Zimbra 8.8.15 Patch-34 - share experience

Ask questions about your setup or get help installing ZCS server (ZD section below).
User avatar
oetiker
Outstanding Member
Outstanding Member
Posts: 275
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
Contact:

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by oetiker »

The three packages should be upgraded first before all others ... in the upgrade process the order is probably not the right one ...
halfgaar wrote:The patch notes say to run this extra command:

Code: Select all

apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
But my 'apt upgrade' already lists them as 'to be upgraded'. Not sure why it's suddenly instructed this way, nor why those packages are not just made dependencies of something else.

My own protection measures are in place against the CPIO hack, so I'm waiting with the installations, even though I have a very easy restore method in case of disaster.
halfgaar
Advanced member
Advanced member
Posts: 171
Joined: Sat Sep 13, 2014 12:54 am
Location: Netherlands
ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
Contact:

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by halfgaar »

So if you have (auto) unattended upgrades enabled, you break your installation?
User avatar
oetiker
Outstanding Member
Outstanding Member
Posts: 275
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
Contact:

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by oetiker »

I have the same problem ...
BradC wrote:This is what it looks like on my test VM

Code: Select all

zimbra@ztest:~$ zmcontrol start
Host mail.xxxx.com
	Starting ldap...Done.
Failed.
Failed to start slapd.  Attempting debug start to determine error.
63466406 daemon: bind(7) failed errno=13 (Permission denied)
63466406 slap_open_listener: failed on ldap://mail.xxxx.com:389
I'll start looking at capabilities. Ta for the pointer.

Edit : EXT4_FS_SECURITY was not set in the kernel, thus setcap couldn't store the capability.
User avatar
oetiker
Outstanding Member
Outstanding Member
Posts: 275
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
Contact:

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by oetiker »

found a workaround

the problem is the sudo startup of ldap has been removed and if there is no setcap support ldap can not startup anymore ...


1. add sudo script

Code: Select all

cat  /etc/sudoers.d/02_zimbra-ldap 
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
2. use the old startup script from the p33

Code: Select all

/opt/zimbra/bin/ldap

diff ldap ldap-2022-10-12 
73c73
<     sudo /opt/zimbra/libexec/zmslapd -l LOCAL0 -u zimbra -h "${bind_url} ldapi:///" \
---
>     /opt/zimbra/libexec/zmslapd -l LOCAL0 -h "${bind_url} ldapi:///" \
104,105c104,105
<                 sudo /opt/zimbra/libexec/zmslapd -l LOCAL0 \
<                 -u zimbra -h "${bind_url} ldapi:///" -F /opt/zimbra/data/ldap/config
---
>                 /opt/zimbra/libexec/zmslapd -l LOCAL0 \
>                 -h "${bind_url} ldapi:///" -F /opt/zimbra/data/ldap/config

Another bad bad day for the testing team of zimbra .... !!!
User avatar
oetiker
Outstanding Member
Outstanding Member
Posts: 275
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
Contact:

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by oetiker »

yep, and I would not recommend doing that .... on a zimbra server ...
halfgaar wrote:So if you have (auto) unattended upgrades enabled, you break your installation?
cougarmaster
Posts: 16
Joined: Sat Sep 13, 2014 1:19 am

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by cougarmaster »

cougarmaster wrote:
BradC wrote:
cougarmaster wrote: Here is when I do the zmfixperm

Code: Select all

Set capability for /opt/zimbra/common/libexec/slapd
Failed to set capabilities on file `/opt/zimbra/common/libexec/slapd' (Operation not supported)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
Your filesystem doesn't have extended attributes enabled.

I think this is it thank you for that reminder OMG ...cry cry cry..thank you
Ah sorry still no go it died again....
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by BradC »

halfgaar wrote:So if you have (auto) unattended upgrades enabled, you break your installation?
Only a lunatic puts / leaves auto unattended upgrades on a production machine.
oetiker wrote:found a workaround

the problem is the sudo startup of ldap has been removed and if there is no setcap support ldap can not startup anymore ...
Another bad bad day for the testing team of zimbra .... !!!
I don't think this one is on Zimbra as such. In my case it caused an issue because my VM has a self-compiled kernel with extended attributes disabled. That's a bit of an own goal for me.
Certainly all the Ubuntu variants supported by Zimbra come with this enabled by default.

I do think there should have been a big flashing warning on the release notes. "Hey, we've just implemented a change that relies on an OS/Filesystem feature we've never required in the past. If you don't have that this will prevent Zimbra from restarting so sort that out *before* you upgrade".
Last edited by BradC on Wed Oct 12, 2022 12:16 pm, edited 1 time in total.
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by BradC »

cougarmaster wrote:Ah sorry still no go it died again....
Time to break out strace on setcap and find out what your system doesn't have that is preventing setcap from storing the extended attribute.

I got the same error you did, googled the error message which led to setcap and then the "ah hah, I don't have extended attributes enabled".
For me that fixed it. For you there's obviously something else, but I'd start with the filesystem and work backwards.
User avatar
gabrieles
Outstanding Member
Outstanding Member
Posts: 233
Joined: Tue Feb 14, 2017 9:40 am

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by gabrieles »

bulletxt wrote:Hi,
Zimbra 8.8.15 Patch-34 has just been released. Please share your experience after upgrade, thanks!
Yes, sure. My experience was, like the previous 33 patches, sending all my customers the usual warning: "Don't patch production systems on the release day"
pjzr
Posts: 2
Joined: Thu Jun 16, 2022 9:19 am

Re: Zimbra 8.8.15 Patch-34 - share experience

Post by pjzr »

Hi,

No problem when upgrading on a multi-server installation.

But ... Again the bug IMAP with attached files in shared mailboxes.
If the shared mailbox is not on the same mailbox server as the person, then the attached file is corrupted.
We didn't have this problem with previous patch.
Post Reply