[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6.0.4 upgrade done

To: zimbra-hied-admins@sfu.ca
Subject: Re: 6.0.4 upgrade done
From: Rich Graves <rgraves@carleton.edu>
Date: Wed, 30 Dec 2009 12:32:29 -0600 (CST)
In-reply-to: <2041856976.232449.1262197605212.JavaMail.root@mail2.its.carleton.edu>

"David P Emmerich" <dpemmerich@eiu.edu> wrote:

> Lastly, we hit an issue with our ssl certs getting wiped

Us too, during every test upgrade and in the production run. The certs went either to self-signed or, more frequently, to an older (expired) version of the production cert that I haven't been able to find on disk anywhere. Have your certs and know how to run zmcertmgr before starting the upgrade.

We never had SSL problems during 5.x upgrades, either.

Oh, 2 other gotchas to be aware of:

 - The second mailboxd restart after lots of people have reloaded lots of iCal feeds in a 6.x context can take a *very* long time due to bugzilla 35688, which is to be fixed in 6.0.5: http://www.zimbra.com/forums/administrators/35776-solved-6-0-4-takes-21-minutes-accept-port-443-a.html

 - If you want backups to run as they did in 5.x, with hardlinks across full backups, you need to add --noZip to crontab manually. The new silent default for zmbackup is --zipStore. This is in the release notes, but so are lots of other things. I had missed this in the release notes but, fortunately, saw it in Zimbra's web forums shortly before our upgrade.

The process was:

  Deny user connections with firewall rules
  zmcontrol stop
  Take SAN snapshots
  Upgrade 5.0.19 to 6.0.4 on existing RHEL 4 (**SSL broken**)
  Fix SSL with zmcertmgr; zmmailboxdctl restart to verify
  zmcontrol stop
  Take SAN snapshots
  Run libexec/scripts/optimizeMboxgroups.pl (in tests, this showed substantial improvement; running it took 90 minutes for 3K users with 2TB mail)
  Halt Linux
  Pull the (local) RHEL4.8 mirrored pair of boot disks and replace with a RHEL5.4 pair (on which the 6.0.4 RPMs already installed)
  Run install.sh to "upgrade" from 6.0.4 (RHEL4) to 6.0.4 (RHEL5) (**SSL broken again**)
  Fix SSL with zmcertmgr
  Take SAN snapshots
  Local hacks to login page, etc., then rm -rf ~zimbra/jetty/work/ (make our hacks override precompiled JSPs)
  zmcontrol restart
  QA
  Open firewall
-- 
Rich Graves http://claimid.com/rcgraves
Carleton.edu Sr UNIX and Security Admin
CMC135: 507-222-7079 Cell: 952-292-6529

Follow-Ups:
- Re: 6.0.4 upgrade done
  - From: David Touitou <david@network-studio.com>

Prev by Date: Zimbra appointments that recur "forever," don't.
Next by Date: Re: 6.0.4 upgrade done
Previous by thread: Re: 6.0.4 upgrade done
Next by thread: Re: 6.0.4 upgrade done
Index(es):
- Date
- Thread