Citrix Systems 6 Enabling HA on a XenServer Pool

best-effort priority setting are not part of the failover plan and are not guaranteed to be kept running, since

capacity is not reserved for them. If the pool experiences server failures and enters a state where the number of

tolerable failures drops to zero, the protected VMs will no longer be guaranteed to be restarted. If this condition

is reached, a system alert will be generated. In this case, should an additional failure occur, all VMs that have a

restart priority set will behave according to the best-effort behavior.

If a protected VM cannot be restarted at the time of a server failure (for example, if the pool was overcommitted

when the failure occurred), further attempts to start this VM will be made as the state of the pool changes. This

means that if extra capacity becomes available in a pool (if you shut down a non-essential VM, or add an additional

server, for example), a fresh attempt to restart the protected VMs will be made, which may now succeed.

Note:

No running VM will ever be stopped or migrated in order to free resources for a VM with

always-run=true to be restarted.

Enabling HA on a XenServer Pool

HA can be enabled on a pool using either XenCenter or the command-line interface. In either case, you will

specify a set of priorities that determine which VMs should be given highest restart priority when a pool is

overcommitted.

Warning:

When HA is enabled, some operations that would compromise the plan for restarting VMs

may be disabled, such as removing a server from a pool. To perform these operations, HA can

be temporarily disabled, or alternately, VMs protected by HA made unprotected.

1. Verify that you have a compatible Storage Repository (SR) attached to your pool. iSCSI, NFS or Fibre Channel

are compatible SR types. Please refer to the reference guide for details on how to configure such a storage

repository using the CLI.

2. For each VM you wish to protect, set a restart priority. You can do this as follows:

xe vm-param-set uuid=<vm_uuid> ha-restart-priority=<1> ha-always-run=true

3. Enable HA on the pool:

xe pool-ha-enable heartbeat-sr-uuids=<sr_uuid>

4. Run the pool-ha-compute-max-host-failures-to-tolerate command. This command returns the maximum

number of hosts that can fail before there are insufficient resources to run all the protected VMs in the pool.

xe pool-ha-compute-max-host-failures-to-tolerate

The number of failures to tolerate determines when an alert is sent: the system will recompute a failover

plan as the state of the pool changes and with this computation the system identifies the capacity of the pool

and how many more failures are possible without loss of the liveness guarantee for protected VMs. A system

alert is generated when this computed value falls below the specified value for ha-host-failures-

to-tolerate.

5. Specify the number of failures to tolerate parameter. This should be less than or equal to the computed

value:

xe pool-param-set ha-host-failures-to-tolerate=<2> uuid=<pool-uuid>

To disable HA features for a VM, use the xe vm-param-set command to set the ha-always-run parameter

to false. This does not clear the VM restart priority settings. You can enable HA for a VM again by setting the

ha-always-run parameter to true.