Hi John Thanks for you input.
So you basically state that („physically“) separating the director servers from keepalive/haproxy servers is the only option? I would like to avoid setting up two additional machines for that whenever possible, as any node more in the chain potentially is another point of failure… ;) I’m curious to hear of any others how they did their dovecot IMAP HA setup, maybe raising som new ideas. :) BTW: Why was never such a simple thing added to the direcotors code to .i.ex. just specifiy which is the IP of a director server itsels? Example with a new configuriony option „my_director_sever“: both directors: ----- director_servers: 192.168.1.10 192.168.1.20 ----- on director-2: ----- my_director_sever: 192.168.1.20 ----- cheers, Steven -- https://steven.varco.ch/ > Am 14.03.2021 um 20:14 schrieb Paterakis E. Ioannis <j...@uoc.gr>: > > On 14/3/2021 6:52 μ.μ., Steven Varco wrote: > >> Hi All >> >> I’m trying to establish a dovecot HA setup with two loadbalancers, running >> keepalived for sharing a virtual public IP. >> On the same machines I’m running a dovecot director which proxies the >> requests to two underlying mail servers (on seperate machines). >> >> Now I’m hitting the issue with the way director determines his „Self IP“ by >> trying to bind to all configured director_servers IPs, taking the first one >> possible. > > Each Director has to listen only on the static IP address of each machine. > Then you have to configure the 2 directors in the HAproxies. The floating ip > with keepalived will work along with the 2 HAproxies. > >> However this approach only works, when the sysctl setting is: >> net.ipv4.ip_nonlocal_bind=0 >> On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order to >> bind the VIP. > > You don't have to mess with these settings. > >> Other possible solutions I could think about: >> - Configure each director as „independent“ by setting only one IP in >> director_servers. >> => With this aporach you would loose the user to mailserver mapping, >> although only in a a case of a failover on the loadbalancer, which might can >> be neglected (or are there any other fallbacks?) > > The two directors have a connection to each other, so both know at the same > time where's a user mapped. You don't have to worry about that. The > user->dovecot mapping will work without any problems even if there is a > failover. > >> - Putting director on seperated intermediate machines and proxing the >> requests through haproxy on the keepalived servers (keepalived -> haproxy -> >> director -> IMAP >> => Besides the disadvantage of having another bunch of servers in the >> chain, also some special configuration on the directory servers might be >> neccessary to assure director works neatly with haproxy. > > The identical scenario will be to have keepalived along with haproxy on same > machine, and directors on another. But can work with all three on the same as > well. I use the keepalived, haproxy on two machines, with 2 directors > underneath each one on different machine/hardware for the high availability's > sake, and below them there are 3 dovecot servers. > >> So 2021, what is the „correct“ (best practive) way of having a reduntant HA >> setup for dovecot? > > Cheers :-) > > John > >
