- Previous message: Farzad FARID: "Re: How to copy shared folders from one cyrus to another?"
- In reply to: Mirosław Jaworski: "Working unified murder configs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Farzad FARID (no email)
Date: Fri Feb 09 2007 - 17:40:45 EST
Hi,
on 09.02.2007 10:40 Mirosław Jaworski said the following:
> Anyone care to share working unified murder configs?
>
> I am also sure that many would appreciate separate unified murder pages
> in cyrus' wiki.
>
>
Sure, here's a working config, deployed in a production system. Since I
haven't written a final administration manual, these informations may
be incomplete. If they aren't sufficient, send me a mail and I'll
complete what's missing.
Environment:
There are 3 servers (not couting the smtp relays or the LDAP servers):
* 2 imap servers: imap1 & imap2
* 1 murder server: murder1
All 3 servers run *Cyrus Imapd 2.3.7*, home made, yet to become
official, Debian packages, with some patches. You can check the source
code here if you want to see what patches have been applied :
http://www.pragmatic-source.com/Cyrus-Imapd-2-3-7-for-the-Linux
*Note:* All cyrus commands must be run under the "cyrus" user, not "root"!
SASL settings
All 3 server have SASL libraries & tools installed, and an /etc/sasldb2
authentification file.
*Note:* Take care of using *matching passwords* where necessary. For
example: the /etc/sasldb2 file on "murder1" has got an
"" account. The same "imap1" user is defined in the
/etc/cyrus.conf file on server "imap1", with the same password.
Configuration on "murder1"
*Note*: I stripped some unnecessary lines, comments and white lines from
the sample config files. Don't use these configuration files as is!
SASL file /etc/sasldb2
The auth file contains these users (with a password of course):
murder1# sasldblistusers2
cyrus at murder1: userPassword
: userPassword
: userPassword
File /etc/cyrus.conf:
START {
recover cmd="/usr/sbin/ctl_cyrusdb -r"
}
SERVICES {
# (mupdate master, only one in the entire cluster)
mupdate cmd="mupdate -m" listen=3905 prefork=1
proto="tcp4"
}
EVENTS {
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
}
File /etc/imapd.conf:
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
servername: mydomain.com
admins: cyrus
mupdate_admins: imap1 imap2
allowplaintext: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
Nothing else is configured on "murder1".
Configuration on "imap1" and "imap2"
Configuration is identical on these 2 servers, except from their names
(substitute "imap1" with "imap2" and you'll get the 2nd server's
configuration).
The IMAP servers run the "saslauthd" daemon, connected to an LDAP
server, but I don't document this here as it has no influence on the
murder configuration.
File /etc/services:
Add the following line to the "/etc/service file.
mupdate 3905/tcp # Cyrus Mupdate
SASL file /etc/sasldb2:
# sasldblistusers2
cyrus at imap1: userPassword
postman at imap1: userPassword
postman is used along with postfix + lmtp for mail delivery. But I won't
talk about this here.
File /etc/cyrus.conf:
START {
recover cmd="/usr/sbin/ctl_cyrusdb -r"
idled cmd="idled"
# this is useful on backend nodes of a Murder cluster
# it causes the backend to syncronize its mailbox list with
# the mupdate master upon startup
mupdatepush cmd="/usr/sbin/ctl_mboxlist -m"
# this is recommended if using duplicate delivery suppression
# but the expiration takes more than 5 minutes on startup!
# So I disabled this line
##delprune cmd="/usr/sbin/cyr_expire -E 3 -X 3"
# this is recommended if caching TLS sessions
tlsprune cmd="/usr/sbin/tls_prune"
}
SERVICES {
# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
imap cmd="imapd -U 30" listen="imap" prefork=10
maxchild=250 babysit=1 maxforkrate=10 proto="tcp4"
imaps cmd="imapd -s -U 30" listen="imaps"
prefork=5 maxchild=250 babysit=1 maxforkrate=10 proto="tcp4"
lmtp cmd="lmtpd" listen="lmtp" prefork=10
maxchild=60 babysit=1 maxforkrate=10 proto="tcp4"
sieve cmd="timsieved" listen="sieve" prefork=2
maxchild=30 proto="tcp4"
notify cmd="notifyd"
listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
# --- Murder frontends -------------------------
# mupdate database service - must prefork at least 1
# (mupdate slaves)
mupdate cmd="mupdate" listen=3905 prefork=1 proto="tcp4"
}
EVENTS {
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
delprune cmd="/usr/sbin/cyr_expire -E 3 -X 3" at=0201
tlsprune cmd="/usr/sbin/tls_prune" at=0201
squatter_a cmd="/usr/sbin/squatter" at=0317
}
File /etc/imapd.conf:
As I said before, this is an incomplete example.
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
admins: cyrus
lmtp_admins: cyrus postman
postuser: cyrus
allowanonymouslogin: no
allowplaintext: yes
allowapop: no
sasl_minimum_layer: 0
loginrealms: mydomain.com
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
mupdate_server: murder1.mydomain.com
mupdate_config: unified
mupdate_port: 3905
mupdate_authname: imap1
mupdate_realm: mydomain.com
mupdate_password: XXXX_HERE_IMAP1_PASSWORD
mupdate_worker_maxspare: 5
mupdate_worker_minspare: 1
mupdate_worker_start: 2
proxy_password: XXXX_HERE_CYRUS_PASSWORD
proxy_authname: cyrus
proxyservers: cyrus
Bootstrapping the whole thing
Actually I don't remember exactly how I bootstrapped the system :P
These steps are approximative:
* Monitor the syslog files on all servers to detect errors or
warnings. In my environment everything is logged in /var/log/mail.log.
* Start the cyrus services on the "murder1" server. Check that the
following services are running:
o cyrmaster -d
o mupdate -m
* Go on "imap1" (resp. "imap2")
* Using "cyradm" create some local users:
o cyradm -u cyrus localhost
o cyradm> createmailbox user.johndoe
o cyradm> etc.
* Launch "sudo -u cyrus ctl_mboxlist -m" manually. Check the
messages and the log file to see if everything went fine.
* Repeat previous operations (user creation & ctl_mboxlist -m) on
server "imap2"
Now run "sudo -u cyrus ctl_mboxlist -d" on all 3 servers and compare the
results. At least "murder1" should have a complete list of all folders.
If everything worked fine:
* Start the whole cyrus services on both imap servers
o /etc/init.d/cyrus start
* Check the log files
* Enjoy!
Now "sudo -u cyrus ctl_mboxlist -d" should always return a complete list
of all folders, regardless of the server it is run on. I you open an
IMAP connection with "imap1" or "imap2" you should be able to access any
folder (depending on your authorizations of course).
If there's anything wrong or incomplete in my mail, please tell me and
I'll try to correct it.
Regards,
-- Farzad FARID <> Architecte Open Source / Associé Pragmatic Source - http://www.pragmatic-source.com/ Tel : +33 9 53 19 21 90 / Mob : +33 6 03 70 65 46
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|