I'm merely an hobbyist that works in a HA environment, but I'll try to collect a few things I experienced:
Power !!! as in
- 360V plug fiddled togheter with a modem cable, someone pulled it.
- Lan switches not plugged into UPS
- systems only connected to UPS
- having no generator (that's not so bad, just ensure You have time for shutting down)
A reasonable system without wasting money would have two PSUs, each connected to a surge protector followed by an UPS.
The UPS can be shared by multiple systems (thus the surge protector).
It's two UPS because here in Germany the national grid has a much lower chance of failure than an mid-range UPS, but in case of a sudden failure UPSs happen to fail or blow up inside after a moment.
The power cables must be secured it both ends to avoid accidential pull outs.
also manually control their fit.
- IO backplanes:
If You have two network adapters, FC-adapters or such, put them into different IO backplanes if the system supports it (>=N-Class). (Applies to the next thingy, too)
- SCSI Adapters:
Are Your mirrored disk split over two separate controllers? They should be.
- Filesystem corruption:
fsck /stand every few months - it's an unhappy event to notice that after patching.
- NFS non-bg mounts:
Any request to a failed server will lock the clients
(i.e. nfs server has proc table full, thus rpcbind is still up and running appearingly fine, but a client won't get any data out of it)
- LVM Mirror / sdisk driver:
the following happened:
FC-Array locks up with outstanding IO from an application while one disk in vg00 was failing (motor problem, it got lost from the vg00 and got back for hours).
Result (both after reboot -h and resolving the fc-issue):
one failed disk for the bin and a corrupted mirror disk.
(Fun!)
- SCSI conection to the disk array?
use pvlink and dual-active controllers - btw: psu fail in the disk array can be trouble, what happens to Your applications if the disks are gone?
- LAN connection without APA
Orginisational stuff that becomes a SPOF when something is down:
- No easy to find tape drive and tapes at hand
If someone feels he'd better do a backup he should be able to do it.
- Lack of authority and support
The person in front of the system must be allowed to call for help and have the numbers. If he can't reach anyone, he should look right at a sheet of paper with a few things on it:
the persons responsible for the system
(not in organizational character, like who was billed for it, but the guy that knows what applications are on it)
there always should be at least two, and they *MUST* be aware they are responsible for their decisions, otherwise they'll just put it off till next day.
the HP support handle
the HP telephone number
the location of the system documentation
rough description what he is authorized to do and what hp is authorized to do
(i.e. if Your org takes the risk of hot-plugging a scsi tape for emergency backup. otherwise hp won't do it)
(i.e. a billing system is better off if it's down than with lost data)
Things that kill a system anyway and sometimes don't even result in TOC:
CPU failures (usually the cpu get's unconfigured, but if it has irq's allocated: down she goes)
IO backplane errors (bad soldering etc)
happened on a few n-classes over time
bad bad bad disk blocks in paging area.
(mediainit is Your friend sometimes)
Loose RAM sockets
(only saw that one in A180's)
faulty scsi cabling (just don't have it)
most important:
get enough authority do test problems and... downtime, maybe a whole weekend, maybe plan the test with a consultant from hp.
do full backups, test them on a second system.
remove a power supply. remove pull out the whole vg00, fsck up the fc-zoning to external storage.
document what breaks everything, and what doesn't.
practice
have a backup system at hand. i.e. only use external storage, and have a small fallback system.
i.e. if Your production host is a fully redundant thing with 8 CPUs, how about having a J6700 used for all the testing with a few spare scsi/fc adapters in case HP doesn't have a part available..
give it two disks for vg00, always patch it to the same level, and if disaster strikes, connect it to the external storage that keeps applications and data.
I better stop now. :)
yesterday I stood at the edge. Today I'm one step ahead.
