Configuring Zimbra Using Chef Oracle Cloud: Difference between revisions
(Configuring Zimbra using Chef in the Oracle Cloud) |
(Configuring Zimbra using Chef in the Oracle Cloud) |
||
| Line 14: | Line 14: | ||
During the Zimbra Installation process, a 60-day trial license is installed and must be updated by the Zimbra Administrator to continue using Zimbra. | During the Zimbra Installation process, a 60-day trial license is installed and must be updated by the Zimbra Administrator to continue using Zimbra. | ||
Contact Zimbra Sales to purchase your license. | Contact Zimbra Sales to purchase your license. | ||
Zimbra prerequisite packages are installed in the chef section. | Zimbra prerequisite packages are installed in the chef section. | ||
For this example, we will use | For this example, we will use ''zcs-87'' as the Zimbra hostname | ||
== Assumptions == | == Assumptions == | ||
| Line 31: | Line 31: | ||
''Currently, the Oracle Compute Cloud does NOT support snapshots for persistent disks.'' | ''Currently, the Oracle Compute Cloud does NOT support snapshots for persistent disks.'' | ||
[[WARNING: If you stop the orchestration, you will LOOSE your Zimbra installation!]] (reboot works just fine). | [[WARNING: If you stop the orchestration, you will LOOSE your Zimbra installation and all your data!]] (reboot works just fine). | ||
== Storage Orchestration (start first) == | == Storage Orchestration (start first) == | ||
| Line 38: | Line 38: | ||
#Defines a security list to be associated with your instance. | #Defines a security list to be associated with your instance. | ||
#Reserves an external IP address for your instance. | #Reserves an external IP address for your instance. | ||
#Creates security applications (IP port definitions to be allowed to your instance) | #Creates security applications (IP port definitions to be allowed for inbound traffic to your instance) | ||
#Creates 2 storage volumes, a root volume with Oracle Linux 6.6 pre-installed, and a data volume for Zimbra install. | #Creates 2 storage volumes, a root volume with Oracle Linux 6.6 pre-installed, and a data volume for Zimbra install. | ||
| Line 133: | Line 133: | ||
== Instance Orchestration == | == Instance Orchestration == | ||
''You can assign a hostname, but not the domain name for an instance in the oracle cloud. It will always be " | ''You can assign a hostname, but not the domain name for an instance in the oracle cloud. It will always be "yourhostname.compute-myidentitydomain.oraclecloud.internal". | ||
Use DNS to point your A and MX records to the IP address for correct name resolution. | Use DNS to point your A and MX records to the IP address for correct name resolution. | ||
| Line 144: | Line 144: | ||
#Defines the "shape" of your instance (number of CPU's and memory), in this case, the oc4 shape corresponds to 2 vCPU's and 15 GB or RAM | #Defines the "shape" of your instance (number of CPU's and memory), in this case, the oc4 shape corresponds to 2 vCPU's and 15 GB or RAM | ||
#Associates the storage volumes with your instance. | #Associates the storage volumes with your instance. | ||
#Defines the chef recipe to be downloaded used to install Zimbra. | #Defines the chef recipe to be downloaded used to install Zimbra. If the download is successful, Zimbra is installed | ||
| Line 278: | Line 278: | ||
</pre> | </pre> | ||
== Additional Zimbra Configuration after installation == | == Additional Zimbra Configuration after installation == | ||
Login to the new server with ssh and set the Zimbra Admin Password | Login to the new server with ssh and set the Zimbra Admin Password | ||
<pre> | <pre> | ||
Revision as of 22:47, 30 June 2016
Configuring Zimbra using Chef in the Oracle Cloud
- This article is a Work in Progress, and may be unfinished or missing sections.
Overview
This article demonstrations how to install a single server instance in the Oracle Cloud quickly and easily using orchestrations and chef.
Additional configuration of Zimbra is needed after the installation is complete (see below).
In the example shown, a Zimbra instance is created with 2 vCPU's, 16 GB of RAM, 2 disk partitions (/ - 21GB and /opt/zimbra - 500GB) using the Oracle Linux 6.6 pre-built image. Depending on your email usage profile, this may support between 500 and 2000 users
During the Zimbra Installation process, a 60-day trial license is installed and must be updated by the Zimbra Administrator to continue using Zimbra.
Contact Zimbra Sales to purchase your license.
Zimbra prerequisite packages are installed in the chef section.
For this example, we will use zcs-87 as the Zimbra hostname
Assumptions
- You have an Oracle Compute Cloud Account and have permissions to run orchestrations, create instances, storage, and network settings.
- You have uploaded your sshkey in the "Network/Public SSH keys" section (shown here as mysshkey)
The orchestrations shown here are for example only and will need to be customized with your settings such as your Oracle Identity Domain, your Oracle username, etc. The storage Orchestration creates persistent disks so that data survies a reboot.
The Oracle Cloud does not allow SMTP outbound on port 25. Instructions are included on setting the Outgoing SMTP relay to point to a service such as Sendgrid, MailJet, or Mailgun that will need to be subscribed to separately.
Currently, the Oracle Compute Cloud does NOT support snapshots for persistent disks.
WARNING: If you stop the orchestration, you will LOOSE your Zimbra installation and all your data! (reboot works just fine).
Storage Orchestration (start first)
This orchestration:
- Defines a security list to be associated with your instance.
- Reserves an external IP address for your instance.
- Creates security applications (IP port definitions to be allowed for inbound traffic to your instance)
- Creates 2 storage volumes, a root volume with Oracle Linux 6.6 pre-installed, and a data volume for Zimbra install.
{
"description": "oplan For Zimbra 500 GB Storage",
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-storage-orch-500GB",
"oplans": [
{
"label": "zcs-seclist",
"obj_type": "seclist",
"objects": [
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-external"
}
]
},
{
"label": "ZCS IP reservations",
"obj_type": "ip/reservation",
"objects": [
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-ipres",
"parentpool": "/oracle/public/ippool",
"permanent": true
}
]
},
{
"label": "ZCS security applications",
"obj_type": "secapplication",
"objects": [
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-admin",
"dport": 7071,
"protocol": "tcp"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub1",
"dport": 465,
"protocol": "tcp"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub2",
"dport": 587,
"protocol": "tcp"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3",
"dport": 110,
"protocol": "tcp"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-imap",
"dport": 143,
"protocol": "tcp"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3s",
"dport": 995,
"protocol": "tcp"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-imaps",
"dport": 993,
"protocol": "tcp"
}
]
},
{
"label": "ZCS storage volumes",
"obj_type": "storage/volume",
"objects": [
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcsos1",
"bootable": true,
"imagelist": "/oracle/public/OL-6.6-20GB-x11-RD",
"properties": ["/oracle/public/storage/protocol/iscsi"],
"size": "22548578304"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcsdata1",
"properties": ["/oracle/public/storage/latency"],
"size": "500G"
}
]
}
]
}
Instance Orchestration
You can assign a hostname, but not the domain name for an instance in the oracle cloud. It will always be "yourhostname.compute-myidentitydomain.oraclecloud.internal".
Use DNS to point your A and MX records to the IP address for correct name resolution.
This orchestration
- Associates security rules to the security applications that allow inbound connections to your Zimbra server.
- Creates an instanced with hostname "zcs-87"
- Associates a security list with your instance so that the security applications apply to your instance
- Associates the external IP address with your instance
- Defines the "shape" of your instance (number of CPU's and memory), in this case, the oc4 shape corresponds to 2 vCPU's and 15 GB or RAM
- Associates the storage volumes with your instance.
- Defines the chef recipe to be downloaded used to install Zimbra. If the download is successful, Zimbra is installed
{
"description": "oplan for Zimbra Instance",
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-instance-orch",
"oplans": [
{
"label": "ZCS security rules",
"obj_type": "secrule",
"objects": [
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-ssh",
"application": "/oracle/public/ssh",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-mail",
"application": "/oracle/public/mail",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-admin",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-admin",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-https",
"application": "/oracle/public/https",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub-1",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub1",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub-2",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub2",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-imap",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-imap",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3s",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3s",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
},
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-imaps",
"application": "/Compute-myidentitydomain/myemail@example.com/zcs-imaps",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
"action": "PERMIT"
}
]
},
{
"label": "zcs_oplan",
"obj_type": "launchplan",
"objects": [
{
"instances": [
{
"name": "/Compute-myidentitydomain/myemail@example.com/zcs-87",
"label": "zcs-87",
"hostname": "zcs-87",
"networking": {
"eth0": {
"seclists": ["/Compute-myidentitydomain/myemail@example.com/zcs-external"],
"nat": "ipreservation:/Compute-myidentitydomain/myemail@example.com/zcs-ipres"
}
},
"boot_order": [1],
"shape": "oc4",
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-myidentitydomain/myemail@example.com/zcsos1"
},
{
"index": 2,
"volume": "/Compute-myidentitydomain/myemail@example.com/zcsdata1"
}
],
"sshkeys": ["/Compute-myidentitydomain/myemail@example.com/mysshkey"],
"attributes": {
"userdata": {
"chef": {
"run_list": ["recipe[zimbra]"],
"install_type": ["omnibus"],
"omnibus_url": ["https://www.opscode.com/chef/install.sh"],
"cookbooks_url": ["https://current.zimbraview.com/home/oracle-demo@zimbraview.com/Briefcase/Oracle-Cloud-Install/chef-zimbra.zip"]
}
}
}
}
]
}
]
}
]
}
Additional Zimbra Configuration after installation
Login to the new server with ssh and set the Zimbra Admin Password
zmprov sp admin@hostname.oracle-cloud-domain.internal Y0urN3wP@$$
Login to the Admin Console to
- Activate the license or install your license file from Zimbra and activate it.
- Configure Zimbra with your domain name and accounts
- OPTIONAL: Install a commercial certificate
Create an account with an outbound SMTP service such as Sendgrid, Mailjet, or Mailgun. Configure the Zimbra MTA service to relay outbound mail through that service.
Add a separate backup partition (created with a separate storage orchestration), mount it in the instance, and modify the zimbra backup configuration to point to this partition.
Update your DNS and MX records when you are ready to cutover.
Sendgrid example
Setting the relay host
see also Sending mail through an external relay
You may have to set the port, as well. From the command line:
zmprov ms `zmhostname` zimbraMtaRelayHost smtp.sendgrid.net:587
Edit /opt/zimbra/conf/relay_password and add the following line:
smtp.sendgrid.net yoursendgridaccount:yoursendgridpassword
Execute the following commands:
Run all commands as the zimbra user
cd /opt/zimbra/conf postmap /opt/zimbra/conf/relay_password postmap -q smtp.sendgrid.net /opt/zimbra/conf/relay_password zmprov ms `zmhostname` zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password zmprov ms `zmhostname` zimbraMtaSmtpSaslAuthEnable yes zmprov ms `zmhostname` zimbraMtaSmtpCnameOverridesServername no zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous;
Wait 2 minutes for the postfix configurations to be updated.
