 |
ป |
|
|
|
Planning for packages involves assembling information about
each group of highly available services. Some of this information
is used in creating the package configuration file, and some is
used for editing the package control script. | | | |  | NOTE: LVM Volume groups that are to be activated by packages
must also be defined as cluster aware in the cluster configuration
file. See the previous section on "Cluster Configuration
Planning." CVM disk groups that are to be activated by
packages must be defined in the package configuration ASCII file,
described below. | | | | |
Logical Volume and File System Planning | |
You may need to use logical volumes in volume groups as part
of the infrastructure for package operations on a cluster. When
the package moves from one node to another, it must be able to access
data residing on the same disk as on the previous node. This is
accomplished by activating the volume group and mounting the file
system that resides on it. In MC/ServiceGuard, high availability applications, services,
and data are located in volume groups that are on a shared bus.
When a node fails, the volume groups containing the applications,
services, and data of the failed node are deactivated on the failed
node and activated on the adoptive node. In order to do this, you
have to configure the volume groups so that they can be transferred
from the failed node to the adoptive node. As part of planning, you need to decide the following: What volume groups are needed? How much disk space is required, and how should
this be allocated in logical volumes? What file systems need to be mounted for each package? Which nodes need to import which logical volume
configurations. If a package moves to an adoptive node, what effect
will its presence have on performance?
Create a list by package of volume groups, logical volumes,
and file systems. Indicate which nodes need to have access to common filesystems
at different times. It is recommended that you use customized logical volume names
that are different from the default logical volume names (lvol1,
lvol2, etc.). Choosing logical volume names that represent the high
availability applications that they are associated with (for example, lvoldatabase) will simplify cluster administration. To further document your package-related volume groups, logical volumes,
and file systems on each node, you can add commented lines to the /etc/fstab file. The following is an
example for a database application: # /dev/vg01/lvoldb1 /applic1 vxfs defaults 0 1 # These six entries are
# /dev/vg01/lvoldb2 /applic2 vxfs defaults 0 1 # for information purposes
# /dev/vg01/lvoldb3 raw_tables ignore ignore 0 0 # only. They record the
# /dev/vg01/lvoldb4 /general vxfs defaults 0 2 # logical volumes that
# /dev/vg01/lvoldb5 raw_free ignore ignore 0 0 # exist for MC/ServiceGuard's
# /dev/vg01/lvoldb6 raw_free ignore ignore 0 0 # HA package. Do not uncomment. |
Create an entry for each logical volume, indicating its use
for a file system or for a raw device. | | | |  | CAUTION: Do not use /etc/fstab to mount file systems that are used by MC/ServiceGuard
packages. | | | | |
Details about creating, exporting, and importing volume groups
in MC/ServiceGuard are given in the chapter on "Building
an HA Cluster Configuration." Parameters for Configuring EMS Resources | |
MC/ServiceGuard provides a set of parameters for configuring
EMS resources. These are RESOURCE_NAME, RESOURCE_POLLING_INTERVAL, RESOURCE_START, and RESOURCE_UP_VALUE. Enter these parameters to the package configuration
file for each resource the package will be dependent on. The DEFERRED_RESOURCE_NAME is added to the package control script for any
resource that has a RESOURCE_START setting of DEFERRED. The RESOURCE_START option is used to determine when ServiceGuard should
start up resource monitoring for EMS resources. The RESOURCE_START option can be set to either AUTOMATIC or DEFERRED. If AUTOMATIC is specified, ServiceGuard will start up resource
monitoring for these resources automatically when the ServiceGuard
cluster daemon starts up on the node. If resources are configured AUTOMATIC, you do not need to define DEFERRED_RESOURCE_NAME in the package control script. If DEFERRED is selected, ServiceGuard will not attempt to
start resource monitoring for these DEFERRED resources during node start up. However, these DEFERRED resources must be specified in the package control
script, setting the DEFERRED_RESOURCE_NAME parameter, so that the DEFERRED resources will be started up from the package
control script during the package run time. The following is an example of how to configure DEFERRED and AUTOMATIC resources. In the package configuration file,
specify resources as follows: RESOURCE_NAME /net/interfaces/lan/status/lan0
RESOURCE_POLLING_INTERVAL 60
RESOURCE_START DEFERRED
RESOURCE_UP_VALUE = ONLINE
RESOURCE_NAME /net/interfaces/lan/status/lan1
RESOURCE_POLLING_INTERVAL 60
RESOURCE_START DEFERRED
RESOURCE_UP_VALUE = ONLINE
RESOURCE_NAME /net/interfaces/lan/status/lan2
RESOURCE_POLLING_INTERVAL 60
RESOURCE_START AUTOMATIC
RESOURCE_UP_VALUE = ONLINE
|
In the package control script, specify only the deferred resources,
using the DEFERRED_RESOURCE_NAME parameter: DEFERRED_RESOURCE_NAME[0]="/net/interfaces/lan/status/lan0"
DEFERRED_RESOURCE_NAME[1]="/net/interfaces/lan/status/lan1"
|
Planning for Expansion | |
You can add packages to a running cluster. This process is
described in the chapter "Cluster and Package Administration." When
adding packages, be sure not to exceed the value of MAX_CONFIGURED_PACKAGES as defined in the cluster configuration file. When planning on increasing the number of packages, remember
that the use of packages requires 6MB of lockable memory plus about
80KB for each package on each cluster node, and each configured
EMS resource dependency requires about 300KB of lockable memory
on each cluster node. Choosing Switching and Failover Behavior | |
Switching IP addresses from a failed LAN card to a standby
LAN card on the same physical subnet may take place if Automatic
Switching is set to Enabled in SAM (LOCAL_LAN_FAILOVER_ALLOWED set to YES in the ASCII package configuration file). Automatic
Switching Enabled is the default. To determine failover behavior, you can define a package failover
policy that governs which nodes will automatically start up a package
that is not running. In addition, you can define a failback policy
that determines whether a package will be automatically returned
to its primary node when that is possible. Table 3-3 in the previous chapter describes different types
of failover behavior and the settings in SAM or in the ASCII package
configuration file that determine each behavior. Package Configuration File Parameters | |
Prior to generation of the package configuration file, assemble
the following package configuration data. The parameter names given
below are the names that appear in SAM. The names coded in the ASCII cluster
configuration file appear at the end of each entry. The following parameters
must be identified and entered on the worksheet for each package: - Package Name
The name of the package. The package name must be unique in
the cluster. It is used to start, stop, modify, and view the package.
In the ASCII package configuration file, this parameter is PACKAGE_NAME. The package name can be from 1 to 40 characters. It must not
contain any of the following illegal characters: space, slash (/),
backslash(\), and asterisk (*). All other characters are
legal. - Package Type
The type of the package. This parameter indicates whether
the package will run on one node at a time or on multiple nodes.
In the ASCII configuration file, this parameter is PACKAGE_TYPE. Valid types are FAILOVER and SYSTEM_MULTI_NODE. Default is FAILOVER. The SYSTEM_MULTI_NODE type is used only to define the CVM-VXVM-PKG package
that supports shared CVM data storage among all cluster nodes. You
cannot create a user-defined package with a type of SYSTEM_MULTI_NODE. - Package Failover Policy
The policy used by the package manager to select the node
on which the package should be automatically started. In the ASCII
package configuration file, this parameter is known as FAILOVER_POLICY. Default is CONFIGURED_NODE, which means the next available node in the list
of node names for the package. (This is the same behavior as in
previous versions of MC/ServiceGuard.) The order of node name entries
dictates the order of preference when selecting the node. The alternate
policy is MIN_PACKAGE_NODE, which means the node from the list that is running
the fewest other packages at the time this package is to be started. - Package Failback Policy
The policy used to determine what action the package manager
should take if the package is not running on its primary node and
its primary node is capable of running the package. In the ASCII
package configuration file, this parameter is known as FAILBACK_POLICY. Default is MANUAL, which means no attempt will be made to move the
package back to its primary node when it is running on an alternate
node. (This is the same behavior as in previous versions of MC/ServiceGuard.)
The alternate policy is AUTOMATIC, which means that the package will be halted and restarted
on its primary node as soon as the primary node is capable of running
the package and, if MIN_PACKAGE_NODE has been selected as the Package Failover Policy,
the primary node is now running fewer packages than the current
node. - Node Name
The names of primary and alternate nodes for the package.
In the ASCII configuration file, this parameter is NODE_NAME. Enter a node name for each node on which the
package can run. The order in which you specify the node names is important.
First list the primary node name, then the first adoptive node name,
then the second adoptive node name, followed, in order, by additional
node names. in a failover, control of the package will be transferred
to the next adoptive node name listed in the package configuration
file. The node name can contain up to 40 characters. - Automatic Switching (Auto Run)
In SAM, this parameter is called Automatic Switching; in the
ASCII package configuration file, this parameter is AUTO_RUN, formerly known in the ASCII file as PKG_SWITCHING_ENABLED. This parameter determines how a package may start
up. If Automatic Switching is enabled (AUTO_RUN set to YES), the package will start up automatically on an
eligible node if one is available, and will be able to fail over
automatically to another node. If Automatic Switching is set to
Disabled (AUTO_RUN set to NO), the package will not start up automatically
when the cluster starts running, and will not be able to fail over
automatically to another node. Default is Enabled in SAM, (AUTO_RUN YES in the ASCII file), which allows a package to
start up normally on an available node. Enter Enabled or Disabled
in SAM (AUTO_RUN YES or NO in the ASCII file). - Local Switching
Enter Enabled or Disabled. In the event of a failure, this
permits MC/ServiceGuard to switch LANs locally, that is, transfer
the package IP address to a standby LAN card. The default is Enabled.
In the ASCII package configuration file, this parameter is called LOCAL_LAN_FAILOVER_ALLOWED, and possible values are YES and NO. Default is Enabled in SAM (YES in the ASCII file). - Node Fail Fast
Enter Enabled or Disabled. In the event of the failure of
the control script itself or the failure of a subnet or the report
of an EMS monitor event showing that a resource is down, if this
parameter is set to Enabled, MC/ServiceGuard will issue a TOC on
the node where the control script fails. (An attempt is first made
to reboot the node prior to the TOC.) In the ASCII package configuration
file, this parameter is called NODE_FAIL_FAST_ENABLED, and possible values are YES and NO. The default is Disabled in SAM (NO in the ASCII file). If NODE_FAIL_FAST_ENABLED is set to YES, the node where the package is running will be
halted if one of the following failures occurs: A package subnet fails and no backup network is available The halt script does not exist ServiceGuard is unable to execute the halt script The halt script times out
However, if the package halt script fails with "exit 1", ServiceGuard does not halt the node,
but sets NO_RESTART for the package, which causes package switching
(AUTO_RUN) to be disabled, thereby preventing the package from
starting on any adoptive node. - Control Script Pathname
Enter the full pathname of the package control script. (The
script must reside in a directory that contains the string "cmcluster.") Ensure that this script is executable.
In the ASCII package configuration file, this parameter maps to
the two separate parameters named RUN_SCRIPT and HALT_SCRIPT. It is recommended that you use the same script as both the
run and halt script. This script will contain both your package
run instructions and your package halt instructions. If you wish
to separate the package run instructions and package halt instructions
into separate scripts, the package configuration file allows allows
you to do this by naming two separate scripts. However, under most
conditions, it is simpler to use the name of the single control
script as the name of the RUN_SCRIPT and the HALT_SCRIPT in the ASCII file. When the package starts, its
run script is executed and passed the parameter 'start';
similarly, at package halt time, the halt script is executed and
passed the parameter 'stop'. If you choose to write separate package run and halt scripts,
be sure to include identical configuration information (such as
node names, IP addresses, etc.) in both scripts. - Run Script Timeout and Halt Script Timeout
If the script has not completed by the specified timeout value,
MC/ServiceGuard will terminate the script. In the ASCII configuration
file, these parameters are RUN_SCRIPT_TIMEOUT and HALT_SCRIPT_TIMEOUT. Enter a value in seconds. The default is 0, or no timeout. The minimum is 10 seconds,
but the minimum HALT_SCRIPT_TIMEOUT value must be greater than the sum of all the Service Halt Timeout values. The absolute maximum value is restricted
only by the HP-UX parameter ULONG_MAX, for an absolute limit of 4,294 seconds. If the timeout is exceeded: Control of the package will not be
transferred. The run or halt instructions will not be run. Global switching will be disabled. The current node will be disabled from running the package. The control script will exit with status 1.
If the halt script timeout occurs, you may need to perform
manual cleanup. See "Package Control Script Hangs or Failures" in
Chapter 8. | | | | | NOTE: VxVM disk groups are imported at package run
time and exported at package halt time. If you are using a large
number of VxVM disks in your package, the timeout must be high enough
to allow all of them to finish the import or export. | | | | |
- Storage Group
This parameter is used for CVM disk groups. Enter the names
of all the CVM disk groups the package will use. In the ASCII package configuration file, this parameter is
called STORAGE_GROUP. | | | | | NOTE: You should not enter the names
of LVM volume groups or VxVM disk groups in the package ASCII configuration
file. | | | | |
- Service Name
Enter a unique name for each service. In the ASCII package
configuration file, this parameter is called SERVICE_NAME. Define one SERVICE_NAME entry for each service.You can configure a maximum
of 30 services per package, or a maximum of 900 services per cluster.
The service name must not contain any of the following illegal characters:
space, slash (/), backslash (\), and asterisk (*). All
other characters are legal. The service name can contain up to 40
characters. - Service Fail Fast
Enter Enabled or Disabled for each service. This parameter
indicates whether or not the failure of a service results in the
failure of a node. If the parameter is set to Enabled, in the event
of a service failure, MC/ServiceGuard will halt the node on which
the service is running with a TOC. (An attempt is first made to
reboot the node prior to the TOC. )The default is Disabled. In the ASCII package configuration file, this parameter is SERVICE_FAIL_FAST_ENABLED, and possible values are YES and NO. The default is NO. Define one SERVICE_FAIL_FAST_ENABLED entry for each service. - Service Halt Timeout
In the event of a service halt, MC/ServiceGuard will first
send out a SIGTERM signal to terminate the service. If the process
is not terminated, MC/ServiceGuard will wait for the specified timeout before
sending out the SIGKILL signal to force process termination. In
the ASCII package configuration file, this parameter is SERVICE_HALT_TIMEOUT. Define one SERVICE_HALT_TIMEOUT entry for each service. Default is 300 seconds (5 minutes). The minimum is 1 second,
and the maximum value is restricted only by the HP-UX parameter ULONG_MAX, for an absolute limit of 4,294 seconds. Define one SERVICE_HALT_TIMEOUT entry for each service. - Subnet
Enter the IP subnets that are to be monitored for the package. In the ASCII package configuration file, this parameter is
called SUBNET. - Resource Name
The name of a resource that is to be monitored by MC/ServiceGuard
as a package dependency. In the ASCII package configuration file,
this parameter is called RESOURCE_NAME. A resource name is the name of an important attribute of a
particular system resource. The resource name includes the entire
hierarchy of resource class and subclass within which the resource
exists on a system. Obtain the resource name from the list provided
in SAM, or obtain it from the documentation supplied with the resource
monitor. A maximum of 60 resources may be defined per cluster. Note
also the limit on Resource Up Values described below. Each configured
resource requires about 300 KB of lockable memory on all cluster
nodes. Maximum length of the resource name string is 1024 characters. - Resource Polling Interval
The frequency of monitoring a configured package resource.
In the ASCII package configuration file, this parameter is called RESOURCE_POLLING_INTERVAL. Default is 60 seconds. The minimum value is 1. The maximum
value has no functional limit. The Resource Polling Interval appears on the list provided
in SAM, or you can obtain it from the documentation supplied with
the resource monitor. - Resource Start
An attribute of a resource that determines whether it should
start up before or after the package starts. In the ASCII package
configuration file, this parameter is called RESOURCE_START. Default setting is AUTOMATIC, which means that the resource starts at the time
the node joins the cluster. The other possible setting is DEFERRED, which means that the package services will start
up before the resource starts. If a resource
is configured with DEFERRED startup, the name of the resource has to be added
to the control script's DEFERRED_RESOURCE_NAME parameter. - Resource Up Value
The criteria for judging whether an additional package resource
has failed or not. In the ASCII package configuration file, this
parameter is called RESOURCE_UP_VALUE. The Resource Up Value appears on the list provided
in SAM, or you can obtain it from the documentation supplied with
the resource monitor. You can configure a total of 15 Resource Up Values per package.
For example, if there is only one resource in the package, then
a maximum of 15 Resource Up Values can be defined. If there are
two Resource Names defined and one of them has 10 Resource Up Values, then
the other Resource Name can have only 5 Resource Up Values. The maximum length of the Resource Up Value string is 1024
characters.
Package Configuration Worksheet Assemble your package configuration data in a separate worksheet
for each package, as shown in the following example. Package Control Script Variables | |
The control script that accompanies each package must also
be edited to assign values to a set of variables. The following
variables can be set: - PATH
Specify the path to be used by the script. - VGCHANGE
Specifies the method of activation for LVM volume groups.
Use the default (VGCHANGE="vgchange -a e") if you want volume groups activated
in exclusive mode. This assumes the volume groups have been initialized with
vgchange -c y at the time of creation. Use VGCHANGE="vgchange -a e -q n" if your disks are mirrored on separate
physical paths. Use VGCHANGE="vgchange -a e -q n -s" if your disks are mirrored on separate
physical paths and you want the mirror resynchronization to occur
in parallel with the package startup. Use VGCHANGE="vgchange -a y" if you wish to use non-exclusive activation
mode. Single node cluster configurations must use non-exclusive
activation. - CVM_ACTIVATION_CMD
Specifies the command for activation of VERITAS CVM disk groups. Use the default CVM_ACTIVATION_CMD="vxdg -g \$DiskGroup set activation=exclusivewrite" if you want disk groups activated in
exclusive write mode. Use CVM_ACTIVATION_CMD="vxdg -g \$DiskGroup set activation=readonly" if you want disk groups activated in
read-only mode. Use CVM_ACTIVATION_CMD="vxdg -g \$DiskGroup set activation=sharedread" if you want disk groups activated in
shared read mode. Use CVM_ACTIVATION_CMD="vxdg -g \$DiskGroup set activation=sharedwrite" if you want disk groups activated in
shared write mode. | | | | | NOTE: VxVM disk groups do not allow you to select specific
activation commands. The VxVM disk group activation always uses
the same command. | | | | |
- VXVOL
Controls the method of mirror recovery for mirrored VxVM volumes. Use the default VXVOL="vxvol -g \$DiskGroup startall" if you want the package control script
to wait until recovery has been completed. Use VXVOL="vxvol -g \$DiskGroup -o bg startall" if you want the mirror resynchronization
to occur in parallel with the package startup. - Volume Groups
This array parameter contains a list of the LVM volume groups
that will be activated by the package. Enter each VG on a separate
line. - CVM Disk Groups
This array parameter contains a list of the VERITAS CVM disk
groups that will be used by the package. Enter each disk group on
a separate line. - VxVM Disk Groups
This array parameter contains a list of the VERITAS VxVM disk
groups that will be activated by the package. Enter each disk group
on a separate line. - Logical Volumes, File Systems and Mount Options
These array parameters, entered together as triplets into
array variables. Each triplet specifies a filesystem, a logical
volume, and a mount option string for a file system used by the
package. In the package control script file, these variables are
arrays, as follows: LV, FS and FS_MOUNT_OPT. On starting the package, the script may activate one or more
storage groups, and it may mount logical volumes onto file systems.
At halt time, the script unmounts the file systems and deactivates
each storage group. All storage groups must be accessible on each
target node (CVM disk groups must be accessible on all nodes in the
cluster). For each file system (FS), you must identify a logical volume (LV). A logical volume can be built on an LVM volume group, a VERITAS
CVM disk group, or a VERITAS VxVM disk group. LVs can be entered
in any order, regardless of the type of storage group that is used. - Filesystem Unmount Count
The number of unmount attempts allowed for each filesystem
during package shutdown. Default is 1. - Filesystem Mount Retry Count
The number of mount retrys for each filesystem. The default
is 0. During startup, if a mount point is busy and FS_MOUNT_RETRY_COUNT is 0, package startup will fail and the script
will exit with 1. If a mount point is busy and FS_MOUNT_RETRY_COUNT is greater than 0, the script will attempt to
kill the user responsible for the busy mount point for the number
of times specified in FS_MOUNT_RETRY_COUNT. If the mount still fails after this number of
attempts, the script will exit with 1. - CONCURRENT_VGCHANGE_OPERATIONS
Specifies the number of concurrent volume group activations
or deactivations to allow during package startup or shutdown. The
default is 1. Setting this variable to a higher value may improve
performance if you are using a large number of volume groups. If
a value less than 1 is specified, the script defaults the variable
to 1 and writes a warning message in the package control script
log file. - CONCURRENT_DISKGROUP_OPERATIONS
Specifies the number of concurrent VxVM disk group imports
or deports to allow during package startup or shutdown. The default
is 1. Setting this variable to a higher value may improve performance
if you are using a large number of disk groups. If a value less
than 1 is specified, the script defaults the variable to 1 and writes
a warning message in the package control script log file. - CONCURRENT_FSCK_OPERATIONS
Specifies the number of concurrent fsck commands to allow
during package startup. The default is 1. Setting this variable
to a higher value may improve performance when checking a large
number of file systems. If a value less than 1 is specified, the
script defaults the variable to 1 and writes a warning message in
the package control script log file. - CONCURRENT_MOUNT_OPERATIONS
Specifies the number of mounts and umounts to allow during
package startup or shutdown. The default is 1. Setting this variable
to a higher value may improve performance while mounting or unmounting
a large number of file systems. If a value less than 1 is specified,
the script defaults the variable to 1 and writes a warning message
in the package control script log file. - IP Addresses and SUBNETs
These are the IP addresses by which a package is mapped to
a LAN card. Indicate the IP addresses and subnets for each IP address
you want to add to an interface card. In the package control script file, these variables are entered
in pairs. Example IP[0]=192.10.25.12 and SUBNET[0]=192.10.25.0. (In this case the subnet mask is 255.255.255.0.) - Service Name
Enter a unique name for each specific service within the package.
All services are monitored by MC/ServiceGuard. You may specify up
to 30 services per package. Each name must be unique within the cluster.
The service name is the name used by cmrunserv and cmhaltserv inside the package control script. It must be
the same as the name specified for the service in the package ASCII
configuration file. In the package control script file, enter values into an array
known as SERVICE_NAME. Enter one service name for each service. The SERVICE_NAME, SERVICE_CMD, and SERVICE_RESTART parameters are set in the package control script
in groups of three. The service name must not contain any of the following illegal
characters: space, slash (/), backslash (\), and asterisk
(*). All other characters are legal. The service name can contain
up to 40 characters. - Service Command
For each named service, enter a Service Command. This command
will be executed through the control script by means of the cmrunserv command. In the package control script file, enter values into an array
known as SERVICE_CMD. Enter one service command string for each service.
The SERVICE_NAME, SERVICE_CMD, and SERVICE_RESTART parameters are set in the package control script
in groups of three. - Service Restart Parameter
Enter a number of restarts. One valid form of the parameter
is "-r n" where n is a number of retries. A value
of "-r 0" indicates no retries. A value of "-R" indicates
an infinite number of retries. The default is 0, or no restarts. In the package control script file, enter values into an array
known as SERVICE_RESTART. Enter one restart value for each service. The SERVICE_NAME, SERVICE_CMD, and SERVICE_RESTART parameters are set in the package control script
in groups of three. - Deferred Resource Names
For each deferred resource specified in the package configuration
ASCII file, you must enter the resource name in this array in the
control script. The name should be spelled exactly as it is spelled
in the RESOURCE_NAME parameter in the package ASCII configuration file. In the package control script file, enter the value into the
array known as DEFERRED_RESOURCE_NAME. This name must match the resource name listed
with the RESOURCE_START parameter in the package ASCII configuration file. - DTC Manager Data
Enter a DTC Name for each DTC. For information on using a
DTC with MC/ServiceGuard, see the chapter entitled "Configuring
DTC Manager for Operation with MC/ServiceGuard" in the
manual Using the HP DTC Manager/UX.
The package control
script will clean up the environment and undo the operations in
the event of an error. Refer to the section on "How Package Control
Scripts Work" in Chapter 3 for more information. Assemble your package control script data in a separate worksheet
for each package, as in the following example. |
Printable version
