ClearFoundation

You will need 2 ClearBOX 300 servers installed with the default mode. We'll call them 'firewall1' and 'firewall2'. You will assign the NICs like this:

• eth0: WAN (crossconnected to eth1 on firewall2)
• eth1: Not assigned (empty)
• eth2: LAN (crossconnected to eth3 on firewall2)
• eth3: Not assigned (empty)
• eth4: Heartbeat NIC (crossconnected to eth4 on firewall2)
• eth5: Management

• eth0: WAN (connected to Internet)
• eth1: Not assigned (crossconnected to eth0 on firewall1)
• eth2: LAN (connected to LAN)
• eth3: Not assigned (crossconnected to eth2 on firewall1)
• eth4: Heartbeat NIC (crossconnected to eth4 on firewall1)
• eth5: Management

• 172.16.0.x (WAN)
• 192.168.1.x (LAN)
• 10.10.10.x (Heartbeat)

You will need to name the servers correctly.

vi /etc/hosts

In addition, they must know the names of the other host as it pertains to the heartbeat network.

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1		firewall1.clearos.lan system localhost.localdomain localhost
::1		localhost6.localdomain6 localhost6
10.10.10.2 firewall2.clearos.lan firewall2

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1		firewall2.clearos.lan system localhost.localdomain localhost
::1		localhost6.localdomain6 localhost6
10.10.10.1 firewall1.clearos.lan firewall1

Test.

From command line, download the heartbeat rpm packages by running the following commands in the directory of your choosing:

wget http://mirrors.adams.net/centos/5.5/extras/i386/RPMS/heartbeat-pils-2.1.3-3.el5.centos.i386.rpm
wget http://mirrors.adams.net/centos/5.5/extras/i386/RPMS/heartbeat-stonith-2.1.3-3.el5.centos.i386.rpm
wget http://mirrors.adams.net/centos/5.5/extras/i386/RPMS/heartbeat-2.1.3-3.el5.centos.i386.rpm

Install them:

yum install --nogpgcheck ./heartbeat-pils-2.1.3-3.el5.centos.i386.rpm 
yum install --nogpgcheck ./heartbeat-stonith-2.1.3-3.el5.centos.i386.rpm 
yum install --nogpgcheck ./heartbeat-2.1.3-3.el5.centos.i386.rpm 
chkconfig --add heartbeat && chkconfig --list heartbeat

Configure the following on firewall1

logfile /var/log/ha-log
logfacility local0
keepalive 1
deadtime 4
initdead 5
bcast eth4
udpport 694
auto_failback on
node firewall1.clearos.lan
node firewall2.clearos.lan

firewall1.clearos.lan bypass

Use the ha-propagate command to copy these setting to the partner of the HA cluster. This will also test you config.

/usr/share/heartbeat/ha_propagate

We are using a service here that doesn't really exist. Here is the code for it:

#!/bin/bash
#
# Init file for bypass
#
# chkconfig: 2345 55 25
# description: Bypass enable daemon
#
# processname: 
# source function library
. /etc/rc.d/init.d/functions
RETVAL=0
prog="bypass"
# Some functions to make the below more readable
BYPASSDISABLE=/usr/sbin/bypassdisable
BYPASSENABLE=/usr/sbin/bypassenable
# not used
PID_FILE=/var/run/bypass.pid
runlevel=$(set -- $(runlevel); eval "echo \$$#" )

start()
{
	echo -n $"Starting $prog: "
	$BYPASSDISABLE $OPTIONS && success || failure
	echo
}

stop()
{
	echo -n $"Starting $prog: "
	$BYPASSENABLE $OPTIONS && success || failure
	echo
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
esac
exit $RETVAL

#!/bin/sh
echo 0 > /sys/bus/i2c/devices/0-0026/bypass0
echo 0 > /sys/bus/i2c/devices/0-0022/bypass0

#!/bin/sh
echo 2 > /sys/bus/i2c/devices/0-0026/bypass0
echo 2 > /sys/bus/i2c/devices/0-0022/bypass0

You will want to configure the BIOS for firewall 2 to not activate the NIC but rather to default with the bypass activated.

Go to Advanced » Onboard ByPass Control

• Set the Set Bypass Group 1 Status to: Next Boot: Non-Normal, BPE: Enable
• Set the Set Bypass Group 2 Status to: Next Boot: Non-Normal, BPE: Enable