Difference between revisions of "UCS Appliance"

From Univention Wiki

Jump to: navigation, search
m (Update link.)
(Moved documentation to docs.univention.de)
 
Line 1: Line 1:
{{Version|UCS=3.0}}
+
This page has been moved to the official UCS Documentation page.
{{Version|UCS=3.1}}
 
{{Version|UCS=3.2}}
 
 
 
This article describes how to create an appliance based on UCS 3. It is recommended to use the latest UCS 3 version. The appliance mode can only be configured on a Domaincontroller Master. Later in the configuration wizard it is possible to change the server role.
 
 
 
= Installation =
 
 
 
While selecting the system role in UCS 3 Domaincontroller Master installation, the key ''F3'' must be pressed. This will disable running the join scripts. After the installation the system should be upgraded to the latest version, for example by running the following command as user root:
 
<source lang=bash>
 
univention-upgrade
 
</source>
 
 
 
After that the package ''univention-system-setup-boot'' should be installed. There are three ways to configure the UCS system:
 
 
 
== Local configuration ==
 
 
 
The local configuration will start a firefox session at the next boot. For this setup the access to the graphical console of the system is essential. In this session all requirements for the configuration will be asked and the system will be configured.
 
 
 
To activate this mode ''univention-system-setup-boot'' needs be installed by the following command:
 
<source lang=bash>
 
univention-install univention-system-setup-boot xinit firefox-en
 
</source>
 
 
 
== Remote configuration ==
 
 
 
The remote configuration is necessary, when no access to the local console is given. The configuration takes place in a remote web browser session. Therefore, the network address of the booting system must be known. Usually the X window system will be installed when the package ''univention-system-setup-boot'' is installed, which can be prevented by adding ''--no-install-recommends'' to the command. Additionally, the start of firefox should be prevented by disabling the UCR variable ''system/setup/boot/start'':
 
<source lang= bash>
 
univention-install univention-system-setup-boot --no-install-recommends
 
ucr set system/setup/boot/start=false
 
</source>
 
 
 
== Automatic configuration ==
 
 
 
An automatic configuration is possible by creating a profile file ''/var/cache/univention-system-setup/profile''. Here is an easy example for creating such a file and running setup-join.sh:
 
 
 
<source lang=bash>
 
cat >/var/cache/univention-system-setup/profile <<__PROFILE__
 
hostname="ucs"
 
domainname="testdom.local"
 
windows/domain="TESTDOM"
 
ldap/base="dc=testdom,dc=local"
 
root_password="univention"
 
 
 
locale/default="de_DE.UTF-8:UTF-8"
 
components="univention-s4-connector:univention-samba4 univention-nagios-server"
 
packages_install="univention-s4-connector univention-samba4 univention-nagios-server"
 
packages_remove=""
 
 
 
# interfaces/eth0/type="dynamic"
 
interfaces/eth0/type=""
 
interfaces/eth0/address="10.201.101.2"
 
interfaces/eth0/netmask="255.0.0.0"
 
interfaces/eth0/network="10.0.0.0"
 
interfaces/eth0/broadcast="10.255.255.255"
 
dns/forwarder1="10.201.74.2"
 
gateway="10.201.0.1"
 
__PROFILE__
 
 
 
/usr/lib/univention-system-setup/scripts/setup-join.sh >>/var/log/univention/setup.log 2>&1
 
invoke-rc.d apache2 restart
 
invoke-rc.d univention-management-console-server restart
 
</source>
 
 
 
= Preparing Amazon EC2 Images =
 
 
 
The following section describes, how the images at Amazon EC2 are prepared. How to use the prepared image is described in the [[Amazon EC2 Quickstart| Amazon EC2 Quickstart Guide]].
 
 
 
== Installation ==
 
 
 
* The easiest way is to install UCS into KVM with the raw image format for the harddisks, one for root and one for swap. The root partition should be configured without LVM. AMD64 is recommended as the architecture of choice. Amazon EC2 images must be configured with remote or automatic mode, because the local console can not be accessed.
 
* The disk size should be set to 3 GB
 
* The following values should be set during the installation:
 
** System language: ''English'' (default)
 
** Time zone: ''America/New_York'' (default)
 
** Keyboard layout: ''US american'' (default)''
 
** System role: ''Master domain controller'' + Disable join scripts by pressing F3
 
** Fully qualified domain name: ''ucsmaster.ucs.local''
 
** LDAP base: ''dc=ucs,dc=local'' (autofilled)
 
** Windows domain name: ''UCS'' (autofilled)
 
** Root password: univention
 
** Partitioning: ''Auto-Partitioning''
 
** Network: ''Dynamic (DHCP)''
 
** Software: ''Deselect all''
 
** Overview: Select ''Update system after installation'' (default)
 
 
 
== Configuration ==
 
 
 
Amazon EC2 uses Xen, therefore the following changes are required after the installation, upgrade and configuration:
 
<source lang=bash>
 
# fstab -> (x)vda and re-configure grub
 
 
 
cat >/etc/fstab <<__EOF__
 
# /etc/fstab: static file system information.
 
#
 
# <file system> <mount point>  <type>  <options>      <dump>  <pass>
 
/dev/vda1      /              ext3    acl,errors=remount-ro  0      1
 
proc            /proc          proc    defaults
 
/dev/xvda3      none            swap    sw              0      0
 
__EOF__
 
 
 
append="$(ucr get grub/append)"
 
ucr set grub/append="$(echo "$append" | sed -e 's|/dev/sda|/dev/xvda|g;s|splash|nosplash|')"
 
ucr set grub/root=/dev/xvda1
 
ucr set grub/grub1root="(hd0)"
 
update-initramfs -uk all
 
update-grub
 
univention-grub-generate-menu-lst
 
 
 
# generate all UMC languages
 
ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"
 
locale-gen
 
 
 
# overwrite old update/available flag (Bug #33762)
 
ucr set --force update/available=false
 
 
 
# install univention-system-setup-boot
 
univention-install --reinstall --no-install-recommends univention-system-setup-boot
 
ucr set system/setup/boot/start=false
 
 
 
# SSH with authentication key will be used in EC2, so remove the root password
 
usermod -p \* root
 
 
 
# Activate EC2 mode
 
ucr set server/amazon=true
 
# Set apache 2 startsite. Workaround for Bug #35721
 
ucr set apache2/startsite="ucs-overview/initialsetup.html"
 
 
 
# Activate DHCP
 
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 
ucr unset gateway
 
 
 
# Set a default nameserver and remove all local configured nameserver
 
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
 
ucr unset nameserver2 nameserver3
 
ucr unset dns/forwarder2 dns/forwarder3
 
 
 
# Ensure dbus will be restarted after the configuration
 
cat >/usr/lib/univention-system-setup/appliance-hooks.d/dbus <<__EOF__
 
#!/bin/sh
 
test -x /etc/init.d/dbus && /etc/init.d/dbus restart
 
__EOF__
 
chmod +x /usr/lib/univention-system-setup/appliance-hooks.d/dbus
 
 
 
# Ensure the listener will be restarted after the network configuration has changed
 
# See https://forge.univention.org/bugzilla/show_bug.cgi?id=30408
 
cat >/etc/network/if-post-down.d/appliance-listener <<__EOF__
 
#!/bin/sh
 
if [ -x /etc/init.d/univention-directory-notifier ]; then
 
        /etc/init.d/univention-directory-notifier crestart
 
fi
 
 
 
if [ -x /etc/init.d/univention-directory-listener ]; then
 
        /etc/init.d/univention-directory-listener crestart
 
fi
 
exit 0
 
 
 
__EOF__
 
chmod +x /etc/network/if-post-down.d/appliance-listener
 
 
 
# Configure the updater
 
ucr set updater/identify="UCS (EC2)"
 
 
 
# Remove persistent net rule
 
rm /etc/udev/rules.d/70-persistent-net.rules
 
 
 
# set initial values for UCR ssl variables
 
/usr/sbin/univention-certificate-check-validity
 
 
 
# Shutdown the system
 
halt -p
 
</source>
 
 
 
= Preparing VMware Images =
 
 
 
== Installation ==
 
 
 
* Download and install VMplayer from [http://www.vmware.com http://www.vmware.com/] VMware images should be created with VMplayer Version 5.x, which creates Appliances with virtual hardware version 9 (see [http://kb.vmware.com/kb/1003746 here])
 
* Download the latest UCS installation ISO image for i386: http://www.univention.com/downloads/ucs-download/preinstalled-vm-images/
 
* Start VMplayer and select "Create a New Virtual Machine"
 
* Select the downloaded UCS ISO image as disc image
 
* Select Linux as Guest Operating System and select "Other Linux 2.6.x kernel" as version
 
* The name should be the UCS version, for example "UCS 3.0-1"
 
* The disk size should be set to 8 GB and the option "Split virtual disk into multiple files" should not be selected
 
* The memory should be set to 1024 MB
 
* Network settings should be set to 'bridged'
 
* The following values should be set during the installation:
 
** System language: ''English'' (default)
 
** Time zone: ''America/New_York'' (default)
 
** Keyboard layout: ''US american'' (default)''
 
** System role: ''Master domain controller'' + Disable join scripts by pressing F3
 
** Fully qualified domain name: ''ucsmaster.ucs.local''
 
** LDAP base: ''dc=ucs,dc=local'' (autofilled)
 
** Windows domain name: ''UCS'' (autofilled)
 
** Root password: univention
 
** Partitioning: ''Auto-Partitioning''
 
** Network: ''Dynamic (DHCP)''
 
** Software: ''default''
 
** Overview: Select ''Update system after installation'' (default)
 
 
 
== Configuration ==
 
The following changes are required after the installation and upgrade:
 
<source lang=bash>
 
# allow X11 login as normal user
 
ucr set "auth/gdm/group/Domain Users"=yes
 
 
 
# Disable xorg autodetection and set resolution to 1024x768
 
ucr set xorg/autodetect=no \
 
    xorg/device/driver='' \
 
    xorg/resolution=1024x768
 
 
 
# Disable kernel mode set
 
ucr set grub/append="nomodeset $(ucr get grub/append)"
 
 
 
# Show bootscreen in 1024x768.
 
ucr set grub/vga=791
 
 
 
# generate all UMC languages
 
ucr set locale/default="en_US.UTF-8:UTF-8" locale="en_US.UTF-8:UTF-8 de_DE.UTF-8:UTF-8"; locale-gen
 
 
 
# Remove persistent net rule
 
rm -f /etc/udev/rules.d/70-persistent-net.rules
 
 
 
# overwrite old update/available flag (Bug #33762)
 
ucr set --force update/available=false
 
 
 
# install univention-system-setup-boot
 
univention-install --reinstall univention-system-setup-boot
 
ucr set system/setup/boot/start=true
 
apt-get update
 
 
 
# Activate DHCP
 
ucr set interfaces/eth0/type=dhcp dhclient/options/timeout=12
 
ucr unset gateway
 
 
 
# Set a default nameserver and remove all local configured nameserver
 
ucr set nameserver1=208.67.222.222 dns/forwarder1=208.67.222.222
 
ucr unset nameserver2 nameserver3
 
ucr unset dns/forwarder2 dns/forwarder3
 
 
 
# Configure the updater
 
ucr set updater/identify="UCS (VMware)"
 
 
 
# Ensure dbus will be restated after the configuration
 
cat >/usr/lib/univention-system-setup/appliance-hooks.d/dbus <<__EOF__
 
#!/bin/sh
 
test -x /etc/init.d/dbus && /etc/init.d/dbus restart
 
__EOF__
 
chmod +x /usr/lib/univention-system-setup/appliance-hooks.d/dbus
 
 
 
# deactivate firefox autoupdate (Bug #30980)
 
sed -ie "s/kwin \&/# deactivate autoupdate ( & autoupdate popups)\necho 'user_pref(\"app.update.enabled\", false);' >> \"\$profilePath\"\/prefs.js\necho 'user_pref(\"app.update.auto\", false);' >> \"\$profilePath\"\/prefs.js\n&/" /usr/share/univention-system-setup/startxwithfirefox
 
 
 
# deactivate kernel module; prevents bootsplash from freezing in vmware
 
ucr set kernel/blacklist="$(ucr get kernel/blacklist);vmwgfx"
 
 
 
# set initial values for UCR ssl variables
 
/usr/sbin/univention-certificate-check-validity
 
 
 
# Cleanup apt archive
 
apt-get clean
 
 
 
# Shutdown the system
 
halt -p
 
</source>
 
 
 
* The ISO image should be removed from the VMware hardware settings.
 
