Updated on 2024-01-23 GMT+08:00

From DDM to DDM (Single-Active DR)

Supported Source and Destination Databases

Table 1 Supported databases

Service database

DR Database

DDM instances

DDM instances

Database Account Permission Requirements

To start a DR task, the service and DR database users must meet the requirements in the following table. Different types of DR tasks require different permissions. For details, see Table 2. DRS automatically checks the database account permissions in the pre-check phase and provides handling suggestions.

Table 2 Database account permission

Type

Permission Required

Service database user

The user of the service database must have at least one permission, for example, SELECT.

DR database user

The user of the DR database must have at least one permission, for example, SELECT.

  • You are advised to create an independent database account for DRS task connection to prevent task failures caused by database account password modification.
  • After changing the account passwords for the service and DR databases, modify the connection information in the DRS task as soon as possible to prevent automatic retry after a task failure. Automatic retry will lock the database accounts.

Prerequisites

Suggestions

  • During the DR initialization, do not perform DDL operations on the service database. Otherwise, the task may be abnormal.
  • During DR initialization, ensure that no data is written to the DR database to ensure data consistency before and after DR.
  • The success of DR depends on environment and manual operations. To ensure a smooth DR, perform a DR trial before you start the DR task to help you detect and resolve problems in advance.
  • It is recommended that you start your DR task during off-peak hours to minimize the impact on your services.
    • If the bandwidth is not limited, initialization of DR will increase query workload of the source database by 50 MB/s and occupy 2 to 4 vCPUs.
    • To ensure data consistency, tables without a primary key may be locked for 3s during disaster recovery.
    • The data in the DR process may be locked by other transactions for a long period of time, resulting in read timeout.
    • If DRS concurrently reads data from a database, it will use about 6 to 10 sessions. The impact of the connections on services must be considered.
    • If you read a table, especially a large table, during DR, the exclusive lock on that table may be blocked.
  • Data-Level Comparison

    To obtain accurate comparison results, start data comparison at a specified time point during off-peak hours. If it is needed, select Start at a specified time for Comparison Time. Due to slight time difference and continuous operations on data, data inconsistency may occur, reducing the reliability and validity of the comparison results.

Precautions

Before creating a DR task, read the following precautions:

Table 3 Environment Constraints

Type

Restrictions

Disaster recovery objects

  • Tables with storage engine different to MyISAM and InnoDB do not support disaster recovery.
  • Accounts that have operation permissions on customized objects in the system database cannot be used for disaster recovery.
  • System tables are not supported.
  • Triggers and events do not support disaster recovery.
  • Disaster recovery cannot be configured for a specific service database.
  • Disaster recovery of DDM account permissions is not supported.

Service database configuration

  • In the public network, EIPs must be bound to each DDM instance and the associated RDS for MySQL instance.
  • The binlog of the RDS for MySQL instance associated with the DDM instance must be enabled and uses the ROW format and GTID.
  • If the storage space is sufficient, store the service database binlog for as long as possible. The recommended retention period is seven days.
  • The service database name must contain 1 to 64 characters, including only lowercase letters, digits, hyphens (-), and underscores (_).
  • The table name in the service database cannot contain non-ASCII characters, or the following characters: '<>/\

DR database configuration

  • The DR DB instance is running properly. If the DR DB instance is a primary/standby instance, the replication status must also be normal.
  • The DR DB instance must have sufficient storage space.
  • The binlog and GTID of the RDS instance associated with the DDM instance must be enabled.
  • The minor version of the DR DDM instance must be the same as that of the service DDM instance.
  • The number of DDM DR instances must be the same as that of the RDS instances associated with the DDM service instance.
  • The sharding rules of the DDM DR instance must be the same as those of the DDMservice instance. You are advised to use the schema import and export functions to ensure sharding rule consistency.

Precautions

  • The parameter modification of the service database is not recorded in logs and is not synchronized to the DR database. Therefore, you need to modify the parameters after the DR database is promoted to the primary.
  • If a physically generated column in a table is generated based on a time type, the data in the column may be inconsistent.
  • The service database does not support point-in-time recovery (PITR).
  • Binlogs cannot be forcibly deleted. Otherwise, the DR task fails.
  • Resumable upload is supported, but data may be repeatedly inserted into a table that does not have a primary key.
  • If there is a DR task in a database, you are not allowed to create a migration or synchronization task (The database cannot be used as the source or destination database of the migration or synchronization task).
  • The DR relationship involves only one primary database. If the external database does not provide the superuser permission, it cannot be set to read-only when it acts as a standby database. Ensure that the data of the standby node is synchronized only from the primary node. Any other write operations will pollute the data in the standby database, data conflicts occur in the DR center and cannot be resolved.
  • The DDM DR database cannot create schemas automatically. You need to set the schema rules before disaster recovery.
  • After a task is created, you cannot add schemas to the service database or modify the old schema to associate with the new RDS DB instance. Otherwise, data cannot be backed up and restored or the task fails.
  • During DR, rebalance and reshard operations cannot be performed on DDM schemas.
  • During disaster recovery, if the password of the service database is changed, the DR task will fail. To rectify the fault, you can correct the service database information on the DRS console and retry the task to continue disaster recovery. Generally, you are advised not to modify the preceding information during disaster recovery.
  • If the service database port is changed during disaster recovery, the DR task fails. Generally, you are advised not to modify the service database port during disaster recovery.
  • During the DR initialization, do not perform DDL operations on the source database. Otherwise, the DR task may be abnormal.
  • Do not write data to the source database during the primary/standby switchover. Otherwise, data pollution or table structure inconsistency may occur, resulting in data inconsistency between the service database and DR database.

Procedure

  1. On the Disaster Recovery Management page, click Create Disaster Recovery Task.
  2. On the Create Disaster Recovery Instance page, select a region and project, specify the task name, description, and the DR instance details, and click Create Now.

    • Task information description
      Figure 1 DR task information
      Table 4 Task and recipient description

      Parameter

      Description

      Region

      The region where your service is running. You can change the region.

      Project

      The project corresponds to the current region and can be changed.

      Task Name

      The task name must start with a letter and consist of 4 to 50 characters. It can contain only letters, digits, hyphens (-), and underscores (_).

      Description

      The description consists of a maximum of 256 characters and cannot contain special characters !=<>'&"\

    • DR instance information
      Figure 2 DR instance information
      Table 5 DR instance settings

      Parameter

      Description

      DR Type

      Select Single-active.

      The DR type can be single-active or dual-active. If Dual-active is selected, two subtasks are created by default, a forward DR task and a backward DR task.

      NOTE:

      Only whitelisted users can use dual-active DR. To use this function, submit a service ticket. In the upper right corner of the management console, choose Service Tickets > Create Service Ticket to submit a service ticket.

      Disaster Recovery Relationship

      Select Current cloud as standby. This parameter is available only when you select Single-active.

      By default, Current cloud as standby is selected. You can also select Current cloud as active.

      • Current cloud as standby: The DR database is on the current cloud.
      • Current cloud as active: The service database is on the current cloud.

      Service DB Engine

      Select DDM.

      DR DB Engine

      Select DDM.

      Network Type

      The public network is used as an example.

      Available options: VPN or Direct Connect and Public network. By default, the value is Public network.

      DR DB Instance

      The DDM instance you created.

      Disaster Recovery Instance Subnet

      Select the subnet where the disaster recovery instance is located. You can also click View Subnet to go to the network console to view the subnet where the instance resides.

      By default, the DRS instance and the destination DB instance are in the same subnet. You need to select the subnet where the DRS instance resides and ensure that there are available IP addresses. To ensure that the disaster recovery instance is successfully created, only subnets with DHCP enabled are displayed.

      Destination Database Access

      Select Read-only. This parameter is available only when you select Single-active.

      • During disaster recovery, the entire DR database instance becomes read-only. To change the DR database to Read/Write, you can change the DR database (or destination database) to a service database by clicking Batch Operation > Primary/Standby Switchover on the Disaster Recovery Management page.
      • After the DR task is complete, the DR database changes to Read/Write.
      • When the external database functions as the DR database, the user with the superuser permission can set the database to read-only.
      • If a DRS instance node is rebuilt due to a fault, to ensure data consistency during the DRS task restoration, the current cloud standby database is set to read-only before the task is restored. After the task is restored, the synchronization relationship recovers.
    • AZ
      Figure 3 AZ
      Table 6 Task AZ

      Parameter

      Description

      AZ

      Select the AZ where you want to create the DRS task. Selecting the one housing the source or destination database can provide better performance.

