RU2788309C1 - Method for centralized response to a network failure or server failure in a high availability cluster and virtual machine recovery in a high availability cluster and a system implementing this method - Google Patents

Abstract

FIELD: computer technology.

SUBSTANCE: invention relates to the field of computer technology, namely to systems for creating and administering virtual infrastructure on a group of servers in data centers. The method for centralized response to a network failure or server failure in a high availability cluster and virtual machine recovery in a high availability cluster, containing software components for polling cluster nodes, determining the states of cluster nodes, fencing nodes and VM recovery, is characterized by the fact that it makes it possible to organize the infrastructure of automated virtual machine recovery without the need to install specialized high availability cluster software for each server.

EFFECT: detecting a network failure or a high availability cluster server failure and restoring the availability of a virtual machine (VM) on an available server in the cluster without the need to install high availability agents on each physical server.

2 cl, 3 dwg

Description

[0001] The present invention relates to the field of computing, namely to systems for creating and administering a virtual infrastructure on a group of servers in data centers.

[0002] As used in this application, the terms used have the following meanings:

[0003] "Heartbeat" (translated from English. "Heartbeat") - a periodic signal generated by software to indicate correct operation or to synchronize other parts of a computer system;

[0004] "IPMI" (English Intelligent Platform Management Interface) - an intelligent platform management interface designed for autonomous monitoring and control of functions built directly into the hardware and firmware of server platforms, including for performing autonomous power-on, shutdown and reboot operations COMPUTER;

[0005] "Agent" is a program that enters into an intermediary relationship with a user or another program;

[0006] "Database" - a collection of data organized according to certain rules, providing general principles for describing, storing and manipulating data, independent of application programs;

[0007] "Virtualization" - a group of technologies based on the transformation of the format or parameters of software or network requests to computer resources in order to ensure the independence of information processing processes from the software or hardware platform of the information system;

[0008] "Virtual Machine" (hereinafter - VM) - a virtual computing system that consists of virtual devices for processing, storing and transmitting data and which may additionally contain software and user data;

[0009] “Hypervisor” is a program that creates an environment for the operation of other programs, including other hypervisors, by simulating computer hardware, managing these tools and guest operating systems (hereinafter referred to as OS) operating in this environment.

[0010] "Guest operating system" means the operating system installed in the VM;

[0011] "Daemon" is a program on UNIX-class systems that runs in the background without direct communication with the user;

[0012] "Cluster" - a group of computers united by high-speed communication channels, representing a single hardware resource from the user's point of view;

[0013] "Host" - any device that provides services in the client-server format in server mode on any interfaces and is uniquely identified on these interfaces. In a broader sense, a host can be understood as any computer connected to a local or global network;

BACKGROUND OF THE INVENTION

[0014] As mentioned above, the claimed invention relates to systems for creating and administering a virtual infrastructure on a group of servers in data centers. The servers run virtual machines (VMs) that run guest operating systems (OS) with various applications. Servers can be combined into clusters to perform various functions, for example, live migration of VMs (“live migration”), load balancing for even use of server resources (“DRS cluster”) and automatic recovery of virtual machines in case of hardware or network failures (cluster high availability) (English High Availability Cluster).

[0015] High Availability (High Availability, abbreviated HA) provides functions for detecting failures in guest operating systems of virtual machines (VMs) or the hardware on which they are running. When failures are detected, HA automatically restores virtual machines to other hosts in the cluster without manual intervention.

[0016] Each physical server must run one or more workloads, such as virtual machines, a server application instance (web server or application server, and/or a data processing application instance, such as a grid client).

[0017] Instances of the software application may be associated, for example, stored on one or more storage devices, such that the instance of the software application may be migrated or restarted on any host with access to the data store that corresponds to the software application instance.

[0018] Existing high availability clustering technology has limitations regarding the availability of virtual machines. For example, when a control network failure occurs for a subset of cluster hosts, those isolated hosts may lose the ability to communicate over the control network with other hosts in the cluster.

[0019] In addition, one of the hosts in the isolated partition may lose connectivity to the virtual machine network, causing that particular host to become completely isolated from all other hosts. This results in the loss of network access for all VMs running on that particular host, further resulting in the loss of access to that VM by users or clients until at least the VM's network connectivity is manually fixed to corresponding host.

