Add delete by query to index management

[btaani]

Description

Adding delete by query to index management, along with the API changes and cron job updates

/cc @lukas-vlcek
/assign @periklis

Links

• JIRA: https://issues.redhat.com/browse/LOG-1505
• Enhancement proposal: https://docs.google.com/document/d/1JjdbspwYe-aYMBH65ybc9xBroOzoobPqrxwzFg9ZRGc/edit#

[btaani]

/hold

[periklis]

Awesome job so far! It looks you got the handle from top to bottom and vice versa. 🚀

[periklis]

Besides that I suggest to improve naming a bit:

type IndeManagementDeleteNamespaceSpec struct {
	// The unique name of the spec
	Name string `json:"name"` // delete-<namespace_name>

	// Namespace to delete documents from older than minAge.
	Namespace string `json:"namespace"`

	// Delete the records matching the namespaces which are older
	// than this MinAge (e.g. 1d)
	MinAge TimeUnit `json:"minAge"`
}

Consider the official kubernetes API conventions when adding/extending APIs:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md

[btaani]

I can see that you changed the datatype of Namespace from []string to string. This is because this one:
Namespaces []IndeManagementDeleteNamespaceSpec json:"namespaces,omitempty"``
is already an array, right?

[periklis]

Exactly each namespace spec is dedicated to a single namespace.

[sasagarw]

@periklis but the actual thought during proposal was that a user can have multiple namespace in a single spec.
For example,
Spec-1:
Name - policy1
Namespace - openshift-api, openshift-logging
Age - 1d

Spec-2:
Name - policy2
Namespace - openshift-kube-server
Age - 5h

Even the delete_by_query api is capable enough to take comma separated index names

[periklis]

I believe the array for Namespace means that you can define a delete-by-query spec per namespace, because you can define a different MinAge per Namespace. @sasagarw Do you agree? If yes, we should improve the API naming because if it is confusing to us, it will certainly be confusing for API consumers.

type IndexManagementDeletePhaseSpec struct {
	// The minimum age of an index before it should be deleted (e.g. 10d)
	//
	MinAge TimeUnit `json:"minAge"`

	// The per namesapce specification to delete documents older than a given minimum age.
	Namespaces []IndeManagementDeleteNamespaceSpec `json:"namespaces,omitempty"`
}

[sasagarw]

Yes @periklis , you are right.
Yeah we can rename it to Namespaces to avoid confusion.

[periklis]

This does not require to check if policy.Phases.Delete.Namespaces is set. If empty, the following code compiles an empty JSON list that can be checked in the python code. If empty, the python code can skip the delete by query routine.

[periklis]

The env var name NAMESPACE_NAME does not represent the purpose of namespaceNamesJson well enough. Latter is a list of namespaces while former sounds like a single name. I suggest to rename to something in plural case: NAMESPACE_SPECS, NAMEPACES...

[periklis]

Assuming that we have a list of namespaces specs, a single MIN_AGE_DBQ is not correct here. I suggest you pass create a small dict structure called namespaceSpecsJson that gives a good handle to execute a Delete-By-Query per Namespace, e.g.:

{
  "namespace_a": "1d",
  "namespace_b": "2d",
},

[periklis]

This should be an env var, which we pass to the k8s cronjob. Just in case a user wants to overwrite this temporarily for all delete-by-query calls.

[sasagarw]

This much filtering is not required. This is complicating the code.
I would suggest you to define a query as:

body = {
  "query" : {
    "terms": {
      "kubernetes.namespace_name": []        // Namespace
    }

The above query would be used when minAge is not defined. Which suggests to delete all data belonging to that namespace.

Similarly, if minAge is defined then you can append the filter part to the above query, in which case, the body will look like

body = {
  "query": {
    "bool": {
      "must": [
        {
          "terms": {
            "kubernetes.namespace_name": []      // Namespace
          }
        }
      ],
      "filter": [
        {
          "range": {
            "@timestamp": { "lt": "now-$age" }    // $age=MinAge
          }
        }
      ]
    }
  }
}

[btaani]

Does this means that there should always be a namespace_name given? because otherwise it would delete the entire index if no namespace nor minAge is given. (only those entries older than defaultAge, of course)

In this case I shouldn't check for this condition?

if namespace == None and minAge == None:
      s = s.filter('range', **{'@timestamp': {'lt': 'now-{}'.format(defaultAge)}})

[sasagarw]

If namespace_name is not given then delete_by_query function itself will be never called right. IMO there is no use of checking and generating dynamic body. WDYT?

[btaani]

I agree.. I asked because you wrote it as a condition in your spike document. It makes more sense this way!

[sasagarw]

That was mentioned in Spike document just to list all possible cases. You can implement in a way which is making more sense.

[sasagarw]

You can just check if these env vars is null or not. If not null then you should be calling your defined python function here and pass these variables to that function.

Call below func inside delete():

function deleteByQuery() {
  <-------- define variables and read them using $1, $2, ... ------------>
  python -c 'import indexManagementClient; print(indexManagementClient.deleteByQuery(<-- pass the read variables --->))'
}

[lukas-vlcek]

Thanks for the proposed implementation. The following are my comments:

1. How are we going to control which indices the delete query is run against?

Which indices are we going to allow to execute delete_by_query operation against?

Proposed deleteByQuery() has three arguments. One of them being the index name. It is not clear to me where we are going to take this value from.

Proposal doc mentions:

index_pattern = mapping.Name     // app* | infra* | audit*

perhaps this means we will use hardcoded index_pattern of app*,infra*,audit*?

Related (sub-)question is which user/permission will be used when delete_by_query is run? I assume this is similar to the user that is running the job to delete indices which means pretty powerful user, right?

2. Why we do not allow single delete operation for multiple namespaces?

It seems to me that current design and implementation do not allow to run one common delete_by_query for multiple namespaces sharing common name prefix.

This is a question of both efficiency and practicality.

How about if CU will need to keep specific namespaces under control but does not have a full control over the naming of the namespace, except for common prefix?

For example an OCP user can create high number of namespaces for devel. experiments but the deal will be that all namespaces must start with John_Doe_experiment*. Like John_Doe_experiment-000001ABX, John_Doe_experiment-004207WBT, ... To make sure John does no go wild with logging all his namespaces will be pruned by delete_by_query without the need to configure job for all individual namespaces.

For this purpose we can use "Prefix query" that works on non-analyzed fields (i.e. fields that are good fit for term queries as well).

3. How do we prevent running the same delete query before the previous is finished?

The code is using the Elasticsearch Python client and is calling the delete_by_query API.

BTW, some notes regarding proposed use of this API:

• it is missing the third argument – the doc_type which in our case is _doc
• it is setting default_operator='AND' which is irrelevant. It would be relevant if a query of type "Query String Query" would be used. But it is not in our case (proposed implementation is using the "terms" query – BTW, given that current implementation proposal allows to run delete operation per single namespace then use of "term" query (not "terms") would be more appropriate).

The documentation specifies, that by default the call to delete\_by\_query API is blocking until it is complete. Internally, Elasticsearch uses Bulk API to delete matching documents. This means that the bulk queue throughput is critical. In other words if the cluster is under heavy ingestion pressure then the delete by query operation will compete with indexing requests coming from collectors. Given many CUs are running under-resourced cluster then risk that some delete queries may not be finished when a new one is started (by cron) is increasing.

It can also happen that there will be a need (a request) to run delete jobs more frequently.

I suggest to investigate possibility to run the delete operations in async manner (see wait_for_completion=false parameter). To prevent overlapping jobs we could use the Task API to pull list of all running actions=*/delete/byquery jobs. If there are any we can skip current cron cycle (assuming the only entity that originates these tasks is our cron job). Side effect is that this would allow us to run the delete by query operation job more frequently(?).

4. Merging segments to clear storage from deleted documents

Finally, when individual documents are deleted from index they are actually not physically removed from the disk until corresponding index segments are merged. Some segments will be merged automatically (typically smaller segments) but for some segments it can take time before they are merged.

If the ultimate goal is to reduce the size of indices then we need to control segment merging as well. But segment merging is resource intensive and time consuming operation. At this point I am not sure if we should/want to call segment force merge in the end of the cron job (which will be impossible if we decide to use delete_by_query in async manner as suggested above) or if it will be better to implement independent job that would be run more frequently and whose sole purpose would be to run some heuristics and merge segments if it is needed (and possible – for example it does not make sense to merge segments if there are no free CPUs or IO resources).

[btaani]

Thanks Lukas for the detailed review. Here are some comments from my side:

Which indices are we going to allow to execute delete_by_query operation against?

In the beginning I assumed that since deleteByQuery() will be called inside the delete() function, they will both work on the same index. But now after I looked at the code, delete() works on a set of indices instead of only one (which it gets from getNext25Indices.py). Let's discuss this in a call.

Related (sub-)question is which user/permission will be used when delete_by_query is run? I assume this is similar to the user that is running the job to delete indices which means pretty powerful user, right?

deleteByQuery() will be executed in the same cron job as the other functions (delete() and rollover()), which means they will all be executed under the same user permissions.

2. Why we do not allow single delete operation for multiple namespaces?

It seems that the delete_by_query API allows for a Prefix query:

analyze_wildcard – Specify whether wildcard and prefix queries should be analyzed (default: false)

The last 2 questions regarding async run and merging we can discuss further in a call

[sasagarw]

This shouldn't be marked as optional. A unique name for each spec is required to be provided.

Suggested change

	// +optional
	Name string `json:"name"` // delete-<namespace_name>
	// +required
	Name string `json:"name"` // delete-<namespace_name>

[sasagarw]

Why this DefaultAge here? Already inside IndexManagementDeleteNamespaceSpec it has been defined right? You can just check that empty and use the default age.

[sasagarw]

You can mark it as +required just for validation purpose.

[sasagarw]

Since this is optional, you can mark them +optional for validation.

[sasagarw]

Suggested change

	// The per namesapce specification to delete documents older than a given minimum age
	Namespaces []IndexManagementDeleteNamespaceSpec `json:"namespaceSpec"`
	// The per namesapce specification to delete documents older than a given minimum age
	Namespaces []IndexManagementDeleteNamespaceSpec `json:"namespaceSpec,omitempty"`

[periklis]

Awesome work! Really amazing progress 🚀

I suggest to add the following changes to the PR for the sake of completeness:

1. When we extend the API we should elaborate if we add the new fields by default in our samples per CRD. I believe this feature belong there too (https://github.com/openshift/elasticsearch-operator/blob/master/config/samples/logging_v1_elasticsearch.yaml)
2. The new cronjobs should be tested for suspend/unspend when ES pods are not available (https://github.com/openshift/elasticsearch-operator/blob/master/internal/indexmanagement/index_management_test.go#L55)

[periklis]

For better visibility that this is required to be configured with Namespaces I suggest we rename this field to something like PruneNamespacesInterval, WDYT?

[btaani]

I agree, I went with PrunePollInterval to be consistent with PollInterval:

elasticsearch-operator/apis/logging/v1/index_management_types.go

Line 34 in 45ea70e

PollInterval TimeUnit `json:"pollInterval"`

But PruneNamespacesInterval is more descriptive

[periklis]

What is // delete-<namespace_name> supposed to tell the reader here?

[btaani]

This one is from the original spike document. I honestly do not use it anywhere inside the code. I'll ask Sashank why he had it there originally. Otherwise I believe it can be omitted

[periklis]

To minimize confusion of API docs readers, I suggest to adapt the field comment to something like:

// Target Namespace to delete logs older than MinAge (defaults to ...)

In addition we should mention that prefix queries like openshift* are allowed here.

[periklis]

As mentioned in a previous call, we should drop this field for a constant in the index_management package.

[periklis]

nit. let's not add unneeded thing into a PR's diff.

[periklis]

This function is actually obsolete as is. We should check for policy.Phases.Delete != nil in the caller site and if it is nil, we should not schedule any delete-by-query cronjob at all instead of scheduling one with an empty command.

[periklis]

I believe we can drop these commented lines as agreed upon that this call should not be executed async, right?

[periklis]

What is this double print good for here? Can't we just simply print the exception into the original stdout?

[btaani]

These were for debugging purposes, will be cleaned up soon

[periklis]

Is this debugging like still required?

[periklis]

Is this source required? As per /tmp/scripts/delete already sourcing the same file?

[btaani]

I believe this was added by mistake, my bad!

[periklis]

This is a bad example actually. The Logging stack does not collect any logs from its component. This recursive collection is counter-productive. A good example would be to collect the openshift-monitoring logs.

[periklis]

Twice make(map[string]string)

[periklis]

Checking len(policy.Phases.Delete.Namespaces) != 0 is more useful here. It ensures that if your slice is nil or empty at the same time, the prune job will not be scheduled.

[periklis]

LGTM after removing all the debug print lines in the delete-by-query script.

[btaani]

/hold
just found an error while testing, I'll find the cause and fix it

[btaani]

/unhold

[sasagarw]

@btaani you need to make the lint happy.
Run make lint locally and it will tell you what to change.

[sasagarw]

Need to drop these debug lines

[btaani]

I think I will keep this one:
print (json.dumps(response, indent=2))
as it shows the detailed response and how many documents were delete or were in conflict

[sasagarw]

But except a developer no one would be interested in this information right? WDYT?
If it can be printed in higher log level then it makes sense to keep here IMO.

[periklis]

/lgtm

[periklis]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: btaani, periklis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [periklis]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment