Shulou(Shulou.com)06/01 Report--

1. Deployment of Heartbeat High availability requirements 1.1 operating system [root@heartbeat-1-114C] # cat / etc/redhat-release CentOS release 6.9 (Final) 1.2 Heartbeat Service Host Resource preparation

Primary server A:

Hostname: heartbeat-1-114

Eth0 Network Card address: 192.168.136.114 (Management IP)

Eth2 Network Card address: 10.0.10.4Universe 255.255.255.0 (heartbeat IP)

From server B:

Hostname: heartbeat-1-115

Eth0 Network Card address: 192.168.136.115 (Management IP)

Eth2 Network Card address: 10.0.10.5Universe 255.255.255.0 (heartbeat IP)

Virtual VIP:

Virtual VIP on the primary server heartbeat-1-114, VIP:192.168.136.116

Arbitration host: 10.0.10.6

2.Heartbeat High availability implementation prepares 2.1 to build a virtual real environment

2.2 configure the virtual machine with IP and hostname

The configuration of IP is omitted, and the hostnames of the two hosts are set to heartbeat-1-114and heartbeat-1-115respectively. Compile the / etc/sysconfig/network configuration files for both machines and set HOSTNAME=heartbeat-1-114and HOSTNAME=heartbeat-1-115respectively. Then execute hostname heartbeat-1-114and hostname heartbeat-1-115from the command line to make the settings take effect immediately, and note that the hostname corresponding to 127.0.0.1 in the / etc/hosts file is not configured.

Tip: you can execute the setup command and select network configuration-- > Edit configuration to configure the machine name, and then logout logs out and takes effect after re-login.

2.3 configure the hosts file (both nodes)

Tip: two machines must be able to ping each other

Configure the hosts file on the heartbeat-1-114host

[root@heartbeat-1-114C] # cat > > / etc/hosts 192.168.136.115 heartbeat-1-115 > EOF

Configure the hosts file on the heartbeat-1-115host

[root@heartbeat-1-11515] # cat > > / etc/hosts 192.168.136.115 heartbeat-1-115 > EOF

Check the test with the method of ping ip address to see if the returned IP is consistent with what is configured in / etc/hosts.

Special emphasis: the machine name must be the result returned by uname-n

[root@heartbeat-1-114,115] # uname-nheartbeat-1-114[ root@heartbeat-1-115,115] # uname-nheartbeat-1-115,

Tip: the configuration of the hosts file will be used in the heartbeat service, and the high availability of drbd and storage will also be used later. In the production environment, all machine names will be corresponding to all machine IP addresses, which can be distributed to the / etc/hosts of all machines through the distribution tool.

2.4 configure heartbeat connections between services

The two network cards eth2 10.0.10.5 and eth2 10.0.10.4 are connected by a common network cable, that is, the two network cards are directly connected by a network cable without going through the switch, which is used for heartbeat detection or data transmission.

Tip: the heartbeat software on the highly available server pair will use this heartbeat line to check whether the opposite machine is alive, and then decide whether to do failover and resource switching to ensure business continuity.

If conditions permit, the above connections can be used at the same time to increase the insurance coefficient to prevent brain cracking problems.

This case: choose Ethernet cable to connect two network cards directly.

Reason for selection: simple, easy to deploy, and good results.

Add a host route to each of the two machines to check the heartbeat line when the two machines check the opposite end.

(1) add a host host route on heartbeat-1-114:

[root@heartbeat-1-114C] # / sbin/route add-host 10.0.10.4 dev eth2

Add to the boot configuration file

[root@heartbeat-1-114C] # echo "/ sbin/route add-host 10.0.10.4 dev eth2" > > / etc/rc.local

(2) add the following host routes to heartbeat-1-115:

[root@heartbeat-1-11515] # / sbin/route add-host 10.0.10.5 dev eth2

Add to the boot configuration file

# echo "/ sbin/route add-host 10.0.10.5 dev eth2" > > / etc/rc.local

Tip: make sure the heartbeat line is open

2.5 configure virtual VIP

Configure the secondary VIP on heartbeat-1-114on the primary server, and view the secondary ip with the ip addr command

