This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 2 and 3
Revision 2 as of 2012-12-13 10:57:49
Size: 1966
Editor: TimoSirainen
Comment:
Revision 3 as of 2013-01-10 12:27:59
Size: 2106
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 48: Line 48:
== dsync wrapper script for root == == dsync wrapper script for root (v2.2+) ==
Line 50: Line 50:
If you're using multiple UIDs, dsync needs to be started as root, which means you need to log in as root with ssh (or use sudo). Another possibility is to allow root to run only a wrapper script:

/usr/local/bin/dsync-out-wrapper.sh:
{{{
#!/bin/sh

host=$1
user=$2
(echo $user;cat) | ssh -i /root/.ssh/id_dsa.dsync $host /usr/local/bin/dsync-in-wrapper.sh
}}}
If you're using multiple UIDs, dsync needs to be started as root, which means you need to log in as root with ssh (or use sudo). Another possibility is to allow root to run only a wrapper script. There is some built-in support for this in v2.2+ to make it easier:
Line 63: Line 54:
dsync_remote_cmd = /usr/local/bin/dsync-out-wrapper.sh %{host} %u dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/id_dsa.dsync %{host} /usr/local/bin/dsync-in-wrapper.sh
plugin {
  mail_replica = remoteprefix:vmail@anotherhost.example.com
}
Line 70: Line 64:

/usr/local/bin/dsync-in-wrapper.sh:
{{{
#!/bin/sh

read username
/usr/local/bin/doveadm dsync-server -u $username
}}}

Replication with dsync

NOTE: v2.1 replication can't do incremental metadata syncing. This means that the more mails a mailbox has, the slower it is to sync it. v2.2's redesigned dsync will fix this.

Make sure that user listing is configured for your userdb, this is required by replication:

doveadm user '*'

Enable the replication plugin:

mail_plugins = $mail_plugins notify replication

Replicator process should be started at startup, so it can start replicating users immediately:

service replicator {
  process_min_avail = 1
}

You need to configure how and where to replicate. Using SSH for example:

dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
plugin {
  mail_replica = remote:vmail@anotherhost.example.com
}

The mail processes need to have access to the replication-notify fifo and socket. If you have a single vmail UID, you can do:

service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
  }
  unix_listener replication-notify {
    user = vmail
  }
}

The replication-notify only notifies the replicator processes that there is work to be done, so it's not terribly insecure either to just set mode=0666.

dsync wrapper script for root (v2.2+)

If you're using multiple UIDs, dsync needs to be started as root, which means you need to log in as root with ssh (or use sudo). Another possibility is to allow root to run only a wrapper script. There is some built-in support for this in v2.2+ to make it easier:

dovecot.conf:

dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/id_dsa.dsync %{host} /usr/local/bin/dsync-in-wrapper.sh
plugin {
  mail_replica = remoteprefix:vmail@anotherhost.example.com
}

/root/.ssh/authorized_keys2:

command="/usr/local/bin/dsync-in-wrapper.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <ssh key>

/usr/local/bin/dsync-in-wrapper.sh:

read username
/usr/local/bin/doveadm dsync-server -u $username

None: Replication (last edited 2019-05-27 07:44:57 by AkiTuomi)