WL#10611: Group Replication: Disallow writes after leave group
Affects: Server-8.0 — Status: Complete
EXECUTIVE SUMMARY ================= This worklog improves the safeness on operations around Group Replication. Currently when STOP GROUP_REPLICATION is executed the group replication stops but clients are still able to do writes while the server is disconnected from the group, thence not replicating the writes to the group. This worklog enable super read only when STOP GROUP_REPLICATION is executed preventing clients to execute writes after it.
Functional Requirements ======================= FR1: STOP GROUP_REPLICATION must disallow writes. FR2: Failed STOP GROUP_REPLICATION due to insufficient user account privileges must not disallow writes. FR3: STOP GROUP_REPLICATION while Group Replication is not running must not disallow writes. Non-Functional Requirements =========================== NFR1: This worklog must not disallow writes when UNINSTALL PLUGIN group_replication fails, plugins can only be uninstalled while writes are allowed. NFR2: This worklog must not disallow writes when UNINSTALL PLUGIN group_replication is successful, plugins can only be uninstalled while writes are allowed.
OVERVIEW ======== The problem this worklog solves is that people stop the plugin, by executing STOP GROUP_REPLICATION, but the server: * continue to accept transactions that won't be transmitted to the group * fails to stop and continue to accept the transactions To improve safeness this worklog change the behaviour, so when executing STOP GROUP_REPLICATION it enables super read only mode.
SUMMARY OF CHANGES ================== Server core changes ------------------- 1. Extract the methods from class Read_mode_handler and delete it, now we don't need to maintain the state of super read mode because super_read_only will always be enabled after STOP GROUP_REPLICATION. 2. Anticipate the call to set super_read_only_mode when executing the Delayed_initialization_thread. This allowed to enable super read only before validation of plugin variables and other modules. 3. The enable of super_read_only_mode after executing STOP GROUP REPLICATION needs to done in three phases: 3.1. Mark all future transactions as "to_rollback"; 3.2. Wait for all pending transactions, if that takes too much time those transactions are rollback locally. 3.3 Set the super_read_only mode. These three steps are needed because super_read_only can only be set when there are no ongoing transactions.
Copyright (c) 2000, 2019, Oracle Corporation and/or its affiliates. All rights reserved.