Matt Pson Just another dead sysadmin blog


Unemployed and all that

As of today I'm not (for the first time in 18 (!) years) not working as a sysadmin at the company I co-started back in 1995. More about that in future posts but now I'll take a well deserved break for a couple of weeks (months?) and find out what the next step will be.


Filed under: Random stuff No Comments

Install a SSL certificate on Zimbra 8

The quickest guide ever, follow it at your own risk (your mileage may vary etc.). This is how I did it (IIRC), as root:

# openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr


(then off to buy me a SSL certificate from some trustworthy provider ...or, as in my case, one that gives you a great deal. what I go back was 2 files; a certificate (.crt) and a bundle (ca-bundle) to provide a certificate chain for authentication)


# cp server.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
# cp server.crt /opt/zimbra/ssl/zimbra/commercial/commercial.crt
# cp /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
# /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt

(if the last step fail and give any error message you probably have an incomplete bundle. download a more complete one (you may have to merge the files yourself) from the SSL provider)

# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

(this deploys the certificate into Zimbra. Now just restart Zimbra to activate it all across the board)

# su - zimbra
$ zmcontrol stop
$ zmcontrol start


There, done.


Moving to Zimbra 8 (and the 24 hour clock)

I recently took some decisions that gave me a most needed kick in the behind to upgrade/replace things that has been in my personal infrastructure for ages. Among those things was my mailserver that even in early 2013 was running pretty much the same Qmail installation I made back in 2005 (which in turn was based upon the 2002/2003 one I did at work).

Three fundamental things has changed since 2005:

  1. I'm 100% more convenient today and really into less work on simple things so I can direct my attention to things that are fun and requires creative thinking - ie. not fiddling with compiling my own mailserver.
  2. I'm 1000% more mobile in my usage of mail and Internet. In 2005 I probably read all my mail sitting at a computer using some kind of mail client (Alpine or Thunderbird). Today it's 99% in my mobile phone  my tablet or in a web browser  I'm also an frequent user of a calendar - that I blame on my bad memory. I think the people around appreciates that I can almost remember half a appointment these days.
  3. There is 10000% (figure not statistically proven but it feels like it) more spam hitting my mailbox that needs dealing with and that doesn't even make my top 500000 list of fun things to do.

zimbraPutting my experiences from a recent VMware Zimbra project at work I decided that the Open Source Edition was probably overkill for me but yet I wanted the standard features (works on all my devices, uses SSL, low cost since it's for personal use) plus a nice  adminstration panel and the (really) excellent webmail client.

So, off to one of my favourite VPS providers and signed up for a new 2GB RAM server, downloading Zimbra, purchasing a proper SSL certificate (got a nice deal on a 5-year one, no need to update until 2018) and spent about 2 hours installing everything. Compared to poking around with my previous installation this was probably about half the time spent. Instant success!

Thanks to VMware for improving the installation experience in Zimbra 8 compared to Zimbra 6 or 7 that was a bit dodgy at times, especially when installing a SSL certificate. I can really recommned Zimbra 8 if you are a little experienced and know your way around a normal Linux system and don't want to spend time on getting mailserver, antispam, webbmail, calendar and some kind of control panel to play nicely together. Just be aware of that it needs more than 1GB of RAM to run smoothly even in a minimal installation these days.

The only thing that kept bugging me using the webmail was that I couldn't find any setting to change the, for us Europeans  confusing AM/PM clock. The metric system is used in most of the world except a handful of countries  yet so much software assumes everybody uses it by default. To change it in Zimbra you have to change language from the default "English (United States)" to "English (United Kingdom)". Doh! Why not a simple choice that lets you pick either "12 hours" or "24 hours"? There is also a choice "English (Australia)" but who knows what time format you get then (I didn't dare to try).

(this last thing was a post in the use-the-blog-as-a-external-memory category)


Getting that VMware home lab

So for quite some time I have wanted a small home lab in order to try out some tricks that I read about on the internet that isn't, in lack of another work, inappropriate to do at work (no, nothing naughty!). I also have like 4-5 USB harddrives scattered around with various stuff on them (media, backups etc.).

My solution arrived a couple of days ago, the HP Microserver. It's a small, not massively powerful server that after some research seemed perfect to have at home.

It came with a AMD Turion II dual-core CPU /1,5GHz), 2GB RAM and a 250GB disk. It also have some kind of simple RAID card from what I could determine, not that it mattered for me. My box did not have the DVD displayed in the pictore to the right. Best of all? This thing runs VMware ESXi 5.0 without a hitch.

But the initial configuration is a little lacklustre for my needs so I took the 250GB disk and put it where the DVD would normally be (took some powerconverter adapter, a SATA cable and some cable ties to secure the disk safely), upgraded the RAM to 8GB (2x4GB sticks) and finally installed 4 x 2TB disks to be used as a replacement for all those random external disks I had. To top it all I installed VMware ESXi 5.0 on a 4GB nano USB stick using the 250GB disk as datastore. Now the server boots up into ESXi nicely and can work as my home lab as well as my mediaserver at the same time.

Now it's when it turns nerdy 🙂

I made a VM on the 250GB datastore which uses the 4 2TB disks with RDM (Raw Device Mapping). Installed my favourite Linux distribution, set up a raid5 using mdadm, formatted the array as a 5.5TB disk and installed Samba on it. Shared the disk on my home network and suddenly I had something to copy all my data to. In retrospect it would have been more fun/useful to have used the "Sun ZFS Storage" appliance maybe as that is a system which I find rather solid and an awesome product when the hardware or the company selling it (read: Oracle) isn't handicapping it.

Anyway, I have a home lab again! /happy


Getting Cacti working with Zend’s PHP packages

In short: you don't.

Backstory: having a server running some webbapplications using the Zend PHP packages for Debian using their repository (from the file /etc/apt/sources.list):

# zend server community edition via zend's repository
deb server non-free

...and now we wanted to move our existing Cacti installation to this server in order to put a old server to sleep. It's should be an easy task we thought after doing some Google searches and made up a small checklist (borrowed from [HOWTO] Migrating Cacti From One Server to Another):

  1. Install the official Debian Cacti packages on the new server and make sure it works
  2. Turn off Cacti at the old server in order to have a known state of the database
  3. Migrate the database to the new server
  4. Copy the RRD files as XML
  5. Reconvert the XML back to RRD files
  6. Activate the new Cacti

As it would turn out the first item on the checklist was the one that gave us some major troubles.

It soon became apparent that Zend's version of PHP did not include any support for SNMP and any attempt to install PHP related packages via Debians own repositories threatened with the uninstallation of the Zend specific packages - thus breaking the existing applications.

Some further investigation also showed that Cacti used the PHP Data Objects (PDO) interface to connect to MySQL which also wasn't available in the Zend version.

Both these things were used only by the datacollector poller.php and not by the webinterface bit of Cacti which worked straight out of the box.

Our solution: download a recent PHP source (5.3.8) and compile it with the needed options like:

configure  --with-snmp --disable-cgi --with-zlib --with-bz2 --with-curl --with-mysql --with-pdo-mysql --enable-sockets

install it in /usr/local and point Cacti to it in order to use it for all scripts (the option is at Console -> Settings -> Paths, a bit down the page you'll find "PHP Binary Path"). Then it works, data started to flow in from the 1000's of datasources we have.

Not that when we got to point 3 on our list, "Migrate the database to the new server", we had reconfigure this again as the settings from the old server overwrote the one on the new server. That one took us more than 10 minutes to figure out 😉