Tighten on when THROTTLE decision can be returned

[ywangd]

For allocation simulation, allocation decisions should not be THROTTLE for moveShards and balance. Allocate unassigned shards should not see THROTTLE unless there is prior shard assignment. This PR makes this statement explicit by fixing test allocation decider and HasFrozenAllocationDecider as well as adding relevant assertions.

Relates: ES-12955

[elasticsearchmachine]

Pinging @elastic/es-distributed-coordination (Team:Distributed Coordination)

[ywangd]

Initially, I wanted to ensure that no THROTTLE can be returned at all unless there is prior shard movement. But HasFrozenCacheAllocationDecider is not compatible with the idea. We also have existing code explicitly checking for it. So it seems that we have to live with this exception. As a result, I added assertions and fixed RandomAllocationDecider to make this exception more explicit. I am open to suggestions.

[ywangd]

It would be great if we could check that the THROTTLE decision is actually from the HasFrozenCacheAllocationDecider. But it's not really feasible. Instead, we can check it's a frozen index. Not really ideal, but seems to be the best we can do.

[nicktindall]

I'm not a big fan of putting knowledge of specific deciders in here, as discussed, I wonder if HasFrozenAllocationDecider is abusing THROTTLE anyway. My reasoning was:

In the canAllocateUnassigned logic we'll wait for the outcome of a lower-weight THROTTLE when we have higher-weight YES so that would mean this decider can defer the allocation of a partial searchable snapshot while a non-frozen node was initialising doesn't it?
I would think we'd return NO until the setting was loaded?

It seems like returning THROTTLED while we wait to find out if the node can host frozen shards could mean we defer allocating the shard to another node that we KNOW can host frozen shards, while waiting to find out if an initialising node is a frozen node.

[ywangd]

we defer allocating the shard to another node that we KNOW can host frozen shards, while waiting to find out if an initialising node is a frozen node.

That is true. I also wonder whether it is intentional since otherwise the shards will be assigned to an existing node only to relocate later momentarily. That said, after reading through code around HasFrozenAllocationDecider, I believe it is OK to return NO since it should not change the beahviour. That is because we always call allocateExistingUnassignedShards before calling into the allocator. This method uses SearchableSnapshotAllocator to allocate unassigne shards first. It also checks cache status and reject allocation when cache state is still being fetched. It in turns places the shard in the ignored list and BalancedShardAllocator ignores them as well. In short, the allocation decision for paritially mounted shards are made earlier in a different place so that it should not matter for the decider to return NO.

[ywangd]

We can potentially remove this branch in future. For now, adding the assertion seems to be a good first step.

[DiannaHohensee]

I think if we can't confidently get rid of this code, then we aren't really sure we're not throttling with the changes. This should at least have a planned follow up action that is more certain.

[ywangd]

I believe it is safe to remove. My usage of "potential" may be confusing. It does not imply less confidence, was just bad wording.

Adding assert false ensures it does not happen in tests and is equivalent to deprecation. I'd prefer to have it first to run through CIs for sometime before finally removing it. It is also because the existing comment has an issue linked to it #87279 and it'd be great to spend some time separately to see whether it can be closed while removing the branch. I raised ES-13282 specifically for deleting this branch.

[nicktindall]

All this change LGTM pending the question of whether we can make HasFrozenCacheAllocationDecider return NO while we're initialising the node so that we can remove the special knowledge of it from here?

[DiannaHohensee]

The purpose of this task is to gain confidence that the THROTTLE decision is not encountered, but right now this patch doesn't provide that confidence. This isn't in the hot-path, so I don't think we need to rush the change. I'd rather sort out the Decider before proceeding.

[DiannaHohensee]

Can we simplify the code by making this

assert ....
if (completeEarlyOnShardAssignmentChange && routingNodes.getRelocatingShardCount() > 0) {
    return true;
}
continue;

[ywangd]

Not really. We still want to track shardBalanced when it is not simulation.

[DiannaHohensee]

I think if we can't confidently get rid of this code, then we aren't really sure we're not throttling with the changes. This should at least have a planned follow up action that is more certain.

[ywangd]

@nicktindall @DiannaHohensee The PR is ready for another look. In summary, I have taken Nick's suggestion for returning NO from HasFrozenAllocationDecider.

I spent quite some time reading through relevant code for searchable snapshot indices allocation. I believe it is safe to do so.

1. Unassigned searchable snapshot shards are allocated elsewhere, see also this comment.
2. For relocations, throttle is effectively a NO and unlike unassigned shards, there is no urgency for them.

[ywangd]

HasFrozenAllocationDecider does not differentiate between fetching node state (FETCHING) and no-such-node (UNKNOWN). The later can only happen when a node leaves the cluster which seems more justified to say NO. In any case, they do not really impact SearchableSnapshotAllocator which is what matters for allocating unassigned searchable snapshot shards.
Btw, I can also undo the split if it is considered unrelated.

[ywangd]

The comment about HasFrozenCacheAllocationDecider had me concerned for some time. Adding this assertion to make it clear that throttled status can only come from DesiredBalanceInput#ignoredShards, i.e. they are not produced by BalancedShardAllocator.