Scalix Lenny

Aus Neobikers Wiki
Zur Navigation springen Zur Suche springen

Scalix Installation auf Lenny

Hinweis: Sendmail

Unter Debian ist standardmässig Exim als Maildaemon installiert. Scalix verwendet und konfiguriert sendmail (oder postfix). Hier beschreibe ich meine sendmail Installation unter Debian (Etch) zusammen mit amavisd-new, clamav und spamassassin.

Installation: Scalix

Die Scalix Installation auf LENNY (32-Bit System!) ist inzwischen auf 11.4.6 aktualisiert. Das Update von 11.4.5 habe ich auch mit diesem Installationsskript machen müssen, das update-skript hab ich nicht so zum Laufen bekommen, das es 100%ig funktioniert, da wurden trotz der Updates teilweise noch die alten Versionnummern in den Webapplikationen Webmail, SAC angezeigt, obwohl definitiv die neuen installiert waren.

Ergo: Dieses Installationsskript nutze ich jetzt auch für Updates, wo es radikal alles löscht und dann neu installiert - der DataStore wird vorher weggesichert -> die Installationsangaben müssen dann natürlich identisch bleiben (Mailnode, Passwort). Ein Backup sollte man allerdings trotzdem haben!!!

Hinweis: Das Skript bricht (wie früher bereits auch) aus mir (momentan) unerfindlichen Gründen beim 1.Mal evtl. mit Fehler ab. Dann einfach nochmal starten, dann läufts durch...(siehe Logfile hier)

#!/bin/bash
# Scalix 11.x install script
# Author: neobiker
#

set -e

# Adjust next settings
src_dir=/usr/src

# Admin password (sxadmin)
admpwd=geheim

# JAVA Memory usage (ca. 50% of RAM)
java_mem=128

# load and decompress scalix packages
scalix11version=11.4.6
scalix11downloadurl="http://downloads.scalix.com/.community/${scalix11version}/scalix-${scalix11version}-GA-unsupported-debian-intel.bin"
scalix11bin=`basename $scalix11downloadurl`
scalix11dir=scalix-debian-${scalix11version}-GA

# Extract and install packages
if [ ! -e $scalix11dir ]; then

    # Download Scalix 11
    if [ ! -e $scalix11bin ]; then
        cd $src_dir
        wget -N $scalix11downloadurl
    fi

    sh ./$scalix11bin
fi
cd $scalix11dir/software/scalix_server/


# initialise variables for installation script
host=$(hostname -f | cut -d. -f 1)
mnode=$host
ldappwd=$admpwd
dbpwd=$admpwd
ip=$(hostname -i)

# optional: ask user or comment out
# --------
echo -n "Name of your mailnode [$mnode] ? "
read a ; [ -n "$a" ] && mnode=$a

echo -n "Admin password for Scalix admin user (sxadmin) [$admpwd] ? "
read a ; [ -n "$a" ] && admpwd=$a

ldappwd=$admpwd
echo -n "Please enter a password for the ldap query user [sxadmin-password] ? "
read a ; [ -n "$a" ] && ldappwd=$a

dbpwd=$admpwd
echo -n "Please enter a password for the db user [sxadmin-password] ? "
read a ; [ -n "$a" ] && dbpwd=$a

echo -n "Please enter the external ip address of your Scalix box [$ip]? "
read a ; [ -n "$a" ] && ip=$a

echo -n "Please enter JAVA Memory usage (e.g. 50% of total MEM) [$java_mem]? "
read a ; [ -n "$a" ] && java_mem=$a

# modify scalix deb packages (for lenny)
fix_scalix_debs ()
{
  deb=`/bin/ls -1 scalix-${1}*.deb`
  if  [ -e "$deb" ]; then

    [ -d old ] || mkdir old
    [ -d new_$1 ] && rm -rf new_$1
    [ -d new_$1/DEBIAN ] || mkdir -p new_$1/DEBIAN
    [ -e old/$deb ] || cp $deb old/$deb

    dpkg -x old/$deb new_$1
    dpkg -e old/$deb new_$1/DEBIAN

    case $1 in
        iconv)
            file=new_$1/DEBIAN/preinst
            cat $file | sed -e 's/ "\$1" -gt 1 / -n "\$1" /g' >$file.neu
            mv $file.neu $file
            chmod a+x $file

            file=new_$1/DEBIAN/postrm
            cat $file | sed -e 's/ "\$1" -eq 0 / -z "\$1" /g' >$file.neu
            mv $file.neu $file
            chmod a+x $file

            dpkg -b new_$1 $deb
            ;;

        server)
            file=new_$1/DEBIAN/control
            cat $file | sed -e 's/libsasl2,/libsasl2-2,/g' \
                -e 's/libmilter[^,]*,//g' \
                -e 's/libstdc++2[^,]*,//g' >$file.neu
            mv $file.neu $file

            file=new_$1/DEBIAN/postinst
            cat $file | sed -e "s#OMLOGFILE='~/sys/install/log'#OMLOGFILE='~/sys/install/log';#g" >$file.neu
            mv $file.neu $file
            chmod a+x $file

            dpkg -b new_$1 $deb
            ;;

        postgres)
            file=new_$1/DEBIAN/control
            cat $file | sed -e 's/| postgresql-client-.\..//g' \
                -e 's/| postgresql-.\..//g' >$file.neu
            mv $file.neu $file

            dpkg -b new_$1 $deb
            ;;

        *)
            ;;
    esac
  fi
}

# Initialise more variables
# get scalix pakage filenames: main_files, app_files, other_files
# define config_files etc.
# only variable settings made here until -- Step 0 -- below !

scx_main="server postgres"
scx_apps="tomcat_ tomcat- mobile platform res sac sis swa"

if [ `ls -1 scalix-*.deb 2>/dev/null | wc -l` -gt 0 ] ; then
    for f in `ls -1 scalix-*.deb | cut -d_ -f1`; do
        scalix_pakages="$scalix_pakages $f"
    done

    for f in ${scx_main}; do
        main_files="${main_files} "`ls scalix-${f}*.deb`
        dropme="${dropme} | grep -v $f"
    done

    for f in ${scx_apps}; do
        app_files="${app_files} "`ls scalix-${f}*.deb`
        dropme="${dropme} | grep -v $f"
    done

    other_files=`eval "ls -1 scalix-*.deb ${dropme}"`

    ldomain=$(hostname -d)
    fqdn=$host.$ldomain
    short=${mnode:0:1}${mnode: -1:1}

    base=/var/opt/scalix/${short}
    tomcatport=80

    config_files="${base}/webmail/swa.properties \
       ${base}/caa/scalix.res/config/ubermanager.properties \
       ${base}/res/config/res.properties \
       ${base}/platform/platform.properties \
       ${base}/mobile/mobile.properties \
       ${base}/sis/sis.properties"

else
    echo 'Sorry, no scalix-\*.deb pakages found.'
    echo "Please change to the directory which contains the files and try again."
    exit 1
fi

cat << EOT

>>>> Step 0: check for old Scalix installation

EOT
sleep 2

# Scalix already installed, remove ?
if [ -d ${base} ]; then
    echo "Scalix directory found: $base"
    echo "Remove Scalix Installation (not the datastore!) [n] ? "
    read a
    if [ "x$a" == "x" -o "x$a" == "xn" ]; then
      echo "leaving old Scalix installion (files) untouched"
    else
      aptitude purge ${scalix_pakages}   # sun-java5-jre postgresql
      echo ""
      echo "delete scalix pakages (${base}, but save the Data-Store!) [y] ? "
      read a
      if [ "x$a" == "x" -o "x$a" == "xy" ]; then
          if [ -d /var/opt/scalix/s.bak ]; then
              mv /var/opt/scalix/s.bak /var/opt/scalix/s.bak.$$
          fi
          mv /var/opt/scalix/${short}/s /var/opt/scalix/s.bak
          ls -l /var/opt/scalix/
          du -sk /var/opt/scalix/s.bak*
          echo ""
          echo "saved data-store, delete all scalix files ${base} now [y] ?"
          read a
          if [ "x$a" == "x" -o "x$a" == "xy" ]; then
              scalix_config_dirs="${base} /opt/scalix* /etc/opt/scalix* /etc/init.d/scalix*"
              rm -rf ${scalix_config_dirs}
          fi
      fi
    fi
fi

cat << EOT

>>>> Step 1a: install dependencies for Lenny

Please configure a UTF-8 locale or setup will fail later on.
(e.g. en_US.UTF-8 or de_DE.UTF-8)

EOT
sleep 2

# Remove sendmail startup links
# This disables outgoing mail
# /etc/init.d/sendmail stop
# update-rc.d -f sendmail remove

aptitude update
aptitude upgrade
aptitude install locales

if [ ! $(echo "$LANG" | grep UTF-8) ]; then
   echo "Please set e.g. en_US.UTF-8 locale and re-login and restart script"
   exit 0
fi

aptitude install apache2 gawk krb5-config krb5-doc krb5-user libkadm55 libkrb53 \
       libglib2.0-0 libxml2 sgml-base xml-core postgresql postgresql-client \
       libsasl2-modules libsasl2-2  libstdc++5 wget \
       sendmail mailx elinks w3m sun-java5-jre libssl0.9.8

# fix sendmail configfile
if [ -e /etc/mail/sendmail.mc ]; then
  grep MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.mailer.tmp
  grep -v MAILER /etc/mail/sendmail.mc > /tmp/sendmail.mc.feature.tmp
  cat /tmp/sendmail.mc.feature.tmp >/etc/mail/sendmail.mc
  cat /tmp/sendmail.mc.mailer.tmp >> /etc/mail/sendmail.mc
  rm /tmp/sendmail.mc.*.tmp
fi

# some Lenny hacks for scalix binaries
[ -e /usr/lib/libssl.so.0.9.7 ] || ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
[ -e /usr/lib/libcrypto.so.0.9.7 ] || ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7
[ -e /usr/lib/liblber.so.2 ] || ln -s /usr/lib/liblber-2.4.so.2 /usr/lib/liblber.so.2
[ -e /usr/lib/libldap_r.so.2 ] || ln -s /usr/lib/libldap_r-2.4.so.2 /usr/lib/libldap_r.so.2

cat << EOT

>>>> Step 1b: install Scalix-server

EOT
sleep 2
echo "continue installation [y] ? "
read a ; [ -z "$a" -o "x$a" == "xy" ] || exit 0

fix_scalix_debs iconv
fix_scalix_debs server
fix_scalix_debs postgres

export PATH=/opt/scalix/bin:$PATH

dpkg -i scalix-libical_*.deb scalix-chardet_*.deb scalix-iconv-extras_*.deb
dpkg -i scalix-server_*.deb


# Setup mailnode
ommakeom

sxconfig --set -t general.usrl_cn_rule='G S'
sxconfig --set -t general.usrl_authid_rule='l@'
sxconfig --set -t orniasys.name_part_1='"C" <S>' -t orniasys.domain_part_1="$ldomain"

omaddmn -m $mnode

omrc -n

omaddu -n sxadmin/$mnode --class limited -c admin -p "$admpwd" sxadmin
omconfenu -n "sxadmin/$mnode"
omlimit -u "sxadmin/$mnode" -o -i 0 -m 0

omaddu -n sxqueryadmin/$mnode --class limited -c admin -p $ldappwd sxqueryadmin@$fqdn

omaddpdl -l ScalixUserAdmins/$mnode
omaddpdl -l ScalixUserAttributesAdmins/$mnode
omaddpdl -l ScalixGroupAdmins/$mnode
omaddpdl -l ScalixAdmins/$mnode

cat >>/var/opt/scalix/${short}/s/sys/general.cfg <<EOT
#
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
#
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
#
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server. Note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most 10 connections per second. If clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
#
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
#
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is 30 minutes. Some
# clients "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
#
IMAP_IDLE_TIMEOUT=31
#
# This tweak arranges for Local Delivery to automatically create a
# message store for users created without one.
# Users added with the bulk-add mechanism used by the
# wizard do not have a message store. So setting this tweak allows
# them to receive mail before they are initially signed on.
#
LD_CREATE_MESSAGE_STORE=TRUE
#
# These three tweaks allow users to sign on using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
#
# Note that changing these settings normally requires restarting Scalix.
#
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE

EOT
chmod 444 /var/opt/scalix/${short}/s/sys/general.cfg

omon -s all

cat << EOT

>>>> Step 2: install Scalix packages

EOT
sleep 2

dpkg -i scalix-tomcat_*.deb scalix-tomcat-connector_*.deb
dpkg -i scalix-postgres_*.deb \
        scalix-mobile_*.deb scalix-platform_*.deb scalix-res_*.deb scalix-sac_*.deb \
        scalix-sis_*.deb scalix-swa_*.deb

#set JAVA Memory usage
file=/etc/opt/scalix-tomcat/scalix-tomcat.conf
if [ -e $file ]; then
    sed -e "s;Xms256;Xms${java_mem};g" \
        -e "s;Xmx256;Xmx${java_mem};g" \
        $file > $file.neu
    mv $file.neu $file
fi

# Setup DB
/opt/scalix-postgres/bin/sxpsql-setpwd $dbpwd
/opt/scalix-postgres/bin/sxpsql-whitelist 127.0.0.1 $ip

cat << EOT

>>>> Step 3: configure Scalix

EOT
sleep 2

# Configure Scalix
for file in ${config_files}; do
  sed \
    -e "s;%LOCALDOMAIN%;$ldomain;g" \
    -e "s;%LOCALHOST%;$fqdn;g" \
    -e "s;%IMAPHOST%;$fqdn;g" \
    -e "s;%SMTPHOST%;$fqdn;g" \
    -e "s;%DBHOST%;$fqdn:5733;g" \
    -e "s;%DBPASSWD%;$dbpwd;g" \
    -e "s;%LDAPPORT%;389;g" \
    -e "s;http://%PLATFORMURL%:8080/api;http://$fqdn/api;g" \
    -e "s;%PLATFORMURL%;http://$fqdn/api;g" \
    -e "s;swa.platform.enabled=false;swa.platform.enabled=true;g" \
    -e "s;__SECURED_MODE__;false;g" \
    -e "s;ubermanager/__FQHN_HOST__@__KERBEROS_REALM__;;g" \
    -e "s;__KERBEROS_REALM__;;g" \
    -e "s;__FQHN_FOR_KDC_HOST__;;g" \
    -e "s;__FQHN_QUERY_SERVER_NAME__;$fqdn;g" \
    -e "s;__UBERMGR_USE_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_ALLOW_EXTERNAL_AUTH__;false;g" \
    -e "s;__UBERMGR_MAXLIST_SIZE__;100;g" \
    -e "s;__UBERMGR_MAIL_DOMAINS_LIST__;$ldomain;g" \
    -e "s;__UBERMGR_EXTERNAL_DOMAIN_AUTH_LIST__;;g" \
    -e "s;__CONFIGURED__;true;g" \
    -e "s;__FQHN_FOR_UBERMANAGER__;$fqdn;g" \
    -e "s;__TOMCAT_PORT__;$tomcatport;g" \
    -e "s;localhost;$fqdn;g" \
    -e "s;%SIS-LANGUAGE%;German;g" \
    -e "s;%INDEX-WHITELIST%;$fqdn;g" \
    -e "s;%SEARCH-WHITELIST%;$fqdn;g" \
    -e "s;%INDEXADMIN-WHITELIST%;$fqdn;g" \
    $file > $file.neu
  mv $file.neu $file
done

# some (optional) GERMAN settings
for file in ${config_files}; do
  sed \
      -e "s;ubermanager.console.defaultCountry=US;ubermanager.console.defaultCountry=DE;g" \
      -e "s;ubermanager.console.defaultLanguage=AMERICAN;ubermanager.console.defaultLanguage=GERMAN;g" \
      -e "s;swa.user.locale=en_US;swa.user.locale=de_DE;g" \
      -e "s;swa.user.preferredDateTimeFormat=1;swa.user.preferredDateTimeFormat=2;g" \
      -e "s;swa.user.dateSeparatorChar=/;swa.user.dateSeparatorChar=.;g" \
      -e "s;swa.user.weekStart=0;swa.user.weekStart=1;g" \
      -e "s;swa.user.defaultCalendarView=0;swa.user.defaultCalendarView=2;g" \
      ${file} > ${file}.new
    mv $file.new $file
done

# Write Ldappassword to psdata
cd ${base}/caa/scalix.res/config
echo "$ldappwd" > psdata
chown root:root psdata
chmod 400 psdata
cd -

# check files and permissions
omcheck -s | sh

cat << EOT

>>>> Step 4: setup apache, restart Scalix(-tomcat)

EOT
sleep 2

# Restart Tomcat
/etc/init.d/scalix-tomcat restart

# Setup Apache
[ -e /etc/apache2/conf.d/scalix-web-client.conf ] || \
    ln -s /opt/scalix/global/httpd/scalix-web-client.conf /etc/apache2/conf.d

cat << EOT > /etc/apache2/conf.d/scalix-access.conf
<Location />
        Allow from all
</Location>
EOT

files="/etc/opt/scalix-tomcat/connector/ajp/*-$mnode.*conf \
       /etc/opt/scalix-tomcat/connector/jk/*-$mnode.*conf"
for file in $files; do
  if [ -e $file ]; then
    sed -e 's;<VirtualHost;#<VirtualHost;g' \
        -e 's;</VirtualHost;#</VirtualHost;g' \
        $file > $file.neu
    mv $file.neu $file
  fi
done

/etc/init.d/apache2 restart

cat << EOT
#####################################################
# You should now be able to access scalix at:
# http://$fqdn/sac
# http://$fqdn/webmail
#####################################################
#
# check the scalix installation (file permissions etc.) with:
# > omcheck -i

EOT

if [ -e /var/opt/scalix/s.bak ]; then
cat << EOT

# restore your old scalix data-store with:
# - stop scalix             > for f in /etc/rc1.d/K*scalix*; do \$f stop; done
# - restore the data-store  > mv /var/opt/scalix/s.bak $base/s
# - and start scalix again  > for f in /etc/rc2.d/S*scalix*; do \$f start; done

for f in /etc/rc1.d/K*scalix*; do \$f stop; done
mv $base/s $base/s.new
mv /var/opt/scalix/s.bak $base/s
for f in /etc/rc2.d/S*scalix*; do \$f start; done

EOT
fi