Re: Changing the output of tooling between majors

[Aleksey Yeshchenko]

As Eric said, a major release is not a license to make externally visible 
breaking changes. We are too mature a project now.

I have OCD tendencies like many people here, but one must learn to live with 
aesthetically imperfect tool output. Internal changes are fine, external 
changes that are actual bug fixes are fine (but need to be undertaken with good 
care still).

> On 13 Jul 2023, at 23:36, Dinesh Joshi  wrote:
> 
> This adds maintenance overhead but is a potential alternative. I would only 
> flip the flag. I would prefer to make the default "legacy" output and 
> innovate behind a "--output-format=v2" flag. That way tools do not break or 
> have to change to pass in the new flag.
> 
> Ideally we should always version our output format - structured or not.
> 
> Dinesh
> 
>> On Jul 13, 2023, at 9:08 AM, German Eichberger via dev 
>>  wrote:
>> 
>> Let's take this discussion in a different direction: If we add a --legacy 
>> ​ argument where we are supporting an old version for those who 
>> need/want it but have the (breaking) changes on the default this feels like 
>> a compromise - and then we can deprecate the legacy format without impacting 
>> innovation. We can also flip this with requiring a flag for the changed 
>> format if we feel this is better.
>> 
>> This let's us innovate without breaking anyone. Thoughts?
>> 
>> Thanks,
>> German

Re: Changing the output of tooling between majors

[German Eichberger via dev]

+1 to always version the output format


From: Dinesh Joshi 
Sent: Thursday, July 13, 2023 3:36 PM
To: dev 
Subject: [EXTERNAL] Re: Changing the output of tooling between majors

This adds maintenance overhead but is a potential alternative. I would only 
flip the flag. I would prefer to make the default "legacy" output and innovate 
behind a "--output-format=v2" flag. That way tools do not break or have to 
change to pass in the new flag.

Ideally we should always version our output format - structured or not.

Dinesh

On Jul 13, 2023, at 9:08 AM, German Eichberger via dev 
 wrote:

Let's take this discussion in a different direction: If we add a --legacy 
​ argument where we are supporting an old version for those who 
need/want it but have the (breaking) changes on the default this feels like a 
compromise - and then we can deprecate the legacy format without impacting 
innovation. We can also flip this with requiring a flag for the changed format 
if we feel this is better.

This let's us innovate without breaking anyone. Thoughts?

Thanks,
German

Re: Writes after the column is dropped, broken reads, and TCM

[Jakub Zytka]

I would like to propose the following solution to CASSANDRA-17047,
CASSANDRA-18589, CASSANDRA-18591 etc. (the rationale and line of thought
included below) for pre-TCM Cassandra versions, and I'd love to hear your
feedback.

Definitions:
There are three states of knowledge of a node wrt to a particular column:

C - a column exists (there’s a column in TableMetadata::columns, no column
in TableMetadata::droppedColumns)
D - a column has been dropped (there’s no column in TableMetadata::columns,
and a column in TableMetadata::droppedColumns)
A - column has been dropped and then subsequently re-added (there’s a
column *both* in TableMetadata::columns and TableMetadata::droppedColumns)

For convenience, later in the document, I can just refer to column
creation, column drop, and column re-addition as C, D, or A events,
respectively.

Column lifecycle is always:
CDADAD…

A post-drop write is a write written with the “old” schema (where the
column was not yet dropped), but with a timestamp greater than the
respective column drop time.

Proposal:
The proposal consists of three postulates:

1. If either the coordinator or replica considers the column to be dropped
- it is OK for them to ignore the column data *regardless* of timestamp
Motivation:
Coordinator D should be allowed to return data as if the column was
removed; if the client wants an up-to-date view of data written after
subsequent A it should use an up-to-date coordinator (i.e. if you write to
coordinator A, and subsequently read from a coordinator with the previous D
state you may not be able to read your new write).
Replica D couldn’t have accepted any writes that happened after other nodes
performed subsequent A because of the check in
UpdateStatement::prepareInternal (i.e. only writes to columns visible in
the node’s schema are allowed). Thus, ignoring data does not affect writes
confirmed after the A event.

2. If neither the coordinator nor the replica considers the column to be
dropped - accept write resurrection
Motivation:
Without TCM there’s no race-free way to tell whether a write is a new,
confirmed write, and should be returned or an old, post-drop write.
Ignoring the written data may lead to data loss.

3. Read-repair should be disabled when there is schema inconsistency
between nodes
Motivation:
Eagerly ignoring written data by a replica in D state can lead to
read-repair storm. This is fundamentally caused by difference of opinion
between nodes with respect to existence of a particular write. A limitation
that read repairs can only be sent to replicas which agree on the current
version of the schema is simple and temporary, so it looks acceptable.
To mitigate the window for race conditions, it could be beneficial to
return a "schema disagreement detected" flag with the read from a replica.
Replicas already have the capacity to identify this condition based on the
ColumnFilter, which is sent by the coordinator alongside the read request.
This detection does not necessitate checking the EndpointState and so forth.

Full, in-depth spectrum of possible scenarios with some my loose
deliberations:

Coordinator knowledge

Replica knowledge

Current state, in particular in presence of post-drop writes

Expected behaviour (in users’ eyes)

D

C

IllegalStateException (CASSANDRA-17047, CASSANDRA-18532)

???

Ignore dropped column data?

D

D

ColumnFilter `fetches` all columns, including the dropped one;
NPE/AssertioError for post-drop-writes (CASSANDRA-18591, CASSANDRA-18589)

Ignore dropped column data

C

D

CASSANDRA-18591, CASSANDRA-18589

???

Replica knows more, but the coordinator is OK with returning the column.

The replica cannot guarantee that it will return the data anyway (it might
have already been removed).

Currently, the read path does not support returning data for dropped
columns.

The easiest solution would be to ignore the column as in the D D case Ignoring
the column may lead to read-repair storm

A

A

post-drop-writes are resurrected

???

The user would like the writes to be dropped.
We could do that by e.g. comparing write timestamp to the timestamp of
column re-addition. The problem is then that in the presence of clock skew
between nodes we might ignore reading a write that was confirmed (and e.g.
written in QUORUM). This sounds worse than resurrection.

A

D

Currently on replica it is not possible to distinguish this case from C D.
Also, there is no way to distinguish which node is “right” - whether the
column was dropped and has been re-added or if it was re-added and then
dropped again.

???

Again, the easiest is to ignore data for the dropped column (IIUC new
writes couldn’t have happened to the replica yet, because of the check in
UpdateStatement::prepareInternal - so, we will not remove a new, confirmed
write)

Or perhaps we should fail the read until schema convergence…

D

A

See above and DC case

See above and DC case

A

C

writes may be resurrected

???

I guess we can live with this…

We really shouldn’t

Re: [DISCUSS] Lift MessagingService.minimum_version to 40 in trunk

[Mick Semb Wever]

>
> I am pretty strongly in favor just to keep the amount of code kept around
> for serialization/deserialization and caching serialized sizes for
> different versions under control.
>


Thanks Ariel.


CASSANDRA-18314 is patched, and looking for reviewers.