King0770-Notes-Merge Two Independent Machines
Summary of steps
- Prepare ZCS machines
- Export ldap data from ServerA
- Import ldap data into ServerB
Scenario: You have two ZCS machines, but they are independent of each other. Now a decision has been made to join the machines together.
Why merge two different Zimbra machines?
- Take advantage of the sharing capabilities, share calendar, mailbox, briefcase etc etc
- Consolidate two servers into one
- Need to transfer accounts ( See http://wiki.zimbra.com/index.php?title=CLI_zmmailboxmove_Network_Edition_only )
Section I - LDAP Passwords
Run the following command on both machines.
zmlocalconfig -s | grep pass | grep ldap
If the passwords do not match between the two machines, you will need to change the passwords so the passwords match between both machines. After changing the passwords, you will need to restart ZCS services.
zmldappasswd -h Usage: /opt/zimbra/bin/zmldappasswd [-h] [-r] [-p] [-l] newpassword -h: display this help message -a: change ldap_amavis_password -l: change ldap_replication_password -n: change ldap_nginx_password -p: change ldap_postfix_password -r: change ldap_root_passwd Only one of a, l, n, p, or r may be specified Without options zimbra_ldap_password is changed
Section II - Exporting ldap info from the ldap-replica
This is actually pretty straight forward. Basically we're going to export the ldap info into a file. Normally we can use the zmslapcat tool to export ldap info, however, we will need to parse out some superfluous info that zmslapcat would include.
Here's a small script to help facilitate this step. Basically, this will export all info the ldap-master will need to import.
#!/bin/bash if [ `whoami` != "zimbra" ]; then echo "You must be the zimbra user to run this script." exit 0 fi source /opt/zimbra/bin/zmshutil zmsetvars echo "Creating file in /tmp." ldapsearch -x -h `zmhostname` -D $zimbra_ldap_userdn -w $zimbra_ldap_password -LLL \ "(|(objectClass=zimbraDomain)(objectClass=zimbraAccount)(objectClass=zimbraServer)(objectClass=zimbraCOS))" >> /tmp/`zmhostname`_`date +%F`.ldif
Note: The ldapsearch command is on one line.
Section III - Importing ldap info into ldap-master
After generating the ldif file on the replica, transfer it to the ldap-master machine. And run ldapadd to import the data into the ldap-master.
Example: ldapadd -x -h `zmhostname` -D uid=zimbra,cn=admins,cn=zimbra -c -w `zmlocalconfig -s -m nokey zimbra_ldap_password` -f /tmp/temp.ldif"
Once the data is imported, restart ZCS services.
zmcontrol stop zmcontrol start
Section IV - Configure the ldap-replica
At this point, we will need to configure the designated ldap-replica to be an actual ldap-replica.
For this step do the following:
ldap stop cd /opt/zimbra/openldap-data /opt/zimbra/sleepycat/bin/db_recover rm alock *.bdb logs/* cd /opt/zimbra/openldap-data/accesslog/db /opt/zimbra/sleepycat/bin/db_recover rm -rf /opt/zimbra/openldap-data/accesslog ldap start
Change that server’s local config file to designate it as a replica. Type:
zmlocalconfig –e ldap_master_url="ldap://master_directory_address:389" zmlocalconfig –e ldap_url="ldap://replica_directory_address:389 ldap://master_directory_address:389" zmlocalconfig –e ldap_is_master=false zmlocalconfig -e ldap_host=master_directory_address /opt/zimbra/libexec/zmldapenablereplica
Or you can script it.
#!/bin/bash echo "Enable Replication" echo "What is the hostname of the ldap master?" read MAST zmlocalconfig -e ldap_is_master=false zmlocalconfig -e ldap_master_url="ldap://$MAST:389" zmlocalconfig -e ldap_url="ldap://`zmhostname`:389 ldap://$MAST:389" zmlocalconfig -e ldap_host=$MAST sleep 1 echo "Running zmldapenablereplica" /opt/zimbra/libexec/zmldapenablereplica
After making the changes for ldap replication, be sure to restart ZCS services.
zmcontrol stop zmcontrol start
Don't forget to run "zmupdateauthkeys" on both machines to update their SSH keys
Section V - Test
After both machines have been rebooted, each machine should be able to see each other.
Run the following command from the ldap-replica, both machines should be displayed. If you can see both machines, the merge was successful.
And run the following to see all the users from the ldap-replica
Section VI - Undocumented / Potential Issues
Will document any known issues as I am made aware. More to follow I am sure.