Manual Installation Ubuntu Gutsy

From Scalix Wiki
Revision as of 19:49, 21 January 2008 by Mwiertz (Talk | contribs)

Jump to: navigation, search

Important Note

Please note that these manual installation instructions should only be used on Ubuntu distributions, such as Ubuntu Gutsy Gibbon 7.10 server, the distribution the document was written for. It is highly recommended to perform installation using the Scalix Installer on all supported platforms. If you manually install any version of Scalix, this may invalidate your ability to receive Scalix support for that software. Thank you for your understanding and compliance.

This document might be inaccurate and under construction. Do not trust this document.


Manual Installation on Ubuntu 7.10 Server (Gutsy Gibbon)

As Ubuntu 7.10 is an unsupported platform there is currently no manual describing the installation on this platform. It took me a lot of time to have the Scalix Community Edition installed on my Ubuntu server. To do so I had to combine the information of a lot of sources (wiki pages, forums posts, etc) together. At last I managed to get Scalix it up and running and just felt like sharing this with the community. Simply my way to give something back.

So below you'll find a how-to that describes the manual installation of Scalix on Ubuntu 7.10 server. '

Applicable Environments

These Installation instructions have been tested with

  • Scalix CE 11.3.0
  • Ubuntu 7.10 Server (Gutsy Gibbon)

They might not apply unmodified to any other version of Scalix or Ubuntu.


Hardware

Scalix Community Edition software is currently available as an i386 build only. It will run on i386 and x86_64 Intel and AMD platforms.


System Preparation

The following items may be helpful in preparing your system for Scalix Installation:

Network Configuration

  • Make sure you have at least one properly configured network interface.
  • Use a static IP address; running a Scalix server on a machine using DHCP is not recommended.
  • Correct hostname resolution/DNS setup is vital. It is also best to use DNS in a Scalix/mail environment. File-based hostname resolution can be used (/etc/hosts). However, the following should always be true:
    • Your system should have a fully-qualified hostname
    • The 'hostname' command should return the short hostname, while the 'hostname --fqdn' command should return the fully-qualified hostname
    • Both the hostname and the fully-qualified hostname should resolve to the system's IP address (not the loopback 127.0.0.1 IP address).
    • The special name 'localhost' should resolve to 127.0.0.1
    • The IP address of the system should reverse-resolve to the fully-qualified hostname (not the short hostname or localhost)

To achieve this your /etc/hosts file should contain at least the following two lines: 

127.0.0.1         localhost
<yourexternalip>  <hostname.domain.com> <hostname>

Disk/File System Configuration

  • Scalix Software is installed in /opt. You need 200 MB in this directory
  • Scalix Data is kept in /var/opt/scalix. You need a minimum of 200 MB plus the size of any mailboxes.

Disabling Conflicting Services

Scalix comes with its own POP3, IMAP, LDAP and SMTP services. These might conflict with components already installed on the system.

  • To check for processes listening on the POP3 and IMAP ports, use the 
    sudo lsof -i :110  or  sudo netstat -anp | grep 110
    and 
    sudo lsof -i :143  or  sudo netstat -anp | grep 143
    commands. If you see any process/service running, shut it down and disable it from starting with system startup
  • To check for processes listening on the standard LDAP port, use the 
    sudo lsof -i :389  or  sudo netstat -anp | grep 389
    command. If you see any process/service running, use an alternate port number for Scalix LDAP. Please see below for details.
  • To check for processes listening on the standard SMTP port, use the 
    sudo lsof -i :25  or  sudo netstat -anp | grep 25
    command. If sendmail listens on 127.0.0.1:25 it's allright, you can leave it the way it is. However, it should not listen on your external IP address. If you see a sendmail process/service listening on the external IP address, reconfigure your MTA. If you see another proces (MTA) than sendmail, make sure you remove your current MTA to replace it by sendmail (described below).

Software Selection

Note: Make sure you have the multiverse repository and the universe repository active in /etc/apt/sources.list and run: 
sudo apt-get update

The following additional packages that come with Ubuntu are needed after base installation.

  • Apache Webserver 2.x: the apache2 package
  • Gnu AWK: the gawk package
  • Kerberos (MIT Kerberos 5): the krb5-config, krb5-doc, krb5-user, libkadm55 and libkrb53 packages
  • libglib2: the libglib2.0-0 package
  • libstdc++: the libstdc++2.10-glibc2.2, gcc-4.2-base and libstdc++6 packages are also required
  • libxml2: the libxml2, sgml-base and xml-core packages
  • Postgres: the postgresql and postgresql-client packages
  • SASL2 and modules for plain, crammd5 and gssapi (for MIT Kerberos): the libsasl2-modules and libsasl2-modules-gssapi-mit packages
  • Tk: the tk8.3 package
  • Tcl: the libfreetype6 and tcl8.3 packages
  • text-based web browser: the elinks package
  • Apache Tomcat mod_jk connector: the libapache2-mod-jk package
  • Sun Java Runtime Environment: the sun-java5-jre package
  • sendmail (if not installed yet, see Disabling Conflicting Services above): the sendmail package

To install all these packages together with their dependencies run the following command: 

sudo apt-get install apache2 gawk krb5-config krb5-doc krb5-user libkadm55 libkrb53 libglib2.0-0 libstdc++2.10-glibc2.2
gcc-4.2-base libstdc++6 libxml2 sgml-base xml-core postgresql postgresl-client libsasl2-modules libsasl2-modules-gssapi-mit
libfreetype6 tcl8.3 tk8.3 elinks libapache2-mod-jk sun-java5-jre

If it is necessary to install sendmail as well, run also: 

sudo apt-get install sendmail

Extra dependency

Scalix depends on a package called libsasl-2. Unfortunately is this package not available for Ubuntu 7.10. Sure, there is a replacement, so in fact there's no problem regarding the actual library dependencies, but the replacement package is called libsasl-2-2. It seems stupid, but the Scalix server won't install with this package and we really have to install a package called libsasl-2 next to it. As said, there's no such package available, so I created a kind of fake package (see also this forumthread on ubuntuforums.org) to install instead and prevent problems later on. Download the package here and install it using this command: 

sudo dpkg -i libsasl2_2.1.22.dfsg1-9ubuntu2_i386.deb

Other preparation steps

The Scalix message store depends on the libssl0.9.7 package. As the 0.9.7 version is not available for this Ubuntu version, you have to sym-link the libcrypto.so.0.9.8 library to libcrypto.so.0.9.7 instead. This can be done by: 

sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7

Under Ubuntu the standard shell /bin/sh is linked to dash instead of bash. This will cause problems runing the scripts later on. To prevent this, please link /bin/sh temporarily to /bin/bash, after saving the original link of course (don't worry, we will restore the original state afterwards): 

sudo mv /bin/sh /bin/SH
sudo ln -s /bin/bash /bin/sh


Downloading the Scalix Software

The Scalix 11.3.0 packages can be downloaded here. You will need to download the installer package for Debian, called: scalix-11.3.0-U1-GA-unsupported-debian-intel.bin.


Unpacking the Scalix software

Start the downloaded installer: 

sudo bash scalix-11.3.0-U1-GA-unsupported-debian-intel.bin

This will take you to the license agreement, to proceed:

  • press the space bar repeatedly to scroll down if you want to read the license agreement, or press q to skip to the end immediately
  • at the end of the agreement, at the prompt, accept the agreement by entering yes
  • next, launch the readme file by pressing enter
  • when prompted to run the package, say no


Installing and the Scalix Server package

Before installing the scalix-server package, we have to install the last two dependencies (scalix-chardet and scalix-libical). They come with the Scalix installer and can be installed by: 

sudo dpkg -i scalix-debian-11.3.0-GA/software/scalix_server/scalix-chardet_1.0.20071031-2_i386.deb
sudo dpkg -i scalix-debian-11.3.0-GA/software/scalix_server/scalix-libical_0.27.20071008-1_i386.deb

After that, we can (finally) install the scalix-server package using dpkg, do so using this command: 

sudo dpkg -i scalix-debian-11.3.0-GA/software/scalix_server/scalix-server_11.3.0.11339_i386.deb


Creating and Configuring the Initial Scalix Server Instance

Initialize the Scalix Message Store

To initialize the Scalix message store, use the 
sudo /opt/scalix/bin/ommakeom
command. This creates an empty message store in /var/opt/scalix and also adds config file templates for all components into this directory tree. The process takes 3-15 minutes, depending on the speed of your system. Please check the screen output for any errors or problems during the process. A log of the message store creation is located in /var/opt/scalix/sys/install/log. In case of error, correct the problem and restart message store creation by using the 
sudo /opt/scalix/bin/ompatchom
command.

Set Generation Rules for Display Name, Login Name and Internet Address

Before creating any new user, set the default rules for generating the display name (shown in 'From' email headers and address book display), the login name (used to log in to Scalix clients) and the Internet address.

The following is a list of user attributes you can use in those rules:
G represents the given name in mixed/original casing
S represents the surname in mixed/original casing
I represents the middle initial(s) in mixed/original casing
C represents the common name/display name in mixed/original casing (this cannot be used in the display name generation)
g, s, i and c represent the first character of the given name/surname/initials/common name in lower case
f and l represent the full given name/last name in lowercase

    • To set up generation rules for the display name, use the 
      sudo /opt/scalix/bin/sxconfig --set -t general.usrl_cn_rule='<rule>'
      command, e.g. 
      sudo /opt/scalix/bin/sxconfig --set -t general.usrl_cn_rule='S, G'
      to set the display name generation rule to Last, First.

    • To set up generation rules for the login name, use the 
      sudo /opt/scalix/bin/sxconfig --set -t general.usrl_authid_rule='<rule>'
      command, e.g. 
      sudo /opt/scalix/bin/sxconfig --set -t general.usrl_authid_rule='gs@'
      to set the login name generation rule to use the initials of the user in lowercase. If you omit the @ character from this rule, the fully-qualified domain name of the server appends to the login name. Please see the 
      man omaddu
      for details.

    • To set up generation rules for the Internet address, use the 
      sudo /opt/scalix/bin/sxconfig --set -t orniasys.name_part_<n>='<rule>' -t orniasys.domain_part_<n>='<domain>'
      command, e.g. 
      sudo /opt/scalix/bin/sxconfig --set -t orniasys.name_part_1='"C" <G.S>' -t orniasys.domain_part_1='mycompany.com'
      to set the Internet address generation rule to generate addresses in the form "Last, First" <First.Last@mycompany.com> (provided that the display name generation rule is Last, First, as C maps to the display name). Please see 
      man omiam
      for details.

      Note: You can set up to five Internet address-generation rules for the system by specifying different values from 1 to 5 for <n>.

Creating the Default Mailnode

The mailnode is a organizational unit grouping users. This becomes important in multi-server setups supported for Scalix Enterprise Edition. For single-server systems, creating a single, default mailnode is usually sufficient. It is best to use the organization name (without any 8-bit or special characters) as the mailnode name. To create the initial mailnode and make it the default, use the 
omaddmn -m <mailnode>
command, e.g. 
omaddmn -m mycompany
.

Setting up a Non-Default LDAP Port Number

If the system already has some LDAP service using the standard LDAP TCP port (389), change to another port number now. Edit the /var/opt/scalix/<instance>/s/sys/slapd.conf and change the port number to a different value. Scalix recommends using port 3890. The line to be changed should look like this: 
portNum          3890

Starting the Server Daemons

Before creating the first set of users, start the server daemons. To do this, use the 
omrc -n
command. The -n option prevents mail delivery and user signon services from starting because these are not usable at this time.

