Deadlock detector hack for Kafka driver instability

[vprithvi]

Signed-off-by: Prithvi Raj p.r@uber.com

Which problem is this PR solving?

• Mitigate effects of Remove dependency on sarama-cluster (Kafka driver) #1052 as a temporary solution

Short description of the changes

• Adds a deadlock watcher per partition that monitors message consumption rate per minute. If the rate of consumption is zero, it triggers a rebalance by sending a signal to close the partition. If the partition close is unsuccessful, the instance is killed.

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@a429d78). Click here to learn what that means.
The diff coverage is 100%.

@@           Coverage Diff            @@
##             master   #1087   +/-   ##
========================================
  Coverage          ?    100%           
========================================
  Files             ?     141           
  Lines             ?    6723           
  Branches          ?       0           
========================================
  Hits              ?    6723           
  Misses            ?       0           
  Partials          ?       0

Impacted Files	Coverage Δ
cmd/ingester/app/consumer/consumer.go	100% <100%> (ø)
cmd/ingester/app/consumer/deadlock_detector.go	100% <100%> (ø)
cmd/ingester/app/consumer/consumer_metrics.go	100% <100%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a429d78...4573d51. Read the comment docs.

[yurishkuro]

in hotrod zap logger automatically prints the stack. What's different here?

[vprithvi]

zap only prints the current go routine - This prints out all go routines.

[yurishkuro]

no reason to allocate a pointer, you can still use address of a struct field with atomic.

[vprithvi]

True, I had assumed that the pointer allocation had a similar overhead to an field allocation. I didn't want to use & on every access.

[yurishkuro]

// If closePartition is blocked, the consumer may have deadlocked -> kill the process

[yurishkuro]

this could inadvertently kill the process after rebalance, but not sure how to avoid it

[vprithvi]

Could you elaborate how?

[yurishkuro]

actually, because Ticker.close() does not close the channel, the race condition I was thinking about won't happen on rebalance, but you will leak the goroutine

[vprithvi]

This is true, I can use a separate channel to close this if you feel strongly about it

[yurishkuro]

yes, let's fix this, a goroutine leak is not good

[yurishkuro]

separate issue: s/params.Factory/params.MetricsFactory/

[vprithvi]

I'll address this separately - it'll only add noise to this PR

[yurishkuro]

s/getClosePartition/closePartitionChannel/

[yurishkuro]

why do we call new here? If it internally caches the metrics, then s/newPartitionMetrics/newPartitionMetrics

[yurishkuro]

s/getNamespace/metricsFactoryForPartition/

[yurishkuro]

NB: we don't use "get" in Go.

[yurishkuro]

I don't follow what the purpose of this allPartitionDeadlockDetector is. It looks like it's only used to increment this counter - why do we even need it? We can always sum the time series to get total counter.

[yurishkuro]

nit: you do not need to leak the ticker. Create it inside goroutine as local var with defer close.

[vprithvi]

👍

[yurishkuro]

nit: allPartitions...

[vprithvi]

👍

[yurishkuro]

I think it would be cleaner and easier to understand if you had a top-level deadlockDetector, which can create partitionDeadlockDetector as needed (implementation-wide the former may contain the latter for pId=-1). So factory is only used once to create the top-level detector, and the factory does not need to be stored in the Consumer.

[vprithvi]

Doesn't this mean that the top level deadlockDetector also has the responsibilities of the Factor? (That being said, I think it might be cleaner design)

[yurishkuro]

it does, in a way, but there's nothing wrong with that, especially considering that it happens at runtime and many times, whereas the top-level factory will be used only once on startup and not needed afterwards.

Separating top-level from individual detectors will also allow clean separation in some implementation details, e.g. where some features are not used.

And best of all, you'll be able to move a lot of methods into detectors, away from Consumer.

[vprithvi]

👍

[yurishkuro]

I assume this does not apply to all-partitions detector?

[vprithvi]

It does not

[yurishkuro]

This still bothers me. Some metrics factories are not happy if you try to create a metric with the same name twice. So if we re-acquire the same partition, this could cause a panic, e.g. if someone is using expvar-based metrics (unless we implemented protection in the factory, which I had to do for Prometheus).

[vprithvi]

I added a test to jaeger-lib/metrics which shows that calling Counter mutiple times with the same tags does not panic for expvar, prometheus and tally.

[yurishkuro]

s/localFactory/metricsFactory/

[yurishkuro]

is there some pattern you're following from elsewhere in the code? Referring to metrics factory as merely "factory" is very poor naming.

[vprithvi]

Ah, this is a result of some laziness and accepting the IDE generated name - I'll update these

[yurishkuro]

assumes that factory is reentrant for the same metric name, which is not guaranteed

[yurishkuro]

nit: we should clean-up these metrics. All 3 structs are per-partition, could we not combine them into one? Then we won't have all these small functions on the Consumer.

[vprithvi]

I agree - I'll do it as a separate commit