KAFKA-10555: Improve client state machine

[wcarlson5]

Removes the transition to error for when there are no threads and makes Error terminal

Summary of testing strategy (including rationale)
for the feature or bug fix. Unit and/or integration
tests are expected for any behaviour change and
system tests should be considered for larger changes.

Committer Checklist (excluded from commit message)

• Verify design and implementation
• Verify test coverage and CI build status
• Verify documentation (including upgrade notes)

[wcarlson5]

@mjsax Can you give this a look? I hope that I haven't broken any of the EOS tests

[wcarlson5]

This will not be needed with the new error definition

[wcarlson5]

we will be doing the same thing but closing the client for now. Maybe a replace globalThread will be added later

[wcarlson5]

We want to make close() idempotent and not throw an exception but we will log a warning, but only for close so that is why these logs are not in the setState() method.

[wcarlson5]

This will let Streams shutdown uncleanly when in EOS mode

[wcarlson5]

This test is for the functionality we are removing

[wcarlson5]

Just wait for ERROR because you don't close crashed

[wcarlson5]

No longer do you need to close crashed

[mjsax]

Why this change? client2 should transit from PENDING_ERROR to ERROR (not from PENDING_SHUTDOWN to CLOSED, and thus the new CLOSE check seem not to be right? Or do I miss something?

[wcarlson5]

My thoughts where that we are calling close and so its is going to just be closed as the state transitions are cleared. This is the test that made me want you to review the PR I was worried that I might have broken the integrity of the tests as it is not behaving as I expected. However no other test was having this problem so I was not sure if I was understanding it correctly.

[mjsax]

From my understanding/ according to the new state transition diagram, if there is an error we go to PENDING_ERROR and if we call close() we transit PENDING_ERROR -> ERROR?

[wcarlson5]

the call to close() will have no effect. The PENDING_ERROR -> ERROR transition is like the PENDING_SHUTDOWN -> NOT_RUNNING where the transition from the PENDING... state is automatic

[mjsax]

Thanks for clarifying.

[wcarlson5]

remove deprecated handler

[wcarlson5]

When the client is shutdown it now goes to ERROR

[mjsax]

super nit: fix indention of comment

Also please update the state diagram in the comment above.

[wcarlson5]

yay ascii art! good catch I forgot about that

When I build the docs locally it looks about right

[mjsax]

Should we return true there? I understand that we are not in NOT_RUNNING state, but in the end we are in a terminal state and we did cleanup all resources. -- I guess, I am raising the question if we should relax the definition of this return value?

[wcarlson5]

I don't think that we should return true. A user would then expect that that the state would then change to NOT_RUNNING and could be stuck waiting on that. Where if we return false in then they might retry and get stuck there.

I don't know which is a better problem to have but I think that changing the meaning of this return value won't add any more clarity to the situation.

[mjsax]

Fair point. Might be good to get input from somebody else in addition. \cc @cadonna

[cadonna]

As far as I can see, where the return value is used the javadoc says

true if all threads were successfully stopped, false if the timeout was reached.

Since all threads were successfully stopped, I would return true. We clearly document that ERROR is a terminal state, so I do not see why somebody should wait for NOT_RUNNING when the client is in ERROR and close() returns true.

[wcarlson5]

Alright I adjusted the close response to align with this.

[mjsax]

If the global thread dies, should we not transit to ERROR at the end?

[wcarlson5]

It will. We don't strictly need to test it here as that is tested elsewhere but we can add it for clarity

[mjsax]

I guess it would not hurt. Leave it up to you than.

[mjsax]

Why not just change this from CLOSE_CRASHED to CRASH ?

[mjsax]

Should we extend it to have two state transitions, RUNNING -> PENDING_ERROR and PENDING_ERROR -> ERROR ?

[wcarlson5]

Actually it could probably be just PENDING_ERROR -> ERROR because it could be in RUNNING or REBALNCING previously

[mjsax]

As above

[mjsax]

As above

[mjsax]

Nit: the error message is weird -> Streams didn't transit to ERROR state.

[mjsax]

Made a pass over it.

[wcarlson5]

@mjsax I believe that I got to all your comments except for the shouldUpgradeFromEosAlphaToEosBeta tests one

[wcarlson5]

yay ascii art! good catch I forgot about that

When I build the docs locally it looks about right

[wcarlson5]

I don't think that we should return true. A user would then expect that that the state would then change to NOT_RUNNING and could be stuck waiting on that. Where if we return false in then they might retry and get stuck there.

I don't know which is a better problem to have but I think that changing the meaning of this return value won't add any more clarity to the situation.

[wcarlson5]

It will. We don't strictly need to test it here as that is tested elsewhere but we can add it for clarity

[wcarlson5]

It made it so that the new default was not used until we updated the Error transition as we are doing in this PR. :)

[wcarlson5]

My thoughts where that we are calling close and so its is going to just be closed as the state transitions are cleared. This is the test that made me want you to review the PR I was worried that I might have broken the integrity of the tests as it is not behaving as I expected. However no other test was having this problem so I was not sure if I was understanding it correctly.

[mjsax]

I thought we always need to call close? If an error happens, we call the handler, and if the handler return shutdown, we transit to PENDING_ERROR. On close() we transit from PENDING_ERROR -> ERROR?

Or do I have some misconception?

[wcarlson5]

the handler will call close, but the user will not need to. The PENDING_ERROR state is indicating the resources are closing before the transition to ERROR after which no more work will be done. We made it so the user can call close on PENDING_ERROR or ERROR but it will only log a warning

[mjsax]

Thanks for clarifying!

[wcarlson5]

@mjsax I am still looking into the shouldUpgradeFromEosAlphaToEosBeta test. but not making a ton of progress I will try to carve out a little time tomorrow for it.

I think there was a bit of miss-understanding about what PENDING_ERROR means but I hope I cleared it up the comments below.

[wcarlson5]

the handler will call close, but the user will not need to. The PENDING_ERROR state is indicating the resources are closing before the transition to ERROR after which no more work will be done. We made it so the user can call close on PENDING_ERROR or ERROR but it will only log a warning

[wcarlson5]

the call to close() will have no effect. The PENDING_ERROR -> ERROR transition is like the PENDING_SHUTDOWN -> NOT_RUNNING where the transition from the PENDING... state is automatic

[wcarlson5]

Using just PENDING_ERROR -> ERROR because the transition to PENDING_ERROR can be from multiple sources. Also that transition is already tested so this check implies it

[mjsax]

Just some final nits. Overall LGTM.

[mjsax]

Why this change? We do wait for RUNNING?

[wcarlson5]

We do wait for running, I was thinking of bringing it to match with the other methods below but that doesn't make it anymore useful so I will revet it.

[mjsax]

Btw: to what extend do we need to update the docs? We should at least add a section to streams/upgrade_guide.html to mention the change.

[wcarlson5]

I extracted the https://github.com/apache/kafka/pull/9720/files#r562203226 fix to #9948

[wcarlson5]

@mjsax it looks like there is one unrelated failure java.lang.RuntimeException: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TopicExistsException: Topic 'primary.test-topic-2' already exists.

[glasser]

Am I correct in believing this change was released in Kafka 2.8.0? I can't find it in the release notes. We just had a minor outage because we didn't realize when upgrading to v2.8 that some error handling/shutdown code in our Kafka Streams app couldn't assume that it only had to kick in when the state transitioned to NOT_RUNNING but also now has to handle ERROR too.