To improve the high availability and disaster recovery capability of TiDB clusters, it is recommended that TiKV nodes are physically scattered as much as possible. For example, TiKV nodes can be distributed on different racks or even in different data centers. According to the topology information of TiKV, the PD scheduler automatically performs scheduling at the background to isolate each replica of a Region as much as possible, which maximizes the capability of disaster recovery.
To make this mechanism effective, you need to properly configure TiKV and PD so that the topology information of the cluster, especially the TiKV location information, is reported to PD during deployment. Before you begin, see Deploy TiDB Using TiDB Ansible first.
You can use the command-line flag or set the TiKV configuration file to bind some attributes in the form of key-value pairs. These attributes are called
labels. After TiKV is started, it reports its
labels to PD so users can identify the location of TiKV nodes.
Assume that the topology has three layers: zone > rack > host, and you can use these labels (zone, rack, host) to set the TiKV location in one of the following methods:
Use the command-line flag:tikv-server --labels zone=
Configure in the TiKV configuration file:[server] labels = "zone=<zone>,rack=<rack>,host=<host>"
According to the description above, the label can be any key-value pair used to describe TiKV attributes. But PD cannot identify the location-related labels and the layer relationship of these labels. Therefore, you need to make the following configuration for PD to understand the TiKV node topology.
If the PD cluster is not initialized, configure
location-labelsin the PD configuration file:[replication] location-labels = ["zone", "rack", "host"]
If the PD cluster is already initialized, use the pd-ctl tool to make online changes:pd-ctl config set location-labels zone,rack,host
location-labels configuration is an array of strings, and each item corresponds to the key of TiKV
labels. The sequence of each key represents the layer relationship of different labels.
When using TiDB Ansible to deploy a cluster, you can directly configure the TiKV location in the
tidb-ansible will generate the corresponding TiKV and PD configuration files during deployment.
In the following example, a two-layer topology of
zone/host is defined. The TiKV nodes of the cluster are distributed among three zones, each zone with two hosts. In z1, two TiKV instances are deployed per host. In z2 and z3, one TiKV instance is deployed per host.
[tikv_servers] # z1 tikv-1 labels="zone=z1,host=h1" tikv-2 labels="zone=z1,host=h1" tikv-3 labels="zone=z1,host=h2" tikv-4 labels="zone=z1,host=h2" # z2 tikv-5 labels="zone=z2,host=h1" tikv-6 labels="zone=z2,host=h2" # z3 tikv-7 labels="zone=z3,host=h1" tikv-8 labels="zone=z3,host=h2" [pd_servers:vars] location_labels = ["zone", "host"]
PD schedules replicas according to the label layer to make sure that different replicas of the same data are scattered as much as possible.
Take the topology in the previous section as an example.
Assume that the number of cluster replicas is 3 (
max-replicas=3). Because there are 3 zones in total, PD ensures that the 3 replicas of each Region are respectively placed in z1, z2, and z3. In this way, the TiDB cluster is still available when one data center fails.
Then, assume that the number of cluster replicas is 5 (
max-replicas=5). Because there are only 3 zones in total, PD cannot guarantee the isolation of each replica at the zone level. In this situation, the PD scheduler will ensure replica isolation at the host level. In other words, multiple replicas of a Region might be distributed in the same zone but not on the same host.
In the case of the 5-replica configuration, if z3 fails or is isolated as a whole, and cannot be recovered after a period of time (controlled by
max-store-down-time), PD will make up the 5 replicas through scheduling. At this time, only 3 hosts are available. This means that host-level isolation cannot be guaranteed and that multiple replicas might be scheduled to the same host.
In summary, PD maximizes the disaster recovery of the cluster according to the current topology. Therefore, if you want to achieve a certain level of disaster recovery, deploy more machines on different sites according to the topology than the number of