Configuring Zimbra Using Chef Oracle Cloud

Configuring Zimbra using Chef in the Oracle Cloud

   KB 22826        Last updated on 07/8/2016  




0.00
(0 votes)

Overview

This article demonstrations how to install a single server instance in the Oracle Cloud quickly and easily using orchestrations and chef.

Additional configuration of Zimbra is needed after the installation is complete (see below).

In the example shown, a Zimbra instance is created with 2 vCPU's, 16 GB of RAM, 2 disk partitions (/ - 21GB and /opt/zimbra - 500GB) using the Oracle Linux 6.6 pre-built image. Depending on your email usage profile, this may support between 500 and 2000 users

During the Zimbra Installation process, a 60-day trial license is installed and must be updated by the Zimbra Administrator to continue using Zimbra.

Contact a local Zimbra Partner or Reseller to purchase your license. https://www.zimbra.com/partners/

Zimbra prerequisite packages are installed in the chef section.

For this example, we will use zcs-87 as the Zimbra hostname

Assumptions

  • You have an Oracle Compute Cloud Account and have permissions to run orchestrations, create instances, storage, and network settings.
  • You have uploaded your sshkey in the "Network/Public SSH keys" section (shown here as mysshkey)

The orchestrations shown here are for example only and will need to be customized with your settings such as your Oracle Identity Domain, your Oracle username, etc. The storage Orchestration creates persistent disks so that data survies a reboot.

The Oracle Cloud does not allow SMTP outbound on port 25. Instructions are included on setting the Outgoing SMTP relay to point to a service such as Sendgrid, MailJet, or Mailgun that will need to be subscribed to separately.

Currently, the Oracle Compute Cloud does NOT support snapshots for persistent disks.

WARNING: If you stop the orchestration, you will LOOSE your Zimbra installation and all your data! (reboot works just fine).

Storage Orchestration (start first)

This orchestration:

  1. Defines a security list to be associated with your instance.
  2. Reserves an external IP address for your instance.
  3. Creates security applications (IP port definitions to be allowed for inbound traffic to your instance)
  4. Creates 2 storage volumes, a root volume with Oracle Linux 6.6 pre-installed, and a data volume for Zimbra install.


{
  "description": "oplan For Zimbra 500 GB Storage",
  "name": "/Compute-myidentitydomain/myemail@example.com/zcs-storage-orch-500GB",
  "oplans": [
      {
      "label": "zcs-seclist",
      "obj_type": "seclist",
      "objects": [
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-external"
        }
      ]
    },
    {
      "label": "ZCS IP reservations",
      "obj_type": "ip/reservation",
      "objects": [
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-ipres",
          "parentpool": "/oracle/public/ippool",
          "permanent": true
        }
      ]
    },
    {
      "label": "ZCS security applications",
      "obj_type": "secapplication",
      "objects": [
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-admin",
          "dport": 7071,
          "protocol": "tcp"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub1",
          "dport": 465,
          "protocol": "tcp"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub2",
          "dport": 587,
          "protocol": "tcp"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3",
          "dport": 110,
          "protocol": "tcp"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-imap",
          "dport": 143,
          "protocol": "tcp"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3s",
          "dport": 995,
          "protocol": "tcp"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-imaps",
          "dport": 993,
          "protocol": "tcp"
        }
      ]
    },
    {
      "label": "ZCS storage volumes",
      "obj_type": "storage/volume",

      "objects": [
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcsos1",
          "bootable": true,
          "imagelist": "/oracle/public/OL-6.6-20GB-x11-RD",
          "properties": ["/oracle/public/storage/protocol/iscsi"],
          "size": "22548578304"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcsdata1",
          "properties": ["/oracle/public/storage/latency"],
          "size": "500G"
        }
      ]
    }
  ]
}

Instance Orchestration

You can assign a hostname, but not the domain name for an instance in the oracle cloud. It will always be "yourhostname.compute-myidentitydomain.oraclecloud.internal".

Use DNS to point your A and MX records to the IP address for correct name resolution.

This orchestration

  1. Associates security rules to the security applications that allow inbound connections to your Zimbra server.
  2. Creates an instance with hostname "zcs-87"
  3. Associates a security list with your instance so that the security applications apply to your instance
  4. Associates the external IP address with your instance
  5. Defines the "shape" of your instance (number of CPU's and memory), in this case, the oc4 shape corresponds to 2 vCPU's and 15 GB or RAM
  6. Associates the storage volumes with your instance.
  7. Defines the chef recipe to be downloaded used to install Zimbra. If the download is successful, Zimbra is installed



{
  "description": "oplan for Zimbra Instance",
  "name": "/Compute-myidentitydomain/myemail@example.com/zcs-instance-orch",
  "oplans": [
    {
      "label": "ZCS security rules",
      "obj_type": "secrule",
      "objects": [
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-ssh",
          "application": "/oracle/public/ssh",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-mail",
          "application": "/oracle/public/mail",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-admin",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-admin",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-https",
          "application": "/oracle/public/https",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub-1",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub1",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub-2",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-smtp-sub2",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-imap",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-imap",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3s",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-pop3s",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-myidentitydomain/myemail@example.com/zcs-imaps",
          "application": "/Compute-myidentitydomain/myemail@example.com/zcs-imaps",
          "src_list": "seciplist:/oracle/public/public-internet",
          "dst_list": "seclist:/Compute-myidentitydomain/myemail@example.com/zcs-external",
          "action": "PERMIT"
        }
      ]
    },
    {
      "label": "zcs_oplan",
      "obj_type": "launchplan",
      "objects": [
        {
          "instances": [
            {
              "name": "/Compute-myidentitydomain/myemail@example.com/zcs-87",
              "label": "zcs-87",
              "hostname": "zcs-87",
              "networking": {
                "eth0": {
                  "seclists": ["/Compute-myidentitydomain/myemail@example.com/zcs-external"],
                  "nat": "ipreservation:/Compute-myidentitydomain/myemail@example.com/zcs-ipres"
                }
              },
              "boot_order": [1],
              "shape": "oc4",
              "storage_attachments": [
                {
                  "index": 1,
                  "volume": "/Compute-myidentitydomain/myemail@example.com/zcsos1"
                },
                {
                  "index": 2,
                  "volume": "/Compute-myidentitydomain/myemail@example.com/zcsdata1"
                }
              ],
              "sshkeys": ["/Compute-myidentitydomain/myemail@example.com/mysshkey"],
              "attributes": {
                 	"userdata": {
                 		"chef": {
                          "run_list": ["recipe[zimbra]"],
                          "install_type": ["omnibus"],
                          "omnibus_url": ["https://www.opscode.com/chef/install.sh"],
                          "cookbooks_url": ["https://current.zimbraview.com/home/oracle-demo@zimbraview.com/Briefcase/Oracle-Cloud-Install/chef-zimbra.zip"]
                        }
                     }   
                 }
            }
          ]
        }
      ]
    }
  ]
}

Additional Zimbra Configuration after installation

  1. Login to the new server with ssh and set the Zimbra Admin Password
  2. zmprov sp admin@hostname.oracle-cloud-domain.internal Y0urN3wP@$$
    
  3. Login to the Admin Console to
    1. Activate the license or install your license file from Zimbra and activate it.
    2. Configure Zimbra with your domain name and accounts.
    3. OPTIONAL: Install a commercial certificate
  4. If needed, create an account with an outbound SMTP service such as Sendgrid, Mailjet, or Mailgun. Configure the Zimbra MTA service to relay outbound mail through that service.
  5. Add a separate backup partition (created with a separate storage orchestration), mount it in the instance, and modify the zimbra backup configuration to point to this partition.
  6. Update your DNS and MX records when you are ready to cutover.

Sendgrid example

Setting the relay host

see also Sending mail through an external relay Set the port for outbound emal From the command line:

 zmprov ms `zmhostname` zimbraMtaRelayHost smtp.sendgrid.net:587

Edit /opt/zimbra/conf/relay_password and add the following line:

smtp.sendgrid.net yoursendgridaccount:yoursendgridpassword

Execute the following commands:

Run all commands as the zimbra user

cd /opt/zimbra/conf
postmap /opt/zimbra/conf/relay_password
postmap -q smtp.sendgrid.net /opt/zimbra/conf/relay_password
zmprov ms `zmhostname` zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password
zmprov ms `zmhostname` zimbraMtaSmtpSaslAuthEnable yes
zmprov ms `zmhostname` zimbraMtaSmtpCnameOverridesServername no
zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous;

Wait 2 minutes for the postfix configurations to be updated.

Verified Against: ZCS 8.7.0 Date Created: 6/30/2016
Article ID: https://wiki.zimbra.com/index.php?title=Configuring_Zimbra_Using_Chef_Oracle_Cloud Date Modified: 07/8/2016



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search