Hi, I second Chesnay's comment and would like to better understand the motivation behind this. At the surface it sounds to me like this might require quite a bit of work for a very narrow use case.
At the same time I have a feeling that Yuan, you are mixing this feature request (checkpointing subgraphs/pipeline regions independently) and a very very different issue of "task local checkpoints"? Those problems are kind of similar, but not quite. Best, Piotrek wt., 8 lut 2022 o 11:44 Chesnay Schepler <ches...@apache.org> napisał(a): > Could someone expand on these operational issues you're facing when > achieving this via separate jobs? > > I feel like we're skipping a step, arguing about solutions without even > having discussed the underlying problem. > > On 08/02/2022 11:25, Gen Luo wrote: > > Hi, > > > > @Yuan > > Do you mean that there should be no shared state between source subtasks? > > Sharing state between checkpoints of a specific subtask should be fine. > > > > Sharing state between subtasks of a task can be an issue, no matter > whether > > it's a source. That's also what I was afraid of in the previous replies. > In > > one word, if the behavior of a pipeline region can somehow influence the > > state of other pipeline regions, their checkpoints have to be aligned > > before rescaling. > > > > On Tue, Feb 8, 2022 at 5:27 PM Yuan Mei <yuanmei.w...@gmail.com> wrote: > > > >> Hey Folks, > >> > >> Thanks for the discussion! > >> > >> *Motiviation and use cases* > >> I think motiviation and use cases are very clear and I do not have > doubts > >> on this part. > >> A typical use case is ETL with two-phase-commit, hundreds of partitions > can > >> be blocked by a single straggler (a single task's checkpoint abortion > can > >> affect all, not necessary failure). > >> > >> *Source offset redistribution* > >> As for the known sources & implementation for Flink, I can not find a > case > >> that does not work, *for now*. > >> I need to dig a bit more: how splits are tracked assigned, not > successfully > >> processed, succesffully processed e.t.c. > >> I guess it is a single shared source OPCoordinator. And how this > *shared* > >> state (between tasks) is preserved? > >> > >> *Input partition/splits treated completely independent from each other* > >> This part I am still not sure, as mentioned if we have shared state of > >> source in the above section. > >> > >> To Thomas: > >>> In Yuan's example, is there a reason why CP8 could not be promoted to > >>> CP10 by the coordinator for PR2 once it receives the notification that > >>> CP10 did not complete? It appears that should be possible since in its > >>> effect it should be no different than no data processed between CP8 > >>> and CP10? > >> Not sure what "promoted" means here, but > >> 1. I guess it does not matter whether it is CP8 or CP10 any more, > >> if no shared state in source, as exactly what you meantinoed, > >> "it should be no different than no data processed between CP8 and CP10" > >> > >> 2. I've noticed that from this question there is a gap between > >> "*allow aborted/failed checkpoint in independent sub-graph*" and > >> my intention: "*independent sub-graph checkpointing indepently*" > >> > >> Best > >> Yuan > >> > >> > >> On Tue, Feb 8, 2022 at 11:34 AM Gen Luo <luogen...@gmail.com> wrote: > >> > >>> Hi, > >>> > >>> I'm thinking about Yuan's case. Let's assume that the case is running > in > >>> current Flink: > >>> 1. CP8 finishes > >>> 2. For some reason, PR2 stops consuming records from the source (but is > >> not > >>> stuck), and PR1 continues consuming new records. > >>> 3. CP9 and CP10 finish > >>> 4. PR2 starts to consume quickly to catch up with PR1, and reaches the > >> same > >>> final status with that in Yuan's case before CP11 starts. > >>> > >>> I support that in this case, the status of the job can be the same as > in > >>> Yuan's case, and the snapshot (including source states) taken at CP10 > >>> should be the same as the composed global snapshot in Yuan's case, > which > >> is > >>> combining CP10 of PR1 and CP8 of PR2. This should be true if neither > >> failed > >>> checkpointing nor uncommitted consuming have side effects, both of > which > >>> can break the exactly-once semantics when replaying. So I think there > >>> should be no difference between rescaling the combined global snapshot > or > >>> the globally taken one, i.e. if the input partitions are not > independent, > >>> we are probably not able to rescale the source state in the current > Flink > >>> eiter. > >>> > >>> And @Thomas, I do agree that the operational burden is > >>> significantly reduced, while I'm a little afraid that checkpointing the > >>> subgraphs individually may increase most of the runtime overhead back > >>> again. Maybe we can find a better way to implement this. > >>> > >>> On Tue, Feb 8, 2022 at 5:11 AM Thomas Weise <t...@apache.org> wrote: > >>> > >>>> Hi, > >>>> > >>>> Thanks for opening this discussion! The proposed enhancement would be > >>>> interesting for use cases in our infrastructure as well. > >>>> > >>>> There are scenarios where it makes sense to have multiple disconnected > >>>> subgraphs in a single job because it can significantly reduce the > >>>> operational burden as well as the runtime overhead. Since we allow > >>>> subgraphs to recover independently, then why not allow them to make > >>>> progress independently also, which would imply that checkpointing must > >>>> succeed for non affected subgraphs as certain behavior is tied to > >>>> checkpoint completion, like Kafka offset commit, file output etc. > >>>> > >>>> As for source offset redistribution, offset/position needs to be tied > >>>> to splits (in FLIP-27) and legacy sources. (It applies to both Kafka > >>>> and Kinesis legacy sources and FLIP-27 Kafka source.). With the new > >>>> source framework, it would be hard to implement a source with correct > >>>> behavior that does not track the position along with the split. > >>>> > >>>> In Yuan's example, is there a reason why CP8 could not be promoted to > >>>> CP10 by the coordinator for PR2 once it receives the notification that > >>>> CP10 did not complete? It appears that should be possible since in its > >>>> effect it should be no different than no data processed between CP8 > >>>> and CP10? > >>>> > >>>> Thanks, > >>>> Thomas > >>>> > >>>> On Mon, Feb 7, 2022 at 2:36 AM Till Rohrmann <trohrm...@apache.org> > >>> wrote: > >>>>> Thanks for the clarification Yuan and Gen, > >>>>> > >>>>> I agree that the checkpointing of the sources needs to support the > >>>>> rescaling case, otherwise it does not work. Is there currently a > >> source > >>>>> implementation where this wouldn't work? For Kafka it should work > >>> because > >>>>> we store the offset per assigned partition. For Kinesis it is > >> probably > >>>> the > >>>>> same. For the Filesource we store the set of unread input splits in > >> the > >>>>> source coordinator and the state of the assigned splits in the > >> sources. > >>>>> This should probably also work since new splits are only handed out > >> to > >>>>> running tasks. > >>>>> > >>>>> Cheers, > >>>>> Till > >>>>> > >>>>> On Mon, Feb 7, 2022 at 10:29 AM Yuan Mei <yuanmei.w...@gmail.com> > >>> wrote: > >>>>>> Hey Till, > >>>>>> > >>>>>>> Why rescaling is a problem for pipelined regions/independent > >>>> execution > >>>>>> subgraphs: > >>>>>> > >>>>>> Take a simplified example : > >>>>>> job graph : source (2 instances) -> sink (2 instances) > >>>>>> execution graph: > >>>>>> source (1/2) -> sink (1/2) [pieplined region 1] > >>>>>> source (2/2) -> sink (2/2) [pieplined region 2] > >>>>>> > >>>>>> Let's assume checkpoints are still triggered globally, meaning > >>>> different > >>>>>> pipelined regions share the global checkpoint id (PR1 CP1 matches > >>> with > >>>> PR2 > >>>>>> CP1). > >>>>>> > >>>>>> Now let's assume PR1 completes CP10 and PR2 completes CP8. > >>>>>> > >>>>>> Let's say we want to rescale to parallelism 3 due to increased > >> input. > >>>>>> - Notice that we can not simply rescale based on the latest > >> completed > >>>>>> checkpoint (CP8), because PR1 has already had data (CP8 -> CP10) > >>> output > >>>>>> externally. > >>>>>> - Can we take CP10 from PR1 and CP8 from PR2? I think it depends on > >>>> how the > >>>>>> source's offset redistribution is implemented. > >>>>>> The answer is yes if we treat each input partition as > >> independent > >>>> from > >>>>>> each other, *but I am not sure whether we can make that > >> assumption*. > >>>>>> If not, the rescaling cannot happen until PR1 and PR2 are aligned > >>> with > >>>> CPs. > >>>>>> Best > >>>>>> -Yuan > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> On Mon, Feb 7, 2022 at 4:17 PM Till Rohrmann <trohrm...@apache.org > >>>> wrote: > >>>>>>> Hi everyone, > >>>>>>> > >>>>>>> Yuan and Gen could you elaborate why rescaling is a problem if we > >>> say > >>>>>> that > >>>>>>> separate pipelined regions can take checkpoints independently? > >>>>>>> Conceptually, I somehow think that a pipelined region that is > >>> failed > >>>> and > >>>>>>> cannot create a new checkpoint is more or less the same as a > >>>> pipelined > >>>>>>> region that didn't get new input or a very very slow pipelined > >>> region > >>>>>> which > >>>>>>> couldn't read new records since the last checkpoint (assuming > >> that > >>>> the > >>>>>>> checkpoint coordinator can create a global checkpoint by > >> combining > >>>>>>> individual checkpoints (e.g. taking the last completed checkpoint > >>>> from > >>>>>> each > >>>>>>> pipelined region)). If this comparison is correct, then this > >> would > >>>> mean > >>>>>>> that we have rescaling problems under the latter two cases. > >>>>>>> > >>>>>>> Cheers, > >>>>>>> Till > >>>>>>> > >>>>>>> On Mon, Feb 7, 2022 at 8:55 AM Gen Luo <luogen...@gmail.com> > >>> wrote: > >>>>>>>> Hi Gyula, > >>>>>>>> > >>>>>>>> Thanks for sharing the idea. As Yuan mentioned, I think we can > >>>> discuss > >>>>>>> this > >>>>>>>> within two scopes. One is the job subgraph, the other is the > >>>> execution > >>>>>>>> subgraph, which I suppose is the same as PipelineRegion. > >>>>>>>> > >>>>>>>> An idea is to individually checkpoint the PipelineRegions, for > >>> the > >>>>>>>> recovering in a single run. > >>>>>>>> > >>>>>>>> Flink has now supported PipelineRegion based failover, with a > >>>> subset > >>>>>> of a > >>>>>>>> global checkpoint snapshot. The checkpoint barriers are spread > >>>> within a > >>>>>>>> PipelineRegion, so the checkpointing of individual > >>> PipelineRegions > >>>> is > >>>>>>>> actually independent. Since in a single run of a job, the > >>>>>> PipelineRegions > >>>>>>>> are fixed, we can individually checkpoint separated > >>>> PipelineRegions, > >>>>>>>> despite what status the other PipelineRegions are, and use a > >>>> snapshot > >>>>>> of > >>>>>>> a > >>>>>>>> failing region to recover, instead of the subset of a global > >>>> snapshot. > >>>>>>> This > >>>>>>>> can support separated job subgraphs as well, since they will > >> also > >>>> be > >>>>>>>> separated into different PipelineRegions. I think this can > >>> fulfill > >>>> your > >>>>>>>> needs. > >>>>>>>> > >>>>>>>> In fact the individual snapshots of all PipelineRegions can > >> form > >>> a > >>>>>> global > >>>>>>>> snapshot, and the alignment of snapshots of individual regions > >> is > >>>> not > >>>>>>>> necessary. But rescaling this global snapshot can be > >> potentially > >>>>>>> complex. I > >>>>>>>> think it's better to use the individual snapshots in a single > >>> run, > >>>> and > >>>>>>> take > >>>>>>>> a global checkpoint/savepoint before restarting the job, > >>> rescaling > >>>> it > >>>>>> or > >>>>>>>> not. > >>>>>>>> > >>>>>>>> A major issue of this plan is that it breaks the checkpoint > >>>> mechanism > >>>>>> of > >>>>>>>> Flink. As far as I know, even in the approximate recovery, the > >>>> snapshot > >>>>>>>> used to recover a single task is still a part of a global > >>>> snapshot. To > >>>>>>>> implement the individual checkpointing of PipelineRegions, > >> there > >>>> may > >>>>>> need > >>>>>>>> to be a checkpoint coordinator for each PipelineRegion, and a > >> new > >>>>>> global > >>>>>>>> checkpoint coordinator. When the scale goes up, there can be > >> many > >>>>>>>> individual regions, which can be a big burden to the job > >> manager. > >>>> The > >>>>>>>> meaning of the checkpoint id will also be changed, which can > >>> affect > >>>>>> many > >>>>>>>> aspects. There can be lots of work and risks, and the risks > >> still > >>>> exist > >>>>>>> if > >>>>>>>> we only individually checkpoint separated job subgraphs, since > >>> the > >>>>>>>> mechanism is still broken. If that is what you need, maybe > >>>> separating > >>>>>>> them > >>>>>>>> into different jobs is an easier and better choice, as Caizhi > >> and > >>>> Yuan > >>>>>>>> mentioned. > >>>>>>>> > >>>>>>>> On Mon, Feb 7, 2022 at 11:39 AM Yuan Mei < > >> yuanmei.w...@gmail.com > >>>>>> wrote: > >>>>>>>>> Hey Gyula, > >>>>>>>>> > >>>>>>>>> That's a very interesting idea. The discussion about the > >>>> `Individual` > >>>>>>> vs > >>>>>>>>> `Global` checkpoint was raised before, but the main concern > >> was > >>>> from > >>>>>>> two > >>>>>>>>> aspects: > >>>>>>>>> > >>>>>>>>> - Non-deterministic replaying may lead to an inconsistent > >> view > >>> of > >>>>>>>>> checkpoint > >>>>>>>>> - It is not easy to form a clear cut of past and future and > >>>> hence no > >>>>>>>> clear > >>>>>>>>> cut of where the start point of the source should begin to > >>> replay > >>>>>> from. > >>>>>>>>> Starting from independent subgraphs as you proposed may be a > >>> good > >>>>>>>> starting > >>>>>>>>> point. However, when we talk about subgraph, do we mention it > >>> as > >>>> a > >>>>>> job > >>>>>>>>> subgraph (each vertex is one or more operators) or execution > >>>> subgraph > >>>>>>>> (each > >>>>>>>>> vertex is a task instance)? > >>>>>>>>> > >>>>>>>>> If it is a job subgraph, then indeed, why not separate it > >> into > >>>>>> multiple > >>>>>>>>> jobs as Caizhi mentioned. > >>>>>>>>> If it is an execution subgraph, then it is difficult to > >> handle > >>>>>>> rescaling > >>>>>>>>> due to inconsistent views of checkpoints between tasks of the > >>>> same > >>>>>>>>> operator. > >>>>>>>>> > >>>>>>>>> `Individual/Subgraph Checkpointing` is definitely an > >>> interesting > >>>>>>>> direction > >>>>>>>>> to think of, and I'd love to hear more from you! > >>>>>>>>> > >>>>>>>>> Best, > >>>>>>>>> > >>>>>>>>> Yuan > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Mon, Feb 7, 2022 at 10:16 AM Caizhi Weng < > >>>> tsreape...@gmail.com> > >>>>>>>> wrote: > >>>>>>>>>> Hi Gyula! > >>>>>>>>>> > >>>>>>>>>> Thanks for raising this discussion. I agree that this will > >> be > >>>> an > >>>>>>>>>> interesting feature but I actually have some doubts about > >> the > >>>>>>>> motivation > >>>>>>>>>> and use case. If there are multiple individual subgraphs in > >>> the > >>>>>> same > >>>>>>>> job, > >>>>>>>>>> why not just distribute them to multiple jobs so that each > >>> job > >>>>>>> contains > >>>>>>>>>> only one individual graph and can now fail without > >> disturbing > >>>> the > >>>>>>>> others? > >>>>>>>>>> > >>>>>>>>>> Gyula Fóra <gyf...@apache.org> 于2022年2月7日周一 05:22写道: > >>>>>>>>>> > >>>>>>>>>>> Hi all! > >>>>>>>>>>> > >>>>>>>>>>> At the moment checkpointing only works for healthy jobs > >>> with > >>>> all > >>>>>>>>> running > >>>>>>>>>>> (or some finished) tasks. This sounds reasonable in most > >>>> cases > >>>>>> but > >>>>>>>>> there > >>>>>>>>>>> are a few applications where it would make sense to > >>>> checkpoint > >>>>>>>> failing > >>>>>>>>>> jobs > >>>>>>>>>>> as well. > >>>>>>>>>>> > >>>>>>>>>>> Due to how the checkpointing mechanism works, subgraphs > >>> that > >>>>>> have a > >>>>>>>>>> failing > >>>>>>>>>>> task cannot be checkpointed without violating the > >>>> exactly-once > >>>>>>>>> semantics. > >>>>>>>>>>> However if the job has multiple independent subgraphs > >> (that > >>>> are > >>>>>> not > >>>>>>>>>>> connected to each other), even if one subgraph is > >> failing, > >>>> the > >>>>>>> other > >>>>>>>>>>> completely running one could be checkpointed. In these > >>> cases > >>>> the > >>>>>>>> tasks > >>>>>>>>> of > >>>>>>>>>>> the failing subgraph could simply inherit the last > >>> successful > >>>>>>>>> checkpoint > >>>>>>>>>>> metadata (before they started failing). This logic would > >>>> produce > >>>>>> a > >>>>>>>>>>> consistent checkpoint. > >>>>>>>>>>> > >>>>>>>>>>> The job as a whole could now make stateful progress even > >> if > >>>> some > >>>>>>>>>> subgraphs > >>>>>>>>>>> are constantly failing. This can be very valuable if for > >>> some > >>>>>>> reason > >>>>>>>>> the > >>>>>>>>>>> job has a larger number of independent subgraphs that are > >>>>>> expected > >>>>>>> to > >>>>>>>>>> fail > >>>>>>>>>>> every once in a while, or if some subgraphs can have > >> longer > >>>>>>> downtimes > >>>>>>>>>> that > >>>>>>>>>>> would now cause the whole job to stall. > >>>>>>>>>>> > >>>>>>>>>>> What do you think? > >>>>>>>>>>> > >>>>>>>>>>> Cheers, > >>>>>>>>>>> Gyula > >>>>>>>>>>> > >
