From wikipedia we know that:
High-availability clusters (also known as HA Clusters or Failover Clusters) are computer clusters that are implemented primarily for the purpose of providing high availability of services which the cluster provides. They operate by having redundant computers or nodes which are then used to provide service when system components fail. Normally, if a server with a particular application crashes, the application will be unavailable until someone fixes the crashed server.

We try to make cluster for production system which provide web services and consisted of 2 nodes. Let’s call it srv1 and srv2 as hostnames.

There is ifconfig for srv1 :

eth0      Link encap:Ethernet  HWaddr 08:00:27:7B:7E:40
          inet addr:10.0.30.1  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::a00:27ff:fe7b:7e03/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:347 errors:1 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:86003 (83.9 KiB)  TX bytes:8214 (8.0 KiB)
          Interrupt:11 Base address:0xc020

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

and for srv2:

eth0      Link encap:Ethernet  HWaddr 08:00:27:7B:7E:03
          inet addr:10.0.30.2  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::a00:27ff:fe7b:7e03/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:347 errors:1 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:86003 (83.9 KiB)  TX bytes:8214 (8.0 KiB)
          Interrupt:11 Base address:0xc020

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

As you can see there is no virtual interfaces for now. Let’s look at hosts file it should be the same for both of nodes:

cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               srv2 localhost.localdomain localhost
10.0.30.1       srv1
10.0.30.2       srv2

Ok now we have to installed heartbeat.
The centos, fedora core and RH users able to use this command:

yum install heartbeat 

For debian users this one :

apt-get install heartbeat

For other distros you can do it according to your distros package manager documentation or compile from sources. The sources are always available at official site of the project.

Copy configuration files from examples into your work directory(default for heartbeat is /etc/ha.d):

cp /usr/share/doc/heartbeat*/hareshare /etc/ha.d/
cp /usr/share/doc/ha.cf /hareshare /etc/ha.d/
cp /usr/share/doc/heartbeat*/authkeys /etc/ha.d/

And edit it like this :

cat /etc/ha.d/ha.cf
debugfile /var/log/ha-debug

# set debug log

logfile /var/log/ha-log

# set common log

logfacility     local0 

# set syslog channel

keepalive 2 

# time between checks

udpport 694 

# port where heartbeat will be listened on

bcast   eth0

# interface for broadcast message

auto_failback on 

#listing of node. Keep in mind that names of node should be as `uname -n` for each nodes

node srv1 

node srv2

All configuration files is pretty documented by developing team. Therefore I will not describe it’s so deeply. Next config file is haresources:

cat /etc/ha.d/haresources
active            10.0.30.3 httpd script1 script2

this consist of three main fields:
1-st – It’s still not clear for me. (As I understand any name can be used here as well).
2-nd – the ip address for virtual interface
3-rd – the name of scripts or script located at /etc/init.d which should be brought up in case of crash active node.

Unfortunately in the event of crashing one of the defined services heartbeat doesn’t migrate cluster group to another node:( In other words if your web site is goes down the current node will stay active. Maybe this feature is available, but I have found nothing in official documentation about this issue.

And last one config file. It has quite simple configuration which consist of 2 lines. And uses for determine which encryption has to be used.

cat /etc/ha.d/authkeys
auth 1
1 sha1 "HI!"

“sha1″ provide connection with encryption as well as the “md5″. To switch off encryption set “crc” instead of “sha1″.

Now try to start it:

/etc/init.d/heartbeat start 

If it’s start without any errors you able run it at second node. Copy your edited config files:

scp /etc/hosts 10.0.30.2:/etc/
scp /etc/ha.d/ha* 10.0.30.2:/etc/ha.d/
scp /etc/ha.d/authkeys 10.0.30.2:/etc/ha.d/

And go to the second node to start heartbeat there:

srv2:#/etc/init.d/heartbeat start 

If you done everything right -> one of the your node should be has

eth0:0

interface which indicate active node. Its looks like this:

srv1:# ifconfig eth0:0
          eth0:0    Link encap:Ethernet  HWaddr 08:00:27:7B:7E:03
          inet addr:10.0.30.3  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:11 Base address:0xc020

The last one step in our configuration is checking the cluster. Go to active node and run:

reboot

In several seconds you will see that httpd processes were started and

eth0:0

interface is appears at another node.

srv2:# ifconfig eth0:0
          eth0:0    Link encap:Ethernet  HWaddr 08:00:27:7B:7E:03
          inet addr:10.0.30.3  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:11 Base address:0xc020

ps uax | grep http | grep -v grep
root      2300  0.0  3.6  23004  9424 ?        Ss   02:37   0:01 /usr/sbin/httpd
apache    2323  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2324  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2325  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2326  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2327  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2328  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2331  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd
apache    2332  0.0  1.8  23004  4780 ?        S    02:37   0:00 /usr/sbin/httpd

Looks like everything done well.

Week ago I start to read book about Linux clustering. When I learned about high available cluster I have decided to made some script which will be able to implement it.

THEORY:
We have 2 Linux machine, local network, Internet connection and border gateway.

As you can see at Figure.1.
Node1 and Node2 have internal IPs 10.0.30.1 and 10.0.30.2 respectively. Default route has ip 10.0.30.254. And it provide PAT(Port Address Translation) support . In other words translates all request from internet web clients to web server into localnet virtual ip 10.0.30.3 which always assigned to active node. I will skip how to install PAT support but share my knowledge’s in rest part of project.

PRACTICE:
First of all we need machine with preinstalled Linux OS, web server, rsync and ssh. In this example I used CentOS and apache but it does not metter.

Try to build network connections.
Network configuration for Node #1 :

#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=08:00:27:7B:7E:03
ONBOOT=yes
IPADDR=10.0.30.2
GATEWAY=10.0.30.254

For node #2:

#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=08:00:27:B9:50:94
ONBOOT=yes
IPADDR=10.0.30.1

GATEWAY=10.0.30.254

In next step you need to enable rsync in xinted config:

#cat /etc/xinetd.d/rsync
service rsync
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}

And restart it:

/etc/init.d/xinted restart

Also you need to enable some SELinux bool:

#setsebool -P rsync_export_all_ro=on

Add user rsync in group root for both nods and generate ssh keys for they. Below described step-by-step actions:

For Node #1 :
Add user:

#useradd -g root rsycn 

Login as rsync

#su - rsync 

Generate new rsa key:

#ssh-keygen -t rsa -b 2048 -f rsync.key

When ssh-keygen asks you to provide passprase. Hit Enter twice to get non-password access in the future.

Copy public key to the remote host:

#scp rsync.key.pub root@10.0.30.2:/root/.ssh

For node #2 :

#useradd -g root rsycn
#mv ~/.ssh/rsync.key.pub  ~rsync/.ssh/authorized_keys
#chown rsync ~rsync/.ssh/authorized_keys
#chmod 600 ~rsync/.ssh/authorized_keys
#su - rsync
#ssh-keygen -t rsa -b 2048 -f rsync.key
#scp rsync.key.pub root@10.0.30.1:/root

Back to Node #1 and perform next actions:

#mv ~/rsync.key.pub  ~rsync/.ssh/authorized_keys
#chown rsync ~rsync/.ssh/authorized_keys
#chmod 600 ~rsync/.ssh/authorized_keys

To check if the keys and rsync works properly. Run this on Node #2:

#rsycn -e ssh rsync@10.0.30.1:/var/www/html /var/www/

After that if you have done everything right. The web files from Node #1 should be transfered to your local web directory.

Let’s check our config file:

#cat node.conf
another_node_addr=10.0.30.1
# this is comment
virtual_addr=10.0.30.3
max_sleep_time=10
max_ping_cnt=5
log_facility=local6
debug=1

All lines begging from “#” interpreted as a comments. Therefore it’s ignored by script.

another_node_addr – defined internal ip of other node
virtual_addr – defined common virtual ip for both node
max_sleep_time – max value for sleep(in seconds) between pings
max_ping_cnt – max amount of ping attempts
log_facility – the syslog facility for the logging
sycn_time – time for syncronization web documents from master to slave web-server. “d” – for day, “h” – hours, “min” – minutes, “mon” – months. For example:
sync_time=50min – means that files have to be syncronized every 50 minutes.
debug – the value “1″ is turn on debug

Be careful the maximum migration time you can calculate in next way:
max_sleep_time*(max_ping_cnt+1)+crontab ,
by default it’s 10*(5+1)= 60 + 60 (crontab) =120 seconds.

Download main script and config file and put these into the your nodes.

You can see a little bit of explanation about how to script works in block scheme below.

After these steps you are ready to tune your syslog and crontab configuration. Actions described below should be done on both node’s.
Put into the /etc/syslog.conf:

log_facility.*                                                -/var/log/node.log

Where log_facility is log facility defined at node.conf.

Put this into crontab to make script run by crontab every minute:

#crontab -e
*/1 * * * *     /PATH/TO/check_node.pl /PATH/TO/node.conf

I suppost it will be worked for you as well as for me.
The End.

#cd /etc/apache2/mods-enabled
# ln -s ../mods-available/rewrite.load  rewrite.load

For another distros you able to compile apache from sources with option “–enable-module=rewrite”.

Also you should put or change some lines in the apache configuration file (apache2.conf OR httpd.conf). In main section:

AccessFileName .htaccess

In the Directory section :

Options Indexes FollowSymLinks MultiViews
AllowOverride All

After that restart apache server:

# /etc/init.d/apache2 restart

Now you are ready to make your .htaccess file. Go to the your web directory:

# cd /var/www/
# cat > .htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} ^test\.com\.ua$
RewriteRule (.*) http://test.ua/$1 [L,R]

Check your web site via browser. If you have done everything describe above in proper way you will be redirected from test.com.ua to test.ua.