Upgrade Zimbra Collaboration Suite 8.7 to 8.8 on Ubuntu
The Zimbra Collaboration Server is a mail server, collaborative web application and a web-based mail server admin console in a single application. It provides LDAP, antivirus, antispam, collaboration features and an ajax webmail client. Zimbra is easy to use for administrators as well as end users due to its fast Ajax-based web interface.
In this tutorial, we will see how to upgrade an installation of Zimbra 8.7.11 to Zimbra 8.8.10 (latest version available).eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));
Before starting the upgrade, here some advice, before start check your installation version simply going to your web interface at https://IPADDRESS:7071/, you should see immediately your version at the login dashboard
First of all there is a Bug 105056 noted a problem that can occur during a rolling upgrade if two factor authentication (2FA) is enabled before all mailbox servers have been upgraded to 8.7. In particular, pre-8.7 mailbox servers are not compatible with 2FA. Accordingly, it is recommended that 2FA is not enabled until all mailbox servers have been upgraded to 8.7.
Database integrity check
Before start the upgrade it is suggested to do a database integrity check, running the command zmdbintegrityreport, wich wil be done entering with the zimbra user
su - zimbra
the output should be like this
[email protected]:~$ /opt/zimbra/libexec/zmdbintegrityreport -r
if something went worng, you need to fix before upgrade.
Update the operating system
Another check to complete, befaore start is to upgrade the operating system, in our case, we use ubuntu 16.04 so the steps are the following, to lunch as root user
[email protected]:~# apt-get update && apt-get upgrade
Trovato:1 http://it.archive.ubuntu.com/ubuntu xenial InRelease
Scaricamento di:2 http://it.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Scaricamento di:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Trovato:4 https://repo.zimbra.com/apt/87 xenial InRelease
Scaricamento di:5 http://it.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Recuperati 323 kB in 0s (542 kB/s)
Lettura elenco dei pacchetti... Fatto
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze
Lettura informazioni sullo stato... Fatto
Calcolo dell'aggiornamento... Fatto
I seguenti pacchetti sono stati mantenuti alla versione attuale:
linux-generic linux-headers-generic linux-image-generic ubuntu-minimal
0 aggiornati, 0 installati, 0 da rimuovere e 4 non aggiornati.
Disable SSLv3 Support
If upgrading to ZCS 8.7.0, you need to completely disable SSLv3 support after the upgrade. Disabling SSLv3 is recommended as a result of the SSLv3 vulnerability described in Alert (TA14-290A).eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-4′,’ezslot_1′,108,’0′,’0′]));
To do that, please refear to the procedure on officiali website Disable SSLv3
Update Default Proxy SSL Ciphers Attribute
Whenever upgrading, it is recommended that you check the values of the following attributes (zmprov gcf <attr>) and compare them with the current default values (zmprov desc -a <attr>).
zimbraReverseProxySSLCiphers zimbraReverseProxySSLProtocols zimbraSSLExcludeCipherSuites zimbraMailboxdSSLProtocols
In addition, it is recommended to make the following changes:
– Remove the following from
ECDHE-RSA-RC4-SHA ECDHE-ECDSA-RC4-SHA RC4-SHA
to do so run the command
[email protected]:~# zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'
[email protected]:~# zmproxyctl restart
When you run the install script, if ZCS is already installed, you will be asked if you want to upgrade.
So now, we are prepared to perform the upgrade, in our case from 8.7.11 to 8.8.10, so let’s start downloading the lates version
[email protected]:~# wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617.tgz
[email protected]:~# tar -zxvf zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617.tgz
[email protected]:~# cd zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617/
[email protected]:~# ./install.sh
As you can see, some of the service will be found, as in the output below
Operations logged to /tmp/install.log.FwDVflaW
Checking for existing installation...
ZCS upgrade from 8.7.11 to 8.8.10 will be performed.
Validating ldap configuration
LDAP validation succeeded. Continuing.
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
SYNACOR, INC. ("SYNACOR") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for this Zimbra Collaboration Suite Software:
Do you agree with the terms of the software license agreement? [N]
Accept the license Agreement, saying “Y”.
Checking current number of databases...
say “Y” to check message store integrity
Do you want to verify message store database integrity? [Y]
Verifying integrity of message store databases. This may take a while.
mysqld is alive
No errors found
say “Y” to use zimbra repository
Use Zimbra's package repository [Y]
At this point install should find you installation ad ask for upgrade, obviouslly say “Y”
Configuring package repository
Checking for installable packages
Found zimbra-core (local)
Found zimbra-ldap (local)
Found zimbra-logger (local)
Found zimbra-mta (local)
Found zimbra-dnscache (local)
Found zimbra-snmp (local)
Found zimbra-store (local)
Found zimbra-apache (local)
Found zimbra-spell (local)
Found zimbra-memcached (repo)
Found zimbra-proxy (local)
Found zimbra-drive (repo)
Found zimbra-imapd (local)
Found zimbra-patch (repo)
The Zimbra Collaboration Server appears to already be installed.
It can be upgraded with no effect on existing accounts,
or the current installation can be completely removed prior
to installation for a clean install.
Do you wish to upgrade? [Y]
Ath this point you’ll be prompted to upgrade the packages he can find, in my installation here’s what is fouond
Scanning for any new or additional packages available for installation
Existing packages will be upgraded
When asked to install zimbra-impad (BETA), say no
Install zimbra-imapd (BETA - for evaluation only) [N]
At this point upgrade will start
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
The system will be modified. Continue? [N]
Say “Y” and upgrade will start. Pay attention that during upgrade all services will be stopped until end of upgrade, so don’t do it during working hours.
After a bit of time, upgrade will end succesfully, you can choose, to notify or not Zimbra about your installation
Skipping creation of default domain GAL sync account - existing install detected.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.8.10_GA_3039_UBUNTU16_64)
The ADMIN EMAIL ADDRESS created ([email protected])
Notify Zimbra of your installation? [Yes] No
if all is gone right you should arrive at the end
Checking if the NG started running...done.
Setting up zimbra crontab...done.
Moving /tmp/zmsetup.20181119-132152.log to /opt/zimbra/log
Configuration complete - press return to exit
Now try to login to the administration interface and check if the version is changed
In my case, all went fine, and the upgrade process as worked fine.