Difference between revisions of "OXSE4UCS Installation en"

m (Reverted edits by Khgras (Talk) to last version by Choeger)
(UMC module “Licence management”)
(46 intermediate revisions by 6 users not shown)
Line 1: Line 1:
= Introduction=  
+
= First Step: Installation Univention Corporate Server =
The Open-Xchange Server Edition for Univention Corporate Server (OXSE4UCS) includes the groupware Open-Xchange and the integration packages for Univention Corporate Server (UCS).
+
As OX App Suite is available as App for Univention App Center Univention Corporate Server (UCS). One or more UCS server(s) must be installed first. There are several possible different installation scenarios. In principle, OX App Suite can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.
  
OXSE4UCS is tailored to professional users looking for a tried-and-tested solution for the management of their entire IT infrastructure including groupware or companies which already employ UCS and wish to expand their infrastructure with innovative groupware functions.
+
To start, the Univention Corporate Server systems are installed with the latest UCS version that is currently supported by OX App Suite.
  
More detailed information on UCS can be found on the Univention GmbH website: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html].
+
'''Download the UCS Installation ISO Image here:'''  [https://www.univention.com/downloads/download-ucs/ https://www.univention.com/downloads/download-ucs/]
  
 +
If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [https://docs.software-univention.de/manual.html https://docs.software-univention.de/manual.html]
  
= Installation =
+
= Second Step: Installation OX App Suite =
As OXSE4UCS is an expansion pack for the Univention Corporate Server, one or more UCS server(s) must be installed firstly.
 
  
There are several possible different installation scenarios. In principle, OXSE4UCS can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.
+
Since UCS 3.x OX App Suite has to be installed via the Univention App Center. To start the Univention App Center, log into Univention Management Console and open the UMC module App Center. In the Univention App Center you need to select the application OX App Suite and click on Install.
  
To start, the UCS systems are installed as usual with UCS 2.3. If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: [http://www.univention.de/dokumentation.html http://www.univention.de/dokumentation.html].
+
Download, installation and configuration of OX App Suite may take several minutes. Please do not shut down or restart the UCS system until the installation is complete.
  
The password-protected Open-Xchange repository must be integrated on all the systems where OXSE4UCS packages are to be installed. The following Univention Configuration Registry variables (UCR variables) can be used to do this:
+
Besides of the installation of OX App Suite, all necessary components for the extension OX Drive clients will be installed automatically. The OX Drive client lets you store and share your photos, files, documents and videos, anytime, anywhere. Access any file you save to OX Drive from all your computers, iPhone, iPad or from within OX App Suite itself.
  
<pre>
+
=Administration=
export LDBUSER=myusername LDBPASS=secret
 
ucr set repository/online/component/ox/server=software.open-xchange.com \
 
repository/online/component/ox/prefix=OX6/OXSEforUCS \
 
repository/online/component/ox/username=$LDBUSER \
 
repository/online/component/ox/password=$LDBPASS \
 
repository/online/component/ox/version=2.2,2.3 \
 
repository/online/component/ox=enabled \
 
repository/online/component/oxseforucs/server=software.open-xchange.com \
 
repository/online/component/oxseforucs/prefix=OX6/OXSEforUCS \
 
repository/online/component/oxseforucs/username=$LDBUSER \
 
repository/online/component/oxseforucs/password=$LDBPASS \
 
repository/online/component/oxseforucs/version=2.2,2.3 \
 
repository/online/component/oxseforucs=enabled
 
apt-get update
 
</pre>
 
  
The access data (''myusername'' and ''secret'') are created when the Open-Xchange licence is activated and must be adapted here accordingly.
+
== UMC module “Licence management” ==
  
== Installation on a DC master ==
+
The license management module supports you in the configuration of an Open-Xchange account and the selection of a suitable Open-Xchange license key. It is necessary to specify an Open-Xchange account to be able to select a license key previously saved in the account and install the UCS license. In addition, the account is also required for the installation of version and security updates from the Open-Xchange online repository, as this requires authentication.
When installing OXSE4UCS on a DC master, only the '''univention-ox-meta-singleserver''' package requires installing. This can be performed via the Univention Management Console or on the command line:
 
