Difference between revisions of "UCS Appliance"

From Univention Wiki

Jump to: navigation, search
Line 2: Line 2:
 
{{Version|UCS=3.1}}
 
{{Version|UCS=3.1}}
  
This article describes how to create an appliance based on UCS 3. It is recommended to use the latest UCS 3 version. The appliance mode can only configured on a Domaincontroller Master. Later in the configuration wizard it is possible to change the server role.
+
This article describes how to create an appliance based on UCS 3. It is recommended to use the latest UCS 3 version. The appliance mode can only be configured on a Domaincontroller Master. Later in the configuration wizard it is possible to change the server role.
  
 
= Installation =
 
= Installation =
  
While selecting the system role in UCS 3 Domaincontroller Master installation, F3 must be pressed. This will disable the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:
+
While selecting the system role in UCS 3 Domaincontroller Master installation, the key ''F3'' must be pressed. This will disable running the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:
<source lang= bash>
+
<source lang=bash>
 
univention-upgrade
 
univention-upgrade
 
</source>
 
</source>
  
After that the package univention-system-setup-boot should be installed. There are three ways to configure the UCS system: local, remote or automatic.
+
After that the package ''univention-system-setup-boot'' should be installed. There are three ways to configure the UCS system:
  
 
== Local configuration ==
 
== Local configuration ==
  
The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured. To activate this mode univention-system-setup-boot can be installed by the following command:
+
The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured.
<source lang= bash>
+
 
 +
To activate this mode ''univention-system-setup-boot'' needs be installed by the following command:
 +
<source lang=bash>
 
univention-install univention-system-setup-boot xinit firefox-en
 
univention-install univention-system-setup-boot xinit firefox-en
 
</source>
 
</source>
Line 22: Line 24:
 
== Remote configuration ==
 
== Remote configuration ==
  
The remote configuration is necessary, when the access to the local console is not given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when univention-system-setup-boot is installed, this can be prevented by adding ''--no-install-recommends'' to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable ''system/setup/boot/start'':
+
The remote configuration is necessary, when no access to the local console is given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when the package ''univention-system-setup-boot'' is installed, which can be prevented by adding ''--no-install-recommends'' to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable ''system/setup/boot/start'':
 
<source lang= bash>
 
<source lang= bash>
 
univention-install univention-system-setup-boot --no-install-recommends
 
univention-install univention-system-setup-boot --no-install-recommends
ucr set system/setup/boot/start="false"
+
ucr set system/setup/boot/start=false
 
</source>
 
</source>
  
 
== Automatic configuration ==
 
== Automatic configuration ==
  
An automatic configuration is possible by creating a profile file (''/var/cache/univention-system-setup/profile''). Here is an easy example for creating such a file and running setup-join.sh:
+
An automatic configuration is possible by creating a profile file ''/var/cache/univention-system-setup/profile''. Here is an easy example for creating such a file and running setup-join.sh:
  
 
<source lang= bash>
 
<source lang= bash>
Line 55: Line 57:
  
 
/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1
 
/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1
 
 
</source>
 
</source>
  
Line 64: Line 65:
 
== Installation ==
 
== Installation ==
  
* The easiest way is to install UCS into KVM with the raw image format for the harddisks, one for root and one for swap. The root partion should be configured without LVM. AMD64 is recommended as the architecture of choice. Amazon EC2 images must be configured with remote or automatic mode, because the local console can not be accessed.
+
* The easiest way is to install UCS into KVM with the raw image format for the harddisks, one for root and one for swap. The root partition should be configured without LVM. AMD64 is recommended as the architecture of choice. Amazon EC2 images must be configured with remote or automatic mode, because the local console can not be accessed.
 
* The disk size should be set to 3 GB
 
* The disk size should be set to 3 GB
 
* The following values should be set during the installation:
 
* The following values should be set during the installation:
Line 83: Line 84:
  
 
Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:
 
Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:
<source lang= bash>
+
<source lang=bash>
 
# change from sda to xvda and re-configure grub
 
# change from sda to xvda and re-configure grub
 
ucr set grub/root=/dev/xvda1
 
ucr set grub/root=/dev/xvda1
Line 91: Line 92:
 
ucr set grub/grub1root="(hd0)"
 
ucr set grub/grub1root="(hd0)"
 
univention-grub-generate-menu-lst
 
univention-grub-generate-menu-lst
+
 
 
# generate all UMC languages
 
# generate all UMC languages
ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"; locale-gen
+
ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"
 +
locale-gen
  
 
# Remove persistent net rule
 
# Remove persistent net rule
 
rm -f /etc/udev/rules.d/70-persistent-net.rules
 
rm -f /etc/udev/rules.d/70-persistent-net.rules
+
 
 
# overwrite old update/available flag
 
# overwrite old update/available flag
 
ucr set update/available=false
 
ucr set update/available=false
Line 114: Line 116:
 
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 
ucr unset gateway
 
ucr unset gateway
+
 
 
# Set a default nameserver and remove all local configured nameserver
 
# Set a default nameserver and remove all local configured nameserver
 
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
 
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
Line 132: Line 134:
 
# Remove persistent net rule
 
# Remove persistent net rule
 
rm /etc/udev/rules.d/70-persistent-net.rules
 
rm /etc/udev/rules.d/70-persistent-net.rules
 +
 +
# Shutdown the system
 +
halt -p
 
</source>
 
</source>
  
Line 163: Line 168:
  
 
The following changes are required after the installation and upgrade:
 
The following changes are required after the installation and upgrade:
<source lang= bash>
+
<source lang=bash>
 
# allow X11 login as normal user
 
# allow X11 login as normal user
 
ucr set 'auth/gdm/group/Domain Users=yes'
 
ucr set 'auth/gdm/group/Domain Users=yes'
+
 
 
# Disable xorg autodetection and set resolution to 1024x768
 
# Disable xorg autodetection and set resolution to 1024x768
 
ucr set xorg/autodetect=no \
 
ucr set xorg/autodetect=no \
 
     xorg/device/driver=vmware \
 
     xorg/device/driver=vmware \
 
     xorg/resolution=1024x768
 
     xorg/resolution=1024x768
+
 
 
# Disable kernel mode set
 
# Disable kernel mode set
 
ucr set grub/append="nomodeset $(ucr get grub/append)"
 
ucr set grub/append="nomodeset $(ucr get grub/append)"
Line 189: Line 194:
 
# install univention-system-setup-boot
 
# install univention-system-setup-boot
 
univention-install --reinstall univention-system-setup-boot
 
univention-install --reinstall univention-system-setup-boot
ucr set system/setup/boot/start="true"
+
ucr set system/setup/boot/start=true
  
 
# Activate DHCP
 
# Activate DHCP
 
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 
ucr unset gateway
 
ucr unset gateway
+
 
 
# Set a default nameserver and remove all local configured nameserver
 
# Set a default nameserver and remove all local configured nameserver
 
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
 
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
Line 226: Line 231:
 
* The ISO image should be removed from the VMware hardware settings.
 
* The ISO image should be removed from the VMware hardware settings.
 
* After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
 
* After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
<source lang= bash>
+
<source lang=bash>
 
chmod -R 755 <directory of virtual machine>
 
chmod -R 755 <directory of virtual machine>
 
rm <directory of virtual machine>/{vmware*.log,nvram}
 
rm <directory of virtual machine>/{vmware*.log,nvram}
Line 232: Line 237:
  
 
*  Finally a ZIP archive should be created
 
*  Finally a ZIP archive should be created
<source lang= bash>
+
<source lang=bash>
 
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
 
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
 
md5sum ucs-<version>-demo-image.zip > ucs-<version>-demo-image.zip.md5
 
md5sum ucs-<version>-demo-image.zip > ucs-<version>-demo-image.zip.md5
Line 239: Line 244:
 
== Later customization ==
 
== Later customization ==
  
A VMware image of UCS that has been created by following the above outlined steps can be further customized later. For example, 3rd party software may be added to the image.  
+
A VMware image of UCS that has been created by following the above outlined steps can be further customized later. For example, 3rd party software may be added to the image.
  
 
The VMware image starts UCS into the system wizard. The system configuration follows the same steps as outlined in the article [[Operation and Configuration of the UCS system in VMware]]. The following steps abort the system setup wizard for customized configuration and re-activates the system setup wizard for the next system reboot:
 
The VMware image starts UCS into the system wizard. The system configuration follows the same steps as outlined in the article [[Operation and Configuration of the UCS system in VMware]]. The following steps abort the system setup wizard for customized configuration and re-activates the system setup wizard for the next system reboot:
Line 246: Line 251:
 
* Press ''Ctrl + q'' to quit the system setup wizard and Mozilla Firefox.
 
* Press ''Ctrl + q'' to quit the system setup wizard and Mozilla Firefox.
 
* Press ''F8'' two times to enter a console.
 
* Press ''F8'' two times to enter a console.
* Switch to the first console, for example by pressing Ctrl-Alt-F1. If you use  VMware under Linux you have to press Ctrl+Alt+Space, release the space, keep holding down Ctrl+Alt and then press the F1 key.
+
* Switch to the first console, for example by pressing ''Ctrl-Alt-F1''. If you use  VMware under Linux you have to press ''Ctrl+Alt+Space'', release only the space key while still holding down ''Ctrl+Alt'', and then press the ''F1'' key.
 
* Login with ''root'' and the password provided during installation. If the [http://www.univention.de/en/download/preinstalled-vmware-images/ UCS VMware image from the Univention Website] is used, the password is ''univention''.
 
* Login with ''root'' and the password provided during installation. If the [http://www.univention.de/en/download/preinstalled-vmware-images/ UCS VMware image from the Univention Website] is used, the password is ''univention''.
 
* Work through the intended customizations.
 
* Work through the intended customizations.
Line 255: Line 260:
 
chmod 600 /var/lib/univention-ldap/root.secret
 
chmod 600 /var/lib/univention-ldap/root.secret
 
</source>
 
</source>
* When finished, the system setup wizard has to be activated for the next boot.
+
* When finished, the system setup wizard has to be re-activated for the next boot.
 
<source lang=bash>
 
<source lang=bash>
ucr set system/setup/boot/start="true"
+
ucr set system/setup/boot/start=true
 
</source>
 
</source>
  
 
[[Category:EN]]
 
[[Category:EN]]
 
[[Category:Virtualisierung]]
 
[[Category:Virtualisierung]]

Revision as of 17:30, 5 February 2013

Produktlogo UCS Version 3.0
Produktlogo UCS Version 3.1

This article describes how to create an appliance based on UCS 3. It is recommended to use the latest UCS 3 version. The appliance mode can only be configured on a Domaincontroller Master. Later in the configuration wizard it is possible to change the server role.

Installation

While selecting the system role in UCS 3 Domaincontroller Master installation, the key F3 must be pressed. This will disable running the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:

univention-upgrade

After that the package univention-system-setup-boot should be installed. There are three ways to configure the UCS system:

Local configuration

The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured.

To activate this mode univention-system-setup-boot needs be installed by the following command:

univention-install univention-system-setup-boot xinit firefox-en

Remote configuration

The remote configuration is necessary, when no access to the local console is given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when the package univention-system-setup-boot is installed, which can be prevented by adding --no-install-recommends to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable system/setup/boot/start:

univention-install univention-system-setup-boot --no-install-recommends
ucr set system/setup/boot/start=false

Automatic configuration

An automatic configuration is possible by creating a profile file /var/cache/univention-system-setup/profile. Here is an easy example for creating such a file and running setup-join.sh:

cat > /var/cache/univention-system-setup/profile <<__HERE__
hostname="ucs"
domainname="testdom.local"
windows/domain="TESTDOM"
ldap/base="dc=testdom,dc=local"
root_password="univention"

components="univention-s4-connector:univention-samba4 univention-nagios-server"
packages_install="univention-s4-connector univention-samba4 univention-nagios-server"
packages_remove=""

# interfaces/eth0/type="dynamic"
interfaces/eth0/type=""
interfaces/eth0/address="10.201.101.2"
interfaces/eth0/netmask="255.0.0.0"
interfaces/eth0/network="10.0.0.0"
interfaces/eth0/broadcast="10.255.255.255"
dns/forwarder1="10.201.74.2"
gateway="10.201.0.1"
__HERE__

/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1

Preparing Amazon EC2 Images

The following section describes, how the images at Amazon EC2 are prepared. How to use the prepared image is described in the Amazon EC2 Quickstart Guide.

Installation

  • The easiest way is to install UCS into KVM with the raw image format for the harddisks, one for root and one for swap. The root partition should be configured without LVM. AMD64 is recommended as the architecture of choice. Amazon EC2 images must be configured with remote or automatic mode, because the local console can not be accessed.
  • The disk size should be set to 3 GB
  • The following values should be set during the installation:
    • System language: English (default)
    • Time zone: America/New_York (default)
    • Keyboard layout: US american (default)
    • System role: Master domain controller + Disable join scripts by pressing F3
    • Fully qualified domain name: ucsmaster.ucs.local
    • LDAP base: dc=ucs,dc=local (autofilled)
    • Windows domain name: UCS (autofilled)
    • Root password: univention
    • Partitioning: Auto-Partitioning
    • Network: Dynamic (DHCP)
    • Software: Deselect all
    • Overview: Select Update system after installation (default)

Configuration

Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:

# change from sda to xvda and re-configure grub
ucr set grub/root=/dev/xvda1
sed -i 's|/dev/sda1|/dev/xvda1|;s|/dev/sdb1|/dev/xvda3|' /etc/fstab
append="$(ucr get grub/append)"
ucr set grub/append="$(echo "$append" | sed -e 's|/dev/sda|/dev/xvda|g;s|splash|nosplash|')"
ucr set grub/grub1root="(hd0)"
univention-grub-generate-menu-lst

# generate all UMC languages
ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"
locale-gen

# Remove persistent net rule
rm -f /etc/udev/rules.d/70-persistent-net.rules

# overwrite old update/available flag
ucr set update/available=false

# install univention-system-setup-boot
univention-install --reinstall univention-system-setup-boot
ucr set system/setup/boot/start=false

# SSH with authentication key will be used in EC2, so remove the root password
usermod -p \* root

# Activate EC2 mode
ucr set server/amazon=true

# Activate DHCP
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
ucr unset gateway

# Set a default nameserver and remove all local configured nameserver
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
ucr unset nameserver2 nameserver3
ucr unset dns/forwarder2 dns/forwarder3

# Ensure dbus will be restarted after the configuration
cat >/usr/lib/univention-system-setup/appliance-hooks.d/dbus <<__EOF__
#!/bin/sh
test -x /etc/init.d/dbus && /etc/init.d/dbus restart
__EOF__
chmod +x /usr/lib/univention-system-setup/appliance-hooks.d/dbus

# Configure the updater
ucr set updater/identify="UCS (EC2)"

# Remove persistent net rule
rm /etc/udev/rules.d/70-persistent-net.rules

# Shutdown the system
halt -p

Preparing VMware Images

Installation

  • Download and install the latest VMplayer version form http://www.vmware.com/
  • Download the latest UCS installation ISO image for i386: http://www.univention.de/en/download/
  • Start VMplayer and select "Create a New Virtual Machine"
  • Select the downloaded UCS ISO image as disc image
  • Select Linux as Guest Operating System and select "Other Linux 2.6.x kernel" as version
  • The name should be the UCS version, for example "UCS 3.0-1"
  • The disk size should be set to 8 GB and the option "Split virtual disk into multiple files" should not be selected
  • The memory should be set to 1 GB
  • The following values should be set during the installation:
    • System language: English (default)
    • Time zone: America/New_York (default)
    • Keyboard layout: US american (default)
    • System role: Master domain controller + Disable join scripts by pressing F3
    • Fully qualified domain name: ucsmaster.ucs.local
    • LDAP base: dc=ucs,dc=local (autofilled)
    • Windows domain name: UCS (autofilled)
    • Root password: univention
    • Partitioning: Auto-Partitioning
    • Network: Dynamic (DHCP)
    • Software: default
    • Overview: Select Update system after installation (default)

