dovecot director and keepalived

Mon Mar 15 18:09:49 EET 2021

Hi John

Thanks for you input.

So you basically state that („physically“) separating the director servers from keepalive/haproxy servers is the only option?
I would like to avoid setting up two additional machines for that whenever possible, as any node more in the chain potentially is another point of failure… ;)

I’m curious to hear of any others how they did their dovecot IMAP HA setup, maybe raising som new ideas. :)

BTW: Why was never such a simple thing added to the direcotors code to .i.ex. just specifiy which is the IP of a director server itsels?
Example with a new configuriony option „my_director_sever“:

both directors:
-----
director_servers: 192.168.1.10 192.168.1.20 
-----

on director-2:
-----
my_director_sever: 192.168.1.20 
-----

cheers,
Steven

-- 
https://steven.varco.ch/ 

> Am 14.03.2021 um 20:14 schrieb Paterakis E. Ioannis <jpat at uoc.gr>:
> 
> On 14/3/2021 6:52 μ.μ., Steven Varco wrote:
> 
>> Hi All
>> 
>> I’m trying to establish a dovecot HA setup with two loadbalancers, running keepalived for sharing a virtual public IP.
>> On the same machines I’m running a dovecot director which proxies the requests to two underlying mail servers (on seperate machines).
>> 
>> Now I’m hitting the issue with the way director determines his „Self IP“ by trying to bind to all configured director_servers IPs, taking the first one possible.
> 
> Each Director has to listen only on the static IP address of each machine. Then you have to configure the 2 directors in the HAproxies. The floating ip with keepalived will work along with the 2 HAproxies.
> 
>> However this approach only works, when the sysctl setting is: net.ipv4.ip_nonlocal_bind=0
>> On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order to bind the VIP.
> 
> You don't have to mess with these settings.
> 
>> Other possible solutions I could think about:
>> - Configure each director as „independent“ by setting only one IP in director_servers.
>>   => With this aporach you would loose the user to mailserver mapping, although only in a a case of a failover on the loadbalancer, which might can be neglected (or are there any other fallbacks?)
> 
> The two directors have a connection to each other, so both know at the same time where's a user mapped. You don't have to worry about that. The user->dovecot mapping will work without any problems even if there is a failover.
> 
>> - Putting director on seperated intermediate machines and proxing the requests through haproxy on the keepalived servers (keepalived -> haproxy -> director -> IMAP
>>    => Besides the disadvantage of having another bunch of servers in the chain, also some special configuration on the directory servers might be neccessary to assure director works neatly with haproxy.
> 
> The identical scenario will be to have keepalived along with haproxy on same machine, and directors on another. But can work with all three on the same as well. I use the keepalived, haproxy on two machines, with 2 directors underneath each one on different machine/hardware for the high availability's sake, and below them there are 3 dovecot servers.
> 
>> So 2021, what is the „correct“ (best practive) way of having a reduntant HA setup for dovecot?
> 
> Cheers :-)
> 
> John
> 
> 