[root@heartbeat-1-114ha.d] # ip addr add 192.168.136.116px24 dev eth0: 1 [root @ heartbeat-1-1142ha.d] # ip addr | grep "1168.136.116x24 brd 192.168.136.116xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Heartbeat-1-11414] # getenforceDisabled [root @ heartbeat-1-115,115] # / etc/init.d/iptables statusiptables: Firewall is not running.root @ heartbeat-1-115,# getenforceDisabled3. Set up heartbeat high availability 3.1 install heartbeat3.0 software

CentOS-6.8-x86_64 's rpm package does not have heartbeat software, so download the epel package

[root@heartbeat-1-114C] # yum search heartbeat has loaded plug-ins: product-id, subscription-managerThis system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.rhel-local | 4.1 kB 00:00. Warning: no package matching heartbeat found no matching package 3.2 download and install the epel extension source (both need to operate) [root@heartbeat-1-11414] # mkdir-p / home/linzhongniao/tools [root@heartbeat-1-114114] # cd / home/linzhongniao/tools [root@heartbeat-1-114tools] # wget http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6 -8.noarch.rpm-- 2018-11-02 23 purl 04Rose 38-http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpmResolving mirrors.ustc.edu.cn... 218.104.71.170, 2001:da8:d800:95::110Connecting to mirrors.ustc.edu.cn | 218.104.71.170 |: 80. Connected.HTTP request sent, awaiting response... 301 Moved PermanentlyLocation: http://mirrors.ustc.edu.cn/epel/6/x86_64/epel-release-6-8.noarch.rpm [following]-- 2018-11-02 23 purl 04purl 38-http://mirrors.ustc.edu.cn/epel/6/x86_64/epel-release-6-8.noarch.rpmReusing existing connection to mirrors.ustc.edu.cn:80.HTTP request sent, awaiting response... 200 OKLength: 14540 (14K) [application/x-redhat-package-manager] Saving to: "epel-release-6-8.noarch.rpm.1" 100% [= >] 14540 -.-K in 0.04s 2018-11-02 23:04:38 (371KB/s)-"epel-release-6-8.noarch.rpm.1" saved [14540 tools] [root@heartbeat-1-114tools] # rpm-ivh epel-release-6-8. Noarch.rpmwarning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature Key ID 0608b895: NOKEYPreparing...### [root@heartbeat-1-114tools] ] # rpm-qa | grep epelepel-release-6-8.noarch3.3 installs heartbeat (both are required) yum install heartbeat*-y

Tip: if you want to keep the rpm package after yum installation, use the following method.

[root@heartbeat-1-114C] # sed-I's keepcache0 keepcacheFirst / etc/yum.conf [root@heartbeat-1-114C] # grep keepcache / etc/yum.conf keepcache=13.4 master node configures heartbeat service

After the two machines install the heartbeat software separately, they can install the heartbeat software without accident. As mentioned earlier, the default configuration file directory for heartbeat is / etc/ha.d. There are three commonly used configuration files for heartbeat, ha.cf, authkey, and haresource, each of which is shown in the table below.

3.4.1 configuration ha.cf file and file description

(1) copy the three files ha.cf, haresources and authkeys to the / etc/ha.d/ directory first

[root@heartbeat-1-11414] # ll / usr/share/doc/heartbeat-3.0.4/total 14414-rw-r--r-- 1 root root 1873 Dec 3 2013 apphbd.cf-rw-r--r-- 1 root root 645 Dec 3 2013 authkeys-rw-r--r-- 1 root root 3701 Dec 3 2013 AUTHORS-rw-r--r-- 1 root root 58752 Dec 3 2013 ChangeLog-rw-r--r-- 1 root root 17989 Dec 3 2013 COPYING-rw- RMurray Rafael-1 root root 26532 Dec 3 2013 COPYING.LGPL-rw-r--r-- 1 root root 10502 Dec 3 2013 ha.cf-rw-r--r-- 1 root root 5905 Dec 3 2013 haresources-rw-r--r-- 1 root root 2935 Dec 3 2013 READM E # cd / usr/share/doc/heartbeat-3.0.4/ [root@heartbeat-1-114 heartbeat-3.0.4] # cp ha.cf authkeys haresources / etc/ha.d/

(2) configure ha.cf configuration file

[root@heartbeat-1-114 ha.d] # cat ha.cfdebugfile / var/log/ha-debuglogfile/var/log/ha-loglogfacility local0keepalive 2deadtime 30warntime 10initdead 60udpport 694#bcast eth2#mcast eth2 225.0.0.114 694 1 0ucast eth2 10.0.10.5auto_failback onnode heartbeat-1-114node heartbeat-1-115ping 10.0.10.6respawn root / usr/lib64/heartbeat/ipfailapiauth ipfail gid=root uid=root#crm on

(3) detailed description of ha.cf file

Debugfile / var/log/ha-debug: a file that writes debug information.

Log file for logfile / var/log/ha-log:heartbeat.

Keepalive 2: the interval between heartbeats. The default time unit is seconds.

Deadtime 30: if the heartbeat of the other node is not received beyond this interval, the other person is considered dead.

Warntime 10: if the heartbeat of the other node is not received beyond this interval, a warning is issued and recorded in the log.

Initdead 60: on a system, it takes a period of time for the network to work properly after the system is started or rebooted. This option is used to solve the time interval caused by this situation, which is at least twice the value of deadtime.

Bcast eth2: indicates that the heartbeat is broadcast over the eth2 interface using Ethernet broadcasting. If two real networks are used to transmit the heartbeat, # bcast eth0 eth2. Broadcasting with udp is recommended for more than one secondary node.

Mcast eth2 225.0.0.13069410: set the port used for multicast communication. 225.0.0.130 is the multicast ip address. This ip address cannot be the same in a LAN. 694 is the default udp port number, which is recommended to be used in more than one secondary node.

Note: multiple groups of heartbeat services in a LAN can be used normally at the same time if the multicast address is different (optional multicast address range is 224.0.0.0-239.255.255.255.255). Routers, switches, etc., should all use multicast. It is recommended that the last eight bits of IP be the last eight bits of the multicast address. Of course, you can solve the heartbeat problem without multicast.

Udpport 694: sets the port used for broadcast communications, with 694 as the default port number.

Ucast eth2 10.0.10.5: set the network card for heartbeat detection of the broadcast communication party to be used with IP and udpport.

The two hosts of the auto_failback on:heartbeat are the master node and the slave node. Under normal circumstances, the master node occupies resources and runs all the services, and when there is a failure, the resources are handed over to the slave node to run the service. When this option is set to on, once the master node resumes operation, it automatically acquires the resource and replaces the slave node, otherwise it does not replace the slave node.

Respawn heartbeat/ usr/lib64/heartbeat/ipfail: specifies the process that starts and shuts down with heartbeat, which is automatically monitored and restarted if it fails. The most commonly used process is ipfail, which is used to detect and handle network failures and needs to cooperate with the ping node specified in the ping statement to detect network connections. If your system is 64bit, please pay attention to the path of the file.

Crm on: whether to enable the cluster resource management function (Cluster Resource Manager)

Tip: we can check the ha.cf under / usr/share/doc/heartbeat-3.0.4/ to learn more about the parameters.

3.4.2 configuration authkey file and file description

(1) configure authkey file

[root@heartbeat-1-114 ha.d] # sha1sum / etc/ha.d/authkeys da39a3ee5e6b4b0d3255bfef95601890afd80709 / etc/ha.d/ authkeys [root @ heartbeat-1-114 ha.d] # cat / etc/ha.d/authkeys auth 22 sha1 da39a3ee5e6b4b0d3255bfef95601890afd80709

Change the authkey permission to 600

[root@heartbeat-1-114ha.d] # chmod 600 / etc/ha.d/authkeys [root@heartbeat-1-114ha.d] # ll / etc/ha.d/authkeys-rw- 1 root root 20 Nov 3 20:31 / etc/ha.d/authkeys

(2) document description

It is mentioned here that the authkey permission must be 60 percent Authentication file. Must be mode 60 authentication Must have exactly one auth directive at the front.# authsend authentication using this method-id## Then, list the method and key that go with that method-id mentioned here that you can set the authentication method # Available methods: crc sha1, md5. Crc doesn't need/want a key.# You normally only have one authentication method-id listed in this file# Put more than one to make a smooth transition when changing auth# methods and/or keys. It is shown here that sha1 is the best authentication method, followed by md5 is the best # sha1 is believed to be the "best", md5 next best.# crc adds no security, except from packet corruption.# Use only on physically secure networks.#auth 1, crc#2 sha1 hijacked authentication 3 md5 Hello! #

Note: the permission required by authkeys is 600 by default, otherwise the heartbeat service will report an error and will not open it. Both machines need to be operated.

3.4.3 configure haresource file [root@heartbeat-1-114ha.d] # cat / etc/ha.d/haresources heartbeat-1-114IPaddr::192.168.136.116/24/eth0:1

Configuration parameters: the heartbeat-1-114master node hostname,192.168.136.116 is vip,24, the mask is 24-bit network segment, and eth0:1 is the device name of vip. IPaddr configures the default script for IP for heartbeat, followed by IP and so on, which are script parameters. The location of the script is as follows:

[root@heartbeat-1-114ha.d] # ll / etc/ha.d/resource.d/IPaddr-rwxr-xr-x 1 root root 2273 Dec 3 2013 / etc/ha.d/resource.d/IPaddr

In fact, the content in the haresources file above is equivalent to executing the following script on the machine with ip 192.168.136.116:

/ etc/ha.d/resource.d/IPaddr 192.168.136.116/24/eth0:1 start/stop

IPaddr::192.168.136.116/24/eth0:1: the structure of this statement is script:: (two colons) pass parameters, to be exact, it is not to pass parameters here, but to execute such a script on the machine whose ip is 192.168.136.116, so as long as you can start and stop with start/stop and meet the format of script:: pass parameters, you can put it in the haresources file, which is the full path of the script.

3.5 configure heartbeat service from node

To copy the three files on the host to the slave, just configure the ha.cf file

[root@heartbeat-1-114ha.d] # scp ha.cf authkeys haresources heartbeat-1-115:/etc/ha.d/The authenticity of host 'heartbeat-1-115 (192.168.136.115)' can't be established.RSA key fingerprint is 66:cc:1a:b8:c6:68:8e:8f:d1:2f:a3:a3:56:23:4a:48.Are you sure you want to continue connecting (yes/no)? YesWarning: Permanently added 'heartbeat-1-115192.168.136.115' (RSA) to the list of known hosts.root@heartbeat-1-115s password: ha.cf 100% 341 0.3KB/s 00:00

The slave node only needs to modify the ha.cf file, change 10.0.10.5 to 10.0.10.4, and set the network card and IP for the heartbeat detection of the other machine.

[root@heartbeat-1-115ha.d] # grep "ucast" ha.cfucast eth2 10.0.10.44. Start the heartbeat service

Start the master node first and then the slave node. Don't let heartbeat boot automatically.

[root@heartbeat-1-130th] # / etc/init.d/heartbeat startStarting High-Availability services: INFO: Resource is stoppedDone.[ root @ heartbeat-1-114114,# chkconfig-- list | grep heartbeatheartbeat 0:off 1:off 2:on3:on4:on5:on6: off [root @ heartbeat-1-114114] # chkconfig heartbeat off [root @ heartbeat-1-114114] # chkconfig-- list | grep heartbeatheartbeat 0:off 1:off 2:off 3:off 4:off 5:off 6:off5. Test heartbeat highly available services

There are two ways.

(1) the master node stops the heartbeat service

/ etc/init.d/heartbeat stop

(2) Primary node forbids ping

[root@heartbeat-1-114ha.d] # iptables-I INPUT-p icmp-j DROP

The primary node allows ping

[root@heartbeat-1-114ha.d] # iptables-I INPUT-p icmp-j ACCEPT

We will find that the virtual VIP has switched to the slave node to achieve the high availability of heartbeat and continue to provide services to users.

6. Test the brain

Both nodes down off the eth2 network card

Ifdown eth27. View the process of heartbeat starting and taking over resources

You can view the heartbeat log and Syslog to see how heartbeat starts and takes over resources.

Tail-f / var/log/ha-log

Tail-f / var/log/messages

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.