Feature/QuerySandbox(ResourceLimitGroup) Add sandbox schema and tracking framework

[kaushalmahi12]

Description

As part of limiting the resource usage to the group of queries(Query Sandboxing/resourceLimitGroups). The feature is broken down into 3 independent parts.

• CRUD APIs (Will go into the Plugin)
• Request Tagging/Classification (Will go into the Plugin)
• Tracking and Monitoring

This change sets up the tracking and monitoring framework which consists of

• Schema for defining these groups/sandboxes
• Service which will run on a 1 second interval. This class is not functional as it needs to be added in the Node.java
• Service level settings
• Logic to propagate the sandbox/resourceLimitGroup from coordinator to data nodes.

Remaining Changes

• Will add the Tests for Service once the CRUD APIs are raised and merged
• ResourceTracking tests once CRUD APIs are raised and merged
• Enable the service

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)
• Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

✅ Gradle check result for 5ba7535: SUCCESS

[codecov]

Codecov Report

Attention: Patch coverage is 50.50167% with 148 lines in your changes missing coverage. Please review.

Project coverage is 71.28%. Comparing base (b15cb0c) to head (5ba7535).
Report is 373 commits behind head on main.

❗ Current head 5ba7535 differs from pull request most recent head 3afd9db

Please upload reports for the commit 3afd9db to get more accurate results.

Files	Patch %	Lines
...esourceLimitsGroupResourceUsageTrackerService.java	0.00%	41 Missing ⚠️
...h/cluster/metadata/ResourceLimitGroupMetadata.java	38.29%	29 Missing ⚠️
...esource_limit_group/ResourceLimitGroupService.java	0.00%	23 Missing ⚠️
...java/org/opensearch/cluster/metadata/Metadata.java	0.00%	18 Missing ⚠️
...limit_group/ResourceLimitGroupServiceSettings.java	62.79%	14 Missing and 2 partials ⚠️
...pensearch/cluster/metadata/ResourceLimitGroup.java	92.39%	2 Missing and 5 partials ⚠️
...e_limit_group/module/ResourceLimitGroupModule.java	0.00%	5 Missing ⚠️
...va/org/opensearch/action/search/SearchRequest.java	55.55%	2 Missing and 2 partials ⚠️
...pensearch/rest/action/search/RestSearchAction.java	0.00%	1 Missing and 1 partial ⚠️
...opensearch/search/internal/ShardSearchRequest.java	75.00%	0 Missing and 2 partials ⚠️
... and 1 more

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #13311      +/-   ##
============================================
- Coverage     71.42%   71.28%   -0.14%     
- Complexity    59978    60609     +631     
============================================
  Files          4985     5045      +60     
  Lines        282275   285730    +3455     
  Branches      40946    41358     +412     
============================================
+ Hits         201603   203685    +2082     
- Misses        63999    65152    +1153     
- Partials      16673    16893     +220     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

❌ Gradle check result for d2a19ee: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[jainankitk]

We don't have the logic for request rejection in this PR, right?

[jainankitk]

This class does not have any other setters. Why not set the resourceLimitGroupId within the constructor itself?

[kaushalmahi12]

We can't do that because of following reasons

• Task is created way up in the stack: https://github.com/opensearch-project/OpenSearch/blob/main/server/src/main/java/org/opensearch/action/support/TransportAction.java#L101
• All of these TaskAwareRequests TaskAwareRequest interface
  So we won't have the resourceLiimitGroupId

but we will change the information is coming in the searchRequest so this will likely not be present in final change.

[jainankitk]

Same as SearchShardTask

[kaushalmahi12]

Same as above,
This is where shard level task are created : https://github.com/opensearch-project/OpenSearch/blob/main/server/src/main/java/org/opensearch/transport/RequestHandlerRegistry.java#L91

so basically the tasks are created by TaskManager using TaskAwareRequest.

[jainankitk]

nit: Move these methods before inner class definitions for more clarity

[jainankitk]

nit: typo in dataStreanDiff

[jainankitk]

Shouldn't we apply the difference in resourceLimitGroup to existing one for more efficient internode cluster state publication?

[kaushalmahi12]

In the diff we are only including the diff of ResourceLimitGroups so it should be fine.

[jainankitk]

nit: we can call this deleteRLG since we don't track the groups after hard deletion

[jainankitk]

And, we can keep the reference to original RLG instead of just id?

[jainankitk]

Do we really need to stream the task list twice?

[kaushalmahi12]

We can merge the .map logic of these together.

[jainankitk]

You can write generic method for streaming the list of ALLOWED_RESOURCES, and get corresponding value based on the resource type

[kaushalmahi12]

Yes! Makes sense

[jainankitk]

nit: incomplete documentation?

[jainankitk]

If task completion is overridden, we don't need to stream the list of deleted RLGs? Although, should not matter given RLG deletion should be rare

[kiranprakash154]

Suggested change

	public SearchRequest resourceLimitGroupId(String resourceLimitGroupId) {
	public SearchRequest setResourceLimitGroupId(String resourceLimitGroupId) {

[kaushalmahi12]

I had kept this method aligned with other methods in the class.

[kiranprakash154]

Suggested change

	public String resourceLimitGroupId() {
	public String getResourceLimitGroupId() {

[kaushalmahi12]

I had kept this method aligned with other methods in the class.

[kiranprakash154]

nit:

Suggested change

	public Builder resourceLimitGroups(final Map<String, ResourceLimitGroup> resourceLimitGroups) {
	public Builder putResourceLimitGroups(final Map<String, ResourceLimitGroup> resourceLimitGroups) {

[kaushalmahi12]

I have kept these methods inline with rest of the methods in class. These are Builder methods so I think it makes sense

[kiranprakash154]

we should have an id field to refer a sandbox internally with the id. The name can be a user-facing entity, according to the published RFC - https://docs.google.com/document/d/1Bp7JnDLectuv3PviyXO0FWV6Tg3wKQOTnzC0PUYXZ6I/edit#heading=h.jrflzibacpc7

[kiranprakash154]

We should have an isDeleted field or something that denotes it has been deleted and in the drain mode only, i.e only the already running searches are left to run. Without this field, we cannot drop an incoming request when a ResourceLimitGroup is marked for deletion and in that drain phase.

[kiranprakash154]

Actually, I dont think we need isDeleted as I'm guessing the delete API will remove it from the clusterState, so it wont be ever returned as a value here activeResourceLimitGroups = new ArrayList<>(clusterService.state().metadata().resourceLimitGroups().values());

In that case, where are we verifying the user provided ResourceLimitGroup is a valid ResourceLimitGroup or not ?

[kaushalmahi12]

We will handle that in the tracking part, We will simply track these invalidly tagged tasks under default catch all sandbox.

[kiranprakash154]

i think limit or threshold are better than value ?
value seems a little vague to me

[kaushalmahi12]

that is true in the context.

[kiranprakash154]

why not just name ?

[kiranprakash154]

I think we need to make an abstract class of Resource.
Which CPU/JVM extends, that way we can accomodate in the long term to be able to provide JVM as bytes or or add a new resource etc.

Using Factory pattern to create a valid Resource like

public class ResourceFactory {
    public Resource createResource(String type) {
        if (type.equalsIgnoreCase("CPU")) {
            return new CPU();
        } else if (type.equalsIgnoreCase("JVM")) {
            return new JVM();
        }
        throw new IllegalArgumentException("Invalid resource type");
    }
}

[kaushalmahi12]

We can encapsulate the Resource into a class. But all that would do is rename the class

[kiranprakash154]

Suggested change

	if (Double.compare(value, 1.0) > 0) {
	if (value > 1.0) {

this is much simpler ?

[kaushalmahi12]

I added this just for the accuracy purposes as We can only hold doubles/floats precise upto a digit after decimal

[kiranprakash154]

Suggested change

	private static final Long DEFAULT_RUN_INTERVAL_MILLIS = 1000l;
	private static final Long DEFAULT_RUN_INTERVAL_MILLIS = 1_000L;

[kiranprakash154]

I believe ResourceLimit is called by an API that creates a new ResourceLimitGroup ?
If this is user facing then we should let them use a string ending with % like 10% or a double value of 0.1.
We can follow something similar to this - https://github.com/opensearch-project/OpenSearch/blob/main/server/src/main/java/org/opensearch/indices/IndicesRequestCache.java#L837C1-L857C6

[kiranprakash154]

should we avoid storing these values at the instance level to avoid synchronization issues and always fetch the activeResourceLimitGroups from the clusterService ?

[kaushalmahi12]

This is calculated every second so this is always upto date. Am I missing something here ?

[kiranprakash154]

Should this be hardcoded to CancellableTask ? should/would we ever tag a non CancellableTask type to a ResourceLimitGroup ?

[kaushalmahi12]

No

[kiranprakash154]

are both requestCanceller and taskCanceller required ?

[kaushalmahi12]

Good Catch! This is a miss from my end. No, only one is required.

[kiranprakash154]

This class is overburdened with multiple responsibilities - Tracking resource usage, Managing task cancellations and Handling resource pruning and deletion.
I think we need to break them into their own classes.

Something like

public class ResourcePruningService implements ResourcePruner {}
public class TaskCancellationService implements TaskCanceller {}
public class ResourceUsageService implements ResourceUsageTracker {}

[kaushalmahi12]

Yes, We will be creating these concrete implementations. This PR is going to serve as the Parent PR for upcoming small PRs which are breakdown of this.

[github-actions]

❌ Gradle check result for 3afd9db: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[opensearch-trigger-bot]

This PR is stalled because it has been open for 30 days with no activity.

[opensearch-trigger-bot]

This PR is stalled because it has been open for 30 days with no activity.

[jainankitk]

I guess we can close this PR. @kaushalmahi12 - Please reopen if needed