Changes

Page history
start taking notes on IMAP HA (#41009) authored by anarcat's avatar anarcat
Show whitespace changes
Inline Side-by-side
service/email.md
View page @ 37989954
......@@ -999,7 +999,7 @@ the long term plan from TPA-RFC-44 (TPA-RFC-45, [issue
tpo/tpa/team#41009](https://gitlab.torproject.org/tpo/tpa/team/-/issues/41009)). This will mean either outsourcing mail
services or building a proper mail hosting service.
## Proposed Solution
## Proposed Solutions
We went through a number of proposals to improve mail services over
time:
......@@ -1012,6 +1012,42 @@ time:
records, long term plan postponed)
* TPA-RFC-45: Mail architecture (long term plans from TPA-RFC-44)
## High availability notes
If we do host our own IMAP servers eventually, we would like them to
be highly available, without human intervention. That means having an
"active-active" mirror setup where the failure of one host doesn't
affect users at all and doesn't require human intervention to restore
services.
We already know quite well how to do an active/passive setup: DRBD
allows us to replicate entire disks between machines. It *might* be
possible to do the same with active/active setups in DRBD, in theory,
but in practice this quickly runs into filesystem limitations, as
(e.g.) ext4 is *not* designed to be accessed by multiple machines
simultaneously.
Dovecot has a [replication system called dsync](https://doc.dovecot.org/configuration_manual/replication/) that replicates
mailboxes over a pipe. There are examples for TCP, TLS and SSH. [This
blog post](http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html) explains the design as well. A pair of [director](https://doc.dovecot.org/admin_manual/director/dovecotdirector/)
processes could be used to direct users to the right server. [This
tutorial](http://web.archive.org/web/20201111212844/https://blog.le-vert.net/?p=160) seems to have been useful for people.
Dovecot also shows a [HAProxy configuration](https://doc.dovecot.org/configuration_manual/haproxy/). A script called
[poolmon](https://github.com/brandond/poolmon/tree/master) seems to be used by some folks to remove/re-add backends
to the director when the go unhealthy. Dovecot now ships a
[dovemon](https://doc.dovecot.org/configuration_manual/dovemon/) program that works similarly, but it's only available in
the non-free "Pro" version.
There's also a [ceph plugin](https://github.com/ceph-dovecot/dovecot-ceph-plugin) to store emails in a Ceph backend.
It also seems possible to store mailbox and index objects in an
[object storage backend](https://doc.dovecot.org/admin_manual/dovecot_backend/), a configuration documented in the
[Dovecot Cluster Architecture](https://doc.dovecot.org/admin_manual/dovecot_cluster_architecture/). It seems that, unfortunately, this
is part of the "Pro" version of Dovecot, not usable in the free
version (see [mailbox formats](https://doc.dovecot.org/admin_manual/mailbox_formats/)). There's also someone who
implemented a [syncthing backend](https://github.com/fragtion/dovecot-core).
## Submission server proposal
Note: this proposal was discussed inline in the old
......
......