Status

Current state: [One of "Under Discussion", "Accepted", "Rejected"] Discussion

Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]
JIRA: here [Change the link from KAFKA-1 to your own ticket]

JIRA:

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Describe the problems you are trying to solve.

Public Interfaces

Briefly list any new interfaces that will be introduced as part of this proposal or any existing interfaces that will be removed or changed. The purpose of this section is to concisely call out the public contract that will come along with this feature.

A public interface is any change to the following:

• Binary log format

• The network protocol and api behavior

• Any class in the public packages under clientsConfiguration, especially client configuration

  • org/apache/kafka/common/serialization

  • org/apache/kafka/common

  • org/apache/kafka/common/errors

  • org/apache/kafka/clients/producer

  • org/apache/kafka/clients/consumer (eventually, once stable)

• Monitoring

• Command line tools and arguments

• Anything else that will likely break existing users in some way when they upgrade

Proposed Changes

Stray partitions could be left on the broker's disk in certain scenarios. Stray partitions are ones that are not known to the controller, are not present in the replica state in ZK and are not being actively used by any clients. Specifically, we could end up with stray partition(s) on a broker when when partition reassignment moves replicas off of an offline broker. If the broker is (or happens to be) offline when the reassignment completes, the controller would not get a chance to send the StopReplicaRequest. When the broker starts up, the partition will remain on-disk forever from this point on.

The broker has no mechanism to clean up such stray partitions. This becomes problematic because

1. The broker opens a Log instance for all partitions on its local disk, including stray partitions.
2. Retention would not delete any segments for stray partitions. Retention starts deleting segments only when the high watermark is higher than the segment's last offset. A stray partition is not a valid replica anymore, and thus has no defined high watermark. This means the disk space for stray partitions can never be reclaimed.
3. If a broker hosts a stray partition and the topic is recreated, there is no protection in place to be able to distinguish the current stray partition from the new partition. In the worst case, this means data for the previous generation of the partition will now reside in the current generation.

This KIP proposes a mechanism to clean up stray partitions, solving problems (1) and (2) listed above. (3) is mitigated to an extent but we would require the improvements that are part of KIP-516: Topic Identifiers.

Public Interfaces

We propose to change the LeaderAndIsrRequest to include an additional containsAllReplicas field, denoting whether the request contains the full replica list hosted by the target broker.

diff --git a/clients/src/main/resources/common/message/LeaderAndIsrRequest.json b/clients/src/main/resources/common/message/LeaderAndIsrRequest.json
index 852968801..7ddca80b9 100644
--- a/clients/src/main/resources/common/message/LeaderAndIsrRequest.json
+++ b/clients/src/main/resources/common/message/LeaderAndIsrRequest.json
@@ -22,7 +22,9 @@
// Version 2 adds broker epoch and reorganizes the partitions by topic.
//
// Version 3 adds AddingReplicas and RemovingReplicas
- "validVersions": "0-4",
+ // Version 4 adds flexible versions
+ // Version 5 adds ContainsAllReplicas
+ "validVersions": "0-5",
"flexibleVersions": "4+",
"fields": [
{ "name": "ControllerId", "type": "int32", "versions": "0+", "entityType": "brokerId",
@@ -51,7 +53,9 @@
"about": "The leader's hostname." },
{ "name": "Port", "type": "int32", "versions": "0+",
"about": "The leader's port." }
- ]}
+ ]},
+ { "name": "ContainsAllReplicas", "type": "bool", "versions": "5+",
+ "about": "Whether the request contains all replicas hosted by the target broker." }
],
"commonStructs": [
{ "name": "LeaderAndIsrPartitionState", "versions": "0+", "fields": [

Proposed Changes

Today, when a new broker starts up, the controller sends a full list of replicas the broker hosts in the LeaderAndIsrRequest. We will formalize this contract by adding the `containsAllReplicas` field to the request. On a new broker startup or on controller failover, the controller will send LeaderAndIsrRequest containing the full set of replicas and will also set `containsAllReplicas` to `true`. When a broker receives a LeaderAndIsrRequest with `containsAllReplicas` set to `true`, it can safely use the replica list in this request as the source-of-truth for the partitions it must host. Any partitions the broker hosts that are not present in the LeaderAndIsrRequest will then be scheduled for deletion, as those would constitute stray partitions.

Note that we have the ability to detect outdated requests with KIP-380, so that would still apply before stray partition detection could kick in, ensuring we don't make this decision based on an outdated request sent to an old generation of the broker. The broker also ensures that the LeaderAndIsrRequest is sent by the latest controller and fences any other, fencing off requests from a zombie controllerDescribe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.

Compatibility, Deprecation, and Migration Plan

• What impact (if any) will there be on existing users?
• If we are changing behavior how will we phase out the older behavior?
• If we need special migration tools, describe them here.
• When will we remove the existing behavior?

Rejected Alternatives

There is no impact on compatibility, deprecation or migration concern with this KIP.

Rejected Alternatives

NAIf there are alternative ways of accomplishing the same thing, what were they? The purpose of this section is to motivate why the design is the way it is and not some other way.