The embodiments discussed herein are directed to a complete dual system in which a standby node is switched over to a new operation node when a trouble occurs in an operation node, and to a system control method therefor.
Typically, organizations such as a business enterprise employ a complete dual system that does not have a common part such as a storage to maintain absolutely stable operation of a database (see, for example, Japanese Laid-open Patent Publication No. 2001-318801). In such a complete dual system, an operation node and a standby node do not share a common part such as a storage. Therefore, even if a trouble occurs in any device in the operation node, the operation node can be switched over to a standby node, thus, the system can be reconstructed.
In the complete dual system, however, the operation node and the standby node do not share a device such as a storage. Therefore, databases that are included in the operation node and the standby node are held therein so that the databases are consistent with each node.
The problem with the conventional complete dual system is that a downtime of an on-line operation when the system is reconstructed may take long.
That is, when the complete dual system is reconstructed by integrating thereinto, as a new standby node, an old operating node that is temporarily separated from the system due to occurrence of a trouble, the database in the new standby node and the database in the new operation node may not be consistent to each other. Therefore, in advance, all the data stored in a disk of the new operation node is copied to a disk of the old operation node that is integrated into the system as the new standby node. As a result, it is problematic in that a downtime of an on-line operation may take long in proportion to the size of the data thus copied.
When the system is thus reconstructed, a save area into which all the data stored in the new operation node is copied may be required to be provided in the disk of the old operation node that is integrated into the system as the standby node, and transferring cost is also required to be considered.
According to an aspect of the invention, a complete dual system includes an operation node that executes an on-line operation in response to a request from a user; a standby node that recovers the operation node when a trouble occurs in the operation node so that the on-line operation is restarted after the standby node is switched over to a new operation node; a modification history storage unit in which history of modifications made to a database included in the old operation node before the on-line operation is restarted is stored; a modification history correcting information storage unit in which modification history correcting information that is used to correct the history of the modifications stored in the modification history storage unit to be equivalent to a state when the on-line operation is restarted is stored; a modification history correcting unit that corrects the history of the modifications stored in the modification history storage unit to be equivalent to the state when the on-line operation is restarted by using the modification history correcting information stored in the modification history correcting information storage unit; and a database recovering unit that recovers the database included in the old operation node to be equivalent to the state when the on-line operation is restarted, based on the history of the modifications corrected by the modification history correcting unit.
The object and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, as claimed.
Preferred embodiments of the present invention will be explained with reference to accompanying drawings. A complete dual system according to the present invention is first described as a first embodiment of the present invention, and then, another embodiment thereof is described.
An overview and features of a complete dual system according to the first embodiment are described. Then, the configuration of each node that constitutes the complete dual system and processes performed thereby are described, followed by an effect of the first embodiment.
Overview and Features of Complete Dual System
First, an overview and features of the complete dual system according to the first embodiment are described with reference to
The complete dual system according to the first embodiment includes an operation node that executes an on-line operation in response to a request from a user and a standby node that recovers the operation node. When a trouble occurs in the operation node, the standby node is switched over to a new operation node, and then, the on-line operation is restarted. A main feature of the complete dual system according to the present invention is that a downtime of an on-line operation can be reduced to be zero when the complete dual system is reconstructed by integrating thereinto, as a new standby node, an old operation node that is temporarily separated from the system due to occurrence of a trouble.
Processes performed by the complete dual system according to the first embodiment in normal operation are described. As depicted in
The AP server 10 includes an operation application 11 that can perform an on-line operation and a connecting device 12. Upon receiving an operation performed by a user, the AP server 10 notifies the operation node 20 of a request related to an on-line operation according to the operation (for example, a request to perform a transaction that is a unit of a series of processes) via the connecting device 12.
The operation node 20 includes a database (DB) server 21 and a storage 22. The DB server 21 includes a database management system (DBMS) 21a that manages and controls access and the like to the storage 22 and a duplication control device 21b that makes the databases stored in the nodes (the operation node 20 and the standby node 30) consistent to each other (guarantee the equivalency).
The storage 22 includes a DB 22a, a recovery log storage unit 22b, and a difference log storage unit 22c. In the DB 22a, processing data related to on-line operations are stored. In the recovery log storage unit 22b, history of processes related to on-line operations in response to requests from a user (for example, information such as instructions from a user and modifications committed to the database, for each transaction. Hereinafter, “recovery log”) is stored in the form of a file. In the difference log storage unit 22c, logs that are used to update the DB 22a with the updates made to a DB 32a after the on-line operation is restarted by using the standby node 30 due to occurrence of a trouble in the operation node 20 (hereinafter, “difference log”) are stored in the form of files.
Similarly to the difference log storage unit 22c, generally, a difference log storage unit 32c included in a storage 32 is used to update the DB 32a with the updates made to the DB 22a. The difference log storage unit 32c is also used to correct the recovery logs stored in the recovery log storage unit 22b when the operation node 20 in which a trouble has occurred is integrated into the complete dual system as a new standby node. Each difference log includes information that guarantees the consistency (equivalency) of the databases that are stored in the nodes and information that is used to recover the database stored in the storage in which the difference log is stored.
The standby node 30 has a similar configuration to the operation node 20, and includes a DB server 31 and the storage 32. The DB server 31 has a similar configuration to the DB server 21, and includes a DBMS 31a and a duplication control device 31b. The storage 32 has a similar configuration to the storage 22 and includes the DB 32a, a recovery log storage unit 32b, and a difference log storage unit 32c.
In the configuration above, in normal operation, the DB server 21 in the operation node 20 executes a process related to an on-line operation in response to a request from a user, notified by the AP server 10, obtains a log related to the process, and stores the log in the recovery log storage unit 22b as a recovery log (see (1) in
Operation condition of the operation node when a trouble occurs therein is described below. As depicted in
As depicted in
The complete dual system according to the first embodiment thus performs a process in normal operation and in operation in which a trouble occurs therein. A main feature of the complete dual system is a process when the complete dual system is reconstructed by integrating the old operation node 20′ as a new standby node, as described below.
As depicted in
The correction thus performed is described below in detail. The duplication control device 21b′ and the DBMS 21a′ compare the final difference log serial number with the final recovery log serial number, as a result, if the final difference log serial number is larger than the final recovery log serial number, the duplication control device 21b′ and the DBMS 21a′ correct the content of the recovery log file by complementing the recovery log file with the contents of the logs that are not stored in the recovery log file from the difference log files. On the other hand, if the final recovery log serial number is larger than the final difference log serial number as a result of comparing the final difference log serial number with the final recovery log serial number, the logs that are newer than the final difference log serial number are nullified in the recovery logs stored in the recovery log file (the recovery logs are deleted from the recovery log file). If the final difference log serial number and the final recovery log serial number match with each other, correction is not performed.
The duplication control device 21b′ and the DBMS 21a′ correct the content of the recovery log file, and then, the DBMS 21a′ included in the old operation node 20′ updates a DB 22a′ based on the corrected recovery logs stored in the recovery log storage unit 22b′, as depicted in
The complete dual system according to the first embodiment integrates the old operation node 20′ as a new standby node, and reconstructs the system. As depicted in
Thus, in the complete dual system according to the first embodiment, when the system is reconstructed by integrating into the system, as a new standby node, an old operation node that is temporarily separated from the system due to occurrence of a trouble, a downtime of an on-line operation can be reduced to be zero.
Configuration of Nodes
Configuration of each node that constitutes the complete dual system according to the first embodiment is described below with reference to
As depicted in
The storage stores therein data and computer programs that are related to an on-line operation. Components of the storage that are closely related to the present invention are, for example, a DB in which processing data related to an on-line operation, a recovery log storage unit in which history of processes related to an on-line operation in response to a request from a user (hereinafter, “recovery log”) is stored in the form of a file, a difference log storage unit in which a log that is used to correct the recovery logs stored in the recovery log storage unit (hereinafter, “difference log”) in the form of a file.
The DB server has an internal memory in which programs such as a predetermined control program, a computer program in which various processing procedures and the like are prescribed, and required data are stored therein, and executes various processes by using such programs and data. The DB server has, as components closely related to the present invention, a DBMS that manages and controls access and the like to the storage and a duplication control device that is used to make the databases stored in the nodes (the operation node and the standby node) consistent to each other (guarantee the equivalency).
The duplication control device has, as the components closely related to the present invention, a difference log reading unit, a recovery log reading unit, a recovery log correcting unit, and a difference log updating unit. Below, a correcting process of recovery logs required for integrating a old operation node into the system as a new standby node is mainly described.
The difference log reading unit included in the old operation node sequentially reads the difference log files, one by one, stored in the difference log storage unit included in the new operation node, up to the final difference log file. The difference log reading unit sets the difference log serial number assigned to the final difference log file to be the final difference log serial number, and notifies the recovery log correcting unit included in the old operation node of the final difference log serial number. The difference log reading unit included in the old operation node receives the final recovery log serial number from the recovery log reading unit included in the old operation node, sequentially reads the difference log files, one by one, having a serial number larger than the final recovery log serial number, up to the file difference log file.
The recovery log reading unit included in the old operation node sequentially reads the recovery log file, one by one, that are stored in the recovery log storage unit included in the old operation node up to the final recovery log file. The recovery log reading unit sets the recovery log serial number assigned to the final recovery log file to be the final recovery log serial number, and notifies the difference log reading unit and the recovery log correcting unit included in the old operation node of the final recovery log serial number.
The recovery log correcting unit and the DBMS that are included in the old operation node correct the recovery logs stored the recovery log storage unit included in the old operation node, by using the final difference log serial number received from the difference log reading unit included in the old operation node and the final recovery log serial number received from the recovery log reading unit included in the old operation node.
More specifically, the recovery log correcting unit and the DBMS included in the old operation node receive the final difference log serial number and the final recovery log serial number respectively, and then, compare the final difference log serial number and the final recovery log serial number with each other to verify whether the final difference log serial number is larger than the final recovery log serial number.
If the final difference log serial number is larger than the final recovery log serial number as a result of the verification, the recovery log correcting unit and the DBMS included in the old operation node sequentially read the difference log files, one by one, having a serial number larger than the final recovery log serial number. Then, the recovery log correcting unit and the DBMS that are included in the old operation node complement the recovery log file with the different log files thus read, thereby correcting the content of the recovery log file (see
The recovery log correcting unit and the DBMS included in the old operation node determine whether the difference log serial number of the difference log file presently read is equal to the final difference log serial number. If the difference log serial number is equal to the final difference log serial number as a result of the determination, the recovery log correcting unit and the DBMS included in the old operation node terminate the recovery log file correcting process. On the other hand, if the difference log serial number of the difference log presently read is not equal to the final difference log serial number, the recovery log correcting unit and the DBMS included in the old operation node read a different log file next in line.
The recovery log correcting unit and the DBMS included in the old operation node compare the final difference log serial number and the final recovery log serial number with each other, verify whether the final recovery log serial number is larger than the final difference log serial number. If the final recovery log serial number is larger than the final difference log serial number as a result of the verification, the recovery log correcting unit and the DBMS included in the old operation node nullify (delete from the recovery log file, see
After the contents of the recovery log files are corrected by the recovery log correcting unit and the DBMS included in the old operation node, the DBMS included in the old operation node updates the DB included in the old operation node according to the recovery logs thus corrected stored in the recovery log storage unit included in the old operation node (see
The difference log updating unit and the DBMS included in the old operation node receive an updating request from the DB server, and then, updates the recovery logs stored in the recovery log storage unit with the contents of the difference logs stored in the difference log storage unit (that is, the processes such as new DB modifications due to restarting the on-line operation) before the system is reconstructed after the on-line operation is restarted by using the new operation node. The DBMS included in the old operation node starts updating the DB included in the old operation node according to the recovery logs thus updated with the contents of the difference logs. Thus, the DB included in the old operation node is updated with processes such as DB modification in the new operation node due to restarting of the on-line operation. The databases included in the new operation node and the new standby node are made to be consistent to each other (guarantee the equivalency), and then, the system is reconstructed.
