Administrator’s guide

Versions compatibility and known issues about upgrading

Cartridge is compatible with Tarantool 1.10 and Tarantool 2.x. Cartridge doesn’t support Tarantool 3.0 and higher.

Deploying the cluster

To deploy the cluster, first, configure your Tarantool instances according to the desired cluster topology, for example:

my_app.router: {"advertise_uri": "localhost:3301", "http_port": 8080, "workdir": "./tmp/router"}
my_app.storage_A_master: {"advertise_uri": "localhost:3302", "http_enabled": False, "workdir": "./tmp/storage-a-master"}
my_app.storage_A_replica: {"advertise_uri": "localhost:3303", "http_enabled": False, "workdir": "./tmp/storage-a-replica"}
my_app.storage_B_master: {"advertise_uri": "localhost:3304", "http_enabled": False, "workdir": "./tmp/storage-b-master"}
my_app.storage_B_replica: {"advertise_uri": "localhost:3305", "http_enabled": False, "workdir": "./tmp/storage-b-replica"}

Then start the instances, for example using cartridge CLI:

$ cartridge start my_app --cfg demo.yml --run-dir ./tmp/run

cartridge-cli is deprecated in favor of the tt CLI utility.

This guide uses cartridge-cli as a native tool for Cartridge applications development. However, we encourage you to switch to tt in order to simplify the migration to Tarantool 3.0 and newer versions.

And bootstrap the cluster. You can do this via the Web interface which is available at http://<instance_hostname>:<instance_http_port> (in this example, http://localhost:8080).

Bootstrapping from an existing cluster (optional)

You can bootstrap a cluster from an existing cluster (original cluster in the example below) via the argparse option TARANTOOL_BOOTSTRAP_FROM or --bootstrap_from in the following form: TARANTOOL_BOOTSTRAP_FROM=admin:SECRET-ORIGINAL-CLUSTER-COOKIE@HOST:MASTER_PORT,.... That option should be present on each instance in replicasets of the target cluster. Make sure that you’ve prepared a valid configuration for the target cluster. A valid topology should contain the same replicaset uuids for each replicaset and instance uuids that differ from original cluster. You can list several instances in this option. This is required for the latests Tarantool bootstrap policy.

Several notes:

• You can bootstrap specific replicasets from a cluster (for example, data nodes only) instead of the whole cluster.
• Don’t load data in the target cluster while bootstrapping. If you need to hot switch between original and target cluster, stop data loading in original cluster until bootstrapping is completed.
• Check logs and box.info.replication on target cluster after bootstrapping. If something went wrong, try again.

Example of valid data in edit_topology request:

Original cluster topology:

{
    "replicasets": [
        {
            "alias": "router-original",
            "uuid": "aaaaaaaa-aaaa-0000-0000-000000000000",
            "join_servers": [
                {
                    "uri": "localhost:3301",
                    "uuid": "aaaaaaaa-aaaa-0000-0000-000000000001"
                }
            ],
            "roles": ["vshard-router", "failover-coordinator"]
        },
        {
            "alias": "storage-original",
            "uuid": "bbbbbbbb-0000-0000-0000-000000000000",
            "weight": 1,
            "join_servers": [
                {
                    "uri": "localhost:3302",
                    "uuid": "bbbbbbbb-bbbb-0000-0000-000000000001"
                }
            ],
            "roles": ["vshard-storage"]
        }
    ]
}

Target cluster topology:

{
    "replicasets": [
        {
            "alias": "router-original",
            "uuid": "cccccccc-cccc-0000-0000-000000000000", // <- this is dataless router,
            // it's not necessary to bootstrap it from original cluster
            "join_servers": [
                {
                    "uri": "localhost:13301", // <- different uri
                    "uuid": "cccccccc-cccc-0000-0000-000000000001"
                }
            ],
            "roles": ["vshard-router", "failover-coordinator"]
        },
        {
            "alias": "storage-original",
            "uuid": "bbbbbbbb-0000-0000-0000-000000000000", // replicaset_uuid is the same as in the original cluster
            // that allows us bootstrap target cluster from original cluster
            "weight": 1,
            "join_servers": [
                {
                    "uri": "localhost:13302", // <- different uri
                    "uuid": "bbbbbbbb-bbbb-0000-0000-000000000002" // <- different instance_uuid
                }
            ],
            "roles": ["vshard-storage"]
        }
    ]
}

Cluster setup

In the web interface, do the following:

1. Depending on the authentication state:

   • If enabled (in production), enter your credentials and click Login:

     

      

   • If disabled (for easier testing), simply proceed to configuring the cluster.

