Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Semi-sync is not enforced if promotion rule is must_not #1369

Open
binwiederhier opened this issue Jun 17, 2021 · 1 comment
Open

Semi-sync is not enforced if promotion rule is must_not #1369

binwiederhier opened this issue Jun 17, 2021 · 1 comment

Comments

@binwiederhier
Copy link
Contributor

binwiederhier commented Jun 17, 2021
edited

(This is related to #1360, and I'll describe more in that ticket)

We have MySQL hosts in our topology that we'd like to only ever use as a backup host, i.e. we drive backups of these hosts. On these hosts, we have the promotion rule set to must_not, meaning that we won't ever fail over to these hosts.

         ---> 2 (prefer, semi-sync replica)
       /
1 (source) 
       \
         ---> 3 (must_not, async replica)

In a failover scenario of the source (1), we'd like to enable semi-sync on that backup host (3) to ensure that we're not losing any transactions. At this time, Orchestrator does not support enforcing semi-sync for non-promotable hosts (note the sendACK):

	// If async fallback is disallowed, we'd better make sure to enable replicas to
	// send ACKs before START SLAVE. Replica ACKing is off at mysqld startup because
	// some replicas (those that must never be promoted) should never ACK.
	// Note: We assume that replicas use 'skip-slave-start' so they won't
	//       START SLAVE on their own upon restart.
	if instance.SemiSyncEnforced {
		// Send ACK only from promotable instances.
		sendACK := instance.PromotionRule != MustNotPromoteRule
		// Always disable master setting, in case we're converting a former master.
		if err := EnableSemiSync(instanceKey, false, sendACK); err != nil {
			return instance, log.Errore(err)
		}
	}

What is the history behind not allowing semi-sync for non-promotable hosts? If I were to implement a config option AllowSemiSyncForUnpromotableHosts that would effectively be used like this:

sendACK := config.AllowSemiSyncForUnpromotableHosts || instance.PromotionRule != MustNotPromoteRule
This was referenced Jun 17, 2021
Closed
Closed
@shlomi-noach
Copy link
Collaborator

SemiSyncEnforced was contributed to orchestrator by the authors of Vitess (BTW I'm today a maintainer for Vitess but that's irrelevant). In vitess there are clear roles to the topology servers and orchestrator behavior was to match Vitess's configuration.

See more here: #1360 (comment)

If you wish to enforce semi-sync I suggest re-thinking and re-designing the behavior from scratch rather than patching existing behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow semi-sync even if a replica's promotion rule is "must_not" binwiederhier/orchestrator
2 participants
@binwiederhier @shlomi-noach