SwitchTraffic: check vreplication lag before switching

[rohit-nayak-ps]

Description

This PR adds logic to measure the estimated lag between the last transaction at the source and the last transaction seen by the target. The target persists the transaction timestamp of each seen event in _vt.vreplication. The target may not receive events from the source in two cases:

• where there is no activity at the source relevant to the target
• when the source is disconnected from the target (due to a vstreamer error, network issue or source tablets being unavailable).

To differentiate between this the source starts sending "heartbeats" (special internal VEvents) every second if there are no actual events to be sent. As part of this PR we also start storing the last heartbeat time in _vt.vreplication.

We calculate the transaction lag based on the transaction timestamp and the last heartbeat for each stream and the maximum across streams is used as the workflow lag: https://github.com/vitessio/vitess/blob/dc74ebcc2d1c70f36030ca07ec857c009afd6954/go/vt/wrangler/vexec.go#L536

We now add a check before switching traffic (both read and write) to ensure:

1. that the lag is within acceptable bounds (defined by the duration flag -max_transaction_lag_allowed, default 30s)
2. that there is no stream that has an error
3. that we are not still in the copy phase (this already exists)

Note that the Workflow Show command does already show a MaxVReplicationLag. This was implemented more to determine if there was an issue with the source not being available than measuring transaction lag. Since the name is already in-use, for backward compatibility, a new variable MaxVReplicationTransactionLag has been added for the purposes of this PR.

Other changes:

• Minor refactoring of the test framework for ease of maintenance
• Intial doc to describe the test framework and changes needed for this PR. We will update this in upcoming PRs.

New flag documented in website PR: vitessio/website#957

Related Issue(s)

#9525

Checklist

• Should this PR be backported?
• Tests were added or are not required
• Documentation was added or is not required

[aquarapid]

One question/comment I would have is what the default for this timeout check should be. In the interests of not changing current behavior, an argument can be made for it to be infinite? Or at least equal to the switch wait timeout?

[mattlord]

One question/comment I would have is what the default for this timeout check should be. In the interests of not changing current behavior, an argument can be made for it to be infinite? Or at least equal to the switch wait timeout?

Why would we NOT re-use the existing flag? That being: -timeout

If we check replication lag ahead of time and see that it's beyond that window, it's reasonable to assume it's not likely to catch up within that window.

See problems/issues with that?

[rohit-nayak-ps]

Why would we NOT re-use the existing flag? That being: [-timeout]

I thought of using a different flag here because:

• -timeout essentially specifies the maximum downtime that is acceptable while switching writes. This includes the overhead of coordinating between all the shards and across cells.
• a new flag -max_lag_allowed would allow specifying a small lag, say 2 or 5 seconds, for both reads (minimize reading stale data) and writes

If we use a single flag for both we could end up not being able to specify a small lag because it will always timeout due to the overhead.

As Jacques suggested we could use the current wait timeout as default for the new flag, if we do decide to go with two separate flags.

[rohit-nayak-ps]

The changes in this function are mainly refactoring to use name references instead of index-based (and accessing the new time_heartbeat column)

[rohit-nayak-ps]

One functionality that might "break" due to this PR is that some SwitchTraffics that succeeded in the past will temporarily error out since the lag is too high. This can happen, for example, if the user created a workflow and immediately tried to SwitchTraffic without letting the workflows catchup. Earlier it would have just taken longer for the call to return since it would mostly like manage to catchup before the wait timeout (def: 30s) (or just timeout if there was too much data).

Now it will return an error and user will need to monitor the lag and/or try again later. This is the correct way to use SwitchTraffic and one we want to encourage (and indeed the reason for this PR). So I don't believe we should keep a larger default but noting it here since it might give rise to a few extra support questions.

[mattlord]

I had a few nits and questions, but otherwise LGTM! I really appreciate the time you put into the tests, docs, and refactoring!

I'll approve so that you're free to merge after addressing any valid issues.

[mattlord]

Nit, but I would call the parameter default or defaultValue. At first I missed the comment and thought we were passing that in as a pointer to be written to.

[rohit-nayak-ps]

Agree, def is confusing. Since used in all other functions, so I went with this rather than just name it differently here or fix it everywhere. But I should have ...

[mattlord]

For this to be correct, I think we should only do duration -= waitDuration in the else clause when we know we should loop again. Otherwise I think we could successfully switch in the last iteration of the loop and the duration may be <= 0 even though we were successful.

[rohit-nayak-ps]

The if has a break from the for loop, so the duration will not decrement if we were successful.

[mattlord]

Possible to share this code between the two end2end tests? If not, see my earlier comments about this code in sharded_buffer_test.go

[rohit-nayak-ps]

Yeah, classic anti-pattern :( Because they are in different packages and we don't yet have a utils package to reuse such code, I took the short-cut. Merging as is now to catch the release deadline, will address "soon".