You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
WL#12895: Group Replication: Add OFFLINE_MODE to group_replication_exit_state_action
The option group_replication_exit_state_action configures how Group
Replication behaves when a server leaves the group unintentionally:
1. after encountering an applier error;
2. after encountering an recovery error;
3. in the case of a loss of majority;
4. when another member of the group expels it due to a suspicion
timing out;
5. after an error on coordinated group changes[1];
6. after a primary election error;
7. after a clone provisioning error;
8. when automatic rejoin is enable, after its attempts are
exhausted unsuccessfully.
This behavior can be:
* READ_ONLY disable writes on the server, by enabling
server super_read_only[2] option;
* ABORT_SERVER shutdown the server.
After this worklog is implemented, a new behavior is added:
* OFFLINE_MODE close all connections and disallow new ones from
users who do not have the CONNECTION_ADMIN or SUPER
privilege, by enabling server offline_mode[3] option.
OFFLINE_MODE includes the behaviour of READ_ONLY.
This automatic connection closure will avoid user sessions to:
1) read stale data and 2) write data to orphans servers, without the
need to shutdown the server.
USER INTERFACE
--------------
The DBA can specify the behaviour by setting the option:
- name: group_replication_exit_state_action
- values: { READ_ONLY, ABORT_SERVER, OFFLINE_MODE }
- default: READ_ONLY
- scope: global
- dynamic: yes
- replicated: no
- persistable: PERSIST, PERSIST_ONLY
- credentials: SYSTEM_VARIABLES_ADMIN
- description: The action that is taken when the server
leaves the group unintentionally.
Possible values are READ_ONLY,
ABORT_SERVER and OFFLINE_MODE.
ReviewBoard: 21931
Copy file name to clipboardExpand all lines: mysql-test/r/grant_dynamic_session_variables_admin.result
+1-1
Original file line number
Diff line number
Diff line change
@@ -191,7 +191,7 @@ DROP USER wl12217@localhost;
191
191
SHOW GRANTS for "mysql.session"@localhost;
192
192
Grants for mysql.session@localhost
193
193
GRANT SHUTDOWN, SUPER ON *.* TO `mysql.session`@`localhost`
194
-
GRANT BACKUP_ADMIN,CLONE_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
194
+
GRANT BACKUP_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
195
195
GRANT SELECT ON `performance_schema`.* TO `mysql.session`@`localhost`
196
196
GRANT SELECT ON `mysql`.`user` TO `mysql.session`@`localhost`
Copy file name to clipboardExpand all lines: mysql-test/r/mysql_upgrade.result
+2-2
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ Pattern "Could not open server upgrade info file \'.*\' for writing\. Please mak
18
18
SHOW GRANTS FOR "mysql.session"@localhost;
19
19
Grants for mysql.session@localhost
20
20
GRANT SHUTDOWN, SUPER ON *.* TO `mysql.session`@`localhost`
21
-
GRANT BACKUP_ADMIN,CLONE_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
21
+
GRANT BACKUP_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
22
22
GRANT SELECT ON `performance_schema`.* TO `mysql.session`@`localhost`
23
23
GRANT SELECT ON `mysql`.`user` TO `mysql.session`@`localhost`
24
24
REVOKE SESSION_VARIABLES_ADMIN ON *.* FROM "mysql.session"@localhost;
@@ -27,7 +27,7 @@ REVOKE SESSION_VARIABLES_ADMIN ON *.* FROM "mysql.session"@localhost;
27
27
SHOW GRANTS FOR "mysql.session"@localhost;
28
28
Grants for mysql.session@localhost
29
29
GRANT SHUTDOWN, SUPER ON *.* TO `mysql.session`@`localhost`
30
-
GRANT BACKUP_ADMIN,CLONE_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
30
+
GRANT BACKUP_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
31
31
GRANT SELECT ON `performance_schema`.* TO `mysql.session`@`localhost`
32
32
GRANT SELECT ON `mysql`.`user` TO `mysql.session`@`localhost`
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
4
+
Note #### Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
5
+
[connection server1]
