Zimbra Collaboration repository

Zimbra Collaboration Repository

   KB 22577        Last updated on 2018-03-26  




0.00
(0 votes)

How it works

Starting in Zimbra Collaboration 8.7, Zimbra uses repositories for 3rd party packages, in the first step towards having the whole product fully installable from repositories.

Zimbra-repository.png

How to create a local repository

Many Customers do not allow Internet access from their servers to the Internet, which means Zimbra's 8.7 installer will not be able to reach the Zimbra repository and be able to finish the Installation.

In order to successfully install Zimbra 8.7 within such a network, this Wiki will cover all the steps needed to create a local Zimbra mirror where a Company can clone our repo to a mirror, and the rest of the internal servers will take the needed packages locally from the mirror server. Section B in the image above is an example of this type of layout.

Creating a local repository using an Ubuntu OS

Follow these steps to create a local repository or mirror using Ubuntu OS for the dedicated server.

First step will be sure we have the latest packages:

apt-get update

Installing Python

Then we need to install the python packages:

apt-get install python-pip

Installing Amazon Web Services CLI

Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command

pip install awscli

Cloning the packages from our Official Repository

It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder

root@repo:~#mkdir /var/repositories
root@repo:~#cd /var/repositories

Cloning the packages for Ubuntu

If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:

root@repo:~# /usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete

Cloning the packages for RHEL/CentOS

If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:

 root@repo:~#aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete

Installing & configuring Nginx

Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:

root@repo:~# apt-get install nginx

Zimbra strongly recommends using a valid SSL certificate for the repository server. Put the zimbra-wilcard.crt (must contain the CRT and the CA) and the zimbra-wilcard.key inside the next folder:

root@repo:~# mkdir /etc/nginx/certs

Let's go now to configure our Nginx server, first backup the default config and create a new one:

root@repo:~# mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
root@repo:~# touch /etc/nginx/sites-available/default

You can use the next example to fill your Repository configuration

root@repo:~# vi /etc/nginx/sites-available/default
server {
    listen      443 ssl;
    ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt;
    ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ## Let your repository be the root directory
    root        /var/repositories;

    ## Always good to log
    access_log  /var/log/nginx/repo.access.log;
    error_log   /var/log/nginx/repo.error.log;

    ## Prevent access to Reprepro's files
    location ~ /(db|conf) {
        deny        all;
        return      404;
    }
}

And, restart your nginx service

root@repo:~# service nginx restart
 * Restarting nginx nginx
   ...done.

Creating a local repository using a RHEL/CentOS

Pending

Installing Python

Then we need to install the python packages:

 yum install python-pip

Installing Amazon Web Services CLI

Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command

 pip install awscli

Cloning the packages from our Official Repository

It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder

 root@repo:~#mkdir /var/repositories
 root@repo:~#cd /var/repositories

Cloning the packages for Ubuntu

If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:

 root@repo:~# aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete

Additional for ZCS 8.8.7 and onwards:

 root@repo:~# aws s3 sync s3://repo.zimbra.com/apt/zv1 ./apt/zv1 --no-sign-request --delete

Additional for ZCS 8.8.8 and onwards:

root@repo:~# aws s3 sync s3://repo.zimbra.com/apt/888patch ./apt/888patch --no-sign-request --delete

Cloning the packages for RHEL/CentOS

If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:

 root@repo:~# aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete

Additional for ZCS 8.8.7 and onwards:

 root@repo:~# aws s3 sync s3://repo.zimbra.com/rpm/zv1 ./rpm/zv1 --no-sign-request --delete

Additional for ZCS 8.8.8 and onwards:

 root@repo:~# aws s3 sync s3://repo.zimbra.com/rpm/888patch ./rpm/888patch --no-sign-request --delete

Installing & configuring Nginx

Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:

 root@repo:~# yum install nginx

Zimbra strongly recommends using a valid SSL certificate for the repository server. Put the zimbra-wilcard.crt (must contain the CRT and the CA) and the zimbra-wilcard.key inside the next folder:

 root@repo:~# mkdir /etc/nginx/certs

Let's go now to configure our Nginx server, first backup the default config and create a new one:

 root@repo:~# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
 root@repo:~# mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.bak
 root@repo:~# touch /etc/nginx/conf.d/default.conf

You can use the next example to fill your Repository configuration

 root@repo:~# cat > /etc/nginx/conf.d/default.conf <<EOF
 server {
     listen      443 ssl;
     ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt;
     ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers HIGH:!aNULL:!MD5;
     ## Let your repository be the root directory
     root        /var/repositories;
 
     ## Always good to log
     access_log  /var/log/nginx/repo.access.log;
     error_log   /var/log/nginx/repo.error.log;
 
     ## Prevent access to Reprepro's files
     location ~ /(db|conf) {
         deny        all;
         return      404;
     }
 }
 EOF

And, restart your nginx service

 root@repo:~# service nginx restart
  * Restarting nginx nginx
    ...done.