Configuration

The following changes are required after the installation and upgrade:

# allow X11 login as normal user
ucr set 'auth/gdm/group/Domain Users=yes'

# Disable xorg autodetection and set resolution to 1024x768
ucr set xorg/autodetect=no \
    xorg/device/driver=vmware \
    xorg/resolution=1024x768

# Disable kernel mode set
ucr set grub/append="nomodeset $(ucr get grub/append)"

# Install vmmouse xorg driver (since UCS 3.0-2 part of maintained)
univention-install xserver-xorg-input-vmmouse

# generate all UMC languages
ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"; locale-gen

# Remove persistent net rule
rm -f /etc/udev/rules.d/70-persistent-net.rules

# overwrite old update/available flag
ucr set update/available=false

# install univention-system-setup-boot
univention-install --reinstall univention-system-setup-boot
ucr set system/setup/boot/start=true

# Activate DHCP
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
ucr unset gateway

# Set a default nameserver and remove all local configured nameserver
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
ucr unset nameserver2 nameserver3
ucr unset dns/forwarder2 dns/forwarder3

# Configure the updater
ucr set updater/identify="UCS (VMware)"

# Ensure dbus will be restated after the configuration
cat >/usr/lib/univention-system-setup/appliance-hooks.d/dbus <<__EOF__
#!/bin/sh
test -x /etc/init.d/dbus && /etc/init.d/dbus restart
__EOF__
chmod +x /usr/lib/univention-system-setup/appliance-hooks.d/dbus

# Ensure s4connector will be restarted after the configuration
cat >/usr/lib/univention-system-setup/appliance-hooks.d/s4connector <<__EOF__
#!/bin/sh
test -x /etc/init.d/univention-s4-connector && /etc/init.d/univention-s4-connector restart
__EOF__
chmod +x /usr/lib/univention-system-setup/appliance-hooks.d/s4connector

# Cleanup apt archive
apt-get clean

# Shutdown the system
halt -p
  • The ISO image should be removed from the VMware hardware settings.
  • After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
chmod -R 755 <directory of virtual machine>
rm <directory of virtual machine>/{vmware*.log,nvram}
  • Finally a ZIP archive should be created
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
md5sum ucs-<version>-demo-image.zip > ucs-<version>-demo-image.zip.md5

Later customization

A VMware image of UCS that has been created by following the above outlined steps can be further customized later. For example, 3rd party software may be added to the image.

The VMware image starts UCS into the system wizard. The system configuration follows the same steps as outlined in the article Operation and Configuration of the UCS system in VMware. The following steps abort the system setup wizard for customized configuration and re-activates the system setup wizard for the next system reboot:

  • Start the VMware image until the system setup wizard shows up.
  • Press Ctrl + q to quit the system setup wizard and Mozilla Firefox.
  • Press F8 two times to enter a console.
  • Switch to the first console, for example by pressing Ctrl-Alt-F1. If you use VMware under Linux you have to press Ctrl+Alt+Space, release only the space key while still holding down Ctrl+Alt, and then press the F1 key.
  • Login with root and the password provided during installation. If the UCS VMware image from the Univention Website is used, the password is univention.
  • Work through the intended customizations.
  • Optional step: The pages displayed in the system setup wizard can be customized using the following UCR variables: system/setup/boot/pages/whiteliste and system/setup/boot/pages/blacklist. Options for the pages are HelpPage, SystemRolePage, LanguagePage, BasisPage, NetworkPage, CertificatePage, SoftwarePage. If the BasisPage is put on the blacklist, the administrator password needs to be set on the system (described in this forum post (German)):
mkdir -p /var/lib/univention-ldap
echo -n "secret root password" > /var/lib/univention-ldap/root.secret
chmod 600 /var/lib/univention-ldap/root.secret
  • When finished, the system setup wizard has to be re-activated for the next boot.
ucr set system/setup/boot/start=true
Personal tools