Clustering for a POP server
Francisco Reyes
running our SMTP servers off Postfix. I have been reading and
printing notes/emails.
Today the POP3 server crashed. And from what I hear it has been
crashing constantly (I am new at the job.. 2 weeks). I may
mention to my boss that if he gives me a decent computer I may
volunteer to do his POP machine.
I am going to be trying a product called Understudy from a
compay called Polyserve.
With this I could setup the POP3 computer in a failover cluster.
My only concern is how could I copy all incoming mail to the
second computer so if the primary fails the secondary would
continue.?
This differs from a "DNS MX backup machine" (i.e. next in MX
priority) in that the users will be able to continue getting
their emails, including the ones that were on the failed POP3
computer. The users will also be able to right away have acces
to their email instead of having to wait for the primary
computer to be brought back up so the email is forwarded from
the secondary.
Is there a way to setup all emails to be delivered locally AND
forwarded to a separate computer?
Could this be done with an alias?
I am not sure yet how this clustering software works so I may
not have the "name" of the other computer, possibly only the
IP. Can I mail to an IP address?
Ralf Hildebrandt
>Is there a way to setup all emails to be delivered locally AND
>forwarded to a separate computer?
>Could this be done with an alias?
Yup. I've seen that question once before. Did you check the archives?
>I am not sure yet how this clustering software works so I may
>not have the "name" of the other computer, possibly only the
>IP. Can I mail to an IP address?
Yup: r.hildebrandt@[134.169.9.107]
--
Ralf.Hil...@innominate.de
Dipl.-Informatiker innominate AG
System Engineer networking people
fon: +49.30.308806-44 fax: -77 web: http://innominate.de pgp: /pgp/rh
Wietse Venema
> I am going to be trying a product called Understudy from a
> compay called Polyserve.
> With this I could setup the POP3 computer in a failover cluster.
> My only concern is how could I copy all incoming mail to the
> second computer so if the primary fails the secondary would
> continue.?
And that would not be sufficient. You need two-way mirroring.
Any mailbox updates made by users on one machine would have to be
propagated to the other machine, so that your users don't see lots
of messages in their mailbox that they just deleted a minute ago
on the other server. And while one server is down, updates whould
have to be postponed until that server comes back on-line. If it
is down for 24 hours, then that can be a lot of updates.
This is a two-way database replication problem. People make a lot
of money on this. It does not always work.
For a small-scale setup, put all users on one machine. Use RAID
if you want high availability.
For a large-scale setup, use multiple servers, each server hosting
a subset of the user population. Teach your users to log into the
proper server or use a smart proxy that forwards sessions to the
proper POP server. If one server dies, the other users can still
access their email.
Wietse
Len Conrad
>use a smart proxy
suggestions?
Len
Len
http://BIND8NT.MEIway.com: ISC BIND 8 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Daniel Roesen
> >use a smart proxy
>
> suggestions?
http://www.au.vergenet.net/linux/perdition/
Best regards,
Daniel
Francisco Reyes
>On 5 Jul 2000 07:48:35 +0200, Francisco Reyes <fr...@reyes.somos.net> wrote:
>
>>Is there a way to setup all emails to be delivered locally AND
>>forwarded to a separate computer?
>>Could this be done with an alias?
>
>Yup. I've seen that question once before. Did you check the archives?
Yes I searched the archives and did not find anything. Maybe I
wasn't using the right keywords.
I tried searching for: cluster, clustering, copy, copying,
duplicate, forward
Francisco
Francisco Reyes
>Francisco Reyes:
>> With this I could setup the POP3 computer in a failover cluster.
>> My only concern is how could I copy all incoming mail to the
>> second computer so if the primary fails the secondary would
>> continue.?
>
>And that would not be sufficient. You need two-way mirroring.
You are thinking of a "true cluster".
Notice I wrote "fail over". In other words there will be a
primary
computer that will always answer. The secondary will NOT answer
any
queries unless it detects that the primary is down.
