7 Switchover and Failover in DG PDB Environments
Learn how to use Oracle Data Guard broker to manage switchover and failover operations in a DG PDB environment.
This chapter contains the following topics:
Overview of Switchover and Failover in a DG PDB Environment
Oracle Data Guard broker enables you to reverse the roles of the source PDB and its designated target PDB using either a switchover or failover operation.
-
PDB switchover
A planned role reversal between a source PDB and its designated target PDB. The broker ensures that the target PDB has applied all the redo generated by the source PDB before switching roles.
As part of managing a switchover, the broker automatically sets up redo transport from the new source PDB to its designated target PDB and starts redo apply services on the new target PDB.
-
PDB failover
A role transition in which a designated target PDB is transitioned to the source PDB role after the source PDB has failed or has become unreachable. It is recommended that you perform a failover only when the source PDB is unavailable.
Performing PDB Switchover
A PDB switchover is a role reversal between the source PDB and its designated target PDB. Use DGMGRL commands to perform a PDB switchover.
How Broker Performs Switchover in a DG PDB Environment
The broker performs the following actions when you start a switchover:
-
Verifies that the specified target database is reachable, the target PDB exists, and the target PDB is a designated DG PDB.
-
Validates that the source PDB and target PDB are in the correct states. The source PDB must be open in read/write mode and the target PDB must be in recovery mode.
-
Confirms that the target PDB is recovering the current redo stream of the source PDB.
-
Closes the source PDB on all instances.
-
Converts the source PDB to the standby role. After the switchover completes, the source PDB will become the target PDB.
-
Converts the target PDB to the primary role, after the target PDB has recovered through the all the redo generated by the source PDB and recovery is canceled.
-
Opens the target PDB as the new source PDB.
-
Starts recovery after redo from the target PDB is registered at the original source PDB.
Starting a Switchover to a PDB
When a switchover is started, the source PDB and target PDB must have as small a redo lag as possible.
To start a PDB switchover:
-
Run the
SWITCHOVER PLUGGABLE DATABASEcommand. Specify the name of the PDB that must now perform the primary role.
The broker controls the rest of the PDB switchover.
Example 7-1 Performing PDB Switchover
This example performs a switchover of the source PDB
sales. After the operation completes, the target PDB
dgpdb_sales, in the target database newyork,
transitions to the primary role and is the new source PDB.
DGMGRL> SWITCHOVER TO PLUGGABLE DATABASE 'dgpdb_sales' AT 'newyork';
Verifying conditions for Switchover...
Source pluggable database is 'SALES' at database 'BOSTON'
Performing switchover NOW, please wait...
Closing pluggable database 'SALES...
Switching 'SALES' to standby role...
Waiting for 'DGPDB_SALES' to recover all redo data...
Stopping recovery at 'DGPDB_SALES'...
Converting 'DGPDB_SALES' to primary role...
Opening new primary 'DGPDB_SALES'...
Waiting for redo data from new primary 'DGPDB_SALES'...
Starting recovery at new standby 'SALES'...
Switchover succeeded, new primary is "DGPDB_SALES"Performing PDB Failover
A PDB failover is a role reversal between a source PDB and its designated target PDB. This operation is typically performed when the source PDB has failed and there is no possibility of recovering it in a timely manner.
You can perform one of the following types of PDB failover:
-
Complete PDB failover
This is the default. It results in no data loss and is the recommended option. Use this option when there are problems with the source PDB, but the source CDB is still available.
-
Immediate PDB failover
This is the fastest type of PDB failover. However, no additional data is applied on the target PDB once you invoke the PDB failover. After an immediate failover operation, you must reinstate the former source PDB before it can serve as a target PDB for the new source PDB. Use this option when the source CDB is not available. There is a high possibility of data loss under these circumstances.
After an immediate failover operation, the former source PDB must be dropped. The new source PDB after the immediate PDB failover is unprotected. A new DGPDB should be added to resume data protection.
Before You Begin DG PDB Failover
Some factors must be considered before you perform a PDB failover.
-
Determine that there is no possibility of recovering the source PDB.
How Broker Performs Failover in a DG PDB Environment
The broker performs a set of steps when you initiate a PDB failover.
-
Verifies that the target database is reachable. If the target database is not reachable, you will not be able to perform a failover.
-
Validates that the source PDB and target PDB are in the correct states. The source PDB can be open or closed. The target PDB must be in recovery mode.
Note that this validation is not performed for immediate PDB failover.
-
Confirms that the target PDB is recovering the current redo stream of the source PDB.
-
Closes the source PDB on all instances.
-
Waits for the target database to finish applying any unapplied redo data and then stops Redo Apply. Any unapplied redo will not be applied when performing an immediate failover.
-
Transitions the target PDB to the source PDB as follows:
-
Changes the role of the target PDB to the source PDB.
-
Opens the new source PDB in read/write mode.
-
After the failover completes, the broker does not run recovery at the new
target PDB (original source PDB). Recovery is not started even if you restart the new
target database or run an ENABLE DATABASE command. After you address
the issue that caused the failure, start recovery by running the EDIT PLUGGABLE
DATABASE command with the SET STATE=APPLY-ON option.
Starting a PDB Failover
Use DGMGRL to perform a complete (recommended) or immediate PDB failover.
The source PDB need not be open when performing a failover.
To perform a PDB failover:
After the PDB failover operation completes, use the EDIT
PLUGGABLE DATABASE command with SET STATE=APPLY-ON to
start redo apply on the former source PDB if it was a complete failover, and any
issues that warranted the failover have been addressed.