Migration 4.5.x to 5.0.x: what about redo?

[maumar]

After migrating a NE 4.5.11 towards 5.0.4 I noted that a
redolog/4.5.11_GA-1.22 directory was created.
The migration was successful.

Now i have to migrate a 4.5.10 with this space on /opt

Size Used Avail Use% Mounted on
145G 121G 17G 89% /opt

i dunno what is into redolog/4.5.11_GA-1.22, i am worried that now zimbra will be unable to create a large redolog.
In the case it is an issue,
can I avoid the redolog creation during 4.5.x -> 5.0.x migration?

thnx for any advice

-m

[mmorse]

Those are redologs already on your system, upgrading isn't creating them. They're moved from /opt/zimbra/redolog to /opt/zimbra/redolog/4.5.x when you upgrade versions because they are now invalid. You can't restore between different versions - though there is some enhancements being worked on:
Bug 14002 - Add conversion tool to upgrade backup versions to allow restore on later zcs versions
Bug 15750 - support for restore across major versions

Dont' forget to take a full backup before you upgrade. It's also good practice to take a full immediately after upgrading to 5.0.x (so you have a 'fresh' & because those old backups aren't useful anymore unless you install a 4.5.x box somewhere).
CLI - zmbackup Network Edition Only - Zimbra :: Wiki

[mmorse]

Same is done with your existing backups - after upgrade you'll have a /opt/zimbra/backup/4.5.x folder.

[maumar]

thnx for prompt replay
another question....a doubt:
"Do you want to verify message store database integrity?"
Why do u ask this?
If zimbra is running w/out a problem, message store should be ok, doesn't it?
tia
-m

[phoenix]

Quote:

Originally Posted by maumar

If zimbra is running w/out a problem, message store should be ok, doesn't it?

There are no certainties in life (nor in MySQL for that matter).

[maumar]

After migrated to 5.0.4 NE i get infamous:
postfix/trivial-rewrite[16423]: fatal: ldap://opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

i read:
Problem with Certificate can cause MTA Failure - Zimbra :: Wiki
from there i came to:
[SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

i followed this post and after deleting ca as zimbra i run as root:
# cd /opt/zimbra/ssl; mkdir bak; mv * bak

#/opt/zimbra/bin/zmcertmgr createca
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Retrieving CA private key from ldap...failed.
** Retrieving CA cert from ldap...failed.
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
[21:07:34 root@mailz /opt/zimbra/ssl ]# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving CA in ldap...done.
** Copying CA to /opt/zimbra/conf/ca...done.
[21:08:31 root@mailz /opt/zimbra/ssl ]# /opt/zimbra/bin/zmcertmgr install self -new
Usage:
/opt/zimbra/bin/zmcertmgr -help
/opt/zimbra/bin/zmcertmgr createca [-new]
/opt/zimbra/bin/zmcertmgr deployca
/opt/zimbra/bin/zmcertmgr createcsr <self|comm> [-new] [-subject subject] [-subjectAltNames "host1,host2"]
/opt/zimbra/bin/zmcertmgr createcrt [-new] [-subject subject] [-days validation days] [-subjectAltNames "host1,host2"]
/opt/zimbra/bin/zmcertmgr deploycrt <self>
/opt/zimbra/bin/zmcertmgr deploycrt <comm> [certfile] [ca_chain_file]
/opt/zimbra/bin/zmcertmgr viewcsr <self|comm> [csr_file]
/opt/zimbra/bin/zmcertmgr viewdeployedcrt [all|ldap|mta|proxy|mailboxd]
/opt/zimbra/bin/zmcertmgr viewstagedcrt <self|comm> [certfile]
/opt/zimbra/bin/zmcertmgr verifycrt <self|comm> [priv_key] [certfile]
/opt/zimbra/bin/zmcertmgr verifycrtchain <ca_file> <certfile>
/opt/zimbra/bin/zmcertmgr migrate

Comments:
- Default <certfile>
self-signed /opt/zimbra/ssl/zimbra/server/server.crt
commerical /opt/zimbra/ssl/zimbra/commercial/commercial.crt
- Default <priv_key>
self-signed /opt/zimbra/ssl/zimbra/server/server.key
commercial /opt/zimbra/ssl/zimbra/commercial/commercial.key
- Default <subject>
"/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=fqdn.server.tld"
- Default <validation_days> is 365.
- Default <csr_file> is
- deploycrt self installs the certificates using self signed csr in /opt/zimbra/ssl/zimbra/server
- deploycrt comm installs the certificates using commercially signed certificate in /opt/zimbra/ssl/zimbra/commercial
- verifycrt <self|comm> compares openssl md5 [priv_key] and [certfile].
- migrate moves certs/keys from ZCS installs prior to version 5.0.x

so,
/opt/zimbra/bin/zmcertmgr install self -new
install is not a valid cmmand
what to do now?

tia
-m

[mmorse]

try as root /opt/zimbra/bin/zmcertmgr deploycrt self -new

[maumar]

[21:55:04 root@mailz /opt/zimbra/ssl/zimbra ]# /opt/zimbra/bin/zmcertmgr deploycrt self -new
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080413215603
** Generating a server csr for download
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080413215604
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
Can't deploy cert for -new. Unknown service.
[21:56:04 root@mailz /opt/zimbra/ssl/zimbra ]# ls -la server
total 20
drwxr----- 2 root root 4096 Apr 13 21:56 .
drwxr----- 5 root root 4096 Apr 13 21:45 ..
-rw-r--r-- 1 root root 964 Apr 13 21:56 server.crt
-rw-r--r-- 1 root root 753 Apr 13 21:56 server.csr
-rw-r--r-- 1 root root 891 Apr 13 21:56 server.key



Yes!
this command is supported (not fully...)
now i have cert and key under server
what next?
tray to start?

[mmorse]

zmcontrol stop
zmcontrol start
(I was unaware, looks like we dropped 'install' & 'gencsr' as well as '-new' on 'deploycrt self' for clarity recently, some of those threads are older now.)

[maumar]

yes, this solved my issue.
Thnx, many thnx
-m