Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(storage): proactively prevent uncommitted SSTs from GC #18882

Merged
merged 4 commits into from
Oct 16, 2024
Merged

refactor(storage): proactively prevent uncommitted SSTs from GC #18882

merged 4 commits into from
Oct 16, 2024

Conversation

zwang28
Copy link
Contributor

@zwang28 zwang28 commented Oct 12, 2024

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

With #18757, uncommitted SSTs that may have been full GCed will be rejected during commit_epoch. The side effect is the maximum permitted barrier latency is constrained by SST retention time. A larger SST retention time introduces storage overhead.

This PR adds another protection mechanisim to prevent uncommited SSTs from being deleted by full GC in the first place.

  • It will replace the sanity check in commit_epoch after further thorough tests later. After that the SST retention time can be reduced significantly, only constrained by expected maximum compaction latency.
  • For now it serves as an additional protection alongside the existing one.

Checklist

  • I have written necessary rustdoc comments
  • I have added necessary unit tests and integration tests
  • I have added test labels as necessary. See details.
  • I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
  • My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
  • All checks passed in ./risedev check (or alias, ./risedev c)
  • My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)
  • My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

  • My PR needs documentation updates. (Please use the Release note section below to summarize the impact on users)

Release note

If this PR includes changes that directly affect users or other significant modifications relevant to the community, kindly draft a release note to provide a concise summary of these changes. Please prioritize highlighting the impact these changes will have on users.

@zwang28 zwang28 requested review from hzxa21 and wenym1 October 12, 2024 05:34
@zwang28 zwang28 enabled auto-merge October 12, 2024 05:38
@zwang28 zwang28 disabled auto-merge October 12, 2024 05:40
@zwang28 zwang28 enabled auto-merge October 12, 2024 09:23
@zwang28 zwang28 force-pushed the wangzheng/track_spill_sst branch from 3645f8c to b12d3af Compare October 16, 2024 02:44
@zwang28
Copy link
Contributor Author

zwang28 commented Oct 16, 2024
edited
Loading

There seems to be a corner case that can break this approach.

  1. Some SSTs are uploaded to S3, either caused by Spill or Sync.
  2. A Full GC is triggered. HummockEvent::GetMinUncommittedSstId is processed. But it doesn't consider SSTs from step 1, because they are not in UploaderData yet.
  3. Some time later Spilled/Synced SST are added to UploaderData by Hummock event loop. But it's too late for step 2.

@gitguardian GitGuardian
Copy link

gitguardian bot commented Oct 16, 2024

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
9425213 Triggered Generic Password f27bed7 ci/scripts/e2e-source-test.sh View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@zwang28 zwang28 added this pull request to the merge queue Oct 16, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 16, 2024
@zwang28 zwang28 added this pull request to the merge queue Oct 16, 2024
Merged via the queue into main with commit 6d35ac1 Oct 16, 2024
30 of 33 checks passed
@zwang28 zwang28 deleted the wangzheng/track_spill_sst branch October 16, 2024 10:33
zwang28 added a commit that referenced this pull request Oct 18, 2024
@zwang28
refactor(storage): proactively prevent uncommitted SSTs from GC (#18882)
06b837a 
(cherry picked from commit 6d35ac1)
@zwang28 zwang28 mentioned this pull request Oct 18, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hzxa21 hzxa21 hzxa21 approved these changes

@wenym1 wenym1 Awaiting requested review from wenym1

Assignees
No one assigned
Labels
ci/run-e2e-single-node-tests type/refactor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zwang28 @hzxa21