Rechercher dans le manuel MySQL

17.3.3.3 Recovering From Failed Replication Privilege Checks

Contents

If a privilege check against the PRIVILEGE_CHECKS_USER account fails, the transaction is not executed and replication stops for the channel. Details of the error and the last applied transaction are recorded in the Performance Schema replication_applier_status_by_worker table. Follow this procedure to recover from the error:

  1. Identify the replicated event that caused the error and verify whether or not the event is expected and from a trusted source. You can use mysqlbinlog to retrieve and display the events that were logged around the time of the error. For instructions to do this, see Section 7.5, “Point-in-Time (Incremental) Recovery Using the Binary Log”.

  2. If the replicated event is not expected or is not from a known and trusted source, investigate the cause. If you can identify why the event took place and there are no security considerations, proceed to fix the error as described below.

  3. If the PRIVILEGE_CHECKS_USER account should have been permitted to execute the transaction, but has been misconfigured, grant the missing privileges to the account and restart replication for the channel.

  4. If the transaction needs to be executed and you have verified that it is trusted, but the PRIVILEGE_CHECKS_USER account should not have this privilege normally, you can grant the required privilege to the PRIVILEGE_CHECKS_USER account temporarily. After the replicated event has been applied, remove the privilege from the account, and take any necessary steps to ensure the event does not recur if it is avoidable.

  5. If the transaction is an administrative action that should only have taken place on the master and not on the slave, or should only have taken place on a single replication group member, skip the transaction on the server or servers where it stopped replication, then issue START SLAVE to restart replication on the channel. To avoid the situation in future, you could issue such administrative statements with SET sql_log_bin = 0 before them and SET sql_log_bin = 1 after them, so that they are not logged on the master.

  6. If the transaction is a DDL or DML statement that should not have taken place on either the master or the slave, skip the transaction on the server or servers where it stopped replication, undo the transaction manually on the server where it originally took place, then issue START SLAVE to restart replication.

To skip a transaction, if GTIDs are in use, commit an empty transaction that has the GTID of the failing transaction, for example:

  1. SET GTID_NEXT='aaa-bbb-ccc-ddd:N';
  2. BEGIN;
  3. COMMIT;
  4. SET GTID_NEXT='AUTOMATIC';

If GTIDs are not in use, issue a SET GLOBAL sql_slave_skip_counter statement to skip the event, as described in Section 13.4.2.5, “SET GLOBAL sql_slave_skip_counter Statement”.


Find a PHP function

Document created the 26/06/2006, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/mysql-rf-replication-privilege-checks-recover.html

The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.

References

  1. View the html document Language of the document:en Manuel MySQL : https://dev.mysql.com/

These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.

Contents Haut