[Store] Add opt-in replica placement shadow evaluator#2929
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
Exact-head cluster validation reportThis comment records the final post-rebase evidence for product HEAD Environment
Both nodes fetched the public fork branch directly and detached-checkout the exact product SHA. No local-to-remote Test matrixOne full suite contains 14 pure-policy, 7 standalone-evaluator, and 14 Master integration cases (35 cases).
TSan stress volume:
The only suppression is a narrow pre-existing libglog lazy-init race: Startup and fault behavior
Fixed cardinalityThe public metrics have a hard maximum of 40 series:
The serialization test injects a unique secret key and verifies that neither it nor In-process Get overheadThe benchmark is experiment-only (
xychart-beta
title "Replica placement SHADOW in-process Get p50"
x-axis [quiet-off, quiet-external, quiet-auto, active-off, active-external, active-auto]
y-axis "ns/Get" 0 --> 900
bar [354.135, 725.130, 750.375, 352.958, 849.269, 801.836]
The absolute measured increment is 0.371–0.496 µs/Get. Relative deltas are +104.8% (quiescent external), +111.9% (quiescent auto), +140.6% (active external), and +127.2% (active auto), because the in-process off baseline is only ~0.35 µs/Get. The benchmark isolates control-plane cost; it does not include RPC, network, LLM serving, or TTFT and therefore is not an end-to-end performance claim. Evidence integrity and scope
The complete 25-file checksum manifest has SHA-256 The results prove opt-in semantics, conservative signal handling, Get-path integration, exact concurrent counters, bounded metric cardinality, sanitizer cleanliness within the stated suppression, and measured in-process overhead. They do not prove active scale-out/scale-in, real NoF/SPDK behavior, HA ownership, hit-rate/TTFT/bandwidth/recovery improvements, or storage-cost reduction; those remain follow-up work. |
|
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
What this draft does
This adds an opt-in, non-actuating Dynamic Replica placement SHADOW path for Mooncake Store. It turns client-facing Get observations plus bounded Master tier signals into placement intents and fixed-cardinality metrics, but deliberately does not submit Copy/Move tasks or mutate replica metadata.
Motivation: the Store V3 roadmap (#1035) lists cache scheduling with migration/promotion/demotion, hot-data detection with more replicas, and
Data Replica: Dynamic Replication. This draft isolates the decision and observability layer so its safety and signal semantics can be reviewed before any actuator is introduced.The stack is split into five reviewable commits:
Safety and compatibility
--replica_placement_shadow_configdoes not construct the evaluator.min_complete_replicasfor deletion safety.Validation
All product tests were built and run on two 192-vCPU Lingjun H20 cluster nodes from detached exact product HEAD
174e2240429f6e0a573e05c2d47c88394425ba1d(upstream base3bbd9b2c36924626207b088b525d036b1982ca05). No local-to-remotescpwas used.The TSan run uses one narrow suppression for a pre-existing libglog lazy-init race:
race:google::LogMessageTime::CalcGmtOffset. The suppression and limitation will be included with the detailed evidence comment.Scope boundary
This draft proves configuration, signal semantics, intent generation, bounded metrics, concurrency behavior, and control-plane overhead. It does not claim improved hit rate, TTFT, bandwidth, recovery time, or storage cost. Those require the later bounded reconciler/executor and end-to-end workload experiments.
Follow-up work (not implemented here)