[0020] Of the existing prior art, the closest in technical essence and achieved technical result to the claimed invention is a method for processing network separation in a high-pressure cluster (HA-cluster) and a system for its implementation [patent US10521315B1, publication date 12/31/2019].

[0021] US10521315B1 proposes methods for managing virtual machine connectivity for hosts in a standalone HA cluster.

[0022] The method includes determining that the first host running the virtual machine in the HA cluster is in the isolated partition. When a virtual machine network failure is detected for the first host, network failure processing is performed, which includes transferring the execution of the virtual machine on the first host to a host that has network connectivity.

[0023] In a HA cluster, a master or primary host may be designated, and may be responsible for monitoring the status of other hosts (slave hosts or secondary hosts) in the cluster and organizing automatic recovery of the VM.

[0024] In the proposed embodiments, the functions of monitoring and restoring the VM are performed by HA agents. The HA agent also includes instructions for running as a master host and for running as a secondary host.

[0025] The method described in US10521315B1 for processing network partitioning in a high pressure cluster can be performed by any of the hosts, with each host choosing a master host, acting as a master host, and acting as a secondary host, as the case may be.

[0026] The network partitioning processing system in a HA cluster according to US10521315B1 requires the installation of an HA agent on all physical servers of the cluster, as well as a Fault Domain Manager (FDM), which is actually part of the Virtualization Manager. The HA agent, being in the role of an auxiliary host, performs, in particular, the functions of selecting the main host, communicating with other servers through a shared storage system, shutting down or rebooting virtual machines in the event of a failure in the guest operating system. In its role as master host, the HA agent also makes decisions about restarting virtual machines on available servers.

[0027] The need to install the required dedicated HA cluster software on each physical server effectively makes the network separation processing system in the HA cluster of US10521315B1 a distributed solution.

[0028] Thus, we can highlight the main drawback of the closest analogue, which is the need to install specialized high availability cluster software - high availability agents on each physical server. This may be impossible or redundant when using servers with installed software in a minimal configuration, for example, when using a Linux distribution with an open hypervisor Kernel-based Virtual Machine (hereinafter referred to as KVM) and other freely distributed utilities for managing virtual machines.

SUMMARY OF THE INVENTION

[0029] The technical problem to be solved by the claimed invention is to organize the infrastructure for auto-recovery of virtual machines on a cluster without the need to install specialized software on all physical servers - high availability agents.

[0030] The technical result achieved by implementing the claimed invention is to ensure the detection of a network failure or server failure in a high availability cluster and restore the availability of a virtual machine (VM) on an available server in the cluster without the need to install high availability agents on each physical server. Installing high availability agents on each physical server may not be possible or redundant when using servers with installed software in a minimal configuration, for example, when using a Linux distribution with an open KVM hypervisor and other freely distributed utilities for managing virtual machines.

[0031] The claimed technical result is achieved due to the fact that the method of centrally responding to a network failure or server failure in a high availability cluster and restoring a virtual machine in a high availability cluster (2) containing a set of virtual machines (VMs) deployed on a group of computers ( 1, 2 ... N) (1) with an installed hypervisor (7), equipped with an IPMI board (6), a computer controller (4), a storage computer (5) containing a database (9) of the guest operating system of virtual machines ( VM), an Ethernet switch (3) that provides communication between the elements of the system via the IPMI interface, while the computer controller (4) contains a control software package that includes a "daemon (10) for polling computers from the cluster", "daemon (11) for determining states Cluster computer", "daemon (12) fencing cluster computer nodes", "daemon (13) restoring VM", as well as a database (8), which stores the configuration data of the hypervisor (7) of turned off virtual machines (VM) and service settings , including n at least the flag for enabling the high availability function, the flag for enabling automatic selection of computers for recovery, the list and order of computers on which it is necessary to restore the VM, the flag for enabling the selection of computers for restoring the VM with the least RAM load, the number of attempts to restore the VM, the time interval between attempts to restore a VM is characterized by the fact that:

the daemon (10) of polling the computer (1) from the cluster connects to the computer (1) via the appropriate protocols, receives signaling messages "heartbeat" from the computer (1), VM and IPMI boards (6), generates informational messages and places them in the queue for processing by the demon (11) of determining the states of the computer (1);

the daemon (11) for determining the states of the computer (1) in the cluster (2) detects the absence of informational messages in the queue for a certain time and changes the record of the state of the computer (1) in the database (8) of the computer controller (4) to "node unavailable" ;

the demon (12) of the fence of the computer nodes (1) of the cluster (2) periodically reads the record of the status of the computer (1) in the database (8) of the computer controller (4) and, upon detecting the state "node unavailable", performs the operation of forced shutdown of the computer (1) through the IPMI board (6) - “fencing” and enters into the database (8) of the computer controller (4) a record that this computer (1) is in the “node fenced” state;

the daemon (13) of restoring the VM periodically reads in the database (8) of the computer controller (4) the record of the state of the computer (1) and the state of the "fencing" of the computer (1) and when the state "node is fenced" is detected, it starts the operation of restoring the VM on another computer (1), while the VM recovery demon (13) polls the database (8) of the computer controller (4) for the automatic selection flag of the computer (1) for recovery;

if the flag for enabling automatic selection of computers (1) for recovery is enabled, then the daemon (13) for restoring the VM polls in turn the records in the database (8) of the computer controller (4) with the level of RAM load on each computer (1) and makes an attempt to restore the VM on the computer (1) with the state "available" with the least load of RAM;

if the flag for enabling automatic selection of computers (1) for recovery is disabled, then the daemon (13) for restoring the VM reads from the database (8) of the computer-controller (4) an entry with the list and order of the computers (1) on which it is necessary to perform VM recovery;

the VM recovery daemon (13) polls the computer selection enable flag (1) to restore the VM with the least RAM load;

if the enable flag for selecting a computer (1) for restoring a VM with the least RAM load is disabled, then the VM restore daemon (13) attempts to restore the VM on the first computer (1) from the list with the “available” state;

if the enable flag of the choice of computer (1) for restoring the VM with the least RAM load is enabled, then the VM restore daemon (13) makes an attempt to restore the VM on the computer (1) with the "node available" state with the least RAM load;

if the attempt to restore the VM is unsuccessful, then the VM restore daemon (13) makes an attempt to restore the VM on the next computer (1) with the least RAM load or the next computer (1) in order from the list selected by the user with the state "node available", at the same time, before each next attempt, the VM restore daemon (13) must wait for the end of the timeout specified by the user when configuring the high availability function of the VM;

VM recovery is carried out by transferring the VM recovery daemon (13) to the computer (1) with configuration data of the hypervisor (7).

Also, the technical result is achieved due to the fact that the system of centralized response to network failure or server failure in a high availability cluster and restoration of a virtual machine in a high availability cluster (2) includes a set of virtual machines (VM) deployed on a group of computers (1, 2 ... N) (1) with installed hypervisor (7), equipped with a board - IPMI (6), computer controller (4), computer-storage system (5), containing a database (9) of the guest operating system of virtual machines (VM), an Ethernet switch (3) that provides communication between system elements via the IPMI interface, while the computer-controller (4) contains a control software package, including a “daemon (10) for polling computers from the cluster”, “daemon (11) for determining the states of the cluster computers” , "daemon (12) fencing cluster computer nodes", "daemon (13) restoring VMs", as well as a database (8), which stores the configuration data of the hypervisor (7) of turned off virtual machines (VMs), service settings, including lesser measures e flag for enabling the high availability function, flag for enabling automatic selection of computers for recovery, list and order of computers on which it is necessary to restore the VM, flag for enabling the selection of computers for restoring a VM with the least RAM load, number of attempts to restore a VM, time interval between attempts to restore VM.

[0032] The proposed technical solution has a centralized architecture in which all control decisions are made by the controller module installed on a separate server or virtual machine - computer - controller (4). Computer - controller (4) manages the physical servers of the computer (1) with running virtual machines. Thus, the physical servers in the control loop of the computer-controller (4) may not require the installation of specialized high-availability software - high-pressure agents.

IMPLEMENTATION OF THE INVENTION

[0033] The claimed invention provides for the creation and administration of a virtual infrastructure on a group of servers in data centers. The servers run virtual machines (VMs) that run guest operating systems with various applications. Servers can be combined into clusters to perform various functions, for example, live migration of VMs (“live migration”), load balancing for even use of server resources (“DRS cluster”), and automatic recovery of virtual machines in case of hardware or network failures (high availability cluster) .

[0034] The implementation of the invention is illustrated by drawings, which show:

Fig.1 is a typical infrastructure diagram for organizing a high availability function;

Fig. 2 is a functional diagram of the VM high availability mechanism;

Fig.3 is a block diagram of the algorithm implemented by the VM recovery daemon.

In the drawings, positions have the following designations:

1 - computers forming a high availability cluster;

2 – high availability cluster;

3 – Ethernet switch;

4 - computer - controller;

5 - computer - storage system;

6 - IPMI - board;

7 - hypervisor;

8 – guest OS data;

9 - database;

10 – daemon for polling computers from the cluster;

11 – daemon for determining computer states from the cluster;

12 – daemon for fencing cluster computer nodes;

13 - VM recovery daemon.

[0035] A typical scheme of the infrastructure controlled by a computer-controller (4) is shown in Fig. 1. A virtual machine (VM) is installed on a group of computers (computers 1, 2 ... N) (1) with the same processor architecture, forming a high availability cluster (2) (hereinafter referred to as the "cluster"). Computers (1) for running VMs are networked with a computer controller (4) and a computer-storage system (5) via an Ethernet switch (3).

[0036] The computer (1) contains a motherboard with an IPMI interface - an IPMI board (6) for running the VM, which must be connected to a common Ethernet network.

[0037] A hypervisor (7) is installed on the computer (1), the configuration data of which is stored in the database (8) of the computer controller (4), on which the control software package is also installed. Guest OS data (9) is stored on the storage computer (5) in the form of files or block disk partitions.

[0038] The computer controller (4) is installed on a separate server or virtual machine (VM) and performs the following main functions:

- management of virtual infrastructure on a group of servers from a graphical web interface;

- storage of information about the state of the entire virtual infrastructure in the database;

- monitoring and logging of events;

- load balancing for uniform use of server resources;

- monitoring the availability of virtual machines and recovery on available cluster servers;

- user authentication and access control.

[0039] In the minimum infrastructure deployment configuration, the computer controller (4) centrally executes all management logic, including all decisions to restore the computer (1) in the cluster (2).

[0040] In general, the computer VM (1) in the off state is the configuration data of the hypervisor (7) and may also include guest OS data (9) in the form of files (in qcow2, iso formats) or disk block partitions. The configuration data of the hypervisor (7) of the switched off VM is permanently stored in the database (8) of the computer controller (4).

[0041] The VM in the on state is a hypervisor process (7) with VM configuration data and guest OS data (9) loaded into the volatile RAM of the computer (1) (physical server). The hypervisor process (7) is created based on the configuration data of the hypervisor, which the computer-controller (4) transfers from the database (8) to the physical server, for example, via the SSH protocol.

[0042] Guest OS data (9) can be stored both in the non-volatile memory of the computer (1) on which the VM is running, and on external computers, including specialized data storage systems - computers - storage systems (5). Hypervisor process data (7) can only be stored in computer memory (1).

[0043] Based on this, it is possible to separate the computer (1) on which the computational process of executing the VM is directly performed, and the computer (1) on which the VM data is stored. Since to run a VM on any computer (1) with the same processor architecture, it is enough that the configuration data and the guest OS (9) are available, it becomes possible to move the VM between several computers (1) with a minimum interruption necessary to load data into the operating system. computer memory (1).

[0044] Based on this principle, the inventive method of centrally responding to a network failure or server failure in a high availability cluster and restoring a virtual machine in a high availability cluster. If the configuration data of the hypervisor (7) is stored in the database (8) of the computer - controller (4) and the data of the guest OS (9) is stored on the external data storage system of the computer - storage system (5), then it is possible with the help of the computer - controller (4) automate VM recovery on any computer (1) from the cluster (2) without the need to install high availability agents on each physical server - computer (1).

[0045] The developed algorithms for responding to a network failure or server failure in a high-availability cluster and restoring a virtual machine in a high-availability cluster are implemented by the control software package installed on a dedicated computer - controller (4), interacting with computers (1) and virtual machines deployed on them. machines (VM).

[0046] The following software components are installed on the computer controller (4), which form the control software complex (Fig. 2):

- daemon (10) polling computers from the cluster;

- demon (11) for determining the states of the computer from the cluster;

- demon (12) for fencing computer nodes on the cluster;

- VM recovery daemon (13).

