Difference between revisions of "UCS Appliance"

From Univention Wiki

Jump to: navigation, search
(Link aktualisiert.)
m (Enable syntax highlighting)
Line 6: Line 6:
  
 
While selecting the system role in UCS 3 Domaincontroller Master installation, F3 must be pressed. This will disable the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:
 
While selecting the system role in UCS 3 Domaincontroller Master installation, F3 must be pressed. This will disable the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:
<pre>
+
<source lang= bash>
 
univention-upgrade
 
univention-upgrade
</pre>
+
</source>
  
 
In UCS 3.0-2 are several fixes. Until this release is available it is possible to install the required packages from the scope ''system-setup3.0-1''. To activate this scope the following steps are required:
 
In UCS 3.0-2 are several fixes. Until this release is available it is possible to install the required packages from the scope ''system-setup3.0-1''. To activate this scope the following steps are required:
<pre>
+
<source lang= bash>
 
ucr set repository/online/component/system-setup3.0-1=yes \
 
ucr set repository/online/component/system-setup3.0-1=yes \
 
         repository/online/component/system-setup3.0-1/parts=unmaintained
 
         repository/online/component/system-setup3.0-1/parts=unmaintained
 
univention-upgrade
 
univention-upgrade
</pre>
+
</source>
  
 
After that the package univention-system-setup-boot should be installed. There are three ways to configure the UCS system: local, remote or automatic.
 
After that the package univention-system-setup-boot should be installed. There are three ways to configure the UCS system: local, remote or automatic.
Line 22: Line 22:
  
 
The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured. To activate this mode univention-system-setup-boot can be installed by the following command:
 
The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured. To activate this mode univention-system-setup-boot can be installed by the following command:
<pre>
+
<source lang= bash>
 
univention-install univention-system-setup-boot
 
univention-install univention-system-setup-boot
</pre>
+
</source>
  
 
== Remote configuration ==
 
== Remote configuration ==
  
 
The remote configuration is necessary, when the access to the local console is not given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when univention-system-setup-boot is installed, this can be prevented by adding ''--no-install-recommends'' to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable ''system/setup/boot/start'':
 
The remote configuration is necessary, when the access to the local console is not given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when univention-system-setup-boot is installed, this can be prevented by adding ''--no-install-recommends'' to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable ''system/setup/boot/start'':
<pre>
+
<source lang= bash>
 
univention-install univention-system-setup-boot --no-install-recommends
 
univention-install univention-system-setup-boot --no-install-recommends
 
ucr set system/setup/boot/start="false"
 
ucr set system/setup/boot/start="false"
</pre>
+
</source>
  
 
== Automatic configuration ==
 
== Automatic configuration ==
Line 38: Line 38:
 
An automatic configuration is possible by creating a profile file (''/var/cache/univention-system-setup/profile''). Here is an easy example for creating such a file and running setup-join.sh:
 
An automatic configuration is possible by creating a profile file (''/var/cache/univention-system-setup/profile''). Here is an easy example for creating such a file and running setup-join.sh:
  
<pre>
+
<source lang= bash>
 
cat > /var/cache/univention-system-setup/profile <<__HERE__
 
cat > /var/cache/univention-system-setup/profile <<__HERE__
 
hostname="ucs"
 
hostname="ucs"
Line 62: Line 62:
 
/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1
 
/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1
  
</pre>
+
</source>
  
 
= Preparing Amazon EC2 Images =
 
= Preparing Amazon EC2 Images =
Line 93: Line 93:
  
 
Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:
 
Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:
<pre>
+
<source lang= bash>
 
  # change from sda to xvda and re-configure grub
 
  # change from sda to xvda and re-configure grub
 
  ucr set grub/root=/dev/xvda1
 
  ucr set grub/root=/dev/xvda1
Line 137: Line 137:
 
  # Remove persistent net rule
 
  # Remove persistent net rule
 
  rm /etc/udev/rules.d/70-persistent-net.rules
 
  rm /etc/udev/rules.d/70-persistent-net.rules
</pre>
+
</source>
  
 
= Preparing VMware Images =
 
= Preparing VMware Images =
Line 173: Line 173:
  
 
The following changes are required after the installation and upgrade:
 
The following changes are required after the installation and upgrade:
<pre>
+
<source lang= bash>
 
  # allow X11 login as normal user
 
  # allow X11 login as normal user
 
  ucr set 'auth/gdm/group/Domain Users=yes'
 
  ucr set 'auth/gdm/group/Domain Users=yes'
Line 212: Line 212:
 
  # Shutdown the system
 
  # Shutdown the system
 
  halt -p
 
  halt -p
</pre>
+
</source>
  
 
* The ISO image should be removed from the VMware hardware settings.
 
* The ISO image should be removed from the VMware hardware settings.
 
* After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
 
* After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
  <pre>
+
  <source lang= bash>
 
chmod -R 755 <directory of virtual machine>
 
chmod -R 755 <directory of virtual machine>
 
rm <directory of virtual machine>/vmware*.log>
 
rm <directory of virtual machine>/vmware*.log>
</pre>.
+
</source>.
 
* Finally a ZIP archive should be created
 
* Finally a ZIP archive should be created
<pre>
+
<source lang= bash>
 
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
 
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
 
md5 ucs-<version>-demo-image.zip ucs-<version>-demo-image.zip.md5
 
md5 ucs-<version>-demo-image.zip ucs-<version>-demo-image.zip.md5
</pre>
+
</source>

Revision as of 07:08, 24 April 2012

Produktlogo UCS Version 3.0

This article describes how to create an appliance based on UCS 3. It is recommended to use the latest UCS 3 version. The appliance mode can only configured on a Domaincontroller Master. Later in the configuration wizard it is possible to change the server role.

Installation

While selecting the system role in UCS 3 Domaincontroller Master installation, F3 must be pressed. This will disable the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:

univention-upgrade

In UCS 3.0-2 are several fixes. Until this release is available it is possible to install the required packages from the scope system-setup3.0-1. To activate this scope the following steps are required:

ucr set repository/online/component/system-setup3.0-1=yes \
        repository/online/component/system-setup3.0-1/parts=unmaintained
univention-upgrade

After that the package univention-system-setup-boot should be installed. There are three ways to configure the UCS system: local, remote or automatic.

Local configuration

The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured. To activate this mode univention-system-setup-boot can be installed by the following command:

univention-install univention-system-setup-boot

Remote configuration

The remote configuration is necessary, when the access to the local console is not given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when univention-system-setup-boot is installed, this can be prevented by adding --no-install-recommends to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable system/setup/boot/start:

univention-install univention-system-setup-boot --no-install-recommends
ucr set system/setup/boot/start="false"

Automatic configuration

An automatic configuration is possible by creating a profile file (/var/cache/univention-system-setup/profile). Here is an easy example for creating such a file and running setup-join.sh:

cat > /var/cache/univention-system-setup/profile <<__HERE__
hostname="ucs"
domainname="testdom.local"
windows/domain="TESTDOM"
ldap/base="dc=testdom,dc=local"
root_password="univention"

components="univention-s4-connector:univention-samba4 univention-nagios-server"
packages_install="univention-s4-connector univention-samba4 univention-nagios-server"
packages_remove=""

# interfaces/eth0/type="dynamic"
interfaces/eth0/type=""
interfaces/eth0/address="10.201.101.2"
interfaces/eth0/netmask="255.0.0.0"
interfaces/eth0/network="10.0.0.0"
interfaces/eth0/broadcast="10.255.255.255"
dns/forwarder1="10.201.74.2"
gateway="10.201.0.1"
__HERE__

/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1

Preparing Amazon EC2 Images

The following section describes, how the images at Amazon EC2 are prepared. How to use the prepared image is described in the Amazon EC2 Quickstart Guide.

Installation

  • The easiest way is to install UCS into KVM with the raw image format for the harddisks, one for root and one for swap. As architecture is amd64 recommended. Amazon EC2 images must be configured with the remote or automatic mode, because the access to the local console is not given.
  • The disk size should be set to 3 GB
  • The following values should be set during the installation:
    • System language: English (default)
    • Time zone: America/New_York (default)
    • Keyboard layout: US american (default)
    • System role: Master domain controller + Disable join scripts by pressing F3
    • Fully qualified domain name: ucsmaster.ucs.local
    • LDAP base: dc=ucs,dc=local (autofilled)
    • Windows domain name: UCS (autofilled)
    • Root password: univention
    • Partitioning: Auto-Partitioning
    • Network:
      • IPv4 address: 192.168.0.140
      • Netmask: 255.255.255.0
      • IPv4 Gateway: 192.168.0.240
      • External name server: 208.67.222.222
    • Software: Deselect all
    • Overview: Select Update system after installation (default)

Configuration

Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:

