[CentOS] heartbeat configuration for lb

Emmett Culley emmett at webengineer.com
Mon Dec 13 03:50:14 UTC 2010 

On 12/11/2010 07:26 PM, bluethundr wrote:
> Sorry I forgot to finish the story!!! :)
> 
> And the interface doesn't appear to be sharing the address:
> 
> [root at VIRTCENT01:~]#ip addr sh eth0
> 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500 qdisc pfifo_fast qlen 1000
>      link/ether 00:16:36:22:92:70 brd ff:ff:ff:ff:ff:ff
>      inet 192.168.1.23/24 brd 192.168.1.255 scope global eth0
>      inet6 fe80::216:36ff:fe22:9270/64 scope link
>         valid_lft forever preferred_lft forever
> 
> 
> And I can't ping the virtual address I had tried to setup using heartbeat:
> 
> [root at VIRTCENT01:~]#ping 192.168.1.200
> PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
>> From 192.168.1.23 icmp_seq=1 Destination Host Unreachable
>> From 192.168.1.23 icmp_seq=2 Destination Host Unreachable
>> From 192.168.1.23 icmp_seq=3 Destination Host Unreachable
> 
> thanks again!!!
> 
> 
> 
> On Sat, Dec 11, 2010 at 10:13 PM, bluethundr<bluethundr at gmail.com>  wrote:
>> hello list!
>>
>>   I am attempting to setup haproxy using a shared up I am trying to
>> setup using the heartbeat package that I currently have installed:
>>
>>   [root at VIRTCENT01:~]#rpm -qa | grep heartbeat | grep -v -e stonith -e pils
>> heartbeat-2.1.4-11.el5
>> heartbeat-2.1.4-11.el5
>>
>>
>> I have /etc/ha/.d authkeys setup this way:
>>
>> #
>> auth 2
>> #1 crc
>> 2 sha1 {SHA}secret
>>
>> I have /etc/ha.d/resources setup like this:
>>
>> VIRTCENT01.summitnjhome.com 192.168.1.23
>>
>> And I have /etc/ha.cf setup like this:
>>
>>   #       What UDP port to use for udp or ppp-udp communication?
>> #
>> udpport        694
>> bcast  eth0
>> mcast eth0 225.0.0.1 694 1 0
>> ucast eth0 192.168.1.200
>> #       What interfaces to heartbeat over?
>> udp     eth0
>> #
>> #       Facility to use for syslog()/logger (alternative to log/debugfile)
>> #
>> logfacility     local0
>> #
>> #       Tell what machines are in the cluster
>> #       node    nodename ...    -- must match uname -n
>> node    lb1.summitnjhome.com
>> node    lb2.summitnjhome.com
>>
>>
>> The service seems to start ok:
>>
>> [root at VIRTCENT01:~]#service heartbeat restart
>> Stopping High-Availability services:
>>                                                            [  OK  ]
>> Waiting to allow resource takeover to complete:
>>                                                            [  OK  ]
>> Starting High-Availability services:
>> 2010/12/11_22:03:55 INFO:  Resource is stopped
>>                                                            [  OK  ]
>>
>> (tho I am unsure of that the INFO notice is of the resource being stopped).
>>
>> And I have verified that it is running with ps:
>>
>> [root at VIRTCENT01:~]#ps auxwww | grep heartbeat
>> root      3646  0.1  4.6  12260 12256 ?        SLs  22:03   0:00
>> heartbeat: master control process
>> nobody    3648  0.0  2.1   5664  5660 ?        SL   22:03   0:00
>> heartbeat: FIFO reader
>> nobody    3649  0.0  2.1   5660  5656 ?        SL   22:03   0:00
>> heartbeat: write: bcast eth0
>> nobody    3650  0.0  2.1   5660  5656 ?        SL   22:03   0:00
>> heartbeat: read: bcast eth0
>> root      3653  0.0  0.2  61180   736 pts/1    S+   22:04   0:00 grep heartbeat
>>
>>
>> And verified that the box is listening on port 694 (the port that I
>> have set for heartbeat):
>>
>>
>> [root at VIRTCENT01:~]#netstat -tulpn | grep heartbeat
>> udp        0      0 0.0.0.0:694                 0.0.0.0:*
>>                  3649/heartbeat: wri
>> udp        0      0 0.0.0.0:50550               0.0.0.0:*
>>                  3649/heartbeat: wri
>>
>> However although I have the port enabled in iptables:
>>
>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 694 -j ACCEPT
>> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>> COMMIT
>>
>>
>> An nmap scan does not see anything active on 694:
>>
>> bluethundr at bluethundr-laptop:~$ sudo nmap -sT -A virt1
>>
>> Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-11 22:07 EST
>> Warning: Traceroute does not support idle or connect scan, disabling...
>> Interesting ports on 192.168.1.23:
>> Not shown: 997 filtered ports
>> PORT    STATE  SERVICE VERSION
>> 22/tcp  open   ssh     OpenSSH 5.6 (protocol 2.0)
>> |  ssh-hostkey: 1024 b0:gu:s (DSA)
>> |_ 2048 b0:gu:s (RSA)
>> 80/tcp  closed http
>> 631/tcp closed ipp
>> MAC Address: 00:16:36:22:92:70 (Quanta Computer)
>> Device type: general purpose
>> Running: Linux 2.6.X
>> OS details: Linux 2.6.15 - 2.6.26
>> Network Distance: 1 hop
>>
>> OS and Service detection performed. Please report any incorrect
>> results at http://nmap.org/submit/ .
>> Nmap done: 1 IP address (1 host up) scanned in 11.27 seconds
>>
>>
>>
>> I am enclosing an archive of my /etc/ha.d directory in case this is of
>> use to anyone. I would certainly appreciate any help anyone could
>> provide!
>>
>> Thanks!!
>>
>>
>> --
>> GPG me!!
>>
>> gpg --keyserver pgp.mit.edu --recv-keys F186197B
>>
> 
> 
> 
The message you are seeing when you start heartbeat doesn't make any sense to me either, but it does indicate that it started correctly.

The line:

VIRTCENT01.summitnjhome.com 192.168.1.23

should be:

VIRTCENT01.summitnjhome.com 192.168.1.200

To cause that IP address to be available upon taking control.

More information about the CentOS mailing list