Axigen

Highly Available, Scalable, Multi-tier Solution Architecture

Package installation

Axigen must be installed on all nodes, just the package, without being started or configured.

After the package installation process finishes successfully, the axigen and axigenfilters init scripts must be disabled to start at system boot in all runlevels:

Storage preparation

Before proceeding with this step, please make sure you have properly formatted the partitions and created their corresponding mount point directories on all nodes.

This preparation should be performed only on one of the two nodes in each failover domain pair.

Mount all the cluster shared partitions in their destination mount points, according to /etc/fstab:

Copy the Axigen data directory form the default /var/opt/axigen on the corresponding partition:

If multiple partitions are being used, create their folders and corresponding symbolic links on the main Axigen Data directory:

Init script

First, you need to disable the regular axigen init script to accidentally start, by editing its corresponding configuration file /etc/sysconfig/axigen and literally setting:

A hard link must be created, which will point to the original package init script:

Do not attempt to set the cluster init scripts (like the axigen-axib1 defined above) to start at system boot. They will be started, stopped and generally managed by the clustering management software.

Then, the corresponding configuration file must be created as /etc/sysconfig/axigen-axib1, with the following configuration:

Make sure that you define the shell environment variables in the exact order described above, otherwise you will encounter undesired behavior

Admin password

To be able to login in the Axigen administrative interfaces, you need to set the password for the top level administrative user, called admin. The following command helps you with this step:

Service start

By default, all enabled Axigen services will listen to the local loopback interface, 127.0.0.1. In order to be able to use the WebAdmin interface via the cluster floating IP address, you must set it on the corresponding network interface:

You can see it set if it appears in the output of the following command:

The output should be similar with the following one:

Start the Axigen service with the following command:

WebAdmin setup

Then, enable the WebAdmin listener on the cluster service floating IP address, using the CLI service:

Point your browser at the failover domain corresponding floating IP address or its corresponding DNS name, for example http://10.9.9.96:9000 (http://axib1.cl.axilab.local:9000), and try to login using the admin username and the password you have set earlier.

If the login has been successful, you can login and set the listeners for the Axigen services you want to use, including but not limited to: SMTP, IMAP, POP3, WebMail. Please use the floating cluster IP address for these services listener addresses, like for the WebAdmin service you have set above, for example 10.9.9.96.

LDAP connector setup

Each Axigen back-end node must be set to authenticate its user base against the OpenLDAP service. To do this, from the WebAdmin interface, add an LDAP connector by expanding the Clustering left menu and clicking on the Clustering setup option. In the LDAP Connectors tab, press on the + Add connector button and fill in the fields, as follows.

The LDAP Connector name field must contain the name of the clustered LDAP failover domain tag, for example ldap or ldap1 if you are using multiple OpenLDAP instances.

The LDAP Server Parameters panel must also be configured with the hostname of the OpenLDAP failover floating IP address or its corresponding DNS host name. The standard for plain connections to the OpenLDAP server is 389 and the standard LDAP over SSL port is 636.

Select the Server type as OpenLDAP and check the Enable Clustered Operations option. The rest of the connectivity and synchronization parameters depend on your setup.

In the LDAP Search Parameters panel, select the Use Administrative DN option, and fill in the OpenLDAP server administrator, which will also be used for provisioning write operations. The Account Base DN parameter specifies the scope where the searches are being performed in. Finally, the Hostname attribute must be set to axiHost, defined in the axigen custom schema file you have installed in OpenLDAP.

Depending on your setup, other parameters from the LDAP connector configuration may be set. Please tune this configuration according to your needs.

Press the Quick Add button to complete adding the LDAP connector and then define a user map which will point to this connector. Switch to the User Maps tab and press the + Add User Map button. Name it accordingly and then select the LDAP Bind option from the User Map type drop-down list and then select the LDAP connector you have defined earlier from the next drop-down list.

Having a LDAP connector and an user map, you can now configure the user authentication from the Routing and Authentication tab, by selecting LDAP Bind and the corresponding user map from the Authentication Type (applies to all services) panel, and save the configuration to finish the setup.

Here is an example of LDAP connector and its corresponding user map, according to specific data from this document:

 

  • LDAP Connector
    • LDAP Connector name: ldap
    • LDAP Server Parameters
      • IP / Hostname: ldap.cl.axilab.local
      • Port: 389
    • Server type: OpenLDAP
    • Enable Clustered Operations: [x]
    • Synchronization direction: Axigen to LDAP
    • LDAP Search Parameters
      • Use Administrative DN: (*)
        • Admin DN: cn=admin,dc=domains
        • Admin DN Password: secret
      • Account base DN: ou=Users,o=%d,dc=domains
      • Enable Group Synchronization: [x]
      • Group base DN: ou=Groups,o=%d,dc=domains
    • LDAP Routing Configuration
      • Hostname attribute: axiHost
  • User Map
    • User Map name: usermap-ldap
    • User Map type:
      • LDAP Bind
      • ldap
  • Routing and Authentication -> Authentication Type (applies to all services)
    • Perform LDAP Bind authentication using: usermap-ldap.

LDAP synchronization

In order to synchronize the accounts base, groups and various settings, you have to enable LDAP synchronization for each domain you define in Axigen. It is also necessary to create the domain in OpenLDAP prior to enabling the synchronization process.

SMTP routing

The SMTP service must have a special rule specifying that all the outgoing traffic directed for both local and remote domains, to be routed through the corresponding load balancer service, which in turn will route the connections to the proxy nodes in the front-end tier. In short, all the outgoing SMTP traffic must directed through the front-end nodes, not delivered directly to their destination mailboxes, even if they are located on the same back-end node.

Cleanup

you can safely stop the Axigen service and its related resources and continue with the cluster setup: