[FLINK-6988] flink-connector-kafka-0.11 with exactly-once semantic

[pnowojski]

First four commits are from #4557 and #4561.

[tzulitai]

This NOTE is no longer valid and can be removed.

[pnowojski]

Is it also true for 0.10?

[tzulitai]

Yes. I have a separate PR which cleans that up for all Kafka versions.

[tzulitai]

"Pre Kafka 0.11 producers only follow approach (a)" is incorrect.
Kafka 0.10 also supports hybrid.

[tzulitai]

nit: also include Javadoc for consistency.

[tzulitai]

nit: also include Javadoc for consistency.

[tzulitai]

I really like the idea of introducing this abstraction :)

[tzulitai]

Overall, though, I would like to see unit tests specifically for this TwoPhaseCommitSinkFunction class.

[tzulitai]

Lets move this comment block as a Javadoc on the method.

[pnowojski]

Hmm, why do you think so? This is a purely implementation detail, nothing that should bother the user of this class.

[tzulitai]

Ok, makes sense. No strong objection here, can keep as is.

[tzulitai]

Is it required to mention Pravega here?

[tzulitai]

Does this implementation really support the hybrid modes?
As far as I can understand it, FlinkKafkaProducer011 only extends TwoPhaseCommitSinkFunction, which doesn't support the hybrid modes.

[pnowojski]

Yes, according to all of the tests it passes.

(b) version works by passing instance of FlinkKafkaProducer011 as aSinkFunction in the KafkaStreamSink<IN> extends StreamSink<IN> class. Under the hood this StreamSink makes some checking if SinkFunction actually implements various versions of checkpointing interfaces and in that way it calls the appropriate methods on FlinkKafkaProducer011.

[tzulitai]

getSerializableListState is deprecated and discouraged usage.
I would recommend that implementations may also pass in either the TypeInformation or their own TypeSerializer for the transaction state holder.

[tzulitai]

Thanks a lot for opening a pull request for this very important feature @pnowojski.
I did a rough first pass and had some comments I would like to clear out first (this is a big chunk of code, we would probably need to go through this quite a few times before it can be mergeable.)

Most notably, some comments so far:

1. I think we need UTs for the TwoPhaseCommitSinkFunction. It alone is a very important addition (I would even prefer a separate PR for it and try to merge that first.)
2. Serialization of the transaction state in TwoPhaseCommitSinkFunction needs to be changed
3. Is the FlinkKafkaProducer011 actually supporting hybrid (normal sink function and writeToKafkaWithTimestamps as a custom sink operator)? From the looks of it, it doesn't seem like it.

[tzulitai]

Regarding how I would proceed with this big contribution:
Lets first try to clean up the commits that are bundled all together here.

1. I would first try to merge [FLINK-7174] Bump Kafka 0.10 dependency to 0.10.2.1 #4321 (the first 4 commits) and [misc] Commit read offsets in Kafka integration tests #4310 (af7ed19) and get those out of the way. Could you also prioritize in commenting on those first (I've left new comments there)?
2. For a06cb94 (TwoPhaseCommitSinkFunction), could you open a separate PR with unit tests covered?
3. After the above is all sorted out, we rebase this again.

[tzulitai]

One other comment regarding the commits:
I would argue that df6d5e0 to 5ff8106 should not appear in the commit log history, since in the end we actually have a completely new producer for 011 anyways.
Also, 321a142 to 2cf5f3b should be squashed to a single commit for the addition of an "exactly-once producer for 011" (the new FlinkKafkaProducer implementation and exactly-once tests shouldn't stand alone as independent commits, IMO. FlinkKafkaProducer isn't used by other producer version, and the exactly-once producer addition wouldn't be valid without the tests).

What do you think?

[pnowojski]

df6d5e0 to 5ff8106 should definitely be squashed, I left them only to make it easier for reviewers to follow the changes made in 0.11 vs 0.10 connectors (those changes would be invisible in one blob commit).

For 321a142 to 2cf5f3b I'm not sure about the first one, FlinkKafkaProducer is that hacky that it could deserve separate commit. It would make it stand out more if anyone in the future would look at the commit history/changes (it could hide in larger change).

[tzulitai]

Ok :) I can agree that we keep 321a142 a separate commit.
For df6d5e0 to 5ff8106, I actually found it easier to ignore all that (because a lot of it is irrelevant in the end) and went straight to 41ad973.

[pnowojski]

I have added tests for TwoPhaseCommitFunction and opened new PR #4368 for that - however please check responses to your comments here before moving to that new PR.

[pnowojski]

Is it also true for 0.10?

[pnowojski]

Hmm, why do you think so? This is a purely implementation detail, nothing that should bother the user of this class.

[zentol]

please add an entry to the MODULES_CONNECTORS variable in the tools/travis_mvn_watchdog sh script.

[tzulitai]

Now that the prerequisite PRs are merged, we can rebase this now :)

[rangadi]

How does exactly-once sink handle large gap between preCommit() and recoverAndCommit() in case of a recovery? The server seems to abort a transaction after a timeout max.transaction.timeout.ms.

[pnowojski]

I think there is no way we can to handle it in any different way then to increase the timeout to some very large value. Or is it?

[rangadi]

Probably better to reuse stored ids rather than creating new ones each time. I am thinking of a case where a task goes into crash loop dying even before first commit.

[tzulitai]

I think that makes sense, but I guess its mostly due to that the current code isn't differentiating between used and unused transaction ids in the state. If we differentiate that, it would be possible to reuse stored ids.

Piotr, what do you think?

[pnowojski]

That's a valid issue, however on it's one this solution would not be enough. It would not work for a case when we first (1) scale down, then we (2) scale up. On event (2), we would need to create new transactional ids, but we wouldn't know from which id we can start.

However I think we can deduce the starting point for new IDs using getUnionListState to track down globally what is the next available transactional id.

[rangadi]

we wouldn't know from which id we can start.

Not sure if you need 'start id'. You can just abort all of them whether they are any open transactions or not (in fact if you open a new producer with the id, Kafka aborts any that are open). This is mainly a for clarification, will leave it to you guys to decide on specifics.

[tzulitai]

Thanks for the follow-up revision @pnowojski.
I think the latest approach we're going for seems sane.

I've only checked the code on the producer side. I'm assuming that other codes (consumer, table sink / sources) are mostly identical to the other versions. From what I see, I think this is almost mergeable, minus some comments I had left inline.

[tzulitai]

nit: empty line before comment block.

[tzulitai]

nit: empty line before comment block.

[tzulitai]

nit: empty line before comment block.

[tzulitai]

Could you briefly describe the reason of the number 5?
Why not use numConcurrentCheckpoints + 1 (as we discussed offline)?

[pnowojski]

As I remember the reason was that it is not easy/not possible at the moment to get this information in the operator. It should be a follow up work. Regardless of this, code of this operator would look the same (because we don't have guarantees for the notifyCheckpointComplete to always reach us on time).

[tzulitai]

We can probably make this transient also for documentation purposes.

[tzulitai]

Could we initialize the base TwoPhaseCommitSink first?

[pnowojski]

nope :(

[tzulitai]

I think this variant is used when using writeToKafkaWithTimestamps

[tzulitai]

nit: empty line before this field annotation.

[tzulitai]

{} instead of [%s]s

[tzulitai]

Can use Preconditions.checkState(...) here.

[aljoscha]

I did a first high-level review of the code. I think it's good so far!

Before we can merge this, however, we need a few more things around it:

• A section in the Kafka doc about the new exactly-once mode, how it can be configured etc.
• A big disclaimer (possibly in an "alert" box) about the interplay with the transaction timeout and what the caveats there are
• A section in the Javadocs about the aforementioned caveats
• A check that ensures that the transaction timeout is set to a reasonably high setting (say 1 hour) when exactly-once semantics are enabled. (With an override setting that allows the user to set a lower transaction time out if they want to.)

Also, this has interplay with #4616 but we can resolve that by merging them in any order and fixing up the later changes when merging.

[pnowojski]

@aljoscha I have addressed you high level comments and fixed some bugs. Please check 5 latest commits (one of them is a new dependency on another PR: #4631 )

[aljoscha]

What were the bugs that you fixed?

[pnowojski]

Bugs in tests (those that you can see in fixup commits)

[ariskk]

We are really looking forward to this 👍

[pnowojski]

@aljoscha rebased on latest master and integrated your changes

[aljoscha]

Merged! 😃

Could you please close this PR?

[pnowojski]

Thanks :)