[Dovecot] mysql auth failover failing

Noel Butler noel.butler at ausics.net
Sat Sep 10 06:02:57 EEST 2011 

On Fri, 2011-09-09 at 19:33 -0700, Paul B. Henson wrote:



> default_pass_scheme = PLAIN

Uhg i'll pretend I didnt see that  :)



> 
> According to the sample SQL configuration file "HA / round-robin 
> load-balancing is supported by giving multiple host settings, like: 
> host=sql1.host.org host=sql2.host.org".
> 
> However, as far as I can tell dovecot only connects to the first listed 
> host, and processes all queries through it, there does not appear to be 
> any load-balancing going on.
> 



I suspect the wording here is incorrect, its just a failover AFAIK, it
only hits the first entry failing to second if no response.
HA would be like running a mysql slave on all the front ends failing
over to the master on your CRM server etc, which is what I do and
suggest, having just one master server, after all, dovecot and postfix
just need to read, not alter/update/insert etc.


> That's not necessarily a dealbreaker; however, high-availability does 
> not appear to be working either.
> 
> If I shutdown the first mysql server, dovecot starts to log connection 
> failures:
> 
> Sep  9 15:47:34 tweak dovecot: auth: Error: 
> mysql(mysql-1.unx.csupomona.edu): Connect failed to database (idmgmt): 
> Can't connect to MySQL server on 'mysql-1.unx.csupomona.edu' (111) - 
> waiting for 1 seconds before retry
> 
> Sep  9 15:47:39 tweak dovecot: auth: Error: 
> mysql(mysql-1.unx.csupomona.edu): Connect failed to database (idmgmt): 
> Can't connect to MySQL server on 'mysql-1.unx.csupomona.edu' (111) - 
> waiting for 25 seconds before retry
> 


yep thats correct because it has " gone away" but it still uses the
second host immediately, thats just dovecot trying to re-establish its
link with primary

> And postfix starts to fail authentications:
> 


err postfix is not dovecot, you need to also add failover in postfix's
sql lookup commands
hosts = unix:/var/run/mysql/mysql.sock 10.10.10.2   (assuming .2 is your
master sql server)



> 
> Resulting in a complete unavailability of smtp service, not just 
> unavailability of authenticated services.
> 


You could have a higher sec mx smtp box that uses postfix for virtual
transport for cases of if dovecot is unavailable, this of course means
storing partial paths in your mail db, for use only by that one
non-behind-load-balancer separated sec mx, of course this wont solve
users issue of sending unless you have multiple smtp behind a load
balancer, but allows for inbound still, depends on how big your setup
(and budget) is or can be :)

(note: I talk of load balancer as in real hardware device, not as in
pretend LB's as in software)


> Does the example sql config have incorrect 
> information?
> 


I suspect so.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-smile.png
Type: image/png
Size: 873 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110910/c5e99667/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110910/c5e99667/attachment-0004.bin>

More information about the dovecot mailing list