Merge branch 'master' into v7

NethServer · Mar 19, 2018 · 595f09b · 595f09b
2 parents 23db49c + 6348b79
commit 595f09b
Show file tree

Hide file tree

Showing 12 changed files with 464 additions and 41 deletions.
diff --git a/administrator-manual/en/dedalo.rst b/administrator-manual/en/dedalo.rst
@@ -0,0 +1,113 @@
+================
+Hotspot (Dedalo)
+================
+
+Hotspot main goal is to provide internet connectivity via wi-fi to casual users.  
+Users are sent to a captive portal from which they can access the network by authenticating themselves via social login, sms or email.
+The hotspot service allows the regulation, accountability and pricing of Internet access in public places, like internet points, hotels and fairs.  
+
+Main features:
+
+* network isolation between corporate and guests
+* guests can authenticate themselves using social login (Facebook, Instagram, Linkedin) as well as sms or email login
+* paid service based on vouchers 
+* hotspot manager with different accesses type (admin, customer, desk)
+* bandwidth Limit for each user
+* export account list and connections report (not yet implemented)
+
+How it works?
+=============
+The implementation is based on 2 components:
+
+* a remote hotspot manager with a Web GUI running on a cloud server that allows you to:
+
+  * create a hotspot instance: usually each instance is referred to a specific location (e.g. Art Cafè, Ritz Hotel and so on)
+  * edit the captive portal page 
+  * choose what type of login to use
+  * see session and users logged
+
+* a client part (dedalo) installed in |product| physically connected to the Access Points network : it assigns IP addresses to the clients of the Wi-Fi Network and redirects them to the captive portal for authentication.
+
+For more detailed information please refer to https://nethesis.github.io/icaro/docs/components/ .
+
+
+How to install it
+=================
+
+* install the server component: https://nethesis.github.io/icaro/docs/provisioning/
+  This procedure uses Vagrant to provision a Digital Ocean (DO) droplet. If you prefere to use another cloud provider, edit Vagrantfile accordingly.
+
+* configure the server in order to make it possibile to login: https://nethesis.github.io/icaro/docs/configuration/
+
+* install the client component in your |product|: https://nethesis.github.io/icaro/docs/client_installation/
+
+* please remind that the installation requires at least 3 ethernet interfaces:
+
+  * 1 for normal LAN clients, marked with green role (you need it even if unused, it can be a VLAN)
+  * 1 (or more) for Internet connection, marked with red role
+  * 1 one for the Dedalo, marked with hotspot role
+
+
+
+
+Configuration
+=============
+
+
+Hotspot manager interface
+-------------------------
+
+* go to the hotspot manager
+* go to the *Managers* section and create a new *Manager* of type *Reseller* or *Customer*. More info about *Roles* here : https://nethesis.github.io/icaro/docs/manager/.
+* do logout and login with the new manager just created
+* go in the *Hotspot* section and create a new hotspot instance
+* click on the hotspot name and configure the captive portal
+
+
+Hotspot Unit on |product|
+--------------------------
+
+* go to the section *Hotspot Unit* on |product|
+* edit the parameters in the `Hotspot unit registration` page:
+
+  * ``Host name`` : Public name of the Hotspot Manager 
+  * ``User name`` : user of a working account (reseller or customer)
+  * ``Password`` : password
+
+After that just choose the ethernet interface where the hotspot will be active.
+
+If you have the proxy web active a specific flag in the hotspot unit page will allow you to forward all the hotspot traffic (http and httpas protocols) to the web proxy for logging purposes (Be aware of the privacy implications!).
+
+
+* connect an AP to the hostpot interface.
+
+
+
+
+Access Point Configuration
+--------------------------
+
+The Access Point (AP) must perform the sole function of enabling the connection with the firewall,
+they should behave like an ordinary network switch. Follow these recommendations:
+
+* configure the access point without authentication and without DHCP
+* disable any service (security services, etc.) in order to avoid interference with hotspot behavior
+* if you use more AP configure them with different SSID (eg: 1-SCHOOL / SCHOOL-2 / ...) in order to easily identify any malfunctioning AP
+* configure the AP with a static IP address on a network segment (rfc-1918) different from the one used by the hotspot
+* if possible, enable the "client isolation", to avoid traffic between clients connected to the access point
+* configure the AP to work on different channels to minimize interference, a good AP allow you to manage the channels automatically or manually select them
+* do not use too shoddy products, low quality AP can cause frequent disconnections which impact on the quality of the overall service, 
+  the recommendation is even more important if you are using repeaters
+
+For test purposes only you can also connect a laptop or a pc via ethernet cable to the hotspot interface instead of a Wi-Fi network.
+This can be very useful if you are experiencing problems and you want to check if they are caused by the hotspot service or by the AP network.
+
+
+Free Mode and Voucher Mode
+--------------------------
+
+The free mode (default) allows you to make login by yourself without the need of any code, just click on the desired social (or sms, email).
+
+The voucher mode force you to create a voucher (basically "a code") and give it to every user, only users with the voucher will be allowed to make login.
+
+
diff --git a/administrator-manual/en/hotsync.rst b/administrator-manual/en/hotsync.rst
@@ -55,7 +55,7 @@ Master
     [root@master]# config setprop rsyncd password <PASSWORD>
     [root@master]# config setprop hotsync role master
     [root@master]# config setprop hotsync SlaveHost <SLAVE_IP>
-    [root@master]# signal-event nethserver-hotsync-update
+    [root@master]# signal-event nethserver-hotsync-save
 