Thus, reconstruction of the system is completed by integrating into the system, as a new standby node, the old operation node including a DB that is made to be consistent to a DB included in the new operation node.
Processes performed by the difference log reading unit, the recovery log reading unit, the recovery log correcting unit, and the recovery log updating unit are performed asynchronously so that the processes can be performed efficiently.
Processes Performed by Nodes
Processes performed by the nodes according to the first embodiment are described below with reference to
Log File Reading Process
The log file reading process according to the first embodiment is described blow with reference to
As depicted in
Recovery Log File Reading Process
The recovery log file reading process according to the first embodiment is described below with reference to
As depicted in
Recovery Log File Correcting Process
The recovery log file correcting process according to the first embodiment is described below with reference to
The recovery log correcting unit and the DBMS included in the old operation node correct the recovery log stored in the recovery log storage unit included in the old operation node by using the final difference log serial number received from the difference log reading unit included in the old operation node and the final recovery log serial number received from the recovery log reading unit included in the old operation node.
As depicted in
If the final difference log serial number is larger than the final recovery log serial number as a result of the verification (YES at Step S1203), the recovery log correcting unit and the DBMS included in the old operation node sequentially read the difference log files, one by one, having a serial number larger than the final recovery log serial number (Step S1204). Then, the recovery log correcting unit and the DBMS included in the old operation node complement the recovery log file with the difference log files presently ready (Step S1205), and thus correct the contents of the recovery log file (see
The recovery log correcting unit and the DBMS included in the old operation node determine whether the difference log serial number of the difference log file presently read is the final difference log serial number (Step S1206). If the difference log serial number thereof is the final difference log serial number as the result of the determination (YES at Step S1206), the recovery log correcting unit and the DBMS included in the old operation node terminate the recovery log file correcting process. On the other hand, if the difference log serial number of the difference log file presently read is not the final difference log serial number (No at Step S1206), the recovery log correcting unit and the DBMS included in the old operation node read the a difference log file next in line.
Returning to the description of Step S1203, the recovery log correcting unit and the DBMS included in the old operation node compare the final difference log serial number and the final recovery log serial number with each other, and if the final difference log serial number is not larger than the final recovery log serial number (No at Step S1203), the recovery log correcting unit and the DBMS verify whether the final recovery log serial number is larger than the final difference log serial number (Step S1207). If the final recovery log serial number is larger than the final difference log serial number as a result of the verification (Yes at Step S1207), the recovery log correcting unit and the DBMS included in the old operation node nullify the recovery logs stored in the recovery log file newer than the final difference log serial number (delete from the recovery long file, see
System Reconstructing Process
The system reconstructing process according to the first embodiment is described below with reference to
As depicted in
The difference log updating unit and the DBMS included in the old operation node receive an updating request from the DB server, and updates the recovery logs stored in the recovery log storage unit with the contents of the difference logs stored in the difference log storage unit (that is, the processes such as new DB modifications due to restarting the on-line operation) before the system is reconstructed after the on-line operation is restarted by using the new operation node. The DBMS included in the old operation node starts updating the DB included in the old operation node according to the recovery logs thus updated with the contents of the difference logs. Thus, the DB included in the old operation node is updated with processes such as DB modification in the new operation node due to restarting the on-line operation (Step S1302). The databases included in the new operation node and the old operation node are made to be consistent to each other (guarantee the equivalency), and the system is reconstructed.
Thus, reconstruction of the system is completed by integrating into the system, as the new standby node, the old operation node including the DB that is made to be consistent to the DB included in the new operation node.
