KAFKA-5238: BrokerTopicMetrics can be recreated after topic is deleted #4204
Conversation
|
SUCCESS |
2 similar comments
|
SUCCESS |
|
SUCCESS |
|
Hi @ijuma @rajinisivaram any comments ? |
|
Hi @ijuma @rajinisivaram could anyone review please ? |
|
The reason we believe this fix is important is the leak that deleted topics metrics cause, over a long enough time they built up and we were flooding the graphite backend with obsolete metrics ... |
|
@edoardocomar Sorry about the delay. The reason I was hesitant in committing this was because I wasn't sure if there were any race conditions in the fix. For example, could a topic be deleted after the check for |
|
Hi @rajinisivaram yes there could still be a race, however the window for that to happen is minimal, as the highest chances for the race to happen are while there is a DelayedFetch in the Purgatory. In fact it was very easy to reproduce the issue. |
|
@edoardocomar Yes, I do agree that the fix makes it better than what we have currently since it reduces the timing window. But it will be good to explore if we can fix it properly without leaving any timing windows. I will take a look later today. |
| brokerTopicStats.topicStats(tp.topic).totalFetchRequestRate.mark() | ||
| brokerTopicStats.allTopicsStats.totalFetchRequestRate.mark() | ||
| } else { | ||
| info(s"Delayed fetch for deleted partition $tp") |
There was a problem hiding this comment.
We should not do this. readFromLocalLog should not encode information about its callers, it should be the other way around.
There was a problem hiding this comment.
Thanks, the log message is bad !
|
@edoardocomar I had a look through the code and I think it should be possible to close the timing window altogether by creating metrics within one of the existing locks (locking should be required only when metrics for the topic is not available). I am not sure if it is worth the additional complexity. Perhaps @ijuma could comment since he created this JIRA. |
|
I haven't looked at the complexity, but generally we try to fix the root cause and not just make it less likely to happen. |
| try { | ||
| if (allPartitions.contains(tp)) { | ||
| brokerTopicStats.topicStats(tp.topic).totalFetchRequestRate.mark() | ||
| brokerTopicStats.allTopicsStats.totalFetchRequestRate.mark() |
There was a problem hiding this comment.
It seems that we can always call this one. It's only the topic variant that should not be called if the topic has been deleted.
|
Hi @ijuma @rajinisivaram any further observations? I agree that fixing a root cause is preferable, however here the simplicity of reducing the time window from large to minimal appeared to have paid off in practice (we're running with this patch). |
|
I am ok with committing this and creating another JIRA to close the timing window later. @ijuma What do you think? |
|
@ijuma ? |
edoardocomar
force-pushed
the
KAFKA-5238
branch
from
94062e2
to
a213df2
Compare
|
retest this please |
1 similar comment
|
retest this please |
|
Opened https://issues.apache.org/jira/browse/KAFKA-6495 for fully closing the timing window |
edoardocomar
force-pushed
the
KAFKA-5238
branch
2 times, most recently
from
c2f9f20
to
2477776
Compare
|
rebased on trunk to fix conflicts, can be merged clean again ... any volunteers ? |
|
@ijuma Shall we merge this now since it is a simple fix and reduces the timing window? There is a separate JIRA (KAFKA-6495) to close the window properly later. |
|
Hi @ijuma would you be ok to merge ? |
|
Hi @rajinisivaram thanks for finding the time to chat about this PR @ijuma even if this is not a theoretical fix to the issue, it is a practical one, Please if you do not want to get it merged just say so and we will stop pursuing it, thanks |
edoardocomar
force-pushed
the
KAFKA-5238
branch
from
58e9f02
to
42373dd
Compare
|
Hi @ijuma @rajinisivaram we have rebased this old PR. Please note that we have been running this patch on our production systems for over a year, and we no longer suffer from the leaks. Please reconsider this patch, thanks. |
|
bump ... hi @ijuma @rajinisivaram ... |
|
bump ... trying others @vahidhashemian @dguy ? |
edoardocomar
force-pushed
the
KAFKA-5238
branch
from
5d68873
to
d136b77
Compare
|
rebased and retested |
|
@hachikuji would you like to take a look as you're working on #8586 |
| val adjustedMaxBytes = math.min(fetchInfo.maxBytes, limitBytes) | ||
| try { | ||
| brokerTopicStats.allTopicsStats.totalFetchRequestRate.mark() | ||
| if (allPartitions.contains(tp)) { |
There was a problem hiding this comment.
Hmm.. Does this solve the issue or just make it less likely? Does anything protect a call to stopReplica between this check and the metric update below?
It does seem this is related to #8586. Since we are updating the metric after completion of the DelayedFetch currently, then this case actually seems likely to be hit in practice. We would just need to have a fetch in purgatory when the call to stop replica is received. However, after #8586, I guess it becomes less likely? Still it would be nice to think through a complete fix.
There was a problem hiding this comment.
Yeah, this is the reason this PR got stuck a bit. @rajinisivaram had said:
I had a look through the code and I think it should be possible to close the timing window altogether by creating metrics within one of the existing locks (locking should be required only when metrics for the topic is not available). I am not sure if it is worth the additional complexity.
There was a problem hiding this comment.
I think the problem here is that the metric is created on demand. We need to tie it to partition lifecycles a little more closely. The thought I had is basically just to create the topic metric whenever we receive a LeaderAndIsr request so that creation/deletion are protected by replicaStateChangeLock. We can then just ignore updates to the metric if it doesn't exist rather than letting it be recreated.
There was a problem hiding this comment.
This PR makes the issue less likely to happen. It's not bulletproof but we've been using this patch in production for years and has worked great for us. Heuristic and pragmatic...
|
Perfect is the enemy of good. |
Avoid a DelayedFetch recreate the metrics when a topic has been deleted Always tick global fetch request metric Co-authored-by: Edoardo Comar <ecomar@uk.ibm.com> Co-authored-by: Mickael Maison <mickael.maison@gmail.com>
|
After @hachikuji fixes in #8586 |
Avoiding a DelayedFetch recreate the metrics when a topic has been
deleted
developed with @mimaison
added unit test borrowed from @ijuma JIRA