 
 Slave
@@ -66,57 +66,66 @@ Slave
     [root@slave]# config setprop rsyncd password <PASSWORD>
     [root@slave]# config setprop hotsync role slave
     [root@slave]# config setprop hotsync MasterHost <MASTER_IP>
-    [root@slave]# signal-event nethserver-hotsync-update
+    [root@slave]# signal-event nethserver-hotsync-save
 
 
-<PASSWORD> must be the same on master and slave.
+The ``<PASSWORD>`` must be the same on master and slave.
 
 If mysql or postgresql are installed, they will be synchronized by default. To disable databases sync
 
 ::
 
     [root@master]# config setprop hotsync databases disabled
-    [root@master]# signal-event nethserver-hotsync-update
+    [root@master]# signal-event nethserver-hotsync-save
 
 
 Enabling/Disabling
------
+------------------
 
 Hotsync is enabled by default. To disable it:
 
 ::
 
     [root@slave]# config setprop hotsync status disabled
-    [root@slave]# signal-event nethserver-hotsync-update
+    [root@slave]# signal-event nethserver-hotsync-save
 
 
 and to re-enable it:
 
 ::
 
     [root@slave]# config setprop hotsync status enabled
-    [root@slave]# signal-event nethserver-hotsync-update
+    [root@slave]# signal-event nethserver-hotsync-save
 
 
 
 Restore: put SLAVE in production
 ================================
 
-1. Switch off MASTER if it's on
-2. On SLAVE launch restore command:
+The following procedure puts the SLAVE in production when the master has crashed.
 
-::
-       
-    [root@slave]# signal-event nethserver-hotsync-restore
+1. switch off MASTER
+
+2. if the SLAVE machine must run as network gateway, connect it to the
+   router/modem with a network cable
+
+3. on SLAVE, if you are connected through an ssh console, launch the ``screen``
+   command, to make your session survive to network outages::
+
+    [root@slave]# screen
+
+4. on SLAVE launch the following command, and read carefully its output ::
+
+    [root@slave]# hotsync-promote
 
+5. go to Server Manager, in page ``Network`` and reassign roles to network
+   interfaces as required
 
-Don't forget to:
+6. launch the command ::
 
-- connect modem to spare if you have one
-- connect backup HD to spare
-- connect router
+    [root@slave]# /sbin/e-smith/signal-event post-restore-data
 
-To put again in production original server, configure it as SLAVE, sync it, switch off current MASTER and restore configuration backup.
+7. if an USB backup is configured on MASTER, connect the backup HD to SLAVE
 
 
 ==================

diff --git a/administrator-manual/en/index.rst b/administrator-manual/en/index.rst
@@ -92,6 +92,7 @@ Modules
    phonebook-mysql
    weekly_report
    hotspot
+   dedalo
    freepbx
    hotsync
 

diff --git a/administrator-manual/en/webtop5.rst b/administrator-manual/en/webtop5.rst
@@ -204,6 +204,7 @@ Select the folder to share -> right click -> "Manage sharing":
 .. note::
 
    If you also select "Force signature", when this identity is used, the user signature from which the shared mail was received will be automatically inserted.
+
 In this case, however, it is necessary that the personalized signature of the User from which it originates has been associated to the Email address and not to the User.
 
 Sharing calendars and contacts
@@ -212,7 +213,7 @@ Sharing calendars and contacts
 Sharing Calendar
 ----------------
 
-you can share each personal calendar individually.
+You can share each personal calendar individually.
 Select the calendar to share -> right click -> "Sharing and permissions":
 
 .. image:: _static/webtop-sharing_cal_1.png
@@ -408,7 +409,7 @@ A request email will be sent to upload the document to the Cloud:
 
 .. image:: _static/webtop-doc_cloud9.png
 
- The sender will receive a notification for each file that will be uploaded:
+The sender will receive a notification for each file that will be uploaded:
 
 .. image:: _static/webtop-doc_cloud10.png
 

diff --git a/developer-manual/en/modules b/developer-manual/en/modules
@@ -36,3 +36,5 @@ nethserver-evebox
 nethserver-postgresql
 nethserver-cups
 nethserver-hotsync
+nethserver-subscription
+nethserver-yum-cron
diff --git a/developer-manual/en/nethserver-dc.rst b/developer-manual/en/nethserver-dc.rst
@@ -52,25 +52,40 @@ To have a shell inside the ``nsdc`` container, you can run ::
 Manual Join
 -----------
 
-nethserver-dc-join action joins automatically to domain. If you want to join domain manually, check that machine came up ::
+nethserver-dc-join action joins automatically to domain. If for any reason the
+join is invalid you can attempt a manual join following this procedure
 
-   # host -t SRV _ldap._tcp.`config get DomainName`
+Check nsdc is running: ::
+
+    systemctl status nsdc
+
+Check the DNS is responding: ::
+
+   # host -t SRV _ldap._tcp.$(config getprop sssd Realm)
    _ldap._tcp.nethsever.org has SRV record 0 100 389 nsdc-vm8.nethsever.org.
 
-then clear sssd.conf, join domain and expand sssd.conf template ::
+Clean up any previous join state: ::
+
+    config setprop sssd Provider none
+    signal-event nethserver-sssd-leave
+
+Join the domain: ::
 
-   > /etc/sssd/sssd.conf
-   realm join $(hostname -d)
-   expand-template /etc/sssd/sssd.conf
+   realm join -v -U admin $(config getprop sssd Realm)
 
-Then provide the default administrator password::
+You can replace ``admin`` with any other administrative account name. The
+command above prompts for a password. When join is successful: ::
 
-   Nethesis,1234
+   config setprop sssd Provider ad
+   signal-event nethserver-sssd-save
 
 If everything goes well ::
 
    getent passwd administrator@$(hostname -d)
-   # output: administrator@nethserver.org:*:261600500:261600513:Administrator:/home/administrator@nethserver.org:/bin/bash   
+   # output: administrator@nethserver.org:*:261600500:261600513:Administrator:/home/administrator@nethserver.org:/bin/bash
+   
+   /usr/libexec/nethserver/list-users -s administrator
+   # output: {"administrator": ...
 
