Dovecot HA/Resilience

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

Dovecot HA/Resilience

Kishore Potnuru
Hi Dovecot team, 

I need help in configuring HA/resilence for my dovecot (POP3/IMAP) server.

I have one RHEL Linux POP3/IMAP server with Dovecot version 2.2.10. I also installed the postfix(version: 2.6.6) in it. At present it have around 10 domains and each domain is having around 20 email boxes. It has very simple configuration.

User's reading the email via some internal applications/Outlook.

I would like to create resilience/HA for this environment. Could you please suggest me, what is the easiest way to achieve this?

If any one can suggest step by step that will be more helpful to me.  

Thanks,
Kishore
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Aki Tuomi-3

> On 09/01/2020 18:25 Kishore Potnuru <[hidden email]> wrote:
>
>
> Hi Dovecot team, 
>
> I need help in configuring HA/resilence for my dovecot (POP3/IMAP) server.
>
> I have one RHEL Linux POP3/IMAP server with Dovecot version 2.2.10. I also installed the postfix(version: 2.6.6) in it. At present it have around 10 domains and each domain is having around 20 email boxes. It has very simple configuration.
>
> User's reading the email via some internal applications/Outlook.
>
> I would like to create resilience/HA for this environment. Could you please suggest me, what is the easiest way to achieve this?
>
> If any one can suggest step by step that will be more helpful to me.
>
> Thanks,
> Kishore

You could consider using more recent version of dovecot. 2.2.10 is already over 5 years old.

Aki
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Kishore Potnuru
 Thank you Aki for the reply. 

But I cannot disturb the version at present as it is a live server and thousands of emails will circulate every hour.

Could you please suggest me how to create HA/resilience for the existing environment. I have another server ready with the similar configuration. Please provide any steps/link for me to proceed on this? It will be a great help to me.

Thanks,
Kishore

On Thu, Jan 9, 2020 at 4:33 PM Aki Tuomi <[hidden email]> wrote:

> On 09/01/2020 18:25 Kishore Potnuru <[hidden email]> wrote:
>
>
> Hi Dovecot team, 
>
> I need help in configuring HA/resilence for my dovecot (POP3/IMAP) server.
>
> I have one RHEL Linux POP3/IMAP server with Dovecot version 2.2.10. I also installed the postfix(version: 2.6.6) in it. At present it have around 10 domains and each domain is having around 20 email boxes. It has very simple configuration.
>
> User's reading the email via some internal applications/Outlook.
>
> I would like to create resilience/HA for this environment. Could you please suggest me, what is the easiest way to achieve this?
>
> If any one can suggest step by step that will be more helpful to me.
>
> Thanks,
> Kishore

You could consider using more recent version of dovecot. 2.2.10 is already over 5 years old.

Aki
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Aki Tuomi-3
You can do it using replication,

https://wiki.dovecot.org/Replication

but since you have no staging/test environment, I would advice you to get one.

Aki

> On 09/01/2020 18:45 Kishore Potnuru <[hidden email]> wrote:
>
>
> Thank you Aki for the reply. 
>
> But I cannot disturb the version at present as it is a live server and thousands of emails will circulate every hour.
>
> Could you please suggest me how to create HA/resilience for the existing environment. I have another server ready with the similar configuration. Please provide any steps/link for me to proceed on this? It will be a great help to me.
>
> Thanks,
> Kishore
>
>
> On Thu, Jan 9, 2020 at 4:33 PM Aki Tuomi <[hidden email]> wrote:
> >
> >  > On 09/01/2020 18:25 Kishore Potnuru <[hidden email]> wrote:
> >  >
> >  >
> >  > Hi Dovecot team, 
> >  >
> >  > I need help in configuring HA/resilence for my dovecot (POP3/IMAP) server.
> >  >
> >  > I have one RHEL Linux POP3/IMAP server with Dovecot version 2.2.10. I also installed the postfix(version: 2.6.6) in it. At present it have around 10 domains and each domain is having around 20 email boxes. It has very simple configuration.
> >  >
> >  > User's reading the email via some internal applications/Outlook.
> >  >
> >  > I would like to create resilience/HA for this environment. Could you please suggest me, what is the easiest way to achieve this?
> >  >
> >  > If any one can suggest step by step that will be more helpful to me.
> >  >
> >  > Thanks,
> >  > Kishore
> >  
> >  You could consider using more recent version of dovecot. 2.2.10 is already over 5 years old.
> >  
> >  Aki
> >
Reply | Threaded
Open this post in threaded view
|

RE: Dovecot HA/Resilience

Marc Roos
In reply to this post by Kishore Potnuru
Newest version available on el7 is 2.2.36. You should be having no
problems with updating minor versions. Or clone the production
environment to a test environment and test the upgrade.
 

-----Original Message-----
From: Kishore Potnuru [mailto:[hidden email]]
Sent: 09 January 2020 17:45
To: Aki Tuomi
Cc: [hidden email]
Subject: Re: Dovecot HA/Resilience

 Thank you Aki for the reply.

But I cannot disturb the version at present as it is a live server and
thousands of emails will circulate every hour.

Could you please suggest me how to create HA/resilience for the existing
environment. I have another server ready with the similar configuration.
Please provide any steps/link for me to proceed on this? It will be a
great help to me.

Thanks,
Kishore

On Thu, Jan 9, 2020 at 4:33 PM Aki Tuomi <[hidden email]>
wrote:



        > On 09/01/2020 18:25 Kishore Potnuru <[hidden email]>
wrote:
        >
        >
        > Hi Dovecot team,
        >
        > I need help in configuring HA/resilence for my dovecot
(POP3/IMAP) server.
        >
        > I have one RHEL Linux POP3/IMAP server with Dovecot version
2.2.10. I also installed the postfix(version: 2.6.6) in it. At present
it have around 10 domains and each domain is having around 20 email
boxes. It has very simple configuration.
        >
        > User's reading the email via some internal applications/Outlook.
        >
        > I would like to create resilience/HA for this environment. Could
you please suggest me, what is the easiest way to achieve this?
        >
        > If any one can suggest step by step that will be more helpful to
me.
        >
        > Thanks,
        > Kishore
       
        You could consider using more recent version of dovecot. 2.2.10 is
already over 5 years old.
       
        Aki
       


Reply | Threaded
Open this post in threaded view
|

RE: Dovecot HA/Resilience

Marc Roos
In reply to this post by Kishore Potnuru


You have only one server? Or is this running on virtualized environment
with shared storage etc? It is quite difficult giving advice with such
little knowledge of the environment.

I am trying to migrate a running server to a new one with different
configuration and mailbox format for storage, without any downtime.
Prefferably one user at a time. It is not as trivial as I expected.




-----Original Message-----
To: [hidden email]
Cc: Kishore Potnuru
Subject: Dovecot HA/Resilience

Hi Dovecot team,

I need help in configuring HA/resilence for my dovecot (POP3/IMAP)
server.

I have one RHEL Linux POP3/IMAP server with Dovecot version 2.2.10. I
also installed the postfix(version: 2.6.6) in it. At present it have
around 10 domains and each domain is having around 20 email boxes. It
has very simple configuration.

User's reading the email via some internal applications/Outlook.

I would like to create resilience/HA for this environment. Could you
please suggest me, what is the easiest way to achieve this?

If any one can suggest step by step that will be more helpful to me.  

Thanks,
Kishore



Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Emmanuel Dreyfus
In reply to this post by Aki Tuomi-3
On Thu, Jan 09, 2020 at 06:51:36PM +0200, Aki Tuomi wrote:
> You can do it using replication,
> https://wiki.dovecot.org/Replication

Last time I tried, it did not work with mbox. Did that change? The
document does not tell about the format.

--
Emmanuel Dreyfus
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Aki Tuomi-3

On 10.1.2020 9.00, Emmanuel Dreyfus wrote:
> On Thu, Jan 09, 2020 at 06:51:36PM +0200, Aki Tuomi wrote:
>> You can do it using replication,
>> https://wiki.dovecot.org/Replication
> Last time I tried, it did not work with mbox. Did that change? The
> document does not tell about the format.
>
Replication is not supported with mbox. Most features are not.

Aki

Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Emmanuel Dreyfus
On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
> Replication is not supported with mbox. Most features are not.

It would be nice if the document about replication could tell
what setup works.

--
Emmanuel Dreyfus
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Sami Ketola


> On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
>
> On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>> Replication is not supported with mbox. Most features are not.
>
> It would be nice if the document about replication could tell
> what setup works.


First step in setting up HA system would be to migrate away from mbox.

Sami

Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Kishore Potnuru
Thank you all for the replies.... 

I have the test environment with the same configuration. But I have been asked to go with same environment for HA/Resilience in Live.

Yes, I have only one Live server. It is configured in "Maildir" format. The data stores on a Network / Shared Storage (But definitely not local disk, its a mount point).

I have been asked to create a HA/Resilience for this environment. They gave me another server with same ram/cpu/os and I need to configure the dovecot on it.

Please provide your suggestions/steps as I am new to this kind of environment.

Is it possible, when any email comes to any one or both of the two servers, how it will be read by the user from Outlook? How to create the environment? 

Thanks,
Kishore Potnuru

On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola <[hidden email]> wrote:


> On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
>
> On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>> Replication is not supported with mbox. Most features are not.
>
> It would be nice if the document about replication could tell
> what setup works.


First step in setting up HA system would be to migrate away from mbox.

Sami

Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Adrian Minta-3

Hello,

you need to "clone" the first server, change the ip address, mount the same maildir storage and use some mechanism to share the accounts database.

Then you need to put a TCP load-balancer in front of the servers an you are good to go. This is the easiest solution if you already have in the network an appliance that can do LB. For instance if you already have a firewall with that function.


Another solution is to make a cluster with corosync/pacemaker out of the two servers:

https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04

https://linuxacademy.com/blog/linux-academy/configure-a-failover-cluster-with-pacemaker/



On 1/10/20 7:16 PM, Kishore Potnuru wrote:
Thank you all for the replies.... 

I have the test environment with the same configuration. But I have been asked to go with same environment for HA/Resilience in Live.

Yes, I have only one Live server. It is configured in "Maildir" format. The data stores on a Network / Shared Storage (But definitely not local disk, its a mount point).

I have been asked to create a HA/Resilience for this environment. They gave me another server with same ram/cpu/os and I need to configure the dovecot on it.

Please provide your suggestions/steps as I am new to this kind of environment.

Is it possible, when any email comes to any one or both of the two servers, how it will be read by the user from Outlook? How to create the environment? 

Thanks,
Kishore Potnuru

On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola <[hidden email]> wrote:


> On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
>
> On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>> Replication is not supported with mbox. Most features are not.
>
> It would be nice if the document about replication could tell
> what setup works.


First step in setting up HA system would be to migrate away from mbox.

Sami

-- 
Best regards,
Adrian Minta


Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Aki Tuomi-3
Also you should probably use dovecot director to ensure same user sessions end up on same server, as it's not supported to access same user on different backends in this scenario.

