dovecot director and keepalived
Eirik Rye
rye at trojka.no
Tue Mar 16 13:47:06 EET 2021
On 03/15/2021 8:43 PM, Paterakis E. Ioannis wrote:
> It's not keepalived's work to tell the directors which backend is
> up/down. You can use poolmon for that. keepalived will make sure the
> floating ip will always be assigned on an alive haproxy. Then it's
> haproxies' work to check the aliveness of directors. Then It's Directors
> job to assign the users to the same dovecot backend all the time, and so
> on....
What is the purpose of HAProxy in this director setup? It seems like an
unecessary extra layer of proxying in your example.
We run a setup with keepalived directors, and a bunch of dovecot IMAP
servers, and this works well.
The directors have two IPs each, one static and one floating
(keepalived). The IPs listed in the "director_servers" setting are the
static IPs. The floating IPs are listed in DNS.
If you simply configure dovecot to bind to all interfaces, and instead
use iptables to limit IMAP/POP/director connections to the interfaces
you want, there is no need to set `net.ipv4.ip_nonlocal_bind=1`.
With all that said, I do agree that there should be a way to explicitly
set the director's announce/listen address, instead of using the
net_try_bind() method.
If you need this feature, I doubt it would be very hard to patch by
adding a new configuration option, and then modifying this code to check
said option value, and use it (if present) instead of trying to
determine the IP:
https://github.com/dovecot/core/blob/fb6aa64435e0ffd66b81cd4895127187f28fa20b/src/director/director.c#L86
- Eirik
More information about the dovecot
mailing list