用Heartbeat构建Web Ha

今天，我拿Web HA一例来学习heartbeat。

WEB OS:Centos5.5

WEB Software:nginx

WEB Scripts Name:Start_Nginx

Start_Nginx
#!/usr/bin/env bash

case "$1" in

start)

/usr/local/nginx/sbin/nginx

;;

stop)

killall nginx

;;

status)

;;

esac.

(因此脚本不是这篇文章要讲述的重点，所以我们只是将其功能展示出来。不做深入的脚本探讨。记住，这个脚本很重要，因为它是heartbeat的资源噢)

大家如果能heartbet有兴趣的话，不妨看下<Linux企业集群>第6,7,8三章。

在这里，我简单的画下拓扑，

简单说明下，
在正常情况下用户的请求会全部到Web Master上，只有当WEB Backup在指定的时间内没有接收到Master的心跳时，Backup将会接管Master的工作，包括vip,资源(此处的资源就是指提供的网络服务)，当然，heartbeat在监听心跳方面，容易出现”脑裂”，为此，我们可以将监听心跳的手段多增加点，这里我增加了一条交叉线连接彼此。

 以下是我假定的IP信息：

角色	Ip信息
WEB Master	VIP:172.16.1.64,RIP:172.16.1.23,心跳IP： 10.168.1.23
WEB Master	RIP:172.16.1.24，心跳ip:10.168.1.24

注意：主/备的heartbeat配置文件一样。

Master端服务安装与配置
(1) HeartBeat安装

[root@ha ~]# yum -y install heartbeat
安装过程中会报错：

useradd: user hacluster exists

error: %pre(heartbeat-2.1.3-3.el5.centos.i386) scriptlet failed, exit status 9

error:   install: %pre scriptlet failed (2), skipping heartbeat-2.1.3-3.el5.centos

退出后，再次执行：
[root@ha ~]# yum -y install heartbeat
(2)配置

[root@ha ~]#cd /etc/ha.d/
[root@ha ha.d]# more README.config

You need three configuration files to make heartbeat happy,

and they all go in this directory.

 

They are:

        ha.cf           Main configuration file

        haresources     Resource configuration file

        authkeys        Authentication information

 

These first two may be readable by everyone, but the authkeys file

must not be.

 

The good news is that sample versions of these files may be found in

the documentation directory (providing you installed the documentation).

 

If you installed heartbeat using rpm packages then

this command will show you where they are on your system:

                rpm -q heartbeat -d

 

If you installed heartbeat using Debian packages then

the documentation should be located in /usr/share/doc/heartbeat
执行如下命令：
[root@ha ha.d]# cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/

[root@ha ha.d]# cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/

[root@ha ha.d]# cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/

[root@ha ~]# more /etc/ha.d/ha.cf

logfile /var/log/ha-log

keepalive 2

deadtime 20

warntime 10

initdead 60

 

udpport 694

bcast eth0 eth1 #eth0电信,eth1交叉网线链接

 

auto_failback on #当Master恢复后，能将Backup的工作自动接替过来

node ha.tiancity.com

node nagiosmm.tiancity.com.cn 

[root@ha ~]# more /etc/ha.d/authkeys

auth 1

1 crc

[root@ha ~]# more /etc/ha.d/haresources

ha.tiancity.com 172.16.1.64/255.255.255.0/172.16.1.255        Start_Nginx

#需要将其test脚本放到/etc/ha.d/resource.d/目录下。切记。。。

Backup端服务安装与配置
将其Master端服务端的配置文件(ha.cf,authkeys,haresources)放置到/etc/ha.d

 

启动

Master端观察：

[root@ha ha.d]# tail -f /var/log/ha-log

heartbeat[7295]: 2010/12/08_13:40:32 info: Version 2 support: false

heartbeat[7295]: 2010/12/08_13:40:32 WARN: Logging daemon is disabled --enabling logging daemon is recommended

heartbeat[7295]: 2010/12/08_13:40:32 info: **************************

heartbeat[7295]: 2010/12/08_13:40:32 info: Configuration validated. Starting heartbeat 2.1.3

heartbeat[7296]: 2010/12/08_13:40:32 info: heartbeat: version 2.1.3

heartbeat[7296]: 2010/12/08_13:40:32 info: Heartbeat generation: 1291211142

heartbeat[7296]: 2010/12/08_13:40:32 info: glib: UDP Broadcast heartbeat started on port 694 (694) interface eth0

heartbeat[7296]: 2010/12/08_13:40:32 info: glib: UDP Broadcast heartbeat closed on port 694 interface eth0 - Status: 1

heartbeat[7296]: 2010/12/08_13:40:32 info: glib: UDP Broadcast heartbeat started on port 694 (694) interface eth1

heartbeat[7296]: 2010/12/08_13:40:32 info: glib: UDP Broadcast heartbeat closed on port 694 interface eth1 - Status: 1

heartbeat[7296]: 2010/12/08_13:40:32 info: G_main_add_TriggerHandler: Added signal manual handler

heartbeat[7296]: 2010/12/08_13:40:32 info: G_main_add_TriggerHandler: Added signal manual handler

heartbeat[7296]: 2010/12/08_13:40:32 info: G_main_add_SignalHandler: Added signal handler for signal 17

heartbeat[7296]: 2010/12/08_13:40:32 info: Local status now set to: 'up'

heartbeat[7296]: 2010/12/08_13:40:34 info: Link ha.tiancity.com:eth0 up.

heartbeat[7296]: 2010/12/08_13:40:34 info: Link ha.tiancity.com:eth1 up.
以上是启动heartbeat基本信息

[root@ha resource.d]# ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

    link/ether 00:22:19:63:a2:d4 brd ff:ff:ff:ff:ff:ff

    inet 172.16.1.23/24 brd 172.16.1.255 scope global eth0

    inet6 fe80::222:19ff:fe63:a2d4/64 scope link

       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

    link/ether 00:22:19:63:a2:d6 brd ff:ff:ff:ff:ff:ff

    inet 10.168.1.23/24 brd 10.168.1.255 scope global eth1

    inet6 fe80::222:19ff:fe63:a2d6/64 scope link

       valid_lft forever preferred_lft forever

4: sit0: <NOARP> mtu 1480 qdisc noop

link/sit 0.0.0.0 brd 0.0.0.0

[root@ha resource.d]# netstat -an|egrep '80?>'

需要等initdead 60(1分钟,ha.cf中的配置)才能将服务开启与vip添加成功

………………

1分钟后，再观察

heartbeat[7296]: 2010/12/08_13:41:33 WARN: node nagiosmm.tiancity.com.cn: is dead

heartbeat[7296]: 2010/12/08_13:41:33 info: Comm_now_up(): updating status to active

heartbeat[7296]: 2010/12/08_13:41:33 info: Local status now set to: 'active'

heartbeat[7296]: 2010/12/08_13:41:33 WARN: No STONITH device configured.

heartbeat[7296]: 2010/12/08_13:41:33 WARN: Shared disks are not protected.

heartbeat[7296]: 2010/12/08_13:41:33 info: Resources being acquired from nagiosmm.tiancity.com.cn.

harc[7307]:     2010/12/08_13:41:33 info: Running /etc/ha.d/rc.d/status status

mach_down[7336]:        2010/12/08_13:41:33 info: /usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired

mach_down[7336]:        2010/12/08_13:41:33 info: mach_down takeover complete for node nagiosmm.tiancity.com.cn.

heartbeat[7296]: 2010/12/08_13:41:33 info: mach_down takeover complete.

heartbeat[7296]: 2010/12/08_13:41:33 info: Initial resource acquisition complete (mach_down)

IPaddr[7379]:   2010/12/08_13:41:33 INFO:  Resource is stopped

heartbeat[7308]: 2010/12/08_13:41:33 info: Local Resource acquisition completed.

harc[7437]:     2010/12/08_13:41:33 info: Running /etc/ha.d/rc.d/ip-request-resp ip-request-resp

ip-request-resp[7437]:  2010/12/08_13:41:33 received ip-request-resp 172.16.1.64/255.255.255.0/172.16.1.255 OK yes

ResourceManager[7456]:  2010/12/08_13:41:33 info: Acquiring resource group: ha.tiancity.com 172.16.1.64/255.255.255.0/172.16.1.255 Start_Nginx

IPaddr[7482]:   2010/12/08_13:41:33 INFO:  Resource is stopped

ResourceManager[7456]:  2010/12/08_13:41:33 info: Running /etc/ha.d/resource.d/IPaddr 172.16.1.64/255.255.255.0/172.16.1.255 start

IPaddr[7573]:   2010/12/08_13:41:33 INFO: Using calculated nic for 172.16.1.64: eth0

IPaddr[7573]:   2010/12/08_13:41:33 INFO: eval ifconfig eth0:0 172.16.1.64 netmask 255.255.255.0 broadcast 172.16.1.255

IPaddr[7547]:   2010/12/08_13:41:33 INFO:  Success

ResourceManager[7456]:  2010/12/08_13:41:33 info: Running /etc/ha.d/resource.d/Start_Nginx  start

heartbeat[7296]: 2010/12/08_13:41:43 info: Local Resource acquisition completed. (none)

heartbeat[7296]: 2010/12/08_13:41:43 info: local resource transition completed.

 

[root@ha resource.d]# ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

    link/ether 00:22:19:63:a2:d4 brd ff:ff:ff:ff:ff:ff

    inet 172.16.1.23/24 brd 172.16.1.255 scope global eth0

    inet 172.16.1.64/24 brd 172.16.1.255 scope global secondary eth0:0

    inet6 fe80::222:19ff:fe63:a2d4/64 scope link

       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

    link/ether 00:22:19:63:a2:d6 brd ff:ff:ff:ff:ff:ff

    inet 10.168.1.23/24 brd 10.168.1.255 scope global eth1

    inet6 fe80::222:19ff:fe63:a2d6/64 scope link

       valid_lft forever preferred_lft forever

4: sit0: <NOARP> mtu 1480 qdisc noop

    link/sit 0.0.0.0 brd 0.0.0.0
[root@ha resource.d]# netstat -an|egrep '80\>'

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN   

 

Backup启动，

观察，结果是它既不启动服务，也不添加vip，只是开启了一个udp 694

 

接管测试,

关闭WEB Master端的heartbeat，你会发现WEB Backup很快接管了主的VIP，以及资源。

在这里，不贴log了….
如果大家在用heartbeat有什么疑问，可以一起讨论.

 

 

 

以下是我构想的防火墙HA，不过还没机会试验，请大家看看思路是否有问题。

防火墙的拓扑图如下：

Firewall OS:Centos5.5

Firewall Software:iptables

Firewall Function:snat,dnat

Firewall Scripts Name:Start_firewall.sh,Add_route.sh

Start_firewall.sh|Add_route.sh

略(因防火墙和添加路由脚本不是这篇文章要讲述的重点，所以防火墙脚本暂且搁置!不过，这两个脚本很重要，因为它是heartbeat的资源噢)

 

我们要做的事，就是当主防火墙挂了，备份的防火墙能将其主防火墙的工作完全接替过来。所以我们还需要以下资源:

IP角色	IP信息
VIP	202.1.1.23(TEL),101.1.1.23(CNC),1.1.1.1(Lan)
RIP	202.1.1.22(TEL_M),101.1.1.22(CNC_M),1.1.1.2(Lan_M) 202.1.1.21(TEL_S),101.1.1.21(CNC_S),1.1.1.3(Lan_S)
HeatIP	10.1.1.1(Heartbeat) ,10.1.1.2(Heartbeat)

现在的拓扑，如下:

注意：主/备的heartbeat配置文件一样。

 

Master端服务安装与配置
(1) HeartBeat安装

[root@ha ~]# yum -y install heartbeat
安装过程中会报错：

useradd: user hacluster exists

error: %pre(heartbeat-2.1.3-3.el5.centos.i386) scriptlet failed, exit status 9

error:   install: %pre scriptlet failed (2), skipping heartbeat-2.1.3-3.el5.centos

退出后，再次执行：
[root@ha ~]# yum -y install heartbeat
(2)配置

[root@ha ~]#cd /etc/ha.d/
[root@ha ha.d]# more README.config

You need three configuration files to make heartbeat happy,

and they all go in this directory.

 

They are:

        ha.cf           Main configuration file

        haresources     Resource configuration file

        authkeys        Authentication information

 

These first two may be readable by everyone, but the authkeys file

must not be.

 

The good news is that sample versions of these files may be found in

the documentation directory (providing you installed the documentation).

 

If you installed heartbeat using rpm packages then

this command will show you where they are on your system:

                rpm -q heartbeat -d

 

If you installed heartbeat using Debian packages then

the documentation should be located in /usr/share/doc/heartbeat
执行如下命令：
[root@ha ha.d]# cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/

[root@ha ha.d]# cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/

[root@ha ha.d]# cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/

[root@ha ~]# more /etc/ha.d/ha.cf

logfile /var/log/ha-log

keepalive 2

deadtime 20

warntime 10

initdead 60

 

udpport 694

bcast eth0 eth1 eth2 #eth0电信，eth1网通,eth2交叉网线链接

 

auto_failback on

node ha.firewall.com.cn

node backup.firewall.com.cn

[root@ha ~]# more /etc/ha.d/authkeys

auth 1

1 crc

[root@ha ~]# more /etc/ha.d/haresources

ha.tiancity.com vip(tel)        Start_Firewall.sh Add_route.sh  #将其脚本资源放置到
ha.tiancity.com vip(cnc)                                  #/etc/ha.d/resource.d/
ha.tiancity.com vip(lan)

Backup端服务安装与配置
将其Master端服务端的配置文件()放置到/etc/ha.d

本文转自hahazhu0634 51CTO博客，原文链接：http://blog.51cto.com/5ydycm/448827，如需转载请自行联系原作者