ISPconfig as active-active with Galera Cluster (db, files, email, etc.)

Discussion in 'Installation/Configuration' started by Canefield, Jan 27, 2022.

  1. Canefield

    Canefield New Member

    Dear all,

    Can someone help me out HOW-TO setup ISPconfig with Galera Cluster? I want to test it with two VPS's (Debian 11). Should I install each as standalone or as multi-server? I want it to be 'highly available' (external floating IP) and independent from each other? Not that if the first VPS is down, no mutations can be done on the second VPS. So more like a active-active scenario. Later on I'll bring this test to production with at least 3 nodes for Galera.

    Any ideas how to manage the data like files, emails and so on on both VPS's...?! Does a rsync do the job. Any recommendations?

    My references so far:
    Installing A Web, Email And MySQL Database Cluster (Mirror) On Debian 5.0 With ISPConfig 3 (howtoforge.com)
    Installing A Web, Email & MySQL Database Cluster On Debian 6.0 With ISPConfig 3 (howtoforge.com)
    Installing a Web, Email & MySQL Database Cluster on Debian 8.4 Jessie with ISPConfig 3.1 (howtoforge.com)
    https://www.howtoforge.com/community/threads/ispconfig-with-galera-cluster.78230/

    Cheers,
    Canefield
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. Canefield

    Canefield New Member

    @till; thanks for this link; although I was familiar with it. Though this doesn't cover how-to setup it combined with a Galera Cluster and if each server should have it's own database (standalone) or use the multi-server setup (expert mode and join).
    What I'm trying to figure out is as follows:
    In case of two or three VPS's, should ISPConfig 3 be installed stand-alone or as multi-server setup taking into account making use of the Galera Cluster configuration. If one or the host go offline for whatever reason I want the third server to be fully operational (read/write). When one of the offline servers is coming online again, it simply synchronize that database/files/email/etc. and two servers are up and running. In the case the third offline server is corrupted/broken I simply want to reinstall ISPConfig 3, join it to the Galera Cluster (removing the old broken one as well) and synchronize all data (database/files/email/etc.) so their is no downtime and in the background every server will be active once all data is synchronized.
    > What do I have to consider, install, configure to achieve the above? Any thoughts, recommendations, etc. is more than welcome.
    > I've added a simple drawing to illustrate.

    Other refences:
    Perfect Server Automated ISPConfig 3 Installation on Debian 10 - 11 and Ubuntu 20.04 (howtoforge.com)
    How to Setup MariaDB Galera Cluster on Ubuntu 20.04 (howtoforge.com)
     

    Attached Files:

  4. ahrasis

    ahrasis Well-Known Member

    I could be wrong but I think he means that you could build a cluster like in Jessie 8.4 tutorial using the latest multi server guide and MariaDB galera cluster guide? Does that make sense to you?
     
    Last edited: Jan 28, 2022
  5. Canefield

    Canefield New Member

    @ahrasis; you're entirely right. I completely overlooked that. Thx. Just out of curiosity, what is your opinion about 'unison' for the file-copy and 'dsync'? Will this be instant? Any experience? Thoughts and/or recommendations?
     
    Last edited: Jan 28, 2022
  6. Canefield

    Canefield New Member

    @ahrasis: To make sure I understand you correctly, do you encourage or discourage my approach? In regards to manageability my understanding was that making use of a multi-server solution would complicated things. However, the way I read and interpret it, all data (files/email/etc.) replicates due the mirror function. Is that right? Also DNS SEC? How about when the master is down/corrupted/broken? Is this simply to restore or to perform a fresh install?
    In my way of thinking I wanted to simplify stuff and to get rid off most complexity. Therefore I was pointing towards a active-active (read/write) database cluster and some sync-tool for all other data (files/email/etc.). As you probably read, I'm totally lost. Can you help me to clarify one another? The pros and cons in both scenario's? Thanks a lot.
     
  7. ahrasis

    ahrasis Well-Known Member

    Though I tested it before, I haven't tested ISPConfig cluster for almost 5 years as I have no need to use it, so my view is not really based on active experience.

    That said, master-master approach was already discussed in that Jessie 8.4 Cluster tutorial and you may follow it while using the latest tutorial to install ISPConfig that is if your approach is master-master as it suggested and while doing that you may change the use of MySQL cluster to MariaDB Galera cluster.

