Bobby-Notes

Revision as of 00:02, 14 October 2008 by Bobby (talk | contribs) (finish update)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only)

The preferred method of transferring users from one ZCS machine to another ZCS machine is the "mailbox move" method. There are two main advantages of this method: 1. user data (i.e. mail, contacts, and calendar) is maintained, and 2. the accounts are moved one at a time, and both servers are active, so that only the account currently being moved will be inaccessible. This method typically involves three main stages: 1. making the new server an ldap replica of the original server, 2. moving all the accounts to the new server, and 3. promoting the new server to be the master.

Scenario

You have an old server called mail1, and you have a new server called mail2. You wish to transfer users from mail1 to mail2. You are installing ZCS on mail2 and configuring it as an ldap-replica.

Configuring the new server

First, enable ldap replication on the old server (mail1).

[root@mail1]# su - zimbra
[zimbra@mail1]$ ~/libexec/zmldapenablereplica

Then check the current version and ldap passwords on mail1.

[zimbra@mail1 ~]$ zmcontrol -v
Release 5.0.9_GA_2534.RHEL4_20080814054137 RHEL4 NETWORK edition

[zimbra@mail1 ~]$ zmlocalconfig -s |grep ldap |grep password
ldap_amavis_password = zmamavis
ldap_nginx_password = zmnginx
ldap_postfix_password = zmpostfix
ldap_replication_password = zmreplica
ldap_root_password = A1eRG0zP
zimbra_ldap_password = A1eRG0zP

Install ZCS on mail2. Make sure to install the same ZCS version as mail1.

1. During the configuration stage of the installation, you will be presented will the configuration Main menu.

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-store:                            Enabled
        +Create Admin User:                    yes
        +Admin user to create:                 admin@mail2.domain.com
******* +Admin Password                        UNSET
  • Choose the first item ("Common Configuration") so that you can desigate mail1 as the existing ldap master.

2. You should see something like this:

Common configuration

   1) Hostname:                                    mail2.domain.com
   2) Ldap master host:                            mail2.domain.com
   3) Ldap port:                                   389
   4) Ldap Admin password:                         set
   5) Require secure interprocess communications:  yes
   6) TimeZone:                                (GMT-08.00) Pacific Time (US & Canada)
  • Choose item 2 and enter mail1 as the ldap master.
  • Choose item 4 to enter the ldap password observed on mail1 (see above or "zmlocalconfig -s zimbra_ldap_password").

3. Return to the main menu and choose item 2 for the LDAP Configuration.

Ldap configuration

   1) Status:                                 Enabled                       
   2) Create Domain:                   yes
   3) Domain to create:                        mail2.domain.com
   4) Ldap Root password:              set
   5) Ldap Replication password:       set
   6) Ldap Postfix password:           set
   7) Ldap Amavis password:            set
  • You can choose item 2 to elect not to create a new domain (presumably you already have domains provisioned on mail1).
  • Choose each password item to set these to the corresponding values from mail1.

4. Return to the main menu and choose "zimbra-store". Since admin and spam training accounts already exist on mail1, you can choose the "Create Admin User" and "Enable automated spam training" items to not create new accounts. If you do this, don't forget to also move the mailboxes for these accounts.

Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       no
   3) Enable automated spam training:          no
   4) Global Documents Account:                wiki@mail2.domain.com
   5) SMTP host:                               mail2.mydomain.com

As of ZCS 5.0.9, even if you choose to not create a new domain, you can't disable the "Global Documents Account" in the store configuration menu. You will see a harmless "failed to initialize documents" warning during configuration. You should already have a global documents account on mail1, which you can mailbox move to mail2.

Moving users to the new server

You can move mailboxes on the server command-line with zmmailboxmove, or through the administrator web console (by logging in to https://mail1.domain.com:7071/

Promoting the LDAP Replica to be the LDAP Master

If you want the new machine to be the ldap master, follow the guide for Promoting Replica to LDAP Master, which also explains how to demote the ldap master to be a replica.

Additional Considerations

DNS

Be sure to edit your DNS records to include the new server.

Before the migration:

$ host -t mx domain.com
domain.com mail is handled by 10 mail1.domain.com.

After the migration:

$ host -t mx domain.com
domain.com mail is handled by 10 mail2.domain.com.

If you wish to maintain the same exact zmhostname as the old server, use zmsetservername to change the hostname.

Commercial SSL Certificates

If the hostname stays the same (e.g. the old server was "mail1.domain.com" and the new server gets renamed "mail1.domain.com"), copy the certificate files over from the old server and restart services.

/opt/zimbra/mailboxd/etc/keystore
/opt/zimbra/conf/*{key,crt}

If the hostname has changed, generate a new certificate signing request (CSR), submit the CSR to a Commercial Certificate vendor (e.g. GoDaddy), and import the new certificate using the SSL Certificates Wizard in the Admin Console.

The Old Server

If you are decommissioning the old server, verify that no accounts remain there, and then delete the server entry from ldap.

On the new server, check for any accounts that ldap shows as still on the old server.

zmprov searchAccounts "(zimbraMailHost=mail1.domain.com)"

On the old server, check for any accounts that remain there. If any accounts have moved but not purged from the old server, they will still show up.

mysql zimbra -e "select * from mailbox"

Remove the old server from the host pool for all classes of service in the COS section of the admin console. Once you are satisfied that the old server is no longer active, you can delete the server entry.

zmprov deleteServer mail1.domain.com

NOTE: Moving accounts with zmmailboxmove is a staged process. You can leave the old server up as an ldap master, MTA, etc after the accounts are migrated in order to minimize the number of changes happening at one time.

Customizations

If you have changed what zimlets are available or if you have custom skins or branding, don't forget to re-deploy these customizations.

Notes

  • If you are only moving some users to the new server, and the old server will remain active (for example, if you are just adding a new mailstore to the installation), it is not necessary to configure the new server as an ldap replica and even if you do, it is not necessary to promote it to be the master.
  • This method is only available for the Network Edition of ZCS.
  • You can use your existing license from the master for this multi node setup.
  • If you encounter a "zmmailboxmove: authtoken expired" error, verify that the date/time for each server is accurate.
  • For multi-node installations, run "zmupdateauthkeys" to update the SSH keys.
Jump to: navigation, search