Re-work Function MetaDataManager to make all metadata writes only by the leader #7255

srkukarni · 2020-06-12T02:43:47Z

(If this PR fixes a github issue, please add Fixes #<xyz>.)

Fixes #

(or if this PR is one task of a github issue, please add Master Issue: #<xyz> to link to the master issue.)

Master Issue: #

Motivation

Currently Function Metadata topic is not compacted, which means that in a long running system, with sufficient number of function submissions/updates/state changes, the startup lag for workers to read from beginning increases linearly.
However the current mechanism of Function Metadata topic writes does not lend itself to compaction. This is because all workers write into the topic and only one of them wins(it need not be the last).
This pr makes a first stab at simplifying the current workflow. Now, upon a function submission/update/state change, the workers simply pass that request to the leader. The leader is the arbitrer of what goes in(just like it is today) and is the only one writing to the function metadata topic. The rest of the worker still continue to tail the topic to receive the appropriate updates. The leader does not have the tailer, and instead directly updates in in-memory state when it writes to the metadata topic.

Modifications

Describe the modifications you've done.

Verifying this change

Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

Added integration tests for end-to-end deployment with large payloads (10MB)
Extended integration test for recovery after broker failure

Does this pull request potentially affect one of the following parts:

If yes was chosen, please highlight the changes

Dependencies (does it add or upgrade a dependency): (yes / no)
The public API: (yes / no)
The schema: (yes / no / don't know)
The default values of configurations: (yes / no)
The wire protocol: (yes / no)
The rest endpoints: (yes / no)
The admin cli options: (yes / no)
Anything that affects deployment: (yes / no / don't know)

Documentation

Does this pull request introduce a new feature? (yes / no)
If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)
If a feature is not applicable for documentation, explain why?
If a feature is not documented yet in this PR, please create a followup issue for adding the documentation

…ecutor

pulsar-client-admin/src/main/java/org/apache/pulsar/client/admin/Functions.java

pulsar-client-admin/src/main/java/org/apache/pulsar/client/admin/internal/FunctionsImpl.java

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

...ons/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataTopicTailer.java

pulsar-functions/worker/src/main/java/org/apache/pulsar/functions/worker/WorkerService.java

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

jerrypeng · 2020-06-23T18:57:52Z

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

            this.functionMetaDataTopicTailer = new FunctionMetaDataTopicTailer(this,
                    pulsarClient.newReader(), this.workerConfig, this.errorNotifier);
            // read all existing messages
-            this.setInitializePhase(true);
            while (this.functionMetaDataTopicTailer.getReader().hasMessageAvailable()) {
                this.functionMetaDataTopicTailer.processRequest(this.functionMetaDataTopicTailer.getReader().readNext());


it is kind of weird that the functionMetaDataTopicTailer.processRequest() will call back to FunctionMetadataManager. Seems like an awkward interaction between the classes. Perhaps we can refactor in a subsequent PR.

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

jerrypeng · 2020-06-23T19:55:08Z

...ons/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataTopicTailer.java

        readerThread.start();
    }

    @Override
    public void run() {
-        while(running) {
+        while (running) {


To check if we have really reached the end of the topic, I think its safer if we check reader.hasMessageAvailable() == false and reader.readNext(5, TimeUnit.SECONDS) returns null.

jerrypeng · 2020-06-23T20:13:36Z

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

+                .build();
+        try {
+            lastMessageSeen = exclusiveLeaderProducer.send(serviceRequest.toByteArray());
+        } catch (Exception e) {


Shouldn't we return a 500 error to the end user? If we call just "errorNotifier.triggerError(e)", the worker die and the end user will likely not get a response or a timeout error

good point. Changed

"errorNotifier.triggerError(e);" is still being called. The worker might exit before exception gets bubbled up and a response send back

@srkukarni ^^^

So the question here is whats the right thing to do. If we are having issues to write into the producer, should the leader just reject the request saying Internal server error and hope that things will be better next time? Or is the right approach to trigger worker death?

We should return the error to the worker making the call to the leader, otherwise the worker might have to wait for a timeout. I think we should just return an error and the user can retry. There is no guarantee that restarting the worker or electing another leader will help solve the issue since all the workers have the same configuration. Restarting can also be heavy and I would prefer to minimize the amount of forced restarts as possible.

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

...unctions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/ComponentImpl.java

...nctions/worker/src/main/java/org/apache/pulsar/functions/worker/FunctionMetaDataManager.java

…the leader (apache#7255) * Function workers re-direct call update requests to the leader * Fixed test * tests pass * Working version * Fix test * Short circuit update * Fix test * Fix test * Fix tests * Added one more catch * Added one more catch * Seperated internal and external errors * Fix test * Address feedback * Do not expose updateOnLeader to functions * hide api * hide api * removed duplicate comments * Do leadership changes in function metadata manager * make the function sync * Added more comments * Throw error * Changed name * address comments * Deleted unused classes * Rework metadata manager * Working * Fix test * A better way for test * Address feedback Co-authored-by: Sanjeev Kulkarni <sanjeevk@splunk.com>

*Motivation* apache#7255 re-worked Function MetaDataManager to make all metadata writes only by the leader. This unintentionally broke Pulsar Functions when m-TLS is used for authentication. Because it doesn't taken TLS port into consideration and always uses a non-TLS port to communicate with the leader broker. The PR fixes the broken implementation and ensure Pulsar Functions use the right service url and authentication plugin to communicate with leader. *Tests* Add an integration test to reproduce the issue and ensure functions worker with m-TLS

*Motivation* #7255 re-worked Function MetaDataManager to make all metadata writes only by the leader. This unintentionally broke Pulsar Functions when m-TLS is used for authentication. Because it doesn't taken TLS port into consideration and always uses a non-TLS port to communicate with the leader broker. The PR fixes the broken implementation and ensure Pulsar Functions use the right service url and authentication plugin to communicate with leader. *Tests* Add an integration test to reproduce the issue and ensure functions worker with m-TLS

*Motivation* apache#7255 re-worked Function MetaDataManager to make all metadata writes only by the leader. This unintentionally broke Pulsar Functions when m-TLS is used for authentication. Because it doesn't taken TLS port into consideration and always uses a non-TLS port to communicate with the leader broker. The PR fixes the broken implementation and ensure Pulsar Functions use the right service url and authentication plugin to communicate with leader. *Tests* Add an integration test to reproduce the issue and ensure functions worker with m-TLS

Sanjeev Kulkarni added 7 commits June 10, 2020 18:32

Function workers re-direct call update requests to the leader

bf11f0c

Fixed test

691d054

tests pass

cfb203d

Working version

f814544

Fix test

b0a7f28

Merge remote-tracking branch 'apache/master' into functions_leader_ex…

e612318

…ecutor

Merge branch 'master' into functions_leader_executor

ea53753

srkukarni added the area/function label Jun 12, 2020

srkukarni added this to the 2.7.0 milestone Jun 12, 2020

srkukarni requested review from merlimat, sijie and jerrypeng June 12, 2020 02:43

srkukarni self-assigned this Jun 12, 2020

srkukarni mentioned this pull request Jun 12, 2020

Fix leader/scheduler assignment processing lag problem #7237

Merged

Sanjeev Kulkarni added 8 commits June 12, 2020 11:57

Short circuit update

c02274a

Fix test

93c54e1

Fix test

fd8766e

Fix tests

b5b1752

Added one more catch

d3403c7

Added one more catch

cc3646e

Seperated internal and external errors

6b8d6d2

Fix test

aeb51ca