dovecot director and keepalived

Mon Mar 15 20:30:46 EET 2021

Am 14.03.21 um 17:52 schrieb Steven Varco:
> Hi All
> 
> I’m trying to establish a dovecot HA setup with two loadbalancers, running keepalived for sharing a virtual public IP.
> On the same machines I’m running a dovecot director which proxies the requests to two underlying mail servers (on seperate machines).
> 
> Now I’m hitting the issue with the way director determines his „Self IP“ by trying to bind to all configured director_servers IPs, taking the first one possible.
> 
> However this approach only works, when the sysctl setting is: net.ipv4.ip_nonlocal_bind=0
> On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order to bind the VIP.
> 
> The last topic on that is dating back to 2016 (https://dovecot.org/pipermail/dovecot/2016-August/105191.html) with references to 2012 (https://www.dovecot.org/list/dovecot/2012-November/087033.html) and no solution posted so far.
> 
> After five more years :D, I’m asking myself if we finally have a solution for that, or if my approach of achieving clustered director servers is potentially wrong?
> 
> Other possible solutions I could think about:
> - Configure each director as „independent“ by setting only one IP in director_servers.
>    => With this aporach you would loose the user to mailserver mapping, although only in a a case of a failover on the loadbalancer, which might can be neglected (or are there any other fallbacks?)
> 
> - Only have director running on the currently active loadblancer node and stopped on the passive loadblancer node (would possibly have the same effects as above).
> 
> - Putting director on seperated intermediate machines and proxing the requests through haproxy on the keepalived servers (keepalived -> haproxy -> director -> IMAP
>     => Besides the disadvantage of having another bunch of servers in the chain, also some special configuration on the directory servers might be neccessary to assure director works neatly with haproxy.
> 
> 
> So 2021, what is the „correct“ (best practive) way of having a reduntant HA setup for dovecot?
> 
> This means a MUA connects to one public IP and gets connected to (preferably the same) IMAP Server, no matter which machine in the whole chain might be down?
> PS: Using just multiple A records on the mail domain name (round-robin), while working perfectly for SMTP is not accepatbl for IMAP IMHO, as in case of a failure every second request from the client (MUA) would fail and most MUAs are not automatially reconnecting again in that case.
> 
> thanks,
> Steven
> 

hi ,i had this long time ago

https://blog.sys4.de/tag/keepalived.html

but dovecot has some new stuff since then, you might combinate them with 
keepalived which worked extrem good

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein