Re: Cyrus tweaks (slow on roundcube)
Okay so I figured out since this is a container and not a VM I can't install haveged on it. Awesome I learned something. Okay now... Next question to solve this insanity. Can I point everything Cyrus/SASL and TLS Related to use urandom instead of random? I found this: http://security.stackexchange.com/a/14399/86596 But I don't want to do something to jeapordize my whole system. I think this is the last piece of the puzzle. Thanks again guys. - Paul > On Sep 11, 2015, at 8:03 PM, Patrick Boutilier wrote: > > Delete it. Then you can try to start havaged and see if it crashes again. > > >> On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote: >> Hi Patrick, >> >> Then do what with it? >> >> - Paul >> On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote: On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote: Andre, Thanks for the info!! Two questions since sasl is still new to me: 1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) >>> >>> >>> For the lock part look in /var/lock/subsys/ for a file called havaged or >>> similar. >>> Thanks again! - Paul >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
So I tried: haveged -r 0 and the service now works but entropy is still 129 - Paul > On Sep 11, 2015, at 8:03 PM, Patrick Boutilier wrote: > > Delete it. Then you can try to start havaged and see if it crashes again. > > >> On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote: >> Hi Patrick, >> >> Then do what with it? >> >> - Paul >> On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote: On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote: Andre, Thanks for the info!! Two questions since sasl is still new to me: 1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) >>> >>> >>> For the lock part look in /var/lock/subsys/ for a file called havaged or >>> similar. >>> Thanks again! - Paul >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
Nope, dies instantly and locks it again. "Haveged dead but subsys locked" - Paul > On Sep 11, 2015, at 8:03 PM, Patrick Boutilier wrote: > > Delete it. Then you can try to start havaged and see if it crashes again. > > >> On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote: >> Hi Patrick, >> >> Then do what with it? >> >> - Paul >> On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote: On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote: Andre, Thanks for the info!! Two questions since sasl is still new to me: 1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) >>> >>> >>> For the lock part look in /var/lock/subsys/ for a file called havaged or >>> similar. >>> Thanks again! - Paul >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
Delete it. Then you can try to start havaged and see if it crashes again. On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote: Hi Patrick, Then do what with it? - Paul On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote: On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote: Andre, Thanks for the info!! Two questions since sasl is still new to me: 1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) For the lock part look in /var/lock/subsys/ for a file called havaged or similar. Thanks again! - Paul Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus <> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
Hi Patrick, Then do what with it? - Paul > On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote: > >> On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote: >> Andre, >> >> Thanks for the info!! Two questions since sasl is still new to me: >> >> 1) How many processes should I have running? Is there an option >> somewhere to adjust this or see it? >> >> 2) I installed havaged, but the process instantly crashes and tells me a >> sub system is locked when I try to restart it. Any ideas on that? (On >> centos 6) > > > For the lock part look in /var/lock/subsys/ for a file called havaged or > similar. > >> >> >> Thanks again! >> >> - Paul > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
I use imapproxy with Horde Webmail here. Assuming the proxy is using cached connections instead of making a new connection each click, then I would look into performance problems within Cyrus itself. It would be interesting to see what IMAP commands Roundcube is issuing to Cyrus. Perhaps it is doing something "stupid" like retrieving all the message bodies on each click? If you haven't already, try enabling telemetry logging for a single user and check the telemetry log files. If you can post some of those logs here, we may be able to identify the problem. Thanks, Andy On Fri, 11 Sep 2015, signaldevelo...@gmail.com wrote: > I tried imapproxy. It is the same speed. And again, definitely not hardware > related. > > I see in the logs in queries the proxy and that works fine but not sure why > it's still the same speed. > > > - Paul > >> On Sep 11, 2015, at 2:47 PM, Andrew Morgan wrote: >> >>> On Thu, 10 Sep 2015, signaldevelo...