[Users] Memcached...

Frédéric Nass frederic.nass at univ-lorraine.fr
Fri May 14 21:47:44 CEST 2021 

Hello David,

Zimbra uses Memcached to store information about which mailbox is on 
which store. Memcached servers generally run on proxy servers and for 
availability reasons both Memcached servers should contain the same 
information so that if one Memcached / proxy server falls down, the 
other one takes over.

Unless the network latency between both sites is so high that ZCS is 
unable to operate properly, I would suggest you make sure that both 
servers can reach each other on Memcached port 11211 and you remove any 
values set for zimbraMemcachedBindAddress and 
zimbraMemcachedClientServerList before giving it another try. Only make 
sure ports 11211 are not exposed to the Internet.

You might find these documentations [1] and [2] interesting.

Regards,

Frédéric.

[1] https://wiki.zimbra.com/index.php?title=Blocking_Memcached_Attack
[2] https://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy_and_memcached

Le 10/05/2021 à 16:21, David Merrill a écrit :
>
> Hi All,
>
> I’ve been struggling with a POC where I’ve got two Zimbra servers 
> (both with proxy, LDAP, mailbox, SMTP sevices installed) in two 
> different data-centers paired up as a “farm” (with the hope that I’ll 
> be able to ultimately migrate mailboxes between them). I’ve arranged 
> DNS-resolution, ACLs and local UFW firewall rules so each server can 
> find & fully-access the other (via the others public-IP address). 
> Pairing up the servers was straightforward enough (LDAP MMR is up and 
> running) and I can fully manage both servers from either proxy server.
>
>   * End-user mailbox access via the web-UI has issues though. I THINK
>     I’ve isolated it to memcached (it’s running on both Zimbra servers
>     – at some point I’ll retire one of the servers after mailboxes are
>     migrated).
>   * What happens is web-UI partially loads (looks mostly fine, but the
>     folder on the left hand side is missing and  some of the tabs are
>     broken (they throw javascript errors – due to missing content).
>   * Looking through the logs it seems that each server is having
>     trouble getting to port 11211 (memcached) on the “other server”
>   * Despite that I could telnet to the other server on port 11211 just
>     fine.
>
> I’ve got a support ticket open w/Zimbra but I wanted to ask the group 
> a couple questions based on my observations.
>
> Support had me set the following on each server:
>
> zmprov ms $(zmhostname) zimbraMemcachedBindAddress 127.0.0.1
>
> zmprov ms $(zmhostname) zimbraMemcachedClientServerList 127.0.0.1
>
> Once that was one the web-UI was “fine” (albeit a bit slower – because 
> I think memcached on each server has been isolated to itself).
>
> Collateral-damage on this was that ActiveSync clients starting having 
> issues (lots of log entries in nginx.log complaining about not being 
> able to get to memcahed).r
>
> Questions (I’ve read much about memcached but references to this are 
> slim):
>
>   * What is zimbraMemcachedClientServerList for exactly? (I THOGUHT it
>     might be a layer of security – listing allowed clients & set
>     allowed private/public IPs – but no joy there)
>
> Also:
>
>   * Is memcached (as it’s meant used in Zimbra) cool to be running on
>     multiple servers?
>   * If so are the memcached processes(as it’s meant used in Zimbra)
>      on each server supposed to talk to each other?
>
> Thanks for your consideration,
>
> David
>
> *David Merrill*
>
> *Senior Systems Engineer,*
>
> *Managed and Private/Hybrid Cloud Services*
>
> *OTELCO*
>
> 92 Oak Street, Portland ME 04101
>
> office 207.772.5678 <callto:207.772.5678>
>
> *http://www.otelco.com/cloud-and-managed-services 
> <http://www.otelco.com/cloud-and-managed-services>*
>
> *Confidentiality Message*
> The information contained in this e-mail transmission may be 
> confidential and legally privileged. If you are not the intended 
> recipient, you are notified that any dissemination, distribution, 
> copying or other use of this information, including attachments, is 
> prohibited. If you received this message in error, please call me at 
> 207.772.5678 <callto:207.772.5678> so this error can be corrected.
>
-- 
Cordialement,

Frédéric Nass

Direction du Numérique
Sous-Direction Infrastructures et Services
Université de Lorraine.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20210514/59da4cb9/attachment.html>

More information about the Users mailing list