Merge pull request #470 from NethServer/master

Merge master into v7. Publish Web server and Hotsync pages changes.

administrator-manual/en/.gitignore

@@ -1,4 +1,8 @@
 locale/sr
 locale/tr
+locale/cs
+locale/de
+locale/ru
+locale/zh
 _static
 nscom/_static/_static

administrator-manual/en/.tx/config

@@ -409,3 +409,9 @@ file_filter = locale/<lang>/LC_MESSAGES/report.po
 source_file = _build/locale/report.pot
 source_lang = en
 type = PO
+
+[docs-v7.web_server]
+file_filter = locale/<lang>/LC_MESSAGES/web_server.po
+source_file = _build/locale/web_server.pot
+source_lang = en
+type = PO

administrator-manual/en/backup_customization.rst

@@ -241,6 +241,8 @@ It's possible to configure a backup which includes only the mail and is schedule
 
 .. note:: This type of backup can't be used in case of disaster recovery.
 
+.. _configuration_backup-section:
+
 Configuration backup
 ====================
 

administrator-manual/en/firewall2.rst

@@ -6,8 +6,8 @@ Firewall and gateway (new)
 
 .. note::
 
-   This chapter describes changes introduces by the *Firewall* application in the new Server Manager.
-   Basic firewall behavior is unchanged and describe inside :ref:`firewall-section`.
+   This chapter describes the changes introduced by the *Firewall* application in the new Server Manager.
+   Basic firewall behavior is unchanged and described inside :ref:`firewall-section`.
 
    Please note that some changes made in the new Server Manager may not be reflected in the old one. 
 

administrator-manual/en/ftp.rst

@@ -4,7 +4,14 @@
 FTP
 ===
 
-.. note:: The FTP protocol is insecure: password are sent in clear text.
+.. note::
+
+    The FTP server is part of the :ref:`Web server <web-server-section>`
+    application inside the new Server Manager.
+
+.. warning::
+
+    The FTP protocol is insecure: password are sent in clear text.
 
 The :index:`FTP` server allows to transfer files between client and server.
 
@@ -23,8 +30,6 @@ path inside the custom field. For example, given a shared folder called *mywebsi
 
 The FTP virtual user will be able to access only the specified directory.
 
-The FTP server is part of the Web Server application inside the new Server Manager.
-
 System users
 ============
 

administrator-manual/en/hotsync.rst

@@ -13,6 +13,11 @@ HotSync
    HotSync should be considered a `beta release <https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta>`_.
    Please test it on your environment before using in production.
 
+.. warning::
+
+   For a correct restore, it's suggested to configure HotSync on two identical servers or two servers with same network cards number, name and position. If the master and slave servers differ, the restore procedure may behave unexpectedly (see :ref:`hostync-troubleshooting-section`).
+
+
 HotSync aims to reduce downtime in case of failure, syncing your |product| with another one, that will be manually activated in case of master server failure.
 
 Normally, when a hardware damage occurs, the time needed to restore service is:
@@ -21,7 +26,7 @@ Normally, when a hardware damage occurs, the time needed to restore service is:
 2. install OS: 30 minutes
 3. restore backup: from 10 minutes to 8 hours
 
-In summary, users are able to start working again with data from the night before failure after a few hours/days. Using hotsync, time 1 and 3 are 0, 2 is 5 minutes (time to activate spare server). Users are able to start working again in few minutes, using data from a few minutes before the crash.
+In summary, users are able to start working again with data from the night before failure after a few hours/days. Using HotSync, time 1 and 3 are 0, 2 is 5 minutes (time to activate spare server). Users are able to start working again in few minutes, using data from a few minutes before the crash.
 
 
 By default all data included in backup are synchronized every 15 minutes. MariaDB databases are synchronized too, unless databases synchronization isn't disabled.
@@ -34,35 +39,41 @@ Terminology
 - MASTER is the production system SLAVE is the spare server
 - SLAVE is switched on, with an IP address different than MASTER
 - Every 15 minutes, MASTER makes a backup on SLAVE
-- An email is sent to root (admin if mail server is installed)
+- If an error occurs, an email is sent to root (admin if mail server is installed)
+- SLAVE check updates and makes some system operations every 60 minutes
 
 
 Installation
 ============
 
 .. only:: nscom
 
-    Install nethserver-hotsync on both MASTER and SLAVE, execute from command line: ::
+    Install nethserver-hotsync on both MASTER and SLAVE from Software Center or execute from command line: ::
     
-      yum install nethserver-hotsync
+      yum install -y nethserver-hotsync --enablerepo=nethforge
 
 .. only:: nsent
 
     Install nethserver-hotsync on both MASTER and SLAVE.
 
     To install the module on MASTER execute from command line: ::
 
-      yum -y install nethserver-hotsync
+      yum install -y nethserver-hotsync --enablerepo=nethforge
 
     To install the module on SLAVE execute from command line: ::
 
-      yum -y install --disablerepo=nethesis-*,nh-* nethserver-hotsync
+      yum install -y nethserver-hotsync --enablerepo=nethforge --disablerepo=nethesis-*,nh-*
 
 
 
 Configuration
 =============
 
+You can configure HotSync from Cockpit interface: access it from Master and Slave, select role and fill required fields with password and IP.
+The ``<PASSWORD>`` must be the same on master and slave.
+
+You can also configure HotSync from command line using these commands:
+
 Master
 ------
 
@@ -85,86 +96,202 @@ Slave
     [root@slave]# signal-event nethserver-hotsync-save
 
 
-The ``<PASSWORD>`` must be the same on master and slave.
-
-If mysql or postgresql are installed, they will be synchronized by default. To disable databases sync
+If mysql or postgresql are installed, they will be synchronized by default. You can disable databases sync from Master Cockpit interface or from command line on master machine with this command:
 
 ::
 
     [root@master]# config setprop hotsync databases disabled
     [root@master]# signal-event nethserver-hotsync-save
 
+.. note::
+
+   If you are using HotSync to restore FreePBX leave databases enabled, otherwise FreePBX database will not be restored properly.
+
+
 
 Enabling/Disabling
 ------------------
 
-Hotsync is enabled by default. To disable it:
+HotSync is enabled by default. To disable it uncheck the checkbox into HotSync Cockpit GUI or use this command:
 
 ::
 
     [root@slave]# config setprop hotsync status disabled
     [root@slave]# signal-event nethserver-hotsync-save
 
 
-and to re-enable it:
+and to re-enable it re-check the checkbox on interface or use CLI:
 
 ::
 
     [root@slave]# config setprop hotsync status enabled
     [root@slave]# signal-event nethserver-hotsync-save
 
 
+.. note::
+
+   After HotSync is configured, it's a good practice to launch ``hotsync`` command on master host. After master has properly syncronized, access the slave and  execute ``hotsync-slave``.
+   You can force these commands also from Cockpit GUI and check ``/var/log/messages`` logs. As best practice, the first syncrhonization should be done via command line to better check if everything is properly configured.
+
+
+.. warning::
+
+   After HotSync is configured and ``hotsync`` command executed properly, note that ``hotsync-slave`` command must be executed at least one time before proceed with ``hotsync-promote``. You can launch it manually or wait 60 minutes for automatic execution.
+
+
 
 Restore: put SLAVE in production
 ================================
 
 The following procedure puts the SLAVE in production when the master has crashed.
 
-1. switch off MASTER
+1. Switch off MASTER.
 
-2. if the SLAVE machine must run as network gateway, connect it to the
-   router/modem with a network cable
+2. If the SLAVE machine must run as network gateway, connect it to the router/modem with a network cable.
 
-3. on SLAVE, if you are connected through an ssh console, launch the ``screen``
-   command, to make your session survive to network outages::
+3. On SLAVE, if you are connected through an SSH console, launch the ``screen`` command, to make your session survive to network outages::
 
     [root@slave]# screen
 
+   As best practice, execute following procedure using a local console and not via SSH connection.
+
 4. on SLAVE launch the following command, and read carefully its output ::
 
     [root@slave]# hotsync-promote
 
-5. go to Server Manager, in page ``Network`` and reassign roles to network
-   interfaces as required
+   If no Internet connection is detected (e.g. you are restoring a firewall on a machine that was passing through crashed master for Internet connection), the scripts will purpose you some options ::
+   
+    1. Restore master network configuration (IMPORTANT: use this option only if two servers are identical - NIC number, names and positions must be identical)
+    2. Fix network configuration from Cockpit GUI (when restoring on different hardware)
+    3. Continue without internet: assign correct roles before proceed with this option. Some events could fails (not recommended)
+   
+   else restore will start automatically. If you are restore on different hardware you could encounter DC errors.
+   
+.. warning::
+
+    When restoring on identical hardware choose option 1 and network configuration will be overwritten, else choose option 2. It's not recommended to start the promote procedure without Internet access.
+    When restoring on a different hardware and you've choosed option 2, you can encounter DC errors. Please see :ref:`hostync-troubleshooting-section`.
+
+5. If necessary go to Server Manager or Cockpit GUI, in page ``Network`` and reassign roles to network interfaces as master one. Remember also to recreate bridge if you have configured DC. In case of DC errors consult troubleshooting section before proceed with network restore.
 
-6. launch the command ::
+6. After everything has been restored, launch the command ::
 
     [root@slave]# /sbin/e-smith/signal-event post-restore-data
 
-7. update the system to the latest packages version ::
+7. Update the system to the latest packages version ::
 
     [root@slave]# yum clean all && yum -y update
 
-8. if an USB backup is configured on MASTER, connect the backup HD to SLAVE
+8. If an USB backup is configured on MASTER, connect the backup HD to SLAVE
+
+.. _hostync-troubleshooting-section:
+
+Troubleshooting
+===============
+
+After restore on different hardware DC is not working
+-----------------------------------------------------
+
+Console could report some errors like these ::
+
+    [ERROR] /usr/libexec/nethserver/sambads: failed to add service primaries to system keytab
+    Action: /etc/e-smith/events/nethserver-mail-server-update/S50nethserver-sssd-initkeytabs FAILED
+    
+To solve this, restore network configuration as master (including bridges) and then launch ::
+
+    /sbin/e-smith/signal-event nethserver-dc-save
+    /sbin/e-smith/signal-event nethserver-sssd-save
+    
+
+After restore permissions on ibays are not correct
+--------------------------------------------------
+
+Restore permissions from Cockpit GUI, under File Server, open shared folder menu and click on ``Restore permissions``.
+
+
+After network restore server is unreachable
+-------------------------------------------
+
+If you cannot reach server after a network reconfiguration, check configuration and, if it's correct, try launching this commands ::
+
+    /sbin/e-smith/signal-event interface-update
+    /sbin/e-smith/signal-event nethserver-firewall-base-update
+    
+If you cannot reach the server yet, use ``network-recovery`` tool.
+
+
+Suggested check after restore
+-----------------------------
+
+When all issues have been solved, please make that:
+- configuration is restored properly
+- all enabled services are working
+- applications interfaces (e.g. freepbx, webtop) are working
+- file server is working and users can log into shared folders
+- email server is working and users can send and receive emails
+- asterisk is working and users can make calls
+
+Finally, reboot the system and check all services are working after boot.
+
 
 Supported packages
 ==================
 
-* nethserver-nextcloud
-* nethserver-mysql
-* nethserver-dnsmasq
-* nethserver-squidguard
-* nethserver-pulledpork
+All nethserver packages are supported. Here is a list of major NethServer packages:
+
 * nethserver-antivirus
-* nethserver-samba-audit
-* nethserver-freepbx > 14.0.3
-* nethserver-webtop5 (z-push state is not synchronized)
+* nethserver-backup-config
+* nethserver-backup-data
+* nethserver-base
+* nethserver-c-icap
+* nethserver-cockpit
 * nethserver-collectd
 * nethserver-cups
+* nethserver-dante
 * nethserver-dc
+* nethserver-dedalo
+* nethserver-directory
+* nethserver-dnsmasq
+* nethserver-duc
+* nethserver-ejabberd
+* nethserver-evebox
+* nethserver-fail2ban
+* nethserver-firewall-base
+* nethserver-freepbx > 14.0.3
+* nethserver-httpd
+* nethserver-hylafax
+* nethserver-iaxmodem
+* nethserver-ipsec-tunnels
+* nethserver-janus
 * nethserver-letsencrypt
+* nethserver-lightsquid
+* nethserver-mail
+* nethserver-mattermost
+* nethserver-mysql
+* nethserver-ndpi
+* nethserver-netdata
 * nethserver-nextcloud
+* nethserver-ntopng
+* nethserver-nut
+* nethserver-openssh
+* nethserver-openvpn
+* nethserver-pulledpork
+* nethserver-restore-data
+* nethserver-roundcubemail
+* nethserver-samba
+* nethserver-samba-audit
+* nethserver-squid
+* nethserver-squidclamav
+* nethserver-squidguard
 * nethserver-sssd
-* nethserver-directory
-* nethserver-ibays
-* nethserver-mail-server
+* nethserver-subscription
+* nethserver-suricata
+* nethserver-vpn-ui
+* nethserver-vsftpd
+* nethserver-webtop5 (z-push state is not synchronized)
+
+Packages nethserver-ntopng and nethserver-evebox are reinstalled without migrating history.
+
+.. warning::
+
+   To avoid errors on the slave host, do not make any changes to the modules from the Cockpit GUI except the HotSync module.

administrator-manual/en/index.rst

@@ -65,6 +65,13 @@ Administrator Manual
 
     launcher
 
+.. toctree::
+   :maxdepth: 1
+   :caption: Applications - New Server Manager
+
+   web_server
+   firewall2
+
 .. toctree::
    :maxdepth: 1
    :caption: Modules

administrator-manual/en/locale/es/LC_MESSAGES/access.po

@@ -1,12 +1,12 @@
 # #-#-#-#-#  access.pot (NethServer 7)  #-#-#-#-#
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2019, Nethesis Srl and the NethServer project contributors
+# Copyright (C) 2020, Nethesis Srl and the NethServer project contributors
 # This file is distributed under the same license as the NethServer package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 # 
 # #-#-#-#-#  access.pot (NethServer Enterprise 7)  #-#-#-#-#
 # SOME DESCRIPTIVE TITLE.
-# Copyright (C) 2019, Nethesis Srl and the NethServer project contributors
+# Copyright (C) 2020, Nethesis Srl and the NethServer project contributors
 # This file is distributed under the same license as the NethServer Enterprise package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 # 
@@ -18,7 +18,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: NethServer Enterprise 7\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-10-08 10:10+0200\n"
+"POT-Creation-Date: 2020-01-20 10:53+0100\n"
 "PO-Revision-Date: 2017-02-06 14:48+0000\n"
 "Last-Translator: Adrián Prado Castro <adrian.prado@gmail.com>, 2017\n"
 "Language-Team: Spanish (https://www.transifex.com/nethserver/teams/35834/es/)\n"