Zimbra Package Repository
Zimbra Package Repository
How it works
Zimbra uses package repositories for all the 3rd party components - this is the first step towards having the whole product fully installable from repositories.
Local Mirror
Many deployments do not allow for internet access from their servers. Zimbra's installer will not be able to reach the public repository and be able to finish the installation.
In order to install successfully in an air-gap environment or dark environment, this Wiki will cover all the steps needed to create a local Zimbra mirror from the master repository. The internal servers will take the needed packages locally from the mirror server. Section B in the image above is an example of this type of layout.
Creating a local repository
Installing Python
Then we need to install the python packages:
RHEL # yum -y install python-pip Ubuntu # apt -y install python-pip
Installing Amazon Web Services CLI
Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command
pip install awscli
Cloning the packages from our Official Repository
It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder
# mkdir /var/repositories # cd /var/repositories
Cloning the packages for Ubuntu
Run the next command to download the packages:
Ubuntu
aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/apt/1000 ./apt/1000 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/apt/1000-ne ./apt/1000-ne --no-sign-request --delete
RHEL/CentOS
aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/rpm/1000 ./rpm/1000 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/rpm/1000-ne ./rpm/1000-ne --no-sign-request --delete
Installing & configuring Nginx
Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:
root@repo:~# yum/apt install nginx
Use a valid SSL certificate for the repository server. LetsEncrypt has been used to generate the SSL cert for the mirror. Let's go now to configure our Nginx server, first backup the default config and create a new one. You can use the next example to fill your repo configuration.
root@repo:~# cat > /etc/nginx/conf.d/default.conf <<EOF server { listen 443 ssl; ssl_certificate /etc/letsencrypt/live/repo.domain.tld/fullchain.crt; ssl_certificate_key /etc/letsencrypt/live/repo.domain.tld/privkey.prem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ## Let your repository be the root directory root /var/repositories; ## Always good to log access_log /var/log/nginx/repo.access.log; error_log /var/log/nginx/repo.error.log; ## Prevent access to Reprepro's files location ~ /(db|conf) { deny all; return 404; } } EOF
And, restart your nginx service
root@repo:~# systemctl restart nginx root@repo:~# systemctl status nginx ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2023-03-21 06:20:25 UTC; 1s ago
Configure your Zimbra Server for Ubuntu
In this section, you will install a new instance of Zimbra on Ubuntu.
Configure the sources list
You must add your local mirror (repo.domain.tld
) to your Ubuntu Configuration. Note, focal
added for Ubuntu 20.04
ZCS Daffodil (v10)
root@zimbra10:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF deb [arch=amd64] https://repo.zimbra.shop/apt/87 focal zimbra deb [arch=amd64] https://repo.zimbra.shop/apt/1000 focal zimbra deb [arch=amd64] https://repo.zimbra.shop/apt/1000-ne focal zimbra deb-src [arch=amd64] https://repo.zimbra.shop/apt/87 focal zimbra EOF
Adding the Zimbra Repository key
You must add the next Zimbra key to the apt keychain
root@zimbra10:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 Executing: /tmp/apt-key-gpghome.T4k4cXSObI/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Check if the Zimbra Server is ready
You can check if everything is alright by running the next commands, where you can search by one Zimbra package:
# apt-get update Hit:1 https://repo.zimbra.shop/apt/87 focal InRelease Hit:2 https://repo.zimbra.shop/apt/1000 focal InRelease Hit:3 https://repo.zimbra.shop/apt/1000-ne focal InRelease Hit:4 http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu focal InRelease Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB] Hit:6 http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu focal-updates InRelease Get:7 http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB] Fetched 222 kB in 1s (224 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done # apt search zimbra-nginx Sorting... Done Full Text Search... Done zimbra-nginx/unknown 1.20.0-1zimbra8.8b3.20.04 amd64 nginx Binaries zimbra-nginx-dbg/unknown 1.20.0-1zimbra8.8b3.20.04 amd64 nginx binary debug information
Keep the local Repository up to date
The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers
aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/apt/1000 /var/repositories/apt/1000 --no-sign-request --delete aws s3 sync s3://repo.zimbra.com/apt/1000-ne /var/repositories/apt/1000-ne --no-sign-request --delete
Using Cron
You can keep up to date your repository by putting theses lines into your crontab to update the local repo at 3:30 am every day :
30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/1000 /var/repositories/apt/1000 --no-sign-request --delete 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/1000-ne /var/repositories/apt/1000-ne --no-sign-request --delete