jackye1995 commented on a change in pull request #2034: URL: https://github.com/apache/iceberg/pull/2034#discussion_r552392569
########## File path: aws/src/main/java/org/apache/iceberg/aws/glue/DynamoLockManager.java ########## @@ -0,0 +1,307 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.iceberg.aws.glue; + +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.concurrent.ScheduledFuture; +import java.util.concurrent.TimeUnit; +import org.apache.iceberg.CatalogProperties; +import org.apache.iceberg.aws.AwsClientFactories; +import org.apache.iceberg.relocated.com.google.common.annotations.VisibleForTesting; +import org.apache.iceberg.relocated.com.google.common.base.Preconditions; +import org.apache.iceberg.relocated.com.google.common.collect.ImmutableMap; +import org.apache.iceberg.relocated.com.google.common.collect.Lists; +import org.apache.iceberg.relocated.com.google.common.collect.Maps; +import org.apache.iceberg.util.Tasks; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.AttributeDefinition; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.awssdk.services.dynamodb.model.BillingMode; +import software.amazon.awssdk.services.dynamodb.model.ConditionalCheckFailedException; +import software.amazon.awssdk.services.dynamodb.model.CreateTableRequest; +import software.amazon.awssdk.services.dynamodb.model.DeleteItemRequest; +import software.amazon.awssdk.services.dynamodb.model.DescribeTableRequest; +import software.amazon.awssdk.services.dynamodb.model.DescribeTableResponse; +import software.amazon.awssdk.services.dynamodb.model.DynamoDbException; +import software.amazon.awssdk.services.dynamodb.model.GetItemRequest; +import software.amazon.awssdk.services.dynamodb.model.GetItemResponse; +import software.amazon.awssdk.services.dynamodb.model.InternalServerErrorException; +import software.amazon.awssdk.services.dynamodb.model.KeySchemaElement; +import software.amazon.awssdk.services.dynamodb.model.KeyType; +import software.amazon.awssdk.services.dynamodb.model.ProvisionedThroughputExceededException; +import software.amazon.awssdk.services.dynamodb.model.PutItemRequest; +import software.amazon.awssdk.services.dynamodb.model.RequestLimitExceededException; +import software.amazon.awssdk.services.dynamodb.model.ResourceNotFoundException; +import software.amazon.awssdk.services.dynamodb.model.ScalarAttributeType; +import software.amazon.awssdk.services.dynamodb.model.TableStatus; +import software.amazon.awssdk.services.dynamodb.model.TransactionConflictException; + +/** + * DynamoDB implementation for the lock manager. + */ +class DynamoLockManager extends LockManagers.BaseLockManager { + + private static final Logger LOG = LoggerFactory.getLogger(DynamoLockManager.class); + + private static final String COL_LOCK_ENTITY_ID = "entityId"; + private static final String COL_LEASE_DURATION_MS = "leaseDurationMs"; + private static final String COL_VERSION = "version"; + private static final String COL_LOCK_OWNER_ID = "ownerId"; + + private static final String CONDITION_LOCK_ID_MATCH = String.format( + "%s = :eid AND %s = :oid", + COL_LOCK_ENTITY_ID, COL_LOCK_OWNER_ID); + private static final String CONDITION_LOCK_ENTITY_NOT_EXIST = String.format( + "attribute_not_exists(%s)", + COL_LOCK_ENTITY_ID); + private static final String CONDITION_LOCK_ENTITY_NOT_EXIST_OR_VERSION_MATCH = String.format( + "attribute_not_exists(%s) OR (%s = :eid AND %s = :vid)", + COL_LOCK_ENTITY_ID, COL_LOCK_ENTITY_ID, COL_VERSION); + + private static final int LOCK_TABLE_CREATION_WAIT_ATTEMPTS_MAX = 5; + + private static final List<KeySchemaElement> LOCK_TABLE_SCHEMA = Lists.newArrayList( + KeySchemaElement.builder() + .attributeName(COL_LOCK_ENTITY_ID) + .keyType(KeyType.HASH) + .build()); + + private static final List<AttributeDefinition> LOCK_TABLE_COL_DEFINITIONS = Lists.newArrayList( + AttributeDefinition.builder() + .attributeName(COL_LOCK_ENTITY_ID) + .attributeType(ScalarAttributeType.S) + .build()); + + private final Map<String, ScheduledFuture<?>> heartbeats = Maps.newHashMap(); + + private DynamoDbClient dynamo; + private String lockTableName; + + /** + * constructor for dynamic initialization, {@link #initialize(Map)} must be called later. + */ + DynamoLockManager() { + } + + /** + * constructor used for testing purpose + * @param dynamo dynamo client + * @param lockTableName lock table name + */ + DynamoLockManager(DynamoDbClient dynamo, String lockTableName) { + super.initialize(Maps.newHashMap()); + this.dynamo = dynamo; + this.lockTableName = lockTableName; + ensureLockTableExistsOrCreate(); + } + + private void ensureLockTableExistsOrCreate() { + + if (tableExists(lockTableName)) { + return; + } + + LOG.info("Dynamo lock table {} not found, trying to create", lockTableName); + dynamo.createTable(CreateTableRequest.builder() + .tableName(lockTableName) + .keySchema(lockTableSchema()) + .attributeDefinitions(lockTableColDefinitions()) + .billingMode(BillingMode.PAY_PER_REQUEST) + .build()); + + Tasks.foreach(lockTableName) + .retry(LOCK_TABLE_CREATION_WAIT_ATTEMPTS_MAX) + .throwFailureWhenFinished() + .onlyRetryOn(IllegalStateException.class) + .run(this::checkTableActive); + } + + @VisibleForTesting + boolean tableExists(String tableName) { + try { + dynamo.describeTable(DescribeTableRequest.builder() + .tableName(tableName) + .build()); + return true; + } catch (ResourceNotFoundException e) { + return false; + } + } + + private void checkTableActive(String tableName) { + try { + DescribeTableResponse response = dynamo.describeTable(DescribeTableRequest.builder() + .tableName(tableName) + .build()); + TableStatus currentStatus = response.table().tableStatus(); + if (!currentStatus.equals(TableStatus.ACTIVE)) { + throw new IllegalStateException(String.format("Dynamo table %s is not active, current status: %s", + tableName, currentStatus)); + } + } catch (ResourceNotFoundException e) { + throw new IllegalStateException(String.format("Cannot find Dynamo table %s", tableName)); + } + } + + @Override + public void initialize(Map<String, String> properties) { + super.initialize(properties); + this.dynamo = AwsClientFactories.from(properties).dynamo(); + this.lockTableName = properties.get(CatalogProperties.LOCK_TABLE); + Preconditions.checkNotNull(lockTableName, "DynamoDB lock table name must not be null"); + ensureLockTableExistsOrCreate(); + } + + @Override + public boolean acquire(String entityId, String ownerId) { + try { + Tasks.foreach(entityId) + .throwFailureWhenFinished() + .retry(Integer.MAX_VALUE - 1) + .exponentialBackoff(acquireIntervalMs(), acquireIntervalMs(), acquireTimeoutMs(), 1) + .onlyRetryOn( + ConditionalCheckFailedException.class, + ProvisionedThroughputExceededException.class, + TransactionConflictException.class, + RequestLimitExceededException.class, + InternalServerErrorException.class) + .run(id -> acquireOnce(id, ownerId)); + return true; + } catch (DynamoDbException e) { + return false; + } + } + + @VisibleForTesting + void acquireOnce(String entityId, String ownerId) { + GetItemResponse response = dynamo.getItem(GetItemRequest.builder() + .tableName(lockTableName) + .key(toKey(entityId)) + .build()); + + if (!response.hasItem()) { + dynamo.putItem(PutItemRequest.builder() + .tableName(lockTableName) + .item(toNewItem(entityId, ownerId)) + .conditionExpression(CONDITION_LOCK_ENTITY_NOT_EXIST) + .build()); + } else { + Map<String, AttributeValue> currentItem = response.item(); + + try { + Thread.sleep(Long.parseLong(currentItem.get(COL_LEASE_DURATION_MS).n())); + } catch (InterruptedException e) { + throw new IllegalStateException( + String.format("Fail to acquire lock %s by %s, interrupted during sleep", entityId, ownerId), e); + } + + dynamo.putItem(PutItemRequest.builder() + .tableName(lockTableName) + .item(toNewItem(entityId, ownerId)) + .conditionExpression(CONDITION_LOCK_ENTITY_NOT_EXIST_OR_VERSION_MATCH) + .expressionAttributeValues(ImmutableMap.of( + ":eid", AttributeValue.builder().s(entityId).build(), + ":vid", AttributeValue.builder().s(currentItem.get(COL_VERSION).s()).build())) + .build()); + } + + startNewHeartbeat(entityId, ownerId); + } + + private void startNewHeartbeat(String entityId, String ownerId) { + if (heartbeats.containsKey(entityId)) { + heartbeats.remove(entityId).cancel(false); + } + + heartbeats.put(entityId, scheduler().scheduleAtFixedRate(() -> dynamo.putItem(PutItemRequest.builder() + .tableName(lockTableName) + .item(toNewItem(entityId, ownerId)) + .conditionExpression(CONDITION_LOCK_ID_MATCH) + .expressionAttributeValues(toLockIdValues(entityId, ownerId)) + .build()), 0, heartbeatIntervalMs(), TimeUnit.MILLISECONDS)); Review comment: Yes, that is definitely a risk. I also thought about what you described, but I think the only way to achieve that is to allow the lock manager caller to explicitly call a `heartbeat` method to emit heartbeat, and this method needs to be passed all the way to every place of a commit to ensure heartbeat does not timeout. So comparing with the current Hive lock, we are basically choosing between: 1. if we lock without heartbeat, a super long timeout is needed to ensure the commit must succeed, and if lock dies, all processes would be blocked for that long time. 2. if we lock with heartbeat, we don't need a long timeout. But we need to either choose to: 1. heartbeat in the background, which makes the interface more decoupled, but would lead to this issue of potential idle heartbeat thread 2. heartbeat by the caller, which would require changes the commit interface all over the place to pass the heartbeat around. I think so far 2.1 is still the best approach to go for now, since we have already made sure `release` must be called after a commit, so heartbeat will be killed. If it is not called, the process must have crashed and the heartbeat thread would also be dead. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
