LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] High Traffic IMAP deployment

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] High Traffic IMAP deployment
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Wed, 18 Aug 2010 08:22:50 +0900
On Tue, Aug 17, 2010 at 09:37:24AM -0430, Jose Ildefonso Camargo Tolosa wrote:
> Hi!
> 
> On Mon, Aug 16, 2010 at 9:23 PM, Simon Horman <horms@xxxxxxxxxxxx> wrote:
> > On Fri, Aug 13, 2010 at 11:09:54AM -0430, Jose Ildefonso Camargo Tolosa 
> > wrote:
> >
> > [ snip ]
> >>
> >> Nothing new, except, maybe, the replication thing, Cyrus suggest the
> >> use of Perdition (which can be very problematic, specially with
> >> SSL/TLS related issues).
> >
> > Could you be more specific about what SSL/TLS (or other) issues you are
> > concerned about? It would be good to get them fixed.
> 
> Concerned?... not anymore, I solved them when I had the issues, but it 
> involved:
> 
> 0. Make my LDAP server use LDAPv2 (actually, I created a replica on
> the perdition server, and made *that one* accept LDAPv2).
> 1. Make perdition use ssl_outgoing/tls_all while connecting to real
> server (because real server *required* SSL/TLS).  This was a clearly
> necessary step.
> 2. Make perdition ssl_no_cn_verify, because the certificate
> verification failed from perdition to the real server (server was
> valid, signed with internal CA, with correct name, but perdition
> complained on cert, so, I just enabled this).  This bothered my a
> little, but fortunately perdition had an option for it.
> 3. Copy the capability string from real server to perdition's
> imap_capability option, because some IMAP clients failed (I remember
> eGroupWare's IMAP client, at the moment), so, not just a plain copy, I
> had to remove a couple of options from the string.
> 
> I just took that from my Jun 2009 notes, when I had to implement it.
> 
> I just found perdition to be, maybe, too problematic, that's why I
> have been trying to get the time to make Dovecot's proxy capabilities
> work (which looks promising).  Also, back then, perdition looked a
> little abandoned (2 years since last release, back then, 1.17.1 was
> the latest release).  I see there have been serious work on it
> recently so: that's good.

There was a period of little activity, but that is no longer the case.
I am certainly all ears with regards to making the current code better.


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>