Enable analytics geoip in behavioral analytics.

[afoucret]

The default pipeline used by behavioral analytics contains a geo ip processor and is installed through an IndexTemplateRegistry.

With the current implementation, it means that the GeoIpDownloader will be run as soon as Elasticsearch server will start.
We do not want this because it is not optimal for users that do not use behavioral analytcis.

This PR add an additional flag optionalgeoip_database_lazy_download in the pipeline _meta to determine if the pipeline install should trigger the download or not

 "processors": [ { "geoip": {} } ], "_meta": { "geoip_database_lazy_download": true } 

If the flag is missing or set to false the behavior is unchanged.
If the flag is set to true, the geoip downloader will be triggered only when an index exists with the pipeline set has default_pipeline or final_pipeline

[elasticsearchmachine]

Pinging @elastic/ent-search-eng (Team:Enterprise Search)

[afoucret]

ℹ️ For all pipeline that have _meta.geoip_database_lazy_download set to false, the download is triggered only when an index with the pipeline set as default_pipeline or final_pipeline exists.

[afoucret]

ℹ️ Now we need to check if an index is created with the pipeline set.

[afoucret]

ℹ️ Adding geoip_database_lazy_download to our pipeline, so the database is downloaded only when an Analytics Collection is created.

[afoucret]

ℹ️ Enable again this test for all versions. not have been disabled.

[afoucret]

ℹ️ Adding a tags field to events as it is used by the geoip processor.

[elasticsearchmachine]

Pinging @elastic/es-data-management (Team:Data Management)

[elasticsearchmachine]

Hi @afoucret, I've created a changelog YAML for you.

[jimczi]

I like the approach. We shouldn't have to switch ingest pipeline under the hood to avoid the eager download at startup.
I approved for our side so let's wait for @elastic/es-data-management's feedback now.

[afoucret]

Also asked a review to @eyalkoren cause he was involved in the index template registry stuff

[afoucret]

@elasticsearchmachine run elasticsearch-ci/doc-check

[afoucret]

@elasticsearchmachine run elasticsearch-ci/part-1

[eyalkoren]

@afoucret thanks for the trust, though I am really not in a position to review this area as I am still learning it myself 😊
Someone from the @elastic/es-data-management would be a better fit.

[masseyke]

Maybe worth mentioning ingest.geoip.downloader.eager.download? Something like:
If `true` (and if `ingest.geoip.downloader.eager.download` is false), the missing database is downloaded when the pipeline is created. Else, the download is triggered by when the pipeline is used as the `default_pipeline` or `final_pipeline` in an index.

[afoucret]

🙇 Added your change

[masseyke]

Shouldn't this be false? We want to not download on pipeline creation for this test right?

[masseyke]

And related, we probably ought to have a test that sets the value to true and checks that it does download right? Like

 putGeoIpPipeline(pipelineId, true); assertBusy(() -> assertNotNull(getTask().getState())); 

[masseyke]

And another good test might be to create an index at this point that does not have a geoip processor in its pipeline, to make sure the cluster state change listener doesn't trigger the download when just any index is created.

[afoucret]

I fixed the test and added few more step to it as suggested.

[masseyke]

Should we check whether it has a geoip processor before potentially looping through all of the indices to see if it's used? I'm a little worried about performance here.

[jbaiera]

It might be best to collect the pipelines that have geoip processors together first while noting which of those pipelines have geoip processors that all have the "download on index created" setting set to true. If there are any pipelines that don't have that setting present, we can skip reading the indices and start the download. If they all have the setting, then we can check to see if any indices have a default/final pipeline usage that references one of the noted pipelines.

[afoucret]

I did some change:

1. We collect all the pipeline downlaod_database_on_pipeline_creation being true and return true if not empty
2. We collect all the pipeline download_database_on_pipeline_creation being false and return false if empty
3. We loop over the indices to check if one of the collected pipeline is referenced only if we did not fall into an early return case.

[masseyke]

OK just to confirm, I think that the worst case performance is now:
Every time someone adds/modifies/deletes an index or adds/modifies/deletes a pipeline (so fairly often), for each pipeline in the cluster state with a geoip processor with "download_database_on_pipeline_creation" set (probably relatively few), we look through each index in the cluster state (potentially 50k or more) to see if that is the default or final pipeline.
That check will happen more often than I'd like but I think that'll be acceptably fast.

[masseyke]

I think you want the ability to set this to false for the test right? It defaults to true.

[afoucret]

Good catch.
The condition has been updated to:

if (downloadDatabaseOnPipelineCreation == false || randomBoolean()) { 

The random boolean allow to randomize testing between download_database_on_pipeline_creation missing or set to true

[masseyke]

I think that the integration test needs to be updated (I think maybe it just wasn't fully updated after the property name changed). I also have some concerns about possible performance problems in the cluster state change listener.

[afoucret]

@masseyke I did update the PR according to your feedback. Would be nice if you could re-review it. Thank you.

[masseyke]

It would be good to have some javadocs for these methods. Specifically it would be good documenting what the input args are (the code makes sense when you get into it, but it's not intuitive to me what impact downloadDatabaseOnPipelineCreation has on the pipelineConfigurationsWithGeoIpProcessor that are returned from this method from just looking at the method signature)..

[masseyke]

It would be great to see some more javadocs in the new methods in GeoIpDownloaderTaskExecutor, but the approach overall seems good to me and I think you've addressed the worst of the performance problems. Thanks for all the work on this.

[jbaiera]

LGTM, left one small nit but otherwise thank you for iterating!

[jbaiera]

Could this be a Set since all interactions with it are via contains?

[afoucret]

Good idea. I did pushed an update to use a Set