Verified Commit 632748c9 authored by anarcat's avatar anarcat
Browse files

TPA-RFC-45: refine HA diagram 

We seem to be converging over something that covers both flow and
architecture, but even including other mail hosts. It's pretty neat!

See team#41009
parent 27c3bb8b

policy/tpa-rfc-44-email-emergency-recovery/architecture-post-flow.dot

deleted100644 → 0
+0 −52
Original line number Diff line number Diff line 
digraph email {

        label="TPA-RFC-44 Email routing overview\ntorproject.org, June 2024"

        labelloc=bottom

        compound=true



        node [shape=rectangle]



        // a user

        user [shape=triangle]



        subgraph "clustertpoha" {

                label="highly available TPA infrastructure"

                style=dotted



                submit1

                // new machines

                mailbox1 [color="green" style=filled label="mailbox1\nDovecot"]

                webmail1 [color="green" style=filled label="webmail1\nRoundcube"]

                mx1 [color="green" style=filled label="mx1\nrewriting"]

                mta1 [color="green" style=filled label="mta1\nrewriting"]

        }

        subgraph "clustertpo" {

                label="other TPA infrastructure"

                style=dotted

                // all other boxes that don't do anything special with email

                tpoboxes [label="other TPA hosts"]

                lists [color="green" style=filled label="lists\nschleuder\nmailman 3"]

                // hosts that manage and send their own email

                mailhosts [label="mail hosts\ngitlab, RT, CiviCRM"]

        }

        // external boxes

        dotdotdot [label="internet\nnon TPO mail hosts", shape=ellipse]



        webmail1 -> mailbox1 [dir=both]



        // all relations



        // mx receives email from everywhere and forwards it

        dotdotdot -> mx1 -> { mailhosts, lists, mailbox1 }

        // mail also goes directly to those hosts as welll

        dotdotdot -> { mailhosts, lists }

        // internal servers will relay mail through the MX, not directly to mbox

        { submit1, mta1, webmail1 } -> { mx1, mailhosts, lists }

        // user interacts with those

        user -> { mailhosts, lists, submit1 }

        user -> { webmail1 } [dir=both]

        user -> mailbox1 [dir=both]

        // those all relay mail to the outside

        { submit1, mailhosts, lists, mta1, webmail1 } -> dotdotdot

        // except those, who still go through the relay

        tpoboxes -> mta1

}

policy/tpa-rfc-44-email-emergency-recovery/architecture-post-flow.png

deleted100644 → 0
−112 KiB
Loading image diff...

policy/tpa-rfc-44-email-emergency-recovery/architecture-post-ha.dot

deleted100644 → 0
+0 −63
Original line number Diff line number Diff line 
digraph email {

        label="TPA-RFC-44 Email high availability design\ntorproject.org, June 2024\nsome gnt-dal traffic redacted for clarity"

        labelloc=bottom

        compound=true



        node [shape=rectangle]



        // a user

        user [shape=triangle]



        subgraph "clusterfsn" {

                label="gnt-fsn cluster"

                style=dotted



                submit1

                mailbox1 [color="green" style=filled label="mailbox1\nDovecot"]

                webmail1 [color="green" style=filled label="webmail1\nRoundcube"]

                // webmail -> all?

                mx1 [color="green" style=filled label="mx1\n"]

                mta1 [color="green" style=filled label="mta1\n"]

        }



        subgraph "clusterdal" {

                label="gnt-dal cluster"

                style=dotted

                submit2 [color="green" style=filled]

                mailbox2 [color="green" style=filled label="mailbox2\nDovecot\nfailover"]

                webmail2 [color="green" style=filled label="webmail2\nRoundcube"]

                mx2 [color="green" style=filled label="mx2\nrewriting"]

                mta2 [color="green" style=filled label="mta2\nrewriting"]

                redacted [style=dotted]

        }



        // external boxes

        external [label="internet\nnon TPO mail hosts", shape=ellipse]

        internal [label="other TPO hosts"]



        // HA mailbox cluster

        webmail1 -> mailbox1

        webmail2 -> mailbox2

        webmail1 -> mailbox2 [style="dotted"]

        webmail2 -> mailbox1 [style="dotted"]

        mailbox1 -> mailbox2 -> mailbox1 [label="sync"]



        // all relations

        mx1 -> mailbox1

        { mta1, webmail1 } -> mx1

        { mta1, webmail1 } -> mx2 [style=dotted]

        internal -> mta1

        internal -> mta2 [style=dotted]

        // user interacts with those

        user -> { submit1 }

        user -> { submit2 } [style=dotted]

        user -> { webmail1 } [dir=both]

        user -> { webmail2 } [dir=both style="dotted"]

        user -> mailbox1 [dir=both]

        user -> mailbox2 [dir=both style="dotted"]

