How to deploy Zimbra ZCS Open Source Edition on Amazon EC2

This guide should help you deploy Zimbra ZCS 7.1.3_GA on an Ubuntu 10.04 instance with Amazon EC2.

Prerequisites

1) Ensure you have set up Amazon EC2 CLI scripts …

Download tools from here http://aws.amazon.com/developertools/351

Generate certificates in the security credentials section of AWS control panel

Set up environment variables in your .bash_profile (using your key paths, and your preferred EC2 region)

export EC2_PRIVATE_KEY=/path/to/ec2-private-key.pem
export EC2_CERT=/path/to/ec2-cert.pem
export EC2_URL=https://eu-west-1.ec2.amazonaws.com

2) Ensure you have imported your public ssh key (replace paul-public-key with whatever label you want to use)

for r in us-east-1 us-west-1 ap-southeast-1 eu-west-1; do ec2-import-keypair --region $r paul-public-key --public-key-file ~/.ssh/id_rsa.pub ; done

3) Setup an elastic IP, and then create DNS entries for your mail server, that point to that IP. Let’s assume you are going to call your mail server mail1.example.com, you will need records in example.com’s zone for:

mail1 CNAME ec2-xxx-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com.
mail1 MX 10 mail1

Where xxx-xxx-xxx-xxx is your elastic IP. For other domains, you can then point their MX records to mail1.example.com.

4) Setup a security group for your Zimbra server with the desired ports open (25,80,443, 110, 143, 389, 443, 993, 995, 7071, 7110, 7995, 7143, 7993 etc… ).

ec2-create-group "Zimbra ZCS" -d "Zimbra Collaboration Suite Group"
ec2-authorize "Zimbra ZCS" -P icmp -t -1:-1
ec2-authorize "Zimbra ZCS" -P tcp -p 22
ec2-authorize "Zimbra ZCS" -P tcp -p 25
ec2-authorize "Zimbra ZCS" -P tcp -p 80
ec2-authorize "Zimbra ZCS" -P tcp -p 7071

Instructions

1) Launch a new instance. Replace paul-public-key with the name of your public key (this will need to have been imported into AWS previously). The -g switch refers to your security group. We are using 100GB as the main disk size, as by default they are too small for a Zimbra installation.

// This will launch a new launch instance of Ubuntu 10.04 LTS
ec2-run-instances -t m1.large -g "Zimbra ZCS" -k paul-public-key -b "/dev/sda1=:100:false" ami-cc0e3cb8 --region eu-west-1

2) SSH in and resize the filesystem to the full disk size. Run ec2-describe instances to find your new instance’s IP address, then ssh in to it and resize the file system.

ssh ubuntu@your-instance-public-ip
sudo su -
resize2fs /dev/sda1

3) Assign the elastic IP you chose earlier

// Check your instances ID
ec2-describe-instances
// Associate the address to the instance
ec2-associate-address ELASTIC_IP_ADDRESS -i INSTANCE_ID

4) Set up hostname on the system

echo 'mail1.example.com' > /etc/hostname
echo '127.0.0.1 mail1.example.com mail1' >> /etc/hosts
hostname mail1.example.com

Then check it works with..

hostname --fqdn

IMPORTANT: The commands above specify 127.0.0.1 as the IP for the system’s hostname in /etc/hosts. You need all 3 fields listed in /etc/hosts (eg. 127.0.0.1 mail1.example.com mail1) – otherwise LDAP install fails as it tries to connect to resolved elastic IP. In addition, use a CNAME for the public DNS MX records hostname instead of A record, then when it is resolved internally, it should get a local IP, which should assist postfix with LMTP lookups. If you don’t do this you will get issues – http://wiki.zimbra.com/wiki/Incoming_Mail_Problems – A crude fix is to open port 7025 in the security group, but the CNAME is better.
4) Download Zimbra

cd /root/ 
mkdir zimbra
cd zimbra
// Download the appropriate version for your Linux distribution (and architecture, e.g. 64 bit)
wget http://files.zimbra.com/downloads/7.1.3_GA/zcs-7.1.3_GA_3346.UBUNTU10_64.20110928134610.tgz
tar -xvzf zcs-7.1.3_GA_3346.UBUNTU10_64.20110928134610.tgz

5) Install dependencies

apt-get install libperl5.10 sysstat sqlite3

6) Install Zimbra (this takes about 10-15 minutes)

./install.sh

Keep all default settings and proceed with install

When it complains “DNS ERROR – none of the MX records for mail1.example.com resolve to this host” say No to change domain name.

Set password… at menu (make a note of it).

Apply changes.

You can login to the web interface with:

u: admin@mail1.example.com
p: whatever you set in the install script

http://mail1.example.com/
https://mail1.example.com:7071/zimbraAdmin/

Try sending a test e-mail to admin@mail1.example.com – you should be able to log in to the web interface and view it.

References:

http://alestic.com/index.html – Ubuntu Image List

http://www.zimbra.com/downloads/os-downloads.html – Zimbra Downloads

http://elijahpaul.co.uk/2011/09/installing-zimbra-7-0-zcs-on-ubuntu-10-04-lts-using-amazon-aws/

 

Learning RouterOS

We’ve recently purchased a RouterBoard 1000 which we will be using as a VPN server in our office. The documentation is a little complicated for RouterOS novices, so I’ve put this post together to collate some useful tips and instructions.

Finding out the MAC Address of an interface / How to show a mac address on RouterOS

 interface ethernet print

Renewing a DHCP lease (getting a new IP from the DHCP server)

Firstly run

 ip dhcp-client print

To get a list of the interface numbers, then run

 ip dhcp-client renew 0

where 0 is the number of the interface you wish to use.

Adding a VLAN

interface vlan add vlan-id=110 name=manor-core interface=ether2
interface vlan enable manor-core

Java based Traceroute to diagnose connectivity problems

If you are having difficulty getting to a particular website, but other websites are working fine then the best way to diagnose the problem is to use a tool called “traceroute”. This tool exists as a command line program on Windows, Linux and Mac’s but for the average user they may find that a bit too complicated, and so in this post I’m going to show an easier way.

Essentially what it does is attempt to send a packet of information from your machine to a web server somewhere else in the world, and then it analyses the path that the packet takes as it moves around the Internet. By looking at the results of this path, you can see where the packet is stopping and therefore which link in the chain is not working.

So, in order to run a traceroute do the following:

1) Visit this site: http://www.mapulator.com/
2) Type the website domain you are trying to connect to as the target host (e.g. pyrosoft.co.uk)
3) Select run from: Your PC
4) Press Trace

This will run a traceroute from your computer to the target website, which can help a techy identify the problem. Once the traceroute is complete, click the “Raw Traceroute” tab in the results section and copy and paste this into an e-mail to your ISP. The results should look something like:

traceroute -n  -m 30 -w 5   google.co.uk
 1  87.124.34.1  0.455 ms  2.040 ms  0.208 ms
 2  87.124.32.25  2.157 ms  2.238 ms  2.298 ms
 3  195.66.224.125  2.840 ms  2.680 ms  3.046 ms
 4  209.85.252.40  2.789 ms  2.932 ms  2.843 ms
 5  209.85.130.84  3.235 ms  3.169 ms  3.209 ms
 6  216.239.43.123  13.733 ms  13.821 ms  13.777 ms
 7  72.14.233.79  13.830 ms  14.144 ms  13.885 ms
 8  66.249.94.54  18.026 ms 216.239.47.25  16.810 ms 66.249.94.54  19.519 ms
 9  66.249.93.104  14.270 ms  14.506 ms  14.266 ms

The tool is particularly handy in that it also shows you a visual representation on a Google map of all the hops involved. This is roughly the physical path that your data takes as it passes from your PC to the target website.

Howto: Setup CloudFront as a Content Delivery Network

It’s actually incredibly easy to begin using a Content Delivery Network (CDN) such as Amazon’s new CloudFront service, and in this post I’m going to show you how.

Background

So what is a CDN and why use one? Well CDNs are essentially a global network of file servers that work together to serve static content such as images, flash, css and javascript files. They are useful if you want to serve up content faster to your users as the servers are strategically placed at edge locations all around the world and incoming requests are automatically routed to the server closest to the user. This reduces the latency of HTTP requests and makes pages feel “snappier”. They can also be useful to reduce load to your core servers.

Update!

Since writing this post I found there is a firefox extension which gives you a GUI interface into CloudFront. I haven’t tried it yet, but you can read about it here.

How to use Amazon’s S3 and CloudFront CDN

Simple Storage Service

If you haven’t already, signup for a CloudFront account with Amazon Web Services. You’ll also need an S3 account subscription, as the two work hand in hand, but Amazon should set this up automatically.

Download an S3 client / GUI such as:

Login to Amazon Web Services and download your access keys. There are two you need, the access key id and the secret access key. You can find these in Your Account > Access Identifiers.. You’ll then need to configure your chosen client to use these keys.

Open up our S3 client and create a new bucket. You should avoid using underscores in your bucket names (although they will technically work, you won’t be able to create a distribution later via CloudFront). You might want to read the full restrictions on bucket names first. I recommend you follow the additional instructions to conform with the DNS requirements.

Using the S3 client, upload some files. You should then be able to access them at either of the following urls (substituting your bucket name and filename as appropriate):

  • http://bucket-name.s3.amazonaws.com/filename.jpg [example]
  • http://s3.amazonaws.com/bucket-name/filename.jpg [example]

Cloud Front CDN

Now that your files are accessible on S3 the final step is to link your S3 bucket to a CloudFront “Domain Name”. This process is known as creating a distribution, and is actually pretty simple.

First download the CloudFront Curl Perl Script from here. Then set up a .aws-secrets file in your home directory that contains your account keys. Make sure it’s has 600 permissions. The contents of the file will look something like:

%awsSecretAccessKeys = (
    # primary account
    primary => {
        id => '<Your primary AWS Access Key ID>',
        key => '<Your primary Secret Access Key>',
    },
							
    # secondary account
    secondary => {
        id => '<Your secondary AWS Access Key ID>',
        key => '<Your secondary Secret Access Key>',
    },
);

Next create a text file with the XML instructions needed to create a distribution, it should look something like this:

<?xml version="1.0" encoding="UTF-8"?>
<DistributionConfig xmlns="http://cloudfront.amazonaws.com/doc/2008-06-30/">
   <Origin>mybucket.s3.amazonaws.com</Origin>
   <CallerReference>20080930090000</CallerReference>
   <Comment>Creating my first distribution</Comment>
   <Enabled>true</Enabled>
</DistributionConfig>

Replace the origin with your bucket’s url. You’ll need to use the bucket-name.s3.amazonaws.com format. The caller reference is just a timestamp.

Save this file as create_request.xml and then run the following command to execute it:

./cfcurl.pl --keyname  -- -X POST -i -H "Content-Type:text/xml; charset=UTF-8" --upload-file create_request.xml https://cloudfront.amazonaws.com/2008-06-30/distribution

This command will return some XML, which, if successful, will contain the domain name you can use to access your files via the CloudFront CDN. NB: It can take a few minutes for this domain to become active in the DNS and so you should wait a while before trying it.

You can then access your files at http://unique-id.cloudfront.net/filename.jpg [example]

And that’s it! You’re now ready to use this domain to host your static files for your sites. You could go a step further by pointing a subdomain of your site as a CNAME record to this domain.

iPhone on O2’s Simplicity Tariffs – £25 a month

My brother has just given our dad his old 2G iphone after upgrading to the 3G one. Initially I thought he would have to pay £35 a month for the iPhone tariff, but it turns out that you can use the old iPhones with any o2 tariff.

There are a number of sim-only Simplicity tariffs, that have short term 30 day contracts, and these start from £15 per month. You can then pay £7.50 extra a month for unlimited data, or £10 a month for unlimited data + wifi.

In the end he opted for the Online 15 tariff with the web+wifi bolt on. This gives him:

  • 200 minutes
  • 400 texts
  • Unlimited O2 to O2 calls
  • Free voicemail
  • Unlimited data + wifi

The only thing he doesn’t get his visual voicemail, but not bad for £25 a month.

OS X Internet Connection Sharing

Creating a wireless ad-hoc network on a MacBook

Just another reason why I love my Macbook: We arrived at a new Hotel today, and although both Aimi and I needed to use the Internet, there was only one network port. I wondered how difficult it would be to share my Internet Connection with her via the Mac’s wireless interface, but as with most things on the Mac, it turned out to be incredibly simple.

  1. Go to System Preferences > Sharing > Internet Sharing
  2. Choose share your connection from Built-in Ethernet to computers using Airport
  3. You may optionally want to click Airport Options to add WEP encryption or change the network name.
  4. Tick the Internet Sharing checkbox to enable it. By default, the network will be named after your computer’s hostname. E.g. mine is called paul-macbook

02 / Be enables my local exchange

I’ve been on their waiting list for over a year, and it’s too late for me as I’ve moved house now, but today Be e-mailed me to inform me that they had enabled my local Farnborough exchange for their service. This means Farnborough residents can now get up to 24Mbps downloads and 2.5mbps uploads using Be’s ADSL 2+ modems.

Be Availabillity E-mail

The 2.5mbps upload utilises Annex M of the ADSL 2+ standard and is only available to people who’s whose phone line is less than 2km in length from the exchange. For other users the upload speed is up to 1.3mbps.

I checked and it seems that the Aldershot, Camberley and Farnham exchanges are also now live on Be’s network. If we weren’t about to get a 100mbps fibre connection from NTL I might have considered bonding a few of these together at the office.

Residents of Rushmoor are now fairly privileged in the broadband stakes with multiple offerings available at over 20 Mbps (Virgin Media), and 50mbps on the horizon for 2008.

Virgin Media 20 Meg Speed Test

I have to say that I’m pretty happy with my Virgin Media broadband connection. It’s been very stable since it was installed about 5 months ago, and the download speed is fantastic for large files (see below).

There is however one problem, and that is latency.

64 bytes from linx1.thn.fubra.net (195.66.225.33): icmp_seq=130 ttl=53 time=19.8 ms
64 bytes from linx1.thn.fubra.net (195.66.225.33): icmp_seq=131 ttl=53 time=32.1 ms
64 bytes from linx1.thn.fubra.net (195.66.225.33): icmp_seq=132 ttl=53 time=17.9 ms
64 bytes from linx1.thn.fubra.net (195.66.225.33): icmp_seq=133 ttl=53 time=18.3 ms
64 bytes from linx1.thn.fubra.net (195.66.225.33): icmp_seq=134 ttl=53 time=34.3 ms
64 bytes from linx1.thn.fubra.net (195.66.225.33): icmp_seq=135 ttl=53 time=24.9 ms

--- linx1.thn.fubra.net ping statistics ---
135 packets transmitted, 134 received, 0% packet loss, time 134014ms
rtt min/avg/max/mdev = 16.495/24.077/51.969/6.580 ms

Ping times fluctuate wildy from 16ms up to about 50ms. When I had their 10MBps service, I definitely remember getting sub 10 millisecond pings, but with the 20Mbps service they are taking twice as long. I guess the central pipes are just a lot more congested nowadays.