KAFKA-14462; [17/N] Add CoordinatorRuntime

[dajac]

This patch introduces the CoordinatorRuntime. The CoordinatorRuntime is a framework which encapsulate all the common features requires to build a coordinator such as the group coordinator. Please refer to the javadoc of that class for the details.

Committer Checklist (excluded from commit message)

• Verify design and implementation
• Verify test coverage and CI build status
• Verify documentation (including upgrade notes)

[jeffkbkim]

does this mean a coordinator will be associated with multiple coordinator contexts since a coordinator owns multiple partitions?

never mind -- looks like we have 1-1 mapping of coordinator to topic partition

[jolshan]

I was also wondering this, so thanks for bringing it up.

[dajac]

Correct. Every partition is mapped to a CondinatorContext and a Coordinator. The Coordinator here is basically the replicated state machine.

[jeffkbkim]

nit: i think it's a bit confusing to use state since we have CoordinatorState. can we use stateMachine?

[dajac]

I think that I will use coordinator to stay consistent with the rest of the class.

[jeffkbkim]

we can apply to the state machine first because we will revert to latest committed snapshot if the append fails right?

[dajac]

Correct.

[jeffkbkim]

i'm not sure what the comment is saying here

[dajac]

Rephrases it.

[jeffkbkim]

can we give a bit more description on what the difference is between this and context.epoch?

[dajac]

There are basically the same: context.epoch = partitionEpoch. Is the name confusing?

[jeffkbkim]

since we only run one event at a given time for a partition, my intuition tells me that we should not hit this condition. when would this be true?

[dajac]

The loading is asynchronous so it could be that the leader epoch changes while we are already loading the coordinator.

[jolshan]

nit: do we want a check that is the opposite of the updateLastWrittenOffset (ie, offset can not be greater than last written offset?)

[jolshan]

so we can go from closed/failed back to loading?

[dajac]

very good question. it actually depends on whether we want to recycle the context or not. after thinking a bit more about it, i think that it is preferable to use reuse it (cause of the snapshot registry). i have updated the state machine and the code to reflect this.

[jolshan]

are all of these methods safe to call from initial state? seems like that state transition is valid.

[dajac]

almost. updated the code.

[jolshan]

What scenarios would we have a write event that was a "read operation after all"?

[dajac]

imagine a simple heartbeat request. we have to treat is as a write because it could alter the state but the heartbeat may not do anything.

[jolshan]

Ok -- so it's cases where a request has the potential to write, but if no change will not. Makes sense.

[jolshan]

I see that this event will not return a response -- but does it also not write records? Is it read only? Or it it only on the in memory state?

[dajac]

None of them. This is just a way to schedule an internal task (e.g. load/unload ops).

[jolshan]

So in other words -- not writing or reading but doing some operation.

[jolshan]

It may be worth clarifying what "internal" means in the comment

[jolshan]

Complete is a bit strange here since we only call this in the error case. Would it make more sense to just call this in the finally block and if the error is null do nothing?

[dajac]

Would it make more sense to just call this in the finally block

I am not sure to understand what you mean by this. Could you elaborate?

[jolshan]

The others followed a pattern where they both called complete, but maybe it's not a huge deal. Was suggesting a way to continue this pattern

[dajac]

Yeah, I am not sure. In this case, complete is only useful in case of errors so I would not overuse it.

[jolshan]

Yeah I guess if we don't use futures, it's not as important.

[jolshan]

Does the context.epoch stay the same until the next load?

[dajac]

Right. The epoch is basically the leader epoch of the partition. The broker notifies us when a new ones comes and we update it here. However, we only load if we have to.

[jolshan]

Is this comment helpful 😅

[dajac]

Yeah, I agree... but it does not hurt, isn't it?

[jolshan]

I suppose not. It could also do without it. Up to you.

[jolshan]

nit: maybe "An exception if the processing of the event failed or null otherwise"
I read this as exception if the event failed or was null.

[jolshan]

Is this changed from integer to topic partition so that we can use different coordinator state partitions (ie consumer offsets vs transactional state)

[dajac]

Right. It was also just easier to use TopicPartition everywhere.

[jolshan]

nit: we don't need to set 1 right? It will not be used.

[dajac]

Right.

[jolshan]

does this fail not because we aren't loaded, but because we haven't even started loading? On 201, it says we are still loading, but were able to get the context.

[dajac]

In this case, it fails because the context does not even exist.

