Hive: Make lock check retries backoff exponentially

[raptond]

50 milliseconds (constant) sleep time between "checking lock status" thrashes hive metastore databases when multiple jobs try to commit to the same Iceberg table. This fix allows the frequency of "checking the WAITING lock status" configurable and makes use of Tasks to backoff exponentially.

Every time a check on the lock is made, the HMS performs heartbeats on the lock record and the transaction record. It eventually ends up with the below errors if the number of jobs on the same table grew and commit at the same time. Ability to configure the delay between retries and slowing down retries further exponentially would help. Thanks.

MetaException(message:Unable to update transaction database org.postgresql.util.PSQLException: ERROR: could not serialize access due to read/write dependencies among transactions
Detail: Reason code: Canceled on identification as a pivot, during write.
Hint: The transaction might succeed if retried.

[pvary]

Might worth to mention in the documentation, or somewhere that this should be smaller than hive.txn.timeout or in newer versions metastore.txn.timeout otherwise the locks might be timed out without because of the lack of heartbeat.

[aokolnychyi]

We should also add these configs to configuration.md to the rest of Hadoop conf, @raptond.

[rdblue]

The Glue catalog is introducing support for a lock using DynamoDB. It would be nice to standardize these options across catalogs so that we only need to document them once and they work the same way. FYI @jackye1995.

I think it would also make sense for these to be catalog options, rather than pulled from the Hive configuration. We used HiveConf originally because we didn't have catalog-specific configuration, but now I think it would make sense to move these into catalog properties. We don't want to increase the cases where we use a Hadoop Configuration.

[jackye1995]

Yes agree. But Hive is currently built around reading from Hadoop configs. If we want to change it to use catalog properties, we need to also change all the places that loads HiveCatalog using the constructor public HiveCatalog(Configuration conf), such as https://github.com/apache/iceberg/blob/master/mr/src/main/java/org/apache/iceberg/mr/Catalogs.java#L215

[aokolnychyi]

This API is also used from Spark 2 where we don't have a way to specify catalog options. Plus, we already have a Hadoop conf for the lock timeout. How do we approach this?

[aokolnychyi]

That being said, I am +1 for adding catalog options. I am just not sure we can get rid of Hadoop conf completely in this case.

[rdblue]

In that case, we should default from Configuration, but prefer options passed to the initialize method.

[raptond]

@aokolnychyi @pvary -

[aokolnychyi]

To make sure I got @rdblue and @jackye1995. You are talking about generalizing catalog options, right?

[pvary]

nit: Could we use VisibleForTesting annotation here?

[raptond]

Since this was a test class, I didn't add this annotation. I finally ended up not using it, so I reverted back the change. Thanks for the review.

[pvary]

Minor comments, looks good to me (non-binding)

[aokolnychyi]

This change looks great to me, just minor comments in addition to what @pvary mentioned.
Thanks for working on this, @raptond!

We could add fewer configs but I'd be in favor of what this PR does. It was really painful when we hit this problem and couldn't do anything without changing the code so having props to configure every aspect sounds good to me. It is rather a sensitive area and more control here seems justified to me.

[RussellSpitzer]

Why - 100?

[raptond]

I only wanted to keep a big number for retry. Eg Integer.MAX_VALUE. But, the setter adds 1 overflowing to MIN_VALUE.

Integer.MAX_VALUE - 1 would simply suffice, but I chose conservatively to set Integer.MAX_VALUE - 100.

[rdblue]

I think it would be worth noting the rational for a choice like this in a comment.

[raptond]

👍 +1 I have added the rationale in the comments.

[aokolnychyi]

Is InterruptedException needed?

[raptond]

yes, here the HiveTableOperations.doUnlock method throws InterruptedException.

[aokolnychyi]

nit: extra empty line

[raptond]

taken care.

[rdblue]

For InterruptedException, why not throw WaitingForLockException and signal that the thread was interrupted? Then this could use the checked exception call, run(id -> {...}, TException.class) and would not need to wrap the exceptions.

[raptond]

The code looks better after this comment. However throwing WaitingForLockException ends up losing the source of the original InterruptedException because it would get handled here: https://github.com/apache/iceberg/blob/master/core/src/main/java/org/apache/iceberg/util/Tasks.java#L452

So, I chose to throw RuntimeException which will stop the retry and preserve the source stack trace.

[rdblue]

I'd probably opt to suppress the interrupt and let the code carry on after setting that the thread was interrupted. That results in a CommitFailedException. I don't think that preserving the stack of the InterruptedException is really needed, but I'm fin with it this way if you prefer it.

[raptond]

Taken care as per the other comment.

[rdblue]

Nit: unnecessary whitespace change.

[raptond]

done.

[rdblue]

I don't think it is necessary to throw RuntimeException here. If this doesn't throw WaitingForLockException then it will exit and move on. Since timeout is not set, it would hit the check for whether the lock was acquired and fail, resulting in the CommitFailedException.

I think that's a fairly reasonable way to handle an interrupt without wrapping it in a RuntimeException.

[raptond]

You are correct. I was fixated on failing the execution. This suggestion works nicely and I have a test case for this. Thank you.

[rdblue]

Overall looks good to me. @aokolnychyi can you take another look?

[raptond]

All comments taken care.

[aokolnychyi]

I'll do a pass in 15 mins

[aokolnychyi]

Thanks everyone! The change looks solid so I merged it!

[aokolnychyi]

@raptond, do you want to work on catalog options for this next?

[raptond]

@aokolnychyi - Sure, I will work on to submit a new one with catalog options (properties via initialize method) overriding the Configuration.