Difference between revisions of "Building Zimbra on Gentoo"

(Adding Template:Article Footer, and Template:4.5)
Line 1: Line 1:
{{4.5}}
+
{{5.0.8}}
  
Here's a howto that will get Zimbra going on a Gentoo install. This method basically leverages debootstrap to get a bare debain sarge install in a chroot environment.  The open source zimbra 4.5 package for Debian can then be installed. This is working on Gentoo 2006.1 kernel 2.6.17-gentoo-r5. But you shouldn't have any issues running it on recent versions. At first this may seem like extra work and a waste of resources, but to the contrary running Zimbra in a chroot is a pretty good idea.  People have been hosting chroot jails on *BSD's  to run various internet services for quite some time. This can add a level of protection for the host system.  I.e. if the unthinkable happens and an attacker does find a way to gain root through the host services on your Zimbra instance, (s)he will only have access to the chroot environment.
+
Here's a howto that will get Zimbra going on a Gentoo install. This method basically leverages debootstrap to get a bare debain sarge install in a chroot environment.  The open source zimbra 5.0.8 package for Debian can then be installed. This is working on Gentoo 2008.0 kernel 2.6.25-gentoo-r7. But you shouldn't have any issues running it on recent versions. At first this may seem like extra work and a waste of resources, but to the contrary running Zimbra in a chroot is a pretty good idea.  People have been hosting chroot jails on *BSD's  to run various internet services for quite some time. This can add a level of protection for the host system.  I.e. if the unthinkable happens and an attacker does find a way to gain root through the host services on your Zimbra instance, (s)he will only have access to the chroot environment.
  
 
== Stopping Apache on the Gentoo host ==
 
== Stopping Apache on the Gentoo host ==
Line 17: Line 17:
  
 
'''Emerge debootstrap'''
 
'''Emerge debootstrap'''
:<tt># echo "dev-util/debootstrap" >> /etc/portage/package.keywords</tt>
 
 
:<tt># emerge debootstrap</tt>
 
:<tt># emerge debootstrap</tt>
  
Line 26: Line 25:
  
 
'''Run debootstrap'''
 
'''Run debootstrap'''
:<tt># debootstrap sarge /zimbra http://ftp.debian.org/debian</tt>
+
:<tt># debootstrap etch /zimbra http://ftp.debian.org/debian</tt>
  
If you are on amd64 you will need to use debootstrap --arch i386 sarge /zimbra http://ftp.debian.org/debian so that it knows which architecture to bootstrap onto your machine.
+
If you are on amd64 you will need to use :<tt># debootstrap --arch i386 sarge /zimbra http://ftp.debian.org/debian</tt> so that it knows which architecture to bootstrap onto your machine.
  
  
 
'''Mount proc, dev and sys'''
 
'''Mount proc, dev and sys'''
 
:<tt># mount -o bind /proc /zimbra/proc</tt>
 
:<tt># mount -o bind /proc /zimbra/proc</tt>
:<tt># mount -o bind /sys /zimbra/sys</tt>
 
 
:<tt># mount -o bind /dev /zimbra/dev</tt>
 
:<tt># mount -o bind /dev /zimbra/dev</tt>
 +
:<tt># mount -o bind /dev/shm /zimbra/dev/shm</tt>
 
:<tt># mount -o bind /dev/pts /zimbra/dev/pts</tt>
 
:<tt># mount -o bind /dev/pts /zimbra/dev/pts</tt>
:<tt># mount -o bind /dev/shm /zimbra/dev/shm</tt>
+
:<tt># mount -o bind /sys /zimbra/sys</tt>
  
  
 
'''Chroot to the debian environment'''
 
'''Chroot to the debian environment'''
:<tt># chroot /zimbra</tt>
+
:<tt># chroot /zimbra /bin/bash</tt>
  
  
Line 49: Line 48:
 
'''Adjust your hosts and hostname files'''
 
'''Adjust your hosts and hostname files'''
 
:<tt># nano -w /etc/hosts</tt>
 
:<tt># nano -w /etc/hosts</tt>
 +
It should look something like this:
 +
<tt><pre>
 +
111.222.333.444 hostname.example.com hostname
 +
127.0.0.1 localhost hostname
 +
</pre></tt>
 
:<tt># nano -w /etc/hostname</tt>
 
:<tt># nano -w /etc/hostname</tt>
 
+
This one should only contain your hostname.  
 
