mha-helper icon indicating copy to clipboard operation
mha-helper copied to clipboard

Published 20 hours ago verified publisher icon ovaistariq

Super read only config write

Open grypyrg opened this issue 9 years ago • 3 comments

In case of a restart of a slave, the read_only configuration set by MHA is lost. Define a configuration file (which is read by my.cnf with !includedir, and has permissions for the mha user), to enable creation of this file to ensure a node that restarts remains read_only. Leave empty when you do not want to use this feature..

also includes super_read_only support.

grypyrg avatar Dec 04 '15 17:12 grypyrg

@grypyrg I had thought about this earlier and come to the conclusion that this type of configuration is better suite for configuration management systems. I think a better and safer approach is to always have the read_only flag set to '1' in the configuration file on all the nodes in a replication cluster including the master. The read_only flag will be set to '0' on the current master by MHA anyway, which means that any given point in time there will be exactly one node with read_only set to '0' and that would be the master node. However, when the whole replication cluster goes down, and then all nodes come back up online, at that point all the nodes will have read_only set to '1'. I think that is the safest thing to do, because when all the nodes go down, then technically there is no single source of truth and manual intervention is needed to figure out which one to promote to be the master.

Let me know what you think.

ovaistariq avatar Dec 09 '15 06:12 ovaistariq

Hi @ovaistariq, yes, it's a valid opinion and I understand.

However, I have a different one:

  • super_read_only is a bit more special as well as it also blocks mysql_upgrade and any other write by root users. My configuration management deals with that as well, but requires special handling.
  • systemd and mysqld_safe restart mysql automatically upon crash, I didn't want a master to become read only because of it, it would increase downtime.

Good thing the feature is optional! :)

grypyrg avatar Dec 09 '15 07:12 grypyrg

Hi @grypyrg configuration management could be changed to not set read_only flag in the config file if the node is a master node, that is what I am doing in my configuration management. What you are suggesting with the config file option will only work in case of candidate masters, how will you tackle it for all the nodes in a replication cluster? And what about the case where all nodes in a replication cluster are candidate masters? Are you saying that we initially start with the config file setting the read_only flag on all the nodes, and then when a failover happens that setting from the config file is removed?

ovaistariq avatar Dec 09 '15 08:12 ovaistariq