Bobby-Notes

Revision as of 19:31, 13 October 2008 by Cfremon (talk | contribs) (Adding category)

Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only)

The preferred method of transferring users from one ZCS machine to another ZCS machine is the "mailbox move" method. There are two main advantages of this method: 1. user data (i.e. mail, contacts, and calendar) is maintained, and 2. the accounts are moved one at a time, and both servers are active, so that only the account currently being moved will be inaccessible. This method typically involves three main stages: 1. making the new server an ldap replica of the original server, 2. moving all the accounts to the new server, and 3. promoting the new server to be the master.

Scenario

You have an old server called mail1, and you have a new server called mail2. You wish to transfer users from mail1 to mail2. You are installing ZCS on mail2 and configuring it as an ldap-replica.

Configuring the new server

First, enable ldap replication on the old server (mail1).

[root@mail1]# su - zimbra
[zimbra@mail1]$ ~/libexec/zmldapenablereplica

Then check the current version and ldap passwords on mail1.

[zimbra@mail1 ~]$ zmcontrol -v
Release 5.0.9_GA_2534.RHEL4_20080814054137 RHEL4 NETWORK edition

[zimbra@mail1 ~]$ zmlocalconfig -s |grep ldap |grep password
ldap_amavis_password = zmamavis
ldap_nginx_password = zmnginx
ldap_postfix_password = zmpostfix
ldap_replication_password = zmreplica
ldap_root_password = A1eRG0zP
zimbra_ldap_password = A1eRG0zP

Install ZCS on mail2. Make sure to install the same ZCS version as mail1.

1. During the configuration stage of the installation, you will be presented will the configuration Main menu.

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-store:                            Enabled
        +Create Admin User:                    yes
        +Admin user to create:                 admin@mail2.domain.com
******* +Admin Password                        UNSET
  • Choose the first item ("Common Configuration") so that you can desigate mail1 as the existing ldap master.

2. You should see something like this:

Common configuration

   1) Hostname:                                    mail2.domain.com
   2) Ldap master host:                            mail2.domain.com
   3) Ldap port:                                   389
   4) Ldap Admin password:                         set
   5) Require secure interprocess communications:  yes
   6) TimeZone:                                (GMT-08.00) Pacific Time (US & Canada)
  • Choose item 2 and enter mail1 as the ldap master.
  • Choose item 4 to enter the ldap password observed on mail1 (see above or "zmlocalconfig -s zimbra_ldap_password").

3. Return to the main menu and choose item 2 for the LDAP Configuration.

Ldap configuration

   1) Status:                                 Enabled                       
   2) Create Domain:                   yes
   3) Domain to create:                        mail2.domain.com
   4) Ldap Root password:              set
   5) Ldap Replication password:       set
   6) Ldap Postfix password:           set
   7) Ldap Amavis password:            set
  • You can choose item 2 to elect not to create a new domain (presumably you already have domains provisioned on mail1).
  • Choose each password item to set these to the corresponding values from mail1.

4. Return to the main menu and choose "zimbra-store". Since admin and spam training accounts already exist on mail1, you can choose the "Create Admin User" and "Enable automated spam training" items to not create new accounts. If you do this, don't forget to also move the mailboxes for these accounts.

Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       no
   3) Enable automated spam training:          no
   4) Global Documents Account:                wiki@mail2.domain.com
   5) SMTP host:                               mail2.mydomain.com

As of ZCS 5.0.9, even if you choose to not create a new domain, you can't disable the "Global Documents Account" in the store configuration menu. You will see a harmless "failed to initialize documents" warning during configuration. You should already have a global documents account on mail1, which you can mailbox move to mail2.

Moving users to the new server

You can move mailboxes on the server command-line with zmmailboxmove, or through the administrator web console (by logging in to https://mail1.domain.com:7071/

Promoting the LDAP Replica to be the LDAP Master

Straight forward instructions found here: http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master
Optional - Converting the master to be a replica. Not needed if you are decommissioning the old machine. If you are decommissioning the old machine, you can remove the old server from the new machine.
Don't do this command until after the users are moved over to the new machine.

zmprov deleteServer mail1.domain.com

NOTE: Moving from one server to the other with zmmailboxmove is a staged process. If you wish, you can leave the old server up as an ldap master or the MTA after the accounts are migrated, just to minimize the number of changes happening at one time.

Additional Considerations

7) DNS - Be sure to edit your DNS records to include the new server.
Before the migration:
$ host -t mx domain.com domain.com mail is handled by 10 mail1.domain.com.

After the migration:
$ host -t mx domain.com domain.com mail is handled by 10 mail2.domain.com.

7a) If you wish to maintain the same exact zmhostname as the old server, you'll have to change the hostname. Instructions are found here: http://wiki.zimbra.com/index.php?title=ZmSetServerName

8) Things to consider.
- Zimlets - Be sure to install the same zimlets on the new machine as on the old machine.
- Custom Skins will need to be installed on the new machine.
- Branding will need to be configured on the new machine if you were using custom branding on the old machine.
- Don't forget to run "zmupdateauthkeys" on both machines to update their SSH keys.
- You should be able to use your existing license from the master for this multi node setup.

9) Commercial Certificate.
If the hostname stays the same, you'll need to follow the steps outlined here to reimport them: http://wiki.zimbra.com/index.php?title=Commercial_Certificate_in_5.x#.2Fopt.2Fzimbra.2Fbin.2Fzmcertmgr
If the hostname has changed, you'll need to generate a CSR, submit CSR to Commercial Certificate vendor, i.e. GoDaddy, and import them using the Admin Console Wizard.

Notes

  • If you are only moving some users to the new server, and the old server will remain active (for example, if you are just adding a new mailstore to the installation), it is not necessary to configure the new server as an ldap replica and even if you do, it is not necessary to promote it to be the master.
  • This method is only available for the Network Edition of ZCS.
  • zmmailboxmove: authtoken expired - verify that date/time for each server is accurate.

Excised

Documentation on promoting the replica to master is here: http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master. The move mailbox function can be accomplished by using the Admin Console, or by CLI. In the Admin Console, there is a button labeled "move mailbox" when you edit an account. From the CLI, here is an article detailing the zmmailboxmove, http://wiki.zimbra.com/index.php?title=Zmmailboxmove. Zmmailboxmove is only available for NE.

Note: These steps are basically the same as the following link. Except, you will want to install all the important packages, zimbra-ldap, zimbra-mta, zimbra-store, zimbra-logger, zimbra-snmp, & zimbra-spell; basically, install the same packages on the new server, as the old server.
http://www.zimbra.com/docs/os/latest/multi_server_install/LDAP%20Replication.6.1.html

The password used for "Ldap Admin Password is: zmlocalconfig -s | grep zimbra_ldap_password

Jump to: navigation, search