OXSE4UCS Installation en

From Open-Xchange
Revision as of 13:33, 12 April 2010 by Khgras (talk | contribs)

OXSE for UCS Quickinstall Guide

Preparation

Planing a scenario

Before the installation you must decide which scenario for the OXSEforUCS-integration will be used. You can find the supported scenarios in the specifications of OXSEforUCS in chapter 7. For simplification the installation only varies between 3 cases

  • One-Server-Solution comparable with OXAE
  • dedicated slave server for OXSE
  • installation in distributed environments

Installing UCS-systems

UCS Master installation

A UCS Master is required for every scenario. It is possible to use an existing UCS Master, if so, exactly UCS version 2.2-3 must be installed.

Please Note: For installation, please only this mentioned path with UCS 2.2-3. UCS 2.3 is currently not supported for the OXSE for UCS and there is no possibility to downgrade UCS 2.3 to 2.2-3.

The UCS ISO images are available at http://apt.univention.de/download/ucs-cds/ucs2.2-0/

Please select one of the images, that is appropriate for your platform, burn it, and reboot the machines with the DVD in the tray. Choose Univention Installer from the boot-menu and proceed after the boot-dialog has been loaded as follows:

  • Choose installer language
  • Press F12 to load all modules. If you don't want to load certain modules (e.g. for hardware compatibility reasons), deselect them. After that press F12.
  • Choose the medium, you want to install from (default ist /dev/hdc, the DVD Drive)
  • Choose your timezone and press F12
  • Choose the keyboard layout and press F12
  • Choose one or more system languages and press F12
  • Choose the default language from the list and press F12
  • Next, you have to act as follows. For Single-Server-Setup, choose Domain Controller Master. In the Single-Server-Setup you need exactly one Domain Controller Master. All other servers have to be Domain Controller Backup or Domain Controller Slave
  • In the next step, you have to configure the hostname, domainname, the LDAP-Base and the Windows-Domain, as well as to set the root-password.

The LDAP Base will be genererated from the domainname as follows:

subdomain.domain.com will become dc=subdomain,dc=domain,dc=com

You can enter a different LDAP Base here, but for readbility reasons you should refrain from that.

  • In the next step you have to partition the medium, that you're going to install to. This is left up to your needs. You're welcome to use the auto partitioner that will create swap-space and apply the LVM onto the partitions.

After that, press F12 and install the bootloader, again with F12.

  • After that, your are requested to enter the Data for your networking interface. Press F12.

The nameserver field should contain the nameserver, that handles the previously configured domain. As UCS brings its own nameserver bind, this could also be 127.0.01 or the IP address of the networking interface, configured previously. Please enter the DNS-server of your ISP into the DNS Forwarder field. This will be automatically entered into bind. An optional proxy server can be entered in the HTTP proxy field. F12

  • In the next dialog, you can enter certain values for the SSL certificate of your site. These should be correct, as they will be shown in the browsers that access your site with HTTPS. F12
  • The next dialog is a basic configuration of the firewall. This is left up to you. F12
  • Package selection (without GUI). We recommend to deselect following packages, press F12 after that:

Mail/Groupware: Kolab 2 for UCS, Kolab 2 Webservices

Systemservices: Thinclient Environment

Graphical UI: all

  • In the following step, you can choose to mirror the univention-repository locally. This and the decision to export home directories via NFS/SMB is left up to you. If you export home directories, without further configuration, all users will get a share, that they can access on the OXSEforUCS server.
  • In the next step you can start the installation with F12

After the installer has finished, you will be requested to reboot. Following steps remain:

Update to 2.2-3 (prerequisite)

The update might take long, and the progress won't be shown on the shell.

You can observe the progress by:

tail -f /var/log/univention/updater.log

CTRL-C exits the output.

If you are logged in via ssh, the system will refuse to update at first. You can circumvent this by typing:

ucr set update22/ignoressh=yes

A safer solution to this is to install screen beforehand, and run the update in screen. screen is a console-window-manager, that detaches from the user-terminal, so that the update can continue, even if the controlling terminal of the user exits (e.g. triggered by the update). Installation and running screen is done by:

apt-get install screen
screen
Update in shell/screen

The actual update ist performed with

univention-updater net --updateto 2.2-3
univention-security-update net

After the update, you can exit screen by typing exit or pressing CTRL-D.

It's recommended to perform the update in screen or the local console.

Update via UMC

Login into UMC and click on the Online-Updates module. Under "UCS release" click on "Check for updates". Perform the Update. Under "Security Updates" click on "Check for updates". Perform the Update.

Restart the machine, when the systems asks you to.

One-Server-Solution comparable with OXAE

After the Master installation there are no further preparations needed for the One-Server-Solution

Dedicated Slave-/Backup server for OXSE

  • One UCS Master 2.2-0 installation (as describe above)
  • update to 2.2-3
  • One or more UCS Backup or Slave 2.2-0 installations (as described above)
  • the LDAP base must be the same as for the master
  • during installation, you will be asked to join the master: ensure, that DNS is running and the enter the hostname of the master and the credentials at this point.
  • update to 2.2-3

Installing a distributed environment

For the installation of a distributed environment you must define, how the several services should be distributed on your system. In a distributed environment the following services can be installed and used on any system role (Master/Backup/Slave)

Open-Xchange Server

More than one instance of Open-Xchange Server can be installed, in that case first one Open-Xchange Server instance must be installed and then bound to the UCS-domain with a join. This Open-Xchange Server instance uses a listener to synchronize with the UCS-directory service. Additional Open-Xchange Server instances can now be created easily out of existing Open-Xchange Server instances. The first instance, which takes care of the synchronization, is called 'Active-OX' (in the following example it is called ox-instance1), all additional Open-Xchange Server instances, which just access to the OX-DB, are called 'Passive-OX' (in the following example it is called ox-instance2)

IMAP Server

It is possible to install a dedicated IMAP server for every mail-domain (in the following example it is called oximapserver), but of course one IMAP server can be responsible for multiple mail-domains too. Every mail-domain has to be dedicated exactly to one IMAP server.

MySQL Server

For a distributed environment exactly one MySQL server (in the following example it is called oxdbserver) is used, which can be located on one of the UCS-systems. MySQL replication can be established manually afterwards over the known MySQL replication mechanisms. The Open-Xchange instances must be customized therefore.

Installation on all hosts

Register Apt-Sources

Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password.

ucr set repository/online/component/ox/server=software.open-xchange.com \
 repository/online/component/ox/prefix=OX6/OXSEforUCS \
 repository/online/component/ox/username={LDB-USERNAME} \
 repository/online/component/ox/password='{LDB-PASSWORD}' \
 repository/online/component/ox=enabled \
 repository/online/component/oxseforucs/server=software.open-xchange.com \
 repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \
 repository/online/component/oxseforucs/username={LDB-USERNAME} \
 repository/online/component/oxseforucs/password='{LDB-PASSWORD}' \
 repository/online/component/oxseforucs=enabled

Update the repository data afterwards

apt-get update

Assuring, that all systems are joined

If it is not sure that all systems are joined the join should be executed again.

univention-join

Installation of the component OXSEforUCS

One-Server solution comparable with OXAE

  • DC Master Single Server: Installation univention-ox
DEBIAN_FRONTEND=noninteractive apt-get \
 -o DPkg::Options::=--force-confold -y --force-yes \
 install univention-ox-directory-integration univention-ox \
 univention-mail-cyrus-ox univention-ox-framework

Dedicated Slave server for OXSE

  • DC Master: Installation univention-ox-directory-integration
apt-get install univention-ox-directory-integration
  • Slave: Installation univention-ox
DEBIAN_FRONTEND=noninteractive apt-get \
 -o DPkg::Options::=--force-confold -y --force-yes \
 install univention-ox univention-mail-cyrus-ox \
 univention-ox-framework

If it is not sure that all systems are joined the join should be executed again.

univention-join

Installation of additional passive Open-Xchange Server instances

Please notice that the installation described here, does not support the future installation of further passive Open-Xchange Server instances. If this is required, please follow the Installation procedure "Installation of a distributed environment" described below and set both variables, OXDB and OXIMAPSERVER to the FQDN of the slave server.

Installation of a distributed environment

DC Master Installation

apt-get install univention-ox-directory-integration

Installation of additional Servers

On the other servers all dedicated packages can be installed (univention-mail-cyrus-ox, mysql-server, univention-ox-instance, univention-mail-antispam-ox)

  • Installation of the IMAP server:
apt-get install univention-mail-cyrus-ox
  • Installation of the MySQL server
apt-get install mysql-server

Set up MySQL to listen to an external interface. The among others Bind-Address of “0.0.0.0” can be replaced through the IP-addresses of the network interface:

/etc/mysql/my.cnf

bind-address 0.0.0.0

or

sed -i 's/^bind-address.*$/bind-address = 0.0.0.0/' /etc/mysql/my.cnf

Restart MySQL

/etc/init.d/mysql restart

Register authorizations of all open-xchange-instances

mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO \
 'openexchange'@'ox-instance1.ox-experten.de' \
 IDENTIFIED BY 'geheim';
mysql> GRANT ALL PRIVILEGES ON *.* TO \
 'openexchange'@'ox-instance2.ox-experten.de' \
 IDENTIFIED BY 'geheim';
mysql> GRANT ... 
mysql> FLUSH PRIVILEGES;
mysql> exit

Installation of the active Open-Xchange instance

  • Installation with apt
apt-get install univention-ox univention-ox-framework
  • Specifcation of IMAP and MySQL server

For the IMAP and MySQL services, which are not based on this host, they must be specified as environment variables before the join:

export HISTIGNORE="export*"
export OXDB=oxdbserver.ox-experten.de
export OXDBPW="geheim"
export OXIMAPSERVER=oximapserver.ox-experten.de
  • Optional: testing MySQL-connection before the join
apt-get install mysql-client

mysql -u openexchange -h $OXDB --password="$OXDBPW"

  • (Re-)Join des Systems
univention-join

if the join-scripts have not been executed, this is sufficient:

univention-run-join-scripts

Installation of additional passive Open-Xchange Server instances

apt-get install univention-ox univention-ox-framework
rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/

/opt/open-xchange/etc/groupware/usm.properties

com.openexchange.usm.ox.url=ox-instance2.ox-experten.de

/opt/open-xchange/etc/authplugin.properties

LDAP_HOST=ox-instance2.ox-experten.de
/etc/init.d/open-xchange-admin restart
/etc/init.d/open-xchange-groupware restart

Creation of the first user

To do so, login on the Web-GUI of the DC-Master in the Univention Directory Manager and choose under the point "user" the option "add". There the pattern "open-xchange groupware account" has to be chosen and the button "next" must be clicked. In this Tab all fields marked with a * and the field "forename" have to be filled in.

User anlegen en.jpg

Mobility

Information about the mobility support can be found here: http://www.open-xchange.com/en/mobility-solutions-en. For mobility support, a new component has to be added on all servers where installation will happen later. Please enter your Open-Xchange LDB (License database) credentials. Replace {LDB-USERNAME} by the user name and {LDB-PASSWORD} by the corresponding password. Please note that accessing this component requires a mobility license key.

ucr set repository/online/component/oxmobility/server=software.open-xchange.com\
repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \
repository/online/component/oxmobility/username={LDB-USERNAME} \
repository/online/component/oxmobility/password='{LDB-PASSWORD}' \
repository/online/component/oxmobility=enabled

After the following installation procedure, you can configure mobility access per-user in the UDM user-module.

Beware, that the groupware will be restarted, and users will lose their sessions:

Single Server

On a single-server solution, following packages have to be installed:

apt-get install univention-ox-usm-udm
apt-get install univention-ox-usm-ox

Multi Server

On master:

apt-get install univention-ox-usm-udm

On the primary OX:

apt-get install univention-ox-usm-ox

Spam treatment

The antispam package is optional. It must be installed and configured separately, in a distributed environment it must be placed on the IMAP servers. Install with:

apt-get install univention-mail-antispam-ox

Additionally the open-xchange bundle is required:

apt-get install open-xchange-spamhandler-spamassassin

To make the spamd service start automatically the default configuration has to be edited:

/etc/default/spamassassin

ENABLED=1
/etc/init.d/spamassassin restart

Activation

ucr set postfix/procmaildelivery=yes

The spamrunner is started with

ucr set mail/antispam/ox/spamrunner=yes

Troubleshooting

apt cannot find packages

Please check the apt-sources. Maybe the credentials were not entered or wrong. UCS doesn't warn about that.

cat /etc/apt/sources.list.d/20_ucs-online-component.list

must contain lines like

deb http://user:password@software.open-xchange.com/OX6/OXSEforUCS/2.2/maintained/component oxseforucs/i386/

for your architecture (here: /i386/), platform independent (/all/) and all components (at the moment: oxseforucs and oxmobility)

You can check the settings of your components on the shell with

ucr search repository

Then configure the variables with (here: the password for the oxseforucs component):

ucr set repository/online/component/oxseforucs/password=secret


F.A.Q.

What is the oxmobility component?

The oxmobility component is the implementation of "OXtender for Business Mobility" into OXSEforUCS. It has to be licensed and installed seperately. Further information is available under http://sdb.open-xchange.com/faq/63

How can I switch of the scan of the package database?

If you keep getting messages like:

Cannot find service-record of _pkgdb._tcp.
No DB-Server-Name found.

you can ignore them or switch the packagedb-scan off with

ucr set pkgsb/scan=no

Where are the repositories located?

Conceptionally, OXSEforUCS is a component or an add-on to UCS. Thus, the distribution of ucs and the apt-sources are located at http://apt.univention.de

The apt-sources for the components are in the (LDB-)password-protected area below http://software.open-xchange.com/OX6/OXSEforUCS/