xds: add Outlier Detection Balancer

[zasweq]

This PR adds the Outlier Detection Balancer as part of the xDS configured tree of balancers (see https://github.com/grpc/proposal/blob/master/A50-xds-outlier-detection.md).

Contains #5371.

RELEASE NOTES:

• xDS: add support for Outlier Detection

[dfawley]

It seems this still needs to be rebased due to outlierdetection files.

[easwars]

Just skimmed through. Expect more comments as I spend more time on this.

[easwars]

Nit: please group renamed proto imports separately.

[easwars]

Maybe TestOutlierDetection_EmptyConfig or TestOutlierDetection_NoopConfig to be explicit about what is being tested here?

[zasweq]

Chose no-op config, empty management server update but od config is better termed "no-op". Thanks for suggestion.

[easwars]

How about?

// TestOutlierDetectionXxx tests the scenario where the outlier detection feature
// is enabled on the gRPC client, but it receives no outlier detection configuration
// from the management server. This should result in a no-op outlier configuration
// being used. This test verifies that an RPC is able to proceed normally with this
// configuration.

[zasweq]

Done (with a little rewording).

[easwars]

And the award for the author with the longest identifier name in our codebase goes to ...... lol

[zasweq]

Lol. This Java book I read called clean code told me to be verbose and explanatory in my variable names. Switched to "defaultClientResourcesMultipleBackendsAndOD". Is that better or too verbose/if so do you have a better suggestion?

[easwars]

Nit: single line
And probably a comment with a human readable value for this time duration.

[zasweq]

Done. Added comment // .5 seconds.

[easwars]

object is not a very descriptive name for a type which is quite central to the implementation. Maybe something like subConnState or subConnInfo or subConnRunTimeInfo or subConnRunTimeState or something better. And a comment for the type describing its purpose would be useful too.

Also, this type does not contain any mutexes. It would be helpful for the above comment to talk about how synchronization is handled for this type.

[zasweq]

This struct represents information about a certain address, not a SubConn. Each SubConn does hold a ref to this though. As such, I chose the name "addressInfo".

[zasweq]

Added comment for addressInfo explaining what it is and also explaining how it is synchronized. Let me know if it's too verbose or if you like it.

[easwars]

Replace with
// The latest ejection timestamp, or zero if the address is currently not ejected.
And get rid of the // We represent the branching logic on the null with a time.Zero() value.

Please terminate comment sentences with periods. go/go-style/decisions#comment-sentences

[zasweq]

Ah, good merging. Switched. Added periods to every comment about each field in this struct.

[easwars]

Please consider not quoting the gRFC verbatim. The gRFC text makes sense in its context. But here (and everywhere else in this PR), please make comments self-explanatory and self-contained. Thanks.

[zasweq]

Switched as many as I could over. I left the one for swap() though, since that defines an implementation detail that I didn't follow with a subsequent explanation. I also left the ones in NewSubConn() as I thought they made sense, and the actual Outlier Detection Interval algorithm itself as it's explaining the algorithm step by step.

[easwars]

Do these have to be methods on the subConnWrapper type?

Can callsites of scw.eject() be replaced by:

  b.scUpdateCh.Put(&ejectedUpdate{scw: scw, ejected: true})

and similarly for uneject().

[zasweq]

They don't have to be, technically, but A50 clearly states to have methods on the subChannelWrapper type: https://github.com/grpc/proposal/blob/master/A50-xds-outlier-detection.md#subchannel-wrapper. To keep implementations similar, I think it's best to do it as such. Plus, there's 8 callsites for both of these methods and I think it's cleaner for scw.eject()/scw.uneject() instead of putting stuff on update channel for each call site. However, main reason is that is explicitly defined in gRFC.

[zasweq]

Thanks for the comments :D!

[zasweq]

Chose no-op config, empty management server update but od config is better termed "no-op". Thanks for suggestion.

[zasweq]

Done (with a little rewording).

[zasweq]

Lol. This Java book I read called clean code told me to be verbose and explanatory in my variable names. Switched to "defaultClientResourcesMultipleBackendsAndOD". Is that better or too verbose/if so do you have a better suggestion?

[zasweq]

Done. Added comment // .5 seconds.

[zasweq]

They don't have to be, technically, but A50 clearly states to have methods on the subChannelWrapper type: https://github.com/grpc/proposal/blob/master/A50-xds-outlier-detection.md#subchannel-wrapper. To keep implementations similar, I think it's best to do it as such. Plus, there's 8 callsites for both of these methods and I think it's cleaner for scw.eject()/scw.uneject() instead of putting stuff on update channel for each call site. However, main reason is that is explicitly defined in gRFC.

[zasweq]

Ah, good merging. Switched. Added periods to every comment about each field in this struct.

[zasweq]

This struct represents information about a certain address, not a SubConn. Each SubConn does hold a ref to this though. As such, I chose the name "addressInfo".

[zasweq]

Added comment for addressInfo explaining what it is and also explaining how it is synchronized. Let me know if it's too verbose or if you like it.

[zasweq]

Deleted od prefix. Kept outlierDetectionBalancer though, as clusterImplBalancer had prefix on Balancer type. GracefulSwitch doesn't though so let me know if you want me to switch outlierDetectionBalancer too.

[zasweq]

Switched as many as I could over. I left the one for swap() though, since that defines an implementation detail that I didn't follow with a subsequent explanation. I also left the ones in NewSubConn() as I thought they made sense, and the actual Outlier Detection Interval algorithm itself as it's explaining the algorithm step by step.

[dfawley]

Nit: ejectLowSuccessRateBackends? or something like that to indicate more precisely what the function is doing. Same with the other Algorithm functions.

[zasweq]

Ummmmmmm this is the configuration defines the algorithm as and A50, I agree that would be nicer, I'll write a comment for each xAlgorithm function.

[dfawley]

Succesees?

[zasweq]

Whoops. Switched.

[dfawley]

Include the name of this LB policy, please.

[zasweq]

Switched to "outlier detection: child balancer...".

[dfawley]

Remove.

[zasweq]

Done.

[dfawley]

This would probably be a little clearer as:

if len(scw.addresses == 1) && len(addrs) == 1 {
	// single address to single address
} else if len(scw.addresses == 1) {
	// single address to multiple/no addresses
} else if len(addrs) == 1 {
	// multiple address to single address
} // else multiple/no addresses to multiple/no addresses; ignore

or:

switch {
case len(scw.addresses == 1) && len(addrs) == 1:
case len(scw.addresses == 1):
case len(addrs) == 1:
}

[zasweq]

Wow, great clean suggestion. I chose option two, Easwar has made me use switches for scenarios like this and he knows go style so I'll go with option 2 thanks.

[dfawley]

This says "uneject unconditionally" but goes on to eject?

[zasweq]

Whoops, good catch. Switched to uneject().

[dfawley]

Even with the use of max and min, this is still too long to follow. Please simplify into multiple statements or temporary variables if possible.

[zasweq]

I tried my best. Refactored. Let me know if it looks off still.

[dfawley]

Maybe the test can set this field manually first, then?

[zasweq]

This fixed a race condition where the intervalTimer algorithm would go off at an arbitrary point in the future if not manually calling Stop() here. (Since we call the intervalTimerAlgorithm manually in test (much cleaner than setting field in test, since it'll get written to in UpdateClientConnState(), there would still be a configured timer from the UpdateClientConnState() that would leak if not closed here).

[dfawley]

Can we pass b.addrs[addr] here (and unejectAddress) instead to guarantee this won't happen?

[zasweq]

Oh I just realized at the call site you have access to the addrInfo (for addr, addrInfo := range b.addrs. Passed that instead.

[easwars]

Missing verb between should and a child?

[zasweq]

Oh lol, sorry. Added "should".

[easwars]

You could probably reduce some lines in the test by making a variable for the configuration without the child policy config.

var baseCfgWithoutChildConfig = BalancerConfig: &LBConfig{
	Interval:           10 * time.Second,
	BaseEjectionTime:   30 * time.Second,
	MaxEjectionTime:    300 * time.Second,
	MaxEjectionPercent: 10,
	SuccessRateEjection: &SuccessRateEjection{
		StdevFactor:           1900,
		EnforcementPercentage: 100,
		MinimumHosts:          5,
		RequestVolume:         100,
	},
	FailurePercentageEjection: &FailurePercentageEjection{
		Threshold:             85,
		EnforcementPercentage: 5,
		MinimumHosts:          5,
		RequestVolume:         50,
	},
}

And change just the child policy config here and down below when calling UpdateClientConnState.

[zasweq]

Ummmm sorry I don't like this suggestion, it feels hacky and takes away readability in my opinion, since it's appending to something declared earlier in the funciton (think your comment on the other file about moving var declarations nearer to where they're used). I'll switch it to noop config though, since it doesn't need all the other fields, similar to your comment down below.

[easwars]

Just FYI: Calling t.Fatal from goroutines other than the main test goroutine only causes that particular goroutine to exit. The main test goroutine will keep running. So, it is better to call t.Error in these cases, to make it clear to the reader of the test.

Also, the err != nil check is repeated here.

[zasweq]

Oh, interesting. I actually did not know that. Switched to error and deleted duplicate err != nil check.

[zasweq]

This actually breaks the package documentation: "FailNow must be called from the goroutine running the test or benchmark function, not from other goroutines created during the test."

[zasweq]

Wait. This isn't created in a new goroutine, this is called in the main test goroutine. The calls down to the child all happen inline from the test goroutine, which then calls this. Switched regardless.

[easwars]

Is the complete config required for this test case? Can some fields be omitted?

[zasweq]

Good point. Deleted everything but interval and SuccessRateEjection, since that causes it to be a non noop config. For this and the next UpdateClientConnState() below.

[easwars]

Use maxInt here as well. Thanks.

[zasweq]

Done here and everywhere else.

[easwars]

Move this definition closer to where it is used.

[zasweq]

Done.

[easwars]

Same here.

[zasweq]

Done.

[easwars]

Nix newline here.

[zasweq]

Done.

[easwars]

Same here.

[zasweq]

Done.

[easwars]

And this one.

[zasweq]

Done here and everywhere else.

[zasweq]

Thanks for the comments :D

[zasweq]

Actually, unfortunately this can't. I had to switch the logic for this one, because I start bad backends which return errors that I know will get called. Yours expect the EmptyCall RPC to return a non nil error.

[zasweq]

Oh lol, sorry. Added "should".

[zasweq]

Done here and everywhere else.

[zasweq]

Done here and everywhere else.

[zasweq]

Lol, good point. Switched.

[zasweq]

Ummmm sorry I don't like this suggestion, it feels hacky and takes away readability in my opinion, since it's appending to something declared earlier in the funciton (think your comment on the other file about moving var declarations nearer to where they're used). I'll switch it to noop config though, since it doesn't need all the other fields, similar to your comment down below.

[zasweq]

Good point. Deleted everything but interval and SuccessRateEjection, since that causes it to be a non noop config. For this and the next UpdateClientConnState() below.

[zasweq]

Oh, interesting. I actually did not know that. Switched to error and deleted duplicate err != nil check.

[zasweq]

This actually breaks the package documentation: "FailNow must be called from the goroutine running the test or benchmark function, not from other goroutines created during the test."

[zasweq]

Wait. This isn't created in a new goroutine, this is called in the main test goroutine. The calls down to the child all happen inline from the test goroutine, which then calls this. Switched regardless.

[dfawley]

That is illegal (though it should be handled gracefully here, of course). SubConn is required to be valid or the channel will re-pick after a new picker is provided. Can you make the tests not set it to nil?

[dfawley]

Should this show the config too?

[zasweq]

Umm I wouldn't mind that, but I just triaged the rest of the xDS balancer tree (which I based this on in the first place), and every balancer logs this word exactly. Thus, for the sake of consistency, I would prefer to keep it as such. Of course, if you feel strongly about this I'll go ahead and switch it over.

[dfawley]

This field seems to be unused?

[zasweq]

Good point. Graceful Switch gets constructed with this so we are good here. Removed this field.

[dfawley]

You should wrap this error so there is more context whenever it's printed.

[zasweq]

Switched to (pun unintended): return fmt.Errorf("outlier detection: error switching to child of type %q: %v", lbCfg.ChildPolicy.Name, err)

[zasweq]

Thanks for the pass bossman!

[zasweq]

Good point. Graceful Switch gets constructed with this so we are good here. Removed this field.

[zasweq]

Umm I wouldn't mind that, but I just triaged the rest of the xDS balancer tree (which I based this on in the first place), and every balancer logs this word exactly. Thus, for the sake of consistency, I would prefer to keep it as such. Of course, if you feel strongly about this I'll go ahead and switch it over.

[zasweq]

Switched to (pun unintended): return fmt.Errorf("outlier detection: error switching to child of type %q: %v", lbCfg.ChildPolicy.Name, err)

[dfawley]

How about:

// childMu guards calls into child and also synchronizes reads of child in run() and the write in Close().

If you make sure b.run() exits before calling b.child.Close(), though, you don't need that last part of the sentence.

[zasweq]

Yup, waited for b.run() to exit. Changed docstring to just the first part of that sentence.

[zasweq]

Also removed the clearing of the child as an invariant of close, and the reading of the child (determining whether it's been cleared or not).

[dfawley]

🎉