[Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers

L Mark Stone lmstone at lmstone.com
Tue Apr 17 21:58:54 CEST 2018


I'd also say that on Ubuntu, the file:


/etc/apt/apt.conf.d/50unattended-upgrades


allows for very granular control over updates.  (Perhaps there is something similar in RH/CentOS, but I'm more of an Ubuntu guy...)


For example, you can allow only packages marked as security updates, and not any "ordinary" package upgrades.  You can also blacklist packages from being upgraded at all as well.


Too many new clients I've taken on have had an old Zimbra server that remained as it was the day the (now departed) system admin built it years ago.  They reach out to me because the server got hacked, or crashed or similar, because up until then it "just worked".  So when I build them a new server, we have a conversation about the risks/benefits of enabling autoupdates.


The risk of unattended upgrades as we know is that something like the jetty work folder not getting emptied slips through QA. But when that happens, (recall that Partners can't do professional services for Open Source systems!), then it's Zimbra's problem to fix forthwith.  Almost all of the clients opt for the (perceived) lower risk of an update generating unattended consequences, versus explaining to their Board that the system was borked because it wasn't patched promptly.


For larger, or more mission-critical environments, I wouldn't enable unattended-upgrades either in many cases.  But, such environments have a team dedicated to Zimbra and a Disaster Recovery and/or testing environment in which upgrades can be vetted within a day or two of their release.


Recall that a lot of Windows shops with a robust, well-staffed set of engineers testing patches against their applications before releasing the patches to WSUS servers still got hacked because they didn't get their patches out into production quickly enough.  And, Zimbra is a public-facing application typically available to the entire Internet.


Hope that clarifies my position.


Best regards to all,

Mark

_________________________________________________

Another Message From...   L. Mark Stone


See my LinkedIn Profile<https://www.linkedin.com/in/lmarkstone>


________________________________
From: Users <users-bounces at lists.zetalliance.org> on behalf of Randy Leiker <randy at skywaynetworks.com>
Sent: Tuesday, April 17, 2018 1:04:30 PM
To: users at lists.zetalliance.org
Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers

Everyone on this topic thread has raised some really good points.  I think that Microsoft learned the hard way, years ago, that their patching/upgrade process used to be arduous & time intensive.  Before the introduction of Windows Update or Windows SUS, the process used to involve regularly visiting Microsoft's security site, manually figuring out which patches applied to machines under your management, then individually downloading & installing each patch one-by-one.  Consequently, few organizations at that time rolled out Microsoft updates with any consistency or speed.  As a result of the slow & inconsistent patching, it was common to see worms like Melissa, Code Red, SQL Slammer, and others widely plague countless Windows machine everywhere.

When Microsoft first introduced Windows Update (later becoming Microsoft Update), there was a noteworthy amount of backlash from sysadmins who had the same discussion that we're having now about Zimbra and auto updates from Yum repos.  Microsoft learned quickly that they needed to get their QA for patches & upgrades quickly in order so that sysadmins could learn to trust their auto update process.  With the odd exception, I think they've achieved that goal, and as Mark pointed out, both Microsoft & sysadmin's patching costs have declined considerably from the manual patching process that used to be the norm.

As it relates to Zimbra, Yum has the commands "yum update", "yum upgrade" and "yum update --security" already available.  The differences between each command is widely documented online, but briefly, the latter command "yum update --security" offers a means to install only security related patches, and not feature updates/upgrades or other bug fixes.  It seems to me that if Zimbra were to embrace a similar model, where patches containing strictly security patches could be installed by Zimbra admins in an automated way, without the automatic inclusion of other bug fixes, I think that would be reassuring for many of us so that Zimbra admins could speed along the auto installation of security updates, but roll out Zimbra bug fixes & feature upgrades (using yum update or yum upgrade) on a schedule of their choosing to lessen the impact on each Zimbra server's users.  Perhaps there is already support for "yum update --security" in the Zimbra repos that I'm not aware of, but from the inaccuracy of the install instructions in the release notes for 8.8.8 P1, I tend to think that capability doesn't yet exist.  Otherwise, it would seem that a Zimbra admin has to resort to other messy workarounds like temporarily disabling the Zimbra repo when running yum update/upgrade to install patches for other packages.

Frederic, part of the Zimbra High Availability project I'm working on involves developing scripts that are capable of doing just what you describing: evacuating a Zimbra mailbox node so that it can safely be upgraded with no real risk to users.  I'm working on publishing the reference designs for the project now, to be followed by a free, open source Ceph connector, then the mailbox evacuation scripts.  When the next major Zimbra release introduces official support for Docker containers, I think that will make a noticeable impact on the challenge too, as those containers will need persistent storage, which is where the Ceph connector becomes particularly important.



Randy Leiker ( randy at skywaynetworks.com )
Skyway Networks, LLC
1.800.538.5334 / 913.663.3900 Ext. 100
https://www.skywaynetworks.com<http://www.skywaynetworks.com>

________________________________
From: "Frédéric Nass" <frederic.nass at univ-lorraine.fr>
To: "L Mark Stone" <lmstone at lmstone.com>, "Barry de Graaff" <info at barrydegraaff.tk>
Cc: users at lists.zetalliance.org, "Phil Pearl" <ppearl at zimbra.com>
Sent: Tuesday, April 17, 2018 3:32:05 AM
Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers


Hi Mark


I see you point and totally agree, but a few things would still prevent us from using unattended upgrades.


First, experience showed that we can't trust the updates (8.8.5 proxy thing, etc...) yet. Neither can we trust Zimbra to call a ZCS version GA. This may sound harsh but that's sadly true. We still hope for a change in the futur.


Second, we're patching the front page for SSO and a few other cosmetic things.


Third, with big infrastructures like the one we're running (100k accounts), stores have serveral gigabytes large databases, and upgrading databases schemas is always a risky task and usualy takes several hours, so this cannot happen in an unattended way.
With futur centralized storage for all blobs and all stores (like what we're using now with Ceph) this would require some automated procedure of mailbox movement between stores to free up a store, empty its database, upgrade to latest major ZCS version and get the mailboxes back after the update. That's actually what we're doing for running upgrades with no downtime.


Bests,


Frédéric.

Le 16/04/2018 à 20:46, L Mark Stone a écrit :

I'll take a contrarian view and say that if a Zimbra server can't have unattended upgrades running with the Zimbra repos enabled, then that would be IMHO a very serious issue that Zimbra should address promptly.


The whole goal from Zimbra moving to their own repos as I understood it was to make Zimbra servers more secure and easy to maintain/upgrade for sys admins, and to lower Zimbra's support costs by reducing the number of configuration permutations they could expect to see in the field.


Certainly Zimbra are just getting experience at maintaining things like package dependencies so they need to do better for sure,  but Microsoft long ago moved away from allowing users to cherry pick fixes/patches to simplify support and ensure systems were more uniformly provisioned.  Sys Admins were happier and Microsoft's support costs were reduced.


I think it's the right direction, so, no, I'm not undoing repos nor unattended upgrades.


Best regards to all,

Mark

_________________________________________________

Another Message From...   L. Mark Stone


See my LinkedIn Profile<https://www.linkedin.com/in/lmarkstone>


________________________________
From: Frédéric Nass <frederic.nass at univ-lorraine.fr><mailto:frederic.nass at univ-lorraine.fr>
Sent: Monday, April 16, 2018 9:41:49 AM
To: Barry de Graaff
Cc: L Mark Stone; Tony Publiski; users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>; Phil Pearl
Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers



Le 16/04/2018 à 15:38, Barry de Graaff a écrit :
Those are crystal ball questions to me.

I think it may be wise to disable all zimbra repos, to avoid issues if you are using yum-cron or unattended-upgrades.

Or in case someone installs OS upgrades, unaware of the zimbra situation. For most sysadmins, the expected behavior may not be what zimbra does.

I see we share the same habits. :-D

Frédéric.

On 16 Apr 2018, at 15:34, Frédéric Nass <frederic.nass at univ-lorraine.fr<mailto:frederic.nass at univ-lorraine.fr>> wrote:



Le 16/04/2018 à 15:26, Barry de Graaff a écrit :
The upgrade to 8.8.8 is done with a tgz.

The only new thing is the deployment of the patch via a repo.

Thank you Barry for the explanation. Do you have any idea if any of those are right :

- Minor updates won't ever come from  repos. Only patches will from repo "zimbra-888-patch". So downloading tarballs will always be required for minor updates.
- Minor updates will come from repo "zimbra" and patches from repo "zimbra-888-patch". So downloading tarballs will only be required on initial ZCS installation.

By the way, there's another "zimbra-v1" with no packages on it. This also is a mystery to me.

Frédéric.

I wonder why the decision has been made to have separate repos though.

In addition, the patch requires some parts of Zimbra restarted.

So all in all, still some manual work, why not use one repo per mayor release and then allow yum-cron to do the rest?



On 16 Apr 2018, at 15:17, Frédéric Nass <frederic.nass at univ-lorraine.fr<mailto:frederic.nass at univ-lorraine.fr>> wrote:


Hi Mark,


Same here. I would expect the zimbra-patch package to be updated along with other packages so that it gets applied / reapplied when updates come out. I don't know.


I'm still in the process of figuring out how minor updates should be applied, from the repos or by downloading the tarball and running ./install.sh as before.

I thought that minor updates would not come from the repos but apparently not. I'm running ZCS 8.8.7 on a test VM and a yum update shows absolutely _no_ ZCS 8.8.8 updates. :-/


This is so obscure.


Regards,


Frédéric.

Le 14/04/2018 à 13:15, L Mark Stone a écrit :

OK, I am so confused...


On one Zimbra system I have automatic updates configured, so the system upgraded, from the repos, various zimbra packages including  zimbra-chat zimbra-mbox-webclient-war zimbra-network-modules-ng


After that update completed I then installed the patch.


On another Zimbra system, I ran apt-get update; apt-get install zimbra-patch as per the release notes.  The patch installed fine, but if I run apt-get update AFTER the patch was installed, those three zimbra packages are still available for updating.


So I have two questions.


First, as the updated Zimbra packages were released on the same day/time as the patch, I'm assuming they are connected somehow.  If so, the what's the correct installation order?  Install the packages updates first, then the patch, or vica versa?


Second question is thinking ahead a few weeks.  Zimbra updates their repos, so an apt-get update; apt-get upgrade updates some Zimbra packages.  Do I now need to reinstall the patch?


Thanks,

Mark

_________________________________________________

Another Message From...   L. Mark Stone


See my LinkedIn Profile<https://www.linkedin.com/in/lmarkstone>


________________________________
From: Users <users-bounces at lists.zetalliance.org><mailto:users-bounces at lists.zetalliance.org> on behalf of Barry de Graaff <info at barrydegraaff.tk><mailto:info at barrydegraaff.tk>
Sent: Saturday, April 14, 2018 3:42:54 AM
To: Tony Publiski
Cc: users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>; Phil Pearl
Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers

Yeah that works well, and it is also in the release notes... so my bad!

Kind regards,

Barry de Graaff
Zeta Alliance
Co-founder & Developer
zetalliance.org<http://zetalliance.org> | github.com/Zimbra-Community<http://github.com/Zimbra-Community>

+31 617 220 227 | skype: barrydegraaff.tk
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0

----- Original Message -----
From: "Tony Publiski" <tonster at tonster.com><mailto:tonster at tonster.com>
To: "Barry en Katie de Graaff" <info at barrydegraaff.tk><mailto:info at barrydegraaff.tk>, "Malte S. Stretz" <mss at msquadrat.de><mailto:mss at msquadrat.de>
Cc: "Phil Pearl" <ppearl at zimbra.com><mailto:ppearl at zimbra.com>, users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>
Sent: Friday, April 13, 2018 7:36:54 PM
Subject: Re[3]: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS only servers

Hello again!

Here's the response I got from engineering toda:

I looked at installation steps. It looks like, they are using yum update
-y to install patch packages.

Instead, they should use below commands to install the patch:
yum --disablerepo=* --enablerepo=zimbra-888-patch clean metadata
yum check-update --disablerepo=* --enablerepo=zimbra-888-patch --noplugins
yum install zimbra-patch

Let me know if this helps!

Tony

------ Original Message ------
From: "Tony Publiski" <tonster at tonster.com><mailto:tonster at tonster.com>
To: "Barry de Graaff" <info at barrydegraaff.tk><mailto:info at barrydegraaff.tk>; "Malte S. Stretz"
<mss at msquadrat.de><mailto:mss at msquadrat.de>
Cc: "Phil Pearl" <ppearl at zimbra.com><mailto:ppearl at zimbra.com>; users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>
Sent: 4/13/2018 9:53:01 AM
Subject: Re[2]: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break
FOSS only servers

>Hi Barry,
>
>Nice find. I'll take a look and see what engineering has to say.
>
>Tony
>
>------ Original Message ------
>From: "Barry de Graaff" <info at barrydegraaff.tk><mailto:info at barrydegraaff.tk>
>To: "Malte S. Stretz" <mss at msquadrat.de><mailto:mss at msquadrat.de>
>Cc: "Tony Publiski" <tonster at tonster.com><mailto:tonster at tonster.com>; "Phil Pearl"
><ppearl at zimbra.com><mailto:ppearl at zimbra.com>; users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>
>Sent: 4/13/2018 4:41:18 AM
>Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break FOSS
>only servers
>
>>No this was always FOSS only, not Zextras no Talk none of that.
>>
>>Kind regards,
>>
>>Barry de Graaff
>>Zeta Alliance
>>Co-founder & Developer
>>zetalliance.org<http://zetalliance.org> | github.com/Zimbra-Community<http://github.com/Zimbra-Community>
>>
>>+31 617 220 227 | skype: barrydegraaff.tk
>>Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
>>
>>----- Original Message -----
>>From: "Malte S. Stretz" <mss at msquadrat.de><mailto:mss at msquadrat.de>
>>To: "Barry en Katie de Graaff" <info at barrydegraaff.tk><mailto:info at barrydegraaff.tk>
>>Cc: "Tony Publiski" <tonster at tonster.com><mailto:tonster at tonster.com>, "Phil Pearl"
>><ppearl at zimbra.com><mailto:ppearl at zimbra.com>, users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>
>>Sent: Friday, April 13, 2018 10:35:12 AM
>>Subject: Re: [Users] Zimbra 8.8.8 Patch 1 release - Seems to break
>>FOSS only servers
>>
>>Hi Barry,
>>
>>
>>I always have trouble reading the dependency output of yum but to me
>>it
>>looks like zimbra-network-modules-ng is pulled in by zimbra-talk.
>>Which
>>isn't supported for FOSS and shouldn't appear in the dependency tree
>>at
>>all. Especially both zimbra-chat and zimbra-talk shouldn't appear at
>>the
>>same time.
>>
>>
>>Did you by any chance downgrade this system from NE to FOSS at
>>somepoint? Since this sounds a bit like the issue I had with such a
>>downgrade on Ubuntu and for which I filed
>>https://bugzilla.zimbra.com/show_bug.cgi?id=108911
>>
>>
>>Cheers,
>>
>>Malte
>>
>>
>>
>>On 13.04.2018 09:13, Barry de Graaff wrote:
>>>Hello Tony and Phil,
>>>
>>>It seems the patch 8.8.8 p1 is distributed via the repos.
>>>
>>>It does NOT seem to work if one runs a FOSS only server (aka without
>>>Zextras).
>>>
>>>I am addressing Phil as there is a CVE 5.8 Major security fix in the
>>>patch.
>>>
>>>[root at zimbra1 ~]# yum update -y
>>>Loaded plugins: fastestmirror, langpacks
>>>Loading mirror speeds from cached hostfile
>>>* base: centos.mirror.triple-it.nl<http://centos.mirror.triple-it.nl>
>>>* epel: mirror.1000mbps.com<http://mirror.1000mbps.com>
>>>* extras: mirror.denit.net<http://mirror.denit.net>
>>>* updates: mirror.prolocation.net<http://mirror.prolocation.net>
>>>Resolving Dependencies
>>>--> Running transaction check
>>>---> Package zimbra-chat.x86_64 0:1.0.13.1521626727-2.r7 will be
>>>obsoleted
>>>---> Package zimbra-common-core-jar.x86_64 0:1.0.0.1521707697-1.r7
>>>will be updated
>>>---> Package zimbra-common-core-jar.x86_64 0:1.0.0.1522952748-1.r7
>>>will be an update
>>>---> Package zimbra-mbox-conf.x86_64 0:1.0.0.1521707697-1.r7 will be
>>>updated
>>>---> Package zimbra-mbox-conf.x86_64 0:1.0.0.1522952748-1.r7 will be
>>>an update
>>>---> Package zimbra-mbox-service.x86_64 0:1.0.0.1521707697-1.r7 will
>>>be updated
>>>---> Package zimbra-mbox-service.x86_64 0:1.0.0.1522952748-1.r7 will
>>>be an update
>>>---> Package zimbra-mbox-war.x86_64 0:1.0.0.1521707697-1.r7 will be
>>>updated
>>>---> Package zimbra-mbox-war.x86_64 0:1.0.0.1522952748-1.r7 will be
>>>an
>>>update
>>>---> Package zimbra-mbox-webclient-war.x86_64 0:1.0.0.1521723166-1.r7
>>>will be updated
>>>---> Package zimbra-mbox-webclient-war.x86_64 0:1.0.0.1523095946-1.r7
>>>will be an update
>>>---> Package zimbra-talk.x86_64 0:1.0.3.1523266296-1.r7 will be
>>>obsoleting
>>>--> Processing Dependency: zimbra-network-modules-ng >= 1.0.14 for
>>>package: zimbra-talk-1.0.3.1523266296-1.r7.x86_64
>>>--> Running transaction check
>>>---> Package zimbra-network-modules-ng.x86_64
>>>0:1.0.14.1522918190-1.r7
>>>will be installed
>>>--> Processing Dependency: zimbra-network-store >= 8.8.8 for package:
>>>zimbra-network-modules-ng-1.0.14.1522918190-1.r7.x86_64
>>>--> Finished Dependency Resolution
>>>*Error: Package:
>>>zimbra-network-modules-ng-1.0.14.1522918190-1.r7.x86_64
>>>(zimbra-888-patch)*
>>>*           Requires: zimbra-network-store >= 8.8.8*
>>>You could try using --skip-broken to work around the problem
>>>You could try running: rpm -Va --nofiles --nodigest
>>>
>>>[root at zimbra1 ~]# su zimbra
>>>[zimbra at zimbra1 root]$ zmcontrol -v
>>>Release 8.8.8_GA_2009.RHEL7_64_20180322150747 RHEL7_64 FOSS edition.
>>>
>>>This is a FOSS only server, and should not fetch
>>>*zimbra-network-modules-ng.*
>>>
>>>
>>>Funny thing is, that on a FOSS server with Zextras installed, it does
>>>work:
>>>[root at mail ~]# yum update -y
>>>Loaded plugins: fastestmirror
>>>Loading mirror speeds from cached hostfile
>>>* base: mirrors.centos.webair.com<http://mirrors.centos.webair.com>
>>>* epel: mirror.math.princeton.edu<http://mirror.math.princeton.edu>
>>>* extras: mirrors.centos.webair.com<http://mirrors.centos.webair.com>
>>>* updates: mirrors.tripadvisor.com<http://mirrors.tripadvisor.com>
>>>Resolving Dependencies
>>>--> Running transaction check
>>>---> Package zimbra-common-core-jar.x86_64 0:1.0.0.1521707697-1.r7
>>>will be updated
>>>---> Package zimbra-common-core-jar.x86_64 0:1.0.0.1522952748-1.r7
>>>will be an update
>>>---> Package zimbra-mbox-conf.x86_64 0:1.0.0.1521707697-1.r7 will be
>>>updated
>>>---> Package zimbra-mbox-conf.x86_64 0:1.0.0.1522952748-1.r7 will be
>>>an update
>>>---> Package zimbra-mbox-service.x86_64 0:1.0.0.1521707697-1.r7 will
>>>be updated
>>>---> Package zimbra-mbox-service.x86_64 0:1.0.0.1522952748-1.r7 will
>>>be an update
>>>---> Package zimbra-mbox-war.x86_64 0:1.0.0.1521707697-1.r7 will be
>>>updated
>>>---> Package zimbra-mbox-war.x86_64 0:1.0.0.1522952748-1.r7 will be
>>>an
>>>update
>>>---> Package zimbra-mbox-webclient-war.x86_64 0:1.0.0.1521723166-1.r7
>>>will be updated
>>>---> Package zimbra-mbox-webclient-war.x86_64 0:1.0.0.1523095946-1.r7
>>>will be an update
>>>--> Finished Dependency Resolution
>>>
>>>Dependencies Resolved
>>>
>>>================================================================================
>>>Package                   Arch   Version     Repository        Size
>>>================================================================================
>>>Updating:
>>>zimbra-common-core-jar    x86_64 1.0.0.1522952748-1.r7
>>>zimbra-888-patch  13 M
>>>zimbra-mbox-conf          x86_64 1.0.0.1522952748-1.r7
>>>zimbra-888-patch  35 k
>>>zimbra-mbox-service       x86_64 1.0.0.1522952748-1.r7
>>>zimbra-888-patch 3.7 k
>>>zimbra-mbox-war           x86_64 1.0.0.1522952748-1.r7
>>>zimbra-888-patch  21 M
>>>zimbra-mbox-webclient-war x86_64 1.0.0.1523095946-1.r7
>>>zimbra-888-patch  24 M
>>>
>>>Transaction Summary
>>>================================================================================
>>>Upgrade  5 Packages
>>>
>>>Total download size: 59 M
>>>Downloading packages:
>>>Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
>>>(1/5): zimbra-mbox-conf-1.0.0.1522952748-1.r7.x86_64.rpm   |  35 kB
>>>00:00
>>>(2/5): zimbra-mbox-service-1.0.0.1522952748-1.r7.x86_64.rp | 3.7 kB
>>>00:00
>>>(3/5): zimbra-common-core-jar-1.0.0.1522952748-1.r7.x86_64 |  13 MB
>>>00:01
>>>(4/5): zimbra-mbox-war-1.0.0.1522952748-1.r7.x86_64.rpm    |  21 MB
>>>00:02
>>>(5/5): zimbra-mbox-webclient-war-1.0.0.1523095946-1.r7.x86 |  24 MB
>>>00:02
>>>--------------------------------------------------------------------------------
>>>Total  13 MB/s |  59 MB  00:04
>>>Running transaction check
>>>Running transaction test
>>>Transaction test succeeded
>>>Running transaction
>>>Warning: RPMDB altered outside of yum.
>>>  Updating   : zimbra-common-core-jar-1.0.0.1522952748-1.r7.x86_64
>>>1/10
>>>  Updating   : zimbra-mbox-war-1.0.0.1522952748-1.r7.x86_64   2/10
>>>  Updating   : zimbra-mbox-conf-1.0.0.1522952748-1.r7.x86_64  3/10
>>>  Updating   : zimbra-mbox-service-1.0.0.1522952748-1.r7.x86_64   4/10
>>>  Updating   : zimbra-mbox-webclient-war-1.0.0.1523095946-1.r7.x86_64
>>>  5/10
>>>  Cleanup    : zimbra-mbox-service-1.0.0.1521707697-1.r7.x86_64   6/10
>>>  Cleanup    : zimbra-mbox-war-1.0.0.1521707697-1.r7.x86_64   7/10
>>>  Cleanup    : zimbra-mbox-conf-1.0.0.1521707697-1.r7.x86_64  8/10
>>>  Cleanup    : zimbra-common-core-jar-1.0.0.1521707697-1.r7.x86_64
>>>9/10
>>>  Cleanup    : zimbra-mbox-webclient-war-1.0.0.1521723166-1.r7.x86_64
>>>10/10
>>>  Verifying  : zimbra-mbox-conf-1.0.0.1522952748-1.r7.x86_64  1/10
>>>  Verifying  : zimbra-mbox-war-1.0.0.1522952748-1.r7.x86_64   2/10
>>>  Verifying  : zimbra-mbox-service-1.0.0.1522952748-1.r7.x86_64   3/10
>>>  Verifying  : zimbra-mbox-webclient-war-1.0.0.1523095946-1.r7.x86_64
>>>  4/10
>>>  Verifying  : zimbra-common-core-jar-1.0.0.1522952748-1.r7.x86_64
>>>5/10
>>>  Verifying  : zimbra-mbox-webclient-war-1.0.0.1521723166-1.r7.x86_64
>>>  6/10
>>>  Verifying  : zimbra-mbox-war-1.0.0.1521707697-1.r7.x86_64   7/10
>>>  Verifying  : zimbra-mbox-service-1.0.0.1521707697-1.r7.x86_64   8/10
>>>  Verifying  : zimbra-common-core-jar-1.0.0.1521707697-1.r7.x86_64
>>>9/10
>>>  Verifying  : zimbra-mbox-conf-1.0.0.1521707697-1.r7.x86_64 10/10
>>>
>>>Updated:
>>>  zimbra-common-core-jar.x86_64 0:1.0.0.1522952748-1.r7
>>>  zimbra-mbox-conf.x86_64 0:1.0.0.1522952748-1.r7
>>>  zimbra-mbox-service.x86_64 0:1.0.0.1522952748-1.r7
>>>  zimbra-mbox-war.x86_64 0:1.0.0.1522952748-1.r7
>>>  zimbra-mbox-webclient-war.x86_64 0:1.0.0.1523095946-1.r7
>>>
>>>Complete!
>>>[root at mail ~]# su zimbra
>>>[zimbra at mail root]$ zmcontrol restart
>>>
>>>Good thing it's Friday!
>>>
>>>Kind regards,
>>>
>>>Barry de Graaff
>>>Zeta Alliance
>>>Co-founder & Developer
>>>zetalliance.org<http://zetalliance.org> | github.com/Zimbra-Community<http://github.com/Zimbra-Community>
>>>
>>>+31 617 220 227 | skype: barrydegraaff.tk
>>>Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
>>>
>>>------------------------------------------------------------------------
>>>*From: *"L Mark Stone" <lmstone at lmstone.com><mailto:lmstone at lmstone.com>
>>>*To: *"Randy Leiker" <randy at skywaynetworks.com><mailto:randy at skywaynetworks.com>,
>>>users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>, "Tony Publiski" <tonster at tonster.com><mailto:tonster at tonster.com>
>>>*Sent: *Friday, April 13, 2018 2:03:48 AM
>>>*Subject: *Re: [Users] Zimbra 8.8.8 Patch 1 release
>>>
>>>On a single Zimbra 8.8.8 server, a number of the Zimbra packages
>>>today
>>>were given updates that I installed prior to installing the patch,
>>>FWIW.
>>>
>>>
>>>Not sure how/if they are connected?
>>>
>>>
>>>    Start-Date: 2018-04-1218:40:46
>>>
>>>    Commandline: apt-get dist-upgrade
>>>
>>>    Upgrade: zimbra-mbox-service:amd64 (1.0.0.1521707697-1.u16,
>>>    1.0.0.1522952748-1.u16), plymouth-theme-ubuntu-text:amd64
>>>    (0.9.2-3ubuntu13.3, 0.9.2-3ubuntu13.4), zimbra-mbox-conf:amd64
>>>    (1.0.0.1521707697-1.u16, 1.0.0.1522952748-1.u16),
>>>    libplymouth4:amd64 (0.9.2-3ubuntu13.3, 0.9.2-3ubuntu13.4),
>>>    apport:amd64 (2.20.1-0ubuntu2.15, 2.20.1-0ubuntu2.16),
>>>    zimbra-talk:amd64 (1.0.2.1521642559-1.u16,
>>>    1.0.3.1523266296-1.u16), python3-apport:amd64 (2.20.1-0ubuntu2.15,
>>>    2.20.1-0ubuntu2.16), zimbra-mbox-war:amd64
>>>    (1.0.0.1521707697-1.u16, 1.0.0.1522952748-1.u16), plymouth:amd64
>>>    (0.9.2-3ubuntu13.3, 0.9.2-3ubuntu13.4),
>>>    zimbra-common-core-jar:amd64 (1.0.0.1521707697-1.u16,
>>>    1.0.0.1522952748-1.u16), zimbra-network-modules-ng:amd64
>>>    (1.0.13+1521603981-1.u16, 1.0.14.1522918190-1.u16),
>>>    python3-problem-report:amd64 (2.20.1-0ubuntu2.15,
>>>    2.20.1-0ubuntu2.16), zimbra-mbox-webclient-war:amd64
>>>    (1.0.0.1521723166-1.u16, 1.0.0.1523095946-1.u16)
>>>
>>>    End-Date: 2018-04-1218:41:17
>>>
>>>
>>>    Start-Date: 2018-04-1218:44:25
>>>
>>>    Commandline: apt-get install zimbra-patch
>>>
>>>    Install: zimbra-patch:amd64 (8.8.8.1.1522961836-1.u16)
>>>
>>>    End-Date: 2018-04-1218:44:32
>>>
>>>
>>>
>>>*_________________________________________________*
>>>
>>>*Another Message From...   L. Mark Stone*
>>>
>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>*From:* Users <users-bounces at lists.zetalliance.org><mailto:users-bounces at lists.zetalliance.org> on behalf of Tony
>>>Publiski <tonster at tonster.com><mailto:tonster at tonster.com>
>>>*Sent:* Thursday, April 12, 2018 7:09 PM
>>>*To:* Randy Leiker; users at lists.zetalliance.org<mailto:users at lists.zetalliance.org>
>>>*Subject:* Re: [Users] Zimbra 8.8.8 Patch 1 release
>>>I haven't actually looked at what's fixed in this patch, however
>>>*most* of the time you don't need to ever patch anything but the
>>>store
>>>server, so really I wouldn't even both with the other nodes. Yes, the
>>>zimbra-common-core-jar package is used by zmprov, and thus exists on
>>>all nodes, however it's almost certain that nothing patched affects
>>>the non-mailbox server nodes. The former patch would, of course, run
>>>on all nodes, but only actually copied files based on what services
>>>were installed, and I can't remember a patch I was involved in
>>>actually patching anything on non-store nodes.
>>>
>>>Tony
>>>
>>>------ Original Message ------
>>>From: "Randy Leiker" <randy at skywaynetworks.com<mailto:randy at skywaynetworks.com>
>>><mailto:randy at skywaynetworks.com>>
>>>To: users at lists.zetalliance.org<mailto:users at lists.zetalliance.org> <mailto:users at lists.zetalliance.org>
>>>Sent: 4/12/2018 7:03:31 PM
>>>Subject: [Users] Zimbra 8.8.8 Patch 1 release
>>>
>>>    Hi Everyone,
>>>
>>>    Today Zimbra 8.8.8 Patch 1 was released as GA:
>>>https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1
>>>
>>>    One of the bug fixes included (35115) helps with the Zimbra High
>>>    Availability open source project I've been working on developing.
>>>     I'll be publishing the initial reference designs for that project
>>>    very soon on its own web site.  In the meantime, I deployed 8.8.8
>>>    patch 1 to begin testing in my lab environment which is running
>>>    CentOS 7, with ZCS 8.8.8.  The install instructions as written in
>>>    the release notes for Red Hat/CentOS servers
>>>
>>>(https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P1#Install_the_Patch)
>>>    work fine if you're running a single server install of ZCS.  But,
>>>    if you're running a multi-node install of ZCS, the patch install
>>>    instructions in the release notes are inaccurate.
>>>
>>>    In my lab environment, I have the following ZCS nodes provisioned:
>>>
>>>      * 2 x LDAP MMR nodes
>>>      * 2 x MTA nodes
>>>      * 2 x Proxy nodes
>>>      * 2 x Mailbox nodes
>>>
>>>    If you attempt to follow the install instructions for the patch
>>>    with a similar ZCS multi-node environment as noted above, you'll
>>>    see a dependency failure in Yum that will prevent the patch from
>>>    installing:
>>>
>>>    Error: Package: zimbra-patch-8.8.8.1.1522961836-1.r7.x86_64
>>>    (zimbra-888-patch)
>>>               Requires: zimbra-store >= 8.8.8
>>>     You could try using --skip-broken to work around the problem
>>>     You could try running: rpm -Va --nofiles --nodigest
>>>
>>>    This occurs because the zimbra-store package isn't installed on
>>>    all of the ZCS nodes.  Instead, what you'll need to do is on your
>>>    LDAP, MTA, and Proxy nodes, or essentially any ZCS node where the
>>>    zimbra-store package is NOT installed, simply run these commands:
>>>
>>>      * As the root user:
>>>          o yum upgrade (upgrades the zimbra-common-core-jar package)
>>>      * As the zimbra user:
>>>          o zmcontrol restart
>>>
>>>    Then, on your ZCS mailbox nodes (where the zimbra-store package is
>>>    installed), follow the install instructions as written in the
>>>    8.8.8 Patch 1 release notes.
>>>
>>>    When you get to the section in the release notes that advises
>>>running:
>>>
>>>      * yum install zimbra-network-modules-ng
>>>      * yum install zimbra-chat  OR    yum install zimbra-talk
>>>
>>>    If you've already upgraded to 8.8.8, which would of course be the
>>>    case if you're trying to install patch 1, the 8.8.8 install
>>>    process uninstalls the zimbra-chat package & replaces it with
>>>    zimbra-talk, so you only need to run:
>>>
>>>      * As the root user:
>>>          o yum install zimbra-network-modules-ng
>>>          o yum install zimbra-talk
>>>      * As the zimbra user:
>>>          o zmmailboxdctl restart
>>>
>>>    Otherwise, all of the ZCS services appeared to start successfully
>>>    following the install of Patch 1. I wasn't able to test it within
>>>    my Zimbra lab environment, but I suspect the Ubuntu install
>>>    instructions in the release notes need a similar clarification for
>>>    multi-node ZCS installs.
>>>
>>>
>>>    Randy Leiker (randy at skywaynetworks.com<mailto:randy at skywaynetworks.com>
>>>    <mailto:randy at skywaynetworks.com> )
>>>    Skyway Networks, LLC
>>>    1.800.538.5334 / 913.663.3900 Ext. 100
>>>https://www.skywaynetworks.com <http://www.skywaynetworks.com>
>>>
>>>






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20180417/6a92d26c/attachment.html>


More information about the Users mailing list