From GaussDB(for MySQL) Primary/Standby to GaussDB(for MySQL) Primary/Standby (Dual-Active DR)

Supported Source and Destination Databases

**Table 1** Supported databases
Service database	DR Database
GaussDB(for MySQL) primary/standby	GaussDB(for MySQL) primary/standby

Prerequisites

You have logged in to the DRS console.
Your account balance is greater than or equal to $0 USD.
For details about the supported DB types and versions, see Supported Databases.
If a subaccount is used to create a DRS task, ensure that an agency has been added. To create an agency, see Agency Management.

Suggestions

During the DR initialization, do not perform DDL operations on the service database. Otherwise, the task may be abnormal.
During DR initialization, ensure that no data is written to the DR database to ensure data consistency before and after DR.

The success of DR depends on environment and manual operations. To ensure a smooth DR, perform a DR trial before you start the DR task to help you detect and resolve problems in advance.
It is recommended that you start your DR task during off-peak hours to minimize the impact on your services.
- If the bandwidth is not limited, initialization of DR will increase query workload of the source database by 50 MB/s and occupy 2 to 4 vCPUs.
- To ensure data consistency, tables without a primary key may be locked for 3s during disaster recovery.
- The data in the DR process may be locked by other transactions for a long period of time, resulting in read timeout.
- If DRS concurrently reads data from a database, it will use about 6 to 10 sessions. The impact of the connections on services must be considered.
- If you read a table, especially a large table, during DR, the exclusive lock on that table may be blocked.
- For more information about the impact of DRS on databases, see What Is the Impact of DRS on Source and Destination Databases?
Data-Level Comparison
To obtain accurate comparison results, start data comparison at a specified time point during off-peak hours. If it is needed, select Start at a specified time for Comparison Time. Due to slight time difference and continuous operations on data, data inconsistency may occur, reducing the reliability and validity of the comparison results.

Precautions

Before creating a DR task, read the following precautions:

**Table 2** Precautions
Type	Restrictions
Database permissions	The service database user must have the following permissions: SELECT, CREATE, ALTER, DROP, DELETE, INSERT, UPDATE, TRIGGER, REFERENCES, SHOW VIEW, EVENT, INDEX, LOCK TABLES, CREATE VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, RELOAD, REPLICATION SLAVE, REPLICATION CLIENT, and WITH GRANT OPTION. The DR database user must have the following permissions: SELECT, CREATE, ALTER, DROP, DELETE, INSERT, UPDATE, TRIGGER, REFERENCES, SHOW VIEW, EVENT, INDEX, LOCK TABLES, CREATE VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, RELOAD, REPLICATION SLAVE, REPLICATION CLIENT, and WITH GRANT OPTION. The root account of the GaussDB(for MySQL) primary/standby instance has the preceding permissions by default.
Disaster recovery objects	Tables with storage engine different to MyISAM and InnoDB do not support disaster recovery. System tables are not supported. Triggers and events do not support disaster recovery. Accounts that have operation permissions on customized objects in the system database cannot be used for disaster recovery. DDL operations cannot be executed on the active database 2.
Service database configuration	The binlog of the service database must be enabled and use the row-based format. If the storage space is sufficient, store the service database binlog for as long as possible. The recommended retention period is seven days. The service database username or password cannot be empty. GTID must be enabled for the database. The service database name must contain 1 to 64 characters, including only lowercase letters, digits, hyphens (-), and underscores (_). The table name and view name in the service database cannot contain non-ASCII characters, or the following characters: '<>/\ If the expire_logs_days value of the database is set to 0, the disaster recovery may fail.
DR database configuration	The DR DB instance is running properly. If the DR DB instance is a primary/standby instance, the replication status must also be normal. The DR DB instance must have sufficient storage space. The major version of the active database 1 must be the same as that of the active database 2. Active database 2 must be an empty instance. After the forward task is started, active database 2 is set to read-only. After the backward task is started and DR is performed, active database 2 is restored to read/write. The binlog of the DR database must be enabled and use the row-based format. GTID must be enabled for the DR database.
Precautions	Dual-active DR supports backup in backward and forward directions. Due to certain uncontrollable factors, data may be inconsistent between the two sides. For example, if the load of active database 1 is too heavy and the load of active database 2 is light, data updates on the active database 1 synchronized to the active database 2 will be delayed due to the heave load, as a result, the operation sequence is changed and data becomes inconsistency. Therefore, divide data by unit (database, table, or row) and ensure the unit on one database is responsible for data read and write while on the other is read-only. In essence, in dual-active DR, both the databases play the active role but work differently. For details about common scenarios, see Common Exceptions in Real-Time Disaster. During the DR initialization, do not perform DDL operations on the source database. Otherwise, the DR task may be abnormal. If the same data on both databases is updated simultaneously, data conflicts may occur. DRS resolves the conflict by overwriting the previous settings with the last settings. When the deletion operation is performed, data is deleted and DRS does not perform any operation. When the insert operation is performed, DRS updates data with the latest inserted data. When the update operation is performed, the original data has been updated and DRS directly insert the new data. Primary key conflicts between the two sides need to be avoided. For example, you can use a UUID or the primary key rule of region+auto-increment ID to avoid conflicts. If the synchronization delay takes a long time due to connection interruption or network issues, you need to determine whether your services can tolerant the long-term delay. The dual-active DR is different from the single-active DR. Therefore, no active/standby switchover is required. The DR latency is uncontrollable. Therefore, DDL operations must be performed when no service is running, and both RPO and RTO are zero and latency is kept within 30 seconds on active database 1. Do not perform DDL operations on active database 2. (DRS synchronizes only the DDL operations on active database 1 to active database 2.) Ensure that the tables, columns, and rows are consistent in both the databases. (The table structures of both the active databases are consistent.) A backward task can be started only when the forward task is in the DR process and both RPO and RTO are less than 60s. After the dual-active DR task is in the DR process, perform tests on the active database 2 first. If the test results meet the requirements, switch certain service traffic to the active database 2.

Procedure

On the Disaster Recovery Management page, click Create Disaster Recovery Task.

On the Create Disaster Recovery Instance page, select a region, specify the task name, description, and the DR instance details, and click Next.

Figure 1 DR task information

**Table 3** Task and recipient description
Parameter	Description
Region	The region where your service is running. You can change the region.
Task Name	The task name consists of 4 to 50 characters, starts with a letter, and can contain only letters (case-insensitive), digits, hyphens (-), and underscores (_).
Description	The description consists of a maximum of 256 characters and cannot contain special characters !=<>'&"\

Figure 2 DR instance information

**Table 4** DR instance settings
Parameter	Description
DR Type	Select Dual-active. The DR type can be single-active or dual-active. If Dual-active is selected, two subtasks are created by default, a forward DR task and a backward DR task. NOTE: Only whitelisted users can use dual-active DR. To use this function, submit a service ticket. In the upper right corner of the management console, choose Service Tickets > Create Service Ticket to submit a service ticket.
Current Cloud RDS Instance Role	Select Active 1 or Active 2. This parameter specifies the role of the current RDS DB instance in the DR relationship and is available when DR Type is set to Dual-active. For details about how to choose active 1 and 2, see How Do I Select Active Database 1 and 2 for Dual-Active DR? Active 1: Initial data is available on the current cloud RDS when a task is created. Active 2: The RDS DB instance on the current cloud is empty when a task is created. Active 2 is used as an example.
Service DB Engine	Select GaussDB(for MySQL) Primary/Standby Edition.
DR DB Engine	Select GaussDB(for MySQL) Primary/Standby Edition.
Network Type	The public network is used as an example. Available options: VPN or Direct Connect and Public network. By default, the value is Public network.
DR DB Instance	The GaussDB(for MySQL) primary/standby instance you created.
Disaster Recovery Instance Subnet	Select the subnet where the disaster recovery instance is located. You can also click View Subnet to go to the network console to view the subnet where the instance resides. By default, the DRS instance and the destination DB instance are in the same subnet. You need to select the subnet where the DRS instance resides and ensure that there are available IP addresses. To ensure that the disaster recovery instance is successfully created, only subnets with DHCP enabled are displayed.
Enterprise Project	If the DB instance has been associated with an enterprise project, select the target project from the Enterprise Project drop-down list. You can also go to the ProjectMan console to create a project. For details about how to create a project, see ProjectMan User Guide.
Tags	This setting is optional. Adding tags helps you better identify and manage your tasks. Each task can have up to 10 tags. After a task is created, you can view its tag details on the Tags tab. For details, see Tag Management.

On the Disaster Recovery Management page, after the task is created, click Edit in the Operation column. The Configure Source and Destination Databases page.

Figure 3 DR task list

On the Configure Source and Destination Databases page, wait until the DR instance is created. Then, specify source and destination database information and click Test Connection for both the source and destination databases to check whether they have been connected to the DR instance. After the connection tests are successful, select the check box before the agreement and click Next.

Figure 4 Service database information

**Table 5** Service database settings
Parameter	Description
Source Database Type	By default, Self-built on ECS is selected. The source database can be a Self-built on ECS or an RDS DB instance. After selecting RDS DB instance, select the region where the source database resides and the region cannot be the same as the region where the destination database resides. The region where the destination database is located is the region where you log in to the management console. To use the RDS DB instance option, submit a service ticket.
IP Address or Domain Name	The IP address or domain name of the service database.
Port	The port of the service database. Range: 1 – 65535
Database Username	The username for accessing the service database.
Database Password	The password for the service database username. You can change the password if necessary. To change the password, perform the following operation after the task is created: If the task is in the Starting, Initializing, Disaster recovery in progress, or Disaster recovery failed status, in the DR Information area on the Basic Information tab, click Update Password next to the Source Database Password field. In the displayed dialog box, change the password. This action only updates DRS with the changed password.
SSL Connection	SSL encrypts the connections between the source and destination databases. If SSL is enabled, upload the SSL CA root certificate. NOTE: The maximum size of a single certificate file that can be uploaded is 500 KB. If the SSL certificate is not used, your data may be at risk.
Region	The region where the service DB instance is located. This parameter is selected by default. This parameter is available only when the source database is an RDS DB instance.
DB Instance Name	The name of the service DB instance. This parameter is available only when the source database is an RDS DB instance.
Database Username	The username for accessing the service database.
Database Password	The password for the service database username.

The IP address, domain name, username, and password of the service database are encrypted and stored in DRS and will be cleared after the task is deleted.

Figure 5 DR database information

**Table 6** DR database settings
Parameter	Description
DB Instance Name	The GaussDB(for MySQL) primary/standby instance you selected when creating the DR. This parameter cannot be changed.
Database Username	The username for accessing the DR database.
Database Password	The password for the database username. The password can be changed after a task is created. If the task is in the Starting, Initializing, Disaster recovery in progress, or Disaster recovery failed status, in the DR Information area on the Basic Information tab, click Update Password next to the Destination Database Password field. In the displayed dialog box, change the password. This action only updates DRS with the changed password. The database username and password are encrypted and stored in DRS, and will be cleared after the task is deleted.

On the Configure DR page, specify flow control and click Next.

Figure 6 DR settings

**Table 7** DR settings
Parameter	Description
Flow Control	You can choose whether to control the flow. Yes You can customize the maximum DR speed. In addition, you can set the time range based on your service requirements. The traffic rate setting usually includes setting of a rate limiting time period and a traffic rate value. Flow can be controlled all day or during specific time ranges. The default value is All day. A maximum of three time ranges can be set, and they cannot overlap. The flow rate must be set based on the service scenario and cannot exceed 9,999 MB/s. Figure 7 Flow control No The DR speed is not limited and the outbound bandwidth of the source database is maximally used, which causes read consumption on the source database accordingly. For example, if the outbound bandwidth of the source database is 100 MB/s and 80% bandwidth is used, the I/O consumption on the source database is 80 MB/s. NOTE: Flow control mode takes effect during the initial DR phase only. You can also change the flow control mode when the task is in the Configuration state. On the Basic Information tab, In the DR Information area, click Modify next to Flow Control. In the dialog box that is displayed, change the flow control mode. The flow control mode cannot be changed for a task that is in Starting state.
Migrate Definer to User	Yes The Definers of all source database objects will be migrated to the user. Other users do not have permissions for database objects unless these users are authorized. For details about authorization, see How Do I Maintain the Original Service User Permission System After Definer Is Forcibly Converted During MySQL Migration? No The Definers of all source database objects will not be changed. You need to migrate all accounts and permissions of the source database in the next step.

On the Check Task page, check the DR task.
- If any check fails, review the failure cause and rectify the fault. After the fault is rectified, click Check Again.
  For details about how to handle check failures, see Checking Whether the Source Database Is Connected in Data Replication Service User Guide.
  
  Figure 8 Pre-check
- If the check is complete and the check success rate is 100%, click Next.
  
  You can proceed to the next step only when all checks are successful. If there are any items that require confirmation, view and confirm the details first before proceeding to the next step.

On the displayed page, specify Start Time, Send Notification, SMN Topic, Synchronization Delay Threshold, RPO Synchronization Delay Threshold, RTO Synchronization Delay Threshold, Stop Abnormal Tasks After and DR instance details. Then, click Submit.

Figure 9 Task startup settings

**Table 8** Task and recipient description
Parameter	Description
Start Time	Set Start Time to Start upon task creation or Start at a specified time based on site requirements. NOTE: Starting a DR task may slightly affect the performance of the service and DR databases. You are advised to start a DR task during off-peak hours.
Send Notifications	SMN topic. This parameter is optional. If an exception occurs during disaster recovery, the system will send a notification to the specified recipients.
SMN Topic	This parameter is available only after you enable Send Notifications and create a topic on the SMN console and add a subscriber. For details, see Simple Message Notification User Guide.
Synchronization Delay Threshold	During disaster recovery, a synchronization delay indicates a time difference (in seconds) of synchronization between the service and DR database. If the synchronization delay exceeds the threshold you specify, DRS will send alarms to the specified recipients. The value ranges from 0 to 3,600. To avoid repeated alarms caused by the fluctuation of delay, an alarm is sent only after the delay has exceeded the threshold for six minutes. NOTE: Before setting the delay threshold, enable Send Notification. If the delay threshold is set to 0, no notifications will be sent to the recipient.
RTO Synchronization Delay Threshold	If the synchronization delay from the DRS instance to the DR database exceeds the threshold you specify, DRS will notify specified recipients. The value ranges from 0 to 3,600. To avoid repeated alarms caused by the fluctuation of delay, an alarm is sent only after the delay has exceeded the threshold for six minutes. NOTE: Before setting the RTO delay threshold, enable Send Notification. If the delay threshold is set to 0, no notifications will be sent to the recipient.
RPO Synchronization Delay Threshold	If the synchronization delay from the DRS instance to the service database exceeds the threshold you specify, DRS will notify specified recipients. The value ranges from 0 to 3,600. To avoid repeated alarms caused by the fluctuation of delay, an alarm is sent only after the delay has exceeded the threshold for six minutes. NOTE: Before setting the delay threshold, enable Send Notification. If the delay threshold is set to 0, no notifications will be sent to the recipient. In the early stages of an incremental disaster recovery, the synchronization delay is long because a large quantity of data is awaiting synchronization. In this case, no notifications will be sent.
Stop Abnormal Tasks After	Number of days after which an abnormal task is automatically stopped. The value must range from 14 to 100. The default value is 14. NOTE: Tasks in the abnormal state are still charged. If tasks remain in the abnormal state for a long time, they cannot be resumed. Abnormal tasks run longer than the period you set (unit: day) will automatically stop to avoid unnecessary fees.

After the DR task is submitted, view and manage it on the Disaster Recovery Management page.
- You can view the task status. For more information about task status, see Task Statuses.
- You can click in the upper-right corner to view the latest task status.