On Thu, 22 Oct 2009, David Touzeau wrote: > On Thu, Oct 22, 2009 at 12:56:03AM -0700, Jon . wrote: >> On Wed, Oct 21, 2009 at 9:20 PM, Rob Mueller <robm@xxxxxxxxxxx> wrote: >> ... >> >>> The difference between "in theory this would work" and the practice > of >>> actually doing it are huge. Basically it works only if you are 100% > sure >>> that only one side is ever being accessed at a time. eg. > IMAP/POP/LMTP/etc. > > Pretty much. With appropriate fencing, non-local bind and a service IP > address that's feasible. But Rob won't let me do it. Fair enough too, > it's pretty messy. implementing this should not be that hard allow non-local bind in /etc/sysctl heartbeat (linux-ha.org) can handle moving the service IP and fencing (up to and including turning a box off if the cluster decides that it has failed) I've been doing this (without going to the extent of turning the failed box off) on my firewalls for years. it sounds more complicated than it is. David Lang ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html