Falcon is a feed and process management platform over hadoop. Falcon essentially transforms user's feed and process configurations into repeated actions through a standard workflow engine. Falcon by itself doesn't do any heavy lifting. All the functions and workflow state management requirements are delegated to the workflow scheduler. The only thing that Falcon maintains is the dependencies and relationship between these entities. This is adequate to provide integrated and seamless experience to the developers using the falcon platform.
Falcon system has picked Oozie as the default scheduler. However the system is open for integration with other schedulers. Lot of the data processing in hadoop requires scheduling to be based on both data availability as well as time. Oozie currently supports these capabilities off the shelf and hence the choice.
Though the actual responsibility of the workflow is with the scheduler (Oozie), Falcon remains in the execution path, by subscribing to messages that each of the workflow may generate. When Falcon generates a workflow in Oozie, it does so, after instrumenting the workflow with additional steps which includes messaging via JMS. Falcon system itself subscribes to these control messages and can perform actions such as retries, handling late input arrival etc.
There are two basic components of Falcon set up. Falcon Prism and Falcon Server. As the name suggests Falcon Prism splits the request it gets to the Falcon Servers. More details below:
Stand alone mode is useful when the hadoop jobs and relevant data processing involves only one hadoop cluster. In this mode there is a single Falcon server that contacts Oozie to schedule jobs on Hadoop. All the process/feed requests like submit, schedule, suspend, kill etc. are sent to this server. For running falcon in this mode one should use the falcon which has been built using standalone option.
Distributed mode is for multiple (colos) instances of hadoop clusters, and multiple workflow schedulers to handle them. In this mode falcon has 2 components: Prism and Server(s). Both Prism and servers have their own setup (runtime and startup properties) and their own config locations. In this mode Prism acts as a contact point for Falcon servers. While all commands are available through Prism, only read and instance api's are available through Server. Below are the requests that can be sent to each of these:
Prism: submit, schedule, submitAndSchedule, Suspend, Resume, Kill, instance management Server: schedule, suspend, resume, instance management
As observed above submit and kill are kept exclusively as Prism operations to keep all the config stores in sync and to support feature of idempotency. Request may also be sent from prism but directed to a specific server using the option "-colo" from CLI or append the same in web request, if using API.
When a cluster is submitted it is by default sent to all the servers configured in the prism. When is feed is SUBMIT / SCHEDULED request is only sent to the servers specified in the feed / process definitions. Servers are mentioned in the feed / process via CLUSTER tags in xml definition.
Communication between prism and falcon server (for submit/update entity function) is secured over https:// using a client-certificate based auth. Prism server needs to present a valid client certificate for the falcon server to accept the action.
Startup property file in both falcon & prism server need to be configured with the following configuration if TLS is enabled. * keystore.file * keystore.password
Configuration store is file system based store that the Falcon system maintains where the entity definitions are stored. File System used for the configuration store can either be a local file system or HDFS file system. It is recommended that the store be maintained outside of the system where Falcon is deployed. This is needed for handling issues relating to disk failures or other permanent failures of the system where Falcon is deployed. Configuration store also maintains an archive location where prior versions of the configuration or deleted configurations are maintained. They are never accessed by the Falcon system and they merely serve to track historical changes to the entity definitions.
Often times when Falcon performs entity management actions, it may need to do several individual actions. If one of the action were to fail, then the system could be in an inconsistent state. To avoid this, all individual operations performed are recorded into a transaction journal. This journal is then used to undo the overall user action. In some cases, it is not possible to undo the action. In such cases, Falcon attempts to keep the system in an consistent state.
Falcon introduces a new abstraction to encapsulate the storage for a given feed which can either be expressed as a path on the file system, File System Storage or a table in a catalog such as Hive, Catalog Storage.
<xs:choice minOccurs="1" maxOccurs="1"> <xs:element type="locations" name="locations"/> <xs:element type="catalog-table" name="table"/> </xs:choice>
Feed should contain one of the two storage options. Locations on File System or Table in a Catalog.