6
+
7
+
#####
8
+
# 0) The test requires three servers.
9
+
#####
10
+
11
+
SET SESSION sql_log_bin = 0;
12
+
call mtr.add_suppression("This member could not reach a majority of the members for more than 10 seconds. The member will now leave the group as instructed by the group_replication_unreachable_majority_timeout option.");
13
+
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
14
+
call mtr.add_suppression("The server was automatically set into offline mode after an error was detected.");
15
+
call mtr.add_suppression("\\[GCS\\] Timeout while waiting for the group communication engine to exit!");
16
+
call mtr.add_suppression("\\[GCS\\] The member has failed to gracefully leave the group.");
call mtr.add_suppression("\\[GCS\\] Error connecting to all peers. Member join failed. Local port:*");
20
+
call mtr.add_suppression("\\[GCS\\] The member was unable to join the group.*");
21
+
call mtr.add_suppression("Timeout while waiting for a view change event during the auto-rejoin procedure");
22
+
call mtr.add_suppression("Unable to confirm whether the server has left the group or not. Check performance_schema.replication_group_members to check group membership information.");
23
+
SET SESSION sql_log_bin = 1;
24
+
include/gr_autorejoin_monitoring.inc
25
+
SET @debug_saved = @@GLOBAL.DEBUG;
26
+
SET @@GLOBAL.DEBUG='+d,group_replication_rejoin_short_retry';
27
+
SET @@GLOBAL.DEBUG='+d,group_replication_stop_before_rejoin_loop';
28
+
SET @@GLOBAL.DEBUG='+d,group_replication_stop_before_rejoin';
29
+
SET @saved_exit_state_action = @@GLOBAL.group_replication_exit_state_action;
30
+
SET @@GLOBAL.group_replication_exit_state_action = OFFLINE_MODE;
31
+
include/start_and_bootstrap_group_replication.inc
32
+
[connection server2]
33
+
include/start_group_replication.inc
34
+
[connection server3]
35
+
include/start_group_replication.inc
36
+
37
+
####
38
+
# 1) Provoke a majority loss.
39
+
####
40
+
41
+
[connection server1]
42
+
SET GLOBAL group_replication_autorejoin_tries = 3;
43
+
include/gr_provoke_majority_loss.inc
44
+
45
+
####
46
+
# 2) Verify that the member in the partitioned group will try to rejoin
47
+
# the group the number of it is configured in
48
+
# group_replication_autorejoin_tries sysvar.
49
+
####
50
+
51
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_entering_loop";
52
+
include/assert.inc [Auto-rejoin should be running]
53
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_enter_loop";
54
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_waiting";
55
+
include/assert.inc [Auto-rejoin should be running]
56
+
include/assert.inc [super_read_only should be enabled]
57
+
include/assert.inc [offline_mode must be disabled]
58
+
include/assert.inc [member state must be ERROR]
59
+
include/assert.inc [We should have attempted 1 rejoins]
60
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_continue";
61
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_waiting";
62
+
include/assert.inc [Auto-rejoin should be running]
63
+
include/assert.inc [super_read_only should be enabled]
64
+
include/assert.inc [offline_mode must be disabled]
65
+
include/assert.inc [member state must be ERROR]
66
+
include/assert.inc [We should have attempted 2 rejoins]
67
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_continue";
68
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_waiting";
69
+
include/assert.inc [Auto-rejoin should be running]
70
+
include/assert.inc [super_read_only should be enabled]
71
+
include/assert.inc [offline_mode must be disabled]
72
+
include/assert.inc [member state must be ERROR]
73
+
include/assert.inc [We should have attempted 3 rejoins]
74
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_continue";
75
+
76
+
####
77
+
# 3 Since group_replication_exit_state_action is set to OFFLINE_MODE, the member
78
+
# will enter the ERROR state and enable both super_read_only and offline_mode.
79
+
####
80
+
81
+
include/gr_wait_for_member_state.inc
82
+
include/assert_and_disable_read_only.inc
83
+
include/assert_and_disable_offline_mode.inc
84
+
85
+
####
86
+
# 4) Cleanup.
87
+
####
88
+
89
+
include/stop_group_replication.inc
90
+
include/start_and_bootstrap_group_replication.inc
91
+
SET @@GLOBAL.DEBUG = @debug_saved;
92
+
SET @@GLOBAL.group_replication_autorejoin_tries = default;
93
+
SET @@GLOBAL.group_replication_exit_state_action = @saved_exit_state_action;
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
4
+
Note #### Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
5
+
[connection server1]
6
+
7
+
####
8
+
# 0) The test requires three servers.
9
+
####
10
+
11
+
SET sql_log_bin = 0;
12
+
call mtr.add_suppression("Member was expelled from the group due to network failures, changing member status to ERROR.");
call mtr.add_suppression("The server was automatically set into offline mode after an error was detected.");
16
+
call mtr.add_suppression("Unable to confirm whether the server has left the group or not. Check performance_schema.replication_group_members to check group membership information.");
17
+
SET sql_log_bin = 1;
18
+
include/gr_autorejoin_monitoring.inc
19
+
SET @debug_saved = @@GLOBAL.DEBUG;
20
+
SET @@GLOBAL.DEBUG='+d,group_replication_rejoin_short_retry';
21
+
SET @@GLOBAL.DEBUG='+d,group_replication_fail_rejoin';
22
+
SET @@GLOBAL.DEBUG='+d,group_replication_stop_before_rejoin_loop';
23
+
SET @@GLOBAL.DEBUG='+d,group_replication_stop_before_rejoin';
24
+
SET @saved_exit_state_action = @@GLOBAL.group_replication_exit_state_action;
25
+
SET @@GLOBAL.group_replication_exit_state_action = OFFLINE_MODE;
26
+
include/start_and_bootstrap_group_replication.inc
27
+
[connection server2]
28
+
include/start_group_replication.inc
29
+
[connection server3]
30
+
include/start_group_replication.inc
31
+
32
+
####
33
+
# 1) Expel one of the members.
34
+
####
35
+
36
+
[connection server1]
37
+
SET GLOBAL group_replication_autorejoin_tries = 3;
38
+
include/gr_expel_member_from_group.inc
39
+
SET SESSION sql_log_bin = 0;
40
+
CREATE TABLE pid_table(pid_no INT PRIMARY KEY);
41
+
LOAD DATA LOCAL INFILE 'pid_file' INTO TABLE pid_table;
42
+
DROP TABLE pid_table;
43
+
SET SESSION sql_log_bin = 1;
44
+
45
+
####
46
+
# 2) Verify that the expelled member will try to rejoin the group the
47
+
# number of it is configured in group_replication_autorejoin_tries
48
+
# sysvar.
49
+
####
50
+
51
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_entering_loop";
52
+
include/assert.inc [Auto-rejoin should be running]
53
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_enter_loop";
54
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_waiting";
55
+
include/assert.inc [Auto-rejoin should be running]
56
+
include/assert.inc [super_read_only should be enabled]
57
+
include/assert.inc [offline_mode must be disabled]
58
+
include/assert.inc [member state must be ERROR]
59
+
include/assert.inc [We should have attempted 1 rejoins]
60
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_continue";
61
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_waiting";
62
+
include/assert.inc [Auto-rejoin should be running]
63
+
include/assert.inc [super_read_only should be enabled]
64
+
include/assert.inc [offline_mode must be disabled]
65
+
include/assert.inc [member state must be ERROR]
66
+
include/assert.inc [We should have attempted 2 rejoins]
67
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_continue";
68
+
SET DEBUG_SYNC = "now WAIT_FOR signal.autorejoin_waiting";
69
+
include/assert.inc [Auto-rejoin should be running]
70
+
include/assert.inc [super_read_only should be enabled]
71
+
include/assert.inc [offline_mode must be disabled]
72
+
include/assert.inc [member state must be ERROR]
73
+
include/assert.inc [We should have attempted 3 rejoins]
74
+
SET DEBUG_SYNC = "now SIGNAL signal.autorejoin_continue";
75
+
76
+
####
77
+
# 3) Verify that, with group_replication_exit_state_action set to OFFLINE_MODE,
78
+
# the expelled member will enter the ERROR state and enable both
79
+
# super_read_only and offline_mode mode.
80
+
####
81
+
82
+
include/gr_wait_for_member_state.inc
83
+
include/assert_and_disable_read_only.inc
84
+
include/assert_and_disable_offline_mode.inc
85
+
86
+
####
87
+
# 4) Manually rejoin the server to the group.
88
+
####
89
+
90
+
include/stop_group_replication.inc
91
+
include/start_group_replication.inc
92
+
include/rpl_gr_wait_for_number_of_members.inc
93
+
[connection server2]
94
+
include/rpl_gr_wait_for_number_of_members.inc
95
+
[connection server3]
96
+
include/rpl_gr_wait_for_number_of_members.inc
97
+
98
+
####
99
+
# 5) Cleanup.
100
+
####
101
+
102
+
[connection server1]
103
+
SET @@GLOBAL.DEBUG = @debug_saved;
104
+
SET @@GLOBAL.group_replication_autorejoin_tries = default;
105
+
SET @@GLOBAL.group_replication_exit_state_action = @saved_exit_state_action;
0 commit comments