SOLR-17519: CloudSolrClient with HTTP ClusterState can forget live nodes and then fail

[mlbiscoc]

https://issues.apache.org/jira/browse/SOLR-17519

Description

In BaseHttpClusterStateProvider if all initially passed nodes except for 1 go down, then CSP will only be aware of the 1 live node. If that node were to go down and any of the other initially passed nodes were to recover, CSP would not be able to connect to get latest cluster state of live nodes because it only holds the address of the now downed node.

Solution

CSP holds immutable initialNodes which is used to never remove this set from live nodes to keep it resilient. Now if the case above were to occur, CSP would still be able to get cluster state and latest set of live nodes because live nodes always has the initial set. Live nodes can also hold new nodes that are added to the cluster after CSP initialization but those are removable unlike the initial nodes.

Tests

testClusterStateProviderDownedInitialLiveNodes tests the above test case and used to fail.
testClusterStateProviderLiveNodesWithNewHost tests live nodes with a 3rd added new host after CSP is initialized which is removable but initial nodes are always still present to be reachable by CSP.

Checklist

Please review the following and check all that apply:

• I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
• I have created a Jira issue and added the issue ID to my pull request title.
• I have given Solr maintainers access to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation)
• I have developed this patch against the main branch.
• I have run ./gradlew check.
• I have added tests for my changes.
• I have added documentation for the Reference Guide

[dsmiley]

Thanks for the PR!

[dsmiley]

right away, I'm surprised. I can understand needing two sets, but 3? IMO knownNodes doesn't need to exists; that's the same as liveNodes. I see below you've changed many references from liveNodes to knownNodes but I recommend against doing that because the exact wording of "liveNodes" is extremely pervasive in SolrCloud (well known concept) so let's not have a vary it in just this class or any class.

[mlbiscoc]

I originally did it with just liveNodes but liveNodes is returned to the client which from it's name I was thinking they would assume they are "live". If we just place all the nodes into liveNodes thats not necessarily true, right? If the current set hold all the initially passed nodes, it isn't guaranteed it's live which is why I switched to known nodes while live is what was actually fetched from ZooKeeper.

[dsmiley]

There's no guarantee that getLiveNodes is going to return a list of reachable nodes. A moment after returning it, a node could become unreachable. So it's "best effort" and the caller has to deal with failures by trying the other nodes in the list and/or getting a possibly refreshed list.

[mlbiscoc]

Thats fair. Removed known nodes and put everything into live nodes while using the initial set inside all the time.

[dsmiley]

I think the idea of this JIRA issue is that we'll take the Solr URLs as configured and use this is the initial / backup liveNodes. I think this is a very simple idea to to document/understand/implement.

[dsmiley]

static fields in tests that refer to Solr should be null'ed out, so there's some burden to them. Here... I think you could avoid these altogether and simply call cluster.getJettySolrRunner(0) which isn't bad!

[dsmiley]

could add a convenience method if you like.

[dsmiley]

This test should set the system property solr.solrj.cache.timeout.sec to maybe 1ms and then you can merely sleep for like a 100 milliseconds.

[mlbiscoc]

Cache timeout setting is in seconds and pulls an int. Can't make it 1ms. This probably should have had better granularity instead of increments of seconds.

I could change cacheTimeout to take milliseconds as the int instead but that would change peoples system property not using the default. So if they set the cache timeout to 5 seconds, it now turns into 5ms if they are not aware of this change.

[mlbiscoc]

I think the idea of this JIRA issue is that we'll take the Solr URLs as configured and use this is the initial / backup liveNodes. I think this is a very simple idea to to document/understand/implement.

That makes sense. This leaves me with a few questions then. Shouldn't this take a list of URL or URI java object to verify actual non malformed URLs instead of a list of strings? I created the functions below to convert these Strings into cluster state nodeNames for liveNodes

[dsmiley]

great idea to do basic URL malformed checks like this

[mlbiscoc]

Not sure if these methods belong here but it is required to convert the initial set of String urls into cluster state node names

[dsmiley]

Why is this 3 lines of extra copy-ing instead of nothing more than: this.liveNodes = Set.copyOf(nodes); ? That is, why are we touching / using initialNodes at all here?
Maybe an IllegalArgumentException if nodes.isEmpty.

[mlbiscoc]

My idea was to not do another loop through if liveNodes was exhausted. initalNodes would always exist in liveNodes with this set method. Let me refactor again from your suggestion comment

[dsmiley]

Could easily be converted to a single expression with streams

[dsmiley]

can you find other code in Solr doing this? Surely it's somewhere.

[dsmiley]

should be a static method that with a unit test

[mlbiscoc]

Hmm maybe... I found getBaseUrlForNodeName but it's going the other way nodeName->url. Let me look around more

[dsmiley]

If we exhaust liveNodes, shouldn't we then try the initial configured nodes, and then only failing that, throw an exception?

[dsmiley]

I simplified characterization of how I think this should be done:

• on initialization, copy the configured URLs to a field for safe keeping. Convert to URL if you like (validates if malformed)
• on initialization, liveNodes shall be empty; we haven't fetched it yet. Ideally we don't even try to on initialization.
• when getLiveNodes is called and it's not out of date, return it. If it's out of date, loop live nodes and then the initial configured URLs for the first server that will respond to fetch the current live nodes.