Kopie Článku Zimbra migrace - blog.iservery.com

Sorry is only for backup primary news link this

WHAT IS THE GOAL

Migrate Zimbra 7 (mailboxes, documents,…) to new 64 bit server with Zimbra 8.0.

STEP BY STEP GUIDE

1. PREPARE OLD SERVER

name: mail.domain.tld
OS: Centos 5.8 32 bit
Zimbra: Zimbra 7.2.0

<code>[zimbra@oldserver ~]$ cat /etc/redhat-release </code>
<code>CentOS release 5.8 (Final) </code>

<code>[zimbra@oldserver ~]$ zmcontrol -v </code>
<code>Release 7.2.0_GA_2669.RHEL5_20120410001957 CentOS5 FOSS edition.</code>

UPGRADE to latest zimbra for Centos 5.8(ZIMBRA 7.2.1)

# wget http://files2.zimbra.com/downloads/7.2.1_GA/zcs-7.2.1_GA_2790.RHEL5.20120815212042.tgz 
# tar xvzf zcs-7.2.1_GA ...
# cd zcs-7.2.1_GA ...
# ./install –platform-override

ERROR

Do you want to verify message store database integrity? [Y]
Verifying integrity of message store databases. This may take a while.

mysqld is alive

Database errors found.

/opt/zimbra/mysql/bin/mysqlcheck –defaults-file=/opt/zimbra/conf/my.cnf -S /opt/zimbra/db/mysql.sock -A -C -s -u root –auto-repair –password=XXXXXXXX

mysql.general_log
Error : You can’t use locks with log tables.
mysql.slow_log
Error : You can’t use locks with log tables.

This is a bug in mysql and does no hurm !!!

Upgrade was successfull.

Show new zimbra version:

[zimbra@oldserver ~]$ zmcontrol -v 
Release 7.2.1_GA_2790.RHEL5_20120815212042 CentOS5 FOSS edition.

Create backup directory for LDAP

<code># mkdir /backup # chown zimbra:zimbra /backup</code>

Backup LDAP

<code>[zimbra@oldserver ~]$ /opt/zimbra/libexec/zmslapcat -c /backup </code>
<code>[zimbra@oldserver ~]$ /opt/zimbra/libexec/zmslapcat /backup</code>

BACKUP localconfig.xml

<code>[zimbra@oldserver ~]$ cp /opt/zimbra/conf/localconfig.xml /backup</code>

Change IP ADDRESS

<code>[root@oldserver ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 </code>
<code>change IP to something else</code>

Change HOSTNAME

<code># vim /etc/hostname </code>
<code># vim /etc/hosts </code>
<code>change IP and hostname</code>

Save mail address for SPAM and HAM accounts

<code>[zimbra@mail ~]$ zmprov gacf | grep -i spamis </code>
<code>zimbraSpamIsNotSpamAccount: ham.r4qmxkaq4@domain.tld </code>
<code>zimbraSpamIsSpamAccount: spam.ydhu3gfxuh@domain.tld </code>
<code>zimbraAmavisQuarantineAccount: virus-quarantine.jllqjtji@domain.tld</code>

2. PREPARE NEW SERVER

name: mail.domain.tld
OS: Ubuntu 10.04 TLS 64bit
Zimbra: Zimbra 8.0 (first install 7.2.1)

Install Ubuntu server 10.04 LTS (minimal install + ssh server)

Create separate partition /opt for zimbra installation (size depend on size and quantity of mailboxes)

Use old mailserver hostname and IP adress

<code># vim /etc/hostname<code>
<code>mail</code>
</code></code>

Prepare HOSTS file !!!

# vim /etc/hosts
127.0.0.1 localhost
192.168.1.X mail.domain.tld mail

Setup SSH

# vim /etc/ssh/sshd_config
AllowUsers zimbra ← add this line at the end

Download ZIMBRA 7.2.1

# wget http://files2.zimbra.com/downloads/7.2.1_GA/zcs-7.2.1_GA_2790.UBUNTU10_64.20120815212201.tgz

Untar Zimbra

# tar xvzf zcs-7.2.1...

Install ZIMBRA 7.2.1 to the NEW SERVER

# cd zcs-7.2.1...
# ./install.sh
...

DNS ERROR resolving MX for mail.domain.tld
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [mail.domain.tld] domain.tld
Create domain: [mail.domain.tld] domain.tld
MX: mail.domain.tld (192.168.10.7)
Interface: 192.168.10.7
Interface: 127.0.0.1

done.

Checking for port conflicts

Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@domain.tld
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.lsmlhshnmy@domain.tld
+Enable automated spam training: yes
+Spam training user: spam.wyqzbievu@domain.tld
+Non-spam(Ham) training user: ham.vccas9hrzf@domain.tld
+SMTP host: mail.domain.tld
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://mail.domain.tld:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@domain.tld
+Version update source email: admin@domain.tld
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

CHANGE admin password …

4) Admin Password set

CHANGE antivirus quarantine user from old server.

5) Anti-virus quarantine user: virus-quarantine.jllqjtji@domain.tld

CHANGE spam training user from old server.

7) Spam training user: spam.ydku3gfyuh@domain.tld

CHANGE ham training user from old server.

8) Non-spam(Ham) training user: ham.r4ujxkaq4@domain.tld

*** CONFIGURATION COMPLETE – press ‚a‘ to apply
Select from menu, or press ‚a‘ to apply config (? – help) a
Save configuration data to a file? [Yes]
…

As zimbra user do:

zmcontrol stop
rm -rf /opt/zimbra/data/ldap/config/*
rm -rf /opt/zimbra/data/ldap/hdb/*
mkdir -p /opt/zimbra/data/ldap/hdb/db /opt/zimbra/data/ldap/hdb/logs

# chown -R zimbra:zimbra /opt/zimbra/data/ldap

3. COPY DATA TO NEW SERVER

Copy DB_CONFIG from old server to new server

# scp /opt/zimbra/data/ldap/hdb/db/DB_CONFIG mail:/opt/zimbra/data/ldap/hdb/db/

Create BACKUP directory on NEW SERVER

root@mail:~# mkdir /backup

Copy LDAP DATA from OLD SERVER to NEW SERVER

# scp /backup/ldap.bak mail:/backup/
# scp /backup/ldap-config.bak mail:/backup/

root@mail:~# chown -R zimbra:zimbra /backup/

IMPORT LDAP DATA

zimbra@mail:~$ /opt/zimbra/openldap/sbin/slapadd -q -n 0 -F /opt/zimbra/data/ldap/config -cv -l /backup/ldap-config.bak
added: "cn=config" (00000001)
added: "cn=module{0},cn=config" (00000001)
added: "cn=schema,cn=config" (00000001)
added: "cn={0}core,cn=schema,cn=config" (00000001)
added: "cn={1}cosine,cn=schema,cn=config" (00000001)
added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001)
added: "cn={3}zimbra,cn=schema,cn=config" (00000001)
added: "cn={4}amavisd,cn=schema,cn=config" (00000001)
added: "olcDatabase={-1}frontend,cn=config" (00000001)
added: "olcDatabase={0}config,cn=config" (00000001)
added: "olcDatabase={1}monitor,cn=config" (00000001)
added: "olcDatabase={2}hdb,cn=config" (00000001)
_#################### 100.00% eta   none elapsed            none fast! 
Closing DB...

IMPORT LDAP CONFIG

zimbra@mail:~$ /opt/zimbra/openldap/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -cv -l /backup/ldap.bak
added: "cn=zimbra" (00000001)
added: "cn=admins,cn=zimbra" (00000002)
added: "uid=zimbra,cn=admins,cn=zimbra" (00000003)
added: "uid=zmreplica,cn=admins,cn=zimbra" (00000004)
added: "cn=appaccts,cn=zimbra" (00000005)
added: "uid=zmnginx,cn=appaccts,cn=zimbra" (00000006)
added: "uid=zmpostfix,cn=appaccts,cn=zimbra" (00000007)
added: "uid=zmamavis,cn=appaccts,cn=zimbra" (00000008)
added: "cn=zimlets,cn=zimbra" (00000009)
added: "cn=cos,cn=zimbra" (0000000a)
added: "cn=servers,cn=zimbra" (0000000b)
added: "cn=xmppcomponents,cn=zimbra" (0000000c)
added: "cn=globalgrant,cn=zimbra" (0000000d)
added: "cn=config,cn=zimbra" (0000000e)
added: "cn=default,cn=cos,cn=zimbra" (0000000f)
added: "cn=mime,cn=config,cn=zimbra" (00000010)
added: "cn=message/rfc822,cn=mime,cn=config,cn=zimbra" (00000011)
added: "cn=text/html,cn=mime,cn=config,cn=zimbra" (00000012)
added: "cn=text/enriched,cn=mime,cn=config,cn=zimbra" (00000013)
added: "cn=text/plain,cn=mime,cn=config,cn=zimbra" (00000014)
added: "cn=text/calendar,cn=mime,cn=config,cn=zimbra" (00000015)
added: "cn=all,cn=mime,cn=config,cn=zimbra" (00000016)
added: "cn=mail.domain.tld,cn=servers,cn=zimbra" (00000017)
added: "dc=tld" (00000018)
added: "dc=domain,dc=tld" (00000019)
added: "uid=root,ou=people,dc=domain,dc=tld" (0000001b)
added: "uid=postmaster,ou=people,dc=domain,dc=tld" (0000001c)
added: "cn=conference.mail.domain.tld,cn=xmppcomponents,cn=zimbra" (0000001d)
added: "cn=com_zimbra_adminversioncheck,cn=zimlets,cn=zimbra" (0000001e)
added: "cn=com_zimbra_bulkprovision,cn=zimlets,cn=zimbra" (0000001f)
added: "cn=com_zimbra_ymemoticons,cn=zimlets,cn=zimbra" (00000020)
added: "cn=com_zimbra_cert_manager,cn=zimlets,cn=zimbra" (00000021)
added: "cn=com_zimbra_phone,cn=zimlets,cn=zimbra" (00000022)
added: "cn=com_zimbra_date,cn=zimlets,cn=zimbra" (00000023)
added: "cn=com_zimbra_email,cn=zimlets,cn=zimbra" (00000024)
….
#################### 100.00% eta   none elapsed            none fast!         
Closing DB...

