Page MenuHomePhabricator
Create Task
Maniphest T409926

Primary-replica switchover automation
Open, In Progress, MediumPublic
Actions

Description

The current process for master-replica switchover e.g. https://phabricator.wikimedia.org/T409818 requires multiple manual steps.
This task is to add automation to:

  • Add new safety checks around host and section health
  • Replace copypasting during the switchover process
  • Leverage data now available in the Zarcillo DB
  • Enable extensive unit/functional test (pytest)
  • Enable end-to-end integration tests on testbed T400056
  • Have it fully documented on wikitech so it can be used by any op
  • have a dry-run feature where it goes over each step, but doesn't really change anything
    • Provide timestamps for each step executed
      • Total read_only time on a MySQL level
    • More pre-flight checks such as
      • is pt-heartbeat running on the current master?
    • Make heartbeat migration more robust until it is migrated to a systemd service or moved remotely (so it is automatic and etcd-dependent)
    • It alters or checks some master-related variables automatically (pt-config-diff h=localhost /etc/my.cnf ?):
      • Alter expire_log_days variable
      • Alter gtid mode automatically
      • Alter semi-sync automatically

Improving testability and confidence on the automation to then implement switchover when the old master is unreachable (T196366) and later on implement emergency failover in T384810

Incremental implementation + test progress:

  • functional test
  • run against test-s4 section
  • run against prod on secondary DC
  • run against prod primary DC

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add switchover cookbookoperations/cookbooksmaster+810 -0
Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Draft: Allowing changing a host's replication masterrepos/sre/wmfmariadbpy!18fcerattoT373436switchover-helper
Add switchover helperrepos/sre/wmfmariadbpy!17fcerattoswitchover-helpermain
Customize query in GitLab

Related Objects
Search...

Event Timeline

FCeratto-WMF created this task.Nov 12 2025, 12:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 12 2025, 12:58 PM
FCeratto-WMF claimed this task.Nov 12 2025, 1:00 PM
FCeratto-WMF moved this task from Triage to Ready on the DBA board.
Marostegui mentioned this in T200306: Improve database master switchover script.Nov 12 2025, 1:01 PM
FCeratto-WMF updated the task description. (Show Details)Nov 12 2025, 1:29 PM
FCeratto-WMF changed the task status from Open to In Progress.Nov 17 2025, 12:35 PM
FCeratto-WMF triaged this task as Medium priority.
FCeratto-WMF moved this task from Ready to In progress on the DBA board.
FCeratto-WMF added a comment.Nov 17 2025, 12:38 PM

Moving code from https://gerrit.wikimedia.org/r/c/operations/cookbooks/+/1129904 into https://gitlab.wikimedia.org/repos/sre/wmfmariadbpy to:

  • initially provide a CLI tool for the team
  • later on a library that can be used in a switchover cookbook by other SREs
gerritbot added a comment.Nov 17 2025, 12:39 PM

Change #1129904 had a related patch set uploaded (by Federico Ceratto; author: Federico Ceratto):

[operations/cookbooks@master] Add switchover cookbook

https://gerrit.wikimedia.org/r/1129904

gerritbot added a project: Patch-For-Review.Nov 17 2025, 12:39 PM
FCeratto-WMF updated the task description. (Show Details)Nov 17 2025, 12:40 PM
Marostegui subscribed.Nov 25 2025, 3:21 PM

P85593 (An Untitled Masterwork)
1Test switchover in s8, active DC codfw, db2165 -> db2161
2Fallback without Zarcillo
3fetching dbconfig JSON
4mock-fetching https://noc.wikimedia.org/dbconfig/codfw.json
5Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2166.yaml
6mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2166.yaml
7Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2195.yaml
8mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2195.yaml
9Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2181.yaml
10mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2181.yaml
11Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2167.yaml
12mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2167.yaml
13Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2152.yaml
14mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2152.yaml
15Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2164.yaml
16mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2164.yaml
17Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2163.yaml
18mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2163.yaml
19Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2161.yaml
20mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2161.yaml
21Fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2154.yaml
22mock-fetching https://raw.githubusercontent.com/wikimedia/puppet/production/hieradata/hosts/db2154.yaml
23mock-fetching https://config-master.wikimedia.org/mediawiki.yaml
24Old primary: db2165
25Candidates: ['db2161']
26DC: codfw. Note: This is a switchover in the PRIMARY DC
27asking: Lock section on zarcillo
28▶ Check configuration differences between new and old primary:
29[switchover_helper.check_dbctl] Check dbctl conf
30Old primary db2165 dbctl struct: {'s8': {'candidate_master': False, 'percentage': 100, 'pooled': True, 'weight': 500}}
31new primary db2161 dbctl struct: {'s8': {'candidate_master': True, 'percentage': 100, 'pooled': True, 'weight': 500}}
32[switchover_helper.check_vars] Comparing MariaDB variables
33mock-running <<sudo db-mysql db2165 -e 'SHOW VARIABLES' -N -B>>
34mock-running <<sudo db-mysql db2161 -e 'SHOW VARIABLES' -N -B>>
35MariaDB variables check:
36 ✓ innodb_buffer_pool_size
37 ✓ innodb_log_write_ahead_size
38 ✓ innodb_flush_log_at_trx_commit
39 ✓ innodb_file_per_table
40 ✓ binlog_format
41 ✓ gtid_mode
42 ✓ sync_binlog
43 ✓ log_slave_updates
44 ✓ max_connections
45 ✓ max_allowed_packet
46 ✓ sql_mode
47 ✓ character_set_server
48 ✓ collation_server
49 ✓ db2165 is read-write (the DC is active)
50asking: Silence alerts on all hosts
51[switchover_helper.downtime] Setting downtime on A:db-section-s8
52asking: Set new primary db2161 dbctl weight to 0
53[switchover_helper.dbctl] Waiting for dbctl diff to be empty
54[switchover_helper.set_weight] Setting weight for db2161 to 0
55<dbctl.instance.weight announce_message>
56▶ Topology change: Move all replicas under the new primary
57asking: Execute sudo db-switchover --timeout=25 --only-slave-move db2165 db2161
58[switchover_helper.move_replicas] Moving replicas to db2161
59asking: Topology changes, move all replicas under the new primary
60mock-running <<sudo db-switchover --timeout=25 --only-slave-move db2165 db2161>>
61asking: Disable puppet on old primary db2165
62asking: Disable puppet on new primary db2161
63▶ Merge gerrit puppet change to promote the primary
64▶ DIY: run this after merging on Gerrit: ssh puppetserver1001.eqiad.wmnet -t sudo -i puppet-merge
65asking: Continue?
66▶ Entering primary failover section
67asking: Log the failover on irc
68asking: Set section s8 in read-only in dbctl?
69[switchover_helper.section_readonly] Setting section s8 read-only
70▶ Check that s8 is indeed read-only
71asking: Switch primaries
72[switchover_helper.switch_primary] Switching db2165 db2161 in s8
73mock-running <<sudo db-switchover --skip-slave-move db2165 db2161>>
74Checking replication status
75mock-running <<sudo db-mysql db2165 -e 'SHOW SLAVE STATUS' -B>>
76 ✓ db2165 is the primary source and not following replication
77 ✓ db2165 is not replicating (confirmed as current primary)
78mock-running <<sudo db-mysql db2161 -e 'SHOW SLAVE STATUS' -B>>
79 ✖ db2161 Slave_IO_Running: None
80 ✖ db2161 Slave_SQL_Running: None
81 ✓ db2161 no replication errors
82 ✖ db2161 invalid Seconds_Behind_Master: None
83 ℹ db2161 is replicating from port None
84 ⚠ db2161 is replicating from , not db2165
85asking: Promote new primary in dbctl and set section in read-write
86▶ Entering cleanup phase
87asking: Clean up heartbeat table(s) on new primary db2161
88mock-running <<sudo db-mysql db2161 heartbeat -e "DELETE FROM heartbeat WHERE file LIKE 'db2165%';">>
89asking: Enable and run puppet on old primary db2165
90[switchover_helper.run_puppet] Run puppet on old primary
91asking: Enable and run on new primary db2161
92[switchover_helper.run_puppet] Run puppet on new primary
93asking: Run set-master query on db2161
94▶ Changing events for query killer
95asking: Run set-replica query on db2165
96▶ Changing events for query killer
97▶ DIY: Merge the related CR for DNS configuration in Puppet then run ssh dns1004.wikimedia.org -t sudo authdns-update
98asking: Confirm when done
99asking: Update candidate primary dbctl setting db2165 as candidate and db2161 not candidate
100asking: Update Orchestrator candidate tags
101mock-running <<sudo cumin 'dborch*' 'orchestrator-client -c untag -i db2161 --tag name=candidate'>>
102mock-running <<sudo cumin 'dborch*' 'orchestrat3. Depooling / removal from API, vslow, dump groupsor-client -c tag -i db2165 --tag name=candidate'>>
103asking: Depool db2165
104▶ Completed

Some of the comments from our irc discussion:

  • The fetching from an external source should be informative and shouldn't break/block the switchover if unavailable. If unavailable, it should warn the operator about it so the candidate master host can be confirmed by some other (manual) means.
  • The lock of zarcillo isn't really locking anything, which is how it should be.
  • dbctl commands should show the diff and ask for confirmation by the operator
Marostegui added subtasks: T371483: Dry run for db-switchover when moving slaves, T371482: Better error handling for db-switchover.Nov 25 2025, 3:21 PM
CodeReviewBot added a comment.Dec 12 2025, 10:55 AM

fceratto opened https://gitlab.wikimedia.org/repos/sre/wmfmariadbpy/-/merge_requests/17

Draft: Add switchover helper

FCeratto-WMF mentioned this in rOSMDf90eac492b18: Add switchover helper.Dec 12 2025, 11:43 AM
FCeratto-WMF mentioned this in rOSMD02afd3b13a33: Add switchover helper.
FCeratto-WMF mentioned this in rOSMDaf3efc999eb1: Add switchover helper.Dec 12 2025, 1:11 PM
FCeratto-WMF mentioned this in rOSMDd58af92f9f28: Add switchover helper.Dec 12 2025, 2:17 PM
FCeratto-WMF renamed this task from Improve master-replica switchover (flip) automation to Primary-replica switchover automation.Dec 15 2025, 8:13 AM
gerritbot added a comment.Dec 15 2025, 8:40 AM

Change #1129904 abandoned by Federico Ceratto:

[operations/cookbooks@master] Add switchover cookbook

Reason:

The tool has been moved to https://gitlab.wikimedia.org/repos/sre/wmfmariadbpy/-/merge_requests/17

https://gerrit.wikimedia.org/r/1129904

FCeratto-WMF updated the task description. (Show Details)Dec 19 2025, 11:48 AM
FCeratto-WMF mentioned this in rOSMD189709353e53: Add switchover helper.Dec 23 2025, 4:48 PM
FCeratto-WMF mentioned this in rOSMD567d39b0f4fd: Add switchover helper.Wed, Jan 7, 10:15 AM
Marostegui merged a task: T200306: Improve database master switchover script.Mon, Jan 12, 12:42 PM
Marostegui added subscribers: jcrespo, Volans, Kormat, LSobanski.
FCeratto-WMF updated the task description. (Show Details)Fri, Jan 16, 11:54 AM
FCeratto-WMF updated the task description. (Show Details)
FCeratto-WMF mentioned this in rOSMD514e89f7bcf4: Add switchover helper.Tue, Jan 20, 7:08 PM
CodeReviewBot added a comment.Fri, Jan 23, 1:04 PM

fceratto opened https://gitlab.wikimedia.org/repos/sre/wmfmariadbpy/-/merge_requests/18

Draft: Allowing changing a host's replication master

FCeratto-WMF mentioned this in rOSMD4d1057e36aad: Add switchover helper.Fri, Jan 23, 7:08 PM
FCeratto-WMF mentioned this in rOSMD1c52b37c424e: Add switchover helper.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits