Viktor Dukhovni:
>
>
> > On Dec 18, 2017, at 9:09 PM, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > The Docker approach complicates Postfix multi-instance support so
> > we may have to forego that. What remains is to determine that Docker
> > shutdown, i.e. yanking the container from under a running Postfix
> > system, will be no worse than an ordinary system crash, i.e. it
> > should not result in loss of email.
>
> It should not be that hard to construct a minder process for multiple
> Postfix instances. Such a thing might be useful even for single-instance
> deployments to allow "postfix-restart" to work sensibly. I don't think
> such a beast should at present be bundled with Postfix. This can be
> a separate project. All that Postfix needs to provide is a foreground
> master(8) daemon.
I think that Docker fundamentally wants one service instance per
container. On Postfix service instance translates into one queue,
for example submission+smtp sharing one queue, similar to http+https
sharing one website. Let's not fight the Docker approach, and leave
orchestration to a different layer in the stack.
I'm more concerned about queue persistence. If instances are scaled
horizontally, then scaling down should not result in disappearance
of a message that was queued in a decommissioned service instance.
As for forgrounding, this must happen only after the 'postfix
check' sanity checks and repairs complete sucessfully. Running a
'bare' master daemon would violate design assumptions. So this
will require a new 'postfix' subcommand that starts exactly one
instance in the foreground.
Wietse
