Re: Backend attempting to proxy to itself?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you!

Yes, doing the following steps:
- ctl_mboxlist -d > file.txt
- stopping the backend cyrus
- removing mailboxes.db,
- starting cyrus
- ctl_mboxlist -u < file.editted.txt
does mean I can run "imtest -a cyrus-frontend -u simon store-101" (i.e.
against the backend) successfully and SELECT the INBOX.

However, if I restart the backend at this point, I get the old entries
back again in addition to the fixed entries.

Given this cluster isn't yet in production, I've just stopped the entire
cluster, deleted mailboxes.db from everything and "rm -rf
${partition-default}/*" in case there was something bad lurking around
from previous experiments. But it's still the case that if I "cm
user.simon" on the frontend with cyradm, the mailboxes.db on the backend
appears as "... 1 store-101...!default..."

So for some reason I'm not getting correct mailbox location information
created on the backends.

I've included my cyrus.conf files and the murder master's imapd.conf below
in case there's something wrong I've put in any of those.

Cheers

Simon

=====================
Backend/frontend cyrus.conf

START {
  recover       cmd="ctl_cyrusdb -r"
  idled         cmd="idled"
  #the next line is only present on the backend
  mupdatepush   cmd="ctl_mboxlist -m"
}
SERVICES {
  imap          cmd="imapd" listen="imap" proto="tcp4" prefork=2
  imaps         cmd="imapd -s" listen="imaps" proto="tcp4" prefork=5
  pop3          cmd="pop3d" listen="pop3" proto="tcp4" prefork=2
  pop3s         cmd="pop3d -s" listen="pop3s" proto="tcp4" prefork=2
  sieve         cmd="timsieved" listen="sieve" proto="tcp4" prefork=2
  mupdate       cmd="mupdate" listen="3905" proto="tcp4" prefork=2
  fud           cmd="fud" listen="4201" proto="udp4" prefork=1 maxchild=10
  lmtp          cmd="lmtpd -a" listen="127.0.0.1:2003" prefork=1
}
EVENTS {
  checkpoint    cmd="ctl_cyrusdb -c" period=30
  delprune      cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
  tlsprune      cmd="tls_prune" at=0400
}

======================
Murder master /etc/cyrus.conf

START {
  recover       cmd="ctl_cyrusdb -r"
  idled         cmd="idled"
}
SERVICES {
  mupdate       cmd="mupdate -m" listen="mupdate" prefork=1
}
EVENTS {
  checkpoint    cmd="ctl_cyrusdb -c" period=30
  delprune      cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
  tlsprune      cmd="tls_prune" at=0400
}


======================
Murder master /etc/imapd.conf

admins:                 cyrus cyrus-frontend
allowplaintext:         true
configdirectory:        /var/lib/imap
duplicate_db:           skiplist
improved_mboxlist_sort: true
lmtp_downcase_rcpt:     true
normalizeuid:           true
partition-default:      /var/spool/imap
ptscache_db:            skiplist
sasl_mech_list:         DIGEST-MD5 PLAIN LOGIN
sasl_pwcheck_method:    auxprop
sievedir:               /var/lib/imap/sieve
statuscache_db:         skiplist
tlscache_db:            skiplist
tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
tls_cert_file:          /etc/ssl/certs/wildcard.pem
tls_key_file:           /etc/ssl/certs/wildcard.pem
unix_group_enable:      false


> imapd is trying to proxy because the entry "1
> store-101.internal.example.com" tells it that it's remote, even though it
> is not.  Theoretically this would work correctly with a unified murder
> configuration, where any machine can proxy for another, but it isn't
> implemented.  The mailbox entry on the backend should look like;
>
> user.simon      0    default simon lrswipkxtecda
>
> I'm not sure how the mailbox list ended up with entries like that on your
> backend.  Are you running mupdate there?  There should probably be a
> warning in the docs about not starting mupdate on a backend, if there
> isn't
> already.  To fix it, you may need to dump the db to text, use sed/awk/perl
> (pick your favorite) and change all the "1 servername!default" to "0
> default", remove the old db and reload it.   Hope that helps.
>
> -Brian
>
> On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale"
> <simon@xxxxxxxxxxxx>
> wrote:
>> I'm having problems with getting the backend responding correctly in a
>> murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4).
> I've
>> got it so that I can run cyradm and issue 'cm user.simon' on the
> frontend,
>> see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
>> murder, frontend and backend all list the relevant backend location:
>>
>> user.simon      1 store-101.internal.example.com!default simon
>> lrswipkxtecda
>>
>>
>> However, when I run imtest and login on the frontend:
>> . LIST "" "*"
>> * LIST (\HasNoChildren) "." "INBOX"
>> . OK Completed (0.000 secs 2 calls)
>> . SELECT INBOX
>> . NO Server(s) unavailable to complete operation
>>
>>
>> Looking at the output of strace and syslogs on the backend, it appears
>> that the backend is trying to make a new TLS connection back to itself
>> rather than directly answering the incoming SELECT.
>>
>> Apr 26 13:24:09 store-101 imap[26128]: accepted connection
>> Apr 26 13:24:09 store-101 master[26615]: about to exec
>> /usr/lib/cyrus-imapd/imapd
>> Apr 26 13:24:09 store-101 imap[26128]: login:
>> switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User
> logged
>> in
>> Apr 26 13:24:09 store-101 imap[26615]: executed
>> Apr 26 13:24:09 store-101 imap[26615]: accepted connection
>> Apr 26 13:24:09 store-101 master[26616]: about to exec
>> /usr/lib/cyrus-imapd/imapd
>> Apr 26 13:24:09 store-101 imap[26616]: executed
>> Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
>> /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
>> Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH
>> parameters
>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>> Apr 26 13:24:09 store-101 imap[26128]: received server certificate
>> Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
>> Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>> Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
>> server: no mechanism available
>>
>> Can anyone help me work out why the backend appears to be attempting to
>> proxy onwards rather than answering the SELECT itself?
>>
>> ===================
>> Backend imapd.conf:
>>
>> admins:                 cyrus cyrus-frontend
>> allowallsubscribe:      true
>> allowplaintext:         true
>> allowusermoves:         true
>> configdirectory:        /var/lib/imap
>> delete_mode:            delayed
>> duplicate_db:           skiplist
>> expunge_mode:           delayed
>> hashimapspool:          true
>> improved_mboxlist_sort: true
>> lmtp_downcase_rcpt:     true
>> mupdate_authname:       cyrus-frontend
>> mupdate_password:       ********
>> mupdate_server:         switch-102.internal.example.com
>> mupdate_username:       cyrus-frontend
>> normalizeuid:           true
>> partition-default:      /var/spool/imap
>> proxyservers:           cyrus-frontend
>> ptscache_db:            skiplist
>> sasl_mech_list:         PLAIN LOGIN DIGEST-MD5
>> sasl_pwcheck_method:    auxprop
>> servername:             store-101.internal.example.com
>> sievedir:               /var/lib/imap/sieve
>> statuscache_db:         skiplist
>> tlscache_db:            skiplist
>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>> unix_group_enable:      false
>>
>>
>> ====================
>> Frontend imapd.conf:
>>
>> admins:                 cyrus
>> allowplaintext:         false
>> allowusermoves:         true
>> configdirectory:        /var/lib/imap
>> delete_mode:            delayed
>> duplicate_db:           skiplist
>> expunge_mode:           delayed
>> improved_mboxlist_sort: true
>> lmtp_downcase_rcpt:     true
>> mupdate_authname:       cyrus-frontend
>> mupdate_password:       ********
>> mupdate_server:         switch-102.internal.example.com
>> mupdate_username:       cyrus-frontend
>> normalizeuid:           true
>> partition-default:      /var/spool/imap
>> proxy_authname:         cyrus-frontend
>> proxyd_disable_mailbox_referrals:       true
>> proxy_password:         ********
>> ptscache_db:            skiplist
>> sasl_mech_list:         PLAIN
>> sasl_pwcheck_method:    auxprop saslauthd
>> serverlist:             store-101.internal.example.com
>> servername:             switch-101.internal.example.com
>> sieve_allowreferrals:   false
>> sievedir:               /var/lib/imap/sieve
>> sieveusehomedir:        0
>> statuscache_db:         skiplist
>> tlscache_db:            skiplist
>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>> unix_group_enable:      false
>>
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>


----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux