Mastering MySQL Group Replication Recovery: Strategies for High Availability and Data Integrity
MySQL Group Replication offers high availability and data redundancy, but like any technology, it's essential to be prepared for unexpected events. In the dynamic world of database management, ensuring high availability and data integrity is paramount. In this blog, we'll explore the standard practices and procedures for recovering from complete failures in a Group Replication.
Recovery Methods
In MySQL Group Replication, recovery from complete failures involves two main methods: partial recovery and full recovery. Partial recovery involves reintegrating a single node after withdrawal for maintenance or network issues, while full recovery restores the entire cluster after a simultaneous outage, minimizing data loss and preserving integrity.
Partial recovery
When a single node is intentionally withdrawn from the cluster for maintenance or due to a network issue and subsequently reintegrated, it marks a phase of partial recovery in the group replication. This strategic manner allows for essential activities without compromising the overall integrity of the replication group. The seamless reintegration of the node ensures a controlled and efficient recovery process, maintaining the group's resilience.
Full recovery
In the scenario where all nodes within the cluster experience a simultaneous outage, achieving a full recovery involves not only bringing the servers back online but meticulously restoring the entire cluster with up-to-date data. The emphasis lies on minimizing or mitigating data loss during this recovery process, ensuring a comprehensive restoration strategy that prioritizes the preservation of data integrity and continuity within the cluster.
Recovery Workflow
- Joining nodes initiate connections with specified seed nodes listed in group_replication_group_seeds, facilitating the formation of the replication group.
- Seed members will share an updated list of available group members with the joiner node, ensuring a comprehensive view for efficient data transfer.
- The joining node, equipped with the member list, intelligently selects a donor node for the seamless transfer of data.
- Connection attempts are made from the joining node to the chosen donor node to establish a replication link.
- In case of connection issues with the primary donor node, the joining node dynamically explores alternative available members, optimizing the data transfer process.
- The joining node undergoes a meticulous synchronization process, ensuring harmonious integration with the replication group, and fostering a consistent and reliable data environment.
- If the amount of data that's missing is below the threshold of group_replication_clone_threshold (Default - 9223372036854775807), then the missing data will be synchronized from the donor node using the binlog (incremental recovery method).
- If group_replication_clone_threshold is enabled and the missing transaction surpasses the specified threshold, the joining node proceeds with remote cloning of the complete dataset from the donor node.
Note: Ensure that BACKUP_ADMIN permission is granted for the replication user to facilitate this operation.
Recovery State Definitions
- OFFLINE:
The node is currently not an active participant in the MySQL group replication. This state is transient, manifesting when the node is either in the process of joining the group or undergoing re-entry after a temporary disconnection.
- RECOVERING:
The node has successfully joined the group, initiating a crucial phase of distributed recovery. During this stage, a meticulous data transfer mechanism is underway, orchestrated by the remote clone operation or binary log.
- ERROR:
The node is encountering a problem or issue that has caused a member to enter an error state, rendering it unable to actively participate in the group.
- ONLINE:
The node is actively and successfully participating in the replication group. This state indicates that the node is synchronized with the group and is capable of both sending and receiving transactions, contributing to the overall consistency and functionality of the replication setup.
- UNREACHABLE:
The node is currently unreachable or inaccessible within the replication group. This state typically occurs when network issues or communication problems are preventing the node from establishing or maintaining connections with other members of the group.
Partial Recovery Scenario
The partial recovery can be helpful in scenarios where a node has been down for a shorter duration of time due to network partition or a Node has been intentionally taken offline for maintenance purposes.
In a 2 GR node setup, currently only one of the nodes is active.
Node 1:
The failure node will try to connect with the cluster members until the value is set for the group_replication_recovery_retry_count. Once the limit of the retry count has been reached the node will be marked as OFFLINE. We have to start the group replication manually for the server in the OFFLINE state.
Node 2:
Once Group replication has been started, it will initiate a synchronization process to retrieve missing data from other online nodes. Throughout this period, Node 2 will temporarily be in the RECOVERING state, ensuring a seamless integration of the updated data and maintaining the overall consistency of the replication group.
Data recovery process
Incremental recovery
Whenever a member joins or leaves the group, triggering a view change, each online server logs a view change event for future execution. By queuing this event after applying any pending transactions, we ensure accurate tracking of when this transition occurs.
Meanwhile, the joining member identifies a suitable donor from the list of online servers provided by the membership service via the view abstraction. The member then joins the new view, and the online members collectively record a view change event in the binary log.
The server will use the incremental technique of data sync if the joiner node's missing transaction hasn't gone above the group_replication_clone_threshold limit. It will pull the data from the donor node binlog and apply it to the current/joiner node like asynchronous replication.
The joining member establishes a connection with the donor, initiating the state transfer process by using binlog from the donor node. This communication with the donor persists until the joining server's applier thread processes the view change log event associated with the view change triggered when the joining server becomes part of the group.
We can actively monitor the replication lag within the group by executing show slave status for channel group_replication_recovery and reviewing the comprehensive syncing details.
After completing data synchronization, the server seamlessly transitions to the ONLINE state and follows synchronous replication among the clusters, signifying that the data is now in complete harmony. With synchronization achieved, the server stands ready to efficiently handle and serve incoming traffic, ensuring optimal performance and reliability for the end users.
Cloning
When the missing transaction on the joiner node has exceeded the limit of the group_replication_clone_threshold the server will undergo the data sync using the cloning method.
These pertinent details about the cloning operation can be retrieved from the error log of the recovery server. Upon the successful completion of cloning, the server undergoes an automatic restart, ensuring a seamless transition to an updated state aligned with the synchronized data, and thereby enhancing the overall reliability of the system.
After the successful completion of the cloning process, the system initiates the recovery of any remaining data that may have occurred during the cloning phase using the 'incremental recovery' mechanism.
Once all the data is synced, the server will become ONLINE.
Full Recovery Methods
Method 1: Recovery from backup
In cases of server crashes caused by hardware issues or server failure to start on the same machine, the recommended approach is data recovery from backups. We adhere to a standard practice of daily backups, which can take the form of either logical or physical backups depending on the use case and data size.
Here, we've outlined the steps to prepare the primary server for Group Replication using the scheduled automated backups.
Physical backups
Sample backup command:
Note: For a comprehensive overview of the available options, please consult the xtrabackup documentation page, where you can find in-depth information.
We must ensure the successful backup by verifying it through the log.
Backup logs:
Sample restore command :
Ensure the backup is meticulously crafted, and free from any errors or warnings. Once the flawless backup is ready, initiate the server using that designated directory.
Prepare logs:
Logical backups
Sample backup command:
We need to guarantee a successful backup by performing a thorough verification process through the log.
Backup logs:
Sample restore command :
After the restoration process, carefully scrutinize the loader log for any ERROR, WARNING, or CRITICAL messages to ensure the integrity of the operation.
Restore logs:
After the primary server within the group replication has been successfully restored from the backup, adding the remaining node to the group replication becomes an easy process.
Method 2: Local Server Recovery
In scenarios where all nodes within the Group Replication are offline, the procedure involves restarting individual servers within the replication group.
Validation
It's imperative to verify that the group_replication_bootstrap_group and group_replication_start_on_boot parameters are both set to OFF in cnf on every server within the replication group. Once the variables are added in the cnf, proceed with starting the individual server. This precaution is vital for a smooth and uninterrupted server restart process, ensuring that no data loss occurs on the server.
Node1:
Node2:
Upon the successful restart of the server, it is of utmost importance to verify that all nodes within the Group Replication are intentionally placed in an offline state.
Node1:
Node 2:
Identification
Identifying the node with the most recent transactions on the server is a crucial step in the recovery process. This information can be obtained from the performance_schema.replication_connection_status table, which holds the last transaction ID applied on the server. By querying this table, you can identify the server with the latest data updates by comparing the transaction ID.
Node 1:
Node 2 :
Recovery
After identifying Node1 as the repository of the most recent transactions, the next step is to initiate a secure bootstrap procedure, designating it as the primary server. This strategic move is pivotal in preserving data integrity and averting any potential data loss on the server.
Node 1:
After ensuring the secure startup of Node1 as the primary server, the subsequent phase involves the gradual addition of the remaining nodes to the cluster, one node at a time, in a meticulous and controlled manner.
Node 2:
Flow chart
Through this meticulous step-by-step approach, we systematically validate and pinpoint the node with the most up-to-date data, ensuring its promotion without data loss. This process facilitates the seamless re-establishment of the cluster, safeguarding data integrity and overall cluster reliability.
MySQL Group Replication offers robust solutions for data redundancy and availability, but it's essential to be prepared for unexpected events. By following the standard practices and procedures outlined in this blog, you can effectively recover from complete failures in a Group Replication, ensuring the resilience and continuity of your database operations.
Optimize your MySQL Group Replication setup with Mydbops' InnoDB Cluster Consulting Services. Our experts can help you streamline your database management and improve performance. Contact us today to discuss your specific needs.
{{cta}}