Description:
Hi,
in [1], we can read that relay_log_recovery is OFF by default. And in [2], we can read that relay_log_recovery = ON is needed for replication crash safety.
[1]: https://dev.mysql.com/doc/refman/8.0/en/replication-options-replica.html#sysvar_relay_log_...
[2]: https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-unexpected-replica-halt.html
I think that a database should be safe by default. MySQL did good progress on this, including with setting sync_binlog to 1by default in 5.7 and relay_log_info_repository to TABLE in 8.0. One more step should be done toward safety by setting relay_log_recovery to ON by default.
One thing that might be preventing such change is the simplistic implementation of relay log recovery. Effectively, relay log recovery is executed at all MySQL startup (not just after a crash) and I reported that in Bug#74321 6 years ago. At the same time, I reported in Bug#74323 that relay log recovery can saturate the network interface of the master when restarting MySQL on delayed / lagging slaves. This all should be a good reason to implement a better relay log recovery (Bug#93081). A better relay log recovery could parse the relay logs to only truncate the last untrusted bits (and fixing the IO Thread position) instead of discarding all relay logs.
Many thanks for looking into this,
Jean-François Gagné
How to repeat:
Not a bug but a feature request.
Suggested fix:
Set relay_log_recovery as ON by default.
Implement a better relay log recovery.
