blob: d0704edb76db8e52853929949cff06abb667d029 [file] [log] [blame]
.. Licensed under the Apache License, Version 2.0 (the "License"); you may not
.. use this file except in compliance with the License. You may obtain a copy of
.. the License at
..
.. http://www.apache.org/licenses/LICENSE-2.0
..
.. Unless required by applicable law or agreed to in writing, software
.. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
.. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
.. License for the specific language governing permissions and limitations under
.. the License.
.. _cluster/purging:
===============
Clustered Purge
===============
The primary purpose of clustered purge is to clean databases that have multiple
deleted tombstones or single documents that contain large numbers of conflicts.
But it can also be used to purge any document (deleted or non-deleted) with any
number of revisions.
Clustered purge is designed to maintain eventual consistency and prevent
unnecessary invalidation of secondary indexes. For this, every database keeps
track of a certain number of historical purges requested in the database, as
well as its current ``purge_seq``. Internal replications and secondary indexes
process database's purges and periodically update their corresponding purge
checkpoint documents to report ``purge_seq`` processed by them. To ensure
eventual consistency, the database will remove stored historical purge requests
only after they have been processed by internal replication jobs and secondary
indexes.
Internal Structures
====================================
To enable internal replication of purge information between nodes and secondary
indexes, two internal purge trees were added to a database file to track
historical purges.
.. code-block:: text
purge_tree: UUID -> {PurgeSeq, DocId, Revs}
purge_seq_tree: PurgeSeq -> {UUID, DocId, Revs}
Each interactive request to ``_purge API``, creates an ordered set of pairs on
increasing ``purge_seq`` and purge_request, where purge_request is a tuple that
contains docid and list of revisions. For each purge_request uuid is generated.
A purge request is added to internal purge trees:
a tuple ``{UUID -> {PurgeSeq, DocId, Revs}}`` is added to ``purge_tree``,
a tuple is ``{PurgeSeq -> {UUID, DocId, Revs}}`` added ``to purge_seq_tree``.
Compaction of Purges
====================================
During the compaction of the database the oldest purge requests are to be
removed to store only ``purged_infos_limit`` number of purges in the database.
But in order to keep the database consistent with indexes and other replicas,
we can only remove purge requests that have already been processed by indexes
and internal replications jobs. Thus, occasionally purge trees may store
more than ``purged_infos_limit`` purges. If the number of stored purges in the
database exceeds ``purged_infos_limit`` by a certain threshold, a warning is
produced in logs signaling a problem of synchronization of database's purges
with indexes and other replicas.
Local Purge Checkpoint Documents
====================================
Indexes and internal replications of the database with purges create and
periodically update local checkpoint purge documents:
``_local/purge-$type-$hash``. These documents report the last ``purge_seq``
processed by them and the timestamp of the last processing. An example of a
local checkpoint purge document:
.. code-block:: json
{
"_id": "_local/purge-mrview-86cacdfbaf6968d4ebbc324dd3723fe7",
"type": "mrview",
"purge_seq": 10,
"updated_on": 1540541874,
"ddoc_id": "_design/foo",
"signature": "5d10247925f826ae3e00966ec24b7bf6"
}
The below image shows possible local checkpoint documents that a database may
have.
.. figure:: ../../images/purge-checkpoint-docs.png
:align: center
:alt: Local Purge Checkpoint Documents
Local Purge Checkpoint Documents
Internal Replication
====================================
.. rst-class:: open
Purge requests are replayed across all nodes in an eventually consistent manner.
Internal replication of purges consists of two steps:
1. Pull replication. Internal replication first starts by pulling purges from
target and applying them on source to make sure we don't reintroduce to target
source's docs/revs that have been already purged on target. In this step, we use
purge checkpoint documents stored on target to keep track of the last target's
``purge_seq`` processed by the source. We find purge requests occurred after
this ``purge_seq``, and replay them on source. This step is done by updating
the target's checkpoint purge documents with the latest process ``purge_seq``
and timestamp.
2. Push replication. Then internal replication proceeds as usual with an extra
step inserted to push source's purge requests to target. In this step, we use
local internal replication checkpoint documents, that are updated both on target
and source.
Under normal conditions, an interactive purge request is already sent to every
node containing a database shard's replica, and applied on every replica.
Internal replication of purges between nodes is just an extra step to ensure
consistency between replicas, where all purge requests on one node are replayed
on another node. In order not to replay the same purge request on a replica,
each interactive purge request is tagged with a unique ``uuid``. Internal
replication filters out purge requests with UUIDs that already exist in the
replica's ``purge_tree``, and applies only purge requests with UUIDs that don't
exist in the ``purge_tree``. This is the reason why we needed to have two
internal purge trees: 1) ``purge_tree``: ``{UUID -> {PurgeSeq, DocId, Revs}}``
allows to quickly find purge requests with UUIDs that already exist in the
replica; 2) ``purge_seq_tree``: ``{PurgeSeq -> {UUID, DocId, Revs}}`` allows to
iterate from a given ``purge_seq`` to collect all purge requests happened after
this ``purge_seq``.
Indexes
====================================
Each purge request will bump up ``update_seq`` of the database, so that each
secondary index is also updated in order to apply the purge requests to maintain
consistency within the main database.
Config Settings
====================================
These settings can be updated in the default.ini or local.ini:
+-----------------------+--------------------------------------------+----------+
| Field | Description | Default |
+=======================+============================================+==========+
| max_document_id_number| Allowed maximum number of documents in one | 100 |
| | purge request | |
+-----------------------+--------------------------------------------+----------+
| max_revisions_number | Allowed maximum number of accumulated | 1000 |
| | revisions in one purge request | |
+-----------------------+--------------------------------------------+----------+
| allowed_purge_seq_lag | Beside purged_infos_limit, allowed | 100 |
| | additional buffer to store purge requests | |
+-----------------------+--------------------------------------------+----------+
| index_lag_warn_seconds| Allowed durations when index is not | 86400 |
| | updated for local purge checkpoint document| |
+-----------------------+--------------------------------------------+----------+
During a database compaction, we check all checkpoint purge docs. A client (an
index or internal replication job) is allowed to have the last reported
``purge_seq`` to be smaller than the current database shard's ``purge_seq`` by
the value of ``(purged_infos_limit + allowed_purge_seq_lag)``. If the client's
``purge_seq`` is even smaller, and the client has not checkpointed within
``index_lag_warn_seconds``, it prevents compaction of purge trees and we have to
issue the following log warning for this client:
.. code-block:: text
Purge checkpoint '_local/purge-mrview-9152d15c12011288629bcffba7693fd4’
not updated in 86400 seconds in
<<"shards/00000000-1fffffff/testdb12.1491979089">>
If this type of log warning occurs, check the client to see why the processing
of purge requests is stalled in it.
There is a mapping relationship between a design document of indexes and local
checkpoint docs. If a design document of indexes is updated or deleted, the
corresponding local checkpoint document should be also automatically deleted.
But in an unexpected case, when a design doc was updated/deleted, but its
checkpoint document still exists in a database, the following warning will be
issued:
.. code-block:: text
"Invalid purge doc '<<"_design/bar">>' on database
<<"shards/00000000-1fffffff/testdb12.1491979089">>
with purge_seq '50'"
If this type of log warning occurs, remove the local purge doc from a database.