Block unsafe bootstrap when remote state is enabled (opensearch-proje…

…ct#9965)

Signed-off-by: Sooraj Sinha <soosinha@amazon.com>
Signed-off-by: Ivan Brusic <ivan.brusic@flocksafety.com>

server/src/internalClusterTest/java/org/opensearch/cluster/coordination/UnsafeBootstrapAndDetachCommandIT.java

@@ -44,6 +44,7 @@
 import org.opensearch.env.TestEnvironment;
 import org.opensearch.gateway.GatewayMetaState;
 import org.opensearch.gateway.PersistedClusterStateService;
+import org.opensearch.gateway.remote.RemoteClusterStateService;
 import org.opensearch.indices.IndicesService;
 import org.opensearch.node.Node.DiscoverySettings;
 import org.opensearch.test.InternalTestCluster;
@@ -180,6 +181,16 @@ public void testBootstrapNotClusterManagerEligible() {
         expectThrows(() -> unsafeBootstrap(environment), UnsafeBootstrapClusterManagerCommand.NOT_CLUSTER_MANAGER_NODE_MSG);
     }
 
+    public void testBootstrapRemoteClusterEnabled() {
+        final Environment environment = TestEnvironment.newEnvironment(
+            Settings.builder()
+                .put(internalCluster().getDefaultSettings())
+                .put(RemoteClusterStateService.REMOTE_CLUSTER_STATE_ENABLED_SETTING.getKey(), true)
+                .build()
+        );
+        expectThrows(() -> unsafeBootstrap(environment), UnsafeBootstrapClusterManagerCommand.REMOTE_CLUSTER_STATE_ENABLED_NODE);
+    }
+
     public void testBootstrapNoDataFolder() {
         final Environment environment = TestEnvironment.newEnvironment(internalCluster().getDefaultSettings());
         expectThrows(() -> unsafeBootstrap(environment), OpenSearchNodeCommand.NO_NODE_FOLDER_FOUND_MSG);

server/src/main/java/org/opensearch/cluster/coordination/UnsafeBootstrapClusterManagerCommand.java

@@ -53,6 +53,8 @@
 import java.util.Locale;
 import java.util.Objects;
 
+import static org.opensearch.gateway.remote.RemoteClusterStateService.REMOTE_CLUSTER_STATE_ENABLED_SETTING;
+
 /**
  * Tool to run an unsafe bootstrap
  *
@@ -81,7 +83,11 @@ public class UnsafeBootstrapClusterManagerCommand extends OpenSearchNodeCommand
     static final Setting<String> UNSAFE_BOOTSTRAP = ClusterService.USER_DEFINED_METADATA.getConcreteSetting(
         "cluster.metadata.unsafe-bootstrap"
     );
-
+    static final String REMOTE_CLUSTER_STATE_ENABLED_NODE =
+        "Unsafe bootstrap cannot be performed when remote cluster state is enabled. The cluster state in the remote store is considered the source of truth. "
+            + "In case, you still wish to do best effort recovery with unsafe-bootstrap, then please disable the "
+            + REMOTE_CLUSTER_STATE_ENABLED_SETTING.getKey()
+            + ". For more details, please check the OpenSearch documentation.";
     private OptionSpec<Boolean> applyClusterReadOnlyBlockOption;
 
     UnsafeBootstrapClusterManagerCommand() {
@@ -101,6 +107,13 @@ protected boolean validateBeforeLock(Terminal terminal, Environment env) {
         if (clusterManager == false) {
             throw new OpenSearchException(NOT_CLUSTER_MANAGER_NODE_MSG);
         }
+        // During unsafe bootstrap, node will form a cluster with a new cluster UUID but with the existing metadata.
+        // This new state will not know about the previous cluster UUIDs and so we will not able to construct
+        // the cluster UUID chain to get the last known cluster UUID to restore from.
+        // Blocking unsafe-bootstrap below for this reason.
+        if (REMOTE_CLUSTER_STATE_ENABLED_SETTING.get(settings) == true) {
+            throw new OpenSearchException(REMOTE_CLUSTER_STATE_ENABLED_NODE);
+        }
 
         return true;
     }