Ubuntu
Initial Setup
Much of this section is borrowed from http://www.howtoforge.com/perfect-server-ubuntu8.04-lts and http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1, they are well worth a read!
This section will create a Ubuntu VM installed on one partition, software RAID'ed across two VMDK's (my ESX's storage isn't resilient, hence the software RAID across VMDK's on separate physical disks, if you've got resilient storage you should not use software RAID).
Prepare Virtual Machine
- Create a virtual machine with the following options (use Custom)
- Guest OS: Linux > Ubuntu 32bit
- CPU: 1
- Memory: 756 MB
- Disk: 36GB
- Then add a second 36GB disk on a separate physical datastore (if you intend to use software RAID)
- Attach Ubuntu install ISO to the CD-ROM
OS Installation
Follow the default or sensible choices for your locale, however, use the following notes as well...
- Configure the network
- Enter the server's hostname (not a FQDN, just the hostname)
- Partition Disks
- If setting up software RAID follow the steps below, otherwise just select Guided - use entire disk and set up LVM
- Select "Manual
- Then create a partition...
- Select the first disk (
sda
) and on the next screen, Yes, to Create new empty partition table on this device? - Select the FREE SPACE, then Create a new Partition, and use all but the last 2GB of space,
- And then select type of Primary, and create at Beginning
- Change Use as to physical volume for RAID, and change the Bootable flag to Yes, the select Done setting up this partition
- Select the first disk (
- Repeat the above on the remaining FREE SPACE on
sda
, to create another primary physical volume for RAID, but 'not bootable - Select the second disk,
sdb
, and repeat the steps taken forsda
to create two identical partitions - On the same screen, select the Configure Software RAID option (at the top), and then confirm through the next screen
- Create a RAID pack/multidisk...
- Select Create MD device, then select RAID1 (ie a mirror), then confirm 2 Active devices, and 0 Spare devices
- Select both
/dev/sda1
and/dev/sdb1
partitions, and then select Finish
- Repeat the above to create a RAID volume using
/dev/sda2
and/dev/sdb2
partitions - Now select the RAID device #0 partition (select the #1 just under RAID1 device line), and change the Use as and select Ext3...
- Change the Mount point to /, then select Done configuring this partition
- Now select the RAID device #1 partition (select the #1 just under RAID1 device line), and change the Use as and select Swap area
- Then select Done configuring this partition then finally Finish partitioning and write changes to disk, and confirm to Write the changes to disks
- Accept the "The kernel was unable to re-read...system will need to restart" complaints for each RAID multidisk, after which the install will continue (note there's a little more to do post install to ensure you can boot using the second disk should the first fail).
- If setting up software RAID follow the steps below, otherwise just select Guided - use entire disk and set up LVM
- Software Selection
- DNS Server - Only required in order to configure split DNS, which is required for an exchange server install
- OpenSSH Server - Required (allows you to Putty/SSH to the server)
Post OS Install Config
- Enable Root
- Use the command
sudo passwd root
- Enter user password, and then a strong password for the root account
- Use the command
- Finish Software RAID config - only if configured during install
- Start-up grub (by entering
grub
and enter the following commands (seems to work better via SSH than direct console)...device (hd1) /dev/sdb
root (hd1,0)
setup (hd1)
quit
- Then edit the
/boot/grub/menu.lst
config file. Go to the end of the file where the boot options are, and create a copy of the first option and edit the following linestitle
Add "Primary disk fail" or something similar to endroot
Changehd0
tohd1
- To check the RAID setup of your drives use
mdadm --misc -D /dev/md0
mdadm --misc -D /dev/md1
- Start-up grub (by entering
Change IP Address
- Edit the
/etc/network/interfaces
file in the following fashion
# The primary network interface auto eth0 iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 network 192.168.1.1 broadcast 192.168.1.255 gateway 192.168.1.1
- Then check the local hosts file
/etc/hosts
, so that the IP v4 part looks like...
127.0.0.1 localhost 192.168.1.150 mail.home.int mail
- Check that DNS resolution is setup correctly (add DNS nameservers as required, as found in
/etc/resolv.conf
in order of pref...
nameserver 127.0.0.1
- Then restart networking
sudo /etc/init.d/networking restart
Install VM Tools
- The pre-built modules that come with the VMTools installer are compatible, therefore the script needs to be able to compile them, however the required library files aren't available by default, so as a pre-requite, install using the following commands...
apt-get install build-essential
apt-get install linux-headers-2.6.24-26-server
- Use
uname -r
to get the right headers version number
- Use
- Select "Install VM Tools" from the VI Client
- Mount the VM Tools CD-ROM
mount /media/cdrom0/
- Copy to home directory
cp /media/cdrom/VMwareTools-4.0.0-219382.tar.gz /home/user/
- Uncompress and then move into the
vmware-tools-distrib
directorytar xf VMwareTools-4.0.0-219382.tar.gz
cd vmware-tools-distrib
- Run the install script (which might complain enough to make you thing its failed, but check its worked via the VI Client)
./vmware-install.pl
- Restart
shutdown -r now
Update the OS
- Run the following command to update the apt package database
apt-get update
- To install any updates
apt-get upgrade
Random Settings
\tmp
Boot Time Clean-up
The files in /tmp
get deleted if their last modification time is more than TMPTIME
days ago.
- Edit
/etc/default/rcS
- Change
TMPTIME
value to specify no of days- Use
0
so that files are removed regardless of age. - Use
-1
so that no files are removed.
- Use
Exchange Server
DNS Records
Firstly, you need to own a public domain name, then get your ISP to create two DNS records...
- MX record - Mail Exchanger (MX) record
- EG
sandfordit.com [MX] -> mail.sandfordit.com
sandfordit.com
is the domain you own, andmail
is hostname of your email server (can be anything you like)
- EG
- A record - Standard DNS record
- EG
mail.sandfordit.com [A] -> 158.25.34.124
158.25.34.124
is the static IP address assigned by your ISP. You'll need to set-up a NAT on your router (often oddly called a virtual server in domestic routers) to map incoming mail on TCP 25 to your email server's actual address (EG158.25.34.124:25 -> 192.168.1.150:25
.
- EG
Note, instead of an A record you can use a CNAME record if you prefer, though obviously the CNAME record will still need to point to a valid A record. Using a CNAME might be preferable, if for example you've multiple services running from a single public IP, that you might want to split out in the future to run on separate IP's, at which point you can replace the CNAME records with A records.
OS DNS Setup
In order to get round the fact that your exchange server won't have the same IP (or name even) on the public internet as it will on your internal network, a DNS server is installed on the exchange server to provide MX record resolution. Procedure assumes DNS (Bind) is already installed.
Terminology...
- Private = Home or internal network IP address and network name (eg
192.168.1.150
andmail.home.int
) - Public = Global internet, ISP assigned IP address and registered domain name (eg
158.25.34.124
andmail.sandfordit.com
)
Firstly, add the IP('s) of the DNS servers you use for resolution on your other machines to your local DNS server's list of forwarders (so that your exchange server forwards DNS resolution requests for unknown names to your normal DNS servers), edit /etc/bind/named.conf.options
options { directory "/var/cache/bind"; query-source address * port 53; forwarders { 192.168.1.1; 158.25.30.10; }; auth-nxdomain no; # conform to RFC1035 };
Edit /etc/resolv.conf
to force the server to use its local DNS server for resolution
nameserver 127.0.0.1
Restart bind using /etc/init.d/bind9 restart
and check you can resolve external addresses properly.
Now create the internal zone that will eventually contain the local MX record for your exchange server, append the following to /etc/bind/named.conf.local
, using your publicly registered domain name
zone "sandfordit.com" { type master; file "/etc/bind/db.sandfordit.com"; };
Lastly create the database file for you DNS domain /etc/bind/db.sandfordit.com
, using your publicly registered domain name and private (internal) IP address for your exchange server...
; ; BIND data file for sandfordit.com ; $TTL 604800 @ IN SOA mail.sandfordit.com. admin.sandfordit.com. ( 070725 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS mail IN MX 10 mail IN A 192.168.1.150 mail IN A 192.168.1.150
Zimba Install
Reference http://wiki.zimbra.com/index.php?title=Ubuntu_8.04_LTS_Server_%28Hardy_Heron%29_Install_Guide
- Copy the install to the server
- EG
pscp zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz simons@mail:zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz
- EG
- Uncompress the package
tar -xzf zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz
- Start the install
./install.sh
- The install will fail due to missing packages!
