Core: Commit state should be unknown even when new location is not in history#3717
Conversation
|
I think this is correct. Another case is where the initial commit times out, but it succeeds on the server side, then another commit is successful. The metadata location would not match, but the commit was valid. @RussellSpitzer, can you take a look at this as well? Good to get more than just one person looking at these. |
|
Thanks for catching this, @jfz! |
RussellSpitzer
left a comment
There was a problem hiding this comment.
Good catch! I do think at the time we were discussing whether this should recurse backwards to check if the commit had succeeded in the past but settled on just checking current. I think you are absolutely correct that this is not a guarantee that the commit did not succeed, so Commit State Unknown is the right response
|
Thanks, @jfz! And thanks for the additional review, @RussellSpitzer! |
|
Thanks @rdblue and @RussellSpitzer for the review! |
This PR fixes an issue where a commit succeeds but its metadata file is deleted and table is corrupted.
Currently when there's an exception during commit, we refresh table and check commit state by looking at if the new metadata location matches current or in history, and commit state is Failure if not, and the current metadata file is deleted.
There's a possibility that when the check happens, the metadata remote server (e.g. Hive metastore) is still processing the commit and eventually succeed later, in this case, the commit(atomic location swap) succeeds but metadata file is deleted, and the table is in bad state.
The commit state should be considered as unknown to avoid metadata being deleted, also the error propagated to user is more accurate.