6818: Gracefully stop compaction tasks

[ca61688]

Make sure you have checked all steps below.

Issue

• My PR fully resolves the following issues. I've referenced an issue in the PR title, for example "Issue 1234 - My
  Feature". Note that before an issue is finished, you can still make a pull request by raising a separate issue
  for your progress.
  • Resolves Gracefully stop compaction tasks after a maximum age #6818

Tests

• My PR adds the following tests based on our test strategy OR does not need testing for this extremely good reason:
  -CompactionTaskTerminateTest - StopAfterMaxAliveTime

Documentation

• In case of new functionality, my PR adds documentation that describes how to use it, or I have linked to a
  separate issue for that below.
• If I have added new Java code, I have added Javadoc that explains it following our conventions and style.
• If I have added or removed any dependencies from the project, I have updated the NOTICES file.

[patchwork01]

I think there's a problem we didn't think of here. If we add this as it is, the tasks will shut down at very similar times if they started at similar times. We'll want to avoid a situation where too many compaction tasks shut down at once. For that reason I don't think we can merge this as it is.

One option would be to randomise the lifetime of the task when it starts up. We could have both a maximum lifetime and an amount of time to jitter it by. For example, if the maximum lifetime is 24 hours, and the jitter is 2 hours, and you have 100 tasks starting at once, then they'd stop gradually over a period of 2 hours instead of all at once after 24 hours.

For how to control the jitter in tests, you could look at ExponentialBackoffWithJitterTest, and how we've used ExponentialBackoffWithJitterTestHelper.

[ca61688]

Comments addressed, back in review

[patchwork01]

There's a typo at "ammount".

It looks like there are some words missing at "keep alive time above for each new compaction task".

[patchwork01]

There's some disagreement here between "max alive time" and "keep alive time". I think the idea that this is a keep alive is a little misleading because we don't do anything to keep it alive, we stop it when it would otherwise carry on. I think "max alive time" makes more sense, but it seems inaccurate when the jitter is added on top. I'd consider making the jitter subtract from the max alive time rather than add to it.

This naming is also used in the tests, including the new comments and the nested test class.

[patchwork01]

The name TestSupplier doesn't say what it's supplying. TestInstantSupplier seems better?

[patchwork01]

This could do with stating the units, i.e. minutes rather than time.

It doesn't look like there's a reason to box this value? It can just be a primitive long?

[patchwork01]

Rather than passing in lots of nulls, we could extract the code that calls the constructor in the test base class, and reuse that?

I don't think you'll need this method if you add tests for the jitter behaviour though.

[patchwork01]

This isn't really testing the jitter behaviour. In ExponentialBackoffWithJitter, we passed in a constructor parameter DoubleSupplier randomJitterFraction, that's usually implemented as Math::random. With that, you can replace the Math.random call with your own code, to take control over how much jitter happens in a test. Take a look at ExponentialBackoffWithJitterTest.

That way you won't need to add the getMaxAliveTime method, and you can provide real test coverage of the behaviour, e.g. if the minimum amount of jitter happens, then it'll stop at the first possible time, if the maximum amount of jitter happens it'll only stop after the last possible time.

[patchwork01]

It doesn't look like this getter should be necessary. I'm not sure the testing against this is really adding much.

I think either it's worth testing the behaviour and we should wire in a test fake for Math.random, or it's not and we just test that it'll terminate using times where it should terminate even with the maximum jitter.