CEP-45: Lost witness marker race

[bdeggleston]

Don't truncate journal segments until witnessed offsets they contain are flushed. Also moves MutationTrackingService startup to after the commit log is replayed

Thanks for sending a pull request! Here are some tips if you're new here:

• Ensure you have added or run the appropriate tests for your PR.
• Be sure to keep the PR description updated to reflect all changes.
• Write your PR title to summarize what this PR proposes.
• If possible, provide a concise example to reproduce the issue for a faster review.
• Read our contributor guidelines
• If you're making a documentation change, see our guide to documentation contribution

Commit messages should follow the following format:

<One sentence description, usually Jira title or CHANGES.txt summary>

<Optional lengthier description (context on patch)>

patch by <Authors>; reviewed by <Reviewers> for CASSANDRA-#####

Co-authored-by: Name1 <email1>
Co-authored-by: Name2 <email2>

The Cassandra Jira

[frankgh]

I've added a couple of comments, but the patch looks good in general.

[frankgh]

Do we want to worry about the case where MT is disabled and maybe handle the IllegalStateException thrown when the instance is null?

[frankgh]

NIT: can we make this final?

Suggested change

	private ImmutableSet<Long> segments;
	private final mmutableSet<Long> segments;

[frankgh]

Suggested change

	if (started)
	if (wasStarted)

[frankgh]

Should we log if we fail to shutdown here?

Suggested change

	executor.awaitTermination(1, TimeUnit.MINUTES);
	if (!executor.awaitTermination(1, TimeUnit.MINUTES))
	{
	logger.warn("Mutation tracking executor did not terminate within 1 minute; forcing shutdown");
	}

[frankgh]

NIT:

Suggested change

	* However, if an sstable is flushed is after the most recent LogStatePersister run, AND it marks a segment as no
	* However, if an sstable is flushed after the most recent LogStatePersister run, AND it marks a segment as no

[frankgh]

NIT:

Suggested change

	if (summary.size() == 0)
	if (summary.isEmpty())

[frankgh]

+1 looks good to me

[bdeggleston]

Just pushed up a small test fix.

Unlike normal writes, mutation tracking noops a write if we’ve already seen it, which is a reasonable optimization when we’re tracking each write. Unfortunately this can bite us on startup. If witnessed offsets are flushed to disk before the memtable containing those offsets are also flushed to sstables, then on startup mutation tracking will think it’s already seen all of those mutations and not write them to the memtable and losing a bunch of data in the process. The fix is pretty simple and just does what commit log replay does. Commit log replay applies it’s mutations with makeDurable set to false which means apply to the memtable but not the commit log. So I updated applyInternalTracked to also take a makeDurable flag. If this is false, we now skip applying the mutation, and we also apply the mutation to the memtable whether we’ve seen it before or not.

[frankgh]

Do we need durable MT journal when makeDurable=false? I'm thinking mostly of the case where the schema is created with durable_writes=false

[frankgh]

so basically, the question is whether on line 633 do we need to write the journal when we don't need durable writes.

[bdeggleston]

that's a good point, I'd forgotten you can turn off log durability for keyspaces. I think the answer is that MT doesn't work without the mutation journal, so we need to make this path only reachable on replay and that we add a check to schema changes to fail validation if durable writes are turned off

[frankgh]

do we want to reset this seed?

[bdeggleston]

I'll remove it on commit. Thanks!

[frankgh]

👍 yeah, this makes sense

[frankgh]

should we flush system.coordinator_logs here as well?

            cluster.get(1).nodetoolResult("flush", "system", "coordinator_logs").asserts().success();

[frankgh]

Suggested change

	Throwable createFailure = expectFailure(() ->
	schemaChange("CREATE KEYSPACE " + createKs +
	" WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}" +
	" AND replication_type = 'tracked'" +
	" AND durable_writes = false")
	);
	assertTrue("Expected ConfigurationException root cause, got: " + createFailure,
	rootCause(createFailure) instanceof ConfigurationException);
	assertThatThrownBy(() ->
	schemaChange("CREATE KEYSPACE " + createKs +
	" WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}" +
	" AND replication_type = 'tracked'" +
	" AND durable_writes = false")
	).hasRootCauseInstanceOf(ConfigurationException.class);

[frankgh]

Suggested change

	Throwable alterTrackedFailure = expectFailure(() ->
	schemaChange("ALTER KEYSPACE " + alterKs + " WITH durable_writes = false")
	);
	assertTrue("Expected ConfigurationException root cause, got: " + alterTrackedFailure,
	rootCause(alterTrackedFailure) instanceof ConfigurationException);
	assertThatThrownBy(() -> schemaChange("ALTER KEYSPACE " + alterKs + " WITH durable_writes = false")).hasRootCauseInstanceOf(ConfigurationException.class);

[frankgh]

Suggested change

	Throwable alterToTrackedFailure = expectFailure(() ->
	schemaChange("ALTER KEYSPACE " + migratedKs + " WITH replication_type = 'tracked'")
	);
	assertTrue("Expected ConfigurationException root cause, got: " + alterToTrackedFailure,
	rootCause(alterToTrackedFailure) instanceof ConfigurationException);
	assertThatThrownBy(() -> schemaChange("ALTER KEYSPACE " + migratedKs + " WITH replication_type = 'tracked'")).hasRootCauseInstanceOf(ConfigurationException.class);

[frankgh]

Suggested change

	private static Throwable expectFailure(Runnable r)
	{
	try
	{
	r.run();
	}
	catch (Throwable t)
	{
	return t;
	}
	fail("Expected exception but none was thrown");
	return null;
	}
	private static Throwable rootCause(Throwable t)
	{
	Throwable cause = t;
	while (cause.getCause() != null && cause.getCause() != cause)
	cause = cause.getCause();
	return cause;
	}

[frankgh]

Can we instead use import static org.apache.cassandra.utils.AssertionUtils.assertThatThrownBy; here?