Maintain TaskLockbox at datasource level for higher concurrency

[kfaraz]

Description

In clusters with a large number of datasources, task operations block each other owing to the giant lock in the TaskLockbox. This can become particularly problematic in cases of streaming ingestion being done into multiple datasources, where segment allocations become very slow since all of them must pass through a single queue.

None of the task operations share a critical section across datasources and it should suffice to perform the locking
at the datasource level.

This patch is an attempt to remediate this problem.

Changes

• Dedicate TaskLockbox to a single datasource.
• Add a GlobalTaskLockbox which delegates to the respective datasource for any operation.
• The GlobalTaskLockbox.syncFromStorage() must be mutually exclusive from any operation
  being performed on any of the datasources.
  • Since syncFromStorage() is called only from TaskQueue.start() on becoming leader, using a ReadWriteLock didn't seem necessary
  • Instead, syncFromStorage() marks the GlobalTaskLockbox as "unsynced" at the start of the method
  • When "unsynced", all other lockbox operations fail.
  • Upon sync completion, the GlobalTaskLockbox is marked "synced" again and operations can proceed as normal
• Add GlobalTaskLockbox.shutdown() and TaskLockbox.clear() to clean up unused resources upon
  loss of leadership.
• The TaskLockbox of a datasource is removed when it is not needed anymore

Pending

• Test out the patch in a cluster

Follow up

After this patch, the bottleneck for segment allocation will be the single-threaded SegmentAllocationQueue.
One approach could be to maintain a separate SegmentAllocationQueue for each datasource but that would
drastically increase the pressure on metadata store in case of multiple datasources.
A better alternative would be to Make segment allocation queue multithreaded

Release note

Improve concurrency on Overlord by ensuring that task actions on one datasource do not block actions on other datasources.

---

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• a release note entry in the PR description.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity.
It will be closed in 4 weeks if no further activity occurs. If you think
that's incorrect or this pull request should instead be reviewed, please simply
write any comment. Even if closed, you can still revive the PR at any time or
discuss it on the dev@druid.apache.org list.
Thank you for your contributions.

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity.
It will be closed in 4 weeks if no further activity occurs. If you think
that's incorrect or this pull request should instead be reviewed, please simply
write any comment. Even if closed, you can still revive the PR at any time or
discuss it on the dev@druid.apache.org list.
Thank you for your contributions.

[gianm]

This is only a concern on shutdown, right? Since at other times, clear() will only be called when the refcount is zero, meaning no locks should be held. Just trying to make sure I understand.

[kfaraz]

Yes, it's a concern only on shutdown(), which is invoked on loss of leadership.
We would want the leadership change listener to return quickly.

[gianm]

True, we do, although we also want the old leader to fully stand down before the new one stands up, to avoid races between the leaders. Ideal thing would be to interrupt other in flight operations, if that's feasible. If not feasible right now, then please update this comment to describe the concern and to not be a TODO comment.

[kfaraz]

Updated and moved the comment to shutdown() method as it seems more relevant there.

[gianm]

Check again in the critical section of getLockboxResource? This code seems potentially racey, since syncComplete could be set to false right after this check.

[kfaraz]

Thanks for the tip!

I didn't initially put the check in getLockboxResource() because that method is called from syncFromStorage() as well before the syncComplete flag has been set.

I guess I can have two variants of the getLockboxResource() method or just pass a boolean
to decide whether to perform the check or not.

[gianm]

A parameter about performing the check sounds reasonable to me.

[kfaraz]

Updated.

[kfaraz]

Thanks for the review, @gianm !