@gmail.com wrote: >>> >>> Is there some type of log I can provide from Cyrus / sasl to help diagnose >>> this better to the kolab guys? Other kolab guys I know say their entropy is >>> right where I'm at and they aren't experiencing these slowness issues. >>> >>> Are their sasl or Cyrus logs I can provide? >> >> Maybe I missed this detail earlier in the thread, but why not run an IMAP >> proxy to reduce the rate of new connections to Cyrus? Making a new IMAP >> connection with every click seems abusive! :) >> >>Andy > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote: Andre, Thanks for the info!! Two questions since sasl is still new to me: 1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) For the lock part look in /var/lock/subsys/ for a file called havaged or similar. Thanks again! - Paul <> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
Andre, Thanks for the info!! Two questions since sasl is still new to me: 1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) Thanks again! - Paul > On Sep 11, 2015, at 2:59 PM, Andre Felipe Machado > wrote: > > Hello, > > By your numbers it seems that your machine is able to generate random numbers > at good speed. But the problem is WHEN and HOW OFTEN. > > Afaik, the linux kernel waits too long to trigger the process to generate > random numbers and fast paced process spawning or ssl connections could > deplete pool before the process is triggered again. > > This is the problem that haveged could solve. Triggering a random numbers > generation at a higher threshold and at higher frequency. > > http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ > > Well, it is only ONE of possible causes of your problem. Unfortunately one > obscure and difficult to identify because it does not generate errors, > crashes or logs. Simply slowness. > > Had you checked disk latency? Does your servers have enough sasl processes? > > We use Debian and did not find haveged installation issues, so you will have > to search a bit more about your running errors. > > Regards. > > Andre Felipe > > http://www.techforce.com.br > > > > Paul Bronson wrote .. > > Guys, > > I ran cat /dev/urandom | rngtest -c 1000 > > and got: > > rngtest: starting FIPS tests... > rngtest: bits received from input: 2032 > rngtest: FIPS 140-2 successes: 998 > rngtest: FIPS 140-2 failures: 2 > rngtest: FIPS 140-2(2001-10-10) Monobit: 0 > rngtest: FIPS 140-2(2001-10-10) Poker: 0 > rngtest: FIPS 140-2(2001-10-10) Runs: 1 > rngtest: FIPS 140-2(2001-10-10) Long run: 1 > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s > rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s > rngtest: Program run time: 198018 microseconds > > > Does this look bad to you considering all of my slow SASL auths? (no haveged > is on at this point.. available entropy is between 131 - 160... pool size is > default 4096. > > I also tried installing haveged, which worked fine, but as soon as I started > the service it said something like process dead, sub sys locked... ? Sorry, > entropy is fairly new to me. > > > >> On Thu, Sep 10, 2015 at 5:24 PM, wrote: >> Andre, >> >> Really? What should it be? I was curious and checked.. Entropy on some of my >> other big time production servers for email is only about 200) and its >> lightning fast? >> >> - Paul >> >> > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado >> > wrote: >> > >> > Hello, >> > Entropy of 158 is way too low for production servers. And this *MAY* cause >> > weird >> > slowness without logging any errors. >> > You could install "haveged" and configure for max threshold levels on >> > production >> > servers. >> > https://packages.debian.org/search?keywords=haveged >> > >> > Regards. >> > >> > Andre Felipe >> > http://www.techforce.com.br >> > >> > >> > >> > signaldevelo...@gmail.com wrote .. >> &g! t;> Ru dy, >> >> >> >> Entropy is 158 I just looked. And as far as compiling against urandom, to >> >> be >> > honest >> >> I'm >> >> not sure. >> >> >> >> - Paul >> >> >> >> >> >> >> >> >> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert wrote: >> >>> >> >>> >> >>> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: >> >>> >> Hosts file is fine I checked that, thanks. Kolab uses 389 to >> authenticate for everything, so Cyrus is using LDAP as you can see >> above. I think the problem lies in the constant TLS logins into >> Cyrus for every click: >> >> imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS User >> logged in >> SESSIONID= >> Sep 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: >> 0.009998 sys: 0.006999 >> >> >> Again its only one user, on roundcube... I am afraid to put any more >> users on it. There doesn't seem to be much of performance tweaks >> with Cyrus around the web either... >> >>> >> >>> does your system have enough entropy? >> >>> >> >>> Is saslauthd compiled against /dev/urandom? >> >>> >> >>> Rudy >> >>> >> >>> -- >> >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ! -- -- -- -- -- -- >> >>> Rudy Gevaert e-mail: rudy.geva...@ugent.be >> >>> Directie ICT, Afdeling Infrastructuur >> >>> Groep Systemen tel: +32 9 264 4750 >> >>> Universiteit Gent fax: +32 9 264 4994 >> >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be >> >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >> >>
