Kjetil Torgrim Homme
kjetilho at ifi.uio.no
Wed May 24 01:28:48 EDT 2006
On Tue, 2006-05-23 at 17:16 -0400, Patrick Radtke wrote:
> On May 23, 2006, at 4:48 PM, David Korpiewski wrote:
> > that currently only exists on the defunct master? If the replica
> > updates every 10 seconds, then we have the potential to lose 10
> > seconds of email. Or worse case, the sync_client dies and we lose
> > 30 minutes or more of emails before we failover!
> Once we have the primary/master backend machine working again after a
> failover (assuming its RAID is still intact) we do a find for any
> messages that have timestamps just prior to the the machine failing.
> We then compare this list to the messages on the replica. Since we
> have delayed expunge on, we can still determine if a specific message
> was replicated even if the user deleted it.
we use a different approach: our MTA (Exim) delivers a copy to a
separate server which has a very simple configuration, no LDAP lookups
to verify addresses or anything, it just stores the messages as batched
SMTP, one file per user and day. if anything goes awry, we can replay
(parts of) this file and redeliver the messages. in most cases, we do
this to supplement the tape backup when users delete all their e-mail by
mistake, and in that case we need to reset Cyrus' duplication database,
or else the messages will be dropped on the floor. in the incomplete
replica scenario, however, the duplication database will actually help
us avoid duplicating e-mail from the period of the crash.
(we don't use Murder or replication yet, so such replica restoration
hasn't been tried for real.)
More information about the Info-cyrus