 
'''Add cache limit to apt.conf'''
 
:<tt># echo "APT::Cache-Limit 16777216" >> /etc/apt/apt.conf</tt>
 
  
  
Line 68: Line 69:
  
 
'''Install some packages that we will need'''
 
'''Install some packages that we will need'''
:<tt># apt-get install ssh wget sudo libidn11 curl fetchmail libgmp3 libxml2 libstdc++6 openssl file perl libexpat1</tt>
+
:<tt># apt-get install ssh wget sudo libidn11 curl fetchmail libgmp3 libxml2 libstdc++6 openssl file perl libexpat1 postgrey</tt>
  
  
 
'''Get the zimbra debian package and untar the archive'''
 
'''Get the zimbra debian package and untar the archive'''
 
:<tt># cd ~</tt>
 
:<tt># cd ~</tt>
:<tt># wget http://files.zimbra.com/downloads/4.5.10_GA/zcs-4.5.10_GA_1575.DEBIAN3.1.tgz</tt>
+
:<tt># wget http://files.zimbra.com/downloads/5.0.8_GA/zcs-5.0.8_GA_2462.DEBIAN4.0.20080709172452.tgz</tt>
:<tt># tar -xvzf zcs-4.5.10_GA_1575.DEBIAN3.1.tgz</tt>
+
:<tt># tar -xvzf zcs-5.0.8_GA_2462.DEBIAN4.0.20080709172452.tgz</tt>
  
  
 
'''Run install script in the newly created zcs directory'''
 
'''Run install script in the newly created zcs directory'''
:<tt># cd zcs</tt>
+
:<tt># cd zcs-5.0.8_GA_2462.DEBIAN4.0.20080709172452</tt>
 
:<tt># ./install.sh</tt>
 
:<tt># ./install.sh</tt>
  
Line 98: Line 99:
 
and change it to:
 
and change it to:
 
   
 
   
:<tt>port 23</tt>
+
:<tt>port 60022</tt>
  
  
Line 105: Line 106:
  
  
'''Tell Zimbra to run sshd on port 23'''
+
'''Tell Zimbra to run sshd on port 60022'''
 
:<tt># su - zimbra</tt>
 
:<tt># su - zimbra</tt>
:<tt>$ zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 23</tt>
+
:<tt>$ zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 60022</tt>
  
 
substitute MAIL.DOMAIN.COM with the fqdn of your host name
 
substitute MAIL.DOMAIN.COM with the fqdn of your host name
Line 113: Line 114:
  
 
'''Build and deploy new ssh keys'''
 
'''Build and deploy new ssh keys'''
 +
This wasn't needed with version 5.0.8, but if you're using an older version perhaps you'll need it.
 
:<tt>$ /opt/zimbra/bin/zmsshkeygen</tt>
 
:<tt>$ /opt/zimbra/bin/zmsshkeygen</tt>
 
:<tt>$ /opt/zimbra/bin/zmupdateauthkeys</tt>
 
:<tt>$ /opt/zimbra/bin/zmupdateauthkeys</tt>
Line 118: Line 120:
  
 
'''Test your Zimbra install'''
 
'''Test your Zimbra install'''
:<tt>$ zmcontrol start</tt>
+
:<tt>$ /etc/init.d/zimbra start</tt>
  
 
== Creating the init scripts ==
 
== Creating the init scripts ==
It would be nice to get Zimbra to start at boot in the default run level.  This requires an init script. Some of the init scripts that have been floating around for this are a little rough, raising job control issues while piping to the chroot command in the init shell. To avoid this we'll generate three scripts.  Two scripts will live inside the chroot environment and will start and stop Zimbra. One script will live in /etc/init.d in the Gentoo host environment and will pass control to the start and stop scripts at the right time.
+
It would be nice to get Zimbra to start at boot in the default run level.  This requires an init script.  
 
 
  
 
'''Exit chroot and create the gentoo init.d script'''
 
'''Exit chroot and create the gentoo init.d script'''
Line 131: Line 132:
  
  
'''Create zimbra_start.sh'''
+
'''Make the script executable'''
:<tt># nano -w /zimbra/usr/sbin/zimbra_start.sh</tt>
 
 
 
:append zimbra_start.sh script from below
 
 
 
 
 
'''Create zimbra_stop.sh'''
 
:<tt># nano -w /zimbra/usr/sbin/zimbra_stop.sh</tt>
 
 
 
:append zimbra_stop.sh script from below
 
 
 
 
 
'''Make the scripts executable'''
 
 
:<tt># chmod +x /etc/init.d/zimbra</tt>
 
:<tt># chmod +x /etc/init.d/zimbra</tt>
:<tt># chmod +x /zimbra/usr/sbin/zimbra_start.sh</tt>
 
:<tt># chmod +x /zimbra/usr/sbin/zimbra_stop.sh</tt>
 
  
  
Line 181: Line 168:
 
   mount -o bind /dev/shm /zimbra/dev/shm > /dev/null
 
   mount -o bind /dev/shm /zimbra/dev/shm > /dev/null
 
   mount -o bind /dev/pts /zimbra/dev/pts > /dev/null
 
   mount -o bind /dev/pts /zimbra/dev/pts > /dev/null
   mount -o bind /dev/sys /zimbra/sys > /dev/null
+
   mount -o bind /sys /zimbra/sys > /dev/null
  
 
# Start the services in chroot
 
# Start the services in chroot
   chroot /zimbra /usr/sbin/zimbra_start.sh
+
   chroot /zimbra /etc/init.d/ssh start
 +
  chroot /zimbra /etc/init.d/postgrey start
 +
  chroot /zimbra /etc/init.d/zimbra start
  
 
eend $? "Errors were encountered while starting Zimbra in chroot environment"
 
eend $? "Errors were encountered while starting Zimbra in chroot environment"
Line 195: Line 184:
  
 
# Stop all the services in chroot
 
# Stop all the services in chroot
   chroot /zimbra /usr/sbin/zimbra_stop.sh
+
   chroot /zimbra /etc/init.d/zimbra stop
 
+
  chroot /zimbra /etc/init.d/postgrey stop
 +
  chroot /zimbra /etc/init.d/ssh stop
  
 
# Unmount the dirs
 
# Unmount the dirs
  umount -f /zimbra/proc > /dev/null
 
  umount -f /zimbra/dev > /dev/null
 
 
   umount -f /zimbra/dev/shm > /dev/null
 
   umount -f /zimbra/dev/shm > /dev/null
 
   umount -f /zimbra/dev/pts > /dev/null
 
   umount -f /zimbra/dev/pts > /dev/null
 
   umount -f /zimbra/sys > /dev/null
 
   umount -f /zimbra/sys > /dev/null
 +
  umount -f /zimbra/proc > /dev/null
 +
  umount -f /zimbra/dev > /dev/null
  
 
eend $? "Errors were encountered while stopping Zimbra in chroot environment"
 
eend $? "Errors were encountered while stopping Zimbra in chroot environment"
Line 210: Line 200:
 
</pre>
 
</pre>
  
== Script: /zimbra/usr/sbin/zimbra_start.sh  ==
+
Instructions for adding postgrey are found here: http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system
<pre>
+
You might have to repeat postgrey adding at every upgrade so you might want to think twice about having it. If you don't, just
#!/bin/bash
+
remove the two lines with postgrey in the init script. However, I highly recommend postgrey as it's really very efficient. Doesn't
 +
cost as much processor power as other measures and it catches alot of spam. A good ''first sentry'' imhop.
  
#Start all the services for zimbra
+
About tweaking; I found the yahoo search bar pretty annoying and it's easily removed, persistent over upgrades:
  rm -rf /var/run/*.pid
+
:<tt> zmprov mc default zimbraFeatureWebSearchEnabled FALSE </tt>
  /etc/init.d/sysklogd start
+
I am still running my old apache so I had to change some ports:
  /etc/init.d/cron start
+
:<tt> zmprov ms MAIL.DOMAIN.COM zimbraMailPort 8888 zimbraMailSSLPort 8889 </tt>
  /etc/init.d/ssh start
+
Of course, you then access your zimbra installation like so:
  su - zimbra -c /opt/zimbra/bin/zmcontrol start
+
https://MAIL.DOMAIN.COM:8889
 
+
these and many other tweaks can be found in the forums.  
</pre>
 
 
 
== Script: /zimbra/usr/sbin/zimbra_stop.sh  ==
 
<pre>
 
#!/bin/bash
 
 
 
#Stop all the services for zimbra
 
  su - zimbra -c /opt/zimbra/bin/zmcontrol stop
 
  /etc/init.d/ssh stop
 
  /etc/init.d/cron stop
 
  /etc/init.d/sysklogd stop
 
 
 
</pre>
 
  
 
==Building Zimbra from source on Gentoo==
 
==Building Zimbra from source on Gentoo==

Revision as of 21:10, 31 July 2008

Template:5.0.8

Here's a howto that will get Zimbra going on a Gentoo install. This method basically leverages debootstrap to get a bare debain sarge install in a chroot environment. The open source zimbra 5.0.8 package for Debian can then be installed. This is working on Gentoo 2008.0 kernel 2.6.25-gentoo-r7. But you shouldn't have any issues running it on recent versions. At first this may seem like extra work and a waste of resources, but to the contrary running Zimbra in a chroot is a pretty good idea. People have been hosting chroot jails on *BSD's to run various internet services for quite some time. This can add a level of protection for the host system. I.e. if the unthinkable happens and an attacker does find a way to gain root through the host services on your Zimbra instance, (s)he will only have access to the chroot environment.

Stopping Apache on the Gentoo host

If you have a web server runing on your host Gentoo system you will need to stop it for now. Later you can change the ports Zimbra will listen on and run your host's web server and your Zimbra web server on the same machine.


# /etc/init.d/apache2 stop
# rc-update delete apache2

Installing Zimbra in a Gentoo chroot

(Some of this was taken from http://www.elfenbeinturm.cc/2006/07/28/zimbra-on-gentoo/)


Emerge debootstrap

# emerge debootstrap


Create the chroot environment

# mkdir /zimbra


Run debootstrap

# debootstrap etch /zimbra http://ftp.debian.org/debian

If you are on amd64 you will need to use :# debootstrap --arch i386 sarge /zimbra http://ftp.debian.org/debian so that it knows which architecture to bootstrap onto your machine.


Mount proc, dev and sys

# mount -o bind /proc /zimbra/proc
# mount -o bind /dev /zimbra/dev
# mount -o bind /dev/shm /zimbra/dev/shm
# mount -o bind /dev/pts /zimbra/dev/pts
# mount -o bind /sys /zimbra/sys


Chroot to the debian environment

# chroot /zimbra /bin/bash


Set a root password

# passwd


Adjust your hosts and hostname files

# nano -w /etc/hosts

It should look something like this:

111.222.333.444 hostname.example.com hostname
127.0.0.1 localhost hostname
# nano -w /etc/hostname

This one should only contain your hostname.


Tell apt where to get all the repositories

This will execute an ncurses menu prompting you to choose a debian mirror pick http or ftp and select a (hopefully) fast mirror:

# apt-setup


Update the package listing

# apt-get update


Install some packages that we will need

# apt-get install ssh wget sudo libidn11 curl fetchmail libgmp3 libxml2 libstdc++6 openssl file perl libexpat1 postgrey


Get the zimbra debian package and untar the archive

# cd ~
# wget http://files.zimbra.com/downloads/5.0.8_GA/zcs-5.0.8_GA_2462.DEBIAN4.0.20080709172452.tgz
# tar -xvzf zcs-5.0.8_GA_2462.DEBIAN4.0.20080709172452.tgz


Run install script in the newly created zcs directory

# cd zcs-5.0.8_GA_2462.DEBIAN4.0.20080709172452
# ./install.sh

Follow the instructions. See the Zimbra documentation for help.


