Daniel,
thanks so much for the detailed pointers.
So it turns out to be both the evil that is systemd and an overzealous upgrade script.
Apollon, should I raise a Debian bug for this?
As for reasons, how do 50k proxy session on the proxy servers and 25k imap processes on the mailbox servers sound?
Even on a server with just 6k users and 7k imap processes that causes a massive load spike and a far longer service interruption (about 50 seconds) than I'm happy with.
Penultimately if people do set "shutdown_clients = no" they hopefully know what they are doing and do expect that to work.
Regards,
Christian
On Fri, 30 Aug 2019 17:44:23 +0200 Daniel Lange via dovecot wrote:
Am 30.08.19 um 17:38 schrieb Daniel Lange via dovecot:
Am 30.08.19 um 10:00 schrieb Christian Balzer via dovecot:
When upgrading on Debian Stretch with the security fix packages all dovecot processes get killed and then restarted despite having "shutdown_clients = no" set.
This is systemd doing its "magic" (kill all control group processes), see https://dovecot.org/pipermail/dovecot/2016-June/104546.html for a potential fix.
Actually that will not be enough in the upgrade case as the maintainer script calls deb-systemd-invoke stop dovecot.socket dovecot.service
I personally think re-connecting clients are normal operations so I wouldn't bother. But you could override the stop action in the systemd unit if you have local reasons that warrant such a hack.
--
Christian Balzer Network/Systems Engineer
chibi@gol.com Rakuten Mobile Inc.