Upgrading Cluster

Discussion in 'Mail Gateway: HA Cluster' started by AllCore James, Feb 3, 2019.

  1. AllCore James

    AllCore James New Member

    Joined:
    Dec 20, 2018
    Messages:
    8
    Likes Received:
    0
    Hello,

    We built a small 3 server cluster to test PMG before we fully committed to it... we are pleased in general with the results.

    We are in the process of rebuilding the cluster/upgrading it:

    We have built all the new servers spread across different hardware on new SSD drives etc. We want to have the new servers promoted to be used so we can remove/delete the old servers.

    the master right now is "pmg01" - we want to have the new master "portal" be upgraded/promoted to the new master... is there a way to do this so we don't lose our existing configs and whitelists? we want all mail sent out regarding the quarantine to come from this new server.

    The next thing we need to do is re-apply the existing licenses we purchased to the new servers... can this be done as well or are those licenses lost?
     
  2. oguz

    oguz Proxmox Staff Member
    Staff Member

    Joined:
    Nov 19, 2018
    Messages:
    315
    Likes Received:
    26
    From PMG Documentation Chapter 8.4.5:

    Master Failure
    • force another node to be master
    Code:
    pmgcm promote
    
    • tell other nodes that master has changed
    Code:
    pmgcm sync --master_ip <master_ip>
    
    From PMG Subscription Agreement:

    3.10. Server change – moving a subscription key to a new server
    If you want to move your subscription key to a new server, for example because you have replaced your
    hardware, you can request a reissue of the subscription key. This can be done 3 times per year without any
    costs involved via the self service portal at https://shop.maurer-it.com (or via your reseller). If you need
    more re-issues, request this from your reseller.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. AllCore James

    AllCore James New Member

    Joined:
    Dec 20, 2018
    Messages:
    8
    Likes Received:
    0
    hello,

    thanks for the email and advice. I have run the commands you suggested:..
    I went to the new master server and ran the "pmgcm promote" command...
    I ssh'd into each of the other servers and then also ran the pmgcm --sync command with the IP address for the new server

    I rebooted the original 3 test servers... however I am seeing the following "errors" / "weirdness":

    1. the new master server does not have all of the data on the dashboard... the old master is still way more up to date..
    2. When I look at the cluster nodes, I see that the old master node is still listed as active and the new master node is "syncing" for some reason
     
  4. AllCore James

    AllCore James New Member

    Joined:
    Dec 20, 2018
    Messages:
    8
    Likes Received:
    0
    Now on the new master I just got kicked out of the interface and also had the following error dumped on the screen in a pop up:


    smtp163:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp181:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    mx101:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp161:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp152:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    mx103:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    pmg02:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    pmg01:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp162:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp183:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp153:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    mx102:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files
    smtp182:
    500 SSL_ca_file /etc/ssl/certs/ca-certificates.crt can't be used: Too many open files


    The strange part is we have not attempted to use any SSL yet...
     
  5. Stoiko Ivanov

    Stoiko Ivanov Proxmox Staff Member
    Staff Member

    Joined:
    May 2, 2018
    Messages:
    943
    Likes Received:
    74
    Could you please post a redacted (strip any sensitive data like ip-addresses and domain-names) output of `journalctl --since 2019-02-01`)?
    Additionally please check the log in `/var/log/pmgproxy/pmgproxy.log`.

    With that description it's hard to know where the limit was hit.

    It could be a bug in our stack - but we need more information to verify this
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice