dovecot director and keepalived
Steven Varco
dovecot.org at bbs.varco.ch
Mon Mar 15 18:09:49 EET 2021
Hi John
Thanks for you input.
So you basically state that („physically“) separating the director servers from keepalive/haproxy servers is the only option?
I would like to avoid setting up two additional machines for that whenever possible, as any node more in the chain potentially is another point of failure… ;)
I’m curious to hear of any others how they did their dovecot IMAP HA setup, maybe raising som new ideas. :)
BTW: Why was never such a simple thing added to the direcotors code to .i.ex. just specifiy which is the IP of a director server itsels?
Example with a new configuriony option „my_director_sever“:
both directors:
-----
director_servers: 192.168.1.10 192.168.1.20
-----
on director-2:
-----
my_director_sever: 192.168.1.20
-----
cheers,
Steven
--
https://steven.varco.ch/
> Am 14.03.2021 um 20:14 schrieb Paterakis E. Ioannis <jpat at uoc.gr>:
>
> On 14/3/2021 6:52 μ.μ., Steven Varco wrote:
>
>> Hi All
>>
>> I’m trying to establish a dovecot HA setup with two loadbalancers, running keepalived for sharing a virtual public IP.
>> On the same machines I’m running a dovecot director which proxies the requests to two underlying mail servers (on seperate machines).
>>
>> Now I’m hitting the issue with the way director determines his „Self IP“ by trying to bind to all configured director_servers IPs, taking the first one possible.
>
> Each Director has to listen only on the static IP address of each machine. Then you have to configure the 2 directors in the HAproxies. The floating ip with keepalived will work along with the 2 HAproxies.
>
>> However this approach only works, when the sysctl setting is: net.ipv4.ip_nonlocal_bind=0
>> On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order to bind the VIP.
>
> You don't have to mess with these settings.
>
>> Other possible solutions I could think about:
>> - Configure each director as „independent“ by setting only one IP in director_servers.
>> => With this aporach you would loose the user to mailserver mapping, although only in a a case of a failover on the loadbalancer, which might can be neglected (or are there any other fallbacks?)
>
> The two directors have a connection to each other, so both know at the same time where's a user mapped. You don't have to worry about that. The user->dovecot mapping will work without any problems even if there is a failover.
>
>> - Putting director on seperated intermediate machines and proxing the requests through haproxy on the keepalived servers (keepalived -> haproxy -> director -> IMAP
>> => Besides the disadvantage of having another bunch of servers in the chain, also some special configuration on the directory servers might be neccessary to assure director works neatly with haproxy.
>
> The identical scenario will be to have keepalived along with haproxy on same machine, and directors on another. But can work with all three on the same as well. I use the keepalived, haproxy on two machines, with 2 directors underneath each one on different machine/hardware for the high availability's sake, and below them there are 3 dovecot servers.
>
>> So 2021, what is the „correct“ (best practive) way of having a reduntant HA setup for dovecot?
>
> Cheers :-)
>
> John
>
>
More information about the dovecot
mailing list