COPY localconfig.xml from OLDSERVER to NEWSERVER

#  scp /backup/localconfig.xml mail:/backup/

EDIT localconfig.xml

BACKUP localconfig.xml on the NEWSERVER

zimbra@mail:~$ cp /opt/zimbra/conf/localconfig.xml /opt/zimbra/conf/localconfig.xml.orig

EDIT localconfig.xml and change values to values from OLDSERVER
(from /backup/localconfig.xml)
…
a. zimbra_mysql_password
b. mysql_root_password
c. zimbra_logger_mysql_password (Note: Transfer/copy this value to the new 64-bit server only if available from the old 32-bit server.)
d. mailboxd_keystore_password (Note: Transfer/copy this value to the new 64-bit server only if available from the old 32-bit server.)
e. mailboxd_truststore_password
f. mailboxd_keystore_base_password
g. zimbra_ldap_password
h. ldap_root_password
i. ldap_postfix_password
j. ldap_amavis_password
k. ldap_nginx_password
l. ldap_replication_password

REMOVE data from NEW SERVER

zimbra@mail:~$ rm -rf /opt/zimbra/db/data/*

COPY DATA from OLD SERVER

[root@oldserver ~]# scp -r /opt/zimbra/db/data/* mail:/opt/zimbra/db/data/

Copy MESSAGES and INDEX files from OLD SERVER to NEW SERVER

[root@oldserver ~]# scp -r /opt/zimbra/store/* mail:/opt/zimbra/store/

<code>[root@oldserver ~]# scp -r /opt/zimbra/index/* mail:/opt/zimbra/index/</code>

Transfer KEYSTORE

[root@oldserver ~]# scp /opt/zimbra/mailboxd/etc/keystore mail:/opt/zimbra/mailboxd/etc/keystore

+ Change keystore PASSWORD

[zimbra@oldserver ~]$ zmlocalconfig -s mailboxd_keystore_password
mailboxd_keystore_password = oldpassword

zimbra@mail:~$ zmlocalconfig -e mailboxd_keystore_password=oldpassword ← use oldpassword

COPY smtp,ldap,nginx CERTIFICATE and KEY from OLD to NEW server

# scp /opt/zimbra/conf/smtpd.crt mail:/opt/zimbra/conf/smtpd.crt
# scp /opt/zimbra/conf/smtpd.key mail:/opt/zimbra/conf/smtpd.key
# scp /opt/zimbra/conf/slapd.* mail:/opt/zimbra/conf/
# scp /opt/zimbra/conf/nginx.* mail:/opt/zimbra/conf/

COPY ZIMLETS FROM OLD SERVER

root@mail:~# scp -r root@oldserver:/opt/zimbra/zimlets-deployed/* /opt/zimbra/zimlets-deployed/

FIX PERMISSION as root

root@mail:~# chown -R zimbra.zimbra /opt/zimbra
root@mail:~# /opt/zimbra/libexec/zmfixperms

Start ZIMBRA 7.2.1 on NEW SERVER

zimbra@mail:~$ zmcontrol start

FIX ERRORS

ERROR 1

Host mail.domain.tld
Starting ldap…Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd…Done.
Starting logger…Failed.

Starting logswatch…ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)

zimbra logger service is not enabled! failed.
Starting mailbox…Done.
Starting antispam…Done.
Starting antivirus…Failed.
Starting amavisd…Config file „/opt/zimbra/conf/amavisd.conf“ does not exist, at /opt/zimbra/amavisd/sbin/amavisd line 1799.
failed.

Starting freshclam…done.
Starting clamd…ERROR: Can’t open/parse the config file /opt/zimbra/conf/freshclam.conf
failed.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Failed.
Starting saslauthd…saslauthd[8646] :set_auth_mech : failed to initialize mechanism zimbra

failed.
zmsaslauthdctl failed to start
Starting stats…Done.

SOLUTION 1

[root@oldserver ~]# scp /opt/zimbra/conf/amavisd.conf mail:/opt/zimbra/conf/
[root@oldserver ~]# scp /opt/zimbra/conf/freshclam.conf mail:/opt/zimbra/conf/
root@mail:~# /opt/zimbra/libexec/zmfixperms ← fix permission

ERROR 2

SOLUTION 2

CREATE CERTIFICATES

# sh reg-ssl-zimbra.sh ← run script as root

script to regenerate certificate
***********************************************************************************
#!/bin/bash
################################################################################################################
# Regenerate SSL Cert
################################################################################################################
su - zimbra -c 'zmcontrol stop'
rm -rf /opt/zimbra/ssl/*
rm -rf /opt/zimbra/ssl/.rnd
/opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
/opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
vi  /opt/zimbra/bin/zmcertmgr

# Find line 
# SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}" 
# and change to your company name

# then find and change you want value days expire cert validation_days=365 to validation_days=3650
# save /opt/zimbra/bin/zmcertmgr

/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca -localonly
/opt/zimbra/bin/zmcertmgr createcrt self -new
/opt/zimbra/bin/zmcertmgr deploycrt self

su - zimbra -c 'zmcontrol start'

/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/bin/zmcertmgr deployca

su - zimbra -c 'zmupdateauthkeys'
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
### End Script **********************************************************************

……

Host mail.domain.tld
Starting ldap…Done.
Starting zmconfigd…Done.
Starting logger…Done.
Starting mailbox…Done.
Starting antispam…Done.
Starting antivirus…Done.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.

** Saving server config key zimbraSSLCertificate…done.
** Saving server config key zimbraSSLPrivateKey…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving global config key zimbraCertAuthorityCertSelfSigned…done.
** Saving global config key zimbraCertAuthorityKeySelfSigned…done.
** Copying CA to /opt/zimbra/conf/ca…done.
Updating keys for mail.domain.tld
Fetching key for mail.domain.tld
Updating keys for mail.domain.tld
Updating /opt/zimbra/.ssh/authorized_keys

::service mta::

notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=

::service proxy::

::service mailboxd::

::service ldap::

ERROR 3

Message: system failure: Cannot WRITE index directory (mailbox=6 idxPath=/opt/zimbra/index/0/6/index/0) Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

SOLUTION 3

# chown -R zimbra.zimbra /opt/zimbra
# /opt/zimbra/libexec/zmfixperms

ERROR 4

Click to MAILQUEUE on WEB CONSOLE produce:

Message: system failure: exception during auth {RemoteManager: mail.domain.tld->zimbra@mail.domain.tld:22} Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

SOLUTION 4 ???

zimbra@mail:~$ zmprov ms mail.domain.tld zimbraRemoteManagementPort 22

PROBABLY INTERFACES FILE !!!!

There was no gateway in /etc/network/interfaces

add gateway 192.168.1.1

After I changed interfaces file, restart network with

# service networking restart

Pay attention at hosts file !!!

zimbra@mail:~$ cat /etc/hosts
127.0.0.1      localhost
192.168.1.X    mail.domain.tld   mail

NOW everything works fine.

Test MAIL SERVER by sending and receiving mail.

4. UPGRADE TO ZIMBRA 8.0

Download new Zimbra

# wget http://files2.zimbra.com/downloads/8.0.0_GA/zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627.tgz

Unpack …

# tar xvzf zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627.tgz

Install zimbra …

# cd zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627
# screen ./install.sh

….

Starting mysql…done.
ERROR 1133 (42000) at line 2: Can’t find any matching row in the user table
ERROR 1396 (HY000) at line 1: Operation DROP USER failed for “@’mail‘

Zimbra 8.0 now works.

Check running SERVICES;

# netstat -tupane | less

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 105652 23807/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 310009 19028/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 321441 23103/java
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN 0 321442 23103/java
tcp 0 0 0.0.0.0:7072 0.0.0.0:* LISTEN 0 321443 23103/java
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 321436 23103/java
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 321432 23103/java

Setup a FIREWALL:

# ufw allow proto tcp from 192.168.1.0/24 to any port 22
# ufw allow proto tcp from 192.168.1.0/24 to any port 7071
# ufw allow proto tcp from 192.168.1.0/24 to any port 7072
# ufw allow proto tcp from any to any port 25
# ufw allow proto tcp from any to any port 443
# ufw allow proto tcp from any to any port 993
# ufw enable
# ufw logging on

HELP from Zimbra wiki:

http://wiki.zimbra.com/wiki/Platform_and_OS_Independent_ZCS_to_ZCS_Migration_Using_Rsync

http://wiki.zimbra.com/wiki/Network_Edition:_Moving_from_32-bit_to_64-bit_Server

http://wiki.zimbra.com/wiki/Server_Live_sync

One Reply to “Kopie Článku Zimbra migrace”