Backend attempting to proxy to itself?
Simon Beale
simon at minos.org.uk
Mon Apr 26 12:27:46 EDT 2010
Thank you!
Yes, doing the following steps:
- ctl_mboxlist -d > file.txt
- stopping the backend cyrus
- removing mailboxes.db,
- starting cyrus
- ctl_mboxlist -u < file.editted.txt
does mean I can run "imtest -a cyrus-frontend -u simon store-101" (i.e.
against the backend) successfully and SELECT the INBOX.
However, if I restart the backend at this point, I get the old entries
back again in addition to the fixed entries.
Given this cluster isn't yet in production, I've just stopped the entire
cluster, deleted mailboxes.db from everything and "rm -rf
${partition-default}/*" in case there was something bad lurking around
from previous experiments. But it's still the case that if I "cm
user.simon" on the frontend with cyradm, the mailboxes.db on the backend
appears as "... 1 store-101...!default..."
So for some reason I'm not getting correct mailbox location information
created on the backends.
I've included my cyrus.conf files and the murder master's imapd.conf below
in case there's something wrong I've put in any of those.
Cheers
Simon
=====================
Backend/frontend cyrus.conf
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
#the next line is only present on the backend
mupdatepush cmd="ctl_mboxlist -m"
}
SERVICES {
imap cmd="imapd" listen="imap" proto="tcp4" prefork=2
imaps cmd="imapd -s" listen="imaps" proto="tcp4" prefork=5
pop3 cmd="pop3d" listen="pop3" proto="tcp4" prefork=2
pop3s cmd="pop3d -s" listen="pop3s" proto="tcp4" prefork=2
sieve cmd="timsieved" listen="sieve" proto="tcp4" prefork=2
mupdate cmd="mupdate" listen="3905" proto="tcp4" prefork=2
fud cmd="fud" listen="4201" proto="udp4" prefork=1 maxchild=10
lmtp cmd="lmtpd -a" listen="127.0.0.1:2003" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
tlsprune cmd="tls_prune" at=0400
}
======================
Murder master /etc/cyrus.conf
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
mupdate cmd="mupdate -m" listen="mupdate" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
tlsprune cmd="tls_prune" at=0400
}
======================
Murder master /etc/imapd.conf
admins: cyrus cyrus-frontend
allowplaintext: true
configdirectory: /var/lib/imap
duplicate_db: skiplist
improved_mboxlist_sort: true
lmtp_downcase_rcpt: true
normalizeuid: true
partition-default: /var/spool/imap
ptscache_db: skiplist
sasl_mech_list: DIGEST-MD5 PLAIN LOGIN
sasl_pwcheck_method: auxprop
sievedir: /var/lib/imap/sieve
statuscache_db: skiplist
tlscache_db: skiplist
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
tls_cert_file: /etc/ssl/certs/wildcard.pem
tls_key_file: /etc/ssl/certs/wildcard.pem
unix_group_enable: false
> imapd is trying to proxy because the entry "1
> store-101.internal.example.com" tells it that it's remote, even though it
> is not. Theoretically this would work correctly with a unified murder
> configuration, where any machine can proxy for another, but it isn't
> implemented. The mailbox entry on the backend should look like;
>
> user.simon 0 default simon lrswipkxtecda
>
> I'm not sure how the mailbox list ended up with entries like that on your
> backend. Are you running mupdate there? There should probably be a
> warning in the docs about not starting mupdate on a backend, if there
> isn't
> already. To fix it, you may need to dump the db to text, use sed/awk/perl
> (pick your favorite) and change all the "1 servername!default" to "0
> default", remove the old db and reload it. Hope that helps.
>
> -Brian
>
> On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale"
> <simon at minos.org.uk>
> wrote:
>> I'm having problems with getting the backend responding correctly in a
>> murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4).
> I've
>> got it so that I can run cyradm and issue 'cm user.simon' on the
> frontend,
>> see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
>> murder, frontend and backend all list the relevant backend location:
>>
>> user.simon 1 store-101.internal.example.com!default simon
>> lrswipkxtecda
>>
>>
>> However, when I run imtest and login on the frontend:
>> . LIST "" "*"
>> * LIST (\HasNoChildren) "." "INBOX"
>> . OK Completed (0.000 secs 2 calls)
>> . SELECT INBOX
>> . NO Server(s) unavailable to complete operation
>>
>>
>> Looking at the output of strace and syslogs on the backend, it appears
>> that the backend is trying to make a new TLS connection back to itself
>> rather than directly answering the incoming SELECT.
>>
>> Apr 26 13:24:09 store-101 imap[26128]: accepted connection
>> Apr 26 13:24:09 store-101 master[26615]: about to exec
>> /usr/lib/cyrus-imapd/imapd
>> Apr 26 13:24:09 store-101 imap[26128]: login:
>> switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User
> logged
>> in
>> Apr 26 13:24:09 store-101 imap[26615]: executed
>> Apr 26 13:24:09 store-101 imap[26615]: accepted connection
>> Apr 26 13:24:09 store-101 master[26616]: about to exec
>> /usr/lib/cyrus-imapd/imapd
>> Apr 26 13:24:09 store-101 imap[26616]: executed
>> Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
>> /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
>> Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH
>> parameters
>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>> Apr 26 13:24:09 store-101 imap[26128]: received server certificate
>> Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
>> Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>> Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
>> server: no mechanism available
>>
>> Can anyone help me work out why the backend appears to be attempting to
>> proxy onwards rather than answering the SELECT itself?
>>
>> ===================
>> Backend imapd.conf:
>>
>> admins: cyrus cyrus-frontend
>> allowallsubscribe: true
>> allowplaintext: true
>> allowusermoves: true
>> configdirectory: /var/lib/imap
>> delete_mode: delayed
>> duplicate_db: skiplist
>> expunge_mode: delayed
>> hashimapspool: true
>> improved_mboxlist_sort: true
>> lmtp_downcase_rcpt: true
>> mupdate_authname: cyrus-frontend
>> mupdate_password: ********
>> mupdate_server: switch-102.internal.example.com
>> mupdate_username: cyrus-frontend
>> normalizeuid: true
>> partition-default: /var/spool/imap
>> proxyservers: cyrus-frontend
>> ptscache_db: skiplist
>> sasl_mech_list: PLAIN LOGIN DIGEST-MD5
>> sasl_pwcheck_method: auxprop
>> servername: store-101.internal.example.com
>> sievedir: /var/lib/imap/sieve
>> statuscache_db: skiplist
>> tlscache_db: skiplist
>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> tls_cert_file: /etc/ssl/certs/wildcard.pem
>> tls_key_file: /etc/ssl/certs/wildcard.pem
>> unix_group_enable: false
>>
>>
>> ====================
>> Frontend imapd.conf:
>>
>> admins: cyrus
>> allowplaintext: false
>> allowusermoves: true
>> configdirectory: /var/lib/imap
>> delete_mode: delayed
>> duplicate_db: skiplist
>> expunge_mode: delayed
>> improved_mboxlist_sort: true
>> lmtp_downcase_rcpt: true
>> mupdate_authname: cyrus-frontend
>> mupdate_password: ********
>> mupdate_server: switch-102.internal.example.com
>> mupdate_username: cyrus-frontend
>> normalizeuid: true
>> partition-default: /var/spool/imap
>> proxy_authname: cyrus-frontend
>> proxyd_disable_mailbox_referrals: true
>> proxy_password: ********
>> ptscache_db: skiplist
>> sasl_mech_list: PLAIN
>> sasl_pwcheck_method: auxprop saslauthd
>> serverlist: store-101.internal.example.com
>> servername: switch-101.internal.example.com
>> sieve_allowreferrals: false
>> sievedir: /var/lib/imap/sieve
>> sieveusehomedir: 0
>> statuscache_db: skiplist
>> tlscache_db: skiplist
>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> tls_cert_file: /etc/ssl/certs/wildcard.pem
>> tls_key_file: /etc/ssl/certs/wildcard.pem
>> unix_group_enable: false
>>
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
More information about the Info-cyrus
mailing list