Creating the Default Admin User

To create a default admin account, use the 
omaddu -n <fullname>/<mailnode> --class <class> -c admin -p <password> <loginname>
command, e.g. 
omaddu -n sxadmin/mycompany --class limited -c admin -p secret sxadmin
Note 
Don't forget to quote if the name contains spaces, eg:
omaddu -n "Admin User/mynode" --class limited -c admin -p secret sxadmin

where

  1. sxadmin is the full name of the admin user as displayed in the address book
  2. mycompany is the default mailnode created in the previous step
  3. limited is either full or limited. When creating the admin user as a full user, this will use one of the 25 free premium mailboxes available in Scalix CE raw. However, if created as a limited user, the user won't be able to use Outlook to log in or access public folder information through SWA.
  4. -c admin sets full admin capabilities for the user
  5. secret is the users initial password
  6. sxadmin is the users login name

Note 
When creating the user fails with error like this "omaddu : [OM 8154] No more id's are available from the system id pool" then you have to create a new user-space like this:
First check for possibly existing users: omshowu -m all
Then add new user space for e.g. 1000 user: omadmidp -a -s 66000 -n 1000 (Each Scalix mailbox that is added will require a Unix/Linux ID. In this example Unix-ID pool 66000-66999 is added.)

Configuring the Admin User

Set up the Admin user as "Postmaster" to receive system error messages: 
omconfenu -n "sxadmin/mycompany"
. This user is excluded from system-wide inbox quota checking: 
omlimit -u "sxadmin/mycompany" -o -i 0 -m 0

Creating the LDAP Query User

To allow the Scalix Admin Server and Admin Console to access user information through Scalix LDAP, create a system user as follows: 

omaddu -n sxqueryadmin/<mailnode> --class limited -c admin -p <passwd> sxqueryadmin@<fqdn>

This user's password can be anything, but the username (sxqueryadmin) and the user's login name must match the values provided where <fqdn> is the FQDN of your server as returned by the hostname --fqdn command. The user can always be created as a limited user because the only server he is allowed to log in to is LDAP, which does not require a premium user account.

Creating the Standard Scalix Admin Groups

Next, create the standard Scalix Admin groups for the Scalix Admin server. The names of these groups are fixed, so you must create them as follows: 

omaddpdl -l ScalixUserAdmins/mycompany
omaddpdl -l ScalixUserAttributesAdmins/mycompany
omaddpdl -l ScalixGroupAdmins/mycompany
omaddpdl -l ScalixAdmins/mycompany

NOTE: Depending on your Generation Rules, these commands may complain with "omaddpdl : [OM 18043] The Internet Address is already assigned" but it seems to work anyway.

Adding Standard Tweak Settings

We recommend adding the following tweak settings to /var/opt/scalix/<instance>/s/sys/general.cfg . For details on these settings, please refer to the Scalix Administration Guide.

#
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
#
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
#
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server. Note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most 10 connections per second. If clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
#
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
#
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is 30 minutes. Some
# clients "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
#
IMAP_IDLE_TIMEOUT=31
#
# This tweak arranges for Local Delivery to automatically create a
# message store for users created without one.
# Users added with the bulk-add mechanism used by the
# wizard do not have a message store. So setting this tweak allows
# them to receive mail before they are initially signed on.
#
LD_CREATE_MESSAGE_STORE=TRUE
#
# These three tweaks allow users to sign on using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
# 
# Note that changing these settings normally requires restarting Scalix.
#
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE

Starting Scalix Services

As a final step, start all services now using the following command:
omon -s all
Retrieved from "https://www.scalix.com/wiki/index.php?title=Manual_Installation_Ubuntu_Gutsy&oldid=3785"