Difference between revisions of "OXSE4UCS Installation en"

(OXtender for Business Mobility)
Line 24: Line 24:
 
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.
 
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.
  
To start, the Univention Corporate Server systems are installed as usual with UCS 2.4.  
+
To start, the Univention Corporate Server systems are installed as usual with UCS 3.0.  
  
 
'''Download the UCS Installation package / DVD Image here:'''  [http://software.open-xchange.com/OX6/OXSEforUCS/iso/ http://software.open-xchange.com/OX6/OXSEforUCS/iso/]
 
'''Download the UCS Installation package / DVD Image here:'''  [http://software.open-xchange.com/OX6/OXSEforUCS/iso/ http://software.open-xchange.com/OX6/OXSEforUCS/iso/]
Line 57: Line 57:
 
<pre>
 
<pre>
 
   $ univention-install univention-ox-meta-singleserver
 
   $ univention-install univention-ox-meta-singleserver
 +
  $ univention-upgrade
 
</pre>
 
</pre>
  
Line 66: Line 67:
 
<pre>
 
<pre>
 
  $ univention-install univention-ox-directory-integration
 
  $ univention-install univention-ox-directory-integration
  $ univention-actualise
+
  $ univention-upgrade
 
</pre>
 
</pre>
 
      
 
      
Line 73: Line 74:
 
<pre>
 
<pre>
 
$ univention-install univention-ox-meta-singleserver
 
$ univention-install univention-ox-meta-singleserver
$ univention-actualise
+
$ univention-upgrade
 
$ univention-run-join-scripts
 
$ univention-run-join-scripts
 
</pre>
 
</pre>
Line 84: Line 85:
 
<pre>
 
<pre>
 
$ univention-install univention-ox-directory-integration
 
$ univention-install univention-ox-directory-integration
$ univention-actualise                                 
+
$ univention-upgrade
 
</pre>
 
</pre>
  
 
The following services can then be distributed on the other UCS systems:   
 
The following services can then be distributed on the other UCS systems:   
* IMAP server and optionally spam and virus filtering (univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail)
+
* IMAP server and spam/virus filtering
 
* MySQL server (''mysql-server'')
 
* MySQL server (''mysql-server'')
 
* OX instance (''univention-ox'')
 
* OX instance (''univention-ox'')
Line 98: Line 99:
 
<pre>
 
<pre>
 
$ univention-install mysql-server
 
$ univention-install mysql-server
$ univention-actualise                                         
+
$ univention-upgrade
 
</pre>
 
</pre>
  
Line 111: Line 112:
 
<pre>
 
<pre>
 
$ /etc/init.d/mysql restart
 
$ /etc/init.d/mysql restart
 +
</pre>
 +
 +
and the MySQL port has to be configured in the local firewall settings:
 +
 +
<pre>
 +
$ ucr set security/packetfilter/tcp/3306/all=ACCEPT
 +
$ /etc/init.d/univention-firewall restart
 
</pre>
 
</pre>
  
Line 130: Line 138:
 
                                            
 
                                            
 
=== Active OX instance ===
 
=== Active OX instance ===
The '''univention-ox''' package must be installed on the active OX instance.     
 
 
<pre>
 
$ univention-install univention-ox
 
$ univention-actualise                                                   
 
</pre>
 
  
Then certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.
+
Before installing the active OX instance certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.
  
 
<pre>
 
<pre>
Line 144: Line 146:
 
$ export OXDBPW="secret"
 
$ export OXDBPW="secret"
 
$ export OXIMAPSERVER=oximapserver.ucs.local                                 
 
$ export OXIMAPSERVER=oximapserver.ucs.local                                 
 +
</pre>
 +
 +
The '''univention-ox''' package must be installed on the active OX instance.     
 +
 +
<pre>
 +
$ univention-install univention-ox
 +
$ univention-upgrade
 
</pre>
 
</pre>
  
Line 150: Line 159:
 
<pre>
 
<pre>
 
$ univention-run-join-scripts
 
$ univention-run-join-scripts
 +
</pre>
 +
 +
The responsible Sieve and SMTP server has to be configured via UCR variables:
 +
 +
<pre>
 +
$ ucr set ox/cfg/groupware/mailfilter.properties/SIEVE_SERVER=$OXIMAPSERVER
 
</pre>
 
</pre>
  
Line 165: Line 180:
 
</pre>
 
</pre>
  
The spam check via spamassassin can be installed and activated by installing the univention-mail-antispam-ox package:           
+
The spam and virus check via amavis, spamassassin and clamav will be installed and activated automatically.
  
<pre>
+
A check should then be performed to see whether all join scripts have been run successfully:                                                            
$ univention-install univention-mail-antispam-ox
 
</pre>
 
 
 
The virus check via ''amavis'' and ''clamav'' can be installed and activated by installing the u'''nivention-antivir-mail''' package.                                                            
 
  
 
<pre>
 
<pre>
$ univention-install univention-antivir-mail                                 
+
$ univention-upgrade
 +
$ univention-run-join-scripts
 
</pre>
 
</pre>
  
A check should then be performed to see whether all join scripts have been run successfully:                                                           
+
'''Please note:'''
 +
The Cyrus spool directory ''/var/spool/cyrus'' should not be placed on a NFS share. Otherwise data consistency problems might occur with the index files.
  
<pre>
 
$ univention-actualise
 
$ univention-run-join-scripts
 
</pre>
 
  
 
=== Additional passive OX instances ===
 
=== Additional passive OX instances ===
Line 189: Line 198:
 
<pre>
 
<pre>
 
$ univention-install univention-ox
 
$ univention-install univention-ox
$ univention-actualise                                                                                                                   
+
$ univention-upgrade
 
</pre>
 
</pre>
  
Line 218: Line 227:
  
 
=Updating=
 
=Updating=
To update a UCS 2.3-2 system with OXSE4UCS 6.16 to 6.18.1 with UCS 2.4, the following variables must be set before the update.
+
To update a UCS 2.3-2 system with OXSE4UCS 6.16 to 6.18.1 with UCS 2.4 or a UCS 2.4-4 system with OXSE4UCS 6.20 to UCS 3.0, the following variables must be set before the update:
  
 
<pre>
 
<pre>
Line 225: Line 234:
 
</pre>
 
</pre>
  
The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
+
The system can then be updated as usual for UCS using the ''univention-updater net'' command or the UMC module Online Update.
  
 
=Administration=
 
=Administration=
  
 
== UMC module “Licence management” ==
 
== UMC module “Licence management” ==
Alongside the configuration of the Open-Xchange account, the UMC module “Licence management” can also be used to set a maintenance key and for the simplified import of a licence file.
 
  
The configuration of an Open-Xchange account is necessary to be able to import version and software updates for OXSE for UCS via the UMC module “Online updates”, as the online repositories require an authentication. In this case, the user data (user name and password) required are the same as those which were also used for the licence database (http://ldb.open-xchange.com).  
+
The license management module supports you in the configuration of an Open-Xchange account and the selection of a suitable Open-Xchange license key. It is necessary to specify an Open-Xchange account to be able to select a license key previously saved in the account and install the UCS license. In addition, the account is also required for the installation of version and security updates from the Open-Xchange online repository, as this requires authentication.
 +
 
 +
In this account, the same combination of username and password is required which was also used for the license database http://ldb.open-xchange.com.
 +
 
 +
On an unconfigured system, the license management module displays the first configuration step directly, as shown in the figure. In all other cases, an overview of the current configuration is displayed.
 +
 
 +
The first step involves entering the username and password of the Open-Xchange account. After continuing to the second configuration step via the ''Next'' button, the entered account information is automatically verified. Should it prove necessary to reset the password for an account, the ''Reset password'' button can be used to reset the password for an account. The username must be entered in the dialogue which opens; the password must be entered twice. On confirmation, an e-mail is sent to the e-mail address specified for the account containing a confirmation link, which can be opened in the browser of your choice to complete the process.
 +
 
 +
The second and final step requires to select a suitable Open-Xchange license key. A variety of information is stored in the license database for a license key (e.g., the primary mail domain or the number of licensed users). In addition, a UCS license is saved for every license key in the license database, which is downloaded from the LDB server and installed on the local system when this wizard is finished.
 +
 
 +
If several keys are saved in the specified account, it is important to select the correct key, as it will otherwise not be possible to complete the configuration if the information saved in the license database does not correspond to the local system.
 +
 
 +
When performing the configuration for the first time, you may be prompted to confirm the end user license agreement (EULA) for the selected product via the checkbox.
  
Once the account has been added via the Add account button, the OXSE for UCS is configured automatically for a subsequent online update. The account can be altered subsequently via the Change account button.
+
After clicking on the ''Finish'' button, the UCS license is downloaded and installed. The Open-Xchange license key is then configured on the local system. This procedure can take a few seconds.
  
When adding/changing an account, the user name and password entered are verified automatically. This is done by connecting to the licence database. To reset the password for an account, the Request password reset button can be used to reset the password for the specified account. The user name must be entered in the dialogue which opens; the password must be entered twice. On confirmation, an e-mail is sent to the e-mail address specified for the account containing a confirmation link, which can be opened in the browser to complete the process.
+
Once the configuration is complete, the module redirects to the overview page. This page displays the currently configured Open-Xchange account, the status of the specified user data (valid/invalid), the license key selected for this system and the LDAP base of the installed system.
  
Alongside specification of an Open-Xchange account, it is also possible to select a licence key at this stage, which was saved automatically on the Open-Xchange account on its activation. The licence key is selected using the Change licence key button.
+
Following successful configuration, it is possible to ''Switch to the Online Update module'' directly from here and install the available updates.
  
A variety of licence information for a licence key is stored in the licence database (e.g., LDAP basic DN or the number of licensed users). The Update licence button is used to request this licence information online in the form of a licence file initially after the installation or following subsequent licensing and import it automatically into the management system.
+
If it proves necessary to change the Open-Xchange account or it has been relicensed, you can open the configuration wizard again using the ''Change settings'' button. For relicensing, it is necessary to perform the configuration procedure anew so that the modified license information is adopted on the local system.
  
You may be requested to accept the current end user license agreement (EULA) at this stage. If the EULA has already been accepted, e.g., via the (http://ldb.open-xchange.com) license database, this step is bypassed automatically. In the case of a EULA update, it may be necessary to confirm the EULA anew at a subsequent point in time.
 
Once licensing is completed, the Switch to online update module button can be used to open the module for importing version and security updates.
 
 
 
 
== User and group management ==
 
== User and group management ==
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP address of DC master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.
 
  
When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.
+
New users and groups can be created using the Univention Management Console (UMC). The UMC can be accessed on the DC master via a web browser at https://<IP address of DC master>/umc/. It is possible to log in as the Administrator user using the password specified during the installation.
 +
 
 +
When creating a user, the ''open-xchange groupware account'' user template should be selected. This preselects all Open-Xchange specific settings.
  
 
== System messages ==
 
== System messages ==
Line 259: Line 278:
 
</pre>
 
</pre>
  
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.
+
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the ''/etc/ox-secrets/context10.secret'' file.
  
  
  
 
[[Category: OX6]]
 
[[Category: OX6]]

Revision as of 11:10, 13 June 2012

Introduction

The Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) includes the groupware Open-Xchange and the integration packages for Univention Corporate Server (UCS).

Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) is tailored to professional users looking for a tried-and-tested solution for the management of their entire IT infrastructure including groupware or companies which already employ UCS and wish to expand their infrastructure with innovative groupware functions.

More detailed information on UCS can be found on the Univention GmbH website: http://www.univention.de/dokumentation.html.

Differences between OXASE and OXSE for UCS

OXASE can not be used as

  • Domain Controller
  • Print Server
  • Database, web or directory service server (unless not for the exclusive use with Open Xchange)
  • IP management system
  • Software distribution system
  • Network or service monitoring system
  • Management tool for Windows or Linux based systems

Except for

  • the provisioning, use and management of file services („shares“) with the Samba software
  • the temporary, three-months limited, non-productive use of UCS for evaluation purposes

First Step: Installation Univention Corporate Server

As OXSE4UCS is an expansion pack for the Univention Corporate Server, one or more UCS server(s) must be installed firstly. There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.

To start, the Univention Corporate Server systems are installed as usual with UCS 3.0.

Download the UCS Installation package / DVD Image here: http://software.open-xchange.com/OX6/OXSEforUCS/iso/

If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: http://www.univention.de/dokumentation.html

Second Step: Installation Open-Xchange Server Edition for UCS

The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this: 

$ export LDBUSER="myusername" LDBPASS="secret"
$ ucr set repository/online/component/ox/server=software.open-xchange.com \
	repository/online/component/ox/prefix=OX6/OXSEforUCS \
	repository/online/component/ox/username="$LDBUSER" \
	repository/online/component/ox/password="$LDBPASS" \
	repository/online/component/ox/version=current \
	repository/online/component/ox=enabled \
	repository/online/component/oxseforucs/server=software.open-xchange.com \
	repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \
	repository/online/component/oxseforucs/username="$LDBUSER" \
	repository/online/component/oxseforucs/password="$LDBPASS" \
	repository/online/component/oxseforucs/version=current \
	repository/online/component/oxseforucs=enabled

The access data (myusername and secret) are created when the Open-Xchange licence is activated and must be adapted here accordingly.

Installation on a DC master

When installing OXSE4UCS on a DC master, only the univention-ox-meta-singleserver package requires installing. This can be performed via the Univention Management Console or on the command line: 

  $ univention-install univention-ox-meta-singleserver
  $ univention-upgrade

The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be installed instead of the univention-ox-meta-singleserver package.

Installation on a dedicated DC slave

In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the univention-ox-directory-integration package must be installed on the DC master in order to initiate integration in the UCS management system. 

 $ univention-install univention-ox-directory-integration
 $ univention-upgrade

The univention-ox-meta-singleserver package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation: 

$ univention-install univention-ox-meta-singleserver
$ univention-upgrade
$ univention-run-join-scripts

The univention-ox-meta-singleserver package automatically installs packages for the filtering of spam and viruses. If this is not required, the univention-ox and univention-mail-cyrus-ox packages can be specified instead of the univention-ox-meta-singleserver package.

Installation in a distributed environment

When installing a distributed environment, integration in the UCS management system must be performed firstly by installing univention-ox-directory-integration on DC Master. 

$ univention-install univention-ox-directory-integration
$ univention-upgrade

The following services can then be distributed on the other UCS systems:

  • IMAP server and spam/virus filtering
  • MySQL server (mysql-server)
  • OX instance (univention-ox)


MySQL server

The MySQL server is installed by installing the mysql-server package. 

$ univention-install mysql-server
$ univention-upgrade

The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the bind-address option can be set to 0.0.0.0 in the MySQL configuration file /etc/mysql/my.cnf. 

bind-address 0.0.0.0

After the change, the MySQL service needs to be restarted: 

$ /etc/init.d/mysql restart

and the MySQL port has to be configured in the local firewall settings: 

$ ucr set security/packetfilter/tcp/3306/all=ACCEPT
$ /etc/init.d/univention-firewall restart

In addition, the OX instances must be authorized to access the database. The following gives an example, which must be adapted to the environment at hand. 

$ mysql                                                                            
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                          
 'openexchange'@'ox-instance1.example.com' \                                       
 IDENTIFIED BY 'secret';                                                         
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                          
 'openexchange'@'ox-instance2.example.com' \                                       
 IDENTIFIED BY 'secret';                                                         
mysql> GRANT ...                                                                 
mysql> FLUSH PRIVILEGES;                                                         
mysql> exit                           
$

Active OX instance

Before installing the active OX instance certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses. 

$ export HISTIGNORE="export*"
$ export OXDB=oxdbserver.ucs.local
$ export OXDBPW="secret"
$ export OXIMAPSERVER=oximapserver.ucs.local

The univention-ox package must be installed on the active OX instance. 

$ univention-install univention-ox
$ univention-upgrade

Then the join scripts need to run: 

$ univention-run-join-scripts

The responsible Sieve and SMTP server has to be configured via UCR variables: 

$ ucr set ox/cfg/groupware/mailfilter.properties/SIEVE_SERVER=$OXIMAPSERVER

Finally, the environment variable OXDBPW with the password can be unset using the following command: 

$ unset OXDBPW

IMAP server

The IMAP server is installed by installing the univention-mail-cyrus-ox package. 

$ univention-install univention-mail-cyrus-ox

The spam and virus check via amavis, spamassassin and clamav will be installed and activated automatically.

A check should then be performed to see whether all join scripts have been run successfully: 

$ univention-upgrade
$ univention-run-join-scripts

Please note: The Cyrus spool directory /var/spool/cyrus should not be placed on a NFS share. Otherwise data consistency problems might occur with the index files.


Additional passive OX instances

Firstly, the univention-ox package must also be installed on the additional passive OX instances. 

$ univention-install univention-ox
$ univention-upgrade

Then the settings can be copied from the active OX instance. This can be done, for example, using the following command: 

$ rsync -essh -a root@ox-instance1.ucs.local:/opt/open-xchange/. /opt/open-xchange/

The FQDN of the current computer must be entered in the /opt/open-xchange/etc/groupware/usm.properties file: 

com.openexchange.usm.ox.url=ox-instance2.ucs.local

The FQDN of the current computer must also be entered in the /opt/open-xchange/etc/authplugin.properties file: 

LDAP_HOST=ox-instance2.ucs.local

Finally, the groupware must be restarted on the passive OX instance: 

$ /etc/init.d/open-xchange-admin restart
$ /etc/init.d/open-xchange-groupware restart

Updating

To update a UCS 2.3-2 system with OXSE4UCS 6.16 to 6.18.1 with UCS 2.4 or a UCS 2.4-4 system with OXSE4UCS 6.20 to UCS 3.0, the following variables must be set before the update: 

$ ucr set repository/online/component/ox/version=current \
	repository/online/component/oxseforucs/version=current

The system can then be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.

Administration

UMC module “Licence management”

The license management module supports you in the configuration of an Open-Xchange account and the selection of a suitable Open-Xchange license key. It is necessary to specify an Open-Xchange account to be able to select a license key previously saved in the account and install the UCS license. In addition, the account is also required for the installation of version and security updates from the Open-Xchange online repository, as this requires authentication.

In this account, the same combination of username and password is required which was also used for the license database http://ldb.open-xchange.com.

On an unconfigured system, the license management module displays the first configuration step directly, as shown in the figure. In all other cases, an overview of the current configuration is displayed.

The first step involves entering the username and password of the Open-Xchange account. After continuing to the second configuration step via the Next button, the entered account information is automatically verified. Should it prove necessary to reset the password for an account, the Reset password button can be used to reset the password for an account. The username must be entered in the dialogue which opens; the password must be entered twice. On confirmation, an e-mail is sent to the e-mail address specified for the account containing a confirmation link, which can be opened in the browser of your choice to complete the process.

The second and final step requires to select a suitable Open-Xchange license key. A variety of information is stored in the license database for a license key (e.g., the primary mail domain or the number of licensed users). In addition, a UCS license is saved for every license key in the license database, which is downloaded from the LDB server and installed on the local system when this wizard is finished.

If several keys are saved in the specified account, it is important to select the correct key, as it will otherwise not be possible to complete the configuration if the information saved in the license database does not correspond to the local system.

When performing the configuration for the first time, you may be prompted to confirm the end user license agreement (EULA) for the selected product via the checkbox.

After clicking on the Finish button, the UCS license is downloaded and installed. The Open-Xchange license key is then configured on the local system. This procedure can take a few seconds.

Once the configuration is complete, the module redirects to the overview page. This page displays the currently configured Open-Xchange account, the status of the specified user data (valid/invalid), the license key selected for this system and the LDAP base of the installed system.

Following successful configuration, it is possible to Switch to the Online Update module directly from here and install the available updates.

If it proves necessary to change the Open-Xchange account or it has been relicensed, you can open the configuration wizard again using the Change settings button. For relicensing, it is necessary to perform the configuration procedure anew so that the modified license information is adopted on the local system.


User and group management

New users and groups can be created using the Univention Management Console (UMC). The UMC can be accessed on the DC master via a web browser at https://<IP address of DC master>/umc/. It is possible to log in as the Administrator user using the password specified during the installation.

When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.

System messages

The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose: 

$ ucr set mail/alias/root=oxadmin@ucs.local
$ newaliases
$ /etc/init.d/postfix reload

It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.

Retrieved from "https://oxpedia.org/wiki/index.php?title=OXSE4UCS_Installation_en&oldid=10537"