Restore e2e test failures on cluster health retrieval

[sebgl]

We disabled error reporting (leading to e2e test failure) when we cannot
retrieve the health.
A "valid case" to not being able to retrieve the cluster health is when
we're restarting/removing the master node of a cluster. During leader
election, the cluster is temporarily unavailable to such requests.
This is way better with v7 clusters and zen2, for which unavailability
is made a lot smaller, but can still happen.

To solve that, let's only report health check requests failures that
contiguously happen for more than a threshold (1 minute here).

Fixes #614.

[barkbay]

Thank you, forgot that one 😳
I will try to run it a few times on a test cluster.

[pebrc]

I think technically the same thing can happen on a 7.x cluster (as you mentioned in the issue description) especially under load. It is just that the likelihood of such an event is much much lower because master elections are typically sub-second in 7.x. iiuc

I wonder if we will be able to observe this short unavailability in the tests.

[sebgl]

I don't know. Maybe worth waiting to see if that ever happens?

[barkbay]

I ran the test a few times and it has always failed for ES 7.x:

    --- FAIL: TestMutationMdiToDedicated/Elasticsearch_cluster_health_should_not_have_been_red_during_mutation_process (0.00s)
        steps_mutation.go:95:
            	Error Trace:	steps_mutation.go:95
            	Error:      	Not equal:
            	            	expected: 0
            	            	actual  : 1
            	Test:       	TestMutationMdiToDedicated/Elasticsearch_cluster_health_should_not_have_been_red_during_mutation_process
        steps_mutation.go:97: Elasticsearch cluster health check failure at 2019-09-27 12:41:32.771121224 +0000 UTC m=+105.114006423: Get https://test-mutation-mdi-to-dedicated-trcf-es-http.e2e-xna3f-mercury.svc:9200/_cluster/health: dial tcp 10.59.247.229:9200: i/o timeout
FAIL
FAIL	github.com/elastic/cloud-on-k8s/test/e2e/es	109.030s

    --- FAIL: TestMutationMdiToDedicated/Elasticsearch_cluster_health_should_not_have_been_red_during_mutation_process (0.00s)
        steps_mutation.go:95:
            	Error Trace:	steps_mutation.go:95
            	Error:      	Not equal:
            	            	expected: 0
            	            	actual  : 1
            	Test:       	TestMutationMdiToDedicated/Elasticsearch_cluster_health_should_not_have_been_red_during_mutation_process
        steps_mutation.go:97: Elasticsearch cluster health check failure at 2019-09-27 14:09:14.06069233 +0000 UTC m=+86.036044375: Get https://test-mutation-mdi-to-dedicated-4fgv-es-http.e2e-dbenc-mercury.svc:9200/_cluster/health: dial tcp 10.59.252.175:9200: connect: connection refused

[sebgl]

Thanks for testing @barkbay! I cannot reproduce the failure locally :(

[sebgl]

I guess we'll have to simply ignore errors then? Pretty hard to detect when the master was killed and ignore errors only at that moment from the e2e tests point of view.

[pebrc]

I guess we'll have to simply ignore errors then?

Can we not derive from the type of mutation whether or not a short downtime is to be expected? E.g. rolling master nodes? downtime OK, rolling data nodes: NOK

[sebgl]

Can we not derive from the type of mutation whether or not a short downtime is to be expected?

Indeed that sounds feasible in theory.
We already have an imperfect version of this check there:

cloud-on-k8s/test/e2e/test/elasticsearch/checks_data.go

Lines 162 to 176 in 6156d47

	// attempt do detect a rolling upgrade scenario
	// Important: this only checks ES version and spec, other changes such as secure settings update
	// are tricky to capture and ignored here.
	isVersionUpgrade := initial.Elasticsearch.Spec.Version != b.Elasticsearch.Spec.Version
	httpOptionsChange := reflect.DeepEqual(initial.Elasticsearch.Spec.HTTP, b.Elasticsearch.Spec.HTTP)
	for _, initialNs := range initial.Elasticsearch.Spec.Nodes {
	for _, mutatedNs := range b.Elasticsearch.Spec.Nodes {
	if initialNs.Name == mutatedNs.Name &&
	(isVersionUpgrade || httpOptionsChange || !reflect.DeepEqual(initialNs, mutatedNs)) {
	// a rolling upgrade is scheduled for that NodeSpec
	// we need at least 1 replica per shard for the cluster to remain green during the operation
	return 1
	}
	}
	}

In practice, I think most of our rolling upgrade E2E tests have master+data nodes though, for convenience. Not sure the data vs. master distinction brings much, but still worth doing it right :)

[barkbay]

So it has just worked 3 time in a row with 7.3 (I have been testing with 7.1 and 7.2 so far), maybe that there are some improvements in ES 7.3.

Anyway IIRC it is expected to have a red status when a master leaves the cluster. It is supposed to affect the cluster for a very short time but it happens.
One solution would be to tolerate a few errors, as you can see it is a matter of 1 error, so maybe tolerate 2 or 3 errors and fail if there 're more ?

[sebgl]

Discussed outside this PR: maybe change the implementation so we allow max. 1min contiguous errors to happen (corresponding to a maximum allowed leader election duration). If more, return the error.

[sebgl]

I changed the implementation to allow http requests to return errors on health check, only if those occurs do not happen continuously for more than 60 seconds. The goal here is to allow normal leader elections to happen, but catch leader elections that would take too long (> 60sec).

A race condition may still occur if we kill eg. 3 times the master node in order during a rolling upgrade, in such a way that e2e tests don't have time to catch up in between.
I changed the default timeout to 5 seconds to minimise chances that this occurs.
Since we recently changed the readiness check to be much more permissive, I observed the cluster to be unavailable for a smaller period of time (no need to wait for pods to see the master to end up in the service endpoints). So I'd say while the race can definitely still happen, it's rather unlikely. I'm open to suggestions to improve that.

[pebrc]

LGTM!

[pebrc]

linter says time.Since is better :-)

[sebgl]

Jenkins test this please.

[sebgl]

Jenkins test this please.