  
<pre>
+
In this account, the same combination of username and password is required which was also used for the license database https://www.open-xchange.com/customer-portal/
DEBIAN_FRONTEND=noninteractive apt-get \                                       
 
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-ox-meta-singleserver                                                                                             
 
</pre>
 
  
The '''univention-ox-meta-singleserver''' package automatically installs packages for the filtering of spam and viruses at the same time. If this is not required, the '''univention-ox and univention-mail-cyrus-ox''' packages can be installed instead of the '''univention-ox-meta-singleserver package'''.
+
On an unconfigured system, the license management module displays the first configuration step directly. In all other cases, an overview of the current configuration is displayed.
  
==Installation on a dedicated DC slave==
+
The first step involves entering the username and password of the Open-Xchange account. After continuing to the second configuration step via the Next button, the entered account information is automatically verified. Should it prove necessary to reset the password for an account, the Reset password button can be used to reset the password for an account. The username must be entered in the dialogue which opens; the password must be entered twice. On confirmation, an e-mail is sent to the e-mail address specified for the account containing a confirmation link, which can be opened in the browser of your choice to complete the process.
In this installation scenario, the DC slave system acts as a standalone Open-Xchange groupware server. To start, the '''univention-ox-directory-integration''' package must be installed on the DC master in order to initiate integration in the UCS management system.
 
  
<pre>
+
The second and final step requires to select a suitable Open-Xchange license key. A variety of information is stored in the license database for a license key (e.g., the primary mail domain or the number of licensed users). In addition, a UCS license is saved for every license key in the license database, which is downloaded from the LDB server and installed on the local system when this wizard is finished.
DEBIAN_FRONTEND=noninteractive apt-get \                                       
+
If several keys are saved in the specified account, it is important to select the correct key, as it will otherwise not be possible to complete the configuration if the information saved in the license database does not correspond to the local system.
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-ox-directory-integration                                                                         
 
</pre>
 
   
 
The '''univention-ox-meta-singleserver''' package is installed on the DC slave which is to be used as the groupware server. In addition, the join scripts must also be run following the installation:                                                   
 
  
<pre>
+
When performing the configuration for the first time, you may be prompted to confirm the end user license agreement (EULA) for the selected product via the checkbox.
DEBIAN_FRONTEND=noninteractive apt-get \                                       
 
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-ox-meta-singleserver                                   
 
 
 
univention-run-join-scripts
 
</pre>
 
  
The '''univention-ox-meta-singleserver''' package automatically installs packages for the filtering of spam and viruses. If this is not required, the '''univention-ox''' and '''univention-mail-cyrus-ox''' packages can be specified instead of the '''univention-ox-meta-singleserver''' package.
+
After clicking on the Finish button, the UCS license is downloaded and installed. The Open-Xchange license key is then configured on the local system. This procedure can take a few seconds.
  
== Installation in a distributed environment ==
+
Once the configuration is complete, the module redirects to the overview page. This page displays the currently configured Open-Xchange account, the status of the specified user data (valid/invalid), the license key selected for this system and the LDAP base of the installed system.
When installing a distributed environment, integration in the UCS management system must be performed firstly by installing '''univention-ox-directory-integration'''.
 
  
<pre>
+
Following successful configuration, it is possible to Switch to the Online Update module directly from here and install the available updates.
DEBIAN_FRONTEND=noninteractive apt-get \                                       
 
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-ox-directory-integration                                     
 
</pre>
 
  
The following services can then be distributed on the other UCS systems: 
+
If it proves necessary to change the Open-Xchange account or it has been relicensed, you can open the configuration wizard again using the Change settings button. For relicensing, it is necessary to perform the configuration procedure anew so that the modified license information is adopted on the local system.
* IMAP server and optionally spam and virus filtering (''univention-mail-cyrus-ox and optionally univention-mail-antispam-ox and univention-antivir-mail'')
 
* MySQL server (''mysql-server'')
 
* OX instance (''univention-ox'')
 
  
+
== User and group management ==
===MySQL server===
 
The MySQL server is installed by installing the mysql-server package.                                                   
 
 
 
<pre>
 
apt-get install mysql-server                                               
 
</pre>
 
 
 
The configuration of the MySQL server should be set so that the MySQL service can be accessed via the external network interfaces. To do this, for example, the ''bind-address'' option can be set to ''0.0.0.0'' in the MySQL configuration file ''/etc/mysql/my.cnf''.
 
 
 
<pre>
 
bind-address 0.0.0.0                                                           
 
</pre>
 
 
 
After the change, the MySQL service needs to be restarted:               
 
 
 
<pre>
 
/etc/init.d/mysql restart
 
</pre>
 
 
 
In addition, the OX instances must be authorized to access the database. The following gives an example, which must be adapted to the environment at hand.                                                                 
 
 
 
<pre>
 
$ mysql                                                                           
 
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                         
 
'openexchange'@'ox-instance1.example.com' \                                     
 
IDENTIFIED BY 'secret';                                                       
 
mysql> GRANT ALL PRIVILEGES ON *.* TO \                                         
 
'openexchange'@'ox-instance2.example.com' \                                     
 
IDENTIFIED BY 'secret';                                                       
 
mysql> GRANT ...                                                               
 
mysql> FLUSH PRIVILEGES;                                                       
 
mysql> exit                         
 
$
 
</pre>
 
                                         
 
=== Active OX instance ===
 
The '''univention-ox''' package must be installed on the active OX instance.     
 
 
 
<pre>
 
DEBIAN_FRONTEND=noninteractive apt-get \                                       
 
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-ox                                                         
 
</pre>
 
 
 
Then certain environment variables must be set to ensure that the join scripts run later receive the corresponding permissions. The following gives an example, which must be adapted to the environment at hand. The variable OXDB defines the MySQL server to be used by the OX instance. The corresponding password should be saved in the variable OXDBPW. The standard IMAP server must be specified in the variable OXIMAPSERVER. Hostnames need to be specified as fully qualified domain names (FQDN). It is not possible to use IP addresses.
 
 
 
<pre>
 
export HISTIGNORE="export*"                                                     
 
export OXDB=oxdbserver.example.com                                               
 
export OXDBPW="secret"                                                         
 
export OXIMAPSERVER=oximapserver.example.com                                       
 
</pre>
 
 
 
Then the join scripts need to run:                                     
 
 
 
<pre>
 
univention-run-join-scripts
 
</pre>
 
 
 
Finally, the environment variable OXDBPW with the password can be unset using the following command:
 
 
 
<pre>
 
unset OXDBPW
 
</pre>
 
 
=== IMAP server ===
 
The IMAP server is installed by installing the '''univention-mail-cyrus-ox''' package.
 
 
 
<pre>
 
DEBIAN_FRONTEND=noninteractive apt-get \                                       
 
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-mail-cyrus-ox                                                                             
 
</pre>
 
 
 
The spam check via ''spamassassin'' can be installed and activated by installing the '''univention-mail-antispam-ox''' package:           
 
 
 
<pre>
 
apt-get install univention-mail-antispam-ox                                         
 
</pre>
 
 
 
The virus check via ''amavis'' and ''clamav'' can be installed and activated by installing the u'''nivention-antivir-mail''' package.                                                           
 
 
 
<pre>
 
apt-get install univention-antivir-mail                                     
 
</pre>
 
 
 
A check should then be performed to see whether all join scripts have been run successfully:                                                           
 
 
 
<pre>
 
univention-run-join-scripts
 
</pre>
 
 
 
=== Additional passive OX instances ===
 
Firstly, the '''univention-ox''' package must also be installed on the additional passive OX instances.
 