    • Enterprise Project and Tags
      Figure 4 Enterprise projects and tags
      Table 7 Enterprise Project and Tags

      Parameter

      Description

      Enterprise Project

      An enterprise project you would like to use to centrally manage your cloud resources and members. Select an enterprise project from the drop-down list. The default project is default.

      For more information about enterprise projects, see Enterprise Management User Guide.

      To customize an enterprise project, click Enterprise in the upper right corner of the console. The Enterprise Project Management Service page is displayed. For details, see Creating an Enterprise Project in Enterprise Management User Guide.

      Tags

      • Tags a task. This configuration is optional. Adding tags helps you better identify and manage your tasks. Each task can have up to 20 tags.
      • After a task is created, you can view its tag details on the Tags tab. For details, see Tag Management.

    If a task fails to be created, DRS retains the task for three days by default. After three days, the task automatically stops.

  3. On the Configure Source and Destination Databases page, wait until the DR instance is created. Then, specify source and destination database information and click Test Connection for both the source and destination databases to check whether they have been connected to the DR instance. After the connection tests are successful, select the check box before the agreement and click Next.

    • Select Current cloud as the standby for Disaster Recovery Relationship in 2.
      Figure 5 Service database information
      Table 8 Service database settings

      Parameter

      Description

      Database Type

      Select a service database type.

      Region

      Indicates the region where the service DB instance is located. The region cannot be the current login region.

      DB Instance Name

      The name of the service DB instance.

      Database Username

      The username for accessing the service database.

      Database Password

      The password for the service database username.

      The IP address, domain name, username, and password of the service database are encrypted and stored in DRS and will be cleared after the task is deleted.

      Figure 6 DR database information
      Table 9 DR database settings

      Parameter

      Description

      DB Instance Name

      The DDM instance you selected when you create the DR task. The instance name cannot be changed.

      Database Username

      The username for accessing the DR database.

      Database Password

      The password for the database username. You can change the password if necessary. To change the password, perform the following operation after the task is created:

      If the task is in the Starting, Initializing, Disaster recovery in progress, or Disaster recovery failed status, in the DR Information area on the Basic Information tab, click Modify Connection Details. In the displayed dialog box, change the password.

      The database username and password are encrypted and stored in the system, and will be cleared after the task is deleted.

      • Select Current cloud as active for Disaster Recovery Relationship in 2.
        Figure 7 Service database information
        Table 10 Service database settings

        Parameter

        Description

        DB Instance Name

        The DDM instance you selected when you create the DR task. The instance name cannot be changed.

        Database Username

        The username for accessing the service database.

        Database Password

        The password for the database username. You can change the password if necessary. To change the password, perform the following operation after the task is created:

        If the task is in the Starting, Initializing, Disaster recovery in progress, or Disaster recovery failed status, in the DR Information area on the Basic Information tab, click Modify Connection Details. In the displayed dialog box, change the password.

        The database username and password are encrypted and stored in the system, and will be cleared after the task is deleted.

        Figure 8 DR database information
        Table 11 DR database settings

        Parameter

        Description

        Database Type

        Type of the DR database.

        Region

        The region where the DDM instance is located.

        DB Instance Name

        Name of the DR instance.

        NOTE:

        When the DB instance is used as the DR database, it is set to read-only. After the task is complete, the DB instance can be readable and writable.

        Database Username

        Username for logging in to the DR database.

        Database Password

        Password for the database username.

        The username and password of the DR databases are encrypted and stored in DRS, and will be cleared after the task is deleted.

  4. On the Configure DR page, specify flow control and click Next.

    Table 12 DR settings

    Parameter

    Description

    Flow Control

    You can choose whether to control the flow.

    • Yes

      You can customize the maximum DR speed.

      In addition, you can set the time range based on your service requirements. The traffic rate setting usually includes setting of a rate limiting time period and a traffic rate value. Flow can be controlled all day or during specific time ranges. The default value is All day. A maximum of three time ranges can be set, and they cannot overlap.

      The flow rate must be set based on the service scenario and cannot exceed 9,999 MB/s.

      Figure 9 Flow control
    • No
      The DR speed is not limited and the outbound bandwidth of the source database is maximally used, which causes read consumption on the source database accordingly. For example, if the outbound bandwidth of the source database is 100 MB/s and 80% bandwidth is used, the I/O consumption on the source database is 80 MB/s.
      NOTE:
      • Flow control mode takes effect only in the DR initialization phase.
      • You can also change the flow control mode when the task is in the Configuration state. For details, see Modifying the Flow Control Mode.

  5. On the Check Task page, check the DR task.

    • If any check fails, review the failure cause and rectify the fault. After the fault is rectified, click Check Again.

      For details about how to handle check failures, see Solutions to Failed Check Items in Data Replication Service User Guide.

      Figure 10 Pre-check
    • If the check is complete and the check success rate is 100%, click Next.

      You can proceed to the next step only when all checks are successful. If there are any items that require confirmation, view and confirm the details first before proceeding to the next step.

  6. On the displayed page, specify Start Time, Send Notification, SMN Topic, Synchronization Delay Threshold, RPO Synchronization Delay Threshold, RTO Synchronization Delay Threshold, Stop Abnormal Tasks After and DR instance details. Then, click Submit.

    Figure 11 Task startup settings
    Table 13 Task and recipient description

    Parameter

    Description

    Start Time

    Set Start Time to Start upon task creation or Start at a specified time based on site requirements.

    NOTE:

    Starting a DR task may slightly affect the performance of the service and DR databases. You are advised to start a DR task during off-peak hours.

    Send Notifications

    SMN topic. This parameter is optional. If an exception occurs during disaster recovery, the system will send a notification to the specified recipients.

    SMN Topic

    This parameter is available only after you enable Send Notifications and create a topic on the SMN console and add a subscriber.

    For details, see Simple Message Notification User Guide.

    Synchronization Delay Threshold

    During disaster recovery, a synchronization delay indicates a time difference (in seconds) of synchronization between the service and DR database.

    If the synchronization delay exceeds the threshold you specify, DRS will send alarms to the specified recipients. The value ranges from 0 to 3,600. To avoid repeated alarms caused by the fluctuation of delay, an alarm is sent only after the delay has exceeded the threshold for six minutes.

    NOTE:
    • Before setting the delay threshold, enable Send Notification.
    • If the delay threshold is set to 0, no notifications will be sent to the recipient.

    RTO Synchronization Delay Threshold

    If the synchronization delay from the DRS instance to the DR database exceeds the threshold you specify, DRS will notify specified recipients. The value ranges from 0 to 3,600. To avoid repeated alarms caused by the fluctuation of delay, an alarm is sent only after the delay has exceeded the threshold for six minutes.

    NOTE:
    • Before setting the RTO delay threshold, enable Send Notification.
    • If the delay threshold is set to 0, no notifications will be sent to the recipient.

    RPO Synchronization Delay Threshold

    If the synchronization delay from the DRS instance to the service database exceeds the threshold you specify, DRS will notify specified recipients. The value ranges from 0 to 3,600. To avoid repeated alarms caused by the fluctuation of delay, an alarm is sent only after the delay has exceeded the threshold for six minutes.

    NOTE:
    • Before setting the delay threshold, enable Send Notification.
    • If the delay threshold is set to 0, no notifications will be sent to the recipient.
    • In the early stages of an incremental disaster recovery, the synchronization delay is long because a large quantity of data is awaiting synchronization. In this case, no notifications will be sent.

    Stop Abnormal Tasks After

    Number of days after which an abnormal task is automatically stopped. The value must range from 14 to 100. The default value is 14.

    NOTE:
    • You can set this parameter only for pay-per-use tasks.
    • Tasks in the abnormal state are still charged. If tasks remain in the abnormal state for a long time, they cannot be resumed. Abnormal tasks run longer than the period you set (unit: day) will automatically stop to avoid unnecessary fees.

  7. After the task is submitted, view and manage it on the Disaster Recovery Management page.

    • You can view the task status. For more information about task status, see Task Statuses.
    • You can click in the upper-right corner to view the latest task status.
    • By default, DRS retains a task in the Configuration state for three days. After three days, DRS automatically deletes background resources, but the task status remains unchanged. When you reconfigure the task, DRS applies for resources again.