Le 16/03/2021 à 12:47, Eirik Rye a écrit : > > > On 03/15/2021 8:43 PM, Paterakis E. Ioannis wrote: >> It's not keepalived's work to tell the directors which backend is >> up/down. You can use poolmon for that. keepalived will make sure the >> floating ip will always be assigned on an alive haproxy. Then it's >> haproxies' work to check the aliveness of directors. Then It's >> Directors job to assign the users to the same dovecot backend all the >> time, and so on.... > > What is the purpose of HAProxy in this director setup? It seems like > an unecessary extra layer of proxying in your example. > > We run a setup with keepalived directors, and a bunch of dovecot IMAP > servers, and this works well. > > The directors have two IPs each, one static and one floating > (keepalived). The IPs listed in the "director_servers" setting are the > static IPs. The floating IPs are listed in DNS. > > If you simply configure dovecot to bind to all interfaces, and instead > use iptables to limit IMAP/POP/director connections to the interfaces > you want, there is no need to set `net.ipv4.ip_nonlocal_bind=1`. > > With all that said, I do agree that there should be a way to > explicitly set the director's announce/listen address, instead of > using the net_try_bind() method. > > If you need this feature, I doubt it would be very hard to patch by > adding a new configuration option, and then modifying this code to > check said option value, and use it (if present) instead of trying to > determine the IP: > > https://github.com/dovecot/core/blob/fb6aa64435e0ffd66b81cd4895127187f28fa20b/src/director/director.c#L86 > > > > - Eirik I second. Same simple and perfectly working setup here too.
Emmanuel.
