Zimbra Collaboration repository: Difference between revisions
No edit summary |
|||
Line 188: | Line 188: | ||
root@zimbra86:~# rpm --import https://files.zimbra.com/downloads/security/public.key | root@zimbra86:~# rpm --import https://files.zimbra.com/downloads/security/public.key | ||
== ( | == (Optional) Enable Selinux == | ||
In order to make the repository works with Selinux you can add the repository folder into the http security context : | In order to make the repository works with Selinux you can add the repository folder into the http security context : | ||
chcon -Rt httpd_sys_content_t /var/repositories/ | chcon -Rt httpd_sys_content_t /var/repositories/ |
Revision as of 10:40, 17 August 2016
Zimbra Collaboration Repository
How it works
Starting in Zimbra Collaboration 8.7, Zimbra uses repositories for 3rd party packages, in the first step towards having the whole product fully installable from repositories.
How to create a local repository
Many Customers do not allow Internet access from their servers to the Internet, which means Zimbra's 8.7 installer will not be able to reach the Zimbra repository and be able to finish the Installation.
In order to successfully install Zimbra 8.7 within such a network, this Wiki will cover all the steps needed to create a local Zimbra mirror where a Company can clone our repo to a mirror, and the rest of the internal servers will take the needed packages locally from the mirror server. Section B in the image above is an example of this type of layout.
Creating a local repository using an Ubuntu OS
Follow these steps to create a local repository or mirror using Ubuntu OS for the dedicated server.
First step will be sure we have the latest packages:
apt-get update
Installing Python
Then we need to install the python packages:
apt-get install python-pip
Installing Amazon Web Services CLI
Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command
pip install awscli
Cloning the packages from our Official Repository
It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder
root@repo:~#mkdir /var/repositories root@repo:~#cd /var/repositories
Cloning the packages for Ubuntu
If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:
root@repo:~# /usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete
Cloning the packages for RHEL/CentOS
If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:
root@repo:~#aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete
Installing & configuring Nginx
Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:
root@repo:~# apt-get install nginx
Zimbra strongly recommends using a valid SSL certificate for the repository server. Put the zimbra-wilcard.crt (must contain the CRT and the CA) and the zimbra-wilcard.key inside the next folder:
root@repo:~# mkdir /etc/nginx/certs
Let's go now to configure our Nginx server, first backup the default config and create a new one:
root@repo:~# mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak root@repo:~# touch /etc/nginx/sites-available/default
You can use the next example to fill your Repository configuration
root@repo:~# vi /etc/nginx/sites-available/default server { listen 443 ssl; ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt; ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ## Let your repository be the root directory root /var/repositories; ## Always good to log access_log /var/log/nginx/repo.access.log; error_log /var/log/nginx/repo.error.log; ## Prevent access to Reprepro's files location ~ /(db|conf) { deny all; return 404; } }
And, restart your nginx service
root@repo:~# service nginx restart * Restarting nginx nginx ...done.
Creating a local repository using a RHEL/CentOS
Pending
Installing Python
Then we need to install the python packages:
yum install python-pip
Installing Amazon Web Services CLI
Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command
pip install awscli
Cloning the packages from our Official Repository
It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder
root@repo:~#mkdir /var/repositories root@repo:~#cd /var/repositories
Cloning the packages for Ubuntu
If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:
root@repo:~# aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete
Cloning the packages for RHEL/CentOS
If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:
root@repo:~# aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete
Installing & configuring Nginx
Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:
root@repo:~# yum install nginx
Zimbra strongly recommends using a valid SSL certificate for the repository server. Put the zimbra-wilcard.crt (must contain the CRT and the CA) and the zimbra-wilcard.key inside the next folder:
root@repo:~# mkdir /etc/nginx/certs
Let's go now to configure our Nginx server, first backup the default config and create a new one:
root@repo:~# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak root@repo:~# mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.bak root@repo:~# touch /etc/nginx/conf.d/default.conf
You can use the next example to fill your Repository configuration
root@repo:~# cat > /etc/nginx/conf.d/default.conf <<EOF server { listen 443 ssl; ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt; ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ## Let your repository be the root directory root /var/repositories; ## Always good to log access_log /var/log/nginx/repo.access.log; error_log /var/log/nginx/repo.error.log; ## Prevent access to Reprepro's files location ~ /(db|conf) { deny all; return 404; } } EOF
And, restart your nginx service
root@repo:~# service nginx restart * Restarting nginx nginx ...done.
How to configure the Zimbra Server for Ubuntu
In this demo scenario, will install a new instance of Zimbra Collaboration server with Ubuntu as the operating system
Configure the sources list
You must add your local repository to your Ubuntu Configuration, please note you must change trusty (Ubuntu 14.04) to precise if you are running Ubuntu 12.04:
root@zimbra86:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF deb [arch=amd64] https://repo.domain.tld/apt/87 trusty zimbra deb-src [arch=amd64] https://repo.domain.tld/apt/87 trusty zimbra EOF
Adding the Zimbra Repository key
You must add the next Zimbra key to the apt keychain
root@zimbra86:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.FfpLxMcUiQ --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Check if the Zimbra Server is ready
You can check if everything is alright by running the next commands, where you can search by one Zimbra package:
root@repo:~# apt-get update root@repo:~# aptitude search zimbra-nginx p zimbra-nginx - nginx Binaries p zimbra-nginx-dbg - nginx binary debug information
How to configure the Zimbra Server for RHEL/CentOS
In this demo scenario, will install a new instance of Zimbra Collaboration server with RHEL/CentOS as the operating system
Configure the yum repository
You must add your local repository to your RHEL/CentOS Configuration :
root@zimbra86:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF [zimbra] name=Zimbra RPM Repository baseurl=https://repo.domain.tld/rpm/87/rhel\$releasever gpgcheck=1 enabled=1 EOF
Adding the Zimbra Repository key
You must add the next Zimbra key to the apt keychain
root@zimbra86:~# rpm --import https://files.zimbra.com/downloads/security/public.key
(Optional) Enable Selinux
In order to make the repository works with Selinux you can add the repository folder into the http security context :
chcon -Rt httpd_sys_content_t /var/repositories/
(Optionnal) Enable Yum with Self Signed Certificate
In order to make the repository works with the self signed certificate you need to add this option to your /etc/yum.conf :
sslverify=false
Check if the Zimbra Server is ready
You can check if everything is alright by running the next commands, where you can search by one Zimbra package:
root@zimbra86:~# yum search zimbra zimbra-altermime.x86_64 : Zimbra's altermime build zimbra-amavis-logwatch.x86_64 : Zimbra's amavis-logwatch build zimbra-amavisd.x86_64 : Zimbra's amavisd build
Installing Zimbra Collaboration 8.7
Last but not least, download the Zimbra Collaboration 8.7 package and run the ./install.sh as usual.
- Note: You will not need to install the OS dependencies like in the past, the new Zimbra Collaboration 8.7 installation script take care of it
During the question about use Zimbra's package repository, type N, so the system will use your local repository
Use Zimbra's package repository [Y] n
The installation will continue as usual, and will finish properly.
Keep the local Repository up to date
The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers
aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/rpm/87 /var/repositories/rpm/87 --no-sign-request --delete
Using Cron
You can keep up to date your repository by putting theses lines into your crontab to update the local repo at 3:30 am every day :
30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 /var/repositories/rpm/87 --no-sign-request --delete
Known issues
SSL issues
This error it's not related to Zimbra, but sometimes if you don't have a valid CA, or the CA is missing in the .crt file that you use for Nginx, when run apt-get update on the Zimbra server you can see the next error:
W: Failed to fetch https://repo.domain.tld/87/dists/precise/zimbra/source/Sources server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
You can fix it by adding your CA inside the /etc/ssl/certs/ca-certificates.crt on the Zimbra server
Identified Support Issues
- No Support issues reported yet.