New Zimbra 8.7.11 server migration guide

zimbraIn the past I haven’t been so kind about the Zimbra Open Source Suite. Installing it in my own, configuring it, getting all my data to it and using it daily wasn’t a breeze. I found it especially difficult to keep it stable while ensuring security.

I’ve also been somewhat active at the forums and a couple of weeks ago I’ve read the most important Zimbra thing for as long as I’m using the suite: you’ll have to see the suite as a dedicated appliance. Configure the software on a dedicated (virtual) machine and do not try to run things alongside it.

I immediately took this for granted since it explained a lot of trouble I was having, so today I’m migrating my full 8.7.11 installation from a CentOS 7.4 server to a new CentOS 7.4 server.

Preparing the old server

Now I was running the latest Zimbra version already on the old server, so for me this was a non-issue. But if you’re not, I strongly recommend updating your old server first, test everything, and then follow the below steps. You’ll need the latest Zimbra version on your new server as well.

Check Zimbra permissions with the following command (as root):

# /opt/zimbra/libexec/zmfixperms --verbose --extended

Use the below commands to re-index all mailboxes (as the Zimbra user):

$ for i in `zmprov -l gaa yourdomain.com`; do echo "rim $i start" >> /tmp/yourdomain_rimstart.txt; done

$ zmprov -f /tmp/yourdomain_rimstart.txt

Check the status:

$ for i in `zmprov -l gaa yourdomain.com`; do echo "rim $i status" >> /tmp/yourdomain_rimstatus.txt; done

$ zmprov -f /tmp/yourdomain_rimstatus.txt

Do this for all your domains if you have multiple!

Blob / zmblobchk

Check the BLOB consistency with the zmblobchk utility (as the Zimbra user):

$ cd /opt/zimbra/bin

$ ./zmblobchk start

If you’re getting errors on specific mailboxes, check in the database which mailboxes they are and how important it is that absolute 0% data will be lost during the migration.

$ mysql

> use zimbra;

> select comment from mailbox where id=105;

You can find more info in the above link. You can fix most blob inconsistencies with the below command, exporting all corrupted mail to the /tmp folder, if any.

$ ./zmblobchk start --missing-blob-delete-item --export-dir /tmp

Create a directory for placing the exported data.

$ cd /opt/zimbra/

$ mkdir export

Finally, install the migration tool.

# cd /tmp

# wget https://download.zextras.com/zextras_migration_tool-latest.tgz

# tar zxf zextras_migration_tool-latest.tgz

# cd zextras_migration_tool-2.4.12

# ./install.sh all

# su - zimbra -c 'zmprov fc -a zimlet'

Preparing the new server

On the new server I’ve setup my IPv4 and IPv6 config, hostname, SSH and configured the firewall to allow all ports that are currently open on my old server.

First disable postfix.

# systemctl stop postfix

# systemctl disable postfix

Install dependencies and a couple of tools

# yum install epel-release

# yum install perl perl-core nmap-ncat libidn gmp libaio libstdc++ unzip perl-5.10.1 sysstat sqlite wget mailx nmap

Get the latest version of the software (it’s still not completely available via a repository).

And somehow get it to your /tmp on your new server. Next:

# cd /tmp

# tar xzf zcs-8.7.11_xxxxxxxx

# cd zcs-8.7.11_xxxxxxxx

# ./install

and follow all prompts.

Then we have to install the ZeXtras Suite with which we’re importing all our data from the old server.

# wget http://download.zextras.com/zextras_suite-latest.tgz

# tar xzf zextras_suite-latest.tgz

# cd zextras_suite-2.6.1

# ./install.sh all

# su - zimbra -c 'zmprov fc -a zimlet'

Create a directory for placing the exported data and everything is in place for the migration.

$ cd /opt/zimbra/

$ mkdir export

Migration steps on the old server

Log in to the zimbra administrator console:

  1. Go to ZeXtras
  2. Go to ZxMig
  3. Start migration
  4. Choose /opt/zimbra/export
  5. Minimum space threshold 1000 mb
  6. Select your domains
  7. Add additional email addresses to get notified of the migration
  8. Get a cup of coffee

When done, immediately stop the Zimbra services on the old server:

# su zimbra

$ zmcontrol stop

Then we’ll copy the data over to our new server. There are a lot of ways how about doing this (external media, scp, rsync, tar) but that’s outside the scope. Just get your data in the /opt/zimbra/export directory and make it at least readable by the Zimbra user.

Migration steps on the new server

When installed, all services should be running. Go to:

https://newserver.yourdomain.com:7071/

You’ll get an security exception of course since the SSL certificates are wrong. Doesn’t matter, we’re transferring our settings. After logging in:

  1. Go to ZeXtras
  2. Go to ZxBackup
  3. Click ‘Initialize NOW’ and wait for this to be finished
  4. Choose ‘Import backup’
  5. Source path is /opt/zimbra/export
  6. Options ‘Hide deleted accounts’ and ‘Do not restore System Accounts’ is fine
  7. Select your domains
  8. Select your accounts
  9. Finish and get a bigger cup of coffee

With this move my domain name also changed and I’d expected it to needed to be changed with:

$ /opt/zimbra/libexec/zmsetservername -o old.server.com -n new.server.com

Strange to me that the hostname was already the new one.

$ zmhostname

Please be sure to double check it via the admin web interface.

Couple of Zimbra issues

I had six issues after migration.

Issue 1. I had to change the Zimbra SSH port number again.

So when run SSH on another port as well, do this:

# /opt/zimbra/bin/zmprov ms newserver.yourdomain.com zimbraRemoteManagementPort 2222

 

Issue 2. Postfix had problems starting up after a restart.

A permissions fix solved this for me.

# /opt/zimbra/libexec/zmfixperms --verbose --extended

 

Issue 3. My SSL certificate wasn’t active anymore.

No problem, I wanted to replace it anyway with a wildcard.

Check this link.

 

Issue 4. I wasn’t able to mail to root anymore.

First be sure the root alias is setup correctly in /etc/aliases (at the bottom) and run the # newaliases command. Then ‘fix’ your sendmail:

# rm /usr/sbin/sendmail

# ln -s /opt/zimbra/common/sbin/sendmail /usr/sbin/sendmail

# chfn -f root@newserver.yourdomain.com root

Test:

# echo This is your message body | mailx -s "Subject here" root@localhost

In between tests my ‘old’ postfix mail queue filled up which I checked it with:

# mailq

After the last successful test, empty it with:

# postsuper -d ALL

 

Issue 5. My admin email address had to be changed as did the FROM field.

$ zmlocalconfig -e smtp_destination=youradmin@yourdomain.com

$ zmlocalconfig smtp_destination

Antivirus notification:

$ zmlocalconfig -e av_notify_user=youradmin@yourdomain.com

$ zmlocalconfig av_notify_user

FROM field:

$ zmlocalconfig -e smtp_source=root@newserver.yourdomain.com

Test:

$ /opt/zimbra/libexec/zmdailyreport -m

 

Issue 6. Two small security related settings had to be re-applied

$ zmprov mcf +zimbraResponseHeader "Strict-Transport-Security: max-age=31536000"

$ zmprov mcf zimbraMtaSmtpTlsMandatoryCiphers high

Cleaning up after your Zimbra migration

A couple of steps to clean up after this migration and a few random notes. First on the new server, uninstall the ZeXtras Suite from the original installation directory

# ./install.sh -u all

# su - zimbra -c 'zmprov fc -a zimlet'

I’m re-installing the old server, but when you’re not, be sure to remove all Zimbra software after a week or 2 when you’re absolutely sure you don’t need it anymore, all backups are in place, etc.

Talking about backups, be sure to backup your new installation. This is how I’m doing it.

Also, check all mechanisms that email you when like me, your mailservers name changed. For me this is software like WordPress and Nextcloud and scripts for backing up and syncing.

Clean your temporary files and directories, exports and extra backups that fill your disks and maybe even backups with stuff you don’t need anymore.

Close up firewall ports that aren’t needed on your old and on your new server.

Finally, be sure to keep a very close eye on the first couple of daily email reports you receive. Warnings and errors are in there and from there you can troubleshoot and solve issues like issues with SELinux. Check this fine article if you stumble upon issues like these.

UPDATE: Check out the Nextcloud migration as well.

2 comments Add yours
  1. I think you have missed many important points.

    How did you bring the files to the new server.
    What was the permission status.

    Because I keep getting “Please select a valid Import Path” error when I try to import to the new server.

    1. It’s been a while, but this is what I said about the copying of data:

      Then we’ll copy the data over to our new server. There are a lot of ways how about doing this (external media, scp, rsync, tar) but that’s outside the scope. Just get your data in the /opt/zimbra/export directory and make it at least readable by the Zimbra user.

      So an

      # rsync -avP source target

      would be a good candidate, or tar it, scp the tar archive to the new server and untar it there.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.