Cyrus Replication (example) [was Re: restore from cyrdump]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Folks,
Following Willy Offermans' recent response to this thread, I've decided to jump in, but wish to quote a bit more of Patrick's original message (below), hence the out-of-sequence reply.

I'd like to address Patrick's issues in pretty much the order they're presented here.  Firstly, however, I would like to echo some confusion as to the purpose of cyrdump.  It seems to have been around since at least 2.2.3, but documentation has appeared only fleetingly, and says little about the program:
NAME
       cyrdump - dump mailboxes to stdout

SYNOPSIS
       cyrdump [-C <configfile>] [-v] [mboxpattern ...]

DESCRIPTION
       A tool for dumping IMAP mailboxes on a server.

       -C <configfile>
              Specify an alternate configuration file ( is used by default)

       -v     Increase program verbosity.
Not much help, that.

As for the utility of filesystem snapshots, be they LVM2, ZFS, XFS, etc., this of course extends only so far as the stability of the underlying data.  If your data is in flux at the time of the snapshot (unwritten buffers, etc.) then you'll only snapshot an incoherent, or "crash-consistent", state.  Thus it's important to consider the relative cost and consequence of taking the extra steps to quiesce the application prior to the snapshot.

We perform ZFS snapshots very frequently, without application quiescence, under the belief that even crash-consistent data is better than no data, in a DR scenario, and we replicate this data across multiple machines and sites, to further improve any potential DR outcome.  However, we also make "application-consistent" backups, which require application quiescence, as Patrick has described.  His initial suggestion -- stop cyrus, snapshot, restart cyrus -- is reasonable, but we feel that the later suggestion -- stop cyrus, tar up data, start cyrus -- is not.  It takes data offline for too long.  That's why the snapshot capability is necessary in any truly suitable server.

If you, like us, maintain your "config" and spool (and potentially meta) data on separate filesystems, you must remember to snapshot them all.  Also, if you're going to stop and start cyrus like this, it pays to remove heavyweight processes (i.e. delprune, checkpoint, sqautter) from the START section of cyrus.conf, to prevent extensive delays at restart, and let them be performed periodically (in EVENTS) instead.

I will say that the ability to quiesce the application without halting it would be most desirable.  Most databases have supported this sort of thing for ages, and it would be great if one could send a signal to Cyrus to achieve the same result.  One wonders, however, if the model of master process (cyrmaster for Debian-based distros) with potentially hundreds or thousands of child daemons, would lend itself to this.

But snapshots, whatever their consistency or coherence, will always be less useful for DR than a replica, and in Cyrus this is not only available, but not really that hard to get up and running.  The differences between the imapd.conf files on a master and replica can be this simple, or simpler even, as this example is from a murder (from a running pair):
--- imapd-master.conf	2014-11-24 13:37:45.752639666 -0600
+++ imapd-replica.conf	2014-11-24 13:31:58.702611566 -0600
@@ -1,22 +1,14 @@
 ##
-# These configuration parameters are for the master server
-# in a replication set
-servername: master.example.com
+# These configuration parameters are for the replica server in a
+# replication cluster
+servername: replica.example.com
 
-##
-# Auth credentials
-mupdate_server: mupdate.example.com
-mupdate_username: mupdate
-mupdate_authname: mupdate
-mupdate_password: <password>
-
-##
-# Replication support
-# This is how the BACKEND for this host is defined
-sync_host: replica.example.com
-sync_authname: mailproxy
-sync_password: <password>
-sync_compress: true
-sync_log: true
-sync_repeat_interval: 5
-sync_shutdown_file: /var/run/cyrus/sync_stop
+## Auth credentials
+# The credentials below must match the account listed in lmtp_admins
+# on the backend servers.
+proxy_authname: mailproxy
+proxy_password: <password>
+force_sasl_client_mech: PLAIN
+mupdate_mechs: PLAIN
+mailbox_mechs: PLAIN
+serverlist: master
The changes in cyrus.conf are similarly brief:
--- master/cyrus.conf	2014-11-24 14:01:26.832602819 -0600
+++ replica/cyrus.conf	2014-11-24 14:01:42.212637226 -0600
@@ -15,8 +15,8 @@
 	# Master sends mailbox updates to mupdate.
 	# Replication client runs on Master.
 	# Comment these 2 lines out on replicas
-	#mupdatepush		cmd="/usr/sbin/cyrus ctl_mboxlist -m"
-	#syncclient		cmd="/usr/lib/cyrus/bin/sync_client -r"
+	mupdatepush		cmd="/usr/sbin/cyrus ctl_mboxlist -m"
+	syncclient		cmd="/usr/lib/cyrus/bin/sync_client -r"
 
 	# this is recommended if using duplicate delivery suppression
 	#delprune	cmd="/usr/sbin/cyrus expire -E 3 -D 60 -X 60" at=0400
@@ -55,7 +55,7 @@
 	##
 	# Synchronization for remote replication.
 	# Comment this out on Master, uncomment on replicas
-	syncserver       cmd="/usr/lib/cyrus/bin/sync_server" listen="csync"
+	#syncserver       cmd="/usr/lib/cyrus/bin/sync_server" listen="csync"
 
 	# Experimental httpd for caldav
 	httpd		cmd="httpd" listen=8080 prefork=1 maxchild=20
It's just not that hard to implement, and for the security and safety it provides is well worth it.

Note that if you're using a murder, the server name must be preserved between the two hosts, in the event of a fail-over, and only the master should communicate with the mupdate server (as shown in my example).  If you're not using a murder, then most of these differences go away (all the mupdate stuff).  Of course, you'll need to switch DNS or have some other way of dealing with fail-over on layer 3.

We put all common configuration into /etc/imapd.conf, and then use the @include directive to include the appropriate file fragment, either imapd-master.conf or imapd-replica.conf.  For the cyrus.conf, it's just a couple of line edits -- commenting and uncommenting -- so we do that by hand.  You've got to intervene to update the DNS, in any event, so this much more is trivial.

Lastly, as to the use of imapsync to achieve user, mailbox or server replication, and the authentication requirements thereof, I would suggest reading the README file for that application, which includes this:
    You may authenticate as one user (typically an admin user), but be
    authorized as someone else, which means you don't need to know every
    user's personal password. Specify --authuser1 "adminuser" to enable this
    on host1.
So your command line is much like Patrick's example, but with '--user1 <user> --authuser1 <proxyuser> --user2 <user>...'
Of course you must create a proxy user, and Cyrus supports this with the 'proxyserver' directive in imapd.conf (man imapd.conf for details), i.e.: 'proxyservers:    proxyuser'.

However, I must be honest and point out that if you're going to go to the trouble of figuring out how to use imapsync (and possibly pay for it, to boot) you may as well just set up a replica.  As I've shown, above, it's just not that hard.

Cheers,
    -nic

On 12/15/2014 05:01 PM, Patrick Goetz wrote:
This still leaves the question of how best to back up a cyrus mailstore.

Bron mentioned that most people are using LVM snapshots.  I don't see 
how using btrfs/LVM/ZFS snapshots can save you from a race condition 
between when the cyrus user directory is updated and when mailboxes.db 
is updated.  The only way I would trust this is by doing this:

    1. Stop cyrus
    2. Snapshot
    3. Restart cyrus


cyrdump:  near as I can tell the only useful purpose this serves is to 
assemble all email messages into a single "mbox" file (can anyone 
confirm this)?

ctl_mboxlist: this seems useful for making a human readable copy of the 
mailboxes.db file, but I'm not sure how this could be useful for 
disaster recovery, given the previously mentioned issue about keeping 
the mailboxes.db file synchronized with the contents of the user dir.

So, given a simple mail server (i.e. no murder + replication), and when 
using a filesystem (e.g. ext4 or XFS) which doesn't do snapshots, it 
would appear that the only safe way to backup up a cyrus mailstore is to 
either using something like imapsync, or

    1. Stop cyrus
    2. tar cvf /some/safe/place/user.tar {default-partion}
    3. tar cvf /some/safe/place/cyrusdb.tar {configdirectory}
    4. Restart cyrus

The way I've used imapsync in the past required copying mail folders per 
authenticated user account; i.e. something like

imapsync --host1 my_host1 --authmech1 LOGIN --user1 my_user1 --password1 
xxxxx --host2 my_host2 --authmech2 PLAIN --user2 my_user2 --password2 xxxxx

which in particular means knowing everyone's passwords.  This is 
entirely unworkable for larger sites, and I'm not sure if there is a 
trick for getting around this.

-- 
Nic Bernstein                             nic@xxxxxxxxxxx
Onlight, Inc.                             www.onlight.com
219 N. Milwaukee St., Suite 2a            v. 414.272.4477
Milwaukee, Wisconsin  53202
begin:vcard
fn:Nic Bernstein
n:Bernstein;Nic
org:Onlight, Inc.
adr:Suite 2A;;219 N Milwaukee St.;Milwaukee;WI;53202;USA
email;internet:nic@xxxxxxxxxxx
title:VP Operations
tel;work:414-272-4477 x204
tel;cell:414-807-1734
url:http://www.onlight.com/
version:2.1
end:vcard

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux