Loading ...
Sorry, an error occurred while loading the content.

Re: Update Postfix transport file on multiple servers

Expand Messages
  • Reindl Harald
    i would use mysql for some reasons * one master where write changes * every machine can run a replication slave * no single-point-of-failure * postfix needs
    Message 1 of 16 , Mar 1, 2011
    • 0 Attachment
      i would use mysql for some reasons

      * one master where write changes
      * every machine can run a replication slave
      * no single-point-of-failure
      * postfix needs only read-permissions so there nerver writes on any slave
      * you can even define each mysqld in each postfix server for failover

      samba/nfs is fine as long this machine/connection is alive
      but if you have troubles there all your servers are down

      Am 01.03.2011 10:51, schrieb aa:
      > And what about using a shared disk space on a single machine that contains configuration file of every mail server.
      > Every machine that has postfix can access these configuration files using samba or NFS...a kind of shared folder
      > that can be contained on a postfix server machine too without using a dedicated machine....
      >
      > 2011/3/1 Luis Esteves <luisdobenfica@... <mailto:luisdobenfica@...>>
      >
      >
      > Hi,
      >
      > I'll have a look to this tools, I'm curious...
      >
      > Thanks a lot,
      > Luis
      >
      >
      > Victor Duchovni wrote:
      > >
      > > On Thu, Feb 24, 2011 at 02:52:17PM -0800, Luis Esteves wrote:
      > >
      > >>
      > >> Many Thanks Victor for the answer.
      > >
      > > An answer anyway, there are a few ways to address this... Some people
      > > would use tools like "cfengine" or similar. Basically, anything that
      > > lets you manage configuration files on multiple Unix hosts.
      > >
      > > --
      > > Viktor.
      > >
      > >
      >
      > --
      > View this message in context:
      > http://old.nabble.com/Update-Postfix-transport-file-on-multiple-servers-tp31008507p31038134.html
      > Sent from the Postfix mailing list archive at Nabble.com.
      >
      >

      --

      Mit besten Grüßen, Reindl Harald
      the lounge interactive design GmbH
      A-1060 Vienna, Hofmühlgasse 17
      CTO / software-development / cms-solutions
      p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
      icq: 154546673, http://www.thelounge.net/
    • aa
      My proposal of using a machine that contains samba/nfs shared file is likely to create a critical node inthe architecture... I appreciate Harald s idea of
      Message 2 of 16 , Mar 1, 2011
      • 0 Attachment
        My proposal of using a machine that contains samba/nfs shared file  is likely to create a critical node inthe architecture...

        I appreciate Harald's idea of using mysql server with replication clients....if I've understood well every postfix installation reads config informations from its own mysql replication server so you can modify only the master server and changes spread over the replication slaves....
        a kind of the DNS working, isn't it?

        2011/3/1 Reindl Harald <h.reindl@...>
        i would use mysql for some reasons

        * one master where write changes
        * every machine can run a replication slave
        * no single-point-of-failure
        * postfix needs only read-permissions so there nerver writes on any slave
        * you can even define each mysqld in each postfix server for failover

        samba/nfs is fine as long this machine/connection is alive
        but if you have troubles there all your servers are down

        Am 01.03.2011 10:51, schrieb aa:
        > And what about using a shared disk space on a single machine that contains configuration file of every mail server.
        > Every machine that has postfix can access these configuration files using samba or NFS...a kind of shared folder
        > that can be contained on a postfix server machine too without using a dedicated machine....
        >
        > 2011/3/1 Luis Esteves <luisdobenfica@... <mailto:luisdobenfica@...>>
        >
        >
        >     Hi,
        >
        >     I'll have a look to this tools, I'm curious...
        >
        >     Thanks a lot,
        >     Luis
        >
        >
        >     Victor Duchovni wrote:
        >     >
        >     > On Thu, Feb 24, 2011 at 02:52:17PM -0800, Luis Esteves wrote:
        >     >
        >     >>
        >     >> Many Thanks Victor for the answer.
        >     >
        >     > An answer anyway, there are a few ways to address this... Some people
        >     > would use tools like "cfengine" or similar. Basically, anything that
        >     > lets you manage configuration files on multiple Unix hosts.
        >     >
        >     > --
        >     >       Viktor.
        >     >
        >     >
        >
        >     --
        >     View this message in context:
        >     http://old.nabble.com/Update-Postfix-transport-file-on-multiple-servers-tp31008507p31038134.html
        >     Sent from the Postfix mailing list archive at Nabble.com.
        >
        >

        --

        Mit besten Grüßen, Reindl Harald
        the lounge interactive design GmbH
        A-1060 Vienna, Hofmühlgasse 17
        CTO / software-development / cms-solutions
        p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
        icq: 154546673, http://www.thelounge.net/


      • mouss
        ... it s unclear what budget you have. I am biased toward large platforms (and even for small ones, toward large style processes implemented in the
        Message 3 of 16 , Mar 2, 2011
        • 0 Attachment
          Le 01/03/2011 06:37, Luis Esteves a écrit :
          >
          > Hi,
          >
          > Good idea.
          >
          > I'll soon install a centralized logs server (with rsync) for logs retention
          > an alalysis, maybe I will use this server to update Postfix files. It will
          > be in the trusted network, so, I will generate SSH Keys. The private Key
          > will be stored in the trusted network, and the public Key on each Postfix
          > server (DMZ).
          > All I need is to create a script that synchronize the files et then run the
          > Make (remote) command.
          >
          > This seems to be the most suitable solution for me.
          >

          it's unclear what "budget" you have. I am biased toward large platforms
          (and even for small ones, toward "large style" processes implemented "in
          the small").

          ideally, you shouldn't mix the management hosts and the log servers.
          role segregation is a good principle. management hosts are hosts you use
          to "push" things onto your production. log servers are hosts that
          receive things from your production servers. if you can't use different
          hosts for that, then do everything to separate the roles (different user
          accounts, different access control rules, ... etc).
        • mouss
          ... well, the problem is not file sharing here. if it s just for making files available, then rsync over ssh is a proven and robust mechanism. the issue is
          Message 4 of 16 , Mar 2, 2011
          • 0 Attachment
            Le 01/03/2011 10:51, aa a écrit :
            > And what about using a shared disk space on a single machine that contains
            > configuration file of every mail server.
            > Every machine that has postfix can access these configuration files using
            > samba or NFS...a kind of shared folder that can be contained on a postfix
            > server machine too without using a dedicated machine....
            >


            well, the problem is not file sharing here. if it's just for making
            files available, then rsync over ssh is a proven and robust mechanism.

            the issue is that for some maps, a 'postfix reload' is needed and this
            is a harder problem because it requires privileges.

            sql is a good way to solve the problem, although it means allowing
            "inbound" sql access from the postfix servers. it also has the benefit
            of requiring no reload. add to this the possibility of using a web ui or
            other to manage data in an sql db.
          • Luis Esteves
            Hi, Meybe there is another solution. Initaly I didn t want to generate private/public keys, because I was planning to use the root account. But, to solve this
            Message 5 of 16 , Mar 3, 2011
            • 0 Attachment
              Hi,

              Meybe there is another solution.

              Initaly I didn't want to generate private/public keys, because I was
              planning to use the root account.
              But, to solve this security issue, I create a user account with user rights,
              and generate ssh private/public keys (less dangerous that root account)
              I add command provileges to sudoers, so the account can run a script that
              will :

              - transfert needed files overs overs ssh to other servers
              - run make command to create the db files on all servers

              What do you think about this solution ?

              Luis


              Luis Esteves wrote:
              >
              > Hi everybody,
              >
              > In our organisation we have 4 postfix servers.
              > Each time i need to add a new configuration to the transport file (for a
              > new domain), i need to update the transport file on each server.
              > This is cumbersome. Connect on each server with ssh, update the transport
              > file, et run make to generate a db file.
              >
              > Is there an easy way to update all files on each server easily (without
              > generating ssh public/private keys and running these commands from one
              > server) ?
              >
              > Is it a good idea to use a centralized PostgreSQL database to store the
              > Postfix configuration files ?
              >
              > Thanks,
              > Luis
              >

              --
              View this message in context: http://old.nabble.com/Update-Postfix-transport-file-on-multiple-servers-tp31008507p31061754.html
              Sent from the Postfix mailing list archive at Nabble.com.
            Your message has been successfully submitted and would be delivered to recipients shortly.