Re: Cyrus tweaks (slow on roundcube)
Hello, By your numbers it seems that your machine is able to generate random numbers at good speed. But the problem is WHEN and HOW OFTEN. Afaik, the linux kernel waits too long to trigger the process to generate random numbers and fast paced process spawning or ssl connections could deplete pool before the process is triggered again. This is the problem that haveged could solve. Triggering a random numbers generation at a higher threshold and at higher frequency. http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ Well, it is only ONE of possible causes of your problem. Unfortunately one obscure and difficult to identify because it does not generate errors, crashes or logs. Simply slowness. Had you checked disk latency? Does your servers have enough sasl processes? We use Debian and did not find haveged installation issues, so you will have to search a bit more about your running errors. Regards. Andre Felipe http://www.techforce.com.br Paul Bronson wrote .. Guys, I ran cat /dev/urandom | rngtest -c 1000 and got:rngtest: starting FIPS tests... rngtest: bits received from input: 2032 rngtest: FIPS 140-2 successes: 998 rngtest: FIPS 140-2 failures: 2 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 1 rngtest: FIPS 140-2(2001-10-10) Long run: 1 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s rngtest: Program run time: 198018 microseconds Does this look bad to you considering all of my slow SASL auths? (no haveged is on at this point.. available entropy is between 131 - 160... pool size is default 4096. I also tried installing haveged, which worked fine, but as soon as I started the service it said something like process dead, sub sys locke! d... ? So rry, entropy is fairly new to me. On Thu, Sep 10, 2015 at 5:24 PM, wrote: Andre, Really? What should it be? I was curious and checked.. Entropy on some of my other big time production servers for email is only about 200) and its lightning fast? - Paul> On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado wrote: > > Hello, > Entropy of 158 is way too low for production servers. And this *MAY* cause weird > slowness without logging any errors. > You could install "haveged" and configure for max threshold levels on production > servers. > https://packages.debian.org/search?keywords=haveged > > Regards. > > Andre Felipe > http://www.techforce.com.br > > > > signaldevelo...@gmail.com wrote .. >> Rudy, >> >> Entropy is 158 I just looked. And as far as compiling against urandom, to be > honest >> I'm >> not sure. >> >> - Paul >> >> >> >> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert wrote:! >>> >>> >>> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: >>> Hosts file >>> is fine I checked that, thanks. Kolab uses 389 to authenticate for >>> everything, so Cyrus is using LDAP as you can see above. I think the >>> problem lies in the constant TLS logins into Cyrus for every click: >>> imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS >>> User logged in >>> SESSIONID= Sep >>> 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: 0.009998 >>> sys: 0.006999 Again its only one user, on roundcube... I am >>> afraid to put any more users on it. There doesn't seem to be much of >>> performance tweaks with Cyrus around the web either... >>> >>> does >>> your system have enough entropy? >>> >>> Is saslauthd compiled against >>> /dev/urandom? >>> >>> Rudy >>> >>> -- >>> -- -- -- -- -- -- -- -- -- -- -- >>> -- -- -- -- -- -- -- -- -- -- -- -- -- >>> Rudy Gevaert >>> ! e- mail: rudy.geva...@ugent.be >>> Directie ICT, Afdeling Infrastructuur >>> Groep Systemen tel: +32 9 264 4750 >>> Universiteit Gent fax: +32 9 264 4994 >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >>> >>> >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo! /info-cyr us Cyrus Home P
Re: Cyrus tweaks (slow on roundcube)
I tried imapproxy. It is the same speed. And again, definitely not hardware related. I see in the logs in queries the proxy and that works fine but not sure why it's still the same speed. - Paul > On Sep 11, 2015, at 2:47 PM, Andrew Morgan wrote: > >> On Thu, 10 Sep 2015, signaldevelo...@gmail.com wrote: >> >> Is there some type of log I can provide from Cyrus / sasl to help diagnose >> this better to the kolab guys? Other kolab guys I know say their entropy is >> right where I'm at and they aren't experiencing these slowness issues. >> >> Are their sasl or Cyrus logs I can provide? > > Maybe I missed this detail earlier in the thread, but why not run an IMAP > proxy to reduce the rate of new connections to Cyrus? Making a new IMAP > connection with every click seems abusive! :) > >Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
