From 615ec3ff67a7316165dbd88a5a9446959310140e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= <cedric.dsm@tiolive.com>
Date: Thu, 25 Apr 2013 15:02:03 +0200
Subject: [PATCH] Update zimbra-kvm documentation
---
software/zimbra-kvm/README.txt | 76 +++++++++++++++++++++++++++++-----
1 file changed, 65 insertions(+), 11 deletions(-)
diff --git a/software/zimbra-kvm/README.txt b/software/zimbra-kvm/README.txt
index ea4838f7..9c970905 100644
--- a/software/zimbra-kvm/README.txt
+++ b/software/zimbra-kvm/README.txt
@@ -19,6 +19,29 @@ The following ports are reachable from the outside world:
For each port, KVM does a NAT redirection from the VM to the local ipv4. Then, 6tunnel is called to redirect it to the outside world using ipv6.
+Hostnames configuration
+-----------------------
+
+Here, zimbra.memi.slapos.org is an example. You can replace it by whatever you own (www.mydomain.com).
+
+# HTTP reverse proxy
+zimbra.memi.slapos.org 10800 IN A 5.135.166.224
+zimbra.memi.slapos.org 10800 IN AAAA 2001:67c:1254:e:b::418
+# MX
+zimbra.memi.slapos.org 10800 IN MX 10 mail.zimbra.memi.slapos.org.
+# SMTP reverse inbound synchronous proxy
+mail.zimbra.memi.slapos.org 10800 IN A 5.135.166.224
+mail.zimbra.memi.slapos.org 10800 IN AAAA 2001:67c:1254:9:bde1:7e1e:45b3:b189
+
+
+Important note about architecture
+---------------------------------
+
+the Zimbra inside of the KVM doesn't have any connection to the internet
+except a tunnel to the external MTA on the frontend machine.
+Any outgoing mail uses this tunnel.
+
+
Deployment
----------
@@ -29,23 +52,54 @@ To deploy a new Zimbra service:
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$SRMD5/parts/kvm/bin/qemu-system-x86_64
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$SRMD5/parts/6tunnel/bin/6tunnel
- * Request new instance, then connect the the machine using ssh with root:zimbra credentials, reconfigure
-Zimbra to use another domain name, and change root password.
+ * Deploy an instance of zimbra-kvm with parameters, replacing by your informations::
+
+ <?xml version='1.0' encoding='utf-8'?>
+ <instance>
+ <parameter id="domain">zimbra.memi.slapos.org</parameter>
+ <parameter id="ram-size">30000</parameter>
+ <parameter id="relay-mta-ipv6">2001:67c:1254:e:b::1</parameter>
+ </instance>
+
+ * Connect to VNC and install a ubuntu server 12.04 in it.
+
+ * Then from raw Ubuntu 12.04:
+
+ 1/ Populate /etc/hosts::
+
+ 127.0.0.1 zimbra.memi.slapos.org
+
+ 2/ Setup hostname::
+
+ hostname zimbra.memi.slapos.org
+ echo "zimbra.memi.slapos.org"> /etc/hostname
+
+ 3/ Setup /etc/resolv.conf::
+
+ echo "nameserver 127.0.0.1" > /etc/resolvconf/resolv.conf.d/base
+ echo "nameserver 127.0.0.1" > /etc/resolv.conf
+
+ 4/ Setup bind by following http://wiki.zimbra.com/index.php?title=Split_dns, and disable dnssec checking in named.conf.options with::
+
+ dnssec-enable no; dnssec-validation no;
+
+ 5/ Add automatic security upgrades::
+
+ ln -s $(which unattended-upgrade) /etc/cron.daily
+
+
+ 6/ Download Zimbra Community edition 8.0.x and install it the standard way, selecting packages by default and setting password.
+
+ 6bis/ There are chances you need to add zimbra start at boot::
-Disk Image content
-------------------
+ update-rc.d zimbra defaults
-Ubuntu 12.04, Zimbra install from official packages, 8.0.3
-admin password: Cedric de Saint Martin has it.
-bind9: http://wiki.zimbra.com/index.php?title=Split_dns
-resolv.conf: http://askubuntu.com/questions/30942/why-does-my-resolv-conf-file-get-regenerated-every-time
+ 7/ In Zimbra admin web interface: Configure -> Server -> MTA -> MTA realy: put local IPv4 of your slapos instance.
Todo
----
- * Doesn't need setcap
* SMTP master/slave design implemented
- * Reverse proxy for web works
- * Automatically download the proper boot disk image.
+ * Automatically download the proper boot disk image
* Unify smtp frontend and web frontend
--
2.30.9