<text><backrest/> release numbers consist of two parts, major and minor. A major release <i>may</i> break compatibility with the prior major release, but <proper>v2</proper> releases are fully compatible with <proper>v1</proper> repositories and will accept all <proper>v1</proper> options. Minor releases can include bug fixes and features but do not change the repository format and strive to avoid changing options and naming.
Documentation for the <proper>v1</proper> release can be found <linkurl="{[backrest-url-base]}/1">here</link>.
The notes for a release may also contain <quote>Additional Notes</quote> but changes in this section are only to documentation or the test suite and have no direct impact the on the <backrest/> codebase.</text>
<p>Ignore all files in a linked tablespace directory except the subdirectory for the current version of <postgres/>. Previously an error would be generated if other files were present and not owned by the <postgres/> user.</p>
<p>Fix issue where <i>relative</i> links in <path>$PGDATA</path> could be stored in the backup with the wrong path. This issue did not affect absolute links and relative tablespace links were caught by other checks.</p>
<p>Remove incompletely implemented <br-option>online</br-option> option from the <cmd>check</cmd> command. Offline operation runs counter to the purpose of this command, which is to check if archiving and backups are working correctly.</p>
<p>Fix issue where errors raised in C were not logged when called from Perl. <backrest/> properly terminated with the correct error code but lacked an error message to aid in debugging.</p>
<p>Allow any option to be set in an environment variable. This includes options that previously could only be specified on the command line, e.g. <br-option>stanza</br-option>, and secret options that could not be specified on the command-line, e.g. <br-option>repo1-s3-key-secret</br-option>.</p>
<p>Exclude temporary and unlogged relation (table/index) files from backup. Implemented using the same logic as the patches adding this feature to <postgres/>, <linkurl="https://git.postgresql.org/pg/commitdiff/8694cc96b52a967a49725f32be7aa77fd3b6ac25">8694cc96</link> and <linkurl="https://git.postgresql.org/pg/commitdiff/920a5e500a119b03356fb1fb64a677eb1aa5fc6f">920a5e50</link>. Temporary relation exclusion is enabled in <postgres/>&ge; <id>9.0</id>. Unlogged relation exclusion is enabled in <postgres/>&ge; <id>9.1</id>, where the feature was introduced.</p>
<p>Allow arbitrary directories and/or files to be excluded from a backup. Misuse of this feature can lead to inconsistent backups so read the <br-option>--exclude</br-option> documentation carefully before using.</p>
<p>Validate configuration options in a single pass. By pre-calculating and storing the option dependencies in <file>parse.auto.c</file> validation can be completed in a single pass, which is both simpler and faster.</p>
<p>Improve performance of string to int conversion. Use <code>strtoll()</code> instead of <code>sprintf()</code> for conversion. Also use available integer min/max constants rather than hard-coded values.</p>
<p>Allow <code>Buffer</code> object <quote>used size</quote> to be different than <quote>allocated size</quote>. Add functions to manage used size and remaining size and update automatically when possible.</p>
<p>Abstract IO layer out of the storage layer. This allows the routines to be used for IO objects that do not have a storage representation. Implement buffer read and write IO objects. Implement filters and update <code>cryptoHash</code> to use the new interface. Implement size and buffer filters.</p>
<p><code>storageFileRead()</code> accepts a buffer for output rather than creating one. This is more efficient overall and allows the caller to specify how many bytes will be read on each call. Reads are appended if the buffer already contains data but the buffer size will never increase.</p>
<p>Manifest improvements. Require <postgres/> catalog version when instantiating a <code>Manifest</code> object (and not loading it from disk). Prevent manifest from being built more than once. Limit manifest build recursion (i.e. links followed) to sixteen levels to detect link loops.</p>
<p>Enable <id>-Wstrict-prototypes</id>, <id>-Wpointer-arith</id>, <id>-Wduplicated-branches</id>, <id>-Wvla</id>, and <id>-Wduplicated-cond</id> and update code to conform where necessary.</p>
<p>Stop trying to arrange contributors in <file>release.xml</file> by last/first name. Contributor names have always been presented in the release notes exactly as given, but we tried to assign internal IDs based on last/first name which can be hard to determine and ultimately doesn't make sense. Inspired by Christophe's <proper>PostgresOpen 2017</proper> talk, <quote>Human Beings Do Not Have a Primary Key</quote>.</p>
<p>Move most host setup to containers defined in the documentation. This includes <postgres/> installation which had previously been included in the documentation. This way produces faster builds and there is no need for us to document <postgres/> installation.</p>
<p>Use pre-built images from Docker Hub when the container definition has not changed. Downloading an image is quite a bit faster than building a new image from scratch and saves minutes per test run in CI.</p>
<p>Refactor the <code>common/log</code> tests to not depend on <code>common/harnessLog</code>. <code>common/harnessLog</code> was not ideally suited for general testing and made all the tests quite awkward. Instead, move all code used to test the <code>common/log</code> module into the <code>logTest</code> module and repurpose <code>common/harnessLog</code> to do log expect testing for all other tests in a cleaner way. Add a few exceptions for config testing since the log levels are reset by default in <code>config/parse</code>.</p>
<p>Add <setting>--log-level-test</setting> option. This allows setting the test log level independently from the general test harness setting, but current only works for the C tests. It is useful for seeing log output from functions on the console while a test is running.</p>
<p><b>IMPORTANT NOTE</b>: This release fixes a critical bug in the backup resume feature. All resumed backups prior to this release should be considered inconsistent. A backup will be resumed after a prior backup fails, unless <br-option>resume=n</br-option> has been specified. A resumed backup can be identified by checking the backup log for the message <quote>aborted backup of same type exists, will be cleaned to remove invalid files and resumed</quote>. If the message exists, do not use this backup or any backup in the same set for a restore and check the restore logs to see if a resumed backup was restored. If so, there may be inconsistent data in the cluster.</p>
<p>Fix critical bug in resume that resulted in inconsistent backups. A regression in <id>v0.82</id> removed the timestamp comparison when deciding which files from the aborted backup to keep on resume. See note above for more details.</p>
<p>Fix non-compliant ISO-8601 timestamp format in S3 authorization headers. AWS and some gateways were tolerant of space rather than zero-padded hours while others were not.</p>
<p>Improve the HTTP client to set <id>content-length</id> to 0 when not specified by the server. S3 (and gateways) always set <id>content-length</id> or <id>transfer-encoding</id> but <id>HTTP 1.1</id> does not require it and proxies (e.g. <proper>HAProxy</proper>) may not include either.</p>
<p>Split log levels into separate header file. Many modules that use <code>debug.h</code> do not need to do logging so this reduces dependencies for those modules.</p>
<p>Document generator improvements. Allow parameters to be passed when a container is created. Allow <file>/etc/hosts</file> update to be skipped (for containers without bash). Allow environment load to be skipped. Allow bash wrapping to be skipped. Allow forcing a command to run as a user without sudo. Allow an entire execute list to be hidden.</p>
<p>Add stack trace macros to all functions. Low-level functions only include stack trace in test builds while higher-level functions ship with stack trace built-in. Stack traces include all parameters passed to the function but production builds only create the parameter list when the log level is set high enough, i.e. <id>debug</id> or <id>trace</id> depending on the function.</p>
<p>Build <path>libc</path> using links rather than referencing the C files in <path>src</path> directly. The C library builds with different options which should not be reused for the C binary or vice versa.</p>
<p>Test harness improvements. Allow more than one test to provide coverage for the same module. Add option to disable valgrind. Add option to disabled coverage. Add option to disable debug build. Add option to disable compiler optimization. Add <id>--dev-test</id> mode.</p>
<p>Set <br-option>log-timestamp=n</br-option> for integration tests. This means less filtering of logs needs to be done and new timestamps can be added without adding new filters.</p>
<p>Add asynchronous, parallel <cmd>archive-get</cmd>. This feature maintains a queue of WAL segments to help reduce latency when <postgres/> requests a WAL segment with <pg-option>restore_command</pg-option>.</p>
<p>Add support for additional <backrest/> configuration files in the directory specified by the <br-option>--config-include-path</br-option> option. Add <br-option>--config-path</br-option> option for overriding the default base path of the <br-option>--config</br-option> and <br-option>--config-include-path</br-option> option.</p>
<p>Add <br-option>repo-s3-token</br-option> option to allow temporary credentials tokens to be configured. <backrest/> currently has no way to request new credentials so the entire command (e.g. <cmd>backup</cmd>, <cmd>restore</cmd>) must complete before the credentials expire.</p>
