Current state: Under Discussion
Discussion thread: here
Planned Release: 2.4
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
If partition reassignment involves a lot of replicas, then it could put too much overhead on the brokers.
Say you have a replication factor of 4 and you trigger a reassignment which moves all replicas to new brokers. Now 8 replicas are fetching at the same time which means you need to account for 8 times the current producer load plus the catch-up replication. To make matters worse, the replicas won't all become in-sync at the same time; in the worst case, you could have 7 replicas in-sync while one is still catching up. Currently, the old replicas won't be disabled until all new replicas are in-sync. This makes configuring the throttle tricky since ISR traffic is not subject to it.
Rather than trying to bring all 4 new replicas online at the same time, a friendlier approach would be to do it incrementally: bring one replica online, bring it in-sync, then remove one of the old replicas. Repeat until all replicas have been changed. This would reduce the impact of a reassignment and make configuring the throttle easier at the cost of a slower overall reassignment.
Furthermore since the controller has a good knowledge about the cluster it makes sense to improve its reassignment feature to allow to internally batch the given reassignment. Therefore this KIP aims to change the controller to accommodate the internal batching rather than adding a new tool.
Three new configs will be added. All of these configs are cluster-wide which means they are global configs affecting the entire cluster.
|Config name||Type||Default||Valid values||Importance||Dynamic update mode||Description|
This new configuration would tell how many replicas of a single partition can be moved at once.
This configuration puts an upper limit on how many partition reassignments can be run concurrently. To calculate the sum of concurrent movements one can multiply this config by
|reassignment.max.concurrent.replica.count||int||Int.MAX||[1,...]||medium||cluster-wide||This one puts an upper limit on concurrent leader movements. It is useful to reduce the controller burden on big reassignments.|
We will add a field to the `ListPartitionReassignmentsResponse` protocol (added by KIP-455) that will extend the response with the current reassignment batch. We don't need to change the protocol version as long as the two KIPs are released together in the same version.
As explained above, the goal would be to incrementally add new partitions, a batch at a time to avoid putting much pressure on the brokers. The only exception is the first step where (if needed) we add that many replicas that is enough to fulfil the min.insync.replicas requirement set on the broker, even if it exceeds the limit on parallel replica reassignments. For instance if there are 4 brokers, min.insync.replicas set to 3 but there are only 1 in-sync replica, then we immediately add 2 other in one step, so the producers are able to continue.
Furthermore in the first step we'll elect the new preferred leader (if the reassignment requires it) to unload pressure from the current leader.
The configs are aiming to control batching on partition and topic levels. We practically default to the current behaviour to remain backward compatible, although as a future work it might make sense to lower the defaults based on feedback.
For instance in case of a reassignment for a single partition from (0, 1, 2, 3, 4) to (5, 6, 7, 8, 9) we would form the batches (0, 1) → (5, 6); (2, 3) → (7, 8) and 4 → 9 and would execute the reassignment in these increments, depending on how many parallel replica reassignments do we allow. For multiple partitions it would work in a similar fashion but the reassignment.parallel.replica.count would control how many replicas of that partition can be reassigned concurrently. On top of these we would control how many leaders could be reassigned in parallel. That means that after we calculated the possible reassignment steps we disallow those which would involve leader movement over the limit and instead if possible add reassignments that involve no leader movement. It might be possible that we can't fill their place and we won't fill reassignment.parallel.partition.count. In this case we fill up the batch limit with reassignments on partitions that don't require leader movement.
As an addition these values could be changed dynamically to somewhat "throttle" the reassignment. This kind of throttling would only affect the next reassignment step calculation and would leave the currently running one as it is. It might be better to throttle certain reassignment on a much more advanced way but it could also exceed the scope of this KIP.
Calculating a Reassignment Step (partition level)
- For calculating a reassignment step, always the final target replica (FTR) set and the current replica (CR) set is used.
- Calculate the replicas to be dropped (DR):
n = max(reassignment.parallel.replica.count, size(FTR) - size(CR))
- Filter those replicas from CR which are not in FTR, this is the excess replica (ER) set
- Take the first reassignment.parallel.replica.count replicas of ER, that will be the set of dropped replicas
- Calculate the new replicas (NR) to be added
- Calculate that if the partition has enough online replicas to fulfil the min.insync.replicas config so the producers are able to continue.
- If the preferred leader is different in FTR and it is not yet reassigned, then add it to the NR
size(NR) < min.insync.replicasthen take
min(min.insync.replicas, reassignment.parallel.replica.count) - size(NR)replicas from FTR
- Otherwise take as many replica as reassignment.parallel.replica.count allows
- Create the target replica (TR) set: CR + NR - DR
- If this is the last step, then order the replicas as specified by FTR. This means that the last step is always equals to FTR
Collecting a reassignment batch
The algorithm basically calculates the next step for all the partitions to be reassigned (note that it isn't compute heavy operation) and then separates the leader movements from the rest. It will then tries to fill the batch with reassignments involving leader movement and the rest with other reassignments.
Performing reassignment for a single partition
Performing a reassignment step is somewhat similar in big picture to the currently existing algorithm. There will be
reassignment.parallel.partition.count such algorithm running in parallel.
- Calculate the next reassignment batch.
- Wait until this step is not identical to the current assignment and there is at least one replica ISR.
- The calculation would result in identical steps if it's not able to add new replicas to the TR set. This could be because target brokers might be offline.
- We are not able to reassign partitions if the partition is offline
- Update CR in Zookeeper (/brokers/topics/[topic]/partitions/[partitionId]/state) with TR for the given partitions.
- Send LeaderAndIsr requests to all replicas in CR+NR.
- Start new replicas in NR by moving them into the NewReplica state.
- Set CR to TR in memory.
Send LeaderAndIsr request with a potential new leader (if current leader not in TR) and a new CR (using TR) and same isr to every broker in TR
Replicas in DR -> Offline (force those replicas out of isr)
Replicas in DR -> NonExistentReplica (force those replicas to be deleted)
Update the /admin/reassign_partitions path in ZK to remove this partition if the reassignment is completed.
RAR = Reassigned replicas
OAR = Original list of replicas for partition
AR = current assigned replicas
- Update AR in ZK with OAR + RAR.
- Send LeaderAndIsr request to every replica in OAR + RAR (with AR as OAR + RAR). We do this by forcing an update of the leader epoch in zookeeper.
- Start new replicas RAR - OAR by moving replicas in RAR - OAR to NewReplica state.
- Wait until all replicas in RAR are in sync with the leader.
- Move all replicas in RAR to OnlineReplica state.
- Set AR to RAR in memory.
- If the leader is not in RAR, elect a new leader from RAR. If new leader needs to be elected from RAR, a LeaderAndIsr will be sent. If not, then leader epoch will be incremented in zookeeper and a LeaderAndIsr request will be sent. In any case, the LeaderAndIsr request will have AR = RAR. This will prevent the leader from adding any replica in RAR - OAR back in the isr.
- Move all replicas in OAR - RAR to OfflineReplica state. As part of OfflineReplica state change, we shrink the isr to remove OAR - RAR in zookeeper and send a LeaderAndIsr ONLY to the Leader to notify it of the shrunk isr. After that, we send a StopReplica (delete = false) to the replicas in OAR - RAR.
- Move all replicas in OAR - RAR to NonExistentReplica state. This will send a StopReplica (delete = true) to the replicas in OAR - RAR to physically delete the replicas on disk.
- Update AR in ZK with RAR.
- Update the /admin/reassign_partitions path in ZK to remove this partition.
- After electing leader, the replicas and isr information changes. So resend the update metadata request to every broker.
The following code block shows how a transition happens from
(0, 1, 2, 3, 4) into
(5, 6, 7, 8, 9) where the initial leader is 0.
Compatibility, Deprecation, and Migration Plan
Since these changes won't affect any public interfaces, neither Zookeeper, there will be no compatibility issues.
- The existing unit tests will be parameterized so they would run with both modes
- Extra unit tests will be added to cover those cases that are not covered with the existing tests
- Ducktape tests would be parameterized to run with both modes
- If needed, extra ducktapes could be added to cover cases that are needed
It would be useful to give an upper cap on the bandwidth of the replication so users won't overwhelm their cluster. This throttle could be controlled overall for all partition and perhaps it would make sense to do it on a per partition basis and only specify a max capacity at the overall level. KIP-73 covers some related tasks but that isn't specifically tailored strictly to reassignment but a bit more general.
If there are alternative ways of accomplishing the same thing, what were they? The purpose of this section is to motivate why the design is the way it is and not some other way.