2. Click Сonfigure next to the first unconfigured server to create the first replica set – solely for the router (intended for compute-intensive workloads).

   

    

   In the pop-up window, check the vshard-router role or any custom role that has vshard-router as a dependent role (in this example, this is a custom role named app.roles.api).

   (Optional) Specify a display name for the replica set, for example router.

   

    

   Note

   As described in the built-in roles section, it is a good practice to enable workload-specific cluster roles on instances running on physical servers with workload-specific hardware.

   Click Create replica set and see the newly-created replica set in the web interface:

   

    

   Warning

   Be careful: after an instance joins a replica set, you CAN NOT revert this or make the instance join any other replica set.

3. Create another replica set for a master storage node (intended for transaction-intensive workloads).

   Check the vshard-storage role or any custom role that has vshard-storage as a dependent role (in this example, this is a custom role named app.roles.storage).

   (Optional) Check a specific group, for example hot. Replica sets with vshard-storage roles can belong to different groups. In our example, these are hot or cold groups meant to process hot and cold data independently. These groups are specified in the cluster’s configuration file; by default, a cluster has no groups.

   (Optional) Specify a display name for the replica set, for example hot-storage.

   Click Create replica set.

   

    

4. (Optional) If required by topology, populate the second replica set with more storage nodes:

   1. Click Configure next to another unconfigured server dedicated for transaction-intensive workloads.

   2. Click Join Replica Set tab.

   3. Select the second replica set, and click Join replica set to add the server to it.

      

       

5. Depending on cluster topology:

   • add more instances to the first or second replica sets, or
   • create more replica sets and populate them with instances meant to handle a specific type of workload (compute or transactions).

   For example:

   

    

6. (Optional) By default, all new vshard-storage replica sets get a weight of 1 before the vshard bootstrap in the next step.

Note

In case you add a new replica set after vshard bootstrap, as described in the topology change section, it will get a weight of 0 by default.

To make different replica sets store different numbers of buckets, click Edit next to a replica set, change its default weight, and click Save:

 

For more information on buckets and replica set’s weights, see the vshard module documentation.

1. Bootstrap vshard by clicking the corresponding button, or by saying cartridge.admin.boostrap_vshard() over the administrative console.

   This command creates virtual buckets and distributes them among storages.

   From now on, all cluster configuration can be done via the web interface.

   

    

Updating the configuration

Cluster configuration is specified in a YAML configuration file. This file includes cluster topology and role descriptions.

All instances in Tarantool cluster have the same configuration. To this end, every instance stores a copy of the configuration file, and the cluster keeps these copies in sync: as you submit updated configuration in the Web interface, the cluster validates it (and rejects inappropriate changes) and distributes automatically across the cluster.

To update the configuration:

1. Click Configuration files tab.

2. (Optional) Click Downloaded to get hold of the current configuration file.

3. Update the configuration file.

   You can add/change/remove any sections except system ones: topology, vshard, and vshard_groups.

   To remove a section, simply remove it from the configuration file.

4. Click Upload configuration button to upload configuration file.

   You will see a message in the lower part of the screen saying whether configuration was uploaded successfully, and an error description if the new configuration was not applied.

Managing the cluster

This chapter explains how to:

• change the cluster topology,
• enable automatic failover,
• switch the replica set’s master manually,
• deactivate replica sets, and
• expel instances.

tarantool> vshard.storage.info().bucket
---
- receiving: 0
  active: 1000
  total: 1000
  garbage: 0
  sending: 0
...

Disabling instances

Sometimes when instances are not healthy, you may want to disable them to perform some operations on cluster (e.g. apply new cluster config).

To disable an instance, click … next to it, then click Disable server:

 

Then instance will be marked as disabled and will not participate in cluster configuration:

 

You can also disable an active leader, then the leader will be switched to another instance.

Note

Don’t forget to enable instance back after you fix them!

Expelling instances

Once an instance is expelled, it can never participate in the cluster again as every instance will reject it.

To expel an instance, stop it, then click … next to it, then click Expel server and Expel:

 

Note

There are two restrictions:

• You can’t expel a leader if it has a replica. Switch leadership first.
• You can’t expel a vshard-storage if it has buckets. Set the weight to zero and wait until rebalancing is completed.

