In your scenario I think it would be better if you didn't cluster email and instead let it go to backup MX.
You're very welcome if you want to elaborate on this
(if you see what I mean
)
I'm also very interested to read you feedback after HA test you may perform with 3.4
pacemaker + corosync is definitely a good starting point but to me, unless I misunderstand, it doesn't provide (yet) significant added value in real life deployment except some very specific scenario.
HA scope is only FW, DHCP, DNS and OpenVPN.
As written in the beta section, I don't understand what FW cluster could provide given the monolithic aspect of Zentyal server.
Let me explain what I understand:
- you deploy 2 Zentyal servers, each running basic set of service, e.g. HTTP proxy, mail and file sharing, to make it simple. Of course, it comes with FW, DHCP and DNS.
- you set up your cluster, floating IPs inside and outside.
- out of the box, services are defined to be accessed using real IPs, but as you are clever, you manually change it to use floating IP when this is relevant, therefore here for... DNS and OpenVPN. No need to define anything for DHCP
and for firewall... I still don't understand
- If server 1 fails, what's the scenario ? DHCP, DNS and OpenVPN swing to server 2. So clients get new lease if needed (this is very unlikely to be a problem in most organisations), access from outside to VPN works if you connect to floating (external) IP but default route is still server 1 for internal servers or are you using internal floating IP as default route. Much better like this but HTTP proxy is not part of your cluster isn't it ? So no transparent proxy... Same for mail, file sharing and domain controller.
This rather promote something I was not expecting in term of deployment that is to have one Zentyal server as border/internet gateway and perhaps another internal server providing services internally. In such case, from outside, thanks to highly available VPN, you can still access services. The bad news is that Zentyal is still very monolithic in its design, meaning such split of services on different Zentyal servers is uneasy.
This to explain that moving to HA is very interesting on the principle but without any roadmap and understanding of what could be delivered (HA scope) and when, deployment in prod is not yet achievable, even, to me, partially.