Pauseless ingestion without failure scenarios

[9aman]

Pauseless Consumption

In the current Apache Pinot architecture, real-time consumption pauses data ingestion until the previous segment's build and upload phases are completed. This process can introduce significant delays, with the build and upload phase potentially taking up to 10 minutes to finish. Consequently, users are unable to query the most recent data, creating a gap in real-time analytics capabilities.

To address this limitation, a new feature is being proposed in this design document. The proposed enhancement would allow Pinot to continue ingesting data during the build and upload phase of the previous segment. Under this design, the system would process new incoming data in a fresh segment while simultaneously completing the build and upload of the older segment. If implemented, this parallel processing approach could provide users with access to more up-to-date information, significantly reducing the lag between data ingestion and query availability.

GH Issue: Link

Scope of the PR

The PR focuses on the happy path of the realtime ingestion i.e. it doesn't cover any failure scenarios. PR (link) tackles the failure scenarios in detail.

Summary

Pauseless ingestion required changing the current segment commit protocol to allow the server to continue ingesting new segment while the existing one is being build and uploaded. Following sequence diagrams capture the current and new segment commit protocol. The details of the changes will be covered in the following sections.

Old segment commit protocol

New segment commit protocol

Changes Introduced in This PR

Controller Side Changes

New ZK State

In the new commit protocol the segment is marked COMMITTING at the COMMIT_START call (see sequence diagram above)
This is an intermediate state after the segment has been consumed/ ingested but before it is built and uploaded.

PauselessSegmentCompletionFSM

In PauselessSegmentCompletionFSM at the COMMIT_START call, the controller creates ZK metadata for the new consuming segment along with updating the ideal state for the committing (ONLINE) and the new consuming segment (CONSUMING).

For non-committing servers, the controller will respond the server to continue building the segment (KEEP) instead of HOLD after the COMMIT_START is successful. This allows the non-committing servers to continue with the ingestion while the committing segment is being built and uploaded.

Server Side Changes

Changes in the commit protocol

The sequence of events during the segment commit protocol change on the server side.

Old: Build Segment -> COMMIT_START -> Upload segment -> COMMIT_END_METADATA
New: COMMIT_START -> Build Segment -> Upload segment -> COMMIT_END_METADATA

This ensures that a new consuming segment is created by the controller even before the committing segment is built.

Segment Download

In normal ingestion the segment is marked ONLINE, in the ideal state, only after it's been uploaded. This is not the case in the above commit protocol. Thus, a waited download has been added that repeatedly does the following for a set duration:

1. Checks for presence of download url in the segment ZK metadata. If present, it downloads the segment.
2. Try peer download if enabled.

This becomes crucial for slow replicas as they rely on the download url/ peer download.

Broker side changes

No changes are needed for query.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 29.81651% with 153 lines in your changes missing coverage. Please review.

Project coverage is 63.80%. Comparing base (59551e4) to head (81ea9ee).
Report is 1557 commits behind head on master.

Files with missing lines	Patch %	Lines
...x/core/realtime/PauselessSegmentCompletionFSM.java	0.00%	42 Missing ⚠️
...ata/manager/realtime/RealtimeTableDataManager.java	2.32%	42 Missing ⚠️
.../core/realtime/PinotLLCRealtimeSegmentManager.java	59.45%	28 Missing and 2 partials ⚠️
...a/manager/realtime/RealtimeSegmentDataManager.java	0.00%	15 Missing and 1 partial ⚠️
...ta/manager/realtime/PauselessSegmentCommitter.java	0.00%	13 Missing ⚠️
...ix/core/realtime/BlockingSegmentCompletionFSM.java	62.50%	6 Missing ⚠️
.../pinot/core/data/manager/BaseTableDataManager.java	60.00%	0 Missing and 2 partials ⚠️
...data/manager/realtime/SegmentCommitterFactory.java	0.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #14741      +/-   ##
============================================
+ Coverage     61.75%   63.80%   +2.05%     
- Complexity      207     1611    +1404     
============================================
  Files          2436     2707     +271     
  Lines        133233   151153   +17920     
  Branches      20636    23345    +2709     
============================================
+ Hits          82274    96441   +14167     
- Misses        44911    47491    +2580     
- Partials       6048     7221    +1173     

Flag	Coverage Δ
custom-integration1	100.00% <ø> (+99.99%)	⬆️
integration	100.00% <ø> (+99.99%)	⬆️
integration1	100.00% <ø> (+99.99%)	⬆️
integration2	0.00% <ø> (ø)
java-11	63.78% <29.81%> (+2.07%)	⬆️
java-21	63.68% <29.81%> (+2.05%)	⬆️
skip-bytebuffers-false	63.80% <29.81%> (+2.05%)	⬆️
skip-bytebuffers-true	63.66% <29.81%> (+35.93%)	⬆️
temurin	63.80% <29.81%> (+2.05%)	⬆️
unittests	63.79% <29.81%> (+2.05%)	⬆️
unittests1	56.27% <11.76%> (+9.38%)	⬆️
unittests2	34.10% <25.68%> (+6.36%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[KKcorps]

Let's make whatever of these possible as configurable.

[Jackie-Jiang]

+1

[9aman]

Have made it configurable via table config. The tableConfig will be fetched at every download call of a segment only for pauseless tables to ensure that this can be changed without requiring server restarts.

[KKcorps]

I think we can remove this. It is fine to just keep in StreamIngestionConfig and don't support IndexingConfig for backward compatibility.

[Jackie-Jiang]

+1

[9aman]

Done.

[KKcorps]

We need to add another test as well that verifies nothing goes wrong when a live table that's consuming data is switching from blocking to pauseless and vice-versa

[Jackie-Jiang]

Good job!

Currently pauseless is determined by table config on both controller and server. Will it have problem if user changes table config from blocking to pauseless in the middle of the consumption? Or user needs to first pause consumption, then make the switch?

[Jackie-Jiang]

Seems this is introduced to identify the committing segment. Suggest checking the status() instead

[9aman]

Thanks for pointing out. Yes we should be relying on status

[9aman]

Have replaced all the checks with status checks.

[Jackie-Jiang]

Seems unused

[9aman]

Removed.

[Jackie-Jiang]

Since this config is newly added, we don't need to add it in 2 places. Let's just keep it within the StreamIngestionConfig

[9aman]

Have removed it from IndexingConfig and retained it only in StreamIngestionConfig

[Jackie-Jiang]

The overridden methods in this class are almost identical to the original ones. Suggest isolating the modified part as a separate method to improve the readability.
For this method, can we override committerNotifiedCommit()?

[9aman]

I have refactored the code to reduce repetition.

[Jackie-Jiang]

Do we need to explicitly catch and handle exception here? Seems we are not catching exception in other places

[9aman]

The commitStart call of PauselessFSM is similar to commitEnd call of BlockingFSM. In the commitEnd of BlockingFSM we do catch the exception and abort the FSM along with returning a failure.

Aborting FSM helps other replicas to start the commit. I have kept the behavior same as before.

[Jackie-Jiang]

We should check external view to find the ONLINE replica (i.e. call PeerServerSegmentFinder.getOnlineServersFromExternalView()), then start downloading only if we can find one server online. This way we can prevent the exponential backoff within the method

[9aman]

Have added the check where presence of Online server is a pre-requisite for us to attempt peer download.
I didn't realize that directly going for peer-download would introduce yet another retry mechanism. We already are retrying.

Thanks for pointing it out.

[Jackie-Jiang]

+1

[Jackie-Jiang]

(nit) format

[9aman]

Done

[Jackie-Jiang]

Suggested change

	boolean startSegmentCommit() {
	private boolean startSegmentCommit() {

[9aman]

Done

[Jackie-Jiang]

Let's link the PR instead of the design doc

[9aman]

Have linked the PR and updated the comment.

[9aman]

Good job!

Currently pauseless is determined by table config on both controller and server. Will it have problem if user changes table config from blocking to pauseless in the middle of the consumption? Or user needs to first pause consumption, then make the switch?

The user needs to pause the ingestion to enable and disable pauseless.

[KKcorps]

LGTM!
minor: We should address having some of the configs from root streamConfig instead from first streamConfigMap