Quote:
|
Originally Posted by rsharpe Hi Guys, I was wondering if one of the Zimbra folks could give me a quick howto on doing a multiserver installtion using the OSS version. I've read the Multi-Server PDF, and it didn't really tell me all that much. A small explination of what I'm looking for follows:
2 MTAs
1 Mailstore
1 Master LDAP & 1 LDAP Replica Server
All these servers would be on different servers on different LANs in different buildings. If you have any suggestions please let me know, thanks. |
What needs to be improved in the doc? Any notes, comment, etc. would help.
Here's the deal:
Bandwidth shouldn't be a problem, but I want to mention that flakey connections between your boxes could cause problems.
Generally, in a multi server install, you'll want to install the LDAP box first, then the mailstores, then the MTAs.
Package selection:
LDAP master/LDAP replica:
zimbra-ldap
Store servers:
zimbra-store
zimbra-spell
zimbra-logger (on only one store server)
MTAs:
zimbra-mta
You can optionally install zimbra-snmp on these boxes.
Install the LDAP master first. Configure normally. Create a domain. Change, or make a note of, the LDAP password. Make sure the services are running.
Install the LDAP replica next. In the menu, select ldap, then DISABLE the ldap service.
Intall the store server normally, entering the ldap host and password. Make sure the services are running.
Install the MTA servers normall, entering the ldap store and password. The MTA AUTH HOST should be pointed at the STORE server. Make sure the services are running.
On every box, on install, zmsshkeygen is run to create an ssh keypair, and store the public key in ldap. The command zmupdateauthkeys will grab all the keys from ldap and install them in authorized_keys on the local host. This allows the zimbra user to run the command "/opt/zimbra/bin/zmrcd" on other hosts in the install without a password. (And only that command).
SO - to set up replication (this is not fully tested!) - run zmupdateauthkeys on both LDAP servers (or all boxes, if you want).
Then, on the LDAP REPLICA - run zmldapenablereplica. This will:
create the ldap config
create a replication user
enable the ldap service
stop zimbra services on the replica
stop zimbra services on the master
replicate the db
update the ldap info on the replica (ldap_url)
start zimbra services on the master
start zimbra services on the replica
The ldap_url config value (zmlocalconfig ldap_url) is a space separated list of LDAP urls that the services will use. At this point, all boxes are going to the master LDAP server EXCEPT the replica, which will talk to itself, first.
To use the replica, you now need to update the ldap_url value on the other servers - stop the zimbra services, update the value (zmlocalconfig -e ldap_url="url url url") (quotes needed because of the space). Use the value set on the replica server as a template.
We use sync replication for this, and the testing we did indicated that it worked fine. If you're enabling this because of the distributed nature of your network, you may want to think about having a replica near the MTAs, and one near the store servers.
Lastly - you can run a replica on boxes that are doing other things (eg, on an MTA server). The install is the same - select the packages you want (eg, zimbra-ldap, zimbra-mta) and configure normally, but DISABLE THE LDAP SERVICE. (V. important - otherwise, it will configure a separate ldap instance, and you've got two separate mail systems). Finish the install, then run the zmldapenablereplica script.