As described above, according to the first embodiment, the complete dual system stores therein a recovery log that is history of modification made to the database included in the old operation node before an on-line operation is restarted (for example, information related to the on-line operation in response to a request from a user, such as instructions from a user and committed modification made to the database, for each transaction is stored in the system); stores therein a difference log that is used to correct the stored recovery log so that the stored recovery log is equivalent to the recovery log at the timing of restarting the on-line operation; corrects the recovery log so that the recovery log is equivalent to the recovery log at the timing of restarting the on-line operation by using the difference log stored therein; and recovers the database included in the old operation node so that the database is equivalent to the database at the timing of restarting the on-line operation according to the corrected recovery log. Therefore, the database included in the old operation node can be made to be equivalent (that is, the data can be made to be consistent to each other) to the database included in the new operation node in an easy way so that the database is equivalent to the database at the timing of restarting the on-line operation by using the new operation node that takes over the on-line operation. The database can be made equivalent to the database at the timing of restarting the on-line operation in an easy way. As a result, when the system is reconstructed due to occurrence of a trouble in the operation node, a downtime of an on-line operation can be reduced to be zero.
According to the first embodiment, as a result of comparing the recovery log and the difference log that are stored in the storage, if the information stored in the recovery log is newer than the information stored in the difference log, the newer information is nullified, thereby correcting the recovery log. If the information stored in the difference log is newer than the recovery log, the newer information is complemented to the recovery log, thereby correcting the recovery log. Thus, the recovery log can be corrected in an easy way so that the recovery log is equivalent to the recovery log at the timing of restarting the on-line operation by referring to the difference log.
According to the first embodiment, when the system is reconstructed by integrating into the system, as a new standby node, the old operation node in which the database included is recovered to be equivalent to the database at the timing of restarting the on-line operation, the database included in the new standby node is updated with the modifications made to the database included in the new operation node before the system is reconstructed after the on-line operation is restarted. Therefore, without fail, the database included in the new operation node can be updated with the modifications made to the database included in the new operation node before the system is reconstructed after the on-line operation is restarted. As a result, the database can be assured to be redundant.
In the first embodiment, an example is described in which a difference log that is used to correct a recovery log is stored in the standby node. The present invention is, however, not limited thereto. A difference log may be stored in the operation node, transferred to the standby node, and then the difference log transferred to the standby node may be saved in the standby node.
In the first embodiment, when a committing process is performed in the operation node, writing of the recovery log or the difference log may be guaranteed, for example, by sending and receiving a confirmation notice that writing of the recovery log or the difference log is completed between the nodes or by referring to writing completion information. Difference transfer between the nodes may be performed in a synchronous mode or in an asynchronous mode.
The present invention may be implemented in various embodiments other than the first embodiment described above. Another embodiment of the present invention is described below.
(1) Apparatus Configuration and the Like
Respective configuration elements of the duplication control device depicted in
(2) System Control Programs
The various processes described above (for example, see
As depicted in
The system control programs having the functions similar to the duplication control device in the first embodiment, that is, a recovery log file reading program 44a, a difference log file reading program 44b, a recovery log file correcting program 44c, and a difference log file updating program 44d are stored in the ROM 44 in advance as depicted in
The CPU 45 reads the computer programs 44a, 44b, 44c, and 44d from the ROM 44, and executes the computer programs. Thus, the computer programs 44a, 44b, 44c, and 44d respectively function as a recovery log file reading process 45a, a difference log file reading process 45b, a recovery log file correcting process 45c, and a difference log file updating process 45d as depicted in
The HDD 42 includes a recovery log file data table 42a, a difference log file data table 42b, and a database data table 42c as depicted in
The computer programs 44a, 44b, 44c, and 44d are not necessarily required to be stored in the ROM 44 in advance. The computer programs may be stored, for example, in a “portable physical media” such as a flexible disk (FD), a CD-ROM, a digital versatile disk (DVD), a magnetic optical disk, and an integrated circuit (IC) card, in a “fixed physical media” such as an HDD provided inside or outside of the computer 40, or in “another computer (or a server)” connected to the computer 40 via a public line, the Internet, a local area network (LAN), a wide area network (WAN), and the like. The computer 40 may read the computer programs therefrom and execute the computer programs.
All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although the embodiments of the present inventions have been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the spirit and scope of the invention.
This application is a continuation of PCT international application Ser. No. PCT/JP2007/057853 filed on Apr. 9, 2007 which designates the United States, the entire contents of which are incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP2007/057853 | Apr 2007 | US |
Child | 12565207 | US |