Heartbeat failure recovery system

anarchist18 · 10-29-2011, 02:53 PM

I`m trying to implement a failure recovery system for our network firewalls. In theory the idea is if one fails the other one should be able of taking over and when the master firewall comes back up online, the slave should yield its place.

I`m hoping heartbeat is the answer.

Now in practice I`m experimenting with two test systems each running FC 14 minimal install with 2 NIC`s before implementing this on the production network.

I`m trying to setup heartbeat on 2 test machines running FC 14 minimal install with 2 NIC`s

The second host should be ready to take over if host 1 is down and take it`s ip address

My test machines have the following network config

eth0 - eth0 cross cable between them with internal ip`s 10.10.0.1/24 and 10.10.0.2/24

eth2 is connected to the router 192.168.200.x

I`ve been reading http://www.fwbuilder.org/4.0/docs/us...t_cluster.html however it`s not exacly what i want.

My config files:

/etc/ha.d/authkeys
auth 2
2 sha1 test

/etc/ha.d/ha.cf
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
udpport 694
bcast eth0
auto_failback on
node TEST1
node TEST2

haresources
TEST1 IPaddr::10.10.0.3

So this creates a virtual NIC with the address of 10.10.0.3, but i want TEST2 to take over TEST1`s ip.

How can i acheive that? Or can anyone suggest a better option than heartbeat for what i`m trying to do?

rodrifra · 10-30-2011, 10:25 AM

Heartbeat/pacemaker will do the job, but configuration is not as simple as modifying ha.cf and authkeys, you will also have to setup your nodes and their resources using cibadmin for instance.

Check this thread and pacemaker documentation here.

anarchist18 · 11-01-2011, 05:47 AM

Here is what I did so far

cat /etc/ha.d/haresources
TEST1 IPaddr2::192.168.231.130/24 - this is TEST1`s ip that i want TEST2 to replace, must be the same on all machines.

cat /etc/ha.d/ha.cf
logfacility local0
keepalive 2
deadtime 30
initdead 120
udpport 694
bcast eth2 - interface used for heartbeats from the current host
auto_failback on
node TEST1
node TEST2

cat /etc/ha.d/authkeys
auth 2
2 sha1 test

chmod 600 /etc/ha.d/authkeys

All network interfaces start on boot and get their ip via dhcp except for TEST1 that I manually configured as 192.168.231.130.

Each host has 2 NIC`s: 1 connected to the router and the other crossed between them.

Now the ip switch works however there is no real indication just the hostname, you can see you`re on host2 but ifconfig shows the same things.

Now I want to take this a step further and try to execute a script that will copy TEST1`s settings over to TEST2 (routes, iptables). Any ideas?

rodrifra · 11-02-2011, 02:50 AM

As I can see you have NOT read any of the two liks I have posted.

I think it's been a long time now since heartbeat worked alone (I don't even have the /etc/ha.cf/haresources file), it is now a lower layer for pacemaker. You can see here what is needed for it to run. Read the links I previously posted, get to know pacemaker (the CRM) and if you have any specific question I'll be glad to answer it. But for now, you have to learn how the CRM works and how to set it up (on the first link I posted there is a quick explanation on how to set up a simple two node cluster exchanging IPs when needed).