- Install the missing prerequisite packages
- EG
apt-get install libpcre3 libgmp3c2 libstdc++5 sysstat
- EG
- Restart the install
- Part-way through the install will complain about your domain not having a DNS record, change the domain to your publicly registered domain (without server hostname, so
sandfordit.com
rather thanmail.sandfordit.com
- At the end of the install, address the unconfigured item (ie an admin password)
Once the install is completed, login to administer the exchange server using https://mail:7071
To enforce https for Zimbra Desktop clients use the following commands (requires a restart to take effect)...
su - zimbra zmtlsctl https
High CPU Workaround
Zimbra seems to have some real issues with constant high CPU spikes every minute, to limit reduce the logging retention and failed process checking.
su - zimbra zmlocalconfig -e zmmtaconfig_interval=6000 zmprov mcf zimbraLogRawLifetime 7d zmprov mcf zimbraLogSummaryLifetime 30d /opt/zimbra/libexec/zmlogprocess crontab -e */60 * * * * /opt/zimbra/libexec/zmstatuslog
Backup
Basic manual backup
- SU to Zimbra admin
su - zimbra
- Stop Zimbra services
zmcontrol stop
- Exit Zimbra user and create copy of directory
- EG
cp -rp /opt/zimbra /home/simons/zimbra_backup_100301
- EG
More elaborate scripted version
- For more info see - http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version.html
- Script is downloadable from - http://www.osoffice.de/downloads/viewcategory-7.html
- Check the size of the
/opt/zimbra
dir, this will be replicated to a sync directory, from which the actual backup is taken, and check available free spacedu -hs /opt/zimbra
df -h
- Un-gzip and upload the config file to somewhere convenient
- Edit required config params at start of script
- Run the script to install (as root), allow creation of required folders and install of required utils
./zmbak_v.0.8.sh --INSTALL
- Perform a first full run to check everything works alight and to create the first full backup
./zmbak_v.0.8.sh -f
To restore, see http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version-24.html
Upgrade
Use the same package to upgrade the software as used for a brand new install (there is no separate upgrade package). The important part of any upgrade IS NOT how to get your system upgraded, it IS how you're going to recover if it all goes horribly wrong.
- Isolate the server from the internet (so new mails can't received following the pre-upgrade backup)
- Stop the mail server running
su - zimbra
zmcontrol stop
- Backup the server 1st
- If hosted on an ESX, probably most easily achieved by starting a snapshot (remember to delete the snapshot after a few days if no probs are encountered)
- Also copy off any existing local backup (so that a new full backup can be started following the upgrade)
- Copy the install to the server
- EG
pscp zcs-6.0.6_GA_2324.UBUNTU8.20100406144520.tgz simons@mail:zcs-6.0.6_GA_2324.UBUNTU8.20100406144520.tgz
- EG
- Uncompress the package
tar -xzf zcs-6.0.6_GA_2324.UBUNTU8.20100406144520.tgz
- Start the upgrade using the install script
./install.sh
- The script should detect an existing installation and upgrade it, do not install additional components, but do confirm the upgrade.
- Once completed, test thoroughly
- Perform a full local backup
- Reconnect to network
Patch
Sometimes patch packages are supplied for minor upgrades between specific versions. Take the same backup precautions as for a normal upgrade. The actual application of the patch varies slightly from an upgrade...
- Copy the patch package to the server
- EG
pscp zcs-patch-6.0.6_GA_2332.tgz simons@mail:zcs-patch-6.0.6_GA_2332.tgz
- EG
- Uncompress the package
tar -xzf zcs-patch-6.0.6_GA_2332.tgz
- Start the patch upgrade using the install script
./installPatch.sh
- Restart the software to apply changes
su - zimbra
zmcontrol stop
zmcontrol start
Documentation Links
MySQL
Install
- Run the following command to update the package database
apt-get update
- Run the following command to install MySQL
apt-get install mysql-server
To allow access from remote hosts...
- Open MySQL service TCP/IP port by editing the
/etc/mysql/my.cnf
config file and restarting- Change bind IP to server's IP, EG
bind-address = 192.168.1.123
- Restart service
/etc/init.d/mysql restart
- Change bind IP to server's IP, EG
- Allow remote access to a user account
- EG
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' IDENTIFIED BY 'pass' WITH GRANT OPTION;
- EG
Backup
http://www.cyberciti.biz/faq/ubuntu-linux-mysql-nas-ftp-backup-script/