KAFKA-12553: Refactor recovery logic to introduce LogLoader

[kowshik]

In this PR, I have refactored the recovery logic code introducing a new class kafka.log.LogLoader responsible for all activities related with recovery of log segments from disk. With this change, the recovery logic has been moved out of the Log class and into the new LogLoader class.

Advantages:
This refactor has the following advantages over the existing code:

• As such, the recovery logic is invoked once only during Log instantiation. Some parts of the recovery logic are fairly independent from the rest of the Log class. By moving the independent private logic to a separate LogLoader class, the existing Log class has become more modular, and the constructor behavior is a lot simpler now. Therefore, this makes the code more maintainable.
• This PR takes us a step closer towards the Log layer reactor work (KAFKA-12554). The Log recovery logic reads and writes to LeaderEpochFileCache and ProducerStateManager instances, so as such the logic does not fit very well into the definition of a "local log". By extracting it out of the Log class, in the future this will make it much easier to clearly define the separation of concerns between LocalLog and UnifiedLog.

Note to reviewers:
Most of this PR is about moving code around (including tests) and sharing static functions wherever possible. In order to start reviewing this PR, it is best to start looking at the sequence of operations when a Log instance is created (see Log.apply()):

1. First LogLoader loads/recovers the segments from disk and using the metadata it also suitably sets up the related components viz. log start offset, recovery point, next offset, leader epoch cache and producer state manager. The entry point for the LogLoader is the LogLoader.load() API. The implementation is pretty much identical to the previously existing Log recovery logic.
2. Next, the log components setup by the LogLoader are passed to the Log instance during construction. Some of these components are further mutable by the Log instance during its lifecycle. The rest of the Log class pretty much remains intact, except that some private methods have been converted to static functions to be shared with the recovery logic.

Tests:
I'm relying on the newly added LogLoaderTest.scala for testing. I have moved 35 recovery related tests out of LogTest.scala and into the new LogLoaderTest.scala test suite.

[kowshik]

First pass

[kowshik]

cc @dhruvilshah3 @junrao @satishd -- this PR is ready for a review.

[junrao]

@kowshik : Thanks for the PR. A few comments below.

[junrao]

Is the default value needed? If so, it seems many tests are not taking advantage of this.

[kowshik]

Done. I've removed it. It's not needed, I believe it showed up accidentally. My bad.

[junrao]

Do we need LogLoader to be a class? Another option is to have LogLoader as an Object with a single public method load().

[kowshik]

Great point. I tried this, but few problems I ran into were:

1. A test tries to intercept the recovery logic by overriding def recoverLog in LogLoader. Ex: LogLoaderTest.testLogRecoveryIsCalledUponBrokerCrash.
2. Some tests like to inject a custom ProducerStateManager, ex: LogLoaderTest.testSkipTruncateAndReloadIfNewMessageFormatAndCleanShutdown.
3. Some tests like to inject a custom LogSegments, ex: LogLoaderTest. testProducerSnapshotsRecoveryAfterUncleanShutdownCurrentMessageFormat.

I'm working on solving these issues, and will post a PR update soon.

[kowshik]

Done. I've updated the PR converting LogLoader into an object.

[junrao]

Is the default value needed?

[kowshik]

Done. I've removed it. It's not needed, I believe it showed up accidentally. My bad.

[junrao]

Hmm, this method is being used, but no subclass implements it. Are we losing logging because of this?

[kowshik]

Great catch. After an investigation, I realized this change is no longer required and I've reverted it now.

[junrao]

Could this be private?

[kowshik]

Done. With def verifyRecordsInLog eliminated, I was able to eliminate this one too. Related comment: #10478 (comment).

[junrao]

Is this method used?

[kowshik]

Good catch. It was unused and I've eliminated it.

[satishd]

Thanks @kowshik for the PR, overall LGTM. Left a minor comment.

[kowshik]

@junrao @satishd: Thanks for the review! I've responded to your comments and addressed them in 8f068caa78a9998c14a18f4583eaaa8a90cba71c, except for this comment - I'm still working on this and will update the PR soon.

[junrao]

@kowshik : Thanks for the updated PR. A few more comments.

[junrao]

It seems that this comment is no longer accurate. The only place that can throw LogSegmentOffsetOverflowException is from completeSwapOperations(). The rest of the places are all wrapped with retryOnOffsetOverflow().

[kowshik]

Done. I've fixed it.

[junrao]

Since the nextOffset is 0, recoveryPoint needs to be 0 too.

[kowshik]

Great catch. I've fixed it now.

[junrao]

Currently, if we hit any IOException during loading, we just kill the broker. So, it seems that there is no need to pass in logDirFailureChannel during log loading.

[kowshik]

In the recovery path, the logDirFailureChannel is used to asynchronously handle IOException within the Log.deleteSegmentFiles() calls. This was the existing behavior prior to this refactor as well. Should we change the existing behavior?https://github.com/apache/kafka/blob/193a9dfc44fa2c0df163a8518a804c4579d37e36/core/src/main/scala/kafka/log/Log.scala#L2377

[junrao]

The loading code still converts IOException to KafkaStorageException through Log.deleteSegmentFiles().

[kowshik]

Agree this comment was a bit misleading. I've improved it now to say the following, do you feel its better?

In the context of the calling thread, this function does not need to convert
IOException to KafkaStorageException because it is only called before all logs are loaded.

In the recovery path, we always asynchronously delete segments. The IOException conversion happens only within the background work that's scheduled for segment deletions. https://github.com/apache/kafka/blob/193a9dfc44fa2c0df163a8518a804c4579d37e36/core/src/main/scala/kafka/log/Log.scala#L2377

[junrao]

The segments is always non-empty since we initialize it with an empty segment if no segments are present.

[kowshik]

Done. Fixed it.

[kowshik]

@junrao: Thanks for the review! I have addressed the latest comments and also fixed the broken unit test in PartitionLockTest suite. This PR is ready for review.

[junrao]

@kowshik : Thanks for the updated PR. LGTM. Could you rebase?

[kowshik]

Thanks for the review @junrao and @satishd! I've updated this PR after rebasing onto latest commit in trunk.

[kowshik]

I checked the failed tests in CI this morning and none of them are related with this PR:

org.apache.kafka.connect.*
kafka.admin.ResetConsumerGroupOffsetTest.testResetOffsetsToZonedDateTime()
kafka.server.RaftClusterTest.testCreateClusterAndCreateListDeleteTopic()
kafka.integration.MetricsDuringTopicCreationDeletionTest.testMetricsDuringTopicCreateDelete()