MySQL Server's clone plugin is available from MySQL 8.0.17. If you want to use remote cloning operations for distributed recovery in a group, you must set up existing members and joining members beforehand to support this function. If you do not want to use this function in a group, do not set it up, in which case Group Replication only uses state transfer from the binary log.
To use cloning, at least one existing group member and the
joining member must be set up beforehand to support remote
cloning operations. As a minimum, you must install the clone
plugin on the donor and joining member, grant the
BACKUP_ADMIN permission to the
replication user for distributed recovery, and set the
system variable to an appropriate level. To ensure the maximum
availability of donors, it is advisable to set up all current
and future group members to support remote cloning operations.
Be aware that a remote cloning operation removes user-created tablespaces and data from the joining member before transferring the data from the donor. If the operation is stopped while in progress, the joining member might be left with partial data or no data. This can be repaired by retrying the remote cloning operation, which Group Replication does automatically.
For full instructions to set up and configure the clone plugin, see Section 5.6.7, “The Clone Plugin” . Detailed prerequisites for a remote cloning operation are covered in Section 126.96.36.199, “Cloning Remote Data” . For Group Replication, note the following key points and differences:
The donor (an existing group member) and the recipient (the joining member) must have the clone plugin installed and active. For instructions to do this, see Section 188.8.131.52, “Installing the Clone Plugin” .
The donor and the recipient must run on the same operating system, and must have the same MySQL Server version (which must be MySQL 8.0.17 or above to support the clone plugin). Cloning is therefore not suitable for groups where members run different MySQL Server versions.
The donor and the recipient must have the Group Replication plugin installed and active, and any other plugins that are active on the donor (such as a keyring plugin) must also be active on the recipient.
If distributed recovery is configured to use SSL (
group_replication_recovery_use_ssl=ON), Group Replication applies this setting for remote cloning operations. Group Replication automatically configures the settings for the clone SSL options (
clone_ssl_key) to match your settings for the corresponding Group Replication distributed recovery options (
You do not need to set up a list of valid donors in the
clone_valid_donor_listsystem variable for the purpose of joining a replication group. Group Replication configures this setting automatically for you after it selects a donor from the existing group members. Note that remote cloning operations use the server's SQL protocol hostname and port.
The clone plugin has a number of system variables to manage the network load and performance impact of the remote cloning operation. Group Replication does not configure these settings, so you can review them and set them if you want to, or allow them to default. Note that when a remote cloning operation is used for distributed recovery, the clone plugin's
clone_enable_compressionsetting applies to the operation, rather than the Group Replication compression setting.
To invoke the remote cloning operation on the recipient, Group Replication uses the internal
mysql.sessionuser, which already has the
CLONE_ADMINprivilege, so you do not need to set this up.
As the clone user on the donor for the remote cloning operation, Group Replication uses the replication user that you set up for distributed recovery (which is covered in Section 184.108.40.206, “User Credentials For Distributed Recovery”). You must therefore give the
BACKUP_ADMINprivilege to this replication user on all group members that support cloning. Also give the privilege to the replication user on joining members when you are configuring them for Group Replication, because they can act as donors after they join the group. The same replication user is used for distributed recovery on every group member. To give this privilege to the replication user on existing members, you can issue this statement on each group member individually with binary logging disabled, or on one group member with binary logging enabled:
GRANT BACKUP_ADMIN ON *.* TO rpl_user@'%';
If you use
START GROUP_REPLICATIONto specify the replication user credentials on a server that previously supplied the user credentials using
CHANGE REPLICATION SOURCE TO|
CHANGE MASTER TO, ensure that you remove the user credentials from the replication metadata repositories before any remote cloning operations take place. Also ensure that
group_replication_start_on_boot=OFFis set on the joining member. For instructions, see Section 18.6.3, “Securing Distributed Recovery Connections”. If you do not unset the user credentials, they are transferred to the joining member during remote cloning operations. The
group_replication_recoverychannel could then be inadvertently started with the stored credentials, on either the original member or members that were cloned from it. An automatic start of Group Replication on server boot (including after a remote cloning operation) would use the stored user credentials, and they would also be used if an operator did not specify the distributed recovery credentials on a
When group members have been set up to support cloning, the
system variable specifies a threshold, expressed as a number
of transactions, for the use of a remote cloning operation in
distributed recovery. If the gap between the transactions on
the donor and the transactions on the joining member is larger
than this number, a remote cloning operation is used for state
transfer to the joining member when this is technically
possible. Group Replication calculates whether the threshold
has been exceeded based on the
gtid_executed sets of the
existing group members. Using a remote cloning operation in
the event of a large transaction gap lets you add new members
to the group without transferring the group's data to the
server manually beforehand, and also enables a member that is
very out of date to catch up more efficiently.
The default setting for the
Group Replication system variable is extremely high (the
maximum permitted sequence number for a transaction in a
GTID), so it effectively deactivates cloning wherever state
transfer from the binary log is possible. To enable Group
Replication to select a remote cloning operation for state
transfer where this is more appropriate, set the system
variable to specify a number of transactions as the
transaction gap above which you want cloning to take place.
Do not use a low setting for
in an active group. If a number of transactions above the
threshold takes place in the group while the remote cloning
operation is in progress, the joining member triggers a
remote cloning operation again after restarting, and could
continue this indefinitely. To avoid this situation, ensure
that you set the threshold to a number higher than the
number of transactions that you would expect to occur in the
group during the time taken for the remote cloning
Group Replication attempts to execute a remote cloning
operation regardless of your threshold when state transfer
from a donor's binary log is impossible, for example because
the transactions needed by the joining member are not
available in the binary log on any existing group member.
Group Replication identifies this based on the
gtid_purged sets of the
existing group members. You cannot use the
system variable to deactivate cloning when the required
transactions are not available in any member's binary log
files, because in that situation cloning is the only
alternative to transferring data to the joining member
When group members and joining members are set up for cloning, Group Replication manages remote cloning operations for you. A remote cloning operation might take some time to complete, depending on the size of the data. See Section 220.127.116.11, “Monitoring Cloning Operations” for information on monitoring the process.
When state transfer is complete, Group Replication restarts
the joining member to complete the process. If
is set on the joining member, for example because you
specify the replication user credentials on the
statement, you must issue
GROUP_REPLICATION manually again following this
and other settings required to start Group Replication were
set in a configuration file or using a
PERSIST statement, you do not need to intervene
and the process continues automatically to bring the joining
If the remote cloning procedure takes a long time, in releases before MySQL 8.0.22, it is possible for the set of certification information that accumulates for the group during that time to become too large to transmit to the joining member. In that case, the joining member logs an error message and does not join the group. From MySQL 8.0.22, Group Replication manages the garbage collection process for applied transactions differently to avoid this scenario. In earlier releases, if you do see this error, after the remote cloning operation completes, wait two minutes to allow a round of garbage collection to take place to reduce the size of the group's certification information. Then issue the following statement on the joining member, so that it stops trying to apply the previous set of certification information:
RESET SLAVE FOR CHANNEL group_replication_recovery; Or from MySQL 8.0.22: RESET REPLICA FOR CHANNEL group_replication_recovery;
A remote cloning operation clones settings that are persisted in tables from the donor to the recipient, as well as the data. Group Replication manages the settings that relate specifically to Group Replication channels. Group Replication member settings that are persisted in configuration files, such as the group replication local address, are not cloned and are not changed on the joining member. Group Replication also preserves the channel settings that relate to the use of SSL, so these are unique to the individual member.
If the replication user credentials used by the donor for the
channel have been stored in the replication metadata
repositories using a
SOURCE TO |
TO statement, they are transferred to and used by
the joining member after cloning, and they must be valid
there. With stored credentials, all group members that
received state transfer by a remote cloning operation
therefore automatically receive the replication user and
password for distributed recovery. If you specify the
replication user credentials on the
GROUP_REPLICATION statement, these are used to start
the remote cloning operation, but they are not transferred to
and used by the joining member after cloning. If you do not
want the credentials transferred to new joiners and recorded
there, ensure that you unset them before remote cloning
operations take place, as described in
Section 18.6.3, “Securing Distributed Recovery Connections”,
to supply them instead.
PRIVILEGE_CHECKS_USER account has been
used to help secure the replication appliers (see
Section 18.104.22.168, “Privilege Checks For Group Replication Channels”), from MySQL
and related settings from the donor are cloned to the joining
member. If the joining member is set to start Group
Replication on boot, it automatically uses the account for
privilege checks on the appropriate replication channels. (In
MySQL 8.0.18, due to a number of limitations, it is
recommended that you do not use a
PRIVILEGE_CHECKS_USER account with Group
Group Replication initiates and manages cloning operations for distributed recovery. Group members that have been set up to support cloning may also participate in cloning operations that a user initiates manually. For example, you might want to create a new server instance by cloning from a group member as the donor, but you do not want the new server instance to join the group immediately, or maybe not ever.
In all releases that support cloning, you can initiate a cloning operation manually involving a group member on which Group Replication is stopped. Note that because cloning requires that the active plugins on a donor and recipient must match, the Group Replication plugin must be installed and active on the other server instance, even if you do not intend that server instance to join a group. You can install the plugin by issuing this statement:
INSTALL PLUGIN group_replication SONAME 'group_replication.so';
In releases before MySQL 8.0.20, you cannot initiate a cloning
operation manually if the operation involves a group member on
which Group Replication is running. From MySQL 8.0.20, you can
do this, provided that the cloning operation does not remove
and replace the data on the recipient. The statement to
initiate the cloning operation must therefore include the
DATA DIRECTORY clause if Group Replication