• Andrei Elkin's avatar
    MDEV-742 XA PREPAREd transaction survive disconnect/server restart · c8ae3573
    Andrei Elkin authored
    Lifted long standing limitation to the XA of rolling it back at the
    transaction's
    connection close even if the XA is prepared.
    
    Prepared XA-transaction is made to sustain connection close or server
    restart.
    The patch consists of
    
        - binary logging extension to write prepared XA part of
          transaction signified with
          its XID in a new XA_prepare_log_event. The concusion part -
          with Commit or Rollback decision - is logged separately as
          Query_log_event.
          That is in the binlog the XA consists of two separate group of
          events.
    
          That makes the whole XA possibly interweaving in binlog with
          other XA:s or regular transaction but with no harm to
          replication and data consistency.
    
          Gtid_log_event receives two more flags to identify which of the
          two XA phases of the transaction it represents. With either flag
          set also XID info is added to the event.
    
          When binlog is ON on the server XID::formatID is
          constrained to 4 bytes.
    
        - engines are made aware of the server policy to keep up user
          prepared XA:s so they (Innodb, rocksdb) don't roll them back
          anymore at their disconnect methods.
    
        - slave applier is refined to cope with two phase logged XA:s
          including parallel modes of execution.
    
    This patch does not address crash-safe logging of the new events which
    is being addressed by MDEV-21469.
    
    CORNER CASES: read-only, pure myisam, binlog-*, @@skip_log_bin, etc
    
    Are addressed along the following policies.
    1. The read-only at reconnect marks XID to fail for future
       completion with ER_XA_RBROLLBACK.
    
    2. binlog-* filtered XA when it changes engine data is regarded as
       loggable even when nothing got cached for binlog.  An empty
       XA-prepare group is recorded. Consequent Commit-or-Rollback
       succeeds in the Engine(s) as well as recorded into binlog.
    
    3. The same applies to the non-transactional engine XA.
    
    4. @@skip_log_bin=OFF does not record anything at XA-prepare
       (obviously), but the completion event is recorded into binlog to
       admit inconsistency with slave.
    
    The following actions are taken by the patch.
    
    At XA-prepare:
       when empty binlog cache - don't do anything to binlog if RO,
       otherwise write empty XA_prepare (assert(binlog-filter case)).
    
    At Disconnect:
       when Prepared && RO (=> no binlogging was done)
         set Xid_cache_element::error := ER_XA_RBROLLBACK
         *keep* XID in the cache, and rollback the transaction.
    
    At XA-"complete":
       Discover the error, if any don't binlog the "complete",
       return the error to the user.
    
    Kudos
    -----
    Alexey Botchkov took to drive this work initially.
    Sergei Golubchik, Sergei Petrunja, Marko Mäkelä provided a number of
    good recommendations.
    Sergei Voitovich made a magnificent review and improvements to the code.
    They all deserve a bunch of thanks for making this work done!
    c8ae3573
xa.cc 29.2 KB