>Any mailbox updates made by users on one machine would have to be
>propagated to the other machine,
It would only need to be done in one direction.
Will it be enough to just sync from mater to secondary the
/var/mail directory?
>For a large-scale setup, use multiple servers, each server hosting
>a subset of the user population.
What is wrong with the approach I mention above?
One master that answers to all queries
One secondary
copy the mail directory from master to secondary
On the case of a crash of the primary the backup would be able
to take over and the email would be up to date since the last
synchronization.
The number of users on the POP computer will be under 300 so the
synchronization between the two computers will hopefully be
small.
Francisco
Leif Nixon
> >use a smart proxy
>
> suggestions?
Mail Robustifier is good:
http://www.bluetail.com/products/bmr/
/Leif Nixon
Francisco Reyes
>I think you can do this with the "always_bcc =3D so...@address.com"
>option.=20
I still need to decide between using that or using Rsync to
mirror the data.
If I used Rsync which directories would I need to copy for a POP
machine?
/var/mail
~/mail <== For each user's directory
Would that be enough to have new unread mail and previously read
mail?
By previously read mail I mean mail that the user read, but left
a copy on the server.
When is /var/postfix used? For outgoing mail?
Francisco
Wietse Venema
> On Wed, 5 Jul 2000 11:01:33 -0400 (EDT), Wietse Venema wrote:
>
> >Francisco Reyes:
> >> With this I could setup the POP3 computer in a failover cluster.
> >> My only concern is how could I copy all incoming mail to the
> >> second computer so if the primary fails the secondary would
> >> continue.?
> >
> >And that would not be sufficient. You need two-way mirroring.
>
> You are thinking of a "true cluster".
No. You have not understood my response.
> Notice I wrote "fail over". In other words there will be a
> primary computer that will always answer. The secondary will NOT answer
> any queries unless it detects that the primary is down.
If a user updates their mailbox on the "secondary" server, the same
update must be applied when the "primary" server comes back.
> >Any mailbox updates made by users on one machine would have to be
> >propagated to the other machine,
>
> It would only need to be done in one direction.
> Will it be enough to just sync from mater to secondary the
> /var/mail directory?
Wrong direction.
If a user updates their mailbox on the "secondary" server, the same
update must be applied when the "primary" server comes back.
> >For a large-scale setup, use multiple servers, each server hosting
> >a subset of the user population.
>
> What is wrong with the approach I mention above?
If a user updates their mailbox on the "secondary" server, the same
update must be applied when the "primary" server comes back.
> One master that answers to all queries
> One secondary
> copy the mail directory from master to secondary
>
> On the case of a crash of the primary the backup would be able
> to take over and the email would be up to date since the last
> synchronization.
If a user updates their mailbox on the "secondary" server, the same
update must be applied when the "primary" server comes back.
> The number of users on the POP computer will be under 300 so the
> synchronization between the two computers will hopefully be
> small.
If a user updates their mailbox on the "secondary" server, the same
update must be applied when the "primary" server comes back.
Wietse
Wietse Venema
> I still need to decide between using that or using Rsync to
> mirror the data.
This is wrong. If you copy a mailbox while mail arrives or while
the user updates it, the result will be a corrupted mailbox file.
Wietse
Bennett Todd
--Sf3MmCJcUNNLokcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
2000-07-06-10:53:53 Wietse Venema:
> Francisco Reyes:
> > I still need to decide between using that or using Rsync to
> > mirror the data.
>=20
> This is wrong. If you copy a mailbox while mail arrives or while
> the user updates it, the result will be a corrupted mailbox file.
If you want to use rsync to mirror mailboxes for server failover
purposes, mbox won't work well, Wietse just said why.
If however your system uses Maildir, rsync can work OK. It wouldn't
scale well to large user communities, but for only a few hundred
users it ought to be fine. The key will be to have a _lot_ of extra
local bandwidth to disk, and a good bit of spare bandwidth between
the primary and the replica.
For a small-scale system, inexpensive to build, this could work OK;
the only "problem" would be a moderate delay for changes showing up
on the secondary; email delivered, or deleted, right before the
primary crashes wouldn't be copied to the backup system. But you
shouldn't have trouble with corrupted folders, just out-of-date
ones.
For larger-scale systems this would look worse and worse, as the
size of the user community grew --- or if the users liked to keep
really gigantic email folders, with tens or hundreds of thousands of
messages in each.
For larger systems I'd still go with Maildir, but I'd stick it on a
Netapp. That can get you into parallel server farms as well, losing
the primary/secondary distinction and getting the possibility of
doing load balancing. But that's the topic of a whole other flame
war:-).
-Bennett
--Sf3MmCJcUNNLokcm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZMRIL6KAps40sTYRArt9AJ9ukickpSkFmj3rbhQ6fYPJ0yEvrQCeIOJt
zWbvs38Tx+r4fiO+wTZfSs0=
=TozF
-----END PGP SIGNATURE-----
--Sf3MmCJcUNNLokcm--
Wietse Venema
> 2000-07-06-10:53:53 Wietse Venema:
> > Francisco Reyes:
> > > I still need to decide between using that or using Rsync to
> > > mirror the data.
> >
> > the user updates it, the result will be a corrupted mailbox file.
>
> If you want to use rsync to mirror mailboxes for server failover
> purposes, mbox won't work well, Wietse just said why.
Neither maildir nor mailbox, or other format, will work correctly
with rsync.
If a user deletes mail from the inbox, they will be surprised to
find that all their deleted mail back the next time they log in.
And what happens with new mail that arrives while the "primary"
server is down? People will expect that new mail arrives as usual.
Wietse
Bennett Todd
--72zhRRUwqu3nWC5W
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
2000-07-06-18:21:08 Wietse Venema:
> Neither maildir nor mailbox, or other format, will work correctly
> with rsync.=20
Depends on what he wants to accomplish. Something along these lines
could work, for some goals.
> If a user deletes mail from the inbox, they will be surprised to
> find that all their deleted mail back the next time they log in.
If I recall correctly, the design target here was for a pretty small
setup, I have this distinct recollection that it was c. 300 users.
So simple rsyncing the mail store across could run quick enough, and
so be able to run frequently enough, that the window during which
users' edits could be lost may well be reasonably small.
Further, he seemed to be talking about a hot-spare style protocol,
where there'd be a one-way automatic failover from his primary to
his secondary. If there's no automatic fail-back, then the problem
gets simpler still.
> And what happens with new mail that arrives while the "primary"
> server is down? People will expect that new mail arrives as usual.
Well, clearly the original poster's basic idea, rigging all email to
be automatically copied to both servers, doesn't seem like the right
solution here. But perhaps a manual fail-over might suffice for new
mail delivery; users don't notice that nearly as fast as they notice
inability to get to their mailboxes.
If he could arrange for a script to run on his secondary when
it needs to go live, he could maybe even make the mail delivery
failover completely automatic. Rsync the mailboxes from the primary
to the secondary with a frequent-running cron job. Rig the primary
with initdefault 1, or however you prevent it from automatically
coming back up multiuser after a crash. Set up the primary as the
preferred MX host, and the secondary as a less-desired MX host.
Leave postfix turned off on the secondary to ensure nobody tries to
deliver to it, until failover happens. Then turn up postfix and let
it go live.
-Bennett
--72zhRRUwqu3nWC5W
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZQyTL6KAps40sTYRAk6YAJkBS9Q67e8NYMgyuQHffBEcwfTRTwCfaqGc
RFXahuNNQgqw56qv/9fYGaY=
=KdBk
-----END PGP SIGNATURE-----
--72zhRRUwqu3nWC5W--
Andy Dills
> Neither maildir nor mailbox, or other format, will work correctly
> with rsync.