* After that, the permissions of the files should be set to 755 and the vmware log files can be removed, for example:
 
<source lang=bash>
 
chmod -R 755 <directory of virtual machine>
 
rm <directory of virtual machine>/{vmware*.log,nvram}
 
</source>
 
 
 
*  Finally a ZIP archive should be created
 
<source lang=bash>
 
zip -r ucs-<version>-demo-image.zip <directory of virtual machine>
 
md5sum ucs-<version>-demo-image.zip > ucs-<version>-demo-image.zip.md5
 
</source>
 
 
 
== Later customization ==
 
 
 
A VMware image of UCS that has been created by following the above outlined steps can be further customized later. For example, 3rd party software may be added to the image.
 
 
 
The VMware image starts UCS into the system wizard. The system configuration follows the same steps as outlined in the article [[Operation and Configuration of the UCS system in VMware or VirtualBox]]. The following steps abort the system setup wizard for customized configuration and re-activates the system setup wizard for the next system reboot:
 
 
 
* Start the VMware image until the system setup wizard shows up.
 
* Press ''Ctrl + q'' to quit the system setup wizard and Mozilla Firefox.
 
* Press ''F8'' two times to enter a console.
 
* Switch to the first console, for example by pressing ''Ctrl-Alt-F1''. If you use  VMware under Linux you have to press ''Ctrl+Alt+Space'', release only the space key while still holding down ''Ctrl+Alt'', and then press the ''F1'' key.
 
* Login with ''root'' and the password provided during installation. If the [http://www.univention.com/downloads/ucs-download/preinstalled-vm-images/ UCS VMware or VirtualBox image from the Univention Website] is used, the password is ''univention''.
 
* Work through the intended customizations.
 
* ''Optional step'': The pages displayed in the system setup wizard can be customized using the following UCR variables: <tt>system/setup/boot/pages/whiteliste</tt> and <tt>system/setup/boot/pages/blacklist</tt>. Options for the pages are <tt>HelpPage, SystemRolePage, LanguagePage, BasisPage, NetworkPage, CertificatePage, SoftwarePage</tt>. If the <tt>BasisPage</tt> is put on the blacklist, the administrator password needs to be set on the system (described in this [http://forum.univention.de/viewtopic.php?f=48&t=1938#p6812 forum post] (German)):
 
<source lang="bash">
 
mkdir -p /var/lib/univention-ldap
 
echo -n "secret root password" > /var/lib/univention-ldap/root.secret
 
chmod 600 /var/lib/univention-ldap/root.secret
 
</source>
 
* When finished, the system setup wizard has to be re-activated for the next boot.
 
<source lang=bash>
 
ucr set system/setup/boot/start=true
 
</source>
 
 
 
= Preparing VirtualBox Images =
 
'''As Virtualbox stores local device names in the exported OVA-Image, it is advised to export the final image on the platform that it is most commonly used, e.g. Windows. Otherwise, Virtualbox complains about missing devices like eth0'''
 
* Download and install the latest VirtualBox version from [http://www.virtualbox.org http://www.virtualbox.org/]
 
* Download the latest UCS installation ISO image for i386: https://www.univention.com/downloads/ucs-download/preinstalled-vm-images/
 
* Start VirtualBox and select "New"
 
* The name should be the UCS version, for example "UCS 3.1-1"
 
* Select Linux as Guest Operating System and select "Other Linux" as version
 
* The memory should be set to 1024 MB
 
* The disk size should be set to 8 GB and the file format to 'VDI', dynamically allocated
 
* After creating new virtual machine change its settings to use the UCS iso file in its CD/DVD drive, enable PAE and change the network settings to use bridged networking. Boot the virtual machine.
 
* The following values should be set during the installation:
 
** System language: ''English'' (default)
 
** Time zone: ''America/New_York'' (default)
 
** Keyboard layout: ''US american'' (default)''
 
** System role: ''Master domain controller'' + Disable join scripts by pressing F3
 
** Fully qualified domain name: ''ucsmaster.ucs.local''
 
** LDAP base: ''dc=ucs,dc=local'' (autofilled)
 
** Windows domain name: ''UCS'' (autofilled)
 
** Root password: univention
 
** Partitioning: ''Auto-Partitioning''
 
** Network: ''Dynamic (DHCP)''
 
** Software: ''default''
 
** Overview: Select ''Update system after installation'' (default)
 
 
 
== Configuration ==
 
Apply the settings from the [http://wiki.univention.de/index.php?title=UCS_Appliance#Configuration_2 VMware image configuration]
 
 
 
Remove the ISO-Image from the appliance settings.
 
 
 
== Export the Appliance ==
 
Export the appliance with File->Export appliance. Check the box to create a manifest file. Set the name to ucs-3.1-1-virtualbox-demo-image.ova
 
Enter the following information as the description:
 
<source lang="text">
 
Name: UCS 3.1-1
 
Product: Univention Corporate Server (UCS)
 
Product-URL: http://www.univention.de/en/products/ucs/
 
Manufacturer: Univention GmbH
 
Manufacturer-URL: http://www.univention.de/en/
 
Version: 3.1-1
 
 
 
Description: Univention Corporate Server (UCS) is a complete solution to provide standard
 
IT services (like domain management or file services for Microsoft Windows
 
clients) in the cloud and to integrate them with additional systems like
 
groupware, CRM or ECM.
 
 
 
Univention Corporate Server (UCS) is a reliable, pre-configured Linux server
 
operating system featuring:
 
 
 
* Active Directory like domain services compatible with Microsoft Active
 
Directory
 
 
 
* A mature and easy-to-use web-based management system for user, rights and
 
infrastructure management
 
 
 
* A scalable underlying concept suited for single server scenarios as well as
 
to run and manage thousands of clients and servers for thousands of users
 
within one single UCS domain
 
 
 
* An app center, providing single-click installation and integration of many
 
business applications from 3rd parties and Univention
 
 
 
* Management capabilities to manage Linux- and UNIX-based clients
 
 
 
* Command line, scripting interfaces and APIs for automatization and extension
 
 
 
Thus, Univention Corporate Server is the best fit to provide Microsoft Server
 
like services in the cloud or on-premises, to run and operate corporate IT
 
environments with Windows- and Linux-based clients and to extend those
 
environments with proven enterprise software, also either in the cloud or
 
on-premises.
 
 
 
Licence: The complete source code of Univention Corporate Server is provided
 
under GNU Affero General Public License (AGPL). The software is tried-
 
and-tested and regularly updated. For private users, UCS is free of charge with
 
infinite use for up to 5 users and support is provided via the Univention forum.
 
 
 
Commercial users can obtain UCS at reasonable prices and have guaranteed, individually adjustable support.
 
 
 
http://www.univention.de/en/univention/oss/
 
http://www.univention.de/en/download-and-support/free-for-personal-use-edition/licensing-conditions/
 
</source>
 
 
 
Finally, create a checksum file for the appliance:
 
<source lang="bash">
 
md5sum ucs-3.1-1-virtualbox-demo-image.ova > ucs-3.1-1-virtualbox-demo-image.ova.md5
 
</source>
 
 
 
  
 +
[http://docs.univention.de/installation-4.0.html Extended installation documentation]
  
 
[[Category:EN]]
 
[[Category:EN]]
 
[[Category:Virtualisierung]]
 
[[Category:Virtualisierung]]

Latest revision as of 14:54, 18 February 2015

This page has been moved to the official UCS Documentation page.

Extended installation documentation

Personal tools