Configure sshd to run on a different port

(This is basically copied from the Zimbra forums at http://www.zimbra.com/forums/installation/9792-zimbra-gentoo-additional-info.html)

sshd running on the Gentoo host conflicts with a service that Zimbra runs. It will hinder Zimbra's ability to monitor queues from the management console. So let's fix it:

# nano -w /etc/ssh/sshd_config

Find the line that reads:

port 22

and change it to:

port 60022


Start sshd

# /etc/init.d/ssh start


Tell Zimbra to run sshd on port 60022

# su - zimbra
$ zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 60022

substitute MAIL.DOMAIN.COM with the fqdn of your host name


Build and deploy new ssh keys This wasn't needed with version 5.0.8, but if you're using an older version perhaps you'll need it.

$ /opt/zimbra/bin/zmsshkeygen
$ /opt/zimbra/bin/zmupdateauthkeys


Test your Zimbra install

$ /etc/init.d/zimbra start

Creating the init scripts

It would be nice to get Zimbra to start at boot in the default run level. This requires an init script.

Exit chroot and create the gentoo init.d script

$ exit && exit
# nano -w /etc/init.d/zimbra
append init.d script from below


Make the script executable

# chmod +x /etc/init.d/zimbra


Test the init script

# /etc/init.d/zimbra stop
# /etc/init.d/zimbra start


Add it to the default run level

# rc-update add zimbra default


Now you should have a functioning Zimbra system installed in a chroot that you can manage from the host gentoo system at boot or otherwise. If you were running a web server on your host gentoo system you will need to configure Zimbra to listen on different port for web and ssl (try 81 and 1443). Search the zimbra forums there is some documentation for this already in place. You will then be able to cofigure a named based vitual host to link from you gentoo hosted site to zimbra.

Script: /etc/init.d/zimbra

#!/sbin/runscript

depend() {
    need net
    after portmap
    after iptables
    after dnsmasq
}

start() {

ebegin "Starting Zimbra in chroot environment"

# Mount the dirs
   mount -o bind /proc /zimbra/proc > /dev/null
   mount -o bind /dev /zimbra/dev > /dev/null
   mount -o bind /dev/shm /zimbra/dev/shm > /dev/null
   mount -o bind /dev/pts /zimbra/dev/pts > /dev/null
   mount -o bind /sys /zimbra/sys > /dev/null

# Start the services in chroot
   chroot /zimbra /etc/init.d/ssh start
   chroot /zimbra /etc/init.d/postgrey start
   chroot /zimbra /etc/init.d/zimbra start

eend $? "Errors were encountered while starting Zimbra in chroot environment"

}

stop() {

ebegin "Stopping Zimbra in chroot environment"

# Stop all the services in chroot
   chroot /zimbra /etc/init.d/zimbra stop
   chroot /zimbra /etc/init.d/postgrey stop
   chroot /zimbra /etc/init.d/ssh stop

# Unmount the dirs
   umount -f /zimbra/dev/shm > /dev/null
   umount -f /zimbra/dev/pts > /dev/null
   umount -f /zimbra/sys > /dev/null
   umount -f /zimbra/proc > /dev/null
   umount -f /zimbra/dev > /dev/null

eend $? "Errors were encountered while stopping Zimbra in chroot environment"

} 

Instructions for adding postgrey are found here: http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system You might have to repeat postgrey adding at every upgrade so you might want to think twice about having it. If you don't, just remove the two lines with postgrey in the init script. However, I highly recommend postgrey as it's really very efficient. Doesn't cost as much processor power as other measures and it catches alot of spam. A good first sentry imhop.

About tweaking; I found the yahoo search bar pretty annoying and it's easily removed, persistent over upgrades:

zmprov mc default zimbraFeatureWebSearchEnabled FALSE

I am still running my old apache so I had to change some ports:

zmprov ms MAIL.DOMAIN.COM zimbraMailPort 8888 zimbraMailSSLPort 8889

Of course, you then access your zimbra installation like so: https://MAIL.DOMAIN.COM:8889 these and many other tweaks can be found in the forums.

Building Zimbra from source on Gentoo

(needs to be documented)

Verified Against: ZCS 4.5.10 Date Created: 11/13/2006
Article ID: https://wiki.zimbra.com/index.php?title=Building_Zimbra_on_Gentoo Date Modified: 2008-07-31



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search