Ajcody-Multi-Server-Installation-Notes: Difference between revisions

mNo edit summary
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Multi-Server Installation Notes==
{{BC|Zeta Alliance}}                        <!-- Note, this will also add [[Category: Zeta Alliance]] to bottom of wiki page. -->
__FORCETOC__                              <!-- Will force a TOC regards of size of article. __NOTOC__  if no TOC is wanted. -->
<div class="col-md-12 ibox-content">
==Multi-Server Installation Notes==             <!-- Normally will reflect page title. Is listed at very top of page. -->
{{KB|{{ZETA}}|{{ZCS 6.0}}|{{ZCS 5.0}}|}}            <!-- Can only handle 3 ZCS versions. -->
{{Archive}}
 
===Note - This Was Done With ZCS 5 or 6===
 
Please note, if I recall correctly, this was done against ZCS 5 or 6 , I don't recall exactly.
 
 
----


===Actual Multi-Server Installation Notes Homepage===
===Actual Multi-Server Installation Notes Homepage===
Line 986: Line 998:


=====Final Tweaks And Information Needed For It All To Work=====
=====Final Tweaks And Information Needed For It All To Work=====
======PublicServiceHostname======
Using the round-robin alias for the zimbraPublicServiceHostname variable.
* Reference:
** [[Enabling_Zimbra_Proxy#Documents_.26_Sharing]]
<pre>
$ zmprov md rr608.zimbra.DOMAIN.com zimbraPublicServiceHostname rr608.zimbra.DOMAIN.com
$ zmprov md rr608.zimbra.DOMAIN.com zimbraPublicServiceProtocol http
</pre>


======Setup SSH Keys And Logger======
======Setup SSH Keys And Logger======
Line 1,044: Line 1,068:


<pre>zmcontrol stop
<pre>zmcontrol stop
======What About The Admin Console======
The admin console needs to goto a mailstore to be resolved correctly. In our example above, we would use the round-robin address we setup that included the mailstores -- rrms608.zimbra.DOMAIN.com -- in the following format :  https://rrms608.zimbra.DOMAIN.com:7071
zmlocalconfig ldap_url
zmlocalconfig ldap_url
zmlocalconfig -e ldap_url="ldap://mail42.zimbra.DOMAIN.com:389 ldap://mail41.zimbra.DOMAIN.com:389"
zmlocalconfig -e ldap_url="ldap://mail42.zimbra.DOMAIN.com:389 ldap://mail41.zimbra.DOMAIN.com:389"
Line 1,056: Line 1,075:


With the example on this wiki, the LDAP Master and LDAP Replica don't need their ldap_url adjusted or the zmmtainit command ran.
With the example on this wiki, the LDAP Master and LDAP Replica don't need their ldap_url adjusted or the zmmtainit command ran.
======What About The Admin Console======
----
The admin console needs to goto a mailstore to be resolved correctly. In our example above, we would use the round-robin address we setup that included the mailstores -- rrms608.zimbra.DOMAIN.com -- in the following format :  https://rrms608.zimbra.DOMAIN.com:7071
----
[[Category: Community Sandbox]]
[[Category:Installation]]
[[Category:Installation Guides]]
[[Category:Multi-Server]]
[[Category:Planning and Design]]
[[Category: Author:Ajcody]]
[[Category: Zeta Alliance]]

Latest revision as of 00:40, 21 June 2016

Multi-Server Installation Notes

   KB 3836        Last updated on 2016-06-21  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Note - This Was Done With ZCS 5 or 6

Please note, if I recall correctly, this was done against ZCS 5 or 6 , I don't recall exactly.



Actual Multi-Server Installation Notes Homepage

Please see: Ajcody-Multi-Server-Installation-Notes

Related Bugs And RFE's

I'll have some to file after working through this wiki page, for another night though.

Initial Planning Information

Proxy Hostname Pre-Setup

I'll be using DNS/BIND round-robin to have a proxy hostname that will use the various ZCS servers running the proxy services. This is the hostname that end-users will use for http and pop/imap. None of the actual servers will use be set to have this hostname. I'm using rr in the hostname so it's easy to recall it's a round-robin address. See HOWTO - Configure Load Balancing for more information in regards to BIND RR setup and also here for more basics on DNS/BIND - Ajcody-Hostname-DNS#Local_DNS-BIND_Configuration_Example.

Example of BIND zone file entry:

rr608.zimbra.DOMAIN.com.        IN      MX      10      rr608.zimbra.DOMAIN.com.
rr608                           IN      A               192.168.0.41
rr608                           IN      A               192.168.0.42

mail41                          IN      A               192.168.0.41

mail42                          IN      A               192.168.0.42

mail43                          IN      A               192.168.0.43

mail44                          IN      A               192.168.0.44

rrms608                         IN      A               192.168.0.43
rrms608                         IN      A               192.168.0.44

I'll be configuring the following ZCS services for the various hostnames and in this order:

  • mail41.zimbra.DOMAIN.com
    • LDAP master, MTA, SNMP, Proxy [nginx]
  • mail43.zimbra.DOMAIN.com
    • Mailstore, Logger, Apache , Spell, Convertd, SNMP, Memcache
  • mail44.zimbra.DOMAIN.com
    • Mailstore , Archive & Discovery , Apache , Spell, Convertd, SNMP, Memcache
  • mail42.zimbra.DOMAIN.com
    • LDAP slave, MTA, SNMP, Proxy [nginx]

What we'll be able to use this round-robin hostname [rr608.zimbra.DOMAIN.com] for in our setup.

  • The proxy.node.service.hostname variable.
  • The zimbraPublicServiceHostname variable.
  • The default domainname for your email domain.
  • SMTP host for the mailstore setup.

What we'll be able to use this round-robin hostname [rrms608.zimbra.DOMAIN.com] for in our setup.

  • MTA Auth hosts
    • The MTA Auth host is a mailstore the mta quires for user authentication purposes.
RINETD And Non-ZCS Mailhub For Test Environments

Please see this if your looking to setup a test environment, it might be useful for your situation.

Installation Of LDAP Master Also With MTA Or MTA And Proxy Components

Install Of LDAP Master

The multi-server installation guide will mention:

  • Important: Install the servers in the following order
    1. LDAP server
    2. Zimbra mailbox servers
    3. Zimbra MTA servers
  • Note: Zimbra-proxy is normally installed on the MTA server or you can install it on its own server.

One thing you'll notice is the mta is last, but for many customers they might want the ldap server also to be the mta or the mta+proxy. You'll see this in the installer if you attempt to include the mta component with your first ldap server.

LDAP Master Server Package Selection

Select the packages to install

Install zimbra-ldap [Y] 
Install zimbra-logger [Y] n
Install zimbra-mta [Y] y
Install zimbra-snmp [Y] 
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-convertd [N] n
Install zimbra-memcached [N] n
Install zimbra-proxy [N] y
Checking required space for zimbra-core

Installing:
    zimbra-core
    zimbra-ldap
    zimbra-mta
    zimbra-snmp
    zimbra-proxy

### cut ###

Installing packages

    zimbra-core......zimbra-core-6.0.8_GA_2661.RHEL5_64-20100824100342.x86_64.rpm...done
    zimbra-ldap......zimbra-ldap-6.0.8_GA_2661.RHEL5_64-20100824100342.x86_64.rpm...done
    zimbra-mta......zimbra-mta-6.0.8_GA_2661.RHEL5_64-20100824100342.x86_64.rpm...done
    zimbra-snmp......zimbra-snmp-6.0.8_GA_2661.RHEL5_64-20100824100342.x86_64.rpm...done
    zimbra-proxy......zimbra-proxy-6.0.8_GA_2661.RHEL5_64-20100824100342.x86_64.rpm...done
Operations logged to /tmp/zmsetup.09122010-125617.log
Installing LDAP configuration database...done.

### cut ###

Main menu

   1) Common Configuration:                                                  
   2) zimbra-ldap:                             Enabled                       
   3) zimbra-mta:                              Enabled                       
******* +MTA Auth host:                        UNSET                         
        +Enable Spamassassin:                  yes                           
        +Enable Clam AV:                       yes                           
        +Notification address for AV alerts:   admin@rr608.zimbra.DOMAIN.com
        +Bind password for postfix ldap user:  set                           
        +Bind password for amavis ldap user:   set                           

   4) zimbra-snmp:                             Enabled                       
   5) zimbra-proxy:                            Enabled                       
   6) Enable default backup schedule:          yes                           
   r) Start servers after configuration        yes                           
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                                    

Address unconfigured (**) items  (? - help) 
LDAP Master Server Configuration Menu Choices

You'll want to set the following:

  • 1) Common Configuration
    • 4) Ldap Admin password
  • 2) zimbra-ldap
    • 2) Create Domain: yes
    • 3) Domain to create: mail41.zimbra.DOMAIN.com
      • I changed this to be : rr608.zimbra.DOMAIN.com
    • 4) Ldap root password: set
    • 5) Ldap replication password: set
    • 6) Ldap postfix password: set
    • 7) Ldap amavis password: set
    • 8) Ldap nginx password: set
  • You should have all the passwords noted somewhere for the other server installations.
  • 3) zimbra-mta
    • 1) Status: Enabled
    • 2) MTA Auth host: UNSET
      • Notice the "MTA Auth host:" defaults to UNSET. The MTA Auth host is to be a mailstore that the mta will send user pop/imap authentication requests to. You'll also notice later down in the installation guide under the "Installing Zimbra LDAP Master Server" this statement:
        • 2. Type Y and press Enter to install the zimbra-ldap package.
        • The MTA, Store and Logger packages should be marked N.
      • We are ignoring this statement in our exercise here since we also want have our LDAP Master to run the MTA component. You will later see an error message because we've done this when the installation goes to setup the MTA - documented below under Error_During_MTA_Installation
      • In my example here, I put in : rrms608.zimbra.DOMAIN.com : which will round-robin pop/imap authentication requests to all of my mailstores rather than just one mailstore.
    • 3) Enable Spamassassin: yes
    • 4) Enable Clam AV: yes
    • 5) Notification address for AV alerts: admin@rr608.zimbra.DOMAIN.com
    • 6) Bind password for postfix ldap user: set
    • 7) Bind password for amavis ldap user: set
  • 5) zimbra-proxy
    • 1) Status: Enabled
    • 2) Enable POP/IMAP Proxy: TRUE
    • 3) IMAP server port: 7143
    • 4) IMAP server SSL port: 7993
    • 5) IMAP proxy port: 143
    • 6) IMAP SSL proxy port: 993
    • 7) POP server port: 7110
    • 8) POP server SSL port: 7995
    • 9) POP proxy port: 110
    • 10) POP SSL proxy port: 995
    • 11) Bind password for nginx ldap user: set
    • 12) Enable HTTP[S] Proxy: FALSE
      • Change this to TRUE and it will automatically setup other variables as well.
        • 13) Web server HTTP port: 80
        • 14) Web server HTTPS port: 443
        • 15) HTTP proxy port: 8080
        • 16) HTTPS proxy port: 8443
        • 17) Proxy server mode: http
          • Leave this variable to http , do not change it.
Error During MTA Installation

Notice the "MTA Auth host:" being UNSET. The MTA Auth host is to be a mailstore that the mta will send auth requests to. You'll also notice later down in the installation guide under the "Installing Zimbra LDAP Master Server" this statement:

2. Type Y and press Enter to install the zimbra-ldap package. 
 The MTA, Store and Logger packages should be marked N.

You can set the mailstore hostname though, even before it has been setup. You'll see an error message like this later though.

WARNING

You are configuring this host as an MTA server, but the specified mailstore
used for authentication has not been configured to run the mailbox service yet.
This will cause smtp authentication to fail.

To correct this - after installing a mailstore server,
reset the zimbraMtaAuthHost attribute for this server:
/opt/zimbra/bin/zmprov -m -l ms mail41.zimbra.DOMAIN.com zimbraMtaAuthHost rrms608.zimbra.DOMAIN.com

Once done, start the MTA:
zmmtactl start

Press return to continue
 
Setting MTA auth host...failed.
Error During Proxy Installation

If you also included Proxy during the install of your LDAP master, you'll see this later during the installation after it does the MTA message above.

WARNING

You are configuring this host as a proxy server, but there is currently no 
mailstore to proxy.  This will cause proxy startup to fail.
Once you have installed a store server, start the proxy service:
zmproxyctl start

Press return to continue
 
WARNING

You are configuring this host as a proxy server, but there is currently no 
memcached service for proxy.  The proxy service will not work correctly.
Once you have installed a memcached server, restart the proxy service:
zmproxyctl restart

Press return to continue
 
Initializing mta config...done.
Status Once Finished With Installer On Ldap Master Plus MTA And Proxy

Just to show the status of the server once the installation is over.

$ zmcontrol restart
Host mail41.zimbra.DOMAIN.com
        Stopping stats...Done.
        Stopping mta...Done.
        Stopping spell...Done.
        Stopping snmp...Done.
        Stopping archiving...Done.
        Stopping antivirus...Done.
        Stopping antispam...Done.
        Stopping imapproxy...Done.
        Stopping memcached...Done.
        Stopping mailbox...Done.
        Stopping logger...Done.
        Stopping ldap...Done.
Host mail41.zimbra.DOMAIN.com
        Starting ldap...Done.
        Starting imapproxy...Failed.
/opt/zimbra/conf/nginx.conf is missing.
Starting nginx...failed.  /opt/zimbra/conf/nginx.conf is missing.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting mta...Failed.
Starting zmmtaconfig...zmmtaconfig is already running.
Starting saslauthd...saslauthd[13910] :set_auth_mech   : 
    failed to initialize mechanism zimbra failed.
zmsaslauthdctl failed to start

 Starting stats...Done.

$ zmcontrol status
Host mail41.zimbra.DOMAIN.com
        antispam                Running
        antivirus               Running
        imapproxy               Stopped
                zmnginxctl is not running
        ldap                    Running
        mta                     Stopped
                zmsaslauthdctl is not running
        snmp                    Running
        stats                   Running
Now The First Mailstore Install

Now we'll setup the first mailstore, the same mailstore that uses the hostname that you used on the LDAP master for the MTA Auth host variable.

First Mailstore Server Package Selection

Packing selection, my example also assumes proxy was included on the LDAP master.

Select the packages to install

Install zimbra-ldap [Y] n
Install zimbra-logger [Y] y
Install zimbra-mta [Y] n
Install zimbra-snmp [Y] y
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
Install zimbra-convertd [Y] y
Install zimbra-memcached [N] y
Install zimbra-proxy [N] n
Install zimbra-archiving [N] n
Checking required space for zimbra-core
checking space for zimbra-store

Installing:
    zimbra-core
    zimbra-logger
    zimbra-snmp
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-convertd
    zimbra-memcached
First Mailstore Server Configuration Menu Choices

And then you'll end up with the configuration menu, shown below. We'll first want to setup the ldap options.

   1) Common Configuration:                                                  
        +Hostname:                             mail43.zimbra.DOMAIN.com    
******* +Ldap master host:                     UNSET                         
        +Ldap port:                            389                           
******* +Ldap Admin password:                  UNSET                         
        +LDAP Base DN:                         cn=zimbra                     
        +Secure interprocess communications:   yes                           
        +TimeZone:                             America/Chicago               

   2) zimbra-store:                            Enabled                       
        +Create Admin User:                    yes                           
        +Admin user to create:                 admin@mail43.zimbra.DOMAIN.com
******* +Admin Password                        UNSET                         
        +Enable automated spam training:       yes                           
        +Spam training user:                   spam.piktnhwfc2@mail43.zimbra.DOMAIN.com
        +Non-spam(Ham) training user:          ham.z7qq8w1mb@mail43.zimbra.DOMAIN.com
        +Global Documents Account:             wiki@mail43.zimbra.DOMAIN.com
******* +SMTP host:                            UNSET                         
        +Web server HTTP port:                 80                            
        +Web server HTTPS port:                443                           
        +Web server mode:                      http                          
        +IMAP server port:                     143                           
        +IMAP server SSL port:                 993                           
        +POP server port:                      110                           
        +POP server SSL port:                  995                           
        +Use spell check server:               yes                           
        +Spell server URL:                     http://mail43.zimbra.DOMAIN.com:7780/aspell.php
        +Configure for use with mail proxy:    FALSE                         
        +Configure for use with web proxy:     FALSE                         
        +Enable version update checks:         TRUE                          
        +Enable version update notifications:  TRUE                          
        +Version update notification email:    admin@mail43.zimbra.DOMAIN.com
        +Version update source email:          admin@mail43.zimbra.DOMAIN.com
******* +License filename:                     UNSET                         

   3) zimbra-snmp:                             Enabled                       
   4) zimbra-logger:                           Enabled                       
   5) zimbra-spell:                            Enabled                       
   6) zimbra-convertd:                         Enabled                       
   7) Default Class of Service Configuration:                                
   8) Enable default backup schedule:          yes                           
   r) Start servers after configuration        yes                           
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                                    

Address unconfigured (**) items  (? - help)

Select 1, for the Common Configuration options.

  • 1) Common Configuration
    • 1) Hostname: mail43.zimbra.DOMAIN.com
    • **2) Ldap master host: UNSET
      • Set this to your LDAP Master's hostname - mail41.zimbra.DOMAIN.com in our example here.
    • 3) Ldap port: 389
    • ** 4) Ldap Admin password: UNSET
      • This was the Ldap Admin password that you set during the LDAP Master installation.
    • 5) LDAP Base DN: cn=zimbra
    • 6) Secure interprocess communications: yes
    • 7) TimeZone: America/Chicago

Ending up with something that looks like:

Common configuration
   1) Hostname:                                mail43.zimbra.DOMAIN.com    
   2) Ldap master host:                        mail41.zimbra.DOMAIN.com    
   3) Ldap port:                               389                           
   4) Ldap Admin password:                     set                           
   5) LDAP Base DN:                            cn=zimbra                     
   6) Secure interprocess communications:      yes                           
   7) TimeZone:                                America/Chicago               
Select, or 'r' for previous menu [r] r

Hit , R , to go back to the main configuration screen. Once the installer has the information for the ldap master and the ldap admin password is will pull down the configuration options that are relevant from the ldap master. Now we'll configure the "2) zimbra-store" options. Variables we'll need to change or confirm that it is what you want under the 2) zimbra-store: section:

  • +Admin Password UNSET
    • This is the admin user password that you use, for example, to log into the web admin console.
  • +Web server mode: http
    • Please enter the web server mode (http,https,both,mixed,redirect) [http]
    • Note - In the admin guide under the Proxy section, you'll see it states that only HTTP is supported . It says, "zimbraMailMode to http. This is the only supported mode." The zimbraMailMode, which is set to HTTP on the mailstores, is different than zimbraReverseProxyMailMode - which is set to BOTH on the proxy hosts.
      • Reference is Latest Admin Guide under Working with Zimbra Proxy > Configuring ZCS HTTP Proxy.
  • +SMTP host: UNSET
    • In our example here, we'll use our round-robin hostname that will resolve to our two ldap+mta+proxy servers. Normally, you would put the hostname of the one server or a server that has the mta package installed.
    • I didn't get an error while setting this in the configuration panel though the mta service was still not running on the ldap master - see above.
  • +Configure for use with mail proxy: FALSE
    • I set to TRUE. This is either TRUE or FALSE , related to memcache I believe. We are lacking doc's that use the phrase in the installer.
  • +Configure for use with web proxy: FALSE
    • I set to TRUE. This is either TRUE or FALSE , related to memcache I believe. We are lacking doc's that use the phrase in the installer.
  • +License filename: UNSET

My final setup for the 2) zimbra-store section was:

Store configuration
   1) Status:                                  Enabled                       
   2) Create Admin User:                       yes                           
   3) Admin user to create:                    admin@rr608.zimbra.DOMAIN.com
   4) Admin Password                           set                           
   5) Enable automated spam training:          yes                           
   6) Spam training user:                      spam.vrz5nb5c7u@rr608.zimbra.DOMAIN.com
   7) Non-spam(Ham) training user:             ham.nyel0ae_@rr608.zimbra.DOMAIN.com
   8) Global Documents Account:                wiki@rr608.zimbra.DOMAIN.com
   9) SMTP host:                               rr608.zimbra.DOMAIN.com     
  10) Web server HTTP port:                    80                            
  11) Web server HTTPS port:                   443                           
  12) HTTP proxy port:                         8080                          
  13) HTTPS proxy port:                        8443                          
  14) Web server mode:                         http                          
  15) IMAP server port:                        143                           
  16) IMAP server SSL port:                    993                           
  17) IMAP proxy port:                         7143                          
  18) IMAP SSL proxy port:                     7993                          
  19) POP server port:                         110                           
  20) POP server SSL port:                     995                           
  21) POP proxy port:                          7110                          
  22) POP SSL proxy port:                      7995                          
  23) Use spell check server:                  yes                           
  24) Spell server URL:                        http://mail43.zimbra.DOMAIN.com:7780/aspell.php
  25) Configure for use with mail proxy:       TRUE                          
  26) Configure for use with web proxy:        TRUE                          
  27) Enable version update checks:            TRUE                          
  28) Enable version update notifications:     TRUE                          
  29) Version update notification email:       admin@rr608.zimbra.DOMAIN.com
  30) Version update source email:             admin@rr608.zimbra.DOMAIN.com

You should now be ready to apply the configuration and continue to the next parts of the installation.

Finalize Setup Of Second Mailstore Components

You now see the installation finalize all the component configuration.

One thing to note is I saw this message in the CLI log output:

Setting zimbraSmtpHostname for mail43.zimbra.DOMAIN.com...done.
Configuring SNMP...done.

Though we had the following variable set:

9) SMTP host:   rr608.zimbra.DOMAIN.com

But, after the install finished I then doubled checked the variable settings on the mailstore.

