Persistence: purge unreferenced Objs

This is an attempt to implement the algorithm mentioned in the PR #9401. The `Obj.referenced()` attribute contains the timestamp when the object was last "referenced" (aka: attempted to be written). It is ... * set when an object is first persisted via a `storeObj()` * updated in the database, when an object was not persisted via `storeObj()` * set/updated via `upsertObj()` * updated via `updateConditional()` Let's assume that there is a mechanism to identify the IDs of all referenced objects (it would be very similar to what the export functionality does). The algorithm to purge unreferenced objects must never delete an object that is referenced at any point of time, and must consider the case that an object that was unreferenced when a purge-unreferenced-objects routine started, but became referenced while it is running. An approach could work as follows: 1. Memoize the current timestamp (minus some wall-clock drift adjustment). 2. Identify the IDs of all referenced objects. We could leverage a bloom filter, if the set of IDs is big. 3. Then scan all objects in the repository. Objects can be purged, if ... * the ID is not in the set (or bloom filter) generated in step 2 ... * _AND_ have a `referenced` timestamp less than the memoized timestamp. Any deletion in the backing database would follow the meaning of this pseudo SQL: `DELETE FROM objs WHERE obj_id = :objId AND referenced < :memoizedTimestamp`. Noting, that the `referenced` attribute is rather incorrect when retrieved from the objects cache (aka: during normal operations), which is not a problem, because that `referenced` attribute is irrelevant for production accesses. There are two edge cases / race conditions: * (for some backends): A `storeObj()` operation detected that the object already exists - then the purge routine deletes that object - and then the `storeObj()` tries to upddate the `referenced` attribute. The result is the loss of that object. This race condition can only occur, if the object existed but was not referenced. * While the referenced objects are being identified, create a new named reference (branch / tag) pointing to commit(s) that would be identified as unreferenced and being later purged.
projectnessie · Oct 9, 2024 · 9b93435 · 9b93435
1 parent 15a37be
commit 9b93435
Show file tree

Hide file tree

Showing 26 changed files with 1,868 additions and 0 deletions.
diff --git a/bom/build.gradle.kts b/bom/build.gradle.kts
@@ -88,6 +88,7 @@ dependencies {
     api(project(":nessie-versioned-storage-cassandra-tests"))
     api(project(":nessie-versioned-storage-cassandra2"))
     api(project(":nessie-versioned-storage-cassandra2-tests"))
+    api(project(":nessie-versioned-storage-cleanup"))
     api(project(":nessie-versioned-storage-common"))
     api(project(":nessie-versioned-storage-common-proto"))
     api(project(":nessie-versioned-storage-common-serialize"))

diff --git a/gradle/projects.main.properties b/gradle/projects.main.properties
@@ -71,6 +71,7 @@ nessie-versioned-storage-cassandra=versioned/storage/cassandra
 nessie-versioned-storage-cassandra-tests=versioned/storage/cassandra-tests
 nessie-versioned-storage-cassandra2=versioned/storage/cassandra2
 nessie-versioned-storage-cassandra2-tests=versioned/storage/cassandra2-tests
+nessie-versioned-storage-cleanup=versioned/storage/cleanup
 nessie-versioned-storage-common=versioned/storage/common
 nessie-versioned-storage-common-proto=versioned/storage/common-proto
 nessie-versioned-storage-common-serialize=versioned/storage/common-serialize

diff --git a/versioned/storage/cleanup/build.gradle.kts b/versioned/storage/cleanup/build.gradle.kts
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2022 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+plugins { id("nessie-conventions-server") }
+
+publishingHelper { mavenName = "Nessie - Storage - Cleanup unreferenced objects" }
+
+description = "Identify and purge unreferenced objects in the Nessie repository."
+
+dependencies {
+  implementation(project(":nessie-model"))
+  implementation(project(":nessie-versioned-storage-common"))
+  implementation(project(":nessie-versioned-spi"))
+  implementation(project(":nessie-versioned-transfer-related"))
+
+  compileOnly(libs.jakarta.validation.api)
+  compileOnly(libs.jakarta.annotation.api)
+  compileOnly(libs.microprofile.openapi)
+
+  compileOnly(platform(libs.jackson.bom))
+  compileOnly("com.fasterxml.jackson.core:jackson-annotations")
+
+  compileOnly(libs.errorprone.annotations)
+  implementation(libs.guava)
+  implementation(libs.agrona)
+  implementation(libs.slf4j.api)
+
+  compileOnly(project(":nessie-versioned-storage-testextension"))
+
+  compileOnly(project(":nessie-immutables"))
+  annotationProcessor(project(":nessie-immutables", configuration = "processor"))
+
+  testImplementation(project(":nessie-versioned-storage-testextension"))
+  testImplementation(project(":nessie-versioned-storage-inmemory"))
+  testImplementation(project(":nessie-versioned-tests"))
+  testImplementation(project(path = ":nessie-protobuf-relocated", configuration = "shadow"))
+  testImplementation(platform(libs.junit.bom))
+  testImplementation(libs.bundles.junit.testing)
+  testRuntimeOnly(libs.logback.classic)
+}
diff --git a/...ed/storage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/Cleanup.java b/...ed/storage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/Cleanup.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2024 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.versioned.storage.cleanup;
+
+import static org.projectnessie.versioned.storage.cleanup.PurgeFilter.ReferencedObjectsPurgeFilter.referencedObjectsPurgeFilter;
+import static org.projectnessie.versioned.storage.cleanup.ReferencedObjectsContext.objectsResolverContext;
+
+import org.projectnessie.versioned.storage.common.persist.Obj;
+import org.projectnessie.versioned.storage.common.persist.Persist;
+
+public class Cleanup {
+  private final CleanupParams objectsResolverParams;
+
+  private Cleanup(CleanupParams cleanupParams) {
+    this.objectsResolverParams = cleanupParams;
+  }
+
+  public static Cleanup createCleanup(CleanupParams params) {
+    return new Cleanup(params);
+  }
+
+  /**
+   * Create the context holder used when identifying referenced objects and purging unreferenced
+   * objects.
+   *
+   * <p>Choosing an appropriate value for {@code maxObjReferenced} is crucial. Technically, this
+   * value must be at max the current timestamp - but logically {@code maxObjReferenced} should be
+   * the timestamp of a few days ago to not delete unreferenced objects too early and give users a
+   * chance to reset branches to another commit ID in case some table/view metadata is broken.
+   *
+   * @param persist the persistence/repository to run against
+   * @param maxObjReferenced only {@link Obj}s with a {@link Obj#referenced()} older than {@code
+   *     maxObjReferenced} will be deleted. Production workloads should set this to something like
+   *     "now minus 7 days" to have the chance to reset branches, just in case. Technically, this
+   *     value must not be greater than "now". "Now" should be inquired using {@code
+   *     Persist.config().clock().instant()}.
+   */
+  public ReferencedObjectsContext buildReferencedObjectsContext(
+      Persist persist, long maxObjReferenced) {
+    var referencedObjects = new ReferencedObjectsFilterImpl(objectsResolverParams);
+    var purgeFilter = referencedObjectsPurgeFilter(referencedObjects, maxObjReferenced);
+    return objectsResolverContext(persist, objectsResolverParams, referencedObjects, purgeFilter);
+  }
+
+  /**
+   * Creates a new objects-resolver instance to identify <em>referenced</em> objects, which must be
+   * retained.
+   *
+   * @param objectsResolverContext context, preferably created using {@link
+   *     #buildReferencedObjectsContext(Persist, long)}
+   */
+  public ReferencedObjectsResolver createReferencedObjectsResolver(
+      ReferencedObjectsContext objectsResolverContext) {
+    return new ReferencedObjectsResolverImpl(objectsResolverContext);
+  }
+
+  /**
+   * Creates a new objects-purger instance to delete <em>unreferenced</em> objects.
+   *
+   * @param purgeObjectsContext return value of {@link ReferencedObjectsResolver#resolve()}.
+   */
+  public PurgeObjects createPurgeObjects(PurgeObjectsContext purgeObjectsContext) {
+    return new PurgeObjectsImpl(purgeObjectsContext);
+  }
+}
diff --git a/...rage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/CleanupParams.java b/...rage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/CleanupParams.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2024 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.versioned.storage.cleanup;
+
+import static org.projectnessie.versioned.storage.common.logic.InternalRef.REF_REFS;
+import static org.projectnessie.versioned.storage.common.logic.InternalRef.REF_REPO;
+
+import java.util.List;
+import java.util.function.IntFunction;
+import org.immutables.value.Value;
+import org.projectnessie.nessie.immutables.NessieImmutable;
+import org.projectnessie.versioned.storage.common.persist.ObjId;
+import org.projectnessie.versioned.transfer.related.TransferRelatedObjects;
+
+@NessieImmutable
+public interface CleanupParams {
+  // Following defaults result in a serialized bloom filter size of about 3000000 bytes.
+  long DEFAULT_EXPECTED_OBJ_COUNT = 1_000_000L;
+  double DEFAULT_FALSE_POSITIVE_PROBABILITY = 0.00001d;
+  double DEFAULT_ALLOWED_FALSE_POSITIVE_PROBABILITY = 0.0001d;
+  boolean DEFAULT_ALLOW_DUPLICATE_COMMIT_TRAVERSALS = false;
+  int DEFAULT_PENDING_OBJS_BATCH_SIZE = 20;
+  int DEFAULT_RECENT_OBJ_IDS_FILTER_SIZE = 100_000;
+
+  static ImmutableCleanupParams.Builder builder() {
+    return ImmutableCleanupParams.builder();
+  }
+
+  @Value.Default
+  default long expectedObjCount() {
+    return DEFAULT_EXPECTED_OBJ_COUNT;
+  }
+
+  @Value.Default
+  default double falsePositiveProbability() {
+    return DEFAULT_FALSE_POSITIVE_PROBABILITY;
+  }
+
+  @Value.Default
+  default double allowedFalsePositiveProbability() {
+    return DEFAULT_ALLOWED_FALSE_POSITIVE_PROBABILITY;
+  }
+
+  @Value.Default
+  default TransferRelatedObjects relatedObjects() {
+    return new TransferRelatedObjects() {};
+  }
+
+  @Value.Default
+  default boolean allowDuplicateCommitTraversals() {
+    return DEFAULT_ALLOW_DUPLICATE_COMMIT_TRAVERSALS;
+  }
+
+  @Value.Default
+  default int resolveCommitRatePerSecond() {
+    return Integer.MAX_VALUE;
+  }
+
+  @Value.Default
+  default int resolveObjRatePerSecond() {
+    return Integer.MAX_VALUE;
+  }
+
+  @Value.Default
+  default int purgeScanObjRatePerSecond() {
+    return Integer.MAX_VALUE;
+  }
+
+  @Value.Default
+  default int purgeDeleteObjRatePerSecond() {
+    return Integer.MAX_VALUE;
+  }
+
+  @Value.Default
+  default int pendingObjsBatchSize() {
+    return DEFAULT_PENDING_OBJS_BATCH_SIZE;
+  }
+
+  /**
+   * Size of the "recent object IDs" filter to prevent processing the same {@link ObjId}s. This *
+   * happens, when the values referenced from the commit index are iterated, because it iterates *
+   * over all keys, not only the keys added by a particular commit.
+   *
+   * <p>The value defaults to {@value #DEFAULT_RECENT_OBJ_IDS_FILTER_SIZE}. It should be higher than
+   * the maximum number of keys in a commit.
+   */
+  @Value.Default
+  default int recentObjIdsFilterSize() {
+    return DEFAULT_RECENT_OBJ_IDS_FILTER_SIZE;
+  }
+
+  @Value.Default
+  default IntFunction<RateLimit> rateLimitFactory() {
+    return RateLimit::create;
+  }
+
+  @Value.Default
+  default List<String> internalReferenceNames() {
+    return List.of(REF_REFS.name(), REF_REPO.name());
+  }
+
+  @Value.Default
+  default boolean dryRun() {
+    return false;
+  }
+}
diff --git a/...ava/org/projectnessie/versioned/storage/cleanup/MustRestartWithBiggerFilterException.java b/...ava/org/projectnessie/versioned/storage/cleanup/MustRestartWithBiggerFilterException.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2024 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.versioned.storage.cleanup;
+
+/**
+ * Thrown when the bloom filter's FPP is above the configured threshold when adding IDs. If this
+ * exception is encountered, the current garbage-collection run <em>must</em> be aborted and
+ * restarted with a bigger {@link CleanupParams#expectedObjCount()} value.
+ */
+public class MustRestartWithBiggerFilterException extends RuntimeException {
+  public MustRestartWithBiggerFilterException(String msg) {
+    super(msg);
+  }
+}
diff --git a/...torage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/PurgeFilter.java b/...torage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/PurgeFilter.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2024 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.versioned.storage.cleanup;
+
+import jakarta.validation.constraints.NotNull;
+import java.util.List;
+import org.projectnessie.nessie.immutables.NessieImmutable;
+import org.projectnessie.versioned.storage.common.persist.Obj;
+
+public interface PurgeFilter {
+  boolean mustKeep(@NotNull Obj obj);
+
+  @NessieImmutable
+  interface CompositePurgeFilter extends PurgeFilter {
+    List<PurgeFilter> filters();
+
+    static CompositePurgeFilter compositePurgeFilter(PurgeFilter... filters) {
+      return ImmutableCompositePurgeFilter.of(List.of(filters));
+    }
+
+    static CompositePurgeFilter compositePurgeFilter(List<PurgeFilter> filters) {
+      return ImmutableCompositePurgeFilter.of(filters);
+    }
+
+    @Override
+    default boolean mustKeep(Obj obj) {
+      for (PurgeFilter filter : filters()) {
+        if (filter.mustKeep(obj)) {
+          return true;
+        }
+      }
+      return false;
+    }
+  }
+
+  @NessieImmutable
+  interface ReferencedObjectsPurgeFilter extends PurgeFilter {
+    ReferencedObjectsFilter referencedObjects();
+
+    long maxObjReferenced();
+
+    static ReferencedObjectsPurgeFilter referencedObjectsPurgeFilter(
+        ReferencedObjectsFilter referencedObjects, long maxObjReferenced) {
+      return ImmutableReferencedObjectsPurgeFilter.of(referencedObjects, maxObjReferenced);
+    }
+
+    @Override
+    default boolean mustKeep(Obj obj) {
+      return obj.referenced() > maxObjReferenced()
+          || referencedObjects().isProbablyReferenced(obj.id());
+    }
+  }
+}
diff --git a/...orage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/PurgeObjects.java b/...orage/cleanup/src/main/java/org/projectnessie/versioned/storage/cleanup/PurgeObjects.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2024 Dremio
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.projectnessie.versioned.storage.cleanup;
+
+public interface PurgeObjects {
+  PurgeResult purge();
+
+  /** Return the current statistics, works even if {@link #purge()} throws an exception. */
+  PurgeStats getStats();
+}