High Performance MySQL (2012)

---

^[159^] If you’re using a nontransactional storage engine, shutting down the server without first running STOP SLAVE is ungraceful.

^[160^] This really is possible, even though MySQL doesn’t log any events until the transaction commits. See “Mixing Transactional and Nontransactional Tables” on page 498 for the details. Another scenario where this can happen is when the master crashes and recovers, but it didn’t have innodb_flush_log_at_trx_commit set to 1, so it loses some changes.

^[161^] As mentioned earlier, heartbeat records from pt-heartbeat can be a great help in figuring out approximately where in a binary log you should be looking for your event.

Replication Problems and Solutions

Breaking MySQL’s replication isn’t hard. The simple implementation that makes it easy to set up also means there are many ways to stop, confuse, and otherwise disrupt it. This section shows common problems, how they manifest themselves, and how you can solve or even prevent them.

Errors Caused by Data Corruption or Loss

For a variety of reasons, MySQL replication is not very resilient to crashes, power outages, and corruption caused by disk, memory, or network errors. You’ll almost certainly have to restart replication at some point due to one of these problems.

Most of the problems you’ll have with replication after an unexpected shutdown stem from one of the servers not flushing something to disk. Here are the issues you might encounter in the event of an unexpected shutdown:

Unexpected master shutdown

If the master isn’t configured with sync_binlog, it might not have flushed its last several binary log events to disk before crashing. The replication I/O thread may, therefore, have been in the middle of reading from an event that never made it to disk. When the master restarts, the replica will reconnect and try to read that event again, but the master will respond by telling it that there’s no such binlog offset. The binlog dump process is typically almost instantaneous, so this is not uncommon.

The solution to this problem is to instruct the replica to begin reading from the beginning of the next binary log. However, some log events will have been lost permanently, so you will need to use Percona Toolkit’s pt-table-checksum tool to check the server for inconsistencies so you can fix them. This loss of data could have been prevented by configuring the master with sync_binlog.

Even if you’ve configured sync_binlog, MyISAM data can still get corrupted when there’s a crash, and InnoDB transactions can be lost (but data won’t be corrupted) if innodb_flush_logs_at_trx_commit is not set to 1.

Unexpected replica shutdown

When the replica restarts after an unplanned shutdown, it reads its master.info file to determine where it stopped replicating. Unfortunately, this file is not synchronized to disk, so the information it contains is likely to be wrong. The replica will probably try to reexecute a few binary log events, which could cause some unique index violations. Unless you can determine where the replica really stopped, which is unlikely, you’ll have no choice but to skip the errors that result. The pt-slave-restart tool, part of Percona Toolkit, can help you with this.

If you use all InnoDB tables, you can look at the MySQL error log after restarting the replica. The InnoDB recovery process prints the binary log coordinates up to the point where it recovered, and you can use them to determine where to point the replica on the master. Percona Server offers a feature to automatically extract this information during the recovery process and update the master.info file for you, essentially making the replication coordinates transactional on the replica. MySQL 5.5 also offers options to control how the master.info and other files are synced to disk, helping reduce these problems.

In addition to data losses resulting from MySQL being shut down uncleanly, it’s not uncommon for binary logs or relay logs to be corrupted on disk. The following are some of the more common scenarios:

Binary logs corrupted on the master

If the binary log is corrupted on the master, you’ll have no choice but to try to skip the corrupted portion. You can run FLUSH LOGS on the master so it starts a new log file and point the replica at the beginning of the new log, or you can try to find the end of the bad region. Sometimes you can use SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1 to skip a single corrupt event. If there is more than one corrupt event, just repeat the process until they’ve all been skipped. If there’s a lot of corruption, though, you might not be able to do that; corrupt event headers can prevent the server from being able to find the next event. In that case you might have to do some manual work to find the next good event.

Relay logs corrupted on the replica

If the master’s binary logs are intact, you can use CHANGE MASTER TO to discard and refetch the corrupt relay logs. Just point the replica at the same position from which it’s currently replicating (Relay_Master_Log_File/Exec_Master_Log_Pos). This will cause it to throw away any relay logs on disk. MySQL 5.5 has some improvements in this regard: it can refetch relay logs automatically after a crash.

