Hi John
Thanks for you input.
So you basically state that (?physically?) separating the director servers from
keepalive/haproxy servers is the only option?
I would like to avoid setting up two additional machines for that whenever
possible, as any node more in the chain potentially is another point of failure?
;)
I?m curious to hear of any others how they did their dovecot IMAP HA setup,
maybe raising som new ideas. :)
BTW: Why was never such a simple thing added to the direcotors code to .i.ex.
just specifiy which is the IP of a director server itsels?
Example with a new configuriony option ?my_director_sever?:
both directors:
-----
director_servers: 192.168.1.10 192.168.1.20
-----
on director-2:
-----
my_director_sever: 192.168.1.20
-----
cheers,
Steven
--
https://steven.varco.ch/
> Am 14.03.2021 um 20:14 schrieb Paterakis E. Ioannis <jpat at uoc.gr>:
>
> On 14/3/2021 6:52 ?.?., Steven Varco wrote:
>
>> Hi All
>>
>> I?m trying to establish a dovecot HA setup with two loadbalancers,
running keepalived for sharing a virtual public IP.
>> On the same machines I?m running a dovecot director which proxies the
requests to two underlying mail servers (on seperate machines).
>>
>> Now I?m hitting the issue with the way director determines his ?Self
IP? by trying to bind to all configured director_servers IPs, taking the first
one possible.
>
> Each Director has to listen only on the static IP address of each machine.
Then you have to configure the 2 directors in the HAproxies. The floating ip
with keepalived will work along with the 2 HAproxies.
>
>> However this approach only works, when the sysctl setting is:
net.ipv4.ip_nonlocal_bind=0
>> On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order
to bind the VIP.
>
> You don't have to mess with these settings.
>
>> Other possible solutions I could think about:
>> - Configure each director as ?independent? by setting only one IP in
director_servers.
>> => With this aporach you would loose the user to mailserver
mapping, although only in a a case of a failover on the loadbalancer, which
might can be neglected (or are there any other fallbacks?)
>
> The two directors have a connection to each other, so both know at the same
time where's a user mapped. You don't have to worry about that. The
user->dovecot mapping will work without any problems even if there is a
failover.
>
>> - Putting director on seperated intermediate machines and proxing the
requests through haproxy on the keepalived servers (keepalived -> haproxy
-> director -> IMAP
>> => Besides the disadvantage of having another bunch of servers in
the chain, also some special configuration on the directory servers might be
neccessary to assure director works neatly with haproxy.
>
> The identical scenario will be to have keepalived along with haproxy on
same machine, and directors on another. But can work with all three on the same
as well. I use the keepalived, haproxy on two machines, with 2 directors
underneath each one on different machine/hardware for the high
availability's sake, and below them there are 3 dovecot servers.
>
>> So 2021, what is the ?correct? (best practive) way of having a
reduntant HA setup for dovecot?
>
> Cheers :-)
>
> John
>
>