corda/docs/source/high-availablility.rst

49 lines
1.7 KiB
ReStructuredText
Raw Normal View History

High Availability
=================
This section describes how to make a Corda node highly available.
Hot Cold
~~~~~~~~
In the hot cold configuration, failover is handled manually, by promoting the cold node after the former hot node
failed or was taken offline for maintainance.
RPC clients have to handle ``RPCException`` and implement application specific recovery and retry.
Prerequisites
-------------
* A load-balancer for P2P, RPC and web traffic
* A shared file system for the artemis and certificates directories
* A shared database, e.g. Azure SQL
The hot-cold deployment consists of two Corda nodes, a hot node that is currently handling request and running flows
and a cold backup node that can take over, if the hot node fails or is taken offline for an upgrade. Both nodes should
be able to connect to a shared database and a replicated file-system hosting the artemis and certificates directories.
The hot-cold ensemble should be fronted by a load-balancer for P2P, web and RPC traffic. The load-balancer should do
health monitoring and route the traffic to the node that is currently active. To prevent data corruption in case of
accidental simultaneous start of both nodes, the current hot node takes a leader lease in the form of a mutual exclusion
lock implemented by a row in the shared database.
Configuration
-------------
The configuration snippet below shows the relevant settings.
.. sourcecode:: none
enterpriseConfiguration = {
mutualExclusionConfiguration = {
on = true
machineName = ${HOSTNAME}
updateInterval = 20000
waitInterval = 40000
}
}
Hot Warm
~~~~~~~~
In the future we are going to support automatic failover.