[improve][broker] PIP-307 Expose inflight state waiting time and service channel monitor interval configs. Handle AddEntry failure during topic transfer

[heesung-sn]

Fixes: #21654

PIP: #307

Motivation

• We want to expose the in-flight state waiting time and service channel monitor interval configs to further control the Extensible Load Balancer behavior. We don't expose these vars in the broker.conf in this PR, as their tuning is rare.

• Improve the flakiness of the ExtensibleLoadBalancerImplTest by removing static mock.

• Add AddEntry failure handler logic for the PIP-307 to cover the edge-case.

Modifications

• Expose the in-flight state waiting time and service channel monitor interval configs in ServiceConfiguration.

• Removed static mock in the ExtensibleLoadBalancerImplTest

• Added retries in ExtensibleLoadBalancerImplTest test cases.

• Add AddEntry failure handler logic for the PIP-307 to cover the edgecase. (added transferring state in AbstracTopic)

Verifying this change

• Make sure that the change passes the CI checks.

• Add AddEntry failure handler logic for the PIP-307 to cover the edgecase. logic is covered by testTransferClientReconnectionWithoutLookup (this test was flaky because of the AddEntry failure while the ledger is fenced by the unloading)

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

• Dependencies (add or upgrade a dependency)
• The public API
• The schema
• The default values of configurations
• The threading model
• The binary protocol
• The REST endpoints
• The admin CLI options
• The metrics
• Anything that affects deployment

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

Matching PR in forked repository

PR in forked repository: heesung-sn#54

[github-actions]

@heesung-sn Please add the following content to your PR description and select a checkbox:

- [ ] `doc` <!-- Your PR contains doc changes -->
- [ ] `doc-required` <!-- Your PR changes impact docs and you will update later -->
- [ ] `doc-not-needed` <!-- Your PR changes do not impact docs -->
- [ ] `doc-complete` <!-- Docs have been already added -->

[dragosvictor]

Looks good, left some comments.

[dragosvictor]

Nit: this shouldn't be multiplied by 1000 anymore.

[heesung-sn]

oh thanks for this catch. The name should stateTombstoneDelayTimeInMillis

[dragosvictor]

Looks correct, but is there anything to be done about the PublishContext callback?

[heesung-sn]

I think the callback is used to signal clients to additionally handle this case on the clients as well. In this case, we don't need to send any to the clients.

[dragosvictor]

Can we simplify as suggested below? We aren't expecting any new calls to lookup.getBroker(topicName), we could go further and replace the condition with never().

Suggested change

	Awaitility.await().atMost(5, TimeUnit.SECONDS).untilAsserted(() -> {
	assertTrue(producer.isConnected());
	verify(lookup, times(lookupCountBeforeUnload)).getBroker(topicName);
	});
	Awaitility.await().atMost(5, TimeUnit.SECONDS).until(producer::isConnected);
	verify(lookup, times(lookupCountBeforeUnload)).getBroker(topicName);

[heesung-sn]

Updated.

[dragosvictor]

Here and below: are these values still correct, since we switched to a different time unit?

[heesung-sn]

fixed.

[dragosvictor]

Would we still need to execute the code inside the lambda below, except the error sending? There's other cleanup operations being performed that can avoid resource leaks.

[heesung-sn]

I agree. Moving this logic into the lambda and continue to call the cleanups. Thank you.

[dragosvictor]

Just confirming that this flag is not meant to ever go back to false. Is that the intent? As it is right now, publishing a message to a topic that was transferred would lead to a TopicClosedException, whereas in the current proposal the exception would be silenced forever.

[heesung-sn]

Yes, transferring will not go back to false.

In the worst case, if transferring is stuck, the leader monitor will send a msg to the source broker to fix the stuck state with handleOwnEvent at the } else if ((data.force() || isTransferCommand(data)) && isTargetBroker(data.sourceBroker())) {. In this case, the topics will be forcefully closed with disconnectClients=true.

[dragosvictor]

I agree, the topics will be forcefully closed as you mentioned, but further messages produced will still be ignored instead of responded to with TopicClosedException.

[Demogorgon314]

Does this change relevant to the flaky test? If not, a separate PR might be better.

[heesung-sn]

yes, this is required. Otherwise,testTransferClientReconnectionWithoutLookup will be flaky.

[Demogorgon314]

Do we need a PIP to add configuration? /cc @codelipenghui

[heesung-sn]

I don't think we need a PIP for this config, as this is a minor addition (and these need to be tuned rarely). If required, I think we could update the config list in the PIP-192.

[codelipenghui]

Yes, update PIP-192 makes sense. It’s better to share in the mailing list.

[heesung-sn]

I updated the PIP-192 to list the ExtensibleLoadBalancer's Service Configurations.
I shared this info in the mailing list. https://lists.apache.org/thread/zz612q2bhh6rccl04w3jz2mvt0z5kch8

[Demogorgon314]

Can we reuse isFenced?

[heesung-sn]

No. I think we should have a different state here. isFenced=true can happen in other cases(e.g. when bk write fails), so we need to define a new state separately.

[dragosvictor]

Looks good to me, thanks!

[Demogorgon314]

Should we keep this interface here? It might break some protocol handler compatibility if removed

[heesung-sn]

No. This only introduced for pip-307. Since we dont use it any more, we are deleting it.

[Demogorgon314]

I see, thanks for explaining.