Hi John
Thanks for you input.
So you basically state that („physically“) separating the director servers from keepalive/haproxy servers is the only option? I would like to avoid setting up two additional machines for that whenever possible, as any node more in the chain potentially is another point of failure… ;)
I’m curious to hear of any others how they did their dovecot IMAP HA setup, maybe raising som new ideas. :)
BTW: Why was never such a simple thing added to the direcotors code to .i.ex. just specifiy which is the IP of a director server itsels? Example with a new configuriony option „my_director_sever“:
both directors:
director_servers: 192.168.1.10 192.168.1.20
on director-2:
my_director_sever: 192.168.1.20
cheers, Steven
Am 14.03.2021 um 20:14 schrieb Paterakis E. Ioannis jpat@uoc.gr:
On 14/3/2021 6:52 μ.μ., Steven Varco wrote:
Hi All
I’m trying to establish a dovecot HA setup with two loadbalancers, running keepalived for sharing a virtual public IP. On the same machines I’m running a dovecot director which proxies the requests to two underlying mail servers (on seperate machines).
Now I’m hitting the issue with the way director determines his „Self IP“ by trying to bind to all configured director_servers IPs, taking the first one possible.
Each Director has to listen only on the static IP address of each machine. Then you have to configure the 2 directors in the HAproxies. The floating ip with keepalived will work along with the 2 HAproxies.
However this approach only works, when the sysctl setting is: net.ipv4.ip_nonlocal_bind=0 On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order to bind the VIP.
You don't have to mess with these settings.
Other possible solutions I could think about:
- Configure each director as „independent“ by setting only one IP in director_servers. => With this aporach you would loose the user to mailserver mapping, although only in a a case of a failover on the loadbalancer, which might can be neglected (or are there any other fallbacks?)
The two directors have a connection to each other, so both know at the same time where's a user mapped. You don't have to worry about that. The user->dovecot mapping will work without any problems even if there is a failover.
- Putting director on seperated intermediate machines and proxing the requests through haproxy on the keepalived servers (keepalived -> haproxy -> director -> IMAP => Besides the disadvantage of having another bunch of servers in the chain, also some special configuration on the directory servers might be neccessary to assure director works neatly with haproxy.
The identical scenario will be to have keepalived along with haproxy on same machine, and directors on another. But can work with all three on the same as well. I use the keepalived, haproxy on two machines, with 2 directors underneath each one on different machine/hardware for the high availability's sake, and below them there are 3 dovecot servers.
So 2021, what is the „correct“ (best practive) way of having a reduntant HA setup for dovecot?
Cheers :-)
John