Building Disaster Recovery Serviceguard Solutions Using Metrocluster with Continuous Access for P9000 and XP A.11.00
Table 8 Failover/failback scenarios (continued)
AUTO parameters or FORCEFLAG setMetrocluster Behavior (By default)Fence LevelFailover/Failback Scenarios
Metrocluster package checks for
AUTO_SVOLPSUS setting and
Metrocluster package fails to start
as AUTO_SVOLPSUS is set to “0”
and FORCEFLAG is not present.
AnyManual suspend followed
by failure of all nodes in
the primary site. FORCEFLAG presence. If
AUTO_SVOLPSUE is set to “1” or
FORCEFLAG is present, Metrocluster
package starts and issues
horctakeover -S which results in
SVOL takeover.
If AUTO_PSUSSSWS is set to “1” or
FORCEFLAG is present,
Metrocluster package fails to start
as AUTO_PSUSSSWS is set to “0”
and FORCEFLAG is not present.
Any
• Metrocluster package
Resynchronizes data from the
recovery site to primary site by
issuing pairesync swapp
command.
• Issues horctakeover on the
primary site to replicate data to
the recovery site.
Complex workload failover/failback scenarios
This section elaborates the failure scenarios that might occur when a complex workload is configured
using Site Aware Disaster Tolerant Architecture.
Site failover
When the Site Controller package discovers that a running package configuration of a disaster
tolerant complex workload has failed in the Metrocluster, or that the site hosting it has failed, it
fails over to the remote site node and initiates a site failover from the remote node. The site failover
starts the adoptive complex-workload package configuration by starting the packages configured
on the remote site.
The Site Controller package monitors the active complex-workload packages, according to the
configuration, to detect a failure and initiate a site failover. When the complex-workload packages
are configured using the critical_package attribute, the Site Controller package detects and
initiates a site failover even if one of the critical packages fail. In a configuration where all the
packages in the complex workload are configured with the managed_package attribute, the Site
Controller package detects a failure and initiates site failover based on the cumulative status of all
the configured managed packages.
A complex-workload package that has failed or is halted, in addition to displaying a down state,
also displays a halted status. A special flag, package_halted is set to no when the
complex-workload package is down, having failed in the cluster. This special flag is set to yes
when the complex-workload package is down and manually halted. Serviceguard sets this flag to
no only when the last surviving instance of the complex workload package is halted as a result of
a failure. The flag is set to yes if the last surviving instance is manually halted, even if other instances
are halted earlier due to failures.
The Site Controller package determines a failure by verifying whether the package_halted flag
is set to no for all the monitored packages that are in the down state. When the monitored packages
have failed but not halted, the Site Controller Package fails over to a remote site node to perform
a site failover.
Before starting the complex-workload packages configured at the remote site, the Site Controller
package ensures that it is safe to do so. The failed complex-workload packages might not have
halted cleanly, leaving stray processes and resources. In such scenarios, it is not safe to start the
identical complex workload configuration on the remote site. As a result, when it starts on the
Complex workload failover/failback scenarios 65