[jolshan]

Got it -- the comment is a little unclear, since we can get the context while it is still not fully loaded, but the issue is that we didn't start loading (which starts with creating the context).

Maybe we could say "Getting the coordinator context fails because the coordinator hasn't started loading and hasn't crated the context"? That might be a bit wordy, but something like that.

[dajac]

Updated the comment.

[jolshan]

do we also want to check deregister was called? (I suppose we don't actually register, but the code path does contain this and the other test looks for registerListener)

[jolshan]

Do we need to create a new coordinator here? We don't seem to verify that it is different.

[dajac]

I do this to ensure that a new coordinator is created in this case. We verify the new value a few line below: assertEquals(coordinator, ctx.coordinator);.

[jolshan]

Ah I see. When I saw assertEquals(coordinator, ctx.coordinator) before I was confused because that would be true with the old coordinator. But we are testing that the ctx is updating.

[jolshan]

Should we check that the state is closed?

[jolshan]

just for my understanding, we will always keep the latest snapshot in case we need to rollback?

[dajac]

Right. We always keep the last snapshot as we may have to rollback to it when a new write it applied but fails.

[jolshan]

Will the snapshot registry have 4L as the epochList now?

[dajac]

No, it won't. The last write here does not yield any records so a new snapshot is not created.

[jolshan]

I see. The same happens on line 498 👍

[jolshan]

This fails because we only allow one write? (That took me a moment to realize)

If we returned 3 records in write2, I think this test would be stronger.

[dajac]

The number of records does not matter here. The writer is configured to only accept one successful call to PartitionWriter#append. Let me extend the comment to make this clear.

[jolshan]

Yeah -- comments would help. I think the other part I was suggesting is that write #2 seems to be the same as write #1. So if it didn't fail due to the write limit, would we have in the records ["record1", "record2", "record1", "record2"]? If that's the case this is fine.

I originally thought that if the records were the same, it was a no op, but I was confusing things.

[dajac]

Yeah, I agree that the records are not great in this test. For the context, the runtime always write what it gets. It does not compare the records themselves.

I have updated the writer to fail if the number of records in a single write is greater than a threshold. I think that it will be less confusing this way. What do you think?

[jolshan]

nit: the write is done (as we update lastWrittenOffset), but isDone signified that the write has been committed. Is this correct?

[dajac]

Yeah, this is correct. The future is only completed when the write is committed. Let me use committed in the comment.

[divijvaidya]

I haven't looked at the business logic yet, just left some comment to understand the expectations of this code better.

[divijvaidya]

can this be done async by background thread pool?

[dajac]

Hmm... All the events are already processed in a thread pool. We could defer those in another one but I don't really see the need for it for two reasons: 1) that would require to introduce locking because those are not thread safe; and 2) they should be quite fast operations.

[divijvaidya]

I am not aware of the threading model here but since we are using a concurrent hash map to store coordinators, I am assuming that this function can be accessed by multiple threads.

In multi thread access is true for coordinator when this function is executing, then there is a bug here because there might be a context switch after we have retrieved the value using get and by the time we execute the if/else below, the value of this context might have changed. We should use atomic primitives with ConcurrentHashMaps such as computeIfAbsent

[dajac]

That's correct. coordinators is accessed by multiple threads. However, the runtime guarantees that the context for a given TopicPartition is never accessed concurrently - all the events of a TopicPartition are processed sequentially. This is why I don't have a lock for the context.

Regarding your suggestion, I am not sure how you could use an atomic primitive of ConcurrentHashMaps to implement this logic. Could you elaborate a bit more on this?

[divijvaidya]

CloseQuietly?

[dajac]

I am not sure. I definitely use CloseQuietly when closing the runtime component but it seems better to raise the exception further if closing the processor fails here. That is because the rest of the closing procedure does not make sense if the closing the processor has failed.

[divijvaidya]

note that this is not a thread safe operation since concurrentHashMap doesn't take an exclusive lock during forEach. Is that ok?

[dajac]

This should be OK. Closing the processor guarantees that coordinators is not accessed anymore. Your comment made me think that I should add an atomic boolean to make the close method idempotent.

[divijvaidya]

you can get rid of the second {} because last parameter can be added as a exception without having to parameterize it. see: https://www.slf4j.org/faq.html#paramException

[dajac]

I know. I actually prefer to have the exception's message included in the message logged. I mean on the same line because it is easier when you search the log. However, I could add a third argument to print the stack trace. Let me see if that makes sense here.