數(shù)據(jù)庫鏡像是SQL SERVER 2005用于提高數(shù)據(jù)庫可用性的新技術(shù)其優(yōu)勢是以在不丟失已提交數(shù)據(jù)的前提下進行快速故障轉(zhuǎn)移,無須專門的硬件,并且易于配置和管理,本文將如介紹,有需求的朋友可以參考下
一 概述
數(shù)據(jù)庫鏡像是SQL SERVER 2005用于提高數(shù)據(jù)庫可用性的新技術(shù)。數(shù)據(jù)庫鏡像將事務(wù)日志記錄直接從一臺服務(wù)器傳輸?shù)搅硪慌_服務(wù)器,并且能夠在出現(xiàn)故障時快速轉(zhuǎn)移到備用服務(wù)器。可以編寫客戶端程序自動重定向連接信息,這樣一旦出現(xiàn)故障轉(zhuǎn)移就可以自動連接到備用服務(wù)器和數(shù)據(jù)庫。
優(yōu)勢:數(shù)據(jù)庫鏡像可以在不丟失已提交數(shù)據(jù)的前提下進行快速故障轉(zhuǎn)移,無須專門的硬件,并且易于配置和管理。
二 環(huán)境準(zhǔn)備
操作系統(tǒng):Window 2003 enterprise sp2(至少兩臺,如要啟用自動故障轉(zhuǎn)移,必需三臺)
SQL版本:MSSQL SERVER 2005 SP3
檢查SQL SERVER版本:
exec xp_msver
select SERVERPROPERTY(‘productlevel’)
數(shù)據(jù)庫準(zhǔn)備:準(zhǔn)備一個數(shù)據(jù)庫:ccerp_jzt ,備份此數(shù)據(jù)庫還原到另外一臺機器上,另外一臺必須是with no recovery
這里我假設(shè)服務(wù)器A,B,C
A為主體服務(wù)器,B為鏡像服務(wù)器,C為見證服務(wù)器
A服務(wù)器
use master
go
restore filelistonly from disk=N’f:databakccerp_jzt_backup_200911250100.bak’
restore database ccerp_jzt from disk=N’f:databakccerp_jzt_backup_200911250100.bak’ with replace,recovery,
move ‘ccerp_ydswzip_Data’ to ‘d:dataccerp_jzt.mdf’,
move ‘ccerp_ydswzip_Log’ to ‘d:dataccerp_jzt_log.ldf’
exec sp_helpdb ‘ccerp_jzt’
backup database ccerp_jzt to disk =N’f:databaksk.bak’ with init
–更改恢復(fù)模式
alter database ccerp_jzt set recovery full
B服務(wù)器:
CREATE DATABASE ccerp_jzt
ON
( NAME = Sales_dat,
FILENAME = ‘d:dataccerp_jzt.mdf’,
SIZE = 10
)
LOG ON
( NAME = ‘ccerp_jzt_log’,
FILENAME = ‘d:dataccerp_jzt_log.ldf’,
SIZE = 5MB
)
GO
restore filelistonly from disk=N’f:xxzxdatask.bak’
use master
go
restore database ccerp_jzt from disk=N’f:xxzxdatask.bak’ with replace,norecovery,
exec sp_helpdb ‘ccerp_jzt’
C服務(wù)器只要裝上SQL SERVER 2005就可以,無需其他準(zhǔn)備
準(zhǔn)備完成后如下圖所示:
三 三種模式的搭建
數(shù)據(jù)庫鏡像要建立必需得建立信任關(guān)系,那么在WIN環(huán)境下建立信任關(guān)系可以通過三種方式:域帳戶,證書信任,windows 匿名登陸,現(xiàn)就前兩種模式做配置說明.
3.1 域帳戶模式:
3.1.1 更改mssqlserver服務(wù)的的登陸方式為域帳戶登陸方式:
進入windows服務(wù)管理控制臺,更改服務(wù)登陸帳戶,使域賬戶有更改MSSQL SERVER服務(wù)狀態(tài)的權(quán)限.三臺機器都做同樣設(shè)置
將域帳戶賦予sysadmin角色
3.1.2 建立端點:
通過圖形界面建立端點:
啟動SQLWB,按圖一直下一步
用域帳戶登陸
如果成功則:
3.2 證書模式
3.2.1建立證書&端點
參與數(shù)據(jù)庫鏡像會話的服務(wù)器必須彼此信任。對于本地通信而言,例如一個域內(nèi)的通信,信任意味著SQL Server實例登陸賬號必須有權(quán)限連接到其他鏡像服務(wù)器,也包括endpoints。首先在每個服務(wù)器上使用CREATE LOGIN命令,然后使用GRANT CONNECT ON ENDPOINT命令.非信任域之間的通信必須使用證書。如果使用CREATE CERTIFICATE語句創(chuàng)建自簽名的證書,基本上所有數(shù)據(jù)鏡像證書的要求都可以滿足。確認在CREATE CERTIFICATE語句中將證書標(biāo)記為ACTIVE FOR BEGIN_DIALOG。
一 建立證書:
鏡像服務(wù)器上執(zhí)行:
USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘TEST’;
CREATE CERTIFICATE HOST_A_cert WITH SUBJECT=’HOST_A certificate’, START_DATE=’2010-03-10′;
主體服務(wù)器上執(zhí)行:
USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘TEST’;
CREATE CERTIFICATE HOST_B_cert WITH SUBJECT=’HOST_B certificate’, START_DATE=’2010-03-10′;
見證服務(wù)器上執(zhí)行:
USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘TEST’;
CREATE CERTIFICATE HOST_C_cert WITH SUBJECT=’HOST_C certificate’, START_DATE=’2010-03-10′;
二 建立端點:
鏡像服務(wù)器上執(zhí)行:
–create mirror endpoint on primary A
CREATE ENDPOINT Endpoint_Mirroring
STATE = STARTED AS
TCP ( LISTENER_PORT=5022 , LISTENER_IP = ALL )
FOR DATABASE_MIRRORING
( AUTHENTICATION = CERTIFICATE HOST_A_cert , ENCRYPTION = REQUIRED ALGORITHM AES , ROLE = ALL );
主體服務(wù)器上執(zhí)行:
–Create endpoint on mirror server B
CREATE ENDPOINT Endpoint_Mirroring
STATE = STARTED
AS
TCP ( LISTENER_PORT=5022 , LISTENER_IP = ALL )
FOR
DATABASE_MIRRORING
( AUTHENTICATION = CERTIFICATE HOST_B_cert , ENCRYPTION = REQUIRED ALGORITHM AES , ROLE = ALL );
見證服務(wù)器上執(zhí)行:
–Create endpoint on witness server C
CREATE ENDPOINT Endpoint_Mirroring
STATE = STARTED
AS
TCP ( LISTENER_PORT=5022 , LISTENER_IP = ALL )
FOR
DATABASE_MIRRORING
( AUTHENTICATION = CERTIFICATE HOST_C_cert ,
ENCRYPTION = REQUIRED ALGORITHM AES , ROLE = witness );
SELECT * FROM sys.database_mirroring_endpoints;
證書互備:
鏡像服務(wù)器上執(zhí)行:
–backup certificate
BACKUP CERTIFICATE HOST_A_cert TO FILE = ‘e:HOST_A_cert.cer’
主體服務(wù)器上執(zhí)行
–backup certificate
BACKUP CERTIFICATE HOST_B_cert TO FILE = ‘e:HOST_B_cert.cer’
見證服務(wù)器上執(zhí)行:
BACKUP CERTIFICATE HOST_c_cert TO FILE = ‘e:HOST_C_cert.cer’
將備份到的證書進行互換,即HOST_A_cert.cer復(fù)制到B機的e: 將HOST_B_cert.cer復(fù)制到A機的E:,也就是每臺服務(wù)器有三個證書
三:建立登陸用戶:
鏡像服務(wù)器上執(zhí)行:
–Create user
CREATE LOGIN HOST_B_login WITH PASSWORD = ‘test’;
CREATE USER HOST_B_user FOR LOGIN HOST_B_login;
CREATE CERTIFICATE HOST_B_cert AUTHORIZATION HOST_B_user FROM FILE = ‘e:HOST_B_cert.cer’;
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_B_login];
CREATE LOGIN HOST_C_login WITH PASSWORD = ‘test’;
CREATE USER HOST_C_user FOR LOGIN HOST_c_login;
CREATE CERTIFICATE HOST_c_cert AUTHORIZATION HOST_c_user FROM FILE = ‘e:HOST_c_cert.cer’;
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_c_login];
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_A_login];
–query user sid
select loginname,name,sid From syslogins
主體服務(wù)器上執(zhí)行:
–Create user
CREATE LOGIN HOST_A_login WITH PASSWORD = ‘test’;
CREATE USER HOST_A_user FOR LOGIN HOST_A_login;
CREATE CERTIFICATE HOST_A_cert AUTHORIZATION HOST_A_user FROM FILE = ‘e:HOST_A_cert.cer’;
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_A_login];
— add witness user
CREATE LOGIN HOST_C_login WITH PASSWORD = ‘test’;
CREATE USER HOST_C_user FOR LOGIN HOST_c_login;
CREATE CERTIFICATE HOST_c_cert AUTHORIZATION HOST_c_user FROM FILE = ‘e:HOST_c_cert.cer’;
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_c_login];
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_B_login];
–query sid
select loginname,name,sid From syslogins
見證服務(wù)器上執(zhí)行:
–Create user
CREATE LOGIN HOST_A_login WITH PASSWORD = ‘test’;
CREATE USER HOST_A_user FOR LOGIN HOST_A_login;
CREATE CERTIFICATE HOST_A_cert AUTHORIZATION HOST_A_user FROM FILE = ‘e:HOST_A_cert.cer’;
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_A_login];
–add user host_b_login to have pemission to access witness
CREATE LOGIN HOST_B_login WITH PASSWORD = ‘test’;
CREATE USER HOST_B_user FOR LOGIN HOST_B_login;
CREATE CERTIFICATE HOST_B_cert AUTHORIZATION HOST_B_user FROM FILE = ‘e:HOST_B_cert.cer’;
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [HOST_B_login];
grant connect on endpoint::endpoint_mirroring to HOST_C_login
USE master;
exec sp_addlogin
@loginame = ‘HOST_B_login’,
@passwd = ‘test’,
@sid = 0x1A914CA3D1D00C4793EBC96E4C4F4352 ;
ALTER DATABASE ccerp_jzt SET PARTNER = ‘TCP://192.168.137.32:5022’;
四.建立鏡像:
先在鏡像服務(wù)器上執(zhí)行:
ALTER DATABASE ccerp_jzt SET PARTNER = ‘TCP://192.168.137.44:5022’;
接著主體服務(wù)器執(zhí)行:
ALTER DATABASE ccerp_jzt SET PARTNER = ‘TCP://192.168.137.32:5022’;
ALTER DATABASE ccerp_jzt SET witness = ‘TCP://192.168.137.49:5022’;
至此引證書建立完畢
、主備互換
–主機執(zhí)行:
1USE master;
2ALTER DATABASE
、主服務(wù)器Down掉,備機緊急啟動并且開始服務(wù)
–備機執(zhí)行:
1USE master;
2ALTER DATABASE
、原來的主服務(wù)器恢復(fù),可以繼續(xù)工作,需要重新設(shè)定鏡像
1–備機執(zhí)行:
2USE master;
3ALTER DATABASE
4ALTER DATABASE
、原來的主服務(wù)器恢復(fù),可以繼續(xù)工作
–默認情況下,事務(wù)安全級別的設(shè)置為 FULL,即同步運行模式,而且SQL Server 2005 標(biāo)準(zhǔn)版只支持同步模式。
–關(guān)閉事務(wù)安全可將會話切換到異步運行模式,該模式可使性能達到最佳。
1USE master;
2ALTER DATABASE
3ALTER DATABASE
錯誤說明:
消息1498,級別16,狀態(tài)3,第1 行
默認情況下,數(shù)據(jù)庫鏡像是被禁用的。當(dāng)前提供的數(shù)據(jù)庫鏡像僅供評估使用,并不應(yīng)使用于生產(chǎn)環(huán)境中。若要以評估為目的啟用數(shù)據(jù)庫鏡像,請在啟動過程中使用跟蹤標(biāo)志1400。有關(guān)跟蹤標(biāo)志和啟動選項的詳細信息,請參閱SQL Server 聯(lián)機叢書。
解決辦法:沒打SP1以上補丁.強烈建議打SP3
消息1475,級別16,狀態(tài)2,第1 行
由于”ccerp_jzt” 數(shù)據(jù)庫可能有尚未備份的大容量日志記錄更改,所以無法啟用數(shù)據(jù)庫鏡像。必須在鏡像上還原主體數(shù)據(jù)庫的上一次日志備份。
主體上:backup log ccerp_jzt to disk =’e:log.trn’ with no_truncate
鏡像上:restore log ccerp_jzt from disk=’e:log.trn’ with norecovery
