TBS: drop and recreate badger db after exceeding storage limit for TTL time

[carsonip]

Motivation/summary

Workaround for cases where apm-server is stuck at storage limit exceeded state indefinitely because badger DB compaction conditions are not satisfied. This PR implements a goroutine that detects this state, and if the state persists for at least TTL time, as the entries in badger DB would have been expired, just drop and recreate the DB to get out of this state.

Checklist

- [ ] Update CHANGELOG.asciidoc change will be backported. Changelog should be added on docs release.

• Documentation has been updated

For functional changes, consider:

• Is it observable through the addition of either logging or metrics?
• Is its use being published in telemetry to enable product improvement?
• Have system tests been added to avoid regression?

How to test these changes

2 ways to test:

1. Start apm-server with TBS, use apmsoak to send many small events <1KB, confirm it is affected by TBS: apm-server never recovers from storage limit exceeded in rare cases #14923, wait for TTL and ensure that DB is deleted and recreated, and writes to badger are resumed.
2. Manually bloat the badger DB with either APM events or other irrelevant data, start apm-server, ensure DB is deleted and recreated, and writes to badger are resumed.

Related issues

Alternative to #15081

Fixes #14923

[mergify]

This pull request does not have a backport label. Could you fix it @carsonip? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-7.17 is the label to automatically backport to the 7.17 branch.
• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit.
• backport-8.x is the label to automatically backport to the 8.x branch.

[mergify]

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label.

[carsonip]

When the code is mostly ready, I plan to split this PR into 2 - a refactoring PR with no behavior changes and a bugfix PR with actual "drop and recreate" logic.

[1pkg]

Getting DB size should be a relatively cheap operation so we can consider lowering ticker to be more frequent. This should prevent a configuration where TTL is low sub-minute to swap DB frequently after just 2 limit hits in a row.

[carsonip]

Not sure if I understand here.

This should prevent a configuration where TTL is low sub-minute to swap DB frequently after just 2 limit hits in a row.

if TTL < 1m, DB will be swapped after 2*TTL. (I actually consider this pathological as badger db size reporting comes with 1m delay)
if TTL >=1m, DB will be swapped after at max TTL+1m.

Do you think we should fix TTL <1m? It will increase test run time to 1m, but will fix swapping DB frequently for sub-minute TTL (which I don't think has much value in reality). I'm inclined to fix it.

[1pkg]

Oh I see, I didn't realize the size is getting recalculated every 1m. Then I think the current implementation is fine.
I was mostly afraid of the edge case situation when a TTL is set to a low value like 5s and DB is running close to the max disk limit, then even if compaction is making progress we might perform DB swap every other minute if we are unlucky and check twice in a row when the DB is full.

[carsonip]

I'm actually afraid of the situation that TTL is way lower than a minute e.g. 5s, causing storage limit check to be done on the same 1m cached reported db size. I have the min() so that the test doesn't take a minute to run, but this edge case worries me a bit.

[carsonip]

Fixed in 0b3e742 but TestDropLoop tests will take 1m to run.

[1pkg]

Overall the changes look good to me, thank you @carsonip!

[carsonip]

Will rebase this PR after refactoring PR #15112 is merged done

[lahsivjar]

LGTM! Thanks for the changes!

[endorama]

Already tested for 8.17.1 and 8.16.3