release-26.1: sql/inspect: add protected timestamp for "now" AOST case #160587
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, INSPECT jobs without a historical AS OF SYSTEM TIME clause
would not create protected timestamp records, but still used an AOST
clause with the current timestamp. If span processing took a long time
(especially with BulkLowQoS admission control), garbage collection could
occur before the query completed, resulting in "batch timestamp must be
after replica GC threshold" errors.
This change adds per-span protected timestamp protection when INSPECT
uses "now" as the AOST. The implementation uses a coordinator-based
approach where:
1. When a processor starts processing a span and picks "now" as the
timestamp, it sends a new "span started" progress message containing
the span and timestamp via InspectProcessorProgress.
2. The coordinator's progress tracker receives this message and calls
TryToProtectBeforeGC for the relevant tables in that span. This
waits until 80% of the GC TTL has elapsed before creating a PTS,
avoiding unnecessary PTS creation for quick operations.
3. When span processing completes (existing behavior), the coordinator
cleans up the PTS for that span. Any remaining PTS records are
cleaned up when the tracker terminates (e.g., on job cancellation).
This coordinator-based design keeps PTS management centralized rather
than distributed across processors, simplifying cleanup and error
handling. PTS failures are logged but don't fail the job since the
protection is best-effort.
Resolves: cockroachdb#159866
Release note: None
In addition to checkpointing in the job, now we also log progress to text logs periodically in order to enhance observability. Release note: None
Previously, TryToProtectBeforeGC accepted a catalog.TableDescriptor parameter but only used it to call GetID() in two places. This was unnecessarily restrictive and forced callers to load a full table descriptor just to pass the ID. This change simplifies the function signature to accept a descpb.ID directly. The most significant improvement is in inspect/progress.go, where this eliminates an unnecessary DescsTxn call that was only used to load the descriptor for its ID. Release note: None Epic: None
Previously, the INSPECT job called TryToProtectBeforeGC per span with different timestamps. Since the job only stores one PTS record, each new span's call to Protect would update the existing record's timestamp via UpdateTimestamp, which removes protection for older spans. To address this, this patch changes the PTS strategy to track the minimum (oldest) timestamp across all active spans and protect only at that timestamp. Since PROTECT_AFTER mode protects all data at or after the specified timestamp, protecting at the minimum covers all active spans. When the oldest span completes, the PTS is updated to the new minimum timestamp, allowing GC of data between the old and new minimum. Release note: None
|
Thanks for opening a backport. Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate. |
blathers-crl
bot
added
backport
Member
|
This change is |
spilchen
approved these changes
Jan 7, 2026
Contributor
spilchen
left a comment
spilchen
left a comment
There was a problem hiding this comment.
@spilchen reviewed 13 files and all commit messages, and made 1 comment.
Reviewable status:complete! 1 of 0 LGTMs obtained (waiting on @kev-cao).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 4/4 commits from #160138.
/cc @cockroachdb/release
Previously, INSPECT jobs without a historical AS OF SYSTEM TIME clause
would not create protected timestamp records, but still used an AOST
clause with the current timestamp. If span processing took a long time
(especially with BulkLowQoS admission control), garbage collection could
occur before the query completed, resulting in "batch timestamp must be
after replica GC threshold" errors.
This change adds per-span protected timestamp protection when INSPECT
uses "now" as the AOST. The implementation uses a coordinator-based
approach where:
When a processor starts processing a span and picks "now" as the
timestamp, it sends a new "span started" progress message containing
the span and timestamp via InspectProcessorProgress.
The coordinator's progress tracker receives this message and calls
TryToProtectBeforeGC for the relevant tables in that span. This
waits until 80% of the GC TTL has elapsed before creating a PTS,
avoiding unnecessary PTS creation for quick operations.
When span processing completes (existing behavior), the coordinator
cleans up the PTS for that span. Any remaining PTS records are
cleaned up when the tracker terminates (e.g., on job cancellation).
This coordinator-based design keeps PTS management centralized rather
than distributed across processors, simplifying cleanup and error
handling. PTS failures are logged but don't fail the job since the
protection is best-effort.
sql/inspect: use minimum timestamp for PTS protection
Previously, the INSPECT job called TryToProtectBeforeGC per span with
different timestamps. Since the job only stores one PTS record, each
new span's call to Protect would update the existing record's timestamp
via UpdateTimestamp, which removes protection for older spans.
To address this, this patch changes the PTS strategy to track the
minimum (oldest) timestamp across all active spans and protect only at
that timestamp. Since PROTECT_AFTER mode protects all data at or after
the specified timestamp, protecting at the minimum covers all active
spans. When the oldest span completes, the PTS is updated to the new
minimum timestamp, allowing GC of data between the old and new minimum.
Resolves: #159866
Epic: None
Release note: None
Release justification: fix for feature becoming GA in 26.1