In the Internal MySQL pane, you configure the internal MySQL clusters for TAS for VMs. Only configure this section if you selected Internal MySQL clusters in the Databases pane.
To configure the Internal MySQL pane:
-
Select Internal MySQL.
-
For Replication canary time period, enter in seconds how frequently the canary checks for replication failure. The default value is
30. Leave the default of 30 seconds or modify the value based on the needs of your deployment. Lower numbers cause the canary to run more frequently, which means that the canary reacts more quickly to replication failure but adds load to the database. -
For Replication canary read delay, enter in seconds how long the canary waits before verifying that data is replicating across each MySQL node. The default value is
20. Leave the default of 20 seconds or modify the value based on the needs of your deployment. Clusters under heavy load can experience a small replication lag as write-sets are committed across the nodes. -
For Email address, enter the email address to which the MySQL service sends alerts when the cluster experiences a replication issue or when a node is not allowed to auto-rejoin the cluster.
-
The Allow command history check box is selected by default. When this check box is selected, command line history files can be created on MySQL nodes. To prohibit command line history files from being created on the MySQL nodes, deselect this check box.
-
To allow admin and read-only admin users to connect from any remote host, select the Allow remote admin access check box. When this check box is deselected, admins must
bosh sshinto each MySQL VM to connect as the MySQL super user.Network configuration and ASG restrictions might still limit a client's ability to establish a connection with the databases.
-
For Cluster probe timeout, enter in seconds the maximum amount of time that a new node searches for existing cluster nodes. The default value is
10. -
For Maximum connections, enter the maximum number of concurrent connections allowed to the database. The default value is
3500. -
Under Server activity logging, select one of the following options:
- To configure the MySQL service to log audit events:
-
Select Allow.
- For Event types, you can enter the events you want the MySQL service to log. By default, this field includes the following event types:
connect: Tracks who connects to the system.query: Tracks which queries are processed.
For more information about which events the Percona MySQL server can log, see the Percona documentation.
Important Internal MySQL audit logs are not forwarded to the syslog server because they can contain personally identifying information (PII) and secrets.
You can use thedownload-logsscript to retrieve the logs, which each MySQL cluster node VM stores in/var/vcap/store/mysql_audit_logs/. For more information, see Script to download MySQL logs for TAS for VMs or Tile HA Clusters in the VMware Tanzu Knowledge Base. -
To prevent the MySQL service from logging audit events, select Do not allow.
-
For Load balancer healthy threshold, enter in seconds the amount of time to wait until reporting that the MySQL Proxy instance has started. This allows an external load balancer time to register the instance as healthy. The default value is
0. -
For Load balancer unhealthy threshold, enter in seconds the amount of time that the MySQL Proxy continues to accept connections before shutting down. During this period, the health check reports the MySQL Proxy instance as unhealthy to cause load balancers to fail over to other proxies. You must enter a value greater than or equal to the maximum time it takes your load balancer to consider a proxy instance unhealthy, given repeated failed health checks. The default value is
30. -
To allow MySQL Proxy to listen on port
3336, select the Connect to inactive MySQL node check box. When you run MySQL in HA mode, this feature allows you to connect to a MySQL node that is not serving traffic, so that you can run auditing and reporting queries without affecting performance. -
To configure MySQL Interruptor to prevent MySQL nodes with inconsistent data from writing to the MySQL database, select the Prevent node auto re-join check box.
-
Click Save.
For more information about how to monitor the node health of your MySQL Proxy instances, see Using the MySQL Proxy.
Script to download MySQL logs for TAS for VMs or Tile HA Clusters
When using MySQL High Availability (HA) clusters (Galera) in TAS for VMs, and in the tile, there are many different logs that are useful when investigating customer issues. The download-logs script is useful for gathering the complete set of logs for TAS for VMs or MySQL tile HA (Galera) clusters.
-
Get the latest
download-logstool from the MySQL tile downloads on Tanzu Network. -
Confirm that the
download-logsscript is executable. Then rundownload-logswith no arguments to see the help text:$ chmod +x download-logs $ ./download-logs BOSH_DEPLOYMENT, BOSH_ENVIRONMENT, BOSH_CLIENT_SECRET, BOSH_CLIENT, and BOSH_CA_CERT are required environment variables Usage: -o (Required) The output directory -X (Optional) Include audit and binary logs This tool requires the bosh v2 cli and the following environment variables to be set: BOSH_ENVIRONMENT BOSH_CLIENT_SECRET BOSH_CLIENT BOSH_CA_CERT BOSH_DEPLOYMENT Optionally if you require communicating with your BOSH director through a gateway, you must set: BOSH_GW_PRIVATE_KEY BOSH_GW_USER BOSH_GW_HOST -
Get the environment variable information from the Director credentials under BOSH Commandline Credentials.
Note These will be at https://OPS-MANAGERFQDN/api/v0/deployed/director/credentials/bosh_commandline_credentials.
-
Get the deployment name using the command, ’
bosh deployments --column=name' -
Set the variables for the BOSH CLI and the deployment. For example, when running ‘download-logs’ for this TAS deployment, the output would look like the example below:
$ export BOSH_CLIENT=ops_manager BOSH_CLIENT_SECRET=<secret> BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate BOSH_ENVIRONMENT=<bosh_director_ip> $ export BOSH_DEPLOYMENT=<deployment_name> -
Run
download-logs(on the Director VM). For example:$ ./download-logs -o /tmp -X Retrieving deployment and vm info... Downloading deployment logs... Using environment '10.193.78.11' as user 'admin' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin) Using deployment 'service-instance_ab436820-4d83-4ee6-b0f8-6606e749e405' Task 71673 | 20:20:00 | Fetching logs for mysql/9abc28fa-fc09-4e32-9a25-3b6c979e4614 (0): Finding and packing log files (00:00:03) Task 71673 | 20:20:01 | Fetching logs for mysql/c0bace44-6fb0-489b-b101-bf8de085766c (1): Finding and packing log files (00:00:04) Task 71673 | 20:20:02 | Fetching group of logs: Packing log files together Task 71673 Started Wed Jun 12 20:19:57 UTC 2019 Task 71673 Finished Wed Jun 12 20:20:02 UTC 2019 Task 71673 Duration 00:00:05 Task 71673 done Downloading resource 'aca9b560-0618-4b9a-b127-aa3ec3cc9cce' to '/tmp/tmp.vjOqu015YS/service-instance_ab436820-4d83-4ee6-b0f8-6606e749e405-20190612-202004-901615727.tgz'... 0.00% Succeeded Downloading logs for: mysql/9abc28fa-fc09-4e32-9a25-3b6c979e4614 Downloading logs for: mysql/c0bace44-6fb0-489b-b101-bf8de085766c Specify a passphrase of 6-8 words long. Do not use a private passphrase, you will need to share this passphrase with anyone who will decrypt this archive. gpg: gpg-agent is not available in this session Encrypted logs saved at /tmp/2019-06-12-20-19-54-mysql-logs.tar.gz.gpg -
Using the script, move the resulting file ‘FILENAME.tar.gz.gpg’ to some location with access to the Pivotal or VMware support portal, upload it to the support request (SR), and provide support with the passphrase used.
-
(Optional) If you wish to extract the archive, you can use the following commands:
$ sudo gpg -d /tmp/FILENAME.tar.gz.gpg > /tmp/mysql-logs.tar.gz $ sudo tar -zxvf /tmp/mysql-logs.tar.gz
