[Zimbra 8.8.15 FOSS]How to install cbpolicyd on multi-server Zimbra?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
wodel
Advanced member
Advanced member
Posts: 52
Joined: Sat Sep 13, 2014 12:24 am

[Zimbra 8.8.15 FOSS]How to install cbpolicyd on multi-server Zimbra?

Post by wodel »

Hi,

I need some help installing cbpolicyd on a multi-server deployment of Zimbra.

I am using Zimbra 8.8.15 FOSS, with 03 VMs for now, zldap + zmta-proxy and zstore.
The documentation says :
NOTE: These steps are for a single server install only. For a multi-MTA setup, or if more than one MTA exists in an environment, these steps must be done on each MTA. Do take note of installing a MariaDB server.


"Do take note of installing a MariaDB server"; Zimbra MTA does not contain the Zimbra MariaDB service, so i have to install one, I tried to install mariaDB using yum install, but the cbpolicyd.sh searches for the service installed by Zimbra setup, should I install zimbra-mariadb.x86_64 on the Zimbra MTA server? if yes how should I manage it?

Regards.
Klug
Ambassador
Ambassador
Posts: 2746
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: [Zimbra 8.8.15 FOSS]How to install cbpolicyd on multi-server Zimbra?

Post by Klug »

Which documentation and which script are you using?

I would setup a dedicated mariadb instance (outside Zimbra, just in case).
uttam.takalkar
Zimbra Employee
Zimbra Employee
Posts: 53
Joined: Wed Jul 27, 2022 6:16 am

Re: [Zimbra 8.8.15 FOSS]How to install cbpolicyd on multi-server Zimbra?

Post by uttam.takalkar »

I think he is referring to this document https://wiki.zimbra.com/wiki/CBPolicyD_Management
If you are having single MTA server then this document is perfect for you..

If multiple MTA nodes then you should go for centralised database to manage the policies across all MTA nodes. In this scenario, you will be building Galera cluster for MariaDB database running on multiple MTAs. With the help of Galera cluster, all MTAs will communicate to central MariaDB database. Then you configure Zimbra to use that cluster to read and track against the Policies.
wodel
Advanced member
Advanced member
Posts: 52
Joined: Sat Sep 13, 2014 12:24 am

Re: [Zimbra 8.8.15 FOSS]How to install cbpolicyd on multi-server Zimbra?

Post by wodel »

Hi,

Indeed this the article https://wiki.zimbra.com/wiki/CBPolicyD_Management

The script cbpolicyd.sh is responsible of creating the policyd database in MariaDB, but it searches for Zimbra's database.

This is a snippet from the file :

Code: Select all

...
echo "Creating database and user"
/opt/zimbra/bin/mysql < "${POLICYDDBCREATE}"

if [ -d "/opt/zimbra/common/share/database/" ]; then
   #shipped version from Zimbra (8.7)
   cd /opt/zimbra/common/share/database/ >/dev/null
else
   #shipped version from Zimbra (8.6)
   cd /opt/zimbra/cbpolicy*/share/database/ >/dev/null
fi

POLICYDTABLESSQL="$(mktemp /tmp/policyd-dbtables.XXXXXXXX.sql)"
for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql;
        do
        ./convert-tsql mysql $i;
        done > "${POLICYDTABLESSQL}"

# have to replace TYPE=InnoDB with ENGINE=InnoDB, this is not needed when using the latest upstream version of cbpolicyd
# but it seems to be an issue in the version shipped with Zimbra 8.6 (not 8.7)
if grep --quiet -e "TYPE=InnoDB" "${POLICYDTABLESSQL}"; then
   grep -lZr -e "TYPE=InnoDB" "${POLICYDTABLESSQL}" | xargs -0 sed -i "s^TYPE=InnoDB^ENGINE=InnoDB^g"
fi

echo "Populating policyd_db please wait..."
/opt/zimbra/bin/mysql policyd_db < "${POLICYDTABLESSQL}"


CBPOLICYDCONF="$(mktemp /tmp/cbpolicyd.conf.in.XXXXXXXX)"
echo "Backing up cbpolicyd.conf.in"
cp -a /opt/zimbra/conf/cbpolicyd.conf.in ${CBPOLICYDCONF}
...

I don't know if modifying the script will do the trick?


Regards.
wodel
Advanced member
Advanced member
Posts: 52
Joined: Sat Sep 13, 2014 12:24 am

[SOLVED][Zimbra 8.8.15 FOSS]How to install cbpolicyd on multi-server Zimbra?

Post by wodel »

Hi,

I can confirm that modifying the cbpolicyd.sh will do the trick, you can install a local mysql then change the mysql client path in the script. You have to pay attention to the created user, the account must be accessible from the cbpolicyd webui server.

Regards.
Post Reply