Upgrade SysPass from 2.1 to 3.0
Hi Tech Guys,
SysPass It’s one of the best powerful Free and Open Source web application that provides a password management in a secure and collaborative way with intuitive web UI and several useful features.
More informations on the official website syspass.org.
In this tutorial are going to upgrade step by step from version 2.1 to 3.0, and if you installed previously with php 5.6, we will upgrade on version 7.0 because is supported from the application.
There are important changes in the version 3.0, a fully database structure change, “config” directory is moved off to “/app/config”, Composer PHP package manager is used to install and keep up-to-date sysPass dependencies.
Requirements:
-Centos 7.3 server with minimal hardware configuration (depends of your needs).
-Syspass version 2.1 installed.
-ROOT permission on server.
-Internet connection to download all needed packages.
-Good IT basic knowledge and a bit of patience…
Let’s Start!
Stop Apache web server before start, is not mandatory but we prefer to stop it so no one can use the application in the while.
systemctl stop httpd.service
Backup everything and if you can, snapshot your system (just in case).
There are three general ways to backup with mysqldump, choose what you prefer:
shell> mysqldump [options] db_name [tbl_name ...] shell> mysqldump [options] --databases db_name ... shell> mysqldump [options] --all-databases
move on /tmp (we backup twice, never enough):
mysqldump -p --all-databases > all_databases.sql mysqldump -p syspass > syspass.sql
in additions for precautions save on your local pc, so execute those command with scp:
scp root@[syspass_srv_ip]:/tmp/all_databases.sql /(your local path for backup) scp root@[syspass_srv_ip]:/root/syspass.sql /(your local path for backup)
copy /config folder on your pc
scp -r root@[syspass_ip]:/var/www/html/sysPass/config (your local path for backup)
and on /tmp as well so will be ready at copy time
cp /var/www/html/sysPass/config /tmp
(optional) If your bakup folder is populated and you wish to hold the previous folder, copy also the backup
cp /var/www/html/sysPass/backup /tmp
(optional) only if you have an old php version and would like to switch to 7.0 remove all older php pkgs
yum remove -y php*
once you can, and you are on it, update all server pkgs
yum update -y
install epel to get extras repository and utils tools
yum install epel-release yum-utils -y
and repo to download and activate php 7.0 pkgs, otherwise you will download last version not supported from syspass.
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum-config-manager --enable remi-php70
install all required php 7.0 pkgs
yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysql php-xml php-devel php-intl php-mbstring php-bcmath php-pdo php-ldap
also install this pkgs required from composer
yum install git zip unzip php7.0-zip -y
be sure maria db and apache are updated to latest version, once you touch the server
yum upgrade -y httpd mariadb-server mariadb
Move on /tmp, download last version of sysPass (if in the time a newer update of version 3 used in this tutorial was released, change the paths) decompress, remove all old folders (or rename if you are not sure) and move the new folder on apache html folder.
cd /tmp wget https://github.com/nuxsmin/sysPass/archive/3.0.5.19020701.tar.gz tar -xvzf 3.0.5.19020701.tar.gz mv sysPass-3.0.5.19020701 sysPass rm 3.0.5.19020701.tar.gz rm -rf /var/www/html/sysPass cp -rf sysPass /var/www/html/. rm -rf /tmp/sysPass
Move the original syspass config folder that contain “config.xml”, “key.pem” , “pubkey.pem” and “syspass.log” if you want to keep old logs, to the new path
cp /tmp/config/* /var/www/html/sysPass/app/config/.
Change permission to whole folder
chown apache -R /var/www/html/sysPass chmod 750 /var/www/html/sysPass/app/config /var/www/html/sysPass/app/backup
Be careful at /app/config because contain important information, however you can use .htaccess to make it not accessible to all world (if is on public network).
If selinux is not disabled and is in enforcing mode use those command to allow the program to write its configuration and some other files, so Change SELinux’s context and user
setsebool -P httpd_can_connect_ldap 1
chcon -R -t httpd_sys_rw_content_t /var/www/html/syspass/app/{config,backup,cache,temp}
Go back in the main app folder
cd /var/www/html/sysPass
Download and install composer PHP package manager, used to install and keep up-to-date sysPass dependencies
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
php composer.phar install --no-dev
In conclusion restart Apache service
systemctl start httpd.service
Point your browser to https://[ip_or_hostname]/sysPass/index.php or https://[ip_or_hostname]/sysPass/index.php?r=login
more information at official RTD official site
—>>> ENJOY!!! <<<—
Update OTRS from v5.x.x+ to v6.x.x+ on centos7
Hi Tech Guys,
Sometimes OTRS need some care to be up-to-date and secure, than here you can find a right and easy way to update OTRS from v5 to v6 (IMPORTANT: only from any v5.x.x to any v6.x.x)
We recommend to test in a clone or test machine before to move and do any edit in a production environment (avoid disaster please).
The database migration from OTRS 5 to 6 performs significant changes to database tables and data. Be sure that there is enough storage space available to complete the migration. You cannot update from any OTRS version directly to OTRS 6. For example, if you come from OTRS 3.0, you first have to full update to OTRS 3.1, then to 3.2, 3.3, 4, 5 and finally to OTRS 6. If you have any custom Perl or XML configuration files in Kernel/Config/Files, these need to be converted to the new formats supported by OTRS 6 before running the migration script.
Requirements:
-Centos 7.3 server with minimal hardware configuration (depends of your needs).
-ROOT permission on server.
-Internet connection to download all needed packages.
-Good IT basic knowledge and a bit of patience…
Let’s Start!
Stop all services used by the ticketing system before proceding
systemctl stop crond systemctl stop postfix systemctl stop httpd
Move in the main path and stop daemon as otrs user
cd /opt/otrs/ su -c "/opt/otrs/bin/otrs.Daemon.pl stop" -s /bin/bash otrs su -c "/opt/otrs/bin/Cron.sh stop" -s /bin/bash otrs
Backup otrs database and /opt/otrs/ folder, i prefer to keep safe everything on other location than the working server
mysqldump -p otrs > otrsdbbackup.sql scp root@otrs.yobicloud.local:/root/otrsdbbackup.sql (your local path for backup) scp -r root@otrs.yobicloud.local:/opt/otrs (your local path for backup)
Rename the old folder because you will need some files of your previous configuration, download the packages of the newer version (in this case the v5.0.21) decompress and rename the folder as the oldest, without the version number
yum update -y cd /opt/ mv otrs otrs-old wget http://ftp.otrs.org/pub/otrs/otrs-6.0.14.tar.gz tar -xzf otrs-6.0.14.tar.gz mv otrs-6.0.14 otrs
Move your olds config and ticket numbers files, from the backup folder to the new
cp /opt/otrs-old/Kernel/Config.pm /opt/otrs/Kernel/ cp /opt/otrs-old/Kernel/Config/Files/ZZZAuto.pm /opt/otrs/Kernel/Config/Files/
(Optional) If you store article data in the filesystem you have to restore the article folder, or the specified folder in the SysConfig if is tuned
(Optional) cp -rf /opt/otrs-old/var/article/ /opt/otrs/var/.
(Optional) Restore already installed default statistics. If you have additional packages with default statistics you have to restore the stats xml files with the suffix *.installed to /opt/otrs/var/stats.
(Optional) cd OTRS-BACKUP/var/stats cp *.installed /opt/otrs/var/stats
Set the permission as root user, will detect the correct user and group settings needed for your setup
cd /opt/otrs/ bin/otrs.SetPermissions.pl
Check if some PERL modules are missing, and install any modules that might be needed for your configuration
/opt/otrs/bin/otrs.CheckModules.pl
The output will be something like this:
o Apache::DBI................................ok (v1.12) o Apache2::Reload............................ok (v0.13) o Archive::Tar...............................ok (v1.92) o Archive::Zip...............................ok (v1.30) o Crypt::Eksblowfish::Bcrypt.................ok (v0.009) o Crypt::SSLeay..............................ok (v0.64) o Date::Format...............................ok (v2.24) o DateTime...................................Not installed! Use: 'yum install "perl(DateTime)"' (required) o DBI........................................ok (v1.627) o DBD::mysql.................................ok (v4.023) o DBD::ODBC..................................Not installed! (optional - Required to connect to a MS-SQL database.) o DBD::Oracle................................Not installed! (optional - Required to connect to a Oracle database.) o DBD::Pg....................................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.) o Digest::SHA................................ok (v5.85) o Encode::HanExtra...........................Not installed! Use: 'yum install "perl(Encode::HanExtra)"' (optional - Required to handle mails with several Chinese character sets.) o IO::Socket::SSL............................ok (v1.94) o JSON::XS...................................ok (v3.01) o List::Util::XS.............................ok (v1.27) o LWP::UserAgent.............................FAILED! Not all prerequisites for this module correctly installed. o Mail::IMAPClient...........................ok (v3.37) o IO::Socket::SSL............................ok (v1.94) o Authen::SASL...............................ok (v2.15) o Authen::NTLM...............................ok (v1.09) o ModPerl::Util..............................ok (v2.000010) o Net::DNS...................................ok (v0.72) o Net::LDAP..................................ok (v0.56) o Template...................................ok (v2.24) o Template::Stash::XS........................ok (undef) o Text::CSV_XS...............................ok (v1.00) o Time::HiRes................................ok (v1.9725) o XML::LibXML................................ok (v2.0018) o XML::LibXSLT...............................ok (v1.80) o XML::Parser................................ok (v2.41) o YAML::XS...................................ok (v0.54)
This is an update, than the installation of other modules are not necessary except for “perl(DateTime)”, because all you need was already installed, until you need to change DB.
The module “perl(DateTime)” is required from version 6 of otrs for the new features, otherwise the installation cannot proceed.
In my case i will not install any DB modules but only the required (note that LWP::UserAgent will be automagically installed after DateTime)
yum install "perl(DateTime)"
You can re-check the modules with the script
/opt/otrs/bin/otrs.CheckModules.pl
and if the missing will be only the DB packages other than your, you can proceed with the migration.
Is time to migrate…
This is required only If you have any custom Perl or XML configuration files in Kernel/Config/Files from previus version and need to be converted to the new formats supported by OTRS 6 before running the migration script more information here.
Important: Kernel/Config/Files/ZZZAuto.pm has been merged into Kernel/Config/Files/ZZZAAuto.pm.
If Between the folder /opt/otrs/Kernel/Config/Files/ and /opt/otrs-old/Kernel/Config/Files/ there are differents files .pm, copy the missing files from /opt/otrs-old/Kernel/Config/Files/ to /opt/otrs/Kernel/Config/Files/ except ZZZAuto.pm, if there are different .XML files, copy them in /opt/otrs/Kernel/Config/Files/
In my case, as you can see in the video i moved the files from my production envirorment to test the migration, you can move it from otrs-old folder if there are.
scp (your local path for backup)xmlotrs/* root@otrs.yobicloud.local:/opt/otrs/Kernel/Config/Files/
OTRS 6 uses a new XML configuration file format and the location of configuration files moved from Kernel/Config/Files to Kernel/Config/Files/XML. To convert existing XML configuration files to the new format and location, you can use the following tool that is part of the OTRS framework:
cd /opt/otrs/ su -c "bin/otrs.Console.pl Dev::Tools::Migrate::ConfigXMLStructure --source-directory Kernel/Config/Files/" -s /bin/bash otrs
Now is time to apply the database changes and update schema as otrs user NOT as root.
cd /opt/otrs su -c "scripts/DBUpdate-to-6.pl" -s /bin/bash otrs
Last step is to update the installed packages because from OTRS 5 are not compatible with OTRS 6 and have to be updated.
You can use the command below to update all installed packages. This works for all packages that are available from online repositories. You can update other packages later via the package manager from GUI.
cd /opt/otrs/ su -c "bin/otrs.Console.pl Admin::Package::UpgradeAll" -s /bin/bash otrs
Restart your services
systemctl start httpd systemctl start postfix systemctl start crond
Start the daemon as otrs user.
su -c "/opt/otrs/bin/otrs.Daemon.pl start" -s /bin/bash otrs su -c "/opt/otrs/bin/Cron.sh start" -s /bin/bash otrs
delete install packages, my sql backup, and otrs-old folder locate in /opt for the production server, to clean the machine or leave more space.
here the link for the official docs
—>>> ENJOY!!! <<<—
Install OTRS v5.x.x on centos 7 with SSL
OTRS is an Open source Ticket Request System, the best, flexible ticket and process management system that allows service management professionals in any company to support, managing, ordering and track back the solutions, based on IT department cooperation, will become an indispensable tool in everyday life of IT troubleshooters.
Requirements:
-Centos 7.3 server with Minimum 1 CPU, 2 GB of RAM for normal working ( if you have a massive email flow, we suggest to upgrade the hardware )
-ROOT permission on server.
-E-mail account and mail-server settings
-Internet connection to download all needed packages.
-Good IT knowledge and a bit of patience…
Let’s Start!
Setup network with static IP and set DNS
First of all, update your server
yum update -y
Change hostname at your server if needed
hostnamectl set-hostname otrs.yobicloud.local
Install some useful packages, wget to download, network tools (always useful to troubleshoot network), htop to monitor the hardware and processes with a helpful graphics and mod_ssl to configure Secure connection SSL/TLS over HTTP on Apache2.
yum install wget net-tools htop mod_ssl
Enable the EPEL repository
yum install epel-release
Disable selinux in /etc/selinux/config file to avoid problems until you know what are doing…
Then open the file and change the line SELINUX=enforcing to SELINUX=disabled, save and reboot server
reboot
Then re-update your system.
yum update -y
I will use MySQL opensource for database, then install MariaDB, but there are different alternatives like Postgres, Oracle or MS-SQL, and if you are comfortable with them, use it. you just need to install differents otrs modules for make it working properly. I will continue with a standard MariaDB database
yum install mariadb-server mariadb
You will need to change the default MySQL settings in order to make it suitable for OTRS. Open its configuration file using vi or your favorite text editor
vi /etc/my.cnf
Add the following lines under the [mysqld] section, which specify the sizes of a few files.
[mysqld]
max_allowed_packet=64M
query_cache_size=32M
innodb_log_file_size=256M
datadir=/var/lib/mysql
Then save and close the file. Make sure you do this before you start MySQL for the first time.
Now, start MariaDB.
systemctl start mariadb
Next, secure the MySQL database.
/usr/bin/mysql_secure_installation
You will be asked a few questions. You can accept the default values for all of the questions by just pressing ENTER for each, except for setting the new root password. Make a note of your root user password because you will need it later in this tutorial.
Now that we have everything, we need to install the OTRS application
We will install OTRS using the pre-built RPM package for CentOS. First, we need to download the latest RPM from their official repository. You can browse the repository directory to determine the latest version.
wget http://ftp.otrs.org/pub/otrs/RPMS/rhel/7/otrs-5.0.21-02.noarch.rpm
Next, install OTRS (note that sometimes you have to install twice).
yum install --nogpgcheck otrs-5.0.21-02.noarch.rpm
OTRS is written in Perl and uses a number of Perl modules. We can check for missing modules by using the CheckModules.pl script included with OTRS.
If some PERL modules are missing, install which might be needed for your configuration
/opt/otrs/bin/otrs.CheckModules.pl
The output will be something like this:
o Apache::DBI......................ok (v1.12) o Apache2::Reload..................ok (v0.13) o Archive::Tar.....................ok (v1.92) o Archive::Zip.....................ok (v1.30) o Crypt::Eksblowfish::Bcrypt.......Not installed! Use: 'yum install "perl(Crypt::Eksblowfish::Bcrypt)"' (optional - For strong password hashing.) o Crypt::SSLeay....................ok (v0.64) o Date::Format.....................ok (v2.24) o DBI..............................ok (v1.627) o DBD::mysql.......................ok (v4.023 o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.) o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.) o DBD::Pg..........................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.) o Digest::SHA......................ok (v5.85) o Encode::HanExtra.................Not installed! Use: 'yum install "perl(Encode::HanExtra)"' (optional - Required to handle mails with several Chinese character sets.) o IO::Socket::SSL..................ok (v1.94) o JSON::XS.........................Not installed! Use: 'yum install "perl(JSON::XS)"' (optional - Recommended for faster AJAX/JavaScript handling.) o List::Util::XS...................ok (v1.27) o LWP::UserAgent...................ok (v6.13) o Mail::IMAPClient.................Not installed! Use: 'yum install "perl(Mail::IMAPClient)"' (optional - Required for IMAP TLS connections.) o IO::Socket::SSL..................ok (v1.94) o Authen::SASL.....................ok (v2.15) o Authen::NTLM.....................Not installed! Use: 'yum install "perl(Authen::NTLM)"' (optional - Required for NTLM authentication mechanism in IMAP connections.) o ModPerl::Util....................Not installed! Use: 'yum install "perl(ModPerl::Util)"' (optional - Improves Performance on Apache webservers dramatically.) o Net::DNS.........................ok (v0.72) o Net::LDAP........................ok (v0.56) o Template.........................ok (v2.24) o Template::Stash::XS..............ok (undef) o Text::CSV_XS.....................Not installed! Use: 'yum install "perl(Text::CSV_XS)"' (optional - Recommended for faster CSV handling.) o Time::HiRes......................ok (v1.9725) o Time::Piece......................ok (v1.20_01) o XML::LibXML......................ok (v2.0018) o XML::LibXSLT.....................ok (v1.80) o XML::Parser......................ok (v2.41) o YAML::XS.........................Not installed! Use: 'yum install "perl(YAML::XS)"' (required - Very important)
As you can see, all checked modules are followed by a comment that will help you in the installation. Not all modules are necessary to you, for example if you have a my-sql DB (DBD::mysql module already install), the “perl(DBD::Pg)” or “perl(DBD::ODBC)” or “perl(DBD::Oracle)” are not required to OTRS, instead if you have a PG DB than follow the comments and install with the command shown below, an so on…
example: yum install "perl(DBD::Pg)"
In my case i will not install any DB modules other than my-sql, but I’ll proceed with the missing tagged like required, optional and recommended needed to me (so analyze your needs before continue and install your needs )
yum install "perl(XML::LibXSLT)"
yum install "perl(Authen::NTLM)"
yum install "perl(YAML::XS)"
yum install "perl(Text::CSV_XS)"
yum install "perl(ModPerl::Util)"
yum install "perl(Mail::IMAPClient)"
yum install "perl(JSON::XS)"
yum install "perl(Crypt::Eksblowfish::Bcrypt)"
You can re-check the modules with the script:
/opt/otrs/bin/otrs.CheckModules.pl
Add firewall exceptions for port 80-443 and reload firewalld conf
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload
Restart Apache2 service.
systemctl restart httpd
Start the OTRS daemon, activate cronjob as otrs user, and as root enable webserver and database at boot, now reboot to check that everything is starting alone.
sudo su - otrs -c "bin/otrs.Daemon.pl start"
sudo su - otrs -c "/opt/otrs/bin/Cron.sh start"
systemctl enable httpd
systemctl enable mariadb
reboot
Configure from the front-end, once all previous step went done.
Open in browser https://otrs.yobicloud.local/otrs/installer.pl use your own ip or hostname instead of “otrs.yobicloud.local”, note that if you installed mod_ssl, the apache package for SSL, you will have https already activated with basic configuration and certificate, later you will need just to make default, and tune otrs sysconfig and the apache conf files, to generate new certificate follow our apache tutorial.
will show world offices info, click next, and after reading you have to accept the license terms and conditions.
Is time to choose the DB, our installation is with MariaDB, so select MYSQL and ‘Create new DB for OTRS’ if you don’t want to use an existing one.
Fill in password, DB address if is different than local and press check DB settings, if everything is green like the photo below you can continue, Write down the password generated or change it (this is needed to log-in OTRS)
NEXT
In the STEP 3 fill in a fully qualified domain name(FQDN), or you can just use your server’s IP address, the Administrator email to get notify about errors or warning, the organization name, select logging type, main language and if you prefer to check MX record select YES.
To receive e-mails from customers configure an incoming account with type of mail ‘IMAP preferred’ mail address, user and password.
For outbound you can leave it so, if you not have particular configuration, you can check if will work pressing button ‘check mail configuration’ or ‘Skip this step’ to continue and check later.
Congratulation!!! Installation Completed, write down the Admin login credential
Now login using the credentials of the previus page at the link https://otrs.yobicloud.local/otrs/index.pl (use your own ip or hostname instead of “otrs.yobicloud.local”), after login you will receive two advice, one to create a new user for working with otrs, clicking on this link will redirect to the operators management page so create the new user here, and the other are relative at otrs daemon, to check if the daemon is up, use:
sudo su - otrs -c "bin/otrs.Daemon.pl status"
Note that the cron call the daemon every 5 minutes, than wait minimum 5 minutes and if the Daemon still is not running, follow the suggestion in the pop-up.
SSL/TLS connection over http is essential today in the scary web, consider activate the HTTPS on your web server.
(OPTIONAL)
If you have no possibility to activate it from the server click in the header menu on admin and select SysConfig, search for HTTPS, in the result click on core, scroll untill the configuration option HttpType and change to HTTPS.
Good practice is to also redirect all HTTP traffic to HTTPS, in case someone tries to access via an insecure link. This should be done on web server configuration level for maximum effect. However, in case this is not possible, you can set HTTPSForceRedirect to Yes in SysConfig if available.
(BEST WAY)
The best way is edit apache2 configuration, than if can be possible, chose this method instead previus (optional method), by creating a new file that will redirect all http request to otrs main page in https.
cd /etc/httpd/conf.d
vi ssl.conf
And add the following text (remember to edit with your own settings):
<VirtualHost *:80>
ServerName otrs.yobicloud.local
ServerName 192.168.24.101
Redirect permanent / https://otrs.yobicloud.local/otrs/index.pl
</VirtualHost>
Edit the main SSL config file for all HTTPS connection with some hardening tips
vi /etc/httpd/conf.d/ssl.conf
Uncomment and edit (always with your data) as:
DocumentRoot "/var/www/html"
ServerName 192.168.24.101:443
Some where in the file comment this line:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
and add the following lines to hardening a bit apache2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
until you leave untouched the default certificates, paths and names, you don’t need further changes, than restart apache2 to apply configuration.
systemctl restart httpd
Here the official documentation about OTRS.
—>>> ENJOY!!! <<<—
Update OTRS from v4.x.x+ to v5.x.x+ on centos7
Hi Tech Guys,
Sometimes OTRS need some care to be up-to-date and secure, than here you can find a right and easy way to update OTRS from v4 to v5 (IMPORTANT: only from any v4.x.x to any v5.x.x)
We recommend to test in a clone or test machine before to move and do any edit in a production environment (avoid disaster please).
Requirements:
-Centos 7.3 server with minimal hardware configuration (depends of your needs).
-ROOT permission on server.
-Internet connection to download all needed packages.
-Small IT basic knowledge and a bit of patience…
Let’s Start!
Stop all services used by the ticketing system before proceding
systemctl stop crond systemctl stop postfix systemctl stop httpd
Move in the main path and stop daemon
cd /opt/otrs su -c "bin/Cron.sh stop" -s /bin/bash otrs su -c "bin/otrs.Scheduler.pl -a stop" -s /bin/bash otrs
Backup otrs database and /opt/otrs/ folder, i prefer to keep safe everything on other location than the working server
mysqldump -p otrs > otrsdbbackup.sql scp root@10.0.0.58:/root/otrsdbbackup.sql /home/user/otrs/. scp -r root@10.0.0.58:/opt/otrs /home/user/otrs
Rename the old folder because you will need some files of your previous configuration, download the packages of the newer version (in this case the v5.0.21) decompress and rename the folder as the oldest, without the version number
cd /opt/
mv otrs otrs-old
wget ftp://ftp.otrs.org/pub/otrs/otrs-5.0.21.tar.gz
tar -xzf otrs-5.0.21.tar.gz
mv otrs-5.0.21 otrs
Move your olds config and ticket numbers files, from the backup folder to the new
cp /opt/otrs-old/Kernel/Config.pm /opt/otrs/Kernel/ cp /opt/otrs-old/Kernel/Config/GenericAgent.pm /opt/otrs/Kernel/Config/ cp /opt/otrs-old/Kernel/Config/Files/ZZZAuto.pm /opt/otrs/Kernel/Config/Files/ cp /opt/otrs-old/var/log/TicketCounter.log /opt/otrs/var/log/
(Optional) If you store article data in the filesystem you have to restore the article folder, or the specified folder in the SysConfig if is tuned
(Optional) cp -rf /opt/otrs-old/var/article/ /opt/otrs/var/.
Set the permission for Centos or Red Hat (Webserver with apache user)
cd /opt/otrs bin/otrs.SetPermissions.pl --web-group=apache
Check if some PERL modules are missing, and install any modules that might be needed for your configuration
/opt/otrs/bin/otrs.CheckModules.pl
The output will be something like this:
o Apache::DBI......................ok (v1.12) o Apache2::Reload..................ok (v0.13) o Archive::Tar.....................ok (v1.92) o Archive::Zip.....................ok (v1.30) o Crypt::Eksblowfish::Bcrypt.......Not installed! Use: 'yum install "perl(Crypt::Eksblowfish::Bcrypt)"' (optional - For strong password hashing.) o Crypt::SSLeay....................ok (v0.64) o Date::Format.....................ok (v2.24) o DBI..............................ok (v1.627) o DBD::mysql.......................ok (v4.023 o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.) o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.) o DBD::Pg..........................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.) o Digest::SHA......................ok (v5.85) o Encode::HanExtra.................Not installed! Use: 'yum install "perl(Encode::HanExtra)"' (optional - Required to handle mails with several Chinese character sets.) o IO::Socket::SSL..................ok (v1.94) o JSON::XS.........................Not installed! Use: 'yum install "perl(JSON::XS)"' (optional - Recommended for faster AJAX/JavaScript handling.) o List::Util::XS...................ok (v1.27) o LWP::UserAgent...................ok (v6.13) o Mail::IMAPClient.................Not installed! Use: 'yum install "perl(Mail::IMAPClient)"' (optional - Required for IMAP TLS connections.) o IO::Socket::SSL................ok (v1.94) o Authen::SASL...................ok (v2.15) o Authen::NTLM...................Not installed! Use: 'yum install "perl(Authen::NTLM)"' (optional - Required for NTLM authentication mechanism in IMAP connections.) o ModPerl::Util....................Not installed! Use: 'yum install "perl(ModPerl::Util)"' (optional - Improves Performance on Apache webservers dramatically.) o Net::DNS.........................ok (v0.72) o Net::LDAP........................ok (v0.56) o Template.........................ok (v2.24) o Template::Stash::XS..............ok (undef) o Text::CSV_XS.....................Not installed! Use: 'yum install "perl(Text::CSV_XS)"' (optional - Recommended for faster CSV handling.) o Time::HiRes......................ok (v1.9725) o Time::Piece......................ok (v1.20_01) o XML::LibXML......................ok (v2.0018) o XML::LibXSLT.....................ok (v1.80) o XML::Parser......................ok (v2.41) o YAML::XS.........................Not installed! Use: 'yum install "perl(YAML::XS)"' (required - Very important)
As you can see, all checked modules are followed by a comment that will help you in the installation. Not all modules are necessary to you, for example if you have a my-sql DB (DBD::mysql module already install), the “perl(DBD::Pg)” or “perl(DBD::ODBC)” or “perl(DBD::Oracle)” are not required to OTRS, instead if you have a PG DB than follow the comments and install with the command shown below, an so on…
example: yum install "perl(DBD::Pg)"
In my case i will not install any DB modules other than my-sql, but i’ll proceed with the missing tagged like required, optional and recommended needed to me (so analyze your needs before continue and install your needs )
yum install "perl(XML::LibXSLT)" yum install "perl(Authen::NTLM)" yum install "perl(YAML::XS)" yum install "perl(Text::CSV_XS)" yum install "perl(ModPerl::Util)" yum install "perl(Mail::IMAPClient) yum install "perl(JSON::XS)" yum install "perl(Crypt::Eksblowfish::Bcrypt)"
You can re-check the modules with the script:
/opt/otrs/bin/otrs.CheckModules.pl
Now is time to apply the database changes and update schema as otrs user NOT as root.
cd /opt/otrs cat scripts/DBUpdate-to-5.mysql.sql | mysql -p -f -u root otrs su -c "bin/otrs.Console.pl Maint::Database::Check" -s /bin/bash otrs su -c "scripts/DBUpdate-to-5.pl" -s /bin/bash otrs
Always as otrs user delete caches and refresh the configuration
su -c "bin/otrs.Console.pl Maint::Config::Rebuild" -s /bin/bash otrs su -c "bin/otrs.Console.pl Maint::Cache::Delete" -s /bin/bash otrs
Restart your services
systemctl start httpd systemctl start postfix systemctl start crond
Start the daemon as otrs user.
su -c "/opt/otrs/bin/otrs.Daemon.pl start" -s /bin/bash otrs
The defaults OTRS cron files are located in /opt/otrs/var/cron/*.dist, they assicuring that the OTRS Daemon is running. They need to be activated by copying them without the “.dist” filename extension, and than use the script Cron.sh as OTRS user to schedule these jobs.
cd /opt/otrs/var/cron for foo in *.dist; do cp $foo `basename $foo .dist`; done su -c "/opt/otrs/bin/Cron.sh start" -s /bin/bash otrs
delete the install packages, my sql backup, and otrs-old folder locate in /opt for the production server
here the link for the official docs
—>>> ENJOY!!! <<<—
Zimbra Tips & Tricks
Tips & Tricks
Here few tips & tricks based on our Zimbra experience.
SNMP package is optional, and if you want to use it, you need to install on all servers, i decide to not use it.
In case that you need to reinstall the zm packages use
./install.sh –-platform-override
make sure during the zm installation to check if all password are correctly setted and the same at both server.
If you will not setup zimbra configuration correctly you will not be notify to apply configurations in a multiserver envirorment, so check all settings to make smoothly the connections between master and replica.
If you cant apply configuration on the replica server, and LDAP connections work correctly, go on the master LDAP server, as a Zimbra user, type:
/opt/zimbra/libexec/zmldapenablereplica
If you can’t apply configuration because doesn’t show [a] for apply it mean that doesn’t have connection with the other server, or you did’t complete the setup configuration so check all parameters.
After apply configuration you will be asked to save in a conf file, Save config in file: [/opt/zimbra/config.”numbers”] inside that you will find the actual running configuration. Check Timezone on both server and check password on master to be the same on replica
zmlocalconfig -s ldap_replication_password
Important: If you have installed Zimbra MTA on the LDAP server, configure the Amavis and the Postfix passwords.
To find these values, run:
zmlocalconfig -s ldap_amavis_password zmlocalconfig -s ldap_postfix_password zmlocalconfig -s ldap_nginx_password
Use ‘’ for insert the value and to change those value use:
zmlocalconfig -e ldap_nginx_password=’newvalue’
Other password value in zimbra:
antispam_mysql_password antispam_mysql_root_password client_ssl_truststore_password ldap_amavis_password ldap_bes_searcher_password ldap_postfix_password ldap_replication_password ldap_root_password ldap_nginx_password mailbox_keystore_base_password mailbox_keystore_password mailbox_truststore_password mysql_root_password zimbra_ldap_password zimbra_mysql_password zimbra_vami_password
Note: Execution of ‘zmlocalconfig’ without argument shows present Zimbra configuration parameters and values. To see the local config, type:
zmlocalconfig
To check services status use as zimbra user:
zmcontrol (followed by) status start restart stop
To configure proxy use as zimbra user on both servers:
/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra1.demo.local
on the other
/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra2.demo.local
In this folder /opt/zimbra/libexec/ are saved all command of zimbra user, than if you search inside you will find the names of the commands and you can also use man to check the commands helps.
Zimbra infos
Firewall Configuration should be set to No firewall, and the Security Enhanced Linux (SELinux) should be disabled if you don’t know how to hardening.
Table 1 Zimbra Default Port Mapping
| Postfix | 25 |
| HTTP | 80 |
| POP3 | 110 |
| IMAP | 143 |
| LDAP | 389 |
| HTTPS | 443 |
| Tomcat IMAP SSL | 993 |
| Tomcat POP SSL | 995 |
| Tomcat LMTP | 7025 |
Table 2 Attributes Mapped to Zimbra contact
GAL Attributes in Zimbra
Two possible sources for GAL information are the Zimbra server and the Active Directory server. The relevant LDAP/Active Directory fields are referenced in the Zimbra schema under the same names as listed in the Active Directory schema.
LDAP Mapped Attributes table maps generic GAL search attributes to their Zimbra contact fields.
Zimbra GAL Search Parameters
Like authentication, GAL is configured on a per-domain basis. From the administration console, you can run the GAL Configuration Wizard to configure the domain’s attributes.
Modifying Attributes
The OpenLDAP directory should not be modified directly. Any additions, changes and deletions are made through the Zimbra administration console or from the CLI utility for provisioning, zmprov.
Users modify attributes for their entry (accounts) in the OpenLDAP directory when they change their options from the Zimbra Web Client.
Administrators can also modify LDAP attributes using the command-line tools described in Appendix A: Command-Line Utilities.
Important: Do not use any LDAP browsers to change the Zimbra LDAP content.
Overview of Installation Process
When you run the install script, the Zimbra install verifies that the correct prerequisite packages are installed.
Zimbra Core installs the libraries, utilities, and monitoring tools.
Zimbra LDAP installs the OpenLDAP software, an open source LDAP directory services.
Zimbra MTA installs the Postfix open source MTA, the Clam AntiVirus antivirus engine, the SpamAssassin junk mail filter, and the Amavisd-New content filter.
Zimbra Store installs the mailbox server, including Apache Tomcat, the servlet container for the Zimbra server.
Zimbra Spell installs the Aspell open source spelling checker. When Zimbra spell is installed, Zimbra-Apache is also installed.
Zimbra SNMP installs the SNMP package for monitoring. This package is optional.
Zimbra Logger installs tools for syslog aggregation, reporting, and message tracing.
The Zimbra server configuration is menu driven. The installation menu shows you the default configuration values. The menu displays the logical host name and email domain name [mailhost.example.com] as configured on the computer. You can change any of the values. For single server installs, the only value you must define is the administrator’s password. The password is used to log on to the Zimbra administration console.
Basic Configuration
The default configuration installs the Zimbra-LDAP, the Zimbra-MTA with anti-virus and anti-spam protection, the Zimbra mailbox server, the SNMP monitoring tools (optional), Zimbra-spell (optional), and the logger tool (optional), on one server.
The menu driven installation displays the components and their existing default values. During the installation process you can modify the information.
The table below describes the menu options
Table 2 Main Menu Options
Description
| –config | -c | <arg> File in which the configuration is stored |
| –default | -d | Show default values for keys listed in [args] |
| –edit | -e | Edit the configuration file, change keys and values specified. The [args] is in the key=value form. |
| –force | -f | Edit the keys whose change is known to be potentially dangerous |
| –help | -h | Shows the help for the usage options for this tool |
| –info | -i | Shows the documentation for the keys listed in [args] |
| –format | -m | <arg> Shows the values in one of these formats: plain (default), xml, shell, nokey. |
| –changed | -n | Shows the values for only those keys listed in the [args] that have been changed from their defaults |
| –path | -p | Shows which configuration file will be used |
| –quiet | -q | Suppress logging |
| –random | -r | This option is used with the edit option. Specified key is set to a random password string. |
| –show | -s | Forces the display of the password strings |
| –unset | -u | Remove a configuration key. If this is a key with compiled-in defaults, set its value to the empty string. |
| –expand | -x | Expand values |
Table 1 Zimbra CLI Commands
The table below lists the CLI commands in /opt/zimbra/bin.
If you use non-ASCII characters in the CLI, in order for the characters to display correctly, you must change this setting to the desired UTF-8 before running the CLI command. To change this, type:
export LC_All=<UTF_locale>
Important: The default locale on the zimbra user system account is LANG=C. This setting is necessary for starting ZCS services. Changing the default LANG=C setting may cause performance issues with amavisd-new and the IM services may fail to start.
Some of the content is from zimbra official documentation site.
—>>> ENJOY!!! <<<—
Install Zimbra Collaboration 8.6 multiserver in Centos 7
System Requirements for Zimbra Installation
The official website recommends the following hardware specification for Zimbra open-source edition.
-Intel/AMD 2.0 GHz 64-bit CPU
-A minimum of 8GB of RAM for a single server installation
-10 GB disk space for software and logs, and additional disk space for mail storage and temporary files
-At least 4GB of RAM for each server if you split the server in 2, but all depend of the kind of services you decide to install on each machine.
General Requirements
-Firewall Configuration should be set to “No firewall”.
-RAID-5 is not recommended for installations with more than 100 accounts.
-SSH client software to transfer and install the Zimbra Collaboration software.
-Valid DNS configured with an A record and MX record.
-Servers should be configured to run Network Time Protocol (NTP) on a scheduled basis.
Installation step by step
On both centos VM update the OS, install all packages needed for zimbra install, and disable firewall and sendmail services
yum update -y yum install net-tools usbutils firewalld wget nc perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite -y yum erase postfix systemctl stop sendmail systemctl disable sendmail systemctl stop firewalld systemctl disable firewalld
Add following entries to your both host files to change selinux config
vi /etc/selinux/config
change line SELINUX=permissive
Add following entries to your both host files
vi /etc/hosts 10.0.17.101 zimbra1.demo.local zimbra1 10.0.17.102 zimbra2.demo.local zimbra2
and remove all ipv6 relations comment or delete all ::1
Make static address in your NIC on all servers
vi /etc/sysconfig/network-scripts/ifcfg-………
Remove ipv6 configuration in file
vi /etc/sysctl.conf
Append the text below at the end of the file
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
Apply and if print 1 everything related to ipv6 is disabled and you can reboot
sysctl -p reboot
Now create and mount the partition will store the data of your mail system, if you are not familiar to this please search on internet to understand better what you are doing.
The server that need the second hard drive to store email data is the server where you are going to install zimbra store service, in our case the server 1.
We suppone that /dev/sda is your main linux HDD and /dev/sdb/ is the second disk that will be mounted on /opt/zimbra.
The above command will help you to understand the status of your system
fdisk -l lsblk lvs pvdisplay /dev/sd... vgdisplay vg...
Let’s create the partition on /dev/sdb/ and mount on /opt/zimbra
mkdir /opt/zimbra pvcreate /dev/sdb pvdisplay /dev/sdb vgcreate vg1 /dev/sdb lvcreate -l 100%FREE -n zmstore vg0 mkfs.ext4 /dev/vg0/zmstore blkid /dev/vg1/* >> /etc/fstab
once the UUID is sent in append to /etc/fstab open the file and delete the title sent as in the example
vi /etc/fstab example: UUID=00000xxxx-xxxxxx-xxxxxxxx /opt/zimbra ext4 defaults 0 0
After save the file mount and check if is mounted correctly
mount -a mount | grep opt lsblk
If everything is ok we are ready to install zimbra, go the folder you decide to use for download zimbra packages
cd /home/ wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz tar xzvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110 ./install.sh
in this case we are going to split the zimbra mail server in 2 different server with different services running on the servers, you can decide to use more servers depends of your needs, Let’s install
Services to install in server 1
cd zcs-… ./install.sh
Do you agree with the terms of the software license agreement? [N] Y
Select the packages to install Install zimbra-ldap [Y] y
Install zimbra-logger [Y] y
Install zimbra-mta [Y] N
Install zimbra-dnscache [N] N
Install zimbra-snmp [Y] N
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] N
after install edit the field marked with **** before to save change timezone change default ldap admin password and make sure all password are set save config and apply. Before to start with second server apply config here and test with:
zmcontrol status
Services to install in second server
cd zcs-… ./install.sh
Do you agree with the terms of the software license agreement? [N] Y
Select the packages to install Install zimbra-ldap [Y] n
Install zimbra-logger [Y] n
Install zimbra-mta [Y] y
Install zimbra-dnscache [N] y
Install zimbra-snmp [Y] N
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] y
before to save change timezone, check ldap_master_host change default ldap admin password as the other server and check all password on the other server with zmlocalconfig -s (password to know).
Set Up the SSH Keys – both servers
We need to manually populate ssh keys on each server
su - zimbra zmupdateauthkeys
Enabling Server Statistics – both servers
In order for the server statistics to display on the administration console, the syslog configuration files must be modified. On each server, as root, type
/opt/zimbra/libexec/zmsyslogsetup
Verify configuration
zmcontrol status
Setting up proxy zimbra1.demo.local
zimbra1.demo.local
su zimbra /opt/zimbra/libexec/zmproxyconfig -e -m -H mailboxsrv.demo... /opt/zimbra/libexec/zmproxyconfig -e -w -H mailboxsrv.demo...
mtasrv.demo…
su zimbra /opt/zimbra/libexec/zmproxyconfig -e -m -H mtasrv.demo... /opt/zimbra/libexec/zmproxyconfig -e -w -H mtasrv.demo... zmcontrol restart
Common Steps to Run Servers Properly
Once installation is complete, do the common following steps on each server to function properly.
1: Restart and Enable crond service
systemctl restart crond systemctl enable crond
2: Open rsyslog.conf file and uncomment following two lines and restart service
vim /etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 service rsyslog restart
3: Restart and Enable rsyslog service
systemctl restart rsyslog systemctl enable rsyslog
4: Now run the below command to update rsyslog
/opt/zimbra/libexec/zmsyslogsetup updateSyslog: Updating /etc/rsyslog.conf...done.
If the installation are successful you can access via web:
https://zimbra1.demo.local:443
for a webmail
https://zimbra2.demo.local:7071/zimbraAdmin
for admin managment site
(use your own link).
—>>> ENJOY!!! <<<—