Aki

> On 10/01/2020 19:49 Adrian Minta <[hidden email]> wrote:
>
>
>  
> Hello,
>  
> you need to "clone" the first server, change the ip address, mount the same maildir storage and use some mechanism to share the accounts database.
>
>  
> Then you need to put a TCP load-balancer in front of the servers an you are good to go. This is the easiest solution if you already have in the network an appliance that can do LB. For instance if you already have a firewall with that function.
>
>  
>
>
>  
> Another solution is to make a cluster with corosync/pacemaker out of the two servers:
>
>  
> https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04
>  
> https://linuxacademy.com/blog/linux-academy/configure-a-failover-cluster-with-pacemaker/
>
>  
>
>
>  
>
>
>  
> On 1/10/20 7:16 PM, Kishore Potnuru wrote:
>
>  
> > Thank you all for the replies....
> >  
> >
> >
> >  I have the test environment with the same configuration. But I have been asked to go with same environment for HA/Resilience in Live.
> >  
> >  Yes, I have only one Live server. It is configured in "Maildir" format. The data stores on a Network / Shared Storage (But definitely not local disk, its a mount point).
> >  
> >  I have been asked to create a HA/Resilience for this environment. They gave me another server with same ram/cpu/os and I need to configure the dovecot on it.
> >  
> >  Please provide your suggestions/steps as I am new to this kind of environment.
> >  
> >  Is it possible, when any email comes to any one or both of the two servers, how it will be read by the user from Outlook? How to create the environment? 
> >  
> >
> >
> >  
> > Thanks,
> >  
> > Kishore Potnuru
> >  
> >  
> > On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola <[hidden email]> wrote:
> >
> >  
> > >
> > >  
> > >  > On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
> > >  >
> > >  > On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
> > >  >> Replication is not supported with mbox. Most features are not.
> > >  >
> > >  > It would be nice if the document about replication could tell
> > >  > what setup works.
> > >  
> > >  
> > >  First step in setting up HA system would be to migrate away from mbox.
> > >  
> > >  Sami
> > >  
> > >
>  
> --
> Best regards,
> Adrian Minta
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Adrian Minta-3
Yes, but it works for small systems if you set IP source address
persistence on LB or even better, if you set priority to be
Active/Standby. I couldn't find a good example with dovecot director and
backend on the same server, so adding another two machines seems
overkill for small setups.

If someone has a working example for this please make it public !

Quote from https://wiki2.dovecot.org/Director

"Director and Backend in same server (broken)
NOTE: This feature never actually worked. It would require further
development to fix (director would need to add "proxy" field to extra
fields and notify auth that the auth_request can be freed)."

Also:

https://dovecot.org/pipermail/dovecot/2012-May/135600.htm

https://www.dovecot.org/list/dovecot/2012-June/083983.html


On 1/10/20 8:09 PM, Aki Tuomi wrote:

> Also you should probably use dovecot director to ensure same user sessions end up on same server, as it's not supported to access same user on different backends in this scenario.
>
> Aki
>
>> On 10/01/2020 19:49 Adrian Minta <[hidden email]> wrote:
>>
>>
>>  
>> Hello,
>>  
>> you need to "clone" the first server, change the ip address, mount the same maildir storage and use some mechanism to share the accounts database.
>>
>>  
>> Then you need to put a TCP load-balancer in front of the servers an you are good to go. This is the easiest solution if you already have in the network an appliance that can do LB. For instance if you already have a firewall with that function.
>>
>>  
>>
>>
>>  
>> Another solution is to make a cluster with corosync/pacemaker out of the two servers:
>>
>>  
>> https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04
>>  
>> https://linuxacademy.com/blog/linux-academy/configure-a-failover-cluster-with-pacemaker/
>>
>>  
>>
>>
>>  
>>
>>
>>  
>> On 1/10/20 7:16 PM, Kishore Potnuru wrote:
>>
>>  
>>> Thank you all for the replies....
>>>  
>>>
>>>
>>>   I have the test environment with the same configuration. But I have been asked to go with same environment for HA/Resilience in Live.
>>>  
>>>   Yes, I have only one Live server. It is configured in "Maildir" format. The data stores on a Network / Shared Storage (But definitely not local disk, its a mount point).
>>>  
>>>   I have been asked to create a HA/Resilience for this environment. They gave me another server with same ram/cpu/os and I need to configure the dovecot on it.
>>>  
>>>   Please provide your suggestions/steps as I am new to this kind of environment.
>>>  
>>>   Is it possible, when any email comes to any one or both of the two servers, how it will be read by the user from Outlook? How to create the environment?
>>>  
>>>
>>>
>>>  
>>> Thanks,
>>>  
>>> Kishore Potnuru
>>>  
>>>  
>>> On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola <[hidden email]> wrote:
>>>
>>>  
>>>>  
>>>>   > On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
>>>>   >
>>>>   > On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>>>>   >> Replication is not supported with mbox. Most features are not.
>>>>   >
>>>>   > It would be nice if the document about replication could tell
>>>>   > what setup works.
>>>>  
>>>>  
>>>>   First step in setting up HA system would be to migrate away from mbox.
>>>>  
>>>>   Sami
>>>>  
>>>>
>>  
>> --
>> Best regards,
>> Adrian Minta
>>
>>
>>
--
Best regards,
Adrian Minta


Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Jean-Daniel Dupas

If you just want active/standby, you can simply use corosync/pacemaker as other already suggest and don’t use Director.
I have a dovecot HA server that uses floating IP and pacemaker to managed it, and it works quite well.

The only real hard part is having a HA storage.
You can simply use a NFS storage shared by both servers (as long as only one has the floating IP, you won’t have issue with the same client accessing it from both servers), but the storage will then be a single point of failure.
You may have both server have their own storage and sync it using dovecot replicator (I have never tried, so I can’t say for sure), or have an other layer taking care of the storage sync (like DRDB).

While drdb is fine to sync dovecot storage, it may not be enough if you really want HA and have other services (postfix, rspamd, …) running on that server, as you may need to also have the postfix queues (or other data) sync on both servers.



> Le 10 janv. 2020 à 21:12, Adrian Minta <[hidden email]> a écrit :
>
> Yes, but it works for small systems if you set IP source address persistence on LB or even better, if you set priority to be Active/Standby. I couldn't find a good example with dovecot director and backend on the same server, so adding another two machines seems overkill for small setups.
>
> If someone has a working example for this please make it public !
>
> Quote from https://wiki2.dovecot.org/Director
>
> "Director and Backend in same server (broken)
> NOTE: This feature never actually worked. It would require further development to fix (director would need to add "proxy" field to extra fields and notify auth that the auth_request can be freed)."
>
> Also:
>
> https://dovecot.org/pipermail/dovecot/2012-May/135600.htm
>
> https://www.dovecot.org/list/dovecot/2012-June/083983.html
>
>
> On 1/10/20 8:09 PM, Aki Tuomi wrote:
>> Also you should probably use dovecot director to ensure same user sessions end up on same server, as it's not supported to access same user on different backends in this scenario.
>>
>> Aki
>>
>>> On 10/01/2020 19:49 Adrian Minta <[hidden email]> wrote:
>>>
>>>
>>>  Hello,
>>>  you need to "clone" the first server, change the ip address, mount the same maildir storage and use some mechanism to share the accounts database.
>>>
>>>  Then you need to put a TCP load-balancer in front of the servers an you are good to go. This is the easiest solution if you already have in the network an appliance that can do LB. For instance if you already have a firewall with that function.
>>>
>>>  
>>>
>>>  Another solution is to make a cluster with corosync/pacemaker out of the two servers:
>>>
>>>  https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04
>>>  https://linuxacademy.com/blog/linux-academy/configure-a-failover-cluster-with-pacemaker/
>>>
>>>  
>>>
>>>  
>>>
>>>  On 1/10/20 7:16 PM, Kishore Potnuru wrote:
>>>
>>>  
>>>> Thank you all for the replies....
>>>>  
>>>>
>>>>  I have the test environment with the same configuration. But I have been asked to go with same environment for HA/Resilience in Live.
>>>>    Yes, I have only one Live server. It is configured in "Maildir" format. The data stores on a Network / Shared Storage (But definitely not local disk, its a mount point).
>>>>    I have been asked to create a HA/Resilience for this environment. They gave me another server with same ram/cpu/os and I need to configure the dovecot on it.
>>>>    Please provide your suggestions/steps as I am new to this kind of environment.
>>>>    Is it possible, when any email comes to any one or both of the two servers, how it will be read by the user from Outlook? How to create the environment?
>>>>  
>>>>
>>>>  Thanks,
>>>>  Kishore Potnuru
>>>>    On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola <[hidden email]> wrote:
>>>>
>>>>  
>>>>>    > On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
>>>>>  >
>>>>>  > On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>>>>>  >> Replication is not supported with mbox. Most features are not.
>>>>>  >
>>>>>  > It would be nice if the document about replication could tell
>>>>>  > what setup works.
>>>>>      First step in setting up HA system would be to migrate away from mbox.
>>>>>    Sami
>>>>>  
>>>  --
>>> Best regards,
>>> Adrian Minta
>>>
>>>
>>>
> --
> Best regards,
> Adrian Minta
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

Kishore Potnuru
In reply to this post by Kishore Potnuru
Hi Guys, Could you please provide your inputs on my below query....

On Fri, Jan 10, 2020 at 5:16 PM Kishore Potnuru <[hidden email]> wrote:
Thank you all for the replies.... 

I have the test environment with the same configuration. But I have been asked to go with same environment for HA/Resilience in Live.

Yes, I have only one Live server. It is configured in "Maildir" format. The data stores on a Network / Shared Storage (But definitely not local disk, its a mount point).

I have been asked to create a HA/Resilience for this environment. They gave me another server with same ram/cpu/os and I need to configure the dovecot on it.

Please provide your suggestions/steps as I am new to this kind of environment.

Is it possible, when any email comes to any one or both of the two servers, how it will be read by the user from Outlook? How to create the environment? 

Thanks,
Kishore Potnuru

On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola <[hidden email]> wrote:


> On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]> wrote:
>
> On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>> Replication is not supported with mbox. Most features are not.
>
> It would be nice if the document about replication could tell
> what setup works.


First step in setting up HA system would be to migrate away from mbox.

Sami

Reply | Threaded
Open this post in threaded view
|

Re: Dovecot HA/Resilience

deano-dovecot
In reply to this post by Jean-Daniel Dupas
My own personal setup is a 3-node system using three cheap VPS'.  I also
helped to set the same thing up for a previous company using proper
systems, this was handling customer email.

Everything possible is kept in mariadb with galera for master-master
replication.  Two main mail nodes with
dovecot/nginx/roundcube/spamassassin/etc and a third as a mariadb quorum
node.  Dovecot uses replication to keep the encrypted mailstores in
sync.

This way there is no need for HA storage - you're relying on
replication.  Oh, and the replication all happens over a tinc vpn mesh
network, but would work equally well over zerotier or whatever.

I have an ansible playbook to set the whole thing up automagically.  I'm
working on cleaning it up and documenting it so others can use it as
well.  So long as you have ssh key'd access to 3 nodes, it will build
the entire setup.

I'll put it up on github in a few weeks.  NOTE: this is built for MY
needs.  It might not meet your needs.  But when it's ready(ish) you're
welcome to try it out.  For example, it's not true HA - you have to hit
one node or the other.  If you control your own DNS you could set up
round-robin for a mail.yourdomain.com rather than using
mail1.yourdomain.com and mail2.yourdomain.com.  For me, I don't bother.

Dean.

On 2020-01-11 3:50 am, Jean-Daniel wrote:

> If you just want active/standby, you can simply use corosync/pacemaker
> as other already suggest and don’t use Director.
> I have a dovecot HA server that uses floating IP and pacemaker to
> managed it, and it works quite well.
>
> The only real hard part is having a HA storage.
> You can simply use a NFS storage shared by both servers (as long as
> only one has the floating IP, you won’t have issue with the same
> client accessing it from both servers), but the storage will then be a
> single point of failure.
> You may have both server have their own storage and sync it using
> dovecot replicator (I have never tried, so I can’t say for sure), or
> have an other layer taking care of the storage sync (like DRDB).
>
> While drdb is fine to sync dovecot storage, it may not be enough if
> you really want HA and have other services (postfix, rspamd, …)
> running on that server, as you may need to also have the postfix
> queues (or other data) sync on both servers.
>
>
>
>> Le 10 janv. 2020 à 21:12, Adrian Minta <[hidden email]> a
>> écrit :
>>
>> Yes, but it works for small systems if you set IP source address
>> persistence on LB or even better, if you set priority to be
>> Active/Standby. I couldn't find a good example with dovecot director
>> and backend on the same server, so adding another two machines seems
>> overkill for small setups.
>>
>> If someone has a working example for this please make it public !
>>
>> Quote from https://wiki2.dovecot.org/Director
>>
>> "Director and Backend in same server (broken)
>> NOTE: This feature never actually worked. It would require further
>> development to fix (director would need to add "proxy" field to extra
>> fields and notify auth that the auth_request can be freed)."
>>
>> Also:
>>
>> https://dovecot.org/pipermail/dovecot/2012-May/135600.htm
>>
>> https://www.dovecot.org/list/dovecot/2012-June/083983.html
>>
>>
>> On 1/10/20 8:09 PM, Aki Tuomi wrote:
>>> Also you should probably use dovecot director to ensure same user
>>> sessions end up on same server, as it's not supported to access same
>>> user on different backends in this scenario.
>>>
>>> Aki
>>>
>>>> On 10/01/2020 19:49 Adrian Minta <[hidden email]> wrote:
>>>>
>>>>
>>>>  Hello,
>>>>  you need to "clone" the first server, change the ip address, mount
>>>> the same maildir storage and use some mechanism to share the
>>>> accounts database.
>>>>
>>>>  Then you need to put a TCP load-balancer in front of the servers an
>>>> you are good to go. This is the easiest solution if you already have
>>>> in the network an appliance that can do LB. For instance if you
>>>> already have a firewall with that function.
>>>>
>>>>
>>>>
>>>>  Another solution is to make a cluster with corosync/pacemaker out
>>>> of the two servers:
>>>>
>>>>  
>>>> https://www.digitalocean.com/community/tutorials/how-to-create-a-high-availability-setup-with-corosync-pacemaker-and-floating-ips-on-ubuntu-14-04
>>>>  
>>>> https://linuxacademy.com/blog/linux-academy/configure-a-failover-cluster-with-pacemaker/
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>  On 1/10/20 7:16 PM, Kishore Potnuru wrote:
>>>>
>>>>
>>>>> Thank you all for the replies....
>>>>>
>>>>>
>>>>>  I have the test environment with the same configuration. But I
>>>>> have been asked to go with same environment for HA/Resilience in
>>>>> Live.
>>>>>    Yes, I have only one Live server. It is configured in "Maildir"
>>>>> format. The data stores on a Network / Shared Storage (But
>>>>> definitely not local disk, its a mount point).
>>>>>    I have been asked to create a HA/Resilience for this
>>>>> environment. They gave me another server with same ram/cpu/os and I
>>>>> need to configure the dovecot on it.
>>>>>    Please provide your suggestions/steps as I am new to this kind
>>>>> of environment.
>>>>>    Is it possible, when any email comes to any one or both of the
>>>>> two servers, how it will be read by the user from Outlook? How to
>>>>> create the environment?
>>>>>
>>>>>
>>>>>  Thanks,
>>>>>  Kishore Potnuru
>>>>>    On Fri, Jan 10, 2020 at 7:55 AM Sami Ketola
>>>>> <[hidden email]> wrote:
>>>>>
>>>>>
>>>>>>    > On 10 Jan 2020, at 9.20, Emmanuel Dreyfus <[hidden email]>
>>>>>> wrote:
>>>>>>  >
>>>>>>  > On Fri, Jan 10, 2020 at 09:07:24AM +0200, Aki Tuomi wrote:
>>>>>>  >> Replication is not supported with mbox. Most features are not.
>>>>>>  >
>>>>>>  > It would be nice if the document about replication could tell
>>>>>>  > what setup works.
>>>>>>      First step in setting up HA system would be to migrate away
>>>>>> from mbox.
>>>>>>    Sami