# su - zimbra
[zimbra@mail44 ~]$ zmprov gs `zmhostname`|grep -i smtp
zimbraSmtpHostname: rr608.zimbra.DOMAIN.com
zimbraSmtpPort: 25
zimbraSmtpSendPartial: FALSE
zimbraSmtpTimeout: 60
Checking Status Of Both Servers

Once the mailstore server is done with the installation, both servers should be functioning fully. A status check on the LDAP master will show no error now.

On the LDAP master:

[zimbra@mail41 ~]$ zmcontrol status
Host mail41.zimbra.DOMAIN.com
        antispam                Running
        antivirus               Running
        imapproxy               Running
        ldap                    Running
        mta                     Running
        snmp                    Running
        stats                   Running
[zimbra@mail41 ~]$ zmprov -l gas
mail41.zimbra.DOMAIN.com
mail43.zimbra.DOMAIN.com

On the mailstore you just installed, service should show running as well.

[zimbra@mail43 ~]$ zmcontrol status 
Host mail43.zimbra.DOMAIN.com
        convertd                Running
        logger                  Running
        mailbox                 Running
        memcached               Running
        snmp                    Running
        spell                   Running
        stats                   Running

One should even be able to create an account from the CLI on the LDAP master now.

On the LDAP master:

$ zmprov -l ca ajcody@rr608.zimbra.DOMAIN.com My_Password displayName 'Adam Cody' givenName Adam sn Cody
c73829c2-3321-4e6c-bc7a-6c8eb29c4e3c

You should now be able to login to the ZWC client using this client. The url that should work is http://[Round-Robin Alias Hostname.DOMAIN - http://rr608.zimbra.DOMAIN.com using our example here. Note though, if you already included other proxy servers in DNS/BIND for the round-robin entry you might need to test using the ip address of your LDAP Master instead. Your client might of pulled the other ip address of the other server you have yet to set up. If you didn't setup a round-robin hostname, then http://[LDAP Master Hostname.DOMAIN should work.

A direct call to the mailstore, like this: http://[Mailstore Hostname].DOMAIN should fail. If the opposite is true, then you most likely changed zimbraMailMode from the default of http to something else. See the below section about fixing this.

Remember, on the proxy node [LDAP Master], you can check the following logs to see what is happening with your proxy setup.

  • /opt/zimbra/log/nginx.log
  • /opt/zimbra/log/nginx.access.log
Proxy Isn't Working For HTTP Clients - Login Issues

During the installation configuration section, under the 2) zimbra-store: section, you most likely changed Web server mode to something other than http. Here's my notes about that variable and later fixing it.

  • +Web server mode: http
    • Please enter the web server mode (http,https,both,mixed,redirect) [http]
    • Note - In the admin guide under the Proxy section, you'll see that it states only HTTP is supported . It says, "zimbraMailMode to http. This is the only supported mode." The zimbraMailMode, which is set to HTTP on the mailstores, is different than zimbraReverseProxyMailMode - which is set to BOTH on the proxy hosts.
      • Reference is Latest Admin Guide under Working with Zimbra Proxy > Configuring ZCS HTTP Proxy.
      • If you messed this up, to fix under ZCS 6+ after the installation was done on both servers.
        • On the Mailstore do:
          • /opt/zimbra/libexec/zmproxyconfig -e -w -H mailbox.node.service.hostname
            • Example:
            • /opt/zimbra/libexec/zmproxyconfig -e -w -H mail43.zimbra.DOMAIN.com
            • zmcontrol restart
          • and for each domain you currently have configured, do:
          • zmprov modifyDomain <domain.com> zimbraPublicServiceHostname <hostname.domain.com>
            • Example:
            • zmprov modifyDomain rr608.zimbra.DOMAIN.com zimbraPublicServiceHostname rr608.zimbra.DOMAIN.com
        • On LDAP master with mta and proxy installed:
          • /opt/zimbra/libexec/zmproxyconfig -e -w -H proxy.node.service.hostname
            • Example:
            • /opt/zimbra/libexec/zmproxyconfig -e -w -H mail41.zimbra.DOMAIN.com
            • zmcontrol restart
  • Note : After I resolved the proxy configuration testing ZWC accessed showed that I had to use the round-robin hostname I have and that using the ip address of my LDAP master wouldn't work. The ZWC client would give the following if I used the LDAP master ip address in the url:
    • 500 Internal Server Error - nginx
  • See CLI_zmtlsctl_to_set_Web_Server_Mode for more about the zimbraMailMode
Proxy Isn't Working For HTTP Clients - Email Sending Issues

If you try to send an email with the ZWC client, you might get an error about mail.TRY_AGAIN . This, again, is probably because you have setup the round-robin option in DNS/BIND for your SMTP/MTA variables. Your mailstore probably queried an ip address for the hostname, rr608.zimbra.DOMAIN.com using our example, that hasn't has Zimbra installed yet. For example, here's what my mailstore - mail43 - showed when I couldn't send.

$ host rr608.zimbra.DOMAIN.com
rr608.zimbra.DOMAIN.com has address 192.168.0.42
rr608.zimbra.DOMAIN.com has address 192.168.0.41
rr608.zimbra.DOMAIN.com mail is handled by 10 rr608.zimbra.DOMAIN.com.

192.168.0.42 is for mail42 in my example here and I still haven't installed Zimbra on it yet.

Other error messages you might see - example from mailbox.log on mailstore user was created on:

com.zimbra.common.service.ServiceException: system failure: Unable to get SMTP session for [com.zimbra.cs.account.ldap.LdapAccount ajcody@rr608.zimbra.DOMAIN.com]
ExceptionId:btpool0-12://rr608.zimbra.DOMAIN.com/service/soap/SendMsgRequest:1284347327964:0d190c6e6fa9bec4
Code:service.FAILURE
        at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:248)
 [cut]
        at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:413)
        at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Caused by: javax.mail.MessagingException: No SMTP hosts available for domain rr608.zimbra.DOMAIN.com
 [cut]

This issue should disappear once all your MTA servers that are in your round-robin hostname [rr608.zimbra.DOMAIN.com in our example] have ZCS installed, configured, and are running.

The Second Mailstore Installation
Second Mailstore Server Package Selection

Select the packages to install

Install zimbra-ldap [Y] n

Install zimbra-logger [Y] n

Install zimbra-mta [Y] n

Install zimbra-snmp [Y] y

Install zimbra-store [Y] y

Install zimbra-apache [Y] y

Install zimbra-spell [Y] y

Install zimbra-convertd [Y] y

Install zimbra-memcached [N] y

Install zimbra-proxy [N] n

Install zimbra-archiving [N] y
Checking required space for zimbra-core
checking space for zimbra-store

Installing:
    zimbra-core
    zimbra-snmp
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-convertd
    zimbra-memcached
    zimbra-archiving
Second Mailstore Server Configuration Menu Choices

And then you'll end up with the configuration menu, shown below. We'll first want to setup the ldap options.

   1) Common Configuration:                                                  
        +Hostname:                             mail44.zimbra.DOMAIN.com    
******* +Ldap master host:                     UNSET                         
        +Ldap port:                            389                           
******* +Ldap Admin password:                  UNSET                         
        +LDAP Base DN:                         cn=zimbra                     
        +Secure interprocess communications:   yes                           
        +TimeZone:                             America/Chicago               

   2) zimbra-store:                            Enabled                       
        +Create Admin User:                    yes                           
        +Admin user to create:                 admin@mail44.zimbra.DOMAIN.com
******* +Admin Password                        UNSET                         
        +Enable automated spam training:       yes                           
        +Spam training user:                   spam.piktnhwfc2@mail44.zimbra.DOMAIN.com
        +Non-spam(Ham) training user:          ham.z7qq8w1mb@mail44.zimbra.DOMAIN.com
        +Global Documents Account:             wiki@mail44.zimbra.DOMAIN.com
******* +SMTP host:                            UNSET                         
        +Web server HTTP port:                 80                            
        +Web server HTTPS port:                443                           
        +Web server mode:                      http                          
        +IMAP server port:                     143                           
        +IMAP server SSL port:                 993                           
        +POP server port:                      110                           
        +POP server SSL port:                  995                           
        +Use spell check server:               yes                           
        +Spell server URL:                     http://mail44.zimbra.DOMAIN.com:7780/aspell.php
        +Configure for use with mail proxy:    FALSE                         
        +Configure for use with web proxy:     FALSE                         
        +Enable version update checks:         TRUE                          
        +Enable version update notifications:  TRUE                          
        +Version update notification email:    admin@mail44.zimbra.DOMAIN.com
        +Version update source email:          admin@mail44.zimbra.DOMAIN.com
******* +License filename:                     UNSET                         

   3) zimbra-snmp:                             Enabled                       
   4) zimbra-logger:                           Enabled                       
   5) zimbra-spell:                            Enabled                       
   6) zimbra-convertd:                         Enabled                       
   7) Default Class of Service Configuration:                                
   8) Enable default backup schedule:          yes                           
   r) Start servers after configuration        yes                           
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                                    

Address unconfigured (**) items  (? - help)

Select 1, for the Common Configuration options.

  • 1) Common Configuration
    • 1) Hostname: mail44.zimbra.DOMAIN.com
    • **2) Ldap master host: UNSET
      • Set this to your LDAP Master's hostname - mail41.zimbra.DOMAIN.com in our example here.
    • 3) Ldap port: 389
    • ** 4) Ldap Admin password: UNSET
      • This was the Ldap Admin password that you set during the LDAP Master installation.
    • 5) LDAP Base DN: cn=zimbra
    • 6) Secure interprocess communications: yes
    • 7) TimeZone: America/Chicago

Ending up with something that looks like:

Common configuration
   1) Hostname:                                mail44.zimbra.DOMAIN.com    
   2) Ldap master host:                        mail41.zimbra.DOMAIN.com    
   3) Ldap port:                               389                           
   4) Ldap Admin password:                     set                           
   5) LDAP Base DN:                            cn=zimbra                     
   6) Secure interprocess communications:      yes                           
   7) TimeZone:                                America/Chicago               
Select, or 'r' for previous menu [r] r

Hit , R , to go back to the main configuration screen. Once the installer has the information for the ldap master and the ldap admin password is will pull down the configuration options that are relevant from the ldap master. Now we'll configure the "2) zimbra-store" options. Variables we'll need to change or confirm that it is what you want under the 2) zimbra-store: section:

  • +Admin Password UNSET
    • This is the admin user password that you use, for example, to log into the web admin console.
  • +Web server mode: http
    • Please enter the web server mode (http,https,both,mixed,redirect) [http]
    • Note - In the admin guide under the Proxy section, you'll see it states that only HTTP is supported . It says, "zimbraMailMode to http. This is the only supported mode." The zimbraMailMode, which is set to HTTP on the mailstores, is different than zimbraReverseProxyMailMode - which is set to BOTH on the proxy hosts.
      • Reference is Latest Admin Guide under Working with Zimbra Proxy > Configuring ZCS HTTP Proxy.
  • +SMTP host: UNSET
    • In our example here, we'll use our round-robin hostname that will resolve to our two ldap+mta+proxy servers. Normally, you would put the hostname of the one server or a server that has the mta package installed.
    • I didn't get an error while setting this in the configuration panel though the mta service was still not running on the ldap master - see above.
  • +Configure for use with mail proxy: FALSE
    • I set to TRUE. This is either TRUE or FALSE , related to memcache I believe. We are lacking doc's that use the phrase in the installer.
  • +Configure for use with web proxy: FALSE
    • I set to TRUE. This is either TRUE or FALSE , related to memcache I believe. We are lacking doc's that use the phrase in the installer.
  • +License filename: UNSET

My final setup for the 2) zimbra-store section was:

Store configuration
   1) Status:                                  Enabled                       
   2) Create Admin User:                       no                            
   3) Enable automated spam training:          yes                           
   4) SMTP host:                               rr608.zimbra.DOMAIN.com       
   5) Web server HTTP port:                    80                            
   6) Web server HTTPS port:                   443                           
   7) HTTP proxy port:                         8080                          
   8) HTTPS proxy port:                        8443                          
   9) Web server mode:                         http                          
  10) IMAP server port:                        143                           
  11) IMAP server SSL port:                    993                           
  12) IMAP proxy port:                         7143                          
  13) IMAP SSL proxy port:                     7993                          
  14) POP server port:                         110                           
  15) POP server SSL port:                     995                           
  16) POP proxy port:                          7110                          
  17) POP SSL proxy port:                      7995                          
  18) Use spell check server:                  yes                           
  19) Spell server URL:                        http://mail44.zimbra.DOMAIN.com:7780/aspell.php
  20) Configure for use with mail proxy:       TRUE                          
  21) Configure for use with web proxy:        TRUE                          
  22) Enable version update checks:            TRUE                          
  23) Enable version update notifications:     TRUE 

You should now be ready to apply the configuration and continue to the next parts of the installation.

Finalize Setup Of First Mailstore Components

You now see the installation finalize all the component configuration.

One thing to note is I saw this message in the CLI log output:

Setting zimbraSmtpHostname for mail44.zimbra.DOMAIN.com...done.
Configuring SNMP...done.

Though we had the following variable set:

9) SMTP host:   rr608.zimbra.DOMAIN.com

But, after the install finished I then doubled checked the variable settings on the mailstore.

# su - zimbra
[zimbra@mail43 ~]$ zmprov gs `zmhostname`|grep -i smtp
zimbraSmtpHostname: rr608.zimbra.DOMAIN.com
zimbraSmtpPort: 25
zimbraSmtpSendPartial: FALSE
zimbraSmtpTimeout: 60
The Second LDAP-MTA-PROXY Installation
Enable Replication On LDAP Master Before Continuing

[zimbra@mail41 ~]$ /opt/zimbra/libexec/zmldapenablereplica 
Enabling sync provider on master...succeeded
Second LDAP-MTA-PROXY Server Package Selection

Select the packages to install

Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] n
Install zimbra-mta [Y] y
Install zimbra-snmp [Y] y
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-convertd [N] n
Install zimbra-memcached [N] n
Install zimbra-proxy [N] y

Checking required space for zimbra-core

Installing:
    zimbra-core
    zimbra-ldap
    zimbra-mta
    zimbra-snmp
    zimbra-proxy
Second LDAP-MTA-PROXY Server Configuration Menu Choices

You'll want to set the following:

  • 1) Common Configuration
    • 1) Hostname: mail42.zimbra.DOMAIN.com
      • This will stay as is since it's asking for the local servers name.
    • 2) Ldap master host: mail42.zimbra.DOMAIN.com
      • This will get CHANGED to the LDAP MASTER
        • Ldap master host: mail41.zimbra.DOMAIN.com
    • 4) Ldap Admin password: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
      • I had to set my to the correct password - it was using a random generated one.
  • 2) zimbra-ldap
    • 2) Create Domain: yes
      • Change this to be NO.
    • 4) Ldap root password: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
      • I had to set my to the correct password - it was using a random generated one.
    • 5) Ldap replication password: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
      • I had to set my to the correct password - it was using a random generated one.
    • 6) Ldap postfix password: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
      • I had to set my to the correct password - it was using a random generated one.
    • 7) Ldap amavis password: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
      • I had to set my to the correct password - it was using a random generated one.
    • 8) Ldap nginx password: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
      • I had to set my to the correct password - it was using a random generated one.
  • You should have all the passwords noted somewhere for the other server installations.
  • 3) zimbra-mta
    • 1) Status: Enabled
    • 2) MTA Auth host: UNSET
      • Notice the "MTA Auth host:" defaults to UNSET. The MTA Auth host is to be a mailstore that the mta will send user pop/imap authentication requests to. You'll also notice later down in the installation guide under the "Installing Zimbra LDAP Master Server" this statement:
        • 2. Type Y and press Enter to install the zimbra-ldap package.
        • The MTA, Store and Logger packages should be marked N.
      • We are ignoring this statement in our exercise here since we also want have our LDAP Master to run the MTA component. You will later see an error message because we've done this when the installation goes to setup the MTA - documented below under Error_During_MTA_Installation
      • In my example here, I put in : rrms608.zimbra.DOMAIN.com : which will round-robin pop/imap authentication requests to all of my mailstores rather than just one mailstore.
    • 3) Enable Spamassassin: yes
    • 4) Enable Clam AV: yes
    • 5) Notification address for AV alerts: admin@mail42.zimbra.DOMAIN.com
      • Change this to be admin@rr608.zimbra.DOMAIN.com .
    • 6) Bind password for postfix ldap user: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
    • 7) Bind password for amavis ldap user: set
      • Check that the password is set correctly -- as it was set on the LDAP Master.
  • 5) zimbra-proxy
    • 1) Status: Enabled
    • 2) Enable POP/IMAP Proxy: TRUE
    • 3) IMAP server port: 7143
    • 4) IMAP server SSL port: 7993
    • 5) IMAP proxy port: 143
    • 6) IMAP SSL proxy port: 993
    • 7) POP server port: 7110
    • 8) POP server SSL port: 7995
    • 9) POP proxy port: 110
    • 10) POP SSL proxy port: 995
    • 11) Bind password for nginx ldap user: set
    • 12) Enable HTTP[S] Proxy: FALSE
      • Change this to TRUE and it will automatically setup other variables as well.
        • 13) Web server HTTP port: 80
        • 14) Web server HTTPS port: 443
        • 15) HTTP proxy port: 8080
        • 16) HTTPS proxy port: 8443
        • 17) Proxy server mode: http
          • Leave this variable to http , do not change it.
Finalize Setup Of Second LDAP-MTA-PROXY Components

Including the output of the log events as shown as the installation finishes here.

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.8156] 
Saving config in /opt/zimbra/config.8156...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup.09122010-222512.log
Setting local config values...done.
Updating ldap_root_password and zimbra_ldap_password...done.
Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL certificate...done.
Installing MTA SSL certificates...done.
Creating server entry for mail42.zimbra.DOMAIN.com...done.
Updating ldap_root_password and zimbra_ldap_password...done.
Enabling ldap replication...done.
Stopping ldap...done.
Running bdb db_recover...done.
Running zmldapapplyldif...done.
Checking ldap status....already running.
Setting ldap root password...done.
Setting ldap admin password...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
WARNING

You are configuring this host as an MTA server, but the specified mailstore
used for authentication has not been configured to run the mailbox service yet.
This will cause smtp authentication to fail.

To correct this - after installing a mailstore server,
reset the zimbraMtaAuthHost attribute for this server:
/opt/zimbra/bin/zmprov -m -l ms mail42.zimbra.DOMAIN.com zimbraMtaAuthHost rrms608.zimbra.DOMAIN.com

Once done, start the MTA:
zmmtactl start

Press return to continue
 
Setting MTA auth host...failed.
Initializing mta config...done.
Setting services on mail42.zimbra.DOMAIN.com...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Setting default backup schedule...Done
Starting servers...done.
Setting up zimbra crontab...done.
Moving /tmp/zmsetup.09122010-222512.log to /opt/zimbra/log
Configuration complete - press return to exit 
Final Tweaks And Information Needed For It All To Work
PublicServiceHostname

Using the round-robin alias for the zimbraPublicServiceHostname variable.

$ zmprov md rr608.zimbra.DOMAIN.com zimbraPublicServiceHostname rr608.zimbra.DOMAIN.com
$ zmprov md rr608.zimbra.DOMAIN.com zimbraPublicServiceProtocol http
Setup SSH Keys And Logger

You probably noticed some small oddities and also that the graphing isn't working in the admin console except for the one mailstore we installed logger on. Let's resolve this.

  • On First Mailstore - the one that had logger installed on it, only one mailstore needs logger installed.
    • Populate SSH keys.
      •  su - zimbra
      • zmupdateauthkeys
    • Setup Logger to accept data from other ZCS servers.
      • As root
      • Edit the /etc/sysconfig/syslog file, add -r to the SYSLOGD_OPTIONS setting, SYSLOGD_options=”-r -m 0”
      • Stop the syslog daemon.
        • /etc/init.d/syslog restart
        • Or, if restart isn't an option, then:
        • /etc/init.d/syslog stop
        • /etc/init.d/syslog start
  • On Second Mailstore
    • Populate SSH keys.
      •  su - zimbra
      • zmupdateauthkeys
    • Setup Logger to push data to the logger host - i.e. The First Mailstore.
      • As root
      • /opt/zimbra/libexec/zmsyslogsetup
  • On Second LDAP-MTA-PROXY Server
    • Populate SSH keys.
      •  su - zimbra
      • zmupdateauthkeys
    • Setup Logger to push data to the logger host - i.e. The First Mailstore.
      • As root
      • /opt/zimbra/libexec/zmsyslogsetup
  • On First LDAP-MTA-PROXY Server
    • Populate SSH keys.
      •  su - zimbra
      • zmupdateauthkeys
    • Setup Logger to push data to the logger host - i.e. The First Mailstore.
      • As root
      • /opt/zimbra/libexec/zmsyslogsetup
LDAP Replica In LDAP_URL

You'll want to add the LDAP replica in the ldap_url for the mailstores.

For example, on mailstore servers without MTA - as zimbra

zmcontrol stop
zmlocalconfig ldap_url
zmlocalconfig -e ldap_url="ldap://mail42.zimbra.DOMAIN.com:389 ldap://mail41.zimbra.DOMAIN.com:389"
zmcontrol start

For example, on MTA servers - you'll need to add an extra step.

zmcontrol stop
zmlocalconfig ldap_url
zmlocalconfig -e ldap_url="ldap://mail42.zimbra.DOMAIN.com:389 ldap://mail41.zimbra.DOMAIN.com:389"
zmcontrol start
/opt/zimbra/libexe/zmmtainit

With the example on this wiki, the LDAP Master and LDAP Replica don't need their ldap_url adjusted or the zmmtainit command ran.

What About The Admin Console

The admin console needs to goto a mailstore to be resolved correctly. In our example above, we would use the round-robin address we setup that included the mailstores -- rrms608.zimbra.DOMAIN.com -- in the following format : https://rrms608.zimbra.DOMAIN.com:7071


Jump to: navigation, search