This document is applicable for Zimbra Daffodil versions 10.0 and 10.1.0.
License
Synacor, Inc., 2022-2023
© 2022-2023 by Synacor, Inc. Zimbra Daffodil (v10) Single-Node NG Modules Migration Guide through In-Place Upgrade
This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License unless another license agreement between you and Synacor, Inc. provides otherwise. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0 or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
Synacor, Inc., 2022-2023
505 Ellicott Street, Suite A39
Buffalo, NY 14203
US
Licensing changes introduced in Zimbra Daffodil (v10.1)
Zimbra Daffodil (v10.1) onwards, a new licensing system has been introduced which allows more flexibility in managing licenses and enable future granular feature add-ons.
Before you begin with the migration, refer to the Zimbra Daffodil (v10.1) Licensing section and review the changes.
Introduction
This guide provides steps to migrate the 8.8.15/9.0.0 Single-Node NG server to Zimbra Collaboration Daffodil (v10) using the In-place Upgrade method.
You can also refer to this guide for performing migration from your existing 8.8.15-FOSS having Zimbra Suite Plus (ZSP) setup.
Zimbra Collaboration when installed with NG modules installs the following modules:
-
Hierarchical Storage Management.
-
Backup & Restore.
-
Mobile - ActiveSync.
-
Device Management - ABQ.
-
Delegated Admin.
-
Drive.
-
Connect.
The migration is only supported from Zimbra Collaboration 8.8.15 and 9.0.0 versions running the latest patch release. |
This migration utility currently does not support the migration of Zimbra Connect / Chat data. |
For Backup & Restore feature, Zimbra Collaboration Daffodil (v10) currently does not support storing backup files on S3 external storage or restoring backup from S3 external storage. |
When executing these steps, it is recommended to test within a test environment and ensuring there is a backup just in case. Also, this guide is created in steps that can be done once or within different maintenance windows.
Overview
In this method, the server running 8.8.15/9.0.0 server is upgraded to Zimbra Collaboration Daffodil (v10) by running the installer.
If you’re using Zimbra Connect or Chat, please note that migration of these modules is not currently supported. Please contact Zimbra Support or Sales for guidance. |
We will provide steps to upgrade the ZCS server only. If you need to upgrade the OS or move to a new system, there are other migration methods and we recommend talking to Zimbra Support for guidance.
This method is suitable for you, if:
-
You want to continue to use the existing Operating System / Hardware.
-
You want to continue to use the existing network/data centre.
Audience
This migration guide assumes you have a thorough understanding of system administration concepts and tasks and are familiar with email communication standards, security concepts, directory services, and database management.
Migration using In-Place Upgrade method
Following are the steps involved in this method:
-
Verify there is an up-to-date backup and/or take a snapshot before upgrading.
-
Install the NG migration tool and export NG data.
-
Prepare the system for upgrade and Document all customization
-
Upgrade the system.
-
Import NG data and customization to your new Daffodil (v10) system.
Backup verification
The best practice is to ensure you have a valid backup before upgrading. Also, many environments allow the ability to take a snapshot of your system for quick restoration if needed.
We also recommend exporting your backup or copying your existing backup to a secondary drive or location.
Installing NG Migration tool and Exporting NG Data
In the upgrade to Daffodil (v10) the NG modules will be removed and the new Daffodil (v10) modules will be installed. To prepare for the upgrade, Zimbra created an NG migration tool to export your current NG configuration then after the upgrade of your server, you will then restore the configuration into the Daffodil system.
In many instances, few or none of these steps will need to be run, but it’s all based on how NG modules are being used. Following NG features can be migrated:
-
NG Core:
-
HSM
-
Mobile:
-
Share Configuration
-
Device Management - ABQ
-
-
Delegated Admin
-
-
Drive
If you’re using Zimbra Connect or Chat, please note that migration of these modules is not currently supported. Please contact Zimbra Support or Sales for guidance. |
Exporting data does not require downtime but we recommend exporting the data right before the upgrade to ensure it’s the most recent. |
The admin user used in export/import command is the Global Admin on the server. |
Download and Installing Migration Tool
The migration utility package is available on Zimbra’s public repository.
Following are the steps to download and install the migration utility.
-
On RHEL/CentOS system, execute as root:
yum clean metadata yum check-update yum install zimbra-modules-porter
-
On Ubuntu system, execute as root:
apt-get update apt-get install zimbra-modules-porter
After successful installation, a command zmmodulesport
will be available on the server.
