IBM PowerHA 高可用解决方案

IBMPowerHA高可用解决方案李一峰liyifeng@cn.ibm.com议题•业务连续性解决方案•服务器的高可用（PowerHA解决方案）–PowerHA基本原理–PowerHA设置攻略–PowerHA/XD•PowerHA与PowerVM•产品信息业务连续性解决方案抗击灾难，保证业务连续性。每年的发生频率每次发生的结果(单次发生损失)（美元）1,0001001011/101/1001/1,0001/10,0001/100,0001美元10美元100美元1千美元1万美元10万美元100万美元1000万美元1亿美元病毒蠕虫磁盘故障组件故障电源故障常见不常见低高自然灾害应用中断数据损坏网络问题建筑火灾恐怖行动/国内动荡与可用性相关的与恢复相关的业务连续运营业务连续性的考虑软硬件的容错、冗余和故障自动侦测及恢复。同城或异地实时复制数据对于计划外的应用/系统的中断，自动恢复到故障点并保证恢复时间。高可用HighAvailability数据复制DataReplication灾难恢复DisasterRecovery业务连续性BusinessContinuityHA(高可用)和DR(容灾)的区别HighAvailability„自动的接管„一般适用发生在本地的错误„针对物理设备的保护„服务器„硬盘„适配器卡„网络„针对致命的软件错误的保护„操作系统„数据库„应用„服务DisasterRecovery„手动的切换流程„针对于主站点完全失效方面的保护„覆盖的错误包括：„HA方案失效„主站点(基础架构)失效„逻辑错误(如应用或数据)„致命的用户失误„导致的原因是„自然灾害、战争、……„对主站点有严重的影响„制定灾难恢复计划是必要的高可用(HighAvailability)解决方案的架构•Availabilityby应用–按照高可用的要求来设计应用架构•Availabilityby中间件–DB2HADR、WAS集群,CICS集群–OracleRAC、DB2pureScale•Availabilityby操作系统–AIXLVM镜像、PowerHA（HACMP）forAIX•Availabilityby硬件冗余–服务器•冗余的处理器/I/O适配器卡/电源/•内置磁盘RAID技术保护–外置磁盘,I/O总线、SAN交换机、LAN、LAN交换机•冗余的部件•磁盘RAID•多路径(Multi-Path)软件（SDD、RDAC)–通过磁盘复制的可用性•FlashCopy,Metro/Globalmirror–网络RAID5或RAID10双数据拷贝冗余SAN网络服务器集群并行数据库冗余网络应用伸缩性边缘设备客户端高可用性方案示意图PowerHA服务器的高可用（PowerHA解决方案）服务器的高可用(HighAvailability)•计划内停机或非计划内停机都需要服务器的高可用环境存在，目的是保证其上的业务系统持续运行。•服务器的高可用是为解决单点故障•服务器的高可用不是容错服务器切换的多种方式OnetooneOnetoanyAnytoanyAnytoone哪些环境不适合用于服务器高可用解决方案•服务器和网络环境不是安全的•服务器管理比较随意•服务器管理员经验不足•不能忍受任何的（应用系统）中断–Failoverswillcauseatleastsomedowntime•应用系统还不稳定–HACMPdependsonstablesoftwarelevelsandstableconfiguration–HACMPissusceptibletothe“fiddlefactor”•应用系统需要人工干预才能恢复–Manualresetofadevice,etc.PowerHA（HACMP）willneverbeanout-of-the-boxsolutiontoavailability.Acertaindegreeofskillwillbealwaysberequired.使用服务器(PowerHA)高可用解决方案的考虑点•应用系统必须能从断点处重新恢复运行（stop/restart操作）–Mustreleaseallresourceswhenstopped—eithernormallyorabnormally–Musttoleratealossofmemorycontents–Musttoleratealossofprocessorstate–Mustperformarestartfromacheckpoint–Mustrecoverfrompartialdatawrites–Mustoperateina“transactional”protocol•服务器(HA)群集中不能有单点故障存在–Sharedpowersupply,non-protecteddisk,etc.–HACMPisasoftwaresolution自动检测并可快速切换到备份服务器•Twonodes(AandB)•Twonetworks–Private(internal)network–Public(shared)network•Shareddisk–Alldatainsharedstorageavailabletobothnodes•Criticalapplications–Databaseserver–Webserver•DependentonDBSharedDiskSharedDiskPrivatePrivateNetworkNetwork!IBMserverpSeriesAAIBMserverpSeriesBBCompanySharedNetworkCompanySharedNetworkWebSrvDatabasePowerHA基本原理PowerHA监测四类故障•NodeFailures–Processorhardwareoroperationgsystemfailures–Oneormoresurvivingnodescanacquireresources•NetworkAdapterFailures–MoveIPaddresstostandbynetworkadapterinsamenode•NetworkFailure–Messagedisplayedonconsoleandeventislogged–Aseverysite'snetworkconfigurationsareunique,nootherdefaultactionistaken–Actiontobetakeninresponsetonetworkfailuresiscustomizable•ApplicationFailure–WebSphere/DB2/OracleAS&DBNodeFailureNetworkAdapterFailureNetworkFailureApplicationFailureSoftwareLayersonaPowerHAnode•Application–UsestheservicesmadehighlyavailablebyHACMP•HACMP–Makesserviceshighlyavailableforapplications–Co-ordinatesresourceavailabilitythroughthecluster•RSCT–Providesreliablecommunicationbetweennodes–Co-ordinationofsubsystems•AIX–Operatingsystemservices•LVM–Logicalstoragemanagement•TCP/IP–ManagescommunicationsatalogicallayerPowerHA典型架构NetworkClientsSerialHeartbeatPowerClusterNodePowerClusterNodeIPNetworkService&StandbyNetworkAdaptersSharedDiskIPHeartbeatsAtsystembootWithHACMPrunningAfteradapterfailureAfterfailureAdapterType192.168.0.1192.168.0.6nanaBoot/Service1.1.1.11.1.1.1naStandbyBoot1.1.1.21.1.1.2Standby192.168.0.2192.168.0.2192.168.0.6192.168.0.6192.168.0.2192.168.0.21.1.1.2NodeANodeBhost•TwologicalIPnetworks(Netmask255.255.255.0)•Onephysicalnetwork•Clientsalwaysaccess192.168.0.6•MACaddresstakeoverorARPcacheupdateisalsoneededIP地址切换(IPAT)方式一(替换方式)AtsystembootWithHACMPrunningAfteradapterfailure172.16.18..10192.168.1.111nana192.168.0.25192.168.0.25na192.168.0.1192.168.0.1172.16.18..11172.16.18..11192.168.1.121172.16.18..10192.168.1.121192.168.1.111192.168.1.121192.168.1.122192.168.1.122172.16.18..11192.168.1.122172.16.18..11192.168.1.122192.168.0.1192.168.1.111NodeANodeBAfterfailurehost192.168.0.25192.168.0.1•Initiallyconfiguredaddresses(BootIP)•PersistentIPaddresses-usefulforapplicationslikeTivoli•ServiceIPaddresses-usedbyclientstoaccessthecluster-multipleareallowedIP地址切换(IPAT)方式二(别名方式)心跳/磁盘心跳（Heartbeatviadisk)•HACMP5.x的新功能•能够使用下列任何一种共享磁盘阵列(FibreChannel,SCSI,或SSA)•使用的磁盘是一个enhancedconcurrentvolumegroup的一部分,唯一的要求是这个VG必须在两个节点都有定义OnlineonHomeNodeOnlyABABSystemAfailsSystemBfailsSystemBtakesoverresourcegroupNoactivitiesSystemAreturnstoclusterSystemBreturnstoclusterAownsresourcegroupBisbackupforAABABAownsresourcegroupBisbackupforASystemBreleasesresourcegroup(Simplestandbyoperation)CascadingFallovertoNextPriorityNodeFallbacktoaHigherPriorityNodePowerHA资源组(OnlineonHomeNodeOnly)PowerHA资源组(OnlineonHomeNodeOnly)Bownsresourcegroup:ABABSystemAfailsSystemBfailsSystemBtakesoverresourcegroupSystemAreturnstoclusterSystemBreturnstoclusterABABAownsresourcegroup:BisbackupforASystemAtakesove