Imodzi mwantchito zazikulu pomanga zida zazikulu za Zimbra OSE ndikuwongolera moyenera katundu. Kuwonjezera pa mfundo yakuti kumawonjezera vuto kulolerana utumiki, popanda katundu kugwirizanitsa n'zosatheka kuonetsetsa kuyankha chimodzimodzi utumiki kwa onse ogwiritsa. Kuti athetse vutoli, zolemetsa zolemetsa zimagwiritsidwa ntchito - mapulogalamu ndi mapulogalamu a hardware omwe amagawiranso zopempha pakati pa maseva. Pakati pawo pali akale kwambiri, monga RoundRobin, omwe amangotumiza pempho lililonse ku seva yotsatira pamndandanda, komanso pali zina zapamwamba kwambiri, mwachitsanzo HAProxy, yomwe imagwiritsidwa ntchito kwambiri pamakompyuta olemetsa kwambiri chifukwa cha chiwerengero cha ubwino waukulu. Tiyeni tiwone momwe mungapangire HAProxy load balancer ndi Zimbra OSE kugwirira ntchito limodzi.
Chifukwa chake, molingana ndi momwe ntchitoyi ikuyendera, tapatsidwa zida za Zimbra OSE, zomwe zili ndi Zimbra Proxy ziwiri, ma seva awiri a LDAP ndi LDAP Replica, ma storages anayi okhala ndi ma mailbox 1000 lililonse ndi ma MTA atatu. Popeza tikuchita ndi seva yamakalata, ilandila mitundu itatu yamagalimoto omwe amafunikira kusanja: HTTP pakutsitsa kasitomala, komanso POP ndi SMTP potumiza imelo. Pankhaniyi, magalimoto a HTTP adzapita ku ma seva a Zimbra Proxy okhala ndi ma adilesi a IP 192.168.0.57 ndi 192.168.0.58, ndipo magalimoto a SMTP adzapita ku ma seva a MTA okhala ndi ma adilesi a IP 192.168.0.77 ndi 192.168.0.78.
Monga tanenera kale, kuonetsetsa kuti zopempha zimagawidwa mofanana pakati pa ma seva, tidzagwiritsa ntchito HAProxy load balancer, yomwe idzayendetsedwe pa Zimbra Ingress Ingress node yoyendetsa Ubuntu 18.04. Kuyika haproxy pa opaleshoniyi kumachitika pogwiritsa ntchito lamulo sudo apt-get kukhazikitsa haproxy. Pambuyo pa izi muyenera mu fayilo /etc/default/haproxy kusintha parameter ZOTHANDIZA=0 pa ZOTHANDIZA=1. Tsopano, kuti muwonetsetse kuti haproxy ikugwira ntchito, ingolowetsani lamulo service haproxy. Ngati ntchitoyi ikugwira ntchito, izi zidzamveka bwino kuchokera ku zotsatira za lamulo.
Chimodzi mwazovuta zazikulu za HAProxy ndikuti mwachisawawa sichimatumiza adilesi ya IP ya kasitomala wolumikizira, ndikuyika yake. Izi zitha kuyambitsa nthawi pomwe maimelo otumizidwa ndi omwe akuwukira sangathe kudziwika ndi adilesi ya IP kuti awonjezere pamndandanda wakuda. Komabe, nkhaniyi ikhoza kuthetsedwa. Kuti muchite izi muyenera kusintha fayilo /opt/zimbra/common/conf/master.cf.in pa maseva omwe ali ndi Postfix ndikuwonjezera mizere yotsatirayi:
26 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
466 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
588 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
Chifukwa cha izi, tidzatsegula madoko 26, 466 ndi 588, omwe adzalandira magalimoto obwera kuchokera ku HAProxy. Mafayilo atasungidwa, muyenera kuyambitsanso Postfix pa maseva onse pogwiritsa ntchito zmmtactl restart command.
Pambuyo pake, tiyeni tiyambe kukhazikitsa HAProxy. Kuti muchite izi, choyamba pangani kopi yosunga zosunga zobwezeretsera cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak. Kenako tsegulani fayilo yoyambira mumkonzi wamawu /etc/haproxy/haproxy.cfg ndikuyamba kuwonjezera zoikamo zofunika kwa izo sitepe ndi sitepe. Chotchinga choyamba chidzakhala chikuwonjezera seva yomwe imatenga zipika, ndikuyika nambala yovomerezeka yolumikizira nthawi imodzi, komanso kufotokozera dzina ndi gulu la wogwiritsa ntchito lomwe lidzakhala.
global
user daemon
group daemon
daemon
log 127.0.0.1 daemon
maxconn 5000
chroot /var/lib/haproxy
Chiwerengero cha 5000 cholumikizira nthawi imodzi chinawonekera pazifukwa. Popeza tili ndi makalata 4000 muzomangamanga zathu, tikuyenera kulingalira za kuthekera kuti onse adzalandira imelo yawo yantchito nthawi imodzi. Kuonjezera apo, m'pofunika kusiya malo osungirako ochepa ngati chiwerengero chawo chikuwonjezeka.
Tsopano tiyeni tiwonjeze chipika chokhala ndi zosintha zosasintha:
defaults
timeout client 1m
log global
mode tcp
timeout server 1m
timeout connect 5s
Chotchinga ichi chimakhazikitsa nthawi yochuluka kwa kasitomala ndi seva kuti atseke kugwirizanako ikatha, ndikuyikanso njira yogwiritsira ntchito HAProxy. Kwa ife, balancer yolemetsa imagwira ntchito mu TCP mode, ndiko kuti, imangotumiza mapaketi a TCP popanda kusanthula zomwe zili.
Kenako tidzawonjezera malamulo olumikizirana pamadoko osiyanasiyana. Mwachitsanzo, ngati port 25 ikugwiritsidwa ntchito polumikizana ndi ma SMTP ndi makalata, ndiye kuti ndizomveka kutumiza maulumikizidwe ake ku MTAs omwe amapezeka muzomangamanga zathu. Ngati kulumikizana kuli pa doko 80, ndiye kuti iyi ndi pempho la http lomwe liyenera kutumizidwa ku Zimbra Proxy.
Lamulo la port 25:
frontend smtp-25
bind *:27
default_backend backend-smtp-25
backend backend-smtp-25
server mta1 192.168.0.77:26 send-proxy
server mta2 192.168.0.78:26 send-proxy
Lamulo la port 465:
frontend smtp-465
bind *:467
default_backend backend-smtp-465
backend backend-smtp-465
server mta1 192.168.0.77:466 send-proxy
server mta2 192.168.0.78:466 send-proxy
Lamulo la port 587:
frontend smtp-587
bind *:589
default_backend backend-smtp-587
backend backend-smtp-587
server mail1 192.168.0.77:588 send-proxy
server mail2 192.168.0.78:588 send-proxy
Lamulo la port 80:
frontend http-80
bind *:80
default_backend http-80
backend http-80
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check
Lamulo la port 443:
frontend https
bind *:443
default_backend https-443
backend https-443
mode tcp
server zproxy1 192.168.0.57:80 check
server zproxy2 192.168.0.58:80 check
Chonde dziwani kuti m'malamulo otumizira mapaketi a TCP ku MTA, pafupi ndi ma adilesi awo pali chizindikiro. kutumiza-woyimira. Izi ndizofunikira kuti, molingana ndi zosintha zomwe tidapanga kale ku zoikamo za Postfix, adilesi yoyambirira ya IP ya wotumizayo imatumizidwa limodzi ndi mapaketi a TCP.
Tsopano kuti zosintha zonse zofunikira zapangidwa ku HAProxy, mutha kuyambitsanso ntchitoyo pogwiritsa ntchito lamulo service haproxy restart ndikuyamba kugwiritsa ntchito.
Pamafunso onse okhudzana ndi Zextras Suite, mutha kulumikizana ndi Woimira Zextras Ekaterina Triandafilidi ndi imelo. [imelo ndiotetezedwa]
Source: www.habr.com