[BEAM-2140] Fix SplittableDoFn ValidatesRunner tests in Flink Streaming Runner #4639
Conversation
|
Run Flink ValidatesRunner |
aljoscha
force-pushed
the
fix-flink-splittable-dofn-take-2
branch
2 times, most recently
from
4ad6ba7
to
22ad573
Compare
|
Run Flink ValidatesRunner |
|
rerun tests please |
|
retest this please |
|
This still blocks operator shutdown in |
|
retest this please |
|
Thank you! Will take a look today. To clarify: will this run correctly (including fault tolerance, watermarks, late data dropping by downstream operators and everything) in the common case of an SDF emitting an infinite amount of output? I.e. are there any limitations to what a Flink operator can do in (SDF ValidatesRunner tests, naturally, have to terminate, so they test only terminating cases...) |
|
Yes, I believe this works correctly with watermarking. It will not work with fault-tolerance, though, because of a very peculiar "feature" of Flink: if any of the operators of a topology shut down checkpointing will not work anymore. However, in practice this is not a problem since sources of a streaming topology are not supposed to shut down so we will never come to The issue this PR fixes only comes up in tests because we have bounded sources in a streaming pipeline, meaning we actually see a Also, there are two operators in Flink that follow the same pattern:
I'm not saying that I like this, to be honest, I'm just saying that this is the way we currently have to do it. |
Ouch, that is very unfortunate, and means that Flink will not be able to fault-tolerantly run an SDF (or a stateful/timerful DoFn, for that matter) which runs forever per element (e.g. reading from Kafka). This is the intended use case of SDF: e.g. to read 1 Kafka topic, create a "bounded" source containing 1 element (name of the topic), followed by an SDF that reads kafka topics. The "bounded source" emits the single element and immediately completes, but the SDF runs perpetually. This on its own might seem silly ("why not express reading from Kafka as a root operator?"), but SDF affords the flexibility that you now can also easily read a collection of Kafka topics, bounded or not (e.g. receive over a Kafka topic a stream of names of new Kafka topics to read). Or more interestingly: you can create a "bounded" source containing a set of filepatterns, and apply to it two SDFs: one (filepattern -> new files as they appear), the other (file -> new records as the file grows). It also seems problematic that close() is rarely exercised in Flink pipelines. That means that this codepath is probably buggy in ways we don't know, it would be awkward if it started playing a central role in most streaming pipelines as the various unbounded sources are transitioned to SDF. Am I understanding correctly that, if the upstream operators didn't terminate, then you wouldn't need to put the processing into close()? Maybe that's the way to fix this - have Flink in streaming mode treat bounded sources as unbounded, in the sense that once they emit their elements, instead of terminating, they just hang forever pretending that they might have more data? |
|
Yes, I know quite well how SDF IOs are supposed to work. 😃 However, I think that in properly unbounded pipelines the "discovery source" will also stay online forever. (I think of SDF IOs like this: "Discovery Source/DoFn" -> "Reader SDF", where for Kafka the discovery source would listen for new partitions on the topics and forward them as they come online, for Kinesis it would listen for new shards and for files it would listen for files) Side note: I think the Beam Kafka IO does currently not discover new partitions when a pipeline is already running, which is a bit of a problem. Having the discovery source stay always online would solve this. Not sure about the Kinesis IO. Flink has a different problem: all parallel instances of a source query for new Kafka partitions/Kinesis Shards and they have a deterministic way of assigning them to the instances (basically modulo). This, however, will DDoS Kafka/Kinesis which also can lead to problems. SDF IOs would solve this problem because there is only one part that does the periodic querying for new shards/partitions. Also, the Flink File source has worked like a SDF IO for quite a while now but we have never generalised the pattern as in what we want to do with SDF IOs in Beam. On your last point: we currently can't do this because then our tests would not terminate and also because "bounded streaming pipelines" (which sounds very strange) would not terminate. |
|
I would like to abolish the ill-defined concepts of sources and sinks, instead having everything be just transforms (and IOs be simply an informal name for transforms used for a particular purpose) - and SDF is part of that vision :) If we need to watch for new Kafka partitions - there needs to be a splittable or stateful DoFn to do that (applied to a PCollection of topics), before the partition-reading SDF. If anything is designated as a "source", it can no longer be placed anywhere except at the very root of the pipeline, and can no longer be data-dependent. This is also in line with the Fn API where the concept of sources doesn't exist either (or, currently exists on life support but is destined to be deleted) - instead it only has a primitive "impulse" that generates a single empty value to kick off everything else. Do we have any other options? Would it be difficult to make Flink work properly if some operators at the root shut down but others continue working potentially forever? |
|
Yes, unfortunately I agree with you, @jkff. The option I see is to never let a Flink Streaming Pipeline shut down. What do you think? |
|
I just dropped in on the last comment and it made me sad. In the earlier days of Dataflow we did just what you describe - watch counters for PAsserts and cancel when they are all passing or a single error message comes over the logging channel - and it was complex and flaky. As far as I know we never actually got the bugs out of it, but just rewrote it to not work that way once we shut down the pipeline on inf watermark. Flink might be less flaky if listening on accumulators is reliable and exact (never overcounts or undercounts) and it does seem like this could work if done right from the start. But it is nicer not to have to? The Flink operator doesn't have to shut down to signal that it is "done" in the Beam sense, maybe? It could "hang forever pretending it has more data" but with inf watermark and the PipelineResult could still have some way of returning when watermarks are +inf globally, and it could also own canceling the job. |
|
@aljoscha Is there a compelling reason for why Flink becomes unable to checkpoint once an operator shuts down? That seems like an implementation limitation, rather than a theoretical one - from the point of view of the Beam model there's nothing wrong with having a PTransform be cleaned up after processing a PCollection whose watermark has reached infinity, while downstream transforms still have something to do, potentially forever. Maybe if we analyze why Flink currently behaves in this way, we can collectively come up with a way to fix Flink not to :) |
|
@kennknowles How you describe the new Dataflow mode of operations is actually how the Flink Runner currently works: when sources get the +Inf watermark they shut down. This shutting down, in turn, propagates through the Flink operators because operators shut down when all their input operators shut down. This, however leads to what @jkff criticised (correctly) above: we have to block shutdown of an operator in @jkff This is not an inherent design problem, it's just that no-one yet thought this was pressing enough to fix. I consider it very pressing and am pushing for fixing this in Flink 1.6 but that won't help us here. Btw, the code that prevents checkpointing if any tasks/operators are down is here: https://github.com/apache/flink/blob/f9dd19b584fca5932594392b0afc9f1d0eec7f1a/flink-runtime/src/main/java/org/apache/flink/runtime/checkpoint/CheckpointCoordinator.java#L453 This is quite simple to fix. The complicated part is how we deal with tasks that were already shut down when we are recovering from a failure. It's also not rocket science, though. None of those problems we can fix in this PR, I'm afraid. But we could merge it to at least enable test coverage for SDF on the Flink Runner. |
There was a problem hiding this comment.
Thanks. I think I agree that this is certainly much better than not having SDF support at all :) But probably can't be used for long-running production jobs yet, due to fault tolerance issues.
What's the shortest path to making this usable in production in some way, so that Flink runner users can use Watch and derived transforms, and, more importantly, unblock streaming Fn API jobs?
Another option I can see: at pipeline construction time, fuse Create.of() + a chain of ParDo's + a splittable ParDo into a single Flink operator that can control its own shutdown rather than being forced by the shutdown of Create.of(). Not sure if this is easier than fixing Flink itself :)
| // This is our last change to block shutdown of this operator while | ||
| // there are still remaining processing-time timers. Flink will ignore pending | ||
| // processing-time timers when upstream operators have shut down and will also | ||
| // shut down this operator with pending processing-time timers. |
There was a problem hiding this comment.
Please add a comment here describing the limitations of this approach (basically, typical cases of an unbounded SDF applied to a small bounded PCollection will not be fault-tolerant) and maybe link to the underlying Flink JIRA issue if there is one filed? If there isn't, would be good to file one for Flink; and either way, file one for Beam explaining that the support is limited.
Also would be good to log something.
There was a problem hiding this comment.
The Flink issue about checkpointing is https://issues.apache.org/jira/browse/FLINK-2491. This is not the reason for the special timer-related code here, though, so it's not the correct place to mention this here. The reason is that processing-time timers in Flink are not treated as data that should not be dropped and this is currently not seen as an issue by most people. (I'm working on getting that changed, but it's more of an ideological than an implementation issue.)
|
@jkff I created https://issues.apache.org/jira/browse/BEAM-3727, which links to https://issues.apache.org/jira/browse/FLINK-2491. WDYT? |
aljoscha
force-pushed
the
fix-flink-splittable-dofn-take-2
branch
from
22ad573
to
c69db46
Compare
|
Run Flink ValidatesRunner |
|
@jkff I added a commit for https://issues.apache.org/jira/browse/BEAM-3727 on top but I'm very happy to remove this and open another PR for it since this is big enough as it is. Just thought it would be good for this to go in together. |
|
Flink ValidatesRunner tests currently failing: https://issues.apache.org/jira/browse/BEAM-3728 |
|
Thanks! LGTM - the comments and the filed JIRAs make sense. Next step would be to merge this, and try running a pipeline that e.g. keeps writing files to a directory using GenerateSequence + ParDo(create a file) and keeps FileIO.match().continuously()-ing them and deleting each file after say 15 minutes (can be done using a GBK on the filename as a key + a trigger), and see that the pipeline can comfortably run for a while. If it's fine, then declare victory and mark Flink as supporting SDF in the compatibility matrix :) |
SplittableDoFnOperator is only used for executing ProcessFn, which does not use event-time timers. However, StatefulDoFnRunner does use event-time timers for state cleanup so this change makes sure that they don't end up being forwarded to the ProcessFn.
It can happen that the input operation finishes while we still have pending processing-time timers, for example from processing a Splittable DoFn. This change makes sure that we block as long as we have pending timers. This change also makes sure that we forward a +Inf watermark in close(). We have to do this because it can happen that we get a +Inf watermark on input while we still have active watermark holds (which will get resolved when all pending timers are gone). With this change we make sure to send a +Inf watermark downstream once everything is resolved.
We need this to be able to instantiate with the constructor in the Flink Runner.
For this to work, we need to also change how we wrap values in KeyedWorkItems, because ProcessFnRunner expects them to be in the GlobalWindow.
This adds an option that controls whether to shutdown sources or not in case of reaching the +Inf watermark. The reason for this is https://issues.apache.org/jira/browse/FLINK-2491, which causes checkpointing to stop once some source is shut down.
aljoscha
force-pushed
the
fix-flink-splittable-dofn-take-2
branch
from
c69db46
to
8fa9367
Compare
|
Run Flink ValidatesRunner |
|
@jkff You mean create the files and delete them inside the same pipeline? I'll do that. |
…ner tests in Flink Streaming Runner
|
Merged |
This is a new and improved version of #4348. The gist of the changes is this:
DoFnOperatorwhile there are processing-time timers remaining.StatefulDoFnRunnerwhen executing an SDF because this will start dropping timers when the input watermark of the SDF goes to+Inf. We don't want those timers to be dropped because they are what keeps SDF execution "alive".ProcessFnRunnerwhen executing an SDF. For this, I had to change how we wrapKeyedWorkItemsinWindowedValuesbefore sending them to the SDF operator becauseProcessFnRunnerlikes its input to be in theGlobalWindowwhile normalDoFnOperatorinput should be in a window as assigned.We don't yet have SDF support for the Flink Batch Runner because that's a completely different code path. An initial version of this should not be too hard, though.