Forbid the removal of the write block if the index is read-only #120648
Conversation
tlrx
added
>non-issue
:Distributed Indexing/Recovery
elasticsearchmachine
added
the
Team:Distributed Indexing
|
Pinging @elastic/es-distributed-indexing (Team:Distributed Indexing) |
henningandersen
left a comment
henningandersen
left a comment
There was a problem hiding this comment.
Looks good though I hope we can support removing one of two write blocks too? See comment.
| if (blocks.hasIndexBlock(index, block)) { | ||
| blocks.removeIndexBlock(index, block); | ||
| changed = true; | ||
| if (block.contains(ClusterBlockLevel.WRITE)) { |
There was a problem hiding this comment.
I think this is too harsh. In case the index has both the read-only and the write block, it should be allowed to remove either.
In particular, if the user applied read-only on 8.x, upgraded and then want to update some settings, they should be allowed to add the write block and remove the read-only block.
I recognize this is also a flaw in the original code in that it removes the verified setting.
I could be ok to let this go in if we follow-up with the additional detail. But would prefer we do it in one go if it is not too hard.
There was a problem hiding this comment.
I think this is too harsh. In case the index has both the read-only and the write block, it should be allowed to remove either.
I agree, it makes sense.
In particular, if the user applied read-only on 8.x, upgraded and then want to update some settings, they should be allowed to add the write block and remove the read-only block.
I initially thought that updating both settings at once would not work because of the code allowing setting updates when there is a METADATA_WRITE block in place:
but it seems that request.settings().size() == 1 does not always apply since the great setting refactoring here.
It looks like this refactoring introduced a change in the parenthesis impacting the conditions to bypass the check. Which will serve us today.
|
Ok, so it took me a couple of days to get this working with the subtleties of blocks updates. Thanks for your patience on this @henningandersen. I updated this PR (and #120647) to forbid the removal of the Since both I also changed the I largely updated the integration tests to to have a bit more randomization around blocks and closing/opening during upgrades. Note that there is still a bit missing for fully supporting closed indices (allowing a verified-before-close index to be upgraded without being marked as read-only first): I'll do this in follow ups. |
| private static void verifyReadOnlyIndices(@Nullable Set<Index> readOnlyIndices, ClusterBlocks blocks) { | ||
| if (readOnlyIndices != null) { | ||
| for (Index readOnlyIndex : readOnlyIndices) { | ||
| if (blocks.indexBlocked(ClusterBlockLevel.WRITE, readOnlyIndex.getName()) == false) { |
There was a problem hiding this comment.
Should this use the new hasIndexBlockLevel method to avoid interaction from global blocks?
| closeIndex(restoredIndex); | ||
| ensureGreen(restoredIndex); | ||
|
|
||
| logger.debug("--> write API block can be removed on a closed index: INDEX_CLOSED_BLOCK already blocks writes"); |
There was a problem hiding this comment.
Can we also check that if an index has both read-only and write block then we can remove one of them for an N-2 index?
There was a problem hiding this comment.
I reworked the testIndexUpgrade test to randomly add one or two of the blocks, and then remove one of them.
See 59e7acd
|
Thanks Henning |
3 participants
Ensure that a
writeblock cannot be removed on a read-only compatible index in version N-2, while allowing to change aread_onlyblock into awriteblock if needed as well as closing/reopening such indices.Requires #120647 to be merged on
8.x.Relates ES-10320