sql: gcjob and opt need ZoneConfig which is not available on tenants #49445
Assignees
Labels
A-multitenancy
Related to multi-tenancy
Comments
|
Hi @tbg, please add a C-ategory label to your issue. Check out the label system docs. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
tbg
changed the title
|
The way the dependency goes here is weird enough to mention. The ZoneConfigHook lives in sql: cockroach/pkg/sql/zone_config.go Lines 153 to 174 in 15c7371 The zone configs are stored in the system tenant: Lines 24 to 27 in 6927a10 So roughly what we want is some way for non-system tenants to get (transactional?) read-only access to the zones covering their keyspace. This all seems doable. I wouldn't guess that we need transactional access here, at least not for gcjob or opt. |
|
cc @nvanbenschoten since this came up tangentially in #49459 |
|
Just discussed: we make it optional now (bypassing any uses of it), but down the road we should allow the tenant to read the system configs that pertain to it. |
|
We need to figure something out though. |
tbg
added
A-multitenancy-blocker
and removed
A-multitenancy
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Jun 2, 2020
Fixes cockroachdb#49318. Fixes cockroachdb#49445. Progress towards cockroachdb#48123. Informs cockroachdb#48774. This commit introduces a new pseudo object ID in the system tenant's namespace called "tenants". Like "liveness" and "timeseries" before it, the pseudo object allows zone configurations to be applied to pseudo-objects that do not live directly in the system tenant's SQL keyspace. In this case, the "tenants" zone allows zone configurations to be set by the system tenant and applied to all other tenants in the system. There may come a time when we want secondary tenants to have more control over their zone configurations, but that will require a much larger change to the zone config structure and UX as a whole. While making this change, we rationalize the rest of zone configuration handling and how it relates to multi-tenancy. Now that secondary tenant ranges have a zone config to call their own, we can make sense of calls from SQL into the zone configuration infrastructure. We gate off calls that don't make sense for secondary tenants and clean up hooks in SQL that handle zone config manipulation. All of this works towards a good cause - we eliminate the remaining uses of `keys.TODOSQLCodec` from `pkg/sql/...` and `pkg/config/...`, bringing us a big step closer towards being able to remove the placeholder and close cockroachdb#48123. This work also reveals that in order to address cockroachdb#48774, we need to be able to determine split points from the SystemConfig. This makes it very difficult to split on secondary tenant object (e.g. table) boundaries. However, it makes it straightforward to split on secondary tenant keysapce boundaries. This is already what we were thinking (see cockroachdb#47907), so out both convenience and desire, I expect that we'll follow this up with a PR that splits Ranges only at secondary tenant boundaries - placing the overhead of an otherwise empty tenant at only a single Range and a few KBs of data.
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Jun 3, 2020
Fixes cockroachdb#49318. Fixes cockroachdb#49445. Progress towards cockroachdb#48123. Informs cockroachdb#48774. This commit introduces a new pseudo object ID in the system tenant's namespace called "tenants". Like "liveness" and "timeseries" before it, the pseudo object allows zone configurations to be applied to pseudo-objects that do not live directly in the system tenant's SQL keyspace. In this case, the "tenants" zone allows zone configurations to be set by the system tenant and applied to all other tenants in the system. There may come a time when we want secondary tenants to have more control over their zone configurations, but that will require a much larger change to the zone config structure and UX as a whole. While making this change, we rationalize the rest of zone configuration handling and how it relates to multi-tenancy. Now that secondary tenant ranges have a zone config to call their own, we can make sense of calls from KV into the zone configuration infrastructure. We gate off calls that don't make sense for secondary tenants and clean up hooks in SQL that handle zone config manipulation. All of this works towards a good cause - we eliminate the remaining uses of `keys.TODOSQLCodec` from `pkg/sql/...` and `pkg/config/...`, bringing us a big step closer towards being able to remove the placeholder and close cockroachdb#48123. This work also reveals that in order to address cockroachdb#48774, we need to be able to determine split points from the SystemConfig. This makes it very difficult to split on secondary tenant object (e.g. table) boundaries. However, it makes it straightforward to split on secondary tenant keysapce boundaries. This is already what we were thinking (see cockroachdb#47907), so out both convenience and desire, I expect that we'll follow this up with a PR that splits Ranges only at secondary tenant boundaries - placing the overhead of an otherwise empty tenant at only a single Range and a few KBs of data.
