Retry VStream errors with exponential backoff and switch tablets for repeated errors

[twthorn]

Description

Improve the retry error logic such that

1. We will give preference to the local cell tablet, and will not prematurely switch to another tablet
2. If the same error persists for the same tablet, then ignore the tablet and try another

For retries, we follow best practice of exponential backoff with jitter. Rather than reimplementing what is already in vtadmin, we move this package to make it available for other packages to use. Also use last error for tracking if this is the same error.

Note: an edge case here is that if a tablet keeps erroring out but the error is changing value, then we would never retry another tablet (since the error will not equal a previous, so it resets the timer). Typically, we see the same error persisting (but this isn't guaranteed). To avoid this edge case we could instead simply use exponential backoff and switch regardless of whether the error is repeating. I am not sure if that's desired or if we only want to switch off local if it's the same error.

Related Issue(s)

• Fixes: Feature Request: Retry vstream on a new tablet if an error is encountered #16535

Checklist

• "Backport to:" labels have been added if this change should be back-ported to release branches
• If this change is to be back-ported to previous releases, a justification is included in the PR description
• Tests were added or are not required
• Did the new or modified tests pass consistently locally and on CI?
• Documentation was added or is not required

Deployment Notes

[vitess-bot]

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

• Ensure that the Pull Request has a descriptive title.
• Ensure there is a link to an issue (except for internal cleanup and flaky test fixes), new features should have an RFC that documents use cases and test cases.

Tests

• Bug fixes should have at least one unit or end-to-end test, enhancement and new features should have a sufficient number of tests.

Documentation

• Apply the release notes (needs details) label if users need to know about this change.
• New features should be documented.
• There should be some code comments as to why things are implemented the way they are.
• There should be a comment at the top of each new or modified test to explain what the test does.

New flags

• Is this flag really necessary?
• Flag names must be clear and intuitive, use dashes (-), and have a clear help text.

If a workflow is added or modified:

• Each item in Jobs should be named in order to mark it as required.
• If the workflow needs to be marked as required, the maintainer team must be notified.

Backward compatibility

• Protobuf changes should be wire-compatible.
• Changes to _vt tables and RPCs need to be backward compatible.
• RPC changes should be compatible with vitess-operator
• If a flag is removed, then it should also be removed from vitess-operator and arewefastyet, if used there.
• vtctl command output order should be stable and awk-able.

[mattlord]

I don't think that we should do this. At least not behind a flag. This would mean that we would be paying a heavy network cost for most cases where the error was an ephemeral / recoverable one. I think that we should instead try and identify exactly what error message we expect in the new case(s) that we should consider unrecoverable.

You also have to keep in mind here that you could potentially quickly ignore all possible tablets unnecessarily.

[twthorn]

Add a function for determining if we should fail immediately and return the error. There is one case in our tests that we need this for: journal event with partial participants.

Although this looks similar to the previous implementation, it is fundamentally more robust. This approach uses an include-list for immediate failure errors, all other cases are done with a generic strategy of exponential backoff & possibly switching tablets for persistent errors.

The previous implementation required an include list for (1) retry on same tablet (2) retry on different tablet. We remove the need to maintain these two include-lists which have no guarantee to be constant. We only need to maintain the immediate failure list (which is up to us to decide what we want to fail loudly on).

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.77%. Comparing base (4a89749) to head (c303404).
Report is 103 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16536      +/-   ##
==========================================
+ Coverage   68.74%   68.77%   +0.03%     
==========================================
  Files        1556     1556              
  Lines      199705   199721      +16     
==========================================
+ Hits       137292   137364      +72     
+ Misses      62413    62357      -56     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[twthorn]

Remove the need for any error include lists. Raise whatever the last error was when we run out of tablets.

[twthorn]

I am still working on fixing some end to end tests, but the bulk of the changes will stay the same so want to get some early feedback.

[mattlord]

Thanks, @twthorn !

Can you help me understand how this will improve a specific scenario on main? I'm not sure that exponential backoff fits here as we already should be choosing a "random" tablet on main after #12282 and I'm not sure that it makes sense to backoff when the frequency of attempts is already quite low, it should not necessarily be done against the same endpoint, and we often want to select a tablet ASAP.

It would be much easier to think this through if we had a clear use case that is problematic on main today — which some kind of test (manual or otherwise) clearly demonstrates — and which we can then use to demonstrate, test, and confirm the improved behavior in the PR branch.

If we do keep the backoff strategy, any reason not to make it and the related config part of the tabletPickerOptions? Ideally we could keep the existing behavior by default and allow callers to alter it at their choosing. The tablet picker is used by so many things and we should be extra safe/careful with it as it's very easy for unexpected edge cases to show up that cause issues. Opting into new behavior, for those that want different behavior, would be ideal.

[mattlord]

That seems nice. I had never even noticed it. I feel like it should probably be in go/vt/grpcbackoff instead though (with grpcbackoff as the package name too) as isn't really error related and it is grpc related — really wrapping/extending google.golang.org/grpc/backoff.

[mattlord]

This should be done in the vstream.shouldRetry function so that the last error consideration is taking into account along in addition to the other considerations. I think this would likely also address the test failures.

[github-actions]

This PR is being marked as stale because it has been open for 30 days with no activity. To rectify, you may do any of the following:

• Push additional commits to the associated branch.
• Remove the stale label.
• Add a comment indicating why it is not stale.

If no action is taken within 7 days, this PR will be closed.

[github-actions]

This PR was closed because it has been stale for 7 days with no activity.