This is expressed as a location on the file system. Location specifies where the feed is available on this cluster. A location tag specifies the type of location like data, meta, stats and the corresponding paths for them. A feed should at least define the location for type data, which specifies the HDFS path pattern where the feed is generated periodically. ex: type="data" path="/projects/TrafficHourly/${YEAR}-${MONTH}-${DAY}/traffic" The granularity of date pattern in the path should be at least that of a frequency of a feed.
<location type="data" path="/projects/falcon/clicks" /> <location type="stats" path="/projects/falcon/clicksStats" /> <location type="meta" path="/projects/falcon/clicksMetaData" />
A table tag specifies the table URI in the catalog registry as:
catalog:$database-name:$table-name#partition-key=partition-value);partition-key=partition-value);*
This is modeled as a URI (similar to an ISBN URI). It does not have any reference to Hive or HCatalog. Its quite generic so it can be tied to other implementations of a catalog registry. The catalog implementation specified in the startup config provides implementation for the catalog URI.
Top-level partition has to be a dated pattern and the granularity of date pattern should be at least that of a frequency of a feed.
Examples:
<table uri="catalog:default:clicks#ds=${YEAR}-${MONTH}-${DAY}-${HOUR};region=${region}" /> <table uri="catalog:src_demo_db:customer_raw#ds=${YEAR}-${MONTH}-${DAY}-${HOUR}" /> <table uri="catalog:tgt_demo_db:customer_bcp#ds=${YEAR}-${MONTH}-${DAY}-${HOUR}" />
All the following operation can also be done using Falcon's RESTful API.
Entity submit action allows a new cluster/feed/process to be setup within Falcon. Submitted entity is not scheduled, meaning it would simply be in the configuration store within Falcon. Besides validating against the schema for the corresponding entity being added, the Falcon system would also perform inter-field validations within the configuration file and validations across dependent entities.
List all the entities within the falcon config store for the entity type being requested. This will include both scheduled and submitted entity configurations.
Returns the dependencies of the requested entity. Dependency list include both forward and backward dependencies (depends on & is dependent on). For example, a feed would show process that are dependent on the feed and the clusters that it depends on.
Feeds or Processes that are already submitted and present in the config store can be scheduled. Upon schedule, Falcon system wraps the required repeatable action as a bundle of oozie coordinators and executes them on the Oozie scheduler. (It is possible to extend Falcon to use an alternate workflow engine other than Oozie). Falcon overrides the workflow instance's external id in Oozie to reflect the process/feed and the nominal time. This external Id can then be used for instance management functions.
The schedule copies the user specified workflow and library to a staging path, and the scheduler references the workflow and lib from the staging path.
This action is applicable only on scheduled entity. This triggers suspend on the oozie bundle that was scheduled earlier through the schedule function. No further instances are executed on a suspended process/feed.
Gets the current entity definition as stored in the configuration store. Please note that user documentations in the entity will not be retained.
Delete operation on the entity removes any scheduled activity on the workflow engine, besides removing the entity from the falcon configuration store. Delete operation on an entity would only succeed if there are no dependent entities on the deleted entity.
Update operation allows an already submitted/scheduled entity to be updated. Cluster update is currently not allowed. Feed update can cause cascading update to all the processes already scheduled. Process update triggers update in falcon if entity is updated. The following set of actions are performed in scheduler to realize an update:
Instance Manager gives user the option to control individual instances of the process based on their instance start time (start time of that instance). Start time needs to be given in standard TZ format. Example: 01 Jan 2012 01:00 => 2012-01-01T01:00Z
All the instance management operations (except running) allow single instance or list of instance within a Date range to be acted on. Make sure the dates are valid. i.e. are within the start and end time of process itself.
For every query in instance management the process name is a compulsory parameter.
Parameters -start and -end are used to mention the date range within which you want the instance to be operated upon.
-start: using only "-start" without "-end" will conduct the desired operation only on single instance given by date along with start.
-end: "-end" can only be used along with "-start" . It corresponds to the end date till which instance need to operated upon.
In all the cases where your request is syntactically correct but logically not, the instance / instances are returned with the same status as earlier. Example: trying to resume a KILLED / SUCCEEDED instance will return the instance with KILLED / SUCCEEDED, without actually performing any operation. This is so because only an instance in SUSPENDED state can be resumed. Same thing is valid for rerun a SUSPENDED or RUNNING options etc.
In coherence with it's feed lifecycle management philosophy, Falcon allows the user to retain data in the system for a specific period of time for a scheduled feed. The user can specify the retention period in the respective feed/data xml in the following manner for each cluster the feed can belong to :
<clusters> <cluster name="corp" type="source"> <validity start="2012-01-30T00:00Z" end="2013-03-31T23:59Z" timezone="UTC" /> <retention limit="hours(10)" action="delete" /> </cluster> </clusters>
The 'limit' attribute can be specified in units of minutes/hours/days/months, and a corresponding numeric value can be attached to it. It essentially instructs the system to retain data till the time specified in the attribute spanning backwards in time, from now. Any data older than that is erased from the system.
With the integration of Hive, Falcon also provides retention for tables in Hive catalog.
If retention period is 10 hours, and the policy kicks in at time 't', the data retained by system is essentially the one after or equal to t-10h . Any data before t-10h is removed from the system.
The 'action' attribute can attain values of DELETE/ARCHIVE. Based upon the tag value, the data eligible for removal is either deleted/archived.
Retention policy in Falcon kicks off on the basis of the time value specified by the user. Here are the basic rules:
Relation between feed path and retention policy: Retention policy for a particular scheduled feed applies only to the eligible feed path specified in the feed xml. Any other paths that do not conform to the specified feed path are left unaffected by the retention policy.
Falcon's feed lifecycle management also supports Feed replication across different clusters out-of-the-box. Multiple source clusters and target clusters can be defined in feed definition. Falcon replicates the data using hadoop's distcp version 2 across different clusters whenever a feed is scheduled.
The frequency at which the data is replicated is governed by the frequency specified in the feed definition. Ideally, the feeds data path should have the same granularity as that for frequency of the feed, i.e. if the frequency of the feed is hours(3), then the data path should be to level /${YEAR}/${MONTH}/${DAY}/${HOUR}.
<clusters> <cluster name="sourceCluster1" type="source" partition="${cluster.name}" delay="minutes(40)"> <validity start="2021-11-01T00:00Z" end="2021-12-31T00:00Z"/> </cluster> <cluster name="sourceCluster2" type="source" partition="COUNTRY/${cluster.name}"> <validity start="2021-11-01T00:00Z" end="2021-12-31T00:00Z"/> </cluster> <cluster name="backupCluster" type="target"> <validity start="2011-11-01T00:00Z" end="2011-12-31T00:00Z"/> </cluster> </clusters>
If more than 1 source cluster is defined, then partition expression is compulsory, a partition can also have a constant. The expression is required to avoid copying data from different source location to the same target location, also only the data in the partition is considered for replication if it is present. The partitions defined in the cluster should be less than or equal to the number of partition declared in the feed definition.
Falcon uses pull based replication mechanism, meaning in every target cluster, for a given source cluster, a coordinator is scheduled which pulls the data using distcp from source cluster. So in the above example, 2 coordinators are scheduled in backupCluster, one which pulls the data from sourceCluster1 and another from sourceCluster2. Also, for every feed instance which is replicated Falcon sends a JMS message on success or failure of replication instance.
Replication can be scheduled with the past date, the time frame considered for replication is the minimum overlapping window of start and end time of source and target cluster, ex: if s1 and e1 is the start and end time of source cluster respectively, and s2 and e2 of target cluster, then the coordinator is scheduled in target cluster with start time max(s1,s2) and min(e1,e2).
A feed can also optionally specify the delay for replication instance in the cluster tag, the delay governs the replication instance delays. If the frequency of the feed is hours(2) and delay is hours(1), then the replication instance will run every 2 hours and replicates data with an offset of 1 hour, i.e. at 09:00 UTC, feed instance which is eligible for replication is 08:00; and 11:00 UTC, feed instance of 10:00 UTC is eligible and so on.
If it is required to capture the feed replication metrics like TIMETAKEN, COPY, BYTESCOPIED, set the parameter "job.counter" to "true" in feed entity properties section. Captured metrics from instance will be populated to the GraphDB for display on UI.
Example:
<properties> <property name="job.counter" value="true" /> </properties>
It's defined in the feed xml within the location tag.
Example:
<locations> <location type="data" path="/retention/testFolders/${YEAR}-${MONTH}-${DAY}" /> </locations>
Now, if the above path contains folders in the following fashion:
/retention/testFolders/${YEAR}-${MONTH}-${DAY} /retention/testFolders/${YEAR}-${MONTH}/someFolder
The feed retention policy would only act on the former and not the latter.
Users may choose to override the feed path specific to a cluster, so every cluster may have a different feed path. Example:
<clusters> <cluster name="testCluster" type="source"> <validity start="2011-11-01T00:00Z" end="2011-12-31T00:00Z"/> <locations> <location type="data" path="/projects/falcon/clicks/${YEAR}-${MONTH}-${DAY}" /> <location type="stats" path="/projects/falcon/clicksStats/${YEAR}-${MONTH}-${DAY}" /> <location type="meta" path="/projects/falcon/clicksMetaData/${YEAR}-${MONTH}-${DAY}" /> </locations> </cluster> </clusters>
With the integration of Hive, Falcon adds table replication of Hive catalog tables. Replication will be triggered for a partition when the partition is complete at the source.
Falcon allows users to archive data from on-premice to cloud, either Azure WASB or S3. It uses the underlying replication for archiving data from source to target. The archival URI is specified as the overridden location for the target cluster.
Example:
<clusters> <cluster name="on-premise-cluster" type="source"> <validity start="2021-11-01T00:00Z" end="2021-12-31T00:00Z"/> </cluster> <cluster name="cloud-cluster" type="target"> <validity start="2011-11-01T00:00Z" end="2011-12-31T00:00Z"/> <locations> <location type="data" path="wasb://test@blah.blob.core.windows.net/data/${YEAR}-${MONTH}-${DAY}-${HOUR}"/> </locations> </cluster> </clusters>
For reasons that are obvious, Falcon has an external validation that ensures that the user always specifies the feed retention limit to be more than the feed's allowed late arrival period. If this rule is violated by the user, the feed submission call itself throws back an error.
The above schematic shows the dependencies between entities in Falcon. The arrow in above diagram points from a dependency to the dependent.
Let's just get one simple rule stated here, which we will keep referring to time and again while talking about entities: A dependency in the system cannot be removed unless all it's dependents are removed first. This holds true for all transitive dependencies also.
Now, let's follow it up with a simple illustration of an Falcon Job:
Let's consider a process P that refers to feed F1 as an input feed, and generates feed F2 as an output feed. These feeds/processes are supposed to be associated with a cluster C1.
The order of submission of this job would be in the following order:
C1->F1/F2(in any order)->P
The order of removal of this job from the system is in the exact opposite order, i.e.:
P->F1/F2(in any order)->C1
Please note that there might be multiple process referring to a particular feed, or a single feed belonging to multiple clusters. In that event, any of the dependencies cannot be removed unless ALL of their dependents are removed first. Attempting to do so will result in an error message and a 400 Bad Request operation.
Cluster-Feed Cross validations:
Example:
Feed XML:
<clusters> <cluster name="corp" type="source"> <validity start="2009-01-01T00:00Z" end="2012-12-31T23:59Z" timezone="UTC" /> <retention limit="months(6)" action="delete" /> </cluster> </clusters>
Cluster corp's XML:
<cluster colo="gs" description="" name="corp" xmlns="uri:falcon:cluster:0.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Cluster-Process Cross validations:
<cluster colo="gs" description="" name="corp" xmlns="uri:falcon:cluster:0.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Feed-Process Cross Validations:
1. The process <input> and feeds designated as input feeds for the job:
For every feed referenced in the <input> tag in a process definition, following rules are applied when the process is due for submission:
Example:
Process xml:
<input end-instance="now(0,20)" start-instance="now(0,-60)" feed="raaw-logs16" name="inputData"/>
Feed xml:
<feed description="clicks log" name="raw-logs16"....
* The time interpretation for corresponding tags indicating the start and end instances for a particular input feed in the process xml should lie well within the time span of the period specified in <validity> tag of the particular feed.
Example:
1. In the following scenario, process submission will result in an error:
Process XML:
<input end-instance="now(0,20)" start-instance="now(0,-60)" feed="raw-logs16" name="inputData"/>
Feed XML:
<validity start="2009-01-01T00:00Z" end="2009-12-31T23:59Z".....
Explanation: The process timelines for the feed range between a 40 minute interval between [-60m,-20m] from the current timestamp (which lets assume is 'today' as per the 'now' directive). However, the feed validity is between a 1 year period in 2009, which makes it anachronistic.
2. The following example would work just fine:
Process XML:
<input end-instance="now(0,20)" start-instance="now(0,-60)" feed="raaw-logs16" name="inputData"/>
Feed XML:
validity start="2009-01-01T00:00Z" end="2012-12-31T23:59Z" .......
since at the time of charting this document (03/03/2012), the feed validity is able to encapsulate the process input's start and end instances.
Failure to follow any of the above rules would result in a process submission failure.
NOTE: Even though the above check ensures that the timelines are not anachronistic, if the input data is not present in the system for the specified time period, the process can be submitted and scheduled, but all instances created would result in a WAITING state unless data is actually provided in the cluster.
Any changes in feed/process can be done by updating its definition. After the update, any new workflows which are to be scheduled after the update call will pick up the new changes. Feed/process name and start time can't be updated. Updating a process triggers updates to the workflow that is triggered in the workflow engine. Updating feed updates feed workflows like retention, replication etc. and also updates the processes that reference the feed.
Falcon system can handle late arrival of input data and appropriately re-trigger processing for the affected instance. From the perspective of late handling, there are two main configuration parameters late-arrival cut-off and late-inputs section in feed and process entity definition that are central. These configurations govern how and when the late processing happens. In the current implementation (oozie based) the late handling is very simple and basic. The falcon system looks at all dependent input feeds for a process and computes the max late cut-off period. Then it uses a scheduled messaging framework, like the one available in Apache ActiveMQ or Java's DelayQueue to schedule a message with a cut-off period, then after a cut-off period the message is dequeued and Falcon checks for changes in the feed data which is recorded in HDFS in latedata file by falcons "record-size" action, if it detects any changes then the workflow will be rerun with the new set of feed data.
Example: For a process entity, the late rerun policy can be configured in the process definition. Falcon supports 3 policies, periodic, exp-backoff and final. Delay specifies, how often the feed data should be checked for changes, also one needs to explicitly set the feed names in late-input which needs to be checked for late data.
<late-process policy="exp-backoff" delay="hours(1)"> <late-input input="impression" workflow-path="hdfs://impression/late/workflow" /> <late-input input="clicks" workflow-path="hdfs://clicks/late/workflow" /> </late-process>
NOTE: Feeds configured with table storage does not support late input data handling at this point. This will be made available in the near future.
For a feed entity replication job, the default late data handling policy can be configured in the runtime.properties file. Since these properties are runtime.properties, they will take effect for all replication jobs completed subsequent to the change.
# Default configs to handle replication for late arriving feeds. *.feed.late.allowed=true *.feed.late.frequency=hours(3) *.feed.late.policy=exp-backoff
All the operations in Falcon are Idempotent. That is if you make same request to the falcon server / prism again you will get a SUCCESSFUL return if it was SUCCESSFUL in the first attempt. For example, you submit a new process / feed and get SUCCESSFUL message return. Now if you run the same command / api request on same entity you will again get a SUCCESSFUL message. Same is true for other operations like schedule, kill, suspend and resume. Idempotency also by takes care of the condition when request is sent through prism and fails on one or more servers. For example prism is configured to send request to 3 servers. First user sends a request to SUBMIT a process on all 3 of them, and receives a response SUCCESSFUL from all of them. Then due to some issue one of the servers goes down, and user send a request to schedule the submitted process. This time he will receive a response with PARTIAL status and a FAILURE message from the server that has gone down. If the users check he will find the process would have been started and running on the 2 SUCCESSFUL servers. Now the issue with server is figured out and it is brought up. Sending the SCHEDULE request again through prism will result in a SUCCESSFUL response from prism as well as other three servers, but this time PROCESS will be SCHEDULED only on the server which had failed earlier and other two will keep running as before.
Falcon expression language can be used in process definition for giving the start and end instance for various feeds.
Before going into how to use falcon EL expressions it is necessary to understand what does instance and instance start time refer to with respect to Falcon.
Lets consider a part of process definition below:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <process name="testProcess"> <clusters> <cluster name="corp"> <validity start="2010-01-02T01:00Z" end="2011-01-03T03:00Z" /> </cluster> </clusters> <parallel>2</parallel> <order>LIFO</order> <timeout>hours(3)</timeout> <frequency>minutes(30)</frequency> <inputs> <input end-instance="now(0,20)" start-instance="now(0,-60)" feed="input-log" name="inputData"/> </inputs> <outputs> <output instance="now(0,0)" feed="output-log" name="outputData" /> </outputs> ... ... ... ... </process>
The above definition says that the process will start at 2nd of Jan 2010 at 1 am and will end at 3rd of Jan 2011 at 3 am on cluster corp. Also process will start a user-defined workflow (which we will call instance) every 30 mins.
This means starting 2010-01-02T01:00Z every 30 mins a instance will start will run user defined workflow. Now if this workflow needs some input data and produce some output, user needs to give that in <inputs> and <outputs> tags. Since the inputs that the process takes can be distributed over a wide range we use the limits by giving "start" and "end" instance for input. Output is only one location so only instance is given. The timeout specifies, the how long a given instance should wait for input data before being terminated by the workflow engine.
Coming back to instance start time, since a instance will start every 30 mins starting 2010-01-02T01:00Z, the time it is scheduled to start is called its instance time. For example first few instance time for above example are:
Instance Number instance start Time
1 2010-01-02T01:00Z
2 2010-01-02T01:30Z
3 2010-01-02T02:00Z
4 2010-01-02T02:30Z
. .
. .
. .
. .
Now lets go to how to use expression language. Only thing to keep in mind is all EL evaluation are done based on the start time of that instance, and very instance will have different inputs / outputs based on the feed instance given in process definition.
All the parameters in various El can be both positive, zero or negative values. Positive values indicate so many units in future, zero means the base time EL has been resolved to, and negative values indicate corresponding units in past.
Note: if no instance is created at the resolved time, then the instance immediately before it is considered.
Falcon currently support following ELs:
Falcon adds the ability to capture lineage for both entities and its associated instances. It also captures the metadata tags associated with each of the entities as relationships. The following relationships are captured:
Lineage is exposed in 3 ways:
This feature is enabled by default but could be disabled by removing the following from:
config name: *.application.services config value: org.apache.falcon.metadata.MetadataMappingService
Lineage is only captured for Process executions. A future release will capture lineage for lifecycle policies such as replication and retention.
Security is detailed in Security.
Recipes is detailed in Recipes.
Monitoring and Operationalizing Falcon is detailed in Operability.
Notification for instance completion in Falcon is defined in Falcon Email Notification.
Backwards compatibility instructions are detailed here.
Falcon supports impersonation or proxyuser functionality (identical to Hadoop proxyuser capabilities and conceptually similar to Unix 'sudo').
Proxyuser enables Falcon clients to submit entities on behalf of other users. Falcon will utilize Hadoop core's hadoop-auth module to implement this functionality.
Because proxyuser is a powerful capability, Falcon provides the following restriction capabilities (similar to Hadoop):
There are 2 configuration properties needed in runtime properties to set up a proxyuser:
If these configurations are not present, impersonation will not be allowed and connection will fail. If more lax security is preferred, the wildcard value * may be used to allow impersonation from any host or of any user, although this is recommended only for testing/development.
-doAs option via CLI or doAs query parameter can be appended if using API to enable impersonation.