<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
So, once again I'll anwser my own question ;) The cyradm session slows
down suddenly because the numerous sasl authentications the imap server
does when connecting to the mupdate server completely drain the
/dev/random entropy generator... Because I don't want to recompile
cyrus-sasl (and the hardware random number generator on my Dell servers
doesn't seem to work), I made a symlink from /dev/urandom to
/dev/random and it solved the problem.<br>
<br>
Yet I have 2 other questions:<br>
<br>
<ul>
<li>Why isn't the RNG used by cyrus-sasl configurable at runtime, but
only at compile-time? OpenLDAP has a config option called "TLSRandFile"
for this.<br>
</li>
<li>Why does the imap server (on which I'm connected with cyradm)
establish a new connection to mupdate for *every single call* to
"setaclmailbox user.XXXX cyrus kxa"? Because I change the ACL of 400
mailboxes, imap must reauthenticate 400 times in a row.<br>
</li>
</ul>
<br>
Regards<br>
<br>
<br>
Farzad FARID wrote:
<blockquote cite="mid452F6999.4010109@pragmatic-source.com" type="cite">
<pre wrap="">Hi,
I write a script for cyradm to set the ACLs for all the users, like this:
setaclmailbox user.perez cyrus kxa
setaclmailbox user.pirat cyrus kxa
setaclmailbox user.plouvier cyrus kxa
setaclmailbox user.pruche cyrus kxa
setaclmailbox user.seltani cyrus kxa
setaclmailbox user.serre cyrus kxa
setaclmailbox user.solers cyrus kxa
...[400 accounts]...
I then feed the script to cyradm. But after 10 lines, the execution
suddenly slows down to a crawl, and only one "setaclmailbox" every 10 or
20 seconds is executed.
I'm running a unified cyrus murder 2.3.7, with 2 imap servers and 1
mupdate server. I ran the script only on one imap server, and all the
accounts belong to this server.
These are the logs I see on the mupdate server. The imap server keeps
connecting/disconnecting from the mupdate server, and the mupdate server
seems to spend a lot of time in either cmd_find or cmd_set.
Oct 13 12:19:04 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
Oct 13 12:19:04 oban cyrus/mupdate[23028]: cmd_set(fd:15, user.fboudali)
Oct 13 12:19:04 oban cyrus/mupdate[23028]: cmd_find(fd:17, user.fboudali)
Oct 13 12:19:05 oban cyrus/mupdate[23028]: accepted connection
Oct 13 12:19:05 oban cyrus/mupdate[23028]: telling master 4
Oct 13 12:19:05 oban cyrus/master[22804]: service mupdate pid 23028 in
READY state: serving one more multi-threaded connection
Oct 13 12:19:05 oban cyrus/master[22804]: service mupdate now has 1
ready workers
Oct 13 12:19:06 oban cyrus/mupdate[23028]: cmd_find(fd:14, user.fboudali)
Oct 13 12:19:23 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
Oct 13 12:19:23 oban cyrus/mupdate[23028]: cmd_set(fd:15, user.bpincede)
Oct 13 12:19:23 oban cyrus/mupdate[23028]: cmd_find(fd:17, user.bpincede)
Oct 13 12:19:24 oban cyrus/mupdate[23028]: accepted connection
Oct 13 12:19:24 oban cyrus/mupdate[23028]: telling master 4
Oct 13 12:19:24 oban cyrus/master[22804]: service mupdate pid 23028 in
READY state: serving one more multi-threaded connection
Oct 13 12:19:24 oban cyrus/master[22804]: service mupdate now has 1
ready workers
Oct 13 12:19:26 oban cyrus/mupdate[23028]: cmd_find(fd:14, user.bpincede)
Oct 13 12:19:29 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
Oct 13 12:19:29 oban cyrus/mupdate[23028]: cmd_set(fd:15, user.albonnefoy)
Oct 13 12:19:29 oban cyrus/mupdate[23028]: cmd_find(fd:17, user.albonnefoy)
Oct 13 12:19:29 oban cyrus/mupdate[23028]: accepted connection
Oct 13 12:19:29 oban cyrus/mupdate[23028]: telling master 4
Oct 13 12:19:29 oban cyrus/master[22804]: service mupdate pid 23028 in
READY state: serving one more multi-threaded connection
Oct 13 12:19:29 oban cyrus/master[22804]: service mupdate now has 1
ready workers
Oct 13 12:19:29 oban cyrus/mupdate[23028]: login:
aberlour.srv.in.karavel.com [10.12.17.44] aberlour DIGEST-MD5 User logged in
When I try to trace the mupdate threads, all I see is that the threads
seem to spend a lot a time waiting on locks (futex on the linux
implementation of threads), and very little time reading or writing any
file.
Can anybody explain this to me and help me debug it? Or is there another
way to set hundreds of ACLs in a row?
Regards
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Farzad FARID <a class="moz-txt-link-rfc2396E" href="mailto:ffarid@pragmatic-source.com"><ffarid@pragmatic-source.com></a>
Architecte Open Source / Pragmatic Source
<a class="moz-txt-link-freetext" href="http://www.pragmatic-source.com/">http://www.pragmatic-source.com/</a></pre>
</body>
</html>