[MDEV-30755] slow shutdown on uninstall Created: 2023-02-28  Updated: 2024-02-02

Status: Open
Project: MariaDB Server
Component/s: Storage Engine - InnoDB
Fix Version/s: 11.1

Type: Task Priority: Major
Reporter: Sergei Golubchik Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-33364 pre-uninstall scriptlets should use s... Closed
Relates
relates to MDEV-23755 safety for upgrades (innodb) and pack... Closed

 Description   

InnoDB implements various levels of "fast shutdown", from the slowest when all logs are applied to data, to the crash-like, which causes a full recovery run on the next start.

The default is 1, "fast". But this works best if the server of exactly the same version is used for the next start.

On upgrades the slow shutdown is the safest. Redo log format used to change between versions in the past and it has happened that after the upgrade the server was not able to start (or, worse, corrupted the data).

In fact, it's generally safer to use a slow shutdown when the server is uninstalled. RPM/DEB before-uninstall (preun, prerm) scriptlet should always use the slowest and safest shutdown method.

Implementation ideas:

  • set global @@innodb_fast_shutdown=0
  • SHUTDOWN SLOW
  • SIGTERM for normal shutdown, SIGQUIT for slow (and SIGKILL for fast )

 Comments   
Comment by Daniel Black [ 2023-02-28 ]

Contradicting advice: MDEV-23755

Comment by Ian Gilfillan [ 2023-02-28 ]

Our documentation is unclear here. We used to state innodb_fast_shutdown=0 as a requirement when upgrading, but this was removed on marko's suggestion (MDEV-23755). monty has added the suggestion that fast_shutdown=0 is 'recommended' back in the docs in one location, but overall the docs don't now give a clear guideline to users. Basically, we currently state 1 is OK, but recommended is 0, which I wouldn't know what to do with.

Comment by Marko Mäkelä [ 2024-02-02 ]

For some time, it was somewhat unclear whether it is safe to upgrade to MariaDB Server 10.3 from earlier versions after a normal shutdown. It was possible to get into trouble by playing with innodb_force_recovery=3 (MDEV-13269). Finally, in MDEV-15912 a check for that was implemented: InnoDB would refuse to start if it recovers any incomplete transactions that contain nonempty insert undo logs.

Recently, there were some upgrade issues related to MDEV-29694, which could be worked around by executing a slow shutdown. These bugs have been fixed.

I do not think that we should generally recommend innodb_fast_shutdown=0. In the past, a support customer got data corruption due to MDEV-29905 (in combination with MDEV-29984 or MDEV-30009).

Generated at Thu Feb 08 10:18:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.