[Dovecot] director with multiple instances
I'm experiencing some problems similar to those described in http://dovecot.org/list/dovecot/2012-July/137250.html except with 2.0.9. Adding http://dovecot.org/list/dovecot/2012-July/084906.html to the main config didn't seem to help, nor did setting the list of director and backend servers to just the system itself.
I get a banner connecting to port 143: [root@retr01 log]# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK Waiting for authentication process to respond..
Log messages are:
Jun 3 16:22:03 retr01 dovecot: pop3-login: Error: Timeout waiting for handshake from auth server. my pid=32152, input bytes=0 Jun 3 16:22:33 retr01 dovecot: pop3-login: Error: Timeout waiting for handshake from auth server. my pid=32152, input bytes=0 Jun 3 16:22:33 retr01 dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty) Jun 3 16:22:33 retr01 dovecot: master: Error: service(director): command startup failed, throttling Jun 3 16:23:08 retr01 dovecot: pop3-login: Error: Timeout waiting for handshake from auth server. my pid=32152, input bytes=0 Jun 3 16:23:33 retr01 dovecot: pop3-login: Disconnected: Inactivity (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
running dovecot procs are: root 32137 1 0 16:20 ? 00:00:00 /usr/sbin/dovecot -c /etc/dovecot-main.conf root 32145 1 0 16:20 ? 00:00:00 /usr/sbin/dovecot -c /etc/dovecot-director.conf
doveconf -n for the two configs (dovecot-main.conf, dovecot-director.conf) are included below.
dovecot-sql.conf has:
driver = sqlite connect = /etc/dovecot/empty.db
password_query = select 'y' as proxy,
NULL as password,
'y' as nopassword,
case '%a'
when '110' then '10110'
when '995' then '10110'
when '143' then '10143'
when '993' then '10143' end
as port;
(where empty.db is completely empty; this is just used since there's no
other way to handle the port mapping, as described elsewhere on the
list).
A static proxy setup does work, with the normal imap / pop3 listeners.
# 2.0.9: /etc/dovecot-main.conf # OS: Linux 2.6.32-431.11.2.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.5 (Santiago) ext4 auth_username_format = %Ln auth_worker_max_count = 60 base_dir = /var/run/dovecot-main default_client_limit = 4096 default_process_limit = 200 dotlock_use_excl = yes mail_fsync = always mail_location = maildir:/var/spool/maildir/%1Ln/%Ln:INDEX=/mnt/post/cache/%1Ln/%Ln mail_plugins = fts fts_squat quota maildir_very_dirty_syncs = yes mbox_write_locks = fcntl mmap_disable = yes namespace { inbox = yes location = prefix = Mail. separator = . type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = maildir:User Quota quota_rule = *:storage=40960M:messages=3000000 } service auth-worker { user = $default_internal_user } service imap-login { inet_listener imap { port = 10143 } inet_listener imaps { port = 10993 } service_count = 0 vsz_limit = 128 M } service pop3-login { inet_listener pop3 { port = 10110 } inet_listener pop3s { port = 10995 } } ssl = required ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 ssl_key = </etc/pki/dovecot/private/dovecot.pem syslog_facility = local4 userdb { args = uid=vmail gid=mail home=/var/spool/maildir/%1Ln/%Ln driver = static } protocol imap { mail_max_userip_connections = 24 mail_plugins = fts fts_squat quota imap_quota } protocol pop3 { mail_max_userip_connections = 3 pop3_uidl_format = %f }
# 2.0.9: /etc/dovecot-director.conf # OS: Linux 2.6.32-431.11.2.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.5 (Santiago) ext4 auth_username_format = %Ln auth_worker_max_count = 60 base_dir = /var/run/dovecot-director default_client_limit = 4096 default_process_limit = 200 director_doveadm_port = 2888 director_mail_servers = 192.168.1.71 192.168.1.72 192.168.1.73 director_servers = 192.168.1.71 192.168.1.72 192.168.1.73 dotlock_use_excl = yes mail_fsync = always mail_location = maildir:/var/spool/maildir/%1Ln/%Ln:INDEX=/mnt/post/cache/%1Ln/%Ln mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = fts fts_squat quota maildir_very_dirty_syncs = yes mbox_write_locks = fcntl mmap_disable = yes namespace { inbox = yes location = prefix = Mail. separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } service auth-worker { user = $default_internal_user } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 2888 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service pop3-login { executable = pop3-login director } ssl = required ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 ssl_key = </etc/pki/dovecot/private/dovecot.pem syslog_facility = local4
w
And I realize that doveadm isn't setup properly yet, and that director_doveadm_port needs to be doveadm's inet_listener, not director's as it is now. Presumably this should just affect being able to run doveadm, though, and not cause the problems I mentioned?
It would be really convenient if running the directors and backend services on the same set of machines was a lot easier out of the box. Especially being able to configure a static mapping of listener => backend port without having to do a fake SQL map would really simplify things.
w
I'm guessing this is the most significant issue:
Jun 3 16:22:33 retr01 dovecot: director: Fatal: No inet_listeners defined for director service (for standalone keep director_servers empty)
What confuses me, is that not only do I have this in my config:
service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 2888 }
[...]
but I can telnet to port 2888, and I can see that it's bound to the correct instance of Dovecot (though the first time I telnet to that port, I get the connection closed right away (this lines up with the error about inet_listeners); the second time, it doesn't close):
[root@retr01 ~]# telnet localhost 2888 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. [root@retr01 ~]# telnet localhost 2888 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
The default config (without any 'service director {}' section) for the other (backend) instance gives me (in doveconf -c /etc/dovecot-main.conf): service director { [...] service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } [...]
Do I need to set mode to 00 for director-admin (again, on the *non* director instance) as well (I think I've seen something about this on the list).
Does anyone have any suggestions, especially anyone who has a similar setup working on 2.0.x?
w
So, going to latest 2.2 RPM from ATRPMs does seem to fix the problem (that is, the same config works as expected).
So, my question then is, in terms of indices, dovecot-uidlist, etc., is it safe to move from Dovecot 1.0.7 directly to 2.2.10?
Also, even if I put: doveadm_socket_path = localhost:8889 in, or even if I add this to the main (non-director) instance's config (to presumably disable the director-admin socket):
service director { unix_listener director-admin { group = mode = 00 user = } }
I get: [root@retr01 ~]# doveadm director status doveadm(root): Fatal: net_connect_unix(/var/run/dovecot-main/director-admin) failed: Connection refused
Specifying the socket explicitly does give the expected results:
[root@retr01 ~]# doveadm director status -a /var/run/dovecot-director/director-admin mail server ip vhosts users 192.168.1.71 100 1 [....]
Default dovecot.conf (/etc/dovecot/dovecot.conf) is a symlink to the *director* instance's config, and I tried even with doveadm_socket_path set to localhost:8889 in both configs so I'm not sure why it's looking for the main instance's socket. The comments in the config file seem to indicate that host:port is acceptable rather than a local socket.
w
participants (1)
-
Will Yardley