CEP-45: Lost witness marker race

[bdeggleston]

Don't truncate journal segments until witnessed offsets they contain are flushed. Also moves MutationTrackingService startup to after the commit log is replayed

Thanks for sending a pull request! Here are some tips if you're new here:

• Ensure you have added or run the appropriate tests for your PR.
• Be sure to keep the PR description updated to reflect all changes.
• Write your PR title to summarize what this PR proposes.
• If possible, provide a concise example to reproduce the issue for a faster review.
• Read our contributor guidelines
• If you're making a documentation change, see our guide to documentation contribution

Commit messages should follow the following format:

<One sentence description, usually Jira title or CHANGES.txt summary>

<Optional lengthier description (context on patch)>

patch by <Authors>; reviewed by <Reviewers> for CASSANDRA-#####

Co-authored-by: Name1 <email1>
Co-authored-by: Name2 <email2>

The Cassandra Jira

[frankgh]

I've added a couple of comments, but the patch looks good in general.

[frankgh]

Do we want to worry about the case where MT is disabled and maybe handle the IllegalStateException thrown when the instance is null?

[frankgh]

NIT: can we make this final?

Suggested change

	private ImmutableSet<Long> segments;
	private final mmutableSet<Long> segments;

[frankgh]

should we conditionally remove the listener here, only if the service was started?

Suggested change

	boolean wasStarted;
	synchronized (this)
	{
	wasStarted = started;
	if (wasStarted)
	ClusterMetadataService.instance().log().removeListener(tcmListener);
	}

[frankgh]

additionally, we need to synchronize for access to the started volatile variable.

[bdeggleston]

no, it's just a noop if the tcmListener isn't registered.

[frankgh]

Suggested change

	if (started)
	if (wasStarted)

[frankgh]

Should we log if we fail to shutdown here?

Suggested change

	executor.awaitTermination(1, TimeUnit.MINUTES);
	if (!executor.awaitTermination(1, TimeUnit.MINUTES))
	{
	logger.warn("Mutation tracking executor did not terminate within 1 minute; forcing shutdown");
	}

[frankgh]

NIT:

Suggested change

	* However, if an sstable is flushed is after the most recent LogStatePersister run, AND it marks a segment as no
	* However, if an sstable is flushed after the most recent LogStatePersister run, AND it marks a segment as no

[frankgh]

NIT:

Suggested change

	if (summary.size() == 0)
	if (summary.isEmpty())

[frankgh]

+1 looks good to me

[bdeggleston]

Just pushed up a small test fix.

Unlike normal writes, mutation tracking noops a write if we’ve already seen it, which is a reasonable optimization when we’re tracking each write. Unfortunately this can bite us on startup. If witnessed offsets are flushed to disk before the memtable containing those offsets are also flushed to sstables, then on startup mutation tracking will think it’s already seen all of those mutations and not write them to the memtable and losing a bunch of data in the process. The fix is pretty simple and just does what commit log replay does. Commit log replay applies it’s mutations with makeDurable set to false which means apply to the memtable but not the commit log. So I updated applyInternalTracked to also take a makeDurable flag. If this is false, we now skip applying the mutation, and we also apply the mutation to the memtable whether we’ve seen it before or not.