 # change from sda to xvda and re-configure grub
 ucr set grub/root=/dev/xvda1
 sed -i 's|/dev/sda1|/dev/xvda1|;s|/dev/sdb1|/dev/xvda3|' /etc/fstab
 append="$(ucr get grub/append)"
 ucr set grub/append="$(echo "$append" | sed -e 's|/dev/sda|/dev/xvda|g;s|splash|nosplash|')"
 ucr set grub/grub1root="(hd0)"
 univention-grub-generate-menu-lst
 
 # generate all UMC languages
 ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"; locale-gen

 # Remove persistent net rule
 rm -f /etc/udev/rules.d/70-persistent-net.rules

 # For pre UCS 3.0-2 versions, activate system-setup3.0-1 scope
 ucr set repository/online/component/system-setup3.0-1=yes \
        repository/online/component/system-setup3.0-1/parts=unmaintained
 univention-upgrade
 
 # overwrite old update/available flag
 ucr set update/available=false

 # install univention-system-setup-boot
 univention-install univention-system-setup-boot
 ucr set system/setup/boot/start="false"

 # SSH with authentication key will be used in EC2, so remove the root password
 sed -i 's|root:[^:]*|root:|' /etc/shadow

 # Activate EC2 mode
 ucr set server/amazon=true

 # Activate DHCP
 ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 ucr unset gateway
 
 # Set a default nameserver and remove all local configured nameserver
 ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
 ucr unset nameserver2 nameserver3
 ucr unset dns/forwarder1 dns/forwarder2 dns/forwarder3

 # Remove persistent net rule
 rm /etc/udev/rules.d/70-persistent-net.rules

Preparing VMware Images

Installation

  • Download and install the latest VMplayer version form http://www.vmware.com
    • For compatibility an older version of VMware (like "VMware Server 1") should be used if available, and a low version number for the image (like "Workstation 5") should be chosen if possible.
  • Download the latest UCS installation ISO image for i386
  • Start VMplayer and select "Create a New Virtual Machine"
  • Select the downloaded UCS ISO image as disc image
  • Select Linux as Guest Operating System and select "Other Linux 2.6.x kernel" as version
  • The name should be the UCS version, for example "UCS 3.0-1"
  • The disk size should be set to 8 GB and the option "Split virtual disk into multiple files" should not be selected
  • The memory should be set to 1 GB
  • The following values should be set during the installation:
    • System language: English (default)
    • Time zone: America/New_York (default)
    • Keyboard layout: US american (default)
    • System role: Master domain controller + Disable join scripts by pressing F3
    • Fully qualified domain name: ucsmaster.ucs.local
    • LDAP base: dc=ucs,dc=local (autofilled)
    • Windows domain name: UCS (autofilled)
    • Root password: univention
    • Partitioning: Auto-Partitioning
    • Network:
      • IPv4 address: 192.168.0.140
      • Netmask: 255.255.255.0
      • IPv4 Gateway: 192.168.0.240
      • External name server: 208.67.222.222
    • Software: default
    • Overview: Select Update system after installation (default)

Configuration

The following changes are required after the installation and upgrade:

 # allow X11 login as normal user
 ucr set 'auth/gdm/group/Domain Users=yes'

 # Disable xorg autodetection and set resolution to 1024x768
 ucr set xorg/autodetect=no xorg/device/driver=vmware xorg/resolution=1024x768

 # generate all UMC languages
 ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"; locale-gen

 # Remove persistent net rule
 rm -f /etc/udev/rules.d/70-persistent-net.rules

 # For pre UCS 3.0-2 versions, activate system-setup3.0-1 scope
 ucr set repository/online/component/system-setup3.0-1=yes \
        repository/online/component/system-setup3.0-1/parts=unmaintained
 univention-upgrade
 
 # overwrite old update/available flag
 ucr set update/available=false

 # install univention-system-setup-boot
 univention-install univention-system-setup-boot
 ucr set system/setup/boot/start="true"

 # Activate DHCP
 ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 ucr unset gateway
 
 # Set a default nameserver and remove all local configured nameserver
 ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
 ucr unset nameserver2 nameserver3
 ucr unset dns/forwarder1 dns/forwarder2 dns/forwarder3

 # Cleanup apt archive
 apt-get clean

 # Shutdown the system
 halt -p
  • The ISO image should be removed from the VMware hardware settings.
  • After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
chmod -R 755 <directory of virtual machine>
rm <directory of virtual machine>/vmware*.log>

.

  • Finally a ZIP archive should be created
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
md5 ucs-<version>-demo-image.zip ucs-<version>-demo-image.zip.md5
Personal tools