Default to unicast discovery, with default host list of 127.0.0.1, [::1]

[rmuir]

Multicast discovery has serious issues such as #12993
It is never going to work correctly and securely with a "default to localhost" scenario. It also has numerous issues with operating system and JDK support.

Instead we should encourage unicast discovery by default, since thats what we encourage for production, and configure it to look at "localhost" by default which will give the same experience for startup/development.

This PR changes the default unicast host list (if not specified) to be "127.0.0.1, [::1]", enables unicast by default, disables multicast by default, fixes the parsing of unicast hosts to be strict, fixes it to allow IPV6 addresses unambiguously, and fixes it to work with hostnames that resolve to multiple addresses.

Things that should be deferred to followups (trust me, this is a huge change on its own, and i know a bunch of tests are angry, which i need help with, but the change works):

• Move multicast zen discovery out to a plugin, possibly deprecate it.
• Review all uses + ban InetSocketAddress(java.lang.String, int), which is lenient and bad to use. I did some cleanups here already.

If anyone wants to help, let me know I will give commit access to my branch here.

[rmuir]

This is really a nocommit. We should only do 10 i think when its the localhost default. Just trying to start simple :)

[rmuir]

Maybe when its localhost we dont need any limiting, not sure, we should look into it. At least any limiting should be "per-address", since a host here could resolve to multiple addresses (e.g. ipv4 and v6, among other possibilities).

[dadoonet]

Cool! If we merge it I think we can close #8833 ! It will also help in discovery plugins.

[s1monw]

ok we are down to 1 awaits fix and all other tests pass - there is some cleanup work needed here for sure but this is a great start!!

[s1monw]

I fixed all the remaining tests. Everything now runs on unicast and passes with network and local. We still have some forbiddenAPI:

[ERROR] Forbidden method invocation: java.net.InetSocketAddress#getHostName() [Use getHostString() instead, which avoids a DNS lookup]
[ERROR]   in org.elasticsearch.common.transport.InetSocketTransportAddress (InetSocketTransportAddress.java:96)
[ERROR] Forbidden method invocation: java.net.InetSocketAddress#getHostName() [Use getHostString() instead, which avoids a DNS lookup]
[ERROR]   in org.elasticsearch.common.transport.InetSocketTransportAddress (InetSocketTransportAddress.java:132)
[ERROR] Scanned 5737 (and 1524 related) class file(s) for forbidden API invocations (in 1.90s), 2 error(s).

but those are the last remaining issues. We can SuppressForbidden them if we wanna push the decision out to a different issue?

[bleskes]

why is this change? did we decide to change our usage of [] to {}?

[rmuir]

because it is part of a bracketed ipv6 address specification.

[s1monw]

+1 for this change though RFCs are a good thing to follow here

[rmuir]

Yes, when an IPv6 address is combined with a port number, you really need them. Its needed to make things unambiguous, its needed to work inside a user's browser, its needed to conform with numerous RFCs on the display of this stuff. If you need more justification, see ones like https://tools.ietf.org/html/rfc5952

On the other hand, the brackets in ES logging provide NOTHING. Part of me wanted to remove them across all logging across the board.

[bleskes]

Not a big deal, but 25 ports feels a bit high - we will try to connect to all these ports all the time, per local address. Maybe lower to 5? note that people would still be able to start more than 5 nodes (but if they kill the first 5, the cluster will not form again).

[dadoonet]

+1. The most I have seen in dev/test was 4 nodes.
The most I have seen in PROD is 3 (2 data nodes + 1 master node on 128gb machines)

[s1monw]

@dadoonet this is only for default config without any configured unicast hosts. I don't think this is used in production. I can change it to 5 for now I don't have strong feelings

[rmuir]

I have strong feelings. I dont want this lowered unless its per address.

Wake up guys, computers have more than one address these days.

[rmuir]

I'm changing this to per-address. Otherwise someone is just going to follow up with some other PR and break dual-stack machines.

[s1monw]

I am +1 on pushing this - it looks good and has alll the fixes needed. We can do all otehr things in folllowups

[rmuir]

Summarizing the current tradeoffs (versus multicast) so we are all aware:

• out of box bin/elasticsearch will discover nodes on the local machine by default just like multicast did.
• adding "localhost" as a default unicast discovery host has some advantages over multicast: for example it works with ipv6-only configurations.
• however, unlike multicast, as soon as you start messing with configuration (changing port numbers, etc), you are going to need to deal with discovery. in most cases, multicast would continue to work all the way into production, regardless.

[jaymode]

+1, this looks good to me