MDEV-36025: backup taken from a replica with optimistic parallel replication fails to restore most of the time

[hemantdangi-gc]

Issue:
Backups taken from a replica running optimistic parallel replication can
restore into a server that aborts on startup with:

Found N prepared transactions! ...

In the MDEV-36025 reproducer the application never issues XA SQL, but on
startup InnoDB reports several transactions “in the XA prepared state” and the
server aborts. These internal XA transactions created by optimistic parallel
replication on the replica are not covered by MDEV-742 and end up prepared after
restore, causing the “Found N prepared transactions” startup failure. This is
reproducible by mariabackup.xa_prepared_on_restore testcase, which fails with
'Found N prepared transactions'.

Solution:
Port the MDEV-21168 fix to MariaDB 10.6.

Add SRV_OPERATION_RESTORE_ROLLBACK_XA server operation mode and
--rollback-xa option (enabled by default) to mariabackup --prepare.
This automatically rolls back prepared XA transactions during prepare,
since the backup does not contain the binary log needed to resolve them.

Prevent incompatible combination of --rollback_xa and --export options.
The combination creates mmap state inconsistency in InnoDB's MTR system,
leading to crash.

[andrelkin]

However, MDEV-742 does not solve the problem for internal XA transactions, as MDEV-36025 demonstrates

How it demonstrates?
I believe it is then covered by an mtr test. Could you please point to that file and its block?

At any rate the commit message should be more verbose in this part. Please describe that scenario.

[hemantdangi-gc]

However, MDEV-742 does not solve the problem for internal XA transactions, as MDEV-36025 demonstrates

How it demonstrates? I believe it is then covered by an mtr test. Could you please point to that file and its block?

At any rate the commit message should be more verbose in this part. Please describe that scenario.

The commit 5836191 (MDEV-21168) was deliberately NOT ported to 10.5+. It added an optional --rollback-xa flag to mariabackup in 10.4 only, with this note in the commit message: "The fix MUST NOT be ported on 10.5+, as MDEV-742 fix solves the issue for slaves.""

The mariabackup.xa_prepared_on_restore test with MDEV-36025 'Found n prepared transactions' error, passes after porting MDEV-21168.

I am saying here MDEV-742 didn't fixed needed issue, and so we do have to port MDEV-21168, to handle MDEV-36025 error. I wanted to put a reason in commit message why MDEV-21168 is needed so added this line.

[andrelkin]

@hemantdangi-gc , whatever MDEV-742 failed to fix, that issue just has to be described in this ticket in all detail in the PR.
So could you please take care to cover why

MDEV-742 does not solve the problem for internal XA transactions, as MDEV-36025 demonstrates
concern of how specifically the internal XA (aka normal) transaction were not covered by MDEV-21168, to cover in the PR description at necessary length and its shorter (if possible) version is good for the commit message.

I thought I would see that failure scenario in some test, and that's exactly what a good commit message must point to.

The solution section needs to be structured better too.
Sure it start with a reference to an existing work

Port the MDEV-21168 fix
and in the following expand on how and why that work fixes the MDEV-36025 report.

As MDEV-36025 is reported for slave, the refined issue description must either confirm this is the slave side indeed or exonerate 😄 the good old slave (the blame is on the general server therefore).

PS. If you need to discuss the technical side of the issue I'll be available from next Tue.

[hemantdangi-gc]

@hemantdangi-gc , whatever MDEV-742 failed to fix, that issue just has to be described in this ticket in all detail in the PR. So could you please take care to cover my

MDEV-742 does not solve the problem for internal XA transactions, as MDEV-36025 demonstrates
concern of how specifically the internal XA (aka normal) transaction were not covered by MDEV-21168, to cover in the PR description at necessary length and its shorter (if possible) version is good for the commit message.

I thought I would see that failure scenario in some test, and that's exactly what a good commit message must point to.

Added testcase detail in commit message now:
This is reproducible by mariabackup.xa_prepared_on_restore testcase, which fails with 'Found N prepared transactions'.

The solution section needs to be structured better too. Sure it start with a reference to an existing work

Port the MDEV-21168 fix
and in the following expand on how and why that work fixes the MDEV-36025 report.

As MDEV-36025 is reported for slave, the refined issue description must either confirm this is the slave side indeed or exonerate 😄 the good old slave (the blame is on the general server therefore).

I have added replica usage in commit message now:
Backups taken from a replica running optimistic parallel replication can restore into a server that aborts on startup with:

PS. If you need to discuss the technical side of the issue I'll be available from next Tue.

I have revised the commit message based on your suggestions, and have removed wrong expectation from MDEV-742 to resolve internal XA transaction issue. Please review and suggest if you have any further update.

[andrelkin]

@hemantdangi-gc, thanks for the mariabackup.xa_prepared_on_restore references!

For it I find that the issue is present in the general server.
This attempted piece of the problem description

Backups taken from a replica running optimistic parallel replication can restore
naturally is misleading. And the faithful test exposes the general server.

Note MDEV-21168 removed, at least was supposed to do so, the user XA related option. Normal trx:s were not targeted.
And why?
I expect the normal prepared trx:s were handled automatically - to rollback - at least in the base of MDEV-21168 patch.
But my expectation might be wrong or later a bug was introduced, or MDEV-21168 tried to make it work so, but failed, or - perhaps that the case - MDEV-21168 removed the option for both the normal trx and the user trx.
Please explore that further on your own.

Once again, the bug agenda is that the prepared state BEGIN-...-COMMIT normal trx must be automatically rolled back. The normal trx can be identified by its xid having "mysql" string prefix as part of its identifier.
If I am right in my guessing (see perhaps), MDEV-21168 seems to have missed to implement a proper solution of
how to recover prepared user XA trx:s. Normally they must be restored with their prepared state.
The removed option just needed to filter the user XA out of rollback at backup --prepare.

[dr-m]

The comment is rather confusing. Why can’t we invoke the higher-level function log_make_checkpoint() here? Can we issue a some messages that would indicate that the backup has now diverged from the server it was copied from? And mention the new checkpoint LSN?

[dr-m]

I don’t think it is acceptable to change the default behaviour in stable release series. The need to change a large number of existing tests in a stable release series should be a warning sign to any reviewer.

Furthermore, I don’t think it is acceptable to break incremental backup by default, in any release.

[andrelkin]

Note this is the general server, not slave.