Performing PDB Failover

A PDB failover is a role reversal between a source PDB and its designated target PDB. This operation is typically performed when the source PDB has failed and there is no possibility of recovering it in a timely manner.

You can perform one of the following types of PDB failover:

• Complete PDB failover

  This is the default. It results in no data loss and is the recommended option. Use this option when there are problems with the source PDB, but the source CDB is still available.

• Immediate PDB failover

  This is the fastest type of PDB failover. However, no additional data is applied on the target PDB once you invoke the PDB failover. After an immediate failover operation, you must reinstate the former source PDB before it can serve as a target PDB for the new source PDB. Use this option when the source CDB is not available. There is a high possibility of data loss under these circumstances.

  After an immediate failover operation, the former source PDB must be dropped. The new source PDB after the immediate PDB failover is unprotected. A new DGPDB should be added to resume data protection.

Before You Begin DG PDB Failover

Some factors must be considered before you perform a PDB failover.

• Determine that there is no possibility of recovering the source PDB.

How Broker Performs Failover in a DG PDB Environment

The broker performs a set of steps when you initiate a PDB failover.

1. Verifies that the target database is reachable. If the target database is not reachable, you will not be able to perform a failover.

2. Validates that the source PDB and target PDB are in the correct states. The source PDB can be open or closed. The target PDB must be in recovery mode.

   Note that this validation is not performed for immediate PDB failover.

3. Confirms that the target PDB is recovering the current redo stream of the source PDB.

4. Closes the source PDB on all instances.

5. Waits for the target database to finish applying any unapplied redo data and then stops Redo Apply. Any unapplied redo will not be applied when performing an immediate failover.

6. Transitions the target PDB to the source PDB as follows:

   • Changes the role of the target PDB to the source PDB.

   • Opens the new source PDB in read/write mode.

After the failover completes, the broker does not run recovery at the new target PDB (original source PDB). Recovery is not started even if you restart the new target database or run an ENABLE DATABASE command. After you address the issue that caused the failure, start recovery by running the EDIT PLUGGABLE DATABASE command with the SET STATE=APPLY-ON option.

Starting a PDB Failover

Use DGMGRL to perform a complete (recommended) or immediate PDB failover.

The source PDB need not be open when performing a failover.

To perform a PDB failover:

1. Connect to the target database.
2. Run the FAILOVER PLUGGABLE DATABASE command, specifying the name of the target PDB and the name of the target database containing the target PDB.

   In this example, a failover is performed to the bos_sales PDB. After the failover operation completes, the target PDB bos_sales in the target database boston transitions to the primary role.

   DGMGRL> FAILOVER TO PLUGGABLE DATABASE bos_sales AT boston; 
   Verifying conditions for Failover... 
   
     Source pluggable database is 'NYC_SALES' at database 'newyork' 
   
   Performing failover NOW, please wait... 
   
     Closing pluggable database 'NYC_SALES'... 
     Converting 'NYC_SALES' to standby role... 
     Waiting for 'BOS_SALES' to recover all redo data... 
     Stopping recovery at 'BOS_SALES'... 
     Converting 'BOS_SALES' to primary role... 
     Opening new primary 'BOS_SALES'... 
     Waiting for redo data from new primary 'BOS_SALES'... 
   
   Failover succeeded, new primary is "BOS_SALES".

   All accumulated redo is applied before the target PDB is changed to a source PDB role.

   To perform an immediate failover, include the IMMEDIATE keyword in the command. In this case, the source PDB role is changed without applying any accumulated redo data.

After the PDB failover operation completes, use the EDIT PLUGGABLE DATABASE command with SET STATE=APPLY-ON to start redo apply on the former source PDB if it was a complete failover and any issues that warranted the failover have been addressed.