Problem with mupdate/sasl and random entropy [Re: Setting multiples acls in cyrus/murder slows down to a crawl]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

So, once again I'll anwser my own question ;) The cyradm session slows down suddenly because the numerous sasl authentications the imap server does when connecting to the mupdate server completely drain the /dev/random entropy generator... Because I don't want to recompile cyrus-sasl (and the hardware random number generator on my Dell servers doesn't seem to work), I made a symlink from /dev/urandom to /dev/random and it solved the problem.

Yet I have 2 other questions:

  • Why isn't the RNG used by cyrus-sasl configurable at runtime, but only at compile-time? OpenLDAP has a config option called "TLSRandFile" for this.
  • Why does the imap server (on which I'm connected with cyradm) establish a new connection to mupdate for *every single call* to "setaclmailbox user.XXXX cyrus kxa"? Because I change the ACL of 400 mailboxes, imap must reauthenticate 400 times in a row.

Regards


Farzad FARID wrote:
Hi,

I write a script for cyradm to set the ACLs for all the users, like this:

setaclmailbox user.perez cyrus kxa
setaclmailbox user.pirat cyrus kxa
setaclmailbox user.plouvier cyrus kxa
setaclmailbox user.pruche cyrus kxa
setaclmailbox user.seltani cyrus kxa
setaclmailbox user.serre cyrus kxa
setaclmailbox user.solers cyrus kxa
...[400 accounts]...

I  then feed the script to cyradm. But after 10 lines, the execution
suddenly slows down to a crawl, and only one "setaclmailbox" every 10 or
20 seconds is executed.

I'm running a unified  cyrus murder 2.3.7, with 2 imap servers and 1
mupdate server. I ran the script only on one imap server, and all the
accounts belong to this server.
These are the logs I see on the mupdate server. The imap server keeps
connecting/disconnecting from the mupdate server, and the mupdate server
seems to spend a lot of time in either cmd_find or cmd_set.

Oct 13 12:19:04 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
Oct 13 12:19:04 oban cyrus/mupdate[23028]: cmd_set(fd:15, user.fboudali)
Oct 13 12:19:04 oban cyrus/mupdate[23028]: cmd_find(fd:17, user.fboudali)
Oct 13 12:19:05 oban cyrus/mupdate[23028]: accepted connection
Oct 13 12:19:05 oban cyrus/mupdate[23028]: telling master 4
Oct 13 12:19:05 oban cyrus/master[22804]: service mupdate pid 23028 in
READY state: serving one more multi-threaded connection
Oct 13 12:19:05 oban cyrus/master[22804]: service mupdate now has 1
ready workers
Oct 13 12:19:06 oban cyrus/mupdate[23028]: cmd_find(fd:14, user.fboudali)
Oct 13 12:19:23 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
Oct 13 12:19:23 oban cyrus/mupdate[23028]: cmd_set(fd:15, user.bpincede)
Oct 13 12:19:23 oban cyrus/mupdate[23028]: cmd_find(fd:17, user.bpincede)
Oct 13 12:19:24 oban cyrus/mupdate[23028]: accepted connection
Oct 13 12:19:24 oban cyrus/mupdate[23028]: telling master 4
Oct 13 12:19:24 oban cyrus/master[22804]: service mupdate pid 23028 in
READY state: serving one more multi-threaded connection
Oct 13 12:19:24 oban cyrus/master[22804]: service mupdate now has 1
ready workers
Oct 13 12:19:26 oban cyrus/mupdate[23028]: cmd_find(fd:14, user.bpincede)
Oct 13 12:19:29 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
Oct 13 12:19:29 oban cyrus/mupdate[23028]: cmd_set(fd:15, user.albonnefoy)
Oct 13 12:19:29 oban cyrus/mupdate[23028]: cmd_find(fd:17, user.albonnefoy)
Oct 13 12:19:29 oban cyrus/mupdate[23028]: accepted connection
Oct 13 12:19:29 oban cyrus/mupdate[23028]: telling master 4
Oct 13 12:19:29 oban cyrus/master[22804]: service mupdate pid 23028 in
READY state: serving one more multi-threaded connection
Oct 13 12:19:29 oban cyrus/master[22804]: service mupdate now has 1
ready workers
Oct 13 12:19:29 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in

When I try to trace the mupdate threads, all I see is that the threads
seem to spend a lot a time waiting on locks (futex on the linux
implementation of threads), and very little time reading or writing any
file.

Can anybody explain this to me and help me debug it? Or is there another
way to set hundreds of ACLs in a row?

 Regards

  


-- 
Farzad FARID <ffarid@xxxxxxxxxxxxxxxxxxxx>
Architecte Open Source / Pragmatic Source
http://www.pragmatic-source.com/
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux