Migrate a Zimbra server from CentOS to Ubuntu

Last updated: Feb 6, 2022

I had an Zimbra Collaboration Open Source server on an old CentOS 6 distribution that I wanted to upgrade.

Since CentOS will be discontinued at the end of 2021, I needed to move to another GNU/Linux platform.

As there is not many choices, I decided to migrate to Ubuntu Server as the 20.04 LTS version is recently supported by Zimbra Collaboration Open Source Edition.

Configuration

⚠️ To migrate, the version of Zimbra must be the same on both servers.⚠️

Source Server :

OS : CentOS 6.10

Zimbra : Zimbra 8.8.15_GA_3869

Destination Server :

OS : Ubuntu 20.04.3 LTS

Zimbra : Zimbra 8.8.15.BETA.4155

Source server (CentOS)

On the old server we will stop zimbra service and copy files to new server.

After these few tasks we can stop the server permanently.

Copy files to new server

(Optional) Clean zmstat files (/opt/zimbra/zmstat) to improve copy time :

zimbra@zcs:~$ /opt/zimbra/libexec/zmstat-cleanup --keep 30

Stop zimbra services :

root@host:~# su - zimbra
zimbra@zcs:~$ zmcontrol stop

Copy zimbra main folder to destination server :

root@host:~# rsync -e ssh -axvzKHS /opt/zimbra [newserver-IP-address]:/opt/ZIMBRA_TMP

Note : as we cannot rsync to the root user on a Ubuntu (see here), it will be easier to rsync from the new server.

Export LDAP databases

Export main database :

zimbra@zcs:~$ /opt/zimbra/libexec/zmslapcat /tmp/LDAP

Export configuration database :

zimbra@zcs:~$ /opt/zimbra/libexec/zmslapcat -c /tmp/LDAP

Export accesslog database (was empty in my case) :

zimbra@zcs:~$ /opt/zimbra/libexec/zmslapcat -a /tmp/LDAP

Copy exported databases to new server :

root@host:~# rsync -e ssh -axvzKHS /tmp/LDAP [newserver-IP-address]:/opt/

Retrieve passwords

It won't be necessary but we can retrieve old passwords.

Get old passwords from /opt/zimbra/conf/localconfig.xml file, example here with zimbra_ldap_password :

 <key name="zimbra_ldap_password">
    <value>TXrP9mSTd</value>
  </key>

Or with zmlocalconfig command :

zimbra@zcs:~$ zmlocalconfig -s | grep "ldap_amavis_password\|ldap_nginx_password\|ldap_postfix_password\|ldap_replication_password\|ldap_root_password\|zimbra_ldap_password"

Shutdown the host

Retrieve hostname :

root@host:~# hostname
zcs.shebangthedolphins.net

Shutdown server :

root@host:~# poweroff

Destination Server (Ubuntu)

We assume here that a server version of Ubuntu has been freshly installed.

To connect as root user I used the command sudo su -

Configure network

Edit /etc/netplan/00-installer-config.yaml configuration file and set the ip address (which must be the same as the old server) :

# This is the network config written by 'subiquity'
network:
  ethernets:
    ens160:
      addresses:
              - 192.168.1.10/24
      gateway4: 192.168.1.254
      nameservers:
              search: [shebangthedolphins.net]
              addresses: [192.168.1.254]
  version: 2

Reboot or use netplan command to apply :

root@host:~# netplan apply

Set the same hostname as the old server :

root@host:~# hostnamectl set-hostname zcs.shebangthedolphins.net

Configure /etc/hosts

127.0.0.1 localhost
192.168.1.10 zcs.shebangthedolphins.net shebangthedolphins.net

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback localhost
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Configure systemd-resolved

In its default configuration systemd-resolved service opens an udp port 53 which cause a conflict with zimbra's internal unbound dns server, so we need to edit /etc/systemd/resolved.conf to avoid that :

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no-negative
DNSStubListener=no
#ReadEtcHosts=yes

Stop systemd-resolved service and delete /etc/resolv.conf file :

root@host:~# systemctl stop systemd-resolved

Remove /etc/resolv.conf auto created file :

root@host:~# rm /etc/resolv.conf

Restart server :

root@host:~# reboot

Create a new /etc/resolv.conf file :

root@host:~# echo "nameserver 192.168.1.254
search shebangthedolphins.net" > /etc/resolv.conf

And check name resolution :

root@host:~# resolvectl query shebangthedolphins.net
shebangthedolphins.net: 192.168.1.10

-- Information acquired via protocol DNS in 2.4ms.
-- Data is authenticated: yes

Install Zimbra

Download and install zimbra (-s : software only) :

root@host:~# tar xzvf zcs-8.8.15_BETA_4155.UBUNTU20_64.20210924020007.tgz

root@host:~# cd zcs-8.8.15_BETA_4155.UBUNTU20_64.20210924020007 && ./install.sh -s
[…]
----------------------------------------------------------------------
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
SYNACOR, INC. ("SYNACOR") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for this Zimbra Collaboration Suite Software:
https://www.zimbra.com/license/zimbra-public-eula-2-6.html
----------------------------------------------------------------------


Do you agree with the terms of the software license agreement? [N] Y



Use Zimbra's package repository [Y] Y

Select the same packages you had on the old server, for me it looked like this :

Select the packages to install

Install zimbra-ldap [Y] 

Install zimbra-logger [Y] 

Install zimbra-mta [Y] 

Install zimbra-dnscache [Y] N

Install zimbra-snmp [Y] N

Install zimbra-store [Y] 

Install zimbra-apache [Y] N

Install zimbra-spell [Y] 

Install zimbra-memcached [Y] 

Install zimbra-proxy [Y] 

Install zimbra-drive [Y] N

Install zimbra-imapd (BETA - for evaluation only) [N] 

Install zimbra-chat [Y] N
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.

Installing:
    zimbra-core
    zimbra-ldap
    zimbra-logger
    zimbra-mta
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-memcached
    zimbra-proxy
    zimbra-patch
    zimbra-mta-patch
    zimbra-proxy-patch

The system will be modified.  Continue? [N] Y

Once installation completed, remove zimbra folder :

root@host:~# rm -rf /opt/zimbra/

Move backup folder to /opt/zimbra :

root@host:~# mv /opt/ZIMBRA_TMP/zimbra /opt/

Import LDAP databases

Preparing import

Cleanup database folder :

root@host:~# cd /opt/zimbra/data/ldap; mv mdb /tmp/mdb.old

Create mdb folder :

root@host:~# mkdir -p mdb/db

Cleanup config database :

root@host:~# cd /opt/zimbra/data/ldap; mv config /tmp/config.old

Create config folder :

root@host:~# mkdir config

If you have one (not my case), do the same for accesslog database :

root@host:~# cd /opt/zimbra/data/ldap; mv accesslog /tmp/accesslog.old

root@host:~# mkdir -p accesslog/db

Finaly, set the permissions :

root@host:~# /opt/zimbra/libexec/zmfixperms -e -v

Importing the LDAP data

Change owner in order to make zimbra user able to access files :

root@host:~# chown -R zimbra:zimbra /opt/LDAP

Change to zimbra user :

root@host:~# su - zimbra

Import config :

zimbra@zcs:~$ /opt/zimbra/libexec/zmslapadd -c /opt/LDAP/ldap-config.bak

Import main database :

zimbra@zcs:~$ /opt/zimbra/libexec/zmslapadd /opt/LDAP/ldap.bak

(If you have one) Import accesslog database :

zimbra@zcs:~$ /opt/zimbra/libexec/zmslapadd -a /opt/LDAP/ldap-accesslog.bak

Reinstall zimbra

If not present, create zimbra-stats.log file :

root@host:~# touch /var/log/zimbra-stats.log
root@host:~# chown zimbra:zimbra /var/log/zimbra-stats.log

Add sudoers rules to /etc/sudoers :

root@host:~# echo "%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmstat-fd *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/amavisd/sbin/amavis-mc
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmunbound
%zimbra ALL=NOPASSWD:/sbin/resolvconf *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmcertmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmmailboxdctl
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmmailbox
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmdnscachectl" >> /etc/sudoers

Restart the installation again :

root@host:~# ./install.sh -s
[…]
The Zimbra Collaboration Server appears to already be installed.
It can be upgraded with no effect on existing accounts,
or the current installation can be completely removed prior
to installation for a clean install.

Do you wish to upgrade? [Y]
[…]
The system will be modified.  Continue? [N] Y

Connect to zimbra user :

root@host:~# su - zimbra

Start zimbra services :

zimbra@zcs:~$ zmcontrol start

And that's pretty much it…

Tom Cruse, A Few Good Men movie, doing the military salute

One last thing… I had Disk Space Monitoring alerts for Loop Devices, I had to disable it (for my loop devices) to shut him up.

Here the commands that I had to enter :

zimbra@zcs:~$ zmlocalconfig -e zmstat_df_excludes='/dev/loop0:/dev/loop1:/dev/loop2:/dev/loop3:/dev/loop4:/dev/loop5:/dev/loop6'

zimbra@zcs:~$ zmcontrol start

Computing

Music

Misc