        // those all relay mail to the outside

        { submit1, mta1, webmail1 } -> external

        { mx2, submit2, mta2, webmail2 } -> redacted

        submit1 -> {mx1, mailbox1}

        mx1 -> mailbox2 [style=dotted]

}

policy/tpa-rfc-44-email-emergency-recovery/architecture-post-ha.png

deleted100644 → 0
−110 KiB
Loading image diff...

policy/tpa-rfc-44-email-emergency-recovery/architecture-post.dot

+33 −30
Original line number Diff line number Diff line 
digraph email {

        label="Email architecture TPA-RFC-44 long term plan\ntorproject.org, June 2024"

        label="TPA-RFC-44 Email high availability design\ntorproject.org, June 2024\nother TPA mail hosts and inter-cluster traffic redacted for clarity\n"

        labelloc=bottom

        compound=true
@@ -8,60 +8,63 @@ digraph email { 
        // a user

        user [shape=triangle]



        // all other boxes that don't do anything special with email

        tpoboxes [label="other TPA hosts"]

        // hosts that manage and send their own email

        mailhosts [label="mail hosts\ngitlab, RT, CiviCRM"]

        // new machines

        subgraph "clusterfsn" {

                label="gnt-fsn cluster"

                label="primary cluster"

                style=dotted



                submit1

                mailbox1 [color="green" style=filled label="mailbox1\nDovecot"]

                webmail1 [color="green" style=filled label="webmail1\nRoundcube"]

                // webmail -> all?

                mx1 [color="green" style=filled label="mx1\nrewriting"]

                mta1 [color="green" style=filled label="mta1\nrewriting"]

                lists [color="green" style=filled label="lists\nschleuder\nmailman 3"]

                mx1 [color="green" style=filled label="mx1\n"]

                mta1 [color="green" style=filled label="mta1\n"]

                generic1 [label="other TPA mail servers" style=rounded]

        }



        subgraph "clusterdal" {

                label="gnt-dal cluster"

                label="secondary cluster"

                style=dotted



                submit2 [color="green" style=filled]

                mailbox2 [color="green" style=filled label="mailbox2\nDovecot\nfailover"]

                webmail2 [color="green" style=filled label="webmail2\nRoundcube"]

                mx2 [color="green" style=filled label="mx2\nrewriting"]

                mta2 [color="green" style=filled label="mta2\nrewriting"]

                webmail2 [color="green" style=filled label="webmail2\nRoundcube\nfailover"]

                mx2 [color="green" style=filled label="mx2"]

                mta2 [color="green" style=filled label="mta2"]

                generic2 [label="other TPA mail servers" style=rounded]

        }



        // external boxes

        external [label="internet\nnon TPO mail hosts", shape=ellipse]

        internal [label="other TPO hosts"]



        // HA mailbox cluster

        webmail1 -> mailbox1

        webmail2 -> mailbox2

        webmail2 -> mailbox2 [style=dotted]

        webmail1 -> mailbox2 [style="dotted"]

        webmail2 -> mailbox1 [style="dotted"]

        mailbox1 -> mailbox2 -> mailbox1



        // external boxes

        dotdotdot [label="internet\nnon TPO mail hosts", shape=ellipse]

        mailbox1 -> mailbox2 -> mailbox1 [label="sync"]



        // all relations



        // mx receives email from everywhere and forwards it

        dotdotdot -> mx1

        mx1 -> { mailhosts, lists, mailbox1 }

        mx1 -> { mailbox1, generic1 }

        mx2 -> generic2

        mx2 -> mailbox2 [style=dotted]

        { mta1, webmail1 } -> mx1

        //mx1 -> mailbox2 [style=dotted]

        dotdotdot -> { mailhosts, lists }

        { mta2, webmail2 } -> mx2

        internal -> mta1

        internal -> mta2

        // user interacts with those

        user -> { mailhosts, lists, submit1 }

        user -> { submit1 }

        user -> { submit2 }

        user -> { webmail1 } [dir=both]

        user -> { webmail2 } [dir=both style="dotted"]

        user -> mailbox1 [dir=both]

        user -> mailbox2 [dir=both style="dotted"]

        // those all relay mail to the outside

        { submit1, mailhosts, lists, mta1, webmail1 } -> dotdotdot

        submit1 -> {mx1, lists, mailhosts, mailbox1}

        { submit1, mta1, webmail1 } -> external

        { submit2, mta2, webmail2 } -> external

        external -> { mx1, mx2 }

        submit1 -> {mx1, mailbox1}

        submit2 -> mx2

        submit2 -> {mailbox2} [style=dotted]

        mx1 -> mailbox2 [style=dotted]

        // except those, who still go through the relay

        tpoboxes -> mta1

}