When I set-up a MySQL HA environment for customers I usually do some final fail over tests after configuring the whole beast.
To check if the application behaves like expected I always run my little test application (test.sh) from the server(s) where the customers application runs. It displays "graphically" how the application behaves and you can show to the customer immediately what is going on...
Make sure, that you point it to the VIP (virtual IP) or the LB (load balancer).
It was really useful for me and I recommend you to do your HA fail over tests also at least with this little tool to avoid evil surprises in the future.
Thursday, October 9, 2008
Thursday, September 25, 2008
Citation of the week
"Das dreieckige Rad hat gegenüber dem viereckigen einen gewaltigen Vorteil: Ein Rumms weniger pro Umdrehung!"
Translation:
"The triangular wheel has one enormous advantage over the quadrangular: One knock less per revolution!"
Maybe not new, but I have not heard it yet and I love it. It was about reinventing functionality in a well known product...
Translation:
"The triangular wheel has one enormous advantage over the quadrangular: One knock less per revolution!"
Maybe not new, but I have not heard it yet and I love it. It was about reinventing functionality in a well known product...
Tuesday, September 23, 2008
MySQL Cluster: No more room in index file
Recently we were migrating an InnoDB/MyISAM schema to NDB. I was too lazy to calculate all the needed MySQL Cluster parameters (for example with ndb_size.pl) and just took my default config.ini template.
Because I am really lazy I have a little script doing this for me (alter_engine.sh).
But suddenly my euphoria was stopped abruptly by the following error:
The usual command that helps me in such a situation is a follows:
But in this case it is not really helpful. Also
does not bring us further. Strange: Index file... We are converting from MyISAM/InnoDB to NDB. Why the hell is he using an index file for this operation? It seems to be clearly a mysqld error message and not a MySQL Cluster error message. And we are also not using MySQL Cluster disk data tables.
After bothering a bit MySQL support I had the idea to do the following:
The MySQL online documentation clearly states:
So this could be the reason! When I have changed this parameter followed by the common rolling restart of the MySQL Cluster I could continue to migrate my schema into cluster...
Conclusion
MySQL errors can be related to cluster errors and do not necessarily point to the source of the problem. The error:
means just MaxNoOfOrderedIndexes is too small!
I hope that I can safe you some time with this little article.
Because I am really lazy I have a little script doing this for me (alter_engine.sh).
But suddenly my euphoria was stopped abruptly by the following error:
MySQL error code 136: No more room in index file
The usual command that helps me in such a situation is a follows:
# perror 136
MySQL error code 136: No more room in index file
But in this case it is not really helpful. Also
# perror --ndb 136
does not bring us further. Strange: Index file... We are converting from MyISAM/InnoDB to NDB. Why the hell is he using an index file for this operation? It seems to be clearly a mysqld error message and not a MySQL Cluster error message. And we are also not using MySQL Cluster disk data tables.
After bothering a bit MySQL support I had the idea to do the following:
# ndb_show_tables | grep -ic orderedindex
127
The MySQL online documentation clearly states:
MaxNoOfOrderedIndexes
...
The default value of this parameter is 128.
So this could be the reason! When I have changed this parameter followed by the common rolling restart of the MySQL Cluster I could continue to migrate my schema into cluster...
Conclusion
MySQL errors can be related to cluster errors and do not necessarily point to the source of the problem. The error:
MySQL error code 136: No more room in index file
means just MaxNoOfOrderedIndexes is too small!
I hope that I can safe you some time with this little article.
Possible memory leak in NDB-API applications?
A customer has recently experienced a possible memory leak in its NDB-API application. What he did was something like
over time and then he saw the RSS increasing. When he would have had a look a little longer he would have seen that the RSS consumption would increase up to a certain level and then becomes stable. Which is the expected behaviour.
But how to explain to the customer that his application, which was in fact not doing anything, consumes more RSS?
With a diff over time on /proc/<pid>/smaps we found that this area was the reason:
But what is this meaning? To find the answer we did a strace on the program and got the following system calls:
OK. Somebody is allocating 2 times 2 junks of about 2 Mbyte of memory. But what the hell could this be??? During night I found the solution. It is the SendBufferMemory and ReceiveBufferMemory which I have configured in the config.ini to that size...
When you experience similar behaviour on your processes, maybe this little script can help you to find the problem: mem_tracker.sh
By the way, with an other customer we wound some other nice behaviour. But this time it was a mysqld:
# ps aux | grep <pid>
over time and then he saw the RSS increasing. When he would have had a look a little longer he would have seen that the RSS consumption would increase up to a certain level and then becomes stable. Which is the expected behaviour.
But how to explain to the customer that his application, which was in fact not doing anything, consumes more RSS?
With a diff over time on /proc/<pid>/smaps we found that this area was the reason:
b67b7000-b6fca000 rw-p b67b7000 00:00 0 (8 Mbyte)
Size: 8268 kB
Rss: 148 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 148 kB
Referenced: 148 kB
But what is this meaning? To find the answer we did a strace on the program and got the following system calls:
...
read(5, "127.0.0.1 localhost\n\n# The follo"..., 4096) = 450
close(5) = 0
munmap(0xb7acb000, 4096) = 0
mmap2(NULL, 2117632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb69bf000 - 0xB6BC4000 (2068 Mbyte)
mmap2(NULL, 2101248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb67be000 - 0xb69bf000 (2052 Mbyte)
mmap2(NULL, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ac4000
mprotect(0xb7ac4000, 4096, PROT_NONE) = 0
clone(child_stack=0xb7acb4b4, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_C
...
OK. Somebody is allocating 2 times 2 junks of about 2 Mbyte of memory. But what the hell could this be??? During night I found the solution. It is the SendBufferMemory and ReceiveBufferMemory which I have configured in the config.ini to that size...
When you experience similar behaviour on your processes, maybe this little script can help you to find the problem: mem_tracker.sh
By the way, with an other customer we wound some other nice behaviour. But this time it was a mysqld:
Friday, September 5, 2008
Active/active fail over cluster with MySQL Replication
Electing a slave as new master and aligning the other slaves to the new master
Scenario 1
+ You can choose the slave which is the most actual one.
- Higher possibility of errors if not automatized.
- You do not need an extra spare slave.
- More bin log writing on all Slaves.
Scenario 2
+ You do not have to choose which is the new master, you already have defined before.
- You have the possibility to not choose the Slave with the most recent data applied.
Szenario 1: Compare output of SHOW SLAVE STATUS and decide which one will become the new master.
Szenario 2: Not necessary because it is already done before.
Aligning the other slaves to the new master
The officially recommended way to set-up again a replication when the master fails is as follows:
To avoid or at least reduce this problem we are looking for an abbreviation of the whole process:
Step 1: is obsolete in our scenario.
Step 2: Can be circumvented when we use a storage engine which allows us to make consistent backups (for example InnoDB) or when we use a very fast backup method (for example LVM snapshots).
Step 3: We can re-use all the slaves which have the same or older information than the new elected master. Slaves which have newer informations or in some other exceptional cases (see below) have to be set-up anyway as recommended.
How to do this?
IMHO the best is to show that in a little demo. For this I have set-up a environment like in scenario 1) and/or 2). There I have created my favourite table test as follows:
From this point on we have the situation which could happen in the real world: Master is crashed and different slaves (can) have different positions relatively to the master:
Find the most actual slave
To find the slave which is the most actual one you have to gather some information on the slaves. This can be done as follows:
Then we get some output for example like this:
When this is done we have to find, which slave is the most recent one. This is simple: Higher value is equal to newer information (also consider the log file not only the position!).
In scenario a) the one (or one of these) is elected as new master.
In our scenario this is Slave 1!
In scenario 2 all slaves which are newer than the pre-elected new master must be rebuild from the new master.
Slave 1 is newer than slave 2. If slave 2 was pre-elected as new master slave one must be rebuild from the new master.
From all the slaves which have a different position than the new master calculate the delta to the new master:
When the log file is different we cannot use these informations and we have to rebuild this slave from the new master.
Now we have defined, which one will become the new master and which slaves are in line, which are ahead and which are behind the new master.
Set-up the new environment
To avoid any troubles we to a STOP SLAVE on all slaves first.
Then we do a RESET SLAVE on the new master.
Now for every slave which is not rebuild from the master we have to calculate the position where to start the replication from. To do this we have to gather the actual position of the new master:
When the value becomes negative this means that we have to start in an older log-file than the actual one. I did not find any rule to calculate the exact position in this case. So unfortunately we also have to set-up these slaves from the backup.
As soon as we have these values calculated we can start the application running against the new master and we can also start now with the new consistent backup for all the slaves we have to set-up again from the backup.
If you would like to here more about such stuff please let me know. We are glad to help you with some consulting...
I have also most of this stuff in some scripts so this could be easily automated...
In a simple MySQL Replication set-up you have high-availability (HA) on the read side (r). But for the master which covers all the writes (w) and the time critical read (rt) there is no HA implemented. For some situations this can be OK. For example if you have rarely writes or if you can wait until a new Master is set up.
But in other cases you need a fast fail-over to a new master.
In the following article it is shown how to implement the election of a new master and how to align the slaves to the new master.
We can have two possible scenarios:- This scenario assumes, that every slave can become the new master.
- This scenario assumes, that only one dedicated slave will become master.
The advantages and disadvantages of both scenarios:
Scenario 1
+ You can choose the slave which is the most actual one.
- Higher possibility of errors if not automatized.
- You do not need an extra spare slave.
- More bin log writing on all Slaves.
Scenario 2
+ You do not have to choose which is the new master, you already have defined before.
- You have the possibility to not choose the Slave with the most recent data applied.
Important: All the slaves which can become master have to run with log-bin on and log-slave-updates.
Electing a Slave to become the new master
Szenario 1: Compare output of SHOW SLAVE STATUS and decide which one will become the new master.
Szenario 2: Not necessary because it is already done before.
Aligning the other slaves to the new master
The officially recommended way to set-up again a replication when the master fails is as follows:
- Set-up the new master (is skipped in our case because a slave becomes master).
- Do a consistent backup of the master (which takes time and, depending on the used storage engines, blocks writing).
- Set-up all slaves one by one and point them to the new master (takes also time).
To avoid or at least reduce this problem we are looking for an abbreviation of the whole process:
Step 1: is obsolete in our scenario.
Step 2: Can be circumvented when we use a storage engine which allows us to make consistent backups (for example InnoDB) or when we use a very fast backup method (for example LVM snapshots).
Step 3: We can re-use all the slaves which have the same or older information than the new elected master. Slaves which have newer informations or in some other exceptional cases (see below) have to be set-up anyway as recommended.
How to do this?
IMHO the best is to show that in a little demo. For this I have set-up a environment like in scenario 1) and/or 2). There I have created my favourite table test as follows:
CREATE TABLE test (As next step we simulate the application as follows:
`id` int(11) NOT NULL AUTO_INCREMENT,
`data` varchar(32) DEFAULT NULL,
`ts` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`id`));
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);To simulate a lag on one or more of the slaves we stop the replication on these:
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);
STOP SLAVE;Then we do some more application action on the master:
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);And then we crash the master!
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);
From this point on we have the situation which could happen in the real world: Master is crashed and different slaves (can) have different positions relatively to the master:
Find the most actual slave
To find the slave which is the most actual one you have to gather some information on the slaves. This can be done as follows:
mysql> PAGER grep Master_Log;You also have to do this step in scenario b) because we want to know which slave can be taken and which one has to be set-up from scratch.
mysql> SHOW SLAVE STATUS\G
mysql> PAGER ;
Then we get some output for example like this:
Slave 1:
Master_Log_File: bin-3311.000006
Read_Master_Log_Pos: 929
Relay_Master_Log_File: bin-3311.000006
Exec_Master_Log_Pos: 929
Slave 2:What we have to assure first is, that all the slave have caught up with writing the data from the relay log to slave. This is assured by comparing Master_Log_file/Read_Master_Log_Pos with Relay_Master_Log_file/Exec_Master_Log_Pos. If these values are the same then the slave has caught-up. Otherwise wait until they become the same.
