elasticsearch: readiness probe extension #609
Conversation
wozniakjan
requested review from
richm,
lukas-vlcek,
portante,
jcantrill and
t0ffel
wozniakjan
force-pushed
the
es_readiness_probe
branch
2 times, most recently
from
169cb95
to
0540d24
Compare
|
@wozniakjan Regarding 'We need to ensure pod is still accessible by admin or by using admin certs' this is not intended to implemented in the probe but more a note we need to ensure that when a pod is in a status such that it is not ready, that we can still access the member of the node to obtain information (e.g. _cat/indices). I believe the ACL backend registry will allow you to do this assuming you have access to the admin certs |
wozniakjan
force-pushed
the
es_readiness_probe
branch
from
0540d24
to
615f6d8
Compare
wozniakjan
changed the title
elasticsearch/probe/readiness.sh
Outdated
| | python -c "import sys, json; print json.load(sys.stdin)['count']") | ||
|
|
||
| if [ "$sg_doc_count" != $EXPECTED_SG_DOCUMENT_COUNT ]; then | ||
| echo "Incorrect SG document count, expected $EXPECTED_SG_DOCUMENT_COUNT [received doc count: ${sg_doc_count}]" |
There was a problem hiding this comment.
see above comment about errors
wozniakjan
force-pushed
the
es_readiness_probe
branch
from
615f6d8
to
9e64af7
Compare
|
[test] |
wozniakjan
force-pushed
the
es_readiness_probe
branch
from
9e64af7
to
f52a737
Compare
|
@jcantrill I updated versions of elasticsearch cloud kubernetes plugin and tested again. All seems to be ready for merge and QE tests. |
additional checks in readiness probe:
1) localhost:9200/ returns OK 200
2) localhost:9200/.searchguard.${DC_NAME} returns OK 200
3) localhost:9200/_template/${template} returns OK 200 for each template
in $ES_HOME/index_templates/*.json
4) localhost:9200/.searchguard.$DC_NAME/_search?size=0 returns count of
5 documents in the response body
wozniakjan
force-pushed
the
es_readiness_probe
branch
from
f52a737
to
c691f2a
Compare
|
[test] |
|
Evaluated for origin aggregated logging test up to c691f2a |
|
Origin Aggregated Logging Test Results: SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin_aggregated_logging/378/) (Base Commit: 0b6cc33) (PR Branch Commit: c691f2a) |
|
@jcantrill tests are passing, my local tests also succeeded, do you think we can merge it? |
|
[merge] |
|
Evaluated for origin aggregated logging merge up to c691f2a |
|
Origin Aggregated Logging Merge Results: SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin_aggregated_logging/158/) (Base Commit: b3418b5) (PR Branch Commit: c691f2a) |
|
I have some reservations about this probe. This relies on the cluster being operational for the probes to work. If the searchguard index is sharded across all nodes of the cluster, and one of the nodes is not available, then will this probe work? Fundamentally, readiness probes should not relied on the cluster-wide state of Elasticsearch to determine if one pod is ready to join the service. |
Each probe verifies only its own searchguard index. If fewer than half of ES pods aren't available, rest of the service remains operational. Those malfunctioning ES pods will be removed from ES service and the service will loadbalance only across working pods forming a cluster.
I am afraid there is no way around it. It is ES internal mechanism and a single pod is not ready until it negotiates with a subset of his peers to form an operational cluster according to its configuration. |
|
How can we test this on a real, live, multi-node cluster, so we can try to reproduce some of these scenarios @portante is describing? |
Are not indices in Elasticsearch maintained cluster wide? Don't they have state that is managed across all nodes in the cluster? If that is not the case, share where that is documented to be otherwise. Assuming it is cluster-wide state, making it part of a pod's readiness probe does not make sense. There is a way to drop per-ES pod searchguard indices which would make this particular issue go away. But it still holds a that a readiness probe is per pod, and as such, should not rely on service or ES cluster state to determine its readiness to join the service. |
|
@richm locally I tested the searchguard index miss by creating an image that had this commented out and deployed cluster with 3 nodes. Then another image with this line back and redeploy 2 out of 3 images. Two images formed an operational cluster, one was still waiting for the probe to succeed and was, therefore, dropped out of the service |
Interim readiness probe until multi-role Elasticsearch topology from openshift/openshift-ansible#5001 is introduced.
Proposed changes are based on this document: https://docs.google.com/document/d/1m9-LXr-UThs9WhRfkFRbwf1Lppxa5Opw_PYRY1wuDbY/
List of implemented readiness probe checks:
localhost:9200/returnsOK 200localhost:9200/.searchguard.${DC_NAME}returnsOK 200localhost:9200/_template/${template}returnsOK 200for each$templatein$ES_HOME/index_templates/*.jsonlocalhost:9200/.searchguard.$DC_NAME/_countreturns count of 5 documents in the response bodyDepends on this PR