一、Heartbeat原理介绍
请点击此处
二、环境准备
1、拓扑结构图
2、服务器准备
服务器名称IP服务系统node1.wzlinux.com
VIP:192.168.0.18
eht0:192.168.0.10
HTTP、HeartbeatCentOS 6.4 32位node2.wzlinux.com
VIP:192.168.0.18
eht0:192.168.0.11
HTTP、HeartbeatCentOS 6.4 32位nfs.wzlinux.cometh0:192.168.0.12NFSCentOS 6.4 32位
注:请提前关闭防火墙和SELinux,设定好时间同步,因为SELinux会影响web的启动。
3、设定hosts文件
请在两台高可用设备hosts文件添加如下内容
192.168.0.10node1.wzlinux.comnode1192.168.0.11node2.wzlinux.comnode2
4、设定双机SSH互信
node1
ssh-keygen-trsa-P''ssh-copy-id-i.ssh/id_rsa.pubroot@node2.wzlinux.com
node2
ssh-keygen-trsa-P''ssh-copy-id-i.ssh/id_rsa.pubroot@node1.wzlinux.com
5、准备好服务
提前准备好两台高可用服务的WEB服务,准备好NFS服务,并且挂载配置好,这里不再进行演示,如有需求请点击查看文章 NFS配置,我简单演示一下nfs的创建。
在nfs服务器上面操作
mkdir/webecho"TheWebintheNFS" /web/index.html#cat/etc/exports/web192.168.0.0/24(rw,no_root_squash)servicenfsstart
分别在node1和node2上面进行挂载
mount-tnfs192.168.0.12:/web/vaw/www/html
然后分别启动web服务,请一定要关闭SELinux。
分别访问192.168.0.10和192.168.0.11查看,如果都出现The Web in the NFS,证明我们的WEB服务已经搭建好了,下面就是配置Heartbeat的时候了。
三、Heartbeat的安装
1、软件安装
请大家提前安装好epel,然后通过yum进行安装
yuminstallheartbeat-y
2、查看生产的文件
rpm-qlheartbeat
/etc/ha.d/etc/ha.d/README.config…………/usr/share/doc/heartbeat-3.0.4/README/usr/share/doc/heartbeat-3.0.4/apphbd.cf/usr/share/doc/heartbeat-3.0.4/authkeys#认证文件/usr/share/doc/heartbeat-3.0.4/ha.cf#主配置文件,心跳/usr/share/doc/heartbeat-3.0.4/haresources#资源配置文件,CRM/usr/share/heartbeat/usr/share/heartbeat/BasicSanityCheck…………
四、Heartbeat的配置
我们选用的是heartbeat v1,主要有三个配置文件ha.cf、haresources、authkeys。
这三个文件默认没有在其配置目录,我们需要手动把它们复制进/etc/ha.d目录下面,authkeys需要权限设定为600,这三个配置文件在node1和node2上面一样,配置好一端传输到另一端即可。
cp-p/usr/share/doc/heartbeat-3.0.4/{authkeys,ha.cf,haresources}/etc/ha.d/
1、ha.cf主配置文件
##Therearelotsofoptionsinthisfile.Allyouhavetohaveisaset#ofnodeslisted{"node...}oneof{serial,bcast,mcast,orucast},#andavaluefor"auto_failback".#ATTENTION:Astheconfigurationfileisreadlinebyline,#THEORDEROFDIRECTIVEMATTERS!#Inparticular,makesurethattheudpport,serialbaudrate#etc.aresetbeforetheheartbeatmediaaredefined!#debugandlogfiledirectivesgointoeffectwhenthey#areencountered.#Allwillbefineifyoukeepthemorderedasinthisexample.#Noteonlogging:#Ifallofdebugfile,logfileandlogfacilityarenotdefined,#loggingisthesameasuse_logdyes.Inothercase,theyare#respectivelyeffective.ifdeteringtheloggingtosyslog,#logfacilitymustbe"none".#Filetowritedebugmessagesto#debugfile/var/log/ha-debug#调试日志文件#Filetowriteothermessagestologfile/var/log/ha-log#系统运行日志文件#Facilitytouseforsyslog()/logger#logfacilitylocal0#Anoteonspecifying"howlong"timesbelow...#Thedefaulttimeunitisseconds#10meanstenseconds#Youcanalsospecifytheminmilliseconds#1500msmeans1.5seconds#keepalive:howlongbetweenheartbeats?keepalive2#心跳频率,2表示2秒;200ms则表示200毫秒,表示多久发生一次心跳#deadtime:howlong-to-declare-host-dead?#Ifyousetthistoolowyouwillgettheproblematic#split-brain(orclusterpartition)problem.#SeetheFAQforhowtousewarntimetotunedeadtime.deadtime30#节点死亡时间,就是过了30秒后还没有收到心跳就认为主节点死亡#warntime:howlongbeforeissuing"lateheartbeat"warning?#SeetheFAQforhowtousewarntimetotunedeadtime.warntime10#告警时间,10秒钟没有收到心跳则写一条警告到日志#Veryfirstdeadtime(initdead)#Onsomemachines/OSes,etc.thenetworktakesawhiletocomeup#andstartworkingrightafteryou'vebeenrebooted.Asaresult#wehaveaseparatedeadtimeforwhenthingsfirstcomeup.#Itshouldbeatleasttwicethenormaldeadtime.initdead120#初始化时间#WhatUDPporttouseforbcast/ucastcommunication?udpport694#心跳信息传递的udp端口#Baudrateforserialports...#baud19200#串行端口传输速率#serialserialportname...#serial/dev/ttyS0#Linux#serial/dev/cuaa0#FreeBSD#serial/dev/cuad0#FreeBSD6.x#serial/dev/cua/a#Solaris#Whatinterfacestobroadcastheartbeatsover?#bcasteth0#Linux#bcasteth1eth2#Linux#bcastle0#Solaris#bcastle1le2#Solaris#Setupamulticastheartbeatmedium#mcast[dev][mcastgroup][port][ttl][loop]#[dev]devicetosend/rcvheartbeatson#[mcastgroup]multicastgrouptojoin(classDmulticastaddress#224.0.0.0-239.255.255.255)#[port]udpporttosendto/rcvfrom(setthisvaluetothe#samevalueas"udpport"above)#[ttl]thettlvalueforoutboundheartbeats.thiseffects#howfarthemulticastpacketwillpropagate.(0-255)#Mustbegreaterthanzero.#[loop]togglesloopbackforoutboundmulticastheartbeats.#ifenabled,anoutboundpacketwillbeloopedbackand#receivedbytheinterfaceitwassenton.(0or1)#Setthisvaluetozero.mcasteth0225.0.18.169410#通过eth0多播传输心跳#Setupaunicast/udpheartbeatmedium#ucast[dev][peer-ip-addr]#[dev]devicetosend/rcvheartbeatson#[peer-ip-addr]IPaddressofpeertosendpacketsto#ucasteth0192.168.1.2#Aboutbooleanvalues...#Anyofthefollowingcase-insensitivevalueswillworkfortrue:#true,on,yes,y,1#Anyofthefollowingcase-insensitivevalueswillworkforfalse:#false,off,no,n,0#auto_failback:determineswhetheraresourcewill#automaticallyfailbacktoits"primary"node,orremain#onwhatevernodeisservingituntilthatnodefails,or#anadministratorintervenes.#Thepossiblevaluesforauto_failbackare:#on-enableautomaticfailbacks#off-disableautomaticfailbacks#legacy-enableautomaticfailbacksinsystems#whereallnodesdonotyetsupport#theauto_failbackoption.#auto_failback"on"and"off"arebackwardscompatiblewiththeold#"nice_failbackon"setting.#SeetheFAQforinformationonhowtoconvert#from"legacy"to"on"withoutaflashcut.#(i.e.,usinga"rollingupgrade"process)#Thedefaultvalueforauto_failbackis"legacy",which#willissueawarningatstartup.So,makesureyouput#anauto_failbackdirectiveinyourha.cffile.#(note:auto_failbackcanbeanybooleanor"legacy")auto_failbackon#当主节点恢复时,资源重新回到主节点#BasicSTONITHsupport#Usingthisdirectiveassumesthatthereisonestonith#deviceinthecluster.Parameterstothisdeviceare#readfromaconfigurationfile.Theformatofthislineis:#stonith stonith_type configfile #NOTE:itisuptoyoutomaintainthisfileoneachnodeinthe#cluster!#stonithbaytech/etc/ha.d/conf/stonith.baytech#STONITHsupport#Youcanconfiguremultiplestonithdevicesusingthisdirective.#Theformatofthelineis:#stonith_host hostfrom stonith_type params... # hostfrom isthemachinethestonithdeviceisattached#toor*tomeanitisaccessiblefromanyhost.# stonith_type isthetypeofstonithdevice(alistof#supporteddrivesisin/usr/lib/stonith.)# params... aredriverspecificparameters.Toseethe#formatforaparticulardevice,run:#stonith-l-t stonith_type #Notethatifyouputyourstonithdeviceaccessinformationin#here,andyoumakethisfilepublicallyreadable,you'reasking#foradenialofserviceattack;-)#Togetalistofsupportedstonithdevices,run#stonith-L#Fordetailedinformationonwhichstonithdevicesaresupported#andtheirdetailedconfigurationoptions,runthiscommand:#stonith-h#stonith_host*baytech10.0.0.3myloginmysecretpassword#stonith_hostken3rps10/dev/ttyS1kathy0#stonith_hostkathyrps10/dev/ttyS1ken30#Watchdogisthewatchdogtimer.Ifourownheartdoesn'tbeatfor#aminute,thenourmachinewillreboot.#NOTE:Ifyouareusingthesoftwarewatchdog,youverylikely#wishtoloadthemodulewiththeparameter"nowayout=0"or#compileitwithoutCONFIG_WATCHDOG_NOWAYOUTset.Otherwiseeven#anorderlyshutdownofheartbeatwilltriggerareboot,whichis#verylikelyNOTwhatyouwant.#watchdog/dev/watchdog##Tellwhatmachinesareinthecluster#nodenodename...--mustmatchuname-n#nodeken3#nodekathynodenode1.wzlinux.com#主节点名称,与uname-n显示必须一致nodenode2.wzlinux.com#备节点名称,与uname-n显示必须一致#Lesscommonoptions...#Treats10.10.10.254asapsuedo-cluster-member#Usedtogetherwithipfailbelow...#note:don'tuseaclusternodeaspingnodeping192.168.0.1#通过ping网关来监测心跳是否正常#Treats10.10.10.254and10.10.10.253asapsuedo-cluster-member#calledgroup1.Ifeither10.10.10.254or10.10.10.253areup#thengroup1isup#Usedtogetherwithipfailbelow...…………
2、authkeys认证文件
为了安全起见,并不是所有加入集群,加入多播的设备就可以传递心跳,还需要对彼此对方进行身份验证,这个验证文件的权限必须是600,文件内容如下:
##Authenticationfile.Mustbemode600#Musthaveexactlyoneauthdirectiveatthefront.#authsendauthenticationusingthismethod-id#Then,listthemethodandkeythatgowiththatmethod-id#Availablemethods:crcsha1,md5.Crcdoesn'tneed/wantakey.#Younormallyonlyhaveoneauthenticationmethod-idlistedinthisfile#Putmorethanonetomakeasmoothtransitionwhenchangingauth#methodsand/orkeys.#sha1isbelievedtobethe"best",md5nextbest.#crcaddsnosecurity,exceptfrompacketcorruption.#Useonlyonphysicallysecurenetworks.auth2#1crc2sha1Om8iO0DPnNMJ7OpQjdxBaQ#3md5Hello!
sha1后面的字符串可以随便填写,我这里是取得随机数,命令如下为openssl rand -base64 16
3、haresources资源配置文件
这个文件是用来配置资源的,比如VIP,WEB服务,磁盘挂载等等,我们在文件最后添加我们配置的资源。
…………#-------------------------------------------------------------------#Simplecase:Oneserviceaddress,defaultsubnetandnetmask#NoserversthatgoupanddownwiththeIPaddress#just.linux-ha.org135.9.216.110#-------------------------------------------------------------------#Assumingtheadminstrativeaddressesareonthesamesubnet...#Alittlemorecomplexcase:Oneserviceaddress,defaultsubnet#andnetmask,andyouwanttostartandstophttpwhenyouget#theIPaddress...#just.linux-ha.org135.9.216.110http#-------------------------------------------------------------------#Alittlemorecomplexcase:Threeserviceaddresses,defaultsubnet#andnetmask,andyouwanttostartandstophttpwhenyouget#theIPaddress...#just.linux-ha.org135.9.216.110135.9.215.111135.9.216.112httpd#-------------------------------------------------------------------#Oneserviceaddress,withthesubnet,interfaceandbcastaddr#explicitlydefined.#just.linux-ha.org135.9.216.3/28/eth0/135.9.216.12httpd#-------------------------------------------------------------------#Anexamplewhereasharedfilesystemistobeused.#Notethatmultipleagumentsarepassedtothisscriptusing#thedelimiter'::'toseparateeachargument.#node110.0.0.170Filesystem::/dev/sda1::/data1::ext2#Regardingthenode-namesinthisfile:#Theymustmatchthenamesofthenodeslistedinha.cf,whichinturn#mustmatchthe`uname-n`ofsomenodeinthecluster.Sotheyaren't#virtualinanysenseoftheword.node1.wzlinux.comIPaddr::192.168.0.18/24/eth0httpdFilesystem::192.168.0.12:/web::/var/www/html::nfs
其中192.168.0.18是VIP,后面代表磁盘的挂载情况。
五、服务启动及检测
1、服务启动
分别在node1和node2上面执行以下命令
serviceheartbeatstart
2、查看启动日志
# cat /var/log
node1
node2
从日志文件我们可以看出详细的启动过程,包括各种资源的启动,心跳的传播,如果显示的内容和我截图的内容差不多,没有什么ERROR的项目输出,就证明我们的服务启动成功了。
3、检验服务的高可用
在node1上面我们可以查看VIP、NFS、Httpd是否全部起来来进一步验证
验证VIP
验证NFS是否挂载成功
验证WEB服务是否启动
在客户端浏览器中输入http://192.168.0.18,如显示一下内容证明服务正常运行
接着我们手动把node1调为备节点,看看现实是否变化,如果没有变化证明一切正常。
/usr/share/heartbeat/hb_standby#调整节点为备节点
调为备几点之后,客户端并没有发现变化,其实资源都已经转移到node2节点上面运行,我们可以查看日志内容了解转移过程。
node1:
node2
如果想要手动把资源接管回来可以使用命令/usr/share/heartbeat/hb_takeover。
最重要的是今天的心。
