[Dovecot] How to upgrade a running Dovecot?
Greetings -
Could someone confirm how to perform various upgrades on a live
system running Dovecot please?
Scenario 1: Change to dovecot.conf
If I make a change to dovecot.conf am I right in thinking I can
simply send a HUP signal to the main dovecot process to get it to re-
read the configuration file and act on its revised content?
Scenario 2: Altered SSL Certificates
I need to replace our current certificates and have prepared new
files containing the replacement certificate and private key. Am I
right in thinking that I can simply modify dovecot.conf to point at
the new files and send a HUP signal to dovecot? Specifically, will
new connections use the revised certificates, and existing
connections continue to work OK without interruption?
Scenario 3: Software Upgrade
I build a particular version of Dovecot into the tree /usr/local/
dovecot-A.B.C and then have a symlink called "dovecot" pointing at
the this directory. To upgrade I can then build the new version
into /usr/local/dovecot-X.Y.Z and test.
To actually switch over the live service to the new X.Y.Z version do
I need to:
a) Totally shut down the old A.B.C version of Dovecot, thereby
breaking all
open connections for users? or
b) Assuming I am using "shutdown_clients = no" can I just kill the
master
"dovecot" process and then start up the new version?
Ideally I want existing connections to remain running, but new
connections to start up using the new X.Y.Z version of Dovecot.
The comment for "shutdown_clients" implies this, but also says:
"This however means that after master process has died, the client
processes can't write to log files anymore."
So if I understand this correctly then with "shutdown_clients = no"
in force then the sequence and behaviour is this? ...
1. Old version A.B.C of Dovecot running, clients can log
through the master "dovecot" process to the logfiles.
2. Kill the old master "dovecot" process, start new X.Y.Z
version up.
3. New connections get served by version X.Y.Z.
Old connections DON'T get killed and can continue, BUT can
no longer write anything to the logfiles?
With many thanks, Mike B-)
-- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740
- Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
On Thu, 2007-10-04 at 13:57 +0100, Mike Brudenell wrote:
Scenario 1: Change to dovecot.conf
If I make a change to dovecot.conf am I right in thinking I can
simply send a HUP signal to the main dovecot process to get it to re- read the configuration file and act on its revised content?
One problem with SIGHUP is that it kills connections that are currently logging in (sending "* BYE Server is shutting down." to client). Would be nice if one day the login and auth processes simply stop accepting new connections and kill themselves only after the last client has disconnected.
Scenario 2: Altered SSL Certificates
I need to replace our current certificates and have prepared new
files containing the replacement certificate and private key. Am I
right in thinking that I can simply modify dovecot.conf to point at
the new files and send a HUP signal to dovecot? Specifically, will
new connections use the revised certificates, and existing
connections continue to work OK without interruption?
Yes, the SSL files are read by login processes at startup. And SIGHUP restarts login processes.
participants (2)
-
Mike Brudenell
-
Timo Sirainen