SearchableSnapshotDirectory should not evict cache files when closed #66173
Conversation
tlrx
added
:Distributed/Snapshot/Restore
|
Pinging @elastic/es-distributed (Team:Distributed) |
tlrx
requested review from
DaveCTurner,
original-brownbear and
henningandersen
| */ | ||
| public void forEach(BiConsumer<K, V> consumer) { | ||
| for (CacheSegment<K, V> segment : segments) { | ||
| try (ReleasableLock ignored = segment.writeLock.acquire()) { |
There was a problem hiding this comment.
Would holding the readLock not be enough?
There was a problem hiding this comment.
It is enough, I'm not sure why I used and documented the usage of the write lock here. I pushed 082e0c8 to use the read lock instead (as it should prevent any mutation anyway)
| success = true; | ||
| } finally { | ||
| if (success == false) { | ||
| final boolean added = evictedShards.add(shardEviction); |
There was a problem hiding this comment.
I am not sure this is necessary. When cache.invalidate fails, it already removed the object from the map, so if we retry an eviction, it will not hit the shard anyway.
So if we can remove this, I think we can also drop the shardsEvictionLock, which makes markShardAsEvictedInCache safer wrt. being called from the cluster applier thread.
There was a problem hiding this comment.
I think you are right, I pushed 393deaf to remove the usage of the lock here (but such locks are still necessary to avoid cache files eviction while starting the directory). Let me know what you think.
There was a problem hiding this comment.
I think the locks could be removed with some restructure, but we can tackle that in a follow-up, it is not really important.
However, if we add to evictedShards here while running the job on the thread, I think we risk it leaking since nothing will remove it later? I think we should assert success here. AFAICS, there is no way this should fail unless there is a bug somewhere.
There was a problem hiding this comment.
I will be happy to know more about how you think it could be restructured. For now I'm taking this point and will come back to you in a short future for tackling this.
I agree there's a risk of leaking a ShardEviction around but I think it is very unlikely to happen. One idea would be to hook into the cache sync task to clean up any left overs ShardEviction there. If that's OK we can address this too as a follow up with the previous point. For now I added the success assertion.
There was a problem hiding this comment.
I've opened #67160 which should improve the situation.
| } | ||
| }); | ||
| if (cacheFilesToEvict.isEmpty() == false) { | ||
| cacheFilesToEvict.forEach(cache::invalidate); |
There was a problem hiding this comment.
Perhaps we need to catch exception here and assert that they are io-related, write a warning and then continue with the next file? That ensures we remove all cache files from the cache in one go, but may linger some files if there are io-issues.
There was a problem hiding this comment.
Yes, your suggestion makes eviction safer - just in case. I pushed 58b7bd9
|
Thanks a lot @henningandersen. I've updated the PR according to your feedback. This is ready for another review. |
| cacheFilesToEvict.put(cacheKey, cacheFile); | ||
| } | ||
| }); | ||
| if (cacheFilesToEvict.isEmpty() == false) { |
There was a problem hiding this comment.
nit: this check seems superfluous?
| for (Map.Entry<CacheKey, CacheFile> cacheFile : cacheFilesToEvict.entrySet()) { | ||
| try { | ||
| cache.invalidate(cacheFile.getKey(), cacheFile.getValue()); | ||
| } catch (Exception e) { |
There was a problem hiding this comment.
Can we just catch RuntimeException instead, since invalidate declares to not throw checked?
| try { | ||
| cache.invalidate(cacheFile.getKey(), cacheFile.getValue()); | ||
| } catch (Exception e) { | ||
| assert e instanceof IOException : e; |
There was a problem hiding this comment.
Looking closer at this, I suppose this should never happen since we catch IO exceptions in onCacheFileRemoval, so we could just assert false : e here instead?
|
|
||
| @Override | ||
| public void onFailure(Exception e) { | ||
| logger.warn( |
There was a problem hiding this comment.
I think we could also assert false : e here?
| success = true; | ||
| } finally { | ||
| if (success == false) { | ||
| final boolean added = evictedShards.add(shardEviction); |
There was a problem hiding this comment.
I think the locks could be removed with some restructure, but we can tackle that in a follow-up, it is not really important.
However, if we add to evictedShards here while running the job on the thread, I think we risk it leaking since nothing will remove it later? I think we should assert success here. AFAICS, there is no way this should fail unless there is a bug somewhere.
|
Thanks a lot Henning! I merged this with an additional test which isn't great but can be improved in a follow up along with your suggestion about improving locking. |
…lastic#66173) This commit changes the SearchableSnapshotDirectory so that it does not evict all its cache files at closing time, but instead delegates this work to the CacheService. This change is motivated by the fact that Lucene directories are closed as the consequence of applying a new cluster state and as such the closing is executed within the cluster state applier thread; and we want to minimize disk IO operations in such thread (like deleting a lot of evicted cache files). It is also motivated by the future of the searchable snapshot cache which should become persistent. This change is built on top of the existing SearchableSnapshotIndexEventListener and a new SearchableSnapshotIndexFoldersDeletionListener (see elastic#65926) that are used to detect when a searchable snapshot index (or searchable snapshot shard) is removed from a data node. When such a thing happens, the listeners notify the CacheService that maintains an internal list of removed shards. This list is used to evict the cache files associated to these shards as soon as possible (but not in the cluster state applier thread) or right before the same searchable snapshot shard is being built again on the same node. In other situations like opening/closing a searchable snapshot shard then the cache files are not evicted anymore and should be reused.
…66264) This commit changes the SearchableSnapshotDirectory so that it does not evict all its cache files at closing time, but instead delegates this work to the CacheService. This change is motivated by the fact that Lucene directories are closed as the consequence of applying a new cluster state and as such the closing is executed within the cluster state applier thread; and we want to minimize disk IO operations in such thread (like deleting a lot of evicted cache files). It is also motivated by the future of the searchable snapshot cache which should become persistent. This change is built on top of the existing SearchableSnapshotIndexEventListener and a new SearchableSnapshotIndexFoldersDeletionListener (see #65926) that are used to detect when a searchable snapshot index (or searchable snapshot shard) is removed from a data node. When such a thing happens, the listeners notify the CacheService that maintains an internal list of removed shards. This list is used to evict the cache files associated to these shards as soon as possible (but not in the cluster state applier thread) or right before the same searchable snapshot shard is being built again on the same node. In other situations like opening/closing a searchable snapshot shard then the cache files are not evicted anymore and should be reused. Backport of #66173 for 7.11
This pull request changes the
SearchableSnapshotDirectoryso that it does not evict all its cache files at closing time, but instead delegates this work to theCacheService.This change is motivated by:
This change is built on top of the existing
SearchableSnapshotIndexEventListenerand a newSearchableSnapshotIndexFoldersDeletionListener(see #65926) that are used to detect when a searchable snapshot index (or searchable snapshot shard) is removed from a data node.When such a thing happens, the listeners notify the
CacheServicethat maintains an internal list of removed shards. This list is used to evict the cache files associated to these shards as soon as possible (but not in the cluster state applier thread) or right before the same searchable snapshot shard is being built again on the same node.In other situations like opening/closing a searchable snapshot shard then the cache files are not evicted anymore and should be reused.