 Once domain is joined, you can manage users from interface. From command line, you can use `net` command ::
 

diff --git a/developer-manual/en/nethserver-freepbx.rst b/developer-manual/en/nethserver-freepbx.rst
@@ -126,3 +126,15 @@ To check user synchronization, use this command: ::
  /usr/bin/scl enable rh-php56 -- /usr/sbin/fwconsole userman --syncall --force --verbose
 
 Syncronization need a secure connection, use SSL or enable ``STARTTLS`` in ``Account Provider`` configuration in NethServer Web GUI
+
+Update from legacy OpenLDAP driver to OpenLDAP2 driver
+------------------------------------------------------
+
+Since nethserver-freepbx-14.0.5, if NethServer users are configured using OpenLDAP, FreePBX users are configured using FreePBX OpenLDAP 2 driver instead of legacy one.
+If you have installed nethserver-freepbx before 14.0.5, and your user provider is configured using LDAP, you're using legacy driver. You can check in FreePBX User Manager module interface if NethServer LDAP driver is "OpenLDAP Directory (Legacy)"
+
+Updating from legacy driver to the new one, allows to permit access to FreePBX interface and UCP to LDAP users, but migration isn't automatical because users would lose default extension associated and other custom options.
+The openldap_migration_from_legacy script, does the driver migration and restore users default_extensions. Other custom users options could be lost anyway.
+To execute migration, launch: ::
+
+  /usr/src/freepbx/openldap_migration_from_legacy
diff --git a/developer-manual/en/nethserver-hotsync.rst b/developer-manual/en/nethserver-hotsync.rst
@@ -41,35 +41,43 @@ MASTER configuration: ::
     [root@master]# config setprop rsyncd password <PASSWORD>
     [root@master]# config setprop hotsync role master
     [root@master]# config setprop hotsync SlaveHost <SLAVE_IP>
-    [root@master]# signal-event nethserver-hotsync-update
+    [root@master]# signal-event nethserver-hotsync-save
 
 SLAVE configuration: ::
 
     [root@slave]# config setprop rsyncd password <PASSWORD>
     [root@slave]# config setprop hotsync role slave
     [root@slave]# config setprop hotsync MasterHost <MASTER_IP>
-    [root@slave]# signal-event nethserver-hotsync-update
+    [root@slave]# signal-event nethserver-hotsync-save
 
 **The <PASSWORD> must be the same on both master and slave.**
 
 If *MySQL* or *PostgreSQL* are installed, they will be synchronized by default. To disable databases synchronization: ::
 
     [root@master]# config setprop hotsync databases disabled
-    [root@master]# signal-event nethserver-hotsync-update
+    [root@master]# signal-event nethserver-hotsync-save
 
 How to restore
 ==============
 
-The following procedure are to put the SLAVE in production when the master has been crashed.
+The following procedure puts the SLAVE in production when the master has crashed.
 
 1. switch off MASTER
-2. on SLAVE launch command ::
+2. if the SLAVE machine must run as network gateway, connect it to the router/modem with a network cable
+3. following command changes the IP address and cuts off the network connection. If you are connected through an ssh console, launch the ``screen`` command ::
 
-    [root@slave]# signal-event nethserver-hotsync-restore
+    [root@slave]# screen
 
-3. manually connect the modem to SLAVE machine
-4. connect backup HD to SLAVE
-5. connect the router
+4. on SLAVE launch command, and read carefully its output ::
+
+    [root@slave]# hotsync-promote
+
+5. go to Server Manager page ``Network`` and reassign roles to network interfaces if required
+6. launch command ::
+
+    [root@slave]# /sbin/e-smith/signal-event post-restore-data
+
+7. if an USB backup is configured on MASTER, connect the backup HD to SLAVE
 
 How to restore original server
 ==============================