Distributed setup

Alain Spineux aspineux at gmail.com
Mon Aug 4 21:54:09 CEST 2008


On Sun, Aug 3, 2008 at 1:55 PM, Albrecht Dreß
<albrecht.dress at lios-tech.com> wrote:
> Dear Alain:
>
> Thanks a lot for your reply...
>
> "Alain Spineux" <aspineux at gmail.com> wrote:
>> On Thu, Jul 31, 2008 at 10:35 AM, Albrecht Dreß
>>> I would like to install Kolab 2.2 on /two/ Ubuntu Hardy machines in a
> "distributed" way:  box #1 shall have the Cyrus, Postfix and Apache related
> stuff installed, and box #2 shall get all the rest.
>>
>> This mean ldap and Amavis will be on #2, this is a good balance !
>
> I will probably omit the scanning stuff, as the incoming mail goes through an
> other externally hosted Linux box with Postfix, Mailscanner, Spamassassin and
> ClamAV, so IMO I can omit the second check...

Less interesting, but ldap can have some works to do when the users
are more than 10000


>
>> Not a good argument, because OpenPkg and Kolab have also security in mind !
>
> O.k., got your point. ;-)
>
>> Do you know SELinux ? If so, just translate the exisiting rules to openpkg
> environment ! If not will you really learn and adapt SELinux for kolab ?
>
> I have some basic knowledge of SELinux...  One problem with Ubuntu Hardy is that
> it does not come with really good SELinux support.  Using the policy coming with
> it results in many avc messages (i.e. not usable in enforcing mode).  I tried
> the "targeted" policy from Debian Etch (didn't try Lenny's yet) on an other
> Hardy box, also resulting in many messages.  However, as on the box #1, exposed
> to the evil internet, only a few services will run, I think it should be
> possible to tweak the targeted policy accordingly.  Box #2 will run much more
> stuff apart from Kolab, which will probably be a much bigger problem, so I guess
> I'll leave it in permissive mode first.
>
>> I things the best is to install a full install on both, make it works on #1,
> then
>> transfer features from #1 to #2 one by one
>

I hoped to have time to do it, but never had it.

> Well, yes, that's almost what I also was thinking about.  My question was if
> there are already any experiences or howtos?
>
> I don't understand the internal structure sufficiently; this approach should
> work if the Kolab components communicate only through IPC (read: Internet Domain
> Sockets).  If one component tweaks the config file of an other one, though, then
> they must obviously reside on the same box.

Yes every component comunicates together through IP protocol.

In your case, you can use the master/slave facility.
Master and slave use the same LDAP db running only on the master.
You can balance your mailboxes on both (but you dont need this, I'm
just explaining)
Both can accept and relay mail for any local or external mailbox. The
only limit is
that user need to read his mail on the good server, where his mailbox is !

If you configure a master/slave, with #2 as master and put all the mailbox on
the slave aka #1 (this is done a mailbox creation) everythin will be
as expected without
pain

Regards.


>
> Does anyone have more insight into that?
>
> Thanks, Albrecht.
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you




More information about the users mailing list