Backend attempting to proxy to itself?
Simon Beale
simon at minos.org.uk
Mon Apr 26 13:45:12 EDT 2010
Aaahh, ok. I've taken that "services" line out, and it's all now looking sane in the mailboxes.db dumps. So thank you very much for that (I've spent a few days tearing my hair out over this :-) I'll have to work out now why I thought that was a good idea to include.
The creating on the frontend was using the imapd.conf option:
serverlist: <none>
Whitespace separated list of backend server names. Used for find-
ing server with the most available free space for proxying CREATE.
which was what I was intending to exercise once my initial problems were sorted, to spread my users out over a couple of backend servers automatically. This appears to be an option added in 2.3.15.
Simon
On 26 Apr 2010, at 17:57, Brian Awood wrote:
>
> You need to remove mupdate entry from the "Services" section of the cyrus
> config on the backend servers. mupdate always assumes mailboxes are remote
> so it is going through and changing all the mailbox entries to remote ones.
>
>
> I'm not sure about the autocreate feature though, I assume that is what you
> are trying to use by creating the mailbox while connected to the frontend.
> Traditionally you would connect to the backend where you wanted the mailbox
> to live and create it there.
>
> -Brian
>
> On Mon, 26 Apr 2010 17:27:46 +0100 (BST), "Simon Beale"
> <simon at minos.org.uk>
> wrote:
>>
>> However, if I restart the backend at this point, I get the old entries
>> back again in addition to the fixed entries.
>>
>> Given this cluster isn't yet in production, I've just stopped the entire
>> cluster, deleted mailboxes.db from everything and "rm -rf
>> ${partition-default}/*" in case there was something bad lurking around
>> from previous experiments. But it's still the case that if I "cm
>> user.simon" on the frontend with cyradm, the mailboxes.db on the backend
>> appears as "... 1 store-101...!default..."
>>
>> So for some reason I'm not getting correct mailbox location information
>> created on the backends.
>>
>> I've included my cyrus.conf files and the murder master's imapd.conf
> below
>> in case there's something wrong I've put in any of those.
>>
>> Cheers
>>
>> Simon
>>
>> =====================
>> Backend/frontend cyrus.conf
>>
>> START {
>> recover cmd="ctl_cyrusdb -r"
>> idled cmd="idled"
>> #the next line is only present on the backend
>> mupdatepush cmd="ctl_mboxlist -m"
>> }
>> SERVICES {
>> imap cmd="imapd" listen="imap" proto="tcp4" prefork=2
>> imaps cmd="imapd -s" listen="imaps" proto="tcp4" prefork=5
>> pop3 cmd="pop3d" listen="pop3" proto="tcp4" prefork=2
>> pop3s cmd="pop3d -s" listen="pop3s" proto="tcp4" prefork=2
>> sieve cmd="timsieved" listen="sieve" proto="tcp4" prefork=2
>> mupdate cmd="mupdate" listen="3905" proto="tcp4" prefork=2
>> fud cmd="fud" listen="4201" proto="udp4" prefork=1
> maxchild=10
>> lmtp cmd="lmtpd -a" listen="127.0.0.1:2003" prefork=1
>> }
>> EVENTS {
>> checkpoint cmd="ctl_cyrusdb -c" period=30
>> delprune cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
>> tlsprune cmd="tls_prune" at=0400
>> }
>>
>> ======================
>> Murder master /etc/cyrus.conf
>>
>> START {
>> recover cmd="ctl_cyrusdb -r"
>> idled cmd="idled"
>> }
>> SERVICES {
>> mupdate cmd="mupdate -m" listen="mupdate" prefork=1
>> }
>> EVENTS {
>> checkpoint cmd="ctl_cyrusdb -c" period=30
>> delprune cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
>> tlsprune cmd="tls_prune" at=0400
>> }
>>
>>
>> ======================
>> Murder master /etc/imapd.conf
>>
>> admins: cyrus cyrus-frontend
>> allowplaintext: true
>> configdirectory: /var/lib/imap
>> duplicate_db: skiplist
>> improved_mboxlist_sort: true
>> lmtp_downcase_rcpt: true
>> normalizeuid: true
>> partition-default: /var/spool/imap
>> ptscache_db: skiplist
>> sasl_mech_list: DIGEST-MD5 PLAIN LOGIN
>> sasl_pwcheck_method: auxprop
>> sievedir: /var/lib/imap/sieve
>> statuscache_db: skiplist
>> tlscache_db: skiplist
>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> tls_cert_file: /etc/ssl/certs/wildcard.pem
>> tls_key_file: /etc/ssl/certs/wildcard.pem
>> unix_group_enable: false
>>
>>
>>> imapd is trying to proxy because the entry "1
>>> store-101.internal.example.com" tells it that it's remote, even though
> it
>>> is not. Theoretically this would work correctly with a unified murder
>>> configuration, where any machine can proxy for another, but it isn't
>>> implemented. The mailbox entry on the backend should look like;
>>>
>>> user.simon 0 default simon lrswipkxtecda
>>>
>>> I'm not sure how the mailbox list ended up with entries like that on
> your
>>> backend. Are you running mupdate there? There should probably be a
>>> warning in the docs about not starting mupdate on a backend, if there
>>> isn't
>>> already. To fix it, you may need to dump the db to text, use
>>> sed/awk/perl
>>> (pick your favorite) and change all the "1 servername!default" to "0
>>> default", remove the old db and reload it. Hope that helps.
>>>
>>> -Brian
>>>
>>> On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale"
>>> <simon at minos.org.uk>
>>> wrote:
>>>> I'm having problems with getting the backend responding correctly in a
>>>> murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4).
>>> I've
>>>> got it so that I can run cyradm and issue 'cm user.simon' on the
>>> frontend,
>>>> see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
>>>> murder, frontend and backend all list the relevant backend location:
>>>>
>>>> user.simon 1 store-101.internal.example.com!default simon
>>>> lrswipkxtecda
>>>>
>>>>
>>>> However, when I run imtest and login on the frontend:
>>>> . LIST "" "*"
>>>> * LIST (\HasNoChildren) "." "INBOX"
>>>> . OK Completed (0.000 secs 2 calls)
>>>> . SELECT INBOX
>>>> . NO Server(s) unavailable to complete operation
>>>>
>>>>
>>>> Looking at the output of strace and syslogs on the backend, it appears
>>>> that the backend is trying to make a new TLS connection back to itself
>>>> rather than directly answering the incoming SELECT.
>>>>
>>>> Apr 26 13:24:09 store-101 imap[26128]: accepted connection
>>>> Apr 26 13:24:09 store-101 master[26615]: about to exec
>>>> /usr/lib/cyrus-imapd/imapd
>>>> Apr 26 13:24:09 store-101 imap[26128]: login:
>>>> switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User
>>> logged
>>>> in
>>>> Apr 26 13:24:09 store-101 imap[26615]: executed
>>>> Apr 26 13:24:09 store-101 imap[26615]: accepted connection
>>>> Apr 26 13:24:09 store-101 master[26616]: about to exec
>>>> /usr/lib/cyrus-imapd/imapd
>>>> Apr 26 13:24:09 store-101 imap[26616]: executed
>>>> Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
>>>> /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
>>>> Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH
>>>> parameters
>>>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
>>>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>>>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>>>> Apr 26 13:24:09 store-101 imap[26128]: received server certificate
>>>> Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
>>>> DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
>>>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
>>>> Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
>>>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>>>> Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
>>>> server: no mechanism available
>>>>
>>>> Can anyone help me work out why the backend appears to be attempting to
>>>> proxy onwards rather than answering the SELECT itself?
>>>>
>>>> ===================
>>>> Backend imapd.conf:
>>>>
>>>> admins: cyrus cyrus-frontend
>>>> allowallsubscribe: true
>>>> allowplaintext: true
>>>> allowusermoves: true
>>>> configdirectory: /var/lib/imap
>>>> delete_mode: delayed
>>>> duplicate_db: skiplist
>>>> expunge_mode: delayed
>>>> hashimapspool: true
>>>> improved_mboxlist_sort: true
>>>> lmtp_downcase_rcpt: true
>>>> mupdate_authname: cyrus-frontend
>>>> mupdate_password: ********
>>>> mupdate_server: switch-102.internal.example.com
>>>> mupdate_username: cyrus-frontend
>>>> normalizeuid: true
>>>> partition-default: /var/spool/imap
>>>> proxyservers: cyrus-frontend
>>>> ptscache_db: skiplist
>>>> sasl_mech_list: PLAIN LOGIN DIGEST-MD5
>>>> sasl_pwcheck_method: auxprop
>>>> servername: store-101.internal.example.com
>>>> sievedir: /var/lib/imap/sieve
>>>> statuscache_db: skiplist
>>>> tlscache_db: skiplist
>>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>>> tls_cert_file: /etc/ssl/certs/wildcard.pem
>>>> tls_key_file: /etc/ssl/certs/wildcard.pem
>>>> unix_group_enable: false
>>>>
>>>>
>>>> ====================
>>>> Frontend imapd.conf:
>>>>
>>>> admins: cyrus
>>>> allowplaintext: false
>>>> allowusermoves: true
>>>> configdirectory: /var/lib/imap
>>>> delete_mode: delayed
>>>> duplicate_db: skiplist
>>>> expunge_mode: delayed
>>>> improved_mboxlist_sort: true
>>>> lmtp_downcase_rcpt: true
>>>> mupdate_authname: cyrus-frontend
>>>> mupdate_password: ********
>>>> mupdate_server: switch-102.internal.example.com
>>>> mupdate_username: cyrus-frontend
>>>> normalizeuid: true
>>>> partition-default: /var/spool/imap
>>>> proxy_authname: cyrus-frontend
>>>> proxyd_disable_mailbox_referrals: true
>>>> proxy_password: ********
>>>> ptscache_db: skiplist
>>>> sasl_mech_list: PLAIN
>>>> sasl_pwcheck_method: auxprop saslauthd
>>>> serverlist: store-101.internal.example.com
>>>> servername: switch-101.internal.example.com
>>>> sieve_allowreferrals: false
>>>> sievedir: /var/lib/imap/sieve
>>>> sieveusehomedir: 0
>>>> statuscache_db: skiplist
>>>> tlscache_db: skiplist
>>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>>> tls_cert_file: /etc/ssl/certs/wildcard.pem
>>>> tls_key_file: /etc/ssl/certs/wildcard.pem
>>>> unix_group_enable: false
>>>>
>>>>
>>>> ----
>>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
More information about the Info-cyrus
mailing list