On Thu, 10 Sep 2015, signaldevelo...@gmail.com wrote: > Is there some type of log I can provide from Cyrus / sasl to help > diagnose this better to the kolab guys? Other kolab guys I know say > their entropy is right where I'm at and they aren't experiencing these > slowness issues. > > Are their sasl or Cyrus logs I can provide? Maybe I missed this detail earlier in the thread, but why not run an IMAP proxy to reduce the rate of new connections to Cyrus? Making a new IMAP connection with every click seems abusive! :) Andy Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
Hello This is difficult to diagnose, if not looking at the pool size. No error is logged, it is only "slow" or even suffering hiccups on extreme loads and or under specified cpu. "Every time a process is started, or allocates memory, it will reduce the entropy pool because entropy is used to randomize the placement of that memory." https://www.reddit.com/r/linux/comments/2hu9za/watch_the_amount_of_entropy_your_system_has/ckwi415 https://www.reddit.com/r/linux/comments/2hu9za/watch_the_amount_of_entropy_your_system_has/ Maybe others have better suggestions. Regards. Andre Felipe signaldevelo...@gmail.com wrote .. > Is there some type of log I can provide from Cyrus / sasl to help diagnose > this > better to the kolab guys? Other kolab guys I know say their entropy is right > where > I'm at and they aren't experiencing these slowness issues. > > Are their sasl or Cyrus logs I can provide? > > - Paul > > > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado > wrote: > > > > Hello, > > Entropy of 158 is way too low for production servers. And this *MAY* cause > > weird > > slowness without logging any errors. > > You could install "haveged" and configure for max threshold levels on > > production > > servers. > > https://packages.debian.org/search?keywords=haveged > > > > Regards. > > > > Andre Felipe > > http://www.techforce.com.br > > > > > > > > signaldevelo...@gmail.com wrote .. > >> Rudy, > >> > >> Entropy is 158 I just looked. And as far as compiling against urandom, to > >> be > > honest > >> I'm > >> not sure. > >> > >> - Paul > >> > >> > >> > >> > >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert wrote: > >>> > >>> > >>> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: > >>> > Hosts file is fine I checked that, thanks. Kolab uses 389 to > authenticate for everything, so Cyrus is using LDAP as you can see > above. I think the problem lies in the constant TLS logins into > Cyrus for every click: > > imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS User > logged in > SESSIONID= > Sep 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: > 0.009998 sys: 0.006999 > > > Again its only one user, on roundcube... I am afraid to put any more > users on it. There doesn't seem to be much of performance tweaks > with Cyrus around the web either... > >>> > >>> does your system have enough entropy? > >>> > >>> Is saslauthd compiled against /dev/urandom? > >>> > >>> Rudy > >>> > >>> -- > >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > >>> Rudy Gevaert e-mail: rudy.geva...@ugent.be > >>> Directie ICT, Afdeling Infrastructuur > >>> Groep Systemen tel: +32 9 264 4750 > >>> Universiteit Gent fax: +32 9 264 4994 > >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be > >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > >>> > >>> > >>> > >>> Cyrus Home Page: http://www.cyrusimap.org/ > >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > >>> To Unsubscribe: > >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > >> > >> Cyrus Home Page: http://www.cyrusimap.org/ > >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > >> To Unsubscribe: > >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > > Cyrus Home Page: http://www.cyrusimap.org/ > > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > > To Unsubscribe: > > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
When I installed havaged the process died instantly and gives me a locked sub system. If I restart it again, instantly dies again. Im on centos. Any ideas why this is happening? Anyone else experienced this? - Paul > On Sep 11, 2015, at 1:54 PM, Andre Felipe Machado > wrote: > > Hello, > We setup haveged threshold at 2048 (its max pool size is 4096 , afaik) for our > high load cyrus imap servers. > At our cyrus imap servers the depletion bursts are amazing. > Watch the entropy available during your peak ours and you will get an overview > of your needs. > Regards. > Andre Felipe > > > signaldevelo...@gmail.com wrote .. >> Andre, >> >> Really? What should it be? I was curious and checked.. Entropy on some of my >> other >> big time production servers for email is only about 200) and its lightning >> fast? >> >> - Paul >> >>> On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado > >> wrote: >>> >>> Hello, >>> Entropy of 158 is way too low for production servers. And this *MAY* cause >>> weird >>> slowness without logging any errors. >>> You could install "haveged" and configure for max threshold levels on >>> production >>> servers. >>> https://packages.debian.org/search?keywords=haveged >>> >>> Regards. >>> >>> Andre Felipe >>> http://www.techforce.com.br >>> >>> >>> >>> signaldevelo...@gmail.com wrote .. Rudy, Entropy is 158 I just looked. And as far as compiling against urandom, to be >>> honest I'm not sure. - Paul > On Sep 6, 2015, at 9:50 PM, Rudy Gevaert wrote: > > > Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: > >> Hosts file is fine I checked that, thanks. Kolab uses 389 to >> authenticate for everything, so Cyrus is using LDAP as you can see >> above. I think the problem lies in the constant TLS logins into >> Cyrus for every click: >> >> imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS User >> logged in >> SESSIONID= >> Sep 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: >> 0.009998 sys: 0.006999 >> >> >> Again its only one user, on roundcube... I am afraid to put any more >> users on it. There doesn't seem to be much of performance tweaks >> with Cyrus around the web either... > > does your system have enough entropy? > > Is saslauthd compiled against /dev/urandom? > > Rudy > > -- > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > Rudy Gevaert e-mail: rudy.geva...@ugent.be > Directie ICT, Afdeling Infrastructuur > Groep Systemen tel: +32 9 264 4750 > Universiteit Gent fax: +32 9 264 4994 > Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>> >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus tweaks (slow on roundcube)
Hello, We setup haveged threshold at 2048 (its max pool size is 4096 , afaik) for our high load cyrus imap servers. At our cyrus imap servers the depletion bursts are amazing. Watch the entropy available during your peak ours and you will get an overview of your needs. Regards. Andre Felipe signaldevelo...@gmail.com wrote .. > Andre, > > Really? What should it be? I was curious and checked.. Entropy on some of my > other > big time production servers for email is only about 200) and its lightning > fast? > > - Paul > > > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado > wrote: > > > > Hello, > > Entropy of 158 is way too low for production servers. And this *MAY* cause > > weird > > slowness without logging any errors. > > You could install "haveged" and configure for max threshold levels on > > production > > servers. > > https://packages.debian.org/search?keywords=haveged > > > > Regards. > > > > Andre Felipe > > http://www.techforce.com.br > > > > > > > > signaldevelo...@gmail.com wrote .. > >> Rudy, > >> > >> Entropy is 158 I just looked. And as far as compiling against urandom, to > >> be > > honest > >> I'm > >> not sure. > >> > >> - Paul > >> > >> > >> > >> > >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert wrote: > >>> > >>> > >>> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: > >>> > Hosts file is fine I checked that, thanks. Kolab uses 389 to > authenticate for everything, so Cyrus is using LDAP as you can see > above. I think the problem lies in the constant TLS logins into > Cyrus for every click: > > imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS User > logged in > SESSIONID= > Sep 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: > 0.009998 sys: 0.006999 > > > Again its only one user, on roundcube... I am afraid to put any more > users on it. There doesn't seem to be much of performance tweaks > with Cyrus around the web either... > >>> > >>> does your system have enough entropy? > >>> > >>> Is saslauthd compiled against /dev/urandom? > >>> > >>> Rudy > >>> > >>> -- > >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > >>> Rudy Gevaert e-mail: rudy.geva...@ugent.be > >>> Directie ICT, Afdeling Infrastructuur > >>> Groep Systemen tel: +32 9 264 4750 > >>> Universiteit Gent fax: +32 9 264 4994 > >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be > >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > >>> > >>> > >>> > >>> Cyrus Home Page: http://www.cyrusimap.org/ > >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > >>> To Unsubscribe: > >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > >> > >> Cyrus Home Page: http://www.cyrusimap.org/ > >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > >> To Unsubscribe: > >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > > Cyrus Home Page: http://www.cyrusimap.org/ > > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > > To Unsubscribe: > > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus