Re: Update Postfix transport file on multiple servers
- My proposal of using a machine that contains samba/nfs shared file is likely to create a critical node inthe architecture...
I appreciate Harald's idea of using mysql server with replication clients....if I've understood well every postfix installation reads config informations from its own mysql replication server so you can modify only the master server and changes spread over the replication slaves....
a kind of the DNS working, isn't it?2011/3/1 Reindl Harald <h.reindl@...>
i would use mysql for some reasons
* one master where write changes
* every machine can run a replication slave
* no single-point-of-failure
* postfix needs only read-permissions so there nerver writes on any slave
* you can even define each mysqld in each postfix server for failover
samba/nfs is fine as long this machine/connection is alive
but if you have troubles there all your servers are down
Am 01.03.2011 10:51, schrieb aa:> And what about using a shared disk space on a single machine that contains configuration file of every mail server.> 2011/3/1 Luis Esteves <luisdobenfica@... <mailto:luisdobenfica@...>>
> Every machine that has postfix can access these configuration files using samba or NFS...a kind of shared folder
> that can be contained on a postfix server machine too without using a dedicated machine....
> I'll have a look to this tools, I'm curious...
> Thanks a lot,
> Victor Duchovni wrote:
> > On Thu, Feb 24, 2011 at 02:52:17PM -0800, Luis Esteves wrote:
> >> Many Thanks Victor for the answer.
> > An answer anyway, there are a few ways to address this... Some people
> > would use tools like "cfengine" or similar. Basically, anything that
> > lets you manage configuration files on multiple Unix hosts.
> > --
> > Viktor.
> View this message in context:
> Sent from the Postfix mailing list archive at Nabble.com.
Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
- Le 01/03/2011 06:37, Luis Esteves a écrit :
>it's unclear what "budget" you have. I am biased toward large platforms
> Good idea.
> I'll soon install a centralized logs server (with rsync) for logs retention
> an alalysis, maybe I will use this server to update Postfix files. It will
> be in the trusted network, so, I will generate SSH Keys. The private Key
> will be stored in the trusted network, and the public Key on each Postfix
> server (DMZ).
> All I need is to create a script that synchronize the files et then run the
> Make (remote) command.
> This seems to be the most suitable solution for me.
(and even for small ones, toward "large style" processes implemented "in
ideally, you shouldn't mix the management hosts and the log servers.
role segregation is a good principle. management hosts are hosts you use
to "push" things onto your production. log servers are hosts that
receive things from your production servers. if you can't use different
hosts for that, then do everything to separate the roles (different user
accounts, different access control rules, ... etc).
- Le 01/03/2011 10:51, aa a écrit :
> And what about using a shared disk space on a single machine that containswell, the problem is not file sharing here. if it's just for making
> configuration file of every mail server.
> Every machine that has postfix can access these configuration files using
> samba or NFS...a kind of shared folder that can be contained on a postfix
> server machine too without using a dedicated machine....
files available, then rsync over ssh is a proven and robust mechanism.
the issue is that for some maps, a 'postfix reload' is needed and this
is a harder problem because it requires privileges.
sql is a good way to solve the problem, although it means allowing
"inbound" sql access from the postfix servers. it also has the benefit
of requiring no reload. add to this the possibility of using a web ui or
other to manage data in an sql db.
Meybe there is another solution.
Initaly I didn't want to generate private/public keys, because I was
planning to use the root account.
But, to solve this security issue, I create a user account with user rights,
and generate ssh private/public keys (less dangerous that root account)
I add command provileges to sudoers, so the account can run a script that
- transfert needed files overs overs ssh to other servers
- run make command to create the db files on all servers
What do you think about this solution ?
Luis Esteves wrote:
> Hi everybody,
> In our organisation we have 4 postfix servers.
> Each time i need to add a new configuration to the transport file (for a
> new domain), i need to update the transport file on each server.
> This is cumbersome. Connect on each server with ssh, update the transport
> file, et run make to generate a db file.
> Is there an easy way to update all files on each server easily (without
> generating ssh public/private keys and running these commands from one
> server) ?
> Is it a good idea to use a centralized PostgreSQL database to store the
> Postfix configuration files ?
View this message in context: http://old.nabble.com/Update-Postfix-transport-file-on-multiple-servers-tp31008507p31061754.html
Sent from the Postfix mailing list archive at Nabble.com.