Tablet init super read only #77
Conversation
rsajwani
requested review from
harshit-gangal,
systay,
shlomi-noach,
rohit-nayak-ps,
deepthi,
GuptaManan100,
ajm188,
mattlord and
frouioui
as code owners
rsajwani
changed the title
rohit-nayak-ps
force-pushed
the
rn-tablet-init-refactor
branch
from
b730d1f
to
7a426aa
Compare
rohit-nayak-ps
force-pushed
the
rn-tablet-init-refactor
branch
7 times, most recently
from
404ed69
to
fcea2d8
Compare
rsajwani
force-pushed
the
tablet-init-super-read-only
branch
from
058cd6b
to
bc58cb5
Compare
rohit-nayak-ps
force-pushed
the
rn-tablet-init-refactor
branch
from
b3c996d
to
21cc81e
Compare
rsajwani
force-pushed
the
tablet-init-super-read-only
branch
from
0904832
to
58a1e92
Compare
| @@ -161,8 +161,10 @@ jobs: | |||
| run: | | |||
| source build.env | |||
|
|
|||
| rm -f $PWD/bin/vttablet | |||
| rm -f $PWD/bin/vttablet $PWD/bin/mysqlctl $PWD/bin/mysqlctld | |||
There was a problem hiding this comment.
vttablet + mysqlctl + mysqlctld needs to be always at the same version during upgrades and downgrades. I am taking this assumption after talking to different folks and it look logical to me as well.
rsajwani
changed the title
There was a problem hiding this comment.
I have done a quick read through of the changes without really following the new flow. Hope to do that tomorrow. I will also look at all the tests where we are expecting different results now.
Suggested some minor typos/stylistic changes and asked some clarifications.
config/embed.go
Outdated
| @@ -16,3 +16,6 @@ var MycnfMySQL57 string | |||
|
|
|||
| //go:embed mycnf/mysql80.cnf | |||
| var MycnfMySQL80 string | |||
|
|
|||
There was a problem hiding this comment.
Did you try checking if the underlying database is mysql or mariadb inside init_db.sql?
There was a problem hiding this comment.
I discussed it initially with other team members .. and I concluded it will make code complex if we put that logic in .sql file .. or we might need to create templates. Furthermore Maria DB is going to be deprecated anyways in future release.
| return 1, err | ||
| } | ||
| log.Infof("cluster.VtTabletMajorVersion: %d", vtTabletVersion) | ||
| if vtTabletVersion <= 15 { |
There was a problem hiding this comment.
Why do we have conditional code for a tablet with version less than 16?
There was a problem hiding this comment.
For downgrade / upgrade test, tablet version < 16 will not have super read only code handling. Therefore we are explicitly setting super-read-only to false here.
| return callback(emptyResult) | ||
| } | ||
| if strings.HasPrefix(query, "use _vt") || strings.HasPrefix(query, "CREATE TABLE _vt") || strings.HasPrefix(query, "ALTER TABLE _vt") || strings.HasPrefix(query, "CREATE TABLE IF NOT EXISTS _vt") { | ||
| if //strings.HasPrefix(query, "use `fakesqldb`") || |
There was a problem hiding this comment.
The fakesqldb condition is commented out: intended?
There was a problem hiding this comment.
There's a lot of stuff commented out (mixing of multi-line and single line comments, etc) and it's not clear what is intended and why.
There was a problem hiding this comment.
@Rohit, this was commented out to show you, these changes from you PR is not needed .. But I have removed it now... You don't need to add these specific checks here instead I use existing structure of fakesqldb..
| @@ -137,7 +137,7 @@ func verifyWeightString(t *testing.T, local collations.Collation, remote *remote | |||
| } | |||
|
|
|||
| func exec(t *testing.T, conn *mysql.Conn, query string) *sqltypes.Result { | |||
| res, err := conn.ExecuteFetch(query, -1, true) | |||
| res, err := conn.ExecuteFetchWithSuperReadOnlyHandling(query, -1, true) | |||
There was a problem hiding this comment.
why do we need super readonly handling here: does the test run DDLs?
There was a problem hiding this comment.
Yeah these test does not have vttablets. They just create mysql instance and run test against them...
| @@ -77,3 +83,8 @@ FLUSH PRIVILEGES; | |||
|
|
|||
| RESET SLAVE ALL; | |||
| RESET MASTER; | |||
|
|
|||
| # add custom sql here | |||
There was a problem hiding this comment.
instead of adding this, can't we just look for the line in the file that sets the readonly and add our custom commands above that?
There was a problem hiding this comment.
I thought that would be more risky ... we don't know how would it react if client provide their own int_db.sql and it has some statements which does turns out true for our condition of readonly... Hence I thought this will be much cleaner approach...
| // Note: MariaDB does not have super_read_only but support for it is EOL in v14.0+ | ||
| turnSuperReadOnly := false | ||
| if !c.IsMariaDB() { | ||
| if err := c.WriteComQuery("SELECT @@global.super_read_only"); err != nil { |
There was a problem hiding this comment.
we should extract this code which is repeated in multiple functions here, into a utility function
config/embed.go
Outdated
| @@ -16,3 +16,6 @@ var MycnfMySQL57 string | |||
|
|
|||
| //go:embed mycnf/mysql80.cnf | |||
| var MycnfMySQL80 string | |||
|
|
|||
| //go:embed init_maria_db.sql | |||
| var DefaultInitMariaDB string | |||
There was a problem hiding this comment.
We can remove the MariaDB specific stuff in v16+ vitessio#9518. We still want to support importing/migrating from MariaDB into Vitess, but in that case the MariaDB instance would be external with an unmanaged tablet so init would not apply.
There was a problem hiding this comment.
The import/migration test is using init_db.sql which now have super-read-only and therefore it fails. This is added to make sure our import/migrate test uses init_db specific to maria db...
config/init_testserver_db.sql
Outdated
| @@ -0,0 +1,88 @@ | |||
| # This file is executed immediately after mysql_install_db, | |||
There was a problem hiding this comment.
What is this file for? Is it for vttestserver/vtcombo? What's unique about that compared to standard and then below, unit test cases? We can add a comment at the top to explain. It feels like this is part of a larger problem in that we're not testing super_read_only in many tests.
There was a problem hiding this comment.
We are testing super-read-only for all the cases.
- super-read-only does not make sense for unit test .. therefore I have come up with new config/init_unit_test_db.sql
- testserver/vtcombo does not operate in same manner.. it uses same sql instance for all the vttablet under the hood so we have to get rid of super-read-only in this case as well , hence config/init_testserver_db.sql
- Every other test e2e and backup/restore etc uses init_db.sql file, which has super-read-only.
| @@ -23,3 +23,4 @@ sql_mode = STRICT_TRANS_TABLES | |||
|
|
|||
| # set a short heartbeat interval in order to detect failures quickly | |||
| slave_net_timeout = 4 | |||
| super-read-only = false | |||
There was a problem hiding this comment.
This change can have wide impacts. IMO, we should test it in as many ways as possible. i.e. we should use super-read-only in all of the tests, if possible.
There was a problem hiding this comment.
test-suite is used only in vttestserver. VtTestserver uses vtcombo which has one sql instance for all vttablet. We cannot turn 'on/'off' super-read-only because it will make vtcombo confuse due to one instance of mysql for all vttablets.
There was a problem hiding this comment.
Are we using vttestserver in our test/e2e , i don't see instances where we are...
| // RunSQLWithSuperReadOnly is used to run a SQL statement on the given tablet with super read only set to true or false | ||
| func RunSQLWithSuperReadOnly(t *testing.T, sql string, tablet *cluster.Vttablet, db string, withSuperReadOnly bool) (*sqltypes.Result, error) { | ||
| // Get Connection | ||
| tabletParams := getMysqlConnParam(tablet, db) | ||
| ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) | ||
| defer cancel() | ||
| conn, err := mysql.Connect(ctx, &tabletParams) | ||
| require.Nil(t, err) | ||
| defer conn.Close() | ||
|
|
||
| // RunSQL | ||
| return execute(t, conn, sql, withSuperReadOnly) | ||
| } |
There was a problem hiding this comment.
This is another case where it feels like we're avoiding testing the fact that Vitess works properly when super_read_only is enabled. No?
There was a problem hiding this comment.
if you closely look at I have introduced a flag 'withSuperReadOnly' ... during test setup we introduce errantGTID (https://github.com/planetscale/vitess/pull/77/files#diff-9162b364b991658ff1575922d4a008aecc15e44fd27e64678f24cce330033d9fR108) thats the only place where we pass true to this flag. For all other places we keep it false. Hence the tests are running with super-read-only false.
| // have super_read_only This is safe, since we're restarting MySQL after the restore anyway | ||
| log.Infof("Restore: disabling super_read_only") | ||
| if err := mysqld.SetSuperReadOnly(false); err != nil { | ||
| if strings.Contains(err.Error(), strconv.Itoa(mysql.ERUnknownSystemVariable)) { |
There was a problem hiding this comment.
Better to cast it to a MySQLError and check the error code.
There was a problem hiding this comment.
this is how we are doing check for something not part of specific mysql version... we want to warn if super-read-only is not supported in case of db like mariadb and erorr in all other cases. We are not checking any specific mysql erorr.
go/vt/mysqlctl/mysqld.go
Outdated
| // We disable super_read_only, in case it is in the default MySQL startup | ||
| // parameters. We do it blindly, since this will fail on MariaDB, which doesn't | ||
| // have super_read_only This is safe, since we're restarting MySQL after the restore anyway | ||
| log.Infof("Restore: disabling super_read_only") | ||
| if err := mysqld.SetSuperReadOnly(false); err != nil { | ||
| if strings.Contains(err.Error(), strconv.Itoa(mysql.ERUnknownSystemVariable)) { | ||
| log.Warningf("Restore: server does not know about super_read_only, continuing anyway...") | ||
| } else { | ||
| log.Errorf("Restore: unexpected error while trying to set super_read_only: %v", err) | ||
| return err | ||
| } | ||
| } |
There was a problem hiding this comment.
How is this function directly/exclusively tied to restores? If someone runs the equivalent of mysqldump foo.10 | mysql, it would be bad if mysqld automatically disabled super_read_only rather than protecting you as it should.
rohit-nayak-ps
force-pushed
the
rn-tablet-init-refactor
branch
from
5952836
to
d03a02b
Compare
rsajwani
force-pushed
the
tablet-init-super-read-only
branch
from
8eaceaf
to
c9b7c05
Compare
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Manan Gupta <manan@planetscale.com>
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
rsajwani
force-pushed
the
tablet-init-super-read-only
branch
from
f824ef0
to
fe21638
Compare
Signed-off-by: Rameez Sajwani <rameezwazirali@hotmail.com>
Signed-off-by: Manan Gupta <manan@planetscale.com>
|
please review vitessio#12206 instead. |
Description
Please review https://github.com/vitessio/vitess/pull/12206/files instead.
This change is build on top of vitessio#11520, where instead of using
withddlwe use declarative approach. Using declarative approach helps us condense all our schema changes to one place. This provide us an opportunity to applysuper-read-onlychanges to our DB. As ofwithddlis used across schema engines with make it hard to dosuper-read-onlychange.What is super-read-only change
As of today all replicas comes up in read-only mode, however this doesn't prevent user's like
rootandvt_dbawho haveSUPERprivileges to change the database anytime anywhere. We want to leverage GLOBALsuper_read_onlyconfiguration in order to protect against errant GTIDs. This will make sure that apart from primary no other component or offline system can mutate DB resulting in errant GTIDs that are then lying in wait to cause later failures, as you can see in vitessio#9312 and vitessio#10094Furthermore not all the uses-cases are ensuring that we end up replica in read-only mode. During ERS there are cases where we don't set the read-only. With super-read-only change we will make sure that we cover those cases as well.
Details
This PR usese vitessio#11520 as a building block. I am listing major changes below to help you review the PR.
MariaDBdoesn't have super-read-only, therefore we need to come up with a separate init_db for it.For Reference
Some related work items done in the past
vitessio#10363
vitessio#11706
vitessio#10094
vitessio#9312
vitessio#10448
Unresolved Issued during code changes:
I have filed few issues which I will need to resolve once I check-in this PR.
use_super_read_onlyflag from VTTtablet vitessio/vitess#12140Related Issue(s)
vitessio#12180
Checklist
Deployment Notes