[0047] The preliminary user must, through the graphical interface of the computer - the controller (4) of the cluster or individual VMs, enter the following service settings, which must be entered into the database (8) of the computer controller (4):

- flag for enabling the high availability function;

- flag for enabling automatic selection of a computer for restoring a VM;

- list and order of computers on which it is necessary to restore the computer (valid when the computer automatic selection flag is disabled);

- the flag for enabling the choice of a computer for restoring a computer with the least load of RAM (hereinafter referred to as RAM) (valid when the automatic computer selection flag is disabled);

- number of attempts to restore the VM (default - 5);

- timeout (time interval) between VM recovery attempts (default is 60 seconds).

[0048] When setting the settings for a cluster (2), all VMs in the cluster must inherit these settings.

[0049] In the normal mode of operation of the cluster (2), the computer - the controller (4) must process the so-called heartbeat signals from the servers - the computer (1) and the VM.

[0050] In the proposed centralized response method, it is proposed to process the following types of heartbeat signals:

- signals from the computer (1): ping request or make attempts to connect via SSH;

- VM activity signals: checking the activity of writing to the VM image after certain periods of time;

- signals from the IPMI board (6).

[0051] The daemon (10) for polling a computer from the cluster connects to the computer (1) using the appropriate protocols, receives heartbeat signal messages from the computer (1), VM and IPMI board (6), generates information messages and puts them in the queue for processing by the demon (10) of determining the states of the computer (1).

[0052] The daemon (11) for determining the states of the computer (1) in the cluster (2) detects the absence of information messages for a certain time (timeout) (by default - 60 seconds) and changes the record of the state of the computer (1) in the database ( 8) Computer-controller (4) to "node unavailable".

[0053] The daemon (12) fencing the nodes of the cluster computer (2) periodically reads the record of the status of the computer (1) in the database (8) of the computer-controller (4) and, upon detecting the state "node unavailable", performs the operation of forced shutdown of the computer (1) through the IPMI interface (6) - "fencing". The “fencing” operation is necessary to ensure that the VM is turned off on an inaccessible computer (1) to exclude the possibility of data corruption due to the simultaneous write operation of two VM instances to one disk memory area. The daemon (12) for fencing the nodes of the cluster computers sends a forced shutdown signal for the computer (1) to the IPMI board (6). In the event of a successful forced shutdown of the computer (1), the IPMI board (6) returns a positive signal to the demon (12) of the fence of the cluster computer nodes. After that, the demon (12) of fencing the nodes of the cluster computer enters into the database (8) of the computer controller (4) a record confirming that this computer (1) is in the "node is fenced" state.

[0054] Next, the VM recovery algorithm implemented by the VM recovery daemon (13) is executed (FIG. 3).

[0055] The VM recovery daemon (13) periodically reads the record of the state of the computer (1) and the state of the "fencing" of the computer (1) in the database (8) of the computer controller (4) and upon detection of the state of the computer (1) "node is fenced" , starts the VM recovery operation on another computer (1). The VM recovery daemon (13) queries the database (8) of the computer-controller (4) for the flag enabling automatic selection of the computer (1) for VM recovery.

[0056] If this flag is enabled, then the VM recovery daemon (13) queries in turn the entries in the database (8) of the computer-controller (4) with the OP load level on each computer (1) and attempt to restore the VM on the computer (1 ) with the state "available" with the least load of the OP.

[0057] If the flag for enabling automatic selection of computers (1) for restoring the VM is disabled, then the daemon (13) for restoring the VM reads from the database (8) of the computer-controller (4) an entry with a list and order of the number of computers (1) on which you need to restore the VM.

[0058] The VM recovery daemon (13) polls the computer selection enable flag (1) to recover the VM with the least RAM load.

[0059] If this flag is disabled, then the VM restore daemon (13) attempts to restore the VM on the first computer (1) from the list with the "available" state.

[0060] If the enable flag of the selection of the computer (1) for restoring the VM with the least RAM load is turned on, then the VM restore daemon (13) makes an attempt to restore the VM on the computer (1) with the node available state with the least RAM load.

[0061] If the VM restore attempt is unsuccessful, then the VM restore daemon (13) attempts to restore on the next computer (1) with the least RAM load or the next computer (1) in order from the list selected by the user with the node available state. Before each next attempt to restore the VM, the daemon (13) for restoring the VM must wait for the end of the timeout specified by the user during the service setting of the high availability function of the VMs listed in the database (8) of the computer-controller (4). The number of attempts to restore the VM is set by the user during the service configuration of the high availability function of the VM.

[0062] Recovery of the VM is carried out by sending the daemon (13) of recovery of the VM to the computer (1) of the configuration data of the hypervisor (7) via the SSH protocol and the command to turn on the VM.

[0063] If all computers (1) and the Ethernet switch (3) included in the cluster infrastructure (2) were turned off, then after turning on the following scenario may occur: the operating system of the computer (1) may boot later than the control software package on the computer -controller (4), which will entail the setting of the "node unavailable" flag for computers (1), their forced shutdown and attempts to restore the VM.

[0064] To exclude this scenario, the control software complex of the computer controller (4) must wait for the completion of the timeout of 600 seconds. before starting the VM recovery daemon (13).

Claims (24)

1. A method for centralized response to a network failure or server failure in a high availability cluster and recovery of a virtual machine in a high availability cluster (2) containing a set of virtual machines (VMs) deployed on a group of computers (1, 2 ... N) (1) with installed hypervisor (7) equipped with boards - IPMI (6), computer-controller (4), computer-storage system (5), containing a database (9) of the guest operating system of virtual machines (VM), Ethernet switch (3), providing communication between the elements of the system via the IPMI interface, while the computer controller (4) contains a control software package, including a "daemon (10) for polling computers from the cluster", "daemon (11) for determining the states of the cluster computers", "demon (12) nodes of the cluster computer”, “VM recovery daemon (13)”, as well as a database (8), which stores the configuration data of the hypervisor (7) of turned off virtual machines (VM), service settings, including at least a flag for enabling the high availability function , flag in enabling automatic selection of computers for recovery, the list and order of computers on which it is necessary to restore the VM, the flag for enabling the choice of computers for restoring the VM with the least RAM load, the number of attempts to restore the VM, the time interval between attempts to restore the VM, characterized by the fact that: the daemon (10) of polling the computer (1) from the cluster (2) connects to the computer (1) via the appropriate protocols, receives signal messages "heartbeat" from the computer (1), VM and IPMI board (6), generates information messages and places they are queued for processing by the demon (11) for determining the states of the computer (1); the demon (11) for determining the states of the computer (1) in the cluster (2) detects the absence of informational messages in the queue coming from the demon (10) for polling the computer (1) from the cluster (2) for a certain time, and changes the record of the state of the computer (1 ) in the database (8) of the computer controller (4) to "node unavailable"; the demon (12) of the fence of the computer nodes (1) of the cluster (2) periodically reads the record of the status of the computer (1) in the database (8) of the computer controller (4) and, upon detecting the state “node unavailable”, performs the operation of forced shutdown of the computer (1) through the board - IPMI (6) - "fencing" and enters into the database (8) of the computer controller (4) a record that this computer (1) is in the "node fenced" state; the daemon (13) of restoring the VM periodically reads in the database (8) of the computer controller (4) the record of the state of the computer (1) and the state of the "fencing" of the computer (1) and when the state "node is fenced" is detected, it starts the operation of restoring the VM on another computer (1), wherein the VM recovery demon (13) polls the database (8) of the computer controller (4) for enabling automatic selection of the computer (1) for VM recovery; if the flag for enabling automatic selection of computers (1) for VM recovery is enabled, then the daemon (13) for restoring the VM polls in turn the records in the database (8) of the computer controller (4) with the level of RAM load on each computer (1 ) and makes an attempt to restore the VM on the computer (1) with the “available” state with the least RAM load; if the flag for enabling automatic selection of computers (1) for recovery is disabled, then the daemon (13) for restoring the VM reads from the database (8) of the computer controller (4) an entry with the list and order of the computers (1) on which it is necessary to perform VM recovery; the VM recovery daemon (13) polls the computer selection enable flag (1) to restore the VM with the least RAM load; if the enable flag for selecting a computer (1) for restoring a VM with the least RAM load is disabled, then the VM restore daemon (13) attempts to restore the VM on the first computer (1) from the list with the “available” state; if the enable flag of the choice of computer (1) for restoring the VM with the least RAM load is enabled, then the VM restore daemon (13) makes an attempt to restore the VM on the computer (1) with the "node available" state with the least RAM load; if the attempt to restore the VM is unsuccessful, then the VM restore daemon (13) makes an attempt to restore the VM on the next computer (1) with the least RAM load or the next computer (1) in order from the list selected by the user with the state "node available", at the same time, before each next attempt, the daemon (13) of restoring the VM must wait for the completion of the time period specified by the user when configuring the high availability function of the VM; VM recovery is carried out by transferring the VM recovery daemon (13) to the computer (1) with configuration data of the hypervisor (7). 2. A system for centralized response to a network failure or server failure in a high availability cluster and restoration of a virtual machine in a high availability cluster (2), including a set of virtual machines (VMs) deployed on a group of computers (1, 2 ... N) (1) with installed hypervisor (7) equipped with a board - IPMI (6), computer-controller (4), computer-storage system (5), containing a database (9) of the guest operating system of virtual machines (VM), Ethernet switch (3), providing communication between the elements of the system via the IPMI interface, while the computer controller (4) contains a control software complex, including a "daemon (10) for polling computers from a cluster", "a demon (11) for determining the states of a cluster computer", "a fence demon (12) nodes of the cluster computer”, “VM recovery daemon (13)”, as well as a database (8), which stores the configuration data of the hypervisor (7) of turned off virtual machines (VM), service settings, including at least a flag for enabling the high availability function , VK flag enabling automatic selection of computers for recovery, the list and order of computers on which it is necessary to restore the VM, the flag for enabling the choice of computers for restoring the VM with the least RAM load, the number of attempts to restore the VM, the time interval between attempts to restore the VM and is configured to implement the following functions : the daemon (10) of polling the computer (1) from the cluster (2) connects to the computer (1) using the appropriate protocols, receives the “heartbeat” signaling messages from the computer (1), the VM and the board - IPMI (6), generates information messages and places they are queued for processing by the demon (11) for determining the states of the computer (1); the demon (11) for determining the states of the computer (1) in the cluster (2) detects the absence of information messages coming from the demon (10) for polling the computer (1) from the cluster (2) in the queue for a certain time, and changes the record of the state of the computer (1 ) in the database (8) of the computer controller (4) to "node unavailable"; the demon (12) of the fence of the computer nodes (1) of the cluster (2) periodically reads the record of the status of the computer (1) in the database (8) of the computer controller (4) and, upon detecting the state “node unavailable”, performs the operation of forced shutdown of the computer (1) through the board - IPMI (6) - "fencing" and enters into the database (8) of the computer controller (4) a record that this computer (1) is in the "node fenced" state; the daemon (13) of restoring the VM periodically reads in the database (8) of the computer controller (4) the record of the state of the computer (1) and the state of the "fencing" of the computer (1) and when the state "node is fenced" is detected, it starts the operation of restoring the VM on another computer (1), while the VM recovery demon (13) polls the database (8) of the computer controller (4) for the automatic selection flag of the computer (1) for recovery; if the flag for enabling automatic selection of computers (1) for recovery is enabled, then the daemon (13) for restoring the VM polls in turn the records in the database (8) of the computer controller (4) with the level of RAM load on each computer (1) and makes an attempt to restore the VM on the computer (1) with the state "available" with the least load of RAM; if the flag for enabling automatic selection of computers (1) for recovery is disabled, then the daemon (13) for restoring the VM reads from the database (8) of the computer controller (4) an entry with the list and order of the computers (1) on which it is necessary to perform VM recovery; the VM recovery daemon (13) polls the computer selection enable flag (1) to restore the VM with the least RAM load; if the enable flag for selecting a computer (1) for restoring a VM with the least RAM load is disabled, then the VM restore daemon (13) attempts to restore the VM on the first computer (1) from the list with the “available” state; if the enable flag of the choice of computer (1) for restoring the VM with the least RAM load is enabled, then the VM restore daemon (13) makes an attempt to restore the VM on the computer (1) with the "node available" state with the least RAM load; if the attempt to restore the VM is unsuccessful, then the VM restore daemon (13) makes an attempt to restore the VM on the next computer (1) with the least RAM load or the next computer (1) in order from the list selected by the user with the state "node available", at the same time, before each next attempt, the daemon (13) of restoring the VM must wait for the completion of the time period specified by the user when configuring the high availability function of the VM; VM recovery is carried out by transferring the VM recovery daemon (13) to the computer (1) with configuration data of the hypervisor (7).

Images