The greatest challenge to any thinker is stating the problem in a way that will allow a solution

Bertrand Russell

By

On 15 Jul 2011

Installation, Zimbra

Tags: , ,


I’ve been using Zimbra’s Collaboration Server (ZCS) as mail server/calendar/document store for about a year.  I chose it because I wanted a professional standard email server, and didn’t want to pay the £500 plus to do it (and do it legally).  You can spend £400 getting Zimbra Network Edition (price has probably changed since when I was looking), but the FOSS version has done me fine.  The email client is great, though the desktop client is only just getting there.

Since Zimbra was purchased by VMware, they’ve obviously wanted to make it more virtualisation friendly (the first FOSS version I used needed a fair bit of tweaking to keep its memory and CPU reasonable), and the epitome of that is the virtual appliance.  And for me the carrot on the stick to tempt me to move to that from the comfort of my existing server is the fact that I can get ActiveSync (aka Zimbra Mobile) functionality for free (for a 10 account license, previously it was a component of the premium Network Edition).

Anyway, this is how I’ve got the Zimbra Collaboration Appliance (ZCA) running (v7, which I used to create this post, is currently beta, and there are a few workarounds included here, hopefully they won’t be required in the production release).

Once you’ve got it running see my follow on post covering Migrating to Zimbra Collaboration Appliance

Prerequisites

  • Correct DNS setup (the appliance will check with the DNS server(s) you provide and fail to start service if its not correct)
    • The appliance will need to be able to find an MX record for its own domain, and a host entry for itself, which is pointed to by the MX record
  • License, requested a license from Zimbra (not immediately ready – you get 30 days grace)
  • An ESX4 server (full-fat or i) to host your VM on.  Either your own, or you can use a 3rd party (cloud) host, but they must run VMware.

Installation

  1. Second, downl0ad the VMX package, rather than the OVF from Zimbra, I chose this version for two reasons.
    • I know I’m going to balls up my first install in some way, so I want to have a local copy of the appliance so I don’t have to re-download 2 GB’s worth again and sit twiddling my appendages whilst I wait for it to complete.  Which is what happens with the OVF.  You can download the OVF files locally, but its fiddly to do, so why bother?
    • The VMX seems to be less susceptible to problems with services not starting properly
  2. Import VMX into your virtual environment
  3. Your machine might fail with with “incompatible device backing specified for device”, in which case…
    1. Unregister the VM from the vCentre
    2. Browse the datastore the VM is on and delete all but the VMDK files
    3. Create new VM (2vCPU, 2GB RAM, Ubuntu 64bit, LSI Logic Parallel with existing disk (find system disk)
    4. Then, once the VM has been created, add the data disk as a second disk
    5. Power up
  4. Open a VI Client console to the VM, and wait for the EULA, accept and enter a password
    • The entered password will be for the vmware user
  5. Once presented with the blue menu screen, the first thing to do is to Configure Network, follow the prompts…
    • You probably don’t want to use IPv6 SLAAC or IPv4 DHCP
    • Use a FQDN hostname
  6. Now browse to using the appliance using the details shown on the console to complete the config
    • Login using vmware and the password you set-up earlier.  The page may take a while to load.
      • If this is your second attempt, you may get a Unable to connect to server. Please try again error, in which case you need to delete your browser’s cache in order to able to connect properly
    • Re-enter your server’s FQDN
    • Use your primary email address as the admin account (that way you don’t use up a license for an admin account – you can always add an admin@yourdomain.com alias later)
    • Enter a password for the admin account
    • If you’ve received your license you can upload it now, or do it later once the install is complete
  7. The appliance will complete its setup, and by the time you’ve had a cup of tea, should be ready to configure.

Configuration

What you do here is obviously up to you – but some pointers / things to consider

Zimbra Configuration – Dashboard tab

Change the ‘Find address, domains and profiles:’ option to right of the search bar to Profiles and change the following in the default profile and

  • In Features – Disable POP access
  • In Advanced – Change the failed login policy
  • In Zimbra Mobile – Enable

Zimbra Configuration – Advanced Tools tab

Click Install License in order to be able to install the Zimbra provided 10 user license.  You may experience a license error when trying to add users, despite having done this, in which case see below in Tweaking…

Tweaking

Enable SSH access

Whilst you’re not expected to need shell (SSH) access, it is still required for the odd thing.  To gain SSH access…

  1. Log into the console as the vmware user
  2. Disable the firewall
    • sudo ufw disable
  3. Edit the /var/lib/ufw/user.rules
    • sudo vi /var/lib/ufw/user.rules
  4. Add a line under ### RULES ### to allow SSH from a specific IP (or all)
    • EG  -A ufw-user-input -p tcp -s 192.168.1.10 --dport 22 -j ACCEPT
    • EG  -A ufw-user-input -p tcp --dport 22 -j ACCEPT
  5. Save the file and re-enable the firewall
    • sudo ufw enable

Don’t be tempted to just add a new rule in…

  • EG ufw allow proto tcp from 192.168.1.10 to any port 22

…this will work until you reboot your appliance, following which the server will have only the rule you’ve added, disabling all other access!

Change Zimbra and Root user password

  1. In a console (VI client or SSH), log in as the vmware user
  2. Type sudo passwd zimbra
  3. Enter vmware password, and then new password for zimbra user
  4. Repeat steps 2 and 3 for root

Enable license

You shouldn’t have to do this, but I’ve found that regardless of how you supply your license to the appliance, it doesn’t get applied properly

  1. In a console (VI client or SSH), log in as the vmware user
  2. Su to the zimbra user (su - zimbra)
  3. Enable the license zmlicense -a

CPU tuning

Why you have to performance tune a VMware supplied appliance is beyond my comprehension, but you do…

In zimbra user, run crontab -e, and reduce status logging, eg

# Status logging
#
*/30 * * * * /opt/zimbra/libexec/zmstatuslog

Resource constraining

I don’t necessarily recommend that you do this, but if you looking to host your appliance on 3rd party infrastructure (in the cloud), then it can save you a few quid (dollars) if you do.  You will impact performance, and your hoster may complain that your VM is well utilised.

Reduce the CPU count to 1, and the memory down to 1 GB.

CPU should be fine, but for memory you should increase the amount of swap space available otherwise your appliance will run out of memory.  Ideally you should have a bit of extra disk space (if you just get another disk added, the appliance will utilise whatever it can see for Zimbra storage).

  1. Create a new swap file
    • sudo dd if=/dev/zero of=/opt/zimbra/1024Mb.swap bs=1M count=1024
  2. Change permissions of the file
    • sudo chmod 600 /opt/zimbra/1024Mb.swap
  3. Turn the file into swap
    • sudo mkswap /opt/zimbra/1024Mb.swap
  4. Enable the file as swap
    • sudo swapon /opt/zimbra/1024Mb.swap

Leave a Reply

XHTML: You can use these tags if you know what they are: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

ERROR: si-captcha.php plugin says GD image support not detected in PHP!

Contact your web host and ask them why GD image support is not enabled for PHP.

ERROR: si-captcha.php plugin says imagepng function not detected in PHP!

Contact your web host and ask them why imagepng function is not enabled for PHP.