>
> If a user deletes mail from the inbox, they will be surprised to
> find that all their deleted mail back the next time they log in.
That's not true...it's all in the implementation.
For instance, if you use maildir, and hack the popd to call rsync (with
--delete) after the session terminates. That way, you have no 'master' pop
server, just peers.
It's not the way I'd go after distributed mail, but it's workable.
Andy
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access
Wietse Venema
> 2000-07-06-18:21:08 Wietse Venema:
> > with rsync.
>
> could work, for some goals.
> So simple rsyncing the mail store across could run quick enough, and
> so be able to run frequently enough, that the window during which
> users' edits could be lost may well be reasonably small.
If the user deletes mail from the inbox on the "secondary" machine,
they will be surprised to find that all their deleted mail comes
back the next time they log in.
It is surprises like this that make one-way mirroring less useful.
> Further, he seemed to be talking about a hot-spare style protocol,
> where there'd be a one-way automatic failover from his primary to
> his secondary. If there's no automatic fail-back, then the problem
> gets simpler still.
Woops, my jargon indicator just went off the scale. Can you translate
that paragraph into English? I understand that the poster wants to
offer mail service while one server is down, and that he was looking
for ways to deliver the same mail to multiple boxes.
> > And what happens with new mail that arrives while the "primary"
> > server is down? People will expect that new mail arrives as usual.
>
> Well, clearly the original poster's basic idea, rigging all email to
> be automatically copied to both servers, doesn't seem like the right
> solution here. But perhaps a manual fail-over might suffice for new
> mail delivery; users don't notice that nearly as fast as they notice
> inability to get to their mailboxes.
You mean people won't mind that some mail is missing (was not yet
copied yet from primary) and that they also don't mind that some
mail came back from the grave (was not deleted on the primary).
If you must replicate, use RAID. It's built for the job and produces
a correct result, with less overhead than running rsync frequently.
But I'd go for multiple small boxes. If a small box breaks it
affects only a few users. A small box can be restored in a short
time. You can even afford to keep one spare small box around. At
my previous employer I had about 100 users per box; each box was
also general-purpose file server, so it did more than just mail.
Wietse
Wietse Venema
> On Thu, 6 Jul 2000, Wietse Venema wrote:
>
> > with rsync.
> >
> > find that all their deleted mail back the next time they log in.
>
> That's not true...it's all in the implementation.
>
> For instance, if you use maildir, and hack the popd to call rsync (with
> --delete) after the session terminates. That way, you have no 'master' pop
> server, just peers.
It is all in the implementation, and it is a buggy one.
When the user deletes mail on the backup server mail while the
primary server is down, the next time the user logs in they will
find all their deleted mail back.
Wietse
Francisco Reyes
A quick note of clarification.
Currently our email is been run by a consultant and not doing a
very good job at it. We have email outages at least once a week
and sometimes we DO lose email.
Right now I may not come up with the best solution, but I am
just trying to come up with something better and more stable.
>Neither maildir nor mailbox, or other format, will work correctly
>with rsync.
If we used Always_bcc is there a way to have a second computer
receive the mail and process it for all the users?
We will use Raid 5 for the primary computer, but I am just
trying to do the best implementation within the budget and
something which can be done quickly. Because of this I am trying
to have a secondary in some form so that if the primary is down
and we can not bring it back up that we can use that. Even if it
just has the previous day "snapshot" of the mail.
The doc says Always_bcc sends all the email to one address. I
will experiment with that this weekend, but I don't see how
getting the email to one address could be used for a secondary.
Does this setting "bounces" the email so it retains the header?
i.e. it adds this additional email as a bcc, yet it retains the
other recipients?
>If a user deletes mail from the inbox, they will be surprised to
>find that all their deleted mail back the next time they log in.
Right now when the system comes back up they find that they are
missing email. We know it is missing because we have partners
that send us data by email and they tell us they have send
something and we never go it. I would much rather have them find
old mail, than to find they are missing mail.
>And what happens with new mail that arrives while the "primary"
>server is down? People will expect that new mail arrives as usual.
Given our constraints how about the following:
primary ==\
> Cluster, but secondary won't pickup automatically
secondary=/
Relay1\ Point the smtp computers next in the MX list so if
primary is down they can hold the mail.
Relay2/
If the primary goes down we would try to fix it. If we can not
fix it we would bring up the secondary.
Once the primary is repaired we would put the secondary out
from receiving mail (mail goes to smtp
computers). We Rsync mail from secondary to primary.
At night we copy from Primary to secondary. How can we make
Postfix not get the mail while we do the backup so it goes to
the Relay computers?
This solution may be TEMPORARY until one we get a full time Unix
admin or I learn about LDAP and we distribute the emails across
several computers. Right now we just need something which won't
crash at least once a week AND that we have inhouse knowledge of
how to maintain.
The current setup was setup almost on purpose so that it is
difficult to maintain, but that is more for a "consultant from
hell" mailing list.
francisco
Francisco Reyes
>2000-07-06-18:21:08 Wietse Venema:
>> Neither maildir nor mailbox, or other format, will work correctly
>> with rsync.=20
>
>Depends on what he wants to accomplish. Something along these lines
>could work, for some goals.
I explained in more detail on a separate mail, but basically I
want
to have a computer that can be used in case the primary can not
be
quickly be brought back up.
>> If a user deletes mail from the inbox, they will be surprised to
>> find that all their deleted mail back the next time they log in.
>
>If I recall correctly, the design target here was for a pretty small
>setup, I have this distinct recollection that it was c. 300 users.
I am new at this company and have not had much access to the
existing
email system, but I believe it to be under 100 users.
>So simple rsyncing the mail store across could run quick enough, and
>so be able to run frequently enough, that the window during which
>users' edits could be lost may well be reasonably small.
I may opt for copying the data at night.
>Further, he seemed to be talking about a hot-spare style protocol,
Correct. The issue here is that the current email system is not
reliable
and the person managing not showing us how to use it. We want to
implement something somewhat quickly.
>where there'd be a one-way automatic failover from his primary to
>his secondary. If there's no automatic fail-back, then the problem
>gets simpler still.
I am considering having the secondary not pickup automatically,
try to
fix the primary and if it can not be brought backup then bring
up the
secondary.
>Well, clearly the original poster's basic idea, rigging all email to
>be automatically copied to both servers, doesn't seem like the right
>solution here.
I am going to look into always_bcc and see if that could be used
during the day and then do an Rsync at night.
>If he could arrange for a script to run on his secondary when
>it needs to go live, he could maybe even make the mail delivery
>failover completely automatic.
I will have the machines on a cluster, understudy from
Polyserve,
but I will set the secondary not to pickup automatically. Will
have
the smtp computers next in the MX food chain so they pickup the
mail.
francisco
Leif Nixon
> A quick note of clarification.
> Currently our email is been run by a consultant and not doing a
> very good job at it. We have email outages at least once a week
> and sometimes we DO lose email.
> Right now I may not come up with the best solution, but I am
> just trying to come up with something better and more stable.
What are your requirements, exactly? Earlier you have mentioned the
figure "300 users", and if you don't have extremely high availability
requirements I don't really see the need for clustering at those small
volumes. Contrariwise, I suspect that clustering would *lower*
availability because of the added complexity - there are more things
that could break.
Start out simple; get a smallish Sun box with lots of disk, put it on
a UPS, install Postfix and your favorite POP client, and I think you
will be quite satisfied. You might want to mirror the mail spool disk.
/Leif Nixon
Francisco Reyes
>"Francisco Reyes" <fr...@reyes.somos.net> writes:
>
>> A quick note of clarification.
>> Currently our email is been run by a consultant and not doing a
>> very good job at it. We have email outages at least once a week
>> and sometimes we DO lose email.
>> Right now I may not come up with the best solution, but I am
>> just trying to come up with something better and more stable.
>
>What are your requirements, exactly? Earlier you have mentioned the
>figure "300 users",
Less than that.
>and if you don't have extremely high availability
>requirements I don't really see the need for clustering
I am just looking at "fail-over" clustering not load balancing.
>at those small volumes. Contrariwise, I suspect that clustering would *lower*
>availability because of the added complexity - there are more things
>that could break.
That is very visible on the existing system.
>Start out simple; get a smallish Sun box
I am much more familiar with FreeBSD and currently we don't have
a Unix admin so
I would prefer going with what I know.
>with lots of disk, put it on a UPS, install Postfix and your favorite POP client,
I need to migrate existing mail so I may need to stay with a
pop that uses the same
message format as the existing system.
>and I think you will be quite satisfied. You might want to mirror the mail spool disk.
We are going with raid 5.
Francisco
Cor Bosman
>>What are your requirements, exactly? Earlier you have mentioned the
>>figure "300 users",
>Less than that.
>>and if you don't have extremely high availability
>>requirements I don't really see the need for clustering
>I am just looking at "fail-over" clustering not load balancing.
I really see no cheap way (with less than 300 users cheap is probably the
key word :). There are possibilities of using a raid that can be mounted
by 2 different servers. Thats relatively cheap. But then again, then the
raid will be the single point of failure. Or your network switch. Or your
router. How many transit links do you have?
With that many users, just build 1 server, give it 2 power supplies, a few
raid5 or mirrored disks. Should do just fine.
Cor
Wietse Venema
> A quick note of clarification.
> Currently our email is been run by a consultant and not doing a
> very good job at it. We have email outages at least once a week
> and sometimes we DO lose email.
> Right now I may not come up with the best solution, but I am
> just trying to come up with something better and more stable.
Fire the consultant. A weekly outage is outrageous. I have been
sysadmin for up to 1000 users for several years and the reliability
problems we had was due to privileged people screwing up. When left
alone, the machines would run for hundreds of days.
Computers are supposed to stay up and running without hand-holding.
Postfix was built with such an environment in mind. Rather than
locking up the machine under overload, it just backs off and slows
down.
So, get yourself some good hardware, buy a good backup tape drive
for the unlikely case that the machine dies. When configured properly
and treated kindly, a good machine can run without downtime for a
year or more without giving trouble.
Wietse
David Terrell
> On Thu, 6 Jul 2000, Wietse Venema wrote:
>
> > with rsync.
> >
> > find that all their deleted mail back the next time they log in.
>
>
> For instance, if you use maildir, and hack the popd to call rsync (with
> --delete) after the session terminates. That way, you have no 'master' pop
> server, just peers.
>
Ugh. Hacks, hacks hacks. It's impossible to keep them both well
synchronized.
My personal solution would be to put all mail (hold your breath, it's not
as bad as it sounds) on an NFS toaster (www.netapp.com), make that fault
tolerant, and them stack as many round-robin frontends are you need,
authenticating against a mirrored LDAP database. Put a good loadbalancer
in front and set it all up correctly and you can trivially get 5 nines of
uptime. Even closer if the netapps are clustered, but that's $200k.
This is kind of wandering from the official charter of this list,
but that's my suggestion. rsync just doesn't work in realtime.
--
David Terrell | "Anyone who says that is woefully
Prime Minister, Nebcorp | underinformed. IE, reads usenet."
d...@meat.net | - Sean O'Connor
http://wwn.nebcorp.com/
Bennett Todd
--L2Brqb15TUChFOBK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
2000-07-06-20:08:23 Wietse Venema:
> If the user deletes mail from the inbox on the "secondary" machine,
> they will be surprised to find that all their deleted mail comes
> back the next time they log in.
Sounds like you're really totally convinced that the user must plan
on automatic "fail-back", restoring the primary server to active
service without propogating any changes back from the erstwhile
secondary. I don't believe that is mandatory.
> > Further, he seemed to be talking about a hot-spare style protocol,
> > where there'd be a one-way automatic failover from his primary to
> > his secondary. If there's no automatic fail-back, then the problem
> > gets simpler still.
>=20
> Woops, my jargon indicator just went off the scale. Can you translate
> that paragraph into English? I understand that the poster wants to
> offer mail service while one server is down, and that he was looking
> for ways to deliver the same mail to multiple boxes.
What I mean to say is that I _believe_ the user is talking about
something much, much simpler than most folks mean by "clustering".
He wants to have a warm spare server available; _possibly_ (but
perhaps not necessarily) having automatic switchover so the backup
server takes over when the primary fails; but quite possibly without
any provision whatsoever for automatically switching back to the
primary. If the primary dies, it stays dead, kind of thing.
Of course this begs the question of _keeping_ it dead, but while in
theory a secondary can't tell the difference between an arbitrarily
long "hang" and a genuine unrecoverable "crash" in the primary, in
practice it's often the case that crashes are seen far, far more
often than long hangs, in which case a simple failover _can_ improve
life for the end users, even if it's risky in theory.
> You mean people won't mind that some mail is missing (was not yet
> copied yet from primary) and that they also don't mind that some
> mail came back from the grave (was not deleted on the primary).
Yup. If the windows are small, and the alternative, which the users
currently live with, is complete loss of any email service for long
stretches of time, such imperfections may well be forgiven by the
users.
> If you must replicate, use RAID. It's built for the job and produces
> a correct result, with less overhead than running rsync frequently.
RAID with distributed access to the RAIDed mail store is clearly
the better solution. It's also clearly more complex, and in most
settings far more expensive, so I can see why the poster is
inquiring about a way of making things some better for cheap and
simple.
> But I'd go for multiple small boxes. If a small box breaks it
> affects only a few users. A small box can be restored in a short
> time. You can even afford to keep one spare small box around. At
> my previous employer I had about 100 users per box; each box was
> also general-purpose file server, so it did more than just mail.
A spiffy architecture, I've used that too and like it a lot.
Migrating to that architecture is a bigger step than introducing a
spare server to take over email service if the primary crashes and
burns. Bigger steps take longer to implement, cost more, and suffer
more delays from people fighting back and objecting to the plan.
-Bennett
--L2Brqb15TUChFOBK
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZiSXL6KAps40sTYRAv5LAKCNCXlzmBvT6cOi7mUlvNfozqKDDACggiVV
Vu9IA/kf66Hx2Yqh4WNJ/lM=
=qb9o
-----END PGP SIGNATURE-----
--L2Brqb15TUChFOBK--
Bennett Todd
--reI/iBAAp9kzkmX4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
2000-07-07-14:09:05 David Terrell:
> My personal solution would be to put all mail (hold your breath,
> it's not as bad as it sounds) on an NFS toaster (www.netapp.com),
> [...]
That's my favourite approach, too. I'd use Maildirs for the mail
store, too.
But the thread was started by someone asking after a solution that
could be retrofitted around a current badly unreliable server
without modifying it, and which could be implemented for really
cheap, using junk parts you probably have lying around the place.
-Bennett
--reI/iBAAp9kzkmX4
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZiXeL6KAps40sTYRAsRCAJ9MEt1XduTPECPi6MKJIOopA4NLUgCeMIcS
0K0N+Skbf8N7TOqrQ0bRe8Y=
=Iz/I
-----END PGP SIGNATURE-----
--reI/iBAAp9kzkmX4--
David Terrell
> 2000-07-07-14:09:05 David Terrell:
> > My personal solution would be to put all mail (hold your breath,
> > it's not as bad as it sounds) on an NFS toaster (www.netapp.com),
> > [...]
>
> That's my favourite approach, too. I'd use Maildirs for the mail
> store, too.
>
> But the thread was started by someone asking after a solution that
> could be retrofitted around a current badly unreliable server
> without modifying it, and which could be implemented for really
> cheap, using junk parts you probably have lying around the place.
Good point.
Forget about rsync, clustering, multiple servers, or anything else.
Why? Because complexity is more likely to fail than hardware.
Build a PC using existing, reliable parts. Get a good SCSI controller,
several fast SCSI disks, install FreeBSD 3.n-stable, use softupdates.
Put the mail system on a different disk than the OS. Install
Postfix. Use Maildir. Install a popdaemon. Put in a tape drive
and do full backups nightly. Amanda (www.amanda.org) is pretty
good. Install a second server with the same configuration so if
the first one catastrophically fails you can do a quik tape restore
and be back up and running (or if the hardware fails you can drop the
same data disk in).
Commercial HA solutions use expensive hardware (dual-attached SCSI
systems, fibrechannel raids, Network Attached Storage, Storage-Attached
Networks) to get around the fact that it's intrinsically difficult
to have two systems with the same data at the same time. Trying
to homegrow something in software will be more fragile, less robust,
and cause far more complainst than saying "our mail server will be
down for the next 15 minutes because we lost some hardware, but
it'll be right back up." -- in a year when your power supply randomly
fails.
Dave, who runs HA systems and knows how well they do and don't work.
--
David Terrell | p = "you are nasty" q = "my first name is Janet"
Nebcorp PM | r = "my first name is baby" s = "My name is Miss Jackson"
d...@meat.net | (!r -> q) & (p -> s) - Braverman's Third Lemma
wwn.nebcorp.com | !r & (!p -> q) & (p -> s) - Libor's Corrolary
Bennett Todd
--X0cz4bGbQuRbxrVl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
2000-07-07-15:37:23 David Terrell:
> [ build a simple good server, it'll be more reliable than any H-A
> hack ]
An excellent point. Wietse made the same one as well, and I have
to chime in in complete agreement; no simple cheap failover system
is going to be as reliable as a single really well designed and
implemented server. H-A doesn't get more reliable than a single
server until you get into the seriously high end, and few such
gizmos are sold, so they command loads of bucks even when the actual
pieces involved aren't that pricey --- e.g. a Cisco LocalDirector is
a cheap PC box. You end up paying for a lot of design and debugging
engineering time.
People are starting to get totally serious about Open Source H-A
components, and when they come together maybe the picture will
change, but right now, at the low end, don't pursue with high
availability, you don't catch it:-).
-Bennett
--X0cz4bGbQuRbxrVl
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZjPFL6KAps40sTYRAmLHAKCKRGoWYEejvUkzWOJEpqSfX5BBMwCeOnUc
xhyvEsdWqwkLLo3qrMmEjk0=
=ABX+
-----END PGP SIGNATURE-----
--X0cz4bGbQuRbxrVl--
Liviu Daia
[...][...]
This may or may not be an issue here, but IIRC Amanda had a few
security problems in the relatively recent past (no, I can't really
recommend a better alternative --- all backup packages I tried so far
suck one way or another).
Regards,
Liviu Daia
--
Dr. Liviu Daia e-mail: Liviu...@imar.ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: http://www.imar.ro/~daia/daia.asc
Francisco Reyes
>With that many users, just build 1 server, give it 2 power supplies, a few
>raid5 or mirrored disks. Should do just fine.
I just got a set of "test" computers which I hope won't be what
they will make use use.
IDE drives. :-(
If they insist I would at the very least get an IDE mirroring
controller.
I will mention to them that with the money I will save them in a
week from not paying the Solaris consultant they can buy me a
nice computer for this setup.