hpcs-16-factory

methods.tex (7953B)

---

 \section{METHODS}
 
 \subsection{HIERARCHY OF NODES}
 
 This work is based on the results of previous research:
 In~\cite{gankevich2015subordination} we developed an algorithm that allows to
 build a tree hierarchy from strictly ordered set of cluster nodes. The sole
 purpose of this hierarchy is to make a cluster more fault-tolerant by
 introducing multiple master nodes. If a master node fails, then its subordinates
 try to connect to another node from the same or higher level of the hierarchy.
 If there is no such node, one of the subordinates becomes the master.
 
 A position of a node in a hierarchy is determined by mapping its IP address
 position in a network to its layer and offset in a tree hierarchy. The number of
 layers is controlled by a fan-out value. As nodes' IP addresses change
 infrequently this mapping is mostly static, and affected only by node failures.
 Thus with help of tree hierarchy we can precisely determine IP address of a
 master node without resorting to costly leader election algorithms which are
 commonly used for this purpose.
 
 We use this hierarchy to perform load balancing across neighbouring cluster
 nodes (nodes that are adjacent in the hierarchy), i.e.~if the job is launched on
 a subordinate node its principal node also receives a fraction of the load. This
 rule makes the system symmetric: Each node runs the same software and it is easy
 to switch from a failed master node to a backup node, it is just a matter of
 changing node's role. Similar design choice is applied in distributed key-value
 stores~\cite{anderson2010couchdb,lakshman2010cassandra} to handle failure of a
 master node, but we have no knowledge of job schedulers that use this to
 distribute the load on the cluster with multiple master nodes.
 
 \subsection{HIERARCHY OF COMPUTATIONAL KERNELS}
 
 Each programme that runs on top of the tree hierarchy is composed of
 computational kernels---objects that contain data and code to process it. To
 exploit parallelism a kernel may create arbitrary number of subordinate kernels
 which are automatically spread first across available processor cores, second
 across subordinate nodes in the tree hierarchy. The programme is itself a kernel
 (without a parent as it is executed by a user), which either solves the problem
 sequentially on its own or creates subordinate kernels to solve it in parallel.
 
 Unlike main function in programmes based on message passing library, the first
 computational kernel is initially run only on one node, and remote nodes are
 used only when the local queue is overflown by kernels. This design choice
 allows to have arbitrary number of nodes throughout execution of a programme,
 and take more nodes for highly parallel parts of the code. Somewhat similar
 choice was made in the design of MapReduce
 framework~\cite{dean2008mapreduce,vavilapalli2013yarn}---a user submitting a job
 does not specify the number of hosts to run its job on, and effective hosts are
 the hosts where input files are located.
 
 From mathematical point of view kernel $K$ can be described as a vector-valued
 functional which recursively maps a kernel to $n$-component vector of kernels:
 \begin{equation*}
     K(f): \mathbb{K} \rightarrow \mathbb{K}^n
     \qquad
     \mathbb{K}^n = \left\{ f: \mathbb{K} \rightarrow \mathbb{K}^n \right\}.
 \end{equation*}
 Dummy kernel $\mathbb{O}: \mathbb{K} \rightarrow \mathbb{K}^0$, which stops
 recursion, is used to call the first kernel and finish execution of the
 programme. An argument to each kernel is interpreted using the following rules.
 \begin{enumerate}
     \item If a kernel is a new kernel, then its argument is its parent kernel.
     \item If a kernel is a parent of the kernel that produced it or some other
       existing kernel, then the argument is the kernel that produced it.
 \end{enumerate}
 
 Engine that executes kernels is implemented as a simple loop. It starts with
 calling the first kernel with a dummy kernel as an argument, then calls each
 kernel that was produced by this call and so forth. The loop finishes when a
 dummy kernel is returned as a result of the call.
 
 Since kernel call may return multiple kernels they are executed in parallel.
 Parallel execution quickly produces a pool of kernels which permit execution in
 an unspecified order. Several threads concurrently retrieve kernels from the
 pool and may ``spill'' remaining kernels to neighbouring cluster nodes.
 
 Kernels are implemented as closures---function objects containing all their
 arguments, a reference to parent kernel and user-supplied data. The data is
 either processed upon kernel call, or subordinate kernels are created to process
 it in parallel. When the processing is complete a parent kernel closure with its
 subordinate kernel as an argument is called to collect data from it.
 
 \subsection{HANDLING SINGLE NODE FAILURES}
 
 Basic strategy to overcome a failure of a subordinate node is to restart
 corresponding kernels on healthy node---a strategy employed in Erlang language
 to restart failed subordinate processes~\cite{armstrong2003thesis}. To implement
 this we record every kernel that is sent to remote cluster nodes, and in an
 event of a node failure these kernels are simply rescheduled to other
 subordinate nodes with no special handling from a programmer. If there are no
 nodes to sent kernels to, they are scheduled locally. So, in contrast to
 heavy-weight checkpoint/restart machinery, tree hierarchy allows automatic and
 transparent handling of subordinate node failures without restarting parallel
 processes on every node.
 
 A possible way of handling a failure of a node where the first kernel is located
 is to replicate this kernel to a backup node, and make all updates to its state
 propagate to the backup node by means of a distributed transaction. However,
 this approach does not play well with asynchronous nature of computational
 kernels. Fortunately, the first kernel usually does not perform operations in
 parallel, it is rather sequentially launches execution steps one by one, so it
 has only one subordinate at a time. Keeping this in mind, we can simplify
 synchronisation of its state: we can send the first kernel along with its
 subordinate to the subordinate node. When the node with the first kernel fails,
 its copy receives its subordinate, and no execution time is lost. When the node
 with its copy fails, its subordinate is rescheduled on some other node, and a
 whole step of computation is lost in the worst case.
 
 Described approach works only for kernels that do not have a parent and have
 only one subordinate at a time, which means that they act as optimised
 checkpoints. The advantage is that they save results after each sequential step,
 when memory footprint of a programme is low, they save only relevant data, and
 they use memory of a subordinate node instead of stable storage.
 
 \subsection{HANDLING OUTAGES}
 
 Electricity outage is a serious failure, so if there is no other geographically
 distant cluster that can share the load, then the only choice is to hope that no
 important data is lost and restart every batch job after full site recovery. To
 reduce restart time the first kernel of each job may save its state (which is
 small compared to the full state of a job) to some stable storage. Such scenario
 complicates design of a distributed system so it was not considered in this
 paper.
 
 \subsection{IMPLEMENTATION}
 
 For efficiency reasons fault tolerance techniques described above are
 implemented in the C++ framework: From the authors' perspective C language is
 deemed low-level for distributed programmes, and Java incurs too much overhead
 and is not popular in HPC community. To use the framework without a job
 scheduler, we need to implement a daemon that maintains the state of the
 hierarchy of nodes and exposes API to interact with it. As of now, the framework
 runs in the same process as an parallel application that uses it. The framework
 is called Factory, it is now in proof-of-concept development stage.