Is user lock-out required for backend xfers?

Dave McMurtrie dave64 at andrew.cmu.edu
Thu Mar 12 13:03:08 EDT 2009 

Andrew Morgan wrote:
> On Wed, 11 Mar 2009, Wil Cooley wrote:
> 
>> Somewhere I read (or thought I read) that it was important to ensure
>> that a user was not logged in when his mailbox was transferred between
>> backends in a Murder setup, otherwise there was a risk of mailbox
>> corruption. Is this true or have I been reading the tabloids again?
>>
>> Context: I have several shiny new backends with 2.3 that I have ready to
>> replace our old 2.2 backends. We have something like 70,000 mailboxes to
>> move, which will obviously be something done in nightly batches over a
>> period of weeks.
>>
>> Our current obstacle is having to ensure that the mailbox is not open,
>> because that requires: notifying the user that his e-mail will be
>> unavailable for a period of time, locking the user's account (which
>> locks him out of everything else unless we work up some Cyrus-specific
>> solution, like some PAM magic), checking all the front-ends to verify
>> that he's not logged in (this is iffy, because the proc/<username> files
>> are all we've got and some of those are left-overs from crashes and lack
>> of housekeeping), doing the transfer, and then undoing all of this.
>>
>> Alternately, if there is only a small risk of mailbox corruption, it may
>> be better to just do the transfers late at night and accept having to do
>> a handful of mailbox reconstructs.
>>
>> Is this what other people have done?
> 
> When we went from a standalone server to a Murder setup, we moved half of 
> our mailboxes from cyrus-be1 to cyrus-be2.  We did them in batches 
> overnight, without any special care taken to prevent users from accessing 
> them.  I'm not aware of any problems caused by this.  This was back in 
> Cyrus 2.1 or 2.2.
> 
> So no promises, but it worked fine for us.

You should not need to do anything to prevent client access to a mailbox
when it's being moved and there should never be any resulting
corruption.  Cyrus locks the mailbox while it's being moved.

I will mention, however, that some clients get confused if they're
connected while a mailbox is being moved and I've never actually figured
out why.  The confusion is usually a matter of a user's mailbox suddenly
appearing to be empty which is resolved by having them restart their
mail client.  The most extreme confusion I've seen so far was with some
version of Outlook where the user actually had to delete and recreate
their account configuration to convince Outlook that the mailbox was not
empty.

Thanks,

Dave
-- 
Dave McMurtrie, SPE
Email Systems Team Leader
Carnegie Mellon University,
Computing Services

More information about the Info-cyrus mailing list