MariaDB/Rebooting a host

1. First, get a list of instances on the host (see MariaDB/Multiinstance for details).
2. Check if the host is used by mediawiki.

   sudo dbctl instance <instance> get
   # E.g. for single-instance host:
   #   sudo dbctl instance db1123 get
   # E.g. for multi-instance host:
   #  sudo dbctl instance db1102:3312 get
   #  sudo dbctl instance db1102:3313 get
   #  sudo dbctl instance db1102:3320 get
   

   If any of the instances are known to dbctl, then the host will need to be depooled if it's in an active DC, and repooled afterwards.
3. Downtime the host in icinga for 1h.

   sudo cookbook sre.hosts.downtime --hours 1 -r "Rebooting dbXXXX TXXXXXX" '<fqdn>'
   

   If the host has any replicas, they will also need to be downtimed, to prevent replication alerts from firing.
4. On the default config, MariaDB will dump its buffer pool index to disk, and load it automatically on start, decreasing its warmup period. If you want to avoid this (e.g. because the current buffer pool is not fully loaded), connect to each mysql instance and run:

   mysql> SET GLOBAL innodb_buffer_pool_dump_at_shutdown = OFF;
   

   Dynamically doing this will make this option not persist, and revert to ON on next reboot.
5. Stop mariadb instance(s) on the host

   # single-instance:
   sudo systemctl stop mariadb
   # multi-instance, for each section:
   sudo systemctl stop mariadb@<section>
   # E.g.:
   #  sudo systemctl stop mariadb@s2
   #  sudo systemctl stop mariadb@s3
   #  sudo systemctl stop mariadb@x1
   

6. Unmount /srv and disable swap, and finally reboot the host

   sudo umount /srv
   sudo swapoff -a
   sudo reboot
   

On most production hosts, the mariadb instance or instances won't restart automatically. This is intended behavior to prevent a crashed host to be pooled automatically with corrupt data or lag, before its health can be manually checked.

• If you just did an upgrade, or other kind of dangerous maintenance, it is better to avoid an automatic buffer pool load on start up. To do so, rename the file on each data directory from ib_buffer_pool to ib_buffer_pool.bak This will make the old buffer pool unusable, while allowing a dump to be produced the next time it shuts down for a normal restart.

• If an upgrade is about to be done, also make sure mariadb doesn't start replication automatically by running:

systemctl set-environment MYSQLD_OPTS="--skip-slave-start"

• After a clean reboot, you can start mariadb by running:

sudo systemctl start mariadb

or if it is a multi-instance host:

sudo systemctl start mariadb@<section1>
sudo systemctl start mariadb@<section2>

Where section is the sections that are setup on that particular server (m1, x1, etc.). Don't worry, only configured sections on puppet will start, others will fail to start if tried.

• The prometheus mysql exporter also needs to be started:

  # Single-instance:
  sudo systemctl start promtheus-mysqld-exporter
  # Multi-instance, per instance:
  sudo systemctl start promtheus-mysqld-exporter@<section>
  

• Replication should be running, which can be checked with:

sudo mysql -e "SHOW SLAVE STATUS"

(It should return IO thread running: Yes / SQL thread running: Yes)

If it is stopped and should be running, you can run:

sudo mysql -e "START SLAVE"

• depool the host from production, if possible (dbctl, haproxy, etc.). If it is not possible, weight the impact of availability vs the possibility of exposing bad or outdated data (e.g. cache db vs enwiki primary server)
• determine the root cause of the crash with os logs (syslog), hw logs (mgmt interface), etc.
• start the instance without replication starting automatically (systemctl set-environment MYSQLD_OPTS="--skip-slave-start")
• start mariadb
• check the error log journalctl -u mariadb (or mariadb@<section>)
• do a table check comparing it to other host check (db-compare) to ensure all data is consistent between all servers of the same section
  • Most production hosts have a configuration that makes them be durable on crash (innodb_flush_log_at_trx_commit=1). However, not all kinds of crash can ensure consistency (e.g. HW RAID controller failure)
• If the sever looks good, start replication and repool it into service

After booting / rebooting a host, please ensure the following services are running and start them if they aren't, as they will fail to start due to mariadb having stopped/failed: prometheus-mysqld-exporter (for all hosts) pt-heartbeat (only for active primary hosts, otherwise lag alerts will be fired)

We should try not to reboot primary db instances for obvious reasons, and switch its active primary status beforehand, but that is sometimes done not by choice!