My own personal setup is a 3-node system using three cheap VPS'. I also
helped to set the same thing up for a previous company using proper
systems, this was handling customer email.
Everything possible is kept in mariadb with galera for master-master
replication. Two main mail nodes with
dovecot/nginx/roundcube/spamassassin/etc and a third as a mariadb quorum
node. Dovecot uses replication to keep the encrypted mailstores in
sync.
This way there is no need for HA storage - you're relying on
replication. Oh, and the replication all happens over a tinc vpn mesh
network, but would work equally well over zerotier or whatever.
I have an ansible playbook to set the whole thing up automagically. I'm
working on cleaning it up and documenting it so others can use it as
well. So long as you have ssh key'd access to 3 nodes, it will build
the entire setup.
I'll put it up on github in a few weeks. NOTE: this is built for MY
needs. It might not meet your needs. But when it's ready(ish) you're
welcome to try it out. For example, it's not true HA - you have to hit
one node or the other. If you control your own DNS you could set up
round-robin for a mail.yourdomain.com rather than using
mail1.yourdomain.com and mail2.yourdomain.com. For me, I don't bother.
Dean.
On 2020-01-11 3:50 am, Jean-Daniel wrote:
If you just want active/standby, you can simply use corosync/pacemaker
as other already suggest and don’t use Director.
I have a dovecot HA server that uses floating IP and pacemaker to
managed it, and it works quite well.
The only real hard part is having a HA storage.
You can simply use a NFS storage shared by both servers (as long as
only one has the floating IP, you won’t have issue with the same
client accessing it from both servers), but the storage will then be a
single point of failure.
You may have both server have their own storage and sync it using
dovecot replicator (I have never tried, so I can’t say for sure), or
have an other layer taking care of the storage sync (like DRDB).
While drdb is fine to sync dovecot storage, it may not be enough if
you really want HA and have other services (postfix, rspamd, …)
running on that server, as you may need to also have the postfix
queues (or other data) sync on both servers.
Le 10 janv. 2020 à 21:12, Adrian Minta <adrian.mi...@gmail.com> a
écrit :
Yes, but it works for small systems if you set IP source address
persistence on LB or even better, if you set priority to be
Active/Standby. I couldn't find a good example with dovecot director
and backend on the same server, so adding another two machines seems
overkill for small setups.
If someone has a working example for this please make it public !
Quote from https://wiki2.dovecot.org/Director
"Director and Backend in same server (broken)
NOTE: This feature never actually worked. It would require further
development to fix (director would need to add "proxy" field to extra
fields and notify auth that the auth_request can be freed)."
Also:
https://dovecot.org/pipermail/dovecot/2012-May/135600.htm
https://www.dovecot.org/list/dovecot/2012-June/083983.html
On 1/10/20 8:09 PM, Aki Tuomi wrote:
Also you should probably use dovecot director to ensure same user
sessions end up on same server, as it's not supported to access same
user on different backends in this scenario.
Aki
On 10/01/2020 19:49 Adrian Minta <adrian.mi...@gmail.com> wrote:
Hello,
you need to "clone" the first server, change the ip address, mount
the same maildir storage and use some mechanism to share the
accounts database.
Then you need to put a TCP load-balancer in front of the servers an
you are good to go. This is the easiest solution if you already have
in the network an appliance that can do LB. For instance if you
already have a firewall with that function.
Another solution is to make a cluster with corosync/pacemaker out
of the two servers:
https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04
https://linuxacademy.com/blog/linux-academy/configure-a-failover-cluster-with-pacemaker/
On 1/10/20 7:16 PM, Kishore Potnuru wrote:
Thank you all for the replies....
I have the test environment with the same configuration. But I
have been asked to go with same environment for HA/Resilience in
Live.
Yes, I have only one Live server. It is configured in "Maildir"
format. The data stores on a Network / Shared Storage (But
definitely not local disk, its a mount point).
I have been asked to create a HA/Resilience for this
environment. They gave me another server with same ram/cpu/os and I
need to configure the dovecot on it.
Please provide your suggestions/steps as I am new to this kind
of environment.
Is it possible, when any email comes to any one or both of the
two servers, how it will be read by the user from Outlook? How to
create the environment?
Thanks,
Kishore Potnuru
On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola
<sami.ket...@dovecot.fi> wrote:
> On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <m...@netbsd.org>
wrote:
>
> On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>> Replication is not supported with mbox. Most features are not.
>
> It would be nice if the document about replication could tell
> what setup works.
First step in setting up HA system would be to migrate away
from mbox.
Sami
