Install Heartbeat on Debian

by Pierre-Yves Landuré — last modified Mar 02, 2018 08:35

Heartbeat is a software creating a high availability infrastructure. This howto ease its installation on Debian.

This howto is tested on:

Debian 7.0 Wheezy

Parameters

Provide the name of the network interface used to communicate with the members of the high availability cluster:

NET_DEV="eth0"

Provide the hostnames of the high availability cluster members (one hostname by line, primary hostname on first line):

MEMBERS="host1.domain.com
host2.domain.com"

Provide the IP address (failover IP) assigned to the cluster:

FAILOVER_IP="xx.xx.xx.xx"

Provide the cluster authentication key (optionnal, must be shared between the cluster members):

# AUTH_KEY="061652d05e21be8febf8af5d53abaf5ecf7fb6f4"

Installation

Generate a authentication key for the cluster, if needed:

if [ -z "${AUTH_KEY}" ]; then
  AUTH_KEY="$(command dd if='/dev/urandom' bs=512 count=1 2>'/dev/null' \
      | command openssl sha1 \
      | command cut --delimiter=' ' --fields=2)"
fi

Environment preparation

Install the needed software:

command apt-get install heartbeat

Allow the assignation of several IP addresses to the same network interface:

command echo "# Allow multiple IP addresses by interface for Heartbeat.
net.ipv4.ip_nonlocal_bind=1" \
    > '/etc/sysctl.d/heartbeat.conf'

Reload the system settings:

command sysctl -p '/etc/sysctl.d/heartbeat.conf'

Configuration

Create a configuration from the template:

command gunzip --stdout '/usr/share/doc/heartbeat/ha.cf.gz' > '/etc/ha.d/ha.cf'

Enable the logs:

command sed -i \
     -e 's/^#debugfile/debugfile/' \
     -e 's/^#logfile/logfile/' \
     -e 's/^#logfacility/logfacility/' \
  '/etc/ha.d/ha.cf'

Configure the server crash detection (with default values):

command sed -i \
    -e 's/^#keepalive/keepalive/' \
    -e 's/^#deadtime/deadtime/' \
    -e 's/^#warntime/warntime/' \
    -e 's/^#initdead/initdead/' \
  '/etc/ha.d/ha.cf'

Configure the port used to test the cluster members activity:

command sed -i \
 -e 's/^#udpport/udpport/' \
 '/etc/ha.d/ha.cf'

Generate the cluster members configuration:

UCAST_CONFIG=""
NODE_CONFIG=""
HOSTS_CONFIG=""
PRIMARY_HOST=""
for HEARTBEAT_HOST in ${MEMBERS}; do
  if [ "${HEARTBEAT_HOST}" = "$(command hostname --fqdn)" ]; then
    HOST_IP="$(command ifconfig "${NET_DEV}" \
      | command grep 'inet ' \
      | command sed -e 's/^.*inet [^:]*:\([^ ]*\) .*$/\1/')"
  else
    HOST_IP="$(command getent ahostsv4 "${HEARTBEAT_HOST}" \
      | command cut --delimiter=" " --fields=1 \
      | command tail -n 1)"
  fi

  HEARTBEAT_HOST="$(command echo "${HEARTBEAT_HOST}" \
      | command cut --delimiter='.' --fields=1)"

  if [ -z "${PRIMARY_HOST}" ]; then
    PRIMARY_HOST="${HEARTBEAT_HOST}"
  fi

  UCAST_CONFIG="${UCAST_CONFIG}\\
ucast ${NET_DEV} ${HOST_IP}"

  NODE_CONFIG="${NODE_CONFIG}\\
node ${HEARTBEAT_HOST}"

  HOSTS_CONFIG="${HOSTS_CONFIG}
${HOST_IP} ${HEARTBEAT_HOST}"
done

Adjust the hosts file contents:

echo "${HOSTS_CONFIG}" >> '/etc/hosts'

Configure the cluster members:

command sed -i \
    -e "/^#ucast/a\\
${UCAST_CONFIG}" \
    -e "0,/^#node/{//a\\
${NODE_CONFIG}
;}" \
 '/etc/ha.d/ha.cf'

Configure the authentication key:

command echo "auth 1
1 sha1 ${AUTH_KEY}" \
    > '/etc/ha.d/authkeys'

Secure the authentication key:

command chmod 0600 '/etc/ha.d/authkeys'

Configure the cluster IP address, as well as the primary server:

echo "${PRIMARY_HOST} ${FAILOVER_IP}/24/${NET_DEV} MailTo::root::[$(command hostname --fqdn)]warning:" > '/etc/ha.d/haresources'

Cluster members setup

Run the installation process of this howto on the high-availability cluster members with the parameters provided by:

command echo "NET_DEV='${NET_DEV}'
MEMBERS='${MEMBERS}'
FAILOVER_IP='${FAILOVER_IP}'
AUTH_KEY='${AUTH_KEY}'
"

Note: the NET_DEV value can be different for some members of the cluster.

Finalization

Start the service on all cluster members:

command service heartbeat start

Hardening the security

Block the access to udp port 694 excepted for the cluster members by following:

Filter the access to a network port with iptables on Debian

Thanks

Thanks to Heartbeat developers.
Thanks to Nicolas Olivero (fr) for Configuration Heartbeat Debian (fr).
Thanks to IT-connect.fr (fr) for Clustering et haute disponibilité sous Linux avec Heartbeat (fr).
Thanks to falko for Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Debian Etch (en).
Thanks to Institut d'électronique et d'informatique Gaspard-Monge (fr) for La haute disponibilité avec Heartbeat (fr).
Thanks to SplitBrain (fr) for Setting up Hearbeat failover for an IP-Adress on Debian Squeeze (fr).