Tonster-VServer-Notes: Difference between revisions
(New page: Please note that VServer is an unsupported product for use with Zimbra, and there may be more issues than presented below in attempting to operate Zimbra while using it. I present the fol...) |
m (Adding category) |
||
(3 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
{| width="100%" border="0" | |||
| bgcolor="orange" | [[Image:Attention.png]] - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information. | |||
|} | |||
==WARNING== | |||
Please note that VServer is an unsupported product for use with Zimbra, and there may be more issues than presented below in attempting to operate Zimbra while using it. I present the following strictly to educate on the issues you are likely to encounter if you are considering VServer, and this is strongly discouraged and again unsupported by Zimbra. | Please note that VServer is an unsupported product for use with Zimbra, and there may be more issues than presented below in attempting to operate Zimbra while using it. I present the following strictly to educate on the issues you are likely to encounter if you are considering VServer, and this is strongly discouraged and again unsupported by Zimbra. | ||
Use at your own peril. | Use at your own peril. | ||
Issues unrelated to platform | ===Issues unrelated to platform=== | ||
We've encountered three | We've encountered three unrelated to platform. These could just | ||
as easily manifest themselves in a RedHat environment as ours and are | as easily manifest themselves in a RedHat environment as ours and are | ||
all related to security. | all related to security. | ||
It is recommended security | |||
practice to only install what is needed to provide fewer vectors for | practice to only install what is needed to provide fewer vectors for | ||
attack. Thus, secure installation will likely hit some of the issues we | attack. Thus, secure installation will likely hit some of the issues we | ||
Line 21: | Line 23: | ||
essential ones in the Zimbra documentation: | essential ones in the Zimbra documentation: | ||
yum install tar bzip2 gzip less man fetchmail sudo libidn curl gmp | ====Extra Modules to install==== | ||
compat-libstdc++-33 compat-libstdc++-296 libtool-ltdl vixie-cron file | <ul> | ||
cpio zip wget sysstat xfs lsof strace pstack pcre gmp libtool-ltdl unrar | <li>yum | ||
p7zip freeze lzop arj arc zoo lha cabextract tnef perl-Convert-TNEF | <li>install | ||
perl-Unix-Syslog perl-Digest-HMAC perl-IO-Socket-SSL perl-LDAP | <li>tar | ||
perl-MIME-Types psacct words perl-DBD-MySQL | <li>bzip2 | ||
<li>gzip | |||
<li>less | |||
<li>man | |||
<li>fetchmail | |||
<li>sudo | |||
<li>libidn | |||
<li>curl | |||
<li>gmp | |||
<li>compat-libstdc++-33 | |||
<li>compat-libstdc++-296 | |||
<li>libtool-ltdl | |||
<li>vixie-cron | |||
<li>file | |||
<li>cpio | |||
<li>zip | |||
<li>wget | |||
<li>sysstat | |||
<li>xfs | |||
<li>lsof | |||
<li>strace | |||
<li>pstack | |||
<li>pcre | |||
<li>gmp | |||
<li>libtool-ltdl | |||
<li>unrar | |||
<li>p7zip | |||
<li>freeze | |||
<li>lzop | |||
<li>arj | |||
<li>arc | |||
<li>zoo | |||
<li>lha | |||
<li>cabextract | |||
<li>tnef | |||
<li>perl-Convert-TNEF | |||
<li>perl-Unix-Syslog | |||
<li>perl-Digest-HMAC | |||
<li>perl-IO-Socket-SSL | |||
<li>perl-LDAP | |||
<li>perl-MIME-Types | |||
<li>psacct | |||
<li>words | |||
<li>perl-DBD-MySQL | |||
</ul> | |||
===CENTOS issues=== | |||
CENTOS issues | |||
We encountered a single CentOS specific issue. CentOS 5.3 uses rsyslog | We encountered a single CentOS specific issue. CentOS 5.3 uses rsyslog | ||
instead of syslog. RHEL 5.3 also includes rsyslog but does not make it | instead of syslog. RHEL 5.3 also includes rsyslog but does not make it | ||
Line 58: | Line 84: | ||
The problem manifests itself in the installation routine which attempts | The problem manifests itself in the installation routine which attempts | ||
to modify the /etc/syslog.conf file and then restart the syslogd service | to modify the /etc/syslog.conf file and then restart the syslogd service | ||
and logrotate which attempts to restart syslogd | and logrotate which attempts to restart syslogd. | ||
VSERVER issues | ===VSERVER issues=== | ||
We needed to expose /proc/vmstat for statistics collection and the stats | We needed to expose /proc/vmstat for statistics collection and the stats | ||
Line 76: | Line 97: | ||
Single IP Special Handling and enable masked loopback addressing. | Single IP Special Handling and enable masked loopback addressing. | ||
[[Category:Community Sandbox]] | |||
Latest revision as of 23:07, 24 November 2009
- This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information. |
WARNING
Please note that VServer is an unsupported product for use with Zimbra, and there may be more issues than presented below in attempting to operate Zimbra while using it. I present the following strictly to educate on the issues you are likely to encounter if you are considering VServer, and this is strongly discouraged and again unsupported by Zimbra.
Use at your own peril.
We've encountered three unrelated to platform. These could just as easily manifest themselves in a RedHat environment as ours and are all related to security.
It is recommended security practice to only install what is needed to provide fewer vectors for attack. Thus, secure installation will likely hit some of the issues we encountered. We have included the following dependencies in our internal documentation. Some have been installed at other's recommendation while we were flailing for a solution and have not been verified as essential. I certainly wouldn't mind someone going through these to determine which are essential. I would suggest including the essential ones in the Zimbra documentation:
Extra Modules to install
- yum
- install
- tar
- bzip2
- gzip
- less
- man
- fetchmail
- sudo
- libidn
- curl
- gmp
- compat-libstdc++-33
- compat-libstdc++-296
- libtool-ltdl
- vixie-cron
- file
- cpio
- zip
- wget
- sysstat
- xfs
- lsof
- strace
- pstack
- pcre
- gmp
- libtool-ltdl
- unrar
- p7zip
- freeze
- lzop
- arj
- arc
- zoo
- lha
- cabextract
- tnef
- perl-Convert-TNEF
- perl-Unix-Syslog
- perl-Digest-HMAC
- perl-IO-Socket-SSL
- perl-LDAP
- perl-MIME-Types
- psacct
- words
- perl-DBD-MySQL
CENTOS issues
We encountered a single CentOS specific issue. CentOS 5.3 uses rsyslog instead of syslog. RHEL 5.3 also includes rsyslog but does not make it the default. Thus, solving this problem would not only prevent questions from CentOS users (and then aggravating them by telling them CentOS is not supported) but will also spare you grief from RHEL customers who may have a need to run rsyslog instead of syslog.
The problem manifests itself in the installation routine which attempts to modify the /etc/syslog.conf file and then restart the syslogd service and logrotate which attempts to restart syslogd.
VSERVER issues
We needed to expose /proc/vmstat for statistics collection and the stats will reflect the entire vserver host and not just the zimbra guest.
We needed to exclude the /opt/zimbra/db/data and /opt/zimbra/logger/db/data directories from the hashify function.
We needed (well not really but it made life simpler) to disable the Single IP Special Handling and enable masked loopback addressing.