craig bot
pushed a commit
that referenced
this issue
Jun 4, 2020
49784: config: introduce pseudo "tenants" zone r=nvanbenschoten a=nvanbenschoten Fixes #49318. Fixes #49445. Progress towards #48123. Informs #48774. This commit introduces a new pseudo object ID in the system tenant's namespace called "tenants". Like "liveness" and "timeseries" before it, the pseudo object allows zone configurations to be applied to pseudo-objects that do not live directly in the system tenant's SQL keyspace. In this case, the "tenants" zone allows zone configurations to be set by the system tenant and applied to all other tenants in the system. There may come a time when we want secondary tenants to have more control over their zone configurations, but that will require a much larger change to the zone config structure and UX as a whole. While making this change, we rationalize the rest of zone configuration handling and how it relates to multi-tenancy. Now that secondary tenant ranges have a zone config to call their own, we can make sense of calls from SQL into the zone configuration infrastructure. We gate off calls that don't make sense for secondary tenants and clean up hooks in SQL that handle zone config manipulation. All of this works towards a good cause - we eliminate the remaining uses of `keys.TODOSQLCodec` from `pkg/sql/...` and `pkg/config/...`, bringing us a big step closer towards being able to remove the placeholder and close #48123. This work also reveals that in order to address #48774, we need to be able to determine split points from the SystemConfig. This makes it very difficult to split on secondary tenant object (e.g. table) boundaries. However, it makes it straightforward to split on secondary tenant keysapce boundaries. This is already what we were thinking (see #47907), so out both convenience and desire, I expect that we'll follow this up with a PR that splits Ranges only at secondary tenant boundaries - placing the overhead of an otherwise empty tenant at only a single Range and a few KBs of data. Co-authored-by: Nathan VanBenschoten <[email protected]>
craig bot
pushed a commit
that referenced
this issue
Jun 11, 2020
50041: logictest: remove 3node-tenant blocklist from some tests r=tbg a=asubiotto The big change here is returning nil in `crdb_internal.zones.populate`. It makes sense to me to do so in the spirit of making zone configs "optional" for phase 2 (#49445) although I'm not 100% sure this won't break anything. Co-authored-by: Alfonso Subiotto Marques <[email protected]>
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Jul 29, 2020
… server Fixes cockroachdb#49445. This commit introduces a new SystemConfigProvider abstraction, which is capable of providing the SystemConfig, as well as notifying clients of updates to the SystemConfig. Gossip already implements this interface. The commit then updates SQL to use this new dependency in place of Gossip whenever it needs to access the SystemConfig. After making this change, it then updates the kvtenant.Proxy to implement the new SystemConfigProvider interface. This is powered by the GossipSubscription RPC that was added in cockroachdb#50520. The commit updates the subscription to also match on the "system-db" gossip key, and just like that, it can provide the SystemConfig to SQL [*]. Finally, with the kvtenant.Proxy serving the role of a SystemConfigProvider to SQL when applicable, we're able to remove gossip entirely from StartTenant. SQL-only servers will no longer join the gossip network, which is a nice milestone for all of this work. [*] there are a few remaining questions about how exactly we want to enforce an access control policy on the system config gossip pattern. See the updated comment in `Node.GossipSubscription`. For now, we're just returning the entire SystemConfig to the subscription.
