Add ability to disable importing dangling indices on shared filesystems #16358
Comments
The `gateway.local.dangling.import_shared_fs` defaults to `false` (meaning don't import them) Relates to elastic#16358
|
Discussing the cause issue (index delete while node is off the cluster) I think we should consider this in a different way, which may help in the normal use case (non-shared FS) as well. Dangling indices are added as a safety guard against the case where a cluster goes down (or the master nodes) and because of mis configuration or because of bad operation practices (kill all masters, start fresh ones with a different data folders). In these cases the new master publishes a cluster state which is empty and we don't want to delete the data. These days we have a cluster UUID as part of the cluster meta data. That uuid is created once and never change in the duration of the cluster. That means that we can detect deletion while node left if:
How does this sound? |
I think this sounds great! |
Previously, we would determine index deletes in the cluster state by comparing the index metadatas between the current cluster state and the previous cluster state and decipher which ones were missing (the missing ones are deleted indices). This led to confusing logic where it was difficult to decipher if a missing index in the cluster state was truly due to a delete and must be deleted on all nodes, or if it was due to the cluster state being wiped out on master and thus, we want the indices on the various nodes in the cluster to be imported as dangling indices. This commit introduces the notion of index tombstones in the cluster state, where we are explicit about which indices have been deleted. Index deletion on each node is now based on the presence of these tombstones in the cluster state. There is also functionality to purge the tombstones after a 14 day expiry, so they don't stick around in the cluster state forever. Closes elastic#16358
Previously, we would determine index deletes in the cluster state by comparing the index metadatas between the current cluster state and the previous cluster state and decipher which ones were missing (the missing ones are deleted indices). This led to a situation where a node that went offline and rejoined the cluster could potentially cause dangling indices to be imported which should have been deleted, because when a node rejoins, its previous cluster state does not contain reliable state. This commit introduces the notion of index tombstones in the cluster state, where we are explicit about which indices have been deleted. In the case where the previous cluster state is not useful for index metadata comparisons, a node now determines which indices are to be deleted based on these tombstones in the cluster state. There is also functionality to purge the tombstones after exceeding a certain amount. Closes elastic#17265 Closes elastic#16358 Closes elastic#17435
We already have issues open for the behavior of importing indices when a node is out of the cluster while an index is deleted, however, in the case of shadow replicas on a shared filesystem, if the index is deleted while a node is not part of the cluster, when the node comes back it will try to re-import the index as dangling without any actual data, leading to exceptions like:
It would be nice to have an option to disable this dangling import behavior only for indices on a shared filesystem, since this is likely to cause much more confusion than dangling imports on non-shared filesystems.
Related #13298
The text was updated successfully, but these errors were encountered: