Separation Of WebApp Service From Mailstore In ZCS8.5

Separation Of WebApp Service From Mailstore In ZCS 8.5+

   KB 21101        Last updated on 2018-05-9  




0.00
(0 votes)

The current Zimbra architecture combines the mailstore functionality with all the web functionality on the same server. Aim is to split the combined functionality so that mailstore server can be run independently from web that includes Zimbra Web Client, Zimbra Admin Client and Zimlets. This is how the proxy routes UI and SOAP/REST requests in a split environment. Zimbra-split-web-diagram000.png

There are several advantages with the split.

  • Some customers want to run their customized version of Zimbra Web Client and Zimbra Admin Client. Splitting the web apps from mailstore makes the UI customization process to be more “agile”, allowing the customers to roll out customized code without having to restart mailstore servers (zero down time).
  • Running webapps requires very few "front end" servers and thus need not touch all webapp or mailstore servers for each update.
  • All webapp servers will be completely decoupled from mailbox/Account unlike mailstore which has a affinity to the mailbox account, in other words any webapp server can serve any account request. So rolling out customized UI code doesn't need to shutdown all webapp servers at the same time.
  • The split works seamlessly with a cluster based set-up of new version of mailstore server with older versions of ZCS and also supports migrations.
  • Splitting the webapps from mailstore considerably decreases the load on mailstore servers which gives additional space to add more mailboxes and handle extra load on mailstore.

Zimbra-split-web-diagram001.png

Installation Process

Mail Store Server

During the backend mailstore installation, the minimum packages we need to select are the zimbra-store, apache, spell, logger and convertd (if installing Network Edition).

Select the packages to install
	Install zimbra-ldap [Y] n
	Install zimbra-logger [Y]
	Install zimbra-mta [Y] n
	Install zimbra-dnscache [N] 
	Install zimbra-snmp [Y] n
	Install zimbra-store [Y] 
	Install zimbra-apache [Y] 
	Install zimbra-spell [Y] 
	Install zimbra-convertd [Y] 
	Install zimbra-memcached [Y] n
	Install zimbra-proxy [Y]  n
	Install zimbra-archiving [N]

Note: Remember that if you want to have the convertd working with the last High Fidelity Document Preview, you need to install libreoffice. https://wiki.zimbra.com/wiki/High_Fidelity_Document_Preview

To use the Mailbox server only as Mail Store Backend, we need to select in the Main Menu the option number 4 (zimbra-store):

   Main menu
   1) Common Configuration:                                                  
   2) zimbra-logger:                           Enabled                       
   3) zimbra-snmp:                             Disabled                       
   4) zimbra-store:                            Enabled                       
   5) zimbra-spell:                            Enabled                       
   6) zimbra-convertd:                         Enabled                       
   7) zimbra-proxy:                            Disabled                       
   8) Default Class of Service Configuration:                                
   9) Enable default backup schedule:          yes                           
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                        
   Select, or 'r' for previous menu [r] 4

Once inside the Store Menu, we need to disable te option 24, the UI.

   Store configuration
   1) Status:                                  Enabled                       
   2) Create Admin User:                       yes                           
   3) Admin user to create:                    admin@zimbra.io               
   4) Admin Password                           set                           
   5) Anti-virus quarantine user:              virus-quarantine.cpggvaih@zimbra.io
   6) Enable automated spam training:          yes                           
   7) Spam training user:                      spam.lwjbfayhot@zimbra.io     
   8) Non-spam(Ham) training user:             ham.vwizoycy@zimbra.io        
   9) SMTP host:                               zimbramta01.zimbra.io         
  10) Web server HTTP port:                    8080                          
  11) Web server HTTPS port:                   8443                          
  12) Web server mode:                         https                         
  13) IMAP server port:                        7143                          
  14) IMAP server SSL port:                    7993                          
  15) POP server port:                         7110                          
  16) POP server SSL port:                     7995                          
  17) Use spell check server:                  yes                           
  18) Spell server URL:                        http://zimbrambox01.zimbra.io:7780/aspell.php
  19) Enable version update checks:            TRUE                          
  20) Enable version update notifications:     TRUE                          
  21) Version update notification email:       admin@zimbra.io               
  22) Version update source email:             admin@zimbra.io               
  23) Install mailstore (service webapp):      yes                           
  24) Install UI (zimbra,zimbraAdmin webapps): no                           
   Select, or 'r' for previous menu [r] 24

UI Server

On a different server, the one dedicated for just the UI, we will select only the zimbra-store package:

Select the packages to install
	Install zimbra-ldap [Y] n
	Install zimbra-logger [Y] n
	Install zimbra-mta [Y] n
	Install zimbra-dnscache [N] 
	Install zimbra-snmp [Y] n
	Install zimbra-store [Y] 
	Install zimbra-apache [Y] n
	Install zimbra-spell [Y] n
	Install zimbra-convertd [Y] n
	Install zimbra-memcached [Y] n
	Install zimbra-proxy [Y] n
	Install zimbra-archiving [N] 

In the Main Menu select the zimbra-store with the option number 4:

   Main menu
   1) Common Configuration:                                                  
   2) zimbra-logger:                           Disabled                       
   3) zimbra-snmp:                             Disabled                       
   4) zimbra-store:                            Enabled                       
   5) zimbra-spell:                            Disabled                       
   6) zimbra-convertd:                         Disabled                       
   7) zimbra-proxy:                            Disabled                       
   8) Default Class of Service Configuration:                                
   9) Enable default backup schedule:          yes                           
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                        
   Select, or 'r' for previous menu [r] 4

And then click on the option 23 to disable the Mailstore Backend installation:

   Store configuration
   1) Status:                                  Enabled                       
   2) Create Admin User:                       yes                           
   3) Admin user to create:                    admin@zimbra.io               
   4) Admin Password                           set                           
   5) Anti-virus quarantine user:              virus-quarantine.cpggvaih@zimbra.io
   6) Enable automated spam training:          yes                           
   7) Spam training user:                      spam.lwjbfayhot@zimbra.io     
   8) Non-spam(Ham) training user:             ham.vwizoycy@zimbra.io        
   9) SMTP host:                               zimbramta01.zimbra.io         
  10) Web server HTTP port:                    8080                          
  11) Web server HTTPS port:                   8443                          
  12) Web server mode:                         https                         
  13) IMAP server port:                        7143                          
  14) IMAP server SSL port:                    7993                          
  15) POP server port:                         7110                          
  16) POP server SSL port:                     7995                          
  17) Use spell check server:                  yes                           
  18) Spell server URL:                        http://zimbrambox01.zimbra.io:7780/aspell.php
  19) Enable version update checks:            TRUE                          
  20) Enable version update notifications:     TRUE                          
  21) Version update notification email:       admin@zimbra.io               
  22) Version update source email:             admin@zimbra.io               
  23) Install mailstore (service webapp):      no                           
  24) Install UI (zimbra,zimbraAdmin webapps): yes   

Release note items

Next steps are a little few configurations to have all the environment properly working. These are also listed here (https://files.zimbra.com/website/docs/8.5/ZCS_850_NE_ReleaseNotes_UpgradeInst.pdf, page 25)

  • Proxy+Memcached is mandatory - Proxy is the one doing the routing of the UI requests to the webUI server and SOAP/REST requests to the mail server. memcached is mandatory as well for split mode to work. It can be distributed or shared memcached. This is because the webclient server uses memcached to store the mailclient upstream for each client and uses this mailclient server for all subsequent SOAP/REST requests made by that client.
  • Zimbra Web Client must be accessed via Proxy.
  • The localconfig attribute zimbra_zmprov_default_soap_server should be set on the UI server to one of the mailstore servers (running the service webapp).
   zimbra@zimbraui01:~$ zmlocalconfig -e zimbra_zmprov_default_soap_server=zimbrambox01.zimbra.io
  • The UI server needs to know where the memcached is running. This is done by setting zimbraMemcachedClientServerList to the server where the memcached is running.
   zimbra@zimbraui01:~$  zmprov mcf zimbraMemcachedClientServerList "zimbraproxy01.zimbra.io:11211"

We can check if we applied properly the command:

   zimbra@zimbraui01:~$  zmprov gcf zimbraMemcachedClientServerList
   zimbraMemcachedClientServerList:zimbrambox01.zimbra.io:11211
  • Administrator console will work only through the proxy using port 9071 (default value for zimbraAdminProxyPort) instead of 7071 (default value for zimbraAdminPort) after setting zimbraReverseProxyAdminEnabled to TRUE
   zimbra@zimbraui01:~$ zmprov ms  `zmhostname` zimbraReverseProxyAdminEnabled TRUE

Another way to do the same as above is by using the following zmproxyconfig command

   /opt/zimbra/libexec/zmproxyconfig -e -w -C -H `zmhostname`
  • For service (SOAP/REST) to User Interface (JS/css/html) requests from mailstore server in split mode. Set zimbraWebClientURL on mailstore server to point to the Proxy.
   zimbra@zimbraui01:~$ zmprov mcf zimbraWebClientURL https://zimbaui01.zimbra.io
  • Need to have at least one mailstore server and one UI server for the proxy to be up and running and split setup to work.

zmproxyctl restart is required after adding the new UI/mailstore servers to regenerate the correct proxy configurations.

  • You must restart mailboxd on mail store and UI nodes, then restart proxy on all nodes where proxy is installed.
  zimbra@zimbraui01:~$ zmmailboxdctl restart
  zimbra@zimbrambox01:~$ zmmailboxdctl restart
  zimbra@zimbraui01:~$ zmproxyctl restart
  • In order for some things like change password link, calendar launch in separate window etc to work in split-mode & use proxy instead of mbs the following attributes have to be set:
   zimbraPublicServiceHostname - proxy hostname
   zimbraPublicServiceProtocol - proxy protocol (http or https)
   zimbraPublicServicePort - proxy port

Please refer to the following bug for more details https://bugzilla.zimbra.com/show_bug.cgi?id=91968

Proxy routing in a multi-version ZCS environment with split nodes

The Proxy now supports cross version lookup for the client UI requests in mixed-version environments consisting of Split/Non-Split nodes. For e.g. UI requests for users on 8.5.0 mailstores will go *only* to one of the webclient servers running 8.5.0 (as zimbraReverseProxyExactServerVersionCheck is ‘on’ by default) or they will go to one of the webclient servers running 8.5.x (i.e the same Major & Minor version if zimbraReverseProxyExactServerVersionCheck is turned ‘off’).

This is achieved only for the Post-Login UI requests by using an extra ‘version’ field in the ZM_AUTH_TOKEN and then extending the zmauth module in nginx to use this version to figure out an upstream running appropriate version based on the setting of 'exact_version_check' directive in /opt/zimbra/conf/nginx/includes/nginx.conf.web. In case of rolling upgrade scenarios, you need to make sure that you have atleast one webUI server that will be able to serve the UI requests for each backend mailstore version. Consider tweaking zimbraReverseProxyExactServerVersionCheck accordingly.

Testing the new environment

We will some tests to check the proper functionality of the Zimbra Collaboration Web Application Server Split.

  • If all 3 servers (UI Server, Mailbox backend and Proxy) are up and running, users can access Zimbra Web Client following the FQDN or IP of the Proxy server.
  • When the UI server is off, users cannot access Zimbra Web Client or Zimbra Admin Console. However, the SOAP interface of the Mailbox server is accessible via the Proxy.
  • When the Mailbox backend is off, Zimbra Web Client and Zimbra Admin Console will load a login page, but users will not be able to log in.

Identified Support/Known Issues

Verified Against: Zimbra Collaboration Suite 8.6, 8.5 Date Created: 08/4/2014
Article ID: https://wiki.zimbra.com/index.php?title=Separation_Of_WebApp_Service_From_Mailstore_In_ZCS8.5 Date Modified: 2018-05-09



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search