0

I intend to run a Point of Sale software in a galera cluster (percona xtradb). Each POS terminal would be its own cluster and then there will be an Amazon EC2 in addition to help avoid split-brain scenarios.

Is the above setup an ideal cluster setup? My POS terminals could range from 1 to N nodes within a local network and I will always only have 1 EC2 instance outside the network.

Thanks,

user1615573
  • 315
  • 5
  • 18

1 Answers1

1

Yes. To provide automatic failover, 3 nodes is required. If you have 3 nodes in the same building, etc, then you are not safe against floods, earthquakes, tornadoes, data center failure, etc. "Within the local network" -- see what Amazon means by that, then read between the lines; it may or may not protect you from various possible disasters.

Do not plan on having "too many" nodes in the cluster -- all writes go to all other nodes; this can add up to a lot of network traffic. (I have not heard of more than something like a dozen nodes. But I don't know what the practical limit is.)

You could have multiple clusters and have data replicated off-cluster to some central server for reporting, etc. That replication would be ordinary MySQL replication, not the Galera type.

Rick James
  • 135,179
  • 13
  • 127
  • 222
  • 3 nodes with 2 in local network doesn't prevent the natural disaster scenarios should it occur on the local network. When the 2 nodes are gone but the EC2 instance out of network is still up, then I just have to rebuild the cluster again? – user1615573 Feb 04 '16 at 02:18
  • You will need to manually step in as day that the one remaining node is the "source of truth" and build get Galera to rebuild the other two nodes (presumably from new 'instances'). – Rick James Feb 04 '16 at 04:57
  • Or, perhaps Amazon will "recover" the two missing nodes. Now, hopefully the two reloaded nodes will appear to be "older" than the 1 node. The question is, "will the 2 nodes decide they have the quorum (in spite of being older), and declare that the 1 node needs rebuilding." This may be a case where Amazon's ability to recover gets in the way of "doing the right thing". I don't know. – Rick James Feb 04 '16 at 05:00
  • It would be safer to have the 3 nodes in 3 different "availability zones", thereby avoiding a single disaster causing the situation. – Rick James Feb 04 '16 at 05:01
  • Ah, so ideally a ec2 node in uswest, another ec2 node in useast and then 2-10 nodes locally? – user1615573 Feb 04 '16 at 23:41
  • The real HA question is: "Can a natural disaster or power failure (or whatever) take down more than 50% of the nodes in a single cluster?" If the answer is 'yes', then Galera cannot 'automatically' recover, but will need some help. – Rick James Feb 04 '16 at 23:47