Replication problem
David Korpiewski
davidk at cs.umass.edu
Wed May 17 14:42:37 EDT 2006
I swear I'm going to tattoo "RTFM" to my forehead. :-)
Putting sync_client into the START section fixed the problem.
Replication works flawlessly now.
Thank you very much for your help!
David
Patrick Radtke wrote:
> Don't put syncclient in the SERVICE section, it should go in the
> START section.
>
> Your syncserver line looks correct.
>
> How many users are on your primary? Possibly you see thrashing on the
> replica if its doing the initial copy of everyone's files. The initial
> sync can be time consuming depending on mailbox size and number of users.
>
> You can also try running sync_client manually
>
> //to sync a specific user with logging and in verbose mode
> sync_client -v -l -u username
>
> -Patrick
> On May 17, 2006, at 12:17 PM, David Korpiewski wrote:
>
>> Hi Patrick,
>> I do apologize, that message was hurried so I could get it out and
>> you are right, I did not correctly label things. Your suggestion
>> fixed my main problem, however, a new problem appeared.
>>
>> It started to work when I set the replica to use "sasl_mech_list:
>> PLAIN". I had accidentally put this line into my master instead of
>> the replica, hence, why it didn't work.
>>
>> So the replica works, but something else is broken:
>>
>> Right now the sync is updating at at least once a second.
>> Unfortunately, it is tying up all of the resources on the replica,
>> leading it to thrash and eventually crash.
>>
>> I set this option in imapd.conf files on both master and replica, but
>> it has no effect:
>>
>> sync_repeat_interval: 10
>>
>> One other note: I found it interesting that the
>> install-replication.html instructions never mentioned adding a
>> prefork=1 to the sync-server and sync-client SERVICE lines. I added
>> these and it was the only way I could keep the sync-server and
>> sync-client running in the background. It makes me wonder if this has
>> something to do with my problem the runaway replication, especially
>> since now I have two sync_client and two sync_server daemons
>> running......(sync_client running on master, sync_server on replica)
>>
>> syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync"
>> prefork=1
>> syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync"
>> prefork=1
>>
>>
>>
>> Here are some logs and other data:
>>
>> imapd.conf on the master (LMC1)
>> ------------------------
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> admins: cyrus davidk
>> sievedir: /var/lib/imap/sieve
>> sendmail: /usr/sbin/sendmail
>> hashimapspool: true
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>>
>> sync_authname: cyrus
>> sync_log: 1
>> sync_host: lmc2.cs.umass.edu
>> sync_repeat_interval: 10
>> sync_password: XXXXXXXXX
>>
>> tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
>> tls_ca_file: /usr/share/ssl/certs/cyrus1.pem
>> tls_cert_file: /usr/share/ssl/certs/cyrus1.pem
>> tls_key_file: /usr/share/ssl/certs/cyrus.key
>>
>>
>>
>> imapd.conf on the replica (LMC2)
>> -------------------------
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> admins: cyrus davidk
>> sievedir: /var/lib/imap/sieve
>> sendmail: /usr/sbin/sendmail
>> hashimapspool: true
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>>
>> sync_repeat_interval: 10
>> sync_machineid:2
>> sync_log: 1
>>
>> tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
>> tls_ca_file: /usr/share/ssl/certs/cyrus2.pem
>> tls_cert_file: /usr/share/ssl/certs/cyrus2.pem
>> tls_key_file: /usr/share/ssl/certs/cyrus.key
>>
>>
>>
>> Running log of the Master:
>> -------------------------
>> May 17 11:30:56 lmc1 master[20248]: process 20361 exited, status 0
>> May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
>> May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
>> May 17 11:30:56 lmc1 master[20367]: about to exec
>> /usr/lib/cyrus-imapd/sync_client
>> May 17 11:30:56 lmc1 sync_client[20364]: received server certificate
>> May 17 11:30:56 lmc1 sync_client[20364]: starttls: TLSv1 with cipher
>> AES256-SHA (256/256 bits new) no authentication
>> May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
>> May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
>> May 17 11:30:56 lmc1 sync_client[20367]: received server certificate
>> May 17 11:30:56 lmc1 sync_client[20367]: starttls: TLSv1 with cipher
>> AES256-SHA (256/256 bits new) no authentication
>> May 17 11:30:56 lmc1 master[20248]: process 20367 exited, status 0
>> May 17 11:30:56 lmc1 master[20370]: about to exec
>> /usr/lib/cyrus-imapd/sync_client
>> May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
>> May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
>> May 17 11:30:57 lmc1 sync_client[20370]: received server certificate
>> May 17 11:30:57 lmc1 sync_client[20370]: starttls: TLSv1 with cipher
>> AES256-SHA (256/256 bits new) no authentication
>> May 17 11:30:57 lmc1 master[20248]: process 20364 exited, status 0
>> May 17 11:30:57 lmc1 master[20373]: about to exec
>> /usr/lib/cyrus-imapd/sync_client
>> May 17 11:30:57 lmc1 master[20248]: process 20370 exited, status 0
>> May 17 11:30:57 lmc1 master[20376]: about to exec
>> /usr/lib/cyrus-imapd/sync_client
>> May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
>> May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
>> May 17 11:30:57 lmc1 sync_client[20373]: received server certificate
>> May 17 11:30:57 lmc1 sync_client[20373]: starttls: TLSv1 with cipher
>> AES256-SHA (256/256 bits new) no authentication
>> May 17 11:30:57 lmc1 sync_client[20376]: Doing a peer verify
>>
>>
>>
>>
>> Running log of the Replica:
>> --------------------------
>> May 17 11:30:56 lmc2 master[17441]: about to exec
>> /usr/lib/cyrus-imapd/sync_server
>> May 17 11:30:56 lmc2 syncserver[17440]: accepted connection
>> May 17 11:30:56 lmc2 syncserver[17440]: cmdloop(): startup
>> May 17 11:30:57 lmc2 syncserver[17441]: executed
>> May 17 11:30:57 lmc2 syncserver[17440]: starttls: TLSv1 with cipher
>> AES256-SHA (256/256 bits new) no authentication
>> May 17 11:30:57 lmc2 syncserver[17438]: login: lmc1.cs.umass.edu
>> [128.119.243.236] cyrus PLAIN+TLS User logged in
>> May 17 11:30:57 lmc2 master[17442]: about to exec
>> /usr/lib/cyrus-imapd/sync_server
>> May 17 11:30:57 lmc2 syncserver[17441]: accepted connection
>> May 17 11:30:57 lmc2 syncserver[17442]: executed
>> May 17 11:30:57 lmc2 syncserver[17441]: cmdloop(): startup
>> May 17 11:30:57 lmc2 syncserver[17440]: login: lmc1.cs.umass.edu
>> [128.119.243.236] cyrus PLAIN+TLS User logged in
>> May 17 11:30:57 lmc2 master[17443]: about to exec
>> /usr/lib/cyrus-imapd/sync_server
>> May 17 11:30:57 lmc2 syncserver[17442]: accepted connection
>> May 17 11:30:57 lmc2 syncserver[17442]: cmdloop(): startup
>> May 17 11:30:57 lmc2 syncserver[17443]: executed
>>
>>
>> Thank you for any help!
>> It is much appreciated!
>> David
>>
>>
>>
>>
>> Patrick H Radtke wrote:
>>> PLAIN for sasl_pwcheck_method isn't a valid option. Keep it as
>>> saslauthd (and then make sure the testsaslauthd program works with
>>> your sync username and password).
>>> I think you showed me your primary imapd.conf and not the replica's.
>>> What does imtest show you when you log into the replica (capability
>>> lines)?
>>> -Patrick
>>> On Tue, 16 May 2006, David Korpiewski wrote:
>>>> Hello Patrick!
>>>>
>>>> I set the sasl_pwcheck_method to be PLAIN from what it used to be
>>>> (saslauthd) on the replica server.
>>>>
>>>> Still doesn't work though, it gives me this error:
>>>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL(-13):
>>>> user not found: no secret in database]
>>>>
>>>> HISTORY:
>>>> our servers are set up with saslauthd for their sasl_pwcheck_method.
>>>> Saslauthd uses PAM for ldap authentication. This works fine for
>>>> receiving email and authenticating users with their mail clients.
>>>> However, this doesn't appear to work for sync_server when
>>>> authenticating the sync_client.
>>>>
>>>> These are pieces of my replica's imapd.conf:
>>>>
>>>> sasl_pwcheck_method: saslauthd
>>>> sasl_mech_list: PLAIN
>>>> sync_authname: cyrus
>>>> sync_log: 1
>>>> sync_host: lmc2.cs.umass.edu
>>>> sync_repeat_interval: 5
>>>> sync_password: XXXXXXXXXX
>>>>
>>>>
>>>> Thank you for any help you can offer!
>>>> David
>>>>
>>>>
>>>> Patrick Radtke wrote:
>>>>>
>>>>> did you try setting
>>>>> sasl_pwcheck_method on the replica?
>>>>>
>>>>> 'unix' isn't a SASL mechanism.
>>>>>
>>>>> you may want to try PLAIN (what do you use currently on the primary
>>>>> server)?
>>>>>
>>>>> on the replica use this line
>>>>> sasl_mech_list: PLAIN
>>>>>
>>>>> to make it only advertise PLAIN authentication, and then the
>>>>> primary machine will try using that sasl mechanism when connecting.
>>>>> This will then invoke what you have for your sasl_pwcheck_method.
>>>>>
>>>>> -Patrick
>>>>>
>>>>> On May 16, 2006, at 3:47 PM, David Korpiewski wrote:
>>>>>
>>>>>> I'm in the middle of trying to set up replication. However, I
>>>>>> keep running into a problem.
>>>>>>
>>>>>> The replication error I'm getting on the replica is this if I
>>>>>> don't specify a sync_authname and sync_password:
>>>>>>
>>>>>> syncserver[7682]: starttls: TLSv1 with cipher AES256-SHA (256/256
>>>>>> bits new) no authentication
>>>>>>
>>>>>> I get this error if I'm specifying a sync_authname and sync_password:
>>>>>>
>>>>>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5
>>>>>> [SASL(-13): user not found: no secret in database]
>>>>>>
>>>>>> MY QUESTION IS THIS:
>>>>>> How can I change what sync_server uses for its authentication? I
>>>>>> want it to either use LDAP or the local passwd/shadow files. It
>>>>>> obviously keeps trying to use DIGEST-MD5, in which case it would
>>>>>> have to look for a md5 file in a particluar location, but I don't
>>>>>> see how to specify that either.
>>>>>>
>>>>>> I tried setting auth_mech and sasl_auth_mech to be "unix" in the
>>>>>> /etc/imapd.conf but that doesn't change anything.
>>>>>>
>>>>>> Can anyone help me?
>>>>>> Thanks,
>>>>>> David
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------
>>>>>> David Korpiewski Phone: 413-545-4319
>>>>>> Software Specialist I Fax: 413-577-2285
>>>>>> Department of Computer Science ICQ: 7565766
>>>>>> University of Massachusetts Amherst
>>>>>> --------------------------------------------------------
>>>>>>
>>>>>> ----
>>>>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>> ----------------------------------------------------------
>>>> David Korpiewski Phone: 413-545-4319
>>>> Software Specialist I Fax: 413-577-2285
>>>> Department of Computer Science ICQ: 7565766
>>>> University of Massachusetts Amherst
>>>> --------------------------------------------------------
>>>>
>>>>
>>
>> ----------------------------------------------------------
>> David Korpiewski Phone: 413-545-4319
>> Software Specialist I Fax: 413-577-2285
>> Department of Computer Science ICQ: 7565766
>> University of Massachusetts Amherst
>> --------------------------------------------------------
>>
--
--------------------------------------------------------
David Korpiewski Phone: 413-545-4319
Software Specialist I Fax: 413-577-2285
Department of Computer Science ICQ: 7565766
University of Massachusetts Amherst
--------------------------------------------------------
More information about the Info-cyrus
mailing list