov and accesslog modules.\n"
17562
"dn: cn=module{0},cn=config\n"
17563
"changetype: modify\n"
17564
"add: olcModuleLoad\n"
17565
"olcModuleLoad: syncprov\n"
17566
"-\n"
17567
"add: olcModuleLoad\n"
17568
"olcModuleLoad: accesslog\n"
17569
"\n"
17570
"# Accesslog database definitions\n"
17571
"dn: olcDatabase={2}mdb,cn=config\n"
17572
"objectClass: olcDatabaseConfig\n"
17573
"objectClass: olcMdbConfig\n"
17574
"olcDatabase: {2}mdb\n"
17575
"olcDbDirectory: /var/lib/ldap/accesslog\n"
17576
"olcSuffix: cn=accesslog\n"
17577
"olcRootDN: cn=admin,dc=example,dc=com\n"
17578
"olcDbIndex: default eq\n"
17579
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
17580
"\n"
17581
"# Accesslog db syncprov.\n"
17582
"dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config\n"
17583
"changetype: add\n"
17584
"objectClass: olcOverlayConfig\n"
17585
"objectClass: olcSyncProvConfig\n"
17586
"olcOverlay: syncprov\n"
17587
"olcSpNoPresent: TRUE\n"
17588
"olcSpReloadHint: TRUE\n"
17589
"\n"
17590
"# syncrepl Provider for primary db\n"
17591
"dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config\n"
17592
"changetype: add\n"
17593
"objectClass: olcOverlayConfig\n"
17594
"objectClass: olcSyncProvConfig\n"
17595
"olcOverlay: syncprov\n"
17596
"olcSpNoPresent: TRUE\n"
17597
"\n"
17598
"# accesslog overlay definitions for primary db\n"
17599
"dn: olcOverlay=accesslog,olcDatabase={1}mdb,cn=config\n"
17600
"objectClass: olcOverlayConfig\n"
17601
"objectClass: olcAccessLogConfig\n"
17602
"olcOverlay: accesslog\n"
17603
"olcAccessLogDB: cn=accesslog\n"
17604
"olcAccessLogOps: writes\n"
17605
"olcAccessLogSuccess: TRUE\n"
17606
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
17607
"olcAccessLogPurge: 07+00:00 01+00:00\n"
17608
msgstr ""
17609
17610
#: serverguide/C/network-auth.xml:946(para)
17611
msgid ""
17612
"Change the rootDN in the LDIF file to match the one you have for your "
17613
"directory."
17614
msgstr ""
17615
17616
#: serverguide/C/network-auth.xml:954(para)
17617
msgid "Create a directory:"
17618
msgstr ""
17619
17620
#: serverguide/C/network-auth.xml:959(command)
17621
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
17622
msgstr ""
17623
17624
#: serverguide/C/network-auth.xml:965(para) serverguide/C/network-auth.xml:1044(para)
17625
msgid "Add the new content:"
17626
msgstr ""
17627
17628
#: serverguide/C/network-auth.xml:970(command)
17629
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
17630
msgstr ""
17631
17632
#: serverguide/C/network-auth.xml:977(para)
17633
msgid "The Provider is now configured."
17634
msgstr ""
17635
17636
#: serverguide/C/network-auth.xml:984(title)
17637
msgid "Consumer Configuration"
17638
msgstr ""
17639
17640
#: serverguide/C/network-auth.xml:986(para)
17641
msgid "And now configure the <emphasis>Consumer</emphasis>."
17642
msgstr ""
17643
17644
#: serverguide/C/network-auth.xml:993(para)
17645
msgid ""
17646
"Install the software by going through <xref linkend=\"openldap-server-"
17647
"installation\"/>. Make sure the slapd-config database is identical to the "
17648
"Provider's. In particular, make sure schemas and the databse suffix are the "
17649
"same."
17650
msgstr ""
17651
17652
#: serverguide/C/network-auth.xml:1000(para)
17653
msgid ""
17654
"Create an LDIF file with the following contents and name it "
17655
"<filename>consumer_sync.ldif</filename>:"
17656
msgstr ""
17657
17658
#: serverguide/C/network-auth.xml:1004(programlisting)
17659
#, no-wrap
17660
msgid ""
17661
"\n"
17662
"dn: cn=module{0},cn=config\n"
17663
"changetype: modify\n"
17664
"add: olcModuleLoad\n"
17665
"olcModuleLoad: syncprov\n"
17666
"\n"
17667
"dn: olcDatabase={1}mdb,cn=config\n"
17668
"changetype: modify\n"
17669
"add: olcDbIndex\n"
17670
"olcDbIndex: entryUUID eq\n"
17671
"-\n"
17672
"add: olcSyncRepl\n"
17673
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
17674
"binddn=\"cn=admin,dc=example,dc=com\"\n"
17675
" credentials=secret searchbase=\"dc=example,dc=com\" "
17676
"logbase=\"cn=accesslog\"\n"
17677
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
17678
"schemachecking=on\n"
17679
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
17680
"-\n"
17681
"add: olcUpdateRef\n"
17682
"olcUpdateRef: ldap://ldap01.example.com\n"
17683
msgstr ""
17684
17685
#: serverguide/C/network-auth.xml:1025(para)
17686
msgid "Ensure the following attributes have the correct values:"
17687
msgstr ""
17688
17689
#: serverguide/C/network-auth.xml:1030(para)
17690
msgid ""
17691
"<emphasis>provider</emphasis> (Provider server's hostname -- "
17692
"ldap01.example.com in this example -- or IP address)"
17693
msgstr ""
17694
17695
#: serverguide/C/network-auth.xml:1031(para)
17696
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
17697
msgstr ""
17698
17699
#: serverguide/C/network-auth.xml:1032(para)
17700
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
17701
msgstr ""
17702
17703
#: serverguide/C/network-auth.xml:1033(para)
17704
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
17705
msgstr ""
17706
17707
#: serverguide/C/network-auth.xml:1034(para)
17708
msgid ""
17709
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
17710
msgstr ""
17711
17712
#: serverguide/C/network-auth.xml:1035(para)
17713
msgid ""
17714
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
17715
"replica. Each consumer should have at least one rid)"
17716
msgstr ""
17717
17718
#: serverguide/C/network-auth.xml:1049(command)
17719
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
17720
msgstr ""
17721
17722
#: serverguide/C/network-auth.xml:1056(para)
17723
msgid ""
17724
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
17725
"synchronizing."
17726
msgstr ""
17727
17728
#: serverguide/C/network-auth.xml:1065(para)
17729
msgid "Once replication starts, you can monitor it by running"
17730
msgstr ""
17731
17732
#: serverguide/C/network-auth.xml:1070(command)
17733
msgid ""
17734
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
17735
"contextCSN"
17736
msgstr ""
17737
17738
#: serverguide/C/network-auth.xml:1071(computeroutput)
17739
#, no-wrap
17740
msgid ""
17741
"\n"
17742
"dn: dc=example,dc=com\n"
17743
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
17744
msgstr ""
17745
17746
#: serverguide/C/network-auth.xml:1077(para)
17747
msgid ""
17748
"on both the provider and the consumer. Once the output "
17749
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
17750
"in the above example) for both machines match, you have replication. Every "
17751
"time a change is done in the provider, this value will change and so should "
17752
"the one in the consumer(s)."
17753
msgstr ""
17754
17755
#: serverguide/C/network-auth.xml:1086(para)
17756
msgid ""
17757
"If your connection is slow and/or your ldap database large, it might take a "
17758
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
17759
"provider's. But, you will know it is progressing since the consumer's "
17760
"<emphasis>contextCSN</emphasis> will be steadly increasing."
17761
msgstr ""
17762
17763
#: serverguide/C/network-auth.xml:1094(para)
17764
msgid ""
17765
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
17766
"match the provider, you should stop and figure out the issue before "
17767
"continuing. Try checking the slapd (syslog) and the auth log files in the "
17768
"provider to see if the consumer's authentication requests were successful or "
17769
"its requests to retrieve data (they look like a lot of ldapsearch "
17770
"statements) return no errors."
17771
msgstr ""
17772
17773
#: serverguide/C/network-auth.xml:1103(para)
17774
msgid ""
17775
"To test if it worked simply query, on the Consumer, the DNs in the database:"
17776
msgstr ""
17777
17778
#: serverguide/C/network-auth.xml:1108(command)
17779
msgid ""
17780
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
17781
msgstr ""
17782
17783
#: serverguide/C/network-auth.xml:1111(para)
17784
msgid ""
17785
"You should see the user 'john' and the group 'miners' as well as the nodes "
17786
"'People' and 'Groups'."
17787
msgstr ""
17788
17789
#: serverguide/C/network-auth.xml:1120(title)
17790
msgid "Access Control"
17791
msgstr ""
17792
17793
#: serverguide/C/network-auth.xml:1122(para)
17794
msgid ""
17795
"The management of what type of access (read, write, etc) users should be "
17796
"granted to resources is known as <emphasis>access control</emphasis>. The "
17797
"configuration directives involved are called <emphasis>access control "
17798
"lists</emphasis> or ACL."
17799
msgstr ""
17800
17801
#: serverguide/C/network-auth.xml:1127(para)
17802
msgid ""
17803
"When we installed the slapd package various ACL were set up automatically. "
17804
"We will look at a few important consequences of those defaults and, in so "
17805
"doing, we'll get an idea of how ACLs work and how they're configured."
17806
msgstr ""
17807
17808
#: serverguide/C/network-auth.xml:1132(para)
17809
msgid ""
17810
"To get the effective ACL for an LDAP query we need to look at the ACL "
17811
"entries of the database being queried as well as those of the special "
17812
"frontend database instance. The ACLs belonging to the latter act as defaults "
17813
"in case those of the former do not match. The frontend database is the "
17814
"second to be consulted and the ACL to be applied is the first to match "
17815
"(\"first match wins\") among these 2 ACL sources. The following commands "
17816
"will give, respectively, the ACLs of the mdb database "
17817
"(\"dc=example,dc=com\") and those of the frontend database:"
17818
msgstr ""
17819
17820
#: serverguide/C/network-auth.xml:1141(command)
17821
msgid ""
17822
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17823
"'(olcDatabase={1}mdb)' olcAccess"
17824
msgstr ""
17825
17826
#: serverguide/C/network-auth.xml:1143(computeroutput)
17827
#, no-wrap
17828
msgid ""
17829
"\n"
17830
"dn: olcDatabase={1}mdb,cn=config\n"
17831
"olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * "
17832
"none\n"
17833
"olcAccess: {1}to attrs=shadowLastChange by self write by * read\n"
17834
"olcAccess: {2}to * by * read\n"
17835
msgstr ""
17836
17837
#: serverguide/C/network-auth.xml:1152(para)
17838
msgid ""
17839
"The rootDN always has full rights to its database and does not need to be "
17840
"included in any ACL."
17841
msgstr ""
17842
17843
#: serverguide/C/network-auth.xml:1158(command)
17844
msgid ""
17845
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17846
"'(olcDatabase={-1}frontend)' olcAccess"
17847
msgstr ""
17848
17849
#: serverguide/C/network-auth.xml:1160(computeroutput)
17850
#, no-wrap
17851
msgid ""
17852
"\n"
17853
"dn: olcDatabase={-1}frontend,cn=config\n"
17854
"olcAccess: {0}to * by "
17855
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
17856
" ,cn=auth manage by * break\n"
17857
"olcAccess: {1}to dn.exact=\"\" by * read\n"
17858
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
17859
msgstr ""
17860
17861
#: serverguide/C/network-auth.xml:1169(para)
17862
msgid "The very first two ACLs are crucial:"
17863
msgstr ""
17864
17865
#: serverguide/C/network-auth.xml:1173(programlisting)
17866
#, no-wrap
17867
msgid ""
17868
"\n"
17869
"olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * "
17870
"none\n"
17871
"olcAccess: {1}to attrs=shadowLastChange by self write by * read\n"
17872
msgstr ""
17873
17874
#: serverguide/C/network-auth.xml:1178(para)
17875
msgid "This can be represented differently for easier digestion:"
17876
msgstr ""
17877
17878
#: serverguide/C/network-auth.xml:1182(programlisting)
17879
#, no-wrap
17880
msgid ""
17881
"\n"
17882
"to attrs=userPassword\n"
17883
"\tby self write\n"
17884
"\tby anonymous auth\n"
17885
"\tby * none\n"
17886
"\n"
17887
"to attrs=shadowLastChange\n"
17888
"\tby self write\n"
17889
"\tby * read\n"
17890
msgstr ""
17891
17892
#: serverguide/C/network-auth.xml:1193(para)
17893
msgid "These ACLs enforce the following:"
17894
msgstr ""
17895
17896
#: serverguide/C/network-auth.xml:1200(para)
17897
msgid ""
17898
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
17899
"attribute so that users can authenticate, or <emphasis>bind</emphasis>. "
17900
"Perhaps counter-intuitively, 'by anonymous auth' is needed even when "
17901
"anonymous access to the DIT is unwanted, otherwise this would be a chicken "
17902
"and egg problem: before authentication, all users are anonymous."
17903
msgstr ""
17904
17905
#: serverguide/C/network-auth.xml:1209(para)
17906
msgid ""
17907
"The <emphasis>by self write</emphasis> ACL grants write access to the "
17908
"<emphasis>userPassword</emphasis> attribute to users who authenticated as "
17909
"the <emphasis>dn</emphasis> where the attribute lives. In other words, users "
17910
"can update the <emphasis>userPassword</emphasis> attribute of their own "
17911
"entries."
17912
msgstr ""
17913
17914
#: serverguide/C/network-auth.xml:1217(para)
17915
msgid ""
17916
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
17917
"all other users, with the exception of the rootDN, who always has access and "
17918
"doesn't need to be mentioned explicitly."
17919
msgstr ""
17920
17921
#: serverguide/C/network-auth.xml:1224(para)
17922
msgid ""
17923
"In order for users to change their own password, using "
17924
"<command>passwd</command> or other utilities, the user's own "
17925
"<emphasis>shadowLastChange</emphasis> attribute needs to be writable. All "
17926
"other directory users get to read this attribute's contents."
17927
msgstr ""
17928
17929
#: serverguide/C/network-auth.xml:1233(para)
17930
msgid ""
17931
"This DIT can be searched anonymously because of 'to * by * read' in this "
17932
"ACL, which grants read access to everything else, by anyone (including "
17933
"anonymous):"
17934
msgstr ""
17935
17936
#: serverguide/C/network-auth.xml:1238(programlisting)
17937
#, no-wrap
17938
msgid ""
17939
"\n"
17940
"to *\n"
17941
"\tby * read\n"
17942
msgstr ""
17943
17944
#: serverguide/C/network-auth.xml:1243(para)
17945
msgid ""
17946
"If this is unwanted then you need to change the ACLs. To force "
17947
"authentication during a bind request you can alternatively (or in "
17948
"combination with the modified ACL) use the 'olcRequire: authc' directive."
17949
msgstr ""
17950
17951
#: serverguide/C/network-auth.xml:1248(para)
17952
msgid ""
17953
"As previously mentioned, there is no administrative account (\"rootDN\") "
17954
"created for the slapd-config database. There is, however, a SASL identity "
17955
"that is granted full access to it. It represents the localhost's superuser "
17956
"(root/sudo). Here it is:"
17957
msgstr ""
17958
17959
#: serverguide/C/network-auth.xml:1253(programlisting)
17960
#, no-wrap
17961
msgid ""
17962
"\n"
17963
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
17964
msgstr ""
17965
17966
#: serverguide/C/network-auth.xml:1257(para)
17967
msgid ""
17968
"The following command will display the ACLs of the slapd-config database:"
17969
msgstr ""
17970
17971
#: serverguide/C/network-auth.xml:1262(command)
17972
msgid ""
17973
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17974
"'(olcDatabase={0}config)' olcAccess"
17975
msgstr ""
17976
17977
#: serverguide/C/network-auth.xml:1264(computeroutput)
17978
#, no-wrap
17979
msgid ""
17980
"\n"
17981
"dn: olcDatabase={0}config,cn=config\n"
17982
"olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,\n"
17983
" cn=external,cn=auth manage by * break\n"
17984
msgstr ""
17985
17986
#: serverguide/C/network-auth.xml:1271(para)
17987
msgid ""
17988
"Since this is a SASL identity we need to use a SASL "
17989
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
17990
"and we have seen it plenty of times in this guide. It is the EXTERNAL "
17991
"mechanism. See the previous command for an example. Note that:"
17992
msgstr ""
17993
17994
#: serverguide/C/network-auth.xml:1279(para)
17995
msgid ""
17996
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
17997
"for the ACL to match."
17998
msgstr ""
17999
18000
#: serverguide/C/network-auth.xml:1285(para)
18001
msgid ""
18002
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
18003
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
18004
msgstr ""
18005
18006
#: serverguide/C/network-auth.xml:1293(para)
18007
msgid "A succinct way to get all the ACLs is like this:"
18008
msgstr ""
18009
18010
#: serverguide/C/network-auth.xml:1298(command)
18011
msgid ""
18012
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
18013
"'(olcAccess=*)' olcAccess olcSuffix"
18014
msgstr ""
18015
18016
#: serverguide/C/network-auth.xml:1302(para)
18017
msgid ""
18018
"There is much to say on the topic of access control. See the man page for "
18019
"<ulink "
18020
"url=\"http://manpages.ubuntu.com/manpages/en/man5/slapd.access.5.html\">slapd"
18021
".access</ulink>."
18022
msgstr ""
18023
18024
#: serverguide/C/network-auth.xml:1310(title)
18025
msgid "TLS"
18026
msgstr ""
18027
18028
#: serverguide/C/network-auth.xml:1312(para)
18029
msgid ""
18030
"When authenticating to an OpenLDAP server it is best to do so using an "
18031
"encrypted session. This can be accomplished using Transport Layer Security "
18032
"(TLS)."
18033
msgstr ""
18034
18035
#: serverguide/C/network-auth.xml:1317(para)
18036
msgid ""
18037
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
18038
"create and sign our LDAP server certificate as that CA. Since "
18039
"<application>slapd</application> is compiled using the "
18040
"<application>gnutls</application> library, we will use the "
18041
"<application>certtool</application> utility to complete these tasks."
18042
msgstr ""
18043
18044
#: serverguide/C/network-auth.xml:1326(para)
18045
msgid ""
18046
"Install the <application>gnutls-bin</application> and <application>ssl-"
18047
"cert</application> packages:"
18048
msgstr ""
18049
18050
#: serverguide/C/network-auth.xml:1331(command)
18051
msgid "sudo apt install gnutls-bin ssl-cert"
18052
msgstr ""
18053
18054
#: serverguide/C/network-auth.xml:1337(para)
18055
msgid "Create a private key for the Certificate Authority:"
18056
msgstr ""
18057
18058
#: serverguide/C/network-auth.xml:1342(command)
18059
msgid ""
18060
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
18061
msgstr ""
18062
18063
#: serverguide/C/network-auth.xml:1348(para)
18064
msgid ""
18065
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
18066
"CA:"
18067
msgstr ""
18068
18069
#: serverguide/C/network-auth.xml:1352(programlisting)
18070
#, no-wrap
18071
msgid ""
18072
"\n"
18073
"cn = Example Company\n"
18074
"ca\n"
18075
"cert_signing_key\n"
18076
msgstr ""
18077
18078
#: serverguide/C/network-auth.xml:1361(para)
18079
msgid "Create the self-signed CA certificate:"
18080
msgstr ""
18081
18082
#: serverguide/C/network-auth.xml:1366(command)
18083
msgid ""
18084
"sudo certtool --generate-self-signed \\ --load-privkey "
18085
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
18086
"/etc/ssl/certs/cacert.pem"
18087
msgstr ""
18088
18089
#: serverguide/C/network-auth.xml:1375(para)
18090
msgid "Make a private key for the server:"
18091
msgstr ""
18092
18093
#: serverguide/C/network-auth.xml:1380(command)
18094
msgid ""
18095
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
18096
"/etc/ssl/private/ldap01_slapd_key.pem"
18097
msgstr ""
18098
18099
#: serverguide/C/network-auth.xml:1386(para)
18100
msgid ""
18101
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
18102
"hostname. Naming the certificate and key for the host and service that will "
18103
"be using them will help keep things clear."
18104
msgstr ""
18105
18106
#: serverguide/C/network-auth.xml:1395(para)
18107
msgid ""
18108
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
18109
msgstr ""
18110
18111
#: serverguide/C/network-auth.xml:1399(programlisting)
18112
#, no-wrap
18113
msgid ""
18114
"\n"
18115
"organization = Example Company\n"
18116
"cn = ldap01.example.com\n"
18117
"tls_www_server\n"
18118
"encryption_key\n"
18119
"signing_key\n"
18120
"expiration_days = 3650\n"
18121
msgstr ""
18122
18123
#: serverguide/C/network-auth.xml:1408(para)
18124
msgid "The above certificate is good for 10 years. Adjust accordingly."
18125
msgstr ""
18126
18127
#: serverguide/C/network-auth.xml:1414(para)
18128
msgid "Create the server's certificate:"
18129
msgstr ""
18130
18131
#: serverguide/C/network-auth.xml:1419(command)
18132
msgid ""
18133
"sudo certtool --generate-certificate \\ --load-privkey "
18134
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
18135
"/etc/ssl/certs/cacert.pem \\ --load-ca-privkey /etc/ssl/private/cakey.pem \\ "
18136
"--template /etc/ssl/ldap01.info \\ --outfile "
18137
"/etc/ssl/certs/ldap01_slapd_cert.pem"
18138
msgstr ""
18139
18140
#: serverguide/C/network-auth.xml:1430(para)
18141
msgid "Adjust permissions and ownership:"
18142
msgstr ""
18143
18144
#: serverguide/C/network-auth.xml:1434(command)
18145
msgid "sudo chgrp openldap /etc/ssl/private/ldap01_slapd_key.pem"
18146
msgstr ""
18147
18148
#: serverguide/C/network-auth.xml:1435(command)
18149
msgid "sudo chmod 0640 /etc/ssl/private/ldap01_slapd_key.pem"
18150
msgstr ""
18151
18152
#: serverguide/C/network-auth.xml:1436(command) serverguide/C/network-auth.xml:1594(command)
18153
msgid "sudo gpasswd -a openldap ssl-cert"
18154
msgstr ""
18155
18156
#: serverguide/C/network-auth.xml:1441(para)
18157
msgid ""
18158
"Now restart <application>slapd</application>, since we added the 'openldap' "
18159
"user to the 'ssl-cert' group:"
18160
msgstr ""
18161
18162
#: serverguide/C/network-auth.xml:1446(command) serverguide/C/network-auth.xml:1599(command) serverguide/C/network-auth.xml:1673(command) serverguide/C/network-auth.xml:3887(command)
18163
msgid "sudo systemctl restart slapd.service"
18164
msgstr ""
18165
18166
#: serverguide/C/network-auth.xml:1448(para)
18167
msgid "Your server is now ready to accept the new TLS configuration."
18168
msgstr ""
18169
18170
#: serverguide/C/network-auth.xml:1454(para)
18171
msgid ""
18172
"Create the file <filename>certinfo.ldif</filename> with the following "
18173
"contents (adjust accordingly, our example assumes we created certs using "
18174
"https://www.cacert.org):"
18175
msgstr ""
18176
18177
#: serverguide/C/network-auth.xml:1458(programlisting)
18178
#, no-wrap
18179
msgid ""
18180
"\n"
18181
"dn: cn=config\n"
18182
"add: olcTLSCACertificateFile\n"
18183
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
18184
"-\n"
18185
"add: olcTLSCertificateFile\n"
18186
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
18187
"-\n"
18188
"add: olcTLSCertificateKeyFile\n"
18189
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
18190
msgstr ""
18191
18192
#: serverguide/C/network-auth.xml:1470(para)
18193
msgid ""
18194
"Use the <application>ldapmodify</application> command to tell slapd about "
18195
"our TLS work via the slapd-config database:"
18196
msgstr ""
18197
18198
#: serverguide/C/network-auth.xml:1475(command) serverguide/C/network-auth.xml:1623(command)
18199
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
18200
msgstr ""
18201
18202
#: serverguide/C/network-auth.xml:1478(para)
18203
msgid ""
18204
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
18205
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
18206
"should have just:"
18207
msgstr ""
18208
18209
#: serverguide/C/network-auth.xml:1483(programlisting)
18210
#, no-wrap
18211
msgid ""
18212
"\n"
18213
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
18214
msgstr ""
18215
18216
#: serverguide/C/network-auth.xml:1488(para)
18217
msgid ""
18218
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
18219
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
18220
"(listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, "
18221
"like HTTPS, is a distinct encrypted-from-the-start protocol that operates "
18222
"over TCP port 636."
18223
msgstr ""
18224
18225
#: serverguide/C/network-auth.xml:1498(title)
18226
msgid "Replication and TLS"
18227
msgstr ""
18228
18229
#: serverguide/C/network-auth.xml:1500(para)
18230
msgid ""
18231
"If you have set up replication between servers, it is common practice to "
18232
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
18233
"distinct from using encryption with authentication as we did above. In this "
18234
"section we will build on that TLS-authentication work."
18235
msgstr ""
18236
18237
#: serverguide/C/network-auth.xml:1506(para)
18238
msgid ""
18239
"The assumption here is that you have set up replication between Provider and "
18240
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
18241
"have configured TLS for authentication on the Provider by following <xref "
18242
"linkend=\"openldap-tls\"/>."
18243
msgstr ""
18244
18245
#: serverguide/C/network-auth.xml:1511(para)
18246
msgid ""
18247
"As previously stated, the objective (for us) with replication is high "
18248
"availablity for the LDAP service. Since we have TLS for authentication on "
18249
"the Provider we will require the same on the Consumer. In addition to this, "
18250
"however, we want to encrypt replication traffic. What remains to be done is "
18251
"to create a key and certificate for the Consumer and then configure "
18252
"accordingly. We will generate the key/certificate on the Provider, to avoid "
18253
"having to create another CA certificate, and then transfer the necessary "
18254
"material over to the Consumer."
18255
msgstr ""
18256
18257
#: serverguide/C/network-auth.xml:1522(para) serverguide/C/network-auth.xml:1679(para)
18258
msgid "On the Provider,"
18259
msgstr ""
18260
18261
#: serverguide/C/network-auth.xml:1526(para)
18262
msgid ""
18263
"Create a holding directory (which will be used for the eventual transfer) "
18264
"and then the Consumer's private key:"
18265
msgstr ""
18266
18267
#: serverguide/C/network-auth.xml:1531(command)
18268
msgid "mkdir ldap02-ssl"
18269
msgstr ""
18270
18271
#: serverguide/C/network-auth.xml:1532(command)
18272
msgid "cd ldap02-ssl"
18273
msgstr ""
18274
18275
#: serverguide/C/network-auth.xml:1533(command)
18276
msgid ""
18277
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
18278
"ldap02_slapd_key.pem"
18279
msgstr ""
18280
18281
#: serverguide/C/network-auth.xml:1538(para)
18282
msgid ""
18283
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
18284
"server, adjusting its values accordingly:"
18285
msgstr ""
18286
18287
#: serverguide/C/network-auth.xml:1542(programlisting)
18288
#, no-wrap
18289
msgid ""
18290
"\n"
18291
"organization = Example Company\n"
18292
"cn = ldap02.example.com\n"
18293
"tls_www_server\n"
18294
"encryption_key\n"
18295
"signing_key\n"
18296
"expiration_days = 3650\n"
18297
msgstr ""
18298
18299
#: serverguide/C/network-auth.xml:1551(para)
18300
msgid "Create the Consumer's certificate:"
18301
msgstr ""
18302
18303
#: serverguide/C/network-auth.xml:1556(command)
18304
msgid ""
18305
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
18306
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
18307
"/etc/ssl/private/cakey.pem \\ --template ldap02.info \\ --outfile "
18308
"ldap02_slapd_cert.pem"
18309
msgstr ""
18310
18311
#: serverguide/C/network-auth.xml:1564(para)
18312
msgid "Get a copy of the CA certificate:"
18313
msgstr ""
18314
18315
#: serverguide/C/network-auth.xml:1569(command)
18316
msgid "cp /etc/ssl/certs/cacert.pem ."
18317
msgstr ""
18318
18319
#: serverguide/C/network-auth.xml:1572(para)
18320
msgid ""
18321
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
18322
"the Consumer. Here we use scp (adjust accordingly):"
18323
msgstr ""
18324
18325
#: serverguide/C/network-auth.xml:1577(command)
18326
msgid "cd .."
18327
msgstr ""
18328
18329
#: serverguide/C/network-auth.xml:1578(command)
18330
msgid "scp -r ldap02-ssl user@consumer:"
18331
msgstr ""
18332
18333
#: serverguide/C/network-auth.xml:1584(para) serverguide/C/network-auth.xml:1632(para)
18334
msgid "On the Consumer,"
18335
msgstr ""
18336
18337
#: serverguide/C/network-auth.xml:1588(para)
18338
msgid "Configure TLS authentication:"
18339
msgstr ""
18340
18341
#: serverguide/C/network-auth.xml:1593(command)
18342
msgid "sudo apt install ssl-cert"
18343
msgstr ""
18344
18345
#: serverguide/C/network-auth.xml:1595(command)
18346
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
18347
msgstr ""
18348
18349
#: serverguide/C/network-auth.xml:1596(command)
18350
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
18351
msgstr ""
18352
18353
#: serverguide/C/network-auth.xml:1597(command)
18354
msgid "sudo chgrp openldap /etc/ssl/private/ldap02_slapd_key.pem"
18355
msgstr ""
18356
18357
#: serverguide/C/network-auth.xml:1598(command)
18358
msgid "sudo chmod 0640 /etc/ssl/private/ldap02_slapd_key.pem"
18359
msgstr ""
18360
18361
#: serverguide/C/network-auth.xml:1602(para)
18362
msgid ""
18363
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
18364
"following contents (adjust accordingly):"
18365
msgstr ""
18366
18367
#: serverguide/C/network-auth.xml:1606(programlisting)
18368
#, no-wrap
18369
msgid ""
18370
"\n"
18371
"dn: cn=config\n"
18372
"add: olcTLSCACertificateFile\n"
18373
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
18374
"-\n"
18375
"add: olcTLSCertificateFile\n"
18376
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
18377
"-\n"
18378
"add: olcTLSCertificateKeyFile\n"
18379
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
18380
msgstr ""
18381
18382
#: serverguide/C/network-auth.xml:1618(para)
18383
msgid "Configure the slapd-config database:"
18384
msgstr ""
18385
18386
#: serverguide/C/network-auth.xml:1626(para)
18387
msgid ""
18388
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
18389
"(SLAPD_SERVICES)."
18390
msgstr ""
18391
18392
#: serverguide/C/network-auth.xml:1636(para)
18393
msgid ""
18394
"Configure TLS for Consumer-side replication. Modify the existing "
18395
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
18396
"In so doing, we will see, for the first time, how to change an attribute's "
18397
"value(s)."
18398
msgstr ""
18399
18400
#: serverguide/C/network-auth.xml:1641(para)
18401
msgid ""
18402
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
18403
"following contents:"
18404
msgstr ""
18405
18406
#: serverguide/C/network-auth.xml:1645(programlisting)
18407
#, no-wrap
18408
msgid ""
18409
"\n"
18410
"dn: olcDatabase={1}mdb,cn=config\n"
18411
"replace: olcSyncRepl\n"
18412
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple\n"
18413
" binddn=\"cn=admin,dc=example,dc=com\" credentials=secret "
18414
"searchbase=\"dc=example,dc=com\"\n"
18415
" logbase=\"cn=accesslog\" "
18416
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\"\n"
18417
" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
18418
" starttls=critical tls_reqcert=demand\n"
18419
msgstr ""
18420
18421
#: serverguide/C/network-auth.xml:1655(para)
18422
msgid ""
18423
"The extra options specify, respectively, that the consumer must use StartTLS "
18424
"and that the CA certificate is required to verify the Provider's identity. "
18425
"Also note the LDIF syntax for changing the values of an attribute "
18426
"('replace')."
18427
msgstr ""
18428
18429
#: serverguide/C/network-auth.xml:1660(para)
18430
msgid "Implement these changes:"
18431
msgstr ""
18432
18433
#: serverguide/C/network-auth.xml:1665(command)
18434
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
18435
msgstr ""
18436
18437
#: serverguide/C/network-auth.xml:1668(para)
18438
msgid "And restart slapd:"
18439
msgstr ""
18440
18441
#: serverguide/C/network-auth.xml:1683(para)
18442
msgid ""
18443
"Check to see that a TLS session has been established. In "
18444
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
18445
"logging set up, you should see messages similar to:"
18446
msgstr ""
18447
18448
#: serverguide/C/network-auth.xml:1688(programlisting)
18449
#, no-wrap
18450
msgid ""
18451
"\n"
18452
"slapd[3620]: conn=1047 fd=20 ACCEPT from IP=10.153.107.229:57922 "
18453
"(IP=0.0.0.0:389)\n"
18454
"slapd[3620]: conn=1047 op=0 EXT oid=1.3.6.1.4.1.1466.20037\n"
18455
"slapd[3620]: conn=1047 op=0 STARTTLS\n"
18456
"slapd[3620]: conn=1047 op=0 RESULT oid= err=0 text=\n"
18457
"slapd[3620]: conn=1047 fd=20 TLS established tls_ssf=128 ssf=128\n"
18458
"slapd[3620]: conn=1047 op=1 BIND dn=\"cn=admin,dc=example,dc=com\" "
18459
"method=128\n"
18460
"slapd[3620]: conn=1047 op=1 BIND dn=\"cn=admin,dc=example,dc=com\" "
18461
"mech=SIMPLE ssf=0\n"
18462
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
18463
msgstr ""
18464
18465
#: serverguide/C/network-auth.xml:1706(title)
18466
msgid "LDAP Authentication"
18467
msgstr ""
18468
18469
#: serverguide/C/network-auth.xml:1708(para)
18470
msgid ""
18471
"Once you have a working LDAP server, you will need to install libraries on "
18472
"the client that will know how and when to contact it. On Ubuntu, this has "
18473
"been traditionally accomplished by installing the <application>libnss-"
18474
"ldap</application> package. This package will bring in other tools that will "
18475
"assist you in the configuration step. Install this package now:"
18476
msgstr ""
18477
18478
#: serverguide/C/network-auth.xml:1715(command) serverguide/C/network-auth.xml:2479(screen)
18479
msgid "sudo apt install libnss-ldap"
18480
msgstr ""
18481
18482
#: serverguide/C/network-auth.xml:1718(para)
18483
msgid ""
18484
"You will be prompted for details of your LDAP server. If you make a mistake "
18485
"you can try again using:"
18486
msgstr ""
18487
18488
#: serverguide/C/network-auth.xml:1723(command)
18489
msgid "sudo dpkg-reconfigure ldap-auth-config"
18490
msgstr ""
18491
18492
#: serverguide/C/network-auth.xml:1726(para)
18493
msgid ""
18494
"The results of the dialog can be seen in "
18495
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
18496
"covered in the menu edit this file accordingly."
18497
msgstr ""
18498
18499
#: serverguide/C/network-auth.xml:1731(para)
18500
msgid "Now configure the LDAP profile for NSS:"
18501
msgstr ""
18502
18503
#: serverguide/C/network-auth.xml:1736(command) serverguide/C/network-auth.xml:2484(screen)
18504
msgid "sudo auth-client-config -t nss -p lac_ldap"
18505
msgstr ""
18506
18507
#: serverguide/C/network-auth.xml:1739(para)
18508
msgid "Configure the system to use LDAP for authentication:"
18509
msgstr ""
18510
18511
#: serverguide/C/network-auth.xml:1744(command)
18512
msgid "sudo pam-auth-update"
18513
msgstr ""
18514
18515
#: serverguide/C/network-auth.xml:1747(para)
18516
msgid ""
18517
"From the menu, choose LDAP and any other authentication mechanisms you need."
18518
msgstr ""
18519
18520
#: serverguide/C/network-auth.xml:1751(para)
18521
msgid "You should now be able to log in using LDAP-based credentials."
18522
msgstr ""
18523
18524
#: serverguide/C/network-auth.xml:1755(para)
18525
msgid ""
18526
"LDAP clients will need to refer to multiple servers if replication is in "
18527
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
18528
msgstr ""
18529
18530
#: serverguide/C/network-auth.xml:1760(programlisting)
18531
#, no-wrap
18532
msgid ""
18533
"\n"
18534
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
18535
msgstr ""
18536
18537
#: serverguide/C/network-auth.xml:1764(para)
18538
msgid ""
18539
"The request will time out and the Consumer (ldap02) will attempt to be "
18540
"reached if the Provider (ldap01) becomes unresponsive."
18541
msgstr ""
18542
18543
#: serverguide/C/network-auth.xml:1768(para)
18544
msgid ""
18545
"If you are going to use LDAP to store Samba users you will need to configure "
18546
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
18547
"ldap\"/> for details."
18548
msgstr ""
18549
18550
#: serverguide/C/network-auth.xml:1774(para)
18551
msgid ""
18552
"An alternative to the <application>libnss-ldap</application> package is the "
18553
"<application>libnss-ldapd</application> package. This, however, will bring "
18554
"in the <application>nscd</application> package which is problably not "
18555
"wanted. Simply remove it afterwards."
18556
msgstr ""
18557
18558
#: serverguide/C/network-auth.xml:1784(title)
18559
msgid "User and Group Management"
18560
msgstr ""
18561
18562
#: serverguide/C/network-auth.xml:1786(para)
18563
msgid ""
18564
"The <application>ldap-utils</application> package comes with enough "
18565
"utilities to manage the directory but the long string of options needed can "
18566
"make them a burden to use. The <application>ldapscripts</application> "
18567
"package contains wrapper scripts to these utilities that some people find "
18568
"easier to use."
18569
msgstr ""
18570
18571
#: serverguide/C/network-auth.xml:1792(para)
18572
msgid "Install the package:"
18573
msgstr ""
18574
18575
#: serverguide/C/network-auth.xml:1797(command)
18576
msgid "sudo apt install ldapscripts"
18577
msgstr ""
18578
18579
#: serverguide/C/network-auth.xml:1800(para)
18580
msgid ""
18581
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
18582
"arrive at something similar to the following:"
18583
msgstr ""
18584
18585
#: serverguide/C/network-auth.xml:1804(programlisting)
18586
#, no-wrap
18587
msgid ""
18588
"\n"
18589
"SERVER=localhost\n"
18590
"BINDDN='cn=admin,dc=example,dc=com'\n"
18591
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
18592
"SUFFIX='dc=example,dc=com'\n"
18593
"GSUFFIX='ou=Groups'\n"
18594
"USUFFIX='ou=People'\n"
18595
"MSUFFIX='ou=Computers'\n"
18596
"GIDSTART=10000\n"
18597
"UIDSTART=10000\n"
18598
"MIDSTART=10000\n"
18599
msgstr ""
18600
18601
#: serverguide/C/network-auth.xml:1817(para)
18602
msgid ""
18603
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
18604
"access to the directory:"
18605
msgstr ""
18606
18607
#: serverguide/C/network-auth.xml:1822(command)
18608
msgid ""
18609
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
18610
msgstr ""
18611
18612
#: serverguide/C/network-auth.xml:1823(command)
18613
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
18614
msgstr ""
18615
18616
#: serverguide/C/network-auth.xml:1827(para)
18617
msgid ""
18618
"Replace <quote>secret</quote> with the actual password for your database's "
18619
"rootDN user."
18620
msgstr ""
18621
18622
#: serverguide/C/network-auth.xml:1832(para)
18623
msgid ""
18624
"The scripts are now ready to help manage your directory. Here are some "
18625
"examples of how to use them:"
18626
msgstr ""
18627
18628
#: serverguide/C/network-auth.xml:1839(para)
18629
msgid "Create a new user:"
18630
msgstr ""
18631
18632
#: serverguide/C/network-auth.xml:1844(command)
18633
msgid "sudo ldapadduser george example"
18634
msgstr ""
18635
18636
#: serverguide/C/network-auth.xml:1847(para)
18637
msgid ""
18638
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
18639
"and set the user's primary group (gid) to <emphasis "
18640
"role=\"italic\">example</emphasis>"
18641
msgstr ""
18642
18643
#: serverguide/C/network-auth.xml:1854(para)
18644
msgid "Change a user's password:"
18645
msgstr ""
18646
18647
#: serverguide/C/network-auth.xml:1859(command)
18648
msgid "sudo ldapsetpasswd george"
18649
msgstr ""
18650
18651
#: serverguide/C/network-auth.xml:1860(computeroutput)
18652
#, no-wrap
18653
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
18654
msgstr ""
18655
18656
#: serverguide/C/network-auth.xml:1861(userinput)
18657
#, no-wrap
18658
msgid "New Password: "
18659
msgstr ""
18660
18661
#: serverguide/C/network-auth.xml:1862(userinput)
18662
#, no-wrap
18663
msgid "New Password (verify): "
18664
msgstr ""
18665
18666
#: serverguide/C/network-auth.xml:1868(para)
18667
msgid "Delete a user:"
18668
msgstr ""
18669
18670
#: serverguide/C/network-auth.xml:1873(command)
18671
msgid "sudo ldapdeleteuser george"
18672
msgstr ""
18673
18674
#: serverguide/C/network-auth.xml:1879(para)
18675
msgid "Add a group:"
18676
msgstr ""
18677
18678
#: serverguide/C/network-auth.xml:1884(command)
18679
msgid "sudo ldapaddgroup qa"
18680
msgstr ""
18681
18682
#: serverguide/C/network-auth.xml:1890(para)
18683
msgid "Delete a group:"
18684
msgstr ""
18685
18686
#: serverguide/C/network-auth.xml:1895(command)
18687
msgid "sudo ldapdeletegroup qa"
18688
msgstr ""
18689
18690
#: serverguide/C/network-auth.xml:1901(para)
18691
msgid "Add a user to a group:"
18692
msgstr ""
18693
18694
#: serverguide/C/network-auth.xml:1906(command)
18695
msgid "sudo ldapaddusertogroup george qa"
18696
msgstr ""
18697
18698
#: serverguide/C/network-auth.xml:1909(para)
18699
msgid ""
18700
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
18701
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
18702
"role=\"italic\">george</emphasis>."
18703
msgstr ""
18704
18705
#: serverguide/C/network-auth.xml:1916(para)
18706
msgid "Remove a user from a group:"
18707
msgstr ""
18708
18709
#: serverguide/C/network-auth.xml:1921(command)
18710
msgid "sudo ldapdeleteuserfromgroup george qa"
18711
msgstr ""
18712
18713
#: serverguide/C/network-auth.xml:1924(para)
18714
msgid ""
18715
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
18716
"<emphasis role=\"italic\">qa</emphasis> group."
18717
msgstr ""
18718
18719
#: serverguide/C/network-auth.xml:1931(para)
18720
msgid ""
18721
"The <application>ldapmodifyuser</application> script allows you to add, "
18722
"remove, or replace a user's attributes. The script uses the same syntax as "
18723
"the <application>ldapmodify</application> utility. For example:"
18724
msgstr ""
18725
18726
#: serverguide/C/network-auth.xml:1937(command)
18727
msgid "sudo ldapmodifyuser george"
18728
msgstr ""
18729
18730
#: serverguide/C/network-auth.xml:1938(computeroutput)
18731
#, no-wrap
18732
msgid ""
18733
"# About to modify the following entry :\n"
18734
"dn: uid=george,ou=People,dc=example,dc=com\n"
18735
"objectClass: account\n"
18736
"objectClass: posixAccount\n"
18737
"cn: george\n"
18738
"uid: george\n"
18739
"uidNumber: 1001\n"
18740
"gidNumber: 1001\n"
18741
"homeDirectory: /home/george\n"
18742
"loginShell: /bin/bash\n"
18743
"gecos: george\n"
18744
"description: User account\n"
18745
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
18746
"\n"
18747
"# Enter your modifications here, end with CTRL-D.\n"
18748
"dn: uid=george,ou=People,dc=example,dc=com"
18749
msgstr ""
18750
18751
#: serverguide/C/network-auth.xml:1954(userinput)
18752
#, no-wrap
18753
msgid ""
18754
"replace: gecos\n"
18755
"gecos: George Carlin"
18756
msgstr ""
18757
18758
#: serverguide/C/network-auth.xml:1958(para)
18759
msgid ""
18760
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
18761
"Carlin</quote>."
18762
msgstr ""
18763
18764
#: serverguide/C/network-auth.xml:1964(para)
18765
msgid ""
18766
"A nice feature of <application>ldapscripts</application> is the template "
18767
"system. Templates allow you to customize the attributes of user, group, and "
18768
"machine objects. For example, to enable the <emphasis>user</emphasis> "
18769
"template edit <filename>/etc/ldapscripts/ldapscripts.conf</filename> "
18770
"changing:"
18771
msgstr ""
18772
18773
#: serverguide/C/network-auth.xml:1970(programlisting)
18774
#, no-wrap
18775
msgid ""
18776
"\n"
18777
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
18778
msgstr ""
18779
18780
#: serverguide/C/network-auth.xml:1974(para)
18781
msgid ""
18782
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
18783
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
18784
"rename the <filename>ldapadduser.template.sample</filename> file to "
18785
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
18786
msgstr ""
18787
18788
#: serverguide/C/network-auth.xml:1981(command)
18789
msgid ""
18790
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
18791
"/etc/ldapscripts/ldapadduser.template"
18792
msgstr ""
18793
18794
#: serverguide/C/network-auth.xml:1985(para)
18795
msgid ""
18796
"Edit the new template to add the desired attributes. The following will "
18797
"create new users with an objectClass of inetOrgPerson:"
18798
msgstr ""
18799
18800
#: serverguide/C/network-auth.xml:1990(programlisting)
18801
#, no-wrap
18802
msgid ""
18803
"\n"
18804
"dn: uid=<user>,<usuffix>,<suffix>\n"
18805
"objectClass: inetOrgPerson\n"
18806
"objectClass: posixAccount\n"
18807
"cn: <user>\n"
18808
"sn: <ask>\n"
18809
"uid: <user>\n"
18810
"uidNumber: <uid>\n"
18811
"gidNumber: <gid>\n"
18812
"homeDirectory: <home>\n"
18813
"loginShell: <shell>\n"
18814
"gecos: <user>\n"
18815
"description: User account\n"
18816
"title: Employee\n"
18817
msgstr ""
18818
18819
#: serverguide/C/network-auth.xml:2006(para)
18820
msgid ""
18821
"Notice the <emphasis><ask></emphasis> option used for the "
18822
"<emphasis>sn</emphasis> attribute. This will make "
18823
"<application>ldapadduser</application> prompt you for its value."
18824
msgstr ""
18825
18826
#: serverguide/C/network-auth.xml:2014(para)
18827
msgid ""
18828
"There are utilities in the package that were not covered here. Here is a "
18829
"complete list:"
18830
msgstr ""
18831
18832
#: serverguide/C/network-auth.xml:2019(ulink)
18833
msgid "ldaprenamemachine"
18834
msgstr ""
18835
18836
#: serverguide/C/network-auth.xml:2020(ulink)
18837
msgid "ldapadduser"
18838
msgstr ""
18839
18840
#: serverguide/C/network-auth.xml:2021(ulink)
18841
msgid "ldapdeleteuserfromgroup"
18842
msgstr ""
18843
18844
#: serverguide/C/network-auth.xml:2022(ulink)
18845
msgid "ldapfinger"
18846
msgstr ""
18847
18848
#: serverguide/C/network-auth.xml:2023(ulink)
18849
msgid "ldapid"
18850
msgstr ""
18851
18852
#: serverguide/C/network-auth.xml:2024(ulink)
18853
msgid "ldapgid"
18854
msgstr ""
18855
18856
#: serverguide/C/network-auth.xml:2025(ulink)
18857
msgid "ldapmodifyuser"
18858
msgstr ""
18859
18860
#: serverguide/C/network-auth.xml:2026(ulink)
18861
msgid "ldaprenameuser"
18862
msgstr ""
18863
18864
#: serverguide/C/network-auth.xml:2027(ulink)
18865
msgid "lsldap"
18866
msgstr ""
18867
18868
#: serverguide/C/network-auth.xml:2028(ulink)
18869
msgid "ldapaddusertogroup"
18870
msgstr ""
18871
18872
#: serverguide/C/network-auth.xml:2029(ulink)
18873
msgid "ldapsetpasswd"
18874
msgstr ""
18875
18876
#: serverguide/C/network-auth.xml:2030(ulink)
18877
msgid "ldapinit"
18878
msgstr ""
18879
18880
#: serverguide/C/network-auth.xml:2031(ulink)
18881
msgid "ldapaddgroup"
18882
msgstr ""
18883
18884
#: serverguide/C/network-auth.xml:2032(ulink)
18885
msgid "ldapdeletegroup"
18886
msgstr ""
18887
18888
#: serverguide/C/network-auth.xml:2033(ulink)
18889
msgid "ldapmodifygroup"
18890
msgstr ""
18891
18892
#: serverguide/C/network-auth.xml:2034(ulink)
18893
msgid "ldapdeletemachine"
18894
msgstr ""
18895
18896
#: serverguide/C/network-auth.xml:2035(ulink)
18897
msgid "ldaprenamegroup"
18898
msgstr ""
18899
18900
#: serverguide/C/network-auth.xml:2036(ulink)
18901
msgid "ldapaddmachine"
18902
msgstr ""
18903
18904
#: serverguide/C/network-auth.xml:2037(ulink)
18905
msgid "ldapmodifymachine"
18906
msgstr ""
18907
18908
#: serverguide/C/network-auth.xml:2038(ulink)
18909
msgid "ldapsetprimarygroup"
18910
msgstr ""
18911
18912
#: serverguide/C/network-auth.xml:2039(ulink)
18913
msgid "ldapdeleteuser"
18914
msgstr ""
18915
18916
#: serverguide/C/network-auth.xml:2045(title)
18917
msgid "Backup and Restore"
18918
msgstr ""
18919
18920
#: serverguide/C/network-auth.xml:2047(para)
18921
msgid ""
18922
"Now we have ldap running just the way we want, it is time to ensure we can "
18923
"save all of our work and restore it as needed."
18924
msgstr ""
18925
18926
#: serverguide/C/network-auth.xml:2052(para)
18927
msgid ""
18928
"What we need is a way to backup the ldap database(s), specifically the "
18929
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
18930
"backup those databases into, say, <filename>/export/backup</filename>, we "
18931
"could use <application>slapcat</application> as shown in the following "
18932
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
18933
msgstr ""
18934
18935
#: serverguide/C/network-auth.xml:2062(programlisting)
18936
#, no-wrap
18937
msgid ""
18938
"\n"
18939
"#!/bin/bash\n"
18940
"\n"
18941
"BACKUP_PATH=/export/backup\n"
18942
"SLAPCAT=/usr/sbin/slapcat\n"
18943
"\n"
18944
"nice ${SLAPCAT} -n 0 > ${BACKUP_PATH}/config.ldif\n"
18945
"nice ${SLAPCAT} -n 1 > ${BACKUP_PATH}/example.com.ldif\n"
18946
"nice ${SLAPCAT} -n 2 > ${BACKUP_PATH}/access.ldif\n"
18947
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
18948
msgstr ""
18949
18950
#: serverguide/C/network-auth.xml:2075(para)
18951
msgid ""
18952
"These files are uncompressed text files containing everything in your ldap "
18953
"databases including the tree layout, usernames, and every password. So, you "
18954
"might want to consider making <filename>/export/backup</filename> an "
18955
"encrypted partition and even having the script encrypt those files as it "
18956
"creates them. Ideally you should do both, but that depends on your security "
18957
"requirements."
18958
msgstr ""
18959
18960
#: serverguide/C/network-auth.xml:2086(para)
18961
msgid ""
18962
"Then, it is just a matter of having a cron script to run this program as "
18963
"often as we feel comfortable with. For many, once a day suffices. For "
18964
"others, more often is required. Here is an example of a cron script called "
18965
"<filename>/etc/cron.d/ldapbackup</filename> that is run every night at "
18966
"22:45h:"
18967
msgstr ""
18968
18969
#: serverguide/C/network-auth.xml:2094(programlisting)
18970
#, no-wrap
18971
msgid ""
18972
"\n"
18973
"MAILTO=backup-emails@domain.com\n"
18974
"45 22 * * * root /usr/local/bin/ldapbackup\n"
18975
msgstr ""
18976
18977
#: serverguide/C/network-auth.xml:2099(para)
18978
msgid "Now the files are created, they should be copied to a backup server."
18979
msgstr ""
18980
18981
#: serverguide/C/network-auth.xml:2104(para)
18982
msgid ""
18983
"Assuming we did a fresh reinstall of ldap, the restore process could be "
18984
"something like this:"
18985
msgstr ""
18986
18987
#: serverguide/C/network-auth.xml:2110(command)
18988
msgid "sudo systemctl stop slapd.service"
18989
msgstr ""
18990
18991
#: serverguide/C/network-auth.xml:2111(command)
18992
msgid "sudo mkdir /var/lib/ldap/accesslog"
18993
msgstr ""
18994
18995
#: serverguide/C/network-auth.xml:2112(command)
18996
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
18997
msgstr ""
18998
18999
#: serverguide/C/network-auth.xml:2113(command)
19000
msgid ""
19001
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
19002
msgstr ""
19003
19004
#: serverguide/C/network-auth.xml:2114(command)
19005
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
19006
msgstr ""
19007
19008
#: serverguide/C/network-auth.xml:2115(command)
19009
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
19010
msgstr ""
19011
19012
#: serverguide/C/network-auth.xml:2116(command)
19013
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
19014
msgstr ""
19015
19016
#: serverguide/C/network-auth.xml:2117(command)
19017
msgid "sudo systemctl start slapd.service"
19018
msgstr ""
19019
19020
#: serverguide/C/network-auth.xml:2128(para)
19021
msgid ""
19022
"The primary resource is the upstream documentation: <ulink "
19023
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
19024
msgstr ""
19025
19026
#: serverguide/C/network-auth.xml:2134(para)
19027
msgid ""
19028
"There are many man pages that come with the slapd package. Here are some "
19029
"important ones, especially considering the material presented in this guide:"
19030
msgstr ""
19031
19032
#: serverguide/C/network-auth.xml:2140(ulink)
19033
msgid "slapd"
19034
msgstr ""
19035
19036
#: serverguide/C/network-auth.xml:2141(ulink)
19037
msgid "slapd-config"
19038
msgstr ""
19039
19040
#: serverguide/C/network-auth.xml:2142(ulink)
19041
msgid "slapd.access"
19042
msgstr ""
19043
19044
#: serverguide/C/network-auth.xml:2143(ulink)
19045
msgid "slapo-syncprov"
19046
msgstr ""
19047
19048
#: serverguide/C/network-auth.xml:2149(para)
19049
msgid "Other man pages:"
19050
msgstr ""
19051
19052
#: serverguide/C/network-auth.xml:2154(ulink)
19053
msgid "auth-client-config"
19054
msgstr ""
19055
19056
#: serverguide/C/network-auth.xml:2155(ulink)
19057
msgid "pam-auth-update"
19058
msgstr ""
19059
19060
#: serverguide/C/network-auth.xml:2161(para)
19061
msgid ""
19062
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
19063
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
19064
msgstr ""
19065
19066
#: serverguide/C/network-auth.xml:2167(para)
19067
msgid ""
19068
"A Ubuntu community <ulink "
19069
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
19070
"wiki</ulink> page has a collection of notes"
19071
msgstr ""
19072
19073
#: serverguide/C/network-auth.xml:2173(para)
19074
msgid ""
19075
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
19076
"Administration</ulink> (textbook; 2003)"
19077
msgstr ""
19078
19079
#: serverguide/C/network-auth.xml:2179(para)
19080
msgid ""
19081
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
19082
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
19083
msgstr ""
19084
19085
#: serverguide/C/network-auth.xml:2190(title)
19086
msgid "Samba and LDAP"
19087
msgstr ""
19088
19089
#: serverguide/C/network-auth.xml:2192(para)
19090
msgid ""
19091
"This section covers the integration of Samba with LDAP. The Samba server's "
19092
"role will be that of a \"standalone\" server and the LDAP directory will "
19093
"provide the authentication layer in addition to containing the user, group, "
19094
"and machine account information that Samba requires in order to function (in "
19095
"any of its 3 possible roles). The pre-requisite is an OpenLDAP server "
19096
"configured with a directory that can accept authentication requests. See "
19097
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
19098
"requirement. Once this section is completed, you will need to decide what "
19099
"specifically you want Samba to do for you and then configure it accordingly."
19100
msgstr ""
19101
19102
#: serverguide/C/network-auth.xml:2199(para)
19103
msgid ""
19104
"This guide will assume that the LDAP and Samba services are running on the "
19105
"same server and therefore use SASL EXTERNAL authentication whenever changing "
19106
"something under <emphasis>cn=config</emphasis>. If that is not your "
19107
"scenario, you will have to run those ldap commands on the LDAP server."
19108
msgstr ""
19109
19110
#: serverguide/C/network-auth.xml:2205(title) serverguide/C/network-auth.xml:3976(title)
19111
msgid "Software Installation"
19112
msgstr ""
19113
19114
#: serverguide/C/network-auth.xml:2207(para)
19115
msgid ""
19116
"There are two packages needed when integrating Samba with LDAP: "
19117
"<application>samba</application> and <application>smbldap-"
19118
"tools</application>."
19119
msgstr ""
19120
19121
#: serverguide/C/network-auth.xml:2212(para)
19122
msgid ""
19123
"Strictly speaking, the <application>smbldap-tools</application> package "
19124
"isn't needed, but unless you have some other way to manage the various Samba "
19125
"entities (users, groups, computers) in an LDAP context then you should "
19126
"install it."
19127
msgstr ""
19128
19129
#: serverguide/C/network-auth.xml:2217(para)
19130
msgid "Install these packages now:"
19131
msgstr ""
19132
19133
#: serverguide/C/network-auth.xml:2222(command)
19134
msgid "sudo apt install samba smbldap-tools"
19135
msgstr ""
19136
19137
#: serverguide/C/network-auth.xml:2228(title)
19138
msgid "LDAP Configuration"
19139
msgstr ""
19140
19141
#: serverguide/C/network-auth.xml:2230(para)
19142
msgid ""
19143
"We will now configure the LDAP server so that it can accomodate Samba data. "
19144
"We will perform three tasks in this section:"
19145
msgstr ""
19146
19147
#: serverguide/C/network-auth.xml:2237(para)
19148
msgid "Import a schema"
19149
msgstr ""
19150
19151
#: serverguide/C/network-auth.xml:2241(para)
19152
msgid "Index some entries"
19153
msgstr ""
19154
19155
#: serverguide/C/network-auth.xml:2245(para)
19156
msgid "Add objects"
19157
msgstr ""
19158
19159
#: serverguide/C/network-auth.xml:2251(title)
19160
msgid "Samba schema"
19161
msgstr ""
19162
19163
#: serverguide/C/network-auth.xml:2253(para)
19164
msgid ""
19165
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
19166
"will need to use attributes that can properly describe Samba data. Such "
19167
"attributes can be obtained by introducing a Samba LDAP schema. Let's do this "
19168
"now."
19169
msgstr ""
19170
19171
#: serverguide/C/network-auth.xml:2259(para)
19172
msgid ""
19173
"For more information on schemas and their installation see <xref "
19174
"linkend=\"openldap-configuration\"/>."
19175
msgstr ""
19176
19177
#: serverguide/C/network-auth.xml:2267(para)
19178
msgid ""
19179
"The schema is found in the now-installed <application>samba</application> "
19180
"package and is already in the ldif format. We can import it with one simple "
19181
"command:"
19182
msgstr ""
19183
19184
#: serverguide/C/network-auth.xml:2273(command)
19185
msgid ""
19186
"zcat /usr/share/doc/samba/examples/LDAP/samba.ldif.gz | sudo ldapadd -Q -Y "
19187
"EXTERNAL -H ldapi:///"
19188
msgstr ""
19189
19190
#: serverguide/C/network-auth.xml:2279(para)
19191
msgid "To query and view this new schema:"
19192
msgstr ""
19193
19194
#: serverguide/C/network-auth.xml:2284(command)
19195
msgid ""
19196
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
19197
"'cn=*samba*'"
19198
msgstr ""
19199
19200
#: serverguide/C/network-auth.xml:2294(title)
19201
msgid "Samba indices"
19202
msgstr ""
19203
19204
#: serverguide/C/network-auth.xml:2296(para)
19205
msgid ""
19206
"Now that slapd knows about the Samba attributes, we can set up some indices "
19207
"based on them. Indexing entries is a way to improve performance when a "
19208
"client performs a filtered search on the DIT."
19209
msgstr ""
19210
19211
#: serverguide/C/network-auth.xml:2301(para)
19212
msgid ""
19213
"Create the file <filename>samba_indices.ldif</filename> with the following "
19214
"contents:"
19215
msgstr ""
19216
19217
#: serverguide/C/network-auth.xml:2305(programlisting)
19218
#, no-wrap
19219
msgid ""
19220
"\n"
19221
"dn: olcDatabase={1}mdb,cn=config\n"
19222
"changetype: modify\n"
19223
"replace: olcDbIndex\n"
19224
"olcDbIndex: objectClass eq\n"
19225
"olcDbIndex: uidNumber,gidNumber eq\n"
19226
"olcDbIndex: loginShell eq\n"
19227
"olcDbIndex: uid,cn eq,sub\n"
19228
"olcDbIndex: memberUid eq,sub\n"
19229
"olcDbIndex: member,uniqueMember eq\n"
19230
"olcDbIndex: sambaSID eq\n"
19231
"olcDbIndex: sambaPrimaryGroupSID eq\n"
19232
"olcDbIndex: sambaGroupType eq\n"
19233
"olcDbIndex: sambaSIDList eq\n"
19234
"olcDbIndex: sambaDomainName eq\n"
19235
"olcDbIndex: default sub,eq\n"
19236
msgstr ""
19237
19238
#: serverguide/C/network-auth.xml:2323(para)
19239
msgid ""
19240
"Using the <application>ldapmodify</application> utility load the new indices:"
19241
msgstr ""
19242
19243
#: serverguide/C/network-auth.xml:2328(command)
19244
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
19245
msgstr ""
19246
19247
#: serverguide/C/network-auth.xml:2331(para)
19248
msgid ""
19249
"If all went well you should see the new indices using "
19250
"<application>ldapsearch</application>:"
19251
msgstr ""
19252
19253
#: serverguide/C/network-auth.xml:2336(command)
19254
msgid ""
19255
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
19256
"olcDatabase={1}mdb olcDbIndex"
19257
msgstr ""
19258
19259
#: serverguide/C/network-auth.xml:2343(title)
19260
msgid "Adding Samba LDAP objects"
19261
msgstr ""
19262
19263
#: serverguide/C/network-auth.xml:2345(para)
19264
msgid ""
19265
"Next, configure the <application>smbldap-tools</application> package to "
19266
"match your environment. The package comes with a configuration helper script "
19267
"called <application>smbldap-config</application>. Before running it, though, "
19268
"you should decide on two important configuration settings in "
19269
"<filename>/etc/samba/smb.conf</filename>:"
19270
msgstr ""
19271
19272
#: serverguide/C/network-auth.xml:2352(para)
19273
msgid ""
19274
"<emphasis>netbios name</emphasis>: how this server will be known. The "
19275
"default value is derived from the server's hostname, but truncated at 15 "
19276
"characters."
19277
msgstr ""
19278
19279
#: serverguide/C/network-auth.xml:2356(para)
19280
msgid ""
19281
"<emphasis>workgroup</emphasis>: the workgroup name for this server, or, if "
19282
"you later decide to make it a domain controller, this will be the domain."
19283
msgstr ""
19284
19285
#: serverguide/C/network-auth.xml:2360(para)
19286
msgid ""
19287
"It's important to make these choices now because <application>smbldap-"
19288
"config</application> will use them to generate the config that will be later "
19289
"stored in the LDAP directory. If you run <application>smbldap-"
19290
"config</application> now and later change these values in "
19291
"<filename>/etc/samba/smb.conf</filename> there will be an inconsistency."
19292
msgstr ""
19293
19294
#: serverguide/C/network-auth.xml:2366(para)
19295
msgid ""
19296
"Once you are happy with <emphasis>netbios name</emphasis> and "
19297
"<emphasis>workgroup</emphasis>, proceed to generat the <application>smbldap-"
19298
"tools</application> configuration by running the configuration script which "
19299
"will ask you some questions:"
19300
msgstr ""
19301
19302
#: serverguide/C/network-auth.xml:2371(command)
19303
msgid "sudo smbldap-config"
19304
msgstr ""
19305
19306
#: serverguide/C/network-auth.xml:2374(para)
19307
msgid "Some of the more important ones:"
19308
msgstr ""
19309
19310
#: serverguide/C/network-auth.xml:2377(para)
19311
msgid ""
19312
"<emphasis>workgroup name</emphasis>: has to match what you will configure in "
19313
"<filename>/etc/samba/smb.conf</filename> later on."
19314
msgstr ""
19315
19316
#: serverguide/C/network-auth.xml:2381(para)
19317
msgid ""
19318
"<emphasis>ldap suffix</emphasis>: has to match the ldap suffix you chose "
19319
"when you configured the LDAP server."
19320
msgstr ""
19321
19322
#: serverguide/C/network-auth.xml:2384(para)
19323
msgid ""
19324
"other ldap suffixes: they are all relative to <emphasis>ldap "
19325
"suffix</emphasis> above. For example, for <emphasis>ldap user "
19326
"suffix</emphasis> you should use <emphasis>ou=People</emphasis>."
19327
msgstr ""
19328
19329
#: serverguide/C/network-auth.xml:2388(para)
19330
msgid ""
19331
"<emphasis>ldap master bind dn</emphasis> and <emphasis>bind "
19332
"password</emphasis>: use the rootDN credentials."
19333
msgstr ""
19334
19335
#: serverguide/C/network-auth.xml:2391(para)
19336
msgid ""
19337
"The <application>smbldap-populate</application> script will then add the "
19338
"LDAP objects required for Samba. It is a good idea to first make a backup of "
19339
"your DIT using <application>slapcat</application>:"
19340
msgstr ""
19341
19342
#: serverguide/C/network-auth.xml:2397(command)
19343
msgid "sudo slapcat -l backup.ldif"
19344
msgstr ""
19345
19346
#: serverguide/C/network-auth.xml:2400(para)
19347
msgid ""
19348
"Once you have a backup proceed to populate your directory. It will ask you "
19349
"for a password for the \"domain root\" user, which is also the \"root\" user "
19350
"stored in LDAP:"
19351
msgstr ""
19352
19353
#: serverguide/C/network-auth.xml:2406(command)
19354
msgid "sudo smbldap-populate -g 10000 -u 10000 -r 10000"
19355
msgstr ""
19356
19357
#: serverguide/C/network-auth.xml:2409(para)
19358
msgid ""
19359
"The <emphasis>-g</emphasis>, <emphasis>-u</emphasis> and <emphasis>-"
19360
"r</emphasis> parameters tell <application>smbldap-tools</application> where "
19361
"to start the numeric uid and gid allocation for the LDAP users. You should "
19362
"pick a range start that does not overlap with your local "
19363
"<emphasis>/etc/passwd</emphasis> users."
19364
msgstr ""
19365
19366
#: serverguide/C/network-auth.xml:2413(para)
19367
msgid ""
19368
"You can create a LDIF file containing the new Samba objects by executing "
19369
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
19370
"look over the changes making sure everything is correct. If it is, rerun the "
19371
"script without the '-e' switch. Alternatively, you can take the LDIF file "
19372
"and import its data per usual."
19373
msgstr ""
19374
19375
#: serverguide/C/network-auth.xml:2419(para)
19376
msgid ""
19377
"Your LDAP directory now has the necessary information to authenticate Samba "
19378
"users."
19379
msgstr ""
19380
19381
#: serverguide/C/network-auth.xml:2428(title) serverguide/C/network-auth.xml:4008(title)
19382
msgid "Samba Configuration"
19383
msgstr ""
19384
19385
#: serverguide/C/network-auth.xml:2430(para)
19386
msgid ""
19387
"There are multiple ways to configure Samba. For details on some common "
19388
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
19389
"LDAP, edit its configuration file <filename>/etc/samba/smb.conf</filename> "
19390
"commenting out the default <emphasis>passdb backend</emphasis> parameter and "
19391
"adding some ldap-related ones. Make sure to use the same values you used "
19392
"when running <application>smbldap-populate</application>:"
19393
msgstr ""
19394
19395
#: serverguide/C/network-auth.xml:2437(programlisting)
19396
#, no-wrap
19397
msgid ""
19398
"\n"
19399
"# passdb backend = tdbsam\n"
19400
" workgroup = EXAMPLE\n"
19401
"\n"
19402
"# LDAP Settings\n"
19403
" passdb backend = ldapsam:ldap://hostname\n"
19404
" ldap suffix = dc=example,dc=com\n"
19405
" ldap user suffix = ou=People\n"
19406
" ldap group suffix = ou=Groups\n"
19407
" ldap machine suffix = ou=Computers\n"
19408
" ldap idmap suffix = ou=Idmap\n"
19409
" ldap admin dn = cn=admin,dc=example,dc=com\n"
19410
" # or off if TLS/SSL is not configured\n"
19411
" ldap ssl = start tls\n"
19412
" ldap passwd sync = yes\n"
19413
msgstr ""
19414
19415
#: serverguide/C/network-auth.xml:2454(para)
19416
msgid "Change the values to match your environment."
19417
msgstr ""
19418
19419
#: serverguide/C/network-auth.xml:2458(para)
19420
msgid ""
19421
"The <filename>smb.conf</filename> as shipped by the package is quite long "
19422
"and has many configuration examples. An easy way to visualize it without any "
19423
"comments is to run <application>testparm -s</application>."
19424
msgstr ""
19425
19426
#: serverguide/C/network-auth.xml:2462(para)
19427
msgid ""
19428
"Now inform Samba about the rootDN user's password (the one set during the "
19429
"installation of the slapd package):"
19430
msgstr ""
19431
19432
#: serverguide/C/network-auth.xml:2467(command)
19433
msgid "sudo smbpasswd -W"
19434
msgstr ""
19435
19436
#: serverguide/C/network-auth.xml:2470(para)
19437
msgid ""
19438
"As a final step to have your LDAP users be able to connect to samba and "
19439
"authenticate, we need these users to also show up in the system as \"unix\" "
19440
"users. One way to do this is to use <application>libnss-ldap</application>. "
19441
"Detailed instructions can be found in the <xref linkend=\"openldap-auth-"
19442
"config\"/> section, but we only need the NSS part."
19443
msgstr ""
19444
19445
#: serverguide/C/network-auth.xml:2478(para)
19446
msgid "Install <application>libnss-ldap</application>"
19447
msgstr ""
19448
19449
#: serverguide/C/network-auth.xml:2480(para)
19450
msgid ""
19451
"There is no need to use the LDAP rootDN login credentials, so you can skip "
19452
"that step."
19453
msgstr ""
19454
19455
#: serverguide/C/network-auth.xml:2483(para)
19456
msgid "Configure the LDAP profile for NSS:"
19457
msgstr ""
19458
19459
#: serverguide/C/network-auth.xml:2487(para)
19460
msgid "Restart the Samba services:"
19461
msgstr ""
19462
19463
#: serverguide/C/network-auth.xml:2491(para)
19464
msgid ""
19465
"To quickly test the setup, see if <application>getent</application> can list "
19466
"the Samba groups:"
19467
msgstr ""
19468
19469
#: serverguide/C/network-auth.xml:2493(command)
19470
msgid "getent group"
19471
msgstr ""
19472
19473
#: serverguide/C/network-auth.xml:2494(computeroutput)
19474
#, no-wrap
19475
msgid ""
19476
"\n"
19477
"...\n"
19478
"Account Operators:*:548:\n"
19479
"Print Operators:*:550:\n"
19480
"Backup Operators:*:551:\n"
19481
"Replicators:*:552:\n"
19482
msgstr ""
19483
19484
#: serverguide/C/network-auth.xml:2504(para)
19485
msgid ""
19486
"If you have existing LDAP users that you want to include in your new LDAP-"
19487
"backed Samba they will, of course, also need to be given some of the extra "
19488
"Samba specific attributes. The <application>smbpasswd</application> utility "
19489
"can do this for you:"
19490
msgstr ""
19491
19492
#: serverguide/C/network-auth.xml:2510(command)
19493
msgid "sudo smbpasswd -a username"
19494
msgstr ""
19495
19496
#: serverguide/C/network-auth.xml:2513(para)
19497
msgid ""
19498
"You will prompted to enter a password. It will be considered as the new "
19499
"password for that user. Making it the same as before is reasonable. Note "
19500
"that this command cannot be used to create a new user from scratch in LDAP "
19501
"(unless you are using <emphasis>ldapsam:trusted</emphasis> and "
19502
"<emphasis>ldapsam:editposix</emphasis>, not covered in this guide)."
19503
msgstr ""
19504
19505
#: serverguide/C/network-auth.xml:2519(para)
19506
msgid ""
19507
"To manage user, group, and machine accounts use the utilities provided by "
19508
"the <application>smbldap-tools</application> package. Here are some examples:"
19509
msgstr ""
19510
19511
#: serverguide/C/network-auth.xml:2527(para)
19512
msgid "To add a new user with a home directory:"
19513
msgstr ""
19514
19515
#: serverguide/C/network-auth.xml:2532(command)
19516
msgid "sudo smbldap-useradd -a -P -m username"
19517
msgstr ""
19518
19519
#: serverguide/C/network-auth.xml:2535(para)
19520
msgid ""
19521
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
19522
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
19523
"passwd</application> utility after the user is created allowing you to enter "
19524
"a password for the user. Finally, <emphasis>-m</emphasis> creates a local "
19525
"home directory. Test with the <application>getent</application> command:"
19526
msgstr ""
19527
19528
#: serverguide/C/network-auth.xml:2541(screen) serverguide/C/network-auth.xml:4115(command)
19529
#, no-wrap
19530
msgid "getent passwd username"
19531
msgstr ""
19532
19533
#: serverguide/C/network-auth.xml:2542(para)
19534
msgid ""
19535
"If you don't get a response, then your <application>libnss-"
19536
"ldap</application> configuration is incorrect."
19537
msgstr ""
19538
19539
#: serverguide/C/network-auth.xml:2546(para)
19540
msgid "To remove a user:"
19541
msgstr ""
19542
19543
#: serverguide/C/network-auth.xml:2551(command)
19544
msgid "sudo smbldap-userdel username"
19545
msgstr ""
19546
19547
#: serverguide/C/network-auth.xml:2554(para)
19548
msgid ""
19549
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
19550
"user's home directory."
19551
msgstr ""
19552
19553
#: serverguide/C/network-auth.xml:2560(para)
19554
msgid "To add a group:"
19555
msgstr ""
19556
19557
#: serverguide/C/network-auth.xml:2565(command)
19558
msgid "sudo smbldap-groupadd -a groupname"
19559
msgstr ""
19560
19561
#: serverguide/C/network-auth.xml:2568(para)
19562
msgid ""
19563
"As for <application>smbldap-useradd</application>, the <emphasis>-"
19564
"a</emphasis> adds the Samba attributes."
19565
msgstr ""
19566
19567
#: serverguide/C/network-auth.xml:2574(para)
19568
msgid "To make an existing user a member of a group:"
19569
msgstr ""
19570
19571
#: serverguide/C/network-auth.xml:2579(command)
19572
msgid "sudo smbldap-groupmod -m username groupname"
19573
msgstr ""
19574
19575
#: serverguide/C/network-auth.xml:2582(para)
19576
msgid ""
19577
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
19578
"listing them in comma-separated format."
19579
msgstr ""
19580
19581
#: serverguide/C/network-auth.xml:2588(para)
19582
msgid "To remove a user from a group:"
19583
msgstr ""
19584
19585
#: serverguide/C/network-auth.xml:2593(command)
19586
msgid "sudo smbldap-groupmod -x username groupname"
19587
msgstr ""
19588
19589
#: serverguide/C/network-auth.xml:2599(para)
19590
msgid "To add a Samba machine account:"
19591
msgstr ""
19592
19593
#: serverguide/C/network-auth.xml:2604(command)
19594
msgid "sudo smbldap-useradd -t 0 -w username"
19595
msgstr ""
19596
19597
#: serverguide/C/network-auth.xml:2607(para)
19598
msgid ""
19599
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
19600
"<emphasis>-t 0</emphasis> option creates the machine account without a "
19601
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
19602
"machine account. Also, note the <emphasis>add machine script</emphasis> "
19603
"parameter in <filename>/etc/samba/smb.conf</filename> was changed to use "
19604
"<application>smbldap-useradd</application>."
19605
msgstr ""
19606
19607
#: serverguide/C/network-auth.xml:2616(para)
19608
msgid ""
19609
"There are utilities in the <application>smbldap-tools</application> package "
19610
"that were not covered here. Here is a complete list:"
19611
msgstr ""
19612
19613
#: serverguide/C/network-auth.xml:2621(ulink)
19614
msgid "smbldap-groupadd"
19615
msgstr ""
19616
19617
#: serverguide/C/network-auth.xml:2622(ulink)
19618
msgid "smbldap-groupdel"
19619
msgstr ""
19620
19621
#: serverguide/C/network-auth.xml:2623(ulink)
19622
msgid "smbldap-groupmod"
19623
msgstr ""
19624
19625
#: serverguide/C/network-auth.xml:2624(ulink)
19626
msgid "smbldap-groupshow"
19627
msgstr ""
19628
19629
#: serverguide/C/network-auth.xml:2625(ulink)
19630
msgid "smbldap-passwd"
19631
msgstr ""
19632
19633
#: serverguide/C/network-auth.xml:2626(ulink)
19634
msgid "smbldap-populate"
19635
msgstr ""
19636
19637
#: serverguide/C/network-auth.xml:2627(ulink)
19638
msgid "smbldap-useradd"
19639
msgstr ""
19640
19641
#: serverguide/C/network-auth.xml:2628(ulink)
19642
msgid "smbldap-userdel"
19643
msgstr ""
19644
19645
#: serverguide/C/network-auth.xml:2629(ulink)
19646
msgid "smbldap-userinfo"
19647
msgstr ""
19648
19649
#: serverguide/C/network-auth.xml:2630(ulink)
19650
msgid "smbldap-userlist"
19651
msgstr ""
19652
19653
#: serverguide/C/network-auth.xml:2631(ulink)
19654
msgid "smbldap-usermod"
19655
msgstr ""
19656
19657
#: serverguide/C/network-auth.xml:2632(ulink)
19658
msgid "smbldap-usershow"
19659
msgstr ""
19660
19661
#: serverguide/C/network-auth.xml:2643(para)
19662
msgid ""
19663
"For more information on installing and configuring Samba see <xref "
19664
"linkend=\"samba\"/> of this Ubuntu Server Guide."
19665
msgstr ""
19666
19667
#: serverguide/C/network-auth.xml:2649(para)
19668
msgid ""
19669
"There are multiple places where LDAP and Samba is documented in the upstream "
19670
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
19671
"HOWTO Collection</ulink>."
19672
msgstr ""
19673
19674
#: serverguide/C/network-auth.xml:2656(para)
19675
msgid ""
19676
"Regarding the above, see specifically the <ulink "
19677
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
19678
"Collection/passdb.html\">passdb section</ulink>."
19679
msgstr ""
19680
19681
#: serverguide/C/network-auth.xml:2662(para)
19682
msgid ""
19683
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
19684
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
19685
"valuable notes."
19686
msgstr ""
19687
19688
#: serverguide/C/network-auth.xml:2668(para)
19689
msgid ""
19690
"The main page of the <ulink "
19691
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
19692
"community documentation</ulink> has a plethora of links to articles that may "
19693
"prove useful."
19694
msgstr ""
19695
19696
#: serverguide/C/network-auth.xml:2681(title)
19697
msgid "Kerberos"
19698
msgstr "Kerberos"
19699
19700
#: serverguide/C/network-auth.xml:2683(para)
19701
msgid ""
19702
"<application>Kerberos</application> is a network authentication system based "
19703
"on the principal of a trusted third party. The other two parties being the "
19704
"user and the service the user wishes to authenticate to. Not all services "
19705
"and applications can use Kerberos, but for those that can, it brings the "
19706
"network environment one step closer to being Single Sign On (SSO)."
19707
msgstr ""
19708
19709
#: serverguide/C/network-auth.xml:2689(para)
19710
msgid ""
19711
"This section covers installation and configuration of a Kerberos server, and "
19712
"some example client configurations."
19713
msgstr ""
19714
19715
#: serverguide/C/network-auth.xml:2694(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
19716
msgid "Overview"
19717
msgstr ""
19718
19719
#: serverguide/C/network-auth.xml:2696(para)
19720
msgid ""
19721
"If you are new to Kerberos there are a few terms that are good to understand "
19722
"before setting up a Kerberos server. Most of the terms will relate to things "
19723
"you may be familiar with in other environments:"
19724
msgstr ""
19725
19726
#: serverguide/C/network-auth.xml:2703(para)
19727
msgid ""
19728
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
19729
"by servers need to be defined as Kerberos Principals."
19730
msgstr ""
19731
19732
#: serverguide/C/network-auth.xml:2708(para)
19733
msgid ""
19734
"<emphasis>Instances:</emphasis> are used for service principals and special "
19735
"administrative principals."
19736
msgstr ""
19737
19738
#: serverguide/C/network-auth.xml:2713(para)
19739
msgid ""
19740
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
19741
"Kerberos installation. Think of it as the domain or group your hosts and "
19742
"users belong to. Convention dictates the realm should be in uppercase. By "
19743
"default, ubuntu will use the DNS domain converted to uppercase (EXAMPLE.COM) "
19744
"as the realm."
19745
msgstr ""
19746
19747
#: serverguide/C/network-auth.xml:2722(para)
19748
msgid ""
19749
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
19750
"a database of all principals, the authentication server, and the ticket "
19751
"granting server. For each realm there must be at least one KDC."
19752
msgstr ""
19753
19754
#: serverguide/C/network-auth.xml:2728(para)
19755
msgid ""
19756
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
19757
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
19758
"password which is known only to the user and the KDC."
19759
msgstr ""
19760
19761
#: serverguide/C/network-auth.xml:2734(para)
19762
msgid ""
19763
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
19764
"clients upon request."
19765
msgstr ""
19766
19767
#: serverguide/C/network-auth.xml:2739(para)
19768
msgid ""
19769
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
19770
"One principal being a user and the other a service requested by the user. "
19771
"Tickets establish an encryption key used for secure communication during the "
19772
"authenticated session."
19773
msgstr ""
19774
19775
#: serverguide/C/network-auth.xml:2745(para)
19776
msgid ""
19777
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
19778
"principal database and contain the encryption key for a service or host."
19779
msgstr ""
19780
19781
#: serverguide/C/network-auth.xml:2752(para)
19782
msgid ""
19783
"To put the pieces together, a Realm has at least one KDC, preferably more "
19784
"for redundancy, which contains a database of Principals. When a user "
19785
"principal logs into a workstation that is configured for Kerberos "
19786
"authentication, the KDC issues a Ticket Granting Ticket (TGT). If the user "
19787
"supplied credentials match, the user is authenticated and can then request "
19788
"tickets for Kerberized services from the Ticket Granting Server (TGS). The "
19789
"service tickets allow the user to authenticate to the service without "
19790
"entering another username and password."
19791
msgstr ""
19792
19793
#: serverguide/C/network-auth.xml:2761(title)
19794
msgid "Kerberos Server"
19795
msgstr ""
19796
19797
#: serverguide/C/network-auth.xml:2765(para)
19798
msgid ""
19799
"For this discussion, we will create a MIT Kerberos domain with the following "
19800
"features (edit them to fit your needs):"
19801
msgstr ""
19802
19803
#: serverguide/C/network-auth.xml:2772(para)
19804
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
19805
msgstr ""
19806
19807
#: serverguide/C/network-auth.xml:2777(para)
19808
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
19809
msgstr ""
19810
19811
#: serverguide/C/network-auth.xml:2782(para)
19812
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
19813
msgstr ""
19814
19815
#: serverguide/C/network-auth.xml:2787(para)
19816
msgid "<emphasis>User principal:</emphasis> steve"
19817
msgstr ""
19818
19819
#: serverguide/C/network-auth.xml:2792(para)
19820
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
19821
msgstr ""
19822
19823
#: serverguide/C/network-auth.xml:2799(para)
19824
msgid ""
19825
"It is <emphasis>strongly</emphasis> recommended that your network-"
19826
"authenticated users have their uid in a different range (say, starting at "
19827
"5000) than that of your local users."
19828
msgstr ""
19829
19830
#: serverguide/C/network-auth.xml:2805(para)
19831
msgid ""
19832
"Before installing the Kerberos server a properly configured DNS server is "
19833
"needed for your domain. Since the Kerberos Realm by convention matches the "
19834
"domain name, this section uses the <emphasis>EXAMPLE.COM</emphasis> domain "
19835
"configured in <xref linkend=\"dns-primarymaster-configuration\"/> of the DNS "
19836
"documentation."
19837
msgstr ""
19838
19839
#: serverguide/C/network-auth.xml:2811(para)
19840
msgid ""
19841
"Also, Kerberos is a time sensitive protocol. So if the local system time "
19842
"between a client machine and the server differs by more than five minutes "
19843
"(by default), the workstation will not be able to authenticate. To correct "
19844
"the problem all hosts should have their time synchronized using the same "
19845
"<emphasis>Network Time Protocol (NTP)</emphasis> server. For details on "
19846
"setting up NTP see <xref linkend=\"NTP\"/>."
19847
msgstr ""
19848
19849
#: serverguide/C/network-auth.xml:2819(para)
19850
msgid ""
19851
"The first step in creating a Kerberos Realm is to install the "
19852
"<application>krb5-kdc</application> and <application>krb5-admin-"
19853
"server</application> packages. From a terminal enter:"
19854
msgstr ""
19855
19856
#: serverguide/C/network-auth.xml:2825(command) serverguide/C/network-auth.xml:3032(command)
19857
msgid "sudo apt install krb5-kdc krb5-admin-server"
19858
msgstr ""
19859
19860
#: serverguide/C/network-auth.xml:2828(para)
19861
msgid ""
19862
"You will be asked at the end of the install to supply the hostname for the "
19863
"Kerberos and Admin servers, which may or may not be the same server, for the "
19864
"realm."
19865
msgstr ""
19866
19867
#: serverguide/C/network-auth.xml:2835(para)
19868
msgid "By default the realm is created from the KDC's domain name."
19869
msgstr ""
19870
19871
#: serverguide/C/network-auth.xml:2840(para)
19872
msgid ""
19873
"Next, create the new realm with the <application>kdb5_newrealm</application> "
19874
"utility:"
19875
msgstr ""
19876
19877
#: serverguide/C/network-auth.xml:2845(command)
19878
msgid "sudo krb5_newrealm"
19879
msgstr ""
19880
19881
#: serverguide/C/network-auth.xml:2852(para)
19882
msgid ""
19883
"The questions asked during installation are used to configure the "
19884
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
19885
"Distribution Center (KDC) settings simply edit the file and restart the "
19886
"<application>krb5-kdc</application> daemon. If you need to reconfigure "
19887
"Kerberos from scratch, perhaps to change the realm name, you can do so by "
19888
"typing"
19889
msgstr ""
19890
19891
#: serverguide/C/network-auth.xml:2859(command)
19892
msgid "sudo dpkg-reconfigure krb5-kdc"
19893
msgstr ""
19894
19895
#: serverguide/C/network-auth.xml:2865(para)
19896
msgid ""
19897
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
19898
"principal</emphasis> -- is needed. It is recommended to use a different "
19899
"username from your everyday username. Using the "
19900
"<application>kadmin.local</application> utility in a terminal prompt enter:"
19901
msgstr ""
19902
19903
#: serverguide/C/network-auth.xml:2873(command) serverguide/C/network-auth.xml:3755(command)
19904
msgid "sudo kadmin.local"
19905
msgstr ""
19906
19907
#: serverguide/C/network-auth.xml:2874(computeroutput)
19908
#, no-wrap
19909
msgid ""
19910
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
19911
"kadmin.local:"
19912
msgstr ""
19913
19914
#: serverguide/C/network-auth.xml:2875(userinput)
19915
#, no-wrap
19916
msgid " addprinc steve/admin"
19917
msgstr ""
19918
19919
#: serverguide/C/network-auth.xml:2876(computeroutput)
19920
#, no-wrap
19921
msgid ""
19922
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
19923
"policy\n"
19924
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
19925
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
19926
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
19927
"kadmin.local:"
19928
msgstr ""
19929
19930
#: serverguide/C/network-auth.xml:2880(userinput)
19931
#, no-wrap
19932
msgid " quit"
19933
msgstr ""
19934
19935
#: serverguide/C/network-auth.xml:2883(para)
19936
msgid ""
19937
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
19938
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
19939
"is an <emphasis>Instance</emphasis>, and <emphasis "
19940
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
19941
"role=\"italic\">\"every day\"</emphasis> Principal, a.k.a. the <emphasis "
19942
"role=\"italic\">user principal</emphasis>, would be "
19943
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
19944
"rights."
19945
msgstr ""
19946
19947
#: serverguide/C/network-auth.xml:2893(para)
19948
msgid ""
19949
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
19950
"your Realm and admin username."
19951
msgstr ""
19952
19953
#: serverguide/C/network-auth.xml:2901(para)
19954
msgid ""
19955
"Next, the new admin user needs to have the appropriate Access Control List "
19956
"(ACL) permissions. The permissions are configured in the "
19957
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
19958
msgstr ""
19959
19960
#: serverguide/C/network-auth.xml:2906(programlisting)
19961
#, no-wrap
19962
msgid ""
19963
"\n"
19964
"steve/admin@EXAMPLE.COM *\n"
19965
msgstr ""
19966
19967
#: serverguide/C/network-auth.xml:2910(para)
19968
msgid ""
19969
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
19970
"any operation on all principals in the realm. You can configure principals "
19971
"with more restrictive privileges, which is convenient if you need an admin "
19972
"principal that junior staff can use in Kerberos clients. Please see the "
19973
"<emphasis>kadm5.acl</emphasis> man page for details."
19974
msgstr ""
19975
19976
#: serverguide/C/network-auth.xml:2922(para)
19977
msgid ""
19978
"Now restart the <application>krb5-admin-server</application> for the new ACL "
19979
"to take affect:"
19980
msgstr ""
19981
19982
#: serverguide/C/network-auth.xml:2927(command)
19983
msgid "sudo systemctl restart krb5-admin-server.service"
19984
msgstr ""
19985
19986
#: serverguide/C/network-auth.xml:2933(para)
19987
msgid ""
19988
"The new user principal can be tested using the <application>kinit "
19989
"utility</application>:"
19990
msgstr ""
19991
19992
#: serverguide/C/network-auth.xml:2938(command)
19993
msgid "kinit steve/admin"
19994
msgstr ""
19995
19996
#: serverguide/C/network-auth.xml:2939(computeroutput)
19997
#, no-wrap
19998
msgid "steve/admin@EXAMPLE.COM's Password:"
19999
msgstr ""
20000
20001
#: serverguide/C/network-auth.xml:2942(para)
20002
msgid ""
20003
"After entering the password, use the <application>klist</application> "
20004
"utility to view information about the Ticket Granting Ticket (TGT):"
20005
msgstr ""
20006
20007
#: serverguide/C/network-auth.xml:2948(command) serverguide/C/network-auth.xml:3325(command)
20008
msgid "klist"
20009
msgstr ""
20010
20011
#: serverguide/C/network-auth.xml:2949(computeroutput)
20012
#, no-wrap
20013
msgid ""
20014
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
20015
" Principal: steve/admin@EXAMPLE.COM\n"
20016
"\n"
20017
" Issued Expires Principal\n"
20018
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
20019
msgstr ""
20020
20021
#: serverguide/C/network-auth.xml:2956(para)
20022
msgid ""
20023
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
20024
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
20025
"case is <filename>1000</filename>. You may need to add an entry into the "
20026
"<filename>/etc/hosts</filename> for the KDC so the client can find the KDC. "
20027
"For example:"
20028
msgstr ""
20029
20030
#: serverguide/C/network-auth.xml:2965(programlisting)
20031
#, no-wrap
20032
msgid ""
20033
"\n"
20034
"192.168.0.1 kdc01.example.com kdc01\n"
20035
msgstr ""
20036
20037
#: serverguide/C/network-auth.xml:2969(para)
20038
msgid ""
20039
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
20040
"This usually happens when you have a Kerberos realm encompassing different "
20041
"networks separated by routers."
20042
msgstr ""
20043
20044
#: serverguide/C/network-auth.xml:2978(para)
20045
msgid ""
20046
"The best way to allow clients to automatically determine the KDC for the "
20047
"Realm is using DNS SRV records. Add the following to "
20048
"<filename>/etc/named/db.example.com</filename>:"
20049
msgstr ""
20050
20051
#: serverguide/C/network-auth.xml:2984(programlisting)
20052
#, no-wrap
20053
msgid ""
20054
"\n"
20055
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
20056
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
20057
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
20058
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
20059
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
20060
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
20061
msgstr ""
20062
20063
#: serverguide/C/network-auth.xml:2994(para)
20064
msgid ""
20065
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
20066
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
20067
"KDC."
20068
msgstr ""
20069
20070
#: serverguide/C/network-auth.xml:3000(para)
20071
msgid ""
20072
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
20073
msgstr ""
20074
20075
#: serverguide/C/network-auth.xml:3007(para)
20076
msgid "Your new Kerberos Realm is now ready to authenticate clients."
20077
msgstr ""
20078
20079
#: serverguide/C/network-auth.xml:3014(title)
20080
msgid "Secondary KDC"
20081
msgstr ""
20082
20083
#: serverguide/C/network-auth.xml:3016(para)
20084
msgid ""
20085
"Once you have one Key Distribution Center (KDC) on your network, it is good "
20086
"practice to have a Secondary KDC in case the primary becomes unavailable. "
20087
"Also, if you have Kerberos clients that are in different networks (possibly "
20088
"separated by routers using NAT), it is wise to place a secondary KDC in each "
20089
"of those networks."
20090
msgstr ""
20091
20092
#: serverguide/C/network-auth.xml:3027(para)
20093
msgid ""
20094
"First, install the packages, and when asked for the Kerberos and Admin "
20095
"server names enter the name of the Primary KDC:"
20096
msgstr ""
20097
20098
#: serverguide/C/network-auth.xml:3038(para)
20099
msgid ""
20100
"Once you have the packages installed, create the Secondary KDC's host "
20101
"principal. From a terminal prompt, enter:"
20102
msgstr ""
20103
20104
#: serverguide/C/network-auth.xml:3043(command)
20105
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
20106
msgstr ""
20107
20108
#: serverguide/C/network-auth.xml:3047(para)
20109
msgid ""
20110
"After, issuing any <application>kadmin</application> commands you will be "
20111
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
20112
"password."
20113
msgstr ""
20114
20115
#: serverguide/C/network-auth.xml:3056(para)
20116
msgid "Extract the <emphasis>keytab</emphasis> file:"
20117
msgstr ""
20118
20119
#: serverguide/C/network-auth.xml:3061(command)
20120
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
20121
msgstr ""
20122
20123
#: serverguide/C/network-auth.xml:3067(para)
20124
msgid ""
20125
"There should now be a <filename>keytab.kdc02</filename> in the current "
20126
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
20127
msgstr ""
20128
20129
#: serverguide/C/network-auth.xml:3073(command)
20130
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
20131
msgstr ""
20132
20133
#: serverguide/C/network-auth.xml:3077(para)
20134
msgid ""
20135
"If the path to the <filename>keytab.kdc02</filename> file is different "
20136
"adjust accordingly."
20137
msgstr ""
20138
20139
#: serverguide/C/network-auth.xml:3082(para)
20140
msgid ""
20141
"Also, you can list the principals in a Keytab file, which can be useful when "
20142
"troubleshooting, using the <application>klist</application> utility:"
20143
msgstr ""
20144
20145
#: serverguide/C/network-auth.xml:3088(command)
20146
msgid "sudo klist -k /etc/krb5.keytab"
20147
msgstr ""
20148
20149
#: serverguide/C/network-auth.xml:3091(para)
20150
msgid ""
20151
"The <application>-k</application> option indicates the file is a keytab file."
20152
msgstr ""
20153
20154
#: serverguide/C/network-auth.xml:3098(para)
20155
msgid ""
20156
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
20157
"that lists all KDCs for the Realm. For example, on both primary and "
20158
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
20159
msgstr ""
20160
20161
#: serverguide/C/network-auth.xml:3103(programlisting)
20162
#, no-wrap
20163
msgid ""
20164
"\n"
20165
"host/kdc01.example.com@EXAMPLE.COM\n"
20166
"host/kdc02.example.com@EXAMPLE.COM\n"
20167
msgstr ""
20168
20169
#: serverguide/C/network-auth.xml:3111(para)
20170
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
20171
msgstr ""
20172
20173
#: serverguide/C/network-auth.xml:3116(command)
20174
msgid "sudo kdb5_util -s create"
20175
msgstr ""
20176
20177
#: serverguide/C/network-auth.xml:3122(para)
20178
msgid ""
20179
"Now start the <application>kpropd</application> daemon, which listens for "
20180
"connections from the <application>kprop</application> utility. "
20181
"<application>kprop</application> is used to transfer dump files:"
20182
msgstr ""
20183
20184
#: serverguide/C/network-auth.xml:3129(command)
20185
msgid "sudo kpropd -S"
20186
msgstr ""
20187
20188
#: serverguide/C/network-auth.xml:3135(para)
20189
msgid ""
20190
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
20191
"of the principal database:"
20192
msgstr ""
20193
20194
#: serverguide/C/network-auth.xml:3140(command)
20195
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
20196
msgstr ""
20197
20198
#: serverguide/C/network-auth.xml:3146(para)
20199
msgid ""
20200
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
20201
"<filename>/etc/krb5.keytab</filename>:"
20202
msgstr ""
20203
20204
#: serverguide/C/network-auth.xml:3151(command)
20205
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
20206
msgstr ""
20207
20208
#: serverguide/C/network-auth.xml:3152(command)
20209
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
20210
msgstr ""
20211
20212
#: serverguide/C/network-auth.xml:3156(para)
20213
msgid ""
20214
"Make sure there is a <emphasis>host</emphasis> for "
20215
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
20216
msgstr ""
20217
20218
#: serverguide/C/network-auth.xml:3164(para)
20219
msgid ""
20220
"Using the <application>kprop</application> utility push the database to the "
20221
"Secondary KDC:"
20222
msgstr ""
20223
20224
#: serverguide/C/network-auth.xml:3169(command)
20225
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
20226
msgstr ""
20227
20228
#: serverguide/C/network-auth.xml:3173(para)
20229
msgid ""
20230
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
20231
"worked. If there is an error message check "
20232
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
20233
"information."
20234
msgstr ""
20235
20236
#: serverguide/C/network-auth.xml:3179(para)
20237
msgid ""
20238
"You may also want to create a <application>cron</application> job to "
20239
"periodically update the database on the Secondary KDC. For example, the "
20240
"following will push the database every hour (note the long line has been "
20241
"split to fit the format of this document):"
20242
msgstr ""
20243
20244
#: serverguide/C/network-auth.xml:3184(programlisting)
20245
#, no-wrap
20246
msgid ""
20247
"\n"
20248
"# m h dom mon dow command\n"
20249
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && \n"
20250
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
20251
msgstr ""
20252
20253
#: serverguide/C/network-auth.xml:3193(para)
20254
msgid ""
20255
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
20256
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
20257
msgstr ""
20258
20259
#: serverguide/C/network-auth.xml:3199(command)
20260
msgid "sudo kdb5_util stash"
20261
msgstr ""
20262
20263
#: serverguide/C/network-auth.xml:3205(para)
20264
msgid ""
20265
"Finally, start the <application>krb5-kdc</application> daemon on the "
20266
"Secondary KDC:"
20267
msgstr ""
20268
20269
#: serverguide/C/network-auth.xml:3210(command) serverguide/C/network-auth.xml:3743(command) serverguide/C/network-auth.xml:3898(command)
20270
msgid "sudo systemctl start krb5-kdc.service"
20271
msgstr ""
20272
20273
#: serverguide/C/network-auth.xml:3216(para)
20274
msgid ""
20275
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
20276
"for the Realm. You can test this by stopping the <application>krb5-"
20277
"kdc</application> daemon on the Primary KDC, then by using "
20278
"<application>kinit</application> to request a ticket. If all goes well you "
20279
"should receive a ticket from the Secondary KDC. Otherwise, check "
20280
"<filename>/var/log/syslog</filename> and "
20281
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
20282
msgstr ""
20283
20284
#: serverguide/C/network-auth.xml:3227(title)
20285
msgid "Kerberos Linux Client"
20286
msgstr ""
20287
20288
#: serverguide/C/network-auth.xml:3229(para)
20289
msgid ""
20290
"This section covers configuring a Linux system as a "
20291
"<application>Kerberos</application> client. This will allow access to any "
20292
"kerberized services once a user has successfully logged into the system."
20293
msgstr ""
20294
20295
#: serverguide/C/network-auth.xml:3237(para)
20296
msgid ""
20297
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
20298
"user</application> and <application>libpam-krb5</application> packages are "
20299
"needed, along with a few others that are not strictly necessary but make "
20300
"life easier. To install the packages enter the following in a terminal "
20301
"prompt:"
20302
msgstr ""
20303
20304
#: serverguide/C/network-auth.xml:3244(command)
20305
msgid ""
20306
"sudo apt install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
20307
msgstr ""
20308
20309
#: serverguide/C/network-auth.xml:3247(para)
20310
msgid ""
20311
"The <application>auth-client-config</application> package allows simple "
20312
"configuration of PAM for authentication from multiple sources, and the "
20313
"<application>libpam-ccreds</application> will cache authentication "
20314
"credentials allowing you to login in case the Key Distribution Center (KDC) "
20315
"is unavailable. This package is also useful for laptops that may "
20316
"authenticate using Kerberos while on the corporate network, but will need to "
20317
"be accessed off the network as well."
20318
msgstr ""
20319
20320
#: serverguide/C/network-auth.xml:3258(para)
20321
msgid "To configure the client in a terminal enter:"
20322
msgstr ""
20323
20324
#: serverguide/C/network-auth.xml:3263(command)
20325
msgid "sudo dpkg-reconfigure krb5-config"
20326
msgstr ""
20327
20328
#: serverguide/C/network-auth.xml:3266(para)
20329
msgid ""
20330
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
20331
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
20332
"records, the menu will prompt you for the hostname of the Key Distribution "
20333
"Center (KDC) and Realm Administration server."
20334
msgstr ""
20335
20336
#: serverguide/C/network-auth.xml:3272(para)
20337
msgid ""
20338
"The <application>dpkg-reconfigure</application> adds entries to the "
20339
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
20340
"entries similar to the following:"
20341
msgstr ""
20342
20343
#: serverguide/C/network-auth.xml:3277(programlisting)
20344
#, no-wrap
20345
msgid ""
20346
"\n"
20347
"[libdefaults]\n"
20348
" default_realm = EXAMPLE.COM\n"
20349
"...\n"
20350
"[realms]\n"
20351
" EXAMPLE.COM = {\n"
20352
" kdc = 192.168.0.1\n"
20353
" admin_server = 192.168.0.1\n"
20354
" }\n"
20355
msgstr ""
20356
20357
#: serverguide/C/network-auth.xml:3289(para)
20358
msgid ""
20359
"If you set the uid of each of your network-authenticated users to start at "
20360
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
20361
"can then tell pam to only try to authenticate using Kerberos users with uid "
20362
"> 5000:"
20363
msgstr ""
20364
20365
#: serverguide/C/network-auth.xml:3297(command)
20366
msgid ""
20367
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
20368
"for i in common-auth common-session common-account common-password; do sudo "
20369
"sed -i -r \\ -e 's/pam_krb5.so minimum_uid=1000/pam_krb5.so "
20370
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
20371
msgstr ""
20372
20373
#: serverguide/C/network-auth.xml:3304(para)
20374
msgid ""
20375
"This will avoid being asked for the (non-existent) Kerberos password of a "
20376
"locally authenticated user when changing its password using "
20377
"<command>passwd</command>."
20378
msgstr ""
20379
20380
#: serverguide/C/network-auth.xml:3311(para)
20381
msgid ""
20382
"You can test the configuration by requesting a ticket using the "
20383
"<application>kinit</application> utility. For example:"
20384
msgstr ""
20385
20386
#: serverguide/C/network-auth.xml:3316(command)
20387
msgid "kinit steve@EXAMPLE.COM"
20388
msgstr ""
20389
20390
#: serverguide/C/network-auth.xml:3317(computeroutput)
20391
#, no-wrap
20392
msgid "Password for steve@EXAMPLE.COM:"
20393
msgstr ""
20394
20395
#: serverguide/C/network-auth.xml:3320(para)
20396
msgid ""
20397
"When a ticket has been granted, the details can be viewed using "
20398
"<application>klist</application>:"
20399
msgstr ""
20400
20401
#: serverguide/C/network-auth.xml:3326(computeroutput)
20402
#, no-wrap
20403
msgid ""
20404
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
20405
"Default principal: steve@EXAMPLE.COM\n"
20406
"\n"
20407
"Valid starting Expires Service principal\n"
20408
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
20409
" renew until 07/25/08 05:18:57\n"
20410
"\n"
20411
"\n"
20412
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
20413
"klist: You have no tickets cached"
20414
msgstr ""
20415
20416
#: serverguide/C/network-auth.xml:3338(para)
20417
msgid ""
20418
"Next, use the <application>auth-client-config</application> to configure the "
20419
"<application>libpam-krb5</application> module to request a ticket during "
20420
"login:"
20421
msgstr ""
20422
20423
#: serverguide/C/network-auth.xml:3344(command)
20424
msgid "sudo auth-client-config -a -p kerberos_example"
20425
msgstr ""
20426
20427
#: serverguide/C/network-auth.xml:3347(para)
20428
msgid ""
20429
"You will should now receive a ticket upon successful login authentication."
20430
msgstr ""
20431
20432
#: serverguide/C/network-auth.xml:3358(para)
20433
msgid ""
20434
"For more information on MIT's version of Kerberos, see the <ulink "
20435
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
20436
msgstr ""
20437
20438
#: serverguide/C/network-auth.xml:3363(para)
20439
msgid ""
20440
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
20441
"Kerberos</ulink> page has more details."
20442
msgstr ""
20443
20444
#: serverguide/C/network-auth.xml:3368(para)
20445
msgid ""
20446
"O'Reilly's <ulink "
20447
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
20448
"Guide</ulink> is a great reference when setting up Kerberos."
20449
msgstr ""
20450
20451
#: serverguide/C/network-auth.xml:3374(para)
20452
msgid ""
20453
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
20454
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
20455
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
20456
msgstr ""
20457
20458
#: serverguide/C/network-auth.xml:3386(title)
20459
msgid "Kerberos and LDAP"
20460
msgstr ""
20461
20462
#: serverguide/C/network-auth.xml:3388(para)
20463
msgid ""
20464
"Most people will not use Kerberos by itself; once an user is authenticated "
20465
"(Kerberos), we need to figure out what this user can do (authorization). And "
20466
"that would be the job of programs such as <application>LDAP</application>."
20467
msgstr ""
20468
20469
#: serverguide/C/network-auth.xml:3395(para)
20470
msgid ""
20471
"Replicating a Kerberos principal database between two servers can be "
20472
"complicated, and adds an additional user database to your network. "
20473
"Fortunately, MIT Kerberos can be configured to use an "
20474
"<application>LDAP</application> directory as a principal database. This "
20475
"section covers configuring a primary and secondary kerberos server to use "
20476
"<application>OpenLDAP</application> for the principal database."
20477
msgstr ""
20478
20479
#: serverguide/C/network-auth.xml:3403(para)
20480
msgid ""
20481
"The examples presented here assume <application>MIT Kerberos</application> "
20482
"and <application>OpenLDAP</application>."
20483
msgstr ""
20484
20485
#: serverguide/C/network-auth.xml:3411(title)
20486
msgid "Configuring OpenLDAP"
20487
msgstr ""
20488
20489
#: serverguide/C/network-auth.xml:3413(para)
20490
msgid ""
20491
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
20492
"<application>OpenLDAP</application> server that has network connectivity to "
20493
"the Primary and Secondary KDCs. The rest of this section assumes that you "
20494
"also have LDAP replication configured between at least two servers. For "
20495
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
20496
msgstr ""
20497
20498
#: serverguide/C/network-auth.xml:3419(para)
20499
msgid ""
20500
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
20501
"that traffic between the KDC and LDAP server is encrypted. See <xref "
20502
"linkend=\"openldap-tls\"/> for details."
20503
msgstr ""
20504
20505
#: serverguide/C/network-auth.xml:3425(para)
20506
msgid ""
20507
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
20508
"edit the ldap database. Many times it is the RootDN. Change its value to "
20509
"reflect your setup."
20510
msgstr ""
20511
20512
#: serverguide/C/network-auth.xml:3434(para)
20513
msgid ""
20514
"To load the schema into LDAP, on the LDAP server install the "
20515
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
20516
msgstr ""
20517
20518
#: serverguide/C/network-auth.xml:3440(command)
20519
msgid "sudo apt install krb5-kdc-ldap"
20520
msgstr ""
20521
20522
#: serverguide/C/network-auth.xml:3445(para)
20523
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
20524
msgstr ""
20525
20526
#: serverguide/C/network-auth.xml:3450(command)
20527
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
20528
msgstr ""
20529
20530
#: serverguide/C/network-auth.xml:3451(command)
20531
msgid ""
20532
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
20533
msgstr ""
20534
20535
#: serverguide/C/network-auth.xml:3457(para)
20536
msgid ""
20537
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
20538
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
20539
"<application>slapd</application> is also detailed in <xref "
20540
"linkend=\"openldap-configuration\"/>."
20541
msgstr ""
20542
20543
#: serverguide/C/network-auth.xml:3465(para)
20544
msgid ""
20545
"First, create a configuration file named "
20546
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
20547
"containing the following lines:"
20548
msgstr ""
20549
20550
#: serverguide/C/network-auth.xml:3470(programlisting)
20551
#, no-wrap
20552
msgid ""
20553
"\n"
20554
"include /etc/ldap/schema/core.schema\n"
20555
"include /etc/ldap/schema/collective.schema\n"
20556
"include /etc/ldap/schema/corba.schema\n"
20557
"include /etc/ldap/schema/cosine.schema\n"
20558
"include /etc/ldap/schema/duaconf.schema\n"
20559
"include /etc/ldap/schema/dyngroup.schema\n"
20560
"include /etc/ldap/schema/inetorgperson.schema\n"
20561
"include /etc/ldap/schema/java.schema\n"
20562
"include /etc/ldap/schema/misc.schema\n"
20563
"include /etc/ldap/schema/nis.schema\n"
20564
"include /etc/ldap/schema/openldap.schema\n"
20565
"include /etc/ldap/schema/ppolicy.schema\n"
20566
"include /etc/ldap/schema/kerberos.schema\n"
20567
msgstr ""
20568
20569
#: serverguide/C/network-auth.xml:3490(para)
20570
msgid "Create a temporary directory to hold the LDIF files:"
20571
msgstr ""
20572
20573
#: serverguide/C/network-auth.xml:3494(command)
20574
msgid "mkdir /tmp/ldif_output"
20575
msgstr ""
20576
20577
#: serverguide/C/network-auth.xml:3500(para)
20578
msgid ""
20579
"Now use <application>slapcat</application> to convert the schema files:"
20580
msgstr ""
20581
20582
#: serverguide/C/network-auth.xml:3505(command)
20583
msgid ""
20584
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
20585
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
20586
msgstr ""
20587
20588
#: serverguide/C/network-auth.xml:3509(para)
20589
msgid ""
20590
"Change the above file and path names to match your own if they are different."
20591
msgstr ""
20592
20593
#: serverguide/C/network-auth.xml:3516(para)
20594
msgid ""
20595
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
20596
"changing the following attributes:"
20597
msgstr ""
20598
20599
#: serverguide/C/network-auth.xml:3520(programlisting)
20600
#, no-wrap
20601
msgid ""
20602
"\n"
20603
"dn: cn=kerberos,cn=schema,cn=config\n"
20604
"...\n"
20605
"cn: kerberos\n"
20606
msgstr ""
20607
20608
#: serverguide/C/network-auth.xml:3526(para)
20609
msgid "And remove the following lines from the end of the file:"
20610
msgstr ""
20611
20612
#: serverguide/C/network-auth.xml:3530(programlisting)
20613
#, no-wrap
20614
msgid ""
20615
"\n"
20616
"structuralObjectClass: olcSchemaConfig\n"
20617
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
20618
"creatorsName: cn=config\n"
20619
"createTimestamp: 20090111203515Z\n"
20620
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
20621
"modifiersName: cn=config\n"
20622
"modifyTimestamp: 20090111203515Z\n"
20623
msgstr ""
20624
20625
#: serverguide/C/network-auth.xml:3540(para)
20626
msgid ""
20627
"The attribute values will vary, just be sure the attributes are removed."
20628
msgstr ""
20629
20630
#: serverguide/C/network-auth.xml:3547(para)
20631
msgid "Load the new schema with <application>ldapadd</application>:"
20632
msgstr ""
20633
20634
#: serverguide/C/network-auth.xml:3552(command)
20635
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=kerberos.ldif"
20636
msgstr ""
20637
20638
#: serverguide/C/network-auth.xml:3558(para)
20639
msgid ""
20640
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
20641
msgstr ""
20642
20643
#: serverguide/C/network-auth.xml:3563(command) serverguide/C/network-auth.xml:3580(command)
20644
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:///"
20645
msgstr ""
20646
20647
#: serverguide/C/network-auth.xml:3565(userinput)
20648
#, no-wrap
20649
msgid ""
20650
"dn: olcDatabase={1}mdb,cn=config\n"
20651
"add: olcDbIndex\n"
20652
"olcDbIndex: krbPrincipalName eq,pres,sub"
20653
msgstr ""
20654
20655
#: serverguide/C/network-auth.xml:3564(computeroutput)
20656
#, no-wrap
20657
msgid ""
20658
"\n"
20659
"<placeholder-1/>\n"
20660
"\n"
20661
"modifying entry \"olcDatabase={1}mdb,cn=config\""
20662
msgstr ""
20663
20664
#: serverguide/C/network-auth.xml:3575(para)
20665
msgid "Finally, update the Access Control Lists (ACL):"
20666
msgstr ""
20667
20668
#: serverguide/C/network-auth.xml:3582(userinput)
20669
#, no-wrap
20670
msgid ""
20671
"dn: olcDatabase={1}mdb,cn=config\n"
20672
"replace: olcAccess\n"
20673
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by\n"
20674
" dn=\"cn=admin,dc=example,dc=com\" write by anonymous auth by self write by "
20675
"* none\n"
20676
"-\n"
20677
"add: olcAccess\n"
20678
"olcAccess: to dn.base=\"\" by * read\n"
20679
"-\n"
20680
"add: olcAccess\n"
20681
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
20682
msgstr ""
20683
20684
#: serverguide/C/network-auth.xml:3581(computeroutput)
20685
#, no-wrap
20686
msgid ""
20687
"\n"
20688
"<placeholder-1/>\n"
20689
"\n"
20690
"modifying entry \"olcDatabase={1}mdb,cn=config\"\n"
20691
msgstr ""
20692
20693
#: serverguide/C/network-auth.xml:3602(para)
20694
msgid ""
20695
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
20696
"database."
20697
msgstr ""
20698
20699
#: serverguide/C/network-auth.xml:3608(title)
20700
msgid "Primary KDC Configuration"
20701
msgstr ""
20702
20703
#: serverguide/C/network-auth.xml:3610(para)
20704
msgid ""
20705
"With <application>OpenLDAP</application> configured it is time to configure "
20706
"the KDC."
20707
msgstr ""
20708
20709
#: serverguide/C/network-auth.xml:3616(para)
20710
msgid "First, install the necessary packages, from a terminal enter:"
20711
msgstr ""
20712
20713
#: serverguide/C/network-auth.xml:3621(command) serverguide/C/network-auth.xml:3792(command)
20714
msgid "sudo apt install krb5-kdc krb5-admin-server krb5-kdc-ldap"
20715
msgstr ""
20716
20717
#: serverguide/C/network-auth.xml:3627(para)
20718
msgid ""
20719
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
20720
"under the appropriate sections:"
20721
msgstr ""
20722
20723
#: serverguide/C/network-auth.xml:3631(programlisting)
20724
#, no-wrap
20725
msgid ""
20726
"\n"
20727
"[libdefaults]\n"
20728
" default_realm = EXAMPLE.COM\n"
20729
"\n"
20730
"...\n"
20731
"\n"
20732
"[realms]\n"
20733
" EXAMPLE.COM = {\n"
20734
" kdc = kdc01.example.com\n"
20735
" kdc = kdc02.example.com\n"
20736
" admin_server = kdc01.example.com\n"
20737
" admin_server = kdc02.example.com\n"
20738
" default_domain = example.com\n"
20739
" database_module = openldap_ldapconf\n"
20740
" }\n"
20741
"\n"
20742
"...\n"
20743
"\n"
20744
"[domain_realm]\n"
20745
" .example.com = EXAMPLE.COM\n"
20746
"\n"
20747
"\n"
20748
"...\n"
20749
"\n"
20750
"[dbdefaults]\n"
20751
" ldap_kerberos_container_dn = cn=krbContainer,dc=example,dc=com\n"
20752
"\n"
20753
"[dbmodules]\n"
20754
" openldap_ldapconf = {\n"
20755
" db_library = kldap\n"
20756
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
20757
"\n"
20758
" # this object needs to have read rights on\n"
20759
" # the realm container, principal container and realm sub-"
20760
"trees\n"
20761
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
20762
"\n"
20763
" # this object needs to have read and write rights on\n"
20764
" # the realm container, principal container and realm sub-"
20765
"trees\n"
20766
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
20767
" ldap_servers = ldaps://ldap01.example.com "
20768
"ldaps://ldap02.example.com\n"
20769
" ldap_conns_per_server = 5\n"
20770
" }\n"
20771
msgstr ""
20772
20773
#: serverguide/C/network-auth.xml:3676(para)
20774
msgid ""
20775
"Change <emphasis>example.com</emphasis>, "
20776
"<emphasis>dc=example,dc=com</emphasis>, "
20777
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
20778
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
20779
"object, and LDAP server for your network."
20780
msgstr ""
20781
20782
#: serverguide/C/network-auth.xml:3685(para)
20783
msgid ""
20784
"Next, use the <application>kdb5_ldap_util</application> utility to create "
20785
"the realm:"
20786
msgstr ""
20787
20788
#: serverguide/C/network-auth.xml:3690(command)
20789
msgid ""
20790
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
20791
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
20792
msgstr ""
20793
20794
#: serverguide/C/network-auth.xml:3697(para)
20795
msgid ""
20796
"Create a stash of the password used to bind to the LDAP server. This "
20797
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
20798
"<emphasis>ldap_kadmin_dn</emphasis> options in "
20799
"<filename>/etc/krb5.conf</filename>:"
20800
msgstr ""
20801
20802
#: serverguide/C/network-auth.xml:3703(command) serverguide/C/network-auth.xml:3854(command)
20803
msgid ""
20804
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
20805
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
20806
msgstr ""
20807
20808
#: serverguide/C/network-auth.xml:3710(para)
20809
msgid "Copy the CA certificate from the LDAP server:"
20810
msgstr ""
20811
20812
#: serverguide/C/network-auth.xml:3715(command)
20813
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
20814
msgstr ""
20815
20816
#: serverguide/C/network-auth.xml:3716(command)
20817
msgid "sudo cp cacert.pem /etc/ssl/certs"
20818
msgstr ""
20819
20820
#: serverguide/C/network-auth.xml:3719(para)
20821
msgid ""
20822
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
20823
msgstr ""
20824
20825
#: serverguide/C/network-auth.xml:3723(programlisting)
20826
#, no-wrap
20827
msgid ""
20828
"\n"
20829
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
20830
msgstr ""
20831
20832
#: serverguide/C/network-auth.xml:3728(para)
20833
msgid ""
20834
"The certificate will also need to be copied to the Secondary KDC, to allow "
20835
"the connection to the LDAP servers using LDAPS."
20836
msgstr ""
20837
20838
#: serverguide/C/network-auth.xml:3738(para)
20839
msgid "Start the Kerberos KDC and admin server:"
20840
msgstr ""
20841
20842
#: serverguide/C/network-auth.xml:3744(command)
20843
msgid "sudo systemctl start krb5-admin-server.service"
20844
msgstr ""
20845
20846
#: serverguide/C/network-auth.xml:3749(para)
20847
msgid ""
20848
"You can now add Kerberos principals to the LDAP database, and they will be "
20849
"copied to any other LDAP servers configured for replication. To add a "
20850
"principal using the <application>kadmin.local</application> utility enter:"
20851
msgstr ""
20852
20853
#: serverguide/C/network-auth.xml:3757(userinput)
20854
#, no-wrap
20855
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
20856
msgstr ""
20857
20858
#: serverguide/C/network-auth.xml:3756(computeroutput)
20859
#, no-wrap
20860
msgid ""
20861
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
20862
"kadmin.local: <placeholder-1/>\n"
20863
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
20864
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
20865
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
20866
"Principal \"steve@EXAMPLE.COM\" created."
20867
msgstr ""
20868
20869
#: serverguide/C/network-auth.xml:3764(para)
20870
msgid ""
20871
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
20872
"krbExtraData attributes added to the "
20873
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
20874
"the <application>kinit</application> and <application>klist</application> "
20875
"utilities to test that the user is indeed issued a ticket."
20876
msgstr ""
20877
20878
#: serverguide/C/network-auth.xml:3771(para)
20879
msgid ""
20880
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
20881
"option is needed to add the Kerberos attributes. Otherwise a new "
20882
"<emphasis>principal</emphasis> object will be created in the realm subtree."
20883
msgstr ""
20884
20885
#: serverguide/C/network-auth.xml:3779(title)
20886
msgid "Secondary KDC Configuration"
20887
msgstr ""
20888
20889
#: serverguide/C/network-auth.xml:3781(para)
20890
msgid ""
20891
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
20892
"one using the normal Kerberos database."
20893
msgstr ""
20894
20895
#: serverguide/C/network-auth.xml:3787(para)
20896
msgid "First, install the necessary packages. In a terminal enter:"
20897
msgstr ""
20898
20899
#: serverguide/C/network-auth.xml:3798(para)
20900
msgid ""
20901
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
20902
msgstr ""
20903
20904
#: serverguide/C/network-auth.xml:3802(programlisting)
20905
#, no-wrap
20906
msgid ""
20907
"\n"
20908
"[libdefaults]\n"
20909
" default_realm = EXAMPLE.COM\n"
20910
"\n"
20911
"...\n"
20912
"\n"
20913
"[realms]\n"
20914
" EXAMPLE.COM = {\n"
20915
" kdc = kdc01.example.com\n"
20916
" kdc = kdc02.example.com\n"
20917
" admin_server = kdc01.example.com\n"
20918
" admin_server = kdc02.example.com\n"
20919
" default_domain = example.com\n"
20920
" database_module = openldap_ldapconf\n"
20921
" }\n"
20922
"\n"
20923
"...\n"
20924
"\n"
20925
"[domain_realm]\n"
20926
" .example.com = EXAMPLE.COM\n"
20927
"\n"
20928
"...\n"
20929
"\n"
20930
"[dbdefaults]\n"
20931
" ldap_kerberos_container_dn = dc=example,dc=com\n"
20932
"\n"
20933
"[dbmodules]\n"
20934
" openldap_ldapconf = {\n"
20935
" db_library = kldap\n"
20936
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
20937
"\n"
20938
" # this object needs to have read rights on\n"
20939
" # the realm container, principal container and realm sub-"
20940
"trees\n"
20941
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
20942
"\n"
20943
" # this object needs to have read and write rights on\n"
20944
" # the realm container, principal container and realm sub-"
20945
"trees\n"
20946
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
20947
" ldap_servers = ldaps://ldap01.example.com "
20948
"ldaps://ldap02.example.com\n"
20949
" ldap_conns_per_server = 5\n"
20950
" }\n"
20951
msgstr ""
20952
20953
#: serverguide/C/network-auth.xml:3849(para)
20954
msgid "Create the stash for the LDAP bind password:"
20955
msgstr ""
20956
20957
#: serverguide/C/network-auth.xml:3861(para)
20958
msgid ""
20959
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
20960
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
20961
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
20962
"encrypted connection such as <application>scp</application>, or on physical "
20963
"media."
20964
msgstr ""
20965
20966
#: serverguide/C/network-auth.xml:3868(command)
20967
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
20968
msgstr ""
20969
20970
#: serverguide/C/network-auth.xml:3869(command)
20971
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
20972
msgstr ""
20973
20974
#: serverguide/C/network-auth.xml:3873(para)
20975
msgid ""
20976
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
20977
msgstr ""
20978
20979
#: serverguide/C/network-auth.xml:3881(para)
20980
msgid ""
20981
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
20982
"only,"
20983
msgstr ""
20984
20985
#: serverguide/C/network-auth.xml:3893(para)
20986
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
20987
msgstr ""
20988
20989
#: serverguide/C/network-auth.xml:3904(para)
20990
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20991
msgstr ""
20992
20993
#: serverguide/C/network-auth.xml:3911(para)
20994
msgid ""
20995
"You now have redundant KDCs on your network, and with redundant LDAP servers "
20996
"you should be able to continue to authenticate users if one LDAP server, one "
20997
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
20998
msgstr ""
20999
21000
#: serverguide/C/network-auth.xml:3923(para)
21001
msgid ""
21002
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
21003
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
21004
"Guide</ulink> has some additional details."
21005
msgstr ""
21006
21007
#: serverguide/C/network-auth.xml:3929(para)
21008
msgid ""
21009
"For more information on <application>kdb5_ldap_util</application> see <ulink "
21010
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
21011
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
21012
"5.6</ulink> and the <ulink "
21013
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man8/kdb5_ldap_util.8.htm"
21014
"l\">kdb5_ldap_util man page</ulink>."
21015
msgstr ""
21016
21017
#: serverguide/C/network-auth.xml:3937(para)
21018
msgid ""
21019
"Another useful link is the <ulink "
21020
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/krb5.conf.5.html\">k"
21021
"rb5.conf man page</ulink>."
21022
msgstr ""
21023
21024
#: serverguide/C/network-auth.xml:3942(para)
21025
msgid ""
21026
"Also, see the <ulink "
21027
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
21028
"and LDAP</ulink> Ubuntu wiki page."
21029
msgstr ""
21030
21031
#: serverguide/C/network-auth.xml:3951(title)
21032
msgid "SSSD and Active Directory"
21033
msgstr ""
21034
21035
#: serverguide/C/network-auth.xml:3952(para)
21036
msgid ""
21037
"This section describes the use of sssd to authenticate user logins against "
21038
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
21039
"of sssd, it was possible to authenticate using the \"ldap\" provider. "
21040
"However, when authenticating against a Microsoft Windows AD Domain "
21041
"Controller, it was generally necessary to install the POSIX AD extensions on "
21042
"the Domain Controller. The \"ad\" provider simplifies the configuration and "
21043
"requires no modifications to the AD structure."
21044
msgstr ""
21045
21046
#: serverguide/C/network-auth.xml:3956(title)
21047
msgid "Prerequisites, Assumptions, and Requirements"
21048
msgstr ""
21049
21050
#: serverguide/C/network-auth.xml:3959(para)
21051
msgid ""
21052
"This guide does not explain Active Directory, how it works, how to set one "
21053
"up, or how to maintain it. It may not provide <quote>best practices</quote> "
21054
"for your environment."
21055
msgstr ""
21056
21057
#: serverguide/C/network-auth.xml:3961(para)
21058
msgid ""
21059
"This guide assumes that a working Active Directory domain is already "
21060
"configured."
21061
msgstr ""
21062
21063
#: serverguide/C/network-auth.xml:3963(para)
21064
msgid ""
21065
"The domain controller is acting as an authoritative DNS server for the "
21066
"domain."
21067
msgstr ""
21068
21069
#: serverguide/C/network-auth.xml:3965(para)
21070
msgid ""
21071
"The domain controller is the primary DNS resolver as specified in "
21072
"<filename>/etc/resolv.conf</filename>."
21073
msgstr ""
21074
21075
#: serverguide/C/network-auth.xml:3968(para)
21076
msgid ""
21077
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
21078
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
21079
"(see Resources section for external links)."
21080
msgstr ""
21081
21082
#: serverguide/C/network-auth.xml:3970(para)
21083
msgid ""
21084
"System time is synchronized on the domain controller (necessary for "
21085
"Kerberos)."
21086
msgstr ""
21087
21088
#: serverguide/C/network-auth.xml:3972(para)
21089
msgid ""
21090
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
21091
"."
21092
msgstr ""
21093
21094
#: serverguide/C/network-auth.xml:3977(para)
21095
msgid ""
21096
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
21097
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
21098
"<emphasis>ntp</emphasis>. Samba needs to be installed, even if the system is "
21099
"not exporting shares. The Kerberos realm and FQDN or IP of the domain "
21100
"controllers are needed for this step."
21101
msgstr ""
21102
21103
#: serverguide/C/network-auth.xml:3978(para)
21104
msgid "Install these packages now."
21105
msgstr ""
21106
21107
#: serverguide/C/network-auth.xml:3980(command)
21108
msgid "sudo apt install krb5-user samba sssd ntp"
21109
msgstr ""
21110
21111
#: serverguide/C/network-auth.xml:3981(para)
21112
msgid ""
21113
"See the next section for the answers to the questions asked by the "
21114
"<emphasis>krb5-user</emphasis> postinstall script."
21115
msgstr ""
21116
21117
#: serverguide/C/network-auth.xml:3984(title)
21118
msgid "Kerberos Configuration"
21119
msgstr ""
21120
21121
#: serverguide/C/network-auth.xml:3985(para)
21122
msgid ""
21123
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
21124
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
21125
"server (also the domain controller in this example.) This will write the "
21126
"[realm] and [domain_realm] sections in <filename>/etc/krb5.conf</filename>. "
21127
"These sections may not be necessary if domain autodiscovery is working. If "
21128
"not, then both are needed."
21129
msgstr ""
21130
21131
#: serverguide/C/network-auth.xml:3986(para)
21132
msgid ""
21133
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
21134
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
21135
msgstr ""
21136
21137
#: serverguide/C/network-auth.xml:3989(para)
21138
msgid ""
21139
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
21140
"settings to specify Kerberos ticket lifetime (these values are safe to use "
21141
"as defaults):"
21142
msgstr ""
21143
21144
#: serverguide/C/network-auth.xml:3990(programlisting)
21145
#, no-wrap
21146
msgid ""
21147
"\n"
21148
"[libdefaults]\n"
21149
"\n"
21150
"default_realm = MYUBUNTU.EXAMPLE.COM\n"
21151
"ticket_lifetime = 24h #\n"
21152
"renew_lifetime = 7d\n"
21153
"\t\t"
21154
msgstr ""
21155
21156
#: serverguide/C/network-auth.xml:3998(para)
21157
msgid ""
21158
"If default_realm is not specified, it may be necessary to log in with "
21159
"<quote>username@domain</quote> instead of <quote>username</quote>."
21160
msgstr ""
21161
21162
#: serverguide/C/network-auth.xml:4000(para)
21163
msgid ""
21164
"The system time on the Active Directory member needs to be consistent with "
21165
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
21166
"the domain controller server itself will provide the NTP service. Edit "
21167
"<filename>/etc/ntp.conf</filename>:"
21168
msgstr ""
21169
21170
#: serverguide/C/network-auth.xml:4002(programlisting)
21171
#, no-wrap
21172
msgid ""
21173
"\n"
21174
"server dc.myubuntu.example.com\n"
21175
msgstr ""
21176
21177
#: serverguide/C/network-auth.xml:4009(para)
21178
msgid ""
21179
"Samba will be used to perform netbios/nmbd services related to Active "
21180
"Directory authentication, even if no file shares are exported. Edit the file "
21181
"/etc/samba/smb.conf and add the following to the "
21182
"<emphasis>[global]</emphasis> section:"
21183
msgstr ""
21184
21185
#: serverguide/C/network-auth.xml:4011(programlisting)
21186
#, no-wrap
21187
msgid ""
21188
"\n"
21189
"[global]\n"
21190
"\n"
21191
"workgroup = MYUBUNTU\n"
21192
"client signing = yes\n"
21193
"client use spnego = yes\n"
21194
"kerberos method = secrets and keytab\n"
21195
"realm = MYUBUNTU.EXAMPLE.COM\n"
21196
"security = ads\n"
21197
msgstr ""
21198
21199
#: serverguide/C/network-auth.xml:4022(para)
21200
msgid ""
21201
"Some guides specify that \"password server\" should be specified and pointed "
21202
"to the domain controller. This is only necessary if DNS is not properly set "
21203
"up to find the DC. By default, Samba will display a warning if \"password "
21204
"server\" is specified with \"security = ads\"."
21205
msgstr ""
21206
21207
#: serverguide/C/network-auth.xml:4027(title)
21208
msgid "SSSD Configuration"
21209
msgstr ""
21210
21211
#: serverguide/C/network-auth.xml:4029(para)
21212
msgid ""
21213
"There is no default/example config file for "
21214
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
21215
"necessary to create one. This is a minimal working config file:"
21216
msgstr ""
21217
21218
#: serverguide/C/network-auth.xml:4031(programlisting)
21219
#, no-wrap
21220
msgid ""
21221
"\n"
21222
"[sssd]\n"
21223
"services = nss, pam\n"
21224
"config_file_version = 2\n"
21225
"domains = MYUBUNTU.EXAMPLE.COM\n"
21226
"\n"
21227
"[domain/MYUBUNTU.EXAMPLE.COM]\n"
21228
"id_provider = ad\n"
21229
"access_provider = ad\n"
21230
"\n"
21231
"# Use this if users are being logged in at /.\n"
21232
"# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with "
21233
"pam_mkhomedir.so\n"
21234
"override_homedir = /home/%d/%u\n"
21235
"\n"
21236
"# Uncomment if the client machine hostname doesn't match the computer object "
21237
"on the DC.\n"
21238
"# ad_hostname = mymachine.myubuntu.example.com\n"
21239
"\n"
21240
"# Uncomment if DNS SRV resolution is not working\n"
21241
"# ad_server = dc.mydomain.example.com\n"
21242
"\n"
21243
"# Uncomment if the AD domain is named differently than the Samba domain\n"
21244
"# ad_domain = MYUBUNTU.EXAMPLE.COM\n"
21245
"\n"
21246
"# Enumeration is discouraged for performance reasons.\n"
21247
"# enumerate = true\n"
21248
msgstr ""
21249
21250
#: serverguide/C/network-auth.xml:4058(para)
21251
msgid ""
21252
"After saving this file, set the ownership to root and the file permissions "
21253
"to 600:"
21254
msgstr ""
21255
21256
#: serverguide/C/network-auth.xml:4059(command)
21257
msgid "sudo chown root:root /etc/sssd/sssd.conf"
21258
msgstr ""
21259
21260
#: serverguide/C/network-auth.xml:4060(command)
21261
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
21262
msgstr ""
21263
21264
#: serverguide/C/network-auth.xml:4062(para)
21265
msgid ""
21266
"If the ownership or permissions are not correct, sssd will refuse to start."
21267
msgstr ""
21268
21269
#: serverguide/C/network-auth.xml:4066(title)
21270
msgid "Verify nsswitch.conf Configuration"
21271
msgstr ""
21272
21273
#: serverguide/C/network-auth.xml:4067(para)
21274
msgid ""
21275
"The post-install script for the sssd package makes some modifications to "
21276
"/etc/nsswitch.conf automatically. It should look something like this:"
21277
msgstr ""
21278
21279
#: serverguide/C/network-auth.xml:4069(programlisting)
21280
#, no-wrap
21281
msgid ""
21282
"\n"
21283
"passwd: compat sss\n"
21284
"group: compat sss\n"
21285
"...\n"
21286
"netgroup: nis sss\n"
21287
"sudoers: files sss\n"
21288
msgstr ""
21289
21290
#: serverguide/C/network-auth.xml:4079(title)
21291
msgid "Modify /etc/hosts"
21292
msgstr ""
21293
21294
#: serverguide/C/network-auth.xml:4080(para)
21295
msgid ""
21296
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
21297
"example:"
21298
msgstr ""
21299
21300
#: serverguide/C/network-auth.xml:4081(programlisting)
21301
#, no-wrap
21302
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
21303
msgstr ""
21304
21305
#: serverguide/C/network-auth.xml:4083(para)
21306
msgid "This is useful in conjunction with dynamic DNS updates."
21307
msgstr ""
21308
21309
#: serverguide/C/network-auth.xml:4087(title)
21310
msgid "Join the Active Directory"
21311
msgstr ""
21312
21313
#: serverguide/C/network-auth.xml:4088(para)
21314
msgid "Now, restart ntp and samba and start sssd."
21315
msgstr ""
21316
21317
#: serverguide/C/network-auth.xml:4089(command)
21318
msgid "sudo systemctl restart ntp.service"
21319
msgstr ""
21320
21321
#: serverguide/C/network-auth.xml:4091(command)
21322
msgid "sudo systemctl start sssd.service"
21323
msgstr ""
21324
21325
#: serverguide/C/network-auth.xml:4093(para)
21326
msgid "Test the configuration by obtaining a Kerberos ticket:"
21327
msgstr ""
21328
21329
#: serverguide/C/network-auth.xml:4095(command)
21330
msgid "sudo kinit Administrator"
21331
msgstr ""
21332
21333
#: serverguide/C/network-auth.xml:4097(para)
21334
msgid "Verify the ticket with:"
21335
msgstr ""
21336
21337
#: serverguide/C/network-auth.xml:4098(command)
21338
msgid "sudo klist"
21339
msgstr ""
21340
21341
#: serverguide/C/network-auth.xml:4100(para)
21342
msgid ""
21343
"If there is a ticket with an expiration date listed, then it is time to join "
21344
"the domain:"
21345
msgstr ""
21346
21347
#: serverguide/C/network-auth.xml:4102(command)
21348
msgid "sudo net ads join -k"
21349
msgstr ""
21350
21351
#: serverguide/C/network-auth.xml:4104(para)
21352
msgid ""
21353
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
21354
"probably means that there is no (correct) alias in "
21355
"<filename>/etc/hosts</filename>, and the system could not provide its own "
21356
"FQDN as part of the Active Directory update. This is needed for dynamic DNS "
21357
"updates. Verify the alias in <filename>/etc/hosts</filename> described in "
21358
"\"Modify /etc/hosts\" above."
21359
msgstr ""
21360
21361
#: serverguide/C/network-auth.xml:4106(para)
21362
msgid ""
21363
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
21364
"something is incorrect. Review the prior steps before proceeding)."
21365
msgstr ""
21366
21367
#: serverguide/C/network-auth.xml:4108(para)
21368
msgid ""
21369
"Here are a couple of (optional) checks to verify that the domain join was "
21370
"successful. Note that if the domain was successfully joined but one or both "
21371
"of these steps fail, it may be necessary to wait 1-2 minutes and try again. "
21372
"Some of the changes appear to be asynchronous."
21373
msgstr ""
21374
21375
#: serverguide/C/network-auth.xml:4110(para)
21376
msgid "Verification option #1:"
21377
msgstr ""
21378
21379
#: serverguide/C/network-auth.xml:4111(para)
21380
msgid ""
21381
"Check the default Organizational Unit for computer accounts in the Active "
21382
"Directory to verify that the computer account was created. (Organizational "
21383
"Units in Active Directory is a topic outside the scope of this guide)."
21384
msgstr ""
21385
21386
#: serverguide/C/network-auth.xml:4113(para)
21387
msgid "Verification option #2"
21388
msgstr ""
21389
21390
#: serverguide/C/network-auth.xml:4114(para)
21391
msgid "Execute this command for a specific AD user (e.g. administrator)"
21392
msgstr ""
21393
21394
#: serverguide/C/network-auth.xml:4117(para)
21395
msgid ""
21396
"If <emphasis>enumerate = true</emphasis> is set in "
21397
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
21398
"username argument will list all domain users. This may be useful for "
21399
"testing, but is slow and not recommended for production."
21400
msgstr ""
21401
21402
#: serverguide/C/network-auth.xml:4121(title)
21403
msgid "Test Authentication"
21404
msgstr ""
21405
21406
#: serverguide/C/network-auth.xml:4122(para)
21407
msgid ""
21408
"It should now be possible to authenticate using an Active Directory User's "
21409
"credentials:"
21410
msgstr ""
21411
21412
#: serverguide/C/network-auth.xml:4124(command)
21413
msgid "su - username"
21414
msgstr ""
21415
21416
#: serverguide/C/network-auth.xml:4126(para)
21417
msgid ""
21418
"If this works, then other login methods (getty, ssh) should also work."
21419
msgstr ""
21420
21421
#: serverguide/C/network-auth.xml:4128(para)
21422
msgid ""
21423
"If the computer account was created, indicating that the system was "
21424
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
21425
"helpful to review <filename>/etc/pam.d</filename> and "
21426
"<filename>nssswitch.conf</filename> as well as the file changes described "
21427
"earlier in this guide."
21428
msgstr ""
21429
21430
#: serverguide/C/network-auth.xml:4132(title)
21431
msgid "Home directories with pam_mkhomedir (optional)"
21432
msgstr ""
21433
21434
#: serverguide/C/network-auth.xml:4133(para)
21435
msgid ""
21436
"When logging in using an Active Directory user account, it is likely that "
21437
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
21438
"will create the user's home directory on login. Edit "
21439
"<filename>/etc/pam.d/common-session</filename>, and add this line directly "
21440
"after <emphasis>session required pam_unix.so:</emphasis>"
21441
msgstr ""
21442
21443
#: serverguide/C/network-auth.xml:4134(programlisting)
21444
#, no-wrap
21445
msgid ""
21446
"\n"
21447
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
21448
msgstr ""
21449
21450
#: serverguide/C/network-auth.xml:4138(para)
21451
msgid ""
21452
"This may also need <emphasis>override_homedir</emphasis> in "
21453
"<filename>sssd.conf</filename> to function correctly, so make sure that's "
21454
"set."
21455
msgstr ""
21456
21457
#: serverguide/C/network-auth.xml:4142(title)
21458
msgid "Desktop Ubuntu Authentication"
21459
msgstr ""
21460
21461
#: serverguide/C/network-auth.xml:4143(para)
21462
msgid ""
21463
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
21464
"Directory accounts. The AD accounts will not show up in the pick list with "
21465
"local users, so lightdm will need to be modified. Edit the file "
21466
"<filename>/etc/lightdm/lightdm.conf.d/50-unity-greeter.conf</filename> and "
21467
"append the following two lines:"
21468
msgstr ""
21469
21470
#: serverguide/C/network-auth.xml:4145(programlisting)
21471
#, no-wrap
21472
msgid ""
21473
"\n"
21474
"greeter-show-manual-login=true\n"
21475
"greeter-hide-users=true\n"
21476
msgstr ""
21477
21478
#: serverguide/C/network-auth.xml:4150(para)
21479
msgid ""
21480
"Reboot to restart lightdm. It should now be possible to log in using a "
21481
"domain account using either <emphasis>username</emphasis> or "
21482
"<emphasis>username/username@domain</emphasis> format."
21483
msgstr ""
21484
21485
#: serverguide/C/network-auth.xml:4156(ulink)
21486
msgid "GitHub SSSD Project"
21487
msgstr ""
21488
21489
#: serverguide/C/network-auth.xml:4157(ulink)
21490
msgid "Active Directory DNS Zone Entries"
21491
msgstr ""
21492
21493
#: serverguide/C/network-auth.xml:4158(ulink)
21494
msgid "Kerberos config options"
21495
msgstr ""
21496
21497
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
21498
msgid "Device Attributes"
21499
msgstr ""
21500
21501
#: serverguide/C/multipath-device-attributes-table.xml:8(entry) serverguide/C/multipath-config-defaults-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:8(entry)
21502
msgid "Attribute"
21503
msgstr ""
21504
21505
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
21506
msgid "Description"
21507
msgstr ""
21508
21509
#: serverguide/C/multipath-device-attributes-table.xml:15(emphasis)
21510
msgid "vendor"
21511
msgstr ""
21512
21513
#: serverguide/C/multipath-device-attributes-table.xml:17(emphasis)
21514
msgid "COMPAQ"
21515
msgstr ""
21516
21517
#: serverguide/C/multipath-device-attributes-table.xml:17(entry)
21518
msgid ""
21519
"Specifies the vendor name of the storage device to which the device "
21520
"attributes apply, for example <placeholder-1/>."
21521
msgstr ""
21522
21523
#: serverguide/C/multipath-device-attributes-table.xml:21(emphasis)
21524
msgid "product"
21525
msgstr ""
21526
21527
#: serverguide/C/multipath-device-attributes-table.xml:23(emphasis)
21528
msgid "HSV110 (C)COMPAQ"
21529
msgstr ""
21530
21531
#: serverguide/C/multipath-device-attributes-table.xml:23(entry)
21532
msgid ""
21533
"Specifies the product name of the storage device to which the device "
21534
"attributes apply, for example <placeholder-1/>."
21535
msgstr ""
21536
21537
#: serverguide/C/multipath-device-attributes-table.xml:27(emphasis)
21538
msgid "revision"
21539
msgstr ""
21540
21541
#: serverguide/C/multipath-device-attributes-table.xml:29(entry)
21542
msgid "Specifies the product revision identifier of the storage device."
21543
msgstr ""
21544
21545
#: serverguide/C/multipath-device-attributes-table.xml:33(emphasis)
21546
msgid "product_blacklist"
21547
msgstr ""
21548
21549
#: serverguide/C/multipath-device-attributes-table.xml:35(entry)
21550
msgid "Specifies a regular expression used to blacklist devices by product."
21551
msgstr ""
21552
21553
#: serverguide/C/multipath-device-attributes-table.xml:39(emphasis)
21554
msgid "hardware_handler"
21555
msgstr ""
21556
21557
#: serverguide/C/multipath-device-attributes-table.xml:41(para)
21558
msgid ""
21559
"Specifies a module that will be used to perform hardware specific actions "
21560
"when switching path groups or handling I/O errors. Possible values include:"
21561
msgstr ""
21562
21563
#: serverguide/C/multipath-device-attributes-table.xml:44(para)
21564
msgid ""
21565
"<emphasis role=\"bold\">1 emc</emphasis>: hardware handler for EMC storage "
21566
"arrays"
21567
msgstr ""
21568
21569
#: serverguide/C/multipath-device-attributes-table.xml:47(para)
21570
msgid ""
21571
"<emphasis role=\"bold\">1 alua</emphasis>: hardware handler for SCSI-3 ALUA "
21572
"arrays."
21573
msgstr ""
21574
21575
#: serverguide/C/multipath-device-attributes-table.xml:49(para)
21576
msgid ""
21577
"<emphasis role=\"bold\">1 hp_sw</emphasis>: hardware handler for Compaq/HP "
21578
"controllers."
21579
msgstr ""
21580
21581
#: serverguide/C/multipath-device-attributes-table.xml:53(para)
21582
msgid ""
21583
"<emphasis role=\"bold\">1 rdac</emphasis>: hardware handler for the "
21584
"LSI/Engenio RDAC controllers."
21585
msgstr ""
21586
21587
#: serverguide/C/multipath-config-defaults-table.xml:3(title)
21588
msgid "Multipath Configuration Defaults"
21589
msgstr ""
21590
21591
#: serverguide/C/multipath-config-defaults-table.xml:21(emphasis) serverguide/C/multipath-config-defaults-table.xml:26(emphasis)
21592
msgid "polling_interval"
21593
msgstr ""
21594
21595
#: serverguide/C/multipath-config-defaults-table.xml:27(emphasis)
21596
msgid "5"
21597
msgstr ""
21598
21599
#: serverguide/C/multipath-config-defaults-table.xml:24(entry)
21600
msgid ""
21601
"Specifies the interval between two path checks in seconds. For properly "
21602
"functioning paths, the interval between checks will gradually increase to (4 "
21603
"* <placeholder-1/>). The default value is <placeholder-2/>."
21604
msgstr ""
21605
21606
#: serverguide/C/multipath-config-defaults-table.xml:32(emphasis)
21607
msgid "udev_dir"
21608
msgstr ""
21609
21610
#: serverguide/C/multipath-config-defaults-table.xml:35(entry)
21611
msgid ""
21612
"The directory where udev device nodes are created. The default value is /dev."
21613
msgstr ""
21614
21615
#: serverguide/C/multipath-config-defaults-table.xml:41(emphasis)
21616
msgid "multipath_dir"
21617
msgstr ""
21618
21619
#: serverguide/C/multipath-config-defaults-table.xml:46(filename)
21620
msgid "/lib/multipath"
21621
msgstr ""
21622
21623
#: serverguide/C/multipath-config-defaults-table.xml:44(entry)
21624
msgid ""
21625
"The directory where the dynamic shared objects are stored. The default value "
21626
"is system dependent, commonly <placeholder-1/>."
21627
msgstr ""
21628
21629
#: serverguide/C/multipath-config-defaults-table.xml:51(emphasis)
21630
msgid "verbosity"
21631
msgstr ""
21632
21633
#: serverguide/C/multipath-config-defaults-table.xml:54(entry)
21634
msgid ""
21635
"The default verbosity. Higher values increase the verbosity level. Valid "
21636
"levels are between 0 and 6. The default value is 2."
21637
msgstr ""
21638
21639
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
21640
msgid "path_selector"
21641
msgstr ""
21642
21643
#: serverguide/C/multipath-config-defaults-table.xml:65(para)
21644
msgid ""
21645
"Specifies the default algorithm to use in determining what path to use for "
21646
"the next I/O operation. Possible values include:"
21647
msgstr ""
21648
21649
#: serverguide/C/multipath-config-defaults-table.xml:71(para)
21650
msgid ""
21651
"<emphasis role=\"bold\">round-robin 0</emphasis>: Loop through every path in "
21652
"the path group, sending the same amount of I/O to each."
21653
msgstr ""
21654
21655
#: serverguide/C/multipath-config-defaults-table.xml:77(para)
21656
msgid ""
21657
"<emphasis role=\"bold\">queue-length 0</emphasis>: Send the next bunch of "
21658
"I/O down the path with the least number of outstanding I/O requests."
21659
msgstr ""
21660
21661
#: serverguide/C/multipath-config-defaults-table.xml:83(para)
21662
msgid ""
21663
"<emphasis role=\"bold\">service-time 0</emphasis>: Send the next bunch of "
21664
"I/O down the path with the shortest estimated service time, which is "
21665
"determined by dividing the total size of the outstanding I/O to each path by "
21666
"its relative throughput."
21667
msgstr ""
21668
21669
#: serverguide/C/multipath-config-defaults-table.xml:91(para)
21670
msgid ""
21671
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
21672
msgstr ""
21673
21674
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
21675
msgid "path_grouping_policy"
21676
msgstr ""
21677
21678
#: serverguide/C/multipath-config-defaults-table.xml:102(para)
21679
msgid ""
21680
"Specifies the default path grouping policy to apply to unspecified "
21681
"multipaths. Possible values include:"
21682
msgstr ""
21683
21684
#: serverguide/C/multipath-config-defaults-table.xml:107(para)
21685
msgid ""
21686
"<emphasis role=\"bold\">failover</emphasis> = 1 path per priority group"
21687
msgstr ""
21688
21689
#: serverguide/C/multipath-config-defaults-table.xml:112(para)
21690
msgid ""
21691
"<emphasis role=\"bold\">multibus</emphasis> = all valid paths in 1 priority "
21692
"group"
21693
msgstr ""
21694
21695
#: serverguide/C/multipath-config-defaults-table.xml:117(para)
21696
msgid ""
21697
"<emphasis role=\"bold\">group_by_serial</emphasis> = 1 priority group per "
21698
"detected serial number"
21699
msgstr ""
21700
21701
#: serverguide/C/multipath-config-defaults-table.xml:122(para)
21702
msgid ""
21703
"<emphasis role=\"bold\">group_by_prio</emphasis> = 1 priority group per path "
21704
"priority value"
21705
msgstr ""
21706
21707
#: serverguide/C/multipath-config-defaults-table.xml:127(para)
21708
msgid ""
21709
"<emphasis role=\"bold\">group_by_node_name</emphasis> = 1 priority group per "
21710
"target node name."
21711
msgstr ""
21712
21713
#: serverguide/C/multipath-config-defaults-table.xml:132(para)
21714
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
21715
msgstr ""
21716
21717
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
21718
msgid "getuid_callout"
21719
msgstr ""
21720
21721
#: serverguide/C/multipath-config-defaults-table.xml:144(para)
21722
msgid ""
21723
"The default value is <emphasis role=\"bold\">/lib/udev/scsi_id --whitelisted "
21724
"--device=/dev/%n.</emphasis>"
21725
msgstr ""
21726
21727
#: serverguide/C/multipath-config-defaults-table.xml:142(entry)
21728
msgid ""
21729
"Specifies the default program and arguments to call out to obtain a unique "
21730
"path identifier. An absolute path is required. <placeholder-1/>"
21731
msgstr ""
21732
21733
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
21734
msgid "prio"
21735
msgstr ""
21736
21737
#: serverguide/C/multipath-config-defaults-table.xml:154(para)
21738
msgid ""
21739
"Specifies the default function to call to obtain a path priority value. For "
21740
"example, the ALUA bits in SPC-3 provide an exploitable prio value. Possible "
21741
"values include:"
21742
msgstr ""
21743
21744
#: serverguide/C/multipath-config-defaults-table.xml:160(para)
21745
msgid ""
21746
"<emphasis role=\"bold\">const</emphasis>: Set a priority of 1 to all paths."
21747
msgstr ""
21748
21749
#: serverguide/C/multipath-config-defaults-table.xml:165(para)
21750
msgid ""
21751
"<emphasis role=\"bold\">emc</emphasis>: Generate the path priority for EMC "
21752
"arrays."
21753
msgstr ""
21754
21755
#: serverguide/C/multipath-config-defaults-table.xml:170(para)
21756
msgid ""
21757
"<emphasis role=\"bold\">alua</emphasis>: Generate the path priority based on "
21758
"the SCSI-3 ALUA settings."
21759
msgstr ""
21760
21761
#: serverguide/C/multipath-config-defaults-table.xml:175(para)
21762
msgid ""
21763
"<emphasis role=\"bold\">netapp</emphasis>: Generate the path priority for "
21764
"NetApp arrays."
21765
msgstr ""
21766
21767
#: serverguide/C/multipath-config-defaults-table.xml:180(para)
21768
msgid ""
21769
"<emphasis role=\"bold\">rdac</emphasis>: Generate the path priority for "
21770
"LSI/Engenio RDAC controller."
21771
msgstr ""
21772
21773
#: serverguide/C/multipath-config-defaults-table.xml:185(para)
21774
msgid ""
21775
"<emphasis role=\"bold\">hp_sw</emphasis>: Generate the path priority for "
21776
"Compaq/HP controller in active/standby mode."
21777
msgstr ""
21778
21779
#: serverguide/C/multipath-config-defaults-table.xml:190(para)
21780
msgid ""
21781
"<emphasis role=\"bold\">hds</emphasis>: Generate the path priority for "
21782
"Hitachi HDS Modular storage arrays."
21783
msgstr ""
21784
21785
#: serverguide/C/multipath-config-defaults-table.xml:195(para)
21786
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
21787
msgstr ""
21788
21789
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
21790
msgid "prio_args"
21791
msgstr ""
21792
21793
#: serverguide/C/multipath-config-defaults-table.xml:206(para)
21794
msgid ""
21795
"The arguments string passed to the prio function Most prio functions do not "
21796
"need arguments. The datacore prioritizer need one. Example, <emphasis "
21797
"role=\"bold\">\"timeout=1000 preferredsds=foo\"</emphasis>. The default "
21798
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
21799
msgstr ""
21800
21801
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
21802
msgid "features"
21803
msgstr ""
21804
21805
#: serverguide/C/multipath-config-defaults-table.xml:220(emphasis)
21806
msgid "queue_if_no_path"
21807
msgstr ""
21808
21809
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
21810
msgid "no_path_retry"
21811
msgstr ""
21812
21813
#: serverguide/C/multipath-config-defaults-table.xml:222(emphasis) serverguide/C/multipath-config-defaults-table.xml:341(emphasis)
21814
msgid "queue"
21815
msgstr ""
21816
21817
#: serverguide/C/multipath-config-defaults-table.xml:223(link)
21818
msgid "\"Issues with queue_if_no_path feature\""
21819
msgstr ""
21820
21821
#: serverguide/C/multipath-config-defaults-table.xml:219(entry)
21822
msgid ""
21823
"The extra features of multipath devices. The only existing feature is "
21824
"<placeholder-1/>, which is the same as setting <placeholder-2/> to "
21825
"<placeholder-3/>. For information on issues that may arise when using this "
21826
"feature, see Section, <placeholder-4/>."
21827
msgstr ""
21828
21829
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
21830
msgid "path_checker"
21831
msgstr ""
21832
21833
#: serverguide/C/multipath-config-defaults-table.xml:232(para)
21834
msgid ""
21835
"Specifies the default method used to determine the state of the paths. "
21836
"Possible values include:"
21837
msgstr ""
21838
21839
#: serverguide/C/multipath-config-defaults-table.xml:237(para)
21840
msgid ""
21841
"<emphasis role=\"bold\">readsector0</emphasis>: Read the first sector of the "
21842
"device."
21843
msgstr ""
21844
21845
#: serverguide/C/multipath-config-defaults-table.xml:242(para)
21846
msgid ""
21847
"<emphasis role=\"bold\">tur</emphasis>: Issue a TEST UNIT READY to the "
21848
"device."
21849
msgstr ""
21850
21851
#: serverguide/C/multipath-config-defaults-table.xml:247(para)
21852
msgid ""
21853
"<emphasis role=\"bold\">emc_clariion</emphasis>: Query the EMC Clariion "
21854
"specific EVPD page 0xC0 to determine the path."
21855
msgstr ""
21856
21857
#: serverguide/C/multipath-config-defaults-table.xml:253(para)
21858
msgid ""
21859
"<emphasis role=\"bold\">hp_sw</emphasis>: Check the path state for HP "
21860
"storage arrays with Active/Standby firmware."
21861
msgstr ""
21862
21863
#: serverguide/C/multipath-config-defaults-table.xml:258(para)
21864
msgid ""
21865
"<emphasis role=\"bold\">rdac</emphasis>: Check the path status for "
21866
"LSI/Engenio RDAC storage controller."
21867
msgstr ""
21868
21869
#: serverguide/C/multipath-config-defaults-table.xml:263(para)
21870
msgid ""
21871
"<emphasis role=\"bold\">directio</emphasis>: Read the first sector with "
21872
"direct I/O."
21873
msgstr ""
21874
21875
#: serverguide/C/multipath-config-defaults-table.xml:268(para)
21876
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
21877
msgstr ""
21878
21879
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
21880
msgid "failback"
21881
msgstr ""
21882
21883
#: serverguide/C/multipath-config-defaults-table.xml:279(para)
21884
msgid "Manages path group failback."
21885
msgstr ""
21886
21887
#: serverguide/C/multipath-config-defaults-table.xml:283(para)
21888
msgid ""
21889
"A value of <emphasis role=\"bold\">immediate</emphasis> specifies immediate "
21890
"failback to the highest priority path group that contains active paths."
21891
msgstr ""
21892
21893
#: serverguide/C/multipath-config-defaults-table.xml:289(para)
21894
msgid ""
21895
"A value of <emphasis role=\"bold\">manual</emphasis> specifies that there "
21896
"should not be immediate failback but that failback can happen only with "
21897
"operator intervention."
21898
msgstr ""
21899
21900
#: serverguide/C/multipath-config-defaults-table.xml:295(para)
21901
msgid ""
21902
"A numeric value greater than zero specifies deferred failback, expressed in "
21903
"seconds."
21904
msgstr ""
21905
21906
#: serverguide/C/multipath-config-defaults-table.xml:300(para)
21907
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
21908
msgstr ""
21909
21910
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
21911
msgid "rr_min_io"
21912
msgstr ""
21913
21914
#: serverguide/C/multipath-config-defaults-table.xml:311(para)
21915
msgid "The default value is <literal>1000</literal>."
21916
msgstr ""
21917
21918
#: serverguide/C/multipath-config-defaults-table.xml:310(entry)
21919
msgid ""
21920
"Specifies the number of I/O requests to route to a path before switching to "
21921
"the next path in the current path group.<placeholder-1/>"
21922
msgstr ""
21923
21924
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
21925
msgid "rr_weight"
21926
msgstr ""
21927
21928
#: serverguide/C/multipath-config-defaults-table.xml:320(emphasis)
21929
msgid "priorities"
21930
msgstr ""
21931
21932
#: serverguide/C/multipath-config-defaults-table.xml:327(emphasis)
21933
msgid "uniform"
21934
msgstr ""
21935
21936
#: serverguide/C/multipath-config-defaults-table.xml:327(para)
21937
msgid "The default value is <emphasis role=\"bold\">uniform</emphasis>."
21938
msgstr ""
21939
21940
#: serverguide/C/multipath-config-defaults-table.xml:320(entry)
21941
msgid ""
21942
"If set to <placeholder-1/>, then instead of sending <placeholder-2/> "
21943
"requests to a path before calling <placeholder-3/> to choose the next path, "
21944
"the number of requests to send is determined by <placeholder-4/> times the "
21945
"path's priority, as determined by the prio function. If set to <placeholder-"
21946
"5/>, all path weights are equal. <placeholder-6/>"
21947
msgstr ""
21948
21949
#: serverguide/C/multipath-config-defaults-table.xml:340(emphasis)
21950
msgid "immediate"
21951
msgstr ""
21952
21953
#: serverguide/C/multipath-config-defaults-table.xml:342(para)
21954
msgid "The default value is <literal>0</literal>."
21955
msgstr ""
21956
21957
#: serverguide/C/multipath-config-defaults-table.xml:337(entry)
21958
msgid ""
21959
"A numeric value for this attribute specifies the number of times the system "
21960
"should attempt to use a failed path before disabling queueing. A value of "
21961
"fail indicates <placeholder-1/> failure, without queueing. A value of "
21962
"<placeholder-2/> indicates that queueing should not stop until the path is "
21963
"fixed. <placeholder-3/>"
21964
msgstr ""
21965
21966
#: serverguide/C/multipath-config-defaults-table.xml:348(emphasis) serverguide/C/multipath-attributes-table.xml:30(emphasis)
21967
msgid "user_friendly_names"
21968
msgstr ""
21969
21970
#: serverguide/C/multipath-config-defaults-table.xml:352(filename)
21971
msgid "/etc/multipath/bindings"
21972
msgstr ""
21973
21974
#: serverguide/C/multipath-config-defaults-table.xml:353(emphasis) serverguide/C/multipath-config-defaults-table.xml:356(emphasis) serverguide/C/multipath-attributes-table.xml:25(emphasis)
21975
msgid "alias"
21976
msgstr ""
21977
21978
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
21979
msgid "multipath"
21980
msgstr ""
21981
21982
#: serverguide/C/multipath-config-defaults-table.xml:359(para) serverguide/C/multipath-config-defaults-table.xml:381(para)
21983
msgid "The default value is <emphasis role=\"bold\">no</emphasis>."
21984
msgstr ""
21985
21986
#: serverguide/C/multipath-config-defaults-table.xml:351(entry)
21987
msgid ""
21988
"If set to yes, specifies that the system should use the <placeholder-1/> "
21989
"file to assign a persistent and unique <placeholder-2/> to the <placeholder-"
21990
"3/>, in the form of mpathn. If set to no, specifies that the system should "
21991
"use the WWID as the <placeholder-4/> for the <placeholder-5/>. In either "
21992
"case, what is specified here will be overridden by any device-specific "
21993
"aliases you specify in the multipaths section of the configuration file. "
21994
"<placeholder-6/>"
21995
msgstr ""
21996
21997
#: serverguide/C/multipath-config-defaults-table.xml:365(emphasis)
21998
msgid "queue_without_daemon"
21999
msgstr ""
22000
22001
#: serverguide/C/multipath-config-defaults-table.xml:368(emphasis) serverguide/C/multipath-config-defaults-table.xml:392(emphasis)
22002
msgid "multipathd"
22003
msgstr ""
22004
22005
#: serverguide/C/multipath-config-defaults-table.xml:370(para)
22006
msgid "The default value is <emphasis role=\"bold\">yes</emphasis>."
22007
msgstr ""
22008
22009
#: serverguide/C/multipath-config-defaults-table.xml:368(entry)
22010
msgid ""
22011
"If set to no, the <placeholder-1/> daemon will disable queueing for all "
22012
"devices when it is shut down. <placeholder-2/>"
22013
msgstr ""
22014
22015
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
22016
msgid "flush_on_last_del"
22017
msgstr ""
22018
22019
#: serverguide/C/multipath-config-defaults-table.xml:379(entry)
22020
msgid ""
22021
"If set to yes, then <placeholder-1/> will disable queueing when the last "
22022
"path to a device has been deleted. <placeholder-2/>"
22023
msgstr ""
22024
22025
#: serverguide/C/multipath-config-defaults-table.xml:387(emphasis)
22026
msgid "max_fds"
22027
msgstr ""
22028
22029
#: serverguide/C/multipath-config-defaults-table.xml:394(filename)
22030
msgid "/proc/sys/fs/nr_open"
22031
msgstr ""
22032
22033
#: serverguide/C/multipath-config-defaults-table.xml:390(entry)
22034
msgid ""
22035
"Sets the maximum number of open file descriptors that can be opened by "
22036
"<placeholder-1/> and the <placeholder-2/> daemon. This is equivalent to the "
22037
"ulimit -n command. A value of max will set this to the system limit from "
22038
"<placeholder-3/>. If this is not set, the maximum number of open file "
22039
"descriptors is taken from the calling process; it is usually 1024. To be "
22040
"safe, this should be set to the maximum number of paths plus 32, if that "
22041
"number is greater than 1024."
22042
msgstr ""
22043
22044
#: serverguide/C/multipath-config-defaults-table.xml:402(emphasis)
22045
msgid "checker_timer"
22046
msgstr ""
22047
22048
#: serverguide/C/multipath-config-defaults-table.xml:406(para)
22049
msgid ""
22050
"The default value is taken from "
22051
"<filename>/sys/block/sdx/device/timeout</filename>, which is "
22052
"<literal>30</literal> seconds as of 12.04 LTS"
22053
msgstr ""
22054
22055
#: serverguide/C/multipath-config-defaults-table.xml:405(entry)
22056
msgid ""
22057
"The timeout to use for path checkers that issue SCSI commands with an "
22058
"explicit timeout, in seconds. <placeholder-1/>"
22059
msgstr ""
22060
22061
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
22062
msgid "fast_io_fail_tmo"
22063
msgstr ""
22064
22065
#: serverguide/C/multipath-config-defaults-table.xml:419(para)
22066
msgid "The default value is determined by the OS."
22067
msgstr ""
22068
22069
#: serverguide/C/multipath-config-defaults-table.xml:416(entry)
22070
msgid ""
22071
"The number of seconds the SCSI layer will wait after a problem has been "
22072
"detected on an FC remote port before failing I/O to devices on that remote "
22073
"port. This value should be smaller than the value of dev_loss_tmo. Setting "
22074
"this to off will disable the timeout. <placeholder-1/>"
22075
msgstr ""
22076
22077
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
22078
msgid "dev_loss_tmo"
22079
msgstr ""
22080
22081
#: serverguide/C/multipath-config-defaults-table.xml:428(entry)
22082
msgid ""
22083
"The number of seconds the SCSI layer will wait after a problem has been "
22084
"detected on an FC remote port before removing it from the system. Setting "
22085
"this to infinity will set this to 2147483647 seconds, or 68 years. The "
22086
"default value is determined by the OS."
22087
msgstr ""
22088
22089
#: serverguide/C/multipath-components-table.xml:3(title)
22090
msgid "DM-Multipath Components"
22091
msgstr ""
22092
22093
#: serverguide/C/multipath-components-table.xml:11(entry)
22094
msgid "Component"
22095
msgstr ""
22096
22097
#: serverguide/C/multipath-components-table.xml:19(emphasis)
22098
msgid "dm_multipath kernel module"
22099
msgstr ""
22100
22101
#: serverguide/C/multipath-components-table.xml:23(emphasis)
22102
msgid "failover"
22103
msgstr ""
22104
22105
#: serverguide/C/multipath-components-table.xml:22(entry)
22106
msgid "Reroutes I/O and supports <placeholder-1/> for paths and path groups."
22107
msgstr ""
22108
22109
#: serverguide/C/multipath-components-table.xml:28(emphasis)
22110
msgid "multipath command"
22111
msgstr ""
22112
22113
#: serverguide/C/multipath-components-table.xml:32(filename)
22114
msgid "/etc/rc.sysinit"
22115
msgstr ""
22116
22117
#: serverguide/C/multipath-components-table.xml:31(entry)
22118
msgid ""
22119
"Lists and configures <placeholder-1/> devices. Normally started up with "
22120
"<placeholder-2/>, it can also be started up by a udev program whenever a "
22121
"block device is added or it can be run by the initramfs file system."
22122
msgstr ""
22123
22124
#: serverguide/C/multipath-components-table.xml:39(emphasis)
22125
msgid "multipathd daemon"
22126
msgstr ""
22127
22128
#: serverguide/C/multipath-components-table.xml:45(filename)
22129
msgid "/etc/multipath.conf"
22130
msgstr ""
22131
22132
#: serverguide/C/multipath-components-table.xml:42(entry)
22133
msgid ""
22134
"Monitors paths; as paths fail and come back, it may initiate path group "
22135
"switches. Provides for interactive changes to <placeholder-1/> devices. This "
22136
"daemon must be restarted for any changes to the <placeholder-2/> file to "
22137
"take effect."
22138
msgstr ""
22139
22140
#: serverguide/C/multipath-components-table.xml:50(emphasis)
22141
msgid "kpartx command"
22142
msgstr ""
22143
22144
#: serverguide/C/multipath-components-table.xml:56(emphasis)
22145
msgid "multipath-tools"
22146
msgstr ""
22147
22148
#: serverguide/C/multipath-components-table.xml:53(entry)
22149
msgid ""
22150
"Creates device mapper devices for the partitions on a device It is necessary "
22151
"to use this command for DOS-based partitions with DM-Multipath. The kpartx "
22152
"is provided in its own package, but the <placeholder-1/> package depends on "
22153
"it."
22154
msgstr ""
22155
22156
#: serverguide/C/multipath-attributes-table.xml:2(title)
22157
msgid "Multipath Attributes"
22158
msgstr ""
22159
22160
#: serverguide/C/multipath-attributes-table.xml:15(emphasis)
22161
msgid "wwid"
22162
msgstr ""
22163
22164
#: serverguide/C/multipath-attributes-table.xml:21(filename)
22165
msgid "multipath.conf"
22166
msgstr ""
22167
22168
#: serverguide/C/multipath-attributes-table.xml:17(entry)
22169
msgid ""
22170
"Specifies the WWID of the <placeholder-1/> device to which the <placeholder-"
22171
"2/> attributes apply. This parameter is mandatory for this section of the "
22172
"<placeholder-3/> file."
22173
msgstr ""
22174
22175
#: serverguide/C/multipath-attributes-table.xml:27(entry)
22176
msgid ""
22177
"Specifies the symbolic name for the <placeholder-1/> device to which the "
22178
"<placeholder-2/> attributes apply. If you are using <placeholder-3/>, do not "
22179
"set this value to mpathn; this may conflict with an automatically assigned "
22180
"user friendly name and give you incorrect device node names."
22181
msgstr ""
22182
22183
#: serverguide/C/monitoring.xml:11(title)
22184
msgid "Monitoring"
22185
msgstr ""
22186
22187
#: serverguide/C/monitoring.xml:15(para)
22188
msgid ""
22189
"The monitoring of essential servers and services is an important part of "
22190
"system administration. Most network services are monitored for performance, "
22191
"availability, or both. This section will cover installation and "
22192
"configuration of <application>Nagios</application> for availability "
22193
"monitoring, and <application>Munin</application> for performance monitoring."
22194
msgstr ""
22195
22196
#: serverguide/C/monitoring.xml:22(para)
22197
msgid ""
22198
"The examples in this section will use two servers with hostnames "
22199
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
22200
"<emphasis>Server01</emphasis> will be configured with "
22201
"<application>Nagios</application> to monitor services on itself and "
22202
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
22203
"<application>munin</application> package to gather information from the "
22204
"network. Using the <application>munin-node</application> package, "
22205
"<emphasis>server02</emphasis> will be configured to send information to "
22206
"<emphasis>server01</emphasis>."
22207
msgstr ""
22208
22209
#: serverguide/C/monitoring.xml:31(para)
22210
msgid ""
22211
"Hopefully these simple examples will allow you to monitor additional servers "
22212
"and services on your network."
22213
msgstr ""
22214
22215
#: serverguide/C/monitoring.xml:37(title)
22216
msgid "Nagios"
22217
msgstr ""
22218
22219
#: serverguide/C/monitoring.xml:42(para)
22220
msgid ""
22221
"First, on <emphasis>server01</emphasis> install the "
22222
"<application>nagios</application> package. In a terminal enter:"
22223
msgstr ""
22224
22225
#: serverguide/C/monitoring.xml:48(command)
22226
msgid "sudo apt install nagios3 nagios-nrpe-plugin"
22227
msgstr ""
22228
22229
#: serverguide/C/monitoring.xml:51(para)
22230
msgid ""
22231
"You will be asked to enter a password for the "
22232
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
22233
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
22234
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
22235
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
22236
"of the <application>apache2-utils</application> package."
22237
msgstr ""
22238
22239
#: serverguide/C/monitoring.xml:58(para)
22240
msgid ""
22241
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
22242
"user enter:"
22243
msgstr ""
22244
22245
#: serverguide/C/monitoring.xml:63(command)
22246
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
22247
msgstr ""
22248
22249
#: serverguide/C/monitoring.xml:66(para)
22250
msgid "To add a user:"
22251
msgstr ""
22252
22253
#: serverguide/C/monitoring.xml:71(command)
22254
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
22255
msgstr ""
22256
22257
#: serverguide/C/monitoring.xml:74(para)
22258
msgid ""
22259
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
22260
"server</application> package. From a terminal on server02 enter:"
22261
msgstr ""
22262
22263
#: serverguide/C/monitoring.xml:80(command)
22264
msgid "sudo apt install nagios-nrpe-server"
22265
msgstr ""
22266
22267
#: serverguide/C/monitoring.xml:84(para)
22268
msgid ""
22269
"<application>NRPE</application> allows you to execute local checks on remote "
22270
"hosts. There are other ways of accomplishing this through other Nagios "
22271
"plugins as well as other checks."
22272
msgstr ""
22273
22274
#: serverguide/C/monitoring.xml:92(title)
22275
msgid "Configuration Overview"
22276
msgstr ""
22277
22278
#: serverguide/C/monitoring.xml:94(para)
22279
msgid ""
22280
"There are a couple of directories containing "
22281
"<application>Nagios</application> configuration and check files."
22282
msgstr ""
22283
22284
#: serverguide/C/monitoring.xml:100(para)
22285
msgid ""
22286
"<filename>/etc/nagios3</filename>: contains configuration files for the "
22287
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
22288
"etc."
22289
msgstr ""
22290
22291
#: serverguide/C/monitoring.xml:106(para)
22292
msgid ""
22293
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
22294
"service checks."
22295
msgstr ""
22296
22297
#: serverguide/C/monitoring.xml:111(para)
22298
msgid ""
22299
"<filename>/etc/nagios</filename>: on the remote host contains the "
22300
"<application>nagios-nrpe-server</application> configuration files."
22301
msgstr ""
22302
22303
#: serverguide/C/monitoring.xml:116(para)
22304
msgid ""
22305
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
22306
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
22307
msgstr ""
22308
22309
#: serverguide/C/monitoring.xml:121(para)
22310
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
22311
msgstr ""
22312
22313
#: serverguide/C/monitoring.xml:127(para)
22314
msgid ""
22315
"There are a plethora of checks <application>Nagios</application> can be "
22316
"configured to execute for any given host. For this example Nagios will be "
22317
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
22318
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
22319
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
22320
msgstr ""
22321
22322
#: serverguide/C/monitoring.xml:134(para)
22323
msgid ""
22324
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
22325
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
22326
msgstr ""
22327
22328
#: serverguide/C/monitoring.xml:139(para)
22329
msgid ""
22330
"Additionally, there are some terms that once explained will hopefully make "
22331
"understanding Nagios configuration easier:"
22332
msgstr ""
22333
22334
#: serverguide/C/monitoring.xml:145(para)
22335
msgid ""
22336
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
22337
"is being monitored."
22338
msgstr ""
22339
22340
#: serverguide/C/monitoring.xml:150(para)
22341
msgid ""
22342
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
22343
"could group all web servers, file server, etc."
22344
msgstr ""
22345
22346
#: serverguide/C/monitoring.xml:155(para)
22347
msgid ""
22348
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
22349
"as HTTP, DNS, NFS, etc."
22350
msgstr ""
22351
22352
#: serverguide/C/monitoring.xml:160(para)
22353
msgid ""
22354
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
22355
"together. This is useful for grouping multiple HTTP for example."
22356
msgstr ""
22357
22358
#: serverguide/C/monitoring.xml:166(para)
22359
msgid ""
22360
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
22361
"place. Nagios can be configured to send emails, SMS messages, etc."
22362
msgstr ""
22363
22364
#: serverguide/C/monitoring.xml:172(para)
22365
msgid ""
22366
"By default Nagios is configured to check HTTP, disk space, SSH, current "
22367
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
22368
"will also <application>ping</application> check the "
22369
"<emphasis>gateway</emphasis>."
22370
msgstr ""
22371
22372
#: serverguide/C/monitoring.xml:177(para)
22373
msgid ""
22374
"Large Nagios installations can be quite complex to configure. It is usually "
22375
"best to start small, one or two hosts, get things configured the way you "
22376
"like then expand."
22377
msgstr ""
22378
22379
#: serverguide/C/monitoring.xml:192(para)
22380
msgid ""
22381
"First, create a <emphasis>host</emphasis> configuration file for "
22382
"<emphasis>server02</emphasis>. Unless otherwise specified, run all these "
22383
"commands on <emphasis>server01</emphasis>. In a terminal enter:"
22384
msgstr ""
22385
22386
#: serverguide/C/monitoring.xml:199(command)
22387
msgid ""
22388
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg \\ "
22389
"/etc/nagios3/conf.d/server02.cfg"
22390
msgstr ""
22391
22392
#: serverguide/C/monitoring.xml:204(para)
22393
msgid ""
22394
"In the above and following command examples, replace "
22395
"<emphasis>\"server01\"</emphasis>, "
22396
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
22397
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
22398
"your servers."
22399
msgstr ""
22400
22401
#: serverguide/C/monitoring.xml:213(para)
22402
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
22403
msgstr ""
22404
22405
#: serverguide/C/monitoring.xml:217(programlisting)
22406
#, no-wrap
22407
msgid ""
22408
"\n"
22409
"define host{\n"
22410
" use generic-host ; Name of host template to "
22411
"use\n"
22412
" host_name server02\n"
22413
" alias Server 02\n"
22414
" address 172.18.100.101\n"
22415
"}\n"
22416
"\n"
22417
"# check DNS service.\n"
22418
"define service {\n"
22419
" use generic-service\n"
22420
" host_name server02\n"
22421
" service_description DNS\n"
22422
" check_command check_dns!172.18.100.101\n"
22423
"}\n"
22424
msgstr ""
22425
22426
#: serverguide/C/monitoring.xml:237(para)
22427
msgid ""
22428
"Restart the <application>nagios</application> daemon to enable the new "
22429
"configuration:"
22430
msgstr ""
22431
22432
#: serverguide/C/monitoring.xml:242(command)
22433
msgid "sudo systemctl restart nagio3.service"
22434
msgstr ""
22435
22436
#: serverguide/C/monitoring.xml:252(para)
22437
msgid ""
22438
"Now add a service definition for the MySQL check by adding the following to "
22439
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
22440
msgstr ""
22441
22442
#: serverguide/C/monitoring.xml:256(programlisting)
22443
#, no-wrap
22444
msgid ""
22445
"\n"
22446
"# check MySQL servers.\n"
22447
"define service {\n"
22448
" hostgroup_name mysql-servers\n"
22449
" service_description MySQL\n"
22450
" check_command "
22451
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
22452
" use generic-service\n"
22453
" notification_interval 0 ; set > 0 if you want to be renotified\n"
22454
"}\n"
22455
msgstr ""
22456
22457
#: serverguide/C/monitoring.xml:270(para)
22458
msgid ""
22459
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
22460
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
22461
msgstr ""
22462
22463
#: serverguide/C/monitoring.xml:275(programlisting)
22464
#, no-wrap
22465
msgid ""
22466
"\n"
22467
"# MySQL hostgroup.\n"
22468
"define hostgroup {\n"
22469
" hostgroup_name mysql-servers\n"
22470
" alias MySQL servers\n"
22471
" members localhost, server02\n"
22472
" }\n"
22473
msgstr ""
22474
22475
#: serverguide/C/monitoring.xml:287(para)
22476
msgid ""
22477
"The Nagios check needs to authenticate to MySQL. To add a "
22478
"<emphasis>nagios</emphasis> user to MySQL enter:"
22479
msgstr ""
22480
22481
#: serverguide/C/monitoring.xml:292(command)
22482
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
22483
msgstr ""
22484
22485
#: serverguide/C/monitoring.xml:296(para)
22486
msgid ""
22487
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
22488
"<emphasis>mysql-servers</emphasis> hostgroup."
22489
msgstr ""
22490
22491
#: serverguide/C/monitoring.xml:304(para)
22492
msgid ""
22493
"Restart <application>nagios</application> to start checking the MySQL "
22494
"servers."
22495
msgstr ""
22496
22497
#: serverguide/C/monitoring.xml:309(command) serverguide/C/monitoring.xml:376(command)
22498
msgid "sudo systemctl restart nagios3.service"
22499
msgstr ""
22500
22501
#: serverguide/C/monitoring.xml:319(para)
22502
msgid ""
22503
"Lastly configure NRPE to check the disk space on "
22504
"<emphasis>server02</emphasis>."
22505
msgstr ""
22506
22507
#: serverguide/C/monitoring.xml:323(para)
22508
msgid ""
22509
"On <emphasis>server01</emphasis> add the service check to "
22510
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
22511
msgstr ""
22512
22513
#: serverguide/C/monitoring.xml:328(programlisting)
22514
#, no-wrap
22515
msgid ""
22516
"\n"
22517
"# NRPE disk check.\n"
22518
"define service {\n"
22519
" use generic-service\n"
22520
" host_name server02\n"
22521
" service_description nrpe-disk\n"
22522
" check_command "
22523
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
22524
"}\n"
22525
msgstr ""
22526
22527
#: serverguide/C/monitoring.xml:341(para)
22528
msgid ""
22529
"Now on <emphasis>server02</emphasis> edit "
22530
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
22531
msgstr ""
22532
22533
#: serverguide/C/monitoring.xml:345(programlisting)
22534
#, no-wrap
22535
msgid ""
22536
"\n"
22537
"allowed_hosts=172.18.100.100\n"
22538
msgstr ""
22539
22540
#: serverguide/C/monitoring.xml:349(para)
22541
msgid "And below in the command definition area add:"
22542
msgstr ""
22543
22544
#: serverguide/C/monitoring.xml:353(programlisting)
22545
#, no-wrap
22546
msgid ""
22547
"\n"
22548
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
22549
"e\n"
22550
msgstr ""
22551
22552
#: serverguide/C/monitoring.xml:360(para)
22553
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
22554
msgstr ""
22555
22556
#: serverguide/C/monitoring.xml:365(command)
22557
msgid "sudo systemctl restart nagios-nrpe-server.service"
22558
msgstr ""
22559
22560
#: serverguide/C/monitoring.xml:371(para)
22561
msgid ""
22562
"Also, on <emphasis>server01</emphasis> restart "
22563
"<application>nagios</application>:"
22564
msgstr ""
22565
22566
#: serverguide/C/monitoring.xml:384(para)
22567
msgid ""
22568
"You should now be able to see the host and service checks in the Nagios CGI "
22569
"files. To access them point a browser to http://server01/nagios3. You will "
22570
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
22571
"password."
22572
msgstr ""
22573
22574
#: serverguide/C/monitoring.xml:394(para)
22575
msgid ""
22576
"This section has just scratched the surface of Nagios' features. The "
22577
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
22578
"plugins</application> contain many more service checks."
22579
msgstr ""
22580
22581
#: serverguide/C/monitoring.xml:401(para)
22582
msgid ""
22583
"For more information see <ulink "
22584
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
22585
msgstr ""
22586
22587
#: serverguide/C/monitoring.xml:406(para)
22588
msgid ""
22589
"Specifically the <ulink "
22590
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
22591
"site."
22592
msgstr ""
22593
22594
#: serverguide/C/monitoring.xml:411(para)
22595
msgid ""
22596
"There is also a list of <ulink "
22597
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
22598
"Nagios and network monitoring:"
22599
msgstr ""
22600
22601
#: serverguide/C/monitoring.xml:417(para)
22602
msgid ""
22603
"The <ulink url=\"https://help.ubuntu.com/community/Nagios3\">Nagios Ubuntu "
22604
"Wiki</ulink> page also has more details."
22605
msgstr ""
22606
22607
#: serverguide/C/monitoring.xml:426(title)
22608
msgid "Munin"
22609
msgstr ""
22610
22611
#: serverguide/C/monitoring.xml:431(para)
22612
msgid ""
22613
"Before installing <application>Munin</application> on "
22614
"<emphasis>server01</emphasis><application>apache2</application> will need to "
22615
"be installed. The default configuration is fine for running a "
22616
"<application>munin</application> server. For more information see <xref "
22617
"linkend=\"httpd\"/>."
22618
msgstr ""
22619
22620
#: serverguide/C/monitoring.xml:437(para)
22621
msgid ""
22622
"First, on <emphasis>server01</emphasis> install "
22623
"<application>munin</application>. In a terminal enter:"
22624
msgstr ""
22625
22626
#: serverguide/C/monitoring.xml:442(command)
22627
msgid "sudo apt install munin"
22628
msgstr ""
22629
22630
#: serverguide/C/monitoring.xml:445(para)
22631
msgid ""
22632
"Now on <emphasis>server02</emphasis> install the <application>munin-"
22633
"node</application> package:"
22634
msgstr ""
22635
22636
#: serverguide/C/monitoring.xml:450(command)
22637
msgid "sudo apt install munin-node"
22638
msgstr ""
22639
22640
#: serverguide/C/monitoring.xml:457(para)
22641
msgid ""
22642
"On <emphasis>server01</emphasis> edit the "
22643
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
22644
"<emphasis>server02</emphasis>:"
22645
msgstr ""
22646
22647
#: serverguide/C/monitoring.xml:462(programlisting)
22648
#, no-wrap
22649
msgid ""
22650
"\n"
22651
"## First our \"normal\" host.\n"
22652
"[server02]\n"
22653
" address 172.18.100.101\n"
22654
msgstr ""
22655
22656
#: serverguide/C/monitoring.xml:469(para)
22657
msgid ""
22658
"Replace <emphasis>server02</emphasis> and "
22659
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
22660
"for your server."
22661
msgstr ""
22662
22663
#: serverguide/C/monitoring.xml:475(para)
22664
msgid ""
22665
"Next, configure <application>munin-node</application> on "
22666
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
22667
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
22668
msgstr ""
22669
22670
#: serverguide/C/monitoring.xml:480(programlisting)
22671
#, no-wrap
22672
msgid ""
22673
"\n"
22674
"allow ^172\\.18\\.100\\.100$\n"
22675
msgstr ""
22676
22677
#: serverguide/C/monitoring.xml:485(para)
22678
msgid ""
22679
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
22680
"<application>munin</application> server."
22681
msgstr ""
22682
22683
#: serverguide/C/monitoring.xml:490(para)
22684
msgid ""
22685
"Now restart <application>munin-node</application> on "
22686
"<emphasis>server02</emphasis> for the changes to take effect:"
22687
msgstr ""
22688
22689
#: serverguide/C/monitoring.xml:495(command)
22690
msgid "sudo systemctl restart munini-node.service"
22691
msgstr ""
22692
22693
#: serverguide/C/monitoring.xml:498(para)
22694
msgid ""
22695
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
22696
"you should see links to nice graphs displaying information from the standard "
22697
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
22698
msgstr ""
22699
22700
#: serverguide/C/monitoring.xml:504(para)
22701
msgid ""
22702
"Since this is a new install it may take some time for the graphs to display "
22703
"anything useful."
22704
msgstr ""
22705
22706
#: serverguide/C/monitoring.xml:511(title)
22707
msgid "Additional Plugins"
22708
msgstr ""
22709
22710
#: serverguide/C/monitoring.xml:513(para)
22711
msgid ""
22712
"The <application>munin-plugins-extra</application> package contains "
22713
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
22714
"install the package, from a terminal enter:"
22715
msgstr ""
22716
22717
#: serverguide/C/monitoring.xml:519(command)
22718
msgid "sudo apt install munin-plugins-extra"
22719
msgstr ""
22720
22721
#: serverguide/C/monitoring.xml:522(para)
22722
msgid "Be sure to install the package on both the server and node machines."
22723
msgstr ""
22724
22725
#: serverguide/C/monitoring.xml:532(para)
22726
msgid ""
22727
"See the <ulink url=\"http://munin-monitoring.org/\">Munin</ulink> website "
22728
"for more details."
22729
msgstr ""
22730
22731
#: serverguide/C/monitoring.xml:537(para)
22732
msgid ""
22733
"Specifically the <ulink "
22734
"url=\"https://munin.readthedocs.io/en/latest/\">Munin Documentation</ulink> "
22735
"page includes information on additional plugins, writing plugins, etc."
22736
msgstr ""
22737
22738
#: serverguide/C/mail.xml:11(title)
22739
msgid "Email Services"
22740
msgstr ""
22741
22742
#: serverguide/C/mail.xml:12(para)
22743
msgid ""
22744
"The process of getting an email from one person to another over a network or "
22745
"the Internet involves many systems working together. Each of these systems "
22746
"must be correctly configured for the process to work. The sender uses a "
22747
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
22748
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
22749
"the last of which will hand it off to a <emphasis>Mail Delivery "
22750
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
22751
"it will be retrieved by the recipient's email client, usually via a POP3 or "
22752
"IMAP server."
22753
msgstr ""
22754
22755
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1577(title)
22756
msgid "Postfix"
22757
msgstr ""
22758
22759
#: serverguide/C/mail.xml:23(para)
22760
msgid ""
22761
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
22762
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
22763
"compatible with the MTA <application>sendmail</application>. This section "
22764
"explains how to install and configure <application>postfix</application>. It "
22765
"also explains how to set it up as an SMTP server using a secure connection "
22766
"(for sending emails securely)."
22767
msgstr ""
22768
22769
#: serverguide/C/mail.xml:32(para)
22770
msgid ""
22771
"This guide does not cover setting up Postfix <emphasis>Virtual "
22772
"Domains</emphasis>, for information on Virtual Domains and other advanced "
22773
"configurations see <xref linkend=\"postfix-references\"/>."
22774
msgstr ""
22775
22776
#: serverguide/C/mail.xml:39(para)
22777
msgid ""
22778
"To install <application>postfix</application> run the following command:"
22779
msgstr ""
22780
22781
#: serverguide/C/mail.xml:45(para)
22782
msgid ""
22783
"Simply press return when the installation process asks questions, the "
22784
"configuration will be done in greater detail in the next stage."
22785
msgstr ""
22786
22787
#: serverguide/C/mail.xml:50(title)
22788
msgid "Basic Configuration"
22789
msgstr ""
22790
22791
#: serverguide/C/mail.xml:51(para)
22792
msgid ""
22793
"To configure <application>postfix</application>, run the following command:"
22794
msgstr ""
22795
22796
#: serverguide/C/mail.xml:55(command)
22797
msgid "sudo dpkg-reconfigure postfix"
22798
msgstr ""
22799
22800
#: serverguide/C/mail.xml:61(para)
22801
msgid "Internet Site"
22802
msgstr ""
22803
22804
#: serverguide/C/mail.xml:62(para)
22805
msgid "mail.example.com"
22806
msgstr ""
22807
22808
#: serverguide/C/mail.xml:63(para)
22809
msgid "steve"
22810
msgstr ""
22811
22812
#: serverguide/C/mail.xml:64(para)
22813
msgid "mail.example.com, localhost.localdomain, localhost"
22814
msgstr ""
22815
22816
#: serverguide/C/mail.xml:65(para)
22817
msgid "No"
22818
msgstr ""
22819
22820
#: serverguide/C/mail.xml:66(para)
22821
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
22822
msgstr ""
22823
22824
#: serverguide/C/mail.xml:67(para)
22825
msgid "0"
22826
msgstr ""
22827
22828
#: serverguide/C/mail.xml:68(para)
22829
msgid "+"
22830
msgstr ""
22831
22832
#: serverguide/C/mail.xml:69(para)
22833
msgid "all"
22834
msgstr ""
22835
22836
#: serverguide/C/mail.xml:57(para)
22837
msgid ""
22838
"The user interface will be displayed. On each screen, select the following "
22839
"values: <placeholder-1/>"
22840
msgstr ""
22841
22842
#: serverguide/C/mail.xml:73(para)
22843
msgid ""
22844
"Replace mail.example.com with the domain for which you'll accept email, "
22845
"192.168.0.0/24 with the actual network and class range of your mail server, "
22846
"and steve with the appropriate username."
22847
msgstr ""
22848
22849
#: serverguide/C/mail.xml:79(para)
22850
msgid ""
22851
"Now is a good time to decide which mailbox format you want to use. By "
22852
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
22853
"mailbox format. Rather than editing the configuration file directly, you can "
22854
"use the <command>postconf</command> command to configure all "
22855
"<application>postfix</application> parameters. The configuration parameters "
22856
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
22857
"you wish to re-configure a particular parameter, you can either run the "
22858
"command or change it manually in the file."
22859
msgstr ""
22860
22861
#: serverguide/C/mail.xml:90(para)
22862
msgid ""
22863
"To configure the mailbox format for <emphasis "
22864
"role=\"strong\">Maildir:</emphasis>"
22865
msgstr ""
22866
22867
#: serverguide/C/mail.xml:95(command)
22868
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
22869
msgstr ""
22870
22871
#: serverguide/C/mail.xml:98(para)
22872
msgid ""
22873
"This will place new mail in /home/<emphasis "
22874
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
22875
"your Mail Delivery Agent (MDA) to use the same path."
22876
msgstr ""
22877
22878
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
22879
msgid "SMTP Authentication"
22880
msgstr ""
22881
22882
#: serverguide/C/mail.xml:108(para)
22883
msgid ""
22884
"SMTP-AUTH allows a client to identify itself through an authentication "
22885
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
22886
"the authentication process. Once authenticated the SMTP server will allow "
22887
"the client to relay mail."
22888
msgstr ""
22889
22890
#: serverguide/C/mail.xml:115(para)
22891
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
22892
msgstr ""
22893
22894
#: serverguide/C/mail.xml:118(screen)
22895
#, no-wrap
22896
msgid ""
22897
"\n"
22898
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
22899
"sudo postconf -e 'smtpd_sasl_path = private/auth'\n"
22900
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
22901
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
22902
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
22903
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
22904
"sudo postconf -e 'smtpd_recipient_restrictions = \\\n"
22905
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
22906
msgstr ""
22907
22908
#: serverguide/C/mail.xml:129(para)
22909
msgid ""
22910
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
22911
"the Postfix queue directory."
22912
msgstr ""
22913
22914
#: serverguide/C/mail.xml:135(para)
22915
msgid ""
22916
"Next, generate or obtain a digital certificate for TLS. See <xref "
22917
"linkend=\"certificates-and-security\"/> for details. This example also uses "
22918
"a Certificate Authority (CA). For information on generating a CA certificate "
22919
"see <xref linkend=\"certificate-authority\"/>."
22920
msgstr ""
22921
22922
#: serverguide/C/mail.xml:141(para)
22923
msgid ""
22924
"MUAs connecting to your mail server via TLS will need to recognize the "
22925
"certificate used for TLS. This can either be done using a certificate from a "
22926
"commercial CA or with a self-signed certificate that users manually "
22927
"install/accept. For MTA to MTA TLS certficates are never validated without "
22928
"advance agreement from the affected organizations. For MTA to MTA TLS, "
22929
"unless local policy requires it, there is no reason not to use a self-signed "
22930
"certificate. Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> "
22931
"for more details."
22932
msgstr ""
22933
22934
#: serverguide/C/mail.xml:151(para)
22935
msgid ""
22936
"Once you have a certificate, configure Postfix to provide TLS encryption for "
22937
"both incoming and outgoing mail:"
22938
msgstr ""
22939
22940
#: serverguide/C/mail.xml:154(screen)
22941
#, no-wrap
22942
msgid ""
22943
"\n"
22944
"sudo postconf -e 'smtp_tls_security_level = may'\n"
22945
"sudo postconf -e 'smtpd_tls_security_level = may'\n"
22946
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
22947
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
22948
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
22949
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
22950
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
22951
"sudo postconf -e 'myhostname = mail.example.com'\n"
22952
msgstr ""
22953
22954
#: serverguide/C/mail.xml:166(para)
22955
msgid ""
22956
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
22957
"the certificate enter:"
22958
msgstr ""
22959
22960
#: serverguide/C/mail.xml:170(command)
22961
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
22962
msgstr ""
22963
22964
#: serverguide/C/mail.xml:173(para)
22965
msgid ""
22966
"Again, for more details about certificates see <xref linkend=\"certificates-"
22967
"and-security\"/>."
22968
msgstr ""
22969
22970
#: serverguide/C/mail.xml:179(para)
22971
msgid ""
22972
"After running all the commands, <application>Postfix</application> is "
22973
"configured for SMTP-AUTH and a self-signed certificate has been created for "
22974
"TLS encryption."
22975
msgstr ""
22976
22977
#: serverguide/C/mail.xml:184(para)
22978
msgid ""
22979
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
22980
"this:"
22981
msgstr ""
22982
22983
#: serverguide/C/mail.xml:187(programlisting)
22984
#, no-wrap
22985
msgid ""
22986
"\n"
22987
"# See /usr/share/postfix/main.cf.dist for a commented, more complete\n"
22988
"# version\n"
22989
"\n"
22990
"smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)\n"
22991
"biff = no\n"
22992
"\n"
22993
"# appending .domain is the MUA's job.\n"
22994
"append_dot_mydomain = no\n"
22995
"\n"
22996
"# Uncomment the next line to generate \"delayed mail\" warnings\n"
22997
"#delay_warning_time = 4h\n"
22998
"\n"
22999
"myhostname = server1.example.com\n"
23000
"alias_maps = hash:/etc/aliases\n"
23001
"alias_database = hash:/etc/aliases\n"
23002
"myorigin = /etc/mailname\n"
23003
"mydestination = server1.example.com, localhost.example.com, localhost\n"
23004
"relayhost =\n"
23005
"mynetworks = 127.0.0.0/8\n"
23006
"mailbox_command = procmail -a \"$EXTENSION\"\n"
23007
"mailbox_size_limit = 0\n"
23008
"recipient_delimiter = +\n"
23009
"inet_interfaces = all\n"
23010
"smtpd_sasl_local_domain =\n"
23011
"smtpd_sasl_auth_enable = yes\n"
23012
"smtpd_sasl_security_options = noanonymous\n"
23013
"broken_sasl_auth_clients = yes\n"
23014
"smtpd_recipient_restrictions =\n"
23015
"permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination\n"
23016
"smtpd_tls_auth_only = no\n"
23017
"smtp_tls_security_level = may\n"
23018
"smtpd_tls_security_level = may\n"
23019
"smtp_tls_note_starttls_offer = yes\n"
23020
"smtpd_tls_key_file = /etc/ssl/private/smtpd.key\n"
23021
"smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt\n"
23022
"smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem\n"
23023
"smtpd_tls_loglevel = 1\n"
23024
"smtpd_tls_received_header = yes\n"
23025
"smtpd_tls_session_cache_timeout = 3600s\n"
23026
"tls_random_source = dev:/dev/urandom\n"
23027
msgstr ""
23028
23029
#: serverguide/C/mail.xml:229(para)
23030
msgid ""
23031
"The postfix initial configuration is complete. Run the following command to "
23032
"restart the postfix daemon:"
23033
msgstr ""
23034
23035
#: serverguide/C/mail.xml:235(command) serverguide/C/mail.xml:354(command) serverguide/C/mail.xml:417(command) serverguide/C/mail.xml:1046(command) serverguide/C/mail.xml:1628(command)
23036
msgid "sudo systemctl restart postfix.service"
23037
msgstr ""
23038
23039
#: serverguide/C/mail.xml:238(para)
23040
msgid ""
23041
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
23042
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
23043
"<ulink url=\"http://www.ietf.org/rfc/rfc2222.txt\">SASL</ulink>. However it "
23044
"is still necessary to set up SASL authentication before you can use SMTP-"
23045
"AUTH."
23046
msgstr ""
23047
23048
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
23049
msgid "Configuring SASL"
23050
msgstr ""
23051
23052
#: serverguide/C/mail.xml:249(para)
23053
msgid ""
23054
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
23055
"enable Dovecot SASL the <application>dovecot-core</application> package will "
23056
"need to be installed. From a terminal prompt enter the following:"
23057
msgstr ""
23058
23059
#: serverguide/C/mail.xml:255(command)
23060
msgid "sudo apt install dovecot-core"
23061
msgstr ""
23062
23063
#: serverguide/C/mail.xml:257(para)
23064
msgid ""
23065
"Next you will need to edit <filename>/etc/dovecot/conf.d/10-"
23066
"master.conf</filename>. Change the following:"
23067
msgstr ""
23068
23069
#: serverguide/C/mail.xml:260(programlisting)
23070
#, no-wrap
23071
msgid ""
23072
"\n"
23073
"service auth {\n"
23074
" # auth_socket_path points to this userdb socket by default. It's "
23075
"typically\n"
23076
" # used by dovecot-lda, doveadm, possibly imap process, etc. Its default\n"
23077
" # permissions make it readable only by root, but you may need to relax "
23078
"these\n"
23079
" # permissions. Users that have access to this socket are able to get a "
23080
"list\n"
23081
" # of all usernames and get results of everyone's userdb lookups.\n"
23082
" unix_listener auth-userdb {\n"
23083
" #mode = 0600\n"
23084
" #user = \n"
23085
" #group = \n"
23086
" }\n"
23087
"\n"
23088
" # Postfix smtp-auth\n"
23089
" unix_listener /var/spool/postfix/private/auth {\n"
23090
" mode = 0660\n"
23091
" user = postfix\n"
23092
" group = postfix\n"
23093
" }\n"
23094
msgstr ""
23095
23096
#: serverguide/C/mail.xml:281(para)
23097
msgid ""
23098
"In order to let <application>Outlook</application> clients use SMTP-AUTH, in "
23099
"the <emphasis>authentication mechanisms</emphasis> section of "
23100
"/etc/dovecot/conf.d/10-auth.conf change this line:"
23101
msgstr ""
23102
23103
#: serverguide/C/mail.xml:286(programlisting)
23104
#, no-wrap
23105
msgid ""
23106
"\n"
23107
"auth_mechanisms = plain\n"
23108
msgstr ""
23109
23110
#: serverguide/C/mail.xml:290(para)
23111
msgid "To this:"
23112
msgstr ""
23113
23114
#: serverguide/C/mail.xml:294(programlisting)
23115
#, no-wrap
23116
msgid ""
23117
"\n"
23118
"auth_mechanisms = plain login\n"
23119
msgstr ""
23120
23121
#: serverguide/C/mail.xml:298(para)
23122
msgid ""
23123
"Once you have <application>Dovecot</application> configured restart it with:"
23124
msgstr ""
23125
23126
#: serverguide/C/mail.xml:302(command) serverguide/C/mail.xml:798(command)
23127
msgid "sudo systemctl restart dovecot.service"
23128
msgstr ""
23129
23130
#: serverguide/C/mail.xml:307(title)
23131
msgid "Mail-Stack Delivery"
23132
msgstr ""
23133
23134
#: serverguide/C/mail.xml:309(para)
23135
msgid ""
23136
"Another option for configuring <application>Postfix</application> for SMTP-"
23137
"AUTH is using the <application>mail-stack-delivery</application> package "
23138
"(previously packaged as dovecot-postfix). This package will install "
23139
"<application>Dovecot</application> and configure "
23140
"<application>Postfix</application> to use it for both SASL authentication "
23141
"and as a Mail Delivery Agent (MDA). The package also configures "
23142
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
23143
msgstr ""
23144
23145
#: serverguide/C/mail.xml:319(para)
23146
msgid ""
23147
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
23148
"server. For example, if you are configuring your server to be a mail "
23149
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
23150
"the above commands to configure Postfix for SMTP-AUTH."
23151
msgstr ""
23152
23153
#: serverguide/C/mail.xml:326(para)
23154
msgid "To install the package, from a terminal prompt enter:"
23155
msgstr ""
23156
23157
#: serverguide/C/mail.xml:331(command)
23158
msgid "sudo apt install mail-stack-delivery"
23159
msgstr ""
23160
23161
#: serverguide/C/mail.xml:334(para)
23162
msgid ""
23163
"You should now have a working mail server, but there are a few options that "
23164
"you may wish to further customize. For example, the package uses the "
23165
"certificate and key from the <application>ssl-cert</application> package, "
23166
"and in a production environment you should use a certificate and key "
23167
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
23168
"for more details."
23169
msgstr ""
23170
23171
#: serverguide/C/mail.xml:340(para)
23172
msgid ""
23173
"Once you have a customized certificate and key for the host, change the "
23174
"following options in <filename>/etc/postfix/main.cf</filename>:"
23175
msgstr ""
23176
23177
#: serverguide/C/mail.xml:344(programlisting)
23178
#, no-wrap
23179
msgid ""
23180
"\n"
23181
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
23182
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
23183
msgstr ""
23184
23185
#: serverguide/C/mail.xml:349(para)
23186
msgid "Then restart Postfix:"
23187
msgstr ""
23188
23189
#: serverguide/C/mail.xml:360(para)
23190
msgid ""
23191
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
23192
msgstr ""
23193
23194
#: serverguide/C/mail.xml:363(para)
23195
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
23196
msgstr ""
23197
23198
#: serverguide/C/mail.xml:368(command)
23199
msgid "telnet mail.example.com 25"
23200
msgstr ""
23201
23202
#: serverguide/C/mail.xml:370(para)
23203
msgid ""
23204
"After you have established the connection to the postfix mail server, type:"
23205
msgstr ""
23206
23207
#: serverguide/C/mail.xml:374(screen)
23208
#, no-wrap
23209
msgid ""
23210
"\n"
23211
"ehlo mail.example.com\n"
23212
msgstr ""
23213
23214
#: serverguide/C/mail.xml:377(para)
23215
msgid ""
23216
"If you see the following lines among others, then everything is working "
23217
"perfectly. Type <command>quit</command> to exit."
23218
msgstr ""
23219
23220
#: serverguide/C/mail.xml:381(programlisting)
23221
#, no-wrap
23222
msgid ""
23223
"\n"
23224
"250-STARTTLS\n"
23225
"250-AUTH LOGIN PLAIN\n"
23226
"250-AUTH=LOGIN PLAIN\n"
23227
"250 8BITMIME\n"
23228
msgstr ""
23229
23230
#: serverguide/C/mail.xml:391(para)
23231
msgid ""
23232
"This section introduces some common ways to determine the cause if problems "
23233
"arise."
23234
msgstr ""
23235
23236
#: serverguide/C/mail.xml:395(title)
23237
msgid "Escaping chroot"
23238
msgstr ""
23239
23240
#: serverguide/C/mail.xml:396(para)
23241
msgid ""
23242
"The Ubuntu <application>postfix</application> package will by default "
23243
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
23244
"This can add greater complexity when troubleshooting problems."
23245
msgstr ""
23246
23247
#: serverguide/C/mail.xml:400(para)
23248
msgid ""
23249
"To turn off the chroot operation locate for the following line in the "
23250
"<filename>/etc/postfix/master.cf</filename> configuration file:"
23251
msgstr ""
23252
23253
#: serverguide/C/mail.xml:404(screen)
23254
#, no-wrap
23255
msgid ""
23256
"\n"
23257
"smtp inet n - - - - smtpd\n"
23258
msgstr ""
23259
23260
#: serverguide/C/mail.xml:407(para)
23261
msgid "and modify it as follows:"
23262
msgstr ""
23263
23264
#: serverguide/C/mail.xml:410(screen)
23265
#, no-wrap
23266
msgid ""
23267
"\n"
23268
"smtp inet n - n - - smtpd\n"
23269
msgstr ""
23270
23271
#: serverguide/C/mail.xml:413(para)
23272
msgid ""
23273
"You will then need to restart Postfix to use the new configuration. From a "
23274
"terminal prompt enter:"
23275
msgstr ""
23276
23277
#: serverguide/C/mail.xml:421(title)
23278
msgid "Smtps"
23279
msgstr ""
23280
23281
#: serverguide/C/mail.xml:422(para)
23282
msgid ""
23283
"If you need smtps, edit <filename>/etc/postfix/master.cf</filename> and "
23284
"uncomment the following line:"
23285
msgstr ""
23286
23287
#: serverguide/C/mail.xml:425(programlisting)
23288
#, no-wrap
23289
msgid ""
23290
"\n"
23291
"smtps inet n - - - - smtpd\n"
23292
" -o smtpd_tls_wrappermode=yes\n"
23293
" -o smtpd_sasl_auth_enable=yes\n"
23294
" -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n"
23295
" -o milter_macro_daemon_name=ORIGINATING\n"
23296
"\t "
23297
msgstr ""
23298
23299
#: serverguide/C/mail.xml:434(title)
23300
msgid "Log Files"
23301
msgstr ""
23302
23303
#: serverguide/C/mail.xml:435(para)
23304
msgid ""
23305
"<application>Postfix</application> sends all log messages to "
23306
"<filename>/var/log/mail.log</filename>. However error and warning messages "
23307
"can sometimes get lost in the normal log output so they are also logged to "
23308
"<filename>/var/log/mail.err</filename> and "
23309
"<filename>/var/log/mail.warn</filename> respectively."
23310
msgstr ""
23311
23312
#: serverguide/C/mail.xml:440(para)
23313
msgid ""
23314
"To see messages entered into the logs in real time you can use the "
23315
"<application>tail -f</application> command:"
23316
msgstr ""
23317
23318
#: serverguide/C/mail.xml:445(command)
23319
msgid "tail -f /var/log/mail.err"
23320
msgstr ""
23321
23322
#: serverguide/C/mail.xml:447(para)
23323
msgid ""
23324
"The amount of detail that is recorded in the logs can be increased. Below "
23325
"are some configuration options for increasing the log level for some of the "
23326
"areas covered above."
23327
msgstr ""
23328
23329
#: serverguide/C/mail.xml:453(para)
23330
msgid ""
23331
"To increase <emphasis>TLS</emphasis> activity logging set the "
23332
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
23333
msgstr ""
23334
23335
#: serverguide/C/mail.xml:457(command)
23336
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
23337
msgstr ""
23338
23339
#: serverguide/C/mail.xml:461(para)
23340
msgid ""
23341
"If you are having trouble sending or receiving mail from a specific domain "
23342
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
23343
msgstr ""
23344
23345
#: serverguide/C/mail.xml:466(command)
23346
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
23347
msgstr ""
23348
23349
#: serverguide/C/mail.xml:470(para)
23350
msgid ""
23351
"You can increase the verbosity of any <application>Postfix</application> "
23352
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
23353
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
23354
"<emphasis>smtp</emphasis> entry:"
23355
msgstr ""
23356
23357
#: serverguide/C/mail.xml:474(programlisting)
23358
#, no-wrap
23359
msgid ""
23360
"\n"
23361
"smtp unix - - - - - smtp -v\n"
23362
msgstr ""
23363
23364
#: serverguide/C/mail.xml:480(para)
23365
msgid ""
23366
"It is important to note that after making one of the logging changes above "
23367
"the <application>Postfix</application> process will need to be reloaded in "
23368
"order to recognize the new configuration: <command>sudo systemctl reload "
23369
"postfix.service</command>"
23370
msgstr ""
23371
23372
#: serverguide/C/mail.xml:487(para)
23373
msgid ""
23374
"To increase the amount of information logged when troubleshooting "
23375
"<emphasis>SASL</emphasis> issues you can set the following options in "
23376
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
23377
msgstr ""
23378
23379
#: serverguide/C/mail.xml:491(programlisting)
23380
#, no-wrap
23381
msgid ""
23382
"\n"
23383
"auth_debug=yes\n"
23384
"auth_debug_passwords=yes\n"
23385
msgstr ""
23386
23387
#: serverguide/C/mail.xml:498(para)
23388
msgid ""
23389
"Just like <application>Postfix</application> if you change a "
23390
"<application>Dovecot</application> configuration the process will need to be "
23391
"reloaded: <command>sudo systemctl reload dovecot.service</command>."
23392
msgstr ""
23393
23394
#: serverguide/C/mail.xml:504(para)
23395
msgid ""
23396
"Some of the options above can drastically increase the amount of information "
23397
"sent to the log files. Remember to return the log level back to normal after "
23398
"you have corrected the problem. Then reload the appropriate daemon for the "
23399
"new configuration to take affect."
23400
msgstr ""
23401
23402
#: serverguide/C/mail.xml:512(para)
23403
msgid ""
23404
"Administering a <application>Postfix</application> server can be a very "
23405
"complicated task. At some point you may need to turn to the Ubuntu community "
23406
"for more experienced help."
23407
msgstr ""
23408
23409
#: serverguide/C/mail.xml:516(para)
23410
msgid ""
23411
"A great place to ask for <application>Postfix</application> assistance, and "
23412
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
23413
"server</emphasis> IRC channel on <ulink "
23414
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
23415
"one of the <ulink "
23416
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
23417
msgstr ""
23418
23419
#: serverguide/C/mail.xml:521(para)
23420
msgid ""
23421
"For in depth <application>Postfix</application> information Ubuntu "
23422
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
23423
"Book of Postfix</ulink>."
23424
msgstr ""
23425
23426
#: serverguide/C/mail.xml:525(para)
23427
msgid ""
23428
"Finally, the <ulink "
23429
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
23430
"also has great documentation on all the different configuration options "
23431
"available."
23432
msgstr ""
23433
23434
#: serverguide/C/mail.xml:529(para)
23435
msgid ""
23436
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
23437
"Wiki Postfix</ulink> page has more information."
23438
msgstr ""
23439
23440
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
23441
msgid "Exim4"
23442
msgstr ""
23443
23444
#: serverguide/C/mail.xml:538(para)
23445
msgid ""
23446
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
23447
"developed at the University of Cambridge for use on Unix systems connected "
23448
"to the Internet. Exim can be installed in place of "
23449
"<application>sendmail</application>, although the configuration of "
23450
"<application>exim</application> is quite different to that of "
23451
"<application>sendmail</application>."
23452
msgstr ""
23453
23454
#: serverguide/C/mail.xml:549(para)
23455
msgid ""
23456
"To install <application>exim4</application>, run the following command: "
23457
"<screen>\n"
23458
"<command>sudo apt install exim4</command>\n"
23459
"</screen>"
23460
msgstr ""
23461
23462
#: serverguide/C/mail.xml:558(para)
23463
msgid ""
23464
"To configure <application>Exim4</application>, run the following command:"
23465
msgstr ""
23466
23467
#: serverguide/C/mail.xml:562(command)
23468
msgid "sudo dpkg-reconfigure exim4-config"
23469
msgstr ""
23470
23471
#: serverguide/C/mail.xml:564(para)
23472
msgid ""
23473
"The user interface will be displayed. The user interface lets you configure "
23474
"many parameters. For example, In <application>Exim4</application> the "
23475
"configuration files are split among multiple files. If you wish to have them "
23476
"in one file you can configure accordingly in this user interface."
23477
msgstr ""
23478
23479
#: serverguide/C/mail.xml:572(para)
23480
msgid ""
23481
"All the parameters you configure in the user interface are stored in "
23482
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
23483
"re-configure, either you re-run the configuration wizard or manually edit "
23484
"this file using your favorite editor. Once you configure, you can run the "
23485
"following command to generate the master configuration file:"
23486
msgstr ""
23487
23488
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
23489
msgid "sudo update-exim4.conf"
23490
msgstr ""
23491
23492
#: serverguide/C/mail.xml:585(para)
23493
msgid ""
23494
"The master configuration file, is generated and it is stored in "
23495
"<filename>/var/lib/exim4/config.autogenerated</filename>."
23496
msgstr ""
23497
23498
#: serverguide/C/mail.xml:591(para)
23499
msgid ""
23500
"At any time, you should not edit the master configuration file, "
23501
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
23502
"updated automatically every time you run <command>update-exim4.conf</command>"
23503
msgstr ""
23504
23505
#: serverguide/C/mail.xml:599(para)
23506
msgid ""
23507
"You can run the following command to start <application>Exim4</application> "
23508
"daemon."
23509
msgstr ""
23510
23511
#: serverguide/C/mail.xml:604(command) serverguide/C/mail.xml:1056(command)
23512
msgid "sudo systemctl start exim4.service"
23513
msgstr ""
23514
23515
#: serverguide/C/mail.xml:609(para)
23516
msgid ""
23517
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
23518
msgstr ""
23519
23520
#: serverguide/C/mail.xml:612(para)
23521
msgid ""
23522
"The first step is to create a certificate for use with TLS. Enter the "
23523
"following into a terminal prompt:"
23524
msgstr ""
23525
23526
#: serverguide/C/mail.xml:616(command)
23527
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
23528
msgstr ""
23529
23530
#: serverguide/C/mail.xml:618(para)
23531
msgid ""
23532
"Now Exim4 needs to be configured for TLS by editing "
23533
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
23534
"the following:"
23535
msgstr ""
23536
23537
#: serverguide/C/mail.xml:622(programlisting)
23538
#, no-wrap
23539
msgid ""
23540
"\n"
23541
"MAIN_TLS_ENABLE = yes\n"
23542
msgstr ""
23543
23544
#: serverguide/C/mail.xml:625(para)
23545
msgid ""
23546
"Next you need to configure <application>Exim4</application> to use the "
23547
"<application>saslauthd</application> for authentication. Edit "
23548
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
23549
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
23550
"<emphasis>login_saslauthd_server</emphasis> sections:"
23551
msgstr ""
23552
23553
#: serverguide/C/mail.xml:630(programlisting)
23554
#, no-wrap
23555
msgid ""
23556
"\n"
23557
" plain_saslauthd_server:\n"
23558
" driver = plaintext\n"
23559
" public_name = PLAIN\n"
23560
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
23561
" server_set_id = $auth2\n"
23562
" server_prompts = :\n"
23563
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
23564
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
23565
" .endif\n"
23566
"#\n"
23567
" login_saslauthd_server:\n"
23568
" driver = plaintext\n"
23569
" public_name = LOGIN\n"
23570
" server_prompts = \"Username:: : Password::\"\n"
23571
" # don't send system passwords over unencrypted connections\n"
23572
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
23573
" server_set_id = $auth1\n"
23574
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
23575
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
23576
" .endif\n"
23577
msgstr ""
23578
23579
#: serverguide/C/mail.xml:652(para)
23580
msgid ""
23581
"Additionally, in order for outside mail client to be able to connect to new "
23582
"exim server, new user needs to be added into exim by using the following "
23583
"commands."
23584
msgstr ""
23585
23586
#: serverguide/C/mail.xml:656(command)
23587
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
23588
msgstr ""
23589
23590
#: serverguide/C/mail.xml:658(para)
23591
msgid ""
23592
"Users should protect the new exim password files with the following commands."
23593
msgstr ""
23594
23595
#: serverguide/C/mail.xml:660(command)
23596
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
23597
msgstr ""
23598
23599
#: serverguide/C/mail.xml:661(command)
23600
msgid "sudo chmod 640 /etc/exim4/passwd"
23601
msgstr ""
23602
23603
#: serverguide/C/mail.xml:663(para)
23604
msgid "Finally, update the Exim4 configuration and restart the service:"
23605
msgstr ""
23606
23607
#: serverguide/C/mail.xml:668(command)
23608
msgid "sudo systemctl restart exim4.service"
23609
msgstr ""
23610
23611
#: serverguide/C/mail.xml:673(para)
23612
msgid ""
23613
"This section provides details on configuring the saslauthd to provide "
23614
"authentication for <application>Exim4</application>."
23615
msgstr ""
23616
23617
#: serverguide/C/mail.xml:676(para)
23618
msgid ""
23619
"The first step is to install the sasl2-bin package. From a terminal prompt "
23620
"enter the following:"
23621
msgstr ""
23622
23623
#: serverguide/C/mail.xml:680(command)
23624
msgid "sudo apt install sasl2-bin"
23625
msgstr ""
23626
23627
#: serverguide/C/mail.xml:682(para)
23628
msgid ""
23629
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
23630
"and set START=no to:"
23631
msgstr ""
23632
23633
#: serverguide/C/mail.xml:688(para)
23634
msgid ""
23635
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
23636
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
23637
"service:"
23638
msgstr ""
23639
23640
#: serverguide/C/mail.xml:693(command)
23641
msgid "sudo adduser Debian-exim sasl"
23642
msgstr ""
23643
23644
#: serverguide/C/mail.xml:695(para)
23645
msgid "Now start the <application>saslauthd</application> service:"
23646
msgstr ""
23647
23648
#: serverguide/C/mail.xml:699(command)
23649
msgid "sudo systemctl start saslauthd.service"
23650
msgstr ""
23651
23652
#: serverguide/C/mail.xml:701(para)
23653
msgid ""
23654
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
23655
"and SASL authentication."
23656
msgstr ""
23657
23658
#: serverguide/C/mail.xml:710(para)
23659
msgid ""
23660
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
23661
"information."
23662
msgstr ""
23663
23664
#: serverguide/C/mail.xml:715(para)
23665
msgid ""
23666
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
23667
"server\">Exim4 Book</ulink> available."
23668
msgstr ""
23669
23670
#: serverguide/C/mail.xml:720(para)
23671
msgid ""
23672
"Another resource is the <ulink "
23673
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
23674
"page."
23675
msgstr ""
23676
23677
#: serverguide/C/mail.xml:729(title)
23678
msgid "Dovecot Server"
23679
msgstr ""
23680
23681
#: serverguide/C/mail.xml:730(para)
23682
msgid ""
23683
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
23684
"security primarily in mind. It supports the major mailbox formats: mbox or "
23685
"Maildir. This section explain how to set it up as an imap or pop3 server."
23686
msgstr ""
23687
23688
#: serverguide/C/mail.xml:738(para)
23689
msgid ""
23690
"To install <application>dovecot</application>, run the following command in "
23691
"the command prompt:"
23692
msgstr ""
23693
23694
#: serverguide/C/mail.xml:743(command)
23695
msgid "sudo apt install dovecot-imapd dovecot-pop3d"
23696
msgstr ""
23697
23698
#: serverguide/C/mail.xml:748(para)
23699
msgid ""
23700
"To configure <application>dovecot</application>, you can edit the file "
23701
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
23702
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
23703
"secure). A description of these protocols is beyond the scope of this guide. "
23704
"For further information, refer to the Wikipedia articles on <ulink "
23705
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
23706
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
23707
"link>."
23708
msgstr ""
23709
23710
#: serverguide/C/mail.xml:758(para)
23711
msgid ""
23712
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
23713
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
23714
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
23715
msgstr ""
23716
23717
#: serverguide/C/mail.xml:764(programlisting)
23718
#, no-wrap
23719
msgid ""
23720
"\n"
23721
"protocols = pop3 pop3s imap imaps\n"
23722
msgstr ""
23723
23724
#: serverguide/C/mail.xml:767(para)
23725
msgid ""
23726
"Next, choose the mailbox you would like to use. "
23727
"<application>Dovecot</application> supports <emphasis "
23728
"role=\"strong\">maildir</emphasis> and <emphasis "
23729
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
23730
"mailbox formats. They both have their own benefits and are discussed on "
23731
"<ulink url=\"http://wiki2.dovecot.org/MailboxFormat\">the Dovecot web "
23732
"site</ulink>."
23733
msgstr ""
23734
23735
#: serverguide/C/mail.xml:775(para)
23736
msgid ""
23737
"Once you have chosen your mailbox type, edit the file "
23738
"<filename>/etc/dovecot/conf.d/10-mail.conf</filename> and change the "
23739
"following line:"
23740
msgstr ""
23741
23742
#: serverguide/C/mail.xml:780(programlisting)
23743
#, no-wrap
23744
msgid ""
23745
"\n"
23746
"mail_location = maildir:~/Maildir # (for maildir)\n"
23747
"or\n"
23748
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
23749
msgstr ""
23750
23751
#: serverguide/C/mail.xml:786(para)
23752
msgid ""
23753
"You should configure your Mail Transport Agent (MTA) to transfer the "
23754
"incoming mail to this type of mailbox if it is different from the one you "
23755
"have configured."
23756
msgstr ""
23757
23758
#: serverguide/C/mail.xml:792(para)
23759
msgid ""
23760
"Once you have configured dovecot, restart the "
23761
"<application>dovecot</application> daemon in order to test your setup:"
23762
msgstr ""
23763
23764
#: serverguide/C/mail.xml:801(para)
23765
msgid ""
23766
"If you have enabled imap, or pop3, you can also try to log in with the "
23767
"commands <command>telnet localhost pop3</command> or <command>telnet "
23768
"localhost imap2</command>. If you see something like the following, the "
23769
"installation has been successful:"
23770
msgstr ""
23771
23772
#: serverguide/C/mail.xml:808(programlisting)
23773
#, no-wrap
23774
msgid ""
23775
"\n"
23776
"bhuvan@rainbow:~$ telnet localhost pop3\n"
23777
"Trying 127.0.0.1...\n"
23778
"Connected to localhost.localdomain.\n"
23779
"Escape character is '^]'.\n"
23780
"+OK Dovecot ready.\n"
23781
msgstr ""
23782
23783
#: serverguide/C/mail.xml:817(title)
23784
msgid "Dovecot SSL Configuration"
23785
msgstr ""
23786
23787
#: serverguide/C/mail.xml:818(para)
23788
msgid ""
23789
"To configure <application>dovecot</application> to use SSL, you can edit the "
23790
"file <filename>/etc/dovecot/conf.d/10-ssl.conf</filename> and amend "
23791
"following lines:"
23792
msgstr ""
23793
23794
#: serverguide/C/mail.xml:830(para)
23795
msgid ""
23796
"You can get the SSL certificate from a Certificate Issuing Authority or you "
23797
"can create self signed SSL certificate. The latter is a good option for "
23798
"email, because SMTP clients rarely complain about \"self-signed "
23799
"certificates\". Please refer to <xref linkend=\"certificates-and-"
23800
"security\"/> for details about how to create self signed SSL certificate. "
23801
"Once you create the certificate, you will have a key file and a certificate "
23802
"file. Please copy them to the location pointed in the "
23803
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
23804
msgstr ""
23805
23806
#: serverguide/C/mail.xml:845(title)
23807
msgid "Firewall Configuration for an Email Server"
23808
msgstr ""
23809
23810
#: serverguide/C/mail.xml:851(para)
23811
msgid "IMAP - 143"
23812
msgstr ""
23813
23814
#: serverguide/C/mail.xml:852(para)
23815
msgid "IMAPS - 993"
23816
msgstr ""
23817
23818
#: serverguide/C/mail.xml:853(para)
23819
msgid "POP3 - 110"
23820
msgstr ""
23821
23822
#: serverguide/C/mail.xml:854(para)
23823
msgid "POP3S - 995"
23824
msgstr ""
23825
23826
#: serverguide/C/mail.xml:846(para)
23827
msgid ""
23828
"To access your mail server from another computer, you must configure your "
23829
"firewall to allow connections to the server on the necessary ports. "
23830
"<placeholder-1/>"
23831
msgstr ""
23832
23833
#: serverguide/C/mail.xml:863(para)
23834
msgid ""
23835
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
23836
"more information."
23837
msgstr ""
23838
23839
#: serverguide/C/mail.xml:868(para)
23840
msgid ""
23841
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
23842
"Ubuntu Wiki</ulink> page has more details."
23843
msgstr ""
23844
23845
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
23846
msgid "Mailman"
23847
msgstr ""
23848
23849
#: serverguide/C/mail.xml:878(para)
23850
msgid ""
23851
"Mailman is an open source program for managing electronic mail discussions "
23852
"and e-newsletter lists. Many open source mailing lists (including all the "
23853
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
23854
"Mailman as their mailing list software. It is powerful and easy to install "
23855
"and maintain."
23856
msgstr ""
23857
23858
#: serverguide/C/mail.xml:888(para)
23859
msgid ""
23860
"Mailman provides a web interface for the administrators and users, using an "
23861
"external mail server to send and receive emails. It works perfectly with the "
23862
"following mail servers:"
23863
msgstr ""
23864
23865
#: serverguide/C/mail.xml:899(application)
23866
msgid "Exim"
23867
msgstr ""
23868
23869
#: serverguide/C/mail.xml:902(application)
23870
msgid "Sendmail"
23871
msgstr ""
23872
23873
#: serverguide/C/mail.xml:905(application)
23874
msgid "Qmail"
23875
msgstr ""
23876
23877
#: serverguide/C/mail.xml:910(para)
23878
msgid ""
23879
"We will see how to install and configure Mailman with, the Apache web "
23880
"server, and either the Postfix or Exim mail server. If you wish to install "
23881
"Mailman with a different mail server, please refer to the references section."
23882
msgstr ""
23883
23884
#: serverguide/C/mail.xml:917(para)
23885
msgid ""
23886
"You only need to install one mail server and "
23887
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
23888
msgstr ""
23889
23890
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
23891
msgid "Apache2"
23892
msgstr ""
23893
23894
#: serverguide/C/mail.xml:923(para)
23895
msgid ""
23896
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
23897
"details."
23898
msgstr ""
23899
23900
#: serverguide/C/mail.xml:929(para)
23901
msgid ""
23902
"For instructions on installing and configuring Postfix refer to <xref "
23903
"linkend=\"postfix\"/>"
23904
msgstr ""
23905
23906
#: serverguide/C/mail.xml:935(para)
23907
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
23908
msgstr ""
23909
23910
#: serverguide/C/mail.xml:938(para)
23911
msgid ""
23912
"Once exim4 is installed, the configuration files are stored in the "
23913
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
23914
"configuration files are split across different files. You can change this "
23915
"behavior by changing the following variable in the "
23916
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
23917
msgstr ""
23918
23919
#: serverguide/C/mail.xml:945(programlisting)
23920
#, no-wrap
23921
msgid ""
23922
"\n"
23923
"dc_use_split_config='true'\n"
23924
msgstr ""
23925
23926
#: serverguide/C/mail.xml:953(para)
23927
msgid ""
23928
"To install <application>Mailman</application>, run following command at a "
23929
"terminal prompt:"
23930
msgstr ""
23931
23932
#: serverguide/C/mail.xml:957(command)
23933
msgid "sudo apt install mailman"
23934
msgstr ""
23935
23936
#: serverguide/C/mail.xml:959(para)
23937
msgid ""
23938
"It copies the installation files in "
23939
"<application>/var/lib/mailman</application> directory. It installs the CGI "
23940
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
23941
"creates <emphasis>list</emphasis> linux user. It creates the "
23942
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
23943
"this user."
23944
msgstr ""
23945
23946
#: serverguide/C/mail.xml:971(para)
23947
msgid ""
23948
"This section assumes you have successfully installed "
23949
"<application>mailman</application>, <application>apache2</application>, and "
23950
"<application>postfix</application> or <application>exim4</application>. Now "
23951
"you just need to configure them."
23952
msgstr ""
23953
23954
#: serverguide/C/mail.xml:980(para)
23955
msgid ""
23956
"An example Apache configuration file comes with "
23957
"<application>Mailman</application> and is placed in "
23958
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
23959
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
23960
"available</filename>:"
23961
msgstr ""
23962
23963
#: serverguide/C/mail.xml:986(command)
23964
msgid ""
23965
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
23966
msgstr ""
23967
23968
#: serverguide/C/mail.xml:988(para)
23969
msgid ""
23970
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
23971
"Mailman administration site. Now enable the new configuration and restart "
23972
"Apache:"
23973
msgstr ""
23974
23975
#: serverguide/C/mail.xml:993(command)
23976
msgid "sudo a2ensite mailman.conf"
23977
msgstr ""
23978
23979
#: serverguide/C/mail.xml:996(para)
23980
msgid ""
23981
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
23982
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
23983
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
23984
"can make changes to the <filename>/etc/apache2/sites-"
23985
"available/mailman.conf</filename> file if you wish to change this behavior."
23986
msgstr ""
23987
23988
#: serverguide/C/mail.xml:1007(para)
23989
msgid ""
23990
"For <application>Postfix</application> integration, we will associate the "
23991
"domain lists.example.com with the mailing lists. Please replace "
23992
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
23993
msgstr ""
23994
23995
#: serverguide/C/mail.xml:1011(para)
23996
msgid ""
23997
"You can use the postconf command to add the necessary configuration to "
23998
"<filename>/etc/postfix/main.cf</filename>:"
23999
msgstr ""
24000
24001
#: serverguide/C/mail.xml:1015(command)
24002
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
24003
msgstr ""
24004
24005
#: serverguide/C/mail.xml:1016(command)
24006
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
24007
msgstr ""
24008
24009
#: serverguide/C/mail.xml:1017(command)
24010
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
24011
msgstr ""
24012
24013
#: serverguide/C/mail.xml:1019(para)
24014
msgid ""
24015
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
24016
"the following transport:"
24017
msgstr ""
24018
24019
#: serverguide/C/mail.xml:1022(programlisting)
24020
#, no-wrap
24021
msgid ""
24022
"\n"
24023
"mailman unix - n n - - pipe\n"
24024
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
24025
" ${nexthop} ${user}\n"
24026
msgstr ""
24027
24028
#: serverguide/C/mail.xml:1027(para)
24029
msgid ""
24030
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
24031
"is delivered to a list."
24032
msgstr ""
24033
24034
#: serverguide/C/mail.xml:1030(para)
24035
msgid ""
24036
"Associate the domain lists.example.com to the Mailman transport with the "
24037
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
24038
msgstr ""
24039
24040
#: serverguide/C/mail.xml:1033(programlisting)
24041
#, no-wrap
24042
msgid ""
24043
"\n"
24044
"lists.example.com mailman:\n"
24045
msgstr ""
24046
24047
#: serverguide/C/mail.xml:1036(para)
24048
msgid ""
24049
"Now have <application>Postfix</application> build the transport map by "
24050
"entering the following from a terminal prompt:"
24051
msgstr ""
24052
24053
#: serverguide/C/mail.xml:1040(command)
24054
msgid "sudo postmap -v /etc/postfix/transport"
24055
msgstr ""
24056
24057
#: serverguide/C/mail.xml:1042(para)
24058
msgid "Then restart Postfix to enable the new configurations:"
24059
msgstr ""
24060
24061
#: serverguide/C/mail.xml:1051(para)
24062
msgid ""
24063
"Once Exim4 is installed, you can start the Exim server using the following "
24064
"command from a terminal prompt:"
24065
msgstr ""
24066
24067
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
24068
msgid "Main"
24069
msgstr ""
24070
24071
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
24072
msgid "Transport"
24073
msgstr ""
24074
24075
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
24076
msgid "Router"
24077
msgstr ""
24078
24079
#: serverguide/C/mail.xml:1058(para)
24080
msgid ""
24081
"In order to make mailman work with Exim4, you need to configure Exim4. As "
24082
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
24083
"different types. For details, please refer to the <ulink "
24084
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
24085
"add new a configuration file to the following configuration types: "
24086
"<placeholder-1/> Exim creates a master configuration file by sorting all "
24087
"these mini configuration files. So, the order of these configuration files "
24088
"is very important."
24089
msgstr ""
24090
24091
#: serverguide/C/mail.xml:1089(programlisting)
24092
#, no-wrap
24093
msgid ""
24094
"\n"
24095
"# start\n"
24096
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
24097
"# directory.\n"
24098
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
24099
"# This is normally the same as ~mailman\n"
24100
"MM_HOME=/var/lib/mailman\n"
24101
"#\n"
24102
"# User and group for Mailman, should match your --with-mail-gid\n"
24103
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
24104
"MM_UID=list\n"
24105
"MM_GID=list\n"
24106
"#\n"
24107
"# Domains that your lists are in - colon separated list\n"
24108
"# you may wish to add these into local_domains as well\n"
24109
"domainlist mm_domains=hostname.com\n"
24110
"#\n"
24111
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
24112
"#\n"
24113
"# These values are derived from the ones above and should not need\n"
24114
"# editing unless you have munged your mailman installation\n"
24115
"#\n"
24116
"# The path of the Mailman mail wrapper script\n"
24117
"MM_WRAP=MM_HOME/mail/mailman\n"
24118
"#\n"
24119
"# The path of the list config file (used as a required file when\n"
24120
"# verifying list addresses)\n"
24121
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
24122
"# end\n"
24123
msgstr ""
24124
24125
#: serverguide/C/mail.xml:1083(para)
24126
msgid ""
24127
"All the configuration files belonging to the main type are stored in the "
24128
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
24129
"following content to a new file, named <filename>04_exim4-"
24130
"config_mailman</filename>: <placeholder-1/>"
24131
msgstr ""
24132
24133
#: serverguide/C/mail.xml:1129(programlisting)
24134
#, no-wrap
24135
msgid ""
24136
"\n"
24137
" mailman_transport:\n"
24138
" driver = pipe\n"
24139
" command = MM_WRAP \\\n"
24140
" '${if def:local_part_suffix \\\n"
24141
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
24142
"\\\n"
24143
" {post}}' \\\n"
24144
" $local_part\n"
24145
" current_directory = MM_HOME\n"
24146
" home_directory = MM_HOME\n"
24147
" user = MM_UID\n"
24148
" group = MM_GID\n"
24149
msgstr ""
24150
24151
#: serverguide/C/mail.xml:1123(para)
24152
msgid ""
24153
"All the configuration files belonging to transport type are stored in the "
24154
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
24155
"following content to a new file named <filename> 40_exim4-"
24156
"config_mailman</filename>: <placeholder-1/>"
24157
msgstr ""
24158
24159
#: serverguide/C/mail.xml:1150(programlisting)
24160
#, no-wrap
24161
msgid ""
24162
"\n"
24163
" mailman_router:\n"
24164
" driver = accept\n"
24165
" require_files = MM_HOME/lists/$local_part/config.pck\n"
24166
" local_part_suffix_optional\n"
24167
" local_part_suffix = -bounces : -bounces+* : \\\n"
24168
" -confirm+* : -join : -leave : \\\n"
24169
" -owner : -request : -admin\n"
24170
" transport = mailman_transport\n"
24171
msgstr ""
24172
24173
#: serverguide/C/mail.xml:1146(para)
24174
msgid ""
24175
"All the configuration files belonging to router type are stored in the "
24176
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
24177
"following content in to a new file named <filename>101_exim4-"
24178
"config_mailman</filename>: <placeholder-1/>"
24179
msgstr ""
24180
24181
#: serverguide/C/mail.xml:1163(para)
24182
msgid ""
24183
"The order of main and transport configuration files can be in any order. "
24184
"But, the order of router configuration files must be the same. This "
24185
"particular file must appear before the <application>200_exim4-"
24186
"config_primary</application> file. These two configuration files contain "
24187
"same type of information. The first file takes the precedence. For more "
24188
"details, please refer to the references section."
24189
msgstr ""
24190
24191
#: serverguide/C/mail.xml:1176(para)
24192
msgid ""
24193
"Once mailman is installed, you can run it using the following command:"
24194
msgstr ""
24195
24196
#: serverguide/C/mail.xml:1180(command)
24197
msgid "sudo systemctl start mailman.service"
24198
msgstr ""
24199
24200
#: serverguide/C/mail.xml:1182(para)
24201
msgid ""
24202
"Once mailman is installed, you should create the default mailing list. Run "
24203
"the following command to create the mailing list:"
24204
msgstr ""
24205
24206
#: serverguide/C/mail.xml:1188(command)
24207
msgid "sudo /usr/sbin/newlist mailman"
24208
msgstr ""
24209
24210
#: serverguide/C/mail.xml:1191(programlisting)
24211
#, no-wrap
24212
msgid ""
24213
"\n"
24214
" Enter the email address of the person running the list: bhuvan at "
24215
"ubuntu.com\n"
24216
" Initial mailman password:\n"
24217
" To finish creating your mailing list, you must edit your "
24218
"<filename>/etc/aliases</filename> (or\n"
24219
" equivalent) file by adding the following lines, and possibly running the\n"
24220
" `newaliases' program:\n"
24221
"\n"
24222
" ## mailman mailing list\n"
24223
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
24224
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
24225
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
24226
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
24227
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
24228
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
24229
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
24230
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
24231
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
24232
"mailman\"\n"
24233
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
24234
"mailman\"\n"
24235
"\n"
24236
" Hit enter to notify mailman owner...\n"
24237
"\n"
24238
" # \n"
24239
msgstr ""
24240
24241
#: serverguide/C/mail.xml:1214(para)
24242
msgid ""
24243
"We have configured either Postfix or Exim4 to recognize all emails from "
24244
"mailman. So, it is not mandatory to make any new entries in "
24245
"<filename>/etc/aliases</filename>. If you have made any changes to the "
24246
"configuration files, please ensure that you restart those services before "
24247
"continuing to next section."
24248
msgstr ""
24249
24250
#: serverguide/C/mail.xml:1222(para)
24251
msgid ""
24252
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
24253
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
24254
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
24255
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
24256
msgstr ""
24257
24258
#: serverguide/C/mail.xml:1233(title)
24259
msgid "Administration"
24260
msgstr ""
24261
24262
#: serverguide/C/mail.xml:1234(para)
24263
msgid ""
24264
"We assume you have a default installation. The mailman cgi scripts are still "
24265
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
24266
"Mailman provides a web based administration facility. To access this page, "
24267
"point your browser to the following url:"
24268
msgstr ""
24269
24270
#: serverguide/C/mail.xml:1242(para)
24271
msgid "http://hostname/cgi-bin/mailman/admin"
24272
msgstr ""
24273
24274
#: serverguide/C/mail.xml:1246(para)
24275
msgid ""
24276
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
24277
"screen. If you click the mailing list name, it will ask for your "
24278
"authentication password. If you enter the correct password, you will be able "
24279
"to change administrative settings of this mailing list. You can create a new "
24280
"mailing list using the command line utility "
24281
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
24282
"mailing list using the web interface."
24283
msgstr ""
24284
24285
#: serverguide/C/mail.xml:1259(title)
24286
msgid "Users"
24287
msgstr ""
24288
24289
#: serverguide/C/mail.xml:1260(para)
24290
msgid ""
24291
"Mailman provides a web based interface for users. To access this page, point "
24292
"your browser to the following url:"
24293
msgstr ""
24294
24295
#: serverguide/C/mail.xml:1265(para)
24296
msgid "http://hostname/cgi-bin/mailman/listinfo"
24297
msgstr ""
24298
24299
#: serverguide/C/mail.xml:1269(para)
24300
msgid ""
24301
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
24302
"screen. If you click the mailing list name, it will display the subscription "
24303
"form. You can enter your email address, name (optional), and password to "
24304
"subscribe. An email invitation will be sent to you. You can follow the "
24305
"instructions in the email to subscribe."
24306
msgstr ""
24307
24308
#: serverguide/C/mail.xml:1281(ulink)
24309
msgid "GNU Mailman - Installation Manual"
24310
msgstr ""
24311
24312
#: serverguide/C/mail.xml:1285(ulink)
24313
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
24314
msgstr ""
24315
24316
#: serverguide/C/mail.xml:1288(para)
24317
msgid ""
24318
"Also, see the <ulink "
24319
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
24320
"Wiki</ulink> page."
24321
msgstr ""
24322
24323
#: serverguide/C/mail.xml:1294(title)
24324
msgid "Mail Filtering"
24325
msgstr ""
24326
24327
#: serverguide/C/mail.xml:1295(para)
24328
msgid ""
24329
"One of the largest issues with email today is the problem of Unsolicited "
24330
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
24331
"and other forms of malware. According to some reports these messages make up "
24332
"the bulk of all email traffic on the Internet."
24333
msgstr ""
24334
24335
#: serverguide/C/mail.xml:1300(para)
24336
msgid ""
24337
"This section will cover integrating <application>Amavisd-new</application>, "
24338
"<application>Spamassassin</application>, and "
24339
"<application>ClamAV</application> with the "
24340
"<application>Postfix</application> Mail Transport Agent (MTA). "
24341
"<application>Postfix</application> can also check email validity by passing "
24342
"it through external content filters. These filters can sometimes determine "
24343
"if a message is spam without needing to process it with more resource "
24344
"intensive applications. Two common filters are "
24345
"<application>opendkim</application> and <application>python-policyd-"
24346
"spf</application>."
24347
msgstr ""
24348
24349
#: serverguide/C/mail.xml:1310(para)
24350
msgid ""
24351
"<application>Amavisd-new</application> is a wrapper program that can call "
24352
"any number of content filtering programs for spam detection, antivirus, etc."
24353
msgstr ""
24354
24355
#: serverguide/C/mail.xml:1316(para)
24356
msgid ""
24357
"<application>Spamassassin</application> uses a variety of mechanisms to "
24358
"filter email based on the message content."
24359
msgstr ""
24360
24361
#: serverguide/C/mail.xml:1321(para)
24362
msgid ""
24363
"<application>ClamAV</application> is an open source antivirus application."
24364
msgstr ""
24365
24366
#: serverguide/C/mail.xml:1326(para)
24367
msgid ""
24368
"<application>opendkim</application> implements a Sendmail Mail Filter "
24369
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
24370
msgstr ""
24371
24372
#: serverguide/C/mail.xml:1332(para)
24373
msgid ""
24374
"<application>python-policyd-spf</application> enables Sender Policy "
24375
"Framework (SPF) checking with <application>Postfix</application>."
24376
msgstr ""
24377
24378
#: serverguide/C/mail.xml:1337(para)
24379
msgid "This is how the pieces fit together:"
24380
msgstr ""
24381
24382
#: serverguide/C/mail.xml:1342(para)
24383
msgid "An email message is accepted by <application>Postfix</application>."
24384
msgstr ""
24385
24386
#: serverguide/C/mail.xml:1347(para)
24387
msgid ""
24388
"The message is passed through any external filters "
24389
"<application>opendkim</application> and <application>python-policyd-"
24390
"spf</application> in this case."
24391
msgstr ""
24392
24393
#: serverguide/C/mail.xml:1353(para)
24394
msgid "<application>Amavisd-new</application> then processes the message."
24395
msgstr ""
24396
24397
#: serverguide/C/mail.xml:1358(para)
24398
msgid ""
24399
"<application>ClamAV</application> is used to scan the message. If the "
24400
"message contains a virus <application>Postfix</application> will reject the "
24401
"message."
24402
msgstr ""
24403
24404
#: serverguide/C/mail.xml:1364(para)
24405
msgid ""
24406
"Clean messages will then be analyzed by "
24407
"<application>Spamassassin</application> to find out if the message is spam. "
24408
"<application>Spamassassin</application> will then add X-Header lines "
24409
"allowing <application>Amavisd-new</application> to further manipulate the "
24410
"message."
24411
msgstr ""
24412
24413
#: serverguide/C/mail.xml:1371(para)
24414
msgid ""
24415
"For example, if a message has a Spam score of over fifty the message could "
24416
"be automatically dropped from the queue without the recipient ever having to "
24417
"be bothered. Another, way to handle flagged messages is to deliver them to "
24418
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
24419
"see fit."
24420
msgstr ""
24421
24422
#: serverguide/C/mail.xml:1378(para)
24423
msgid ""
24424
"See <xref linkend=\"postfix\"/> for instructions on installing and "
24425
"configuring Postfix."
24426
msgstr ""
24427
24428
#: serverguide/C/mail.xml:1381(para)
24429
msgid ""
24430
"To install the rest of the applications enter the following from a terminal "
24431
"prompt:"
24432
msgstr ""
24433
24434
#: serverguide/C/mail.xml:1385(command)
24435
msgid "sudo apt install amavisd-new spamassassin clamav-daemon"
24436
msgstr ""
24437
24438
#: serverguide/C/mail.xml:1386(command)
24439
msgid "sudo apt install opendkim postfix-policyd-spf-python"
24440
msgstr ""
24441
24442
#: serverguide/C/mail.xml:1388(para)
24443
msgid ""
24444
"There are some optional packages that integrate with "
24445
"<application>Spamassassin</application> for better spam detection:"
24446
msgstr ""
24447
24448
#: serverguide/C/mail.xml:1392(command)
24449
msgid "sudo apt install pyzor razor"
24450
msgstr ""
24451
24452
#: serverguide/C/mail.xml:1394(para)
24453
msgid ""
24454
"Along with the main filtering applications compression utilities are needed "
24455
"to process some email attachments:"
24456
msgstr ""
24457
24458
#: serverguide/C/mail.xml:1398(command)
24459
msgid ""
24460
"sudo apt install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
24461
msgstr ""
24462
24463
#: serverguide/C/mail.xml:1401(para)
24464
msgid ""
24465
"If some packages are not found, check that the "
24466
"<emphasis>multiverse</emphasis> repository is enabled in "
24467
"<filename>/etc/apt/sources.list</filename>"
24468
msgstr ""
24469
24470
#: serverguide/C/mail.xml:1402(para)
24471
msgid ""
24472
"If you make changes to the file, be sure to run <command>sudo apt "
24473
"update</command> before trying to install again."
24474
msgstr ""
24475
24476
#: serverguide/C/mail.xml:1407(para)
24477
msgid "Now configure everything to work together and filter email."
24478
msgstr ""
24479
24480
#: serverguide/C/mail.xml:1411(title)
24481
msgid "ClamAV"
24482
msgstr ""
24483
24484
#: serverguide/C/mail.xml:1412(para)
24485
msgid ""
24486
"The default behaviour of <application>ClamAV</application> will fit our "
24487
"needs. For more ClamAV configuration options, check the configuration files "
24488
"in <filename>/etc/clamav</filename>."
24489
msgstr ""
24490
24491
#: serverguide/C/mail.xml:1417(para)
24492
msgid ""
24493
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
24494
"group in order for <application>Amavisd-new</application> to have the "
24495
"appropriate access to scan files:"
24496
msgstr ""
24497
24498
#: serverguide/C/mail.xml:1422(command)
24499
msgid "sudo adduser clamav amavis"
24500
msgstr ""
24501
24502
#: serverguide/C/mail.xml:1423(command)
24503
msgid "sudo adduser amavis clamav"
24504
msgstr ""
24505
24506
#: serverguide/C/mail.xml:1427(title)
24507
msgid "Spamassassin"
24508
msgstr ""
24509
24510
#: serverguide/C/mail.xml:1428(para)
24511
msgid ""
24512
"Spamassassin automatically detects optional components and will use them if "
24513
"they are present. This means that there is no need to configure "
24514
"<application>pyzor</application> and <application>razor</application>."
24515
msgstr ""
24516
24517
#: serverguide/C/mail.xml:1432(para)
24518
msgid ""
24519
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
24520
"<application>Spamassassin</application> daemon. Change "
24521
"<emphasis>ENABLED=0</emphasis> to:"
24522
msgstr ""
24523
24524
#: serverguide/C/mail.xml:1436(programlisting)
24525
#, no-wrap
24526
msgid ""
24527
"\n"
24528
"ENABLED=1\n"
24529
msgstr ""
24530
24531
#: serverguide/C/mail.xml:1439(para)
24532
msgid "Now start the daemon:"
24533
msgstr ""
24534
24535
#: serverguide/C/mail.xml:1443(command)
24536
msgid "sudo systemctl start spamassassin.service"
24537
msgstr ""
24538
24539
#: serverguide/C/mail.xml:1447(title)
24540
msgid "Amavisd-new"
24541
msgstr ""
24542
24543
#: serverguide/C/mail.xml:1448(para)
24544
msgid ""
24545
"First activate spam and antivirus detection in <application>Amavisd-"
24546
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
24547
"content_filter_mode</filename>:"
24548
msgstr ""
24549
24550
#: serverguide/C/mail.xml:1452(programlisting)
24551
#, no-wrap
24552
msgid ""
24553
"\n"
24554
"use strict;\n"
24555
"\n"
24556
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
24557
"# and to re-enable antivirus checking.\n"
24558
"\n"
24559
"#\n"
24560
"# Default antivirus checking mode\n"
24561
"# Uncomment the two lines below to enable it\n"
24562
"#\n"
24563
"\n"
24564
"@bypass_virus_checks_maps = (\n"
24565
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
24566
"$bypass_virus_checks_re);\n"
24567
"\n"
24568
"\n"
24569
"#\n"
24570
"# Default SPAM checking mode\n"
24571
"# Uncomment the two lines below to enable it\n"
24572
"#\n"
24573
"\n"
24574
"@bypass_spam_checks_maps = (\n"
24575
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
24576
"$bypass_spam_checks_re);\n"
24577
"\n"
24578
"1; # insure a defined return\n"
24579
msgstr ""
24580
24581
#: serverguide/C/mail.xml:1477(para)
24582
msgid ""
24583
"Bouncing spam can be a bad idea as the return address is often faked. The "
24584
"default behaviour is to instead discard. This is configured in "
24585
"<filename>/etc/amavis/conf.d/20-debian_defaults</filename> where "
24586
"<emphasis>$final_spam_destiny</emphasis> is set to D_DISCARD rather than "
24587
"D_BOUNCE."
24588
msgstr ""
24589
24590
#: serverguide/C/mail.xml:1483(para)
24591
msgid ""
24592
"Additionally, you may want to adjust the following options to flag more "
24593
"messages as spam:"
24594
msgstr ""
24595
24596
#: serverguide/C/mail.xml:1487(programlisting)
24597
#, no-wrap
24598
msgid ""
24599
"\n"
24600
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
24601
"level\n"
24602
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
24603
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
24604
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
24605
msgstr ""
24606
24607
#: serverguide/C/mail.xml:1494(para)
24608
msgid ""
24609
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
24610
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
24611
"option. Also, if the server receives mail for multiple domains the "
24612
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
24613
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
24614
msgstr ""
24615
24616
#: serverguide/C/mail.xml:1501(programlisting)
24617
#, no-wrap
24618
msgid ""
24619
"\n"
24620
"$myhostname = 'mail.example.com';\n"
24621
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
24622
msgstr ""
24623
24624
#: serverguide/C/mail.xml:1506(para)
24625
msgid ""
24626
"If you want to cover multiple domains you can use the following in "
24627
"the<filename>/etc/amavis/conf.d/50-user</filename>"
24628
msgstr ""
24629
24630
#: serverguide/C/mail.xml:1509(programlisting)
24631
#, no-wrap
24632
msgid ""
24633
"\n"
24634
"@local_domains_acl = qw(.);\n"
24635
msgstr ""
24636
24637
#: serverguide/C/mail.xml:1513(para)
24638
msgid ""
24639
"After configuration <application>Amavisd-new</application> needs to be "
24640
"restarted:"
24641
msgstr ""
24642
24643
#: serverguide/C/mail.xml:1517(command) serverguide/C/mail.xml:1564(command)
24644
msgid "sudo systemctl restart amavis.service"
24645
msgstr ""
24646
24647
#: serverguide/C/mail.xml:1520(title)
24648
msgid "DKIM Whitelist"
24649
msgstr ""
24650
24651
#: serverguide/C/mail.xml:1522(para)
24652
msgid ""
24653
"<application>Amavisd-new</application> can be configured to automatically "
24654
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
24655
"Keys. There are some pre-configured domains in the "
24656
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
24657
msgstr ""
24658
24659
#: serverguide/C/mail.xml:1528(para)
24660
msgid "There are multiple ways to configure the Whitelist for a domain:"
24661
msgstr ""
24662
24663
#: serverguide/C/mail.xml:1534(para)
24664
msgid ""
24665
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
24666
"address from the \"example.com\" domain."
24667
msgstr ""
24668
24669
#: serverguide/C/mail.xml:1539(para)
24670
msgid ""
24671
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
24672
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
24673
"have a valid signature."
24674
msgstr ""
24675
24676
#: serverguide/C/mail.xml:1545(para)
24677
msgid ""
24678
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
24679
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
24680
"role=\"italic\">example.com</emphasis> the parent domain."
24681
msgstr ""
24682
24683
#: serverguide/C/mail.xml:1551(para)
24684
msgid ""
24685
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
24686
"that have a valid signature from \"example.com\". This is usually used for "
24687
"discussion groups that sign their messages."
24688
msgstr ""
24689
24690
#: serverguide/C/mail.xml:1558(para)
24691
msgid ""
24692
"A domain can also have multiple Whitelist configurations. After editing the "
24693
"file, restart <application>amavisd-new</application>:"
24694
msgstr ""
24695
24696
#: serverguide/C/mail.xml:1568(para)
24697
msgid ""
24698
"In this context, once a domain has been added to the Whitelist the message "
24699
"will not receive any anti-virus or spam filtering. This may or may not be "
24700
"the intended behavior you wish for a domain."
24701
msgstr ""
24702
24703
#: serverguide/C/mail.xml:1578(para)
24704
msgid ""
24705
"For <application>Postfix</application> integration, enter the following from "
24706
"a terminal prompt:"
24707
msgstr ""
24708
24709
#: serverguide/C/mail.xml:1582(command)
24710
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
24711
msgstr ""
24712
24713
#: serverguide/C/mail.xml:1584(para)
24714
msgid ""
24715
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
24716
"to the end of the file:"
24717
msgstr ""
24718
24719
#: serverguide/C/mail.xml:1587(programlisting)
24720
#, no-wrap
24721
msgid ""
24722
"\n"
24723
"smtp-amavis unix - - - - 2 smtp\n"
24724
" -o smtp_data_done_timeout=1200\n"
24725
" -o smtp_send_xforward_command=yes\n"
24726
" -o disable_dns_lookups=yes\n"
24727
" -o max_use=20\n"
24728
"\n"
24729
"127.0.0.1:10025 inet n - - - - smtpd\n"
24730
" -o content_filter=\n"
24731
" -o local_recipient_maps=\n"
24732
" -o relay_recipient_maps=\n"
24733
" -o smtpd_restriction_classes=\n"
24734
" -o smtpd_delay_reject=no\n"
24735
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
24736
" -o smtpd_helo_restrictions=\n"
24737
" -o smtpd_sender_restrictions=\n"
24738
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
24739
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
24740
" -o smtpd_end_of_data_restrictions=\n"
24741
" -o mynetworks=127.0.0.0/8\n"
24742
" -o smtpd_error_sleep_time=0\n"
24743
" -o smtpd_soft_error_limit=1001\n"
24744
" -o smtpd_hard_error_limit=1000\n"
24745
" -o smtpd_client_connection_count_limit=0\n"
24746
" -o smtpd_client_connection_rate_limit=0\n"
24747
" -o "
24748
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no"
24749
"_milters\n"
24750
msgstr ""
24751
24752
#: serverguide/C/mail.xml:1614(para)
24753
msgid ""
24754
"Also add the following two lines immediately below the "
24755
"<emphasis>\"pickup\"</emphasis> transport service:"
24756
msgstr ""
24757
24758
#: serverguide/C/mail.xml:1617(programlisting)
24759
#, no-wrap
24760
msgid ""
24761
"\n"
24762
" -o content_filter=\n"
24763
" -o receive_override_options=no_header_body_checks\n"
24764
msgstr ""
24765
24766
#: serverguide/C/mail.xml:1621(para)
24767
msgid ""
24768
"This will prevent messages that are generated to report on spam from being "
24769
"classified as spam."
24770
msgstr ""
24771
24772
#: serverguide/C/mail.xml:1624(para)
24773
msgid "Now restart <application>Postfix</application>:"
24774
msgstr ""
24775
24776
#: serverguide/C/mail.xml:1630(para)
24777
msgid "Content filtering with spam and virus detection is now enabled."
24778
msgstr ""
24779
24780
#: serverguide/C/mail.xml:1636(title)
24781
msgid "Amavisd-new and Spamassassin"
24782
msgstr ""
24783
24784
#: serverguide/C/mail.xml:1638(para)
24785
msgid ""
24786
"When integrating <application>Amavisd-new</application> with "
24787
"<application>Spamassassin</application>, if you choose to disable the bayes "
24788
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
24789
"<application>cron</application> to update the nightly rules, the result can "
24790
"cause a situation where a large amount of error messages are sent to the "
24791
"<emphasis>amavis</emphasis> user via the amavisd-new "
24792
"<application>cron</application> job."
24793
msgstr ""
24794
24795
#: serverguide/C/mail.xml:1645(para)
24796
msgid "There are several ways to handle this situation:"
24797
msgstr ""
24798
24799
#: serverguide/C/mail.xml:1651(para)
24800
msgid "Configure your MDA to filter messages you do not wish to see."
24801
msgstr ""
24802
24803
#: serverguide/C/mail.xml:1656(para)
24804
msgid ""
24805
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
24806
"<emphasis>use_bayes 0</emphasis>. For example, edit "
24807
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
24808
"the top before the <emphasis>test</emphasis> statements:"
24809
msgstr ""
24810
24811
#: serverguide/C/mail.xml:1660(programlisting)
24812
#, no-wrap
24813
msgid ""
24814
"\n"
24815
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
24816
"exit 0\n"
24817
msgstr ""
24818
24819
#: serverguide/C/mail.xml:1670(para)
24820
msgid ""
24821
"First, test that the <application>Amavisd-new</application> SMTP is "
24822
"listening:"
24823
msgstr ""
24824
24825
#: serverguide/C/mail.xml:1673(programlisting)
24826
#, no-wrap
24827
msgid ""
24828
"\n"
24829
"telnet localhost 10024\n"
24830
"Trying 127.0.0.1...\n"
24831
"Connected to localhost.\n"
24832
"Escape character is '^]'.\n"
24833
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
24834
"^]\n"
24835
msgstr ""
24836
24837
#: serverguide/C/mail.xml:1681(para)
24838
msgid ""
24839
"In the Header of messages that go through the content filter you should see:"
24840
msgstr ""
24841
24842
#: serverguide/C/mail.xml:1684(programlisting)
24843
#, no-wrap
24844
msgid ""
24845
"\n"
24846
"X-Spam-Level: \n"
24847
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
24848
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
24849
"BAYES_00\n"
24850
"X-Spam-Level: \n"
24851
msgstr ""
24852
24853
#: serverguide/C/mail.xml:1691(para)
24854
msgid ""
24855
"Your output will vary, but the important thing is that there are <emphasis>X-"
24856
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
24857
msgstr ""
24858
24859
#: serverguide/C/mail.xml:1699(para)
24860
msgid ""
24861
"The best way to figure out why something is going wrong is to check the log "
24862
"files."
24863
msgstr ""
24864
24865
#: serverguide/C/mail.xml:1704(para)
24866
msgid ""
24867
"For instructions on <application>Postfix</application> logging see the <xref "
24868
"linkend=\"postfix-troubleshooting\"/> section."
24869
msgstr ""
24870
24871
#: serverguide/C/mail.xml:1710(para)
24872
msgid ""
24873
"<application>Amavisd-new</application> uses "
24874
"<application>Syslog</application> to send messages to "
24875
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
24876
"increased by adding the <emphasis>$log_level</emphasis> option to "
24877
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
24878
"1 to 5."
24879
msgstr ""
24880
24881
#: serverguide/C/mail.xml:1715(programlisting)
24882
#, no-wrap
24883
msgid ""
24884
"\n"
24885
"$log_level = 2;\n"
24886
msgstr ""
24887
24888
#: serverguide/C/mail.xml:1719(para)
24889
msgid ""
24890
"When the <application>Amavisd-new</application> log output is increased "
24891
"<application>Spamassassin</application> log output is also increased."
24892
msgstr ""
24893
24894
#: serverguide/C/mail.xml:1726(para)
24895
msgid ""
24896
"The <application>ClamAV</application> log level can be increased by editing "
24897
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
24898
msgstr ""
24899
24900
#: serverguide/C/mail.xml:1730(programlisting)
24901
#, no-wrap
24902
msgid ""
24903
"\n"
24904
"LogVerbose true\n"
24905
msgstr ""
24906
24907
#: serverguide/C/mail.xml:1733(para)
24908
msgid ""
24909
"By default <application>ClamAV</application> will send log messages to "
24910
"<filename>/var/log/clamav/clamav.log</filename>."
24911
msgstr ""
24912
24913
#: serverguide/C/mail.xml:1739(para)
24914
msgid ""
24915
"After changing an applications log settings remember to restart the service "
24916
"for the new settings to take affect. Also, once the issue you are "
24917
"troubleshooting is resolved it is a good idea to change the log settings "
24918
"back to normal."
24919
msgstr ""
24920
24921
#: serverguide/C/mail.xml:1747(para)
24922
msgid "For more information on filtering mail see the following links:"
24923
msgstr ""
24924
24925
#: serverguide/C/mail.xml:1753(ulink)
24926
msgid "Amavisd-new Documentation"
24927
msgstr ""
24928
24929
#: serverguide/C/mail.xml:1757(para)
24930
msgid ""
24931
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
24932
"Documentation</ulink> and <ulink "
24933
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
24934
msgstr ""
24935
24936
#: serverguide/C/mail.xml:1764(ulink)
24937
msgid "Spamassassin Wiki"
24938
msgstr ""
24939
24940
#: serverguide/C/mail.xml:1769(ulink)
24941
msgid "Pyzor Homepage"
24942
msgstr ""
24943
24944
#: serverguide/C/mail.xml:1774(ulink)
24945
msgid "Razor Homepage"
24946
msgstr ""
24947
24948
#: serverguide/C/mail.xml:1779(ulink)
24949
msgid "DKIM.org"
24950
msgstr ""
24951
24952
#: serverguide/C/mail.xml:1784(ulink)
24953
msgid "Postfix Amavis New"
24954
msgstr ""
24955
24956
#: serverguide/C/mail.xml:1788(para)
24957
msgid ""
24958
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
24959
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
24960
msgstr ""
24961
24962
#: serverguide/C/lamp-applications.xml:11(title)
24963
msgid "LAMP Applications"
24964
msgstr ""
24965
24966
#: serverguide/C/lamp-applications.xml:17(para)
24967
msgid ""
24968
"LAMP installations (Linux + Apache + MySQL + PHP/Perl/Python) are a popular "
24969
"setup for Ubuntu servers. There is a plethora of Open Source applications "
24970
"written using the LAMP application stack. Some popular LAMP applications are "
24971
"Wiki's, Content Management Systems, and Management Software such as "
24972
"phpMyAdmin."
24973
msgstr ""
24974
24975
#: serverguide/C/lamp-applications.xml:24(para)
24976
msgid ""
24977
"One advantage of LAMP is the substantial flexibility for different database, "
24978
"web server, and scripting languages. Popular substitutes for MySQL include "
24979
"PostgreSQL and SQLite. Python, Perl, and Ruby are also frequently used "
24980
"instead of PHP. While Nginx, Cherokee and Lighttpd can replace Apache."
24981
msgstr ""
24982
24983
#: serverguide/C/lamp-applications.xml:30(para)
24984
msgid ""
24985
"The fastest way to get started is to install LAMP using "
24986
"<application>tasksel</application>. Tasksel is a Debian/Ubuntu tool that "
24987
"installs multiple related packages as a co-ordinated \"task\" onto your "
24988
"system. To install a LAMP server:"
24989
msgstr ""
24990
24991
#: serverguide/C/lamp-applications.xml:41(command)
24992
msgid "sudo tasksel install lamp-server"
24993
msgstr ""
24994
24995
#: serverguide/C/lamp-applications.xml:46(para)
24996
msgid ""
24997
"After installing it you'll be able to install most <emphasis>LAMP</emphasis> "
24998
"applications in this way:"
24999
msgstr ""
25000
25001
#: serverguide/C/lamp-applications.xml:52(para)
25002
msgid "Download an archive containing the application source files."
25003
msgstr ""
25004
25005
#: serverguide/C/lamp-applications.xml:57(para)
25006
msgid ""
25007
"Unpack the archive, usually in a directory accessible to a web server."
25008
msgstr ""
25009
25010
#: serverguide/C/lamp-applications.xml:62(para)
25011
msgid ""
25012
"Depending on where the source was extracted, configure a web server to serve "
25013
"the files."
25014
msgstr ""
25015
25016
#: serverguide/C/lamp-applications.xml:67(para)
25017
msgid "Configure the application to connect to the database."
25018
msgstr ""
25019
25020
#: serverguide/C/lamp-applications.xml:72(para)
25021
msgid ""
25022
"Run a script, or browse to a page of the application, to install the "
25023
"database needed by the application."
25024
msgstr ""
25025
25026
#: serverguide/C/lamp-applications.xml:77(para)
25027
msgid ""
25028
"Once the steps above, or similar steps, are completed you are ready to begin "
25029
"using the application."
25030
msgstr ""
25031
25032
#: serverguide/C/lamp-applications.xml:83(para)
25033
msgid ""
25034
"A disadvantage of using this approach is that the application files are not "
25035
"placed in the file system in a standard way, which can cause confusion as to "
25036
"where the application is installed. Another larger disadvantage is updating "
25037
"the application. When a new version is released, the same process used to "
25038
"install the application is needed to apply updates."
25039
msgstr ""
25040
25041
#: serverguide/C/lamp-applications.xml:90(para)
25042
msgid ""
25043
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
25044
"packaged for Ubuntu, and are available for installation in the same way as "
25045
"non-LAMP applications. Depending on the application some extra configuration "
25046
"and setup steps may be needed, however."
25047
msgstr ""
25048
25049
#: serverguide/C/lamp-applications.xml:96(para)
25050
msgid ""
25051
"This section covers how to install some <emphasis>LAMP</emphasis> "
25052
"applications."
25053
msgstr ""
25054
25055
#: serverguide/C/lamp-applications.xml:102(title)
25056
msgid "Moin Moin"
25057
msgstr "Moin Moin"
25058
25059
#: serverguide/C/lamp-applications.xml:104(para)
25060
msgid ""
25061
"MoinMoin is a wiki engine implemented in Python, based on the PikiPiki Wiki "
25062
"engine, and licensed under the GNU GPL."
25063
msgstr ""
25064
25065
#: serverguide/C/lamp-applications.xml:112(para)
25066
msgid ""
25067
"To install <application>MoinMoin</application>, run the following command in "
25068
"the command prompt:"
25069
msgstr ""
25070
"คุณสามารถติดตั้งโปรแกรม <application>MoinMoin</application> "
25071
"ได้โดยพิมพ์คำสั่ง:"
25072
25073
#: serverguide/C/lamp-applications.xml:118(command)
25074
msgid "sudo apt install python-moinmoin"
25075
msgstr ""
25076
25077
#: serverguide/C/lamp-applications.xml:121(para)
25078
msgid ""
25079
"You should also install <application>apache2</application> web server. For "
25080
"installing the <application>apache2</application> web server, please refer "
25081
"to <xref linkend=\"http-installation\"/> sub-section in <xref "
25082
"linkend=\"httpd\"/> section."
25083
msgstr ""
25084
25085
#: serverguide/C/lamp-applications.xml:132(para)
25086
msgid ""
25087
"To configure your first wiki application, please run the following set of "
25088
"commands. Let us assume that you are creating a wiki named "
25089
"<emphasis>mywiki</emphasis>:"
25090
msgstr ""
25091
25092
#: serverguide/C/lamp-applications.xml:139(command)
25093
msgid "cd /usr/share/moin"
25094
msgstr ""
25095
25096
#: serverguide/C/lamp-applications.xml:140(command)
25097
msgid "sudo mkdir mywiki"
25098
msgstr ""
25099
25100
#: serverguide/C/lamp-applications.xml:141(command)
25101
msgid "sudo cp -R data mywiki"
25102
msgstr ""
25103
25104
#: serverguide/C/lamp-applications.xml:142(command)
25105
msgid "sudo cp -R underlay mywiki"
25106
msgstr ""
25107
25108
#: serverguide/C/lamp-applications.xml:143(command)
25109
msgid "sudo cp server/moin.cgi mywiki"
25110
msgstr ""
25111
25112
#: serverguide/C/lamp-applications.xml:144(command)
25113
msgid "sudo chown -R www-data:www-data mywiki"
25114
msgstr ""
25115
25116
#: serverguide/C/lamp-applications.xml:145(command)
25117
msgid "sudo chmod -R ug+rwX mywiki"
25118
msgstr ""
25119
25120
#: serverguide/C/lamp-applications.xml:146(command)
25121
msgid "sudo chmod -R o-rwx mywiki"
25122
msgstr ""
25123
25124
#: serverguide/C/lamp-applications.xml:149(para)
25125
msgid ""
25126
"Now you should configure <application>MoinMoin</application> to find your "
25127
"new wiki <emphasis>mywiki</emphasis>. To configure "
25128
"<application>MoinMoin</application>, open "
25129
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
25130
msgstr ""
25131
25132
#: serverguide/C/lamp-applications.xml:157(programlisting)
25133
#, no-wrap
25134
msgid "data_dir = '/org/mywiki/data'"
25135
msgstr ""
25136
25137
#: serverguide/C/lamp-applications.xml:159(para)
25138
msgid "to"
25139
msgstr "เป็น"
25140
25141
#: serverguide/C/lamp-applications.xml:163(programlisting)
25142
#, no-wrap
25143
msgid "data_dir = '/usr/share/moin/mywiki/data'"
25144
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
25145
25146
#: serverguide/C/lamp-applications.xml:165(para)
25147
msgid ""
25148
"Also, below the <emphasis>data_dir</emphasis> option add the "
25149
"<emphasis>data_underlay_dir</emphasis>:"
25150
msgstr ""
25151
25152
#: serverguide/C/lamp-applications.xml:169(programlisting)
25153
#, no-wrap
25154
msgid ""
25155
"\n"
25156
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
25157
msgstr ""
25158
25159
#: serverguide/C/lamp-applications.xml:174(para)
25160
msgid ""
25161
"If the <filename>/etc/moin/mywiki.py</filename> file does not exist, you "
25162
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
25163
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
25164
"mentioned change."
25165
msgstr ""
25166
25167
#: serverguide/C/lamp-applications.xml:182(para)
25168
msgid ""
25169
"If you have named your wiki as <emphasis>my_wiki_name</emphasis> you should "
25170
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
25171
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
25172
"<quote>(\"mywiki\", r\".*\")</quote>."
25173
msgstr ""
25174
25175
#: serverguide/C/lamp-applications.xml:190(para)
25176
msgid ""
25177
"Once you have configured <application>MoinMoin</application> to find your "
25178
"first wiki application, <emphasis>mywiki</emphasis>, you should configure "
25179
"<application>apache2</application> and make it ready for your wiki."
25180
msgstr ""
25181
25182
#: serverguide/C/lamp-applications.xml:197(para)
25183
msgid ""
25184
"You should add the following lines in <filename>/etc/apache2/sites-"
25185
"available/000-default.conf</filename> file inside the <quote><VirtualHost "
25186
"*></quote> tag:"
25187
msgstr ""
25188
25189
#: serverguide/C/lamp-applications.xml:203(programlisting)
25190
#, no-wrap
25191
msgid ""
25192
"\n"
25193
"### moin\n"
25194
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
25195
" alias /moin_static<version> \"/usr/share/moin/htdocs\"\n"
25196
" <Directory /usr/share/moin/htdocs>\n"
25197
" Order allow,deny\n"
25198
" allow from all\n"
25199
" </Directory>\n"
25200
"### end moin\n"
25201
msgstr ""
25202
25203
#: serverguide/C/lamp-applications.xml:214(para)
25204
msgid "The version in the above example is determined by running:"
25205
msgstr ""
25206
25207
#: serverguide/C/lamp-applications.xml:218(programlisting)
25208
#, no-wrap
25209
msgid ""
25210
"\n"
25211
"$ moin --version\n"
25212
msgstr ""
25213
25214
#: serverguide/C/lamp-applications.xml:222(para)
25215
msgid "If the output shows version 1.9.7, your second line should be:"
25216
msgstr ""
25217
25218
#: serverguide/C/lamp-applications.xml:226(programlisting)
25219
#, no-wrap
25220
msgid ""
25221
"\n"
25222
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
25223
msgstr ""
25224
25225
#: serverguide/C/lamp-applications.xml:230(para)
25226
msgid ""
25227
"Once you configure the <application>apache2</application> web server and "
25228
"make it ready for your wiki application, you should restart it. You can run "
25229
"the following command to restart the <application>apache2</application> web "
25230
"server:"
25231
msgstr ""
25232
25233
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1540(title)
25234
msgid "Verification"
25235
msgstr "ยืนยันว่าใช้งานได้อย่างถูกต้อง"
25236
25237
#: serverguide/C/lamp-applications.xml:245(para)
25238
msgid ""
25239
"You can verify the Wiki application and see if it works by pointing your web "
25240
"browser to the following URL:"
25241
msgstr ""
25242
"คุณสามารถทดสอบดูว่าวิกิของคุณทำงานได้อย่างถูกต้องโดยเปิดเว็บเบราเซอร์ของคุณแล"
25243
"ะไปที่ที่อยู่:"
25244
25245
#: serverguide/C/lamp-applications.xml:249(programlisting)
25246
#, no-wrap
25247
msgid ""
25248
"\n"
25249
"http://localhost/mywiki\n"
25250
msgstr ""
25251
"\n"
25252
"http://localhost/mywiki\n"
25253
25254
#: serverguide/C/lamp-applications.xml:253(para)
25255
msgid ""
25256
"For more details, please refer to the <ulink "
25257
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
25258
msgstr ""
25259
25260
#: serverguide/C/lamp-applications.xml:264(para)
25261
msgid ""
25262
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
25263
"Wiki</ulink>."
25264
msgstr ""
25265
25266
#: serverguide/C/lamp-applications.xml:269(para)
25267
msgid ""
25268
"Also, see the <ulink "
25269
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
25270
"MoinMoin</ulink> page."
25271
msgstr ""
25272
25273
#: serverguide/C/lamp-applications.xml:278(title)
25274
msgid "phpMyAdmin"
25275
msgstr ""
25276
25277
#: serverguide/C/lamp-applications.xml:280(para)
25278
msgid ""
25279
"<application>phpMyAdmin</application> is a LAMP application specifically "
25280
"written for administering <application>MySQL</application> servers. Written "
25281
"in <application>PHP</application>, and accessed through a web browser, "
25282
"phpMyAdmin provides a graphical interface for database administration tasks."
25283
msgstr ""
25284
25285
#: serverguide/C/lamp-applications.xml:289(para)
25286
msgid ""
25287
"Before installing <application>phpMyAdmin</application> you will need access "
25288
"to a <application>MySQL</application> database either on the same host as "
25289
"that phpMyAdmin is installed on, or on a host accessible over the network. "
25290
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
25291
"enter:"
25292
msgstr ""
25293
25294
#: serverguide/C/lamp-applications.xml:296(command)
25295
msgid "sudo apt install phpmyadmin"
25296
msgstr ""
25297
25298
#: serverguide/C/lamp-applications.xml:299(para)
25299
msgid ""
25300
"At the prompt choose which web server to be configured for "
25301
"<application>phpMyAdmin</application>. The rest of this section will use "
25302
"<application>Apache2</application> for the web server."
25303
msgstr ""
25304
25305
#: serverguide/C/lamp-applications.xml:304(para)
25306
msgid ""
25307
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
25308
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
25309
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
25310
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
25311
"user, if you have any setup, and enter the <application>MySQL</application> "
25312
"user's password."
25313
msgstr ""
25314
25315
#: serverguide/C/lamp-applications.xml:311(para)
25316
msgid ""
25317
"Once logged in you can reset the <emphasis>root</emphasis> password if "
25318
"needed, create users, create/destroy databases and tables, etc."
25319
msgstr ""
25320
25321
#: serverguide/C/lamp-applications.xml:319(para)
25322
msgid ""
25323
"The configuration files for <application>phpMyAdmin</application> are "
25324
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
25325
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
25326
"configuration options that apply globally to "
25327
"<application>phpMyAdmin</application>."
25328
msgstr ""
25329
25330
#: serverguide/C/lamp-applications.xml:325(para)
25331
msgid ""
25332
"To use <application>phpMyAdmin</application> to administer a MySQL database "
25333
"hosted on another server, adjust the following in "
25334
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
25335
msgstr ""
25336
25337
#: serverguide/C/lamp-applications.xml:330(programlisting)
25338
#, no-wrap
25339
msgid ""
25340
"\n"
25341
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
25342
msgstr ""
25343
25344
#: serverguide/C/lamp-applications.xml:335(para)
25345
msgid ""
25346
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
25347
"remote database server name or IP address. Also, be sure that the "
25348
"<application>phpMyAdmin</application> host has permissions to access the "
25349
"remote database."
25350
msgstr ""
25351
25352
#: serverguide/C/lamp-applications.xml:341(para)
25353
msgid ""
25354
"Once configured, log out of <application>phpMyAdmin</application> and back "
25355
"in, and you should be accessing the new server."
25356
msgstr ""
25357
25358
#: serverguide/C/lamp-applications.xml:345(para)
25359
msgid ""
25360
"The <filename>config.header.inc.php</filename> and "
25361
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
25362
"header and footer to <application>phpMyAdmin</application>."
25363
msgstr ""
25364
25365
#: serverguide/C/lamp-applications.xml:350(para)
25366
msgid ""
25367
"Another important configuration file is "
25368
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
25369
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
25370
"enabled, is used to configure <application>Apache2</application> to serve "
25371
"the <application>phpMyAdmin</application> site. The file contains directives "
25372
"for loading <application>PHP</application>, directory permissions, etc. From "
25373
"a terminal type:"
25374
msgstr ""
25375
25376
#: serverguide/C/lamp-applications.xml:358(command)
25377
msgid ""
25378
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
25379
"available/phpmyadmin.conf"
25380
msgstr ""
25381
25382
#: serverguide/C/lamp-applications.xml:359(command)
25383
msgid "sudo a2enconf phpmyadmin.conf"
25384
msgstr ""
25385
25386
#: serverguide/C/lamp-applications.xml:363(para)
25387
msgid ""
25388
"For more information on configuring <application>Apache2</application> see "
25389
"<xref linkend=\"httpd\"/>."
25390
msgstr ""
25391
25392
#: serverguide/C/lamp-applications.xml:374(para)
25393
msgid ""
25394
"The <application>phpMyAdmin</application> documentation comes installed with "
25395
"the package and can be accessed from the <emphasis>phpMyAdmin "
25396
"Documentation</emphasis> link (a question mark with a box around it) under "
25397
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
25398
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
25399
msgstr ""
25400
25401
#: serverguide/C/lamp-applications.xml:381(para)
25402
msgid ""
25403
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
25404
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
25405
msgstr ""
25406
25407
#: serverguide/C/lamp-applications.xml:386(para)
25408
msgid ""
25409
"A third resource is the <ulink "
25410
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
25411
"Wiki</ulink> page."
25412
msgstr ""
25413
25414
#: serverguide/C/lamp-applications.xml:395(title)
25415
msgid "WordPress"
25416
msgstr ""
25417
25418
#: serverguide/C/lamp-applications.xml:396(para)
25419
msgid ""
25420
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
25421
"licensed under the GNU GPLv2."
25422
msgstr ""
25423
25424
#: serverguide/C/lamp-applications.xml:402(para)
25425
msgid ""
25426
"To install <application>WordPress</application>, run the following comand in "
25427
"the command prompt:"
25428
msgstr ""
25429
25430
#: serverguide/C/lamp-applications.xml:407(command)
25431
msgid "sudo apt install wordpress"
25432
msgstr ""
25433
25434
#: serverguide/C/lamp-applications.xml:410(para)
25435
msgid ""
25436
"You should also install <application>apache2</application> web server and "
25437
"<application>mysql</application> server. For installing "
25438
"<application>apache2</application> web server, please refer to <xref "
25439
"linkend=\"http-installation\"/> sub-section in <xref linkend=\"httpd\"/> "
25440
"section. For installing <application>mysql</application> server, please "
25441
"refer to <xref linkend=\"mysql-installation\"/> sub-section in <xref "
25442
"linkend=\"mysql\"/> section."
25443
msgstr ""
25444
25445
#: serverguide/C/lamp-applications.xml:424(para)
25446
msgid ""
25447
"For configuring your first <application>WordPress</application> application, "
25448
"configure an apache site. Open <filename>/etc/apache2/sites-"
25449
"available/wordpress.conf</filename> and write the following lines:"
25450
msgstr ""
25451
25452
#: serverguide/C/lamp-applications.xml:431(programlisting)
25453
#, no-wrap
25454
msgid ""
25455
"\n"
25456
" Alias /blog /usr/share/wordpress\n"
25457
" <Directory /usr/share/wordpress>\n"
25458
" Options FollowSymLinks\n"
25459
" AllowOverride Limit Options FileInfo\n"
25460
" DirectoryIndex index.php\n"
25461
" Order allow,deny\n"
25462
" Allow from all\n"
25463
" </Directory>\n"
25464
" <Directory /usr/share/wordpress/wp-content>\n"
25465
" Options FollowSymLinks\n"
25466
" Order allow,deny\n"
25467
" Allow from all\n"
25468
" </Directory>\n"
25469
" "
25470
msgstr ""
25471
25472
#: serverguide/C/lamp-applications.xml:447(para)
25473
msgid "Enable this new <application>WordPress</application> site"
25474
msgstr ""
25475
25476
#: serverguide/C/lamp-applications.xml:450(command)
25477
msgid "sudo a2ensite wordpress"
25478
msgstr ""
25479
25480
#: serverguide/C/lamp-applications.xml:453(para)
25481
msgid ""
25482
"Once you configure the <application>apache2</application> web server and "
25483
"make it ready for your <application>WordPress</application> application, you "
25484
"should restart it. You can run the following command to restart the "
25485
"<application>apache2</application> web server:"
25486
msgstr ""
25487
25488
#: serverguide/C/lamp-applications.xml:465(para)
25489
msgid ""
25490
"To facilitate multiple <application>WordPress</application> installations, "
25491
"the name of this configuration file is based on the Host header of the HTTP "
25492
"request. This means that you can have a configuration per VirtualHost by "
25493
"simply matching the hostname portion of this configuration with your Apache "
25494
"Virtual Host. e.g. /etc/wordpress/config-10.211.55.50.php, "
25495
"/etc/wordpress/config-hostalias1.php, etc. These instructions assume you can "
25496
"access Apache via the localhost hostname (perhaps by using an ssh tunnel) if "
25497
"not, replace /etc/wordpress/config-localhost.php with /etc/wordpress/config-"
25498
"NAME_OF_YOUR_VIRTUAL_HOST.php."
25499
msgstr ""
25500
25501
#: serverguide/C/lamp-applications.xml:476(para)
25502
msgid ""
25503
"Once the configuration file is written, it is up to you to choose a "
25504
"convention for username and password to mysql for each "
25505
"<application>WordPress</application> database instance. This documentation "
25506
"shows only one, localhost, example."
25507
msgstr ""
25508
25509
#: serverguide/C/lamp-applications.xml:483(para)
25510
msgid ""
25511
"Now configure <application>WordPress</application> to use a mysql database. "
25512
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
25513
"the following lines:"
25514
msgstr ""
25515
25516
#: serverguide/C/lamp-applications.xml:489(programlisting)
25517
#, no-wrap
25518
msgid ""
25519
"\n"
25520
"<?php\n"
25521
"define('DB_NAME', 'wordpress');\n"
25522
"define('DB_USER', 'wordpress');\n"
25523
"define('DB_PASSWORD', 'yourpasswordhere');\n"
25524
"define('DB_HOST', 'localhost');\n"
25525
"define('WP_CONTENT_DIR', '/usr/share/wordpress/wp-content');\n"
25526
"?>\n"
25527
msgstr ""
25528
25529
#: serverguide/C/lamp-applications.xml:498(para)
25530
msgid ""
25531
"Now create this mysql database. Open a temporary file with mysql commands "
25532
"<filename>wordpress.sql</filename> and write the following lines:"
25533
msgstr ""
25534
25535
#: serverguide/C/lamp-applications.xml:501(programlisting)
25536
#, no-wrap
25537
msgid ""
25538
"\n"
25539
"CREATE DATABASE wordpress;\n"
25540
"GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER\n"
25541
"ON wordpress.*\n"
25542
"TO wordpress@localhost\n"
25543
"IDENTIFIED BY 'yourpasswordhere';\n"
25544
"FLUSH PRIVILEGES;\n"
25545
msgstr ""
25546
25547
#: serverguide/C/lamp-applications.xml:509(para)
25548
msgid "Execute these commands."
25549
msgstr ""
25550
25551
#: serverguide/C/lamp-applications.xml:511(command)
25552
msgid ""
25553
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
25554
msgstr ""
25555
25556
#: serverguide/C/lamp-applications.xml:513(para)
25557
msgid ""
25558
"Your new <application>WordPress</application> can now be configured by "
25559
"visiting <ulink url=\"http://localhost/blog/wp-"
25560
"admin/install.php\">http://localhost/blog/wp-admin/install.php</ulink>. (Or "
25561
"<ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/blog/wp-"
25562
"admin/install.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/blog/wp-"
25563
"admin/install.php</ulink> if your server has no GUI and you are completing "
25564
"<application>WordPress</application> configuration via a web browser running "
25565
"on another computer.) Fill out the Site Title, username, password, and E-"
25566
"mail and click Install WordPress."
25567
msgstr ""
25568
25569
#: serverguide/C/lamp-applications.xml:520(para)
25570
msgid ""
25571
"Note the generated password (if applicable) and click the login password. "
25572
"Your <application>WordPress</application> is now ready for use."
25573
msgstr ""
25574
25575
#: serverguide/C/lamp-applications.xml:530(ulink)
25576
msgid "WordPress.org Codex"
25577
msgstr ""
25578
25579
#: serverguide/C/lamp-applications.xml:535(ulink)
25580
msgid "Ubuntu Wiki WordPress"
25581
msgstr ""
25582
25583
#: serverguide/C/introduction.xml:12(para)
25584
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
25585
msgstr ""
25586
25587
#: serverguide/C/introduction.xml:13(para)
25588
msgid ""
25589
"Here you can find information on how to install and configure various server "
25590
"applications. It is a step-by-step, task-oriented guide for configuring and "
25591
"customizing your system."
25592
msgstr ""
25593
25594
#: serverguide/C/introduction.xml:17(para)
25595
msgid ""
25596
"This guide assumes you have a basic understanding of your Ubuntu system. "
25597
"Some installation details are covered in <xref linkend=\"installation\"/>, "
25598
"but if you need detailed instructions installing Ubuntu please refer to the "
25599
"<ulink url=\"https://help.ubuntu.com/16.04/installation-guide/\">Ubuntu "
25600
"Installation Guide</ulink>."
25601
msgstr ""
25602
25603
#: serverguide/C/introduction.xml:23(para)
25604
msgid ""
25605
"A HTML version of the manual is available online at <ulink "
25606
"url=\"https://help.ubuntu.com\">the Ubuntu Documentation website</ulink>."
25607
msgstr ""
25608
25609
#: serverguide/C/introduction.xml:29(title)
25610
msgid "Support"
25611
msgstr ""
25612
25613
#: serverguide/C/introduction.xml:31(para)
25614
msgid ""
25615
"There are a couple of different ways that Ubuntu Server Edition is "
25616
"supported: commercial support and community support. The main commercial "
25617
"support (and development funding) is available from Canonical, Ltd. They "
25618
"supply reasonably- priced support contracts on a per desktop or per server "
25619
"basis. For more information see the <ulink "
25620
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
25621
msgstr ""
25622
25623
#: serverguide/C/introduction.xml:40(para)
25624
msgid ""
25625
"Community support is also provided by dedicated individuals and companies "
25626
"that wish to make Ubuntu the best distribution possible. Support is provided "
25627
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
25628
"large amount of information available can be overwhelming, but a good search "
25629
"engine query can usually provide an answer to your questions. See the <ulink "
25630
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
25631
"information."
25632
msgstr ""
25633
25634
#: serverguide/C/installation.xml:12(para)
25635
msgid ""
25636
"This chapter provides a quick overview of installing Ubuntu 16.04 LTS Server "
25637
"Edition. For more detailed instructions, please refer to the <ulink "
25638
"url=\"https://help.ubuntu.com/16.04/installation-guide/\">Ubuntu "
25639
"Installation Guide</ulink>."
25640
msgstr ""
25641
25642
#: serverguide/C/installation.xml:17(title)
25643
msgid "Preparing to Install"
25644
msgstr ""
25645
25646
#: serverguide/C/installation.xml:18(para)
25647
msgid ""
25648
"This section explains various aspects to consider before starting the "
25649
"installation."
25650
msgstr ""
25651
25652
#: serverguide/C/installation.xml:22(title)
25653
msgid "System Requirements"
25654
msgstr ""
25655
25656
#: serverguide/C/installation.xml:23(para)
25657
msgid ""
25658
"Ubuntu 16.04 LTS Server Edition supports three (3) major architectures: "
25659
"Intel x86, AMD64 and ARM. The table below lists recommended hardware "
25660
"specifications. Depending on your needs, you might manage with less than "
25661
"this. However, most users risk being frustrated if they ignore these "
25662
"suggestions."
25663
msgstr ""
25664
25665
#: serverguide/C/installation.xml:26(title)
25666
msgid "Recommended Minimum Requirements"
25667
msgstr ""
25668
25669
#: serverguide/C/installation.xml:35(para)
25670
msgid "Install Type"
25671
msgstr ""
25672
25673
#: serverguide/C/installation.xml:36(para)
25674
msgid "CPU"
25675
msgstr ""
25676
25677
#: serverguide/C/installation.xml:37(para)
25678
msgid "RAM"
25679
msgstr ""
25680
25681
#: serverguide/C/installation.xml:38(para)
25682
msgid "Hard Drive Space"
25683
msgstr ""
25684
25685
#: serverguide/C/installation.xml:41(para)
25686
msgid "Base System"
25687
msgstr ""
25688
25689
#: serverguide/C/installation.xml:42(para)
25690
msgid "All Tasks Installed"
25691
msgstr ""
25692
25693
#: serverguide/C/installation.xml:47(para)
25694
msgid "Server (Standard)"
25695
msgstr ""
25696
25697
#: serverguide/C/installation.xml:48(para)
25698
msgid "1 gigahertz"
25699
msgstr ""
25700
25701
#: serverguide/C/installation.xml:49(para)
25702
msgid "512 megabytes"
25703
msgstr ""
25704
25705
#: serverguide/C/installation.xml:50(para)
25706
msgid "1.5 gigabyte"
25707
msgstr ""
25708
25709
#: serverguide/C/installation.xml:51(para) serverguide/C/installation.xml:58(para)
25710
msgid "2.5 gigabytes"
25711
msgstr ""
25712
25713
#: serverguide/C/installation.xml:54(para)
25714
msgid "Server (Minimal)"
25715
msgstr ""
25716
25717
#: serverguide/C/installation.xml:55(para)
25718
msgid "300 megahertz"
25719
msgstr ""
25720
25721
#: serverguide/C/installation.xml:56(para)
25722
msgid "384 megabytes"
25723
msgstr ""
25724
25725
#: serverguide/C/installation.xml:57(para)
25726
msgid "1.5 megabytes"
25727
msgstr ""
25728
25729
#: serverguide/C/installation.xml:64(para)
25730
msgid ""
25731
"The Server Edition provides a common base for all sorts of server "
25732
"applications. It is a minimalist design providing a platform for the desired "
25733
"services, such as file/print services, web hosting, email hosting, etc."
25734
msgstr ""
25735
25736
#: serverguide/C/installation.xml:72(title)
25737
msgid "Server and Desktop Differences"
25738
msgstr ""
25739
25740
#: serverguide/C/installation.xml:73(para)
25741
msgid ""
25742
"There are a few differences between the <emphasis>Ubuntu Server "
25743
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
25744
"should be noted that both editions use the same "
25745
"<application>apt</application> repositories, making it just as easy to "
25746
"install a <emphasis role=\"italic\">server</emphasis> application on the "
25747
"Desktop Edition as it is on the Server Edition."
25748
msgstr ""
25749
25750
#: serverguide/C/installation.xml:79(para)
25751
msgid ""
25752
"The differences between the two editions are the lack of an X window "
25753
"environment in the Server Edition and the installation process."
25754
msgstr ""
25755
25756
#: serverguide/C/installation.xml:86(title)
25757
msgid "Kernel Differences:"
25758
msgstr ""
25759
25760
#: serverguide/C/installation.xml:87(para)
25761
msgid ""
25762
"Ubuntu version 10.10 and prior, actually had different kernels for the "
25763
"server and desktop editions. Ubuntu no longer has separate -server and -"
25764
"generic kernel flavors. These have been merged into a single -generic kernel "
25765
"flavor to help reduce the maintenance burden over the life of the release."
25766
msgstr ""
25767
25768
#: serverguide/C/installation.xml:92(para)
25769
msgid ""
25770
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
25771
"limited by memory addressing space."
25772
msgstr ""
25773
25774
#: serverguide/C/installation.xml:97(para)
25775
msgid ""
25776
"To see all kernel configuration options you can look through "
25777
"<filename>/boot/config-4.4.0-server</filename>. Also, <ulink "
25778
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
25779
"great resource on the options available."
25780
msgstr ""
25781
25782
#: serverguide/C/installation.xml:106(title)
25783
msgid "Backing Up"
25784
msgstr ""
25785
25786
#: serverguide/C/installation.xml:109(para)
25787
msgid ""
25788
"Before installing <application>Ubuntu Server Edition</application> you "
25789
"should make sure all data on the system is backed up. See <xref "
25790
"linkend=\"backups\"/> for backup options."
25791
msgstr ""
25792
25793
#: serverguide/C/installation.xml:113(para)
25794
msgid ""
25795
"If this is not the first time an operating system has been installed on your "
25796
"computer, it is likely you will need to re-partition your disk to make room "
25797
"for Ubuntu."
25798
msgstr ""
25799
25800
#: serverguide/C/installation.xml:117(para)
25801
msgid ""
25802
"Any time you partition your disk, you should be prepared to lose everything "
25803
"on the disk should you make a mistake or something goes wrong during "
25804
"partitioning. The programs used in installation are quite reliable, most "
25805
"have seen years of use, but they also perform destructive actions."
25806
msgstr ""
25807
25808
#: serverguide/C/installation.xml:130(para)
25809
msgid ""
25810
"The basic steps to install Ubuntu Server Edition are the same as those for "
25811
"installing any operating system. Unlike the <emphasis>Desktop "
25812
"Edition</emphasis>, the <emphasis>Server Edition</emphasis> does not include "
25813
"a graphical installation program. The Server Edition uses a console menu "
25814
"based process instead."
25815
msgstr ""
25816
25817
#: serverguide/C/installation.xml:137(para)
25818
msgid ""
25819
"Download the appropriate ISO file from the <ulink "
25820
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
25821
"site</ulink>."
25822
msgstr ""
25823
25824
#: serverguide/C/installation.xml:143(para)
25825
msgid "Boot the system from media (e.g. USB key) containing the ISO file."
25826
msgstr ""
25827
25828
#: serverguide/C/installation.xml:148(para)
25829
msgid "At the boot prompt you will be asked to select a language."
25830
msgstr ""
25831
25832
#: serverguide/C/installation.xml:153(para)
25833
msgid ""
25834
"From the main boot menu there are some additional options to install Ubuntu "
25835
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
25836
"defects, check the system's RAM, boot from first hard disk, or rescue a "
25837
"broken system. The rest of this section will cover the basic Ubuntu Server "
25838
"install."
25839
msgstr ""
25840
25841
#: serverguide/C/installation.xml:160(para)
25842
msgid ""
25843
"The installer asks which language it should use. Afterwards, you are asked "
25844
"to select your location."
25845
msgstr ""
25846
25847
#: serverguide/C/installation.xml:166(para)
25848
msgid ""
25849
"Next, the installation process begins by asking for your keyboard layout. "
25850
"You can ask the installer to attempt auto-detecting it, or you can select it "
25851
"manually from a list."
25852
msgstr ""
25853
25854
#: serverguide/C/installation.xml:172(para)
25855
msgid ""
25856
"The installer then discovers your hardware configuration, and configures the "
25857
"network settings using DHCP. If you do not wish to use DHCP at the next "
25858
"screen choose \"Go Back\", and you have the option to \"Configure the "
25859
"network manually\"."
25860
msgstr ""
25861
25862
#: serverguide/C/installation.xml:179(para)
25863
msgid "Next, the installer asks for the system's hostname."
25864
msgstr ""
25865
25866
#: serverguide/C/installation.xml:184(para)
25867
msgid ""
25868
"A new user is set up; this user will have <emphasis>root</emphasis> access "
25869
"through the <application>sudo</application> utility."
25870
msgstr ""
25871
25872
#: serverguide/C/installation.xml:190(para)
25873
msgid ""
25874
"After the user settings have been completed, you will be asked if you want "
25875
"to encrypt your <filename role=\"directory\">home</filename> directory."
25876
msgstr ""
25877
25878
#: serverguide/C/installation.xml:196(para)
25879
msgid "Next, the installer asks for the system's Time Zone."
25880
msgstr ""
25881
25882
#: serverguide/C/installation.xml:201(para)
25883
msgid ""
25884
"You can then choose from several options to configure the hard drive layout. "
25885
"Afterwards you are asked which disk to install to. You may get confirmation "
25886
"prompts before rewriting the partition table or setting up LVM depending on "
25887
"disk layout. If you choose LVM, you will be asked for the size of the root "
25888
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
25889
"installation\"/>."
25890
msgstr ""
25891
25892
#: serverguide/C/installation.xml:209(para)
25893
msgid "The Ubuntu base system is then installed."
25894
msgstr ""
25895
25896
#: serverguide/C/installation.xml:214(para)
25897
msgid ""
25898
"The next step in the installation process is to decide how you want to "
25899
"update the system. There are three options:"
25900
msgstr ""
25901
25902
#: serverguide/C/installation.xml:220(para)
25903
msgid ""
25904
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
25905
"log into the machine and manually install updates."
25906
msgstr ""
25907
25908
#: serverguide/C/installation.xml:226(para)
25909
msgid ""
25910
"<emphasis>Install security updates automatically</emphasis>: this will "
25911
"install the <application>unattended-upgrades</application> package, which "
25912
"will install security updates without the intervention of an administrator. "
25913
"For more details see <xref linkend=\"automatic-updates\"/>."
25914
msgstr ""
25915
25916
#: serverguide/C/installation.xml:233(para)
25917
msgid ""
25918
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
25919
"service provided by Canonical to help manage your Ubuntu machines. See the "
25920
"<ulink url=\"http://landscape.canonical.com/\">Landscape</ulink> site for "
25921
"details."
25922
msgstr ""
25923
25924
#: serverguide/C/installation.xml:242(para)
25925
msgid ""
25926
"You now have the option to install, or not install, several package tasks. "
25927
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
25928
"to launch <application>aptitude</application> to choose specific packages to "
25929
"install. For more information see <xref linkend=\"aptitude\"/>."
25930
msgstr ""
25931
25932
#: serverguide/C/installation.xml:250(para)
25933
msgid "Finally, the last step before rebooting is to set the clock to UTC."
25934
msgstr ""
25935
25936
#: serverguide/C/installation.xml:256(para)
25937
msgid ""
25938
"If at any point during installation you are not satisfied by the default "
25939
"setting, use the \"Go Back\" function at any prompt to be brought to a "
25940
"detailed installation menu that will allow you to modify the default "
25941
"settings."
25942
msgstr ""
25943
25944
#: serverguide/C/installation.xml:261(para)
25945
msgid ""
25946
"At some point during the installation process you may want to read the help "
25947
"screen provided by the installation system. To do this, press F1."
25948
msgstr ""
25949
25950
#: serverguide/C/installation.xml:266(para)
25951
msgid ""
25952
"Once again, for detailed instructions see the <ulink "
25953
"url=\"https://help.ubuntu.com/16.04/installation-guide/\"> Ubuntu "
25954
"Installation Guide</ulink>."
25955
msgstr ""
25956
25957
#: serverguide/C/installation.xml:272(title)
25958
msgid "Package Tasks"
25959
msgstr ""
25960
25961
#: serverguide/C/installation.xml:273(para)
25962
msgid ""
25963
"During the Server Edition installation you have the option of installing "
25964
"additional packages. The packages are grouped by the type of service they "
25965
"provide."
25966
msgstr ""
25967
25968
#: serverguide/C/installation.xml:279(para)
25969
msgid "DNS server: Selects the BIND DNS server and its documentation."
25970
msgstr ""
25971
25972
#: serverguide/C/installation.xml:284(para)
25973
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
25974
msgstr ""
25975
25976
#: serverguide/C/installation.xml:289(para)
25977
msgid ""
25978
"Mail server: This task selects a variety of packages useful for a general "
25979
"purpose mail server system."
25980
msgstr ""
25981
25982
#: serverguide/C/installation.xml:294(para)
25983
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
25984
msgstr ""
25985
25986
#: serverguide/C/installation.xml:299(para)
25987
msgid ""
25988
"PostgreSQL database: This task selects client and server packages for the "
25989
"PostgreSQL database."
25990
msgstr ""
25991
25992
#: serverguide/C/installation.xml:304(para)
25993
msgid "Print server: This task sets up your system to be a print server."
25994
msgstr ""
25995
25996
#: serverguide/C/installation.xml:309(para)
25997
msgid ""
25998
"Samba File server: This task sets up your system to be a Samba file server, "
25999
"which is especially suitable in networks with both Windows and Linux systems."
26000
msgstr ""
26001
26002
#: serverguide/C/installation.xml:315(para)
26003
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
26004
msgstr ""
26005
26006
#: serverguide/C/installation.xml:320(para)
26007
msgid ""
26008
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
26009
msgstr ""
26010
26011
#: serverguide/C/installation.xml:325(para)
26012
msgid ""
26013
"Manually select packages: Executes <application>aptitude</application> "
26014
"allowing you to individually select packages."
26015
msgstr ""
26016
26017
#: serverguide/C/installation.xml:330(para)
26018
msgid ""
26019
"Installing the package groups is accomplished using the "
26020
"<application>tasksel</application> utility. One of the important differences "
26021
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
26022
"installed, a package is also configured to reasonable defaults, eventually "
26023
"prompting you for additional required information. Likewise, when installing "
26024
"a task, the packages are not only installed, but also configured to provided "
26025
"a fully integrated service."
26026
msgstr ""
26027
26028
#: serverguide/C/installation.xml:337(para)
26029
msgid ""
26030
"Once the installation process has finished you can view a list of available "
26031
"tasks by entering the following from a terminal prompt:"
26032
msgstr ""
26033
26034
#: serverguide/C/installation.xml:342(command)
26035
msgid "tasksel --list-tasks"
26036
msgstr ""
26037
26038
#: serverguide/C/installation.xml:345(para)
26039
msgid ""
26040
"The output will list tasks from other Ubuntu based distributions such as "
26041
"Kubuntu and Edubuntu. Note that you can also invoke the "
26042
"<command>tasksel</command> command by itself, which will bring up a menu of "
26043
"the different tasks available."
26044
msgstr ""
26045
26046
#: serverguide/C/installation.xml:351(para)
26047
msgid ""
26048
"You can view a list of which packages are installed with each task using the "
26049
"<emphasis>--task-packages</emphasis> option. For example, to list the "
26050
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
26051
"following:"
26052
msgstr ""
26053
26054
#: serverguide/C/installation.xml:356(command)
26055
msgid "tasksel --task-packages dns-server"
26056
msgstr ""
26057
26058
#: serverguide/C/installation.xml:358(para)
26059
msgid "The output of the command should list:"
26060
msgstr ""
26061
26062
#: serverguide/C/installation.xml:361(programlisting)
26063
#, no-wrap
26064
msgid ""
26065
"\n"
26066
"bind9-doc \n"
26067
"bind9utils \n"
26068
"bind9\n"
26069
msgstr ""
26070
26071
#: serverguide/C/installation.xml:366(para)
26072
msgid ""
26073
"If you did not install one of the tasks during the installation process, but "
26074
"for example you decide to make your new LAMP server a DNS server as well, "
26075
"simply insert the installation media and from a terminal:"
26076
msgstr ""
26077
26078
#: serverguide/C/installation.xml:371(command)
26079
msgid "sudo tasksel install dns-server"
26080
msgstr ""
26081
26082
#: serverguide/C/installation.xml:376(title)
26083
msgid "Upgrading"
26084
msgstr ""
26085
26086
#: serverguide/C/installation.xml:377(para)
26087
msgid ""
26088
"There are several ways to upgrade from one Ubuntu release to another. This "
26089
"section gives an overview of the recommended upgrade method."
26090
msgstr ""
26091
26092
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
26093
msgid "do-release-upgrade"
26094
msgstr ""
26095
26096
#: serverguide/C/installation.xml:382(para)
26097
msgid ""
26098
"The recommended way to upgrade a Server Edition installation is to use the "
26099
"<application>do-release-upgrade</application> utility. Part of the "
26100
"<emphasis>update-manager-core</emphasis> package, it does not have any "
26101
"graphical dependencies and is installed by default."
26102
msgstr ""
26103
26104
#: serverguide/C/installation.xml:387(para)
26105
msgid ""
26106
"Debian based systems can also be upgraded by using <command>apt dist-"
26107
"upgrade</command>. However, using <application>do-release-"
26108
"upgrade</application> is recommended because it has the ability to handle "
26109
"system configuration changes sometimes needed between releases."
26110
msgstr ""
26111
26112
#: serverguide/C/installation.xml:392(para)
26113
msgid "To upgrade to a newer release, from a terminal prompt enter:"
26114
msgstr ""
26115
26116
#: serverguide/C/installation.xml:398(para)
26117
msgid ""
26118
"It is also possible to use <application>do-release-upgrade</application> to "
26119
"upgrade to a development version of Ubuntu. To accomplish this use the "
26120
"<emphasis>-d</emphasis> switch:"
26121
msgstr ""
26122
26123
#: serverguide/C/installation.xml:403(command)
26124
msgid "do-release-upgrade -d"
26125
msgstr ""
26126
26127
#: serverguide/C/installation.xml:406(para)
26128
msgid ""
26129
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
26130
"for production environments."
26131
msgstr ""
26132
26133
#: serverguide/C/installation.xml:410(para)
26134
msgid ""
26135
"For further stability of a LTS release there is a slight change in behaviour "
26136
"if you are currently running a LTS version. LTS systems are only "
26137
"automatically considered for an upgrade to the next LTS via <application>do-"
26138
"release-upgrade</application> with the first point release. So for example "
26139
"14.04 will only upgrade once 16.04.1 is released. If you want to update "
26140
"before, e.g. on a subset of machines to evaluate the LTS upgrade for your "
26141
"setup the same argument as an upgrade to a dev release has to be used via "
26142
"the <emphasis>-d</emphasis> switch."
26143
msgstr ""
26144
26145
#: serverguide/C/installation.xml:419(title)
26146
msgid "Advanced Installation"
26147
msgstr ""
26148
26149
#: serverguide/C/installation.xml:422(title)
26150
msgid "Software RAID"
26151
msgstr ""
26152
26153
#: serverguide/C/installation.xml:424(para)
26154
msgid ""
26155
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
26156
"disks to provide different balances of increasing data reliability and/or "
26157
"increasing input/output performance, depending on the RAID level being used. "
26158
"RAID is implemented in either software (where the operating system knows "
26159
"about both drives and actively maintains both of them) or hardware (where a "
26160
"special controller makes the OS think there's only one drive and maintains "
26161
"the drives 'invisibly')."
26162
msgstr ""
26163
26164
#: serverguide/C/installation.xml:432(para)
26165
msgid ""
26166
"The RAID software included with current versions of Linux (and Ubuntu) is "
26167
"based on the <application>'mdadm'</application> driver and works very well, "
26168
"better even than many so-called 'hardware' RAID controllers. This section "
26169
"will guide you through installing Ubuntu Server Edition using two RAID1 "
26170
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
26171
"another for <emphasis>swap</emphasis>."
26172
msgstr ""
26173
26174
#: serverguide/C/installation.xml:440(title)
26175
msgid "Partitioning"
26176
msgstr ""
26177
26178
#: serverguide/C/installation.xml:442(para) serverguide/C/installation.xml:964(para)
26179
msgid ""
26180
"Follow the installation steps until you get to the <emphasis>Partition "
26181
"disks</emphasis> step, then:"
26182
msgstr ""
26183
26184
#: serverguide/C/installation.xml:449(para)
26185
msgid "Select <emphasis>Manual</emphasis> as the partition method."
26186
msgstr ""
26187
26188
#: serverguide/C/installation.xml:456(para)
26189
msgid ""
26190
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
26191
"partition table on this device?\"</emphasis>."
26192
msgstr ""
26193
26194
#: serverguide/C/installation.xml:460(para)
26195
msgid ""
26196
"Repeat this step for each drive you wish to be part of the RAID array."
26197
msgstr ""
26198
26199
#: serverguide/C/installation.xml:467(para)
26200
msgid ""
26201
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
26202
"select <emphasis>\"Create a new partition\"</emphasis>."
26203
msgstr ""
26204
26205
#: serverguide/C/installation.xml:474(para)
26206
msgid ""
26207
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
26208
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
26209
"size is twice that of RAM. Enter the partition size, then choose "
26210
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
26211
msgstr ""
26212
26213
#: serverguide/C/installation.xml:481(para)
26214
msgid ""
26215
"A swap partition size of twice the available RAM capacity may not always be "
26216
"desirable, especially on systems with large amounts of RAM. Calculating the "
26217
"swap partition size for servers is highly dependent on how the system is "
26218
"going to be used."
26219
msgstr ""
26220
26221
#: serverguide/C/installation.xml:490(para)
26222
msgid ""
26223
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
26224
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
26225
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
26226
"<emphasis>\"Done setting up partition\"</emphasis>."
26227
msgstr ""
26228
26229
#: serverguide/C/installation.xml:499(para)
26230
msgid ""
26231
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
26232
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
26233
"partition\"</emphasis>."
26234
msgstr ""
26235
26236
#: serverguide/C/installation.xml:507(para)
26237
msgid ""
26238
"Use the rest of the free space on the drive and choose "
26239
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
26240
msgstr ""
26241
26242
#: serverguide/C/installation.xml:514(para)
26243
msgid ""
26244
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
26245
"at the top, changing it to <emphasis>\"physical volume for "
26246
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
26247
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
26248
"<emphasis>\"Done setting up partition\"</emphasis>."
26249
msgstr ""
26250
26251
#: serverguide/C/installation.xml:524(para)
26252
msgid "Repeat steps three through eight for the other disk and partitions."
26253
msgstr ""
26254
26255
#: serverguide/C/installation.xml:533(title)
26256
msgid "RAID Configuration"
26257
msgstr ""
26258
26259
#: serverguide/C/installation.xml:535(para)
26260
msgid "With the partitions setup the arrays are ready to be configured:"
26261
msgstr ""
26262
26263
#: serverguide/C/installation.xml:542(para)
26264
msgid ""
26265
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
26266
"Software RAID\"</emphasis> at the top."
26267
msgstr ""
26268
26269
#: serverguide/C/installation.xml:549(para)
26270
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
26271
msgstr ""
26272
26273
#: serverguide/C/installation.xml:556(para)
26274
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
26275
msgstr ""
26276
26277
#: serverguide/C/installation.xml:563(para)
26278
msgid ""
26279
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
26280
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
26281
msgstr ""
26282
26283
#: serverguide/C/installation.xml:569(para)
26284
msgid ""
26285
"In order to use <emphasis>RAID5</emphasis> you need at least "
26286
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
26287
"<emphasis>two</emphasis> drives are required."
26288
msgstr ""
26289
26290
#: serverguide/C/installation.xml:578(para)
26291
msgid ""
26292
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
26293
"of hard drives you have, for the array. Then select "
26294
"<emphasis>\"Continue\"</emphasis>."
26295
msgstr ""
26296
26297
#: serverguide/C/installation.xml:586(para)
26298
msgid ""
26299
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
26300
"default, then choose <emphasis>\"Continue\"</emphasis>."
26301
msgstr ""
26302
26303
#: serverguide/C/installation.xml:593(para)
26304
msgid ""
26305
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
26306
"etc. The numbers will usually match and the different letters correspond to "
26307
"different hard drives."
26308
msgstr ""
26309
26310
#: serverguide/C/installation.xml:598(para)
26311
msgid ""
26312
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
26313
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
26314
"go to the next step."
26315
msgstr ""
26316
26317
#: serverguide/C/installation.xml:606(para)
26318
msgid ""
26319
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
26320
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
26321
"and <emphasis>sdb2</emphasis>."
26322
msgstr ""
26323
26324
#: serverguide/C/installation.xml:614(para)
26325
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
26326
msgstr ""
26327
26328
#: serverguide/C/installation.xml:624(title)
26329
msgid "Formatting"
26330
msgstr ""
26331
26332
#: serverguide/C/installation.xml:626(para)
26333
msgid ""
26334
"There should now be a list of hard drives and RAID devices. The next step is "
26335
"to format and set the mount point for the RAID devices. Treat the RAID "
26336
"device as a local hard drive, format and mount accordingly."
26337
msgstr ""
26338
26339
#: serverguide/C/installation.xml:634(para)
26340
msgid ""
26341
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
26342
"#0\"</emphasis> partition."
26343
msgstr ""
26344
26345
#: serverguide/C/installation.xml:641(para)
26346
msgid ""
26347
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
26348
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
26349
msgstr ""
26350
26351
#: serverguide/C/installation.xml:649(para)
26352
msgid ""
26353
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
26354
"#1\"</emphasis> partition."
26355
msgstr ""
26356
26357
#: serverguide/C/installation.xml:656(para)
26358
msgid ""
26359
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
26360
"journaling file system\"</emphasis>."
26361
msgstr ""
26362
26363
#: serverguide/C/installation.xml:663(para)
26364
msgid ""
26365
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
26366
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
26367
"options as appropriate, then select <emphasis>\"Done setting up "
26368
"partition\"</emphasis>."
26369
msgstr ""
26370
26371
#: serverguide/C/installation.xml:671(para)
26372
msgid ""
26373
"Finally, select <emphasis>\"Finish partitioning and write changes to "
26374
"disk\"</emphasis>."
26375
msgstr ""
26376
26377
#: serverguide/C/installation.xml:678(para)
26378
msgid ""
26379
"If you choose to place the root partition on a RAID array, the installer "
26380
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
26381
"state. See <xref linkend=\"raid-degraded\"/> for further details."
26382
msgstr ""
26383
26384
#: serverguide/C/installation.xml:683(para)
26385
msgid "The installation process will then continue normally."
26386
msgstr ""
26387
26388
#: serverguide/C/installation.xml:689(title)
26389
msgid "Degraded RAID"
26390
msgstr ""
26391
26392
#: serverguide/C/installation.xml:691(para)
26393
msgid ""
26394
"At some point in the life of the computer a disk failure event may occur. "
26395
"When this happens, using Software RAID, the operating system will place the "
26396
"array into what is known as a <emphasis>degraded</emphasis> state."
26397
msgstr ""
26398
26399
#: serverguide/C/installation.xml:696(para)
26400
msgid ""
26401
"If the array has become degraded, due to the chance of data corruption, by "
26402
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
26403
"after thirty seconds. Once the initramfs has booted there is a fifteen "
26404
"second prompt giving you the option to go ahead and boot the system, or "
26405
"attempt manual recover. Booting to the initramfs prompt may or may not be "
26406
"the desired behavior, especially if the machine is in a remote location. "
26407
"Booting to a degraded array can be configured several ways:"
26408
msgstr ""
26409
26410
#: serverguide/C/installation.xml:707(para)
26411
msgid ""
26412
"The <application>dpkg-reconfigure</application> utility can be used to "
26413
"configure the default behavior, and during the process you will be queried "
26414
"about additional settings related to the array. Such as monitoring, email "
26415
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
26416
"following:"
26417
msgstr ""
26418
26419
#: serverguide/C/installation.xml:714(command)
26420
msgid "sudo dpkg-reconfigure mdadm"
26421
msgstr ""
26422
26423
#: serverguide/C/installation.xml:720(para)
26424
msgid ""
26425
"The <command>dpkg-reconfigure mdadm</command> process will change the "
26426
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
26427
"The file has the advantage of being able to pre-configure the system's "
26428
"behavior, and can also be manually edited:"
26429
msgstr ""
26430
26431
#: serverguide/C/installation.xml:726(programlisting)
26432
#, no-wrap
26433
msgid ""
26434
"\n"
26435
"BOOT_DEGRADED=true\n"
26436
msgstr ""
26437
26438
#: serverguide/C/installation.xml:731(para)
26439
msgid "The configuration file can be overridden by using a Kernel argument."
26440
msgstr ""
26441
26442
#: serverguide/C/installation.xml:739(para)
26443
msgid ""
26444
"Using a Kernel argument will allow the system to boot to a degraded array as "
26445
"well:"
26446
msgstr ""
26447
26448
#: serverguide/C/installation.xml:745(para)
26449
msgid ""
26450
"When the server is booting press <keycap>Shift</keycap> to open the "
26451
"<application>Grub</application> menu."
26452
msgstr ""
26453
26454
#: serverguide/C/installation.xml:750(para)
26455
msgid "Press <keycap>e</keycap> to edit your kernel command options."
26456
msgstr ""
26457
26458
#: serverguide/C/installation.xml:755(para)
26459
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
26460
msgstr ""
26461
26462
#: serverguide/C/installation.xml:760(para)
26463
msgid ""
26464
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
26465
"end of the line."
26466
msgstr ""
26467
26468
#: serverguide/C/installation.xml:765(para)
26469
msgid ""
26470
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
26471
"the system."
26472
msgstr ""
26473
26474
#: serverguide/C/installation.xml:774(para)
26475
msgid ""
26476
"Once the system has booted you can either repair the array see <xref "
26477
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
26478
"another machine due to major hardware failure."
26479
msgstr ""
26480
26481
#: serverguide/C/installation.xml:781(title)
26482
msgid "RAID Maintenance"
26483
msgstr ""
26484
26485
#: serverguide/C/installation.xml:783(para)
26486
msgid ""
26487
"The <application>mdadm</application> utility can be used to view the status "
26488
"of an array, add disks to an array, remove disks, etc:"
26489
msgstr ""
26490
26491
#: serverguide/C/installation.xml:790(para)
26492
msgid "To view the status of an array, from a terminal prompt enter:"
26493
msgstr ""
26494
26495
#: serverguide/C/installation.xml:794(command)
26496
msgid "sudo mdadm -D /dev/md0"
26497
msgstr ""
26498
26499
#: serverguide/C/installation.xml:797(para)
26500
msgid ""
26501
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
26502
"display <emphasis>detailed</emphasis> information about the "
26503
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
26504
"with the appropriate RAID device."
26505
msgstr ""
26506
26507
#: serverguide/C/installation.xml:803(para)
26508
msgid "To view the status of a disk in an array:"
26509
msgstr ""
26510
26511
#: serverguide/C/installation.xml:807(command)
26512
msgid "sudo mdadm -E /dev/sda1"
26513
msgstr ""
26514
26515
#: serverguide/C/installation.xml:809(para)
26516
msgid ""
26517
"The output if very similar to the <command>mdadm -D</command> command, "
26518
"adjust <filename>/dev/sda1</filename> for each disk."
26519
msgstr ""
26520
26521
#: serverguide/C/installation.xml:814(para)
26522
msgid "If a disk fails and needs to be removed from an array enter:"
26523
msgstr ""
26524
26525
#: serverguide/C/installation.xml:818(command)
26526
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
26527
msgstr ""
26528
26529
#: serverguide/C/installation.xml:820(para)
26530
msgid ""
26531
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
26532
"the appropriate RAID device and disk."
26533
msgstr ""
26534
26535
#: serverguide/C/installation.xml:825(para)
26536
msgid "Similarly, to add a new disk:"
26537
msgstr ""
26538
26539
#: serverguide/C/installation.xml:829(command)
26540
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
26541
msgstr ""
26542
26543
#: serverguide/C/installation.xml:834(para)
26544
msgid ""
26545
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
26546
"though there is nothing physically wrong with the drive. It is usually "
26547
"worthwhile to remove the drive from the array then re-add it. This will "
26548
"cause the drive to re-sync with the array. If the drive will not sync with "
26549
"the array, it is a good indication of hardware failure."
26550
msgstr ""
26551
26552
#: serverguide/C/installation.xml:840(para)
26553
msgid ""
26554
"The <filename>/proc/mdstat</filename> file also contains useful information "
26555
"about the system's RAID devices:"
26556
msgstr ""
26557
26558
#: serverguide/C/installation.xml:845(command)
26559
msgid "cat /proc/mdstat"
26560
msgstr ""
26561
26562
#: serverguide/C/installation.xml:846(computeroutput)
26563
#, no-wrap
26564
msgid ""
26565
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
26566
"[raid10] \n"
26567
"md0 : active raid1 sda1[0] sdb1[1]\n"
26568
" 10016384 blocks [2/2] [UU]\n"
26569
" \n"
26570
"unused devices: <none>"
26571
msgstr ""
26572
26573
#: serverguide/C/installation.xml:853(para)
26574
msgid ""
26575
"The following command is great for watching the status of a syncing drive:"
26576
msgstr ""
26577
26578
#: serverguide/C/installation.xml:858(command)
26579
msgid "watch -n1 cat /proc/mdstat"
26580
msgstr ""
26581
26582
#: serverguide/C/installation.xml:861(para)
26583
msgid ""
26584
"Press <emphasis>Ctrl+c</emphasis> to stop the "
26585
"<application>watch</application> command."
26586
msgstr ""
26587
26588
#: serverguide/C/installation.xml:865(para)
26589
msgid ""
26590
"If you do need to replace a faulty drive, after the drive has been replaced "
26591
"and synced, <application>grub</application> will need to be installed. To "
26592
"install <application>grub</application> on the new drive, enter the "
26593
"following:"
26594
msgstr ""
26595
26596
#: serverguide/C/installation.xml:871(command)
26597
msgid "sudo grub-install /dev/md0"
26598
msgstr ""
26599
26600
#: serverguide/C/installation.xml:874(para)
26601
msgid ""
26602
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
26603
msgstr ""
26604
26605
#: serverguide/C/installation.xml:882(para)
26606
msgid ""
26607
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
26608
"can be configured. Please see the following links for more information:"
26609
msgstr ""
26610
26611
#: serverguide/C/installation.xml:889(para)
26612
msgid ""
26613
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
26614
"Wiki Articles on RAID</ulink>."
26615
msgstr ""
26616
26617
#: serverguide/C/installation.xml:895(ulink)
26618
msgid "Software RAID HOWTO"
26619
msgstr ""
26620
26621
#: serverguide/C/installation.xml:900(ulink)
26622
msgid "Managing RAID on Linux"
26623
msgstr ""
26624
26625
#: serverguide/C/installation.xml:907(title)
26626
msgid "Logical Volume Manager (LVM)"
26627
msgstr ""
26628
26629
#: serverguide/C/installation.xml:909(para)
26630
msgid ""
26631
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
26632
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
26633
"hard disks. LVM volumes can be created on both software RAID partitions and "
26634
"standard partitions residing on a single disk. Volumes can also be extended, "
26635
"giving greater flexibility to systems as requirements change."
26636
msgstr ""
26637
26638
#: serverguide/C/installation.xml:918(para)
26639
msgid ""
26640
"A side effect of LVM's power and flexibility is a greater degree of "
26641
"complication. Before diving into the LVM installation process, it is best to "
26642
"get familiar with some terms."
26643
msgstr ""
26644
26645
#: serverguide/C/installation.xml:925(para)
26646
msgid ""
26647
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
26648
"partition or software RAID partition formatted as LVM PV."
26649
msgstr ""
26650
26651
#: serverguide/C/installation.xml:931(para)
26652
msgid ""
26653
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
26654
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
26655
"disk drive, from which one or more logical volumes are carved."
26656
msgstr ""
26657
26658
#: serverguide/C/installation.xml:937(para)
26659
msgid ""
26660
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
26661
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
26662
"etc), it is then available for mounting and data storage."
26663
msgstr ""
26664
26665
#: serverguide/C/installation.xml:948(para)
26666
msgid ""
26667
"As an example this section covers installing Ubuntu Server Edition with "
26668
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
26669
"the initial install only one Physical Volume (PV) will be part of the Volume "
26670
"Group (VG). Another PV will be added after install to demonstrate how a VG "
26671
"can be extended."
26672
msgstr ""
26673
26674
#: serverguide/C/installation.xml:954(para)
26675
msgid ""
26676
"There are several installation options for LVM, <emphasis>\"Guided - use the "
26677
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
26678
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
26679
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
26680
"partitions and configure LVM. At this time the only way to configure a "
26681
"system with both LVM and standard partitions, during installation, is to use "
26682
"the Manual approach."
26683
msgstr ""
26684
26685
#: serverguide/C/installation.xml:971(para)
26686
msgid ""
26687
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
26688
"<emphasis>\"Manual\"</emphasis>."
26689
msgstr ""
26690
26691
#: serverguide/C/installation.xml:978(para)
26692
msgid ""
26693
"Select the hard disk and on the next screen choose \"yes\" to "
26694
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
26695
msgstr ""
26696
26697
#: serverguide/C/installation.xml:985(para)
26698
msgid ""
26699
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
26700
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
26701
msgstr ""
26702
26703
#: serverguide/C/installation.xml:993(para)
26704
msgid ""
26705
"For the LVM <emphasis>/srv</emphasis>, create a new "
26706
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
26707
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
26708
"<emphasis>\"Done setting up the partition\"</emphasis>."
26709
msgstr ""
26710
26711
#: serverguide/C/installation.xml:1001(para)
26712
msgid ""
26713
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
26714
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
26715
"disk."
26716
msgstr ""
26717
26718
#: serverguide/C/installation.xml:1009(para)
26719
msgid ""
26720
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
26721
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
26722
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
26723
"After entering a name, select the partition configured for LVM, and choose "
26724
"<emphasis>\"Continue\"</emphasis>."
26725
msgstr ""
26726
26727
#: serverguide/C/installation.xml:1018(para)
26728
msgid ""
26729
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
26730
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
26731
"volume group, and enter a name for the new LV, for example "
26732
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
26733
"a size, which may be the full partition because it can always be extended "
26734
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
26735
"main <emphasis>\"Partition Disks\"</emphasis> screen."
26736
msgstr ""
26737
26738
#: serverguide/C/installation.xml:1028(para)
26739
msgid ""
26740
"Now add a filesystem to the new LVM. Select the partition under "
26741
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
26742
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
26743
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
26744
"select <emphasis>\"Done setting up the partition\"</emphasis>."
26745
msgstr ""
26746
26747
#: serverguide/C/installation.xml:1037(para)
26748
msgid ""
26749
"Finally, select <emphasis>\"Finish partitioning and write changes to "
26750
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
26751
"the installation."
26752
msgstr ""
26753
26754
#: serverguide/C/installation.xml:1045(para)
26755
msgid "There are some useful utilities to view information about LVM:"
26756
msgstr ""
26757
26758
#: serverguide/C/installation.xml:1050(para)
26759
msgid ""
26760
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
26761
msgstr ""
26762
26763
#: serverguide/C/installation.xml:1051(para)
26764
msgid ""
26765
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
26766
msgstr ""
26767
26768
#: serverguide/C/installation.xml:1052(para)
26769
msgid ""
26770
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
26771
msgstr ""
26772
26773
#: serverguide/C/installation.xml:1057(title)
26774
msgid "Extending Volume Groups"
26775
msgstr ""
26776
26777
#: serverguide/C/installation.xml:1059(para)
26778
msgid ""
26779
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
26780
"section covers adding a second hard disk, creating a Physical Volume (PV), "
26781
"adding it to the volume group (VG), extending the logical volume <filename "
26782
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
26783
"example assumes a second hard disk has been added to the system. In this "
26784
"example, this hard disk will be named <filename>/dev/sdb</filename> and we "
26785
"will use the entire disk as a physical volume (you could choose to create "
26786
"partitions and use them as different physical volumes)"
26787
msgstr ""
26788
26789
#: serverguide/C/installation.xml:1067(para)
26790
msgid ""
26791
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
26792
"before issuing the commands below. You could lose some data if you issue "
26793
"those commands on a non-empty disk."
26794
msgstr ""
26795
26796
#: serverguide/C/installation.xml:1075(para)
26797
msgid "First, create the physical volume, in a terminal execute:"
26798
msgstr ""
26799
26800
#: serverguide/C/installation.xml:1080(command)
26801
msgid "sudo pvcreate /dev/sdb"
26802
msgstr ""
26803
26804
#: serverguide/C/installation.xml:1086(para)
26805
msgid "Now extend the Volume Group (VG):"
26806
msgstr ""
26807
26808
#: serverguide/C/installation.xml:1091(command)
26809
msgid "sudo vgextend vg01 /dev/sdb"
26810
msgstr ""
26811
26812
#: serverguide/C/installation.xml:1097(para)
26813
msgid ""
26814
"Use <application>vgdisplay</application> to find out the free physical "
26815
"extents - Free PE / size (the size you can allocate). We will assume a free "
26816
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
26817
"whole free space available. Use your own PE and/or free space."
26818
msgstr ""
26819
26820
#: serverguide/C/installation.xml:1103(para)
26821
msgid ""
26822
"The Logical Volume (LV) can now be extended by different methods, we will "
26823
"only see how to use the PE to extend the LV:"
26824
msgstr ""
26825
26826
#: serverguide/C/installation.xml:1108(command)
26827
msgid "sudo lvextend /dev/vg01/srv -l +511"
26828
msgstr ""
26829
26830
#: serverguide/C/installation.xml:1111(para)
26831
msgid ""
26832
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
26833
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
26834
"Gig, Tera, etc bytes."
26835
msgstr ""
26836
26837
#: serverguide/C/installation.xml:1119(para)
26838
msgid ""
26839
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
26840
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
26841
"practice to unmount it anyway and check the filesystem, so that you don't "
26842
"mess up the day you want to reduce a logical volume (in that case unmounting "
26843
"first is compulsory)."
26844
msgstr ""
26845
26846
#: serverguide/C/installation.xml:1125(para)
26847
msgid ""
26848
"The following commands are for an <emphasis>EXT3</emphasis> or "
26849
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
26850
"there may be other utilities available."
26851
msgstr ""
26852
26853
#: serverguide/C/installation.xml:1132(command)
26854
msgid "sudo e2fsck -f /dev/vg01/srv"
26855
msgstr ""
26856
26857
#: serverguide/C/installation.xml:1135(para)
26858
msgid ""
26859
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
26860
"forces checking even if the system seems clean."
26861
msgstr ""
26862
26863
#: serverguide/C/installation.xml:1142(para)
26864
msgid "Finally, resize the filesystem:"
26865
msgstr ""
26866
26867
#: serverguide/C/installation.xml:1147(command)
26868
msgid "sudo resize2fs /dev/vg01/srv"
26869
msgstr ""
26870
26871
#: serverguide/C/installation.xml:1153(para)
26872
msgid "Now mount the partition and check its size."
26873
msgstr ""
26874
26875
#: serverguide/C/installation.xml:1158(command)
26876
msgid "mount /dev/vg01/srv /srv && df -h /srv"
26877
msgstr ""
26878
26879
#: serverguide/C/installation.xml:1170(para)
26880
msgid ""
26881
"See the <ulink "
26882
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
26883
"Articles</ulink>."
26884
msgstr ""
26885
26886
#: serverguide/C/installation.xml:1175(para)
26887
msgid ""
26888
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
26889
"HOWTO</ulink> for more information."
26890
msgstr ""
26891
26892
#: serverguide/C/installation.xml:1180(para)
26893
msgid ""
26894
"Another good article is <ulink "
26895
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
26896
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
26897
"linuxdevcenter.com site."
26898
msgstr ""
26899
26900
#: serverguide/C/installation.xml:1187(para)
26901
msgid ""
26902
"For more information on <application>fdisk</application> see the <ulink "
26903
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man8/fdisk.8.html\">fdisk"
26904
" man page</ulink>."
26905
msgstr ""
26906
26907
#: serverguide/C/installation.xml:1196(title)
26908
msgid "iSCSI"
26909
msgstr ""
26910
26911
#: serverguide/C/installation.xml:1198(para)
26912
msgid ""
26913
"The iSCSI protocol can be used to install Ubuntu on systems with or without "
26914
"hard disks attached."
26915
msgstr ""
26916
26917
#: serverguide/C/installation.xml:1202(title)
26918
msgid "Installation on a diskless system"
26919
msgstr ""
26920
26921
#: serverguide/C/installation.xml:1204(para)
26922
msgid ""
26923
"The first steps of a diskless iSCSI installation are identical to the <xref "
26924
"linkend=\"installing-from-cd\"/> section up to \"Hard drive layout\"."
26925
msgstr ""
26926
26927
#: serverguide/C/installation.xml:1210(para)
26928
msgid "The installer will display a warning with the following message:"
26929
msgstr ""
26930
26931
#: serverguide/C/installation.xml:1213(screen)
26932
#, no-wrap
26933
msgid ""
26934
"No disk drive was detected. If you know the name of the driver needed by "
26935
"your disk drive, you can select it from the list."
26936
msgstr ""
26937
26938
#: serverguide/C/installation.xml:1217(para)
26939
msgid ""
26940
"Select the item in the list titled <emphasis>login to iSCSI "
26941
"targets.</emphasis>"
26942
msgstr ""
26943
26944
#: serverguide/C/installation.xml:1222(para)
26945
msgid ""
26946
"You will be prompted to Enter an IP address to scan for iSCSI targets with a "
26947
"description of the format for the address. Enter the IP address for the "
26948
"location of your iSCSI target and navigate to "
26949
"<emphasis><continue></emphasis> then hit <keycap>ENTER</keycap>"
26950
msgstr ""
26951
26952
#: serverguide/C/installation.xml:1230(para)
26953
msgid ""
26954
"If authentication is required in order to access the iSCSI device, provide "
26955
"the <emphasis>username</emphasis> in the next field. Otherwise leave it "
26956
"blank."
26957
msgstr ""
26958
26959
#: serverguide/C/installation.xml:1236(para) serverguide/C/installation.xml:1307(para)
26960
msgid ""
26961
"If your system is able to connect to the iSCSI provider, you should see a "
26962
"list of available iSCSI targets where the operating system can be installed. "
26963
"The list should be similar to the following :"
26964
msgstr ""
26965
26966
#: serverguide/C/installation.xml:1241(screen)
26967
#, no-wrap
26968
msgid ""
26969
"Select the iSCSI targets you wish to use.\n"
26970
"\n"
26971
"iSCSI targets on 192.168.1.29:3260:\n"
26972
"\n"
26973
"[ ] iqn.2016-03.TrustyS-iscsitarget:storage.sys0\n"
26974
"\n"
26975
"<Go Back> <Continue>\n"
26976
"\n"
26977
msgstr ""
26978
26979
#: serverguide/C/installation.xml:1253(para)
26980
msgid ""
26981
"Select the iSCSI target that you want to use with the space bar. Use the "
26982
"arrow keys to navigate to the target that you want to select."
26983
msgstr ""
26984
26985
#: serverguide/C/installation.xml:1259(para)
26986
msgid ""
26987
"Navigate to <emphasis><Continue></emphasis> and hit "
26988
"<keycap>ENTER</keycap>."
26989
msgstr ""
26990
26991
#: serverguide/C/installation.xml:1264(para)
26992
msgid ""
26993
"If the connection to the iSCSI target is successful, you will be prompted "
26994
"with the <emphasis>[!!] Partition disks</emphasis> installation menu. The "
26995
"rest of the procedure is identical to any normal installation on attached "
26996
"disks. Once the installation is completed, you will be asked to reboot."
26997
msgstr ""
26998
26999
#: serverguide/C/installation.xml:1272(title)
27000
msgid "Installation on a system with disk attached"
27001
msgstr ""
27002
27003
#: serverguide/C/installation.xml:1274(para)
27004
msgid ""
27005
"Again, the iSCSI installation on a normal server with one or many disks "
27006
"attached is identical to the <xref linkend=\"installing-from-cd\"/> section "
27007
"until we reach the disk partitioning menu. Instead of using any of the "
27008
"Guided selection, we need to perform the following steps :"
27009
msgstr ""
27010
27011
#: serverguide/C/installation.xml:1282(para)
27012
msgid "Navigate to the Manual menu entry"
27013
msgstr ""
27014
27015
#: serverguide/C/installation.xml:1286(para)
27016
msgid "Select the Configure iSCSI Volumes menu entry"
27017
msgstr ""
27018
27019
#: serverguide/C/installation.xml:1290(para)
27020
msgid "Choose the Log into iSCSI targets"
27021
msgstr ""
27022
27023
#: serverguide/C/installation.xml:1294(para)
27024
msgid ""
27025
"You will be prompted to Enter an IP address to scan for iSCSI targets. with "
27026
"a description of the format for the address. Enter the IP address and "
27027
"navigate to <emphasis><continue></emphasis> then hit "
27028
"<keycap>ENTER</keycap>"
27029
msgstr ""
27030
27031
#: serverguide/C/installation.xml:1301(para)
27032
msgid ""
27033
"If authentication is required in order to access the iSCSI device, provide "
27034
"the <emphasis>username</emphasis> in the next field or leave it blank."
27035
msgstr ""
27036
27037
#: serverguide/C/installation.xml:1312(screen)
27038
#, no-wrap
27039
msgid ""
27040
"Select the iSCSI targets you wish to use.\n"
27041
"\n"
27042
"iSCSI targets on 192.168.1.29:3260:\n"
27043
"\n"
27044
"[ ] iqn.2016-03.TrustyS-iscsitarget:storage.sys0\n"
27045
"\n"
27046
"<Go Back> <Continue>\n"
27047
msgstr ""
27048
27049
#: serverguide/C/installation.xml:1323(para)
27050
msgid ""
27051
"Select the iSCSI target that you want to use with the space bar. Use the "
27052
"arrow keys to navigate to the target that you want to select"
27053
msgstr ""
27054
27055
#: serverguide/C/installation.xml:1329(para)
27056
msgid "Navigate to <Continue> and hit <keycap>ENTER</keycap>."
27057
msgstr ""
27058
27059
#: serverguide/C/installation.xml:1333(para)
27060
msgid ""
27061
"If successful, you will come back to the menu asking you to Log into iSCSI "
27062
"targets. Navigate to Finish and hit <keycap>ENTER</keycap>"
27063
msgstr ""
27064
27065
#: serverguide/C/installation.xml:1338(para)
27066
msgid ""
27067
"The newly connected iSCSI disk will appear in the overview section as a "
27068
"device prefixed with SCSI. This is the disk that you should select as your "
27069
"installation disk. Once identified, you can choose any of the partitioning "
27070
"methods."
27071
msgstr ""
27072
27073
#: serverguide/C/installation.xml:1344(para)
27074
msgid ""
27075
"Depending on your system configuration, there may be other SCSI disks "
27076
"attached to the system. Be very careful to identify the proper device before "
27077
"proceeding with the installation. Otherwise, irreversible data loss may "
27078
"result from performing an installation on the wrong disk."
27079
msgstr ""
27080
27081
#: serverguide/C/installation.xml:1353(title)
27082
msgid "Rebooting to an iSCSI target"
27083
msgstr ""
27084
27085
#: serverguide/C/installation.xml:1355(para)
27086
msgid ""
27087
"The procedure is specific to your hardware platform. As an example, here is "
27088
"how to reboot to your iSCSI target using iPXE"
27089
msgstr ""
27090
27091
#: serverguide/C/installation.xml:1358(screen)
27092
#, no-wrap
27093
msgid ""
27094
"iPXE> dhcp\n"
27095
"\n"
27096
"Configuring (net0 52:54:00:a4:f2:a9)....... ok\n"
27097
"\n"
27098
"iPXE> sanboot iscsi:192.168.1.29::::iqn.2016-03.TrustyS-"
27099
"iscsitarget:storage.sys0\n"
27100
msgstr ""
27101
27102
#: serverguide/C/installation.xml:1365(para)
27103
msgid ""
27104
"If the procedure is successful, you should see the Grub menu appear on the "
27105
"screen."
27106
msgstr ""
27107
27108
#: serverguide/C/installation.xml:1372(title)
27109
msgid "Kernel Crash Dump"
27110
msgstr ""
27111
27112
#: serverguide/C/installation.xml:1379(para)
27113
msgid "Kernel Panic"
27114
msgstr ""
27115
27116
#: serverguide/C/installation.xml:1380(para)
27117
msgid "Non Maskable Interrupts (NMI)"
27118
msgstr ""
27119
27120
#: serverguide/C/installation.xml:1381(para)
27121
msgid "Machine Check Exceptions (MCE)"
27122
msgstr ""
27123
27124
#: serverguide/C/installation.xml:1382(para)
27125
msgid "Hardware failure"
27126
msgstr ""
27127
27128
#: serverguide/C/installation.xml:1383(para)
27129
msgid "Manual intervention"
27130
msgstr ""
27131
27132
#: serverguide/C/installation.xml:1375(para)
27133
msgid ""
27134
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
27135
"(RAM) that is copied to disk whenever the execution of the kernel is "
27136
"disrupted. The following events can cause a kernel disruption : <placeholder-"
27137
"1/> For some of those events (panic, NMI) the kernel will react "
27138
"automatically and trigger the crash dump mechanism through "
27139
"<emphasis>kexec</emphasis>. In other situations a manual intervention is "
27140
"required in order to capture the memory. Whenever one of the above events "
27141
"occurs, it is important to find out the root cause in order to prevent it "
27142
"from happening again. The cause can be determined by inspecting the copied "
27143
"memory contents."
27144
msgstr ""
27145
27146
#: serverguide/C/installation.xml:1392(title)
27147
msgid "Kernel Crash Dump Mechanism"
27148
msgstr ""
27149
27150
#: serverguide/C/installation.xml:1394(para)
27151
msgid ""
27152
"When a kernel panic occurs, the kernel relies on the "
27153
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
27154
"kernel in a pre-reserved section of memory that had been allocated when the "
27155
"system booted (see below). This permits the existing memory area to remain "
27156
"untouched in order to safely copy its contents to storage."
27157
msgstr ""
27158
27159
#: serverguide/C/installation.xml:1403(para)
27160
msgid ""
27161
"The kernel crash dump utility is installed with the following command:"
27162
msgstr ""
27163
27164
#: serverguide/C/installation.xml:1408(command)
27165
msgid "sudo apt install linux-crashdump"
27166
msgstr ""
27167
27168
#: serverguide/C/installation.xml:1413(para)
27169
msgid ""
27170
"Starting with 16.04, the kernel crash dump mechanism is enabled by default. "
27171
"During the installation, you will be prompted with the following dialog. "
27172
"Unless chosen otherwise, the kdump mechanism will be enabled."
27173
msgstr ""
27174
27175
#: serverguide/C/installation.xml:1427(emphasis)
27176
msgid "<Yes>"
27177
msgstr ""
27178
27179
#: serverguide/C/installation.xml:1417(screen)
27180
#, no-wrap
27181
msgid ""
27182
"\n"
27183
" |------------------------| Configuring kdump-tools |------------------------"
27184
"|\n"
27185
" | "
27186
"|\n"
27187
" | "
27188
"|\n"
27189
" | If you choose this option, the kdump-tools mechanism will be enabled. A "
27190
"|\n"
27191
" | reboot is still required in order to enable the crashkernel kernel "
27192
"|\n"
27193
" | parameter. "
27194
"|\n"
27195
" | "
27196
"|\n"
27197
" | Should kdump-tools be enabled by default? "
27198
"|\n"
27199
" | "
27200
"|\n"
27201
" | <placeholder-1/> <No> "
27202
" |\n"
27203
" | "
27204
"|\n"
27205
" |---------------------------------------------------------------------------"
27206
"|\n"
27207
" "
27208
msgstr ""
27209
27210
#: serverguide/C/installation.xml:1433(programlisting)
27211
#, no-wrap
27212
msgid ""
27213
"\n"
27214
"USE_KDUMP=1\n"
27215
msgstr ""
27216
27217
#: serverguide/C/installation.xml:1431(para)
27218
msgid ""
27219
"If you ever need to manually enable the functionality, you can use the "
27220
"<command>dpkg-reconfigure kdump-tools</command> command and answer Yes to "
27221
"the question. You can also edit <filename>/etc/default/kdump-"
27222
"tools</filename> by including the following line: <placeholder-1/>"
27223
msgstr ""
27224
27225
#: serverguide/C/installation.xml:1438(para)
27226
msgid ""
27227
"If a reboot has not been done since installation of the linux-crashdump "
27228
"package, a reboot will be required in order to activate the crashkernel= "
27229
"boot parameter. Upon reboot, kdump-tools will be enabled and active."
27230
msgstr ""
27231
27232
#: serverguide/C/installation.xml:1441(para)
27233
msgid ""
27234
"If you enable kdump-tools after a reboot, you will only need to issue the "
27235
"<command>kdump-config load</command> command to activate the kdump mechanism."
27236
msgstr ""
27237
27238
#: serverguide/C/installation.xml:1448(para)
27239
msgid ""
27240
"In addition to local dump, it is now possible to use the remote dump "
27241
"functionality to send the kernel crash dump to a remote server, using either "
27242
"the <emphasis>SSH</emphasis> or <emphasis>NFS</emphasis> protocols."
27243
msgstr ""
27244
27245
#: serverguide/C/installation.xml:1452(title)
27246
msgid "Local Kernel Crash Dumps"
27247
msgstr ""
27248
27249
#: serverguide/C/installation.xml:1453(para)
27250
msgid ""
27251
"Local dumps are configured automatically and will remain in use unless a "
27252
"remote protocol is chosen. Many configuration options exist and are "
27253
"thoroughly documented in the <filename>/etc/default/kdump-tools</filename> "
27254
"file."
27255
msgstr ""
27256
27257
#: serverguide/C/installation.xml:1459(title)
27258
msgid "Remote Kernel Crash Dumps using the SSH protocol"
27259
msgstr ""
27260
27261
#: serverguide/C/installation.xml:1460(para)
27262
msgid ""
27263
"To enable remote dumps using the <emphasis>SSH</emphasis> protocol, the "
27264
"<filename>/etc/default/kdump-tools</filename> must be modified in the "
27265
"following manner :"
27266
msgstr ""
27267
27268
#: serverguide/C/installation.xml:1462(programlisting)
27269
#, no-wrap
27270
msgid ""
27271
"\n"
27272
"# ---------------------------------------------------------------------------"
27273
"\n"
27274
"# Remote dump facilities:\n"
27275
"# SSH - username and hostname of the remote server that will receive the "
27276
"dump\n"
27277
"# and dmesg files.\n"
27278
"# SSH_KEY - Full path of the ssh private key to be used to login to the "
27279
"remote\n"
27280
"# server. use kdump-config propagate to send the public key to "
27281
"the\n"
27282
"# remote server\n"
27283
"# HOSTTAG - Select if hostname of IP address will be used as a prefix to "
27284
"the\n"
27285
"# timestamped directory when sending files to the remote server.\n"
27286
"# 'ip' is the default.\n"
27287
"<emphasis role=\"bold\">SSH=\"ubuntu@kdump-netcrash\"</emphasis>\n"
27288
" "
27289
msgstr ""
27290
27291
#: serverguide/C/installation.xml:1475(para)
27292
msgid ""
27293
"The only mandatory variable to define is SSH. It must contain the username "
27294
"and hostname of the remote server using the format {username}@{remote "
27295
"server}."
27296
msgstr ""
27297
27298
#: serverguide/C/installation.xml:1477(para)
27299
msgid ""
27300
"SSH_KEY may be used to provide an existing private key to be used. "
27301
"Otherwise, the <command>kdump-config propagate</command> command will create "
27302
"a new keypair. The HOSTTAG variable may be used to use the hostname of the "
27303
"system as a prefix to the remote directory to be created instead of the IP "
27304
"address."
27305
msgstr ""
27306
27307
#: serverguide/C/installation.xml:1479(para)
27308
msgid ""
27309
"The following example shows how <command>kdump-config propagate</command> is "
27310
"used to create and propagate a new keypair to the remote server : <screen>\n"
27311
"<command>sudo kdump-config propagate</command>\n"
27312
"Need to generate a new ssh key...\n"
27313
"The authenticity of host 'kdump-netcrash (192.168.1.74)' can't be "
27314
"established.\n"
27315
"ECDSA key fingerprint is "
27316
"SHA256:iMp+5Y28qhbd+tevFCWrEXykDd4dI3yN4OVlu3CBBQ4.\n"
27317
"Are you sure you want to continue connecting (yes/no)? yes\n"
27318
"ubuntu@kdump-netcrash's password: \n"
27319
"propagated ssh key /root/.ssh/kdump_id_rsa to server ubuntu@kdump-netcrash\n"
27320
" </screen> The password of the account used on the remote server will "
27321
"be required in order to successfully send the public key to the server"
27322
msgstr ""
27323
27324
#: serverguide/C/installation.xml:1490(para)
27325
msgid ""
27326
"The <command>kdump-config show</command> command can be used to confirm that "
27327
"kdump is correctly configured to use the SSH protocol : <screen>\n"
27328
"<command>kdump-config show</command>\n"
27329
"DUMP_MODE: kdump\n"
27330
"USE_KDUMP: 1\n"
27331
"KDUMP_SYSCTL: kernel.panic_on_oops=1\n"
27332
"KDUMP_COREDIR: /var/crash\n"
27333
"crashkernel addr: 0x2c000000\n"
27334
" /var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-4.4.0-10-generic\n"
27335
"kdump initrd: \n"
27336
" /var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-"
27337
"4.4.0-10-generic\n"
27338
"<emphasis role=\"bold\">SSH: ubuntu@kdump-netcrash\n"
27339
"SSH_KEY: /root/.ssh/kdump_id_rsa\n"
27340
"HOSTTAG: ip\n"
27341
"current state: ready to kdump</emphasis>\n"
27342
" </screen>"
27343
msgstr ""
27344
27345
#: serverguide/C/installation.xml:1510(title)
27346
msgid "Remote Kernel Crash Dumps using the NFS protocol"
27347
msgstr ""
27348
27349
#: serverguide/C/installation.xml:1511(para)
27350
msgid ""
27351
"To enable remote dumps using the <emphasis>NFS</emphasis> protocol, the "
27352
"<filename>/etc/default/kdump-tools</filename> must be modified in the "
27353
"following manner :"
27354
msgstr ""
27355
27356
#: serverguide/C/installation.xml:1513(programlisting)
27357
#, no-wrap
27358
msgid ""
27359
"\n"
27360
"# NFS - Hostname and mount point of the NFS server configured to "
27361
"receive\n"
27362
"# the crash dump. The syntax must be {HOSTNAME}:{MOUNTPOINT} \n"
27363
"# (e.g. remote:/var/crash)\n"
27364
"#\n"
27365
"<emphasis role=\"bold\">NFS=\"kdump-netcrash:/var/crash\"</emphasis>\n"
27366
" "
27367
msgstr ""
27368
27369
#: serverguide/C/installation.xml:1520(para)
27370
msgid ""
27371
"As with the SSH protocol, the HOSTTAG variable can be used to replace the IP "
27372
"address by the hostname as the prefix of the remote directory."
27373
msgstr ""
27374
27375
#: serverguide/C/installation.xml:1521(para)
27376
msgid ""
27377
"The <command>kdump-config show</command> command can be used to confirm that "
27378
"kdump is correctly configured to use the NFS protocol : <screen>\n"
27379
"<command>kdump-config show</command>\n"
27380
"DUMP_MODE: kdump\n"
27381
"USE_KDUMP: 1\n"
27382
"KDUMP_SYSCTL: kernel.panic_on_oops=1\n"
27383
"KDUMP_COREDIR: /var/crash\n"
27384
"crashkernel addr: 0x2c000000\n"
27385
" /var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-4.4.0-10-generic\n"
27386
"kdump initrd: \n"
27387
" /var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-"
27388
"4.4.0-10-generic\n"
27389
"<emphasis role=\"bold\">NFS: kdump-netcrash:/var/crash\n"
27390
"HOSTTAG: hostname\n"
27391
"current state: ready to kdump</emphasis>\n"
27392
" </screen>"
27393
msgstr ""
27394
27395
#: serverguide/C/installation.xml:1542(para)
27396
msgid ""
27397
"To confirm that the kernel dump mechanism is enabled, there are a few things "
27398
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
27399
"parameter is present (note: The following line has been split into two to "
27400
"fit the format of this document:"
27401
msgstr ""
27402
27403
#: serverguide/C/installation.xml:1549(command)
27404
msgid "cat /proc/cmdline"
27405
msgstr ""
27406
27407
#: serverguide/C/installation.xml:1550(computeroutput)
27408
#, no-wrap
27409
msgid ""
27410
"\n"
27411
"BOOT_IMAGE=/vmlinuz-3.2.0-17-server root=/dev/mapper/PreciseS-root ro\n"
27412
" crashkernel=384M-2G:64M,2G-:128M\n"
27413
msgstr ""
27414
27415
#: serverguide/C/installation.xml:1558(programlisting)
27416
#, no-wrap
27417
msgid ""
27418
"\n"
27419
"crashkernel=<range1>:<size1>[,<range2>:<size2>,...][@"
27420
"offset]\n"
27421
" range=start-[end] 'start' is inclusive and 'end' is exclusive.\n"
27422
" "
27423
msgstr ""
27424
27425
#: serverguide/C/installation.xml:1556(para)
27426
msgid ""
27427
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
27428
"<placeholder-1/>"
27429
msgstr ""
27430
27431
#: serverguide/C/installation.xml:1566(programlisting)
27432
#, no-wrap
27433
msgid ""
27434
"\n"
27435
"crashkernel=384M-2G:64M,2G-:128M\n"
27436
msgstr ""
27437
27438
#: serverguide/C/installation.xml:1564(para)
27439
msgid ""
27440
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
27441
"we would have : <placeholder-1/>"
27442
msgstr ""
27443
27444
#: serverguide/C/installation.xml:1571(para)
27445
msgid "The above value means:"
27446
msgstr ""
27447
27448
#: serverguide/C/installation.xml:1573(para)
27449
msgid ""
27450
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
27451
"\"rescue\" case)"
27452
msgstr ""
27453
27454
#: serverguide/C/installation.xml:1575(para)
27455
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
27456
msgstr ""
27457
27458
#: serverguide/C/installation.xml:1576(para)
27459
msgid "if the RAM size is larger than 2G, then reserve 128M"
27460
msgstr ""
27461
27462
#: serverguide/C/installation.xml:1579(para)
27463
msgid ""
27464
"Second, verify that the kernel has reserved the requested memory area for "
27465
"the kdump kernel by doing:"
27466
msgstr ""
27467
27468
#: serverguide/C/installation.xml:1584(command)
27469
msgid "dmesg | grep -i crash"
27470
msgstr ""
27471
27472
#: serverguide/C/installation.xml:1585(computeroutput)
27473
#, no-wrap
27474
msgid ""
27475
"\n"
27476
"...\n"
27477
"[ 0.000000] Reserving 64MB of memory at 800MB for crashkernel (System "
27478
"RAM: 1023MB)\n"
27479
msgstr ""
27480
27481
#: serverguide/C/installation.xml:1591(para)
27482
msgid ""
27483
"Finally, as seen previously, the <command>kdump-config show</command> "
27484
"command displays the current status of the kdump-tools configuration : "
27485
"<screen>\n"
27486
" <command>kdump-config show\n"
27487
"</command>DUMP_MODE: kdump\n"
27488
"USE_KDUMP: 1\n"
27489
"KDUMP_SYSCTL: kernel.panic_on_oops=1\n"
27490
"KDUMP_COREDIR: /var/crash\n"
27491
"crashkernel addr: 0x2c000000\n"
27492
" /var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-4.4.0-10-generic\n"
27493
"kdump initrd: \n"
27494
" /var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-"
27495
"4.4.0-10-generic\n"
27496
"current state: ready to kdump\n"
27497
"\n"
27498
"kexec command:\n"
27499
" /sbin/kexec -p --command-line=\"BOOT_IMAGE=/vmlinuz-4.4.0-10-generic "
27500
"root=/dev/mapper/VividS--vg-root ro debug break=init console=ttyS0,115200 "
27501
"irqpoll maxcpus=1 nousb systemd.unit=kdump-tools.service\" --"
27502
"initrd=/var/lib/kdump/initrd.img /var/lib/kdump/vmlinuz\n"
27503
" </screen>"
27504
msgstr ""
27505
27506
#: serverguide/C/installation.xml:1612(title)
27507
msgid "Testing the Crash Dump Mechanism"
27508
msgstr ""
27509
27510
#: serverguide/C/installation.xml:1615(para)
27511
msgid ""
27512
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
27513
"reboot.</emphasis> In certain situations, this can cause data loss if the "
27514
"system is under heavy load. If you want to test the mechanism, make sure "
27515
"that the system is idle or under very light load."
27516
msgstr ""
27517
27518
#: serverguide/C/installation.xml:1622(para)
27519
msgid ""
27520
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
27521
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
27522
"parameter :"
27523
msgstr ""
27524
27525
#: serverguide/C/installation.xml:1628(command)
27526
msgid "cat /proc/sys/kernel/sysrq"
27527
msgstr ""
27528
27529
#: serverguide/C/installation.xml:1631(para)
27530
msgid ""
27531
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
27532
"Enable it with the following command :"
27533
msgstr ""
27534
27535
#: serverguide/C/installation.xml:1636(command)
27536
msgid "sudo sysctl -w kernel.sysrq=1"
27537
msgstr ""
27538
27539
#: serverguide/C/installation.xml:1639(para)
27540
msgid ""
27541
"Once this is done, you must become root, as just using "
27542
"<command>sudo</command> will not be sufficient. As the "
27543
"<emphasis>root</emphasis> user, you will have to issue the command "
27544
"<command>echo c > /proc/sysrq-trigger</command>. If you are using a "
27545
"network connection, you will lose contact with the system. This is why it is "
27546
"better to do the test while being connected to the system console. This has "
27547
"the advantage of making the kernel dump process visible."
27548
msgstr ""
27549
27550
#: serverguide/C/installation.xml:1646(para)
27551
msgid "A typical test output should look like the following :"
27552
msgstr ""
27553
27554
#: serverguide/C/installation.xml:1651(command)
27555
msgid "sudo -s"
27556
msgstr ""
27557
27558
#: serverguide/C/installation.xml:1653(command)
27559
msgid "echo c > /proc/sysrq-trigger"
27560
msgstr ""
27561
27562
#: serverguide/C/installation.xml:1650(screen)
27563
#, no-wrap
27564
msgid ""
27565
"\n"
27566
"<placeholder-1/>\n"
27567
"[sudo] password for ubuntu: \n"
27568
"# <placeholder-2/>\n"
27569
"[ 31.659002] SysRq : Trigger a crash\n"
27570
"[ 31.659749] BUG: unable to handle kernel NULL pointer dereference at "
27571
" (null)\n"
27572
"[ 31.662668] IP: [<ffffffff8139f166>] sysrq_handle_crash+0x16/0x20\n"
27573
"[ 31.662668] PGD 3bfb9067 PUD 368a7067 PMD 0 \n"
27574
"[ 31.662668] Oops: 0002 [#1] SMP \n"
27575
"[ 31.662668] CPU 1 \n"
27576
"....\n"
27577
msgstr ""
27578
27579
#: serverguide/C/installation.xml:1663(para)
27580
msgid ""
27581
"The rest of the output is truncated, but you should see the system rebooting "
27582
"and somewhere in the log, you will see the following line : <screen>Begin: "
27583
"Saving vmcore from kernel crash ...</screen> Once completed, the system will "
27584
"reboot to its normal operational mode. You will then find Kernel Crash Dump "
27585
"file in the <filename>/var/crash</filename> directory :"
27586
msgstr ""
27587
27588
#: serverguide/C/installation.xml:1670(command)
27589
msgid "ls /var/crash"
27590
msgstr ""
27591
27592
#: serverguide/C/installation.xml:1669(screen)
27593
#, no-wrap
27594
msgid ""
27595
"\n"
27596
"<placeholder-1/>\n"
27597
"linux-image-3.0.0-12-server.0.crash\n"
27598
msgstr ""
27599
27600
#: serverguide/C/installation.xml:1679(para)
27601
msgid ""
27602
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
27603
"kernel. You can find more information on the topic here :"
27604
msgstr ""
27605
27606
#: serverguide/C/installation.xml:1685(para)
27607
msgid ""
27608
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
27609
"kernel documentation</ulink>."
27610
msgstr ""
27611
27612
#: serverguide/C/installation.xml:1691(ulink)
27613
msgid "The crash tool"
27614
msgstr ""
27615
27616
#: serverguide/C/installation.xml:1695(para)
27617
msgid ""
27618
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
27619
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
27620
"still gives a good walkthrough of kernel dump analysis)"
27621
msgstr ""
27622
27623
#: serverguide/C/file-server.xml:11(title)
27624
msgid "File Servers"
27625
msgstr ""
27626
27627
#: serverguide/C/file-server.xml:13(para)
27628
msgid ""
27629
"If you have more than one computer on a single network. At some point you "
27630
"will probably need to share files between them. In this section we cover "
27631
"installing and configuring FTP, NFS, and CUPS."
27632
msgstr ""
27633
27634
#: serverguide/C/file-server.xml:20(title)
27635
msgid "FTP Server"
27636
msgstr ""
27637
27638
#: serverguide/C/file-server.xml:22(para)
27639
msgid ""
27640
"File Transfer Protocol (FTP) is a TCP protocol for downloading files between "
27641
"computers. In the past, it has also been used for uploading but, as that "
27642
"method does not use encryption, user credentials as well as data transferred "
27643
"in the clear and are easily intercepted. So if you are here looking for a "
27644
"way to upload and download files securely, see the section on "
27645
"<application>OpenSSH</application> in <xref linkend=\"remote-"
27646
"administration\"/> instead."
27647
msgstr ""
27648
27649
#: serverguide/C/file-server.xml:31(para)
27650
msgid ""
27651
"FTP works on a client/server model. The server component is called an "
27652
"<emphasis>FTP daemon</emphasis>. It continuously listens for FTP requests "
27653
"from remote clients. When a request is received, it manages the login and "
27654
"sets up the connection. For the duration of the session it executes any of "
27655
"commands sent by the FTP client."
27656
msgstr ""
27657
27658
#: serverguide/C/file-server.xml:40(para)
27659
msgid "Access to an FTP server can be managed in two ways:"
27660
msgstr ""
27661
27662
#: serverguide/C/file-server.xml:44(para)
27663
msgid "Anonymous"
27664
msgstr ""
27665
27666
#: serverguide/C/file-server.xml:47(para)
27667
msgid "Authenticated"
27668
msgstr ""
27669
27670
#: serverguide/C/file-server.xml:50(para)
27671
msgid ""
27672
"In the Anonymous mode, remote clients can access the FTP server by using the "
27673
"default user account called \"anonymous\" or \"ftp\" and sending an email "
27674
"address as the password. In the Authenticated mode a user must have an "
27675
"account and a password. This latter choice is very insecure and should not "
27676
"be used except in special circumstances. If you are looking to transfer "
27677
"files securely see SFTP in the section on OpenSSH-Server. User access to the "
27678
"FTP server directories and files is dependent on the permissions defined for "
27679
"the account used at login. As a general rule, the FTP daemon will hide the "
27680
"root directory of the FTP server and change it to the FTP Home directory. "
27681
"This hides the rest of the file system from remote sessions."
27682
msgstr ""
27683
27684
#: serverguide/C/file-server.xml:68(title)
27685
msgid "vsftpd - FTP Server Installation"
27686
msgstr ""
27687
27688
#: serverguide/C/file-server.xml:70(para)
27689
msgid ""
27690
"<application>vsftpd</application> is an FTP daemon available in Ubuntu. It "
27691
"is easy to install, set up, and maintain. To install "
27692
"<application>vsftpd</application> you can run the following command:"
27693
msgstr ""
27694
27695
#: serverguide/C/file-server.xml:78(command)
27696
msgid "sudo apt install vsftpd"
27697
msgstr ""
27698
27699
#: serverguide/C/file-server.xml:84(title)
27700
msgid "Anonymous FTP Configuration"
27701
msgstr ""
27702
27703
#: serverguide/C/file-server.xml:86(para)
27704
msgid ""
27705
"By default <application>vsftpd</application> is <emphasis>not</emphasis> "
27706
"configured to allow anonymous download. If you wish to enable anonymous "
27707
"download edit <filename>/etc/vsftpd.conf</filename> by changing:"
27708
msgstr ""
27709
27710
#: serverguide/C/file-server.xml:91(programlisting)
27711
#, no-wrap
27712
msgid ""
27713
"\n"
27714
"anonymous_enable=Yes\n"
27715
msgstr ""
27716
27717
#: serverguide/C/file-server.xml:95(para)
27718
msgid ""
27719
"During installation a <emphasis>ftp</emphasis> user is created with a home "
27720
"directory of <filename>/srv/ftp</filename>. This is the default FTP "
27721
"directory."
27722
msgstr ""
27723
27724
#: serverguide/C/file-server.xml:100(para)
27725
msgid ""
27726
"If you wish to change this location, to <filename>/srv/files/ftp</filename> "
27727
"for example, simply create a directory in another location and change the "
27728
"<emphasis>ftp</emphasis> user's home directory:"
27729
msgstr ""
27730
27731
#: serverguide/C/file-server.xml:107(command)
27732
msgid "sudo mkdir /srv/files/ftp"
27733
msgstr ""
27734
27735
#: serverguide/C/file-server.xml:108(command)
27736
msgid "sudo usermod -d /srv/files/ftp ftp"
27737
msgstr ""
27738
27739
#: serverguide/C/file-server.xml:111(para)
27740
msgid "After making the change restart <application>vsftpd</application>:"
27741
msgstr ""
27742
27743
#: serverguide/C/file-server.xml:116(command) serverguide/C/file-server.xml:144(command) serverguide/C/file-server.xml:209(command) serverguide/C/file-server.xml:258(command)
27744
msgid "sudo restart vsftpd"
27745
msgstr ""
27746
27747
#: serverguide/C/file-server.xml:119(para)
27748
msgid ""
27749
"Finally, copy any files and directories you would like to make available "
27750
"through anonymous FTP to <filename>/srv/files/ftp</filename>, or "
27751
"<filename>/srv/ftp</filename> if you wish to use the default."
27752
msgstr ""
27753
27754
#: serverguide/C/file-server.xml:127(title)
27755
msgid "User Authenticated FTP Configuration"
27756
msgstr ""
27757
27758
#: serverguide/C/file-server.xml:129(para)
27759
msgid ""
27760
"By default <application>vsftpd</application> is configured to authenticate "
27761
"system users and allow them to download files. If you want users to be able "
27762
"to upload files, edit <filename>/etc/vsftpd.conf</filename>:"
27763
msgstr ""
27764
27765
#: serverguide/C/file-server.xml:135(programlisting)
27766
#, no-wrap
27767
msgid ""
27768
"\n"
27769
"write_enable=YES\n"
27770
msgstr ""
27771
27772
#: serverguide/C/file-server.xml:139(para)
27773
msgid "Now restart <application>vsftpd</application>:"
27774
msgstr ""
27775
27776
#: serverguide/C/file-server.xml:147(para)
27777
msgid ""
27778
"Now when system users login to FTP they will start in their "
27779
"<emphasis>home</emphasis> directories where they can download, upload, "
27780
"create directories, etc."
27781
msgstr ""
27782
27783
#: serverguide/C/file-server.xml:153(para)
27784
msgid ""
27785
"Similarly, by default, anonymous users are not allowed to upload files to "
27786
"FTP server. To change this setting, you should uncomment the following line, "
27787
"and restart <application>vsftpd</application>:"
27788
msgstr ""
27789
27790
#: serverguide/C/file-server.xml:160(programlisting)
27791
#, no-wrap
27792
msgid ""
27793
"\n"
27794
"anon_upload_enable=YES\n"
27795
msgstr ""
27796
27797
#: serverguide/C/file-server.xml:165(para)
27798
msgid ""
27799
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
27800
"not enable anonymous upload on servers accessed directly from the Internet."
27801
msgstr ""
27802
27803
#: serverguide/C/file-server.xml:171(para)
27804
msgid ""
27805
"The configuration file consists of many configuration parameters. The "
27806
"information about each parameter is available in the configuration file. "
27807
"Alternatively, you can refer to the man page, <command>man 5 "
27808
"vsftpd.conf</command> for details of each parameter."
27809
msgstr ""
27810
27811
#: serverguide/C/file-server.xml:182(title)
27812
msgid "Securing FTP"
27813
msgstr ""
27814
27815
#: serverguide/C/file-server.xml:184(para)
27816
msgid ""
27817
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
27818
"<application>vsftpd</application> more secure. For example users can be "
27819
"limited to their home directories by uncommenting:"
27820
msgstr ""
27821
27822
#: serverguide/C/file-server.xml:190(programlisting)
27823
#, no-wrap
27824
msgid ""
27825
"\n"
27826
"chroot_local_user=YES\n"
27827
msgstr ""
27828
27829
#: serverguide/C/file-server.xml:194(para)
27830
msgid ""
27831
"You can also limit a specific list of users to just their home directories:"
27832
msgstr ""
27833
27834
#: serverguide/C/file-server.xml:198(programlisting)
27835
#, no-wrap
27836
msgid ""
27837
"\n"
27838
"chroot_list_enable=YES\n"
27839
"chroot_list_file=/etc/vsftpd.chroot_list\n"
27840
msgstr ""
27841
27842
#: serverguide/C/file-server.xml:203(para)
27843
msgid ""
27844
"After uncommenting the above options, create a "
27845
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
27846
"per line. Then restart <application>vsftpd</application>:"
27847
msgstr ""
27848
27849
#: serverguide/C/file-server.xml:212(para)
27850
msgid ""
27851
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
27852
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
27853
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
27854
"add them to the list."
27855
msgstr ""
27856
27857
#: serverguide/C/file-server.xml:219(para)
27858
msgid ""
27859
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
27860
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
27861
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
27862
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
27863
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
27864
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
27865
"with a shell may not be ideal for some environments, such as a shared web "
27866
"host. However, it is possible to restrict such accounts to only SFTP and "
27867
"disable shell interaction. See the section on OpenSSH-Server for more."
27868
msgstr ""
27869
27870
#: serverguide/C/file-server.xml:229(para)
27871
msgid ""
27872
"To configure <emphasis>FTPS</emphasis>, edit "
27873
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
27874
msgstr ""
27875
27876
#: serverguide/C/file-server.xml:233(programlisting)
27877
#, no-wrap
27878
msgid ""
27879
"\n"
27880
"ssl_enable=Yes\n"
27881
msgstr ""
27882
27883
#: serverguide/C/file-server.xml:237(para)
27884
msgid "Also, notice the certificate and key related options:"
27885
msgstr ""
27886
27887
#: serverguide/C/file-server.xml:241(programlisting)
27888
#, no-wrap
27889
msgid ""
27890
"\n"
27891
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
27892
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
27893
msgstr ""
27894
27895
#: serverguide/C/file-server.xml:246(para)
27896
msgid ""
27897
"By default these options are set to the certificate and key provided by the "
27898
"<application>ssl-cert</application> package. In a production environment "
27899
"these should be replaced with a certificate and key generated for the "
27900
"specific host. For more information on certificates see <xref "
27901
"linkend=\"certificates-and-security\"/>."
27902
msgstr ""
27903
27904
#: serverguide/C/file-server.xml:252(para)
27905
msgid ""
27906
"Now restart <application>vsftpd</application>, and non-anonymous users will "
27907
"be forced to use <emphasis>FTPS</emphasis>:"
27908
msgstr ""
27909
27910
#: serverguide/C/file-server.xml:261(para)
27911
msgid ""
27912
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
27913
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
27914
"adding the <emphasis>nologin</emphasis> shell:"
27915
msgstr ""
27916
27917
#: serverguide/C/file-server.xml:266(programlisting)
27918
#, no-wrap
27919
msgid ""
27920
"\n"
27921
"# /etc/shells: valid login shells\n"
27922
"/bin/csh\n"
27923
"/bin/sh\n"
27924
"/usr/bin/es\n"
27925
"/usr/bin/ksh\n"
27926
"/bin/ksh\n"
27927
"/usr/bin/rc\n"
27928
"/usr/bin/tcsh\n"
27929
"/bin/tcsh\n"
27930
"/usr/bin/esh\n"
27931
"/bin/dash\n"
27932
"/bin/bash\n"
27933
"/bin/rbash\n"
27934
"/usr/bin/screen\n"
27935
"/usr/sbin/nologin\n"
27936
msgstr ""
27937
27938
#: serverguide/C/file-server.xml:284(para)
27939
msgid ""
27940
"This is necessary because, by default <application>vsftpd</application> uses "
27941
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
27942
"configuration file contains:"
27943
msgstr ""
27944
27945
#: serverguide/C/file-server.xml:289(programlisting)
27946
#, no-wrap
27947
msgid ""
27948
"\n"
27949
"auth required pam_shells.so\n"
27950
msgstr ""
27951
27952
#: serverguide/C/file-server.xml:293(para)
27953
msgid ""
27954
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
27955
"in the <filename>/etc/shells</filename> file."
27956
msgstr ""
27957
27958
#: serverguide/C/file-server.xml:298(para)
27959
msgid ""
27960
"Most popular FTP clients can be configured to connect using FTPS. The "
27961
"<application>lftp</application> command line FTP client has the ability to "
27962
"use FTPS as well."
27963
msgstr ""
27964
27965
#: serverguide/C/file-server.xml:309(para)
27966
msgid ""
27967
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
27968
"website</ulink> for more information."
27969
msgstr ""
27970
27971
#: serverguide/C/file-server.xml:314(para)
27972
msgid ""
27973
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
27974
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/vsftpd.conf.5.html\""
27975
">vsftpd.conf man page</ulink>."
27976
msgstr ""
27977
27978
#: serverguide/C/file-server.xml:325(title)
27979
msgid "Network File System (NFS)"
27980
msgstr ""
27981
27982
#: serverguide/C/file-server.xml:326(para)
27983
msgid ""
27984
"NFS allows a system to share directories and files with others over a "
27985
"network. By using NFS, users and programs can access files on remote systems "
27986
"almost as if they were local files."
27987
msgstr ""
27988
27989
#: serverguide/C/file-server.xml:332(para)
27990
msgid "Some of the most notable benefits that NFS can provide are:"
27991
msgstr ""
27992
27993
#: serverguide/C/file-server.xml:338(para)
27994
msgid ""
27995
"Local workstations use less disk space because commonly used data can be "
27996
"stored on a single machine and still remain accessible to others over the "
27997
"network."
27998
msgstr ""
27999
28000
#: serverguide/C/file-server.xml:343(para)
28001
msgid ""
28002
"There is no need for users to have separate home directories on every "
28003
"network machine. Home directories could be set up on the NFS server and made "
28004
"available throughout the network."
28005
msgstr ""
28006
28007
#: serverguide/C/file-server.xml:349(para)
28008
msgid ""
28009
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
28010
"be used by other machines on the network. This may reduce the number of "
28011
"removable media drives throughout the network."
28012
msgstr ""
28013
28014
#: serverguide/C/file-server.xml:359(para)
28015
msgid ""
28016
"At a terminal prompt enter the following command to install the NFS Server:"
28017
msgstr ""
28018
28019
#: serverguide/C/file-server.xml:365(command)
28020
msgid "sudo apt install nfs-kernel-server"
28021
msgstr ""
28022
28023
#: serverguide/C/file-server.xml:371(para)
28024
msgid ""
28025
"You can configure the directories to be exported by adding them to the "
28026
"<filename>/etc/exports</filename> file. For example:"
28027
msgstr ""
28028
28029
#: serverguide/C/file-server.xml:376(screen)
28030
#, no-wrap
28031
msgid ""
28032
"\n"
28033
"/ubuntu *(ro,sync,no_root_squash)\n"
28034
"/home *(rw,sync,no_root_squash)\n"
28035
msgstr ""
28036
28037
#: serverguide/C/file-server.xml:382(para)
28038
msgid ""
28039
"You can replace * with one of the hostname formats. Make the hostname "
28040
"declaration as specific as possible so unwanted systems cannot access the "
28041
"NFS mount."
28042
msgstr ""
28043
28044
#: serverguide/C/file-server.xml:388(para)
28045
msgid ""
28046
"To start the NFS server, you can run the following command at a terminal "
28047
"prompt:"
28048
msgstr ""
28049
28050
#: serverguide/C/file-server.xml:393(command)
28051
msgid "sudo systemctl start nfs-kernel-server.service"
28052
msgstr ""
28053
28054
#: serverguide/C/file-server.xml:398(title)
28055
msgid "NFS Client Configuration"
28056
msgstr ""
28057
28058
#: serverguide/C/file-server.xml:399(para)
28059
msgid ""
28060
"Use the <application>mount</application> command to mount a shared NFS "
28061
"directory from another machine, by typing a command line similar to the "
28062
"following at a terminal prompt:"
28063
msgstr ""
28064
28065
#: serverguide/C/file-server.xml:405(command)
28066
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
28067
msgstr ""
28068
28069
#: serverguide/C/file-server.xml:409(para)
28070
msgid ""
28071
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
28072
"There should be no files or subdirectories in the "
28073
"<filename>/local/ubuntu</filename> directory."
28074
msgstr ""
28075
28076
#: serverguide/C/file-server.xml:416(para)
28077
msgid ""
28078
"An alternate way to mount an NFS share from another machine is to add a line "
28079
"to the <filename>/etc/fstab</filename> file. The line must state the "
28080
"hostname of the NFS server, the directory on the server being exported, and "
28081
"the directory on the local machine where the NFS share is to be mounted."
28082
msgstr ""
28083
28084
#: serverguide/C/file-server.xml:424(para)
28085
msgid ""
28086
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
28087
"as follows:"
28088
msgstr ""
28089
28090
#: serverguide/C/file-server.xml:429(programlisting)
28091
#, no-wrap
28092
msgid ""
28093
"\n"
28094
"example.hostname.com:/ubuntu /local/ubuntu nfs "
28095
"rsize=8192,wsize=8192,timeo=14,intr\n"
28096
msgstr ""
28097
28098
#: serverguide/C/file-server.xml:433(para)
28099
msgid ""
28100
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
28101
"common</application> package is installed on your client. To install "
28102
"<application>nfs-common</application> enter the following command at the "
28103
"terminal prompt: <screen>\n"
28104
"<command>sudo apt install nfs-common</command>\n"
28105
"</screen>"
28106
msgstr ""
28107
28108
#: serverguide/C/file-server.xml:446(ulink)
28109
msgid "Linux NFS faq"
28110
msgstr ""
28111
28112
#: serverguide/C/file-server.xml:448(ulink)
28113
msgid "Ubuntu Wiki NFS Howto"
28114
msgstr ""
28115
28116
#: serverguide/C/file-server.xml:454(title)
28117
msgid "iSCSI Initiator"
28118
msgstr ""
28119
28120
#: serverguide/C/file-server.xml:456(para)
28121
msgid ""
28122
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
28123
"protocol that allows SCSI commands to be transmitted over a network. "
28124
"Typically iSCSI is implemented in a SAN (Storage Area Network) to allow "
28125
"servers to access a large store of hard drive space. The iSCSI protocol "
28126
"refers to clients as <emphasis>initiators</emphasis> and iSCSI servers as "
28127
"<emphasis>targets</emphasis>."
28128
msgstr ""
28129
28130
#: serverguide/C/file-server.xml:462(para)
28131
msgid ""
28132
"Ubuntu Server can be configured as both an iSCSI initiator and a target. "
28133
"This guide provides commands and configuration options to setup an iSCSI "
28134
"initiator. It is assumed that you already have an iSCSI target on your local "
28135
"network and have the appropriate rights to connect to it. The instructions "
28136
"for setting up a target vary greatly between hardware providers, so consult "
28137
"your vendor documentation to configure your specific iSCSI target."
28138
msgstr ""
28139
28140
#: serverguide/C/file-server.xml:470(title)
28141
msgid "iSCSI Initiator Install"
28142
msgstr ""
28143
28144
#: serverguide/C/file-server.xml:472(para)
28145
msgid ""
28146
"To configure Ubuntu Server as an iSCSI initiator install the "
28147
"<application>open-iscsi</application> package. In a terminal enter:"
28148
msgstr ""
28149
28150
#: serverguide/C/file-server.xml:477(command)
28151
msgid "sudo apt install open-iscsi"
28152
msgstr ""
28153
28154
#: serverguide/C/file-server.xml:482(title)
28155
msgid "iSCSI Initiator Configuration"
28156
msgstr ""
28157
28158
#: serverguide/C/file-server.xml:484(para)
28159
msgid ""
28160
"Once the <application>open-iscsi</application> package is installed, edit "
28161
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
28162
msgstr ""
28163
28164
#: serverguide/C/file-server.xml:488(programlisting)
28165
#, no-wrap
28166
msgid ""
28167
"\n"
28168
"node.startup = automatic\n"
28169
msgstr ""
28170
28171
#: serverguide/C/file-server.xml:492(para)
28172
msgid ""
28173
"You can check which targets are available by using the "
28174
"<application>iscsiadm</application> utility. Enter the following in a "
28175
"terminal:"
28176
msgstr ""
28177
28178
#: serverguide/C/file-server.xml:497(command)
28179
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
28180
msgstr ""
28181
28182
#: serverguide/C/file-server.xml:501(para)
28183
msgid ""
28184
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
28185
msgstr ""
28186
28187
#: serverguide/C/file-server.xml:502(para)
28188
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
28189
msgstr ""
28190
28191
#: serverguide/C/file-server.xml:503(para)
28192
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
28193
msgstr ""
28194
28195
#: serverguide/C/file-server.xml:507(para)
28196
msgid ""
28197
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
28198
"your network."
28199
msgstr ""
28200
28201
#: serverguide/C/file-server.xml:512(para)
28202
msgid ""
28203
"If the target is available you should see output similar to the following:"
28204
msgstr ""
28205
28206
#: serverguide/C/file-server.xml:517(computeroutput)
28207
#, no-wrap
28208
msgid ""
28209
"\n"
28210
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
28211
msgstr ""
28212
28213
#: serverguide/C/file-server.xml:523(para)
28214
msgid ""
28215
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
28216
"on your hardware."
28217
msgstr ""
28218
28219
#: serverguide/C/file-server.xml:528(para)
28220
msgid ""
28221
"You should now be able to connect to the iSCSI target, and depending on your "
28222
"target setup you may have to enter user credentials. Login to the iSCSI node:"
28223
msgstr ""
28224
28225
#: serverguide/C/file-server.xml:534(command)
28226
msgid "sudo iscsiadm -m node --login"
28227
msgstr ""
28228
28229
#: serverguide/C/file-server.xml:537(para)
28230
msgid ""
28231
"Check to make sure that the new disk has been detected using "
28232
"<application>dmesg</application>:"
28233
msgstr ""
28234
28235
#: serverguide/C/file-server.xml:542(command)
28236
msgid "dmesg | grep sd"
28237
msgstr ""
28238
28239
#: serverguide/C/file-server.xml:543(computeroutput)
28240
#, no-wrap
28241
msgid ""
28242
"\n"
28243
"[ 4.322384] sd 2:0:0:0: Attached scsi generic sg1 type 0\n"
28244
"[ 4.322797] sd 2:0:0:0: [sda] 41943040 512-byte logical blocks: (21.4 "
28245
"GB/20.0 GiB)\n"
28246
"[ 4.322843] sd 2:0:0:0: [sda] Write Protect is off\n"
28247
"[ 4.322846] sd 2:0:0:0: [sda] Mode Sense: 03 00 00 00\n"
28248
"[ 4.322896] sd 2:0:0:0: [sda] Cache data unavailable\n"
28249
"[ 4.322899] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
28250
"[ 4.323230] sd 2:0:0:0: [sda] Cache data unavailable\n"
28251
"[ 4.323233] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
28252
"[ 4.325312] sda: sda1 sda2 < sda5 >\n"
28253
"[ 4.325729] sd 2:0:0:0: [sda] Cache data unavailable\n"
28254
"[ 4.325732] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
28255
"[ 4.325735] sd 2:0:0:0: [sda] Attached SCSI disk\n"
28256
"[ 2486.941805] sd 4:0:0:3: Attached scsi generic sg3 type 0\n"
28257
"[ 2486.952093] sd 4:0:0:3: [sdb] 1126400000 512-byte logical blocks: (576 "
28258
"GB/537 GiB)\n"
28259
"[ 2486.954195] sd 4:0:0:3: [sdb] Write Protect is off\n"
28260
"[ 2486.954200] sd 4:0:0:3: [sdb] Mode Sense: 8f 00 00 08\n"
28261
"[ 2486.954692] sd 4:0:0:3: [sdb] Write cache: disabled, read cache: enabled, "
28262
"doesn't\n"
28263
" support DPO or FUA\n"
28264
"[ 2486.960577] sdb: sdb1\n"
28265
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
28266
msgstr ""
28267
28268
#: serverguide/C/file-server.xml:567(para)
28269
msgid ""
28270
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
28271
"this is just an example; the output you see on your screen will vary."
28272
msgstr ""
28273
28274
#: serverguide/C/file-server.xml:572(para)
28275
msgid ""
28276
"Next, create a partition, format the file system, and mount the new iSCSI "
28277
"disk. In a terminal enter:"
28278
msgstr ""
28279
28280
#: serverguide/C/file-server.xml:577(command)
28281
msgid "sudo fdisk /dev/sdb"
28282
msgstr ""
28283
28284
#: serverguide/C/file-server.xml:578(command)
28285
msgid "n"
28286
msgstr ""
28287
28288
#: serverguide/C/file-server.xml:579(command)
28289
msgid "p"
28290
msgstr ""
28291
28292
#: serverguide/C/file-server.xml:580(command)
28293
msgid "enter"
28294
msgstr ""
28295
28296
#: serverguide/C/file-server.xml:581(command)
28297
msgid "w"
28298
msgstr ""
28299
28300
#: serverguide/C/file-server.xml:585(para)
28301
msgid ""
28302
"The above commands are from inside the <application>fdisk</application> "
28303
"utility; see <command>man fdisk</command> for more detailed instructions. "
28304
"Also, the <application>cfdisk</application> utility is sometimes more user "
28305
"friendly."
28306
msgstr ""
28307
28308
#: serverguide/C/file-server.xml:591(para)
28309
msgid ""
28310
"Now format the file system and mount it to <filename>/srv</filename> as an "
28311
"example:"
28312
msgstr ""
28313
28314
#: serverguide/C/file-server.xml:596(command)
28315
msgid "sudo mkfs.ext4 /dev/sdb1"
28316
msgstr ""
28317
28318
#: serverguide/C/file-server.xml:597(command)
28319
msgid "sudo mount /dev/sdb1 /srv"
28320
msgstr ""
28321
28322
#: serverguide/C/file-server.xml:601(para)
28323
msgid ""
28324
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
28325
"drive during boot:"
28326
msgstr ""
28327
28328
#: serverguide/C/file-server.xml:605(programlisting)
28329
#, no-wrap
28330
msgid ""
28331
"\n"
28332
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
28333
msgstr ""
28334
28335
#: serverguide/C/file-server.xml:609(para)
28336
msgid ""
28337
"It is a good idea to make sure everything is working as expected by "
28338
"rebooting the server."
28339
msgstr ""
28340
28341
#: serverguide/C/file-server.xml:618(ulink)
28342
msgid "Open-iSCSI Website"
28343
msgstr ""
28344
28345
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
28346
msgid "Debian Open-iSCSI page"
28347
msgstr ""
28348
28349
#: serverguide/C/file-server.xml:628(title)
28350
msgid "CUPS - Print Server"
28351
msgstr ""
28352
28353
#: serverguide/C/file-server.xml:629(para)
28354
msgid ""
28355
"The primary mechanism for Ubuntu printing and print services is the "
28356
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
28357
"printing system is a freely available, portable printing layer which has "
28358
"become the new standard for printing in most Linux distributions."
28359
msgstr ""
28360
28361
#: serverguide/C/file-server.xml:636(para)
28362
msgid ""
28363
"CUPS manages print jobs and queues and provides network printing using the "
28364
"standard Internet Printing Protocol (IPP), while offering support for a very "
28365
"large range of printers, from dot-matrix to laser and many in between. CUPS "
28366
"also supports PostScript Printer Description (PPD) and auto-detection of "
28367
"network printers, and features a simple web-based configuration and "
28368
"administration tool."
28369
msgstr ""
28370
28371
#: serverguide/C/file-server.xml:646(para)
28372
msgid ""
28373
"To install CUPS on your Ubuntu computer, simply use "
28374
"<application>sudo</application> with the <application>apt</application> "
28375
"command and give the packages to install as the first parameter. A complete "
28376
"CUPS install has many package dependencies, but they may all be specified on "
28377
"the same command line. Enter the following at a terminal prompt to install "
28378
"CUPS:"
28379
msgstr ""
28380
28381
#: serverguide/C/file-server.xml:651(command)
28382
msgid "sudo apt install cups"
28383
msgstr ""
28384
28385
#: serverguide/C/file-server.xml:654(para)
28386
msgid ""
28387
"Upon authenticating with your user password, the packages should be "
28388
"downloaded and installed without error. Upon the conclusion of installation, "
28389
"the CUPS server will be started automatically."
28390
msgstr ""
28391
28392
#: serverguide/C/file-server.xml:659(para)
28393
msgid ""
28394
"For troubleshooting purposes, you can access CUPS server errors via the "
28395
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
28396
"error log does not show enough information to troubleshoot any problems you "
28397
"encounter, the verbosity of the CUPS log can be increased by changing the "
28398
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
28399
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
28400
"everything, from the default of \"info\". If you make this change, remember "
28401
"to change it back once you've solved your problem, to prevent the log file "
28402
"from becoming overly large."
28403
msgstr ""
28404
28405
#: serverguide/C/file-server.xml:672(para)
28406
msgid ""
28407
"The Common UNIX Printing System server's behavior is configured through the "
28408
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
28409
"The CUPS configuration file follows the same syntax as the primary "
28410
"configuration file for the Apache HTTP server, so users familiar with "
28411
"editing Apache's configuration file should feel at ease when editing the "
28412
"CUPS configuration file. Some examples of settings you may wish to change "
28413
"initially will be presented here."
28414
msgstr ""
28415
28416
#: serverguide/C/file-server.xml:682(para)
28417
msgid ""
28418
"Prior to editing the configuration file, you should make a copy of the "
28419
"original file and protect it from writing, so you will have the original "
28420
"settings as a reference, and to reuse as necessary."
28421
msgstr ""
28422
28423
#: serverguide/C/file-server.xml:686(para)
28424
msgid ""
28425
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
28426
"writing with the following commands, issued at a terminal prompt:"
28427
msgstr ""
28428
28429
#: serverguide/C/file-server.xml:692(command)
28430
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
28431
msgstr ""
28432
28433
#: serverguide/C/file-server.xml:693(command)
28434
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
28435
msgstr ""
28436
28437
#: serverguide/C/file-server.xml:698(para)
28438
msgid ""
28439
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
28440
"address of the designated administrator of the CUPS server, simply edit the "
28441
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
28442
"preferred text editor, and add or modify the <emphasis "
28443
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
28444
"you are the Administrator for the CUPS server, and your e-mail address is "
28445
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
28446
"as such:"
28447
msgstr ""
28448
28449
#: serverguide/C/file-server.xml:709(screen)
28450
#, no-wrap
28451
msgid ""
28452
"\n"
28453
"ServerAdmin bjoy@somebigco.com\n"
28454
msgstr ""
28455
28456
#: serverguide/C/file-server.xml:715(para)
28457
msgid ""
28458
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
28459
"server installation listens only on the loopback interface at IP address "
28460
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
28461
"listen on an actual network adapter's IP address, you must specify either a "
28462
"hostname, the IP address, or optionally, an IP address/port pairing via the "
28463
"addition of a Listen directive. For example, if your CUPS server resides on "
28464
"a local network at the IP address <emphasis "
28465
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
28466
"accessible to the other systems on this subnetwork, you would edit the "
28467
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
28468
"such:"
28469
msgstr ""
28470
28471
#: serverguide/C/file-server.xml:729(screen)
28472
#, no-wrap
28473
msgid ""
28474
"\n"
28475
"Listen 127.0.0.1:631 # existing loopback Listen\n"
28476
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
28477
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
28478
"(IPP)\n"
28479
msgstr ""
28480
28481
#: serverguide/C/file-server.xml:735(para)
28482
msgid ""
28483
"In the example above, you may comment out or remove the reference to the "
28484
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
28485
"</application> to listen on that interface, but would rather have it only "
28486
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
28487
"listening for all network interfaces for which a certain hostname is bound, "
28488
"including the Loopback, you could create a Listen entry for the hostname "
28489
"<emphasis>socrates</emphasis> as such:"
28490
msgstr ""
28491
28492
#: serverguide/C/file-server.xml:745(screen)
28493
#, no-wrap
28494
msgid ""
28495
"\n"
28496
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
28497
msgstr ""
28498
28499
#: serverguide/C/file-server.xml:749(para)
28500
msgid ""
28501
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
28502
"instead, as in:"
28503
msgstr ""
28504
28505
#: serverguide/C/file-server.xml:751(screen)
28506
#, no-wrap
28507
msgid ""
28508
"\n"
28509
"Port 631 # Listen on port 631 on all interfaces\n"
28510
msgstr ""
28511
28512
#: serverguide/C/file-server.xml:758(para)
28513
msgid ""
28514
"For more examples of configuration directives in the CUPS server "
28515
"configuration file, view the associated system manual page by entering the "
28516
"following command at a terminal prompt:"
28517
msgstr ""
28518
28519
#: serverguide/C/file-server.xml:765(command)
28520
msgid "man cupsd.conf"
28521
msgstr ""
28522
28523
#: serverguide/C/file-server.xml:769(para)
28524
msgid ""
28525
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
28526
"configuration file, you'll need to restart the CUPS server by typing the "
28527
"following command at a terminal prompt:"
28528
msgstr ""
28529
28530
#: serverguide/C/file-server.xml:775(command)
28531
msgid "sudo systemctl restart cups.service"
28532
msgstr ""
28533
28534
#: serverguide/C/file-server.xml:781(title)
28535
msgid "Web Interface"
28536
msgstr ""
28537
28538
#: serverguide/C/file-server.xml:783(para)
28539
msgid ""
28540
"CUPS can be configured and monitored using a web interface, which by default "
28541
"is available at <ulink "
28542
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
28543
"web interface can be used to perform all printer management tasks."
28544
msgstr ""
28545
28546
#: serverguide/C/file-server.xml:787(para)
28547
msgid ""
28548
"In order to perform administrative tasks via the web interface, you must "
28549
"either have the root account enabled on your server, or authenticate as a "
28550
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
28551
"reasons, CUPS won't authenticate a user that doesn't have a password."
28552
msgstr ""
28553
28554
#: serverguide/C/file-server.xml:790(para)
28555
msgid ""
28556
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
28557
"at the terminal prompt: <screen>\n"
28558
"<command>sudo usermod -aG lpadmin username</command>\n"
28559
"</screen>"
28560
msgstr ""
28561
28562
#: serverguide/C/file-server.xml:796(para)
28563
msgid ""
28564
"Further documentation is available in the <emphasis "
28565
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
28566
msgstr ""
28567
28568
#: serverguide/C/file-server.xml:804(ulink)
28569
msgid "CUPS Website"
28570
msgstr ""
28571
28572
#: serverguide/C/dns.xml:11(title)
28573
msgid "Domain Name Service (DNS)"
28574
msgstr ""
28575
28576
#: serverguide/C/dns.xml:12(para)
28577
msgid ""
28578
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
28579
"fully qualified domain names (FQDN) to one another. In this way, DNS "
28580
"alleviates the need to remember IP addresses. Computers that run DNS are "
28581
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
28582
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
28583
"common program used for maintaining a name server on Linux."
28584
msgstr ""
28585
28586
#: serverguide/C/dns.xml:22(para)
28587
msgid ""
28588
"At a terminal prompt, enter the following command to install "
28589
"<application>dns</application>:"
28590
msgstr ""
28591
28592
#: serverguide/C/dns.xml:26(command)
28593
msgid "sudo apt install bind9"
28594
msgstr ""
28595
28596
#: serverguide/C/dns.xml:28(para)
28597
msgid ""
28598
"A very useful package for testing and troubleshooting DNS issues is the "
28599
"dnsutils package. Very often these tools will be installed already, but to "
28600
"check and/or install <application>dnsutils</application> enter the following:"
28601
msgstr ""
28602
28603
#: serverguide/C/dns.xml:33(command)
28604
msgid "sudo apt install dnsutils"
28605
msgstr ""
28606
28607
#: serverguide/C/dns.xml:38(para)
28608
msgid ""
28609
"There are many ways to configure <application>BIND9</application>. Some of "
28610
"the most common configurations are a caching nameserver, primary master, and "
28611
"as a secondary master."
28612
msgstr ""
28613
28614
#: serverguide/C/dns.xml:44(para)
28615
msgid ""
28616
"When configured as a caching nameserver BIND9 will find the answer to name "
28617
"queries and remember the answer when the domain is queried again."
28618
msgstr ""
28619
28620
#: serverguide/C/dns.xml:50(para)
28621
msgid ""
28622
"As a primary master server BIND9 reads the data for a zone from a file on "
28623
"it's host and is authoritative for that zone."
28624
msgstr ""
28625
28626
#: serverguide/C/dns.xml:55(para)
28627
msgid ""
28628
"In a secondary master configuration BIND9 gets the zone data from another "
28629
"nameserver authoritative for the zone."
28630
msgstr ""
28631
28632
#: serverguide/C/dns.xml:63(para)
28633
msgid ""
28634
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
28635
"directory. The primary configuration file is "
28636
"<filename>/etc/bind/named.conf</filename>."
28637
msgstr ""
28638
28639
#: serverguide/C/dns.xml:70(para)
28640
msgid ""
28641
"The <emphasis>include</emphasis> line specifies the filename which contains "
28642
"the DNS options. The <emphasis>directory</emphasis> line in the "
28643
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
28644
"look for files. All files BIND uses will be relative to this directory."
28645
msgstr ""
28646
28647
#: serverguide/C/dns.xml:78(para)
28648
msgid ""
28649
"The file named <filename>/etc/bind/db.root</filename> describes the root "
28650
"nameservers in the world. The servers change over time, so the "
28651
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
28652
"This is usually done as updates to the <application>bind9</application> "
28653
"package. The <emphasis>zone</emphasis> section defines a master server, and "
28654
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
28655
msgstr ""
28656
28657
#: serverguide/C/dns.xml:88(para)
28658
msgid ""
28659
"It is possible to configure the same server to be a caching name server, "
28660
"primary master, and secondary master. A server can be the Start of Authority "
28661
"(SOA) for one zone, while providing secondary service for another zone. All "
28662
"the while providing caching services for hosts on the local LAN."
28663
msgstr ""
28664
28665
#: serverguide/C/dns.xml:96(title)
28666
msgid "Caching Nameserver"
28667
msgstr ""
28668
28669
#: serverguide/C/dns.xml:97(para)
28670
msgid ""
28671
"The default configuration is setup to act as a caching server. All that is "
28672
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
28673
"uncomment and edit the following in "
28674
"<filename>/etc/bind/named.conf.options</filename>:"
28675
msgstr ""
28676
28677
#: serverguide/C/dns.xml:101(programlisting)
28678
#, no-wrap
28679
msgid ""
28680
"\n"
28681
"forwarders {\n"
28682
" 1.2.3.4;\n"
28683
" 5.6.7.8;\n"
28684
" };\n"
28685
msgstr ""
28686
28687
#: serverguide/C/dns.xml:108(para)
28688
msgid ""
28689
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
28690
"the IP Adresses of actual nameservers."
28691
msgstr ""
28692
28693
#: serverguide/C/dns.xml:112(para)
28694
msgid ""
28695
"Now restart the DNS server, to enable the new configuration. From a terminal "
28696
"prompt:"
28697
msgstr ""
28698
28699
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
28700
msgid "sudo systemctl restart bind9.service"
28701
msgstr ""
28702
28703
#: serverguide/C/dns.xml:118(para)
28704
msgid ""
28705
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
28706
"DNS server."
28707
msgstr ""
28708
28709
#: serverguide/C/dns.xml:123(title)
28710
msgid "Primary Master"
28711
msgstr ""
28712
28713
#: serverguide/C/dns.xml:124(para)
28714
msgid ""
28715
"In this section <application>BIND9</application> will be configured as the "
28716
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
28717
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
28718
"(Fully Qualified Domain Name)."
28719
msgstr ""
28720
28721
#: serverguide/C/dns.xml:130(title)
28722
msgid "Forward Zone File"
28723
msgstr ""
28724
28725
#: serverguide/C/dns.xml:131(para)
28726
msgid ""
28727
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
28728
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
28729
msgstr ""
28730
28731
#: serverguide/C/dns.xml:135(programlisting)
28732
#, no-wrap
28733
msgid ""
28734
"\n"
28735
"zone \"example.com\" {\n"
28736
"\ttype master;\n"
28737
" file \"/etc/bind/db.example.com\";\n"
28738
"};\n"
28739
msgstr ""
28740
28741
#: serverguide/C/dns.xml:141(para)
28742
msgid ""
28743
"(Note, if bind will be receiving automatic updates to the file as with DDNS, "
28744
"then use <filename>/var/lib/bind/db.example.com</filename> rather than "
28745
"<filename>/etc/bind/db.example.com</filename> both here and in the copy "
28746
"command below.)"
28747
msgstr ""
28748
28749
#: serverguide/C/dns.xml:145(para)
28750
msgid ""
28751
"Now use an existing zone file as a template to create the "
28752
"<filename>/etc/bind/db.example.com</filename> file:"
28753
msgstr ""
28754
28755
#: serverguide/C/dns.xml:149(command)
28756
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
28757
msgstr ""
28758
28759
#: serverguide/C/dns.xml:151(para)
28760
msgid ""
28761
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
28762
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
28763
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
28764
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
28765
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
28766
"leaving the \".\" at the end. Change the comment to indicate the domain that "
28767
"this file is for."
28768
msgstr ""
28769
28770
#: serverguide/C/dns.xml:158(para)
28771
msgid ""
28772
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
28773
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
28774
"record</emphasis> for <emphasis role=\"italic\">ns.example.com</emphasis>, "
28775
"the name server in this example:"
28776
msgstr ""
28777
28778
#: serverguide/C/dns.xml:163(programlisting)
28779
#, no-wrap
28780
msgid ""
28781
"\n"
28782
";\n"
28783
"; BIND data file for example.com\n"
28784
";\n"
28785
"$TTL 604800\n"
28786
"@ IN SOA example.com. root.example.com. (\n"
28787
" 2 ; Serial\n"
28788
" 604800 ; Refresh\n"
28789
" 86400 ; Retry\n"
28790
" 2419200 ; Expire\n"
28791
" 604800 ) ; Negative Cache TTL\n"
28792
" IN A 192.168.1.10\n"
28793
";\n"
28794
"@ IN NS ns.example.com.\n"
28795
"@ IN A 192.168.1.10\n"
28796
"@ IN AAAA ::1\n"
28797
"ns IN A 192.168.1.10\n"
28798
msgstr ""
28799
28800
#: serverguide/C/dns.xml:181(para)
28801
msgid ""
28802
"You must increment the <emphasis>Serial Number</emphasis> every time you "
28803
"make changes to the zone file. If you make multiple changes before "
28804
"restarting BIND9, simply increment the Serial once."
28805
msgstr ""
28806
28807
#: serverguide/C/dns.xml:185(para)
28808
msgid ""
28809
"Now, you can add DNS records to the bottom of the zone file. See <xref "
28810
"linkend=\"dns-record-types\"/> for details."
28811
msgstr ""
28812
28813
#: serverguide/C/dns.xml:189(para)
28814
msgid ""
28815
"Many admins like to use the last date edited as the serial of a zone, such "
28816
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
28817
"<emphasis>ss</emphasis> is the Serial Number)"
28818
msgstr ""
28819
28820
#: serverguide/C/dns.xml:194(para)
28821
msgid ""
28822
"Once you have made changes to the zone file <application>BIND9</application> "
28823
"needs to be restarted for the changes to take effect:"
28824
msgstr ""
28825
28826
#: serverguide/C/dns.xml:203(title)
28827
msgid "Reverse Zone File"
28828
msgstr ""
28829
28830
#: serverguide/C/dns.xml:204(para)
28831
msgid ""
28832
"Now that the zone is setup and resolving names to IP Adresses a "
28833
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
28834
"DNS to resolve an address to a name."
28835
msgstr ""
28836
28837
#: serverguide/C/dns.xml:208(para)
28838
msgid "Edit /etc/bind/named.conf.local and add the following:"
28839
msgstr ""
28840
28841
#: serverguide/C/dns.xml:211(programlisting)
28842
#, no-wrap
28843
msgid ""
28844
"\n"
28845
"zone \"1.168.192.in-addr.arpa\" {\n"
28846
" type master;\n"
28847
" file \"/etc/bind/db.192\";\n"
28848
"};\n"
28849
msgstr ""
28850
28851
#: serverguide/C/dns.xml:218(para)
28852
msgid ""
28853
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
28854
"whatever network you are using. Also, name the zone file "
28855
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
28856
"first octet of your network."
28857
msgstr ""
28858
28859
#: serverguide/C/dns.xml:223(para)
28860
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
28861
msgstr ""
28862
28863
#: serverguide/C/dns.xml:227(command)
28864
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
28865
msgstr ""
28866
28867
#: serverguide/C/dns.xml:229(para)
28868
msgid ""
28869
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
28870
"same options as <filename>/etc/bind/db.example.com</filename>:"
28871
msgstr ""
28872
28873
#: serverguide/C/dns.xml:233(programlisting)
28874
#, no-wrap
28875
msgid ""
28876
"\n"
28877
";\n"
28878
"; BIND reverse data file for local 192.168.1.XXX net\n"
28879
";\n"
28880
"$TTL 604800\n"
28881
"@ IN SOA ns.example.com. root.example.com. (\n"
28882
" 2 ; Serial\n"
28883
" 604800 ; Refresh\n"
28884
" 86400 ; Retry\n"
28885
" 2419200 ; Expire\n"
28886
" 604800 ) ; Negative Cache TTL\n"
28887
";\n"
28888
"@ IN NS ns.\n"
28889
"10 IN PTR ns.example.com.\n"
28890
msgstr ""
28891
28892
#: serverguide/C/dns.xml:248(para)
28893
msgid ""
28894
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
28895
"incremented on each change as well. For each <emphasis>A record</emphasis> "
28896
"you configure in <filename>/etc/bind/db.example.com</filename>, that is for "
28897
"a different address, you need to create a <emphasis>PTR record</emphasis> in "
28898
"<filename>/etc/bind/db.192</filename>."
28899
msgstr ""
28900
28901
#: serverguide/C/dns.xml:253(para)
28902
msgid ""
28903
"After creating the reverse zone file restart "
28904
"<application>BIND9</application>:"
28905
msgstr ""
28906
28907
#: serverguide/C/dns.xml:262(title)
28908
msgid "Secondary Master"
28909
msgstr ""
28910
28911
#: serverguide/C/dns.xml:263(para)
28912
msgid ""
28913
"Once a <emphasis>Primary Master</emphasis> has been configured a "
28914
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
28915
"availability of the domain should the Primary become unavailable."
28916
msgstr ""
28917
28918
#: serverguide/C/dns.xml:267(para)
28919
msgid ""
28920
"First, on the Primary Master server, the zone transfer needs to be allowed. "
28921
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
28922
"and Reverse zone definitions in "
28923
"<filename>/etc/bind/named.conf.local</filename>:"
28924
msgstr ""
28925
28926
#: serverguide/C/dns.xml:271(programlisting)
28927
#, no-wrap
28928
msgid ""
28929
"\n"
28930
"zone \"example.com\" {\n"
28931
" type master;\n"
28932
"\tfile \"/etc/bind/db.example.com\";\n"
28933
" allow-transfer { 192.168.1.11; };\n"
28934
"};\n"
28935
"\n"
28936
"zone \"1.168.192.in-addr.arpa\" {\n"
28937
" type master;\n"
28938
" file \"/etc/bind/db.192\";\n"
28939
"\tallow-transfer { 192.168.1.11; };\n"
28940
"};\n"
28941
msgstr ""
28942
28943
#: serverguide/C/dns.xml:285(para)
28944
msgid ""
28945
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
28946
"Secondary nameserver."
28947
msgstr ""
28948
28949
#: serverguide/C/dns.xml:289(para)
28950
msgid "Restart <application>BIND9</application> on the Primary Master:"
28951
msgstr ""
28952
28953
#: serverguide/C/dns.xml:295(para)
28954
msgid ""
28955
"Next, on the Secondary Master, install the <application>bind9</application> "
28956
"package the same way as on the Primary. Then edit the "
28957
"<filename>/etc/bind/named.conf.local</filename> and add the following "
28958
"declarations for the Forward and Reverse zones:"
28959
msgstr ""
28960
28961
#: serverguide/C/dns.xml:299(programlisting)
28962
#, no-wrap
28963
msgid ""
28964
"\n"
28965
"zone \"example.com\" {\n"
28966
"\ttype slave;\n"
28967
" file \"db.example.com\";\n"
28968
" masters { 192.168.1.10; };\n"
28969
"}; \n"
28970
" \n"
28971
"zone \"1.168.192.in-addr.arpa\" {\n"
28972
"\ttype slave;\n"
28973
" file \"db.192\";\n"
28974
" masters { 192.168.1.10; };\n"
28975
"};\n"
28976
msgstr ""
28977
28978
#: serverguide/C/dns.xml:313(para)
28979
msgid ""
28980
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
28981
"Primary nameserver."
28982
msgstr ""
28983
28984
#: serverguide/C/dns.xml:317(para)
28985
msgid "Restart <application>BIND9</application> on the Secondary Master:"
28986
msgstr ""
28987
28988
#: serverguide/C/dns.xml:323(para)
28989
msgid ""
28990
"In <filename>/var/log/syslog</filename> you should see something similar to "
28991
"(some lines have been split to fit the format of this document):"
28992
msgstr ""
28993
28994
#: serverguide/C/dns.xml:326(programlisting)
28995
#, no-wrap
28996
msgid ""
28997
"\n"
28998
"client 192.168.1.10#39448: received notify for zone '1.168.192.in-"
28999
"addr.arpa'\n"
29000
"zone 1.168.192.in-addr.arpa/IN: Transfer started.\n"
29001
"transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:\n"
29002
" connected using 192.168.1.11#37531\n"
29003
"zone 1.168.192.in-addr.arpa/IN: transferred serial 5\n"
29004
"transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:\n"
29005
" Transfer completed: 1 messages, \n"
29006
"6 records, 212 bytes, 0.002 secs (106000 bytes/sec)\n"
29007
"zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 5)\n"
29008
"\n"
29009
"client 192.168.1.10#20329: received notify for zone 'example.com'\n"
29010
"zone example.com/IN: Transfer started.\n"
29011
"transfer of 'example.com/IN' from 192.168.1.10#53: connected using "
29012
"192.168.1.11#38577\n"
29013
"zone example.com/IN: transferred serial 5\n"
29014
"transfer of 'example.com/IN' from 192.168.1.10#53: Transfer completed: 1 "
29015
"messages, \n"
29016
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
29017
msgstr ""
29018
29019
#: serverguide/C/dns.xml:345(para)
29020
msgid ""
29021
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
29022
"on the Primary is larger than the one on the Secondary. If you want to have "
29023
"your Primary Master DNS notifying Secondary DNS Servers of zone changes, you "
29024
"can add <emphasis>also-notify { ipaddress; };</emphasis> in to "
29025
"<filename>/etc/bind/named.conf.local</filename> as shown in the example "
29026
"below:"
29027
msgstr ""
29028
29029
#: serverguide/C/dns.xml:349(programlisting)
29030
#, no-wrap
29031
msgid ""
29032
"\n"
29033
"zone \"example.com\" {\n"
29034
"\ttype master;\n"
29035
"\tfile \"/etc/bind/db.example.com\";\n"
29036
"\tallow-transfer { 192.168.1.11; };\n"
29037
"\talso-notify { 192.168.1.11; }; \n"
29038
"\t};\n"
29039
"\n"
29040
"zone \"1.168.192.in-addr.arpa\" {\n"
29041
"\ttype master;\n"
29042
"\tfile \"/etc/bind/db.192\";\n"
29043
"\tallow-transfer { 192.168.1.11; };\n"
29044
"\talso-notify { 192.168.1.11; }; \n"
29045
"\t};\n"
29046
"\t"
29047
msgstr ""
29048
29049
#: serverguide/C/dns.xml:365(para)
29050
msgid ""
29051
"The default directory for non-authoritative zone files is "
29052
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
29053
"<application>AppArmor</application> to allow the "
29054
"<application>named</application> daemon to write to it. For more information "
29055
"on AppArmor see <xref linkend=\"apparmor\"/>."
29056
msgstr ""
29057
29058
#: serverguide/C/dns.xml:376(para)
29059
msgid ""
29060
"This section covers ways to help determine the cause when problems happen "
29061
"with DNS and <application>BIND9</application>."
29062
msgstr ""
29063
29064
#: serverguide/C/dns.xml:382(title)
29065
msgid "resolv.conf"
29066
msgstr ""
29067
29068
#: serverguide/C/dns.xml:383(para)
29069
msgid ""
29070
"The first step in testing <application>BIND9</application> is to add the "
29071
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
29072
"be configured as well as another host to double check things. Refer to <xref "
29073
"linkend=\"dns-client-configuration\"/> for details on adding nameserver "
29074
"addresses to your network clients, and afterwards check that the file "
29075
"<filename>/etc/resolv.conf</filename> contains (for this example):"
29076
msgstr ""
29077
29078
#: serverguide/C/dns.xml:389(programlisting)
29079
#, no-wrap
29080
msgid ""
29081
"\n"
29082
"nameserver\t192.168.1.10\n"
29083
"nameserver\t192.168.1.11\n"
29084
msgstr ""
29085
29086
#: serverguide/C/dns.xml:393(para)
29087
msgid ""
29088
"Nameservers that listen at 127.* are responsible for adding their own IP "
29089
"addresses to resolv.conf (using resolvconf). This is done via the file "
29090
"<filename>/etc/default/bind9</filename> by changing the line RESOLVCONF=no "
29091
"to RESOLVCONF=yes."
29092
msgstr ""
29093
29094
#: serverguide/C/dns.xml:398(para)
29095
msgid ""
29096
"You should also add the IP Address of the Secondary nameserver in case the "
29097
"Primary becomes unavailable."
29098
msgstr ""
29099
29100
#: serverguide/C/dns.xml:404(title)
29101
msgid "dig"
29102
msgstr ""
29103
29104
#: serverguide/C/dns.xml:405(para)
29105
msgid ""
29106
"If you installed the <application>dnsutils</application> package you can "
29107
"test your setup using the DNS lookup utility <application>dig</application>:"
29108
msgstr ""
29109
29110
#: serverguide/C/dns.xml:411(para)
29111
msgid ""
29112
"After installing <application>BIND9</application> use "
29113
"<application>dig</application> against the loopback interface to make sure "
29114
"it is listening on port 53. From a terminal prompt:"
29115
msgstr ""
29116
29117
#: serverguide/C/dns.xml:416(command)
29118
msgid "dig -x 127.0.0.1"
29119
msgstr ""
29120
29121
#: serverguide/C/dns.xml:418(para)
29122
msgid "You should see lines similar to the following in the command output:"
29123
msgstr ""
29124
29125
#: serverguide/C/dns.xml:421(programlisting)
29126
#, no-wrap
29127
msgid ""
29128
"\n"
29129
";; Query time: 1 msec\n"
29130
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
29131
msgstr ""
29132
29133
#: serverguide/C/dns.xml:427(para)
29134
msgid ""
29135
"If you have configured <application>BIND9</application> as a "
29136
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
29137
"the query time:"
29138
msgstr ""
29139
29140
#: serverguide/C/dns.xml:432(command)
29141
msgid "dig ubuntu.com"
29142
msgstr ""
29143
29144
#: serverguide/C/dns.xml:434(para)
29145
msgid "Note the query time toward the end of the command output:"
29146
msgstr ""
29147
29148
#: serverguide/C/dns.xml:437(programlisting)
29149
#, no-wrap
29150
msgid ""
29151
"\n"
29152
";; Query time: 49 msec\n"
29153
msgstr ""
29154
29155
#: serverguide/C/dns.xml:440(para)
29156
msgid "After a second dig there should be improvement:"
29157
msgstr ""
29158
29159
#: serverguide/C/dns.xml:443(programlisting)
29160
#, no-wrap
29161
msgid ""
29162
"\n"
29163
";; Query time: 1 msec\n"
29164
msgstr ""
29165
29166
#: serverguide/C/dns.xml:450(title)
29167
msgid "ping"
29168
msgstr ""
29169
29170
#: serverguide/C/dns.xml:452(para)
29171
msgid ""
29172
"Now to demonstrate how applications make use of DNS to resolve a host name "
29173
"use the <application>ping</application> utility to send an ICMP echo "
29174
"request. From a terminal prompt enter:"
29175
msgstr ""
29176
29177
#: serverguide/C/dns.xml:458(command)
29178
msgid "ping example.com"
29179
msgstr ""
29180
29181
#: serverguide/C/dns.xml:460(para)
29182
msgid ""
29183
"This tests if the nameserver can resolve the name "
29184
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
29185
"should resemble:"
29186
msgstr ""
29187
29188
#: serverguide/C/dns.xml:464(programlisting)
29189
#, no-wrap
29190
msgid ""
29191
"\n"
29192
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
29193
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
29194
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
29195
msgstr ""
29196
29197
#: serverguide/C/dns.xml:471(title)
29198
msgid "named-checkzone"
29199
msgstr ""
29200
29201
#: serverguide/C/dns.xml:472(para)
29202
msgid ""
29203
"A great way to test your zone files is by using the <application>named-"
29204
"checkzone</application> utility installed with the "
29205
"<application>bind9</application> package. This utility allows you to make "
29206
"sure the configuration is correct before restarting "
29207
"<application>BIND9</application> and making the changes live."
29208
msgstr ""
29209
29210
#: serverguide/C/dns.xml:479(para)
29211
msgid ""
29212
"To test our example Forward zone file enter the following from a command "
29213
"prompt:"
29214
msgstr ""
29215
29216
#: serverguide/C/dns.xml:483(command)
29217
msgid "named-checkzone example.com /etc/bind/db.example.com"
29218
msgstr ""
29219
29220
#: serverguide/C/dns.xml:485(para)
29221
msgid ""
29222
"If everything is configured correctly you should see output similar to:"
29223
msgstr ""
29224
29225
#: serverguide/C/dns.xml:488(programlisting)
29226
#, no-wrap
29227
msgid ""
29228
"\n"
29229
"zone example.com/IN: loaded serial 6\n"
29230
"OK\n"
29231
msgstr ""
29232
29233
#: serverguide/C/dns.xml:494(para)
29234
msgid "Similarly, to test the Reverse zone file enter the following:"
29235
msgstr ""
29236
29237
#: serverguide/C/dns.xml:498(command)
29238
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
29239
msgstr ""
29240
29241
#: serverguide/C/dns.xml:500(para)
29242
msgid "The output should be similar to:"
29243
msgstr ""
29244
29245
#: serverguide/C/dns.xml:503(programlisting)
29246
#, no-wrap
29247
msgid ""
29248
"\n"
29249
"zone 1.168.192.in-addr.arpa/IN: loaded serial 3\n"
29250
"OK\n"
29251
msgstr ""
29252
29253
#: serverguide/C/dns.xml:510(para)
29254
msgid ""
29255
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
29256
"different."
29257
msgstr ""
29258
29259
#: serverguide/C/dns.xml:518(para)
29260
msgid ""
29261
"<application>BIND9</application> has a wide variety of logging configuration "
29262
"options available. There are two main options. The "
29263
"<emphasis>channel</emphasis> option configures where logs go, and the "
29264
"<emphasis>category</emphasis> option determines what information to log."
29265
msgstr ""
29266
29267
#: serverguide/C/dns.xml:522(para)
29268
msgid "If no logging option is configured the default option is:"
29269
msgstr ""
29270
29271
#: serverguide/C/dns.xml:525(programlisting)
29272
#, no-wrap
29273
msgid ""
29274
"\n"
29275
"logging {\n"
29276
" category default { default_syslog; default_debug; };\n"
29277
" category unmatched { null; };\n"
29278
"};\n"
29279
msgstr ""
29280
29281
#: serverguide/C/dns.xml:531(para)
29282
msgid ""
29283
"This section covers configuring <application>BIND9</application> to send "
29284
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
29285
"file."
29286
msgstr ""
29287
29288
#: serverguide/C/dns.xml:536(para)
29289
msgid ""
29290
"First, we need to configure a channel to specify which file to send the "
29291
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
29292
"the following:"
29293
msgstr ""
29294
29295
#: serverguide/C/dns.xml:540(programlisting)
29296
#, no-wrap
29297
msgid ""
29298
"\n"
29299
"logging {\n"
29300
" channel query.log { \n"
29301
" file \"/var/log/query.log\";\n"
29302
" severity debug 3; \n"
29303
" }; \n"
29304
"};\n"
29305
msgstr ""
29306
29307
#: serverguide/C/dns.xml:550(para)
29308
msgid "Next, configure a category to send all DNS queries to the query file:"
29309
msgstr ""
29310
29311
#: serverguide/C/dns.xml:553(programlisting)
29312
#, no-wrap
29313
msgid ""
29314
"\n"
29315
"logging {\n"
29316
" channel query.log { \n"
29317
" file \"/var/log/query.log\"; \n"
29318
" severity debug 3; \n"
29319
" }; \n"
29320
" <emphasis>category queries { query.log; };</emphasis> \n"
29321
"};\n"
29322
msgstr ""
29323
29324
#: serverguide/C/dns.xml:565(para)
29325
msgid ""
29326
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
29327
"level isn't specified level 1 is the default."
29328
msgstr ""
29329
29330
#: serverguide/C/dns.xml:571(para)
29331
msgid ""
29332
"Since the <emphasis>named daemon</emphasis> runs as the "
29333
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
29334
"file must be created and the ownership changed:"
29335
msgstr ""
29336
29337
#: serverguide/C/dns.xml:576(command)
29338
msgid "sudo touch /var/log/query.log"
29339
msgstr ""
29340
29341
#: serverguide/C/dns.xml:577(command)
29342
msgid "sudo chown bind /var/log/query.log"
29343
msgstr ""
29344
29345
#: serverguide/C/dns.xml:581(para)
29346
msgid ""
29347
"Before <application>named</application> daemon can write to the new log file "
29348
"the <application>AppArmor</application> profile must be updated. First, edit "
29349
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
29350
msgstr ""
29351
29352
#: serverguide/C/dns.xml:585(programlisting)
29353
#, no-wrap
29354
msgid ""
29355
"\n"
29356
"/var/log/query.log w,\n"
29357
msgstr ""
29358
29359
#: serverguide/C/dns.xml:588(para)
29360
msgid "Next, reload the profile:"
29361
msgstr ""
29362
29363
#: serverguide/C/dns.xml:592(command)
29364
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
29365
msgstr ""
29366
29367
#: serverguide/C/dns.xml:594(para)
29368
msgid ""
29369
"For more information on <application>AppArmor</application> see <xref "
29370
"linkend=\"apparmor\"/>"
29371
msgstr ""
29372
29373
#: serverguide/C/dns.xml:599(para)
29374
msgid ""
29375
"Now restart <application>BIND9</application> for the changes to take effect:"
29376
msgstr ""
29377
29378
#: serverguide/C/dns.xml:607(para)
29379
msgid ""
29380
"You should see the file <filename>/var/log/query.log</filename> fill with "
29381
"query information. This is a simple example of the "
29382
"<application>BIND9</application> logging options. For coverage of advanced "
29383
"options see <xref linkend=\"dns-more-info\"/>."
29384
msgstr ""
29385
29386
#: serverguide/C/dns.xml:616(title)
29387
msgid "Common Record Types"
29388
msgstr ""
29389
29390
#: serverguide/C/dns.xml:617(para)
29391
msgid "This section covers some of the most common DNS record types."
29392
msgstr ""
29393
29394
#: serverguide/C/dns.xml:622(para)
29395
msgid ""
29396
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
29397
msgstr ""
29398
29399
#: serverguide/C/dns.xml:625(programlisting)
29400
#, no-wrap
29401
msgid ""
29402
"\n"
29403
"www IN A 192.168.1.12\n"
29404
msgstr ""
29405
29406
#: serverguide/C/dns.xml:630(para)
29407
msgid ""
29408
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
29409
"record. You cannot create a CNAME record pointing to another CNAME record."
29410
msgstr ""
29411
29412
#: serverguide/C/dns.xml:633(programlisting)
29413
#, no-wrap
29414
msgid ""
29415
"\n"
29416
"web IN CNAME www\n"
29417
msgstr ""
29418
29419
#: serverguide/C/dns.xml:638(para)
29420
msgid ""
29421
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
29422
"to. Must point to an A record, not a CNAME."
29423
msgstr ""
29424
29425
#: serverguide/C/dns.xml:641(programlisting)
29426
#, no-wrap
29427
msgid ""
29428
"\n"
29429
" IN MX 1 mail.example.com.\n"
29430
"mail IN A 192.168.1.13\n"
29431
msgstr ""
29432
29433
#: serverguide/C/dns.xml:647(para)
29434
msgid ""
29435
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
29436
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
29437
"Secondary servers are defined."
29438
msgstr ""
29439
29440
#: serverguide/C/dns.xml:651(programlisting)
29441
#, no-wrap
29442
msgid ""
29443
"\n"
29444
" IN NS ns.example.com.\n"
29445
" IN NS ns2.example.com.\n"
29446
"ns IN A 192.168.1.10\n"
29447
"ns2 IN A 192.168.1.11\n"
29448
msgstr ""
29449
29450
#: serverguide/C/dns.xml:661(title)
29451
msgid "More Information"
29452
msgstr ""
29453
29454
#: serverguide/C/dns.xml:664(para)
29455
msgid ""
29456
"The <ulink url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 "
29457
"Server HOWTO</ulink> in the Ubuntu Wiki has a lot of useful information."
29458
msgstr ""
29459
29460
#: serverguide/C/dns.xml:669(para)
29461
msgid ""
29462
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
29463
"HOWTO</ulink> at The Linux Documentation Project also has lots of "
29464
"information about configuring BIND9."
29465
msgstr ""
29466
29467
#: serverguide/C/dns.xml:674(para)
29468
msgid ""
29469
"<ulink url=\"http://www.bind9.net/\">Bind9.net</ulink> has links to a large "
29470
"collection of DNS and <application>BIND9</application> resources."
29471
msgstr ""
29472
29473
#: serverguide/C/dns.xml:679(para)
29474
msgid ""
29475
"<ulink url=\"http://shop.oreilly.com/product/9780596100575.do\">DNS and "
29476
"BIND</ulink> is a popular book now in it's fifth edition. There is now also "
29477
"a <ulink url=\"http://shop.oreilly.com/product/0636920020158.do\">DNS and "
29478
"BIND on IPv6</ulink> book."
29479
msgstr ""
29480
29481
#: serverguide/C/dns.xml:684(para)
29482
msgid ""
29483
"A great place to ask for <application>BIND9</application> assistance, and "
29484
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
29485
"server</emphasis> IRC channel on <ulink "
29486
"url=\"http://freenode.net\">freenode</ulink>."
29487
msgstr ""
29488
29489
#: serverguide/C/dm-multipath.xml:22(title)
29490
msgid "DM-Multipath"
29491
msgstr ""
29492
29493
#: serverguide/C/dm-multipath.xml:25(title)
29494
msgid "Device Mapper Multipathing"
29495
msgstr ""
29496
29497
#: serverguide/C/dm-multipath.xml:27(para)
29498
msgid ""
29499
"Device mapper multipathing (DM-Multipath) allows you to configure multiple "
29500
"I/O paths between server nodes and storage arrays into a single device. "
29501
"These I/O paths are physical SAN connections that can include separate "
29502
"cables, switches, and controllers. Multipathing aggregates the I/O paths, "
29503
"creating a new device that consists of the aggregated paths. This chapter "
29504
"provides a summary of the features of DM-Multipath that are new for the "
29505
"initial release of Ubuntu Server 12.04. Following that, this chapter "
29506
"provides a high-level overview of DM Multipath and its components, as well "
29507
"as an overview of DM-Multipath setup."
29508
msgstr ""
29509
29510
#: serverguide/C/dm-multipath.xml:38(title)
29511
msgid "New and Changed Features for Ubuntu Server 12.04"
29512
msgstr ""
29513
29514
#: serverguide/C/dm-multipath.xml:40(para)
29515
msgid "Migrated from multipath-0.4.8 to multipath-0.4.9"
29516
msgstr ""
29517
29518
#: serverguide/C/dm-multipath.xml:43(title)
29519
msgid "Migration from 0.4.8"
29520
msgstr ""
29521
29522
#: serverguide/C/dm-multipath.xml:45(para)
29523
msgid ""
29524
"The priority checkers are no longer run as standalone binaries, but as "
29525
"shared libraries. The key value name for this feature has also slightly "
29526
"changed. Copy the attribute named <emphasis "
29527
"role=\"bold\">prio_callout</emphasis> to <emphasis "
29528
"role=\"bold\">prio</emphasis>, also modify the argument the name of the "
29529
"priority checker, a system path is no longer necessary. Example "
29530
"conversion:<screen>device {\n"
29531
" vendor \"NEC\"\n"
29532
" product \"DISK ARRAY\"\n"
29533
" prio_callout mpath_prio_alua /dev/%n\n"
29534
" prio alua\n"
29535
"}</screen>"
29536
msgstr ""
29537
29538
#: serverguide/C/dm-multipath.xml:58(para)
29539
msgid ""
29540
"See Table <xref endterm=\"checker-conversion-table\" linkend=\"priority-"
29541
"checker-conversion-table\"/> for a complete listing"
29542
msgstr ""
29543
29544
#: serverguide/C/dm-multipath.xml:62(title)
29545
msgid "Priority Checker Conversion"
29546
msgstr ""
29547
29548
#: serverguide/C/dm-multipath.xml:71(entry)
29549
msgid "v0.4.8"
29550
msgstr ""
29551
29552
#: serverguide/C/dm-multipath.xml:73(entry)
29553
msgid "v0.4.9"
29554
msgstr ""
29555
29556
#: serverguide/C/dm-multipath.xml:79(emphasis)
29557
msgid "prio_callout mpath_prio_emc /dev/%n"
29558
msgstr ""
29559
29560
#: serverguide/C/dm-multipath.xml:82(emphasis)
29561
msgid "prio emc"
29562
msgstr ""
29563
29564
#: serverguide/C/dm-multipath.xml:86(emphasis)
29565
msgid "prio_callout mpath_prio_alua /dev/%n"
29566
msgstr ""
29567
29568
#: serverguide/C/dm-multipath.xml:89(emphasis)
29569
msgid "prio alua"
29570
msgstr ""
29571
29572
#: serverguide/C/dm-multipath.xml:93(emphasis)
29573
msgid "prio_callout mpath_prio_netapp /dev/%n"
29574
msgstr ""
29575
29576
#: serverguide/C/dm-multipath.xml:96(emphasis)
29577
msgid "prio netapp"
29578
msgstr ""
29579
29580
#: serverguide/C/dm-multipath.xml:100(emphasis)
29581
msgid "prio_callout mpath_prio_rdac /dev/%n"
29582
msgstr ""
29583
29584
#: serverguide/C/dm-multipath.xml:103(emphasis)
29585
msgid "prio rdac"
29586
msgstr ""
29587
29588
#: serverguide/C/dm-multipath.xml:107(emphasis)
29589
msgid "prio_callout mpath_prio_hp_sw /dev/%n"
29590
msgstr ""
29591
29592
#: serverguide/C/dm-multipath.xml:110(emphasis)
29593
msgid "prio hp_sw"
29594
msgstr ""
29595
29596
#: serverguide/C/dm-multipath.xml:114(emphasis)
29597
msgid "prio_callout mpath_prio_hds_modular %b"
29598
msgstr ""
29599
29600
#: serverguide/C/dm-multipath.xml:117(emphasis)
29601
msgid "prio hds"
29602
msgstr ""
29603
29604
#: serverguide/C/dm-multipath.xml:123(para)
29605
msgid ""
29606
"Since the multipath config file parser essentially parses all key/value "
29607
"pairs it finds and then makes use of them, it is safe for both <emphasis "
29608
"role=\"bold\">prio_callout</emphasis> and <emphasis "
29609
"role=\"bold\">prio</emphasis> to coexist and is recommended that the "
29610
"<emphasis role=\"bold\">prio</emphasis> attribute be inserted before "
29611
"beginning migration. After which you can safely delete the legacy <emphasis "
29612
"role=\"bold\">prio_calliout</emphasis> attribute without interrupting "
29613
"service."
29614
msgstr ""
29615
29616
#: serverguide/C/dm-multipath.xml:137(para)
29617
msgid "DM-Multipath can be used to provide:"
29618
msgstr ""
29619
29620
#: serverguide/C/dm-multipath.xml:141(para)
29621
msgid ""
29622
"<emphasis> Redundancy </emphasis> DM-Multipath can provide failover in an "
29623
"active/passive configuration. In an active/passive configuration, only half "
29624
"the paths are used at any time for I/O. If any element of an I/O path (the "
29625
"cable, switch, or controller) fails, DM-Multipath switches to an alternate "
29626
"path."
29627
msgstr ""
29628
29629
#: serverguide/C/dm-multipath.xml:149(para)
29630
msgid ""
29631
"<emphasis> Improved Performance </emphasis> Performance DM-Multipath can be "
29632
"configured in active/active mode, where I/O is spread over the paths in a "
29633
"round-robin fashion. In some configurations, DM-Multipath can detect loading "
29634
"on the I/O paths and dynamically re-balance the load."
29635
msgstr ""
29636
29637
#: serverguide/C/dm-multipath.xml:159(title)
29638
msgid "Storage Array Overview"
29639
msgstr ""
29640
29641
#: serverguide/C/dm-multipath.xml:161(para)
29642
msgid ""
29643
"By default, DM-Multipath includes support for the most common storage arrays "
29644
"that support DM-Multipath. The supported devices can be found in the "
29645
"multipath.conf.defaults file. If your storage array supports DM-Multipath "
29646
"and is not configured by default in this file, you may need to add them to "
29647
"the DM-Multipath configuration file, multipath.conf. For information on the "
29648
"DM-Multipath configuration file, see Section, <link linkend=\"multipath-dm-"
29649
"multipath-config-file\">The DM-Multipath Configuration File</link>. Some "
29650
"storage arrays require special handling of I/O errors and path switching. "
29651
"These require separate hardware handler kernel modules."
29652
msgstr ""
29653
29654
#: serverguide/C/dm-multipath.xml:174(title)
29655
msgid "DM-Multipath components"
29656
msgstr ""
29657
29658
#: serverguide/C/dm-multipath.xml:176(para)
29659
msgid ""
29660
"Table <link linkend=\"multipath-components-table\">DM-Multipath "
29661
"Components</link> describes the components of the DM-Multipath package."
29662
msgstr ""
29663
29664
#: serverguide/C/dm-multipath.xml:183(title)
29665
msgid "DM-Multipath Setup Overview"
29666
msgstr ""
29667
29668
#: serverguide/C/dm-multipath.xml:190(para)
29669
msgid ""
29670
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
29671
"role=\"bold\">multipath-tools-boot</emphasis> packages"
29672
msgstr ""
29673
29674
#: serverguide/C/dm-multipath.xml:196(para)
29675
msgid ""
29676
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
29677
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
29678
msgstr ""
29679
29680
#: serverguide/C/dm-multipath.xml:202(para)
29681
msgid ""
29682
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
29683
"configuration file to modify default values and save the updated file."
29684
msgstr ""
29685
29686
#: serverguide/C/dm-multipath.xml:208(para)
29687
msgid "Start the multipath daemon"
29688
msgstr ""
29689
29690
#: serverguide/C/dm-multipath.xml:212(para)
29691
msgid "Update initial ramdisk"
29692
msgstr ""
29693
29694
#: serverguide/C/dm-multipath.xml:185(para)
29695
msgid ""
29696
"DM-Multipath includes compiled-in default settings that are suitable for "
29697
"common multipath configurations. Setting up DM-multipath is often a simple "
29698
"procedure. The basic procedure for configuring your system with DM-Multipath "
29699
"is as follows: <placeholder-1/> For detailed setup instructions for "
29700
"multipath configuration see Section, <link linkend=\"multipath-setup-"
29701
"overview\">Setting Up DM-Multipath</link>."
29702
msgstr ""
29703
29704
#: serverguide/C/dm-multipath.xml:222(title)
29705
msgid "Multipath Devices"
29706
msgstr ""
29707
29708
#: serverguide/C/dm-multipath.xml:224(para)
29709
msgid ""
29710
"Without DM-Multipath, each path from a server node to a storage controller "
29711
"is treated by the system as a separate device, even when the I/O path "
29712
"connects the same server node to the same storage controller. DM-Multipath "
29713
"provides a way of organizing the I/O paths logically, by creating a single "
29714
"multipath device on top of the underlying devices."
29715
msgstr ""
29716
29717
#: serverguide/C/dm-multipath.xml:232(title)
29718
msgid "Multipath Device Identifiers"
29719
msgstr ""
29720
29721
#: serverguide/C/dm-multipath.xml:260(para)
29722
msgid ""
29723
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
29724
"early in the boot process. Use these devices to access the multipathed "
29725
"devices, for example when creating logical volumes."
29726
msgstr ""
29727
29728
#: serverguide/C/dm-multipath.xml:267(para)
29729
msgid ""
29730
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
29731
"internal use only and should never be used."
29732
msgstr ""
29733
29734
#: serverguide/C/dm-multipath.xml:234(para)
29735
msgid ""
29736
"Each multipath device has a World Wide Identifier (WWID), which is "
29737
"guaranteed to be globally unique and unchanging. By default, the name of a "
29738
"multipath device is set to its WWID. Alternately, you can set the <emphasis "
29739
"role=\"bold\"><link linkend=\"attribute-"
29740
"user_friendly_names\">user_friendly_names</link></emphasis>option in the "
29741
"multipath configuration file, which causes DM-Multipath to use a node-unique "
29742
"alias of the form <emphasis role=\"bold\">mpathn</emphasis> as the name. For "
29743
"example, a node with two HBAs attached to a storage controller with two "
29744
"ports via a single unzoned FC switch sees four devices: <emphasis "
29745
"role=\"bold\">/dev/sda</emphasis>, <emphasis "
29746
"role=\"bold\">/dev/sdb</emphasis>, <emphasis "
29747
"role=\"bold\">/dev/sdc</emphasis>, and <emphasis "
29748
"role=\"bold\">/dev/sdd</emphasis>. DM-Multipath creates a single device with "
29749
"a unique WWID that reroutes I/O to those four underlying devices according "
29750
"to the multipath configuration. When the <emphasis role=\"bold\"><link "
29751
"linkend=\"attribute-"
29752
"user_friendly_names\">user_friendly_names</link></emphasis> configuration "
29753
"option is set to <emphasis role=\"bold\">yes</emphasis>, the name of the "
29754
"multipath device is set to <emphasis role=\"bold\">mpathn</emphasis>. When "
29755
"new devices are brought under the control of DM-Multipath, the new devices "
29756
"may be seen in two different places under the <emphasis "
29757
"role=\"bold\">/dev</emphasis> directory: <emphasis "
29758
"role=\"bold\">/dev/mapper/mpathn</emphasis> and <emphasis "
29759
"role=\"bold\">/dev/dm-n</emphasis>. <placeholder-1/>For information on the "
29760
"multipath configuration defaults, including the <emphasis "
29761
"role=\"bold\"><link linkend=\"attribute-"
29762
"user_friendly_names\">user_friendly_names</link></emphasis> configuration "
29763
"option, see Section , <link linkend=\"multipath-config-"
29764
"defaults\">Configuration File Defaults</link>. You can also set the name of "
29765
"a multipath device to a name of your choosing by using the <emphasis "
29766
"role=\"bold\"><link linkend=\"attribute-alias\">alias</link></emphasis> "
29767
"option in the <emphasis role=\"bold\">multipaths</emphasis> section of the "
29768
"multipath configuration file. For information on the <emphasis "
29769
"role=\"bold\">multipaths</emphasis> section of the multipath configuration "
29770
"file, see Section, <link linkend=\"multipath-config-multipath\">Multipaths "
29771
"Device Configuration Attributes</link>."
29772
msgstr ""
29773
29774
#: serverguide/C/dm-multipath.xml:288(title)
29775
msgid "Consistent Multipath Device Names in a Cluster"
29776
msgstr ""
29777
29778
#: serverguide/C/dm-multipath.xml:290(para)
29779
msgid ""
29780
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
29781
"configuration option is set to yes, the name of the multipath device is "
29782
"unique to a node, but it is not guaranteed to be the same on all nodes using "
29783
"the multipath device. Similarly, if you set the <emphasis "
29784
"role=\"bold\">alias</emphasis> option for a device in the <emphasis "
29785
"role=\"bold\">multipaths</emphasis> section of the "
29786
"<filename>multipath.conf</filename> configuration file, the name is not "
29787
"automatically consistent across all nodes in the cluster. This should not "
29788
"cause any difficulties if you use LVM to create logical devices from the "
29789
"multipath device, but if you require that your multipath device names be "
29790
"consistent in every node it is recommended that you leave the <emphasis "
29791
"role=\"bold\">user_friendly_names</emphasis> option set to <emphasis "
29792
"role=\"bold\">no</emphasis> and that you not configure aliases for the "
29793
"devices. By default, if you do not set <emphasis "
29794
"role=\"bold\">user_friendly_names</emphasis> to yes or configure an alias "
29795
"for a device, a device name will be the WWID for the device, which is always "
29796
"the same. If you want the system-defined user-friendly names to be "
29797
"consistent across all nodes in the cluster, however, you can follow this "
29798
"procedure:"
29799
msgstr ""
29800
29801
#: serverguide/C/dm-multipath.xml:312(para)
29802
msgid "Set up all of the multipath devices on one machine."
29803
msgstr ""
29804
29805
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
29806
msgid ""
29807
"Disable all of your multipath devices on your other machines by running the "
29808
"following commands:"
29809
msgstr ""
29810
29811
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
29812
#, no-wrap
29813
msgid ""
29814
"# systemctl stop multipath-tools.service\n"
29815
"# multipath -F\n"
29816
msgstr ""
29817
29818
#: serverguide/C/dm-multipath.xml:325(para)
29819
msgid ""
29820
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
29821
"machine to all the other machines in the cluster."
29822
msgstr ""
29823
29824
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
29825
msgid ""
29826
"Re-enable the multipathd daemon on all the other machines in the cluster by "
29827
"running the following command:"
29828
msgstr ""
29829
29830
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
29831
#, no-wrap
29832
msgid "# systemctl start multipath-tools.service"
29833
msgstr ""
29834
29835
#: serverguide/C/dm-multipath.xml:338(para)
29836
msgid "If you add a new device, you will need to repeat this process."
29837
msgstr ""
29838
29839
#: serverguide/C/dm-multipath.xml:341(para)
29840
msgid ""
29841
"Similarly, if you configure an alias for a device that you would like to be "
29842
"consistent across the nodes in the cluster, you should ensure that the "
29843
"<filename>/etc/multipath.conf</filename> file is the same for each node in "
29844
"the cluster by following the same procedure:"
29845
msgstr ""
29846
29847
#: serverguide/C/dm-multipath.xml:348(para)
29848
msgid ""
29849
"Configure the aliases for the multipath devices in the in the "
29850
"<filename>multipath.conf</filename> file on one machine."
29851
msgstr ""
29852
29853
#: serverguide/C/dm-multipath.xml:362(para)
29854
msgid ""
29855
"Copy the <filename>multipath.conf</filename> file from the first machine to "
29856
"all the other machines in the cluster."
29857
msgstr ""
29858
29859
#: serverguide/C/dm-multipath.xml:374(para)
29860
msgid "When you add a new device you will need to repeat this process."
29861
msgstr ""
29862
29863
#: serverguide/C/dm-multipath.xml:379(title)
29864
msgid "Multipath Device attributes"
29865
msgstr ""
29866
29867
#: serverguide/C/dm-multipath.xml:381(para)
29868
msgid ""
29869
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
29870
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
29871
"numerous attributes. You can modify these attributes for a specific "
29872
"multipath device by creating an entry for that device in the <emphasis "
29873
"role=\"bold\">multipaths</emphasis> section of the <emphasis "
29874
"role=\"bold\">multipath</emphasis> configuration file. For information on "
29875
"the <emphasis role=\"bold\">multipaths</emphasis> section of the multipath "
29876
"configuration file, see Section, \"<link endterm=\"config-multipath-title\" "
29877
"linkend=\"multipath-config-multipath\"/>\"."
29878
msgstr ""
29879
29880
#: serverguide/C/dm-multipath.xml:394(title)
29881
msgid "Multipath Devices in Logical Volumes"
29882
msgstr ""
29883
29884
#: serverguide/C/dm-multipath.xml:396(para)
29885
msgid ""
29886
"After creating multipath devices, you can use the multipath device names "
29887
"just as you would use a physical device name when creating an LVM physical "
29888
"volume. For example, if /dev/mapper/mpatha is the name of a multipath "
29889
"device, the following command will mark /dev/mapper/mpatha as a physical "
29890
"volume. <screen># pvcreate /dev/mapper/mpatha</screen> You can use the "
29891
"resulting LVM physical device when you create an LVM volume group just as "
29892
"you would use any other LVM physical device."
29893
msgstr ""
29894
29895
#: serverguide/C/dm-multipath.xml:405(para)
29896
msgid ""
29897
"If you attempt to create an LVM physical volume on a whole device on which "
29898
"you have configured partitions, the pvcreate command will fail."
29899
msgstr ""
29900
29901
#: serverguide/C/dm-multipath.xml:425(para)
29902
msgid ""
29903
"Every time either <filename>/etc/lvm.conf</filename> or "
29904
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
29905
"rebuilt to reflect these changes. This is imperative when blacklists and "
29906
"filters are necessary to maintain a stable storage configuration."
29907
msgstr ""
29908
29909
#: serverguide/C/dm-multipath.xml:410(para)
29910
msgid ""
29911
"When you create an LVM logical volume that uses active/passive multipath "
29912
"arrays as the underlying physical devices, you should include filters in the "
29913
"<emphasis role=\"bold\">lvm.conf</emphasis> to exclude the disks that "
29914
"underlie the multipath devices. This is because if the array automatically "
29915
"changes the active path to the passive path when it receives I/O, multipath "
29916
"will failover and failback whenever LVM scans the passive path if these "
29917
"devices are not filtered. For active/passive arrays that require a command "
29918
"to make the passive path active, LVM prints a warning message when this "
29919
"occurs. To filter all SCSI devices in the LVM configuration file (lvm.conf), "
29920
"include the following filter in the devices section of the file. "
29921
"<screen>filter = [ \"r/block/\", \"r/disk/\", \"r/sd.*/\", \"a/.*/\" "
29922
"]</screen>After updating <filename>/etc/lvm.conf</filename>, it's necessary "
29923
"to update the <emphasis role=\"bold\">initrd</emphasis> so that this file "
29924
"will be copied there, where the filter matters the most, during boot. "
29925
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
29926
msgstr ""
29927
29928
#: serverguide/C/dm-multipath.xml:435(title)
29929
msgid "Setting up DM-Multipath Overview"
29930
msgstr ""
29931
29932
#: serverguide/C/dm-multipath.xml:437(para)
29933
msgid ""
29934
"This section provides step-by-step example procedures for configuring DM-"
29935
"Multipath. It includes the following procedures:"
29936
msgstr ""
29937
29938
#: serverguide/C/dm-multipath.xml:442(para)
29939
msgid "Basic DM-Multipath setup"
29940
msgstr ""
29941
29942
#: serverguide/C/dm-multipath.xml:446(para)
29943
msgid "Ignoring local disks"
29944
msgstr ""
29945
29946
#: serverguide/C/dm-multipath.xml:450(para)
29947
msgid "Adding more devices to the configuration file"
29948
msgstr ""
29949
29950
#: serverguide/C/dm-multipath.xml:455(title)
29951
msgid "Setting Up DM-Multipath"
29952
msgstr ""
29953
29954
#: serverguide/C/dm-multipath.xml:457(para)
29955
msgid ""
29956
"Before setting up DM-Multipath on your system, ensure that your system has "
29957
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
29958
"tools</application></emphasis> package. If boot from SAN is desired, then "
29959
"the <emphasis role=\"bold\"><application>multipath-tools-"
29960
"boot</application></emphasis> package is also required."
29961
msgstr ""
29962
29963
#: serverguide/C/dm-multipath.xml:475(para)
29964
msgid ""
29965
"To work around a quirk in multipathd, when an "
29966
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
29967
"will return nothing, as it is the result of a <emphasis>merge</emphasis> "
29968
"between the <filename>/etc/multipath.conf</filename> and the database in "
29969
"memory. To remedy this, either define an empty "
29970
"<filename>/etc/multipath.conf</filename>, by using <emphasis "
29971
"role=\"bold\">touch</emphasis>, or create one that redefines a default value "
29972
"like:<screen>defaults {\n"
29973
" user_friendly_names no\n"
29974
"}\n"
29975
"</screen>and restart multipathd:<screen># systemctl restart multipath-"
29976
"tools.service</screen>Now the \"show config\" command will return the live "
29977
"database."
29978
msgstr ""
29979
29980
#: serverguide/C/dm-multipath.xml:464(para)
29981
msgid ""
29982
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
29983
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
29984
"an accompanying <filename>/etc/multipath.conf</filename>, it draws from it's "
29985
"internal database to find a suitable configuration, it also draws from it's "
29986
"internal blacklist. If after running <emphasis role=\"bold\">multipath -"
29987
"ll</emphasis> without a config file, no multipaths are discovered. One must "
29988
"proceed to increase the verbosity to discover why a multipath was not "
29989
"created. Consider referencing the SAN vendor's documentation, the multipath "
29990
"example config files found in <filename>/usr/share/doc/multipath-"
29991
"tools/examples</filename>, and the live multipathd database:<screen "
29992
"id=\"multipath-skel-config\"># echo 'show config' | multipathd -k > "
29993
"multipath.conf-live</screen><placeholder-1/>"
29994
msgstr ""
29995
29996
#: serverguide/C/dm-multipath.xml:492(title)
29997
msgid "Installing with Multipath Support"
29998
msgstr ""
29999
30000
#: serverguide/C/dm-multipath.xml:494(para)
30001
msgid ""
30002
"To enable <ulink "
30003
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
30004
"support during installation</ulink> use<screen>install disk-"
30005
"detect/multipath/enable=true</screen>at the installer prompt. If multipath "
30006
"devices are found these will show up as <emphasis "
30007
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
30008
msgstr ""
30009
30010
#: serverguide/C/dm-multipath.xml:503(title)
30011
msgid "Ignoring Local Disks When Generating Multipath Devices"
30012
msgstr ""
30013
30014
#: serverguide/C/dm-multipath.xml:505(para)
30015
msgid ""
30016
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
30017
"is not recommended for these devices. The following procedure shows how to "
30018
"modify the multipath configuration file to ignore the local disks when "
30019
"configuring multipath."
30020
msgstr ""
30021
30022
#: serverguide/C/dm-multipath.xml:512(para)
30023
msgid ""
30024
"Determine which disks are the internal disks and mark them as the ones to "
30025
"blacklist. In this example, <emphasis "
30026
"role=\"bold\"><filename>/dev/sda</filename></emphasis> is the internal disk. "
30027
"Note that as originally configured in the default multipath configuration "
30028
"file, executing the <emphasis role=\"bold\">multipath -v2</emphasis> shows "
30029
"the local disk, <emphasis role=\"bold\">/dev/sda</emphasis>, in the "
30030
"multipath map. For further information on the <emphasis "
30031
"role=\"bold\">multipath</emphasis> command output, see Section <link "
30032
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
30033
msgstr ""
30034
30035
#: serverguide/C/dm-multipath.xml:524(screen)
30036
#, no-wrap
30037
msgid ""
30038
"\n"
30039
"# multipath -v2\n"
30040
"create: SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1 undef WINSYS,SF2372\n"
30041
"size=33 GB features=\"0\" hwhandler=\"0\" wp=undef\n"
30042
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30043
" |- 0:0:0:0 sda 8:0 [--------- \n"
30044
"\n"
30045
"device-mapper ioctl cmd 9 failed: Invalid argument\n"
30046
"device-mapper ioctl cmd 14 failed: No such device or address\n"
30047
"create: 3600a0b80001327d80000006d43621677 undef WINSYS,SF2372\n"
30048
"size=12G features='0' hwhandler='0' wp=undef\n"
30049
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30050
" |- 2:0:0:0 sdb 8:16 undef ready running\n"
30051
" `- 3:0:0:0 sdf 8:80 undef ready running\n"
30052
"\n"
30053
"create: 3600a0b80001327510000009a436215ec undef WINSYS,SF2372\n"
30054
"size=12G features='0' hwhandler='0' wp=undef\n"
30055
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30056
" |- 2:0:0:1 sdc 8:32 undef ready running\n"
30057
" `- 3:0:0:1 sdg 8:96 undef ready running\n"
30058
"\n"
30059
"create: 3600a0b80001327d800000070436216b3 undef WINSYS,SF2372\n"
30060
"size=12G features='0' hwhandler='0' wp=undef\n"
30061
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30062
" |- 2:0:0:2 sdd 8:48 undef ready running\n"
30063
" `- 3:0:0:2 sdg 8:112 undef ready running\n"
30064
"\n"
30065
"create: 3600a0b80001327510000009b4362163e undef WINSYS,SF2372\n"
30066
"size=12G features='0' hwhandler='0' wp=undef\n"
30067
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30068
" |- 2:0:0:3 sdd 8:64 undef ready running\n"
30069
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
30070
msgstr ""
30071
30072
#: serverguide/C/dm-multipath.xml:560(para)
30073
msgid ""
30074
"In order to prevent the device mapper from mapping <emphasis "
30075
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
30076
"section of the <filename>/etc/multipath.conf</filename> file to include this "
30077
"device. Although you could blacklist the <emphasis "
30078
"role=\"bold\">sda</emphasis> device using a <emphasis "
30079
"role=\"bold\">devnode</emphasis> type, that would not be safe procedure "
30080
"since <emphasis role=\"bold\">/dev/sda</emphasis> is not guaranteed to be "
30081
"the same on reboot. To blacklist individual devices, you can blacklist using "
30082
"the WWID of that device. Note that in the output to the <emphasis "
30083
"role=\"bold\">multipath -v2</emphasis> command, the WWID of the "
30084
"<filename>/dev/sda</filename> device is SIBM-"
30085
"ESXSST336732LC____F3ET0EP0Q000072428BX1. To blacklist this device, include "
30086
"the following in the <filename>/etc/multipath.conf</filename> file."
30087
msgstr ""
30088
30089
#: serverguide/C/dm-multipath.xml:575(screen)
30090
#, no-wrap
30091
msgid ""
30092
"\n"
30093
"blacklist {\n"
30094
" wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1\n"
30095
"}\n"
30096
msgstr ""
30097
30098
#: serverguide/C/dm-multipath.xml:583(para)
30099
msgid ""
30100
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
30101
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
30102
"daemon to reload the file. The following command reloads the updated "
30103
"<filename>/etc/multipath.conf</filename> file."
30104
msgstr ""
30105
30106
#: serverguide/C/dm-multipath.xml:588(screen)
30107
#, no-wrap
30108
msgid "# systemctl reload multipath-tools.service"
30109
msgstr ""
30110
30111
#: serverguide/C/dm-multipath.xml:592(para)
30112
msgid "Run the following command to remove the multipath device:"
30113
msgstr ""
30114
30115
#: serverguide/C/dm-multipath.xml:595(screen)
30116
#, no-wrap
30117
msgid ""
30118
"\n"
30119
"# multipath -f SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1\n"
30120
msgstr ""
30121
30122
#: serverguide/C/dm-multipath.xml:601(para)
30123
msgid ""
30124
"To check whether the device removal worked, you can run the "
30125
"<command>multipath -ll</command> command to display the current multipath "
30126
"configuration. For information on the <command>multipath -ll</command> "
30127
"command, see Section <link linkend=\"multipath-queries-and-"
30128
"commands\">Multipath Queries with multipath Command</link>. To check that "
30129
"the blacklisted device was not added back, you can run the multipath "
30130
"command, as in the following example. The multipath command defaults to a "
30131
"verbosity level of <emphasis role=\"bold\">v2</emphasis> if you do not "
30132
"specify a <emphasis role=\"bold\">-v</emphasis> option."
30133
msgstr ""
30134
30135
#: serverguide/C/dm-multipath.xml:612(screen)
30136
#, no-wrap
30137
msgid ""
30138
"\n"
30139
"# multipath\n"
30140
"\n"
30141
"create: 3600a0b80001327d80000006d43621677 undef WINSYS,SF2372\n"
30142
"size=12G features='0' hwhandler='0' wp=undef\n"
30143
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30144
" |- 2:0:0:0 sdb 8:16 undef ready running\n"
30145
" `- 3:0:0:0 sdf 8:80 undef ready running\n"
30146
"\n"
30147
"create: 3600a0b80001327510000009a436215ec undef WINSYS,SF2372\n"
30148
"size=12G features='0' hwhandler='0' wp=undef\n"
30149
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30150
" |- 2:0:0:1 sdc 8:32 undef ready running\n"
30151
" `- 3:0:0:1 sdg 8:96 undef ready running\n"
30152
"\n"
30153
"create: 3600a0b80001327d800000070436216b3 undef WINSYS,SF2372\n"
30154
"size=12G features='0' hwhandler='0' wp=undef\n"
30155
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30156
" |- 2:0:0:2 sdd 8:48 undef ready running\n"
30157
" `- 3:0:0:2 sdg 8:112 undef ready running\n"
30158
"\n"
30159
"create: 3600a0b80001327510000009b4362163e undef WINSYS,SF2372\n"
30160
"size=12G features='0' hwhandler='0' wp=undef\n"
30161
"`-+- policy='round-robin 0' prio=1 status=undef\n"
30162
" |- 2:0:0:3 sdd 8:64 undef ready running\n"
30163
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
30164
msgstr ""
30165
30166
#: serverguide/C/dm-multipath.xml:644(title)
30167
msgid "Configuring Storage Devices"
30168
msgstr ""
30169
30170
#: serverguide/C/dm-multipath.xml:646(para)
30171
msgid ""
30172
"By default, DM-Multipath includes support for the most common storage arrays "
30173
"that support DM-Multipath. The default configuration values, including "
30174
"supported devices, can be found in the "
30175
"<filename>multipath.conf.defaults</filename> file."
30176
msgstr ""
30177
30178
#: serverguide/C/dm-multipath.xml:651(para)
30179
msgid ""
30180
"If you need to add a storage device that is not supported by default as a "
30181
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
30182
"file and insert the appropriate device information."
30183
msgstr ""
30184
30185
#: serverguide/C/dm-multipath.xml:655(para)
30186
msgid ""
30187
"For example, to add information about the HP Open-V series the entry looks "
30188
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
30189
msgstr ""
30190
30191
#: serverguide/C/dm-multipath.xml:659(screen)
30192
#, no-wrap
30193
msgid ""
30194
"devices {\n"
30195
" device {\n"
30196
" vendor \"HP\"\n"
30197
" product \"OPEN-V.\"\n"
30198
" getuid_callout \"/lib/udev/scsi_id --whitelisted --"
30199
"device=/dev/%n\"\n"
30200
" }\n"
30201
"}\n"
30202
msgstr ""
30203
30204
#: serverguide/C/dm-multipath.xml:668(para)
30205
msgid ""
30206
"For more information on the devices section of the configuration file, see "
30207
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
30208
"device\"/>."
30209
msgstr ""
30210
30211
#: serverguide/C/dm-multipath.xml:675(title)
30212
msgid "The DM-Multipath Configuration File"
30213
msgstr ""
30214
30215
#: serverguide/C/dm-multipath.xml:677(para)
30216
msgid ""
30217
"By default, DM-Multipath provides configuration values for the most common "
30218
"uses of multipathing. In addition, DM-Multipath includes support for the "
30219
"most common storage arrays that support DM-Multipath. The default "
30220
"configuration values and the supported devices can be found in the "
30221
"<filename>multipath.conf.defaults</filename> file."
30222
msgstr ""
30223
30224
#: serverguide/C/dm-multipath.xml:683(para)
30225
msgid ""
30226
"You can override the default configuration values for DM-Multipath by "
30227
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
30228
"necessary, you can also add a storage array that is not supported by default "
30229
"to the configuration file. This chapter provides information on parsing and "
30230
"modifying the <filename>multipath.conf</filename> file. It contains sections "
30231
"on the following topics: <placeholder-1/>"
30232
msgstr ""
30233
30234
#: serverguide/C/dm-multipath.xml:715(para)
30235
msgid ""
30236
"In the multipath configuration file, you need to specify only the sections "
30237
"that you need for your configuration, or that you wish to change from the "
30238
"default values specified in the <filename>multipath.conf.defaults</filename> "
30239
"file. If there are sections of the file that are not relevant to your "
30240
"environment or for which you do not need to override the default values, you "
30241
"can leave them commented out, as they are in the initial file."
30242
msgstr ""
30243
30244
#: serverguide/C/dm-multipath.xml:723(para)
30245
msgid "The configuration file allows regular expression description syntax."
30246
msgstr ""
30247
30248
#: serverguide/C/dm-multipath.xml:726(para)
30249
msgid ""
30250
"An annotated version of the configuration file can be found in "
30251
"<filename><filename>/usr/share/doc/multipath-"
30252
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
30253
msgstr ""
30254
30255
#: serverguide/C/dm-multipath.xml:730(title)
30256
msgid "Configuration File Overview"
30257
msgstr ""
30258
30259
#: serverguide/C/dm-multipath.xml:732(para)
30260
msgid ""
30261
"The multipath configuration file is divided into the following sections:"
30262
msgstr ""
30263
30264
#: serverguide/C/dm-multipath.xml:737(emphasis)
30265
msgid "blacklist"
30266
msgstr ""
30267
30268
#: serverguide/C/dm-multipath.xml:740(para)
30269
msgid ""
30270
"Listing of specific devices that will not be considered for multipath."
30271
msgstr ""
30272
30273
#: serverguide/C/dm-multipath.xml:746(emphasis)
30274
msgid "blacklist_exceptions"
30275
msgstr ""
30276
30277
#: serverguide/C/dm-multipath.xml:749(para)
30278
msgid ""
30279
"Listing of multipath candidates that would otherwise be blacklisted "
30280
"according to the parameters of the blacklist section."
30281
msgstr ""
30282
30283
#: serverguide/C/dm-multipath.xml:756(emphasis)
30284
msgid "defaults"
30285
msgstr ""
30286
30287
#: serverguide/C/dm-multipath.xml:759(para)
30288
msgid "General default settings for DM-Multipath."
30289
msgstr ""
30290
30291
#: serverguide/C/dm-multipath.xml:767(para)
30292
msgid ""
30293
"Settings for the characteristics of individual multipath devices. These "
30294
"values overwrite what is specified in the <emphasis "
30295
"role=\"bold\">defaults</emphasis> and <emphasis "
30296
"role=\"bold\">devices</emphasis> sections of the configuration file."
30297
msgstr ""
30298
30299
#: serverguide/C/dm-multipath.xml:776(emphasis)
30300
msgid "devices"
30301
msgstr ""
30302
30303
#: serverguide/C/dm-multipath.xml:779(para)
30304
msgid ""
30305
"Settings for the individual storage controllers. These values overwrite what "
30306
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
30307
"the configuration file. If you are using a storage array that is not "
30308
"supported by default, you may need to create a devices subsection for your "
30309
"array."
30310
msgstr ""
30311
30312
#: serverguide/C/dm-multipath.xml:788(para)
30313
msgid ""
30314
"When the system determines the attributes of a multipath device, first it "
30315
"checks the multipath settings, then the per devices settings, then the "
30316
"multipath system defaults."
30317
msgstr ""
30318
30319
#: serverguide/C/dm-multipath.xml:794(title)
30320
msgid "Configuration File Blacklist"
30321
msgstr ""
30322
30323
#: serverguide/C/dm-multipath.xml:796(para)
30324
msgid ""
30325
"The blacklist section of the multipath configuration file specifies the "
30326
"devices that will not be used when the system configures multipath devices. "
30327
"Devices that are blacklisted will not be grouped into a multipath device."
30328
msgstr ""
30329
30330
#: serverguide/C/dm-multipath.xml:803(para)
30331
msgid ""
30332
"If you do need to blacklist devices, you can do so according to the "
30333
"following criteria:"
30334
msgstr ""
30335
30336
#: serverguide/C/dm-multipath.xml:808(para)
30337
msgid ""
30338
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
30339
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
30340
msgstr ""
30341
30342
#: serverguide/C/dm-multipath.xml:814(para)
30343
msgid ""
30344
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
30345
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
30346
msgstr ""
30347
30348
#: serverguide/C/dm-multipath.xml:820(para)
30349
msgid ""
30350
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
30351
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
30352
msgstr ""
30353
30354
#: serverguide/C/dm-multipath.xml:826(para)
30355
msgid ""
30356
"By default, a variety of device types are blacklisted, even after you "
30357
"comment out the initial blacklist section of the configuration file. For "
30358
"information, see <xref endterm=\"config-blacklist-by-device-name-title\" "
30359
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
30360
msgstr ""
30361
30362
#: serverguide/C/dm-multipath.xml:835(title)
30363
msgid "Blacklisting By WWID"
30364
msgstr ""
30365
30366
#: serverguide/C/dm-multipath.xml:838(para)
30367
msgid ""
30368
"You can specify individual devices to blacklist by their World-Wide "
30369
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
30370
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
30371
"file."
30372
msgstr ""
30373
30374
#: serverguide/C/dm-multipath.xml:843(para)
30375
msgid ""
30376
"The following example shows the lines in the configuration file that would "
30377
"blacklist a device with a WWID of 26353900f02796769."
30378
msgstr ""
30379
30380
#: serverguide/C/dm-multipath.xml:846(screen)
30381
#, no-wrap
30382
msgid ""
30383
"\n"
30384
"blacklist {\n"
30385
" wwid 26353900f02796769\n"
30386
"}\n"
30387
msgstr ""
30388
30389
#: serverguide/C/dm-multipath.xml:854(title)
30390
msgid "Blacklisting By Device Name"
30391
msgstr ""
30392
30393
#: serverguide/C/dm-multipath.xml:857(para)
30394
msgid ""
30395
"You can blacklist device types by device name so that they will not be "
30396
"grouped into a multipath device by specifying a <emphasis "
30397
"role=\"bold\">devnode</emphasis> entry in the <emphasis "
30398
"role=\"bold\">blacklist</emphasis> section of the configuration file."
30399
msgstr ""
30400
30401
#: serverguide/C/dm-multipath.xml:863(para)
30402
msgid ""
30403
"The following example shows the lines in the configuration file that would "
30404
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
30405
"blacklist {\n"
30406
" devnode \"^sd[a-z]\"\n"
30407
"}</screen>"
30408
msgstr ""
30409
30410
#: serverguide/C/dm-multipath.xml:870(para)
30411
msgid ""
30412
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
30413
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
30414
"file to specify individual devices to blacklist rather than all devices of a "
30415
"specific type. This is not recommended, however, since unless it is "
30416
"statically mapped by udev rules, there is no guarantee that a specific "
30417
"device will have the same name on reboot. For example, a device name could "
30418
"change from <filename>/dev/sda</filename> to <filename>/dev/sdb</filename> "
30419
"on reboot."
30420
msgstr ""
30421
30422
#: serverguide/C/dm-multipath.xml:880(para)
30423
msgid ""
30424
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
30425
"are compiled in the default blacklist; the devices that these entries "
30426
"blacklist do not generally support DM-Multipath. To enable multipathing on "
30427
"any of these devices, you would need to specify them in the <emphasis "
30428
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
30429
"file, as described in <xref endterm=\"config-blacklist-exceptions-title\" "
30430
"linkend=\"multipath-config-blacklist-exceptions\"/><screen>\n"
30431
"blacklist {\n"
30432
" devnode \"^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*\"\n"
30433
" devnode \"^hd[a-z]\"\n"
30434
"}\n"
30435
"</screen>"
30436
msgstr ""
30437
30438
#: serverguide/C/dm-multipath.xml:897(title)
30439
msgid "Blacklisting By Device Type"
30440
msgstr ""
30441
30442
#: serverguide/C/dm-multipath.xml:900(para)
30443
msgid ""
30444
"You can specify specific device types in the <emphasis "
30445
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
30446
"device section. The following example blacklists all IBM DS4200 and HP "
30447
"devices. <screen>\n"
30448
"blacklist {\n"
30449
" device {\n"
30450
" vendor \"IBM\"\n"
30451
" product \"3S42\" #DS4200 Product 10\n"
30452
" }\n"
30453
" device {\n"
30454
" vendor \"HP\"\n"
30455
" product \"*\"\n"
30456
" }\n"
30457
"}\n"
30458
"</screen>"
30459
msgstr ""
30460
30461
#: serverguide/C/dm-multipath.xml:918(title)
30462
msgid "Blacklist Exceptions"
30463
msgstr ""
30464
30465
#: serverguide/C/dm-multipath.xml:921(para)
30466
msgid ""
30467
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
30468
"section of the configuration file to enable multipathing on devices that "
30469
"have been blacklisted by default."
30470
msgstr ""
30471
30472
#: serverguide/C/dm-multipath.xml:926(para)
30473
msgid ""
30474
"For example, if you have a large number of devices and want to multipath "
30475
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
30476
"instead of individually blacklisting each of the devices except the one you "
30477
"want, you could instead blacklist all of them, and then allow only the one "
30478
"you want by adding the following lines to the "
30479
"<filename>/etc/multipath.conf</filename> file. <screen>\n"
30480
"blacklist {\n"
30481
" wwid \"*\"\n"
30482
"}\n"
30483
"\n"
30484
"blacklist_exceptions {\n"
30485
" wwid \"3600d0230000000000e13955cc3757803\"\n"
30486
"}\n"
30487
"</screen>"
30488
msgstr ""
30489
30490
#: serverguide/C/dm-multipath.xml:941(para)
30491
msgid ""
30492
"When specifying devices in the <emphasis "
30493
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
30494
"file, you must specify the exceptions in the same way they were specified in "
30495
"the <emphasis role=\"bold\">blacklist</emphasis>. For example, a WWID "
30496
"exception will not apply to devices specified by a <emphasis "
30497
"role=\"bold\">devnode</emphasis> blacklist entry, even if the blacklisted "
30498
"device is associated with that WWID. Similarly, devnode exceptions apply "
30499
"only to devnode entries, and device exceptions apply only to device entries."
30500
msgstr ""
30501
30502
#: serverguide/C/dm-multipath.xml:954(title)
30503
msgid "Configuration File Defaults"
30504
msgstr ""
30505
30506
#: serverguide/C/dm-multipath.xml:956(para)
30507
msgid ""
30508
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
30509
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
30510
"role=\"bold\">user_friendly_names</emphasis> parameter to <emphasis "
30511
"role=\"bold\">yes</emphasis>, as follows."
30512
msgstr ""
30513
30514
#: serverguide/C/dm-multipath.xml:961(screen)
30515
#, no-wrap
30516
msgid ""
30517
"\n"
30518
"defaults {\n"
30519
" user_friendly_names yes\n"
30520
"}\n"
30521
msgstr ""
30522
30523
#: serverguide/C/dm-multipath.xml:967(para)
30524
msgid ""
30525
"This overwrites the default value of the <emphasis "
30526
"role=\"bold\">user_friendly_names</emphasis> parameter."
30527
msgstr ""
30528
30529
#: serverguide/C/dm-multipath.xml:970(para)
30530
msgid ""
30531
"The configuration file includes a template of configuration defaults. This "
30532
"section is commented out, as follows."
30533
msgstr ""
30534
30535
#: serverguide/C/dm-multipath.xml:973(screen)
30536
#, no-wrap
30537
msgid ""
30538
"\n"
30539
"#defaults {\n"
30540
"# udev_dir /dev\n"
30541
"# polling_interval 5\n"
30542
"# selector \"round-robin 0\"\n"
30543
"# path_grouping_policy failover\n"
30544
"# getuid_callout \"/lib/dev/scsi_id --whitelisted --"
30545
"device=/dev/%n\"\n"
30546
"#\tprio\t\t\tconst\n"
30547
"#\tpath_checker\t\tdirectio\n"
30548
"#\trr_min_io\t\t1000\n"
30549
"#\trr_weight\t\tuniform\n"
30550
"#\tfailback\t\tmanual\n"
30551
"#\tno_path_retry\t\tfail\n"
30552
"#\tuser_friendly_names\tno\n"
30553
"#}\n"
30554
msgstr ""
30555
30556
#: serverguide/C/dm-multipath.xml:990(para)
30557
msgid ""
30558
"To overwrite the default value for any of the configuration parameters, you "
30559
"can copy the relevant line from this template into the <emphasis "
30560
"role=\"bold\">defaults</emphasis> section and uncomment it. For example, to "
30561
"overwrite the <emphasis role=\"bold\">path_grouping_policy</emphasis> "
30562
"parameter so that it is <emphasis role=\"bold\">multibus</emphasis> rather "
30563
"than the default value of <emphasis role=\"bold\">failover</emphasis>, copy "
30564
"the appropriate line from the template to the initial <emphasis "
30565
"role=\"bold\">defaults</emphasis> section of the configuration file, and "
30566
"uncomment it, as follows."
30567
msgstr ""
30568
30569
#: serverguide/C/dm-multipath.xml:1001(screen)
30570
#, no-wrap
30571
msgid ""
30572
"\n"
30573
"defaults {\n"
30574
" user_friendly_names yes\n"
30575
" path_grouping_policy multibus\n"
30576
"}\n"
30577
msgstr ""
30578
30579
#: serverguide/C/dm-multipath.xml:1008(para)
30580
msgid ""
30581
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
30582
"config-defaults-table\"/> describes the attributes that are set in the "
30583
"<emphasis role=\"bold\">defaults</emphasis> section of the "
30584
"<filename>multipath.conf</filename> configuration file. These values are "
30585
"used by DM-Multipath unless they are overwritten by the attributes specified "
30586
"in the <emphasis role=\"bold\">devices</emphasis> and <emphasis "
30587
"role=\"bold\">multipaths</emphasis> sections of the "
30588
"<filename>multipath.conf</filename> file."
30589
msgstr ""
30590
30591
#: serverguide/C/dm-multipath.xml:1022(title)
30592
msgid "Configuration File Multipath Attributes"
30593
msgstr ""
30594
30595
#: serverguide/C/dm-multipath.xml:1025(para)
30596
msgid ""
30597
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
30598
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
30599
"role=\"bold\">multipaths</emphasis> section of the "
30600
"<filename>multipath.conf</filename> configuration file for each specific "
30601
"multipath device. These attributes apply only to the one specified "
30602
"multipath. These defaults are used by DM-Multipath and override attributes "
30603
"set in the <emphasis role=\"bold\">defaults</emphasis> and <emphasis "
30604
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
30605
msgstr ""
30606
30607
#: serverguide/C/dm-multipath.xml:1038(para)
30608
msgid ""
30609
"In addition, the following parameters may be overridden in this <emphasis "
30610
"role=\"bold\">multipath</emphasis> section"
30611
msgstr ""
30612
30613
#: serverguide/C/dm-multipath.xml:1087(para)
30614
msgid ""
30615
"The following example shows multipath attributes specified in the "
30616
"configuration file for two specific multipath devices. The first device has "
30617
"a WWID of 3600508b4000156d70001200000b0000 and a symbolic name of yellow."
30618
msgstr ""
30619
30620
#: serverguide/C/dm-multipath.xml:1092(para)
30621
msgid ""
30622
"The second multipath device in the example has a WWID of "
30623
"1DEC_____321816758474 and a symbolic name of red. In this example, the <link "
30624
"linkend=\"attribute-rr_weight\" role=\"bold\">rr_weight</link> attributes "
30625
"are set to priorities."
30626
msgstr ""
30627
30628
#: serverguide/C/dm-multipath.xml:1097(screen)
30629
#, no-wrap
30630
msgid ""
30631
"\n"
30632
"multipaths {\n"
30633
" multipath {\n"
30634
" wwid 3600508b4000156d70001200000b0000\n"
30635
" alias yellow\n"
30636
" path_grouping_policy multibus\n"
30637
" path_selector \"round-robin 0\"\n"
30638
" failback manual\n"
30639
" rr_weight priorities\n"
30640
" no_path_retry 5\n"
30641
" }\n"
30642
" multipath {\n"
30643
" wwid 1DEC_____321816758474\n"
30644
" alias red\n"
30645
" rr_weight priorities\n"
30646
" }\n"
30647
"}\n"
30648
msgstr ""
30649
30650
#: serverguide/C/dm-multipath.xml:1118(title)
30651
msgid "Configuration File Devices"
30652
msgstr ""
30653
30654
#: serverguide/C/dm-multipath.xml:1120(para)
30655
msgid ""
30656
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
30657
"device-attributes-table\"/> shows the attributes that you can set for each "
30658
"individual storage device in the devices section of the multipath.conf "
30659
"configuration file. These attributes are used by DM-Multipath unless they "
30660
"are overwritten by the attributes specified in the <emphasis "
30661
"role=\"bold\">multipaths</emphasis> section of the "
30662
"<filename>multipath.conf</filename> file for paths that contain the device. "
30663
"These attributes override the attributes set in the <emphasis "
30664
"role=\"bold\">defaults</emphasis> section of the "
30665
"<filename>multipath.conf</filename> file."
30666
msgstr ""
30667
30668
#: serverguide/C/dm-multipath.xml:1131(para)
30669
msgid ""
30670
"Many devices that support multipathing are included by default in a "
30671
"multipath configuration. The values for the devices that are supported by "
30672
"default are listed in the <filename>multipath.conf.defaults</filename> file. "
30673
"You probably will not need to modify the values for these devices, but if "
30674
"you do you can overwrite the default values by including an entry in the "
30675
"configuration file for the device that overwrites those values. You can copy "
30676
"the device configuration defaults from the "
30677
"<filename>multipath.conf.annotated.gz</filename> or if you wish to have a "
30678
"brief config file, <filename>multipath.conf.synthetic</filename> file for "
30679
"the device and override the values that you want to change."
30680
msgstr ""
30681
30682
#: serverguide/C/dm-multipath.xml:1143(para)
30683
msgid ""
30684
"To add a device to this section of the configuration file that is not "
30685
"configured automatically by default, you must set the <emphasis "
30686
"role=\"bold\">vendor</emphasis> and <emphasis "
30687
"role=\"bold\">product</emphasis> parameters. You can find these values by "
30688
"looking at <emphasis "
30689
"role=\"bold\">/sys/block/device_name/device/vendor</emphasis> and <emphasis "
30690
"role=\"bold\">/sys/block/device_name/device/model</emphasis> where "
30691
"device_name is the device to be multipathed, as in the following example:"
30692
msgstr ""
30693
30694
#: serverguide/C/dm-multipath.xml:1153(screen)
30695
#, no-wrap
30696
msgid ""
30697
"\n"
30698
"# cat /sys/block/sda/device/vendor\n"
30699
"WINSYS \n"
30700
"# cat /sys/block/sda/device/model\n"
30701
"SF2372\n"
30702
msgstr ""
30703
30704
#: serverguide/C/dm-multipath.xml:1160(para)
30705
msgid ""
30706
"The additional parameters to specify depend on your specific device. If the "
30707
"device is active/active, you will usually not need to set additional "
30708
"parameters. You may want to set <link linkend=\"attribute-"
30709
"path_grouping_policy\">path_grouping_policy</link> to <emphasis "
30710
"role=\"bold\">multibus</emphasis>. Other parameters you may need to set are "
30711
"<link linkend=\"attribute-no_path_retry\">no_path_retry</link> and <link "
30712
"linkend=\"attribute-rr_min_io\">rr_min_io</link>, as described in Table "
30713
"<xref endterm=\"attributes-table-title\" linkend=\"multipath-attributes-"
30714
"table\"/>."
30715
msgstr ""
30716
30717
#: serverguide/C/dm-multipath.xml:1170(para)
30718
msgid ""
30719
"If the device is active/passive, but it automatically switches paths with "
30720
"I/O to the passive path, you need to change the checker function to one that "
30721
"does not send I/O to the path to test if it is working (otherwise, your "
30722
"device will keep failing over). This almost always means that you set the "
30723
"<link linkend=\"attribute-path_checker\">path_checker</link> to <emphasis "
30724
"role=\"bold\">tur</emphasis>; this works for all SCSI devices that support "
30725
"the Test Unit Ready command, which most do."
30726
msgstr ""
30727
30728
#: serverguide/C/dm-multipath.xml:1179(para)
30729
msgid ""
30730
"If the device needs a special command to switch paths, then configuring this "
30731
"device for multipath requires a hardware handler kernel module. The current "
30732
"available hardware handler is emc. If this is not sufficient for your "
30733
"device, you may not be able to configure the device for multipath."
30734
msgstr ""
30735
30736
#: serverguide/C/dm-multipath.xml:1188(para)
30737
msgid ""
30738
"In addition, the following parameters may be overridden in this <emphasis "
30739
"role=\"bold\">device</emphasis> section"
30740
msgstr ""
30741
30742
#: serverguide/C/dm-multipath.xml:1263(para)
30743
msgid ""
30744
"Whenever a hardware_handler is specified, it is your responsibility to "
30745
"ensure that the appropriate kernel module is loaded to support the specified "
30746
"interface. These modules can be found in <emphasis "
30747
"role=\"bold\"><filename>/lib/modules/`uname -"
30748
"r`/kernel/drivers/scsi/device_handler/ </filename></emphasis>. The requisite "
30749
"module should be integrated into the initrd to ensure the necessary "
30750
"discovery and failover-failback capacity is available during boot time. "
30751
"Example,<screen># echo scsi_dh_alua >> /etc/initramfs-tools/modules "
30752
"## append module to file\n"
30753
"# update-initramfs -u -k all</screen>"
30754
msgstr ""
30755
30756
#: serverguide/C/dm-multipath.xml:1274(para)
30757
msgid ""
30758
"The following example shows a device entry in the multipath configuration "
30759
"file."
30760
msgstr ""
30761
30762
#: serverguide/C/dm-multipath.xml:1277(screen)
30763
#, no-wrap
30764
msgid ""
30765
"\n"
30766
"#devices {\n"
30767
"#\tdevice {\n"
30768
"#\t\tvendor\t\t\t\"COMPAQ \"\n"
30769
"#\t\tproduct\t\t\t\"MSA1000 \"\n"
30770
"#\t\tpath_grouping_policy\tmultibus\n"
30771
"#\t\tpath_checker\t\ttur\n"
30772
"#\t\trr_weight\t\tpriorities\n"
30773
"#\t}\n"
30774
"#}\n"
30775
msgstr ""
30776
30777
#: serverguide/C/dm-multipath.xml:1289(para)
30778
msgid ""
30779
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
30780
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
30781
"role=\"bold\">revision</emphasis> fields are significant as multipath is "
30782
"performing a direct match against these attributes, whose format is defined "
30783
"by the SCSI specification, specifically the <ulink "
30784
"url=\"http://en.wikipedia.org/wiki/SCSI_Inquiry_Command\">Standard "
30785
"INQUIRY</ulink> command. When quotes are used, the vendor, product, and "
30786
"revision fields will be interpreted strictly according to the spec. Regular "
30787
"expressions may be integrated into the quoted strings. Should a field be "
30788
"defined without the requisite spacing, multipath will copy the string into "
30789
"the properly sized buffer and pad with the appropriate number of spaces. The "
30790
"specification expects the entire field to be populated by printable "
30791
"characters or spaces, as seen in the example above"
30792
msgstr ""
30793
30794
#: serverguide/C/dm-multipath.xml:1306(para)
30795
msgid "vendor: 8 characters"
30796
msgstr ""
30797
30798
#: serverguide/C/dm-multipath.xml:1310(para)
30799
msgid "product: 16 characters"
30800
msgstr ""
30801
30802
#: serverguide/C/dm-multipath.xml:1314(para)
30803
msgid "revision: 4 characters"
30804
msgstr ""
30805
30806
#: serverguide/C/dm-multipath.xml:1318(para)
30807
msgid ""
30808
"To create a more robust configuration file, regular expressions can also be "
30809
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
30810
"Examples of functional regular expressions can be found by examining the "
30811
"live multipath database and <filename>multipath.conf </filename>example "
30812
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
30813
msgstr ""
30814
30815
#: serverguide/C/dm-multipath.xml:1325(screen)
30816
#, no-wrap
30817
msgid "# echo 'show config' | multipathd -k"
30818
msgstr ""
30819
30820
#: serverguide/C/dm-multipath.xml:1330(title)
30821
msgid "DM-Multipath Administration and Troubleshooting"
30822
msgstr ""
30823
30824
#: serverguide/C/dm-multipath.xml:1333(title)
30825
msgid "Resizing an Online Multipath Device"
30826
msgstr ""
30827
30828
#: serverguide/C/dm-multipath.xml:1335(para)
30829
msgid ""
30830
"If you need to resize an online multipath device, use the following procedure"
30831
msgstr ""
30832
30833
#: serverguide/C/dm-multipath.xml:1340(para)
30834
msgid "Resize your physical device. This is storage platform specific."
30835
msgstr ""
30836
30837
#: serverguide/C/dm-multipath.xml:1345(para)
30838
msgid "Use the following command to find the paths to the LUN:"
30839
msgstr ""
30840
30841
#: serverguide/C/dm-multipath.xml:1347(screen)
30842
#, no-wrap
30843
msgid "# multipath -l"
30844
msgstr ""
30845
30846
#: serverguide/C/dm-multipath.xml:1351(para)
30847
msgid ""
30848
"Resize your paths. For SCSI devices, writing 1 to the "
30849
"<filename>rescan</filename> file for the device causes the SCSI driver to "
30850
"rescan, as in the following command:"
30851
msgstr ""
30852
30853
#: serverguide/C/dm-multipath.xml:1355(screen)
30854
#, no-wrap
30855
msgid "# echo 1 > /sys/block/device_name/device/rescan"
30856
msgstr ""
30857
30858
#: serverguide/C/dm-multipath.xml:1359(para)
30859
msgid ""
30860
"Resize your multipath device by running the multipathd resize command:"
30861
msgstr ""
30862
30863
#: serverguide/C/dm-multipath.xml:1362(screen)
30864
#, no-wrap
30865
msgid "# multipathd -k 'resize map mpatha'"
30866
msgstr ""
30867
30868
#: serverguide/C/dm-multipath.xml:1366(para)
30869
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
30870
msgstr ""
30871
30872
#: serverguide/C/dm-multipath.xml:1369(screen)
30873
#, no-wrap
30874
msgid "# resize2fs /dev/mapper/mpatha"
30875
msgstr ""
30876
30877
#: serverguide/C/dm-multipath.xml:1375(title)
30878
msgid ""
30879
"Moving root File Systems from a Single Path Device to a Multipath Device"
30880
msgstr ""
30881
30882
#: serverguide/C/dm-multipath.xml:1378(para)
30883
msgid ""
30884
"This is dramatically simplified by the use of UUIDs to identify devices as "
30885
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
30886
"boot</emphasis> and reboot. This will rebuild the initial ramdisk and afford "
30887
"multipath the opportunity to build it's paths before the root file system is "
30888
"mounted by UUID."
30889
msgstr ""
30890
30891
#: serverguide/C/dm-multipath.xml:1385(para)
30892
msgid ""
30893
"Whenever <filename>multipath.conf</filename> is updated, so should the "
30894
"initrd by executing <command>update-initramfs -u -k all</command>. The "
30895
"reason being is <filename>multipath.conf</filename> is copied to the ramdisk "
30896
"and is integral to determining the available devices for grouping via it's "
30897
"blacklist and device sections."
30898
msgstr ""
30899
30900
#: serverguide/C/dm-multipath.xml:1394(title)
30901
msgid ""
30902
"Moving swap File Systems from a Single Path Device to a Multipath Device"
30903
msgstr ""
30904
30905
#: serverguide/C/dm-multipath.xml:1397(para)
30906
msgid ""
30907
"The procedure is exactly the same as illustrated in the previous section "
30908
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
30909
"device\">Moving root File Systems from a Single Path to a Multipath "
30910
"Device</link>."
30911
msgstr ""
30912
30913
#: serverguide/C/dm-multipath.xml:1405(title)
30914
msgid "The Multipath Daemon"
30915
msgstr ""
30916
30917
#: serverguide/C/dm-multipath.xml:1407(para)
30918
msgid ""
30919
"If you find you have trouble implementing a multipath configuration, you "
30920
"should ensure the multipath daemon is running as described in <link "
30921
"linkend=\"multipath-setting-up-dm-multipath\">\"Setting up DM-"
30922
"Multipath\"</link>. The <command>multipathd</command> daemon must be running "
30923
"in order to use multipathd devices. Also see section <link "
30924
"linkend=\"multipath-interacting-with-multipathd\">Troubleshooting with the "
30925
"multipathd interactive console</link> concerning interacting with "
30926
"<command>multipathd</command> as a debugging aid."
30927
msgstr ""
30928
30929
#: serverguide/C/dm-multipath.xml:1447(title)
30930
msgid "Issues with queue_if_no_path"
30931
msgstr ""
30932
30933
#: serverguide/C/dm-multipath.xml:1449(para)
30934
msgid ""
30935
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
30936
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
30937
"process that uses I/O will hang until one or more paths are restored. To "
30938
"avoid this, set the <emphasis role=\"bold\"><link linkend=\"attribute-"
30939
"no_path_retry\">no_path_retry</link> N</emphasis> parameter in the "
30940
"<filename>/etc/multipath.conf</filename>."
30941
msgstr ""
30942
30943
#: serverguide/C/dm-multipath.xml:1456(para)
30944
msgid ""
30945
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
30946
"remove the <emphasis role=\"bold\">features \"1 "
30947
"queue_if_no_path\"</emphasis> option from the "
30948
"<filename>/etc/multipath.conf</filename> file as well. If, however, you are "
30949
"using a multipathed device for which the <option>features \"1 "
30950
"queue_if_no_path\"</option> option is set as a compiled in default, as it is "
30951
"for many SAN devices, you must add <option>features \"0\"</option> to "
30952
"override this default. You can do this by copying the existing <emphasis "
30953
"role=\"bold\">devices</emphasis> section, and just that section (not the "
30954
"entire file), from <filename>/usr/share/doc/multipath-"
30955
"tools/examples/multipath.conf.annotated.gz</filename> into "
30956
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
30957
msgstr ""
30958
30959
#: serverguide/C/dm-multipath.xml:1470(para)
30960
msgid ""
30961
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
30962
"option and you experience the issue noted here, use the "
30963
"<command>dmsetup</command> command to edit the policy at runtime for a "
30964
"particular LUN (that is, for which all the paths are unavailable). For "
30965
"example, if you want to change the policy on the multipath device "
30966
"<filename>mpathc</filename> from <option>\"queue_if_no_path\"</option> to "
30967
"<option> \"fail_if_no_path\"</option>, execute the following command."
30968
msgstr ""
30969
30970
#: serverguide/C/dm-multipath.xml:1479(screen)
30971
#, no-wrap
30972
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
30973
msgstr ""
30974
30975
#: serverguide/C/dm-multipath.xml:1482(para)
30976
msgid ""
30977
"You must specify the <filename>mpathN</filename> alias rather than the path"
30978
msgstr ""
30979
30980
#: serverguide/C/dm-multipath.xml:1488(title)
30981
msgid "Multipath Command Output"
30982
msgstr ""
30983
30984
#: serverguide/C/dm-multipath.xml:1490(para)
30985
msgid ""
30986
"When you create, modify, or list a multipath device, you get a printout of "
30987
"the current device setup. The format is as follows. For each multipath "
30988
"device:"
30989
msgstr ""
30990
30991
#: serverguide/C/dm-multipath.xml:1494(screen)
30992
#, no-wrap
30993
msgid ""
30994
" action_if_any: alias (wwid_if_different_from_alias) "
30995
"dm_device_name_if_known vendor,product\n"
30996
" size=size features='features' hwhandler='hardware_handler' "
30997
"wp=write_permission_if_known"
30998
msgstr ""
30999
31000
#: serverguide/C/dm-multipath.xml:1497(para)
31001
msgid "For each path group:"
31002
msgstr ""
31003
31004
#: serverguide/C/dm-multipath.xml:1499(screen)
31005
#, no-wrap
31006
msgid ""
31007
" -+- policy='scheduling_policy' prio=prio_if_known\n"
31008
" status=path_group_status_if_known"
31009
msgstr ""
31010
31011
#: serverguide/C/dm-multipath.xml:1502(para)
31012
msgid "For each path:"
31013
msgstr ""
31014
31015
#: serverguide/C/dm-multipath.xml:1504(screen)
31016
#, no-wrap
31017
msgid ""
31018
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
31019
"path_status\n"
31020
" online_status"
31021
msgstr ""
31022
31023
#: serverguide/C/dm-multipath.xml:1507(para)
31024
msgid ""
31025
"For example, the output of a multipath command might appear as follows:"
31026
msgstr ""
31027
31028
#: serverguide/C/dm-multipath.xml:1510(screen)
31029
#, no-wrap
31030
msgid ""
31031
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
31032
" size=269G features='0' hwhandler='0' wp=rw\n"
31033
" |-+- policy='round-robin 0' prio=1 status=active\n"
31034
" | `- 6:0:0:0 sdb 8:16 active ready running\n"
31035
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
31036
" `- 7:0:0:0 sdf 8:80 active ready running"
31037
msgstr ""
31038
31039
#: serverguide/C/dm-multipath.xml:1517(para)
31040
msgid ""
31041
"If the path is up and ready for I/O, the status of the path is <emphasis "
31042
"role=\"bold\">ready</emphasis> or <emphasis "
31043
"role=\"emphasis\">ghost</emphasis>. If the path is down, the status is "
31044
"<emphasis role=\"bold\">faulty</emphasis> or <emphasis "
31045
"role=\"bold\">shaky</emphasis>. The path status is updated periodically by "
31046
"the <command>multipathd</command> daemon based on the polling interval "
31047
"defined in the <filename>/etc/multipath.conf</filename> file."
31048
msgstr ""
31049
31050
#: serverguide/C/dm-multipath.xml:1525(para)
31051
msgid ""
31052
"The dm status is similar to the path status, but from the kernel's point of "
31053
"view. The dm status has two states: <emphasis "
31054
"role=\"bold\">failed</emphasis>, which is analogous to <emphasis "
31055
"role=\"bold\">faulty</emphasis>, and <emphasis "
31056
"role=\"bold\">active</emphasis> which covers all other path states. "
31057
"Occasionally, the path state and the dm state of a device will temporarily "
31058
"not agree."
31059
msgstr ""
31060
31061
#: serverguide/C/dm-multipath.xml:1533(para)
31062
msgid ""
31063
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
31064
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
31065
"role=\"bold\">offline</emphasis>. A status of <emphasis "
31066
"role=\"emphasis\">offline</emphasis> means that the SCSI device has been "
31067
"disabled."
31068
msgstr ""
31069
31070
#: serverguide/C/dm-multipath.xml:1541(para)
31071
msgid ""
31072
"When a multipath device is being created or modified , the path group "
31073
"status, the dm device name, the write permissions, and the dm status are not "
31074
"known. Also, the features are not always correct"
31075
msgstr ""
31076
31077
#: serverguide/C/dm-multipath.xml:1548(title)
31078
msgid "Multipath Queries with multipath Command"
31079
msgstr ""
31080
31081
#: serverguide/C/dm-multipath.xml:1550(para)
31082
msgid ""
31083
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
31084
"role=\"bold\">-ll</emphasis> options of the <emphasis "
31085
"role=\"bold\">multipath</emphasis> command to display the current multipath "
31086
"configuration. The <emphasis role=\"bold\">-l</emphasis> option displays "
31087
"multipath topology gathered from information in sysfs and the device mapper. "
31088
"The <emphasis role=\"bold\">-ll</emphasis> option displays the information "
31089
"the <emphasis role=\"bold\">-l</emphasis> displays in addition to all other "
31090
"available components of the system."
31091
msgstr ""
31092
31093
#: serverguide/C/dm-multipath.xml:1559(para)
31094
msgid ""
31095
"When displaying the multipath configuration, there are three verbosity "
31096
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
31097
"of the multipath command. Specifying <emphasis role=\"bold\">-v0</emphasis> "
31098
"yields no output. Specifying<emphasis role=\"bold\"> -v1</emphasis> outputs "
31099
"the created or updated multipath names only, which you can then feed to "
31100
"other tools such as kpartx. Specifying <emphasis role=\"bold\">-"
31101
"v2</emphasis> prints all detected paths, multipaths, and device maps."
31102
msgstr ""
31103
31104
#: serverguide/C/dm-multipath.xml:1569(para)
31105
msgid ""
31106
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
31107
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
31108
"defining the <link linkend=\"attribute-verbosity\">verbosity "
31109
"attribute</link> in the <emphasis role=\"bold\">defaults</emphasis> section "
31110
"of <filename>multipath.conf</filename>."
31111
msgstr ""
31112
31113
#: serverguide/C/dm-multipath.xml:1576(para)
31114
msgid ""
31115
"The following example shows the output of a <emphasis "
31116
"role=\"bold\">multipath -l</emphasis> command."
31117
msgstr ""
31118
31119
#: serverguide/C/dm-multipath.xml:1579(screen)
31120
#, no-wrap
31121
msgid ""
31122
"# multipath -l\n"
31123
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
31124
" size=269G features='0' hwhandler='0' wp=rw\n"
31125
" |-+- policy='round-robin 0' prio=1 status=active\n"
31126
" | `- 6:0:0:0 sdb 8:16 active ready running\n"
31127
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
31128
" `- 7:0:0:0 sdf 8:80 active ready running"
31129
msgstr ""
31130
31131
#: serverguide/C/dm-multipath.xml:1587(para)
31132
msgid ""
31133
"The following example shows the output of a <emphasis "
31134
"role=\"bold\">multipath -ll</emphasis> command."
31135
msgstr ""
31136
31137
#: serverguide/C/dm-multipath.xml:1590(screen)
31138
#, no-wrap
31139
msgid ""
31140
"# multipath -ll\n"
31141
" 3600d0230000000000e13955cc3757801 dm-10 WINSYS,SF2372\n"
31142
" size=269G features='0' hwhandler='0' wp=rw\n"
31143
" |-+- policy='round-robin 0' prio=1 status=enabled\n"
31144
" | `- 19:0:0:1 sdc 8:32 active ready running\n"
31145
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
31146
" `- 18:0:0:1 sdh 8:112 active ready running\n"
31147
" 3600d0230000000000e13955cc3757803 dm-2 WINSYS,SF2372\n"
31148
" size=125G features='0' hwhandler='0' wp=rw\n"
31149
" `-+- policy='round-robin 0' prio=1 status=active\n"
31150
" |- 19:0:0:3 sde 8:64 active ready running\n"
31151
" `- 18:0:0:3 sdj 8:144 active ready running"
31152
msgstr ""
31153
31154
#: serverguide/C/dm-multipath.xml:1605(title)
31155
msgid "Multipath Command Options"
31156
msgstr ""
31157
31158
#: serverguide/C/dm-multipath.xml:1607(para)
31159
msgid ""
31160
"Table <xref endterm=\"useful-multipath-command-options-title\" "
31161
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
31162
"<emphasis role=\"bold\">multipath</emphasis> command that you might find "
31163
"useful."
31164
msgstr ""
31165
31166
#: serverguide/C/dm-multipath.xml:1613(title)
31167
msgid "Useful multipath Command Options"
31168
msgstr ""
31169
31170
#: serverguide/C/dm-multipath.xml:1622(entry)
31171
msgid "Option"
31172
msgstr ""
31173
31174
#: serverguide/C/dm-multipath.xml:1629(emphasis)
31175
msgid "-l"
31176
msgstr ""
31177
31178
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
31179
msgid "sysfs"
31180
msgstr ""
31181
31182
#: serverguide/C/dm-multipath.xml:1630(entry)
31183
msgid ""
31184
"Display the current multipath configuration gathered from <placeholder-1/> "
31185
"and the device mapper."
31186
msgstr ""
31187
31188
#: serverguide/C/dm-multipath.xml:1636(emphasis)
31189
msgid "-ll"
31190
msgstr ""
31191
31192
#: serverguide/C/dm-multipath.xml:1637(entry)
31193
msgid ""
31194
"Display the current multipath configuration gathered from <placeholder-1/>, "
31195
"the device mapper, and all other available components on the system."
31196
msgstr ""
31197
31198
#: serverguide/C/dm-multipath.xml:1643(emphasis)
31199
msgid "-f device"
31200
msgstr ""
31201
31202
#: serverguide/C/dm-multipath.xml:1644(entry)
31203
msgid "Remove the named multipath device."
31204
msgstr ""
31205
31206
#: serverguide/C/dm-multipath.xml:1648(emphasis)
31207
msgid "-F"
31208
msgstr ""
31209
31210
#: serverguide/C/dm-multipath.xml:1649(entry)
31211
msgid "Remove all unused multipath devices."
31212
msgstr ""
31213
31214
#: serverguide/C/dm-multipath.xml:1657(title)
31215
msgid "Determining Device Mapper Entries with dmsetup Command"
31216
msgstr ""
31217
31218
#: serverguide/C/dm-multipath.xml:1659(para)
31219
msgid ""
31220
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
31221
"out which device mapper entries match the <emphasis "
31222
"role=\"bold\">multipathed</emphasis> devices."
31223
msgstr ""
31224
31225
#: serverguide/C/dm-multipath.xml:1663(para)
31226
msgid ""
31227
"The following command displays all the device mapper devices and their major "
31228
"and minor numbers. The minor numbers determine the name of the dm device. "
31229
"For example, a minor number of <emphasis role=\"bold\">3</emphasis> "
31230
"corresponds to the multipathed device <emphasis "
31231
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
31232
msgstr ""
31233
31234
#: serverguide/C/dm-multipath.xml:1669(screen)
31235
#, no-wrap
31236
msgid ""
31237
"\n"
31238
"# dmsetup ls\n"
31239
"mpathd (253, 4)\n"
31240
"mpathep1 (253, 12)\n"
31241
"mpathfp1 (253, 11)\n"
31242
"mpathb (253, 3)\n"
31243
"mpathgp1 (253, 14)\n"
31244
"mpathhp1 (253, 13)\n"
31245
"mpatha (253, 2)\n"
31246
"mpathh (253, 9)\n"
31247
"mpathg (253, 8)\n"
31248
"VolGroup00-LogVol01 (253, 1)\n"
31249
"mpathf (253, 7)\n"
31250
"VolGroup00-LogVol00 (253, 0)\n"
31251
"mpathe (253, 6)\n"
31252
"mpathbp1 (253, 10)\n"
31253
"mpathd (253, 5)\n"
31254
" "
31255
msgstr ""
31256
31257
#: serverguide/C/dm-multipath.xml:1690(title)
31258
msgid "Troubleshooting with the multipathd interactive console"
31259
msgstr ""
31260
31261
#: serverguide/C/dm-multipath.xml:1692(para)
31262
msgid ""
31263
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
31264
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
31265
"daemon. Entering this command brings up an interactive multipath console. "
31266
"After entering this command, you can enter help to get a list of available "
31267
"commands, you can enter a interactive command, or you can enter <emphasis "
31268
"role=\"bold\">CTRL-D</emphasis> to quit."
31269
msgstr ""
31270
31271
#: serverguide/C/dm-multipath.xml:1699(para)
31272
msgid ""
31273
"The multipathd interactive console can be used to troubleshoot problems you "
31274
"may be having with your system. For example, the following command sequence "
31275
"displays the multipath configuration, including the defaults, before exiting "
31276
"the console. See the IBM article <ulink url=\"http://www-"
31277
"01.ibm.com/support/docview.wss?uid=isg3T1011985\">\"Tricks with "
31278
"Multipathd\"</ulink> for more examples."
31279
msgstr ""
31280
31281
#: serverguide/C/dm-multipath.xml:1706(screen)
31282
#, no-wrap
31283
msgid ""
31284
"# multipathd -k\n"
31285
" > > show config\n"
31286
" > > CTRL-D"
31287
msgstr ""
31288
31289
#: serverguide/C/dm-multipath.xml:1710(para)
31290
msgid ""
31291
"The following command sequence ensures that multipath has picked up any "
31292
"changes to the multipath.conf,"
31293
msgstr ""
31294
31295
#: serverguide/C/dm-multipath.xml:1713(screen)
31296
#, no-wrap
31297
msgid ""
31298
"\n"
31299
"# multipathd -k\n"
31300
"> > reconfigure\n"
31301
"> > CTRL-D\n"
31302
msgstr ""
31303
31304
#: serverguide/C/dm-multipath.xml:1719(para)
31305
msgid ""
31306
"Use the following command sequence to ensure that the path checker is "
31307
"working properly."
31308
msgstr ""
31309
31310
#: serverguide/C/dm-multipath.xml:1722(screen)
31311
#, no-wrap
31312
msgid ""
31313
"\n"
31314
"# multipathd -k\n"
31315
"> > show paths\n"
31316
"> > CTRL-D\n"
31317
msgstr ""
31318
31319
#: serverguide/C/dm-multipath.xml:1728(para)
31320
msgid ""
31321
"Commands can also be streamed into multipathd using stdin like so:<screen># "
31322
"echo 'show config' | multipathd -k</screen>"
31323
msgstr ""
31324
31325
#: serverguide/C/databases.xml:11(title)
31326
msgid "Databases"
31327
msgstr ""
31328
31329
#: serverguide/C/databases.xml:12(para)
31330
msgid "Ubuntu provides two popular database servers. They are:"
31331
msgstr ""
31332
31333
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
31334
msgid "MySQL"
31335
msgstr ""
31336
31337
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
31338
msgid "PostgreSQL"
31339
msgstr ""
31340
31341
#: serverguide/C/databases.xml:23(para)
31342
msgid ""
31343
"They are available in the main repository. This section explains how to "
31344
"install and configure these database servers."
31345
msgstr ""
31346
31347
#: serverguide/C/databases.xml:30(para)
31348
msgid ""
31349
"<application>MySQL</application> is a fast, multi-threaded, multi-user, and "
31350
"robust SQL database server. It is intended for mission-critical, heavy-load "
31351
"production systems as well as for embedding into mass-deployed software."
31352
msgstr ""
31353
31354
#: serverguide/C/databases.xml:38(para)
31355
msgid "To install MySQL, run the following command from a terminal prompt:"
31356
msgstr ""
31357
31358
#: serverguide/C/databases.xml:42(command)
31359
msgid "sudo apt install mysql-server"
31360
msgstr ""
31361
31362
#: serverguide/C/databases.xml:44(para)
31363
msgid ""
31364
"During the installation process you will be prompted to enter a password for "
31365
"the MySQL root user."
31366
msgstr ""
31367
31368
#: serverguide/C/databases.xml:48(para)
31369
msgid ""
31370
"Once the installation is complete, the MySQL server should be started "
31371
"automatically. You can run the following command from a terminal prompt to "
31372
"check whether the MySQL server is running:"
31373
msgstr ""
31374
31375
#: serverguide/C/databases.xml:55(command)
31376
msgid "sudo netstat -tap | grep mysql"
31377
msgstr ""
31378
31379
#: serverguide/C/databases.xml:58(para)
31380
msgid ""
31381
"When you run this command, you should see the following line or something "
31382
"similar:"
31383
msgstr ""
31384
31385
#: serverguide/C/databases.xml:62(programlisting)
31386
#, no-wrap
31387
msgid ""
31388
"\n"
31389
"tcp 0 0 localhost:mysql *:* LISTEN "
31390
"2556/mysqld\n"
31391
msgstr ""
31392
31393
#: serverguide/C/databases.xml:65(para)
31394
msgid ""
31395
"If the server is not running correctly, you can type the following command "
31396
"to start it:"
31397
msgstr ""
31398
31399
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
31400
msgid "sudo systemctl restart mysql.service"
31401
msgstr ""
31402
31403
#: serverguide/C/databases.xml:74(para)
31404
msgid ""
31405
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
31406
"the basic settings -- log file, port number, etc. For example, to configure "
31407
"MySQL to listen for connections from network hosts, change the "
31408
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
31409
msgstr ""
31410
31411
#: serverguide/C/databases.xml:80(programlisting)
31412
#, no-wrap
31413
msgid ""
31414
"\n"
31415
"bind-address = 192.168.0.5\n"
31416
msgstr ""
31417
31418
#: serverguide/C/databases.xml:84(para)
31419
msgid "Replace 192.168.0.5 with the appropriate address."
31420
msgstr ""
31421
31422
#: serverguide/C/databases.xml:88(para)
31423
msgid ""
31424
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
31425
"daemon will need to be restarted:"
31426
msgstr ""
31427
31428
#: serverguide/C/databases.xml:95(para)
31429
msgid ""
31430
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
31431
"a terminal enter:"
31432
msgstr ""
31433
31434
#: serverguide/C/databases.xml:100(command)
31435
msgid "sudo dpkg-reconfigure mysql-server-5.5"
31436
msgstr ""
31437
31438
#: serverguide/C/databases.xml:102(para)
31439
msgid ""
31440
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
31441
"password."
31442
msgstr ""
31443
31444
#: serverguide/C/databases.xml:107(title)
31445
msgid "Database Engines"
31446
msgstr ""
31447
31448
#: serverguide/C/databases.xml:108(para)
31449
msgid ""
31450
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
31451
"perfectly functional and performs well there are things you may wish to "
31452
"consider before you proceed."
31453
msgstr ""
31454
31455
#: serverguide/C/databases.xml:112(para)
31456
msgid ""
31457
"MySQL is designed to allow data to be stored in different ways. These "
31458
"methods are referred to as either database or storage engines. There are two "
31459
"main engines that you'll be interested in: InnoDB and MyISAM. Storage "
31460
"engines are transparent to the end user. MySQL will handle things "
31461
"differently under the surface, but regardless of which storage engine is in "
31462
"use, you will interact with the database in the same way."
31463
msgstr ""
31464
31465
#: serverguide/C/databases.xml:119(para)
31466
msgid "Each engine has its own advantages and disadvantages."
31467
msgstr ""
31468
31469
#: serverguide/C/databases.xml:122(para)
31470
msgid ""
31471
"While it is possible, and may be advantageous to mix and match database "
31472
"engines on a table level, doing so reduces the effectiveness of the "
31473
"performance tuning you can do as you'll be splitting the resources between "
31474
"two engines instead of dedicating them to one."
31475
msgstr ""
31476
31477
#: serverguide/C/databases.xml:129(para)
31478
msgid ""
31479
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
31480
"circumstances and favours a read only workload. Some web applications have "
31481
"been tuned around MyISAM (though that's not to imply that they will slow "
31482
"under InnoDB). MyISAM also supports the FULLTEXT data type, which allows "
31483
"very fast searches of large quantities of text data. However MyISAM is only "
31484
"capable of locking an entire table for writing. This means only one process "
31485
"can update a table at a time. As any application that uses the table scales "
31486
"this may prove to be a hindrance. It also lacks journaling, which makes it "
31487
"harder for data to be recovered after a crash. The following link provides "
31488
"some points for consideration about using <ulink "
31489
"url=\"http://www.mysqlperformanceblog.com/2006/06/17/using-myisam-in-"
31490
"production/\">MyISAM on a production database</ulink>."
31491
msgstr ""
31492
31493
#: serverguide/C/databases.xml:143(para)
31494
msgid ""
31495
"InnoDB is a more modern database engine, designed to be <ulink "
31496
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
31497
"guarantees database transactions are processed reliably. Write locking can "
31498
"occur on a row level basis within a table. That means multiple updates can "
31499
"occur on a single table simultaneously. Data caching is also handled in "
31500
"memory within the database engine, allowing caching on a more efficient row "
31501
"level basis rather than file block. To meet ACID compliance all transactions "
31502
"are journaled independently of the main tables. This allows for much more "
31503
"reliable data recovery as data consistency can be checked."
31504
msgstr ""
31505
31506
#: serverguide/C/databases.xml:156(para)
31507
msgid ""
31508
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
31509
"MyISAM unless you have specific need for features unique to the engine."
31510
msgstr ""
31511
31512
#: serverguide/C/databases.xml:163(title)
31513
msgid "Creating a tuned my.cnf file"
31514
msgstr ""
31515
31516
#: serverguide/C/databases.xml:164(para)
31517
msgid ""
31518
"There are a number of parameters that can be adjusted within MySQL's "
31519
"configuration file that will allow you to improve the performance of the "
31520
"server over time. For initial set-up you may find <ulink "
31521
"url=\"http://tools.percona.com/members/wizard\">Percona's my.cnf generating "
31522
"tool</ulink> useful. This tool will help generate a my.cnf file that will be "
31523
"much more optimised for your specific server capabilities and your "
31524
"requirements."
31525
msgstr ""
31526
31527
#: serverguide/C/databases.xml:169(para)
31528
msgid ""
31529
"<emphasis>Do not</emphasis> replace your existing my.cnf file with Percona's "
31530
"one if you have already loaded data into the database. Some of the changes "
31531
"that will be in the file will be incompatible as they alter how data is "
31532
"stored on the hard disk and you'll be unable to start MySQL. If you do wish "
31533
"to use it and you have existing data, you will need to carry out a mysqldump "
31534
"and reload: <screen>\n"
31535
"mysqldump --all-databases --routines -u root -p > ~/fulldump.sql\n"
31536
"</screen> This will then prompt you for the root password before creating a "
31537
"copy of the data. It is advisable to make sure there are no other users or "
31538
"processes using the database whilst this takes place. Depending on how much "
31539
"data you've got in your database, this may take a while. You won't see "
31540
"anything on the screen during this process."
31541
msgstr ""
31542
31543
#: serverguide/C/databases.xml:180(para)
31544
msgid ""
31545
"Once the dump has been completed, shut down MySQL: <screen>\n"
31546
"<command>sudo systemctl stop mysql.service</command>\n"
31547
"</screen> Now backup the original my.cnf file and replace with the new one: "
31548
"<screen>\n"
31549
"<command>sudo cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup</command>\n"
31550
"<command>sudo cp /path/to/new/my.cnf /etc/mysql/my.cnf</command>\n"
31551
"</screen> Then delete and re-initialise the database space and make sure "
31552
"ownership is correct before restarting MySQL: <screen>\n"
31553
"<command>sudo rm -rf /var/lib/mysql/*</command>\n"
31554
"<command>sudo mysql_install_db</command>\n"
31555
"<command>sudo chown -R mysql: /var/lib/mysql</command>\n"
31556
"<command>sudo systemctl start mysql.service</command>\n"
31557
"</screen> Finally all that's left is to re-import your data. To give us an "
31558
"idea of how far the import process has got you may find the 'Pipe Viewer' "
31559
"utility, pv, useful. The following shows how to install and use pv for this "
31560
"case, but if you'd rather not use it just replace pv with cat in the "
31561
"following command. Ignore any ETA times produced by pv, they're based on the "
31562
"average time taken to handle each row of the file, but the speed of "
31563
"inserting can vary wildly from row to row with mysqldumps: <screen>\n"
31564
"<command>sudo apt install pv</command>\n"
31565
"<command>pv ~/fulldump.sql | mysql</command>\n"
31566
"</screen> Once that is complete all is good to go!"
31567
msgstr ""
31568
31569
#: serverguide/C/databases.xml:206(para)
31570
msgid ""
31571
"This is not necessary for all my.cnf changes. Most of the variables you may "
31572
"wish to change to improve performance are adjustable even whilst the server "
31573
"is running. As with anything, make sure to have a good backup copy of config "
31574
"files and data before making changes."
31575
msgstr ""
31576
31577
#: serverguide/C/databases.xml:215(title)
31578
msgid "MySQL Tuner"
31579
msgstr ""
31580
31581
#: serverguide/C/databases.xml:216(para)
31582
msgid ""
31583
"<application>MySQL Tuner</application> is a useful tool that will connect to "
31584
"a running MySQL instance and offer suggestions for how it can be best "
31585
"configured for your workload. The longer the server has been running for, "
31586
"the better the advice mysqltuner can provide. In a production environment, "
31587
"consider waiting for at least 24 hours before running the tool. You can get "
31588
"install mysqltuner from the Ubuntu repositories: <screen>\n"
31589
"<command>sudo apt install mysqltuner</command>\n"
31590
"</screen> Then once its been installed, run it: <screen>\n"
31591
"<command>mysqltuner</command>\n"
31592
"</screen> and wait for its final report. The top section provides general "
31593
"information about the database server, and the bottom section provides "
31594
"tuning suggestions to alter in your my.cnf. Most of these can be altered "
31595
"live on the server without restarting, look through the official MySQL "
31596
"documentation (link in Resources section) for the relevant variables to "
31597
"change in production. The following is part of an example report from a "
31598
"production database which shows there may be some benefit from increasing "
31599
"the amount of query cache: <screen>\n"
31600
"-------- Recommendations ----------------------------------------------------"
31601
"-\n"
31602
"General recommendations:\n"
31603
" Run OPTIMIZE TABLE to defragment tables for better performance\n"
31604
" Increase table_cache gradually to avoid file descriptor limits\n"
31605
"Variables to adjust:\n"
31606
" key_buffer_size (> 1.4G)\n"
31607
" query_cache_size (> 32M)\n"
31608
" table_cache (> 64)\n"
31609
" innodb_buffer_pool_size (>= 22G)\n"
31610
"</screen>"
31611
msgstr ""
31612
31613
#: serverguide/C/databases.xml:250(para)
31614
msgid ""
31615
"One final comment on tuning databases: Whilst we can broadly say that "
31616
"certain settings are the best, performance can vary from application to "
31617
"application. For example, what works best for Wordpress might not be the "
31618
"best for Drupal, Joomla or proprietary applications. Performance is "
31619
"dependent on the types of queries, use of indexes, how efficient the "
31620
"database design is and so on. You may find it useful to spend some time "
31621
"searching for database tuning tips based on what applications you're using "
31622
"it for. Once you get past a certain point any adjustments you make will only "
31623
"result in minor improvements, and you'll be better off either improving the "
31624
"application, or looking at scaling up your database environment through "
31625
"either using more powerful hardware or by adding slave servers."
31626
msgstr ""
31627
31628
#: serverguide/C/databases.xml:267(para)
31629
msgid ""
31630
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
31631
"more information."
31632
msgstr ""
31633
31634
#: serverguide/C/databases.xml:272(para)
31635
msgid ""
31636
"Full documentation is available in both online and offline formats from the "
31637
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
31638
msgstr ""
31639
31640
#: serverguide/C/databases.xml:278(para)
31641
msgid ""
31642
"For general SQL information see <ulink "
31643
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
31644
"SQL Special Edition</ulink> by Rafe Colburn."
31645
msgstr ""
31646
31647
#: serverguide/C/databases.xml:284(para)
31648
msgid ""
31649
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
31650
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
31651
msgstr ""
31652
31653
#: serverguide/C/databases.xml:294(para)
31654
msgid ""
31655
"<application>PostgreSQL</application> is an object-relational database "
31656
"system that has the features of traditional commercial database systems with "
31657
"enhancements to be found in next-generation DBMS systems."
31658
msgstr ""
31659
31660
#: serverguide/C/databases.xml:301(para)
31661
msgid ""
31662
"To install <application>PostgreSQL</application>, run the following command "
31663
"in the command prompt:"
31664
msgstr ""
31665
31666
#: serverguide/C/databases.xml:307(command)
31667
msgid "sudo apt install postgresql"
31668
msgstr ""
31669
31670
#: serverguide/C/databases.xml:310(para)
31671
msgid ""
31672
"Once the installation is complete, you should configure the "
31673
"<application>PostgreSQL</application> server based on your needs, although "
31674
"the default configuration is viable."
31675
msgstr ""
31676
31677
#: serverguide/C/databases.xml:317(para)
31678
msgid ""
31679
"<application>PostgreSQL</application> supports multiple client "
31680
"authentication methods. IDENT authentication method is used for "
31681
"<application>postgres</application> and local users, unless otherwise "
31682
"configured. Please refer to the <ulink "
31683
"url=\"http://www.postgresql.org/docs/current/static/admin.html\"> PostgreSQL "
31684
"Administrator's Guide</ulink> if you would like to configure alternatives "
31685
"like Kerberos."
31686
msgstr ""
31687
31688
#: serverguide/C/databases.xml:323(para)
31689
msgid ""
31690
"The following discussion assumes that you wish to enable TCP/IP connections "
31691
"and use the MD5 method for client authentication. "
31692
"<application>PostgreSQL</application>configuration files are stored in the "
31693
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
31694
"example, if you install <application>PostgreSQL 9.5</application>, the "
31695
"configuration files are stored in the "
31696
"<filename>/etc/postgresql/9.5/main</filename> directory."
31697
msgstr ""
31698
31699
#: serverguide/C/databases.xml:332(para)
31700
msgid ""
31701
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
31702
"<filename>/etc/postgresql/9.5/main/pg_ident.conf</filename> file. There are "
31703
"detailed comments in the file to guide you."
31704
msgstr ""
31705
31706
#: serverguide/C/databases.xml:338(para)
31707
msgid ""
31708
"To enable other computers to connect to your "
31709
"<application>PostgreSQL</application> server, edit the file "
31710
"<filename>/etc/postgresql/9.5/main/postgresql.conf</filename>"
31711
msgstr ""
31712
31713
#: serverguide/C/databases.xml:339(para)
31714
msgid ""
31715
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
31716
"change it to:"
31717
msgstr ""
31718
31719
#: serverguide/C/databases.xml:342(programlisting)
31720
#, no-wrap
31721
msgid ""
31722
"\n"
31723
"listen_addresses = '*'\n"
31724
msgstr ""
31725
31726
#: serverguide/C/databases.xml:346(para)
31727
msgid "To allow both IPv4 and IPv6 connections replace 'localhost' with '::'"
31728
msgstr ""
31729
31730
#: serverguide/C/databases.xml:350(para)
31731
msgid ""
31732
"You may also edit all other parameters, if you know what you are doing! For "
31733
"details, refer to the configuration file or to the "
31734
"<application>PostgreSQL</application> documentation."
31735
msgstr ""
31736
31737
#: serverguide/C/databases.xml:355(para)
31738
msgid ""
31739
"Now that we can connect to our <application>PostgreSQL</application> server, "
31740
"the next step is to set a password for the <emphasis>postgres</emphasis> "
31741
"user. Run the following command at a terminal prompt to connect to the "
31742
"default <application>PostgreSQL</application> template database:"
31743
msgstr ""
31744
31745
#: serverguide/C/databases.xml:362(command)
31746
msgid "sudo -u postgres psql template1"
31747
msgstr ""
31748
31749
#: serverguide/C/databases.xml:364(para)
31750
msgid ""
31751
"The above command connects to <application>PostgreSQL</application> database "
31752
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
31753
"you connect to the <application>PostgreSQL</application> server, you will be "
31754
"at a SQL prompt. You can run the following SQL command at the "
31755
"<application>psql</application> prompt to configure the password for the "
31756
"user <emphasis role=\"italics\">postgres</emphasis>."
31757
msgstr ""
31758
31759
#: serverguide/C/databases.xml:372(command)
31760
msgid "ALTER USER postgres with encrypted password 'your_password';"
31761
msgstr ""
31762
31763
#: serverguide/C/databases.xml:374(para)
31764
msgid ""
31765
"After configuring the password, edit the file "
31766
"<filename>/etc/postgresql/9.5/main/pg_hba.conf</filename> to use "
31767
"<emphasis>MD5</emphasis> authentication with the "
31768
"<emphasis>postgres</emphasis> user:"
31769
msgstr ""
31770
31771
#: serverguide/C/databases.xml:380(programlisting)
31772
#, no-wrap
31773
msgid ""
31774
"\n"
31775
"local all postgres md5\n"
31776
msgstr ""
31777
31778
#: serverguide/C/databases.xml:384(para)
31779
msgid ""
31780
"Finally, you should restart the <application>PostgreSQL</application> "
31781
"service to initialize the new configuration. From a terminal prompt enter "
31782
"the following to restart <application>PostgreSQL</application>:"
31783
msgstr ""
31784
31785
#: serverguide/C/databases.xml:390(command)
31786
msgid "sudo systemctl restart postgresql.service"
31787
msgstr ""
31788
31789
#: serverguide/C/databases.xml:393(para)
31790
msgid ""
31791
"The above configuration is not complete by any means. Please refer to the "
31792
"<ulink url=\"http://www.postgresql.org/docs/current/static/admin.html\"> "
31793
"PostgreSQL Administrator's Guide</ulink> to configure more parameters."
31794
msgstr ""
31795
31796
#: serverguide/C/databases.xml:399(para)
31797
msgid ""
31798
"You can test server connections from other machines by using the "
31799
"<application>PostgreSQL</application> client."
31800
msgstr ""
31801
31802
#: serverguide/C/databases.xml:403(command)
31803
msgid "sudo apt install postgresql-client"
31804
msgstr ""
31805
31806
#: serverguide/C/databases.xml:404(command)
31807
msgid "psql -h postgres.example.com -U postgres -W"
31808
msgstr ""
31809
31810
#: serverguide/C/databases.xml:407(para)
31811
msgid "Replace the domain name with your actual server domain name."
31812
msgstr ""
31813
31814
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
31815
msgid "Backups"
31816
msgstr ""
31817
31818
#: serverguide/C/databases.xml:414(para)
31819
msgid ""
31820
"<application>PostgreSQL</application> databases should be backed up "
31821
"regularly. Refer to the <ulink "
31822
"url=\"http://www.postgresql.org/docs/current/static/backup.html\">PostgreSQL "
31823
"Administrator's Guide</ulink> for different approaches."
31824
msgstr ""
31825
31826
#: serverguide/C/databases.xml:422(para)
31827
msgid ""
31828
"As mentioned above the <ulink "
31829
"url=\"http://www.postgresql.org/docs/current/static/admin.html\">PostgreSQL "
31830
"Administrator's Guide</ulink> is an excellent resource. The guide is also "
31831
"available in the <application>postgresql-doc-9.5</application> package. "
31832
"Execute the following in a terminal to install the package:"
31833
msgstr ""
31834
31835
#: serverguide/C/databases.xml:428(command)
31836
msgid "sudo apt install postgresql-doc-9.5"
31837
msgstr ""
31838
31839
#: serverguide/C/databases.xml:430(para)
31840
msgid ""
31841
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
31842
"9.5/html/index.html</command> into the address bar of your browser."
31843
msgstr ""
31844
31845
#: serverguide/C/databases.xml:436(para)
31846
msgid ""
31847
"For general SQL information see <ulink "
31848
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
31849
"Special Edition</ulink> by Rafe Colburn."
31850
msgstr ""
31851
31852
#: serverguide/C/databases.xml:442(para)
31853
msgid ""
31854
"Also, see the <ulink "
31855
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
31856
"Wiki</ulink> page for more information."
31857
msgstr ""
31858
31859
#: serverguide/C/clustering.xml:11(title)
31860
msgid "Clustering"
31861
msgstr ""
31862
31863
#: serverguide/C/clustering.xml:14(title)
31864
msgid "DRBD"
31865
msgstr ""
31866
31867
#: serverguide/C/clustering.xml:16(para)
31868
msgid ""
31869
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
31870
"multiple hosts. The replication is transparent to other applications on the "
31871
"host systems. Any block device hard disks, partitions, RAID devices, logical "
31872
"volumes, etc can be mirrored."
31873
msgstr ""
31874
31875
#: serverguide/C/clustering.xml:22(para)
31876
msgid ""
31877
"To get started using <application>drbd</application>, first install the "
31878
"necessary packages. From a terminal enter:"
31879
msgstr ""
31880
31881
#: serverguide/C/clustering.xml:27(command)
31882
msgid "sudo apt install drbd8-utils"
31883
msgstr ""
31884
31885
#: serverguide/C/clustering.xml:31(para)
31886
msgid ""
31887
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
31888
"virtual machine you will need to manually compile the "
31889
"<application>drbd</application> module. It may be easier to install the "
31890
"<application>linux-server</application> package inside the virtual machine."
31891
msgstr ""
31892
31893
#: serverguide/C/clustering.xml:38(para)
31894
msgid ""
31895
"This section covers setting up a <application>drbd</application> to "
31896
"replicate a separate <filename>/srv</filename> partition, with an "
31897
"<application>ext3</application> filesystem between two hosts. The partition "
31898
"size is not particularly relevant, but both partitions need to be the same "
31899
"size."
31900
msgstr ""
31901
31902
#: serverguide/C/clustering.xml:47(para)
31903
msgid ""
31904
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
31905
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
31906
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
31907
"See <xref linkend=\"dns\"/> for details."
31908
msgstr ""
31909
31910
#: serverguide/C/clustering.xml:55(para)
31911
msgid ""
31912
"To configure <application>drbd</application>, on the first host edit "
31913
"<filename>/etc/drbd.conf</filename>:"
31914
msgstr ""
31915
31916
#: serverguide/C/clustering.xml:59(programlisting)
31917
#, no-wrap
31918
msgid ""
31919
"\n"
31920
"global { usage-count no; }\n"
31921
"common { syncer { rate 100M; } }\n"
31922
"resource r0 {\n"
31923
" protocol C;\n"
31924
" startup {\n"
31925
" wfc-timeout 15;\n"
31926
" degr-wfc-timeout 60;\n"
31927
" }\n"
31928
" net {\n"
31929
" cram-hmac-alg sha1;\n"
31930
" shared-secret \"secret\";\n"
31931
" }\n"
31932
" on drbd01 {\n"
31933
" device /dev/drbd0;\n"
31934
" disk /dev/sdb1;\n"
31935
" address 192.168.0.1:7788;\n"
31936
" meta-disk internal;\n"
31937
" }\n"
31938
" on drbd02 {\n"
31939
" device /dev/drbd0;\n"
31940
" disk /dev/sdb1;\n"
31941
" address 192.168.0.2:7788;\n"
31942
" meta-disk internal;\n"
31943
" }\n"
31944
"} \n"
31945
msgstr ""
31946
31947
#: serverguide/C/clustering.xml:88(para)
31948
msgid ""
31949
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
31950
"this example their default values are fine."
31951
msgstr ""
31952
31953
#: serverguide/C/clustering.xml:96(para)
31954
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
31955
msgstr ""
31956
31957
#: serverguide/C/clustering.xml:101(command)
31958
msgid "scp /etc/drbd.conf drbd02:~"
31959
msgstr ""
31960
31961
#: serverguide/C/clustering.xml:107(para)
31962
msgid ""
31963
"And, on <emphasis>drbd02</emphasis> move the file to "
31964
"<filename>/etc</filename>:"
31965
msgstr ""
31966
31967
#: serverguide/C/clustering.xml:112(command)
31968
msgid "sudo mv drbd.conf /etc/"
31969
msgstr ""
31970
31971
#: serverguide/C/clustering.xml:118(para)
31972
msgid ""
31973
"Now using the <application>drbdadm</application> utility initialize the meta "
31974
"data storage. On each server execute:"
31975
msgstr ""
31976
31977
#: serverguide/C/clustering.xml:124(command)
31978
msgid "sudo drbdadm create-md r0"
31979
msgstr ""
31980
31981
#: serverguide/C/clustering.xml:130(para)
31982
msgid ""
31983
"Next, on both hosts, start the <application>drbd</application> daemon:"
31984
msgstr ""
31985
31986
#: serverguide/C/clustering.xml:135(command)
31987
msgid "sudo systemctl start drbd.service"
31988
msgstr ""
31989
31990
#: serverguide/C/clustering.xml:141(para)
31991
msgid ""
31992
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
31993
"primary, enter the following:"
31994
msgstr ""
31995
31996
#: serverguide/C/clustering.xml:146(command)
31997
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
31998
msgstr ""
31999
32000
#: serverguide/C/clustering.xml:152(para)
32001
msgid ""
32002
"After executing the above command, the data will start syncing with the "
32003
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
32004
"the following:"
32005
msgstr ""
32006
32007
#: serverguide/C/clustering.xml:158(command)
32008
msgid "watch -n1 cat /proc/drbd"
32009
msgstr ""
32010
32011
#: serverguide/C/clustering.xml:161(para)
32012
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
32013
msgstr ""
32014
32015
#: serverguide/C/clustering.xml:168(para)
32016
msgid ""
32017
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
32018
msgstr ""
32019
32020
#: serverguide/C/clustering.xml:173(command)
32021
msgid "sudo mkfs.ext3 /dev/drbd0"
32022
msgstr ""
32023
32024
#: serverguide/C/clustering.xml:174(command) serverguide/C/clustering.xml:222(command)
32025
msgid "sudo mount /dev/drbd0 /srv"
32026
msgstr ""
32027
32028
#: serverguide/C/clustering.xml:184(para)
32029
msgid ""
32030
"To test that the data is actually syncing between the hosts copy some files "
32031
"on the <emphasis>drbd01</emphasis>, the primary, to "
32032
"<filename>/srv</filename>:"
32033
msgstr ""
32034
32035
#: serverguide/C/clustering.xml:193(para)
32036
msgid "Next, unmount <filename>/srv</filename>:"
32037
msgstr ""
32038
32039
#: serverguide/C/clustering.xml:201(para)
32040
msgid ""
32041
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
32042
"<emphasis>secondary</emphasis> role:"
32043
msgstr ""
32044
32045
#: serverguide/C/clustering.xml:206(command)
32046
msgid "sudo drbdadm secondary r0"
32047
msgstr ""
32048
32049
#: serverguide/C/clustering.xml:209(para)
32050
msgid ""
32051
"Now on the <emphasis>secondary</emphasis> server "
32052
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
32053
msgstr ""
32054
32055
#: serverguide/C/clustering.xml:214(command)
32056
msgid "sudo drbdadm primary r0"
32057
msgstr ""
32058
32059
#: serverguide/C/clustering.xml:217(para)
32060
msgid "Lastly, mount the partition:"
32061
msgstr ""
32062
32063
#: serverguide/C/clustering.xml:225(para)
32064
msgid ""
32065
"Using <emphasis>ls</emphasis> you should see "
32066
"<filename>/srv/default</filename> copied from the former "
32067
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
32068
msgstr ""
32069
32070
#: serverguide/C/clustering.xml:236(para)
32071
msgid ""
32072
"For more information on <application>DRBD</application> see the <ulink "
32073
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
32074
msgstr ""
32075
32076
#: serverguide/C/clustering.xml:241(para)
32077
msgid ""
32078
"The <ulink "
32079
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/drbd.conf.5.html\">d"
32080
"rbd.conf man page</ulink> contains details on the options not covered in "
32081
"this guide."
32082
msgstr ""
32083
32084
#: serverguide/C/clustering.xml:247(para)
32085
msgid ""
32086
"Also, see the <ulink "
32087
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man8/drbdadm.8.html\">drb"
32088
"dadm man page</ulink>."
32089
msgstr ""
32090
32091
#: serverguide/C/clustering.xml:252(para)
32092
msgid ""
32093
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
32094
"Wiki</ulink> page also has more information."
32095
msgstr ""
32096
32097
#: serverguide/C/chat.xml:11(title)
32098
msgid "Chat Applications"
32099
msgstr ""
32100
32101
#: serverguide/C/chat.xml:17(para)
32102
msgid ""
32103
"In this section, we will discuss how to install and configure a IRC server, "
32104
"<application>ircd-irc2</application>. We will also discuss how to install "
32105
"and configure Jabber, an instance messaging server."
32106
msgstr ""
32107
32108
#: serverguide/C/chat.xml:26(title)
32109
msgid "IRC Server"
32110
msgstr ""
32111
32112
#: serverguide/C/chat.xml:28(para)
32113
msgid ""
32114
"The Ubuntu repository has many Internet Relay Chat servers. This section "
32115
"explains how to install and configure the original IRC server "
32116
"<application>ircd-irc2</application>."
32117
msgstr ""
32118
32119
#: serverguide/C/chat.xml:37(para)
32120
msgid ""
32121
"To install <application>ircd-irc2</application>, run the following command "
32122
"in the command prompt:"
32123
msgstr ""
32124
32125
#: serverguide/C/chat.xml:43(command)
32126
msgid "sudo apt install ircd-irc2"
32127
msgstr ""
32128
32129
#: serverguide/C/chat.xml:46(para)
32130
msgid ""
32131
"The configuration files are stored in <filename>/etc/ircd</filename> "
32132
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
32133
"irc2</filename> directory."
32134
msgstr ""
32135
32136
#: serverguide/C/chat.xml:57(para)
32137
msgid ""
32138
"The IRC settings can be done in the configuration file "
32139
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
32140
"this file by editing the following line:"
32141
msgstr ""
32142
32143
#: serverguide/C/chat.xml:62(programlisting)
32144
#, no-wrap
32145
msgid ""
32146
"\n"
32147
"M:irc.localhost::Debian ircd default configuration::000A\n"
32148
msgstr ""
32149
32150
#: serverguide/C/chat.xml:66(para)
32151
msgid ""
32152
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
32153
"you set irc.livecipher.com as IRC host name, please make sure "
32154
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
32155
"name should not be same as the host name."
32156
msgstr ""
32157
32158
#: serverguide/C/chat.xml:73(para)
32159
msgid ""
32160
"The IRC admin details can be configured by editing the following line:"
32161
msgstr ""
32162
32163
#: serverguide/C/chat.xml:78(programlisting)
32164
#, no-wrap
32165
msgid ""
32166
"\n"
32167
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
32168
"Server::IRCnet:\n"
32169
msgstr ""
32170
32171
#: serverguide/C/chat.xml:82(para)
32172
msgid ""
32173
"You should add specific lines to configure the list of IRC ports to listen "
32174
"on, to configure Operator credentials, to configure client authentication, "
32175
"etc. For details, please refer to the example configuration file "
32176
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
32177
msgstr ""
32178
32179
#: serverguide/C/chat.xml:90(para)
32180
msgid ""
32181
"The IRC banner to be displayed in the IRC client, when the user connects to "
32182
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
32183
msgstr ""
32184
32185
#: serverguide/C/chat.xml:95(para)
32186
msgid ""
32187
"After making necessary changes to the configuration file, you can restart "
32188
"the IRC server using following command:"
32189
msgstr ""
32190
32191
#: serverguide/C/chat.xml:101(command)
32192
msgid "sudo systemctl restart ircd-irc2.service"
32193
msgstr ""
32194
32195
#: serverguide/C/chat.xml:108(para)
32196
msgid ""
32197
"You may also be interested to take a look at other IRC servers available in "
32198
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
32199
"<application>ircd-hybrid</application>."
32200
msgstr ""
32201
32202
#: serverguide/C/chat.xml:116(para)
32203
msgid ""
32204
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
32205
"FAQ</ulink> for more details about the IRC Server."
32206
msgstr ""
32207
32208
#: serverguide/C/chat.xml:126(title)
32209
msgid "Jabber Instant Messaging Server"
32210
msgstr ""
32211
32212
#: serverguide/C/chat.xml:128(para)
32213
msgid ""
32214
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
32215
"XMPP, an open standard for instant messaging, and used by many popular "
32216
"applications. This section covers setting up a <emphasis>Jabberd "
32217
"2</emphasis> server on a local LAN. This configuration can also be adapted "
32218
"to providing messaging services to users over the Internet."
32219
msgstr ""
32220
32221
#: serverguide/C/chat.xml:137(para)
32222
msgid "To install <application>jabberd2</application>, in a terminal enter:"
32223
msgstr ""
32224
32225
#: serverguide/C/chat.xml:142(command)
32226
msgid "sudo apt install jabberd2"
32227
msgstr ""
32228
32229
#: serverguide/C/chat.xml:149(para)
32230
msgid ""
32231
"A couple of XML configuration files will be used to configure "
32232
"<application>jabberd2</application> for <emphasis>Berkeley DB</emphasis> "
32233
"user authentication. This is a very simple form of authentication. However, "
32234
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
32235
"PostgreSQL, etc for for user authentication."
32236
msgstr ""
32237
32238
#: serverguide/C/chat.xml:156(para)
32239
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
32240
msgstr ""
32241
32242
#: serverguide/C/chat.xml:160(programlisting)
32243
#, no-wrap
32244
msgid ""
32245
"\n"
32246
" <id>jabber.example.com</id>\n"
32247
msgstr ""
32248
32249
#: serverguide/C/chat.xml:165(para)
32250
msgid ""
32251
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
32252
"id, of your server."
32253
msgstr ""
32254
32255
#: serverguide/C/chat.xml:170(para)
32256
msgid "Now in the <storage> section change the <driver> to:"
32257
msgstr ""
32258
32259
#: serverguide/C/chat.xml:174(programlisting)
32260
#, no-wrap
32261
msgid ""
32262
"\n"
32263
" <driver>db</driver>\n"
32264
msgstr ""
32265
32266
#: serverguide/C/chat.xml:178(para)
32267
msgid ""
32268
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
32269
"<emphasis><local></emphasis> section change:"
32270
msgstr ""
32271
32272
#: serverguide/C/chat.xml:182(programlisting)
32273
#, no-wrap
32274
msgid ""
32275
"\n"
32276
" <id>jabber.example.com</id>\n"
32277
msgstr ""
32278
32279
#: serverguide/C/chat.xml:186(para)
32280
msgid ""
32281
"And in the <authreg> section adjust the <module> section to:"
32282
msgstr ""
32283
32284
#: serverguide/C/chat.xml:190(programlisting)
32285
#, no-wrap
32286
msgid ""
32287
"\n"
32288
" <module>db</module>\n"
32289
msgstr ""
32290
32291
#: serverguide/C/chat.xml:194(para)
32292
msgid ""
32293
"Finally, restart <application>jabberd2</application> to enable the new "
32294
"settings:"
32295
msgstr ""
32296
32297
#: serverguide/C/chat.xml:199(command)
32298
msgid "sudo systemctl restart jabberd2.service"
32299
msgstr ""
32300
32301
#: serverguide/C/chat.xml:202(para)
32302
msgid ""
32303
"You should now be able to connect to the server using a Jabber client like "
32304
"<application>Pidgin</application> for example."
32305
msgstr ""
32306
32307
#: serverguide/C/chat.xml:207(para)
32308
msgid ""
32309
"The advantage of using Berkeley DB for user data is that after being "
32310
"configured no additional maintenance is required. If you need more control "
32311
"over user accounts and credentials another authentication method is "
32312
"recommended."
32313
msgstr ""
32314
32315
#: serverguide/C/chat.xml:219(para)
32316
msgid ""
32317
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
32318
"Site</ulink> contains more details on configuring "
32319
"<application>Jabberd2</application>."
32320
msgstr ""
32321
32322
#: serverguide/C/chat.xml:225(para)
32323
msgid ""
32324
"For more authentication options see the <ulink "
32325
"url=\"http://www.jabberdoc.org/\">Jabberd2 Install Guide</ulink>."
32326
msgstr ""
32327
32328
#: serverguide/C/chat.xml:230(para)
32329
msgid ""
32330
"Also, the <ulink "
32331
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
32332
"Jabber Server Ubuntu Wiki</ulink> page has more information."
32333
msgstr ""
32334
32335
#: serverguide/C/cgroups.xml:13(para)
32336
msgid ""
32337
"Control groups (cgroups) are a kernel mechanism for grouping, tracking, and "
32338
"limiting the resource usage of tasks. The kernel-provided administration "
32339
"interface is through a virtual filesystem. Higher level cgroup "
32340
"administration tools have been developed, including libcgroup and lmctfy. "
32341
"Additionally, there is guidance at freedesktop.org for how applications can "
32342
"best cooperate using the cgroup filesystem interface (see Resources)."
32343
msgstr ""
32344
32345
#: serverguide/C/cgroups.xml:23(para)
32346
msgid ""
32347
"As of Ubuntu 14.04, the cgroup manager (cgmanager) is available as another "
32348
"cgroup administion interface. It's goal is to respond to dbus requests from "
32349
"any user, allowing him to administer only those cgroups which have been "
32350
"delegated to him."
32351
msgstr ""
32352
32353
#: serverguide/C/cgroups.xml:30(para)
32354
msgid ""
32355
"<xref linkend=\"cgroups-overview\"/> will describe cgroups in more detail. "
32356
"<xref linkend=\"cgroups-fs\"/> will describe the long-standing cgroups "
32357
"filesystem interface. <xref linkend=\"cgroups-manager\"/> will describe the "
32358
"cgroup manager."
32359
msgstr ""
32360
32361
#: serverguide/C/cgroups.xml:40(para)
32362
msgid ""
32363
"Cgroups are the generalized feature for grouping tasks. The actual resource "
32364
"tracking and limits are implemented by subsystems. A hierarchy is a set of "
32365
"subsystems mounted together. For instance, if the memory and devices "
32366
"subsystems are mounted together under /sys/fs/cgroups/set1, then any task "
32367
"which is in \"/child1\" will be subject to the corresponding limits of both "
32368
"subsystems."
32369
msgstr ""
32370
32371
#: serverguide/C/cgroups.xml:49(para)
32372
msgid ""
32373
"Each set of mounted subsystems consittutes a 'hierarchy'. With exceptions, "
32374
"cgroups which are children of \"/child1\" will be subject to all limits "
32375
"placed on \"/child1\", and their resource usage will be accounted to "
32376
"\"/child1\"."
32377
msgstr ""
32378
32379
#: serverguide/C/cgroups.xml:56(para)
32380
msgid "The existing subsystems include:"
32381
msgstr ""
32382
32383
#: serverguide/C/cgroups.xml:61(para)
32384
msgid ""
32385
"<emphasis>cpusets</emphasis>: fascilitate assigning a set of CPUS and memory "
32386
"nodes to cgroups. Tasks in a cpuset cgroup may only be scheduled on CPUS "
32387
"assigned to that cpuset."
32388
msgstr ""
32389
32390
#: serverguide/C/cgroups.xml:65(para)
32391
msgid "<emphasis> blkio </emphasis>: limits per-cgroup block io."
32392
msgstr ""
32393
32394
#: serverguide/C/cgroups.xml:66(para)
32395
msgid ""
32396
"<emphasis> cpuacct </emphasis>: provides per-cgroup cpu usage accounting."
32397
msgstr ""
32398
32399
#: serverguide/C/cgroups.xml:67(para)
32400
msgid ""
32401
"<emphasis> devices </emphasis>: controls the ability of tasks to create or "
32402
"use devices nodes using either a blacklist or whitelist."
32403
msgstr ""
32404
32405
#: serverguide/C/cgroups.xml:69(para)
32406
msgid ""
32407
"<emphasis> freezer </emphasis>: provides a way to 'freeze' and 'thaw' whole "
32408
"cgroups. Tasks in the cgroup will not be scheduled while they are frozen."
32409
msgstr ""
32410
32411
#: serverguide/C/cgroups.xml:71(para)
32412
msgid ""
32413
"<emphasis> hugetlb </emphasis>: fascilitates limiting hugetlb usage per "
32414
"cgroup."
32415
msgstr ""
32416
32417
#: serverguide/C/cgroups.xml:72(para)
32418
msgid ""
32419
"<emphasis> memory </emphasis>: allows memory, kernel memory, and swap usage "
32420
"to be tracked and limited."
32421
msgstr ""
32422
32423
#: serverguide/C/cgroups.xml:74(para)
32424
msgid ""
32425
"<emphasis> net_cls </emphasis>: provides an interface for tagging packets "
32426
"based on the sender cgroup. These tags can then be used by tc (traffic "
32427
"controller) to assign priorities."
32428
msgstr ""
32429
32430
#: serverguide/C/cgroups.xml:77(para)
32431
msgid ""
32432
"<emphasis> net_prio </emphasis>: allows setting network traffic priority on "
32433
"a per-cgroup basis."
32434
msgstr ""
32435
32436
#: serverguide/C/cgroups.xml:79(para)
32437
msgid ""
32438
"<emphasis> cpu </emphasis>: enables setting of scheduling preferences on per-"
32439
"cgroup basis."
32440
msgstr ""
32441
32442
#: serverguide/C/cgroups.xml:80(para)
32443
msgid ""
32444
"<emphasis> perf_event </emphasis>: enables per-cpu mode to monitor only "
32445
"threads in certain cgroups."
32446
msgstr ""
32447
32448
#: serverguide/C/cgroups.xml:84(para)
32449
msgid ""
32450
"In addition, named cgroups can be created with no bound subsystems for the "
32451
"sake of process tracking. As an example, systemd does this to track services "
32452
"and user sessions."
32453
msgstr ""
32454
32455
#: serverguide/C/cgroups.xml:93(title)
32456
msgid "Filesystem"
32457
msgstr ""
32458
32459
#: serverguide/C/cgroups.xml:95(para)
32460
msgid ""
32461
"A hierarchy is created by mounting an instance of the cgroup filesystem with "
32462
"each of the desired subsystems listed as a mount option. For instance,"
32463
msgstr ""
32464
32465
#: serverguide/C/cgroups.xml:100(command)
32466
msgid "mount -t cgroup -o devices,memory,freezer cgroup /cgroup1"
32467
msgstr ""
32468
32469
#: serverguide/C/cgroups.xml:104(para)
32470
msgid ""
32471
"would instantiate a hierarchy with the devices and memory cgroups comounted. "
32472
"A child cgroup \"child1\" can be created using 'mkdir'"
32473
msgstr ""
32474
32475
#: serverguide/C/cgroups.xml:109(command)
32476
msgid "mkdir /cgroup1/child1"
32477
msgstr ""
32478
32479
#: serverguide/C/cgroups.xml:113(para)
32480
msgid ""
32481
"and tasks can be moved into the new child cgroup by writing their process "
32482
"IDs into the 'tasks' or 'cgroup.procs' file:"
32483
msgstr ""
32484
32485
#: serverguide/C/cgroups.xml:118(command)
32486
msgid "sleep 100 & echo $! > /cgroup1/child1/cgroup.procs"
32487
msgstr ""
32488
32489
#: serverguide/C/cgroups.xml:123(para)
32490
msgid ""
32491
"Other administration is done through files in the cgroup directories. For "
32492
"instance, to freeze all tasks in child1,"
32493
msgstr ""
32494
32495
#: serverguide/C/cgroups.xml:128(command)
32496
msgid "echo FROZEN > /cgroup1/child1/freezer.state"
32497
msgstr ""
32498
32499
#: serverguide/C/cgroups.xml:132(para)
32500
msgid ""
32501
"A great deal of information about cgroups and its subsystems can be found "
32502
"under the cgroups documentation directory in the kernel source tree (see "
32503
"Resources)."
32504
msgstr ""
32505
32506
#: serverguide/C/cgroups.xml:141(title)
32507
msgid "Delegation"
32508
msgstr ""
32509
32510
#: serverguide/C/cgroups.xml:143(para)
32511
msgid ""
32512
"Cgroup files and directories can be owned by non-root users, enabling "
32513
"delegation of cgroup administration. In general, the kernel enforces the "
32514
"hierarchical constraints on limits, so that for instance if devices cgroup "
32515
"<filename>/child1</filename> cannot access a disk drive, then "
32516
"<filename>/child1/child2</filename> cannot give itself those rights."
32517
msgstr ""
32518
32519
#: serverguide/C/cgroups.xml:151(para)
32520
msgid ""
32521
"As of Ubuntu 14.04, users are automatically placed in a set of cgroups which "
32522
"they own, safely allowing them to contrain their own jobs using child "
32523
"cgroups. This feature is relied upon, for instance, for unprivileged "
32524
"container creation in lxc."
32525
msgstr ""
32526
32527
#: serverguide/C/cgroups.xml:161(title)
32528
msgid "Manager"
32529
msgstr ""
32530
32531
#: serverguide/C/cgroups.xml:163(para)
32532
msgid ""
32533
"The cgroup manager (cgmanager) provides a D-Bus service allowing programs "
32534
"and users to administer cgroups without needing direct knowledge of or "
32535
"access to the cgroup filesystem. For requests from tasks in the same "
32536
"namespaces as the manager, the manager can directly perform the needed "
32537
"security checks to ensure that requests are legitimate. For other requests - "
32538
"such as those from a task in a container - enhanced D-Bus requests must be "
32539
"made, where process-, user- and group-ids are passed as SCM_CREDENTIALS, so "
32540
"that the kernel maps the identifiers to their global host values."
32541
msgstr ""
32542
32543
#: serverguide/C/cgroups.xml:175(para)
32544
msgid ""
32545
"To fascilitate the use of simple D-Bus calls from all users, a 'cgroup "
32546
"manager proxy' (cgproxy) is automatically started when in a container. The "
32547
"proxy accepts standard D-Bus requests from tasks in the same namespaces as "
32548
"itself, and converts them to SCM-enhanced D-Bus requests which it passes on "
32549
"to the cgmanager."
32550
msgstr ""
32551
32552
#: serverguide/C/cgroups.xml:183(para)
32553
msgid ""
32554
"A simple example of creating a new cgroup in which to run a cpu-intensive "
32555
"compile would look like:"
32556
msgstr ""
32557
32558
#: serverguide/C/cgroups.xml:188(command)
32559
msgid ""
32560
"cgm create cpuset build1 cgm movepid cpuset build1 $$ cgm setvalue cpuset "
32561
"build1 cpuset.cpus 1 make"
32562
msgstr ""
32563
32564
#: serverguide/C/cgroups.xml:204(ulink)
32565
msgid "cgm"
32566
msgstr ""
32567
32568
#: serverguide/C/cgroups.xml:205(ulink)
32569
msgid "cgconfig.conf"
32570
msgstr ""
32571
32572
#: serverguide/C/cgroups.xml:206(ulink)
32573
msgid "cgmanager"
32574
msgstr ""
32575
32576
#: serverguide/C/cgroups.xml:207(ulink)
32577
msgid "cgproxy"
32578
msgstr ""
32579
32580
#: serverguide/C/cgroups.xml:212(para)
32581
msgid ""
32582
"The upstream cgmanager project is hosted at <ulink "
32583
"url=\"http://cgmanager.linuxcontainers.org\">linuxcontainers.org</ulink>."
32584
msgstr ""
32585
32586
#: serverguide/C/cgroups.xml:217(para)
32587
msgid ""
32588
"The upstream kernel documentation page on cgroups can be seen <ulink "
32589
"url=\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Do"
32590
"cumentation/cgroups\">here </ulink>."
32591
msgstr ""
32592
32593
#: serverguide/C/cgroups.xml:223(para)
32594
msgid ""
32595
"The freedesktop.org control group usage guidelines can be seen <ulink "
32596
"url=\"http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/\">he"
32597
"re</ulink>."
32598
msgstr ""
32599
32600
#: serverguide/C/backups.xml:12(para)
32601
msgid ""
32602
"There are many ways to backup an Ubuntu installation. The most important "
32603
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
32604
"consisting of what to backup, where to back it up to, and how to restore it."
32605
msgstr ""
32606
32607
#: serverguide/C/backups.xml:16(para)
32608
msgid ""
32609
"The following sections discuss various ways of accomplishing these tasks."
32610
msgstr ""
32611
32612
#: serverguide/C/backups.xml:20(title)
32613
msgid "Shell Scripts"
32614
msgstr ""
32615
32616
#: serverguide/C/backups.xml:21(para)
32617
msgid ""
32618
"One of the simplest ways to backup a system is using a <emphasis>shell "
32619
"script</emphasis>. For example, a script can be used to configure which "
32620
"directories to backup, and pass those directories as arguments to the "
32621
"<application>tar</application> utility, which creates an archive file. The "
32622
"archive file can then be moved or copied to another location. The archive "
32623
"can also be created on a remote file system such as an "
32624
"<emphasis>NFS</emphasis> mount."
32625
msgstr ""
32626
32627
#: serverguide/C/backups.xml:27(para)
32628
msgid ""
32629
"The <application>tar</application> utility creates one archive file out of "
32630
"many files or directories. <application>tar</application> can also filter "
32631
"the files through compression utilities, thus reducing the size of the "
32632
"archive file."
32633
msgstr ""
32634
32635
#: serverguide/C/backups.xml:33(title)
32636
msgid "Simple Shell Script"
32637
msgstr ""
32638
32639
#: serverguide/C/backups.xml:34(para)
32640
msgid ""
32641
"The following shell script uses <application>tar</application> to create an "
32642
"archive file on a remotely mounted NFS file system. The archive filename is "
32643
"determined using additional command line utilities."
32644
msgstr ""
32645
32646
#: serverguide/C/backups.xml:38(programlisting)
32647
#, no-wrap
32648
msgid ""
32649
"\n"
32650
"#!/bin/bash\n"
32651
"####################################\n"
32652
"#\n"
32653
"# Backup to NFS mount script.\n"
32654
"#\n"
32655
"####################################\n"
32656
"\n"
32657
"# What to backup. \n"
32658
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
32659
"\n"
32660
"# Where to backup to.\n"
32661
"dest=\"/mnt/backup\"\n"
32662
"\n"
32663
"# Create archive filename.\n"
32664
"day=$(date +%A)\n"
32665
"hostname=$(hostname -s)\n"
32666
"archive_file=\"$hostname-$day.tgz\"\n"
32667
"\n"
32668
"# Print start status message.\n"
32669
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
32670
"date\n"
32671
"echo\n"
32672
"\n"
32673
"# Backup the files using tar.\n"
32674
"tar czf $dest/$archive_file $backup_files\n"
32675
"\n"
32676
"# Print end status message.\n"
32677
"echo\n"
32678
"echo \"Backup finished\"\n"
32679
"date\n"
32680
"\n"
32681
"# Long listing of files in $dest to check file sizes.\n"
32682
"ls -lh $dest\n"
32683
msgstr ""
32684
32685
#: serverguide/C/backups.xml:75(para)
32686
msgid ""
32687
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
32688
"would like to backup. The list should be customized to fit your needs."
32689
msgstr ""
32690
32691
#: serverguide/C/backups.xml:81(para)
32692
msgid ""
32693
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
32694
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
32695
"day of the week, giving a backup history of seven days. There are other ways "
32696
"to accomplish this including using the <application>date</application> "
32697
"utility."
32698
msgstr ""
32699
32700
#: serverguide/C/backups.xml:88(para)
32701
msgid ""
32702
"<emphasis>$hostname:</emphasis> variable containing the "
32703
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
32704
"archive filename gives you the option of placing daily archive files from "
32705
"multiple systems in the same directory."
32706
msgstr ""
32707
32708
#: serverguide/C/backups.xml:95(para)
32709
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
32710
msgstr ""
32711
32712
#: serverguide/C/backups.xml:100(para)
32713
msgid ""
32714
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
32715
"needs to be created and in this case <emphasis>mounted</emphasis> before "
32716
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
32717
"details of using <emphasis>NFS</emphasis>."
32718
msgstr ""
32719
32720
#: serverguide/C/backups.xml:107(para)
32721
msgid ""
32722
"<emphasis>status messages:</emphasis> optional messages printed to the "
32723
"console using the <application>echo</application> utility."
32724
msgstr ""
32725
32726
#: serverguide/C/backups.xml:113(para)
32727
msgid ""
32728
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
32729
"<application>tar</application> command used to create the archive file."
32730
msgstr ""
32731
32732
#: serverguide/C/backups.xml:119(para)
32733
msgid "<emphasis>c:</emphasis> creates an archive."
32734
msgstr ""
32735
32736
#: serverguide/C/backups.xml:124(para)
32737
msgid ""
32738
"<emphasis>z:</emphasis> filter the archive through the "
32739
"<application>gzip</application> utility compressing the archive."
32740
msgstr ""
32741
32742
#: serverguide/C/backups.xml:129(para)
32743
msgid ""
32744
"<emphasis>f:</emphasis> output to an archive file. Otherwise the "
32745
"<application>tar</application> output will be sent to STDOUT."
32746
msgstr ""
32747
32748
#: serverguide/C/backups.xml:136(para)
32749
msgid ""
32750
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
32751
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
32752
"of the destination directory. This is useful for a quick file size check of "
32753
"the archive file. This check should not replace testing the archive file."
32754
msgstr ""
32755
32756
#: serverguide/C/backups.xml:143(para)
32757
msgid ""
32758
"This is a simple example of a backup shell script; however there are many "
32759
"options that can be included in such a script. See <xref linkend=\"backup-"
32760
"shellscript-references\"/> for links to resources providing more in-depth "
32761
"shell scripting information."
32762
msgstr ""
32763
32764
#: serverguide/C/backups.xml:150(title)
32765
msgid "Executing the Script"
32766
msgstr ""
32767
32768
#: serverguide/C/backups.xml:152(title)
32769
msgid "Executing from a Terminal"
32770
msgstr ""
32771
32772
#: serverguide/C/backups.xml:153(para)
32773
msgid ""
32774
"The simplest way of executing the above backup script is to copy and paste "
32775
"the contents into a file. <filename>backup.sh</filename> for example. The "
32776
"file must be made executable:"
32777
msgstr ""
32778
32779
#: serverguide/C/backups.xml:158(command)
32780
msgid "chmod u+x backup.sh"
32781
msgstr ""
32782
32783
#: serverguide/C/backups.xml:160(para)
32784
msgid "Then from a terminal prompt:"
32785
msgstr ""
32786
32787
#: serverguide/C/backups.xml:164(command)
32788
msgid "sudo ./backup.sh"
32789
msgstr ""
32790
32791
#: serverguide/C/backups.xml:166(para)
32792
msgid ""
32793
"This is a great way to test the script to make sure everything works as "
32794
"expected."
32795
msgstr ""
32796
32797
#: serverguide/C/backups.xml:171(title)
32798
msgid "Executing with cron"
32799
msgstr ""
32800
32801
#: serverguide/C/backups.xml:172(para)
32802
msgid ""
32803
"The <application>cron</application> utility can be used to automate the "
32804
"script execution. The <application>cron</application> daemon allows the "
32805
"execution of scripts, or commands, at a specified time and date."
32806
msgstr ""
32807
32808
#: serverguide/C/backups.xml:176(para)
32809
msgid ""
32810
"<application>cron</application> is configured through entries in a "
32811
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
32812
"separated into fields:"
32813
msgstr ""
32814
32815
#: serverguide/C/backups.xml:180(programlisting)
32816
#, no-wrap
32817
msgid ""
32818
"\n"
32819
"# m h dom mon dow command\n"
32820
msgstr ""
32821
32822
#: serverguide/C/backups.xml:185(para)
32823
msgid ""
32824
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
32825
msgstr ""
32826
32827
#: serverguide/C/backups.xml:190(para)
32828
msgid ""
32829
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
32830
msgstr ""
32831
32832
#: serverguide/C/backups.xml:195(para)
32833
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
32834
msgstr ""
32835
32836
#: serverguide/C/backups.xml:200(para)
32837
msgid ""
32838
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
32839
"12."
32840
msgstr ""
32841
32842
#: serverguide/C/backups.xml:205(para)
32843
msgid ""
32844
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
32845
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
32846
"valid."
32847
msgstr ""
32848
32849
#: serverguide/C/backups.xml:210(para)
32850
msgid "<emphasis>command:</emphasis> the command to execute."
32851
msgstr ""
32852
32853
#: serverguide/C/backups.xml:215(para)
32854
msgid ""
32855
"To add or change entries in a <filename>crontab</filename> file the "
32856
"<application>crontab -e</application> command should be used. Also, the "
32857
"contents of a <filename>crontab</filename> file can be viewed using the "
32858
"<application>crontab -l</application> command."
32859
msgstr ""
32860
32861
#: serverguide/C/backups.xml:219(para)
32862
msgid ""
32863
"To execute the <application>backup.sh</application> script listed above "
32864
"using <application>cron</application>. Enter the following from a terminal "
32865
"prompt:"
32866
msgstr ""
32867
32868
#: serverguide/C/backups.xml:224(command)
32869
msgid "sudo crontab -e"
32870
msgstr ""
32871
32872
#: serverguide/C/backups.xml:227(para)
32873
msgid ""
32874
"Using <application>sudo</application> with the <application>crontab -"
32875
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
32876
"This is necessary if you are backing up directories only the root user has "
32877
"access to."
32878
msgstr ""
32879
32880
#: serverguide/C/backups.xml:232(para)
32881
msgid "Add the following entry to the <filename>crontab</filename> file:"
32882
msgstr ""
32883
32884
#: serverguide/C/backups.xml:235(programlisting)
32885
#, no-wrap
32886
msgid ""
32887
"\n"
32888
"# m h dom mon dow command\n"
32889
"0 0 * * * bash /usr/local/bin/backup.sh\n"
32890
msgstr ""
32891
32892
#: serverguide/C/backups.xml:239(para)
32893
msgid ""
32894
"The <application>backup.sh</application> script will now be executed every "
32895
"day at 12:00 am."
32896
msgstr ""
32897
32898
#: serverguide/C/backups.xml:243(para)
32899
msgid ""
32900
"The <application>backup.sh</application> script will need to be copied to "
32901
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
32902
"to execute properly. The script can reside anywhere on the file system, "
32903
"simply change the script path appropriately."
32904
msgstr ""
32905
32906
#: serverguide/C/backups.xml:248(para)
32907
msgid ""
32908
"For more in-depth <application>crontab</application> options see <xref "
32909
"linkend=\"backup-shellscript-references\"/>."
32910
msgstr ""
32911
32912
#: serverguide/C/backups.xml:254(title)
32913
msgid "Restoring from the Archive"
32914
msgstr ""
32915
32916
#: serverguide/C/backups.xml:255(para)
32917
msgid ""
32918
"Once an archive has been created it is important to test the archive. The "
32919
"archive can be tested by listing the files it contains, but the best test is "
32920
"to <emphasis>restore</emphasis> a file from the archive."
32921
msgstr ""
32922
32923
#: serverguide/C/backups.xml:261(para)
32924
msgid ""
32925
"To see a listing of the archive contents. From a terminal prompt type:"
32926
msgstr ""
32927
32928
#: serverguide/C/backups.xml:265(command)
32929
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
32930
msgstr ""
32931
32932
#: serverguide/C/backups.xml:269(para)
32933
msgid "To restore a file from the archive to a different directory enter:"
32934
msgstr ""
32935
32936
#: serverguide/C/backups.xml:273(command)
32937
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
32938
msgstr ""
32939
32940
#: serverguide/C/backups.xml:275(para)
32941
msgid ""
32942
"The <emphasis>-C</emphasis> option to <application>tar</application> "
32943
"redirects the extracted files to the specified directory. The above example "
32944
"will extract the <filename>/etc/hosts</filename> file to "
32945
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
32946
"recreates the directory structure that it contains."
32947
msgstr ""
32948
32949
#: serverguide/C/backups.xml:280(para)
32950
msgid ""
32951
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
32952
"the file to restore."
32953
msgstr ""
32954
32955
#: serverguide/C/backups.xml:285(para)
32956
msgid "To restore all files in the archive enter the following:"
32957
msgstr ""
32958
32959
#: serverguide/C/backups.xml:289(command)
32960
msgid "cd /"
32961
msgstr ""
32962
32963
#: serverguide/C/backups.xml:290(command)
32964
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
32965
msgstr ""
32966
32967
#: serverguide/C/backups.xml:295(para)
32968
msgid "This will overwrite the files currently on the file system."
32969
msgstr ""
32970
32971
#: serverguide/C/backups.xml:304(para)
32972
msgid ""
32973
"For more information on shell scripting see the <ulink "
32974
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
32975
msgstr ""
32976
32977
#: serverguide/C/backups.xml:309(para)
32978
msgid ""
32979
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
32980
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
32981
"great resource for shell scripting."
32982
msgstr ""
32983
32984
#: serverguide/C/backups.xml:315(para)
32985
msgid ""
32986
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
32987
"Wiki Page</ulink> contains details on advanced "
32988
"<application>cron</application> options."
32989
msgstr ""
32990
32991
#: serverguide/C/backups.xml:322(para)
32992
msgid ""
32993
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
32994
"tar Manual</ulink> for more <application>tar</application> options."
32995
msgstr ""
32996
32997
#: serverguide/C/backups.xml:328(para)
32998
msgid ""
32999
"The Wikipedia <ulink "
33000
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
33001
"Scheme</ulink> article contains information on other backup rotation schemes."
33002
msgstr ""
33003
33004
#: serverguide/C/backups.xml:334(para)
33005
msgid ""
33006
"The shell script uses <application>tar</application> to create the archive, "
33007
"but there many other command line utilities that can be used. For example:"
33008
msgstr ""
33009
33010
#: serverguide/C/backups.xml:340(para)
33011
msgid ""
33012
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
33013
"files to and from archives."
33014
msgstr ""
33015
33016
#: serverguide/C/backups.xml:345(para)
33017
msgid ""
33018
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
33019
"the <application>coreutils</application> package. A low level utility that "
33020
"can copy data from one format to another."
33021
msgstr ""
33022
33023
#: serverguide/C/backups.xml:351(para)
33024
msgid ""
33025
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
33026
"snapshot utility used to create copies of an entire file system."
33027
msgstr ""
33028
33029
#: serverguide/C/backups.xml:357(para)
33030
msgid ""
33031
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
33032
"flexible utility used to create incremental copies of files."
33033
msgstr ""
33034
33035
#: serverguide/C/backups.xml:368(title)
33036
msgid "Archive Rotation"
33037
msgstr ""
33038
33039
#: serverguide/C/backups.xml:369(para)
33040
msgid ""
33041
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
33042
"seven different archives. For a server whose data doesn't change often, this "
33043
"may be enough. If the server has a large amount of data, a more complex "
33044
"rotation scheme should be used."
33045
msgstr ""
33046
33047
#: serverguide/C/backups.xml:375(title)
33048
msgid "Rotating NFS Archives"
33049
msgstr ""
33050
33051
#: serverguide/C/backups.xml:376(para)
33052
msgid ""
33053
"In this section, the shell script will be slightly modified to implement a "
33054
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
33055
msgstr ""
33056
33057
#: serverguide/C/backups.xml:382(para)
33058
msgid ""
33059
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
33060
"Friday."
33061
msgstr ""
33062
33063
#: serverguide/C/backups.xml:387(para)
33064
msgid ""
33065
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
33066
"weekly backups a month."
33067
msgstr ""
33068
33069
#: serverguide/C/backups.xml:392(para)
33070
msgid ""
33071
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
33072
"rotating two monthly backups based on if the month is odd or even."
33073
msgstr ""
33074
33075
#: serverguide/C/backups.xml:398(para)
33076
msgid "Here is the new script:"
33077
msgstr ""
33078
33079
#: serverguide/C/backups.xml:401(programlisting)
33080
#, no-wrap
33081
msgid ""
33082
"\n"
33083
"#!/bin/bash\n"
33084
"####################################\n"
33085
"#\n"
33086
"# Backup to NFS mount script with\n"
33087
"# grandfather-father-son rotation.\n"
33088
"#\n"
33089
"####################################\n"
33090
"\n"
33091
"# What to backup. \n"
33092
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
33093
"\n"
33094
"# Where to backup to.\n"
33095
"dest=\"/mnt/backup\"\n"
33096
"\n"
33097
"# Setup variables for the archive filename.\n"
33098
"day=$(date +%A)\n"
33099
"hostname=$(hostname -s)\n"
33100
"\n"
33101
"# Find which week of the month 1-4 it is.\n"
33102
"day_num=$(date +%-d)\n"
33103
"if (( $day_num <= 7 )); then\n"
33104
" week_file=\"$hostname-week1.tgz\"\n"
33105
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
33106
" week_file=\"$hostname-week2.tgz\"\n"
33107
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
33108
" week_file=\"$hostname-week3.tgz\"\n"
33109
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
33110
" week_file=\"$hostname-week4.tgz\"\n"
33111
"fi\n"
33112
"\n"
33113
"# Find if the Month is odd or even.\n"
33114
"month_num=$(date +%m)\n"
33115
"month=$(expr $month_num % 2)\n"
33116
"if [ $month -eq 0 ]; then\n"
33117
" month_file=\"$hostname-month2.tgz\"\n"
33118
"else\n"
33119
" month_file=\"$hostname-month1.tgz\"\n"
33120
"fi\n"
33121
"\n"
33122
"# Create archive filename.\n"
33123
"if [ $day_num == 1 ]; then\n"
33124
"\tarchive_file=$month_file\n"
33125
"elif [ $day != \"Saturday\" ]; then\n"
33126
" archive_file=\"$hostname-$day.tgz\"\n"
33127
"else \n"
33128
"\tarchive_file=$week_file\n"
33129
"fi\n"
33130
"\n"
33131
"# Print start status message.\n"
33132
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
33133
"date\n"
33134
"echo\n"
33135
"\n"
33136
"# Backup the files using tar.\n"
33137
"tar czf $dest/$archive_file $backup_files\n"
33138
"\n"
33139
"# Print end status message.\n"
33140
"echo\n"
33141
"echo \"Backup finished\"\n"
33142
"date\n"
33143
"\n"
33144
"# Long listing of files in $dest to check file sizes.\n"
33145
"ls -lh $dest/\n"
33146
msgstr ""
33147
33148
#: serverguide/C/backups.xml:466(para)
33149
msgid ""
33150
"The script can be executed using the same methods as in <xref "
33151
"linkend=\"backup-executing-shellscript\"/>."
33152
msgstr ""
33153
33154
#: serverguide/C/backups.xml:469(para)
33155
msgid ""
33156
"It is good practice to take backup media off-site in case of a disaster. In "
33157
"the shell script example the backup media is another server providing an NFS "
33158
"share. In all likelihood taking the NFS server to another location would not "
33159
"be practical. Depending upon connection speeds it may be an option to copy "
33160
"the archive file over a WAN link to a server in another location."
33161
msgstr ""
33162
33163
#: serverguide/C/backups.xml:475(para)
33164
msgid ""
33165
"Another option is to copy the archive file to an external hard drive which "
33166
"can then be taken off-site. Since the price of external hard drives continue "
33167
"to decrease, it may be cost-effective to use two drives for each archive "
33168
"level. This would allow you to have one external drive attached to the "
33169
"backup server and one in another location."
33170
msgstr ""
33171
33172
#: serverguide/C/backups.xml:482(title)
33173
msgid "Tape Drives"
33174
msgstr ""
33175
33176
#: serverguide/C/backups.xml:483(para)
33177
msgid ""
33178
"A tape drive attached to the server can be used instead of an NFS share. "
33179
"Using a tape drive simplifies archive rotation, and makes taking the media "
33180
"off-site easier as well."
33181
msgstr ""
33182
33183
#: serverguide/C/backups.xml:487(para)
33184
msgid ""
33185
"When using a tape drive, the filename portions of the script aren't needed "
33186
"because the data is sent directly to the tape device. Some commands to "
33187
"manipulate the tape are needed. This is accomplished using "
33188
"<application>mt</application>, a magnetic tape control utility part of the "
33189
"<application>cpio</application> package."
33190
msgstr ""
33191
33192
#: serverguide/C/backups.xml:492(para)
33193
msgid "Here is the shell script modified to use a tape drive:"
33194
msgstr ""
33195
33196
#: serverguide/C/backups.xml:495(programlisting)
33197
#, no-wrap
33198
msgid ""
33199
"\n"
33200
"#!/bin/bash\n"
33201
"####################################\n"
33202
"#\n"
33203
"# Backup to tape drive script.\n"
33204
"#\n"
33205
"####################################\n"
33206
"\n"
33207
"# What to backup. \n"
33208
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
33209
"\n"
33210
"# Where to backup to.\n"
33211
"dest=\"/dev/st0\"\n"
33212
"\n"
33213
"# Print start status message.\n"
33214
"echo \"Backing up $backup_files to $dest\"\n"
33215
"date\n"
33216
"echo\n"
33217
"\n"
33218
"# Make sure the tape is rewound.\n"
33219
"mt -f $dest rewind\n"
33220
"\n"
33221
"# Backup the files using tar.\n"
33222
"tar czf $dest $backup_files\n"
33223
"\n"
33224
"# Rewind and eject the tape.\n"
33225
"mt -f $dest rewoffl\n"
33226
"\n"
33227
"# Print end status message.\n"
33228
"echo\n"
33229
"echo \"Backup finished\"\n"
33230
"date\n"
33231
msgstr ""
33232
33233
#: serverguide/C/backups.xml:529(para)
33234
msgid ""
33235
"The default device name for a SCSI tape drive is "
33236
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
33237
"system."
33238
msgstr ""
33239
33240
#: serverguide/C/backups.xml:534(para)
33241
msgid ""
33242
"Restoring from a tape drive is basically the same as restoring from a file. "
33243
"Simply rewind the tape and use the device path instead of a file path. For "
33244
"example to restore the <filename>/etc/hosts</filename> file to "
33245
"<filename>/tmp/etc/hosts</filename>:"
33246
msgstr ""
33247
33248
#: serverguide/C/backups.xml:539(command)
33249
msgid "mt -f /dev/st0 rewind"
33250
msgstr ""
33251
33252
#: serverguide/C/backups.xml:540(command)
33253
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
33254
msgstr ""
33255
33256
#: serverguide/C/backups.xml:545(title)
33257
msgid "Bacula"
33258
msgstr ""
33259
33260
#: serverguide/C/backups.xml:546(para)
33261
msgid ""
33262
"<application>Bacula</application> is a backup program enabling you to "
33263
"backup, restore, and verify data across your network. There are Bacula "
33264
"clients for Linux, Windows, and Mac OS X - making it a cross-platform "
33265
"network wide solution."
33266
msgstr ""
33267
33268
#: serverguide/C/backups.xml:552(para)
33269
msgid ""
33270
"<application>Bacula</application> is made up of several components and "
33271
"services used to manage which files to backup and backup locations:"
33272
msgstr ""
33273
33274
#: serverguide/C/backups.xml:557(para)
33275
msgid ""
33276
"<application>Bacula Director:</application> a service that controls all "
33277
"backup, restore, verify, and archive operations."
33278
msgstr ""
33279
33280
#: serverguide/C/backups.xml:562(para)
33281
msgid ""
33282
"<application>Bacula Console:</application> an application allowing "
33283
"communication with the Director. There are three versions of the Console:"
33284
msgstr ""
33285
33286
#: serverguide/C/backups.xml:567(para)
33287
msgid "Text based command line version."
33288
msgstr ""
33289
33290
#: serverguide/C/backups.xml:568(para)
33291
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
33292
msgstr ""
33293
33294
#: serverguide/C/backups.xml:569(para)
33295
msgid "wxWidgets GUI interface."
33296
msgstr ""
33297
33298
#: serverguide/C/backups.xml:573(para)
33299
msgid ""
33300
"<application>Bacula File:</application> also known as the "
33301
"<application>Bacula Client</application> program. This application is "
33302
"installed on machines to be backed up, and is responsible for the data "
33303
"requested by the Director."
33304
msgstr ""
33305
33306
#: serverguide/C/backups.xml:579(para)
33307
msgid ""
33308
"<application>Bacula Storage:</application> the programs that perform the "
33309
"storage and recovery of data to the physical media."
33310
msgstr ""
33311
33312
#: serverguide/C/backups.xml:584(para)
33313
msgid ""
33314
"<application>Bacula Catalog:</application> is responsible for maintaining "
33315
"the file indexes and volume databases for all files backed up, enabling "
33316
"quick location and restoration of archived files. The Catalog supports three "
33317
"different databases MySQL, PostgreSQL, and SQLite."
33318
msgstr ""
33319
33320
#: serverguide/C/backups.xml:590(para)
33321
msgid ""
33322
"<application>Bacula Monitor:</application> allows the monitoring of the "
33323
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
33324
"available as a GTK+ GUI application."
33325
msgstr ""
33326
33327
#: serverguide/C/backups.xml:596(para)
33328
msgid ""
33329
"These services and applications can be run on multiple servers and clients, "
33330
"or they can be installed on one machine if backing up a single disk or "
33331
"volume."
33332
msgstr ""
33333
33334
#: serverguide/C/backups.xml:604(para)
33335
msgid ""
33336
"If using MySQL or PostgreSQL as your database, you should already have the "
33337
"services available. <application>Bacula</application> will not install them "
33338
"for you."
33339
msgstr ""
33340
33341
#: serverguide/C/backups.xml:609(para)
33342
msgid ""
33343
"There are multiple packages containing the different "
33344
"<application>Bacula</application> components. To install Bacula, from a "
33345
"terminal prompt enter:"
33346
msgstr ""
33347
33348
#: serverguide/C/backups.xml:614(command)
33349
msgid "sudo apt install bacula"
33350
msgstr ""
33351
33352
#: serverguide/C/backups.xml:616(para)
33353
msgid ""
33354
"By default installing the <application>bacula</application> package will use "
33355
"a <application>MySQL</application> database for the Catalog. If you want to "
33356
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
33357
"director-sqlite3</application> or <application>bacula-director-"
33358
"pgsql</application> respectively."
33359
msgstr ""
33360
33361
#: serverguide/C/backups.xml:622(para)
33362
msgid ""
33363
"During the install process you will be asked to supply credentials for the "
33364
"database <emphasis>administrator</emphasis> and the "
33365
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
33366
"database administrator will need to have the appropriate rights to create a "
33367
"database, see <xref linkend=\"mysql\"/> for more information."
33368
msgstr ""
33369
33370
#: serverguide/C/backups.xml:632(para)
33371
msgid ""
33372
"<application>Bacula</application> configuration files are formatted based on "
33373
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
33374
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
33375
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
33376
"directory."
33377
msgstr ""
33378
33379
#: serverguide/C/backups.xml:637(para)
33380
msgid ""
33381
"The various <application>Bacula</application> components must authorize "
33382
"themselves to each other. This is accomplished using the "
33383
"<emphasis>password</emphasis> directive. For example, the "
33384
"<emphasis>Storage</emphasis> resource password in the "
33385
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
33386
"<emphasis>Director</emphasis> resource password in "
33387
"<filename>/etc/bacula/bacula-sd.conf</filename>."
33388
msgstr ""
33389
33390
#: serverguide/C/backups.xml:643(para)
33391
msgid ""
33392
"By default the backup job named <emphasis>Client1</emphasis> is configured "
33393
"to archive the <application>Bacula</application> Catalog. If you plan on "
33394
"using the server to backup more than one client you should change the name "
33395
"of this job to something more descriptive. To change the name edit "
33396
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
33397
msgstr ""
33398
33399
#: serverguide/C/backups.xml:648(programlisting)
33400
#, no-wrap
33401
msgid ""
33402
"\n"
33403
"#\n"
33404
"# Define the main nightly save backup job\n"
33405
"# By default, this job will back up to disk in \n"
33406
"Job {\n"
33407
" Name = \"BackupServer\"\n"
33408
" JobDefs = \"DefaultJob\"\n"
33409
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
33410
"}\n"
33411
msgstr ""
33412
33413
#: serverguide/C/backups.xml:659(para)
33414
msgid ""
33415
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
33416
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
33417
"your appropriate hostname, or other descriptive name."
33418
msgstr ""
33419
33420
#: serverguide/C/backups.xml:664(para)
33421
msgid ""
33422
"The <emphasis>Console</emphasis> can be used to query the "
33423
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
33424
"<emphasis>non-root</emphasis> user, the user needs to be in the "
33425
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
33426
"the following from a terminal:"
33427
msgstr ""
33428
33429
#: serverguide/C/backups.xml:670(command)
33430
msgid "sudo adduser $username bacula"
33431
msgstr ""
33432
33433
#: serverguide/C/backups.xml:673(para)
33434
msgid ""
33435
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
33436
"you are adding the current user to the group you should log out and back in "
33437
"for the new permissions to take effect."
33438
msgstr ""
33439
33440
#: serverguide/C/backups.xml:680(title)
33441
msgid "Localhost Backup"
33442
msgstr ""
33443
33444
#: serverguide/C/backups.xml:681(para)
33445
msgid ""
33446
"This section describes how to backup specified directories on a single host "
33447
"to a local tape drive."
33448
msgstr ""
33449
33450
#: serverguide/C/backups.xml:686(para)
33451
msgid ""
33452
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
33453
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
33454
msgstr ""
33455
33456
#: serverguide/C/backups.xml:689(programlisting)
33457
#, no-wrap
33458
msgid ""
33459
"\n"
33460
"Device {\n"
33461
" Name = \"Tape Drive\"\n"
33462
" Device Type = tape\n"
33463
" Media Type = DDS-4\n"
33464
" Archive Device = /dev/st0\n"
33465
" Hardware end of medium = No;\n"
33466
" AutomaticMount = yes; # when device opened, read it\n"
33467
" AlwaysOpen = Yes;\n"
33468
" RemovableMedia = yes;\n"
33469
" RandomAccess = no;\n"
33470
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
33471
"}\n"
33472
msgstr ""
33473
33474
#: serverguide/C/backups.xml:703(para)
33475
msgid ""
33476
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
33477
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
33478
"hardware."
33479
msgstr ""
33480
33481
#: serverguide/C/backups.xml:706(para)
33482
msgid "You could also uncomment one of the other examples in the file."
33483
msgstr ""
33484
33485
#: serverguide/C/backups.xml:711(para)
33486
msgid ""
33487
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
33488
"<application>Storage</application> daemon will need to be restarted:"
33489
msgstr ""
33490
33491
#: serverguide/C/backups.xml:716(command)
33492
msgid "sudo systemctl restart bacula-sd.service"
33493
msgstr ""
33494
33495
#: serverguide/C/backups.xml:720(para)
33496
msgid ""
33497
"Now add a <emphasis>Storage</emphasis> resource in "
33498
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
33499
msgstr ""
33500
33501
#: serverguide/C/backups.xml:723(programlisting)
33502
#, no-wrap
33503
msgid ""
33504
"\n"
33505
"# Definition of \"Tape Drive\" storage device\n"
33506
"Storage {\n"
33507
" Name = TapeDrive\n"
33508
" # Do not use \"localhost\" here \n"
33509
" Address = backupserver # N.B. Use a fully qualified name "
33510
"here\n"
33511
" SDPort = 9103\n"
33512
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyjc\"\n"
33513
" Device = \"Tape Drive\"\n"
33514
" Media Type = tape\n"
33515
"}\n"
33516
msgstr ""
33517
33518
#: serverguide/C/backups.xml:735(para)
33519
msgid ""
33520
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
33521
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
33522
"to the actual host name."
33523
msgstr ""
33524
33525
#: serverguide/C/backups.xml:739(para)
33526
msgid ""
33527
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
33528
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
33529
msgstr ""
33530
33531
#: serverguide/C/backups.xml:745(para)
33532
msgid ""
33533
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
33534
"directories to backup, by adding:"
33535
msgstr ""
33536
33537
#: serverguide/C/backups.xml:748(programlisting)
33538
#, no-wrap
33539
msgid ""
33540
"\n"
33541
"# LocalhostBacup FileSet.\n"
33542
"FileSet {\n"
33543
" Name = \"LocalhostFiles\"\n"
33544
" Include {\n"
33545
" Options {\n"
33546
" signature = MD5\n"
33547
" compression=GZIP\n"
33548
" }\n"
33549
" File = /etc\n"
33550
" File = /home\n"
33551
" }\n"
33552
"}\n"
33553
msgstr ""
33554
33555
#: serverguide/C/backups.xml:762(para)
33556
msgid ""
33557
"This <emphasis>FileSet</emphasis> will backup the <filename "
33558
"role=\"directory\">/etc</filename> and <filename "
33559
"role=\"directory\">/home</filename> directories. The "
33560
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
33561
"create an MD5 signature for each file backed up, and to compress the files "
33562
"using GZIP."
33563
msgstr ""
33564
33565
#: serverguide/C/backups.xml:769(para)
33566
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
33567
msgstr ""
33568
33569
#: serverguide/C/backups.xml:772(programlisting)
33570
#, no-wrap
33571
msgid ""
33572
"\n"
33573
"# LocalhostBackup Schedule -- Daily.\n"
33574
"Schedule {\n"
33575
" Name = \"LocalhostDaily\"\n"
33576
" Run = Full daily at 00:01\n"
33577
"}\n"
33578
msgstr ""
33579
33580
#: serverguide/C/backups.xml:779(para)
33581
msgid ""
33582
"The job will run every day at 00:01 or 12:01 am. There are many other "
33583
"scheduling options available."
33584
msgstr ""
33585
33586
#: serverguide/C/backups.xml:784(para)
33587
msgid "Finally create the <emphasis>Job</emphasis>:"
33588
msgstr ""
33589
33590
#: serverguide/C/backups.xml:787(programlisting)
33591
#, no-wrap
33592
msgid ""
33593
"\n"
33594
"# Localhost backup.\n"
33595
"Job {\n"
33596
" Name = \"LocalhostBackup\"\n"
33597
" JobDefs = \"DefaultJob\"\n"
33598
" Enabled = yes\n"
33599
" Level = Full\n"
33600
" FileSet = \"LocalhostFiles\"\n"
33601
" Schedule = \"LocalhostDaily\"\n"
33602
" Storage = TapeDrive\n"
33603
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
33604
"} \n"
33605
msgstr ""
33606
33607
#: serverguide/C/backups.xml:800(para)
33608
msgid ""
33609
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
33610
"drive."
33611
msgstr ""
33612
33613
#: serverguide/C/backups.xml:805(para)
33614
msgid ""
33615
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
33616
"current tape does not have a label <application>Bacula</application> will "
33617
"send an email letting you know. To label a tape using the "
33618
"<application>Console</application> enter the following from a terminal:"
33619
msgstr ""
33620
33621
#: serverguide/C/backups.xml:811(command)
33622
msgid "bconsole"
33623
msgstr ""
33624
33625
#: serverguide/C/backups.xml:815(para)
33626
msgid "At the Bacula Console prompt enter:"
33627
msgstr ""
33628
33629
#: serverguide/C/backups.xml:819(command)
33630
msgid "label"
33631
msgstr ""
33632
33633
#: serverguide/C/backups.xml:823(para)
33634
msgid ""
33635
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
33636
msgstr ""
33637
33638
#: serverguide/C/backups.xml:833(userinput)
33639
#, no-wrap
33640
msgid "2"
33641
msgstr ""
33642
33643
#: serverguide/C/backups.xml:827(computeroutput)
33644
#, no-wrap
33645
msgid ""
33646
"\n"
33647
"Automatically selected Catalog: MyCatalog\n"
33648
"Using Catalog \"MyCatalog\"\n"
33649
"The defined Storage resources are:\n"
33650
" 1: File\n"
33651
" 2: TapeDrive\n"
33652
"Select Storage resource (1-2):<placeholder-1/>\n"
33653
msgstr ""
33654
33655
#: serverguide/C/backups.xml:838(para)
33656
msgid "Enter the new <emphasis>Volume</emphasis> name:"
33657
msgstr ""
33658
33659
#: serverguide/C/backups.xml:843(userinput)
33660
#, no-wrap
33661
msgid "Sunday"
33662
msgstr ""
33663
33664
#: serverguide/C/backups.xml:842(computeroutput)
33665
#, no-wrap
33666
msgid ""
33667
"\n"
33668
"Enter new Volume name: <placeholder-1/>\n"
33669
"Defined Pools:\n"
33670
" 1: Default\n"
33671
" 2: Scratch"
33672
msgstr ""
33673
33674
#: serverguide/C/backups.xml:848(para)
33675
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
33676
msgstr ""
33677
33678
#: serverguide/C/backups.xml:853(para)
33679
msgid "Now, select the <emphasis>Pool</emphasis>:"
33680
msgstr ""
33681
33682
#: serverguide/C/backups.xml:857(computeroutput)
33683
#, no-wrap
33684
msgid ""
33685
"\n"
33686
"Select the Pool (1-2): <placeholder-1/>\n"
33687
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
33688
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
33689
msgstr ""
33690
33691
#: serverguide/C/backups.xml:865(para)
33692
msgid ""
33693
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
33694
"backup the localhost to an attached tape drive."
33695
msgstr ""
33696
33697
#: serverguide/C/backups.xml:873(para)
33698
msgid ""
33699
"For more <emphasis>Bacula</emphasis> configuration options, refer to <ulink "
33700
"url=\"http://blog.bacula.org/documentation/documentation/\">Bacula's "
33701
"Documentation</ulink>."
33702
msgstr ""
33703
33704
#: serverguide/C/backups.xml:881(para)
33705
msgid ""
33706
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
33707
"the latest Bacula news and developments."
33708
msgstr ""
33709
"คุณสามารถอ่านข่าวคราวล่าสุดเกี่ยวกับ Bacula ได้ที่<ulink "
33710
"url=\"http://www.bacula.org/\">หน้าโฮมเพจของ Bacula</ulink>"
33711
33712
#: serverguide/C/backups.xml:886(para)
33713
msgid ""
33714
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
33715
"Ubuntu Wiki</ulink> page."
33716
msgstr ""
33717
33718
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
33719
#: serverguide/C/backups.xml:0(None)
33720
msgid "translator-credits"
33721
msgstr ""
33722
"Launchpad Contributions:\n"
33723
" Matthew East https://launchpad.net/~mdke"
33724
33725
#~ msgid ""
33726
#~ "The server will be configured to share files with any client on the network "
33727
#~ "without prompting for a password. If your environment requires stricter "
33728
#~ "Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
33729
#~ msgstr ""
33730
#~ "เครื่องเซิร์ฟเวอร์จะตั้งค่าให้แบ่งปันแฟ้มให้เครื่องลูกข่ายทุกเครื่องโดยไม่ถาม"
33731
#~ "รหัสผ่าน ถ้าคุณต้องการให้เครือข่ายรักษาความปลอดภัยเคร่งคัดกว่านี้ กรุณาดู "
33732
#~ "<xref linkend=\"samba-fileprint-security\"/>"
33733
33734
#~ msgid "sudo apt-get install samba"
33735
#~ msgstr "sudo apt-get install samba"
33736
33737
#~ msgid ""
33738
#~ "The main Samba configuration file is located in "
33739
#~ "<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
33740
#~ "a significant amount of comments in order to document various configuration "
33741
#~ "directives."
33742
#~ msgstr ""
33743
#~ "แฟ้มการตั้งค่าหลักของ Samba อยู่ที่ <filename>/etc/samba/smb.conf</filename> "
33744
#~ "แฟ้มการตั้งค่าปริยายนั้นเต็มไปด้วยคำอธิบายและข้อเสนอแนะเพื่ออธิบายวัตถุประสงค"
33745
#~ "์ของแต่ละคำสั่ง"
33746
33747
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
33748
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
33749
33750
#~ msgid ""
33751
#~ "<emphasis>security = user:</emphasis> requires clients to supply a username "
33752
#~ "and password to connect to shares. Samba user accounts are separate from "
33753
#~ "system accounts, but the <application>libpam-smbpass</application> package "
33754
#~ "will sync system users and passwords with the Samba user database."
33755
#~ msgstr ""
33756
#~ "<emphasis>security = user:</emphasis> "
33757
#~ "บังคับให้เครื่องลูกข่ายต้องระบุชื่อผู้ใช้และรหัสผ่านเพื่อที่จะเชื่อมต่อเข้ากั"
33758
#~ "บแชร์ บัญชีผู้ใช้ของแซมบ้านั้นแยกกันกับบัญชีผู้ใช้ของระบบ แต่ว่าแพคเกจ "
33759
#~ "<application>libpam-smbpass</application> "
33760
#~ "จะช่วยทำให้ชื่อและรหัสผ่านของระบบเหมือนกันกับในฐานข้อมูลของแซมบ้าได้"
33761
33762
#~ msgid ""
33763
#~ "First, install the <application>libpam-smbpass</application> package which "
33764
#~ "will sync the system users to the Samba user database:"
33765
#~ msgstr ""
33766
#~ "ก่อนอื่นคุณต้องติดตั้งแพคเกจ <application>libpam-smbpass</application> "
33767
#~ "ซึ่งจะทำให้ชื่อและรหัสผ่านของผู้ใช้ในระบบเหมือนกันกับในฐานข้อมูลผู้ใช้ของแซมบ"
33768
#~ "้า:"
33769
33770
#~ msgid "sudo apt-get install libpam-smbpass"
33771
#~ msgstr "sudo apt-get install libpam-smbpass"
33772
33773
#~ msgid ""
33774
#~ "If you chose the <emphasis>Samba Server</emphasis> task during installation "
33775
#~ "<application>libpam-smbpass</application> is already installed."
33776
#~ msgstr ""
33777
#~ "ถ้าคุณเลือกติดตั้ง <emphasis>เซิร์ฟเวอร์แซมบ้า</emphasis> ตอนติดตั้งอูบุนตู "
33778
#~ "แพคเกจ <application>libpam-smbpass</application> ได้ถูกติดตั้งเรียบร้อยแล้ว"
33779
33780
#~ msgid "sudo apt-get install apparmor-profiles"
33781
#~ msgstr "sudo apt-get install apparmor-profiles"
33782
33783
#~ msgid ""
33784
#~ "First, install Samba, and <application>libpam-smbpass</application> to sync "
33785
#~ "the user accounts, by entering the following in a terminal prompt:"
33786
#~ msgstr ""
33787
#~ "ก่อนอื่นคุณต้องติดตั้งแซมบ้าและ <application>libpam-smbpass</application> "
33788
#~ "เพื่อทำให้ข้อมูลผู้ใช้ของแซมบ้าและระบบตรงกันโดยพิมพ์คำสั่งดังนี้:"
33789
33790
#~ msgid "sudo apt-get install samba libpam-smbpass"
33791
#~ msgstr "sudo apt-get install samba libpam-smbpass"
33792
33793
#~ msgid ""
33794
#~ "First, install <application>samba</application> and <application>libpam-"
33795
#~ "smbpass</application>. From a terminal enter:"
33796
#~ msgstr ""
33797
#~ "ก่อนอื่น คุณต้องติดตั้งโปรแกรม <application>samba</application> และ "
33798
#~ "<application>libpam-smbpass</application> โดยพิมพ์คำสั่ง:"
33799
33800
#~ msgid "sudo apt-get install samba smbfs smbclient"
33801
#~ msgstr "sudo apt-get install samba smbfs smbclient"
33802
33803
#~ msgid "sudo apt-get install apache2"
33804
#~ msgstr "sudo apt-get install apache2"
33805
33806
#~ msgid "sudo apt-get install libapache2-mod-auth-mysql"
33807
#~ msgstr "sudo apt-get install libapache2-mod-auth-mysql"
33808
33809
#~ msgid ""
33810
#~ "The <application>mod_ssl</application> module is available in "
33811
#~ "<application>apache2-common</application> package. Execute the following "
33812
#~ "command from a terminal prompt to enable the "
33813
#~ "<application>mod_ssl</application> module:"
33814
#~ msgstr ""
33815
#~ "โมดูล <application>mod_ssl</application> อยู่ในชุดโปรแกรม "
33816
#~ "<application>apache2-common</application> ถ้าคุณต้องการเริ่มใช้งาน "
33817
#~ "<application>mod_ssl</application> ให้พิมพ์คำสั่งดังนี้:"
33818
33819
#~ msgid "PHP5 - Scripting Language"
33820
#~ msgstr "ภาษาสคริปต์ PHP5"
33821
33822
#~ msgid ""
33823
#~ "PHP is a general-purpose scripting language suited for Web development. The "
33824
#~ "PHP script can be embedded into HTML. This section explains how to install "
33825
#~ "and configure PHP5 in Ubuntu System with Apache2 and MySQL."
33826
#~ msgstr ""
33827
#~ "PHP เป็นภาษาสำหรับเขียนสคริปต์ที่เหมาะกับการใช้พัฒนาเว็บไซต์ โดยสคริปต์ PHP "
33828
#~ "นั้นสามารถอยู่ในไฟล์ HTML ได้ ในส่วนนี้จะอธิบายวิธีการติดตั้งและตั้งค่า "
33829
#~ "PHP5 ในอูบุนตูที่มี Apache2 และ MySQL อยู่แล้ว"
33830
33831
#~ msgid ""
33832
#~ "To install PHP5 you can enter the following command in the terminal prompt: "
33833
#~ "<screen>\n"
33834
#~ "<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
33835
#~ "</screen>"
33836
#~ msgstr ""
33837
#~ "เพื่อติดตั้ง PHP5 ให้พิมพ์คำสั่งดังนี้: <screen>\n"
33838
#~ "<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
33839
#~ "</screen>"
33840
33841
#~ msgid ""
33842
#~ "You can run PHP5 scripts from command line. To run PHP5 scripts from command "
33843
#~ "line you should install <application>php5-cli</application> package. To "
33844
#~ "install <application>php5-cli</application> you can enter the following "
33845
#~ "command in the terminal prompt: <screen>\n"
33846
#~ "<command>sudo apt-get install php5-cli</command>\n"
33847
#~ "</screen>"
33848
#~ msgstr ""
33849
#~ "คุณสามารถใช้งานสคริปต์ PHP5 จาก command line แต่ก่อนอื่นคุณต้องลงชุดโปรแกรม "
33850
#~ "<application>php5-cli</application> เสียก่อน โดยพิมพ์คำสั่งดังนี้:<screen>\n"
33851
#~ "<command>sudo apt-get install php5-cli</command>\n"
33852
#~ "</screen>"
33853
33854
#~ msgid ""
33855
#~ "You can also execute PHP5 scripts without installing PHP5 Apache module. To "
33856
#~ "accomplish this, you should install <application>php5-cgi</application> "
33857
#~ "package. You can run the following command in a terminal prompt to install "
33858
#~ "<application>php5-cgi</application> package: <screen>\n"
33859
#~ "<command>sudo apt-get install php5-cgi</command>\n"
33860
#~ "</screen>"
33861
#~ msgstr ""
33862
#~ "นอกจากนั้นคุณยังสามารถใช้งานสคริปต์ PHP5 ได้โดยไม่ต้องติดตั้งโมดูล PHP5 "
33863
#~ "สำหรับ Apache อีกด้วย สำหรับกรณีนี้คุณจะต้องติดตั้งชุดโปรแกรม "
33864
#~ "<application>php5-cgi</application> แทนโดยพิมพ์คำสั่ง:<screen>\n"
33865
#~ "<command>sudo apt-get install php5-cgi</command>\n"
33866
#~ "</screen>"
33867
33868
#~ msgid ""
33869
#~ "To use <application>MySQL</application> with PHP5 you should install "
33870
#~ "<application>php5-mysql</application> package. To install <application>php5-"
33871
#~ "mysql</application> you can enter the following command in the terminal "
33872
#~ "prompt: <screen>\n"
33873
#~ "<command>sudo apt-get install php5-mysql</command>\n"
33874
#~ "</screen>"
33875
#~ msgstr ""
33876
#~ "เพื่อที่จะใช้งาน <application>MySQL</application> จาก PHP5 "
33877
#~ "ได้คุณต้องติดตั้งชุดโปรแกรม <application>php5-mysql</application> "
33878
#~ "โดยพิมพ์คำสั่ง:<screen>\n"
33879
#~ "<command>sudo apt-get install php5-mysql</command>\n"
33880
#~ "</screen>"
33881
33882
#~ msgid ""
33883
#~ "Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
33884
#~ "install <application>php5-pgsql</application> package. To install "
33885
#~ "<application>php5-pgsql</application> you can enter the following command in "
33886
#~ "the terminal prompt: <screen>\n"
33887
#~ "<command>sudo apt-get install php5-pgsql</command>\n"
33888
#~ "</screen>"
33889
#~ msgstr ""
33890
#~ "ในทำนองเดียวกัน ถ้าคุณต้องการใช้ <application>PostgreSQL</application> กับ "
33891
#~ "PHP5 คุณจะต้องติดตั้งชุดโปรแกรม <application>php5-pgsql</application> "
33892
#~ "โดยพิมพ์คำสั่ง:<screen>\n"
33893
#~ "<command>sudo apt-get install php5-pgsql</command>\n"
33894
#~ "</screen>"
33895
33896
#~ msgid ""
33897
#~ "Once you install PHP5, you can run PHP5 scripts from your web browser. If "
33898
#~ "you have installed <application>php5-cli</application> package, you can run "
33899
#~ "PHP5 scripts from your command prompt."
33900
#~ msgstr ""
33901
#~ "หลังจากคุณได้ติดตั้ง PHP5 คุณสามารถใช้งานสคริปติ์ PHP5 จากเบราเซอร์ของคุณ "
33902
#~ "แต่ถ้าคุณติดตั้งชุดโปรแกรม <application>php5-cli</application> "
33903
#~ "คุณจะสามารถใช้งานสคริปต์ PHP5 จากพร๊อมต์คำสั่ง (command prompt) ได้อีกด้วย"
33904
33905
#~ msgid ""
33906
#~ "By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
33907
#~ "other words, the PHP5 module is enabled in Apache2 Web server automatically "
33908
#~ "when you install the module. Please verify if the files "
33909
#~ "<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
33910
#~ "<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
33911
#~ "not exists, you can enable the module using <command>a2enmod</command> "
33912
#~ "command."
33913
#~ msgstr ""
33914
#~ "โดยปกติแล้ว Apache2 จะถูกตั้งค่าให้ใช้งานสคริปต์ PHP5 ได้อยู่แล้ว "
33915
#~ "หรือจะพูดอีกแบบก็คือ Apache2 นั้นจะใช้งานโมดูล PHP5 "
33916
#~ "โดยอัตโนมัติเวลาคุณติดตั้งโมดูล ลองตรวจสอบดูว่ามีไฟล์ "
33917
#~ "<filename>/etc/apache2/mods-enabled/php5.conf</filename> และ "
33918
#~ "<filename>/etc/apache2/mods-enabled/php5.load</filename> อยู่ "
33919
#~ "ถ้าไม่มีคุณสามารถเริ่มใช้โมดูล PHP5 ได้โดยใช้คำสั่ง "
33920
#~ "<command>a2enmod</command>"
33921
33922
#~ msgid ""
33923
#~ "To verify your installation, you can run following PHP5 phpinfo script:"
33924
#~ msgstr ""
33925
#~ "เพื่อทดสอบว่าการติดตั้งเรียบร้อยดี คุณสามารถลองใช้สคริปต์ phpinfo ดู:"
33926
33927
#~ msgid ""
33928
#~ "You can save the content in a file <filename>phpinfo.php</filename> and "
33929
#~ "place it under <command>DocumentRoot</command> directory of Apache2 Web "
33930
#~ "server. When point your browser to "
33931
#~ "<filename>http://hostname/phpinfo.php</filename>, it would display values of "
33932
#~ "various PHP5 configuration parameters."
33933
#~ msgstr ""
33934
#~ "คุณสามารถบันทึกเนื้อหาในไฟล์ <filename>phpinfo.php</filename> "
33935
#~ "และวางไฟล์ไว้ในไดเร็คทอรี่ <command>DocumentRoot</command> ของ Apache2 "
33936
#~ "เมื่อคุณชี้เบราเซอร์ของคุณไปที่ "
33937
#~ "<filename>http://hostname/phpinfo.php</filename> "
33938
#~ "เบราเซอร์ของคุณจะแสดงการตั้งค่าต่างๆของ PHP5"
33939
33940
#~ msgid "sudo apt-get install rails"
33941
#~ msgstr "sudo apt-get install rails"
33942
33943
#~ msgid ""
33944
#~ "MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
33945
#~ "engine, and licensed under the GNU GPL."
33946
#~ msgstr ""
33947
#~ "MoinMoin เป็นโปรแกรมวิกิที่เขียนด้วยภาษาไพธอน (Python) "
33948
#~ "โดยปรับปรุงจากโปรแกรมวิกิ PikiPiki และอยู่ภายใต้สัญญาแบบ GNU GPL"
33949
33950
#~ msgid "sudo apt-get install python-moinmoin"
33951
#~ msgstr "sudo apt-get install python-moinmoin"
33952
33953
#~ msgid ""
33954
#~ "You should also install <application>apache2</application> web server. For "
33955
#~ "installing <application>apache2</application> web server, please refer to "
33956
#~ "<xref linkend=\"http-installation\"/> sub-section in <xref "
33957
#~ "linkend=\"httpd\"/> section."
33958
#~ msgstr ""
33959
#~ "เราแนะนำให้คุณติดตั้งโปรแกรมเว็บเซิร์ฟเวอร์ "
33960
#~ "<application>apache2</application> ด้วย กรุณาอ่านบทความ <xref "
33961
#~ "linkend=\"http-installation\"/> ในส่วน <xref linkend=\"httpd\"/> "
33962
#~ "สำหรับคำแนะนำในการติดตั้ง <application>apache2</application>"
33963
33964
#~ msgid ""
33965
#~ "For configuring your first Wiki application, please run the following set of "
33966
#~ "commands. Let us assume that you are creating a Wiki named "
33967
#~ "<emphasis>mywiki</emphasis>:"
33968
#~ msgstr ""
33969
#~ "สำหรับการตั้งค่าโปรแกรมวิกิแรกของคุณ กรุณาพิมพ์คำสั่งดังต่อไปนี้ "
33970
#~ "สมมุติว่าคุณต้องการสร้างวิกิชื่อ <emphasis>mywiki</emphasis>:"
33971
33972
#~ msgid ""
33973
#~ "Now you should configure <application>MoinMoin</application> to find your "
33974
#~ "new Wiki <emphasis>mywiki</emphasis>. To configure "
33975
#~ "<application>MoinMoin</application>, open "
33976
#~ "<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
33977
#~ msgstr ""
33978
#~ "จากนั้นคุณต้องตั้งค่า <application>MoinMoin</application> "
33979
#~ "ให้รู้จักวิกิใหม่ของคุณที่ชื่อ <emphasis>mywiki</emphasis> โดยเปิดไฟล์ "
33980
#~ "<filename>/etc/moin/mywiki.py</filename> และแก้ไขบรรทัดต่อไปนี้:"
33981
33982
#~ msgid ""
33983
#~ "If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
33984
#~ "insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
33985
#~ "<filename>/etc/moin/farmconfig.py</filename> file after the line "
33986
#~ "<quote>(\"mywiki\", r\".*\")</quote>."
33987
#~ msgstr ""
33988
#~ "ถ้าคุณตั้งชื่อวิกิของคุณชื่อ <emphasis>my_wiki_name</emphasis> "
33989
#~ "คุณควรแทรกบรรทัด <quote>(\"my_wiki_name\", r\".*\")</quote> หลังบรรทัด "
33990
#~ "<quote>(\"mywiki\", r\".*\")</quote> ในไฟล์ "
33991
#~ "<filename>/etc/moin/farmconfig.py</filename>"
33992
33993
#~ msgid ""
33994
#~ "Once you have configured <application>MoinMoin</application> to find your "
33995
#~ "first Wiki application <emphasis>mywiki</emphasis>, you should configure "
33996
#~ "<application>apache2</application> and make it ready for your Wiki "
33997
#~ "application."
33998
#~ msgstr ""
33999
#~ "หลังจากที่คุณได้ตั้งค่าของ <application>MoinMoin</application> ให้หาวิกิ "
34000
#~ "<emphasis>mywiki</emphasis> ของคุณเจอแล้ว คุณจะต้องทำให้ "
34001
#~ "<application>apache2</application> พร้อมที่จะให้บริการวิกิของคุณผ่านเว็บ"
34002
34003
#~ msgid ""
34004
#~ "Once you configure the <application>apache2</application> web server and "
34005
#~ "make it ready for your Wiki application, you should restart it. You can run "
34006
#~ "the following command to restart the <application>apache2</application> web "
34007
#~ "server:"
34008
#~ msgstr ""
34009
#~ "หลังจากที่คุณตั้งค่าของโปรแกรม <application>apache2</application> "
34010
#~ "เว็บเซิร์ฟเวอร์แล้ว คุณจะต้องเริ่มโปรแกรม <application>apache2</application> "
34011
#~ "เว็บเซิร์ฟเวอร์ใหม่โดยพิมพ์คำสั่งดังนี้:"
34012
34013
#~ msgid "MediaWiki"
34014
#~ msgstr "มีเดียวิกิ (MediaWiki)"
34015
34016
#~ msgid ""
34017
#~ "MediaWiki is an web based Wiki software written in the PHP language. It can "
34018
#~ "either use <application>MySQL</application> or "
34019
#~ "<application>PostgreSQL</application> Database Management System."
34020
#~ msgstr ""
34021
#~ "มีเดียวิกิ (MediaWiki) เป็นระบบวิกิที่ทำงานบนเว็บและถูกเขียนด้วยภาษา PHP "
34022
#~ "มีเดียวิกิสามารถใช้ฐานข้อมูล <application>MySQL</application> หรือ "
34023
#~ "<application>PostgreSQL</application> เพื่อจัดเก็บข้อมูลในวิกิ"
34024
34025
#~ msgid ""
34026
#~ "To install <application>MediaWiki</application>, run the following command "
34027
#~ "in the command prompt:"
34028
#~ msgstr ""
34029
#~ "คุณสามารถติดตั้งโปรแกรม <application>MediaWiki</application> "
34030
#~ "ได้โดยพิมพ์คำสั่งดังนี้:"
34031
34032
#~ msgid "sudo apt-get install mediawiki php5-gd"
34033
#~ msgstr "sudo apt-get install mediawiki php5-gd"
34034
34035
#, no-wrap
34036
#~ msgid ""
34037
#~ "\n"
34038
#~ "http://localhost/mediawiki/config/index.php\n"
34039
#~ msgstr ""
34040
#~ "\n"
34041
#~ "http://localhost/mediawiki/config/index.php\n"
34042
34043
#~ msgid ""
34044
#~ "Please read the <quote>Checking environment...</quote> section in this page. "
34045
#~ "You should be able to fix many issues by carefully reading this section."
34046
#~ msgstr ""
34047
#~ "กรุณาอ่านส่วน <quote>ตรวจสอบสภาพแวดล้อม...</quote> ในหน้านี้ด้วย "
34048
#~ "คุณจะสามารถแก้ปัญหาหลายๆข้อได้จากการอ่านส่วนดังกล่าวอย่างละเอียด"
34049
34050
#~ msgid ""
34051
#~ "For more details, please refer to the <ulink "
34052
#~ "url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
34053
#~ msgstr ""
34054
#~ "คุณสามารถอ่านรายละเอียดเพิ่มเติมได้จากเว็บ <ulink "
34055
#~ "url=\"http://www.mediawiki.org\">MediaWiki</ulink>"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1