Master_Log_File: bin-3311.000006
Read_Master_Log_Pos: 635
Relay_Master_Log_File: bin-3311.000006
Exec_Master_Log_Pos: 635
When this is done we have to find, which slave is the most recent one. This is simple: Higher value is equal to newer information (also consider the log file not only the position!).
In scenario a) the one (or one of these) is elected as new master.
In our scenario this is Slave 1!
In scenario 2 all slaves which are newer than the pre-elected new master must be rebuild from the new master.
Slave 1 is newer than slave 2. If slave 2 was pre-elected as new master slave one must be rebuild from the new master.
From all the slaves which have a different position than the new master calculate the delta to the new master:
Calculate delta: 6.929 - 6.635 = 294
When the log file is different we cannot use these informations and we have to rebuild this slave from the new master.
Now we have defined, which one will become the new master and which slaves are in line, which are ahead and which are behind the new master.
Set-up the new environment
To avoid any troubles we to a STOP SLAVE on all slaves first.
Then we do a RESET SLAVE on the new master.
Now for every slave which is not rebuild from the master we have to calculate the position where to start the replication from. To do this we have to gather the actual position of the new master:
SHOW MASTER STATUS;And for every slave we can calculate the delta:
+-----------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-----------------+----------+--------------+------------------+
| bin-3312.000002 | 2857 | | |
+-----------------+----------+--------------+------------------+
==> 2857 - 294 = 2563
When the value becomes negative this means that we have to start in an older log-file than the actual one. I did not find any rule to calculate the exact position in this case. So unfortunately we also have to set-up these slaves from the backup.
As soon as we have these values calculated we can start the application running against the new master and we can also start now with the new consistent backup for all the slaves we have to set-up again from the backup.
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);On the slaves which are OK for aligning with the new master we have to change the master and the new positions now:
INSERT INTO TEST VALUES (NULL, 'Insert on Master', NULL);
CHANGE MASTER TO master_host='laptop', MASTER_USER='replication', MASTER_PORT=3312, MASTER_PASSWORD='replication';That's it!
CHANGE MASTER TO MASTER_LOG_FILE='bin-3312.000002', master_log_pos=2563;
START SLAVE;
If you would like to here more about such stuff please let me know. We are glad to help you with some consulting...
I have also most of this stuff in some scripts so this could be easily automated...
Monday, August 25, 2008
Typical automated MySQL maintenance jobs
The following maintenance jobs are typically run against a MySQL database:
“Backup”
Clean-up binary logs.
Optimize tables
Purge query cache
Rotate binary logs
Backup
A backup is not a typical maintenance job. But it behaves more or less like one. The backup should be done regularly depending on the restore/PITR (Point in Time Recovery) requirements.
Make sure, that in the backup all the necessary files (data files, transaction log files, configuration files and binary log files) are included. To prove that the backup process is working properly a regular restore should be performed. This can ideally be combined with the set-up of new database instances for developers or testing.
Clean-up the binary logs
The binary logs can be cleaned-up in two ways:
a) Passive by MySQL itself:
| |
b) Active by the customers environment:
|
Make sure NO binary logs are purged which are still needed by a slave. In this situation the slave is lost and has to be set-up from scratch.
Make also sure binary logs are not removed by a file system operation (rm bin-log.*). Otherwise the database gets confused.
Optimize table
After large UPDATE or INSERT/DELETE operations or long time tables are blown up and contain a lot of unused space. This unused space can be partially reclaimed by optimizing the table again.
| |
This operation internally copies the whole table and therefore can take a long time!
Purge query cache
When there are SELECT queries with different sizes of result sets the query cache gets de-fragmented. This is shown by a lot of free space in the query cache but also a lot of not cached queries. Here it makes sense to purge the query cache from time to time.
| |
Binlog rotate
Binary logs can only be rotated by size. Sometimes you want to have them rotated by time. You can do this as follows (for example with a cron job):
| |
What other MySQL maintenance jobs are you performing (not application related) I am very interested in...
Saturday, June 28, 2008
My thoughts about MySQL (Cluster) replication
According to Johans wishes I write down my concerns about MySQL (Cluster) replication. These items are things I run again and again into it with customers:
- SQL-nodes are still loosing too easy connection to cluster after data node or management node restart (which leads into gaps, see next point). Automatic fail over or reconnection is just a dream (maybe it works in about 90% of the cases at least)..
Gaps: Whenever I do a cluster reconfiguration (should not be necessary too often, see loosing connection above) or a mysqld restart I get a gap (these are the planned ones, see also automatic channel fail over). Then we have the not planned ones...
I cannot understand, why we are not able to keep at least a certain amount of traffic in a binlog-injector-buffer to avoid the majority of these gaps. This could be something like a Round-Robin buffer which stores all the cluster information which should be sent to the binlog-injector thread. When we configure this buffer to 1 Gbyte we can keep close to 2 minutes of traffic (10 Mbyte/s traffic) which should be fine to cover just hiccups and quick restarts of mysql. In other environments where we have much less traffic we can store there even hours of traffic which really should make look us unbreakable.
Together with an automatic channel fail over this should be much more robust.Automatic channel fail over: It should not be too difficult to automatically switch from one channel to an other (or a third) one. If the issues above are solved, it is also less likely, that a channel fail over is necessary.
A gap event should trigger a channel fail over and a STOP SQL THREAD command and not just stopping the replication with an error. It should also be possible to make an automatic switch back to the original slave again if this slave is still talking to its master after the gap to see if it possibly could continue working...Atomic operations: They do not have to be necessarily durable but atomic. This problem we have on the master side (as described in the issue 27201) and also on the slave side. When we guarantee atomicity we should not loose to much in performance (don't we?) but can avoid a lot of troubles in replication: The relay-log is not atomic with the slave at all. If I crash a slave under heavy load it will stick in troubles (in about 25% of the cases). This is reproducible and a bug is filed for this.
Binary-log mechanism is a nightmare for every DB operator: Making errors in MySQL replication and restore/recovery is very easy (including Cluster PITR). We should make the mysql-restore-recovery mechanism aware of the last applied transaction (global trx id?) and by default it should deny to apply binary-logs with the wrong file or position (at some other databases you cannot even force it to do it wrong!).
The Cluster Recovery/PITR is further not documented and also should follow this rules/mechanism. It would also be nice if, after ndb_restore -m -r -e is done it would ask for the binary log to apply next (at the right position!).Rolling restart: From time to time it happens, that a rolling restart is necessary. This has to be done manually for each node (some customers were writing scripts for this) but even worse you also have to switch the tool to do this.
My suggestion is: a) Implement a ROLLING RESTART command and b) also allow to restart SQL-Nodes from the mgmd (mgmd and mysqld are talking to each other anyway (see binlog injector thread), so it should not be too difficult to send a SIGHUP from the mgmd to the mysqld).Monitoring: MySQL Cluster Monitoring without the MGMD-API is a nightmare too. And also with the MGMD-API it is so poor! What I would like to have is a standardized interface to my system metrics (namely SQL!). And then all the important information (performance metrics, buffer fill degree, etc.) in some cluster tables. Basically all the the stuff which is written to the cluster log with ALL REPORT MemoryUsage, ALL REPORT BackupStatus and ALL CLUSTERLOG STATISTICS=15 (or maybe ALL events?)). So I can access them easily.
Just a little (maybe?) bug I run into it with recent MySQL Cluster releases: A Gap requires now more than one (at least 2) set global sql_slave_skip_counter=1 statements to make slave running again... This makes the replication less predictable for automatising processes.
All these points endanger my operative production life and can cause errors in enterprise and carrier grade environments.
Subscribe to:
Posts (Atom)