Designing Disaster Tolerant High Availability Clusters, 10th Edition, March 2003 (B7660-90013)
Building a Continental Cluster
Switching to the Recovery Packages in Case of Disaster
Chapter 5248
Switching to the Recovery Packages in Case
of Disaster
Once the clusters are configured and tested, packages will be able to fail
over to an alternate node in another data center and still have access to
the data they need to function. The primary steps for failing over a
package are:
1. Receive notification that a monitored cluster is unavailable.
2. Verify that it is necessary and safe to start the recovery packages.
3. Use the recovery command to stop data replication and start
recovery packages.
4. View the status of the continental cluster.
# cmviewconcl
It is crucial that you have a well-defined recovery process, and that all
members at both sites are educated on how to use this process.
Receiving Notification
Once the monitor is started, as described in “Starting the
ContinentalClusters Monitor Package” on page 240, the monitor will
send notifications as configured. You may get one of the following types
of notification as configured in cmclconf.ascii:
• CLUSTER_ALERT is a change in the status of cluster. Recovery via the
cmrecovercl command is not enabled by default. This should be
treated as information that the cluster either may be developing a
problem or may be recovering from a problem.
• CLUSTER_ALARM is a change in the status of a cluster that indicates
that the cluster has been unavailable for an unacceptable amount of
time. Recovery via the cmrecovercl command is enabled.
The issuing of notifications takes place at the timing intervals specified
for each cluster event. However, it sometimes may appear that an alert
or alarm takes longer than configured. Keep in mind that if several
changes of cluster state (for example, Down to Error to Unreachable to
Down) take place in a smaller time than the configured interval for an