Using Automatic Failover with MaxScale's MariaDB Monitor
This page is part of MariaDB's Documentation.
The parent of this page is: MariaDB Monitor
Topics on this page:
Overview
MaxScale's MariaDB Monitor (mariadbmon) monitors deployments.
When the primary server fails, MariaDB Monitor can promote a replica server to be the new primary server automatically.
How MariaDB Monitor uses Cooperative Locks
When automatic failover is enabled for MariaDB Monitor, it does the following:
It selects the replica server with the latest GTID position to be the new primary server.
If the new primary server has unprocessed relay logs, then it cancels and restarts the failover process after a short wait.
It prepares the new primary server:
It stops its replica threads by executing STOP REPLICA and RESET REPLICA.
It configures it to allow writes by setting read_
only toOFF.If the
handle_eventsparameter istrue, then it enable events that were previously enabled on the old primary server.If the
promotion_sql_fileparameter is set, then the script referred to by the parameter is executed.If there is an external master, then it configures that replication by executing and .
It redirects all replica servers to replicate to the new primary server:
It stops its replica threads by executing and RESET REPLICA.
It configures that replication by executing and .
It checks that all slaves are replicating properly by executing .
Configuring Automatic Failover
Configure automatic failover by configuring several parameter for the MariaDB Monitor in
maxscale.cnf.Parameter
Description
failcountThis parameter defines the number of monitoring checks that must pass before a primary server is considered to be down.
The default value is 5.
The total wait time can be calculated as: (
monitor_interval+backend_connect_timeout) *failcount
auto_failoverWhen this parameter is enabled, the monitor will automatically failover to a new primary server if the primary server fails.
When this parameter is disabled, the monitor will not automatic failover to a new primary server if the primary server fails, so failover must be performed manually.
This parameter is disabled by default.
auto_rejoinWhen this parameter is enabled, the monitor will attempt to automatically configure new replica servers to replicate from the primary server when they come online.
When this parameter is disabled, the monitor will not attempt to automatically configure new replica servers to replicate from the primary server when they come online, so they must be configured manually.
This parameter is disabled by default.
switchover_on_low_disk_spaceWhen this parameter is enabled, the monitor will automatically switchover to a new primary server if the primary server is low on disk space.
When this parameter is disabled, the monitor will automatically switchover to a new primary server if the primary server is low on disk space, so switchover must be performed manually.
This parameter requires the
disk_space_thresholdparameter to be set for the server or the monitor.This parameter requires the
disk_space_check_intervalparameter to be set for the monitor.This parameter is disabled by default.
enforce_simple_topologyWhen this parameter is enabled, the monitor assumes that the topology of the cluster only consists of a single primary server, which has multiple replica servers.
When this parameter is disabled, the monitor does not make assumptions about the topology of the cluster.
This parameter implicitly sets the
assume_unique_hostnames,auto_failover, andauto_rejoinparameters.
replication_userThis parameter is used by the monitor to set the
MASTER_USERoption when executing the statement.If this parameter is not set, then the monitor uses the monitor user.
replication_passwordThis parameter is used by the monitor to set the
MASTER_PASSWORDoption when executing the statement.If this parameter is not set, then the monitor uses the monitor user's password.
replication_master_sslThis parameter is used by the monitor to set the
MASTER_SSLoption when executing the statement.If this parameter is not set, then the monitor does not enable TLS.
failover_timeoutThis parameter defines the maximum amount of time allowed to perform a failover.
If failover times out, then a message is logged to the MaxScale log, and automatic failover is disabled.
switchover_timeoutThis parameter defines the maximum amount of time allowed to perform a switchover.
If switchover times out, then a message is logged to the MaxScale log, and automatic failover is disabled.
verify_master_failureWhen this parameter is enabled, if the monitor detects that the primary server failed, it will execute to verify that the replica servers have also detected the failure.
If a replica has received an event within
master_failure_timeoutduration, the primary is not considered down when deciding whether to failover, even if the monitor cannot connect to the primary.
master_failure_timeoutThis parameter defines the timeout for
verify_master_failure.The default value is 10 seconds.
servers_no_promotionThis parameter defines a comma-separated list of servers that should not be chosen to be primary server.
promotion_sql_fileThis parameter defines an SQL script that should be executed on the new primary server during failover or switchover.
demotion_sql_fileThis parameter defines an SQL script that should be executed on the old primary server during failover or switchover when it is demoted to be a replica server.
The script is also executed when a server is automatically added to the cluster due to the
auto_rejoinparameter.
handle_eventsWhen this parameter is enabled, the monitor enables events on the new primary server that were previously enabled on the old primary server.
The monitor also disables the events on the old primary server.
For example:
[repl-cluster] type = monitor module = mariadbmon ... auto_failover = true auto_rejoin = true replication_user = repl replication_password = passwd replication_master_ssl = true
Restart the MaxScale instance.
$ sudo systemctl restart maxscale