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Jul 29, 2020
… server Fixes cockroachdb#49445. This commit introduces a new SystemConfigProvider abstraction, which is capable of providing the SystemConfig, as well as notifying clients of updates to the SystemConfig. Gossip already implements this interface. The commit then updates SQL to use this new dependency in place of Gossip whenever it needs to access the SystemConfig. After making this change, it then updates the kvtenant.Proxy to implement the new SystemConfigProvider interface. This is powered by the GossipSubscription RPC that was added in cockroachdb#50520. The commit updates the subscription to also match on the "system-db" gossip key, and just like that, it can provide the SystemConfig to SQL [*]. Finally, with the kvtenant.Proxy serving the role of a SystemConfigProvider to SQL when applicable, we're able to remove gossip entirely from StartTenant. SQL-only servers will no longer join the gossip network, which is a nice milestone for all of this work. [*] there are a few remaining questions about how exactly we want to enforce an access control policy on the system config gossip pattern. See the updated comment in `Node.GossipSubscription`. For now, we're just returning the entire SystemConfig to the subscription.
tbg
pushed a commit
to nvanbenschoten/cockroach
that referenced
this issue
Jul 31, 2020
… server Fixes cockroachdb#49445. This commit introduces a new SystemConfigProvider abstraction, which is capable of providing the SystemConfig, as well as notifying clients of updates to the SystemConfig. Gossip already implements this interface. The commit then updates SQL to use this new dependency in place of Gossip whenever it needs to access the SystemConfig. After making this change, it then updates the kvtenant.Proxy to implement the new SystemConfigProvider interface. This is powered by the GossipSubscription RPC that was added in cockroachdb#50520. The commit updates the subscription to also match on the "system-db" gossip key, and just like that, it can provide the SystemConfig to SQL [*]. Finally, with the kvtenant.Proxy serving the role of a SystemConfigProvider to SQL when applicable, we're able to remove gossip entirely from StartTenant. SQL-only servers will no longer join the gossip network, which is a nice milestone for all of this work. [*] there are a few remaining questions about how exactly we want to enforce an access control policy on the system config gossip pattern. See the updated comment in `Node.GossipSubscription`. For now, we're just returning the entire SystemConfig to the subscription.
craig bot
pushed a commit
that referenced
this issue
Aug 3, 2020
52034: kvtenant: implement SystemConfigProvider, remove Gossip from SQL-only server r=nvanbenschoten a=nvanbenschoten Fixes #49445. This commit introduces a new SystemConfigProvider abstraction, which is capable of providing the SystemConfig, as well as notifying clients of updates to the SystemConfig. Gossip already implements this interface. The commit then updates SQL to use this new dependency in place of Gossip whenever it needs to access the SystemConfig. After making this change, it then updates the kvtenant.Proxy to implement the new SystemConfigProvider interface. This is powered by the GossipSubscription RPC that was added in #50520. The commit updates the subscription to also match on the "system-db" gossip key, and just like that, it can provide the SystemConfig to SQL [*]. Finally, with the kvtenant.Proxy serving the role of a SystemConfigProvider to SQL when applicable, we're able to remove gossip entirely from StartTenant. SQL-only servers will no longer join the gossip network, which is a nice milestone for all of this work. [*] there are a few remaining questions about how exactly we want to enforce an access control policy on the system config gossip pattern. See the updated comment in `Node.GossipSubscription`. For now, we're just returning the entire SystemConfig to the subscription. Co-authored-by: Nathan VanBenschoten <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See
cockroach/pkg/sql/gcjob/refresh_statuses.go
Line 95 in c37f28f
The way we've designed clearing up after a
DROP TABLEis fundamentally incompatible with a hard split between KV and SQL, unless we add a way for the SQL layer to figure out the zone config for a given table from the KV backend. The other way to do this is to push the responsibility for cleaning up into KV, which is a bigger change but is "better" in the sense that it doesn't rely on the SQL tenant process running (which often won't be the case after the TTL).We should be able to hard-code a value here instead for the time being.
Similar in opt:
cockroach/pkg/sql/opt/xform/coster.go
Line 754 in 74741e6
We have a pretty hard dependency on reasoning about the physical location of data. Here there seems no way around it, we need to be able to resolve table ID to localities, and this becomes a blocker the moment we go geo-distributed.
cc @nvanbenschoten
The text was updated successfully, but these errors were encountered: