Re: Working unified murder configs?

[Farzad FARID <ffarid@xxxxxxxxxxxxxxxxxxxx>]

Hi,

on 09.02.2007 10:40 Mirosław Jaworski said the following:

Anyone care to share working unified murder configs?

I am also sure that many would appreciate separate unified murder pages
in cyrus' wiki.

  

Sure, here's a working config, deployed in a production system. Since I haven't written a final administration manual, these informations  may be incomplete. If they aren't sufficient, send me a mail and I'll complete what's missing.

Environment:

There are 3 servers (not couting the smtp relays or the LDAP servers):

• 2 imap servers: imap1 & imap2
  
• 1 murder server: murder1

All 3 servers run Cyrus Imapd 2.3.7, home made, yet to become official, Debian packages, with some patches. You can check the source code here if you want to see what patches have been applied : http://www.pragmatic-source.com/Cyrus-Imapd-2-3-7-for-the-Linux

Note: All cyrus commands must be run under the "cyrus" user, not "root"!

SASL settings

All 3 server have SASL libraries & tools installed, and an /etc/sasldb2 authentification file.

Note: Take care of using matching passwords where necessary. For example: the /etc/sasldb2 file on "murder1" has got an "imap1@xxxxxxxxxxxx" account. The same "imap1" user is defined in the /etc/cyrus.conf file on server "imap1", with the same password.

Configuration on "murder1"

Note: I stripped some unnecessary lines, comments and white lines from the sample config files. Don't use these configuration files as is!

SASL file /etc/sasldb2

The auth file contains these users (with a password of course):

murder1# sasldblistusers2
cyrus@murder1: userPassword
imap1@xxxxxxxxxxxx: userPassword
imap2@xxxxxxxxxxxx: userPassword

File /etc/cyrus.conf:

START {
        recover         cmd="/usr/sbin/ctl_cyrusdb -r"
}
SERVICES {
        # (mupdate master, only one in the entire cluster)
        mupdate       cmd="mupdate -m" listen=3905 prefork=1 proto="tcp4"
}
EVENTS {
        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
}

File /etc/imapd.conf:

configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
servername: mydomain.com
admins: cyrus
mupdate_admins: imap1 imap2
allowplaintext: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no

Nothing else is configured on "murder1".

Configuration on "imap1" and "imap2"

Configuration is identical on these 2 servers, except from their names (substitute "imap1" with "imap2" and you'll get the 2nd server's configuration).

The IMAP servers run the "saslauthd" daemon, connected to an LDAP server, but I don't document this here as it has no influence on the murder configuration.

File /etc/services:

Add the following line to the "/etc/service file.

mupdate         3905/tcp                        # Cyrus Mupdate

SASL file /etc/sasldb2:

# sasldblistusers2
cyrus@imap1: userPassword
postman@imap1: userPassword

postman is used along with postfix + lmtp for mail delivery. But I won't talk about this here.

File /etc/cyrus.conf:

START {
        recover         cmd="/usr/sbin/ctl_cyrusdb -r"
        idled           cmd="idled"

        # this is useful on backend nodes of a Murder cluster
        # it causes the backend to syncronize its mailbox list with
        # the mupdate master upon startup
        mupdatepush   cmd="/usr/sbin/ctl_mboxlist -m"

        # this is recommended if using duplicate delivery suppression
        # but the expiration takes more than 5 minutes on startup!
        # So I disabled this line
        ##delprune      cmd="/usr/sbin/cyr_expire -E 3 -X 3"
        # this is recommended if caching TLS sessions
        tlsprune        cmd="/usr/sbin/tls_prune"
}
SERVICES {
        # --- Normal cyrus spool, or Murder backends ---
        # add or remove based on preferences
        imap            cmd="imapd -U 30" listen="imap" prefork=10 maxchild=250 babysit=1 maxforkrate=10 proto="tcp4"
        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=5 maxchild=250 babysit=1 maxforkrate=10 proto="tcp4"

        lmtp            cmd="lmtpd" listen="lmtp" prefork=10 maxchild=60 babysit=1 maxforkrate=10 proto="tcp4"
        sieve           cmd="timsieved" listen="sieve" prefork=2 maxchild=30 proto="tcp4"
        notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1

        # --- Murder frontends -------------------------
        # mupdate database service - must prefork at least 1
        # (mupdate slaves)
        mupdate       cmd="mupdate" listen=3905 prefork=1 proto="tcp4"
}
EVENTS {
        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
        delprune        cmd="/usr/sbin/cyr_expire -E 3 -X 3" at=0201
        tlsprune        cmd="/usr/sbin/tls_prune" at=0201
        squatter_a      cmd="/usr/sbin/squatter" at=0317
}

File /etc/imapd.conf:

As I said before, this is an incomplete example.

configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
admins: cyrus
lmtp_admins: cyrus postman
postuser: cyrus
allowanonymouslogin: no
allowplaintext: yes
allowapop: no
sasl_minimum_layer: 0
loginrealms: mydomain.com
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
mupdate_server: murder1.mydomain.com
mupdate_config: unified
mupdate_port: 3905
mupdate_authname: imap1
mupdate_realm: mydomain.com
mupdate_password: XXXX_HERE_IMAP1_PASSWORD
mupdate_worker_maxspare: 5
mupdate_worker_minspare: 1
mupdate_worker_start: 2
proxy_password: XXXX_HERE_CYRUS_PASSWORD
proxy_authname: cyrus
proxyservers: cyrus

Bootstrapping the whole thing

Actually I don't remember exactly how I bootstrapped the system :P

These steps are approximative:

• Monitor the syslog files on all servers to detect errors or warnings. In my environment everything is logged in /var/log/mail.log.
• Start the cyrus services on the "murder1" server. Check that the following services are running:
• cyrmaster -d
• mupdate -m
• Go on "imap1" (resp. "imap2")
• Using "cyradm" create some local users:
• cyradm -u cyrus localhost
  
• cyradm> createmailbox user.johndoe
• cyradm> etc.
  
• Launch "sudo -u cyrus ctl_mboxlist -m" manually. Check the messages and the log file to see if everything went fine.
• Repeat previous operations (user creation & ctl_mboxlist -m) on server "imap2"

Now run "sudo -u cyrus ctl_mboxlist -d" on all 3 servers and compare the results. At least "murder1" should have a complete list of all folders.

If everything worked fine:

• Start the whole cyrus services on both imap servers
• /etc/init.d/cyrus start
  
• Check the log files
• Enjoy!
  

Now "sudo -u cyrus ctl_mboxlist -d" should always return a complete list of all folders, regardless of the server it is run on. I you open an IMAP connection with "imap1" or "imap2" you should be able to access any folder (depending on your authorizations of course).

If there's anything wrong or incomplete in my mail, please tell me and I'll try to correct it.

 Regards,

-- 
Farzad FARID <ffarid@xxxxxxxxxxxxxxxxxxxx>
Architecte Open Source / Associé
Pragmatic Source - http://www.pragmatic-source.com/
Tel : +33 9 53 19 21 90 / Mob : +33 6 03 70 65 46

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html