Aleksey Yeschenko created CASSANDRA-21406:
---------------------------------------------
Summary: CEP-45: Prevent dropping journal segments referenced by
partially reconciled sstables
Key: CASSANDRA-21406
URL: https://issues.apache.org/jira/browse/CASSANDRA-21406
Project: Apache Cassandra
Issue Type: New Feature
Reporter: Aleksey Yeschenko
When we partially seal a shard, a replica that was down during the
sealing will need to filter out minority writes it had belonging to the sealed
shard from its sstables when it comes back online.
Fully reconciled (and marked as repaired) sstables should remain as they are.
Partially reconciled (unrepaired) sstables, if they contain any minority
mutations, need to be dropped and rebuilt from the mutation journal. The
replacing sstable will need to include all the fully reconciled mutations,
plus any unreconciled mutations that are safe to keep (i.e., *not* minority
mutations outside of the sealed mutation ID sets).
To make this possible, we must change our journal segment dropping logic.
Currently, we deem a segment droppable if every mutation it contains has been
fully reconciled. However, to rebuild a partially reconciled sstable, we must
ensure that all the reconciled mutations in such an sstable can still be read
from the journal. So, we must prevent the dropping of any segment we might
still need in the future to rebuild a partially reconciled sstable, even if
every mutation in that segment has been fully reconciled.
The criteria for marking a segment as droppable must change. Currently, a
journal segment is droppable if all of the following conditions are met:
1. The segment doesn't need replay - every affected memtable has been flushed
to disk as an sstable (a current condition)
2. Every mutation in the segment has been durably reconciled by all peers (a
current condition)
In the future, a journal segment will be droppable once the following
conditions have been met:
1. The segment doesn't need replay - every affected memtable has been flushed
to disk as an sstable (a current condition)
2. No partially reconciled sstables reference *any* mutations in the segment
(*new condition*)
The most sensible way to implement the new restriction is to lean on
`StatsMetadata.commitLogIntervals`. We'll keep track of the relationships
between sstables and the journal segments that feed into them, and once all
sstables with ties to a given journal segment have been promoted to repaired
(fully reconciled), we'll drop the segment. In other words, we can treat
journal segments as refcounted, with each tied sstable representing one
reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
