[HUDI-9381] Async instant time generation of Flink writers

[danny0405]

Change Logs

The new instant time generation utilizes RPC request to coordinate creation of new instants. Each write task will send a RPC request to the coordinator for the instant time, the coordinator uses a global lock to guard the access from multiple tasks.

Now one checkpoint id corresponds to one instant.

Basic work flow:

• write task send request: current ckp id
• write task expected response: the instant time
• coordinator mappings of checkpoint and instant: ckp-id → {instant → {write-task-id → write meta event}}

Note that the ckp id used in the request is the last known id instead of the current checkpoint, for task restored from a state, it is the restored checkpoint id, otherwise -1 for fresh new job.

Impact

none

Risk level (write none, low medium or high below)

low

Documentation Update

none

[cshuo]

🚀 I'll take a look.

[voonhous]

This PR is a little difficult to review without first having a Spec or high level overview of how states between coordinator and operator are handled.

Can we take this time to document the old spec + new spec so it's easier to maintain this moving forward?

[voonhous]

bootstrapEvents are used to signal coordinator that it can start a new instant.
Since we are removing this signalling mechanism, is this attribute still needed?

Or is this left behind for migration purposes?

[danny0405]

this is needed for ckp_Id -> instant time mapping.

[voonhous]

Will this incur large FS scans for every checkpoint? This might cause rate limit/high fs pressure for jobs with high parallelism.

is it possible for us to use a correspondent and delegate the fsView like operation to the coodinator?

[danny0405]

we can, just need to register the coordinator also for BootstrapOperator

[voonhous]

Just curious, if all sendBootstrapEvent calls are removed, no bootstrapEvents should be sent, in what scenarious will there be bootstrapEvents to clean?

[cshuo]

bootstrapEvent will also be sent during subtask restoring from state, see restoreWriteMetadata

[voonhous]

IIUC, there are 6 scenarios: prior to this PR's changes

1. Happy path 1: No failures
2. Happy path 2: Empty Checkpoint (No Data from Any Operator)
   • Flink triggers a checkpoint chkId, but no data has arrived at any operator since the last one. All operators send WriteMetadataEvent with empty WriteStatus lists. allowCommitOnEmptyBatch is false.
3. Edge case 1: Operator Restarts (Bootstrap Path) where:
   • A specific operator task fails and is restarted by Flink. The Coordinator and other operators remain running. The restarted operator needs to sync up.
4. Edge case 2: Checkpoint Fails Globally After Operator Sent Metadata where:
   • Operator snapshots successfully, sends WriteMetadataEvent for chkId and InstX. Flink begins committing the checkpoint chkId, but it fails globally (e.g., another operator fails, JM fails).
   • Flink notifies Coordinator of failure (implicitly via lack of notifyCheckpointComplete). Flink triggers a rollback/restart. Operator restarts, restores state (including the sent WriteMetadataEvent), checks timeline, and potentially re-sends the event if InstX is still pending.
5. Edge case 3: Scenario 3: Commit Fails in Coordinator where:
   • Coordinator receives all WriteMetadataEvents for chkId, Flink calls notifyCheckpointComplete(chkId). Coordinator attempts writeClient.commit(InstX) but it fails
   • Coordinator catches the exception, attempts rollback (if possible), throw error, fails the Flink job via context.failJob(). Operators remain in confirming=true? state until the job restarts.
6. Edge case 4: Commit Acknowledgment (ACK) Lost where:
   • Coordinator successfully commits InstX, sends CommitAckEvent to Operator N, but the network fails or the Operator processes it slowly and Flink triggers the next checkpoint (chkId+1) before the Operator unblocks. Operator proceeds, and does an empty commit iirc
   • Operator remains confirming=true. When the next checkpoint chkId+1 triggers snapshotState, the Operator calls instantToWrite(). This method checks lastPendingInstant() from CkpMetadata. If it sees a new instant (InstY) is now pending (meaning InstX was committed), it sets confirming=false even without the ACK and proceeds with InstY

Including this as a reference to ensure that this change will cover all of them. I may have missed out a few edge cases

[cshuo]

also remove instantStateForceRefreshRequestNumber?

[cshuo]

argument hasData is not needed anymore.

[danny0405]

yeah, but I want to keep it in case it may be used in the future.

[cshuo]

emptyBootstrap can be also removed in WriteMetadataEvent

[danny0405]

We need it to clean the legacy events.

[cshuo]

For partial failover, this condition will not be satisfied, will the event buffer be committed later? e.g., during next ckp complete

[danny0405]

yes, it will be recommitted later.

[zhangyue19921010]

Review up to BucketStreamWriteFunctionWrapper.java left some comments :)

[zhangyue19921010]

this.checkpointId -> checkpointId Unify coding style

[zhangyue19921010]

Synchronization on a non-final field 'this.eventBuffers' , if the reference of the variable has changed, causing synchronized to not take effect.

Although the eventBuffers reference will not change in the current implementation, it is still recommended to use a final variable to avoid the risk of missing this in subsequent feature iterations.

[danny0405]

I can not make it final because I don't want to serialize it in the job graph.

[zhangyue19921010]

do we need to lock eventBuffers here?

[danny0405]

no, the executor is a single thread execution mode.

[zhangyue19921010]

writeClient.getHeartbeatClient().start(instant); can not update heart beat directly. Because there is instantToHeartbeatMap cache in HoodieHeartBeatClient which may return directly instead of update heart beat time.

So that we need to

      if (writeClient.getConfig().getFailedWritesCleanPolicy().isLazy()) {
        if (writeClient.getHeartbeatClient().getHeartbeat(instant) != null) {
          LOG.info("Removing heartbeat for instant " + instant);
          writeClient.getHeartbeatClient().stop(instant);
          writeClient.getHeartbeatClient().reomveHeartbeat(instant);
        }
        writeClient.getHeartbeatClient().start(instant);
      }

[danny0405]

Because there is instantToHeartbeatMap cache in HoodieHeartBeatClient which may return directly instead of update heart beat time.

It's okay if the instant heartbeat timer is already there? BTW, this is legacy logic and I do not change it in this PR.

[zhangyue19921010]

event.getCheckpointId()) > 0 ? I understand that this is to clean up all the remaining buffers before the current event. Maybe we need to clean up smaller checkpointID ?

[danny0405]

smaller checkpointID should already be taken care be the coordinator, the following-up checkpoint ack events would take care it anyway if it is still there.

[zhangyue19921010]

It looks like a one-time commit of all instants before. Here need to ensure that all historical commits are complete and intact.

[danny0405]

See the cleaing of bootstrap event and the strategy for commiting empty instant.

[zhangyue19921010]

Upgrading existing Flink ingestion job with the current PR may cause compatibility issues, such as state restore failure

[danny0405]

yeah, it looks like there is no good way to make it compatible? If the recovered checkpoint id is -1, it still works for most of the cases.

[cshuo]

For WriteMetaDataEvent state, it uses PojoSerializer as state serializer which supports basic state schema evolution, including adding new fields, but the new added fields will
be default value when recovering from legacy state, i.e., always be -1 for checkpointId.

[danny0405]

We have an analysis again, if the job was recovered with some inflight instant events for the first time, these events would be recommitted into the table, the new job checkpoint id will start from -1.

[cshuo]

INSTANT_STATE_TIMELINE_SERVER_BASED can be removed. Maybe changes introduced in this PR #9651 can all be cleaned?

[danny0405]

+1

[cshuo]

should we use get(long timeout, TimeUnit unit) here? and throw exception for fast failing, just in case unexpected stuck.

[cshuo]

For WriteMetaDataEvent state, it uses PojoSerializer as state serializer which supports basic state schema evolution, including adding new fields, but the new added fields will
be default value when recovering from legacy state, i.e., always be -1 for checkpointId.

[cshuo]

Don't need to set the parallelism explicitly, the parallelism will be same as that of upstream write operator if not set, and will automatically chained together.

[cshuo]

Write event from writeMetadataState should also be sent to coordinator for cases attemptId > 0, i.e., task failover?

[cshuo]

Ignore this. It seems ok here as the write event for failover tasks should be kept on coordinator.

[voonhous]

Possible to fix the PR template? Thanks

[zhangyue19921010]

if user set tolerable checkpoint failure，

Step0: TaskA, TaskB and TaskC writing data using instant0

Step1: Checkpoint ID 1 trigger ==> taskA not finished(hang) , TaskB and TaskC finish snapthostState,and get next instant2 based on ckp id1.

Step2: checkpoint expiration due to a timeout.

Step3: Checkpoint ID 2 trigger ==> taskA still hang, TaskB and TaskC finish snapthostState, and get next instant3 based on ckp id2.

Step4: taskA finish snapshot and get next instant3 based on ckp id2.

So ckpid1 will never finish and instant2 will never commit which means related data are lost

[zhangyue19921010]

okay，I see related logic in

  private boolean commitInstants(long checkpointId) {
    // use < instead of <= because the write metadata event sends the last known checkpoint id which is smaller than the current one.
    List<Boolean> result = this.eventBuffers.getEventBufferStream().filter(entry -> entry.getKey() < checkpointId)
        .map(entry -> commitInstant(entry.getKey(), entry.getValue().getLeft(), entry.getValue().getRight())).collect(Collectors.toList());
    return result.stream().anyMatch(i -> i);
  }

which means coordinator will commit all the instant together before checkpointId.

Maybe the situation just mentioned doesn't exist, but please double check here.

[zhangyue19921010]

The cleanLegacyEvents operation may encounter performance issues in high-parallelism scenarios, such as with 6000 parallel tasks, due to repeated traversals of eventBuffers to identify the largest CheckpointID. To optimize this, could replacing the current data structure with an ordered one like TreeSet (which maintains sorted elements) be beneficial?

[zhangyue19921010]

like

public void cleanLegacyEvents(WriteMetadataEvent event) {
    // tailMap O(log n + k)
    eventBuffers.tailMap(event.getCheckpointId(), true) 
                .values()
                .stream()
                .map(Pair::getRight)
                .forEach(eventBuffer -> resetBufferAt(eventBuffer, event.getTaskID()));
}

[zhangyue19921010]

Looks like CommitAckEvent related design are all deprecated
It is better to remove CommitAckEvent and public abstract void handleOperatorEvent(OperatorEvent event); related code.

[danny0405]

I want to keep it now in case it can be used in the future.

[cshuo]

Generally LGTM, left some minor comments.

[cshuo]

Align indentation of Line-33

[cshuo]

conf is unnecessary

[cshuo]

conf is unnecessary

[cshuo]

conf is unnecessary

[zhangyue19921010]

LGTM. A great improvement that effectively addresses potential stream interruptions during checkpoint periods in traditional Flink write jobs.

[hudi-bot]

CI report:

• 1562d54 UNKNOWN
• fbe1789 UNKNOWN
• 850fe64 Azure: CANCELED
• 8b96b36 Azure: PENDING

Bot commands

@hudi-bot supports the following commands:

• @hudi-bot run azure re-run the last Azure build

[danny0405]

Azure CI passed: https://dev.azure.com/apachehudi/hudi-oss-ci/_build/results?buildId=5505&view=results