Binary log out of sync with the InnoDB transaction log

If the master crashes, InnoDB might record a transaction as committed even if it didn’t get written to the binary log on disk. There’s no way to recover the missing transaction, unless it’s in a replica’s relay log. You can prevent this with the sync_binlog parameter in MySQL 5.0, or thesync_binlog and safe_binlog parameters in MySQL 4.1.

When a binary log is corrupt, how much data you can recover depends on the type of corruption. There are several common types:

Bytes changed, but the event is still valid SQL

Unfortunately, MySQL cannot even detect this type of corruption. This is why it can be a good idea to routinely check that your replicas have the right data. This might be fixed in a future version of MySQL.

Bytes changed and the event is invalid SQL

You might be able to extract the event with mysqlbinlog and see garbled data, such as the following:

UPDATE tbl SET col?????????????????

Try to find the beginning of the next event, which you can do by adding the offset and length, and print it. You might be able to skip just this event.

Bytes omitted and/or the event’s length is wrong

In this case, mysqlbinlog will sometimes exit with an error or crash because it can’t read the event and can’t find the beginning of the next event.

Several events corrupted or were overwritten, or offsets have shifted and the next event starts at the wrong offset

Again, mysqlbinlog will not be much use.

When the corruption is bad enough that mysqlbinlog can’t read the log events, you’ll have to resort to some hex editing or other tedious techniques to find the boundaries between log events. This usually isn’t hard to do, because recognizable markers separate the events.

Here’s an example. First, let’s look at log event offsets for a sample log, as reported by mysqlbinlog:

$ mysqlbinlog mysql-bin.000113 | egrep '^# at '

# at 4

# at 98

# at 185

# at 277

# at 369

# at 447

A simple way to find offsets in the log is to compare the offsets to the output of the following strings command:

$ strings -n 2 -t d mysql-bin.000113

1 binpC'G

25 5.0.38-Ubuntu_0ubuntu1.1-log

99 C'G

146 std

156 test

161 create table test(a int)

186 C'G

233 std

243 test

248 insert into test(a) values(1)

278 C'G

325 std

335 test

340 insert into test(a) values(2)

370 C'G

417 std

427 test

432 drop table test

448 D'G

474 mysql-bin.000114

There’s a pretty recognizable pattern that should allow you to locate the beginnings of events. Notice that the strings that end with ’G are located one byte after the beginning of the log event. They are part of the fixed-length log event header.

The exact value will vary from server to server, so your results will vary depending on the server whose log you’re examining. With a little sleuthing, though, you should be able to find the pattern in your binary log and determine the next intact log event’s offset. You can then try to skip past the bad event(s) with the --start-position argument to mysqlbinlog, or use the MASTER_LOG_POS parameter to CHANGE MASTER TO.

Using Nontransactional Tables

If all goes well, statement-based replication usually works fine with nontransactional tables. However, if there’s an error in an update to a nontransactional table, such as the statement being killed before it is complete, the master and replica will end up with different data.

For example, suppose you’re updating a MyISAM table with 100 rows. If the statement updates 50 of the rows and then someone kills it, what happens? Half of the rows will have been changed, but not the other half. Replication is bound to get out of sync as a result, because the statement will replay on the replica and change all 100 rows. (MySQL will then notice that the statement caused an error on the master but not the replica, and replication will stop with an error.)

If you’re using MyISAM tables, be sure to run STOP SLAVE before stopping the MySQL server, or the shutdown will kill any running queries (including any incomplete update statements). Transactional storage engines don’t have this problem. If you’re using transactional tables, the failed update will be rolled back on the master and not logged to the binary log.

Mixing Transactional and Nontransactional Tables

When you use a transactional storage engine, MySQL doesn’t log the statements you execute to the binary log until the transactions commit. Thus, if a transaction is rolled back, MySQL won’t log the statements, so they won’t get replayed on the replica.

However, if you mix transactional and nontransactional tables and there’s a rollback, MySQL will be able to roll back the changes to the transactional tables, but the nontransactional ones will be changed permanently. As long as there are no errors, such as an update being killed partway through execution, this is not a problem: instead of just not logging the statements, MySQL logs the statements and then logs a ROLLBACK statement to the binary log. The result is that the same statements execute on the replica, and all is well. It’s a little less efficient, because the replica must do some work and then throw it away, but the replica will theoretically still be in sync with the master.

So far, so good. The problem is when the replica has a deadlock that didn’t happen on the master. The tables that use a transactional storage engine will roll back on the replica, but the replica won’t be able to roll back the nontransactional tables. As a result, the replica’s data will be different from the master’s.

The only way to prevent this problem is to avoid mixing transactional and nontransactional tables. If you do encounter the problem, the only way to fix it is to skip the error on the replica and resync the involved tables.

Row-based replication does not suffer from this problem. Row-based replication logs changes to rows, not SQL statements. If a statement changes some rows in a MyISAM table and an InnoDB table and then deadlocks on the master and rolls back the InnoDB table, the changes to the MyISAM table will still be logged to the binary log and replayed on the replica.

Nondeterministic Statements

Any statement that changes data in a nondeterministic way can cause a replica’s data to become different from its master’s when using statement-based replication. For example, an UPDATE with a LIMIT relies on the order in which the statement finds rows in the table. Unless the order is guaranteed to be the same on the master and the replica—for example, if the rows are ordered by primary key—the statement might change different rows on the two servers. Such problems can be subtle and difficult to notice, so some people make a policy of never using LIMIT with any statement that changes data. Another surprising source of nondeterministic behavior is a REPLACE or INSERT IGNORE on a table with more than one unique index—the server might choose a different “winner” on the master than on the replica.

Watch out for statements that involve INFORMATION_SCHEMA tables, too. These can easily differ between the master and the replica, so the results might vary as well. Finally, be aware that most server variables, such as @@server_id and @@hostname, will not replicate correctly before MySQL 5.1.

Row-based replication does not have these limitations.

Different Storage Engines on the Master and Replica

It’s often handy to have different storage engines on a replica, as we’ve mentioned throughout this chapter. However, in some circumstances, statement-based replication might produce different results on a replica with different storage engines than the master. For example, nondeterministic statements (such as the ones mentioned in the previous section) are more likely to cause problems if the storage engines on the master and the replica differ.

If you find that your replica’s data is falling out of sync with the master in specific tables, you should examine the storage engines used on both servers, as well as the queries that update those tables.

Data Changes on the Replica

Statement-based replication relies upon the replica having the same data as the master, so you should not make or allow any changes on the replica (using the read_only configuration variable accomplishes this nicely). Consider the following statement:

mysql> INSERT INTO table1 SELECT * FROM table2;

If table2 contains different data on the replica, table1 will end up with different data, too. In other words, data differences tend to propagate from table to table. This happens with all types of queries, not just INSERT ... SELECT queries. There are two possible outcomes: you’ll get an error such as a duplicate index violation on the replica, or you won’t get any error at all. Getting an error is a blessing, because at least it alerts you that your data isn’t the same on the replica. Invisibly different data can silently wreak all kinds of havoc.

The only solution to this problem is to resync the data from the master.

Nonunique Server IDs

This is one of the more elusive problems you might encounter with replication. If you accidentally configure two replicas with the same server ID, they might seem to work just fine if you’re not watching closely. But if you watch their error logs, or watch the master with innotop, you’ll notice something very odd.

On the master, you’ll see only one of the two replicas connected at any time. (Usually, all replicas are connected and replicating all the time.) On the replica, you’ll see frequent disconnect and reconnect error messages in the error log, but no mention of a misconfigured server ID.

Depending on the MySQL version, the replicas might replicate correctly but slowly, or they might not actually replicate correctly—any given replica might miss binary log events, or even repeat them, causing duplicate key errors (or silent data corruption). You can also cause problems on the master because of the increased load from the replicas fighting amongst themselves. And if replicas are fighting each other badly enough, the error logs can grow enormous in a very short time.

The only solution to this problem is to be careful when setting up your replicas. You might find it helpful to create a master list of replica-to–server ID mappings so that you don’t lose track of which ID belongs to each replica.^[162^] If your replicas live entirely within one network subnet, you can choose unique IDs by using the last octet of each machine’s IP address.

Undefined Server IDs

If you don’t define the server ID in the my.cnf file, MySQL will appear to set up replication with CHANGE MASTER TO but will not let you start the replica:

mysql> START SLAVE;

ERROR 1200 (HY000): The server is not configured as slave; fix in config file or with

CHANGE MASTER TO

This error is especially confusing if you’ve just used CHANGE MASTER TO and verified your settings with SHOW SLAVE STATUS. You might get a value from SELECT @@server_id, but it’s just a default. You have to set the value explicitly.

Dependencies on Nonreplicated Data

If you have databases or tables on the master that don’t exist on the replica, or vice versa, it’s quite easy to accidentally break replication. Suppose there’s a scratch database on the master that doesn’t exist on the replica. If any data updates on the master refer to a table in this database, replication will break when the replica tries to replay the updates. Similarly, if you create a table on the master and it already exists on the replica, replication will break.

There’s no way around this problem. The only way to prevent it is to avoid creating tables on the master that don’t exist on the replica.

How does such a table get created? There are many possible ways, and some are harder to prevent than others. For example, suppose you originally created a scratch database on the replica that didn’t exist on the master, and then you switched the master and replica for some reason. When you did this, you might have forgotten to remove the scratch database and its privileges. Now someone might connect to the new master and run a query in that database, or a periodic job might discover the tables and run OPTIMIZE TABLE on each of them.

This is one of the things to keep in mind when promoting a replica to master, or when deciding how to configure replicas. Anything that makes replicas different from masters, or vice versa, is a potential future problem.

Missing Temporary Tables

Temporary tables are handy for some uses, but unfortunately they’re incompatible with statement-based replication. If a replica crashes, or if you shut it down, any temporary tables the replica thread was using disappear. When you restart the replica, any further statements that refer to the missing temporary tables will fail.

There’s no safe way to use temporary tables on the master with statement-based replication. Many people love temporary tables dearly, so it can be hard to convince them of this, but it’s true.^[163^] No matter how briefly they exist, temporary tables make it difficult to stop and start replicas and to recover from crashes. This is true even if you use them only within a single transaction. (It’s slightly less problematic to use temporary tables on a replica, where they can be convenient, but if the replica is itself a master, the problem still exists.)

If replication stops because the replica can’t find a temporary table after a restart, there are really only a couple of things to do: you can skip the errors that occur, or you can manually create a table that has the same name and structure as the now-vanished temporary table. Either way, your data will likely become different on the replica if any write queries refer to the temporary table.

It’s not as hard as it seems to eliminate temporary tables. The two most useful properties of temporary tables are as follows:

§ They’re visible only to the connection that created them, so they don’t conflict with other connections’ temporary tables of the same names.

§ They go away when the connection closes, so you don’t have to remove them explicitly.

You can emulate these properties easily by reserving a database exclusively for pseudotemporary tables, where you’ll create permanent tables instead. You just have to choose unique names for them. Fortunately, that’s pretty easy to do: simply append the connection ID to the table name. For example, where you used to execute CREATE TEMPORARY TABLE top_users(...), now you can execute CREATE TABLE temp.top_users_1234(...), where 1234 is the value returned by CONNECTION_ID(). After your application is done with the pseudotemporary table, you can either drop it or let a cleanup process remove it instead. Having the connection ID in the table name makes it easy to determine which tables are not in use anymore—you can get a list of active connections from SHOW PROCESSLIST and compare it to the connection IDs in the table names.^[164^]

Using real tables instead of temporary tables has other benefits, too. For example, it makes it easier to debug your applications, because you can see the data the applications are manipulating from another connection. If you used a temporary table, you wouldn’t be able to do that as easily.

Real tables do have some overhead temporary tables don’t, however: it’s slower to create them because the .frm files associated with these tables must be synced to disk. You can disable the sync_frm option to speed this up, but it’s more dangerous.

If you do use temporary tables, you should ensure that the Slave_open_temp_tables status variable is 0 before shutting down a replica. If it’s not 0, you’re likely to have problems restarting the replica. The proper procedure is to run STOP SLAVE, examine the variable, and only then shut down the replica. If you examine the variable before stopping the replica processes, you’re risking a race condition.

Not Replicating All Updates

If you misuse SET SQL_LOG_BIN=0 or don’t understand the replication filtering rules, your replica might not execute some updates that have taken place on the master. Sometimes you want this for archiving purposes, but it’s usually accidental and has bad consequences.

For example, suppose you have a replicate_do_db rule to replicate only the sakila database to one of your replicas. If you execute the following commands on the master, the replica’s data will become different from the data on the master:

mysql> USE test;

mysql> UPDATE sakila.actor ...

Other types of statements can even cause replication to fail with an error because of nonreplicated dependencies.

Lock Contention Caused by InnoDB Locking Selects

InnoDB’s SELECT statements are normally nonlocking, but in certain cases they do acquire locks. In particular, INSERT ... SELECT locks all the rows it reads from the source table by default when using statement-based replication. MySQL needs the locks to ensure that the statement produces the same result on the replica when it executes there. In effect, the locks serialize the statement on the master, which matches how the replica will execute it.

You might encounter lock contention, blocking, and lock wait timeouts because of this design. One way to alleviate the problems is not to hold a transaction open longer than needed, so the locks cause less blocking. You can release the locks by committing the transaction as soon as possible on the master.

It can also help to keep your statements short, by breaking up large statements into several smaller ones. This is a very effective way to reduce lock contention, and even when it’s hard to do, it’s often worth it. (It’s quite simple with the pt-archiver tool in Percona Toolkit.)

Another workaround is to replace INSERT ... SELECT statements with a combination of SELECT INTO OUTFILE followed by LOAD DATA INFILE on the master. This is fast and doesn’t require locking. It is admittedly a hack, but it’s sometimes useful anyway. The biggest issues are choosing a unique name for the output file, which must not already exist, and cleaning up the output file when you’re done with it. You can use the CONNECTION_ID() technique we just discussed to ensure that the filename is unique, and you can use a periodic job (crontab on Unix,scheduled tasks on Windows) to purge unused output files after the connections that created them are finished with them.

You might be tempted to try to disable the locks instead of using these workarounds. There is a way to do so, but it’s not a good idea for most scenarios, because it makes it possible for your replica to fall silently out of sync with the master. It also makes the binary log useless for recovering a server. If, however, you decide that the risks are worth the benefits, the configuration change that accomplishes this is as follows:

# THIS IS NOT SAFE!

innodb_locks_unsafe_for_binlog = 1

This allows a statement’s results to depend on data it doesn’t lock. If a second statement modifies that data and then commits before the first statement, the two statements might not produce the same results when you replay the binary log. This is true both for replication and for point-in-time recovery.

To see how locking reads prevent chaos, imagine you have two tables: one without rows, and one whose single row has the value 99. Two transactions update the data. Transaction 1 inserts the second table’s contents into the first table, and transaction 2 updates the second (source) table, as depicted in Figure 10-16.

Figure 10-16. Two transactions update data, with shared locks to serialize the updates

Step 2 in this sequence of events is very important. In it, transaction 2 tries to update the source table, which requires it to place an exclusive (write) lock on the rows it wants to update. An exclusive lock is incompatible with any other lock, including the shared lock transaction 1 has placed on that row, so transaction 2 is forced to wait until transaction 1 commits. The transactions are serialized in the binary log in the order they committed, so replaying these transactions in binary log (commit) order will give the same results.

On the other hand, if transaction 1 doesn’t place a shared lock on the rows it reads for the INSERT, no such guarantee exists. Study Figure 10-17, which shows a possible sequence of events without the lock.

The absence of locks allows the transactions to be written to the binary log in an order that will produce different results when that log is replayed, as you can see in the illustration. MySQL logs transaction 2 first, so it will affect transaction 1’s results on the replica. This didn’t happen on the master. As a result, the replica will contain different data than the master.

We strongly suggest that you leave the innodb_locks_unsafe_for_binlog configuration variable set to 0 in most situations. Row-based replication avoids this whole scenario, of course, by logging actual data changes instead of statements.

Figure 10-17. Two transactions update data, but without a shared lock to serialize the updates

Writing to Both Masters in Master-Master Replication

Writing to both masters is a terrible idea. If you’re trying to make it safe to write to both masters at the same time, some of the problems have solutions, but not all. It takes an expert with a lot of battle scars to know the difference.

In MySQL 5.0, two server configuration variables help address the problem of conflicting AUTO_INCREMENT primary keys. The variables are auto_increment_increment and auto_increment_offset. You can use them to “stagger” the numbers the servers generate, so they interleave rather than collide.

However, this doesn’t solve all the problems you’ll have with two writable masters; it solves only the autoincrement problem, which probably accounts for just a small subset of the conflicting writes you’re likely to have. In fact, it actually adds several new problems:

§ It makes it harder to move servers around in the replication topology.

§ It wastes key space by potentially introducing gaps between numbers.

§ It doesn’t help unless all your tables have AUTO_INCREMENT primary keys, and it’s not always a good idea to use AUTO_INCREMENT primary keys universally.

You can generate your own nonconflicting primary key values. One way is to create a multicolumn primary key and use the server ID for the first column. This works well, but it makes your primary keys larger, which has a compound effect on secondary keys in InnoDB.

You can also use a single-column primary key, and use the “high bits” of the integer to store the server ID. A simple left-shift (or multiplication) and addition can accomplish this. For example, if you’re using the 8 most significant bits of an unsigned BIGINT (64-bit) column to hold the server ID, you can insert the value 11 on server 15 as follows:

mysql> INSERT INTO test(pk_col, ...) VALUES( (15 << 56) + 11, ...);

If you convert the result to base 2 and pad it out to 64 bits wide, the effect is easier to see:

mysql> SELECT LPAD(CONV(pk_col, 10, 2), 64, '0') FROM test;

+------------------------------------------------------------------+

| LPAD(CONV(pk_col, 10, 2), 64, '0') |

+------------------------------------------------------------------+

| 0000111100000000000000000000000000000000000000000000000000001011 |

+------------------------------------------------------------------+

The problem with this method is that you need an external way to generate key values, because AUTO_INCREMENT can’t do it for you. Don’t use @@server_id in place of the constant value 15 in the INSERT, because you’ll get a different result on the replica.

You can also turn to pseudorandom values using a function such as MD5() or UUID(), but these can be bad for performance—they’re big, and they’re essentially random, which is bad for InnoDB in particular. (Don’t use UUID() unless you generate the values in the application, becauseUUID() doesn’t replicate correctly with statement-based replication.)

It’s a hard problem to solve, and we usually recommend redesigning your application so that you have only one writable master instead. Who’d have guessed it?

Excessive Replication Lag

Replication lag is a frequent problem. No matter what, it’s a good idea to design your applications to tolerate some lag on the replicas. If the system can’t function with lagging replicas, replication might not be the correct architecture for your application. However, there are some steps you can take to help replicas keep up with the master.

The single-threaded nature of MySQL replication means it’s relatively inefficient on the replica. Even a fast replica with lots of disks, CPUs, and memory can easily fall behind a master, because the replica’s single thread usually uses only one CPU and disk efficiently. In fact, each replica typically needs to be at least as powerful as the master.

Locking on the replicas is also a problem. Other queries running on a replica might acquire locks that block the replication thread. Because replication is single-threaded, the replication thread won’t be able to do other work while it waits.

Replication tends to fall behind in two ways: spikes of lag followed by catching up, or staying steadily behind. The former pattern is usually caused by single queries that run for a long time, but the latter can crop up even when there are no long queries.

Unfortunately, at present it’s not as easy as we’d like to find out whether a replica is close to its capacity, as discussed earlier in this chapter. If your load were perfectly uniform at all times, your replicas would perform nearly as well at 99% capacity as at 10% capacity and when they reached 100% capacity they’d abruptly begin to fall behind. In reality, the load is unlikely to be steady, so when a replica is close to its write capacity you’ll probably see increased replication lag during times of peak load.

Logging queries on a replica and using a log analysis tool to see what’s really slow is one of the best things to do when replicas can’t keep up. Don’t rely on your instincts about what’s slow, and don’t base your opinion on how queries perform on the master, because replicas and masters have very different performance profiles. The best way to do this analysis is to enable the slow query log on a replica for a while, and then analyze it with pt-query-digest as discussed in Chapter 3. The standard MySQL slow query log can log queries the replication thread executes in MySQL 5.1 and newer, if you enable the log_slow_slave_statements option, so you can see which queries are slow when they’re replicated. Percona Server and MariaDB let you enable and disable this without restarting the server.

There’s not much you can tweak or tune on a replica that can’t keep up, aside from buying faster disks and CPUs (solid-state drives can help tremendously; see Chapter 9 for details). Most of the options involve disabling some things that cause extra work on the replica to try to reduce its load. One easy change is to configure InnoDB to flush changes to disk less frequently, so transactions commit more quickly. You can accomplish this by setting innodb_flush_log_at_trx_commit to 2. You can also disable binary logging on the replica, setinnodb_locks_unsafe_for_binlog to 1, and set delay_key_write to ALL for MyISAM. These settings trade safety for speed, though. If you promote a replica to be a master, make sure to reset these settings to safe values.

