Identify REMOTE_HOST_GONE for transport failure

[wenleix]

Related Issue: #7618

Work in progress. Early comments on structure are welcome.

TODO: adding tests.

[dain]

I'm cool with putting this in the failure detector, but the detector will need two methods. One that tells us that the host is "having issues" and one that tells us that "we can't even connect". Currently the failure detector can only tell you the first one, so you can split the problem into "very long GC" vs. "host rebooted", which is the entire point of this.

[wenleix]

Tested and verified HOST_UNRECHABLE (maybe rename to WORKER_UNRECHABLE?) will be returned as status if the worker machine is rebooted during query execution. On the other side, killing the Presto process will return the same TOO_MANY_REQEUST_FAILED error. This separates software error (Presto) and hardware error (machine reboot).

Some open design questions:

1. The error message returned to CLI would still say

Query 20170405_074858_00002_w6es6 failed: Encountered too many errors talking to a worker node.

We can probably amend something like "Worker is gone"?

2. As we model "WORKER_GONE" as a cause for the failure, so I use the same detection mechanism (ratio > failureRatioThreshold) in 2c995ab .

3. In internal Stats class, the current implementation maintains designated counter and method for UnrechabilityCounter and UnrechabilityRatio.

An alternative implementation is to leverage failureCountByType, and implements getRecentFailureRatioByType. However, this might be tricky when several FailureTypes maps to one FailureCause, etc.

[wenleix]

An alternative design for FailureDetector would be the following:

public interface FailureDetector
{
    Set<ServiceDescriptor> getFailed();

    Map<ServiceDescriptor, FailureCause> getFailedAndCause();
}

[wenleix]

@raghavsethi : Ready for review :)

[raghavsethi]

Can you rebase?

[wenleix]

@raghavsethi done. thx!

[raghavsethi]

The architecture needs to be rethought a bit.

[raghavsethi]

Execution can fail for several reasons, only one of which has a 'destination host'. This needs to be re-thought.

[raghavsethi]

I would call this remoteHost, and add a comment saying that it is populated for comms failures.

[raghavsethi]

This should be disallowed.

[raghavsethi]

Do we really need four constructors? Would prefer fewer of these and more code changes.

[raghavsethi]

Inquisition is the wrong word.

[raghavsethi]

FailureDetector now attempts to determine the state of a node based on the last exception encountered.

[raghavsethi]

UNKNOWN is super weird - not a good fit for this enum.

[raghavsethi]

Reorder to: ALIVE, UNRESPONSIVE, GONE, UNKNOWN

[raghavsethi]

Couple of things:

• Can we make this so it can look up hosts in a map? Not saying it's the best way, just curious.
• When does the unknown branch actually get taken? Should it ever happen? My guess is that it's super rare.

[wenleix]

Thank you for these thoughts!! :)

• Today the tasks is a map from UUID (get from the ServiceDescriptor) to the MonitoringTask. I didn't see an easy way to reverse lookup the ServiceDescriptor based on hostName.

• It's not common but it does happen. Here are something I am currently aware of:

  • Something like org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation will be returned if we ping on a non-HTTP port (e.g. port 22)
  • Some kind of "EOFException" will be returned when the machine is restarting, or some weird firewall issue that allows the connection but doesn't allow any communication.

[raghavsethi]

            if (hostAddress.equals(fromUri(task.uri))) {
                if (!task.isFailed()) {
                    return State.ALIVE;
                }
                
                Exception lastException = task.getStats().getLastFailureException();
                if (lastException instanceof SocketTimeoutException || lastException instanceof UnknownHostException) {
                    return State.GONE;
                }
                
                if (lastException instanceof ConnectException) {
                    return State.UNRESPONSIVE;
                }
                
                return State.UNKNOWN;
            }

[raghavsethi]

So the coordinator is always in 'unknown' state? Seems sketchy.

[wenleix]

This branch should only be triggered when it's NOT on coordinator right? (Since coordinator is false). So my understanding is that this is on the worker, and there is no failure detector on worker so it looks to me UNKNOWN is the only answer :(

[raghavsethi]

Add a comment saying that this is because failure detectors are not available on workers.

[wenleix]

Addressed the comments and rebased. @raghavsethi would you like to take another look? Thank you !! :)

[raghavsethi]

Static import

[raghavsethi]

Add a comment saying that this is because failure detectors are not available on workers.

[raghavsethi]

I would call this remoteHost, and add a comment saying that it is populated for comms failures.

[raghavsethi]

Static import

[raghavsethi]

I thought we agreed this should go somewhere else?

[wenleix]

Thank you ! I think moving to SqlStageExecution looks better! :)

[raghavsethi]

I don't like that GONE maps to HOST_UNREACHABLE. This should be consistent.

[wenleix]

@raghavsethi Let me know if there is any further thoughts ! :)

[raghavsethi]

Looks good except minor comments. I'll have another look before you merge.

[raghavsethi]

FailureDetector now attempts to determine the state of a node based on the last exception encountered.

[raghavsethi]

Reorder to: ALIVE, UNRESPONSIVE, GONE, UNKNOWN

[raghavsethi]

Static import all of these enum values

[wenleix]

@raghavsethi : The reason for the ordering is because ALIVE and UNKNOWN are the two states will always exits. And we can add more states as we can identify more reasons :)

[raghavsethi]

OK then, UNKOWN, ALIVE, GONE, RESPONSIVE

[raghavsethi]

Add newline before this

[wenleix]

@raghavsethi return vs. if-else is an interesting question. Looks like nowadays pepole are preferring using early return :): https://www.quora.com/Which-one-is-better-using-if-else-or-return

In this case, the first if branch will handle when the host is not failing, and the else branch is all about different type of failed situations :). I don't have strong opinion in either way, though :)

[raghavsethi]

I agree that it's debatable in other scenarios, but in this one early-return makes it strictly easier to reason about code paths.

[raghavsethi]

            if (hostAddress.equals(fromUri(task.uri))) {
                if (!task.isFailed()) {
                    return State.ALIVE;
                }
                
                Exception lastException = task.getStats().getLastFailureException();
                if (lastException instanceof SocketTimeoutException || lastException instanceof UnknownHostException) {
                    return State.GONE;
                }
                
                if (lastException instanceof ConnectException) {
                    return State.UNRESPONSIVE;
                }
                
                return State.UNKNOWN;
            }

[raghavsethi]

static import

[raghavsethi]

null is the default value - you don't need to assign it.

[wenleix]

@raghavsethi : For class field, yes. For local variable, it doesn't seem so. (Compiler will complain "Variable xxx might not have been initialized" :) )

Anyway, rename it to remoteHost :)

[raghavsethi]

private ExecutionFailureInfo checkHostStatus(ExecutionFailureInfo executionFailureInfo)

[wenleix]

@raghavsethi I think the most accurate names are

• checkHostStatusToRewriteFailureInfo
• rewriteFailureInfoBasedOnHostStatus

... So I think the best decision is to use checkHostStatus

[raghavsethi]

I see your point. Maybe rewriteTransportFailure captures both things?

[raghavsethi]

REMOTE_HOST_GONE is a little more descriptive. @martint this works for you?

[wenleix]

Revised and jenkin is passed :) @raghavsethi

[raghavsethi]

Looks good, except that minor comment.

[raghavsethi]

Sorry I missed this earlier - but this is not an indication that stuff is currently broken on the remote node.

[wenleix]

@raghavsethi As we discussed, this is not a PrestoTransportException. The URI is used for exception message. And it get changed because we refactor to static import fromUri :)