Am 14.03.21 um 17:52 schrieb Steven Varco:
Hi All
I’m trying to establish a dovecot HA setup with two loadbalancers, running
keepalived for sharing a virtual public IP.
On the same machines I’m running a dovecot director which proxies the requests
to two underlying mail servers (on seperate machines).
Now I’m hitting the issue with the way director determines his „Self IP“ by
trying to bind to all configured director_servers IPs, taking the first one
possible.
However this approach only works, when the sysctl setting is:
net.ipv4.ip_nonlocal_bind=0
On the other side keepalived needs net.ipv4.ip_nonlocal_bind=1 in order to bind
the VIP.
The last topic on that is dating back to 2016
(https://dovecot.org/pipermail/dovecot/2016-August/105191.html) with references
to 2012 (https://www.dovecot.org/list/dovecot/2012-November/087033.html) and no
solution posted so far.
After five more years :D, I’m asking myself if we finally have a solution for
that, or if my approach of achieving clustered director servers is potentially
wrong?
Other possible solutions I could think about:
- Configure each director as „independent“ by setting only one IP in
director_servers.
=> With this aporach you would loose the user to mailserver mapping,
although only in a a case of a failover on the loadbalancer, which might can be
neglected (or are there any other fallbacks?)
- Only have director running on the currently active loadblancer node and
stopped on the passive loadblancer node (would possibly have the same effects
as above).
- Putting director on seperated intermediate machines and proxing the requests through
haproxy on the keepalived servers (keepalived -> haproxy -> director -> IMAP
=> Besides the disadvantage of having another bunch of servers in the
chain, also some special configuration on the directory servers might be
neccessary to assure director works neatly with haproxy.
So 2021, what is the „correct“ (best practive) way of having a reduntant HA
setup for dovecot?
This means a MUA connects to one public IP and gets connected to (preferably
the same) IMAP Server, no matter which machine in the whole chain might be down?
PS: Using just multiple A records on the mail domain name (round-robin), while
working perfectly for SMTP is not accepatbl for IMAP IMHO, as in case of a
failure every second request from the client (MUA) would fail and most MUAs are
not automatially reconnecting again in that case.
thanks,
Steven
hi ,i had this long time ago
https://blog.sys4.de/tag/keepalived.html
but dovecot has some new stuff since then, you might combinate them with
keepalived which worked extrem good
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
