Add timeout to bulker flush, add default case in failQueue

[juliaElastic]

What is the problem this PR solves?

Scale tests are often blocked at flushing the bulker queue.

How does this PR solve the problem?

Adding a context timeout to the bulker flush so it times out if it takes more time than the deadline.

How to test this PR locally

Ran scale tests here: https://buildkite.com/elastic/observability-perf/builds?branch=increase-poll-action-retries-for-agent-upgrades

Design Checklist

• I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
• I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
• I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

Related issues

Relates https://github.com/elastic/ingest-dev/issues/3783

[mergify]

This pull request does not have a backport label. Could you fix it @juliaElastic? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit

[mergify]

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

[blakerouse]

Currently looking at this the only time this case would be hit would be if the client closes there connection to Fleet Server. As the span, ctx := apm.StartSpan(r.Context(), ... is being used as the context here, so then this section writes the response. Looking at this code, it shouldn't even write the response. If the context is cancelled then that means the client is no longer connected.

[juliaElastic]

the logic of returning CheckinResponse here was added in this pr: https://github.com/elastic/fleet-server/pull/3165/files#diff-e0c02bac8d151e9941eedd5ef643441665ee3d2f78baf42c121edd45dee08ded

Can the context be cancelled only by the client here? I'm wondering if the writeResponse is successful, is it correct to return the AckToken without actions? I'm trying to find where the AckToken is persisted back to ES.
I think it's persisted in action_seq_no field on a successful checkin here:

fleet-server/internal/pkg/checkin/bulk.go

Line 263 in 3fd2a48

fields[dl.FieldActionSeqNo] = pendingData.extra.seqNo

I'm wondering if there is any retry if the agent /acks request fails or fleet-server fails to persist the action result. I've seen some stuck upgrades where the ack failed and it was never retried.
Though when testing this locally with a simulated error instead of writing action result, I see the retries happening.

[blakerouse]

Possible that it gets stuck here processing the policy, as it doesn't create its own context and timeout after a period of time. This is still using the same context of the request connection.

[blakerouse]

Doesn't seem likely that it gets stuck here as ct.bc.CheckIn just grabs a lock and adds to a map. But again it could be possible that there is a dead lock here and that lock is held and never freed. Shouldn't be ruled out.

[juliaElastic]

The long poll issue is reproduced again here: https://github.com/elastic/ingest-dev/issues/3783#issuecomment-2429301669
I'm not seeing any of these added logs showing up, and it still seems to be the issue with the long running ES request.

[cmacknz]

This causes each call to the bulker's Run() function to return unconditionally after 5 minutes, including the one in the fleet server main loop.

You can see this happening in the logs. Every 5 minutes the bulker aborts everything it is doing.

To avoid this unconditional exit you would create the context in doFlush https://github.com/juliaElastic/fleet-server/blob/a9a82eaae87b7c2d4b54d714d34943a970c8f3cd/internal/pkg/bulk/engine.go#L352

That would bound each execution of doFlush to 5 minutes which should have the same effect, but without the logging about constant exiting.

[juliaElastic]

I tried moving the timeout to doFlush but it doesn't work, I think the doFlush function exits too quickly and cancels the context. Flee server doesn't come online at all.
See the logs from a 10k run: https://platform-logging.kb.us-west2.gcp.elastic-cloud.com/app/r/s/S0Wla

[juliaElastic]

I moved the timeout outside of doFlush, see this comment: https://github.com/elastic/ingest-dev/issues/3783#issuecomment-2459697129
Strangely I don't really see the flush timing out anymore, mostly seeing the upgrade step being stuck at 75k runs, 10k runs pass almost always.
I'm seeing this checkin error in the logs.

[juliaElastic]

breaking the loop here makes the bulker exit and be restarted
it seems to help with the upgrade step, tested with a 51k run: https://buildkite.com/elastic/observability-perf/builds/3670#01930bb4-fb8d-47c2-8699-94c0cc471699

Logs: https://platform-logging.kb.us-west2.gcp.elastic-cloud.com/app/r/s/NiMhb

Hm though upgrade seems to be stuck in this 10k run and I don't see any related errors in the logs.
https://buildkite.com/elastic/observability-perf/builds/3673#01930c05-078e-4e75-9453-e3792ab5294e

This change doesn't seem to help overall, had another 75k run stuck in upgrading for the last 500 drones. Logs here.

[mergify]

This pull request is now in conflicts. Could you fix it @juliaElastic? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b es-timeout-long-poll upstream/es-timeout-long-poll
git merge upstream/main
git push upstream es-timeout-long-poll

[blakerouse]

@juliaElastic What is the status of this PR? I see you request another review, are you seeing success with that current state of the PR now? Can you provide a summary of those results?

[juliaElastic]

@juliaElastic What is the status of this PR? I see you request another review, are you seeing success with that current state of the PR now? Can you provide a summary of those results?

I summarized here: https://github.com/elastic/ingest-dev/issues/3783#issuecomment-2467506043
I couldn't reproduce issues with policy change steps anymore with this pr, only upgrade seems to fail sometimes, which seems a different issue.
I would like to merge this if possible, unless we want to wait until the upgrade issue is tracked down too.

[michel-laterman]

These contexts are created in a loop, but the cancels are deffered until the function (Bulker.Run) returns. Should we move context creation to within the doFlush function to prevent this?

[juliaElastic]

I originally added it to doFlush but it didn't work, Fleet Server didn't come up successfully. I think doFlush finishes too quickly and would cancel the context.

[michel-laterman]

should cancel be called after doFlush is called instead?

[cmacknz]

It doesn't work because most of the work happening is asynchronous in a goroutine, so once you unblock from acquiring the semaphore if you cancel immediately you'll exit the goroutine.

fleet-server/internal/pkg/bulk/engine.go

Lines 458 to 461 in 1a23838

	go func() {
	start := time.Now()
	if b.tracer != nil {

There probably needs to be two separate deadlines created in doFlush():

1. On the semaphore acquire call:

   fleet-server/internal/pkg/bulk/engine.go

   Lines 446 to 449 in 1a23838

   	if err := w.Acquire(ctx, 1); err != nil {
   	return err
   	}

2. Inside the goroutine doing the work

   fleet-server/internal/pkg/bulk/engine.go

   Lines 458 to 472 in 1a23838

   	go func() {
   	start := time.Now()
   	if b.tracer != nil {
   	trans := b.tracer.StartTransaction(fmt.Sprintf("Flush queue %s", queue.Type()), "bulker")
   	trans.Context.SetLabel("queue.size", queue.cnt)
   	trans.Context.SetLabel("queue.pending", queue.pending)
   	ctx = apm.ContextWithTransaction(ctx, trans)
   	defer trans.End()
   	}
   	defer w.Release(1)
   	var err error
   	switch queue.ty {

[juliaElastic]

tried to add deadline in doFlush to those 2 places, but it doesn't seem to work
logs: https://platform-logging.kb.us-west2.gcp.elastic-cloud.com/app/r/s/L3Nkr

[michel-laterman]

The context we are wrapping here has a timeout associated with it from line 448.
Is that what we want in this case?

[juliaElastic]

you're right, probably should be separate timeout

[juliaElastic]

made the change, I had a passing 10k and 50k run: https://buildkite.com/elastic/observability-perf/builds/3745

75k run stuck in upgrading: https://buildkite.com/elastic/observability-perf/builds/3746#019377e3-7719-494b-a952-86c06b748960
I'm only seeing deadline errors with the message find action which comes from handleAck, not the bulker
https://platform-logging.kb.us-west2.gcp.elastic-cloud.com/app/r/s/4Xwhw

I don't know though how much this timeout helps, since it is hard to reproduce it expiring.

In the last few weeks the scale tests on main (without the changes in this pr) were quite stable, and only failed for 30k+ runs on the upgrade step: https://buildkite.com/elastic/observability-perf/builds?branch=main

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
78.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[blakerouse]

Change looks good. Great to hear that happens to have 10k and 50k scale testing pass.