Add semi-sync monitor to unblock primaries blocked on semi-sync ACKs

[GuptaManan100]

Description

This PR introduces a new component to the vttablet binary to monitor the semi-sync status of primary vttablets. We've observed cases where a brief network disruption can cause the primary to get stuck indefinitely waiting for semi-sync ACKs. In rare scenarios, this can block reparent operations and render the primary unresponsive. More information can be found in the issues #17709 and #17749.

To address this, the new component continuously monitors the semi-sync status. If the primary becomes stuck on semi-sync ACKs, it generates writes to unblock it. If this fails, VTOrc is notified of the issue and initiates an emergency reparent operation.

A metric for the number of outstanding writes from the semi-sync monitor has also been added. Unfortunately, it's not easy to reproduce the problem in an end-to-end test since it requires setting port forward rules (on Mac) or iptable changes (on Linux), both of which require sudo access. So I've added a test but that test doesn't run on CI. It can only be run locally and the password for the root user has to entered when prompted for it.

The semi-sync monitor is used such that the users who aren't running semi-sync, will not see the monitor open at all. It will only run when semi-sync on the primary is turned on.

Related Issue(s)

• Fixes Bug Report: PRS getting stuck due to a momentary network glitch #17709
• Fixes Bug Report: A dropped semi-sync ACK can lead to a primary tablet being indefinitely stuck #17749

Checklist

• "Backport to:" labels have been added if this change should be back-ported to release branches
• If this change is to be back-ported to previous releases, a justification is included in the PR description
• Tests were added or are not required
• Did the new or modified tests pass consistently locally and on CI?
• Documentation was added or is not required

Deployment Notes

[vitess-bot]

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

• Ensure that the Pull Request has a descriptive title.
• Ensure there is a link to an issue (except for internal cleanup and flaky test fixes), new features should have an RFC that documents use cases and test cases.

Tests

• Bug fixes should have at least one unit or end-to-end test, enhancement and new features should have a sufficient number of tests.

Documentation

• Apply the release notes (needs details) label if users need to know about this change.
• New features should be documented.
• There should be some code comments as to why things are implemented the way they are.
• There should be a comment at the top of each new or modified test to explain what the test does.

New flags

• Is this flag really necessary?
• Flag names must be clear and intuitive, use dashes (-), and have a clear help text.

If a workflow is added or modified:

• Each item in Jobs should be named in order to mark it as required.
• If the workflow needs to be marked as required, the maintainer team must be notified.

Backward compatibility

• Protobuf changes should be wire-compatible.
• Changes to _vt tables and RPCs need to be backward compatible.
• RPC changes should be compatible with vitess-operator
• If a flag is removed, then it should also be removed from vitess-operator and arewefastyet, if used there.
• vtctl command output order should be stable and awk-able.

[codecov]

Codecov Report

Attention: Patch coverage is 82.13058% with 52 lines in your changes missing coverage. Please review.

Project coverage is 67.48%. Comparing base (67d081a) to head (ee098c6).
Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
.../vttablet/tabletmanager/semisyncmonitor/monitor.go	89.65%	24 Missing ⚠️
go/vt/vttablet/tabletserver/tabletenv/config.go	44.00%	14 Missing ⚠️
go/vt/vttablet/tabletmanager/rpc_replication.go	15.38%	11 Missing ⚠️
go/vt/vtorc/inst/instance_dao.go	75.00%	1 Missing ⚠️
go/vt/vtorc/logic/topology_recovery.go	0.00%	1 Missing ⚠️
go/vt/wrangler/testlib/fake_tablet.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #17763      +/-   ##
==========================================
+ Coverage   67.41%   67.48%   +0.06%     
==========================================
  Files        1592     1593       +1     
  Lines      258024   258473     +449     
==========================================
+ Hits       173948   174424     +476     
+ Misses      84076    84049      -27     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mattlord]

I don't think this affects the query hot path, right? If it does, then it might be worth e.g. using 1 byte for the status and using bits in there for isWriting, isBlocked, isOpen etc. so that we can use atomics for reading them, CAS for optional changes, etc. If nothing else, it's probably worth moving these to atomic.Bool so that e.g. checkAndSetIsWriting can be one atomic call:

    return w.isWriting(false, true)

It makes the code simpler, clearer, and less contentious / efficient.

[GuptaManan100]

I don't think performance is too much of a concern, but the usage of having multiple bool fields behind a mutex vs atomic.Bool I think becomes a matter of preference. I for one, like to have the former because that means that only one boolean value transitions at a point in time, but with atomic bool values it can change even when you've just read that value.

[mattlord]

This is looking good! Just had some questions/comments. Let me know what you think.

[deepthi]

Why are we hardcoding the timeout and not using RemoteOperationTimeout?

[GuptaManan100]

Should we use RemoteOperationTimeout here? Its not a remote operation. Its just talking to MySQL. I initially had no timeout whatsoever. Matt suggested I add one, so I added an abritrary one.

[deepthi]

What happens if we are in the middle of fixing a blocked semi-sync and this timer goes off?

[GuptaManan100]

The write to clear the table would block if there is an outstanding write to the table in progress, and eventually it would succeed. There should be no problems with this triggering in the middle of fixing of semi-sync.

[mattlord]

LGTM! I only had one minor suggestion. Nice work on this, @GuptaManan100 !

[GuptaManan100]

Done, I've made that change too! 💕