dovecot director and keepalived

FUSTE Emmanuel emmanuel.fuste at thalesgroup.com
Tue Mar 16 14:07:10 EET 2021


Le 16/03/2021 à 12:47, Eirik Rye a écrit :
>
>
> On 03/15/2021 8:43 PM, Paterakis E. Ioannis wrote:
>> It's not keepalived's work to tell the directors which backend is 
>> up/down. You can use poolmon for that. keepalived will make sure the 
>> floating ip will always be assigned on an alive haproxy. Then it's 
>> haproxies' work to check the aliveness of directors. Then It's 
>> Directors job to assign the users to the same dovecot backend all the 
>> time, and so on....
>
> What is the purpose of HAProxy in this director setup? It seems like 
> an unecessary extra layer of proxying in your example.
>
> We run a setup with keepalived directors, and a bunch of dovecot IMAP 
> servers, and this works well.
>
> The directors have two IPs each, one static and one floating 
> (keepalived). The IPs listed in the "director_servers" setting are the 
> static IPs. The floating IPs are listed in DNS.
>
> If you simply configure dovecot to bind to all interfaces, and instead 
> use iptables to limit IMAP/POP/director connections to the interfaces 
> you want, there is no need to set `net.ipv4.ip_nonlocal_bind=1`.
>
> With all that said, I do agree that there should be a way to 
> explicitly set the director's announce/listen address, instead of 
> using the net_try_bind() method.
>
> If you need this feature, I doubt it would be very hard to patch by 
> adding a new configuration option, and then modifying this code to 
> check said option value, and use it (if present) instead of trying to 
> determine the IP:
>
> https://github.com/dovecot/core/blob/fb6aa64435e0ffd66b81cd4895127187f28fa20b/src/director/director.c#L86 
>
>
> - Eirik
I second.
Same simple and perfectly working setup here too.

Emmanuel.


More information about the dovecot mailing list