Heartbeat configuration

For any Heartbeat cluster, the following configuration files must be available:

  • /etc/ha.d/ha.cf — global cluster configuration.

  • /etc/ha.d/authkeys — keys for mutual node authentication.

Depending on whether Heartbeat is running in R1-compatible or in CRM mode, additional configuration files are required. These are covered in the section called “Using DRBD in Heartbeat R1-style clusters” and the section called “Using DRBD in Heartbeat CRM-enabled clusters”.

The ha.cf file

The following example is a small and simple ha.cf file:

autojoin none
mcast bond0 694 1 0
bcast eth2
warntime 5
deadtime 15
initdead 60
keepalive 2
node alice
node bob

Setting autojoin to none disables cluster node auto-discovery and requires that cluster nodes be listed explicitly, using the node options. This speeds up cluster start-up in clusters with a fixed number of nodes (which is always the case in R1-style Heartbeat clusters).

This example assumes that bond0 is the cluster's interface to the shared network, and that eth2 is the interface dedicated for DRBD replication between both nodes. Thus, bond0 can be used for Multicast heartbeat, whereas on eth2 broadcast is acceptable as eth2 is not a shared network.

The next options configure node failure detection. They set the time after which Heartbeat issues a warning that a no longer available peer node may be dead (warntime), the time after which Heartbeat considers a node confirmed dead (deadtime), and the maximum time it waits for other nodes to check in at cluster startup (initdead). keepalive sets the interval at which Heartbeat keep-alive packets are sent. All these options are given in seconds.

The node option identifies cluster members. The option values listed here must match the exact host names of cluster nodes as given by uname -n.

Not adding a crm option implies that the cluster is operating in R1-compatible mode with CRM disabled. If crm yes were included in the configuration, Heartbeat would be running in CRM mode.

The authkeys file

/etc/ha.d/authkeys contains pre-shared secrets used for mutual cluster node authentication. It should only be readable by root and follows this format:

auth num
num algorithm secret

num is a simple key index, starting with 1. Usually, you will only have one key in your authkeys file.

algorithm is the signature algorithm being used. You may use either md5 or sha1; the use of crc (a simple cyclic redundancy check, not secure) is not recommended.

secret is the actual authentication key.

You may create an authkeys file, using a generated secret, with the following shell hack:

( echo -ne "auth 1\n1 sha1 "; \
  dd if=/dev/urandom bs=512 count=1 | openssl md5 ) \
  > /etc/ha.d/authkeys
chmod 0600 /etc/ha.d/authkeys

Propagating the cluster configuration to cluster nodes

In order to propagate the contents of the ha.cf and authkeys configuration files, you may use the ha_propagate command, which you would invoke using either




This utility will copy the configuration files over to any node listed in /etc/ha.d/ha.cf using scp. It will afterwards also connect to the nodes using ssh and issue chkconfig heartbeat on in order to enable Heartbeat services on system startup.