 
 
<pre>
 
DEBIAN_FRONTEND=noninteractive apt-get \                                       
 
-o DPkg::Options::=--force-confold -y --force-yes \                           
 
install univention-ox                                                                                                                   
 
</pre>
 
 
 
Then the settings can be copied from the active OX instance. This can be done, for example, using the following command:
 
 
 
<pre>
 
rsync -essh -a root@ox-instance1.example.com:/opt/open-xchange/. /opt/open-xchange/
 
</pre>
 
 
 
The FQDN of the current computer must be entered in the'' /opt/open-xchange/etc/groupware/usm.properties'' file:
 
 
 
<pre>
 
com.openexchange.usm.ox.url=ox-instance2.example.com
 
</pre>
 
 
 
The FQDN of the current computer must also be entered in the'' /opt/open-xchange/etc/authplugin.properties'' file:
 
 
 
<pre>
 
LDAP_HOST=ox-instance2.example.com
 
</pre>
 
 
 
Finally, the groupware must be restarted on the passive OX instance:
 
 
 
<pre>
 
/etc/init.d/open-xchange-admin restart
 
/etc/init.d/open-xchange-groupware restart
 
</pre>
 
 
 
== OXtender for Business Mobility ==
 
 
 
The Open-Xchange OXtender for Business Mobility is an optionally available component for OXSE4UCS which enables the connection of mobile devices. The repository must be activated for it to be possible to install the corresponding packages:                                                                           
 
 
 
<pre>
 
export LDBUSER=ldbuser LDBPASS=lsbpass
 
ucr set repository/online/component/oxmobility/server=software.open-xchange.com \
 
repository/online/component/oxmobility/prefix=OX6/OXSEforUCS \
 
repository/online/component/oxmobility/username=$LDBUSER \
 
repository/online/component/oxmobility/password=$LDBPASS \
 
repository/online/component/oxmobility/version=2.2,2.3 \
 
repository/online/component/oxmobility=enabled
 
 
 
apt-get update
 
</pre>
 
 
 
Installing the '''univention-ox-usm-ox''' package installs the Oxtender for Business Mobility on the OXSE4UCS system.
 
 
 
<pre>
 
apt-get install univention-ox-usm-ox
 
</pre>
 
 
 
If the target system is neither a DC master nor a DC backup system, the '''univention-ox-usm-udm''' package should also be installed on the DC master.
 
 
 
<pre>
 
apt-get install univention-ox-usm-udm
 
</pre>
 
 
 
=Updating=
 
'''Please do not use the UMC Online Update module as in some cases this might cause an unavailability of the UMC. We strongly recommend to use the console for updating the system. To do so proceed as follows.'''
 
  
To update a UCS 2.2 system with OXSE4UCS 6.12 or 6.14 to UCS 2.3, the following variables must be set before the update.
+
New users and groups can be created using the Univention Management Console (UMC). The UMC can be accessed on the DC master via a web browser at https://<IP address of DC master>/umc/. It is possible to log in as the Administrator user using the password specified during the installation.
  
<pre>
+
When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.
ucr set repository/online/component/ox/version=2.2,2.3 \
 
        repository/online/component/oxseforucs/version=2.2,2.3
 
</pre>
 
 
 
To apply the update, run the command
 
 
 
univention-updater net
 
 
 
=Administration=
 
 
== User and group management ==
 
New users and groups can be created using the Univention Directory Manager (UDM). The UDM can be accessed on the DC master via a web browser at https://<IP-Adresse des DC Master>/udm/. It is possible to log in as the Administrator user using the password specified during the installation.
 
 
 
When creating a user, the '''open-xchange groupware account''' user template should be selected. This preselects all Open-Xchange specific settings.
 
  
 
== System messages ==
 
== System messages ==
The ''mail/alias/root'' UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:
+
The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:
  
 
<pre>
 
<pre>
ucr set mail/alias/root=oxadmin@example.com
+
$ ucr set mail/alias/root=oxadmin@ucs.local
newaliases
+
$ newaliases
/etc/init.d/postfix reload
+
$ /etc/init.d/postfix reload
 
</pre>
 
</pre>
  
 
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the ''/etc/ox-secrets/context10.secret'' file.
 
It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the ''/etc/ox-secrets/context10.secret'' file.
 
 
 
[[Category: OX6]]
 

Revision as of 15:27, 8 January 2020

First Step: Installation Univention Corporate Server

As OX App Suite is available as App for Univention App Center Univention Corporate Server (UCS). One or more UCS server(s) must be installed first. There are several possible different installation scenarios. In principle, OX App Suite can be installed on all UCS domain controller server roles: DC master, DC backup or DC slave. Installation on the server roles member server or base system is not currently possible.

To start, the Univention Corporate Server systems are installed with the latest UCS version that is currently supported by OX App Suite.

Download the UCS Installation ISO Image here: https://www.univention.com/downloads/download-ucs/

If several systems are in the UCS domain, a check must be performed that the join procedure has been run on all servers. This is usually done at the end of the installation procedure. Further information on the installation of UCS can be found in the UCS manual: https://docs.software-univention.de/manual.html

Second Step: Installation OX App Suite

Since UCS 3.x OX App Suite has to be installed via the Univention App Center. To start the Univention App Center, log into Univention Management Console and open the UMC module App Center. In the Univention App Center you need to select the application OX App Suite and click on Install.

Download, installation and configuration of OX App Suite may take several minutes. Please do not shut down or restart the UCS system until the installation is complete.

Besides of the installation of OX App Suite, all necessary components for the extension OX Drive clients will be installed automatically. The OX Drive client lets you store and share your photos, files, documents and videos, anytime, anywhere. Access any file you save to OX Drive from all your computers, iPhone, iPad or from within OX App Suite itself.

Administration

UMC module “Licence management”

The license management module supports you in the configuration of an Open-Xchange account and the selection of a suitable Open-Xchange license key. It is necessary to specify an Open-Xchange account to be able to select a license key previously saved in the account and install the UCS license. In addition, the account is also required for the installation of version and security updates from the Open-Xchange online repository, as this requires authentication.

In this account, the same combination of username and password is required which was also used for the license database https://www.open-xchange.com/customer-portal/

On an unconfigured system, the license management module displays the first configuration step directly. In all other cases, an overview of the current configuration is displayed.

The first step involves entering the username and password of the Open-Xchange account. After continuing to the second configuration step via the Next button, the entered account information is automatically verified. Should it prove necessary to reset the password for an account, the Reset password button can be used to reset the password for an account. The username must be entered in the dialogue which opens; the password must be entered twice. On confirmation, an e-mail is sent to the e-mail address specified for the account containing a confirmation link, which can be opened in the browser of your choice to complete the process.

The second and final step requires to select a suitable Open-Xchange license key. A variety of information is stored in the license database for a license key (e.g., the primary mail domain or the number of licensed users). In addition, a UCS license is saved for every license key in the license database, which is downloaded from the LDB server and installed on the local system when this wizard is finished. If several keys are saved in the specified account, it is important to select the correct key, as it will otherwise not be possible to complete the configuration if the information saved in the license database does not correspond to the local system.

When performing the configuration for the first time, you may be prompted to confirm the end user license agreement (EULA) for the selected product via the checkbox.

After clicking on the Finish button, the UCS license is downloaded and installed. The Open-Xchange license key is then configured on the local system. This procedure can take a few seconds.

Once the configuration is complete, the module redirects to the overview page. This page displays the currently configured Open-Xchange account, the status of the specified user data (valid/invalid), the license key selected for this system and the LDAP base of the installed system.

Following successful configuration, it is possible to Switch to the Online Update module directly from here and install the available updates.

If it proves necessary to change the Open-Xchange account or it has been relicensed, you can open the configuration wizard again using the Change settings button. For relicensing, it is necessary to perform the configuration procedure anew so that the modified license information is adopted on the local system.

User and group management

New users and groups can be created using the Univention Management Console (UMC). The UMC can be accessed on the DC master via a web browser at https://<IP address of DC master>/umc/. It is possible to log in as the Administrator user using the password specified during the installation.

When creating a user, the open-xchange groupware account user template should be selected. This preselects all Open-Xchange specific settings.

System messages

The mail/alias/root UCS variable must be set so that system messages can be delivered. To do this, either a new account can be created or, alternatively, oxadmin@DOMAIN is provided for this purpose:

$ ucr set mail/alias/root=oxadmin@ucs.local
$ newaliases
$ /etc/init.d/postfix reload

It is possible to log in as the oxadmin user in the Open-Xchange web interface using the password from the /etc/ox-secrets/context10.secret file.