On 03/15/2021 8:43 PM, Paterakis E. Ioannis wrote:
It's not keepalived's work to tell the directors which backend is up/down. You can use poolmon for that. keepalived will make sure the floating ip will always be assigned on an alive haproxy. Then it's haproxies' work to check the aliveness of directors. Then It's Directors job to assign the users to the same dovecot backend all the time, and so on....
What is the purpose of HAProxy in this director setup? It seems like an unecessary extra layer of proxying in your example.
We run a setup with keepalived directors, and a bunch of dovecot IMAP servers, and this works well.
The directors have two IPs each, one static and one floating (keepalived). The IPs listed in the "director_servers" setting are the static IPs. The floating IPs are listed in DNS.
If you simply configure dovecot to bind to all interfaces, and instead
use iptables to limit IMAP/POP/director connections to the interfaces
you want, there is no need to set net.ipv4.ip_nonlocal_bind=1.
With all that said, I do agree that there should be a way to explicitly set the director's announce/listen address, instead of using the net_try_bind() method.
If you need this feature, I doubt it would be very hard to patch by adding a new configuration option, and then modifying this code to check said option value, and use it (if present) instead of trying to determine the IP:
https://github.com/dovecot/core/blob/fb6aa64435e0ffd66b81cd4895127187f28fa20...
- Eirik