halfgaar wrote:The patch notes say to run this extra command:
But my 'apt upgrade' already lists them as 'to be upgraded'. Not sure why it's suddenly instructed this way, nor why those packages are not just made dependencies of something else.Code: Select all
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
My own protection measures are in place against the CPIO hack, so I'm waiting with the installations, even though I have a very easy restore method in case of disaster.
Zimbra 8.8.15 Patch-34 - share experience
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: Zimbra 8.8.15 Patch-34 - share experience
The three packages should be upgraded first before all others ... in the upgrade process the order is probably not the right one ...
-
- Advanced member
- Posts: 173
- Joined: Sat Sep 13, 2014 12:54 am
- Location: Netherlands
- ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
- Contact:
Re: Zimbra 8.8.15 Patch-34 - share experience
So if you have (auto) unattended upgrades enabled, you break your installation?
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: Zimbra 8.8.15 Patch-34 - share experience
I have the same problem ...
BradC wrote:This is what it looks like on my test VM
I'll start looking at capabilities. Ta for the pointer.Code: Select all
zimbra@ztest:~$ zmcontrol start Host mail.xxxx.com Starting ldap...Done. Failed. Failed to start slapd. Attempting debug start to determine error. 63466406 daemon: bind(7) failed errno=13 (Permission denied) 63466406 slap_open_listener: failed on ldap://mail.xxxx.com:389
Edit : EXT4_FS_SECURITY was not set in the kernel, thus setcap couldn't store the capability.
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: Zimbra 8.8.15 Patch-34 - share experience
found a workaround
the problem is the sudo startup of ldap has been removed and if there is no setcap support ldap can not startup anymore ...
1. add sudo script
2. use the old startup script from the p33
Another bad bad day for the testing team of zimbra .... !!!
the problem is the sudo startup of ldap has been removed and if there is no setcap support ldap can not startup anymore ...
1. add sudo script
Code: Select all
cat /etc/sudoers.d/02_zimbra-ldap
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
Code: Select all
/opt/zimbra/bin/ldap
diff ldap ldap-2022-10-12
73c73
< sudo /opt/zimbra/libexec/zmslapd -l LOCAL0 -u zimbra -h "${bind_url} ldapi:///" \
---
> /opt/zimbra/libexec/zmslapd -l LOCAL0 -h "${bind_url} ldapi:///" \
104,105c104,105
< sudo /opt/zimbra/libexec/zmslapd -l LOCAL0 \
< -u zimbra -h "${bind_url} ldapi:///" -F /opt/zimbra/data/ldap/config
---
> /opt/zimbra/libexec/zmslapd -l LOCAL0 \
> -h "${bind_url} ldapi:///" -F /opt/zimbra/data/ldap/config
Another bad bad day for the testing team of zimbra .... !!!
- oetiker
- Outstanding Member
- Posts: 276
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: Zimbra 8.8.15 Patch-34 - share experience
yep, and I would not recommend doing that .... on a zimbra server ...
halfgaar wrote:So if you have (auto) unattended upgrades enabled, you break your installation?
-
- Posts: 16
- Joined: Sat Sep 13, 2014 1:19 am
Re: Zimbra 8.8.15 Patch-34 - share experience
Ah sorry still no go it died again....cougarmaster wrote:BradC wrote:Your filesystem doesn't have extended attributes enabled.cougarmaster wrote: Here is when I do the zmfixperm
Code: Select all
Set capability for /opt/zimbra/common/libexec/slapd Failed to set capabilities on file `/opt/zimbra/common/libexec/slapd' (Operation not supported) The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
I think this is it thank you for that reminder OMG ...cry cry cry..thank you
Re: Zimbra 8.8.15 Patch-34 - share experience
Only a lunatic puts / leaves auto unattended upgrades on a production machine.halfgaar wrote:So if you have (auto) unattended upgrades enabled, you break your installation?
I don't think this one is on Zimbra as such. In my case it caused an issue because my VM has a self-compiled kernel with extended attributes disabled. That's a bit of an own goal for me.oetiker wrote:found a workaround
the problem is the sudo startup of ldap has been removed and if there is no setcap support ldap can not startup anymore ...
Another bad bad day for the testing team of zimbra .... !!!
Certainly all the Ubuntu variants supported by Zimbra come with this enabled by default.
I do think there should have been a big flashing warning on the release notes. "Hey, we've just implemented a change that relies on an OS/Filesystem feature we've never required in the past. If you don't have that this will prevent Zimbra from restarting so sort that out *before* you upgrade".
Last edited by BradC on Wed Oct 12, 2022 12:16 pm, edited 1 time in total.
Re: Zimbra 8.8.15 Patch-34 - share experience
Time to break out strace on setcap and find out what your system doesn't have that is preventing setcap from storing the extended attribute.cougarmaster wrote:Ah sorry still no go it died again....
I got the same error you did, googled the error message which led to setcap and then the "ah hah, I don't have extended attributes enabled".
For me that fixed it. For you there's obviously something else, but I'd start with the filesystem and work backwards.
Re: Zimbra 8.8.15 Patch-34 - share experience
Yes, sure. My experience was, like the previous 33 patches, sending all my customers the usual warning: "Don't patch production systems on the release day"bulletxt wrote:Hi,
Zimbra 8.8.15 Patch-34 has just been released. Please share your experience after upgrade, thanks!
Re: Zimbra 8.8.15 Patch-34 - share experience
Hi,
No problem when upgrading on a multi-server installation.
But ... Again the bug IMAP with attached files in shared mailboxes.
If the shared mailbox is not on the same mailbox server as the person, then the attached file is corrupted.
We didn't have this problem with previous patch.
No problem when upgrading on a multi-server installation.
But ... Again the bug IMAP with attached files in shared mailboxes.
If the shared mailbox is not on the same mailbox server as the person, then the attached file is corrupted.
We didn't have this problem with previous patch.