OXSE4UCS Installation en: Difference between revisions

From Open-Xchange
No edit summary
Line 5: Line 5:


More detailed information on UCS can be found on the Univention GmbH website: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html].
More detailed information on UCS can be found on the Univention GmbH website: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html].


= Installation =
= Installation =
Line 11: Line 12:
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.


To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html].  
To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html].


The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:
The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:


<pre>
<pre>
export LDBUSER=myusername LDBPASS=secret
export LDBUSER=myusername LDBPASS=secret
ucr set repository/online/component/ox/server=software.open-xchange.com \                                                                                                                             
ucr set repository/online/component/ox/server=software.open-xchange.com \                                                                                                                             
repository/online/component/ox/prefix=OX6/OXSEforUCS \                                                                                                                                       
repository/online/component/ox/prefix=OX6/OXSEforUCS \                                                                                                                                       
repository/online/component/ox/username=$LDBUSER \                                                                                                                                           
repository/online/component/ox/username=$LDBUSER \                                                                                                                                           
Line 29: Line 30:
repository/online/component/oxseforucs/version=2.2,2.3 \                                                                                                                                     
repository/online/component/oxseforucs/version=2.2,2.3 \                                                                                                                                     
repository/online/component/oxseforucs=enabled                                                                                                                                               
repository/online/component/oxseforucs=enabled                                                                                                                                               
apt-get update
apt-get update
</pre>
</pre>


The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly.
The access data (''myusername'' and ''secret'') are created when the Open-Xchange licence is activated and must be adapted here accordingly.


== Installation on a DC master ==
== Installation on a DC master ==
When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line:
When installing OXSE4UCS on a DC master, only the '''univention-ox-meta-singleserver''' package requires installing. This can be performed via the Univention Management Console or on the command line:


<pre>
<pre>
DEBIAN_FRONTEND=noninteractive apt-get \                                         
DEBIAN_FRONTEND=noninteractive apt-get \                                         
-o DPkg::Options::=--force-confold -y --force-yes \                             
-o DPkg::Options::=--force-confold -y --force-yes \                             
install univention-ox-meta-singleserver                                    
install univention-ox-meta-singleserver                                                                                            
</pre>
</pre>


The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package.
The '''univention-ox-meta-singleserver''' package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the '''univention-ox and univention-mail-cyrus-ox''' packages can be installed instead of the '''univention-ox-meta-singleserver package'''.


==Installation on a dedicated DC slave==
==Installation on a dedicated DC slave==
In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system.
In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the '''univention-ox-directory-integration''' package must be installed on the DC master in order to initiate integration in the UCS management system.


<pre>
<pre>
DEBIAN_FRONTEND=noninteractive apt-get \                                         
DEBIAN_FRONTEND=noninteractive apt-get \                                         
-o DPkg::Options::=--force-confold -y --force-yes \                             
-o DPkg::Options::=--force-confold -y --force-yes \                             
install univention-ox-directory-integration                                    
install univention-ox-directory-integration                                                                          
</pre>
</pre>
      
      
The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:                                                    
The '''univention-ox-meta-singleserver''' package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:                                                    


<pre>
<pre>
Line 64: Line 65:
</pre>
</pre>


The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package.
The '''univention-ox-meta-singleserver''' package automatically installs packages for the filtering of spam and viruses. If this is not required, the '''univention-ox''' and '''univention-mail-cyrus-ox''' packages can be specified instead of the '''univention-ox-meta-singleserver''' package.


== Installation in a distributed environment ==
== Installation in a distributed environment ==
When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration.
When installing a distributed environment, integration in the UCS management system must be performed firstly by installing '''univention-ox-directory-integration'''.


<pre>
<pre>
Line 76: Line 77:


The following services can then be distributed on the other UCS systems:   
The following services can then be distributed on the other UCS systems:   
* IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail)
* IMAP server and optionally spam and virus filtering (''univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail'')
* MySQL server (mysql-server)
* MySQL server (''mysql-server'')
* OX instance (univention-ox)
* OX instance (''univention-ox'')
 
===MySQL server===
===MySQL server===
Line 87: Line 89:
</pre>
</pre>


The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf.
The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the ''bind-address'' option can be set to ''0.0.0.0'' in the MySQL configuration file ''/etc/mysql/my.cnf''.


<pre>
<pre>
Line 116: Line 118:
                                            
                                            
=== Active OX instance ===
=== Active OX instance ===
The univention-ox package must be installed on the active OX instance.       
The '''univention-ox''' package must be installed on the active OX instance.       


<pre>
<pre>
Line 130: Line 132:
export OXDB=oxdbserver.ucs.local                                                 
export OXDB=oxdbserver.ucs.local                                                 
export OXDBPW="secret"                                                           
export OXDBPW="secret"                                                           
export OXIMAPSERVER=oximapserver.ucs.local                                      
export OXIMAPSERVER=oximapserver.ucs.local                                      
</pre>
</pre>


Line 146: Line 148:
   
   
=== IMAP server ===
=== IMAP server ===
The IMAP server is installed by installing the univention-mail-cyrus-ox package.
The IMAP server is installed by installing the '''univention-mail-cyrus-ox''' package.


<pre>
<pre>
DEBIAN_FRONTEND=noninteractive apt-get \                                         
DEBIAN_FRONTEND=noninteractive apt-get \                                         
-o DPkg::Options::=--force-confold -y --force-yes \                             
-o DPkg::Options::=--force-confold -y --force-yes \                             
install univention-mail-cyrus-ox                                          
install univention-mail-cyrus-ox                                                                            
</pre>
</pre>


The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package:             
The spam check via ''spamassassin'' can be installed and activated by installing the '''univention-mail-antispam-ox''' package:             


<pre>
<pre>
Line 160: Line 162:
</pre>
</pre>


The virus check via amavis and clamav can be installed and activated by installing the univention-antivir-mail package.                                                             
The virus check via ''amavis'' and ''clamav'' can be installed and activated by installing the u'''nivention-antivir-mail''' package.                                                             


<pre>
<pre>
Line 173: Line 175:


=== Additional passive OX instances ===
=== Additional passive OX instances ===
Firstly, the univention-ox package must also be installed on the additional passive OX instances.  
Firstly, the '''univention-ox''' package must also be installed on the additional passive OX instances.  


<pre>
<pre>
DEBIAN_FRONTEND=noninteractive apt-get \                                         
DEBIAN_FRONTEND=noninteractive apt-get \                                         
-o DPkg::Options::=--force-confold -y --force-yes \                             
-o DPkg::Options::=--force-confold -y --force-yes \                             
install univention-ox                                                          
install univention-ox                                                                                                                    
</pre>
</pre>


Line 187: Line 189:
</pre>
</pre>


The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file:
The FQDN of the current computer must be entered in the'' /opt/open-xchange/etc/groupware/usm.properties'' file:


<pre>
<pre>
Line 193: Line 195:
</pre>
</pre>


The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file:
The FQDN of the current computer must also be entered in the'' /opt/open-xchange/etc/authplugin.properties'' file:


<pre>
<pre>
Line 222: Line 224:
</pre>
</pre>


Installing the univention-ox-usm-ox package installs the Oxtender for Business Mobility on the OXSE4UCS system.
Installing the '''univention-ox-usm-ox''' package installs the Oxtender for Business Mobility on the OXSE4UCS system.


<pre>
<pre>
apt-get install univention-ox-usm-ox
apt-get install '''univention-ox-usm-ox'''
</pre>
</pre>


If the target system is neither a DC master nor a DC backup system, the univention-ox-usm-udm package should also be installed on the DC master.
If the target system is neither a DC master nor a DC backup system, the '''univention-ox-usm-udm''' package should also be installed on the DC master.


<pre>
<pre>
apt-get install univention-ox-usm-udm
apt-get install '''univention-ox-usm-udm'''
</pre>
</pre>


Line 242: Line 244:
</pre>
</pre>


The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
The system can then be updated as usual for UCS using the ''univention-updater net command'' or the ''UMC module Online Update''.


=Administration=
=Administration=
Line 249: Line 251:
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.


When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.
When creating a user, the '''open-xchange groupware account''' user template should be selected. This preselects all Open-Xchange specific settings.


== System messages ==
== System messages ==
The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:
The ''mail/alias/root'' UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:


<pre>
<pre>
Line 260: Line 262:
</pre>
</pre>


It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the ''/etc/ox-secrets/context10.secret'' file.






[[Category: OX6]]
[[Category: OX6]]

Revision as of 14:21, 12 April 2010

Introduction

The Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) includes the groupware Open-Xchange and the integration packages for Univention Corporate Server (UCS).

OXSE4UCS is tailored to professional users looking for a tried-and-tested solution for the management of their entire IT infrastructure including groupware or companies which already employ UCS and wish to expand their infrastructure with innovative groupware functions.

More detailed information on UCS can be found on the Univention GmbH website: http://www.univention.de/dokumentation.html.


Installation

As OXSE4UCS is an expansion pack for the Univention Corporate Server, one or more UCS server(s) must be installed firstly.

There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.

To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: http://www.univention.de/dokumentation.html.

The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:

export LDBUSER=myusername LDBPASS=secret
ucr set repository/online/component/ox/server=software.open-xchange.com \                                                                                                                            
	repository/online/component/ox/prefix=OX6/OXSEforUCS \                                                                                                                                       
	repository/online/component/ox/username=$LDBUSER \                                                                                                                                           
	repository/online/component/ox/password=$LDBPASS \                                                                                                                                           
	repository/online/component/ox/version=2.2,2.3 \                                                                                                                                            
	repository/online/component/ox=enabled \                                                                                                                                                     
	repository/online/component/oxseforucs/server=software.open-xchange.com \                                                                                                                    
	repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \                                                                                                                               
	repository/online/component/oxseforucs/username=$LDBUSER \                                                                                                                                   
	repository/online/component/oxseforucs/password=$LDBPASS \                                                                                                                                   
	repository/online/component/oxseforucs/version=2.2,2.3 \                                                                                                                                    
	repository/online/component/oxseforucs=enabled                                                                                                                                               
apt-get update

The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly.

Installation on a DC master

When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line:

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	-o DPkg::Options::=--force-confold -y --force-yes \                             
	install univention-ox-meta-singleserver                                                                                              

The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package.

Installation on a dedicated DC slave

In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system.

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	 -o DPkg::Options::=--force-confold -y --force-yes \                             
	 install univention-ox-directory-integration                                                                           

The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	 -o DPkg::Options::=--force-confold -y --force-yes \                             
	 install univention-ox-meta-singleserver                                     

univention-run-join-scripts

The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package.

Installation in a distributed environment

When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration.

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	 -o DPkg::Options::=--force-confold -y --force-yes \                             
	 install univention-ox-directory-integration                                      

The following services can then be distributed on the other UCS systems:

  • IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail)
  • MySQL server (mysql-server)
  • OX instance (univention-ox)


MySQL server

The MySQL server is installed by installing the mysql-server package.

apt-get install mysql-server                                                

The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf.

bind-address 0.0.0.0                                                             

After the change, the MySQL service needs to be restarted:

/etc/init.d/mysql restart

In addition, the OX instances must be authorized to access the database. The following gives an example, which must be adapted to the environment at hand.

$ mysql                                                                            
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                          
 'openexchange'@'ox-instance1.ucs.local' \                                       
 IDENTIFIED BY 'secret';                                                         
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                          
 'openexchange'@'ox-instance2.ucs.local' \                                       
 IDENTIFIED BY 'secret';                                                         
mysql> GRANT ...                                                                 
mysql> FLUSH PRIVILEGES;                                                         
mysql> exit                           
$

Active OX instance

The univention-ox package must be installed on the active OX instance.

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	 -o DPkg::Options::=--force-confold -y --force-yes \                             
	 install univention-ox                                                           

Then certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.

export HISTIGNORE="export*"                                                      
export OXDB=oxdbserver.ucs.local                                                 
export OXDBPW="secret"                                                           
export OXIMAPSERVER=oximapserver.ucs.local                                        

Then the join scripts need to run:

univention-run-join-scripts

Finally, the environment variable OXDBPW with the password can be unset using the following command:

unset OXDBPW

IMAP server

The IMAP server is installed by installing the univention-mail-cyrus-ox package.

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	 -o DPkg::Options::=--force-confold -y --force-yes \                             
	 install univention-mail-cyrus-ox                                                                              

The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package:

apt-get install univention-mail-antispam-ox                                          

The virus check via amavis and clamav can be installed and activated by installing the univention-antivir-mail package.

apt-get install univention-antivir-mail                                      

A check should then be performed to see whether all join scripts have been run successfully:

univention-run-join-scripts

Additional passive OX instances

Firstly, the univention-ox package must also be installed on the additional passive OX instances.

DEBIAN_FRONTEND=noninteractive apt-get \                                         
	 -o DPkg::Options::=--force-confold -y --force-yes \                             
	 install univention-ox                                                                                                                     

Then the settings can be copied from the active OX instance. This can be done, for example, using the following command:

rsync -essh -a root@ox-instance1.ox-experten.de:/opt/open-xchange/. /opt/open-xchange/

The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file:

com.openexchange.usm.ox.url=ox-instance2.ucs.local

The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file:

LDAP_HOST=ox-instance2.ucs.local

Finally, the groupware must be restarted on the passive OX instance:

/etc/init.d/open-xchange-admin restart
/etc/init.d/open-xchange-groupware restart

OXtender for business mobility

The Open-Xchange OXtender for Business Mobility is an optionally available component for OXSE4UCS which enables the connection of mobile devices. The repository must be activated for it to be possible to install the corresponding packages:

export LDBUSER=ldbuser LDBPASS=lsbpass
ucr set repository/online/component/oxmobility/server=software.open-xchange.com \
	repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \
	repository/online/component/oxmobility/username=$LDBUSER \
	repository/online/component/oxmobility/password=$LDBPASS \
	repository/online/component/oxmobility/version=2.2,2.3 \
	repository/online/component/oxmobility=enabled

apt-get update

Installing the univention-ox-usm-ox package installs the Oxtender for Business Mobility on the OXSE4UCS system.

apt-get install '''univention-ox-usm-ox'''

If the target system is neither a DC master nor a DC backup system, the univention-ox-usm-udm package should also be installed on the DC master.

apt-get install '''univention-ox-usm-udm'''

Updating

To update a UCS 2.2 system with OXSE4UCS 6.12 or 6.14 to UCS 2.3, the following variables must be set before the update.

ucr set repository/online/component/ox/version=2.2,2.3 \
        repository/online/component/oxseforucs/version=2.2,2.3

The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.

Administration

User and group management

New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.

When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.

System messages

The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:

ucr set mail/alias/root=oxadmin@ucs.local
newaliases
/etc/init.d/postfix reload

It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.