Since Cartridge 2.8.0 you will see an issue if you had a replica set with an expelled instance in box.space._cluster. You can fix it by manually remove expelled instance from box.space._cluster:

-- call thin on leader:
local confapplier = require('cartridge.confapplier')
local topology = require('cartridge.topology')
local topology_cfg = confapplier.get_readonly('topology')
local fun = require('fun')
for _, uuid, _ in fun.filter(topology.expelled, topology_cfg.servers) do
    box.space._cluster.index.uuid:delete(uuid)
end

Note

• Do not expel instances until they’re stopped.
• Do not forget to clean expelled instence’s data directory and remove it from your pipelines.
• You can not return expelled instance to the cluster.

Enabling automatic failover

In a master-replica cluster configuration with automatic failover enabled, if the user-specified master of any replica set fails, the cluster automatically chooses a replica from the priority list and grants it the active master role (read/write). To learn more about details of failover work, see failover documentation.

Failover disabled (default)

The leader is the first instance according to the topology configuration. No automatic decisions are made. You can manually change the leader in the failover priority list or call box.cfg{read_only = false} on any instance.

To disable failover:

1. Click Failover:

   

    

2. In the Failover control box, select the Disabled mode:

   

    

Eventual failover (not recommended for production)

Important

The eventual failover mode is not recommended for use on large clusters in production. If you have a high load production cluster, use the stateful failover with etcd instead.

The leader isn’t elected consistently. Every instance thinks the leader is the first healthy server in the replicaset. The instance health is determined according to the membership status (the SWIM protocol).

To set the priority in a replica set:

1. Click Edit next to the replica set in question.

2. Scroll to the bottom of the Edit replica set box to see the list of servers.

3. Drag replicas to their place in the priority list, and click Save:

   

    

To enable eventual failover:

1. Click Failover:

   

    

2. In the Failover control box, select the Eventual mode:

   

    

Stateful failover

Important

The stateful failover mode with Tarantool Stateboard is not recommended for use on large clusters in production. If you have a high load production cluster, use the stateful failover with etcd instead.

Leader appointments are polled from the external state provider. Decisions are made by one of the instances with the failover-coordinator role enabled. There are two options of external state provider:

• Tarantool Stateboard - you need to run instance of stateboard with command tarantool stateboard.init.lua.
• etcd v2 - you need to run and configure etcd cluster. Note that only etcd v2 API is supported, so you can still use etcd v3 with ETCD_ENABLE_V2=true.

To enable stateful failover:

1. Run stateboard or etcd

2. Click Failover:

   

    

3. In the Failover control box, select the Stateful mode:

   

    

4. Check the necessary parameters.

In this mode, you can choose the leader with the Promote a leader button in the WebUI (or a GraphQL request).

 

You can also check state provider status in failover settings tab (it only works after stateful failover was enabled):

 

Raft failover (beta)

Important

Raft failover in Cartridge is in beta. Don’t use it in production.

The replicaset leader is chosen by built-in Raft, then the other replicasets get information about leader change from membership. Raft parameters can be configured by environment variables.

To enable the Raft failover:

1. Make sure that your Tarantool version is higher than 2.10.0

2. Click Failover:

   

    

3. In the Failover control box, select the Raft mode:

   

    

4. Check the necessary parameters.

In this mode, you can choose the leader with the Promote a leader button in the WebUI (or a GraphQL request or manual call box.ctl.promote).

 

Managing users

On the Users tab, you can enable/disable authentication as well as add, remove, edit, and view existing users who can access the web interface.

Notice that the Users tab is available only if authorization in the web interface is implemented.

Also, some features (like deleting users) can be disabled in the cluster configuration; this is regulated by the auth_backend_name option passed to cartridge.cfg().

Resolving conflicts

Tarantool has an embedded mechanism for asynchronous replication. As a consequence, records are distributed among the replicas with a delay, so conflicts can arise.

To prevent conflicts, the special trigger space.before_replace is used. It is executed every time before making changes to the table for which it was configured. The trigger function is implemented in the Lua programming language. This function takes the original and new values of the tuple to be modified as its arguments. The returned value of the function is used to change the result of the operation: this will be the new value of the modified tuple.

For insert operations, the old value is absent, so nil is passed as the first argument.

For delete operations, the new value is absent, so nil is passed as the second argument. The trigger function can also return nil, thus turning this operation into delete.

This example shows how to use the space.before_replace trigger to prevent replication conflicts. Suppose we have a box.space.test table that is modified in multiple replicas at the same time. We store one payload field in this table. To ensure consistency, we also store the last modification time in each tuple of this table and set the space.before_replace trigger, which gives preference to newer tuples. Below is the code in Lua:

fiber = require('fiber')
-- define a function that will modify the function test_replace(tuple)
        -- add a timestamp to each tuple in the space
        tuple = box.tuple.new(tuple):update{{'!', 2, fiber.time()}}
        box.space.test:replace(tuple)
end
box.cfg{ } -- restore from the local directory
-- set the trigger to avoid conflicts
box.space.test:before_replace(function(old, new)
        if old ~= nil and new ~= nil and new[2] < old[2] then
                return old -- ignore the request
        end
        -- otherwise apply as is
end)
box.cfg{ replication = {...} } -- subscribe

Monitoring a cluster via CLI

This section describes parameters you can monitor over the administrative console.

tarantool> vshard.storage.info()
---
- replicasets:
    <replicaset_2>:
    uuid: <replicaset_2>
    master:
        uri: storage:storage@127.0.0.1:3303
    <replicaset_1>:
    uuid: <replicaset_1>
    master:
        uri: storage:storage@127.0.0.1:3301
  bucket: <!-- buckets status
    receiving: 0 <!-- buckets in the RECEIVING state
    active: 2 <!-- buckets in the ACTIVE state
    garbage: 0 <!-- buckets in the GARBAGE state (are to be deleted)
    total: 2 <!-- total number of buckets
    sending: 0 <!-- buckets in the SENDING state
  status: 1 <!-- the status of the replica set
  replication:
    status: disconnected <!-- the status of the replication
    idle: <idle>
  alerts:
  - ['MASTER_IS_UNREACHABLE', 'Master is unreachable: disconnected']

tarantool> vshard.router.info()
---
- replicasets:
    <replica set UUID>:
      master:
        status: <available / unreachable / missing>
        uri: <!-- URI of master
        uuid: <!-- UUID of instance
      replica:
        status: <available / unreachable / missing>
        uri: <!-- URI of replica used for slave requests
        uuid: <!-- UUID of instance
      uuid: <!-- UUID of replica set
    <replica set UUID>: ...
    ...
  status: <!-- status of router
  bucket:
    known: <!-- number of buckets with the known destination
    unknown: <!-- number of other buckets
  alerts: [<alert code>, <alert description>], ...

Issues and suggestions

Cartridge displays cluster and instances issues in WebUI:

• Replication

  • critical: “Replication from … to … isn’t running” – when box.info.replication.upstream == nil;
  • critical: “Replication from … to … state “stopped”/”orphan”/etc. (…)”;
  • warning: “Replication from … to …: high lag” – when upstream.lag > box.cfg.replication_sync_lag;
  • warning: “Replication from … to …: long idle” – when upstream.idle > 2 * box.cfg.replication_timeout;
  

   

  Cartridge can propose you to fix some of replication issues by restarting replication:

  

   

• Failover:

  • warning: “Can’t obtain failover coordinator (…)”;
  • warning: “There is no active failover coordinator”;
  • warning: “Failover is stuck on …: Error fetching appointments (…)”;
  • warning: “Failover is stuck on …: Failover fiber is dead” – this is likely a bug;

• Switchover:

  • warning: “Consistency on … isn’t reached yet”;

• Clock:

  • warning: “Clock difference between … and … exceed threshold” – limits.clock_delta_threshold_warning;

• Memory:

  • critical: “Running out of memory on …” – when all 3 metrics items_used_ratio, arena_used_ratio, quota_used_ratio from box.slab.info() exceed limits.fragmentation_threshold_critical;
  • warning: “Memory is highly fragmented on …” - when items_used_ratio > limits.fragmentation_threshold_warning and both arena_used_ratio, quota_used_ratio exceed critical limit;

• Configuration:

  • warning: “Configuration checksum mismatch on …”;
  • warning: “Configuration is prepared and locked on …”;
  • warning: “Advertise URI (…) differs from clusterwide config (…)”;
  • warning: “Configuring roles is stuck on … and hangs for … so far”;
  

   

  Cartridge can propose you to fix some of configuration issues by force applying configuration:

  

   

• Vshard:

  • various vshard alerts (see vshard docs for details);
  • warning: warning: “Group “…” wasn’t bootstrapped: …”;
  • warning: Vshard storages in replicaset %s marked as “all writable”.

• Alien members:

  • warning: “Instance … with alien uuid is in the membership” – when two separate clusters share the same cluster cookie;
  

   

• Expelled instances:

  • warning: “Replicaset … has expelled instance … in box.space._cluster” - when instance was expelled from replicaset, but still remains in box.space._cluster;

• Deprecated space format:

  • warning: “Instance … has spaces with deprecated format: space1, …”

• Raft issues:

  • warning: “Raft leader idle is 10.000 on … . Is raft leader alive and connection is healthy?”

• Unhealthy replicasets:

  • critical: “All instances are unhealthy in replicaset”.
  

   

  The issue is produced when all instances in the replicaset are unhealthy and not disabled. You can disable both to get rid of the issue.

  

   

• Custom issues (defined by user):

  • Custom roles can announce more issues with their own level, topic and message. See custom-role.get_issues.

• Disable instances suggestion:

  When some instances are unhealthy, Cartridge can suggest you to disable them:

  

   

Since Tarantool Enterprise supporting compression, Cartridge can check if you have spaces where you can use compression. To enable it, click on button “Suggestions”. Note that the operation can affect cluster perfomance, so choose the time to use it wisely.

You will see the warning about cluster perfomance and then click “Continue”.

You will see information about fields that can be compressed.

Instances general info

You can check some general instance info in WebUI. To see it, click on “Server details button”.

And then choose one of the tabs to see various parameters:

Rebalancer control

Cartridge provides a way to control VShard rebalancer via WebUI and GraphQL API. You can operate rebalancer mode and change rebalancer settings on each replicaset or instance. It can be useful to stop rebalancer or choose rebalancer instance manually.

To change rebalancer mode, click on “Rebalancer mode” button next to “Failover” button and choose desired mode:

To change rebalancer settings on replicaset, click on “Edit replicaset” button and then choose desired rebalancer state (“unset” means abcence of the value):

To change rebalancer settings on instance, click on “…” button next to it:

And then choose desired rebalancer state (“unset” means abcence of the value):

You can see current settings and actual rebalancer state in WebUI. Black R means that rebalancer is true on this instance/replicaset, grey R means that rebalancer is false on this instance/replicaset, and green R means that rebalancer is running on this instance:

See VShard documentation to get more information about rebalancer usage.

Migrations

Since Cartridge 2.10.0 when using migrations 1.0.0 or higher, you can use WebUI to monitor and control you migrations.

At first, open migrations tab in the left menu. From here, you can see all migrations status and can start migrations.

After clicking on “Migration Up” button, you will see the result:

Changing cluster cookie

In some cases it could be useful to change cluster-cookie (e.g. when you need to fix a broken cluster). To do it, perform next actions:

1. (Optional) If you use stateful failover:

   -- remember old cookie hash
   local cluster_cookie = require('cartridge.cluster-cookie')
   
   local old_hash = cluster_cookie.get_cookie_hash()
   

2. Change cluster-cookie on each instance:

   local cluster_cookie = require('cartridge.cluster-cookie')
   
   cluster_cookie.set_cookie(new_cookie)
   
   require('membership').set_encryption_key(cluster_cookie.cookie())
   
   if require('cartridge.failover').is_leader() then
       box.schema.user.passwd(new_cookie)
   end
   

3. (Optional) If you use stateful failover:

   -- update cookie hash in a state provider
   require('cartridge.vars').new('cartridge.failover').client:set_identification_string(
       cluster_cookie.get_cookie_hash(), old_hash)
   

4. Call apply_config in cluster to reapply changes to each instance:

   local confapplier = require('cartridge.confapplier')
   local clusterwide_config = confapplier.get_active_config()
   return confapplier.apply_config(clusterwide_config)
   

Fixing broken instance configuration

It’s possible that some instances have a broken configuration. To do it, perform next actions:

• Try to reapply configuration forcefully:

  cartridge.config_force_reapply(instaces_uuids) -- pass here uuids of broken instances
  

• If it didn’t work, you could try to copy a config from healthy instance:

  1. Stop broken instance and remove it’s config directory. Don’t touch any other files in working directory.
  2. Copy config directory from a healthy instance to broken one’s directory.
  3. Start broken instance and check if it’s working.
  4. If nothing had worked, try to carefully remove a broken instance from cluster and setup a new one.

Upgrading schema

When upgrading Tarantool to a newer version, please don’t forget to:

1. Stop the cluster
2. Make sure that upgrade_schema option is enabled
3. Start the cluster again

This will automatically apply box.schema.upgrade() on the leader, according to the failover priority in the topology configuration.

Disaster recovery

Please see the disaster recovery section in the Tarantool manual.

Backups

Please see the backups section in the Tarantool manual.