欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  数据库

Failover with the MySQL Utilities: Part 2 – mysqlfailover_MySQL

程序员文章站 2022-03-25 08:09:43
...
In theprevious postof this series we saw how you could usemysqlrpladminto perform manual failover/switchover when GTID replication is enabled in MySQL 5.6. Now we will reviewmysqlfailover(version 1.4.3), another tool from the MySQL Utilities that can be used for automatic failover.

Summary

  • mysqlfailovercan perform automatic failover if MySQL 5.6′s GTID-replication is enabled.
  • All slaves must use--master-info-repository=TABLE.
  • The monitoring node is a single point of failure: don’t forget to monitor it!
  • Detection of errant transactions works well, but you have to use the--pedanticoption to make sure failover will never happen if there is an errant transaction.
  • There are a few limitations such as the inability to only fail over once, or excessive CPU utilization, but they are probably not showstoppers for most setups.

Setup

We will use the same setup as last time: one master and two slaves, all using GTID replication. We can see the topology usingmysqlfailoverwith thehealthcommand:

$ mysqlfailover --master=root@localhost:13001 --discover-slaves-login=root health[...]MySQL Replication Failover UtilityFailover Mode = auto Next Interval = Tue Jul1 10:01:22 2014Master Information------------------Binary Log File PositionBinlog_Do_DBBinlog_Ignore_DBmysql-bin.000003700GTID Executed Seta9a396c6-00f3-11e4-8e66-9cebe8067a3f:1-3Replication Health Status+------------+--------+---------+--------+------------+---------+| host | port | role| state| gtid_mode| health|+------------+--------+---------+--------+------------+---------+| localhost| 13001| MASTER| UP | ON | OK|| localhost| 13002| SLAVE | UP | ON | OK|| localhost| 13003| SLAVE | UP | ON | OK|+------------+--------+---------+--------+------------+---------+

$mysqlfailover--master=root@localhost:13001--discover-slaves-login=roothealth

[...]

MySQLReplicationFailoverUtility

FailoverMode=auto NextInterval=TueJul 110:01:222014

MasterInformation

------------------

BinaryLogFile Position Binlog_Do_DB Binlog_Ignore_DB

mysql-bin.000003 700

GTIDExecutedSet

a9a396c6-00f3-11e4-8e66-9cebe8067a3f:1-3

ReplicationHealthStatus

+------------+--------+---------+--------+------------+---------+

|host |port |role |state |gtid_mode |health |

+------------+--------+---------+--------+------------+---------+

|localhost |13001 |MASTER |UP |ON |OK |

|localhost |13002 |SLAVE |UP |ON |OK |

|localhost |13003 |SLAVE |UP |ON |OK |

+------------+--------+---------+--------+------------+---------+

Note that--master-info-repository=TABLEneeds to be configured on all slaves or the tool will exit with an error message:

2014-07-01 10:18:55 AM CRITICAL Failover requires --master-info-repository=TABLE for all slaves.ERROR: Failover requires --master-info-repository=TABLE for all slaves.

2014-07-0110:18:55AMCRITICALFailoverrequires--master-info-repository=TABLEforallslaves.

ERROR:Failoverrequires--master-info-repository=TABLEforallslaves.

Failover

You can use 2 commands to trigger automatic failover:

  • auto: the tool tries to find a candidate in the list of servers specified with--candidates, and if no good server is found in this list, it will look at the other slaves to see if one can be a good candidate. This is the default command
  • elect: same asauto, but if no good candidate is found in the list of candidates, other slaves will not be checked and the tool will exit with an error.

Let’s start the tool withauto:

$ mysqlfailover --master=root@localhost:13001 --discover-slaves-login=root auto

$mysqlfailover--master=root@localhost:13001--discover-slaves-login=rootauto

The monitoring console is visible and is refreshed every--intervalseconds (default: 15). Its output is similar to what you get when using thehealthcommand.

Then let’s kill -9 the master to see what happens once the master is detected as down:

Failed to reconnect to the master after 3 attemps.Failover starting in 'auto' mode...# Candidate slave localhost:13002 will become the new master.# Checking slaves status (before failover).# Preparing candidate for failover.# Creating replication user if it does not exist.# Stopping slaves.# Performing STOP on all slaves.# Switching slaves to new master.# Disconnecting new master as slave.# Starting slaves.# Performing START on all slaves.# Checking slaves for errors.# Failover complete.# Discovering slaves for master at localhost:13002Failover console will restart in 5 seconds.MySQL Replication Failover UtilityFailover Mode = auto Next Interval = Tue Jul1 10:59:47 2014Master Information------------------Binary Log File PositionBinlog_Do_DBBinlog_Ignore_DBmysql-bin.000005191GTID Executed Seta9a396c6-00f3-11e4-8e66-9cebe8067a3f:1-3Replication Health Status+------------+--------+---------+--------+------------+---------+| host | port | role| state| gtid_mode| health|+------------+--------+---------+--------+------------+---------+| localhost| 13002| MASTER| UP | ON | OK|| localhost| 13003| SLAVE | UP | ON | OK|+------------+--------+---------+--------+------------+---------+

Failedtoreconnecttothemasterafter3attemps.

Failoverstartingin'auto'mode...

# Candidate slave localhost:13002 will become the new master.

# Checking slaves status (before failover).

# Preparing candidate for failover.

# Creating replication user if it does not exist.

# Stopping slaves.

# Performing STOP on all slaves.

# Switching slaves to new master.

# Disconnecting new master as slave.

# Starting slaves.

# Performing START on all slaves.

# Checking slaves for errors.

# Failover complete.

# Discovering slaves for master at localhost:13002

Failoverconsolewillrestartin5seconds.

MySQLReplicationFailoverUtility

FailoverMode=auto NextInterval=TueJul 110:59:472014

MasterInformation

------------------

BinaryLogFile Position Binlog_Do_DB Binlog_Ignore_DB

mysql-bin.000005 191

GTIDExecutedSet

a9a396c6-00f3-11e4-8e66-9cebe8067a3f:1-3

ReplicationHealthStatus

+------------+--------+---------+--------+------------+---------+

|host |port |role |state |gtid_mode |health |

+------------+--------+---------+--------+------------+---------+

|localhost |13002 |MASTER |UP |ON |OK |

|localhost |13003 |SLAVE |UP |ON |OK |

+------------+--------+---------+--------+------------+---------+

Looks good! The tool is then ready to fail over to another slave if the new master becomes unavailable.

You can also run custom scripts at several points of execution with the--exec-before,--exec-after,--exec-fail-check,--exec-post-failoveroptions.

However it would be great to have a--failover-and-exitoption to avoid flapping: the tool would detect master failure, promote one of the slaves, reconfigure replication and then exit (this is what MHA does for instance).

Tool registration

When the tool is started, it registers itself on the master by writing a few things in the specific table:

mysql> SELECT * FROM mysql.failover_console;+-----------+-------+| host| port|+-----------+-------+| localhost | 13001 |+-----------+-------+

mysql>SELECT*FROMmysql.failover_console;

+-----------+-------+

|host |port |

+-----------+-------+

|localhost|13001|

+-----------+-------+

This is nice as it avoids that you start several instances ofmysqlfailoverto monitor the same master. If we try, this is what we get:

$ mysqlfailover --master=root@localhost:13001 --discover-slaves-login=root auto[...]Multiple instances of failover console found for master localhost:13001.If this is an error, restart the console with --force.Failover mode changed to 'FAIL' for this instance.Console will start in 10 seconds..........starting Console.

$mysqlfailover--master=root@localhost:13001--discover-slaves-login=rootauto

[...]

Multipleinstancesoffailoverconsolefoundformasterlocalhost:13001.

Ifthisisanerror,restarttheconsolewith--force.

Failovermodechangedto'FAIL'forthisinstance.

Consolewillstartin10seconds..........startingConsole.

With thefailcommand,mysqlfailoverwill monitor replication health and exit in the case of a master failure, without actually performing failover.

Running in the background

In all previous examples,mysqlfailoverwas running in the foreground. This is very good for demo, but in a production environment you are likely to prefer running it in the background. This can be done with the--daemonoption:

$ mysqlfailover --master=root@localhost:13001 --discover-slaves-login=root auto --daemon=start --log=/var/log/mysqlfailover.log

$mysqlfailover--master=root@localhost:13001--discover-slaves-login=rootauto--daemon=start--log=/var/log/mysqlfailover.log

and it can be stopped with:

$ mysqlfailover --daemon=stop

$mysqlfailover--daemon=stop

Errant transactions

If we create an errant transaction on one of the slaves, it will be detected:

MySQL Replication Failover UtilityFailover Mode = auto Next Interval = Tue Jul1 16:29:44 2014[...]WARNING: Errant transaction(s) found on slave(s).Replication Health Status[...]

MySQLReplicationFailoverUtility

FailoverMode=auto NextInterval=TueJul 116:29:442014

[...]

WARNING:Erranttransaction(s)foundonslave(s).

ReplicationHealthStatus

[...]

However this does not prevent failover from occurring! You have to use--pedantic:

$ mysqlfailover --master=root@localhost:13001 --discover-slaves-login=root --pedantic auto[...]# WARNING: Errant transaction(s) found on slave(s).#- For slave 'localhost@13003': db906eee-012d-11e4-8fe1-9cebe8067a3f:12014-07-01 16:44:49 PM CRITICAL Errant transaction(s) found on slave(s). Note: If you want to ignore this issue, please do not use the --pedantic option.ERROR: Errant transaction(s) found on slave(s). Note: If you want to ignore this issue, please do not use the --pedantic option.

$mysqlfailover--master=root@localhost:13001--discover-slaves-login=root--pedanticauto

[...]

# WARNING: Errant transaction(s) found on slave(s).

# - For slave 'localhost@13003': db906eee-012d-11e4-8fe1-9cebe8067a3f:1

2014-07-0116:44:49PMCRITICALErranttransaction(s)foundonslave(s).Note:Ifyouwanttoignorethisissue,pleasedonotusethe--pedanticoption.

ERROR:Erranttransaction(s)foundonslave(s).Note:Ifyouwanttoignorethisissue,pleasedonotusethe--pedanticoption.

Limitations

  • Like formysqlrpladmin, the slave election process is not very sophisticated and it cannot be tuned.
  • The server on whichmysqlfailoveris running is a single point of failure.
  • Excessive CPU utilization: once it is running,mysqlfailoverhogs one core. This is quite surprising.

Conclusion

mysqlfailoveris a good tool to automate failover in clusters using GTID replication. It is flexible and looks reliable. Its main drawback is that there is no easy way to make it highly available itself: ifmysqlfailovercrashes, you will have to manually restart it.