[Dovecot] Solaris/SSLonly/Lots of Users
Anyone running Dovecot on Solaris, requiring only SSL connections, and servicing thousands of simultaneous users? Our past attempts to do so have failed due to dovecot-auth using up all 256 of its file descriptors. I say 256 since we are limited to that by the 32-bit libraries. We are looking at either compiling Dovecot in 64-bit and letting dovecot-auth file descriptors accumulate (not ideal), or providing Timo with access to one of our test servers so he can debug the problem. However, I would like to hear of anyone in the same boat first. Thanks!
--
Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs@umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
Steven F Siirila wrote:
Anyone running Dovecot on Solaris, requiring only SSL connections, and servicing thousands of simultaneous users? Our past attempts to do so have failed due to dovecot-auth using up all 256 of its file descriptors. I say 256 since we are limited to that by the 32-bit libraries. We are looking at either compiling Dovecot in 64-bit and letting dovecot-auth file descriptors accumulate (not ideal), or providing Timo with access to one of our test servers so he can debug the problem. However, I would like to hear of anyone in the same boat first. Thanks!
You don't need it to be 64-bit, just change the ulimit/plimit parameters on the processes (try "man plimit"). You can change the default by editing /etc/system
e.g.
set rlim_fd_cur=2048 set rlim_fd_max=2048
to set the limit to 2048. We run "plimit -n 4096" on the dovecot master process shortly after it starts and typically have 1200 or so concurrent IMAP processes. Also look at "login_process_per_connection = no" in the Dovecot configuration; this will mean the number of imap-login processes is much reduced at the loss of a bit of security.
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
On Wed, 21 Feb 2007, Chris Wakelin wrote:
Date: Wed, 21 Feb 2007 17:40:31 +0000 From: Chris Wakelin c.d.wakelin@reading.ac.uk To: Steven F Siirila sfs@tc.umn.edu Cc: dovecot@dovecot.org Subject: Re: [Dovecot] Solaris/SSLonly/Lots of Users
Steven F Siirila wrote:
Anyone running Dovecot on Solaris, requiring only SSL connections, and servicing thousands of simultaneous users? Our past attempts to do so have failed due to dovecot-auth using up all 256 of its file descriptors. I say 256 since we are limited to that by the 32-bit libraries. We are looking at either compiling Dovecot in 64-bit and letting dovecot-auth file descriptors accumulate (not ideal), or providing Timo with access to one of our test servers so he can debug the problem. However, I would like to hear of anyone in the same boat first. Thanks!
You don't need it to be 64-bit, just change the ulimit/plimit parameters on the processes (try "man plimit"). You can change the default by editing /etc/system
e.g.
set rlim_fd_cur=2048 set rlim_fd_max=2048
to set the limit to 2048. We run "plimit -n 4096" on the dovecot master process shortly after it starts and typically have 1200 or so concurrent IMAP processes. Also look at "login_process_per_connection = no" in the Dovecot configuration; this will mean the number of imap-login processes is much reduced at the loss of a bit of security.
In my case (Solaris 10), I have the following set in my /etc/system. This may be overkill/wrong:
- double file descriptor limits for dovecot set rlim_fd_cur = 65536 set rlim_fd_max = 131072
But things work.
Jeff Earickson Colby College
On 21/02/2007 17:26, Steven F Siirila wrote:
Anyone running Dovecot on Solaris, requiring only SSL connections, and servicing thousands of simultaneous users? Our past attempts to do so have failed due to dovecot-auth using up all 256 of its file descriptors. I say 256 since we are limited to that by the 32-bit libraries. We are looking at either compiling Dovecot in 64-bit and letting dovecot-auth file descriptors accumulate (not ideal), or providing Timo with access to one of our test servers so he can debug the problem. However, I would like to hear of anyone in the same boat first. Thanks!
I think I recall Timo saying recently he'd fixed a problem with too many open files in dovecot-auth, or something similar, but I'll leave it to you to trawl the last week's list archives to find it.
Cheers,
John.
On Wed, 21 Feb 2007, Steven F Siirila wrote:
Date: Wed, 21 Feb 2007 11:26:45 -0600 From: Steven F Siirila sfs@tc.umn.edu To: dovecot@dovecot.org Subject: [Dovecot] Solaris/SSLonly/Lots of Users
Anyone running Dovecot on Solaris, requiring only SSL connections, and servicing thousands of simultaneous users? Our past attempts to do so have failed due to dovecot-auth using up all 256 of its file descriptors. I say 256 since we are limited to that by the 32-bit libraries. We are looking at either compiling Dovecot in 64-bit and letting dovecot-auth file descriptors accumulate (not ideal), or providing Timo with access to one of our test servers so he can debug the problem. However, I would like to hear of anyone in the same boat first. Thanks!
Hi,
Our situation: Solaris 10 (sparc), rc23 compiled with gcc, 3K users, imap and imaps (no pop). I often had problems with the "too many open files" issue back in beta versions of dovecot. I kept boosting the "login_max_processes_count" and "login_max_connections" numbers (quadrupled both from the default) and still had problems. I finally got rid of it by setting "login_process_per_connection = no". The problem vanished.
This was when I was running dovecot on a Sun E220R, and it could not really keep up -- high load, slow response, etc. I upgraded the hardware to a T2000 (8 cpu) about a month ago, and it barely breaks a sweat. I haven't changed the settings above back to the defaults, because I am afraid of breaking things again.
Timo, any idea what would happen if I set things back to the default in this case?
Jeff Earickson Colby College
On Wed, Feb 21, 2007 at 11:26:45AM -0600, Steven F Siirila wrote:
Anyone running Dovecot on Solaris, requiring only SSL connections, and servicing thousands of simultaneous users? Our past attempts to do so have failed due to dovecot-auth using up all 256 of its file descriptors. I say 256 since we are limited to that by the 32-bit libraries. We are looking at either compiling Dovecot in 64-bit and letting dovecot-auth file descriptors accumulate (not ideal), or providing Timo with access to one of our test servers so he can debug the problem. However, I would like to hear of anyone in the same boat first. Thanks!
Thanks all for the various replies to my original post. However...
UPDATE:
After upgrading from rc15 to rc23 the problem appears to have magically gone away. Timo has apparently fixed this, intentionally or otherwise. :)
Note that we are using defaults for all 'login_' config items except:
login_processes_count = 32 login_max_processes_count = 4096
Now we can finally proceed with our upgrade from UW-IMAP to Dovecot.
--
Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs@umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
participants (4)
-
Chris Wakelin
-
Jeff A. Earickson
-
John Robinson
-
Steven F Siirila