Wandering Thoughts archives

2018-03-25

Our revised Dovecot IMAP configuration migration plans (and processes)

Back at the start of January, I wrote up the goals and problems of our Dovecot IMAP migration, and in an appendix at the end I outlined what became our initial migration plans. We would build an entirely new Dovecot server that was set up with people's IMAP mail folder storage being a subdirectory of their $HOME, say $HOME/mail (call this the IMAP root), and then we would get people to move to this server one by one. Migration would require them to change their clients and might require them (or us) to move files in Unix. Eventually we would tell the remaining holdouts that we were just going to turn off the old IMAP server and they had to migrate now.

Initially, the great virtue I saw in this plan was that it was entirely user driven and didn't require us to do anything. The users did everything, could go at their own speed, and were completely responsible for what happened. In an environment where we couldn't count on clients using IMAP subscriptions so we could know what people's mailboxes actually were, things had to be user-driven anyway, and we generally try to stay out of doing per-user things because it doesn't scale; we have a lot of users and not very many people looking after our central systems (including the IMAP server).

As we talked more and more about this, we realized that the central problem with this plan is that everyone had to migrate and this involved the users doing things (often at the Unix level), or getting someone to help them. As mentioned, we have a lot of users, and some of them are quite important (eg, professors) and can't just be abandoned to their fate. There was no way to make this not be disruptive to people. At the same time, most of our users were not causing any problems, which meant that we'd be forcing a lot of people to do disruptive things (on all of their devices, better not miss one) to deal with a problem created by a much smaller number of users.

If this was the only way to deal with things, we might still have gone ahead with it. But as I sort of alluded to in passing in the January entry, it's possible to do this on a per-user basis in Dovecot using a shell script (see the bottom of MailLocation). After we talked it over, we decided that this was the way we wanted to handle the migration to people's IMAP sessions being confined to a subdirectory of their $HOME; it would be done on a per-user basis and we'd directly target high-priority problem cases. The vast majority of our current users would forever stay un-migrated, while new users would be set up to be confined to a $HOME subdirectory from the start (ie, using the new IMAP root).

As much as possible, we wanted this migration to be transparent to users (or at least important ones). That meant that the IMAP mailbox names as seen by the clients couldn't change, and that meant that no matter what we were going to have to move files around; there's no other way for this to be transparent to clients when you change the IMAP root. Given that, it wasn't important to pick a new IMAP root that people already used for mailboxes, so we picked $HOME/IMAP for various reasons (including that calling it this made it clear what it was for).

Since this plan means that we're moving user mailboxes around at least some of the time (in order to migrate problem users), knowing what those mailboxes were became important enough to get us to hack some mailbox logging into Dovecot. Having this information has been extremely reassuring. Even when it just duplicates the information in a user's .subscriptions file, it also confirms that that information is accurate and complete.

We started out with plans for a two-stage operation for most users, where we'd first tell them to move all of their IMAP mailboxes under 'mail/' in their client (ie, $HOME/mail) before some deadline, then at the deadline we'd make $HOME/mail into $HOME/IMAP/mail and flip the server setting that made $HOME/IMAP their IMAP root. In practice it's turned out to be easier to do the file moving ourselves, based on both .subscriptions and the logs, so our current approach is to just tell various users 'unless you object, at time X we'll be improving your IMAP client experience by ...' and then at time X we do everything ourselves. It's been a little bit surprising how few actual active mailboxes some of these users have, especially relative to how much of an impact they've been having on the server.

(This genuinely does improve the IMAP client experience for people, for obvious reasons. An IMAP client that is scanning all of your $HOME and maybe opening all the files there is generally not a responsive client, not if your $HOME is at all big.)

PS: Although I haven't been writing about it here on Wandering Thoughts until recently, our IMAP situation has been consuming a lot of my attention and time at work. It's turned into a real learning experience in several ways.

sysadmin/IMAPMigrationRevised written at 03:02:48;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.