Open gregcorbett opened 3 years ago
The issue would probably be different in the case of MariaDB where database and users are different 'things' and in the mysqldump used for import, creating the DB and dropping tables before creating them again use 'IF EXISTS', and tables are locked before importing data. Even though it seems sensible to stop the web server before an import, why is the import running at all when the failover is engaged? This implies a second instance (the non-failover) is operating in write mode?
There is a difference between the failover being "engaged" and the failover webserver happens to be in use at the time.
If the failover is engaged (i.e it is the primary instance serving production requests) then the import shouldn't be running - as worst case there is no database dump to pull and the scripts may fail ungracefully and drop the failover's database with nothing to restore.
The failover's webserver is always running currently however, and if a web request comes along at the right time and talks to the database just as the failover scripts wants to drop the existing data you get the above error.
If the incoming web request is 'legitimate', then maybe a better option would be to retry the import (some number of times) before failing? That way the legitimate user is less likely to be faced with a connection rejected.
Retrying n
times before resorting to shutting of the webserver seems like a good idea.
If the failover database happens to be in use when
1_runDbUpdate.sh
is run to update it, the update fails.This is because the existing GOCDB5 user can't be dropped, see below.
One solution would be to switch the webserver off (and back on) as part of
1_runDbUpdate.sh