-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate source of an index in LuceneChangesSnapshot #32288
Conversation
Today we make _source optional in the LuceneChangesSnapshot then validate it in ShardChangesAction. This approach, however, prevents deletes and no-ops from replicating in CCR because accessing _source is forbidden in Deletes and Noops. Moreover, _source should be required for an index. This change checks _source in LuceneChangesSnapshot and fails a read request if _source is not available.
Pinging @elastic/es-distributed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, though I asked a question..
@@ -258,10 +258,19 @@ private TopDocs searchOperations(ScoreDoc after) throws IOException { | |||
assert assertDocSoftDeleted(leaf.reader(), segmentDocID) : "Delete op but soft_deletes field is not set [" + op + "]"; | |||
} else { | |||
final BytesReference source = fields.source(); | |||
if (source == null) { | |||
if (requiredFullRange) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this tied to requiredFullRange
so deep?
PS - I thought we were heading towards always requiring full ranges? this make this problem moot.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CCR always requires full-range but recovery does not require full-range.
why is this tied to requiredFullRange so deep?
Good question. I will think about it.
Recovery also requires a full range, we don’t enforce it on this level
because of simplicity. Check that we wait for the local checkpoint to go
above the max seq no we sample and that we validate it when shipping.
…On Tue, 24 Jul 2018 at 7:26 PM, Nhat Nguyen ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In
server/src/main/java/org/elasticsearch/index/engine/LuceneChangesSnapshot.java
<#32288 (comment)>
:
> @@ -258,10 +258,19 @@ private TopDocs searchOperations(ScoreDoc after) throws IOException {
assert assertDocSoftDeleted(leaf.reader(), segmentDocID) : "Delete op but soft_deletes field is not set [" + op + "]";
} else {
final BytesReference source = fields.source();
+ if (source == null) {
+ if (requiredFullRange) {
CCR always requires full-range but recovery does not require full-range.
why is this tied to requiredFullRange so deep?
Good question. I will think about it.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#32288 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA9bJ6QQW-xmlOgPCG7gFmo0h3aYGaCxks5uJ0qngaJpZM4VbT50>
.
|
@bleskes I see what you meant. Once this TODO https://github.com/elastic/elasticsearch/blob/ccr/server/src/main/java/org/elasticsearch/indices/recovery/RecoverySourceHandler.java#L167 gets in, I will remove this leniency. |
@elasticmachine test this please |
@elasticmachine retest this please |
* elastic/ccr: (57 commits) ShardFollowNodeTask should fetch operation once (elastic#32455) Do not expose hard-deleted docs in Lucene history (elastic#32333) Tests: Fix convert error tests to use fixed value (elastic#32415) IndicesClusterStateService should replace an init. replica with an init. primary with the same aId (elastic#32374) REST high-level client: parse back _ignored meta field (elastic#32362) [CI] Mute DocumentSubsetReaderTests testSearch Reject follow request if following setting not enabled on follower (elastic#32448) TEST: testDocStats should always use forceMerge (elastic#32450) TEST: avoid merge in testSegmentMemoryTrackedInBreaker TEST: Avoid deletion in FlushIT AwaitsFix IndexShardTests#testDocStats Painless: Add method type to method. (elastic#32441) Remove reference to non-existent store type (elastic#32418) [TEST] Mute failing FlushIT test Fix ordering of bootstrap checks in docs (elastic#32417) [TEST] Mute failing InternalEngineTests#testSeqNoAndCheckpoints Validate source of an index in LuceneChangesSnapshot (elastic#32288) [TEST] Mute failing testConvertLongHexError bump lucene version after backport Upgrade to Lucene-7.5.0-snapshot-608f0277b0 (elastic#32390) ...
Today it's possible to encounter an Index operation in Lucene whose _source is disabled, and _recovery_source was pruned by the MergePolicy. If it's the case, we create a Translog#Index without source and let the caller validate it later. However, this approach is challenging for the caller. Deletes and No-Ops don't allow invoking "source()" method. The caller has to make sure to call "source()" only on index operations. The current implementation in CCR does not follow this and fail to replica deletes or no-ops. Moreover, it's easier to reason if a Translog#Index always has the source.
Today it's possible to encounter an Index operation in Lucene whose _source is disabled, and _recovery_source was pruned by the MergePolicy. If it's the case, we create a Translog#Index without source and let the caller validate it later. However, this approach is challenging for the caller.
Deletes and No-Ops don't allow invoking "source()" method. The caller has to make sure to call "source()" only on index operations. The current implementation in CCR does not follow this and fail to replica deletes or no-ops.
It's easier to reason if a Translog#Index always has the source.