Skip to main content

'httpd' HA using Heartbeat

Step 1: Pre-Configuration Requirements

Assign hostname httpd-primary to primary node with IP address 192.168.230.138 to eth0.
Assign hostname httpd-slave to slave node with IP address 192.168.230.139 to eth0.
[root@httpd-primary ~]# cat /etc/hosts
127.0.0.1   localhost
192.168.230.138         httpd-primary
192.168.230.139         httpd-slave
Primary Server: httpd-primary
[root@httpd-primary ~]# uname -n
httpd-primary
Secondary Server: httpd-slave
[root@httpd-slave ~]# uname -n
httpd-slave
192.168.230.150 is the virtual IP address that will be used for our httpd webserver.
Configure httpd on both server is ‘httpd-primary’ and ‘httpd-slave’
Now lets install Heartbeat on both servers.

Step 2: Install EPEL repo.

[root@httpd-primary ~]# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Change the ‘https’ to ‘http’ in ‘epel.repo’, if you get an error when you do a ‘yum install heartbeat’
[root@httpd-primary ~]# vim /etc/yum.repos.d/epel.repo
[root@httpd-primary ~]# yum install heartbeat

Step 3: Heartbeat configuration

[root@httpd-primary ~]# cp /usr/share/doc/heartbeat-3.0.4/authkeys /etc/ha.d/
[root@httpd-primary ~]# cp /usr/share/doc/heartbeat-3.0.4/ha.cf /etc/ha.d/
[root@httpd-primary ~]# cp /usr/share/doc/heartbeat-3.0.4/haresources /etc/ha.d/

Step 4:

[root@httpd-primary ~]# vi /etc/ha.d/authkeys
Then add the following lines:
auth 2
2 sha1 anyRandomKeyHere

Step 5: Change the permission of the authkeys file:

chmod 600 /etc/ha.d/authkeys

Step 6: Moving to our second file (ha.cf) which is the most important. So edit the ha.cf file with vi:

vi /etc/ha.d/ha.cf
Add the following lines in the ha.cf file:
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node httpd-primary
node httpd-slave

Step 7: update haresources

vi /etc/ha.d/haresources
Add the following line: 
httpd-primary 192.168.230.150 httpd

Step 8: Copy the /etc/ha.d/ directory from httpd-primary to httpd-slave:

scp -r /etc/ha.d/ root@httpd-slave:/etc/

Step 9: As we want httpd highly enabled let’s start configuring httpd:

vi /etc/httpd/conf/httpd.conf
Add this line in httpd.conf:
Listen 192.168.230.150:80

Step 10: Copy the /etc/httpd/conf/httpd.conf file from httpd-primary to httpd-slave:

scp /etc/httpd/conf/httpd.conf root@httpd-slave:/etc/httpd/conf/

Step 11: Create the file index.html on both nodes (httpd-primary & httpd-slave):

On httpd-primary:
echo "`uname -n` apache test server" > /var/www/html/index.html
On httpd-slave:
echo "`uname -n` apache test server" > /var/www/html/index.html

Step 11. Now start heartbeat on the primary httpd-primary and slave httpd-slave:

/etc/init.d/heartbeat start

Step 12. Open web-browser and type in the URL:

http://192.168.230.150
It will show 'httpd-primary apache test server'.

Step 13. Now stop the hearbeat daemon on httpd-primary:

/etc/init.d/heartbeat stop
In your browser type in the URL 
http://192.168.230.150 and press enter.
It will show 'httpd-slave apache test server'.
We don’t need to create a virtual network interface and assign an IP address (192.168.230.150) to it. Heartbeat will do this for you, and start the service (httpd) itself. So don’t worry about this.
NOTE :
A. I had issues due to port access for testing disable ‘iptables’ if you face any issues.
Here are the entries requires for iptables.
iptables -A OUTPUT -o lo -p udp -m udp -d 192.168.230.138 --dport 694 -j ACCEPT
iptables -A INPUT -i lo -p udp -m udp -d 192.168.230.138 --dport 694 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp -d 192.168.230.138 --dport 694 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m udp -d 192.168.230.138 --dport 694 -j ACCEPT

iptables -A OUTPUT -o lo -p udp -m udp -d 192.168.230.139 --dport 694 -j ACCEPT
iptables -A INPUT -i lo -p udp -m udp -d 192.168.230.139 --dport 694 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp -d 192.168.230.139 --dport 694 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m udp -d 192.168.230.139 --dport 694 -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp -m tcp -d 192.168.230.138 --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp -d 192.168.230.138 --dport 80 -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp -m tcp -d 192.168.230.139 --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp -d 192.168.230.139 --dport 80 -j ACCEPT

service iptables save



Useful Links: 
https://wiki.archlinux.org/index.php/Simple_IP_Failover_with_Heartbeat http://www.linuxnix.com/2010/01/heartbeat-clustering.html
https://www.howtoforge.com/high_availability_heartbeat_centos
http://blog.iwayvietnam.com/tuanta/2010/05/19/configuring-a-high-availability-cluster-on-rhel-centos/ 
http://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
http://www.cyberciti.biz/tips/linux-cluster-building-firewall-rules.html 
http://www.linux-ha.org/doc/users-guide/_creating_an_initial_heartbeat_configuration.html
Labels:

Comments

Post a Comment

Popular posts from this blog

Cloudera Manager - Duplicate entry 'zookeeper' for key 'NAME'.

We had recently built a cluster using cloudera API’s and had all the services running on it with Kerberos enabled. Next we had a requirement to add another kafka cluster to our already exsisting cluster in cloudera manager. Since it is a quick task to get the zookeeper and kafka up and running. We decided to get this done using the cloudera manager instead of the API’s. But we faced the Duplicate entry 'zookeeper' for key 'NAME' issue as described in the bug below. https://issues.cloudera.org/browse/DISTRO-790 I have set up two clusters that share a Cloudera Manger. The first I set up with the API and created the services with capital letter names, e.g., ZOOKEEPER, HDFS, HIVE. Now, I add the second cluster using the Wizard. Add Cluster->Select Hosts->Distribute Parcels->Select base HDFS Cluster install On the next page i get SQL errros telling that the services i want to add already exist. I suspect that the check for existing service names does n
2 comments
Read more

Zabbix History Table Clean Up

Zabbix history table gets really big, and if you are in a situation where you want to clean it up. Then we can do so, using the below steps. Stop zabbix server. Take table backup - just in case. Create a temporary table. Update the temporary table with data required, upto a specific date using epoch . Move old table to a different table name. Move updated (new temporary) table to original table which needs to be cleaned-up. Drop the old table. (Optional) Restart Zabbix Since this is not offical procedure, but it has worked for me so use it at your own risk. Here is another post which will help is reducing the size of history tables - http://zabbixzone.com/zabbix/history-and-trends/ Zabbix Version : Zabbix v2.4 Make sure MySql 5.1 is set with InnoDB as innodb_file_per_table=ON Step 1 Stop the Zabbix server sudo service zabbix-server stop Script. echo "------------------------------------------" echo " 1. Stopping Zabbix Server &quo
1 comment
Read more

Access Filter in SSSD `ldap_access_filter` [SSSD Access denied / Permission denied ]

Access Filter Setup with SSSD ldap_access_filter (string) If using access_provider = ldap , this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap and this option is not set, it will result in all users being denied access. Use access_provider = allow to change this default behaviour. Example: access_provider = ldap ldap_access_filter = memberOf=cn=allowed_user_groups,ou=Groups,dc=example,dc=com Prerequisites yum install sssd Single LDAP Group Under domain/default in /etc/sssd/sssd.conf add: access_provider = ldap ldap_access_filter = memberOf=cn=Group Name,ou=Groups,dc=example,dc=com Multiple LDAP Groups Under domain/default in /etc/sssd/sssd.conf add: access_provider = ldap ldap_access_filter = (|(memberOf=cn=System Adminstrators,ou=Groups,dc=example,dc=com)(memberOf=cn=Database Users,ou=Groups,dc=example,dc=com)) ldap_access_filter accepts standa
Post a Comment
Read more