rss logo

Migrate a Zimbra server from CentOS to Ubuntu

Zimbra logo

I had an Zimbra Collaboration Open Source server on an old CentOS 6 distribution that I wanted to upgrade.

Since CentOS will be discontinued at the end of 2021, I needed to move to another GNU/Linux platform.

As there is not many choices, I decided to migrate to Ubuntu Server as the 20.04 LTS version is recently supported by Zimbra Collaboration Open Source Edition.

Configuration

⚠️ To migrate, the version of Zimbra must be the same on both servers.⚠️

  • Source Server :
    • OS : CentOS 6.10
    • Zimbra : Zimbra 8.8.15_GA_3869
  • Destination Server :
    • OS : Ubuntu 20.04.3 LTS
    • Zimbra : Zimbra 8.8.15.BETA.4155

Source server (CentOS)

CentOS Logo

On the old server we will stop zimbra service and copy files to new server.

After these few tasks we can stop the server permanently.

Copy files to new server

  • (Optional) Clean zmstat files (/opt/zimbra/zmstat) to improve copy time :
zimbra@zcs:~$ /opt/zimbra/libexec/zmstat-cleanup --keep 30
  • Stop zimbra services :
root@host:~# su - zimbra
zimbra@zcs:~$ zmcontrol stop
  • Copy zimbra main folder to destination server :
root@host:~# rsync -e ssh -axvzKHS /opt/zimbra [newserver-IP-address]:/opt/ZIMBRA_TMP
Note : as we cannot rsync to the root user on a Ubuntu (see here), it will be easier to rsync from the new server.

Export LDAP databases

  • Export main database :
zimbra@zcs:~$ /opt/zimbra/libexec/zmslapcat /tmp/LDAP
  • Export configuration database :
zimbra@zcs:~$ /opt/zimbra/libexec/zmslapcat -c /tmp/LDAP
  • Export accesslog database (was empty in my case) :
zimbra@zcs:~$ /opt/zimbra/libexec/zmslapcat -a /tmp/LDAP
  • Copy exported databases to new server :
root@host:~# rsync -e ssh -axvzKHS /tmp/LDAP [newserver-IP-address]:/opt/

Retrieve passwords

It won't be necessary but we can retrieve old passwords.

  • Get old passwords from /opt/zimbra/conf/localconfig.xml file, example here with zimbra_ldap_password :
 <key name="zimbra_ldap_password">
    <value>TXrP9mSTd</value>
  </key>
  • Or with zmlocalconfig command :
zimbra@zcs:~$ zmlocalconfig -s | grep "ldap_amavis_password\|ldap_nginx_password\|ldap_postfix_password\|ldap_replication_password\|ldap_root_password\|zimbra_ldap_password"

Shutdown the host

  • Retrieve hostname :
root@host:~# hostname
zcs.shebangthedolphins.net
  • Shutdown server :
root@host:~# poweroff

Destination Server (Ubuntu)

Ubuntu Logo

We assume here that a server version of Ubuntu has been freshly installed.

To connect as root user I used the command sudo su -

Configure network

  • Edit /etc/netplan/00-installer-config.yaml configuration file and set the ip address (which must be the same as the old server) :
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens160:
      addresses:
              - 192.168.1.10/24
      gateway4: 192.168.1.254
      nameservers:
              search: [shebangthedolphins.net]
              addresses: [192.168.1.254]
  version: 2
  • Reboot or use netplan command to apply :
root@host:~# netplan apply
  • Set the same hostname as the old server :
root@host:~# hostnamectl set-hostname zcs.shebangthedolphins.net

Configure /etc/hosts

127.0.0.1 localhost
192.168.1.10 zcs.shebangthedolphins.net shebangthedolphins.net

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback localhost
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Configure systemd-resolved

  • In its default configuration systemd-resolved service opens an udp port 53 which cause a conflict with zimbra's internal unbound dns server, so we need to edit /etc/systemd/resolved.conf to avoid that :
[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no-negative
DNSStubListener=no
#ReadEtcHosts=yes
  • Stop systemd-resolved service and delete /etc/resolv.conf file :
root@host:~# systemctl stop systemd-resolved
  • Remove /etc/resolv.conf auto created file :
root@host:~# rm /etc/resolv.conf
  • Restart server :
root@host:~# reboot
  • Create a new /etc/resolv.conf file :
root@host:~# echo "nameserver 192.168.1.254
search shebangthedolphins.net" > /etc/resolv.conf
  • And check name resolution :
root@host:~# resolvectl query shebangthedolphins.net
shebangthedolphins.net: 192.168.1.10

-- Information acquired via protocol DNS in 2.4ms.
-- Data is authenticated: yes

Install Zimbra

  • Download and install zimbra (-s : software only) :
root@host:~# tar xzvf zcs-8.8.15_BETA_4155.UBUNTU20_64.20210924020007.tgz
root@host:~# cd zcs-8.8.15_BETA_4155.UBUNTU20_64.20210924020007 && ./install.sh -s
[…]
----------------------------------------------------------------------
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
SYNACOR, INC. ("SYNACOR") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for this Zimbra Collaboration Suite Software:
https://www.zimbra.com/license/zimbra-public-eula-2-6.html
----------------------------------------------------------------------


Do you agree with the terms of the software license agreement? [N] Y



Use Zimbra's package repository [Y] Y
  • Select the same packages you had on the old server, for me it looked like this :
Select the packages to install

Install zimbra-ldap [Y] 

Install zimbra-logger [Y] 

Install zimbra-mta [Y] 

Install zimbra-dnscache [Y] N

Install zimbra-snmp [Y] N

Install zimbra-store [Y] 

Install zimbra-apache [Y] N

Install zimbra-spell [Y] 

Install zimbra-memcached [Y] 

Install zimbra-proxy [Y] 

Install zimbra-drive [Y] N

Install zimbra-imapd (BETA - for evaluation only) [N] 

Install zimbra-chat [Y] N
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.

Installing:
    zimbra-core
    zimbra-ldap
    zimbra-logger
    zimbra-mta
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-memcached
    zimbra-proxy
    zimbra-patch
    zimbra-mta-patch
    zimbra-proxy-patch

The system will be modified.  Continue? [N] Y
  • Once installation completed, remove zimbra folder :
root@host:~# rm -rf /opt/zimbra/
  • Move backup folder to /opt/zimbra :
root@host:~# mv /opt/ZIMBRA_TMP/zimbra /opt/

Import LDAP databases

Preparing import

  • Cleanup database folder :
root@host:~# cd /opt/zimbra/data/ldap; mv mdb /tmp/mdb.old
  • Create mdb folder :
root@host:~# mkdir -p mdb/db
  • Cleanup config database :
root@host:~# cd /opt/zimbra/data/ldap; mv config /tmp/config.old
  • Create config folder :
root@host:~# mkdir config
  • If you have one (not my case), do the same for accesslog database :
root@host:~# cd /opt/zimbra/data/ldap; mv accesslog /tmp/accesslog.old
root@host:~# mkdir -p accesslog/db
  • Finaly, set the permissions :
root@host:~# /opt/zimbra/libexec/zmfixperms -e -v

Importing the LDAP data

  • Change owner in order to make zimbra user able to access files :
root@host:~# chown -R zimbra:zimbra /opt/LDAP
  • Change to zimbra user :
root@host:~# su - zimbra
  • Import config :
zimbra@zcs:~$ /opt/zimbra/libexec/zmslapadd -c /opt/LDAP/ldap-config.bak
  • Import main database :
zimbra@zcs:~$ /opt/zimbra/libexec/zmslapadd /opt/LDAP/ldap.bak
  • (If you have one) Import accesslog database :
zimbra@zcs:~$ /opt/zimbra/libexec/zmslapadd -a /opt/LDAP/ldap-accesslog.bak

Reinstall zimbra

  • If not present, create zimbra-stats.log file :
root@host:~# touch /var/log/zimbra-stats.log
root@host:~# chown zimbra:zimbra /var/log/zimbra-stats.log
  • Add sudoers rules to /etc/sudoers :
root@host:~# echo "%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmstat-fd *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/amavisd/sbin/amavis-mc
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmunbound
%zimbra ALL=NOPASSWD:/sbin/resolvconf *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmcertmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmmailboxdctl
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmmailbox
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmdnscachectl" >> /etc/sudoers
  • Restart the installation again :
root@host:~# ./install.sh -s
[…]
The Zimbra Collaboration Server appears to already be installed.
It can be upgraded with no effect on existing accounts,
or the current installation can be completely removed prior
to installation for a clean install.

Do you wish to upgrade? [Y]
[…]
The system will be modified.  Continue? [N] Y
  • Connect to zimbra user :
root@host:~# su - zimbra
  • Start zimbra services :
zimbra@zcs:~$ zmcontrol start

And that's pretty much it…

Tom Cruse, A Few Good Men movie, doing the military salute

One last thing… I had Disk Space Monitoring alerts for Loop Devices, I had to disable it (for my loop devices) to shut him up.

  • Here the commands that I had to enter :
zimbra@zcs:~$ zmlocalconfig -e zmstat_df_excludes='/dev/loop0:/dev/loop1:/dev/loop2:/dev/loop3:/dev/loop4:/dev/loop5:/dev/loop6'
zimbra@zcs:~$ zmcontrol start

References

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :

contact mail address