Bitbull Tech Notes - home of free minds ...

Zimbra upgrade from 8.6.0 to 8.7.1

This Zimbra upgrade drove me crazy:

- You need memchache and reverse proxy installed and active

- zimbraReverseProxySSLToUpstreamEnabled is enforced
  if ssl cert is not matching server name, ldaps querys fail
  no useable infos on zimbra page for single server instances (do they really need ssl for localhost querys :)

hope this helps ... looks so easy ... took me hours :-(

cheers

 

ssh -lroot mail01
vi /etc/rc.local
------
/sbin/iptables -I INPUT 1 -s 10.1.12.111 -j ACCEPT # my workstation
/sbin/iptables -I INPUT 2 -s 10.1.1.101 -j ACCEPT  # this mailserver 
/sbin/iptables -I INPUT 3 -s 10.1.1.24 -j ACCEPT   # monitoring
/sbin/iptables -I INPUT 4 -s 127.0.0.0/8 -j ACCEPT # guess
/sbin/iptables -I INPUT 5 -p tcp -m multiport --destination-ports 25,110,143,443,587,993,995 -j REJECT # block other traffic 
------

# start it now
/sbin/iptables -I INPUT 1 -s 10.1.12.111 -j ACCEPT # my workstation
/sbin/iptables -I INPUT 2 -s 10.1.1.101 -j ACCEPT  # this mailserver 
/sbin/iptables -I INPUT 3 -s 10.1.1.24 -j ACCEPT   # monitoring
/sbin/iptables -I INPUT 4 -s 127.0.0.0/8 -j ACCEPT # guess
/sbin/iptables -I INPUT 5 -p tcp -m multiport --destination-ports 25,110,143,443,587,993,995 -j REJECT # block other traffic 

# create VM snapshot

root@mail01:~/update/zcs-NETWORK-8.6.0_GA_1153.UBUNTU12_64.20141215195643# dpkg -i ./packages/zimbra-memcached_8.6.0.GA.1153.UBUNTU12.64_amd64.deb ./packages/zimbra-proxy_8.6.0.GA.1153.UBUNTU12.64_amd64.deb
root@mail01:~/update/zcs-NETWORK-8.6.0_GA_1153.UBUNTU12_64.20141215195643# su - zimbra
zimbra@mail01:~$ zmcontrol restart

zimbra@mail01:~$ zmprov gs mail01.domain.ch zimbraReverseProxySSLToUpstreamEnabled
# name mail01.domain.com
zimbraReverseProxySSLToUpstreamEnabled: TRUE

zimbra@mail01:~$ ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both  -H `zmhostname`
zimbra@mail01:~$ zmproxyctl restart


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# lsof -i :443
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   16695 zimbra   11u  IPv4 356460      0t0  TCP *:https (LISTEN)
...


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# lsof -i :80
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   16695 zimbra   10u  IPv4 356459      0t0  TCP *:http (LISTEN)
...


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# su - zimbra
zimbra@mail01:~$ zmprov ms `zmhostname` +zimbraServiceEnabled memcached
zimbra@mail01:~$ zmcontrol restart


root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804# lsof -i :11211
   COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
   memcached 2383 zimbra   26u  IPv4 451107      0t0  TCP *:11211 (LISTEN)
   ...

# ldap can not be accessed after upgrade:
# Unable to start TLS: hostname verification failed when connecting to ldap master
# do this before upgrade
zimbra@mail01:~$ zmprov ms  `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE

root@mail01:~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804#
    cd ~/update/zcs-NETWORK-8.7.1_GA_1670.UBUNTU12_64.20161025050804
   ./install.sh --skip-activation-check --skip-upgrade-check

Extract VM Names from Proxmox Backup v1, v2 and v3

its hard to find if you need it, but pretty fast to get when you know how :-)

 

#!/bin/bash
#DESC: write backup INDEX files with file names and vmname in it

DIRS='/srv/prox-bkp/bkp-vm-prd /srv/prox-bkp/bkp-vm-tst/dump'




for DIR in $DIRS
do
   cd $DIR || exit 1
   rm -f INDEX
   ls -1 vzdump-qemu-*.lzo >/dev/null 2>&1 && for f in vzdump-qemu-*.lzo 
   do 
      (echo -n "$f : "; lzop -d -c $f | strings | head | grep ^name: ) >> INDEX
   done
   ls -1 vzdump-qemu-*.tgz >/dev/null 2>&1 && for f in vzdump-qemu-*.tgz
   do 
      STATUS=UNKNOWN
      l=$(echo $f | rev | cut -d. -f2- | rev).log
      cat $l | grep -v INFO | wc -l | grep -q '^0$' && STATUS=OK || STATUS=ERROR 
      (echo "$f : $(gunzip -c $f | head | strings | grep ^name: ) : STATUS=$STATUS") >> INDEX
   done
done

Rotate big logs with Logrotate copytruncate

If you have servers with big logfiles and can not restart/reload/HUP service to reconfigure or rotate.
Then copytruncate is your logrotate option.

/etc/logrotate.d/openvpn

/var/log/openvpn.log {
        size 1k
        copytruncate
        compress
        compresscmd /usr/bin/bzip2
        compressext .bz2
        rotate 4
        maxage 100
}
logrotate -v /etc/logrotate.d/openvpn #dry run

logrotate -v /etc/logrotate.d/openvpn #test rotation manually

Backup Cisco Config with expect

Recently I had to backup all cisco devices for a customer.
Here is my solution to do this.
I pull the entire list of devices from DNS zone transfer, which is allowed from internal network, of course you can use your own list.

Chris

  •  /usr/local/sbin/cisco-backup-all.sh
#!/bin/bash
#DESC: backup all cisco devices
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
BDIR=/srv/backup/cisco-config
DATE=`date '+%Y%m%d-%H%M'`
TO="support@mydomain.com"
DOMAIN=mydomain.com
PATTERN='^switch-'

test -d $BDIR || mkdir -p $BDIR
cd $BDIR || exit 1

host -l $DOMAIN | egrep -i "$PATTERN" | sed "/$DOMAIN/ s/\.$DOMAIN.*//g" | while read SW
do
   SUBJ="ERROR: $SW Config Backup"
   dump-cisco-switch.expect $SW > $SW.$DATE.cfg
   LINES=`cat $SW.$DATE.cfg | wc -l`
   if [ $LINES -lt 300 ]
   then
      echo "die config datei $DFILE hat nur $LINES zeilen, das ist zuwenig" | mail -s "$SUBJ" $TO
      logger -t `basename $0` "die config datei $DFILE hat nur $LINES zeilen, das ist zuwenig"
   fi
done

find $BDIR -type f -name '*.cfg' -ctime +10000 -exec rm -f {} \;

exit 0

 

  • /usr/local/sbin/cisco-backup-all.sh
#!/usr/bin/expect
set password "F00"
set epassword "Bar"
spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -ladmin [lindex $argv 0]
sleep 1
expect "assword:"
sleep 0.2
send "$password\r"
expect ">"
send "enable\r"
expect "assword:"
send "$epassword\r"
sleep 0.2
expect "#"
send "ter len 0\r"
expect "#"
send "show running-config\r"
expect "#"
send "exit\r"

 

 

 

 

Home