what is the best way to migrate

Kjetil Torgrim Homme kjetilho at ifi.uio.no
Thu Jun 22 17:13:24 EDT 2006 

On Thu, 2006-06-22 at 20:53 +0200, Rudy Gevaert wrote:
> I had a look at the FAQ of imapsync and it seems that I can authenticate 
> as the admin user, but authorize as a normal user.  I hope that works! 
> It would be great!

yes, it works.

> For no downtime we would kick of the sync in advance, and after some 
> time we would have an almost identical copy.  Then let the users connect 
> to the new server(s) and let lmtp deliver to the new server(s).  Then do 
> a last sync to get the last mails over.

the tricky bit is to kick the user out of the old server.  I haven't
found a good way to do this.  so basically you'll do:

  0) do a rough sync
  1) kick user out (how?)
  2) stop delivery for user
  3) update which server is in charge of user
  4) start delivery for user
  5) sync remaining changes

the second tricky bit is you can't run imapsync with --delete, since new
messages can have been delivered, or created by the user (think
INBOX.Sent).  this means deleted (expunged) messages may reappear.  a
similar and more serious problem is that flags set on the new server
before the final sync is done will be reset.

> I haven't tested this, so maybe I'm to hopefull.  Maybe we can do it for 
> small/big accounts only.  I'll see if I come to that.

my servers can only transfer mail data at about 150 KiB/s, so you need
to have patience.  syncing flags only is much faster, of course.

what we do:

      * we add a move request to our user database
      * when time for the move is imminent, LDAP is updated to include
        an extra attribute, mailPause.
      * user authentication will not succeed when this attribute is True
      * mail will be queued while this attribute is True
      * we now start to move the data using imapsync
      * when it's done, the request is closed and the LDAP attributes
        mailPause and IMAPserver are updated.
      * queued e-mail is delivered

doing a pre-sync to reduce downtime for the user would be a good idea,
although it wouldn't make much difference in our current set up.
typically the user is locked out for an hour, mostly due to our LDAP
updates only happening every 50 minutes.  pre-sync and instanteous LDAP
updates would be nice, it should be down to 1-2 minutes then, even for
big users.
-- 
Kjetil T.

More information about the Info-cyrus mailing list