Installing Zimbra Using Chef: Difference between revisions
(Installing Zimbra Using Chef) |
|||
Line 6: | Line 6: | ||
{{WIP}} | {{WIP}} | ||
== Overview == | == Overview == | ||
This article provides the details of a chef recipe (assuming chef-solo) for a fresh install of Zimbra. | This article provides the details of a chef recipe (assuming chef-solo) for a fresh single server install of Zimbra. | ||
Additional configuration of Zimbra is needed after the installation is complete (see below). | Additional configuration of Zimbra is needed after the installation is complete (see below). |
Revision as of 21:35, 1 July 2016
Installing Zimbra using Chef
Overview
This article provides the details of a chef recipe (assuming chef-solo) for a fresh single server install of Zimbra.
Additional configuration of Zimbra is needed after the installation is complete (see below).
In the Oracle cloud, chef can be called automatically when an instance is created with an Orchestration.
During the Zimbra Installation process, a 60-day trial license is installed and must be updated by the Zimbra Administrator to continue using Zimbra.
Contact Zimbra Sales to purchase your license.
Introduction
Chef-solo can be downloaded and installed on an existing Linux installation. If you choose this approach, you will want to edit the recipe and template files to adjust for parameters in your environment.
This article is based on Oracle Linux 6.6 in the Oracle Cloud. The configuration should also work on RHEL/Centos 6.x with a few minor changes.
Zimbra can be installed using a configuration file that defines needed installation parameters. The chef process uses the template feature to create the configuration file with the correct parameters. You can modify the template file to customize your automated install if you like before you run chef.
Executing chef-solo as root
Download and customize the chef templates shown below to reflect your operating system configuration. The chef files shown in this example can be downloaded with: wget "https://current.zimbraview.com/home/oracle-demo@zimbraview.com/Briefcase/Oracle-Cloud-Install/chef-solo.tar.zip"
The instructions shown here allow you to run the complete process.
As root user:
cd ~ curl -L https://www.opscode.com/chef/install.sh | bash wget http://github.com/opscode/chef-repo/tarball/master tar -zxf master mv chef-chef-repo* chef-repo rm master -f cd chef-repo/ mkdir .chef echo "cookbook_path [ '/root/chef-repo/cookbooks' ]" > .chef/knife.rb knife cookbook create zimbra wget "https://current.zimbraview.com/home/oracle-demo@zimbraview.com/Briefcase/Oracle-Cloud-Install/chef-solo.tar.zip" unzip chef-solo.tar.zip tar xvf chef-solo.tar { Edit the files if necessary } chef-solo -c solo.rb -j web.json
Sample Default Recipe
/chef/cookbooks/zimbra/recipes/default.rb
Here is a summary of the steps:
- Format (using Zimbra recommended parameters) a raw partition
- Mount the partition as /opt/zimbra and set the permissions
- Optimize the file system per Zimbra recommendations
- Modify the template file to use the parameters of the host when installing Zimbra
- Update the /etc/hosts file with the correct IP address and hostname needed for Zimbra installation
- Update the /etc/sysctl.conf file to optimize Linux memory configuration and TCP/IP parameters
- Download the Zimbra 8.7 binary
- Download a TRIAL license
- Extract the Zimbra binary installation files
- Install Zimbra prerequisite packages
- Install Zimbra
# # Cookbook Name:: zimbra # Recipe:: default # # Copyright 2016, Synacor, Inc. # # All rights reserved - Do Not Redistribute # # This recipe configures a local server with chef-solo and installs a full # NEW single server instance of Zimbra. It installs with the local hostname and domain name. # # **** Do NOT use this to upgrade Zimbra **** # # Note: This does not install the dns-cache package. # Assuming an unformated partition /dev/xvdc, that will host /opt/zimbra # Format, Create, and Mount the /opt/zimbra filesystem on that partition execute "create_optzimbra" do command "mkfs -t ext4 -j -O dir_index -m 2 -i 10240 -J size=400 /dev/xvdc" not_if "grep xvdc /proc/mounts" end # Set the appropriate permissions on the directory where Zimbra will be installed directory '/opt/zimbra' do owner 'root' group 'root' mode '0755' action :create end # Mount the parition on the new filesystem. mount "/opt/zimbra" do device "/dev/xvdc" fstype "ext4" action [:mount, :enable] end # Set the attributes of the file system to optimize for writes bash 'optimize_filesystem' do code <<-EOH chattr -R +D /opt/zimbra EOH end # Modify the Zimbra Installation File with local parameters for installation template "/root/oracle-cloud-zcs87-config-v1.txt" do source "oracle-cloud-zcs87-config-v1.erb" owner "root" group "root" mode "0644" end # Update hosts file with IP address and hostname template "/etc/hosts" do source "hosts.erb" owner "root" group "root" mode 0644 end # Update sysctl.conf file with Zimbra Parameters template "/etc/sysctl.conf" do source "sysctl.erb" owner "root" group "root" mode 0644 end # Download the Zimbra Binary remote_file "/root/zcs-NETWORK-8.7.0_RC1_1601.RHEL6_64.20160414162619.tgz" do source "https://files.zimbra.com/downloads/8.7.0_RC1/zcs-NETWORK-8.7.0_RC1_1601.RHEL6_64.20160414162619.tgz" mode 0644 end # Download a Zimbra License remote_file "/root/ZCSLicense.xml" do source "https://license.zimbra.com/zimbraLicensePortal/public/STLicense?IssuedToName=Oracle&IssuedToEmail=noone@zimbra.com" mode 0644 end execute 'extract_zimbra_tar' do cwd "/root" command "tar xzf /root/zcs-NETWORK-8.7.0_RC1_1601.RHEL6_64.20160414162619.tgz" end # Install a Zimbra recommended package package "libreoffice-headless" do action :install end # Run the Zimbra Install Script execute "install" do cwd "/root/zcs-NETWORK-8.7.0_RC1_1601.RHEL6_64.20160414162619" command "bash /root/zcs-NETWORK-8.7.0_RC1_1601.RHEL6_64.20160414162619/install.sh -l /root/ZCSLicense.xml /root/oracle-cloud-zcs87-config-v1.txt" end
Sample Chef Setup Files
/chef/solo.rb
file_cache_path "/root/chef-solo" cookbook_path "/root/chef-repo/cookbooks"
/chef/solo/web.json
{ "run_list": [ "recipe[zimbra]" ] }
/chef/cookbooks/zimbra/metadata.rb
name 'zimbra' maintainer 'Your Name' maintainer_email 'youremail@yourcompany.com' license 'All rights reserved' description 'Installs/Configures zimbra' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0'
Sample Template Files
Chef utilizes oahi, a tool that exposes characteristics of an OS installation, to allow dynamic substitution of OS parameters into configuration files for execution by the chef process. Variables are defined in the format
<%= node['parameter'] %>
Here are the template files /chef/cookbooks/zimbra/templates/default/hosts.erb
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 <%= node['ipaddress'] %> <%= node['fqdn'] %> <%= node['hostname'] %>
If you are going to use this OUTSIDE the Oracle linux environment, be sure to use a template that matches the sysctl.conf of your installation!! Note: The Zimbra specific parameters are at the bottom of the file. I could have used the file append method for chef-solo but there were several comments in forums about it being riskier.
/chef/cookbooks/zimbra/templates/default/sysctl.erb
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 kernel.panic = 10 xen.independent_wallclock = 1 # Zimbra Parameters net.ipv4.tcp_fin_timeout=15 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 vm.swappiness=0
This file was actually created by a normal Zimbra installation was modified for this process.
The installation process stores the file in /opt/zimbra/config.{some number}
/chef/cookbooks/zimbra/templates/default/oracle-cloud-zcs87-config-v1.erb
AVDOMAIN="<%= @node['domain'] %>" AVUSER="admin@<%= @node['domain'] %>" CREATEADMIN="admin@<%= @node['domain'] %>" CREATEDOMAIN="<%= @node['domain'] %>" DEFAULTLICENSEFILE="/opt/zimbra/conf/ZCSLicense.xml" DOCREATEADMIN="yes" DOCREATEDOMAIN="yes" DOTRAINSA="yes" ENABLEDEFAULTBACKUP="yes" EXPANDMENU="no" HOSTNAME="<%= @node['fqdn'] %>" HTTPPORT="8080" HTTPPROXY="TRUE" HTTPPROXYPORT="80" HTTPSPORT="8443" HTTPSPROXYPORT="443" IMAPPORT="7143" IMAPPROXYPORT="143" IMAPSSLPORT="7993" IMAPSSLPROXYPORT="993" INSTALL_WEBAPPS="service zimlet zimbra zimbraAdmin" JAVAHOME="/opt/zimbra/common/lib/jvm/java" LDAPBESSEARCHSET="set" LDAPHOST="<%= @node['fqdn'] %>" LDAPPORT="389" LDAPREPLICATIONTYPE="master" LDAPSERVERID="2" LICENSEFILE="/opt/zimbra/conf/ZCSLicense.xml" MAILPROXY="TRUE" MODE="https" MYSQLMEMORYPERCENT="30" POPPORT="7110" POPPROXYPORT="110" POPSSLPORT="7995" POPSSLPROXYPORT="995" PROXYMODE="https" REMOVE="no" RUNARCHIVING="no" RUNAV="yes" RUNCBPOLICYD="no" RUNDKIM="yes" RUNSA="yes" RUNVMHA="no" SERVICEWEBAPP="yes" SMTPDEST="admin@<%= @node['domain'] %>" SMTPHOST="<%= @node['fqdn'] %>" SMTPNOTIFY="yes" SMTPSOURCE="admin@<%= @node['domain'] %>" SNMPNOTIFY="yes" SNMPTRAPHOST="<%= @node['fqdn'] %>" SPELLURL="http://<%= @node['fqdn'] %>:7780/aspell.php" STARTSERVERS="yes" UIWEBAPPS="yes" UPGRADE="no" USESPELL="yes" VERSIONUPDATECHECKS="TRUE" ZIMBRA_REQ_SECURITY="yes" ldap_dit_base_dn_config="cn=zimbra" mailboxd_directory="/opt/zimbra/mailboxd" mailboxd_keystore="/opt/zimbra/mailboxd/etc/keystore" mailboxd_server="jetty" mailboxd_truststore="/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts" mailboxd_truststore_password="changeit" postfix_mail_owner="postfix" postfix_setgid_group="postdrop" ssl_default_digest="sha256" zimbraBackupReportEmailRecipients="admin@<%= @node['fqdn'] %>" zimbraBackupReportEmailSender="admin@<%= @node['fqdn'] %>" zimbraFeatureBriefcasesEnabled="Enabled" zimbraFeatureTasksEnabled="Enabled" zimbraIPMode="ipv4" zimbraMailProxy="TRUE" zimbraPrefTimeZoneId="America/Denver" zimbraReverseProxyLookupTarget="TRUE" zimbraVersionCheckNotificationEmail="admin@<%= @node['domain'] %>" zimbraVersionCheckNotificationEmailFrom="admin@<%= @node['domain'] %>" zimbraVersionCheckSendNotifications="TRUE" zimbraWebProxy="TRUE" zimbra_ldap_userdn="uid=zimbra,cn=admins,cn=zimbra" zimbra_require_interprocess_security="1" INSTALL_PACKAGES="zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-snmp zimbra-store zimbra-apache zimbra-spell zimbra-convertd zimbra-memcached zimbra-proxy "
Additional Zimbra Configuration after installation
Login to the new server with ssh and set the Zimbra Admin Password
zmprov sp admin@hostname.oracle-cloud-domain.internal Y0urN3wP@$$
Login to the Admin Console to
- Activate the license or install your license file from Zimbra and activate it.
- Configure Zimbra with your domain name and accounts
- OPTIONAL: Install a commercial certificate
If needed, create an account with an outbound SMTP service such as Sendgrid, Mailjet, or Mailgun. Configure the Zimbra MTA service to relay outbound mail through that service.
Add a separate backup partition (created with a separate storage orchestration), mount it in the instance, and modify the zimbra backup configuration to point to this partition.
Update your DNS and MX records when you are ready to cutover.
Troubleshooting
Refer to the chef documentation or your cloud provider documentation to determine where the chef log files are stored. On Oracle Linux 6.6 in the Oracle Cloud, they are in /var/log/chef.log