How to configure the Zimbra Server for Ubuntu

In this demo scenario, will install a new instance of Zimbra Collaboration server with Ubuntu as the operating system

Configure the sources list

You must add your local repository to your Ubuntu Configuration, please note you must change (kernel of) precise to trusty (Ubuntu 14.04) if you are running Ubuntu 12.04:

 root@zimbra86:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
 deb     [arch=amd64] https://repo.domain.tld/apt/87 trusty zimbra
 deb-src [arch=amd64] https://repo.domain.tld/apt/87 trusty zimbra
 EOF

Adding the Zimbra Repository key

You must add the next Zimbra key to the apt keychain

 root@zimbra86:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.FfpLxMcUiQ --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com
 gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported
 gpg: Total number processed: 1
 gpg:               imported: 1  (RSA: 1)

Check if the Zimbra Server is ready

You can check if everything is alright by running the next commands, where you can search by one Zimbra package:

 root@repo:~# apt-get update
 root@repo:~# aptitude search zimbra-nginx
 p   zimbra-nginx             - nginx Binaries                                                                                                         
 p   zimbra-nginx-dbg         - nginx binary debug information

How to configure the Zimbra Server for RHEL/CentOS

In this demo scenario, will install a new instance of Zimbra Collaboration server with RHEL/CentOS as the operating system

Configure the yum repository

You must add your local repository to your RHEL/CentOS Configuration :

 root@zimbra86:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
 [zimbra]
 name=Zimbra RPM Repository
 baseurl=https://repo.domain.tld/rpm/87/rhel\$releasever
 gpgcheck=1
 enabled=1 
 EOF

Adding the Zimbra Repository key

You must add the next Zimbra key to the apt keychain

 root@zimbra86:~# rpm --import https://files.zimbra.com/downloads/security/public.key

(Optional) Enable Selinux

In order to make the repository works with Selinux you can add the repository folder into the http security context :

 chcon -Rt httpd_sys_content_t /var/repositories/

(Optional) Enable Yum with Self Signed Certificate

In order to make the repository works with the self signed certificate you need to add this option to your /etc/yum.conf :

 sslverify=false

Check if the Zimbra Server is ready

You can check if everything is alright by running the next commands, where you can search by one Zimbra package:

 root@zimbra86:~# yum search zimbra
 zimbra-altermime.x86_64 : Zimbra's altermime build
 zimbra-amavis-logwatch.x86_64 : Zimbra's amavis-logwatch build
 zimbra-amavisd.x86_64 : Zimbra's amavisd build

Installing Zimbra Collaboration 8.7

Last but not least, download the Zimbra Collaboration 8.7 package and run the ./install.sh as usual.

  • Note: You will not need to install the OS dependencies like in the past, the new Zimbra Collaboration 8.7 installation script take care of it

During the question about use Zimbra's package repository, type N, so the system will use your local repository

Use Zimbra's package repository [Y] n

The installation will continue as usual, and will finish properly.

Keep the local Repository up to date

The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers

 aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/rpm/87 /var/repositories/rpm/87 --no-sign-request --delete

Using Cron

You can keep up to date your repository by putting theses lines into your crontab to update the local repo at 3:30 am every day :

 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete
 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 /var/repositories/rpm/87 --no-sign-request --delete

Known issues

SSL issues

This error it's not related to Zimbra, but sometimes if you don't have a valid CA, or the CA is missing in the .crt file that you use for Nginx, when run apt-get update on the Zimbra server you can see the next error:

W: Failed to fetch https://repo.domain.tld/87/dists/precise/zimbra/source/Sources  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

You can fix it by adding your CA inside the /etc/ssl/certs/ca-certificates.crt on the Zimbra server

Identified Support Issues

  • No Support issues reported yet.
Verified Against: Zimbra Collaboration Suite 8.7 Date Created: 04/04/2016
Article ID: https://wiki.zimbra.com/index.php?title=Zimbra_Collaboration_repository Date Modified: 2018-03-26



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by Jorge SME2 Copyeditor Last edit by Prashant Surana
Jump to: navigation, search