Don’t duplicate the expensive part of writes

Rearchitecting your application and/or optimizing your queries is often the best way to help the replicas keep up. Try to minimize the amount of work that has to be duplicated through your system. Any write that’s expensive on the master will be replayed on every replica. If you can move the work off the master onto a replica, only one of the replicas will have to do the work. You can then push the write results back up to the master, for example, with LOAD DATA INFILE.

Here’s an example. Suppose you have a very large table that you summarize into a smaller table for frequent processing:

mysql> REPLACE INTO main_db.summary_table (col1, col2, ...)

-> SELECT col1, sum(col2, ...)

-> FROM main_db.enormous_table GROUP BY col1;

If you perform that operation on the master, every replica will have to repeat the enormous GROUP BY query. If you do enough of this, the replicas will not be able to keep up. Moving the number crunching to one of the replicas can help. On the replica, perhaps in a special database reserved for the purpose of avoiding conflicts with the data being replicated from the master, you can run the following:

mysql> REPLACE INTO summary_db.summary_table (col1, col2, ...)

-> SELECT col1, sum(col2, ...)

-> FROM main_db.enormous_table GROUP BY col1;

Now you can use SELECT INTO OUTFILE, followed by LOAD DATA INFILE on the master, to move the results back up to the master. Voilà—the duplicated work is reduced to a simple LOAD DATA INFILE. If you have N replicas, you have just saved N – 1 enormous GROUP BY queries.

The problem with this strategy is dealing with stale data. Sometimes it’s hard to get consistent results by reading on the replica and writing on the master (a problem we address in detail in the following chapters). If it’s hard to do the read on the replica, you can simplify and still save your replicas a lot of work. If you separate the REPLACE and SELECT parts of the query, you can fetch the results into your application and then insert them back into the master. First, perform the following query on the master:

mysql> SELECT col1, sum(col2, ...) FROM main_db.enormous_table GROUP BY col1;

You can then insert the results back into the summary table by repeating the following query for every row in the result set:

mysql> REPLACE INTO main_db.summary_table (col1, col2, ...) VALUES (?, ?, ...);

Again, you’ve spared the replicas from the large GROUP BY portion of the query; separating the SELECT from the REPLACE means that the SELECT part of the query isn’t replayed on every replica.

This general strategy—saving the replicas from the expensive portion of a write—can help in many cases where you have queries whose results are expensive to calculate but cheap to handle once they’ve been calculated.

Do writes in parallel outside of replication

Another tactic for avoiding excessive lag on the replicas is to circumvent replication. Any writes you do on the master must be serialized on the replica, so it makes sense to think of “serialized writes” as a scarce resource. Do all your writes need to flow from the master to the replica? How can you reserve your replica’s limited serialized write capacity for the writes that really need to be done via replication?

Thinking of it in this light might help you prioritize writes. In particular, if you can identify some writes that are easy to do outside of replication, you can parallelize writes that would otherwise claim precious write capacity on the replica.

One great example is data archiving, which we discussed earlier in this chapter. OLTP archiving queries are often simple single-row operations. If you’re just moving unneeded rows from one table to another, there might be no reason these writes have to be replicated to replicas. Instead, you can disable binary logging for the archiving statements, and then run separate but identical archiving processes on the master and replicas.

It might sound crazy to copy the data to another server yourself instead of letting replication do it, but it can actually make sense for some applications. This is especially true if an application is the only source of updates to a certain set of tables. Replication bottlenecks often center around a small set of tables, and if you can handle just those tables outside of replication, you might be able to speed it up significantly.

Prime the cache for the replication thread

If you have the right kind of workload, you might benefit from parallelizing I/O on replicas by prefetching data into memory. This technique is not well known, for good reason. Most people should not use it, because it won’t work unless you have the right workload characteristics and hardware configuration. The other types of changes we’ve just been discussing are usually far better options, and there are lots more ways to apply them than you might think. However, we know of a small handful of large applications that benefit from prefetching data from disk.

There are two workable implementations for this. One idea is to use a program that reads slightly ahead of the replica’s SQL thread in the relay logs and executes the queries as SELECT statements. This causes the server to fetch some of the data from the disk into memory, so when the replica’s SQL thread executes the statement from the relay log, it doesn’t need to wait for data to be fetched from disk. In effect, the SELECT parallelizes I/O that the replica SQL thread must normally do serially. While one statement is changing data, the next statement’s data is being fetched from disk into memory.

The following conditions might indicate that prefetching will work:

§ The replication SQL thread is I/O-bound, but the replica server isn’t I/O-bound overall. A completely I/O-bound server won’t benefit from prefetching, because it won’t have any idle hard drives to do the work.

§ The replica has a lot of disk drives—perhaps eight or more drives per replica.

§ You use the InnoDB storage engine, and the working set is much too large to fit in memory.

An example workload that benefits from prefetching is one with a lot of widely scattered single-row UPDATE statements, which are typically high-concurrency on the master. DELETE statements might also benefit from this approach, but INSERT statements are less likely to—especially when rows are inserted sequentially—because the end of the index will already be “hot” from previous inserts.

If a table has many indexes, it might not be possible to prefetch all the data the statement will modify. The UPDATE statement might modify every index, but the SELECT will typically read only the primary key and one secondary index, in the best case. The UPDATE will still need to fetch other indexes for modification. That decreases how effective this tactic can be on tables with many indexes.

This technique is not a silver bullet. There are many reasons why it might not work for you or might even cause more problems. You should attempt it only if you know your hardware and operating system well. We know some people for whom this approach increased replication speed by 300% to 400%, but we’ve tried it ourselves many times and found it usually doesn’t work. Getting the parameters right is important, but there isn’t always a right combination of parameters.

The mk-slave-prefetch tool, which is part of Maatkit, is one implementation of the ideas we’ve described in this section. It has a lot of sophisticated features to try to work in as many cases as possible, but the drawback is that it has a lot of complexity and requires a lot of expertise to use. Another is Anders Karlsson’s slavereadahead tool, available from http://sourceforge.net/projects/slavereadahead/.

Another technique entirely, which is under development at the time of writing, is internal to InnoDB. It puts transactions into a special mode that causes InnoDB to “fake” updates, so a process can execute these fake updates and then the replication thread can do the real updates quickly. This is something we’re developing in Percona Server specifically for a very popular Internet-scale web application. Check on the status of this, because it’s bound to have changed by the time this book is published.

If you’re considering this technique, we think you would be well advised to get qualified advice from an expert who’s familiar with when it works and what other options are available. This is best reserved as a last-resort measure for when all else fails.

Oversized Packets from the Master

Another hard-to-trace problem in replication can occur when the master’s max_allowed_packet size doesn’t match the replica’s. In this case, the master can log a packet the replica considers oversized, and when the replica retrieves that binary log event, it might suffer from a variety of problems. These include an endless loop of errors and retries, or corruption in the relay log.

Limited Replication Bandwidth

If you’re replicating over limited bandwidth, you can enable the slave_compressed_protocol option on the replica (available in MySQL 4.0 and newer). When the replica connects to the master, it will request a compressed connection—the same compression any MySQL client connection can use. The compression engine used is zlib, and our tests show it can compress some textual data to roughly a third of its original size. The trade-off is that extra CPU time is required to compress the data on the master and decompress it on the replica.

If you have a slow link with a master on one side and many replicas on the other side, you might want to colocate a distribution master with the replicas. That way only one server connects to the master over the slow link, reducing the bandwidth load on the link and the CPU load on the master.

No Disk Space

Replication can indeed fill up your disks with binary logs, relay logs, or temporary files, especially if you do a lot of LOAD DATA INFILE queries on the master and have log_slave_updates enabled on the replica. The more a replica falls behind, the more disk space it is likely to use for relay logs that have been retrieved from the master but not yet executed. You can prevent these errors by monitoring disk usage and setting the relay_log_space configuration variable.

Replication Limitations

MySQL replication can fail or get out of sync, with or without errors, just because of its inherent limitations. A fairly large list of SQL functions and programming practices simply won’t replicate reliably (we’ve mentioned many of them in this chapter). It’s hard to ensure that none of these finds a way into your production code, especially if your application or team is large.^[165^]

Another issue is bugs in the server. We don’t want to sound negative, but many major versions of the MySQL server have historically had bugs in replication, especially in the first releases of the major version. New features, such as stored procedures, have usually caused more problems.

For most users, this is not a reason to avoid new features. It’s just a reason to test carefully, especially when you upgrade your application or MySQL. Monitoring is also important; you need to know when something causes a problem.

MySQL replication is complicated, and the more complicated your application is, the more careful you need to be. However, if you learn how to work with it, it works quite well.