recovering from a split brain
play

Recovering from a Split Brain (starring pg_waldump and pg_rewind) - PowerPoint PPT Presentation

Jun 23, 2023 •264 likes •606 views

Recovering from a Split Brain (starring pg_waldump and pg_rewind) About Me Software Engineer Team DB Braintree Payments PostgreSQL Contributor Background PostgreSQL clusters are often deployed with at least two nodes: a

  1. Recovering from a Split Brain (starring pg_waldump and pg_rewind)

  2. About Me • Software Engineer • Team DB • Braintree Payments • PostgreSQL Contributor

  3. Background • PostgreSQL clusters are often deployed with at least two nodes: a primary and a synchronous replica (via physical replication). • Typically availability of nodes in that cluster is managed automatically by external control. • In our case, Pacemaker manages failovers, and, before promoting a replica fences/STONITHs the primary via PDU control. • We would rather take an outage than suffer a split brain.

  4. What’s a Split-Brain? • In a cluster of database nodes, a split brain occurs when (often due to some kind of network partition) multiple nodes believe they are the primary node. • Suppose we have a timeline of operations: Primary Primary A 1 2 3 4 5 6 Primary B Replica 4’ 5’ 6’ 1 2 3

  5. Sidebar: HA Configuration • Unless you absolutely value uptime over data consistency, a failure to fence the current primary must mean failing to promote a new primary. • Understanding tradeoffs between availability and consistency is important. • Personal opinion: it’s easy to assume you would prefer uptime over data consistency. But data inconsistency, e.g. a split brain, can be extremely painful. • Know how your setup works and what tradeoffs the business is comfortable with!

  6. Suppose Fencing Fails… • …but reports success. • Now we have a split-brain! • (Not fun in production, but…fun for a presentation!)

  7. Sidebar: Why Should You Care?

  8. Sidebar: Why Care? • Even with all of the “right” tooling, the longer you run and the larger you grow, something (more than one thing) is going to bite you in production. • It’s a good idea to think about potential failure modes in advance, and have an idea of how you might investigate and respond to various ones. • In the moment is not the time you want to be trying to find out the tools we’re using in this talk even exist! • I’ve read postmortems of more than one high-profile incident.

  9. We’ve split-brained; now what? • First, we want to investigate what’s changed on each primary since the split. • WAL encodes all changes, so how about: • Logical decoding? Nope, can’t replay. • pg_waldump/pg_xlogdump

  10. pg_waldump • Docs: • “display a human-readable rendering of the write-ahead log…” • “…is mainly useful for debugging or educational purposes.” • Let’s try it out!

  11. <terminal demo>

  12. Investigating a Split Brain • First we need to know the point in WAL where the two primaries diverged. LOG: received promote request FATAL: terminating walreceiver process due to administrator command LOG: invalid record length at 3583/A6D4B9A0: wanted 24, got 0 LOG: redo done at 3583/A6D4B960 LOG: last completed transaction was at log time 2019-08-22 22:06:31.775485+00 LOG: selected new timeline ID: 6

  13. Investigating a Split Brain • So we have two indexes into the WAL stream to guide us: • 3583/A6D4B960: Last successfully applied record from primary. • 3583/A6D4B9A0: First divergent record.

  14. Sidebar: WAL Position Numbering • A position in WAL is a 64-bit integer, but is printed as two 32-bit hex- encoded values separated by a slash, trimming more than one leading zero on the values. • E.g., 3583/A6D4B960 is really hex 00-00-35-83-A6-D4-B9-60

  15. Sidebar: WAL Segment Numbering • Postgres includes many functions for working with WAL positions and segment filenames to make this easier. • A much more detailed explanation is available in this blog post: • http://eulerto.blogspot.com/2011/11/understanding-wal-nomenclature.html • But as a quick summary…

  16. Sidebar: WAL Segment Numbering • WAL file segments are named on disk as a 24 character hex string; 8 for the timeline, 8 for the logical WAL file, and 8 for the offset within that logical WAL file. • E.g., WAL position 3583/A6D4B960 (assuming timeline 1) is in the WAL segment named 0000000100003583000000A6. • Note: watch out for dropped leading zeros when trying to figure this out!

  17. Investigating a Split Brain • First we have to have a split brain to investigate! • Pretty simple to manually simulate: • Just promote a replica without fencing the existing primary. • Let’s try it out!

  18. <terminal demo>

  19. Understanding the Divergence • We can look at pg_waldump output and see the kinds of operations that have occurred since the divergence, but that output isn’t overly helpful at the application or business domain level. • Exception: if there are no COMMIT records on one of the primaries after the divergence point, then we can conclude there is no functional divergence. • But we really want to know domain impact. For example, we want know the tables (and ideally tuples values) changed on the divergent primary.

  20. Understanding the Divergence • So how do we determine domain impact? • Identify all transaction IDs that were committed after the divergence point. • Convert WAL operations into tuple data. • Manually investigate business impact/conflicts/etc.

  21. Understanding the Divergence • Identify all transaction IDs that were committed after the divergence point. • As simple as using grep, awk, and sed on pg_waldump output. pg_waldump … | grep COMMIT | awk '{ print $8; }' | sed ’s/,//' > committed_txids.txt

  22. 
 
 
 Understanding the Divergence • Convert WAL operations into tuple data. • First, dump relevant WAL. Consider this sequence of operations: 
 1. BEGIN; 2. INSERT …; 3. <split brain> 4. COMMIT; • Have to start far enough before the divergence point to include all transactions in flight at the divergence point.

  23. 
 
 
 Understanding the Divergence • Convert WAL operations into tuple data. • Second, parse out txid, relfilenode, block, offset, (logical) operation type. • Additionally, while parsing fields, keep track of chain of ctids to find the most recent tuple. Consider this sequence of operations: 
 1. <split brain> 2. UPDATE … WHERE pk = 1; 3. UPDATE … WHERE pk = 1; 4. COMMIT; • We only need (and can only easily find) the last version of a given row.

  24. Understanding the Divergence • Convert WAL operations into tuple data. • Finally, we can use that information to query the diverging primary to find the actual data inserted or updated. • Unfortunately we can’t easily figure out things that were deleted (unless it still exists on the original primary and we can find it there). • We also lose intermediate states of rows. • But even so we can get a reasonable view of activity post-divergence.

  25. Understanding the Divergence • Convert WAL operations into tuple data. • It all sounds intriguing, but how do we actually do it? • This is where the “and some custom scripting” in the abstract comes into play. • Let’s try it out!

  26. <terminal demo>

  27. Understanding the Divergence • Manually investigate business impact/conflicts/etc. • May want to investigate both primaries; whichever has the highest number of changes might be the one you want to keep around as the long-term primary. • This step is really up to you!

  28. Restoring the Cluster • Now that we’ve captured the information necessary to investigate the split brain, we want to bring the diverging node back into the cluster. • Prior to PostgreSQL 9.5, we had to re-sync the data directory, much as if we were adding an entirely new node to the cluster. But that takes a long time with TB of data! • Enter pg_rewind (added to PostgreSQL in version 9.5)!

  29. pg_rewind • Conceptually: according to the docs, resets the state of the data directory to the point* at which the divergence happened. • Requirements: • Cluster was initialized with data checksums or has wal_log_hints on. • The replica to have all WAL (beginning before the divergence) available (or, if not directly, you can set a restore command to retrieve it).

  30. pg_rewind: Details • Copies all config files, so be careful to make sure they’re correct! • Resets data files to the divergence point plus any changes on the source primary to the same blocks. • Therefore, by itself does not result in an immediately usable node.

  31. pg_rewind: Details • After “rewinding”, the replica needs to stream/restore all of the primary’s WAL beginning at the divergence point to be consistent. • The WAL is part of syncing the data directory, so when PostgreSQL starts that WAL will be replayed. • But if you don’t setup a recovery.conf first you’ll be at a split brain again! • Let’s try it out!

  32. <terminal demo>

  33. Summary • Your HA configuration should make split brains impossible. • We used pg_waldump’s (semi) human-readable output to diagnose what happened after a split brain. • We used pg_rewind to restore the divergent node to a consistent replica state and reintroduced it to the cluster.

  34. Q/A Talk Materials: https://github.com/jcoleman/Split-Brain-Recovery

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Your Brain v.s. a Banana Split: The Art of Mindful Ea:ng

Your Brain v.s. a Banana Split: The Art of Mindful Ea:ng

Your Brain v.s. a Banana Split: The Art of Mindful Ea:ng Jovan Duvall Jane Riebold Gabrielle Rowston Lyne6e Iseli Food and Your Feelings The Power

283 views • 11 slides
Chapter 1: Introduction Animism Dualism Monism Using our own brain to explain

Chapter 1: Introduction Animism Dualism Monism Using our own brain to explain

Chapter 1: Introduction Animism Dualism Monism Using our own brain to explain the brain? Can we explain consciousness? Blindsight Split brains--Is right hemisphere also thinking? Unilateral neglect Raised

469 views • 25 slides
BRAIN VENTRICULAR SYSTEM CSF THE BRAIN BRAIN The brain (encephalon) lies within the cranium. It

BRAIN VENTRICULAR SYSTEM CSF THE BRAIN BRAIN The brain (encephalon) lies within the cranium. It

BRAIN VENTRICULAR SYSTEM CSF THE BRAIN BRAIN The brain (encephalon) lies within the cranium. It receives information from, and controls the activities of, the trunk and limbs, mainly through rich connections with the spinal cord. The brain

522 views • 27 slides
SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws , 2 magnets 2 split cast plates and 2 retention disks 1 : remove the nut of the screw 2 : Fixe the screws on articulator 3 : Fixe the magnets on

205 views • 9 slides
PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite

PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite

NEW APPROACH TO GROSS DOMESTIC PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite Fiskovia 5, 21 000 Split; CROATIA e-mail: ante.rozga@efst.hr Elza Jurun, University of Split, Faculty of

595 views • 38 slides
Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute

Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute

Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute for Atmospheric and Climate Institute for Atmospheric and Climate Science (IACETH), Swiss Federal Institute of Technology Zrich (ETHZ) gy ( )

509 views • 27 slides
Revising for Languages exams Getting the best from the brain! The brain needs a

Revising for Languages exams Getting the best from the brain! The brain needs a

Bonjour! Guten Abend! Revising for Languages exams Getting the best from the brain! The brain needs a huge amount of energy to work well, so good nutrition and hydration is vital The brain has to recover each night, so a

548 views • 15 slides
Brain Injury Brain Injury: Definition: Brain injury refers to damage or destruction of A

Brain Injury Brain Injury: Definition: Brain injury refers to damage or destruction of A

1/29/2010 Driver Rehabilitation Following Brain Injury Brain Injury: Definition: Brain injury refers to damage or destruction of A Collaborative Effort brain tissue due to trauma or a wide range of medical conditions, e.g. anoxia,

440 views • 5 slides
Infectious Brain Disease Lab What is the coolest thing your brain does for you? What kinds of

Infectious Brain Disease Lab What is the coolest thing your brain does for you? What kinds of

Infectious Brain Disease Lab What is the coolest thing your brain does for you? What kinds of things make you sick? Which pathogens can get into the brain? prions Helminths (worms) brain infection How are diseases spread from 1 person to

422 views • 15 slides
Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD

Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD

Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD Student, Tepper School of Business, Carnegie Mellon University. (Joint Work with Egon Balas) MIP Model MIP Model min cx Contains x j 0 j 2 N x j

837 views • 56 slides
I-65/I 65/I-70 N 70 Nor orth th Split Split Pr Project oject Public Open House October 10,

I-65/I 65/I-70 N 70 Nor orth th Split Split Pr Project oject Public Open House October 10,

I-65/I 65/I-70 N 70 Nor orth th Split Split Pr Project oject Public Open House October 10, 2018 Alter Alt erna nativ tives es De Development elopment Pr Process ocess Define Problems Balance Define Identify Context

514 views • 36 slides
Understanding Wide Neural Networks Jaehoon Lee Google Brain HEP-AI Journal Club Feb 5, 2019

Understanding Wide Neural Networks Jaehoon Lee Google Brain HEP-AI Journal Club Feb 5, 2019

Understanding Wide Neural Networks Jaehoon Lee Google Brain HEP-AI Journal Club Feb 5, 2019 Joint work with Yasaman Bahri (Brain), Roman Novak (Brain), Jeffrey Pennington (Brain NYC), Sam Schoenholz (Brain), Jascha Sohl-Dickstein (Brain),

835 views • 42 slides
Recovering Minerals and Bitumen Recovering Minerals and Bitumen from Oil Sands Tailings from Oil

Recovering Minerals and Bitumen Recovering Minerals and Bitumen from Oil Sands Tailings from Oil

An Emerging Opportunity Recovering Minerals and Bitumen Recovering Minerals and Bitumen from Oil Sands Tailings from Oil Sands Tailings AGM Feb 21, 2008 1 Forward-looking information This presentation contains forward-looking information

600 views • 23 slides
Give us 4,000 -5,000 lbs and remain split from the Central Coast Meeting Goals: 1)

Give us 4,000 -5,000 lbs and remain split from the Central Coast Meeting Goals: 1)

Give us 4,000 -5,000 lbs and remain split from the Central Coast Meeting Goals: 1) Rationale for and against remaining split 2) Discussion about whether or not to split If group decides it is better to join Central Coast: 3) Background on

144 views • 13 slides
Pitch Anything by Oren Klaff BUYER 3 3 Neocortex Neocortex 2 2 Mid Brain Mid Brain

Pitch Anything by Oren Klaff BUYER 3 3 Neocortex Neocortex 2 2 Mid Brain Mid Brain

Pitch Anything by Oren Klaff BUYER 3 3 Neocortex Neocortex 2 2 Mid Brain Mid Brain Crocodile 1 Brain YOUR IDEA, DEAL OR PRODUCT THE CROC BRAIN HOW THE CROC BRAIN FILTERS INFORMATION FAST NOVEL VISUAL Croc Brain FAST 3 2

277 views • 8 slides
From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng

From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng

From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng Depts. of CSE and ECE UC San Diego abk@ucsd.edu http://vlsicad.ucsd.edu/~abk TAU-2016 Keynote: In Search of Lost Time Recovering

946 views • 47 slides
Exercise 1: Investigate JPEG Compression Goals : Investigate the compression efficiency of JPEG

Exercise 1: Investigate JPEG Compression Goals : Investigate the compression efficiency of JPEG

Exercise 1: Investigate JPEG Compression Goals : Investigate the compression efficiency of JPEG for gray-level images Measure and draw Rate-PSNR curves for JPEG (will use as reference later) Preparation 1 Install ImageMagick (for image

376 views • 4 slides
Resources for Computational Linguists seminar ss07 unix tools Michaela Regneri Magdalena wolska

Resources for Computational Linguists seminar ss07 unix tools Michaela Regneri Magdalena wolska

Resources for Computational Linguists seminar ss07 unix tools Michaela Regneri Magdalena wolska 30 April 2007 SS07 Res4CompLingsts unix /30 cat file btw, man command less / more file head [-n] / tail [-n] file | cat file | less wc

336 views • 7 slides
Shell Programming Put distinctive simple tools together to accomplish your goal zswu

Shell Programming Put distinctive simple tools together to accomplish your goal zswu

Shell Programming Put distinctive simple tools together to accomplish your goal zswu Computer Center, CS, NCTU Outline q Variable pre-operations q args, argc in Shell Scripts q Arithmetic and Logics Test commands q Control Structures:

1.4k views • 62 slides
Learn the Python interpreter COMMAN D LIN E AUTOMATION IN P YTH ON Noah Gift Lecturer,

Learn the Python interpreter COMMAN D LIN E AUTOMATION IN P YTH ON Noah Gift Lecturer,

Learn the Python interpreter COMMAN D LIN E AUTOMATION IN P YTH ON Noah Gift Lecturer, Northwestern &amp; UC Davis &amp; UC Berkeley | Founder, Pragmatic AI Labs Three Laws of Automation 1. Any task that is talked about being automated,

526 views • 24 slides
Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Chair of Software Engineering Trusted Components Prof. Dr. Bertrand Meyer Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see course page) Axiomatic semantics chapter in Introduction to the

628 views • 30 slides
Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and

Axiomatic semantics Pre- and post conditions We use program variables (e.g. x , y ), and Proofs based on semantics are too detailed logical variables (e.g. n ) Restriction to certain kinds of properties partial correctness Example:

283 views • 6 slides
Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1

Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1

History TinyImp Hoare Logic Imperative Programming Languages Christine Rizkallah CSE, UNSW (and data61) Term 3 2019 1 History TinyImp Hoare Logic Imperative Programming imper o Definition Imperative programming is where programs are

1.25k views • 92 slides
15-411: Dynamic Semantics Jan Ho ff mann Dynamic Semantics Static semantics: definition of

15-411: Dynamic Semantics Jan Ho ff mann Dynamic Semantics Static semantics: definition of

15-411: Dynamic Semantics Jan Ho ff mann Dynamic Semantics Static semantics: definition of valid programs Dynamic semantics: definition of how programs are executed So far: Dynamic semantics is given in English on lab handouts This

1.54k views • 137 slides

More recommend