Restarting an application server in recovery mode
When an application server instance with active transactions in progress restarts after a failure, the transaction service uses recovery logs to complete the recovery process. These logs, which each transactional resource maintains, are used to rerun any InDoubt transactions and return the overall system to a self-consistent state.
Before you begin
If you are migrating from a previous version of the product, make sure that the REC parameter is included on the JCL procedure statement for the controller as either REC=N or REC=Y. If the JCL procedure does not specify either REC=N or REC=Y, the server does not restart in recovery mode even if you specify the -recovery option.
If the JCL procedures includes REC=N, the setting automatically changes to REC=Y if you specify -recovery when you restart the server. REC=N is automatically included on the JCL procedure if you did not migrate from a previous version of the product. Following is an example of what your updated PROC statement might look like:
//BBO6ACR PROC PARMS=' ',REC=N,Z=BBO6ACRZ
About this task
- Transactional resources complete the actions in their recovery logs and then shut down. This action frees up any resource locks that the application server held prior to the failure.
- During the recovery period, only the subset of application server functions that are necessary for transactional recovery to proceed are available.
- The application server does not accept new work during the recovery process.
- The application server shuts down when the recovery is complete.
This recovery process begins as soon as all of the necessary subsystems within the application server are available. If the application server is not restarted in recovery mode, the application server can start accepting new work as soon as the server is ready, which might occur before the recovery work has completed.
Normally, this process is not a problem. However, situations exist when your operating procedures might not be compatible with supporting recovery work and new work simultaneously. For example, you might have a high availability environment where the work handled by the application server that failed is immediately moved to another application server. This backup application server then exclusively processes the work from the application server that failed until recovery has completed on the failed application server and the two application servers can be re-synchronized. In this situation, you might want the failing application server to only perform its transactional recovery process and then shut down. You might not want this application server to start accepting new work while the recovery process is taking place.
To prevent the assignment of new work to an application server that is going through its transaction recovery process, restart the application server in recovery mode.
When you restart a failed application server, the node agent for the node on which the failed application server resides must be running before you can restart that application server.
If the resource manager registration entry was deleted from the RRS logs, on a subsequent application server start, a cold start is performed. However, you cannot perform a cold start with RRS if you are starting the application server in recovery mode.
With this service release, you can cold start the server in a recovery mode only on the system where the server was configured.
If you want to be able restart an application server in recovery mode, you must perform the following steps before a failure occurs, and then restart the application server to enable your configuration changes:
Procedure
Results
What to do next
Configure the integrated high availability support for the transaction service subcomponent for peer recovery of transactions.