THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
This proposal is a complement to FLIP-193: Snapshots ownership. In FLIP-193 we introduced restore mode, where no-claim mode has two requirements:
- First, the new job cannot delete any files in the restored snapshot, otherwise cannot start multiple jobs from the same snapshot.
- Second, the new job's checkpoint cannot reference the file of the restored checkpoint, because in this mode the restored snapshot belongs to the user, and the user may delete the snapshot later. Once the user do that, snapshots made by new jobs will also be broken.
Currently, we implement no-claim mode by forcing the first snapshot to be a full snapshot, but there are some problems :
- Users cannot clearly know when retained snapshots can be safely deleted
Currently, users need to check whether the job has completed at least one checkpoint to determine whether the retained unclaimed snapshots can be deleted, which is not straightforward enough. We can call the ability of new jobs to run completely free from restored unclaimed snapshots as "state self-sustained". A job is state self-sustained meaning that the snapshot it will restart from will not reference any files in the restored unclaimed snapshot. Once the job becomes state self-sustained, the user can safely delete the restored unclaimed snapshot. Therefore, we need to explicitly tell the user whether the job is state self-sustained. - ChangelogStateBackend is almost impossible to force a full snapshot
- State changelog data cannot be re-uploaded to durable storage, so if we want to make a full snapshot, we must either copy the changelog file in the retained checkpoint, or force a full materialization at the first checkpoint. It’s okay if the storage of changelog supports fast duplicating, but if it doesn’t, the time overhead of copying these changelog files will be high, causing checkpoint timeout. And fast duplicating is not always available, for example the very commonly used hadoop filesystem does not currently support fast copy (See HDFS-2139) .
- If we choose to force a full materialization at the first checkpoint, we will need to upload a large amount of data, which will also easily cause the checkpoint timeout. At the same time, the materialization operations that were originally executed on a staggered peak on each subtask will be executed simultaneously, which will increase the pressure of the checkpoint storage and lead to a longer materialization time.
Public Interfaces
REST API
GET /jobs/:jobid/state-self-sustained
request
{} |
response
|
Web UI Changes
Add a new line to the WebUI → Checkpoints → Overview page as shown below :
No-claim mode semantic changes:
- No-claim mode still requires new jobs not to delete any files in the restored checkpoint.
- The first snapshot is not required to be a full snapshot, but StateBackend is required to release its dependence on the restored snapshot as soon as possible (possibly in a subsequent snapshot).
Proposed Changes
Shared state register of CompletedCheckpoint
Make CompletedCheckpoint#registerSharedStatesAfterRestored() register all shared state handles with the shared state registry even in no-claim mode :
- The no-claim mode no longer requires that all subsequent checkpoints do not reference files in the restored snapshot. StateBackend may rely on restored snapshots to make incremental snapshots during the initial period of the job.
How to implement state self-sustained state judgment
SharedStateRegistry can be used to track whether the checkpoint refers to the restored unclaimed snapshot, and then we can know whether the job is state-sustained.
Public Interface changes
See the description in the previous chapter for details