cshuo commented on code in PR #12927: URL: https://github.com/apache/hudi/pull/12927#discussion_r1984562143
########## rfc/rfc-91/rfc-91.md: ########## @@ -0,0 +1,145 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +# RFC-91: Storage-based lock provider using conditional writes + +## Proposers + +- @alexr17 + +## Approvers + + - @yihua + - @danny0405 + +## Status + +JIRA: [HUDI-9122](https://issues.apache.org/jira/browse/HUDI-9122) + +## Abstract + +Currently in Hudi, distributed locking relies on external systems like Zookeeper, which add complexity and extra dependencies. This RFC introduces a storage-based implementation of the `LockProvider` interface that utilizes conditional writes in cloud storage platforms (such as GCS and AWS S3) to implement a native distributed locking mechanism for Hudi. By directly integrating lock management with cloud storage, this solution reduces operational overhead, and ensures robust coordination during concurrent writes. + +## Background + +AWS S3 recently introduced conditional writes, and GCS and Azure storage already support them. This RFC leverages these features to implement a distributed lock provider for Hudi using a leader election algorithm. In this approach, each process attempts an atomic conditional write to a file calculated using the table base path. The first process to succeed is elected leader and takes charge of exclusive operations. This method provides a straightforward, reliable locking mechanism without the need for external lock providers. + +## Implementation + +This design implements a leader election algorithm for Apache Hudi using a single lock file per table stored in cloud storage. Each table’s lock is represented by a JSON file with the following fields: +- owner: A unique UUID identifying the lock provider instance. +- expiration: A UTC timestamp indicating when the lock expires. +- expired: A boolean flag marking the lock as released. + +Example lock file path: `s3://bucket/locks/<cleaned-table-base-path>-<short-sha>.json` + +Each `LockProvider` must implement `tryLock()` and `unlock()` however we also need to do our own lock renewal, therefore this implementation also has `renewLock()`. The implementation will import a service using reflection which writes to S3/GCS/Azure based on the provided location to write the locks. This ensures the main logic for conditional writes is shared regardless of the underlying storage. + +`tryLock()` +- No Existing Lock: If the lock file doesn’t exist, a new lock file is created with the current instance’s details using a conditional write that only succeeds if the file is absent. +- Existing Lock – Not Expired: If a valid (non-expired) lock exists, the process refrains from taking the lock. +- Existing Lock – Expired: If the lock file exists but is expired, a new lock file is conditionally written. This write uses a precondition based on the current file’s unique tag from cloud storage to ensure that no other process has updated it in the meantime. + +`renewLock()` +- Purpose: Periodically extend the lock’s expiration (the heartbeat). +- Mechanism: Update the lock file’s expiration using a conditional write that verifies the unique tag from the current lock state. If the tag does not match, the renewal fails, indicating that the lock has been lost. + +`unlock()` +- Purpose: Safely release the lock. Review Comment: `unlock` would not delete lock file? so once the lock file is created in the first time lock, it would be always there, and will just be updated with conditional write? ########## rfc/rfc-91/rfc-91.md: ########## @@ -0,0 +1,145 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +# RFC-91: Storage-based lock provider using conditional writes + +## Proposers + +- @alexr17 + +## Approvers + + - @yihua + - @danny0405 + +## Status + +JIRA: [HUDI-9122](https://issues.apache.org/jira/browse/HUDI-9122) + +## Abstract + +Currently in Hudi, distributed locking relies on external systems like Zookeeper, which add complexity and extra dependencies. This RFC introduces a storage-based implementation of the `LockProvider` interface that utilizes conditional writes in cloud storage platforms (such as GCS and AWS S3) to implement a native distributed locking mechanism for Hudi. By directly integrating lock management with cloud storage, this solution reduces operational overhead, and ensures robust coordination during concurrent writes. + +## Background + +AWS S3 recently introduced conditional writes, and GCS and Azure storage already support them. This RFC leverages these features to implement a distributed lock provider for Hudi using a leader election algorithm. In this approach, each process attempts an atomic conditional write to a file calculated using the table base path. The first process to succeed is elected leader and takes charge of exclusive operations. This method provides a straightforward, reliable locking mechanism without the need for external lock providers. + +## Implementation + +This design implements a leader election algorithm for Apache Hudi using a single lock file per table stored in cloud storage. Each table’s lock is represented by a JSON file with the following fields: +- owner: A unique UUID identifying the lock provider instance. +- expiration: A UTC timestamp indicating when the lock expires. +- expired: A boolean flag marking the lock as released. + +Example lock file path: `s3://bucket/locks/<cleaned-table-base-path>-<short-sha>.json` + +Each `LockProvider` must implement `tryLock()` and `unlock()` however we also need to do our own lock renewal, therefore this implementation also has `renewLock()`. The implementation will import a service using reflection which writes to S3/GCS/Azure based on the provided location to write the locks. This ensures the main logic for conditional writes is shared regardless of the underlying storage. + +`tryLock()` +- No Existing Lock: If the lock file doesn’t exist, a new lock file is created with the current instance’s details using a conditional write that only succeeds if the file is absent. +- Existing Lock – Not Expired: If a valid (non-expired) lock exists, the process refrains from taking the lock. +- Existing Lock – Expired: If the lock file exists but is expired, a new lock file is conditionally written. This write uses a precondition based on the current file’s unique tag from cloud storage to ensure that no other process has updated it in the meantime. Review Comment: > a new lock file is conditionally written "new lock file" do you mean a brand new lock file will be created, or just update the current lock file with new lock payload? If it's the former, how is the "Existing lock" file dealt with. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
