Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
21.06.17, 22.08.12, 23.02.9, 23.08.5, 24.02.1
-
None
-
MXS-SPRINT-209, MXS-SPRINT-210
Description
Add a "safe"-option to auto_failover. If this option is set, auto-failover is only performed if the monitor believes no data would be lost. A manual version should also be added.
Original description:
------------------------------
In a two node setup with one master and one slave, if the slave starts to severely lag behind the master in terms of GTID, the monitor should not, in the case of a master-failure, promote the slave, if the last known GTID coordinate of the master is ahead by some configurable amount, but leave the slave as a slave.
An alternative approach to this would be to avoid failing over if the monitor is able to detect that transactions would be lost in the failover process. To allow for some amount of losses to happen, the number of transactions that are "an acceptable loss" should be configurable. For example, losing a handful of transactions might be a manually recoverable situation but losing thousands of transactions is not.