Limit size of shardDeleteResults#133558
Merged
joshua-adams-1 merged 48 commits intoelastic:mainfrom Oct 21, 2025
Merged
Conversation
Modifies `BlobStoreRepository.ShardBlobsToDelete.shardDeleteResults` to have a variable size depending on the remaining heap space rather than a hard-coded 2GB size which caused smaller nodes with less heap space to OOMe. Relates to elastic#131822 Closes ES-12540
…-1/elasticsearch into limit-shard-blobs-to-delete
joshua-adams-1
commented
Aug 26, 2025
server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java
Outdated
Show resolved
Hide resolved
DaveCTurner
reviewed
Aug 26, 2025
server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java
Outdated
Show resolved
Hide resolved
Modifies `addShardDeleteResult` to only write to `shardDeleteResults` when there is capacity for the write
DaveCTurner
reviewed
Sep 2, 2025
server/src/main/java/org/elasticsearch/common/io/stream/BytesStreamOutput.java
Outdated
Show resolved
Hide resolved
BlobStoreRepository
…ard-blobs-to-delete
…-1/elasticsearch into limit-shard-blobs-to-delete
DaveCTurner
reviewed
Sep 4, 2025
server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java
Outdated
Show resolved
Hide resolved
DaveCTurner
reviewed
Oct 7, 2025
| // We only want to read this shard delete result if we were able to write the entire object. | ||
| // Otherwise, for partial writes, an EOFException will be thrown upon reading | ||
| if (this.truncatedShardDeleteResultsOutputStream.hasCapacity()) { | ||
| successfullyWrittenBlobsCount += 1; |
Member
There was a problem hiding this comment.
This replaces resultCount but it's the count of the number of successfully recorded shards not blobs.
| if (this.truncatedShardDeleteResultsOutputStream.hasCapacity()) { | ||
| successfullyWrittenBlobsCount += 1; | ||
| } else { | ||
| leakedBlobsCount += 1; |
Member
There was a problem hiding this comment.
Likewise this is recording the number of shards with leaked blobs rather than the number of leaked blobs. However, rather than just renaming the variable I think we should actually count the number of leaked blobs (i.e. += blobsToDelete.size() here).
server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java
Show resolved
Hide resolved
server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java
Show resolved
Hide resolved
DaveCTurner
reviewed
Oct 14, 2025
Member
DaveCTurner
left a comment
There was a problem hiding this comment.
Good stuff, I left only tiny nits about the production code and a few other comments about the testing.
| ClusterSettings clusterSettings = clusterService.getClusterSettings(); | ||
| clusterSettings.initializeAndWatch( | ||
| MAX_HEAP_SIZE_FOR_SNAPSHOT_DELETION_SETTING, | ||
| status -> this.maxHeapSizeForSnapshotDeletion = status |
Member
There was a problem hiding this comment.
Maybe apply the limit here on write (making the field an int) rather than each read?
Suggested change
| status -> this.maxHeapSizeForSnapshotDeletion = status | |
| maxHeapSizeForSnapshotDeletion -> this.maxHeapSizeForSnapshotDeletion = Math.toIntExact( | |
| Math.min(maxHeapSizeForSnapshotDeletion.getBytes(), Integer.MAX_VALUE - ByteSizeUnit.MB.toBytes(1)) | |
| ) |
Comment on lines
+1747
to
+1760
| boolean writeTruncated = false; | ||
| // There is a minimum of 1 byte available for writing | ||
| if (this.truncatedShardDeleteResultsOutputStream.hasCapacity()) { | ||
| new ShardSnapshotMetaDeleteResult(Objects.requireNonNull(indexId.getId()), shardId, blobsToDelete).writeTo(compressed); | ||
| // We only want to read this shard delete result if we were able to write the entire object. | ||
| // Otherwise, for partial writes, an EOFException will be thrown upon reading | ||
| if (this.truncatedShardDeleteResultsOutputStream.hasCapacity()) { | ||
| resultsCount += 1; | ||
| } else { | ||
| writeTruncated = true; | ||
| } | ||
| } else { | ||
| writeTruncated = true; | ||
| } |
Member
There was a problem hiding this comment.
A matter of taste, but consider extracting this section into its own method to clarify that we only get false on the branch that succeeded, all other paths lead to true (and maybe we should invert that so that true means "success").
private boolean writeBlobsIfCapacity(IndexId indexId, int shardId, Collection<String> blobsToDelete) throws IOException {
// There is a minimum of 1 byte available for writing
if (this.truncatedShardDeleteResultsOutputStream.hasCapacity()) {
new ShardSnapshotMetaDeleteResult(Objects.requireNonNull(indexId.getId()), shardId, blobsToDelete).writeTo(compressed);
// We only want to read this shard delete result if we were able to write the entire object.
// Otherwise, for partial writes, an EOFException will be thrown upon reading
if (this.truncatedShardDeleteResultsOutputStream.hasCapacity()) {
resultsCount += 1;
return false;
}
}
return true;
}
Comment on lines
+844
to
+847
| assertEquals(expectedShardGenerations.build(), shardBlobsToDelete.getUpdatedShardGenerations()); | ||
| shardBlobsToDelete.getBlobPaths().forEachRemaining(s -> assertTrue(expectedBlobsToDelete.remove(s))); | ||
| assertThat(expectedBlobsToDelete, empty()); | ||
| assertThat(shardBlobsToDelete.sizeInBytes(), lessThanOrEqualTo(Math.max(ByteSizeUnit.KB.toIntBytes(1), 20 * blobCount))); |
Member
There was a problem hiding this comment.
Hmm it's not really within the implied contract of this class to be able to iterate its contents and then try and append more items. We've already closed the underlying compressed stream by this point. I think we should defer these assertions until the end.
|
|
||
| // === Second, now capacity is exceeded, test whether subsequent writes are accepted without throwing an error === // | ||
|
|
||
| for (int i = 0; i < randomIntBetween(1, 20); i++) { |
Member
There was a problem hiding this comment.
This is trappy, it's going to generate a new randomIntBetween on each iteration so you don't get a uniform distribution of values. Better to count down from between(1,20) to zero, or else extract a variable for the upper bound.
| // === First, write blobs until capacity is exceeded === // | ||
|
|
||
| // While there is at least one byte in the stream, write | ||
| while (shardBlobsToDelete.sizeInBytes() < heapMemory) { |
Member
There was a problem hiding this comment.
WDYT about iterating until leakedBlobCount reaches some target value here, rather than doing the two separate loops?
DaveCTurner
approved these changes
Oct 17, 2025
| final var indexId = new IndexId(randomIdentifier(), randomUUID()); | ||
| final var shardId = between(1, 30); | ||
| final var shardGeneration = new ShardGeneration(randomUUID()); | ||
| // Always write at least one blob, guaranteeing that the shardDeleteResults stream increases in size |
Member
There was a problem hiding this comment.
👍 well spotted (in fact the stream grows anyway because we write the index ID, but that doesn't necessarily increase leakedBlobCount)
chrisparrinello
pushed a commit
to chrisparrinello/elasticsearch
that referenced
this pull request
Oct 24, 2025
Modifies `BlobStoreRepository.ShardBlobsToDelete.shardDeleteResults` to have a variable size depending on the remaining heap space rather than a hard-coded 2GB size which caused smaller nodes with less heap space to OOMe. Relates to elastic#131822 Closes ES-12540
fzowl
pushed a commit
to voyage-ai/elasticsearch
that referenced
this pull request
Nov 3, 2025
Modifies `BlobStoreRepository.ShardBlobsToDelete.shardDeleteResults` to have a variable size depending on the remaining heap space rather than a hard-coded 2GB size which caused smaller nodes with less heap space to OOMe. Relates to elastic#131822 Closes ES-12540
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this pull request
Jan 8, 2026
In elastic#133558 we imposed a limit on the heap used to keep track of shard-level blobs to clean up after the commit of a snapshot deletion. This commit makes use of the same mechanism to track `IndexMetadata` blobs for future deletion. Closes elastic#140018
jimczi
pushed a commit
to jimczi/elasticsearch
that referenced
this pull request
Jan 12, 2026
In elastic#133558 we imposed a limit on the heap used to keep track of shard-level blobs to clean up after the commit of a snapshot deletion. This commit makes use of the same mechanism to track `IndexMetadata` blobs for future deletion. Closes elastic#140018
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Modifies
BlobStoreRepository.ShardBlobsToDelete.shardDeleteResultsto have a variable size depending on the remaining heap space rather than a hard-coded 2GB size which caused smaller nodes with less heap space to OOMe.Relates to #131822
Closes #116379
Closes ES-12540