Replication problem

Patrick Radtke phr2101 at columbia.edu
Wed May 17 14:33:57 EDT 2006 

Don't put  syncclient  in the SERVICE section,  it should go in the  
START section.

Your syncserver line looks correct.

How many users are on your primary? Possibly you see thrashing on the  
replica if its doing the initial copy of everyone's files. The  
initial sync can be time consuming depending on mailbox size and  
number of users.

You can also try running sync_client manually

//to sync a specific user with logging and in verbose mode
sync_client -v -l -u  username

-Patrick
On May 17, 2006, at 12:17 PM, David Korpiewski wrote:

> Hi Patrick,
>    I do apologize, that message was hurried so I could get it out  
> and you are right, I did not correctly label things.  Your  
> suggestion fixed my main problem, however, a new problem appeared.
>
> It started to work when I set the replica to use "sasl_mech_list:  
> PLAIN".  I had accidentally put this line into my master instead of  
> the replica, hence, why it didn't work.
>
> So the replica works, but something else is broken:
>
> Right now the sync is updating at at least once a second.  
> Unfortunately, it is tying up all of the resources on the replica,  
> leading it to thrash and eventually crash.
>
> I set this option in imapd.conf files on both master and replica,  
> but it has no effect:
>
> sync_repeat_interval: 10
>
> One other note: I found it interesting that the install- 
> replication.html instructions never mentioned adding a prefork=1 to  
> the sync-server and sync-client SERVICE lines.  I added these and  
> it was the only way I could keep the sync-server and sync-client  
> running in the background. It makes me wonder if this has something  
> to do with my problem the runaway replication, especially since now  
> I have two sync_client and two sync_server daemons running...... 
> (sync_client running on master, sync_server on replica)
>
> syncclient    cmd="/usr/lib/cyrus-imapd/sync_client -r"  
> listen="csync" prefork=1
> syncserver       cmd="/usr/lib/cyrus-imapd/sync_server"  
> listen="csync" prefork=1
>
>
>
> Here are some logs and other data:
>
> imapd.conf on the master (LMC1)
> ------------------------
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus davidk
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
>
> sync_authname: cyrus
> sync_log: 1
> sync_host: lmc2.cs.umass.edu
> sync_repeat_interval: 10
> sync_password: XXXXXXXXX
>
> tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
> tls_ca_file:  /usr/share/ssl/certs/cyrus1.pem
> tls_cert_file:  /usr/share/ssl/certs/cyrus1.pem
> tls_key_file:  /usr/share/ssl/certs/cyrus.key
>
>
>
> imapd.conf on the replica (LMC2)
> -------------------------
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus davidk
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
>
> sync_repeat_interval: 10
> sync_machineid:2
> sync_log: 1
>
> tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
> tls_ca_file: /usr/share/ssl/certs/cyrus2.pem
> tls_cert_file: /usr/share/ssl/certs/cyrus2.pem
> tls_key_file: /usr/share/ssl/certs/cyrus.key
>
>
>
> Running log of the Master:
> -------------------------
> May 17 11:30:56 lmc1 master[20248]: process 20361 exited, status 0
> May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
> May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
> May 17 11:30:56 lmc1 master[20367]: about to exec /usr/lib/cyrus- 
> imapd/sync_client
> May 17 11:30:56 lmc1 sync_client[20364]: received server certificate
> May 17 11:30:56 lmc1 sync_client[20364]: starttls: TLSv1 with  
> cipher AES256-SHA (256/256 bits new) no authentication
> May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
> May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
> May 17 11:30:56 lmc1 sync_client[20367]: received server certificate
> May 17 11:30:56 lmc1 sync_client[20367]: starttls: TLSv1 with  
> cipher AES256-SHA (256/256 bits new) no authentication
> May 17 11:30:56 lmc1 master[20248]: process 20367 exited, status 0
> May 17 11:30:56 lmc1 master[20370]: about to exec /usr/lib/cyrus- 
> imapd/sync_client
> May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
> May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
> May 17 11:30:57 lmc1 sync_client[20370]: received server certificate
> May 17 11:30:57 lmc1 sync_client[20370]: starttls: TLSv1 with  
> cipher AES256-SHA (256/256 bits new) no authentication
> May 17 11:30:57 lmc1 master[20248]: process 20364 exited, status 0
> May 17 11:30:57 lmc1 master[20373]: about to exec /usr/lib/cyrus- 
> imapd/sync_client
> May 17 11:30:57 lmc1 master[20248]: process 20370 exited, status 0
> May 17 11:30:57 lmc1 master[20376]: about to exec /usr/lib/cyrus- 
> imapd/sync_client
> May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
> May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
> May 17 11:30:57 lmc1 sync_client[20373]: received server certificate
> May 17 11:30:57 lmc1 sync_client[20373]: starttls: TLSv1 with  
> cipher AES256-SHA (256/256 bits new) no authentication
> May 17 11:30:57 lmc1 sync_client[20376]: Doing a peer verify
>
>
>
>
> Running log of the Replica:
> --------------------------
> May 17 11:30:56 lmc2 master[17441]: about to exec /usr/lib/cyrus- 
> imapd/sync_server
> May 17 11:30:56 lmc2 syncserver[17440]: accepted connection
> May 17 11:30:56 lmc2 syncserver[17440]: cmdloop(): startup
> May 17 11:30:57 lmc2 syncserver[17441]: executed
> May 17 11:30:57 lmc2 syncserver[17440]: starttls: TLSv1 with cipher  
> AES256-SHA (256/256 bits new) no authentication
> May 17 11:30:57 lmc2 syncserver[17438]: login: lmc1.cs.umass.edu  
> [128.119.243.236] cyrus PLAIN+TLS User logged in
> May 17 11:30:57 lmc2 master[17442]: about to exec /usr/lib/cyrus- 
> imapd/sync_server
> May 17 11:30:57 lmc2 syncserver[17441]: accepted connection
> May 17 11:30:57 lmc2 syncserver[17442]: executed
> May 17 11:30:57 lmc2 syncserver[17441]: cmdloop(): startup
> May 17 11:30:57 lmc2 syncserver[17440]: login: lmc1.cs.umass.edu  
> [128.119.243.236] cyrus PLAIN+TLS User logged in
> May 17 11:30:57 lmc2 master[17443]: about to exec /usr/lib/cyrus- 
> imapd/sync_server
> May 17 11:30:57 lmc2 syncserver[17442]: accepted connection
> May 17 11:30:57 lmc2 syncserver[17442]: cmdloop(): startup
> May 17 11:30:57 lmc2 syncserver[17443]: executed
>
>
> Thank you for any help!
> It is much appreciated!
> David
>
>
>
>
> Patrick H Radtke wrote:
>> PLAIN for sasl_pwcheck_method isn't a valid option. Keep it as  
>> saslauthd (and then make sure the testsaslauthd program works with  
>> your sync username and password).
>> I think you showed me your primary imapd.conf and not the replica's.
>> What does imtest show you when you log into the replica  
>> (capability lines)?
>> -Patrick
>> On Tue, 16 May 2006, David Korpiewski wrote:
>>> Hello Patrick!
>>>
>>> I set the sasl_pwcheck_method to be PLAIN from what it used to be  
>>> (saslauthd) on the replica server.
>>>
>>> Still doesn't work though, it gives me this error:
>>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL 
>>> (-13): user not found: no secret in database]
>>>
>>> HISTORY:
>>> our servers are set up with saslauthd for their  
>>> sasl_pwcheck_method. Saslauthd uses PAM for ldap authentication.   
>>> This works fine for receiving email and authenticating users with  
>>> their mail clients. However, this doesn't appear to work for  
>>> sync_server when authenticating the sync_client.
>>>
>>> These are pieces of my replica's imapd.conf:
>>>
>>> sasl_pwcheck_method: saslauthd
>>> sasl_mech_list: PLAIN
>>> sync_authname: cyrus
>>> sync_log: 1
>>> sync_host: lmc2.cs.umass.edu
>>> sync_repeat_interval: 5
>>> sync_password: XXXXXXXXXX
>>>
>>>
>>> Thank you for any help you can offer!
>>> David
>>>
>>>
>>> Patrick Radtke wrote:
>>>>
>>>> did you try setting
>>>> sasl_pwcheck_method on the replica?
>>>>
>>>> 'unix' isn't a SASL mechanism.
>>>>
>>>> you may want to try PLAIN (what do you use currently on the  
>>>> primary server)?
>>>>
>>>> on the replica use this line
>>>> sasl_mech_list: PLAIN
>>>>
>>>> to make it only advertise PLAIN authentication, and then the  
>>>> primary machine will try using that sasl mechanism when connecting.
>>>> This will then invoke what you have for your sasl_pwcheck_method.
>>>>
>>>> -Patrick
>>>>
>>>> On May 16, 2006, at 3:47 PM, David Korpiewski wrote:
>>>>
>>>>> I'm in the middle of trying to set up replication.  However, I  
>>>>> keep running into a problem.
>>>>>
>>>>> The replication error I'm getting on the replica is this if I  
>>>>> don't specify a sync_authname and sync_password:
>>>>>
>>>>>  syncserver[7682]: starttls: TLSv1 with cipher AES256-SHA  
>>>>> (256/256 bits new) no authentication
>>>>>
>>>>> I get this error if I'm specifying a sync_authname and  
>>>>> sync_password:
>>>>>
>>>>>  badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL 
>>>>> (-13): user not found: no secret in database]
>>>>>
>>>>> MY QUESTION IS THIS:
>>>>> How can I change what sync_server uses for its authentication?   
>>>>> I want it to either use LDAP or the local passwd/shadow files.   
>>>>> It obviously keeps trying to use DIGEST-MD5, in which case it  
>>>>> would have to look for a md5 file in a particluar location, but  
>>>>> I don't see how to specify that either.
>>>>>
>>>>> I tried setting auth_mech and sasl_auth_mech to be "unix" in  
>>>>> the /etc/imapd.conf but that doesn't change anything.
>>>>>
>>>>> Can anyone help me?
>>>>> Thanks,
>>>>> David
>>>>>
>>>>>
>>>>>
>>>>> ----------------------------------------------------------
>>>>> David Korpiewski                     Phone: 413-545-4319
>>>>> Software Specialist I                Fax:   413-577-2285
>>>>> Department of Computer Science       ICQ:   7565766
>>>>> University of Massachusetts Amherst
>>>>> --------------------------------------------------------
>>>>>
>>>>> ----
>>>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>> -- 
>>> --------------------------------------------------------
>>> David Korpiewski                     Phone: 413-545-4319
>>> Software Specialist I                Fax:   413-577-2285
>>> Department of Computer Science       ICQ:   7565766
>>> University of Massachusetts Amherst
>>> --------------------------------------------------------
>>>
>>>
>
> -- 
> --------------------------------------------------------
> David Korpiewski                     Phone: 413-545-4319
> Software Specialist I                Fax:   413-577-2285
> Department of Computer Science       ICQ:   7565766
> University of Massachusetts Amherst
> --------------------------------------------------------
>

More information about the Info-cyrus mailing list