Difference between revisions of "Zimbra Collaboration repository"

Line 1: Line 1:
 +
{{BC|Community Sandbox}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Zimbra Collaboration Repository=
 +
{{KB|{{Unsupported}}|{{ZCS 8.7}}|||}}
  
 +
=How it works=
 +
Starting in Zimbra Collaboration 8.7, Zimbra uses repositories for 3rd party packages, in the first step to have a Software fully based on repositories.
  
apt-get update
+
[[File:Zimbra-repository.png|1024px]]
apt-get install python-pip
 
The following extra packages will be installed:
 
  binutils build-essential dpkg-dev fakeroot g++ g++-4.8 gcc gcc-4.8
 
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl
 
  libasan0 libatomic1 libc-dev-bin libc6-dev libdpkg-perl libfakeroot
 
  libfile-fcntllock-perl libgcc-4.8-dev libgomp1 libitm1 libquadmath0
 
  libstdc++-4.8-dev libtsan0 linux-libc-dev make manpages-dev
 
  python-chardet-whl python-colorama python-colorama-whl python-distlib
 
  python-distlib-whl python-html5lib python-html5lib-whl python-pip-whl
 
  python-requests-whl python-setuptools python-setuptools-whl python-six-whl
 
  python-urllib3-whl python-wheel python3-pkg-resources
 
Suggested packages:
 
  binutils-doc debian-keyring g++-multilib g++-4.8-multilib gcc-4.8-doc
 
  libstdc++6-4.8-dbg gcc-multilib autoconf automake1.9 libtool flex bison gdb
 
  gcc-doc gcc-4.8-multilib gcc-4.8-locales libgcc1-dbg libgomp1-dbg
 
  libitm1-dbg libatomic1-dbg libasan0-dbg libtsan0-dbg libquadmath0-dbg
 
  glibc-doc libstdc++-4.8-doc make-doc python-genshi python-lxml
 
  python3-setuptools
 
Recommended packages:
 
  python-dev-all
 
The following NEW packages will be installed:
 
  binutils build-essential dpkg-dev fakeroot g++ g++-4.8 gcc gcc-4.8
 
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl
 
  libasan0 libatomic1 libc-dev-bin libc6-dev libdpkg-perl libfakeroot
 
  libfile-fcntllock-perl libgcc-4.8-dev libgomp1 libitm1 libquadmath0
 
  libstdc++-4.8-dev libtsan0 linux-libc-dev make manpages-dev
 
  python-chardet-whl python-colorama python-colorama-whl python-distlib
 
  python-distlib-whl python-html5lib python-html5lib-whl python-pip
 
  python-pip-whl python-requests-whl python-setuptools python-setuptools-whl
 
  python-six-whl python-urllib3-whl python-wheel python3-pkg-resources
 
0 upgraded, 43 newly installed, 0 to remove and 34 not upgraded.
 
Need to get 776 kB/35.8 MB of archives.
 
After this operation, 102 MB of additional disk space will be used.
 
Do you want to continue? [Y/n] y
 
  
pip install awscli
+
=How to create a local repository=
 +
We understand that many Customers might don't allow the Internet access from the servers to Internet, so the Zimbra's 8.7 installation will not be able to reach the Zimbra repository and be able to finish the Installation. For that reason, this Wiki will cover all the steps to create a local Zimbra mirror where a Company can clone our repo, and the rest of the internal servers will take the needed packages locally from the mirror server, you can see an example on the  above image, in the section B.
  
 +
==Creating a local repository using an Ubuntu OS==
 +
Follow these steps to create a local repository or mirror using Ubuntu OS for the dedicated server.
  
mkdir /var/repositories
+
First step will be sure we have the latest packages:
cd /var/repositories
+
apt-get update
 +
===Installing Python===
 +
Then we need to install the python packages:
 +
apt-get install python-pip
  
Downloading/unpacking awscli
+
===Installing Amazon Web Services CLI===
  Downloading awscli-1.10.17-py2.py3-none-any.whl (919kB):
+
Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command
  Downloading awscli-1.10.17-py2.py3-none-any.whl (919kB):  0% 4.1kB
+
  pip install awscli
  Downloading awscli-1.10.17-py2.py3-none-any.whl (919kB):  0%  8.2kB
 
  Downloading awscli-1.10.17-py2.py3-none-any.whl (919kB):  1%  12kB
 
  Downloading awscli-1.10.17-py2.py3-none-any.whl (919kB):  1%  16kB
 
[...]
 
    changing mode of /usr/local/bin/rst2man.py to 755
 
    changing mode of /usr/local/bin/rst2s5.py to 755
 
    changing mode of /usr/local/bin/rstpep2html.py to 755
 
    changing mode of /usr/local/bin/rst2odt.py to 755
 
    changing mode of /usr/local/bin/rst2xetex.py to 755
 
    changing mode of /usr/local/bin/rst2latex.py to 755
 
    changing mode of /usr/local/bin/rst2pseudoxml.py to 755
 
    changing mode of /usr/local/bin/rst2xml.py to 755
 
    changing mode of /usr/local/bin/rst2html.py to 755
 
Successfully installed awscli docutils botocore rsa s3transfer jmespath python-dateutil pyasn1 futures
 
Cleaning up...
 
  
root@repo:~# /usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./87 --no-sign-request --delete
+
===Cloning the packages from our Official Repository ===
download: s3://repo.zimbra.com/apt/87/db/version to 87/db/version
+
It's time to download all the packages  from our official Repository to the local folder, first step it's create the local folder
Completed 1 part(s) with ... file(s) remaining
+
root@repo:~#mkdir /var/repositories
download: s3://repo.zimbra.com/apt/87/dists/precise/Release.gpg to 87/dists/precise/Release.gpg
+
root@repo:~#cd /var/repositories
Completed 2 part(s) with ... file(s) remaining
+
====Cloning the packages for Ubuntu====
download: s3://repo.zimbra.com/apt/87/dists/precise/InRelease to 87/dists/precise/InRelease
+
If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:
Completed 3 part(s) with ... file(s) remaining
+
root@repo:~# /usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete
download: s3://repo.zimbra.com/apt/87/dists/precise/Release to 87/dists/precise/Release
+
====Cloning the packages for RHEL/CentOS====
Completed 4 part(s) with ... file(s) remaining
+
If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:
download: s3://repo.zimbra.com/apt/87/db/contents.cache.db to 87/db/contents.cache.db
+
/usr/local/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete
Completed 5 part(s) with ... file(s) remaining
 
download: s3://repo.zimbra.com/apt/87/dists/precise/zimbra/source/Release to 87/dists/precise/zimbra/source/Release
 
Completed 6 part(s) with ... file(s) remaining
 
[...]
 
Completed 1551 of 1553 part(s) with 2 file(s) remaining
 
download: s3://repo.zimbra.com/apt/87/pool/zimbra/z/zimbra-tcmalloc/zimbra-tcmalloc_2.4.orig.tar.gz to 87/pool/zimbra/z/zimbra-tcmalloc/zimbra-tcmalloc_2.4.orig.tar.gz
 
Completed 1552 of 1553 part(s) with 1 file(s) remaining
 
download: s3://repo.zimbra.com/apt/87/pool/zimbra/z/zimbra-zeromq/zimbra-zeromq_4.1.3-1zimbra8.7b1.14.04_amd64.deb to 87/pool/zimbra/z/zimbra-zeromq/zimbra-zeromq_4.1.3-1zimbra8.7b1.14.04_amd64.deb
 
  
 +
===Installing & configuring Nginx===
 +
Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:
 +
root@repo:~# apt-get install nginx
  
  mkdir /etc/nginx/certs
+
Zimbra strongly recommends to use a valid SSL certificate for the repository server, put the '''zimbra-wilcard.crt''' (must contain the CRT and the CA) and the '''zimbra-wilcard.key''' inside the next folder:
 
+
  root@repo:~# mkdir /etc/nginx/certs
root@repo:~# apt-get install nginx
+
Let's go now to configure our Nginx server, first backup the default config and create a new one:
Reading package lists... Done
+
root@repo:~# mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
Building dependency tree     
+
root@repo:~# touch /etc/nginx/sites-available/default
Reading state information... Done
+
You can use the next example to fill your Repository configuration
The following extra packages will be installed:
+
<pre>root@repo:~# vi /etc/nginx/sites-available/default
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
 
  libjpeg-turbo8 libjpeg8 libtiff5 libvpx1 libxpm4 libxslt1.1 nginx-common
 
  nginx-core
 
Suggested packages:
 
  libgd-tools fcgiwrap nginx-doc
 
The following NEW packages will be installed:
 
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
 
  libjpeg-turbo8 libjpeg8 libtiff5 libvpx1 libxpm4 libxslt1.1 nginx
 
  nginx-common nginx-core
 
0 upgraded, 14 newly installed, 0 to remove and 34 not upgraded.
 
Need to get 2,705 kB of archives.
 
After this operation, 9,057 kB of additional disk space will be used.
 
Do you want to continue? [Y/n]
 
[...]
 
Setting up libjpeg-turbo8:amd64 (1.3.0-0ubuntu2) ...
 
Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
 
Setting up libjbig0:amd64 (2.0-2ubuntu4.1) ...
 
Setting up libtiff5:amd64 (4.0.3-7ubuntu0.4) ...
 
Setting up libvpx1:amd64 (1.3.0-2) ...
 
Setting up libxpm4:amd64 (1:3.5.10-1) ...
 
Setting up libgd3:amd64 (2.1.0-3) ...
 
Setting up libxslt1.1:amd64 (1.1.28-2build1) ...
 
Setting up nginx-common (1.4.6-1ubuntu3.4) ...
 
Processing triggers for ureadahead (0.100.0-16) ...
 
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
 
Setting up nginx-core (1.4.6-1ubuntu3.4) ...
 
Setting up nginx (1.4.6-1ubuntu3.4) ...
 
Processing triggers for libc-bin (2.19-0ubuntu6.7) ...
 
 
 
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
 
touch /etc/nginx/sites-available/default
 
vi /etc/nginx/sites-available/default
 
 
 
 
server {
 
server {
 
     listen      443 ssl;
 
     listen      443 ssl;
Line 140: Line 66:
 
         return      404;
 
         return      404;
 
     }
 
     }
}
+
}</pre>
 +
And, restart your nginx service
 +
<pre>root@repo:~# service nginx restart
 +
* Restarting nginx nginx
 +
  ...done.</pre>
 +
 
 +
==Creating a local repository using an Ubuntu OS==
 +
Pending
 +
===Installing Python===
 +
Pending
 +
===Installing Amazon Web Services CLI===
 +
Pending
 +
===Cloning the packages from our Official Repository ===
 +
Pending
 +
====Cloning the packages for Ubuntu====
 +
Pending
 +
====Cloning the packages for RHEL/CentOS====
 +
Pending
 +
===Installing & configuring Nginx===
 +
Pending
 +
=How to configure the Zimbra Server=
 +
In this demo scenario, will install a new Zimbra Collaboration server
 +
 
 +
==Configure the sources list==
 +
You must add your local repository to your Ubuntu Configuration, please note you must change '''trusty''' (Ubuntu 14.04) for '''precise''' if you are running Ubuntu 12.04:
 +
<pre>root@zimbra86:~/# vi /etc/apt/sources.list.d/zimbra-mirror.list
 +
deb [arch=amd64] https://repo.zimbra.io/apt/87 trusty zimbra
 +
deb-src [arch=amd64] https://repo.zimbra.io/apt/87 trusty zimbra</pre>
 +
 
 +
==Adding the Zimbra Repository key==
 +
You must add the next Zimbra key to the apt keychain
 +
<pre>root@zimbra86:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
 +
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.FfpLxMcUiQ --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
 +
gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com
 +
gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported
 +
gpg: Total number processed: 1
 +
gpg:              imported: 1  (RSA: 1)</pre>
  
root@repo:~# service nginx restart
+
==Check if the Zimbra Server is ready==
* Restarting nginx nginx
+
You can check if everything is alright by running the next commands, where you can search by one Zimbra package:
  ...done.
+
<pre>apt-get update
 +
<pre>root@zimbra86:~# aptitude search zimbra-nginx
 +
p  zimbra-nginx                 - nginx Binaries                                                                                                       
 +
p  zimbra-nginx-dbg        - nginx binary debug information</pre>
  
 +
==Installing Zimbra Collaboration 8.7==
 +
Last but not least, download the Zimbra Collaboration 8.7 package and run the '''./install.sh''' as usual.
 +
*Note: You will not need to install the OS dependencies like in the past, the new Zimbra Collaboration 8.7 installation script take care of it
  
root@zimbra86:~/# vi /etc/apt/sources.list.d/zimbra-mirror.list
+
During the question about use '''Zimbra's package repository''', '''type N''', so the system will use your local repository
deb [arch=amd64] https://repo.zimbra.io/87 precise zimbra
+
Use Zimbra's package repository [Y] n
deb-src [arch=amd64] https://repo.zimbra.io/87 precise zimbra
 
  
 +
The installation will continue as usual, and will finish properly.
  
 +
=Keep the local Repository up to date=
 +
The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers
 +
/usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete
 +
/usr/local/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete
  
==Known issues==
+
'''*Note: You can create a simple bash script and cron it every day, for example.'''
W: Failed to fetch https://repo.zimbra.io/87/dists/precise/zimbra/source/Sources  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
+
=Known issues=
 +
==SSL issues==
 +
This error it's not related to Zimbra, but sometimes if you don't have a valid CA, or the CA is missing in the .crt file that you use for Nginx, when run apt-get update on the Zimbra server you can see the next error:
 +
W: Failed to fetch https://repo.zimbra.io/87/dists/precise/zimbra/source/Sources  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
 +
You can fix it by adding your CA inside the '''/etc/ssl/certs/ca-certificates.crt''' on the Zimbra server

Revision as of 17:15, 4 April 2016

Zimbra Collaboration Repository

   KB 22577        Last updated on 2016-04-4  




0.00
(0 votes)

How it works

Starting in Zimbra Collaboration 8.7, Zimbra uses repositories for 3rd party packages, in the first step to have a Software fully based on repositories.

Zimbra-repository.png

How to create a local repository

We understand that many Customers might don't allow the Internet access from the servers to Internet, so the Zimbra's 8.7 installation will not be able to reach the Zimbra repository and be able to finish the Installation. For that reason, this Wiki will cover all the steps to create a local Zimbra mirror where a Company can clone our repo, and the rest of the internal servers will take the needed packages locally from the mirror server, you can see an example on the above image, in the section B.

Creating a local repository using an Ubuntu OS

Follow these steps to create a local repository or mirror using Ubuntu OS for the dedicated server.

First step will be sure we have the latest packages:

apt-get update

Installing Python

Then we need to install the python packages:

apt-get install python-pip

Installing Amazon Web Services CLI

Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command

pip install awscli

Cloning the packages from our Official Repository

It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder

root@repo:~#mkdir /var/repositories
root@repo:~#cd /var/repositories

Cloning the packages for Ubuntu

If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:

root@repo:~# /usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete

Cloning the packages for RHEL/CentOS

If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:

/usr/local/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete

Installing & configuring Nginx

Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:

root@repo:~# apt-get install nginx

Zimbra strongly recommends to use a valid SSL certificate for the repository server, put the zimbra-wilcard.crt (must contain the CRT and the CA) and the zimbra-wilcard.key inside the next folder:

root@repo:~# mkdir /etc/nginx/certs

Let's go now to configure our Nginx server, first backup the default config and create a new one:

root@repo:~# mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
root@repo:~# touch /etc/nginx/sites-available/default

You can use the next example to fill your Repository configuration

root@repo:~# vi /etc/nginx/sites-available/default
server {
    listen      443 ssl;
    ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt;
    ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ## Let your repository be the root directory
    root        /var/repositories;

    ## Always good to log
    access_log  /var/log/nginx/repo.access.log;
    error_log   /var/log/nginx/repo.error.log;

    ## Prevent access to Reprepro's files
    location ~ /(db|conf) {
        deny        all;
        return      404;
    }
}

And, restart your nginx service

root@repo:~# service nginx restart
 * Restarting nginx nginx
   ...done.

Creating a local repository using an Ubuntu OS

Pending

Installing Python

Pending

Installing Amazon Web Services CLI

Pending

Cloning the packages from our Official Repository

Pending

Cloning the packages for Ubuntu

Pending

Cloning the packages for RHEL/CentOS

Pending

Installing & configuring Nginx

Pending

How to configure the Zimbra Server

In this demo scenario, will install a new Zimbra Collaboration server

Configure the sources list

You must add your local repository to your Ubuntu Configuration, please note you must change trusty (Ubuntu 14.04) for precise if you are running Ubuntu 12.04:

root@zimbra86:~/# vi /etc/apt/sources.list.d/zimbra-mirror.list
deb [arch=amd64] https://repo.zimbra.io/apt/87 trusty zimbra
deb-src [arch=amd64] https://repo.zimbra.io/apt/87 trusty zimbra

Adding the Zimbra Repository key

You must add the next Zimbra key to the apt keychain

root@zimbra86:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.FfpLxMcUiQ --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com
gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

Check if the Zimbra Server is ready

You can check if everything is alright by running the next commands, where you can search by one Zimbra package:

apt-get update
<pre>root@zimbra86:~# aptitude search zimbra-nginx
p   zimbra-nginx                  - nginx Binaries                                                                                                         
p   zimbra-nginx-dbg         - nginx binary debug information

Installing Zimbra Collaboration 8.7

Last but not least, download the Zimbra Collaboration 8.7 package and run the ./install.sh as usual.

  • Note: You will not need to install the OS dependencies like in the past, the new Zimbra Collaboration 8.7 installation script take care of it

During the question about use Zimbra's package repository, type N, so the system will use your local repository

Use Zimbra's package repository [Y] n

The installation will continue as usual, and will finish properly.

Keep the local Repository up to date

The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers

/usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete
/usr/local/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete

*Note: You can create a simple bash script and cron it every day, for example.

Known issues

SSL issues

This error it's not related to Zimbra, but sometimes if you don't have a valid CA, or the CA is missing in the .crt file that you use for Nginx, when run apt-get update on the Zimbra server you can see the next error:

W: Failed to fetch https://repo.zimbra.io/87/dists/precise/zimbra/source/Sources  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
You can fix it by adding your CA inside the /etc/ssl/certs/ca-certificates.crt on the Zimbra server
Jump to: navigation, search