dovecot director and keepalived
FUSTE Emmanuel
emmanuel.fuste at thalesgroup.com
Tue Mar 16 14:07:10 EET 2021
Le 16/03/2021 à 12:47, Eirik Rye a écrit :
>
>
> On 03/15/2021 8:43 PM, Paterakis E. Ioannis wrote:
>> It's not keepalived's work to tell the directors which backend is
>> up/down. You can use poolmon for that. keepalived will make sure the
>> floating ip will always be assigned on an alive haproxy. Then it's
>> haproxies' work to check the aliveness of directors. Then It's
>> Directors job to assign the users to the same dovecot backend all the
>> time, and so on....
>
> What is the purpose of HAProxy in this director setup? It seems like
> an unecessary extra layer of proxying in your example.
>
> We run a setup with keepalived directors, and a bunch of dovecot IMAP
> servers, and this works well.
>
> The directors have two IPs each, one static and one floating
> (keepalived). The IPs listed in the "director_servers" setting are the
> static IPs. The floating IPs are listed in DNS.
>
> If you simply configure dovecot to bind to all interfaces, and instead
> use iptables to limit IMAP/POP/director connections to the interfaces
> you want, there is no need to set `net.ipv4.ip_nonlocal_bind=1`.
>
> With all that said, I do agree that there should be a way to
> explicitly set the director's announce/listen address, instead of
> using the net_try_bind() method.
>
> If you need this feature, I doubt it would be very hard to patch by
> adding a new configuration option, and then modifying this code to
> check said option value, and use it (if present) instead of trying to
> determine the IP:
>
> https://github.com/dovecot/core/blob/fb6aa64435e0ffd66b81cd4895127187f28fa20b/src/director/director.c#L86
>
>
> - Eirik
I second.
Same simple and perfectly working setup here too.
Emmanuel.
More information about the dovecot
mailing list