Ubuntu Lucid
From Scalix Wiki
Revision as of 20:47, 22 February 2011 by Kippno (Talk | contribs) (Bugfix -> ProxyMatch -> Allow from all)
Install Script for Ubuntu 10.04 lucid lynx
Please download the empty fake packages from http://www.snorre.com/scalix_ubuntu_fake_10.04.tgz. Edit script variable FAKE_DIR to match the location of the fake packages. The packages are created with equivs.
#!/bin/bash # (c) 2011 Snorre Prod. I.N.C. # quick and dirty install Scalix 11.x on Ubuntu 10.04 #### definitions ### LOG=/tmp/scalix_inst.log SEP="---------------------------------------------------------------------------------" SRC=/root/install/scalix-debian-11.4.6-GA DEB_DIR=$SRC/software/scalix_server FAKE_DIR=$SRC/software/fakes PREREQ_SOFTWARE="gawk apache2 krb5-user krb5-doc postgresql postgresql-client libsasl2-modules-gssapi-mit sendmail elinks libstdc++5 heirloom-mailx sun-java6-bin" #### definitions ### function variables_and_nw () { # get varibles read -p "Mail domain: " MAILDOMAIN read -p "Scalix mailnode name: " MAILNODE stty -echo read -p "Scalix admin user (sxadmin) password: " SXADMIN_PWD; echo read -p "LDAP Query Admin User (sxqueryadmin) password: " SXQUERYADMIN_PWD; echo read -p "Postgres DB password: " POSTGRES_PWD; echo stty echo # get network parameters IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` FQDN=`hostname -f` } function prereq_scalix () { # Change Repos cp /etc/apt/sources.list /etc/apt/sources.list.scalix.bak sed -i -e '/partner/s/^# //' /etc/apt/sources.list sed -i -e '/backports/s/^# //' /etc/apt/sources.list aptitude update # Get prereq. software echo "prereq. aptitude $SEP" >> $LOG aptitude -y -R install $PREREQ_SOFTWARE 2>&1 | tee -a $LOG cd $SRC wget http://security.ubuntu.com/ubuntu/pool/universe/o/openssl097/libssl0.9.7_0.9.7g-5ubuntu1.1_i386.deb echo "prereq. dpkg $SEP" >> $LOG dpkg -i libssl0.9.7_0.9.7g-5ubuntu1.1_i386.deb 2>&1 | tee -a $LOG cd $FAKE_DIR dpkg -i *.deb 2>&1 | tee -a $LOG # bash as default echo echo "Please set dash to be NOT the default shell (/bin/sh) at the next screen" echo -n "Press any key to continue: " read dpkg-reconfigure dash # LDAP Libs cd /usr/lib/ && ln -s libldap_r-2.4.so.2 libldap_r.so.2 && ln -s liblber-2.4.so.2.5.4 liblber.so.2 # User adduser --system --home /var/opt/scalix --no-create-home --shell /bin/true --disabled-password --group scalix # Path echo 'PATH=$PATH:/opt/scalix/bin:/opt/scalix/diag' > /etc/profile.d/scalix.sh export PATH=$PATH:/opt/scalix/bin:/opt/scalix/diag # drop postgresql db pg_dropcluster --stop 8.4 main } function scalix_sw_1 () { cd $DEB_DIR echo "Scalix Main SW $SEP" >> $LOG dpkg -i scalix-libical*.deb 2>&1 | tee -a $LOG dpkg -i scalix-chardet*.deb 2>&1 | tee -a $LOG dpkg -i scalix-server*.deb 2>&1 | tee -a $LOG } function get_instance () { SCALIX_DATADIR=`omcheckgc -d` SCALIX_INSTANCEDIR=`dirname $SCALIX_DATADIR` SCALIX_INSTANCE_NAME=`omcheckgc -s` } function scalix_tweak () { get_instance # --> SCALIX_DATADIR, SCALIX_INSTANCEDIR, SCALIX_INSTANCE_NAME cat << EOF >>$SCALIX_DATADIR/sys/general.cfg # # These three tweaks allow users to sign on using an alias. Only # system-defined aliases are permitted and it the alias name is ignored # for the purposes of message creation and so on. # # Note that changing these settings normally requires restarting Scalix. # UAL_SIGNON_ALIAS=YES UAL_SIGNON_ALIAS_CONFIG=SYS UAL_USE_SIGNON_ALIAS=FALSE # # The CDA service (used for "type down" in some clients) is more # efficient if it can check the directory change log before attempting # to update the access tables that it uses. One slow machines, it may # also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check # interval from five minutes to an hour. # CDA_USE_CHANGE_LOG=TRUE # CDA_CHECKTIME=60 # # These tweaks limit the number and rate of IMAP connections to the # server. The IMAP_CONNECTION_LIMIT simply restricts the total number of # connections to the server. Note that many IMAP clients have several # connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts # the rate at which clients can connect to the server, in this case, at # most 10 connections per second. If clients try to connect faster # than that, the IMAP server simply slows down the rate at which it will # accept new connections. # IMAP_CONNECTION_LIMIT=500 IMAP_CONNRATE_LIMIT=10 # # The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection # will wait for a command before terminating the connection. The default # setting, and the minimum required setting, is 30 minutes. Some # clients "refresh" their connection once every thirty minutes # exactly -- but if they are a little bit late, the server drops their # connection. Setting a timeout of 31 minutes avoids this problem. # IMAP_IDLE_TIMEOUT=31 # # This tweak arranges for Local Delivery to automatically create a # message store for users created without one. # Users added with the bulk-add mechanism used by the # wizard do not have a message store. So setting this tweak allows # them to receive mail before they are initially signed on. # LD_CREATE_MESSAGE_STORE=TRUE EOF } function scalix_settings () { # message store echo "MSG Store $SEP" >> $LOG ommakeom 2>&1 | tee -a $LOG echo echo "Please read /var/opt/scalix/s5/s/sys/install/log !!" echo "If anny error exists: solve error - then run 'ompatchom'" echo -n "Press any key to continue: " read # rules sxconfig --set -t general.usrl_cn_rule='G S' sxconfig --set -t general.usrl_authid_rule='G.S' sxconfig --set -t orniasys.name_part_1='"C" <G.S>' sxconfig --set -t orniasys.domain_part_1="$MAILDOMAIN" # mailnode echo "Mailnode $SEP" >> $LOG omaddmn -m $MAILNODE 2>&1 | tee -a $LOG # start daemons echo "Start daemons $SEP" >> $LOG omrc -n 2>&1 | tee -a $LOG # users omaddu -n sxadmin/$MAILNODE --class limited -c admin -p $SXADMIN_PWD sxadmin omconfenu -n "sxadmin/$MAILNODE" omlimit -u "sxadmin/$MAILNODE" -o -i 0 -m 0 omaddu -n sxqueryadmin/$MAILNODE --class limited -c admin -p $SXQUERYADMIN_PWD sxqueryadmin@$FQDN omaddpdl -l ScalixUserAdmins/$MAILNODE omaddpdl -l ScalixUserAttributesAdmins/$MAILNODE omaddpdl -l ScalixGroupAdmins/$MAILNODE omaddpdl -l ScalixAdmins/$MAILNODE # tweaks scalix_tweak # start services echo "Start services $SEP" >> $LOG omon -s all 2>&1 | tee -a $LOG } function scalix_sw_2 () { cd $DEB_DIR echo "Scalix Tomcat SW $SEP" >> $LOG dpkg -i scalix-tomcat*.deb 2>&1 | tee -a $LOG dpkg -i scalix-mobile*.deb 2>&1 | tee -a $LOG dpkg -i scalix-platform*.deb 2>&1 | tee -a $LOG dpkg -i scalix-postgres*.deb 2>&1 | tee -a $LOG dpkg -i scalix-res*.deb 2>&1 | tee -a $LOG dpkg -i scalix-sac*.deb 2>&1 | tee -a $LOG dpkg -i scalix-sis*.deb 2>&1 | tee -a $LOG dpkg -i scalix-swa*.deb 2>&1 | tee -a $LOG dpkg -i scalix-tomcat-connector*.deb 2>&1 | tee -a $LOG } function opts_tomcat () { # setting JAVA mem to 50% of MEM ALL_MEM=`free -mto | grep Mem: | awk '{ print $2 }'` MEM=$((ALL_MEM/2)) cp /etc/opt/scalix-tomcat/scalix-tomcat.conf /etc/opt/scalix-tomcat/scalix-tomcat.conf.bak sed -i -e "/JAVA_OPTS/s/-Xms[0-9]*m/-Xms${MEM}m/" /etc/opt/scalix-tomcat/scalix-tomcat.conf sed -i -e "/JAVA_OPTS/s/-Xmx[0-9]*m/-Xmx${MEM}m/" /etc/opt/scalix-tomcat/scalix-tomcat.conf # set tomcat stop timeout to 60s cp /opt/scalix-tomcat/bin/sxtomcat-shutdown /opt/scalix-tomcat/bin/sxtomcat-shutdown.bak sed -i -e "/STOP_TIMEOUT/s/=[0-9]*/=60/" /opt/scalix-tomcat/bin/sxtomcat-shutdown } function setup_postgres () { echo "Setup postgres $SEP" >> $LOG /opt/scalix-postgres/bin/sxpsql-init 2>&1 | tee -a $LOG /opt/scalix-postgres/bin/sxpsql-setpwd $POSTGRES_PWD 2>&1 | tee -a $LOG /opt/scalix-postgres/bin/sxpsql-whitelist $IP 2>&1 | tee -a $LOG } function opts_tomcat_apps () { get_instance # --> SCALIX_DATADIR, SCALIX_INSTANCEDIR, SCALIX_INSTANCE_NAME # Scalix Web Access (Webmail) - /var/opt/scalix/%instance%/webmail/swa.properties FILE=$SCALIX_INSTANCEDIR/webmail/swa.properties cp $FILE $FILE.bak # port at swa.platform.url could also be 80 or empty when using apache sed -i -e "s/swa\.email\.domain=.*/swa.email.domain=$MAILDOMAIN/" \ -e "s/swa\.email\.imapServer=.*/swa.email.imapServer=$FQDN/" \ -e "s/swa\.email\.smtpServer=.*/swa.email.smtpServer=$FQDN/" \ -e "s/swa\.platform\.url=.*/swa.platform.url=http:\/\/$FQDN:8080\/api/" \ -e "s/swa\.platform\.enabled=.*/swa.platform.enabled=true/" \ $FILE # Scalix Ubermanager Admin Server FILE=$SCALIX_INSTANCEDIR/caa/scalix.res/config/ubermanager.properties cp $FILE $FILE.bak sed -i -e "s/ubermanager\.query\.server=.*/ubermanager.query.server=$FQDN/" \ -e "s/ubermanager\.kerberos\.mode=.*/ubermanager.kerberos.mode=false/" \ -e "s/ubermanager\.kerberos\.principalName=.*/ubermanager.kerberos.principalName=/" \ -e "s/ubermanager\.kerberos\.realm=.*/ubermanager.kerberos.realm=/" \ -e "s/ubermanager\.kerberos\.kdc=.*/ubermanager.kerberos.kdc=/" \ -e "s/ubermanager\.console\.externalAuth=.*/ubermanager.console.externalAuth=false/" \ -e "s/ubermanager\.console\.allowExternalAuthChoice=.*/ubermanager.console.allowExternalAuthChoice=false/" \ -e "s/ubermanager\.console\.maxListSize=.*/ubermanager.console.maxListSize=100/" \ -e "s/ubermanager\.console\.localDomains=.*/ubermanager.console.localDomains=$MAILDOMAIN/" \ -e "s/ubermanager\.console\.authDomains=.*/ubermanager.console.authDomains=/" \ -e "s/ubermanager\.configured=.*/ubermanager.configured=true/" \ $FILE # Country & Language could be set with # -e "s/ubermanager\.console\.defaultCountry=.*/ubermanager.console.defaultCountry=AT/" \ # -e "s/ubermanager\.console\.defaultLanguage=.*/ubermanager.console.defaultLanguage=GERMAN/" \ # PWD for SYQUERYADMIN FILE=$SCALIX_INSTANCEDIR/caa/scalix.res/config/psdata echo "$SXQUERYADMIN_PWD" > $FILE chmod 600 $FILE # Scalix RES Admin Agent FILE=$SCALIX_INSTANCEDIR/res/config/res.properties cp $FILE $FILE.bak # res.tomcat.tcp.port could also be empty (default=???) or 80 if using apache sed -i -e "s/res\.kerberos\.mode=.*/res.kerberos.mode=false/" \ -e "s/res\.kerberos\.realm=.*/res.kerberos.realm=/" \ -e "s/res\.kerberos\.kdc=.*/res.kerberos.kdc=/" \ -e "s/res\.kerberos\.allowedclients=.*/res.kerberos.allowedclients=ubermanager\/$FQDN/" \ -e "s/res\.ubermanager\.host=.*/res.ubermanager.host=$FQDN/" \ -e "s/res\.tomcat\.tcp\.port=.*/res.tomcat.tcp.port=8080/" \ -e "s/res\.configured=.*/res.configured=true/" \ $FILE # Scalix Messaging Services API Platform FILE=$SCALIX_INSTANCEDIR/platform/platform.properties cp $FILE $FILE.bak sed -i -e "s/imap\.host=.*/imap.host=$FQDN/" \ -e "s/smtp\.host=.*/smtp.host=$FQDN/" \ -e "s/ldap\.port=.*/ldap.port=389/" \ -e "s/hibernate\.connection\.url =.*/hibernate.connection.url = jdbc:postgresql:\/\/$FQDN:5733\/scalix/" \ -e "s/hibernate\.connection\.password =.*/hibernate.connection.password = $POSTGRES_PWD/" \ $FILE # Scalix Web Access Mobile FILE=$SCALIX_INSTANCEDIR/mobile/mobile.properties cp $FILE $FILE.bak # port could also be 80 or empty when using apache sed -i -e "s/platform\.url=.*/platform.url=http:\/\/$FQDN:8080\/api/" \ $FILE # Scalix Search and Indexing Services FILE=$SCALIX_INSTANCEDIR/sis/sis.properties cp $FILE $FILE.bak sed -i -e "s/index\.language=.*/index.language=English/" \ -e "s/index\.client\.whitelist=.*/index.client.whitelist=$IP/" \ -e "s/search\.client\.whitelist=.*/search.client.whitelist=$IP/" \ -e "s/indexadmin\.client\.whitelist=.*/indexadmin.client.whitelist=$IP/" \ $FILE } function apache_integration () { get_instance # --> SCALIX_DATADIR, SCALIX_INSTANCEDIR, SCALIX_INSTANCE_NAME # Integrate Scalix Web Clients into Apache ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d # Bugfix VHOST Error of Tomcat Integration FILE=/etc/opt/scalix-tomcat/connector/ajp/instance-$SCALIX_INSTANCE_NAME.conf cp $FILE $FILE.bak sed -i -e "/VirtualHost/d" $FILE # Allow Proxy to FQDN for http and ajp reverse proxy echo "<ProxyMatch $FQDN>" >> $FILE echo " Order deny,allow" >> $FILE echo " Allow from all" >> $FILE echo "</ProxyMatch>" >> $FILE } function main () { echo "a log of the most critical steps can be found at $LOG" echo # First the software variables_and_nw prereq_scalix scalix_sw_1 scalix_settings scalix_sw_2 # Second the settings & bugfixing opts_tomcat setup_postgres opts_tomcat_apps apache_integration } main