    The only thing you need to understand is, there can only be one ISPConfig Control Panel which means you can reconstruct it if it failed but you cannot have two at the same time. All other services should work fine even if the ISPConfig Control Panel failed.

    To ease things up, you might consider using backup image instead of running multiple master-master server. You can quickly restore the backed up image if your server is down.

    Othwerwise, I would suggest multi server as I mentioned before but deleted it.

    In that situation, you separate ISPConfig Control Panel with other services so that you can have master-master server with it while with others, you use mirror option. However, I think you will still need to setup something like unison for the webserver, dovecot's dsync for mail etc.

    DNS servers is a little bit tricky because of the key's issues but you can learn it slowly which one is better and preferred i.e. whether to use mirror or otherwise not for it.

    I share my views from the recollection of some old memories combining them with some new ones, so I am sorry, if I could not make it clear enough for you.

    Anyway, all the best.
     
  8. Canefield

    Canefield New Member

    @ahrasis Thanks for your reply

    Any other person that has current ideas, thoughts, insights, experience?
    So I can't use the control panel twice; so I should separate this at all times? So, one server with all services and a second (and third) one with everything except the control panel? If the setup is configured as a multi-server this is a single point of failure. Because when this server is corrupted/broken I can't simply install a new multi-server, right? Than I need to reconfigure the second and third server to be part of the new multi-server. So this is exactly what I mean, it becomes more complicated. So what is the best approach to have redundancy/active-active with as less as possible complexity/independencies?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    I won't say it's a single point of failure as non of our production systems is affected when this node is offline, so even when it's off, your mail systems, web servers etc. are not affected at all. So the worst thing that could happen is that you can't add new things to your setup while it is down. As this management node does not contain a lot of data, it can be restored very fast in case of any kind of failure. I run such a setup for more than 10 years, the management node did not fail in that time and even if it would have failed, a restore of that complete node takes me between 2 - 5 minutes as I run all my systems fully virtualized. On the other hand, I know setups where users wanted to make everything very secure by using clustering and automatic IP failover and so on, their systems fail regularly due to the unnecessarily added layers of complexity that they added to their setups. If you want to have stable computer systems, keep things simple and reliable with a good backup strategy.

    If you want to have a fault-tolerant and stable setup, virtualize your systems so you have an easy snapshot/backup/restore infrastructure in place and just use a single management node.
     
    ahrasis likes this.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    And just to mention it, you can cluster the management node of course if you want, no problem to have a few or even dozens of nodes as master node, but I don't think it's worth it and I've even seen enough systems where it caused downtime instead of increasing reliability. I would start to cluster the management node when you have so many simultaneous users adding things in ISPconfig that a single server can't handle it. But not sure if your company has thousands of active customers already, in such a case the management node should be clustered of course to spread the load.
     
    ahrasis likes this.
  11. Canefield

    Canefield New Member

    @till; thanks for your reply. If I understand you correctly, your strategy/advise would be to use a single standalone instance of ISPconfig -or add another standalone instance when I’m out of resources- and simply have a reliable backup for quick recovery over the more complex multi-server implementation?

    Out of curiosity:
    1. Does the mirror function synchronise all data? Even DNS Sec?
    2. What is your adviser to use/not to use the standalone approach?
    3. What is your adviser to use/not to use the multi-server approach?
    4. Why can’t I have two control panels in the multi-server setup?

    Many thanks.
     
  12. ahrasis

    ahrasis Well-Known Member

    1. I think so for its database, but not mail or web files; and about secondary dns server, there were key's issues as I mentioned earlier, so you have to study its implementation whether to use mirror or not dor dns server.

    2 & 3. ISPConfig server is multiserver whether you start it as standalone and later extend it when needed or start it as multiserver straightaway. What you need to do at the start up must be clear though. Do you need to start big?

    4. As mentioned by @till above, it is possible but in most cases it is not worth it or is very hard especially for beginners. Try virtualization that can easily creates backup images as @till suggested as that is very useful.
     
  13. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You cannot use dnssec with mirrored DNS servers currently; you can use a DNS master/slave setup, and you can automate adding zones to the slave when they are created in the master.
     
    ahrasis likes this.

Share This Page