Re: Backend attempting to proxy to itself?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aaahh, ok. I've taken that "services" line out, and it's all now looking sane in the mailboxes.db dumps. So thank you very much for that (I've spent a few days tearing my hair out over this :-) I'll have to work out now why I thought that was a good idea to include.

The creating on the frontend was using the imapd.conf option:

       serverlist: <none>
            Whitespace separated list of backend server names.  Used for find-
            ing server with the most available free space for proxying CREATE.

which was what I was intending to exercise once my initial problems were sorted, to spread my users out over a couple of backend servers automatically. This appears to be an option added in 2.3.15.

Simon

On 26 Apr 2010, at 17:57, Brian Awood wrote:

> 
> You need to remove mupdate entry from the "Services" section of the cyrus
> config on the backend servers.  mupdate always assumes mailboxes are remote
> so it is going through and changing all the mailbox entries to remote ones.
> 
> 
> I'm not sure about the autocreate feature though, I assume that is what you
> are trying to use by creating the mailbox while connected to the frontend. 
> Traditionally you would connect to the backend where you wanted the mailbox
> to live and create it there.
> 
> -Brian
> 
> On Mon, 26 Apr 2010 17:27:46 +0100 (BST), "Simon Beale"
> <simon@xxxxxxxxxxxx>
> wrote:
>> 
>> However, if I restart the backend at this point, I get the old entries
>> back again in addition to the fixed entries.
>> 
>> Given this cluster isn't yet in production, I've just stopped the entire
>> cluster, deleted mailboxes.db from everything and "rm -rf
>> ${partition-default}/*" in case there was something bad lurking around
>> from previous experiments. But it's still the case that if I "cm
>> user.simon" on the frontend with cyradm, the mailboxes.db on the backend
>> appears as "... 1 store-101...!default..."
>> 
>> So for some reason I'm not getting correct mailbox location information
>> created on the backends.
>> 
>> I've included my cyrus.conf files and the murder master's imapd.conf
> below
>> in case there's something wrong I've put in any of those.
>> 
>> Cheers
>> 
>> Simon
>> 
>> =====================
>> Backend/frontend cyrus.conf
>> 
>> START {
>>  recover       cmd="ctl_cyrusdb -r"
>>  idled         cmd="idled"
>>  #the next line is only present on the backend
>>  mupdatepush   cmd="ctl_mboxlist -m"
>> }
>> SERVICES {
>>  imap          cmd="imapd" listen="imap" proto="tcp4" prefork=2
>>  imaps         cmd="imapd -s" listen="imaps" proto="tcp4" prefork=5
>>  pop3          cmd="pop3d" listen="pop3" proto="tcp4" prefork=2
>>  pop3s         cmd="pop3d -s" listen="pop3s" proto="tcp4" prefork=2
>>  sieve         cmd="timsieved" listen="sieve" proto="tcp4" prefork=2
>>  mupdate       cmd="mupdate" listen="3905" proto="tcp4" prefork=2
>>  fud           cmd="fud" listen="4201" proto="udp4" prefork=1
> maxchild=10
>>  lmtp          cmd="lmtpd -a" listen="127.0.0.1:2003" prefork=1
>> }
>> EVENTS {
>>  checkpoint    cmd="ctl_cyrusdb -c" period=30
>>  delprune      cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
>>  tlsprune      cmd="tls_prune" at=0400
>> }
>> 
>> ======================
>> Murder master /etc/cyrus.conf
>> 
>> START {
>>  recover       cmd="ctl_cyrusdb -r"
>>  idled         cmd="idled"
>> }
>> SERVICES {
>>  mupdate       cmd="mupdate -m" listen="mupdate" prefork=1
>> }
>> EVENTS {
>>  checkpoint    cmd="ctl_cyrusdb -c" period=30
>>  delprune      cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
>>  tlsprune      cmd="tls_prune" at=0400
>> }
>> 
>> 
>> ======================
>> Murder master /etc/imapd.conf
>> 
>> admins:                 cyrus cyrus-frontend
>> allowplaintext:         true
>> configdirectory:        /var/lib/imap
>> duplicate_db:           skiplist
>> improved_mboxlist_sort: true
>> lmtp_downcase_rcpt:     true
>> normalizeuid:           true
>> partition-default:      /var/spool/imap
>> ptscache_db:            skiplist
>> sasl_mech_list:         DIGEST-MD5 PLAIN LOGIN
>> sasl_pwcheck_method:    auxprop
>> sievedir:               /var/lib/imap/sieve
>> statuscache_db:         skiplist
>> tlscache_db:            skiplist
>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>> unix_group_enable:      false
>> 
>> 
>>> imapd is trying to proxy because the entry "1
>>> store-101.internal.example.com" tells it that it's remote, even though
> it
>>> is not.  Theoretically this would work correctly with a unified murder
>>> configuration, where any machine can proxy for another, but it isn't
>>> implemented.  The mailbox entry on the backend should look like;
>>> 
>>> user.simon      0    default simon lrswipkxtecda
>>> 
>>> I'm not sure how the mailbox list ended up with entries like that on
> your
>>> backend.  Are you running mupdate there?  There should probably be a
>>> warning in the docs about not starting mupdate on a backend, if there
>>> isn't
>>> already.  To fix it, you may need to dump the db to text, use
>>> sed/awk/perl
>>> (pick your favorite) and change all the "1 servername!default" to "0
>>> default", remove the old db and reload it.   Hope that helps.
>>> 
>>> -Brian
>>> 
>>> On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale"
>>> <simon@xxxxxxxxxxxx>
>>> wrote:
>>>> I'm having problems with getting the backend responding correctly in a
>>>> murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4).
>>> I've
>>>> got it so that I can run cyradm and issue 'cm user.simon' on the
>>> frontend,
>>>> see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
>>>> murder, frontend and backend all list the relevant backend location:
>>>> 
>>>> user.simon      1 store-101.internal.example.com!default simon
>>>> lrswipkxtecda
>>>> 
>>>> 
>>>> However, when I run imtest and login on the frontend:
>>>> . LIST "" "*"
>>>> * LIST (\HasNoChildren) "." "INBOX"
>>>> . OK Completed (0.000 secs 2 calls)
>>>> . SELECT INBOX
>>>> . NO Server(s) unavailable to complete operation
>>>> 
>>>> 
>>>> Looking at the output of strace and syslogs on the backend, it appears
>>>> that the backend is trying to make a new TLS connection back to itself
>>>> rather than directly answering the incoming SELECT.
>>>> 
>>>> Apr 26 13:24:09 store-101 imap[26128]: accepted connection
>>>> Apr 26 13:24:09 store-101 master[26615]: about to exec
>>>> /usr/lib/cyrus-imapd/imapd
>>>> Apr 26 13:24:09 store-101 imap[26128]: login:
>>>> switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User
>>> logged
>>>> in
>>>> Apr 26 13:24:09 store-101 imap[26615]: executed
>>>> Apr 26 13:24:09 store-101 imap[26615]: accepted connection
>>>> Apr 26 13:24:09 store-101 master[26616]: about to exec
>>>> /usr/lib/cyrus-imapd/imapd
>>>> Apr 26 13:24:09 store-101 imap[26616]: executed
>>>> Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
>>>> /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
>>>> Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH
>>>> parameters
>>>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
>>>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>>>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>>>> Apr 26 13:24:09 store-101 imap[26128]: received server certificate
>>>> Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
>>>> DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
>>>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
>>>> Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
>>>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>>>> Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
>>>> server: no mechanism available
>>>> 
>>>> Can anyone help me work out why the backend appears to be attempting to
>>>> proxy onwards rather than answering the SELECT itself?
>>>> 
>>>> ===================
>>>> Backend imapd.conf:
>>>> 
>>>> admins:                 cyrus cyrus-frontend
>>>> allowallsubscribe:      true
>>>> allowplaintext:         true
>>>> allowusermoves:         true
>>>> configdirectory:        /var/lib/imap
>>>> delete_mode:            delayed
>>>> duplicate_db:           skiplist
>>>> expunge_mode:           delayed
>>>> hashimapspool:          true
>>>> improved_mboxlist_sort: true
>>>> lmtp_downcase_rcpt:     true
>>>> mupdate_authname:       cyrus-frontend
>>>> mupdate_password:       ********
>>>> mupdate_server:         switch-102.internal.example.com
>>>> mupdate_username:       cyrus-frontend
>>>> normalizeuid:           true
>>>> partition-default:      /var/spool/imap
>>>> proxyservers:           cyrus-frontend
>>>> ptscache_db:            skiplist
>>>> sasl_mech_list:         PLAIN LOGIN DIGEST-MD5
>>>> sasl_pwcheck_method:    auxprop
>>>> servername:             store-101.internal.example.com
>>>> sievedir:               /var/lib/imap/sieve
>>>> statuscache_db:         skiplist
>>>> tlscache_db:            skiplist
>>>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>>>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>>>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>>>> unix_group_enable:      false
>>>> 
>>>> 
>>>> ====================
>>>> Frontend imapd.conf:
>>>> 
>>>> admins:                 cyrus
>>>> allowplaintext:         false
>>>> allowusermoves:         true
>>>> configdirectory:        /var/lib/imap
>>>> delete_mode:            delayed
>>>> duplicate_db:           skiplist
>>>> expunge_mode:           delayed
>>>> improved_mboxlist_sort: true
>>>> lmtp_downcase_rcpt:     true
>>>> mupdate_authname:       cyrus-frontend
>>>> mupdate_password:       ********
>>>> mupdate_server:         switch-102.internal.example.com
>>>> mupdate_username:       cyrus-frontend
>>>> normalizeuid:           true
>>>> partition-default:      /var/spool/imap
>>>> proxy_authname:         cyrus-frontend
>>>> proxyd_disable_mailbox_referrals:       true
>>>> proxy_password:         ********
>>>> ptscache_db:            skiplist
>>>> sasl_mech_list:         PLAIN
>>>> sasl_pwcheck_method:    auxprop saslauthd
>>>> serverlist:             store-101.internal.example.com
>>>> servername:             switch-101.internal.example.com
>>>> sieve_allowreferrals:   false
>>>> sievedir:               /var/lib/imap/sieve
>>>> sieveusehomedir:        0
>>>> statuscache_db:         skiplist
>>>> tlscache_db:            skiplist
>>>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>>>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>>>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>>>> unix_group_enable:      false
>>>> 
>>>> 
>>>> ----
>>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>> 

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux