Zimbra Package Repository

Zimbra Package Repository


How it works

Zimbra uses package repositories for all the 3rd party components - this is the first step towards having the whole product fully installable from repositories.

Zimbra-repository.png

Local Mirror

Many deployments do not allow for internet access from their servers. Zimbra's installer will not be able to reach the public repository and be able to finish the installation.

In order to install successfully in an air-gap environment or dark environment, this Wiki will cover all the steps needed to create a local Zimbra mirror from the master repository. The internal servers will take the needed packages locally from the mirror server. Section B in the image above is an example of this type of layout.

Creating a local repository

Installing Python

Then we need to install the python packages:

   RHEL # yum -y install python-pip
 Ubuntu # apt -y install python-pip

Installing Amazon Web Services CLI

Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command

 pip install awscli

Cloning the packages from our Official Repository

It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder

 # mkdir /var/repositories
 # cd /var/repositories

Cloning the packages for Ubuntu

Run the next command to download the packages:

Ubuntu

 aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/apt/1000 ./apt/1000 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/apt/1000-ne ./apt/1000-ne --no-sign-request --delete

RHEL/CentOS

 aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/rpm/1000 ./rpm/1000 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/rpm/1000-ne ./rpm/1000-ne --no-sign-request --delete

Installing & configuring Nginx

Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:

 root@repo:~# yum/apt install nginx

Use a valid SSL certificate for the repository server. LetsEncrypt has been used to generate the SSL cert for the mirror. Let's go now to configure our Nginx server, first backup the default config and create a new one. You can use the next example to fill your repo configuration.

 root@repo:~# cat > /etc/nginx/conf.d/default.conf <<EOF
 server {
     listen      443 ssl;
     ssl_certificate /etc/letsencrypt/live/repo.domain.tld/fullchain.crt;
     ssl_certificate_key /etc/letsencrypt/live/repo.domain.tld/privkey.prem;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers HIGH:!aNULL:!MD5;
     ## Let your repository be the root directory
     root        /var/repositories;
 
     ## Always good to log
     access_log  /var/log/nginx/repo.access.log;
     error_log   /var/log/nginx/repo.error.log;
 
     ## Prevent access to Reprepro's files
     location ~ /(db|conf) {
         deny        all;
         return      404;
     }
 }
 EOF

And, restart your nginx service

 root@repo:~# systemctl restart nginx
 root@repo:~# systemctl status nginx
 ● nginx.service - A high performance web server and a reverse proxy server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
    Active: active (running) since Tue 2023-03-21 06:20:25 UTC; 1s ago

Configure your Zimbra Server for Ubuntu

In this section, you will install a new instance of Zimbra on Ubuntu.

Configure the sources list

You must add your local mirror (repo.domain.tld) to your Ubuntu Configuration. Note, focal added for Ubuntu 20.04

ZCS Daffodil (v10)

 root@zimbra10:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
  deb [arch=amd64] https://repo.zimbra.shop/apt/87 focal zimbra
  deb [arch=amd64] https://repo.zimbra.shop/apt/1000 focal zimbra
  deb [arch=amd64] https://repo.zimbra.shop/apt/1000-ne focal zimbra
  deb-src [arch=amd64] https://repo.zimbra.shop/apt/87 focal zimbra
 EOF

Adding the Zimbra Repository key

You must add the next Zimbra key to the apt keychain

 root@zimbra10:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
 Executing: /tmp/apt-key-gpghome.T4k4cXSObI/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79
 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com
 gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported
 gpg: Total number processed: 1
 gpg:               imported: 1  (RSA: 1)

Check if the Zimbra Server is ready

You can check if everything is alright by running the next commands, where you can search by one Zimbra package:

 # apt-get update
 Hit:1 https://repo.zimbra.shop/apt/87 focal InRelease
 Hit:2 https://repo.zimbra.shop/apt/1000 focal InRelease
 Hit:3 https://repo.zimbra.shop/apt/1000-ne focal InRelease
 Hit:4 http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu focal InRelease
 Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
 Hit:6 http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu focal-updates InRelease
 Get:7 http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
 Fetched 222 kB in 1s (224 kB/s)
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
 
 # apt search zimbra-nginx
 Sorting... Done
 Full Text Search... Done
 zimbra-nginx/unknown 1.20.0-1zimbra8.8b3.20.04 amd64
   nginx Binaries
 zimbra-nginx-dbg/unknown 1.20.0-1zimbra8.8b3.20.04 amd64
   nginx binary debug information

Keep the local Repository up to date

The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers

 aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/apt/1000 /var/repositories/apt/1000 --no-sign-request --delete
 aws s3 sync s3://repo.zimbra.com/apt/1000-ne /var/repositories/apt/1000-ne --no-sign-request --delete

Using Cron

You can keep up to date your repository by putting theses lines into your crontab to update the local repo at 3:30 am every day :

 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete
 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/1000 /var/repositories/apt/1000 --no-sign-request --delete
 30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/1000-ne /var/repositories/apt/1000-ne --no-sign-request --delete
Jump to: navigation, search