This utility is version independent and can be installed on an 8.8.15, 9.0.0 or Daffodil (v10) server. |
Following are the details on the supported migration modules:
NG Module |
Replaced by Zimbra-10 module |
Option in utility |
Hierarchical Storage Management |
Storage Management |
hsm |
Backup & Restore |
Backup & Restore |
backup |
Mobile |
Zimbra Mobile Sync |
mobile |
ABQ |
Zimbra Device Management |
mobile |
Delegated Admin |
Delegated Admin |
admin |
Drive |
Zimbra Briefcase |
drive |
Export HSM
Customers not using HSM OR using Non-S3 volumes can skip this step. |
To export HSM data using zmmodulesport
, execute the command as zimbra
user:
su - zimbra
zmmodulesport system export --modules=hsm --filename=hsm-data --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/hsm-export.log
A file hsm-data.tgz will be created within /opt/zimbra/tmp/modules/hsm/.
Export Delegated Admin
To export Delegated Admin data using zmmodulesport
, execute the command as zimbra
user:
su - zimbra
zmmodulesport system export --modules=admin --filename=admin-data --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/da-export.log
This will create a file admin-data.tgz under /opt/zimbra/tmp/modules/admin.
Once the system has been upgraded to Daffodil, Delegated Admins will not be able to manage accounts until NG Delegated Admin data is imported or Daffodil admin rights are enabled. |
Export Mobile Configuration
Customers who are using ABQ and/or ActiveSync shared folder will need to migrate their configuration. Mobile migration data consists of ABQ rules and share folder configuration for mobile devices.
To export Mobile data using zmmodulesport
, execute the command as zimbra
user:
su - zimbra
zmmodulesport system export --modules=mobile --filename=mobile-data1 --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/mobile-export.log
This will create a file mobile-data1.tgz under /opt/zimbra/tmp/modules/mobile.
Export Backup & Restore Configuration
The migration utility only provides the information if the Backup & Restore feature is enabled/disabled for the COS.
To export Backup data using zmmodulesport
, execute the command as zimbra
user:
su - zimbra
zmmodulesport system export --modules=backup --filename=backup-data --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/br-export.log
This will create a file backup-data.tgz under /opt/zimbra/tmp/modules/backup.
Import Backup & Restore Configuration
The Backup & Restore configuration cannot be imported through the utility. You will have to manually update the configuration for the domains/users on your system. |
Daffodil (v10) and NG backups contain different format and you will not be able to directly use the Daffodil (v10) Backup & Restore feature to restore your NG backups. Also, if the NG backup is used for anything other than disaster recovery, we recommend copying the NG backup to an archive location. Zimbra has created a tool to allow the restoration of message data for auditing and recovery purposes only. |
To manually review the backup configuration:
-
Extract the exported backup-data.tgz file.
-
In the extracted directory, open the json file and check the COS having Enabled value.
-
Log into server.com’s Admin Console.
-
Go to Configure → Global Settings → Backup/Restore.
-
Under Select users for backup → Domain and COS, click on Add COS button and add COS for which backup was enabled in the json file.
-
Repeat the steps if there are multiple COS. Click on Save.
Once the backup configuration has been set, a full backup will be created for any new account that was migrated each night. Backups can manually execute once the targeted accounts are migrated for the day.
Export Drive Data
Customers using Drive will need to export the user’s drive data so it can be imported into the user Briefcase after the upgrade.
To export Drive data using zmmodulesport
, execute the command as zimbra
user:
su - zimbra
zmmodulesport account export --modules=drive --filename=drive-data --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/drive-export.log
This will create a file drive-data.tgz under /opt/zimbra/tmp/modules/drive.
Drive data can be exported for a single user, multiple users, or all accounts on the system, the following are the options that can use when creating the request:
The account
option supports following:
Option |
Description |
--accounts=* |
Export all accounts. |
--accounts=name@domain |
Export a single account. |
--accounts=name1@domain1,name2@domain2 |
Export multiple accounts |
--accounts=/path/to/accounts-file.txt |
Export accounts listed in the file. The accounts have to be listed on new lines. |
--accounts=domain |
Export all available accounts for the specified domain on the server. |
It is recommended to use --accounts=* option for the systems where the user’s Drive data is not huge in size. |
Disable Mobile Sync before Upgrade
Since ABQ rules have not been imported at this point and will be done after the upgrade, it is recommended to disable Mobile Sync for all the users. This is to restrict the configured devices from syncing immediately after the upgrade. It may also cause spike in CPU and IO due to the amount of data being synced.
After the upgrade, we will import the ABQ rules and then enable Mobile Sync which will enforce connected device to honour the ABQ rules.
zmprov ma <account@domain.com> zimbraFeatureMobileSyncEnabled FALSE
Customization and Preparing your upgrade.
In-place upgrades will remove most customizations. Before starting the upgrade, we recommend reviewing your system and documenting all customizations so that once the upgrade has been completed, you can verify and reapply any missing customization if needed.
Upgrading to Daffodil
It’s time to upgrade your system. Download and uncompress the Daffodil installer which can be obtained from the download page. We also recommend closing all ports to the mailbox server to prevent new messages, devices, and users from accessing the system during the upgrade.
Disable the NG modules by running:
zmprov ms `zmhostname` zimbraNetworkModulesNGEnabled FALSE
Remove NG Modules:
zmzimletctl undeploy com_zextras_client
zmzimletctl undeploy com_zextras_drive_open
zmzimletctl undeploy com_zextras_zextras
zmzimletctl undeploy com_zextras_drive
Add the OnlyOffice repository on the system.
If you are not using Zimbra Docs or do not intend to use it after the upgrade to Daffodil (v10), then you can skip this section. |
Following are the steps. Execute the commands as root
user
-
RHEL 7
$ cat > /etc/yum.repos.d/zimbra-onlyoffice.repo <<EOF
[zimbra-onlyoffice]
name=Zimbra Onlyoffice RPM Repository
baseurl=https://repo.zimbra.com/rpm/onlyoffice/rhel7
gpgcheck=1
enabled=1
EOF
$ yum --disablerepo=* --enablerepo=zimbra-onlyoffice clean metadata
$ yum check-update --disablerepo=* --enablerepo=zimbra-onlyoffice --noplugins
-
RHEL 8
$ cat > /etc/yum.repos.d/zimbra-onlyoffice.repo <<EOF
[zimbra-onlyoffice]
name=Zimbra Onlyoffice RPM Repository
baseurl=https://repo.zimbra.com/rpm/onlyoffice/rhel8
gpgcheck=1
enabled=1
EOF
$ yum --disablerepo=* --enablerepo=zimbra-onlyoffice clean metadata
$ yum check-update --disablerepo=* --enablerepo=zimbra-onlyoffice --noplugins
-
UBUNTU 18
$ cat > /etc/apt/sources.list.d/zimbra-onlyoffice.list << EOF deb [arch=amd64] https://repo.zimbra.com/apt/onlyoffice bionic zimbra deb-src [arch=amd64] https://repo.zimbra.com/apt/onlyoffice bionic zimbra EOF $ apt-get update
-
UBUNTU 20
$ cat > /etc/apt/sources.list.d/zimbra-onlyoffice.list << EOF deb [arch=amd64] https://repo.zimbra.com/apt/onlyoffice focal zimbra deb-src [arch=amd64] https://repo.zimbra.com/apt/onlyoffice focal zimbra EOF $ apt-get update
Upgrade System
Run the install.sh
with the -skip-ng-check
flag and the first question will be about the license agreement:
Do you agree with the terms of the software license agreement? [N] Y
If you received the following warning, it means the skip-ng-check flag wasn’t used:
NG Modules detected on this system. If you continue with this upgrade, NG module packages and the associated data will be deleted. If you want to preserve NG data, consider migrating or a rolling upgrade strategy for upgrading your system. For more information, please contact Zimbra Support. If you still want to continue, start upgrade using --skip-ng-check
After accepting the license, the Daffodil installer will inform you that a backup does not exist and asks if you wish to continue.
Do you wish to continue without a backup? [N] Y
This occurs because it is checking to see if there is a Daffodil backup and at this time one hasn’t been created. Since there is an NG backup and or a snapshot, select Y and proceed.
The installer will ask if you like to do a message store database integrity check, select enter to proceed with the check:
Do you want to verify message store database integrity? [Y]
You will be asked if you wish to use the zimbra repository and if you wish to proceed to upgrade, select enter to proceed.
Use Zimbra's package repository [Y] Do you wish to upgrade? [Y]
The installer will ask if you like to install packages that have not been installed, two new packages with Daffodil are zimbra-onlyoffice and chat and video. zimbra-onlyoffice is available for all licensed customers and can be installed at this time or at a later date. Customers who want to use Zimbra’s Document and Collaboration feature, zimbra-onlyoffice should be installed at this time.
For customers currently using Zimbra chat and video, please contact Zimbra Sales or open a support case for more information about chat and video within Daffadil. For customers who are interested in the new chat and video demo, please contact Zimbra Sales for more information. |
Install zimbra-archiving [N]
Install zimbra-onlyoffice [N] Y
Upgrading zimbra-license-tools
Upgrading zimbra-license-extension
Upgrading zimbra-network-store
Upgrading zimbra-patch
Upgrading zimbra-mta-patch
Upgrading zimbra-proxy-patch
Install chat and video features [N] Y
Once you selected the new packages, the installer will ask if you want to upgrade:
The system will be modified. Continue? [N]
Select Y then enter to proceed with the upgrade. Once Completed you will see the following:
Finished installing network zimlets.
Getting list of all zimlets...done.
Updating non-standard zimlets...
Finished updating non-standard zimlets.
Restarting mailboxd...done.
Skipping creation of default domain GAL sync account - existing install detected.
Setting up zimbra crontab...done.
Moving /tmp/zmsetup.yyyymmdd-hhmmss.log to /opt/zimbra/log
Configuration complete - press return to exit
Your system has been upgraded to Daffodil.
Remove Zimbra Docs
If you are running Zimbra Docs on a separate node, you can remove the server details from the Daffodil (v10) LDAP tree after the upgrade.
Execute this command as a zimbra
user:
su - zimbra
zmprov ds docs.server.com
Import NG Data and apply customizations
The final stage of upgrade consists of importing the NG data and applying any customizations you have on your server.
Import HSM
You can skip this section if are not using External Store providers.
It is critical to restore HSM configuration before making the server live or doing any testing. This will ensure that the emails are accessible after the import. |
In Daffodil (v10), the locator format for blobs in S3 volume is different than the NG HSM. The locator is the pointer to the blob location in the database for each message. Thus, while importing the HSM configuration, additional options has to be included in the command to update the locator for all the user’s on the server.
Following are the details on the additional required options:
-
-t=inplace - Option to be included for an In-place upgrade method.
-
-l - Option to enable the update of the locators.
-
-uam - Option to update the locator for all the mailboxes. Set it to TRUE when importing the HSM data so that the locators are updated to the new format while importing the HSM data.
Please refer to admin-guide for more details.
In case the locator option is not passed to the import command, the locator’s will not be updated to the new format and user’s might see Missing Blob error when viewing the email.
|
-
As a
zimbra
user, execute this command:
su - zimbra zmmodulesport system import --modules=hsm --filename=hsm-data -t=inplace --server=server.com --username=admin@domain.com --password=admin_passwd -l=true -uam=true >> /opt/zimbra/log/hsm-import.log
In case the locator’s are not updated during the import, they can be updated after the HSM data has been migrated. As a zimbra
user, execute this command:
su - zimbra
zmmodulesport system locatorUpgrade --modules=hsm --filename=hsm-data -uam=true --username=admin@domain.com --password=admin_passwd
Import Delegated Admin
-
As a
zimbra
user, execute this command:
su - zimbra zmmodulesport system import --modules=admin --filename=admin-data --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/da-import.log
Import Mobile Data
For NG Mobile, if you have set the ABQ mode to Strict and if there are any devices updated in the Allowed Device list on the NG server, after the mobile data import to the server, update the zimbraMobileBlockedDevices
to allow syncing of the allowed devices:
-
As a
zimbra
user, execute this command:
su - zimbra zmprov md new.server.com +zimbraMobileBlockedDevices "*"
-
As a
zimbra
user, execute this command:
su - zimbra zmmodulesport system import --modules=mobile --filename=mobile-data1 --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/mobile-import.log
After the import, user’s who are using NG Mobile Password feature will have to update their zimbra account’s password in mobile settings. |
Import Drive Data
Before you start the import, it is recommended to increase the zimbraAdminAuthTokenLifetime
so in case of large data transfer, the session is not timed out. The default value of zimbraAdminAuthTokenLifetime
is 12 hour (12h).
On COS level, if you want to increase zimbraAdminAuthTokenLifetime
value to 24 hours, please specify the value as 24h and update the zimbraAdminAuthTokenLifetime
attribute on mailbox server.
su - zimbra
zmprov mc default zimbraAdminAuthTokenLifetime 24h
-
As a
zimbra
user, restart mailbox service to make the changes effective:
zmmailboxdctl stop
-
To import the Drive data, execute this command as a
zimbra
user:
su - zimbra zmmodulesport account import --modules=drive --filename=drive-data --server=server.com --username=admin@domain.com --password=admin_passwd >> /opt/zimbra/log/drive-import.log
Once your configuration has been added and tested, you can enable mail flow and access to the user accounts.
Enabling Daffodil Backup
Log into your Global admin account, select Configuration → Global Setting → Backup/Restore and enable backup. Review the backup configuration to ensure it meets your needs.
Device Re-sync after Upgrade
Once the server has been upgraded, you can stagger the enabling of mobile on accounts to prevent all accounts from re-syncing at the same time.
zmprov ma <account@domain.com> zimbraFeatureMobileSyncEnabled TRUE
This is just a recommendation and each environment is different. It is up to the system Admin to choose the best method that’s supported by their environment. |