In the Internal MySQL pane, you configure the internal MySQL clusters for TAS for VMs. Only configure this section if you selected Internal MySQL clusters in the Databases pane.

To configure the Internal MySQL pane:

  1. Select Internal MySQL.

  2. For Replication canary time period, enter in seconds how frequently the canary checks for replication failure. The default value is 30. Leave the default of 30 seconds or modify the value based on the needs of your deployment. Lower numbers cause the canary to run more frequently, which means that the canary reacts more quickly to replication failure but adds load to the database.

  3. For Replication canary read delay, enter in seconds how long the canary waits before verifying that data is replicating across each MySQL node. The default value is 20. Leave the default of 20 seconds or modify the value based on the needs of your deployment. Clusters under heavy load can experience a small replication lag as write-sets are committed across the nodes.

  4. For Email address, enter the email address to which the MySQL service sends alerts when the cluster experiences a replication issue or when a node is not allowed to auto-rejoin the cluster.

  5. The Allow command history check box is selected by default. When this check box is selected, command line history files can be created on MySQL nodes. To prohibit command line history files from being created on the MySQL nodes, deselect this check box.

  6. To allow admin and read-only admin users to connect from any remote host, select the Allow remote admin access check box. When this check box is deselected, admins must bosh ssh into each MySQL VM to connect as the MySQL super user.

    Network configuration and ASG restrictions might still limit a client's ability to establish a connection with the databases.

  7. For Cluster probe timeout, enter in seconds the maximum amount of time that a new node searches for existing cluster nodes. The default value is 10.

  8. For Maximum connections, enter the maximum number of concurrent connections allowed to the database. The default value is 3500.

  9. Under Server activity logging, select one of the following options:

    • To configure the MySQL service to log audit events:
    • Select Allow.

      1. For Event types, you can enter the events you want the MySQL service to log. By default, this field includes the following event types:
      2. connect: Tracks who connects to the system.
      3. query: Tracks which queries are processed.
        For more information about which events the Percona MySQL server can log, see the Percona documentation.

      Important Internal MySQL audit logs are not forwarded to the syslog server because they can contain personally identifying information (PII) and secrets.
      You can use the download-logs script to retrieve the logs, which each MySQL cluster node VM stores in /var/vcap/store/mysql_audit_logs/. For more information, see Script to download MySQL logs for TAS for VMs or Tile HA Clusters in the Broadcom Support Knowledge Base.

    • To prevent the MySQL service from logging audit events, select Do not allow.

  10. For Load balancer healthy threshold, enter in seconds the amount of time to wait until reporting that the MySQL Proxy instance has started. This allows an external load balancer time to register the instance as healthy. The default value is 0.

  11. For Load balancer unhealthy threshold, enter in seconds the amount of time that the MySQL Proxy continues to accept connections before shutting down. During this period, the health check reports the MySQL Proxy instance as unhealthy to cause load balancers to fail over to other proxies. You must enter a value greater than or equal to the maximum time it takes your load balancer to consider a proxy instance unhealthy, given repeated failed health checks. The default value is 30.

  12. To allow MySQL Proxy to listen on port 3336, select the Connect to inactive MySQL node check box. When you run MySQL in HA mode, this feature allows you to connect to a MySQL node that is not serving traffic, so that you can run auditing and reporting queries without affecting performance.

  13. To configure MySQL Interruptor to prevent MySQL nodes with inconsistent data from writing to the MySQL database, select the Prevent node auto re-join check box.

  14. Click Save.

For more information about how to monitor the node health of your MySQL Proxy instances, see Using the MySQL Proxy.

Script to download MySQL logs for TAS for VMs or Tile HA Clusters

When using MySQL High Availability (HA) clusters (Galera) in TAS for VMs, and in the tile, there are many different logs that are useful when investigating customer issues. The download-logs script is useful for gathering the complete set of logs for TAS for VMs or MySQL tile HA (Galera) clusters.

  1. Get the latest download-logs tool from the MySQL tile downloads on Tanzu Network.

  2. Confirm that the download-logs script is executable. Then run download-logs with no arguments to see the help text:

    $ chmod +x download-logs
    $ ./download-logs
    BOSH_DEPLOYMENT, BOSH_ENVIRONMENT, BOSH_CLIENT_SECRET, BOSH_CLIENT, and BOSH_CA_CERT are required environment variables
    Usage:
      -o (Required) The output directory
      -X (Optional) Include audit and binary logs
    
      This tool requires the bosh v2 cli and the following environment variables to be set:
        BOSH_ENVIRONMENT
        BOSH_CLIENT_SECRET
        BOSH_CLIENT
        BOSH_CA_CERT
        BOSH_DEPLOYMENT
    
      Optionally if you require communicating with your BOSH director through a gateway, you must set:
        BOSH_GW_PRIVATE_KEY
        BOSH_GW_USER
        BOSH_GW_HOST
    
  3. Get the environment variable information from the Director credentials under BOSH Commandline Credentials.

    Note These will be at https://OPS-MANAGERFQDN/api/v0/deployed/director/credentials/bosh_commandline_credentials.

  4. Get the deployment name using the command, ’

    bosh deployments --column=name'
    
  5. Set the variables for the BOSH CLI and the deployment. For example, when running ‘download-logs’ for this TAS deployment, the output would look like the example below:

    $ export BOSH_CLIENT=ops_manager BOSH_CLIENT_SECRET=<secret> BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate BOSH_ENVIRONMENT=<bosh_director_ip>
    
    $ export BOSH_DEPLOYMENT=<deployment_name>
    
  6. Run download-logs (on the Director VM). For example:

    $ ./download-logs -o /tmp -X
    Retrieving deployment and vm info...
    Downloading deployment logs...
    Using environment '10.193.78.11' as user 'admin' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
    Using deployment 'service-instance_ab436820-4d83-4ee6-b0f8-6606e749e405'
    
    Task 71673 | 20:20:00 | Fetching logs for mysql/9abc28fa-fc09-4e32-9a25-3b6c979e4614 (0): Finding and packing log files (00:00:03)
    Task 71673 | 20:20:01 | Fetching logs for mysql/c0bace44-6fb0-489b-b101-bf8de085766c (1): Finding and packing log files (00:00:04)
    Task 71673 | 20:20:02 | Fetching group of logs: Packing log files together
    
    Task 71673 Started  Wed Jun 12 20:19:57 UTC 2019
    Task 71673 Finished Wed Jun 12 20:20:02 UTC 2019
    Task 71673 Duration 00:00:05
    Task 71673 done
    
    Downloading resource 'aca9b560-0618-4b9a-b127-aa3ec3cc9cce' to '/tmp/tmp.vjOqu015YS/service-instance_ab436820-4d83-4ee6-b0f8-6606e749e405-20190612-202004-901615727.tgz'...
                                                                              0.00%
    Succeeded
    
    Downloading logs for: mysql/9abc28fa-fc09-4e32-9a25-3b6c979e4614
    Downloading logs for: mysql/c0bace44-6fb0-489b-b101-bf8de085766c
    Specify a passphrase of 6-8 words long. Do not use a private passphrase, you will need to share this passphrase with anyone who will decrypt this archive.
    gpg: gpg-agent is not available in this session
    Encrypted logs saved at /tmp/2019-06-12-20-19-54-mysql-logs.tar.gz.gpg
    
  7. Using the script, move the resulting file ‘FILENAME.tar.gz.gpg’ to some location with access to the Pivotal or VMware support portal, upload it to the support request (SR), and provide support with the passphrase used.

  8. (Optional) If you wish to extract the archive, you can use the following commands:

    $ sudo gpg -d /tmp/FILENAME.tar.gz.gpg > /tmp/mysql-logs.tar.gz
    
    $ sudo tar -zxvf /tmp/mysql-logs.tar.gz
    
check-circle-line exclamation-circle-line close-line
Scroll to top icon