WL#10611: Group Replication: Disallow writes after leave group

Affects: Server-8.0 — Status: Complete

Description
Requirements
High Level Architecture
Low Level Design

EXECUTIVE SUMMARY
=================

This worklog improves the safeness on operations around Group
Replication.

Currently when STOP GROUP_REPLICATION is executed the group replication stops
but clients are still able to do writes while the server is disconnected from
the group, thence not replicating the writes to the group.

This worklog enable super read only when STOP GROUP_REPLICATION is executed
preventing clients to execute writes after it.

Functional Requirements
=======================

FR1: STOP GROUP_REPLICATION must disallow writes.

FR2: Failed STOP GROUP_REPLICATION due to insufficient user account privileges
     must not disallow writes.

FR3: STOP GROUP_REPLICATION while Group Replication is not running must not
     disallow writes.

Non-Functional Requirements
===========================

NFR1: This worklog must not disallow writes when UNINSTALL PLUGIN
      group_replication fails, plugins can only be uninstalled while writes are
      allowed.

NFR2: This worklog must not disallow writes when UNINSTALL PLUGIN
      group_replication is successful, plugins can only be uninstalled while
      writes are allowed.

OVERVIEW
========

The problem this worklog solves is that people stop the plugin, by executing
STOP GROUP_REPLICATION, but the server:
  * continue to accept transactions that won't be transmitted to the group
  * fails to stop and continue to accept the transactions

To improve safeness this worklog change the behaviour, so when executing STOP
GROUP_REPLICATION it enables super read only mode.

SUMMARY OF CHANGES
==================

Server core changes
-------------------

  1. Extract the methods from class Read_mode_handler and delete it, now we
     don't need to maintain the state of super read mode because
     super_read_only will always be enabled after STOP GROUP_REPLICATION.

  2. Anticipate the call to set super_read_only_mode when executing the
     Delayed_initialization_thread. This allowed to enable super read only
     before validation of plugin variables and other modules.

  3. The enable of super_read_only_mode after executing STOP GROUP REPLICATION
     needs to done in three phases:
     3.1. Mark all future transactions as "to_rollback";
     3.2. Wait for all pending transactions, if that takes too much time
          those transactions are rollback locally.
     3.3  Set the super_read_only mode.
     These three steps are needed because super_read_only can only be set when
     there are no ongoing transactions.