Is user lock-out required for backend xfers?

[Wil Cooley]

Somewhere I read (or thought I read) that it was important to ensure
that a user was not logged in when his mailbox was transferred between
backends in a Murder setup, otherwise there was a risk of mailbox
corruption. Is this true or have I been reading the tabloids again?

Context: I have several shiny new backends with 2.3 that I have ready to
replace our old 2.2 backends. We have something like 70,000 mailboxes to
move, which will obviously be something done in nightly batches over a
period of weeks.

Our current obstacle is having to ensure that the mailbox is not open,
because that requires: notifying the user that his e-mail will be
unavailable for a period of time, locking the user's account (which
locks him out of everything else unless we work up some Cyrus-specific
solution, like some PAM magic), checking all the front-ends to verify
that he's not logged in (this is iffy, because the proc/<username> files
are all we've got and some of those are left-overs from crashes and lack
of housekeeping), doing the transfer, and then undoing all of this.

Alternately, if there is only a small risk of mailbox corruption, it may
be better to just do the transfers late at night and accept having to do
a handful of mailbox reconstructs.

Is this what other people have done?

Wil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090311/2f8099b1/attachment.bin