Related issue: https://github.com/github/gh-ost/issues/521 - Add --ssl-cert and --ssl-key options to specify SSL public/private key files - Allow combining --ssl-allow-insecure with other --ssl* flags. `mysql.RegisterTLSConfig` allows combining the corresponding parameters in the `tls.Config` it receives, so gh-ost should allow this. I found being able to pass --ssl-allow-insecure along with --ssl-ca, --ssl-cert, and --ssl-key useful in testing. - Use the same TLS config everywhere. Since the CLI only supports a single set of --ssl* configuration parameters, this should be fine -- `mysql.RegisterTLSConfig` documentation indicates the TLS config given will not be modified, so it can safely be used in many goroutines provided we also do not modify it. The previous implementation did not work when the TLS config was duplicated, which happens when gh-ost walks up the replication chain trying to find the master. This is because, when the config is duplicated, we must call `RegisterTLSConfig` again with the new config. This config is exactly the same, so it's easiest to side-step the issue by registering the TLS config once and using it everywhere.
14 KiB
Command line flags
A more in-depth discussion of various gh-ost
command line flags: implementation, implication, use cases.
aliyun-rds
Add this flag when executing on Aliyun RDS.
allow-master-master
See --assume-master-host
.
allow-on-master
By default, gh-ost
would like you to connect to a replica, from where it figures out the master by itself. This wiring is required should your master execute using binlog_format=STATEMENT
.
If, for some reason, you do not wish gh-ost
to connect to a replica, you may connect it directly to the master and approve this via --allow-on-master
.
approve-renamed-columns
When your migration issues a column rename (change column old_name new_name ...
) gh-ost
analyzes the statement to try an associate the old column name with new column name. Otherwise the new structure may also look like some column was dropped and another was added.
gh-ost
will print out what it thinks the rename implied, but will not issue the migration unless you provide with --approve-renamed-columns
.
If you think gh-ost
is mistaken and that there's actually no rename involved, you may pass --skip-renamed-columns
instead. This will cause gh-ost
to disassociate the column values; data will not be copied between those columns.
assume-master-host
gh-ost
infers the identity of the master server by crawling up the replication topology. You may explicitly tell gh-ost
the identity of the master host via --assume-master-host=the.master.com
. This is useful in:
- master-master topologies (together with
--allow-master-master
), wheregh-ost
can arbitrarily pick one of the co-masters and you prefer that it picks a specific one - tungsten replicator topologies (together with
--tungsten
), wheregh-ost
is unable to crawl and detect the master
assume-rbr
If you happen to know your servers use RBR (Row Based Replication, i.e. binlog_format=ROW
), you may specify --assume-rbr
. This skips a verification step where gh-ost
would issue a STOP SLAVE; START SLAVE
.
Skipping this step means gh-ost
would not need the SUPER
privilege in order to operate.
You may want to use this on Amazon RDS.
conf
--conf=/path/to/my.cnf
: file where credentials are specified. Should be in (or contain) the following format:
[client]
user=gromit
password=123456
concurrent-rowcount
Defaults to true
. See exact-rowcount
critical-load
Comma delimited status-name=threshold, same format as --max-load
.
--critical-load
defines a threshold that, when met, gh-ost
panics and bails out. The default behavior is to bail out immediately when meeting this threshold.
This may sometimes lead to migrations bailing out on a very short spike, that, while in itself is impacting production and is worth investigating, isn't reason enough to kill a 10 hour migration.
critical-load-interval-millis
When --critical-load-interval-millis
is specified (e.g. --critical-load-interval-millis=2500
), gh-ost
gives a second chance: when it meets critical-load
threshold, it doesn't bail out. Instead, it starts a timer (in this example: 2.5
seconds) and re-checks critical-load
when the timer expires. If critical-load
is met again, gh-ost
panics and bails out. If not, execution continues.
This is somewhat similar to a Nagios n
-times test, where n
in our case is always 2
.
cut-over
Optional. Default is safe
. See more discussion in cut-over
cut-over-lock-timeout-seconds
Default 3
. Max number of seconds to hold locks on tables while attempting to cut-over (retry attempted when lock exceeds timeout).
discard-foreign-keys
Danger: this flag will silently discard any foreign keys existing on your table.
At this time (10-2016) gh-ost
does not support foreign keys on migrated tables (it bails out when it notices a FK on the migrated table). However, it is able to support dropping of foreign keys via this flag. If you're trying to get rid of foreign keys in your environment, this is a useful flag.
See also: skip-foreign-key-checks
dml-batch-size
gh-ost
reads event from the binary log and applies them onto the ghost table. It does so in batched writes: grouping multiple events to apply in a single transaction. This gives better write throughput as we don't need to sync the transaction log to disk for each event.
The --dml-batch-size
flag controls the size of the batched write. Allowed values are 1 - 100
, where 1
means no batching (every event from the binary log is applied onto the ghost table on its own transaction). Default value is 10
.
Why is this behavior configurable? Different workloads have different characteristics. Some workloads have very large writes, such that aggregating even 50
writes into a transaction makes for a significant transaction size. On other workloads write rate is high such that one just can't allow for a hundred more syncs to disk per second. The default value of 10
is a modest compromise that should probably work very well for most workloads. Your mileage may vary.
Noteworthy is that setting --dml-batch-size
to higher value does not mean gh-ost
blocks or waits on writes. The batch size is an upper limit on transaction size, not a minimal one. If gh-ost
doesn't have "enough" events in the pipe, it does not wait on the binary log, it just writes what it already has. This conveniently suggests that if write load is light enough for gh-ost
to only see a few events in the binary log at a given time, then it is also light enough for gh-ost
to apply a fraction of the batch size.
exact-rowcount
A gh-ost
execution need to copy whatever rows you have in your existing table onto the ghost table. This can, and often be, a large number. Exactly what that number is?
gh-ost
initially estimates the number of rows in your table by issuing an explain select * from your_table
. This will use statistics on your table and return with a rough estimate. How rough? It might go as low as half or as high as double the actual number of rows in your table. This is the same method as used in pt-online-schema-change
.
gh-ost
also supports the --exact-rowcount
flag. When this flag is given, two things happen:
- An initial, authoritative
select count(*) from your_table
. This query may take a long time to complete, but is performed before we begin the massive operations. When--concurrent-rowcount
is also specified, this runs in parallel to row copy. Note:--concurrent-rowcount
now defaults totrue
. - A continuous update to the estimate as we make progress applying events. We heuristically update the number of rows based on the queries we process from the binlogs.
While the ongoing estimated number of rows is still heuristic, it's almost exact, such that the reported ETA or percentage progress is typically accurate to the second throughout a multiple-hour operation.
execute
Without this parameter, migration is a noop: testing table creation and validity of migration, but not touching data.
force-table-names
Table name prefix to be used on the temporary tables.
gcp
Add this flag when executing on a 1st generation Google Cloud Platform (GCP).
heartbeat-interval-millis
Default 100. See subsecond-lag
for details.
initially-drop-ghost-table
gh-ost
maintains two tables while migrating: the ghost table (which is synced from your original table and finally replaces it) and a changelog table, which is used internally for bookkeeping. By default, it panics and aborts if it sees those tables upon startup. Provide --initially-drop-ghost-table
and --initially-drop-old-table
to let gh-ost
know it's OK to drop them beforehand.
We think gh-ost
should not take chances or make assumptions about the user's tables. Dropping tables can be a dangerous, locking operation. We let the user explicitly approve such operations.
initially-drop-old-table
See initially-drop-ghost-table
initially-drop-socket-file
Default False. Should gh-ost
forcibly delete an existing socket file. Be careful: this might drop the socket file of a running migration!
max-lag-millis
On a replication topology, this is perhaps the most important migration throttling factor: the maximum lag allowed for migration to work. If lag exceeds this value, migration throttles.
When using Connect to replica, migrate on master, this lag is primarily tested on the very replica gh-ost
operates on. Lag is measured by checking the heartbeat events injected by gh-ost
itself on the utility changelog table. That is, to measure this replica's lag, gh-ost
doesn't need to issue show slave status
nor have any external heartbeat mechanism.
When --throttle-control-replicas
is provided, throttling also considers lag on specified hosts. Lag measurements on listed hosts is done by querying gh-ost
's changelog table, where gh-ost
injects a heartbeat.
See also: Sub-second replication lag throttling
max-load
List of metrics and threshold values; topping the threshold of any will cause throttler to kick in. See also: throttling
migrate-on-replica
Typically gh-ost
is used to migrate tables on a master. If you wish to only perform the migration in full on a replica, connect gh-ost
to said replica and pass --migrate-on-replica
. gh-ost
will briefly connect to the master but other issue no changes on the master. Migration will be fully executed on the replica, while making sure to maintain a small replication lag.
postpone-cut-over-flag-file
Indicate a file name, such that the final cut-over step does not take place as long as the file exists.
When this flag is set, gh-ost
expects the file to exist on startup, or else tries to create it. gh-ost
exits with error if the file does not exist and gh-ost
is unable to create it.
With this flag set, the migration will cut-over upon deletion of the file or upon cut-over
interactive command.
replica-server-id
Defaults to 99999. If you run multiple migrations then you must provide a different, unique --replica-server-id
for each gh-ost
process.
Optionally involve the process ID, for example: --replica-server-id=$((1000000000+$$))
.
It's on you to choose a number that does not collide with another gh-ost
or another running replica.
See also: concurrent-migrations
on the cheatsheet.
skip-foreign-key-checks
By default gh-ost
verifies no foreign keys exist on the migrated table. On servers with large number of tables this check can take a long time. If you're absolutely certain no foreign keys exist (table does not reference other table nor is referenced by other tables) and wish to save the check time, provide with --skip-foreign-key-checks
.
skip-renamed-columns
ssl
By default gh-ost
does not use ssl/tls connections to the database servers when performing migrations. This flag instructs gh-ost
to use encrypted connections. If enabled, gh-ost
will use the system's ca certificate pool for server certificate verification. If a different certificate is needed for server verification, see --ssl-ca
. If you wish to skip server verification, but still use encrypted connections, use with --ssl-allow-insecure
.
ssl-allow-insecure
Allows gh-ost
to connect to the MySQL servers using encrypted connections, but without verifying the validity of the certificate provided by the server during the connection. Requires --ssl
.
ssl-ca
--ssl-ca=/path/to/ca-cert.pem
: ca certificate file (in PEM format) to use for server certificate verification. If specified, the default system ca cert pool will not be used for verification, only the ca cert provided here. Requires --ssl
.
ssl-cert
--ssl-cert=/path/to/ssl-cert.crt
: SSL public key certificate file (in PEM format).
ssl-key
--ssl-key=/path/to/ssl-key.key
: SSL private key file (in PEM format).
test-on-replica
Issue the migration on a replica; do not modify data on master. Useful for validating, testing and benchmarking. See testing-on-replica
test-on-replica-skip-replica-stop
Default False
. When --test-on-replica
is enabled, do not issue commands stop replication (requires --test-on-replica
).
throttle-control-replicas
Provide a command delimited list of replicas; gh-ost
will throttle when any of the given replicas lag beyond --max-lag-millis
. The list can be queried and updated dynamically via interactive commands
throttle-http
Provide a HTTP endpoint; gh-ost
will issue HEAD
requests on given URL and throttle whenever response status code is not 200
. The URL can be queried and updated dynamically via interactive commands. Empty URL disables the HTTP check.
timestamp-old-table
Makes the old table include a timestamp value. The old table is what the original table is renamed to at the end of a successful migration. For example, if the table is gh_ost_test
, then the old table would normally be _gh_ost_test_del
. With --timestamp-old-table
it would be, for example, _gh_ost_test_20170221103147_del
.
tungsten
See tungsten
on the cheatsheet.