<p>Update the <br-option>archive-push-queue-max</br-option>, <br-option>manifest-save-threshold</br-option>, and <br-option>buffer-size</br-option> options to accept values in <id>KB</id>, <id>MB</id>, <id>GB</id>, <id>TB</id>, or <id>PB</id> where the multiplier is a power of <id>1024</id>.</p>
<p>Make backup/restore path sync more efficient. Scanning the entire directory can be very expensive if there are a lot of small tables. The backup manifest contains the path list so use it to perform syncs instead of scanning the backup/restore path.</p>
</release-item>
<release-item>
<p>Show command parameters as well as command options in initial info log message.</p>
<p>Rename <br-option>archive-queue-max</br-option> option to <br-option>archive-push-queue-max</br-option> to avoid confusion with the new <br-option>archive-get-queue-max</br-option> option. The old option name will continue to be accepted.</p>
<p>Make <path>backup.history</path> sync more efficient. Only the <path>backup.history/[year]</path> directory was being synced, so check if the <path>backup.history</path> is newly created and sync it as well.</p>
<p>Move async forking and more error handling to C. The Perl process was exiting directly when called but that interfered with proper locking for the forked async process. Now Perl returns results to the C process which handles all errors, including signals.</p>
<p>Improved lock implementation written in C. Now only two types of locks can be taken: <id>archive</id> and <id>backup</id>. Most commands use one or the other but the <cmd>stanza-*</cmd> commands acquire both locks. This provides better protection than the old command-based locking scheme.</p>
<p>Improve <code>Buffer</code> object. Add <code>bufNewC()</code>, <code>bufEq()</code> and <code>bufCat()</code>. Only reallocate buffer when the size has changed.</p>
<p>Error handling improvments. Add <code>THROWP_</code>* macro variants for error handling. These macros allow an <code>ErrorType</code> pointer to be passed and are required for functions that may return different errors based on a parameter. Add <code>_FMT</code> variants for all <code>THROW</code> macros so format types are checked by the compiler.</p>
<p>Split <code>cfgLoad()</code> into multiple functions to make testing easier. Mainly this helps with unit tests that need to do log expect testing.</p>
<p>Allow <code>MemContext</code> objects to be copied to a new parent. This makes it easier to create objects and then copy them to another context when they are complete without having to worry about freeing them on error. Update <code>List</code>, <code>StringList</code>, and <code>Buffer</code> to allow moves. Update <code>Ini</code> and <code>Storage</code> to take advantage of moves.</p>
<p>Refactor <id>usec</id> to <id>msec</id> in <code>common/time.c</code>. The implementation provides <id>usec</id> resolution but this is not needed in practice and it makes the interface more complicated due to the extra zeros.</p>
<p>Replace <code>THROW_ON_SYS_ERROR()</code> with <code>THROW_SYS_ERROR()</code>. The former macro was hiding missing branch coverage for critical error handling.</p>
<p>Split debug and assert code into separate headers. Assert can be used earlier because it only depends on the error-handler and not logging. Add <code>ASSERT()</code> macro which is preserved in production builds.</p>
<p>Document build improvements. Perform <code>apt-get update</code> to ensure packages are up to date before installing. Add <id>-p</id> to the repository <file>mkdir</file> so it won't fail if the directory already exists, handy for testing packages.</p>
<p>Use <proper>lcov</proper> for C unit test coverage reporting. Switch from <proper>Devel::Cover</proper> because it would not report on branch coverage for reports converted from <proper>gcov</proper>. Incomplete branch coverage for a module now generates an error. Coverage of unit tests is not displayed in the report unless they are incomplete for either statement or branch coverage.</p>
<p>Move test definitions to <file>test/define.yaml</file>. The location is better because it is no longer buried in the Perl test libs. Also, the data can be easily accessed from C.</p>
<p>Move help/version integration tests to <id>mock/all</id>. Help and version are covered by unit tests, so we really just to need to make sure there is output when called from the command line.</p>
<p>Move <id>archive-stop</id> and <id>expire</id> tests to the <id>mock</id> module. These are mock integration tests so they should be grouped with the other mock integration tests.</p>
<p>Add <code>harnessCfgLoad()</code> test function, which allows a new config to be loaded for unit testing without resetting log functions, opening a log file, or taking locks.</p>
<p>Add <code>HARNESS_FORK</code> macros for tests that require fork(). A standard pattern for tests makes fork() easier to use and should help prevent some common mistakes.</p>
<p>Use <proper>pip 9.03</proper> in test VMs. <proper>pip 10</proper> drops support for <proper>Python 2.6</proper> which is still used by the older test VMs.</p>
<p>Divide tests into three types (<id>unit</id>, <id>integration</id>, <id>performance</id>). Many options that were set per test can instead be inferred from the types, i.e. <id>container</id>, <id>c</id>, <id>expect</id>, and <id>individual</id>.</p>
<p>Fix <br-option>--target-action</br-option> and <br-option>--recovery-option</br-option> options being reported as invalid when restoring with <br-option>--type=immediate</br-option>.</p>
<p>Immediately error when a secure option (e.g. <br-option>repo1-s3-key</br-option>) is passed on the command line. Since <backrest/> would not pass secure options on to sub-processes an obscure error was thrown. The new error is much clearer and provides hints about how to fix the problem. Update command documentation to omit secure options that cannot be specified on the command-line.</p>
<p>Fix issue where specifying <br-setting>log-level-stderr</br-setting> > <id>warn</id> would cause a <cmd>local</cmd>/<cmd>remote</cmd> process to error on exit due to output found on stderr when none was expected. The max value for a <cmd>local</cmd>/<cmd>remote</cmd> process is now <id>error</id> since there is no reason for these processes to emit warnings.</p>
<p>Improve Perl configuration. Set config before <code>Main::main()</code> call to avoid secrets being exposed in a stack trace. Move logic for setting defaults to C.</p>
<p>Improve logging. Move command begin to C except when it must be called after another command in Perl (e.g. <cmd>expire</cmd> after <cmd>backup</cmd>). Command begin logs correctly for complex data types like hash and list. Specify which commands will log to file immediately and set the default log level for log messages that are common to all commands. File logging is initiated from C.</p>
<p>Enable <id>-Wswitch-enum</id>, <id>-Wconversion</id>, <id>-Wformat=2</id>, <id>-Wformat-nonliteral</id>, and <id>-Wformat-signedness</id> and silence new warnings.</p>
<p>Improve debugging. Add <code>ASSERT_DEBUG()</code> macro for debugging and replace all current <code>assert()</code> calls except in tests that can't use the debug code. Replace remaining NDEBUG blocks with the more granular DEBUG_UNIT. Remove some debug <code>memset()</code> calls in <code>MemContext</code> since valgrind is more useful for these checks.</p>
<p>Check <code>int</code> size in <code>common/type.h</code>. This ensures that integers are at least 32-bits without having to run the test suite.</p>
<p>Improve conversion of C exceptions to <code>Exception</code> objects. Colons in the message would prevent all of the message from being loaded into the <code>Exception</code> object.</p>
<p>Add new test for <code>Common::Io::Process</code> to show that output on stderr will raise an exception on <code>close()</code> even if the exit code is 0.</p>
<p>The <cmd>archive-push</cmd> command is now partially coded in C which allows the <postgres/><file>archive_command</file> to run significantly faster when processing status messages from the asynchronous archive process.</p>
<p>Improve performance of HTTPS client. Buffering now takes the <code>pending</code> bytes on the socket into account (when present) rather than relying entirely on <code>select()</code>. In some instances the final bytes would not be flushed until the connection was closed.</p>
<p>Allow any non-command-line option to be reset to default on the command-line. This allows options in <file>pgbackrest.conf</file> to be reset to default which reduces the need to write new configuration files for specific needs.</p>
<p>The <file>{[project-exe]}</file> executable is now a C binary instead of Perl. This allows certain time-critical commands (like async <cmd>archive-push</cmd>) to run more quickly.</p>
<p>Rename <id>db-*</id> options to <id>pg-*</id> and <id>backup-*</id> options to <id>repo-*</id> to improve consistency. <id>repo-*</id> options are now indexed although currently only one is allowed.</p>
<p>Create a master list of errors in <file>build/error.yaml</file>. The C and Perl errors lists are created automatically by <code>Build.pm</code> so they stay up to date.</p>
<p>Add 30 second wait loop to lockAcquire() when fail on no lock enabled. This should help prevent processes that are shutting down from interfering with processes that are starting up.</p>
<p>Replace <code>cfgCommandTotal()</code>/<code>cfgOptionTotal()</code> functions with constants. The constants are applicable in more cases and allow the compiler to optimize certain loops more efficiently.</p>
<p>PDF rendering improvements. Check both <path>doc-path</path> and <path>bin-path</path> for logo. Allow PDF to be output to a location other than the <path>output</path> directory. Use PDF-specific version variable for more flexible formatting. Allow sections to be excluded from table of contents. More flexible replacements for titles and footers. Fill is now the default for table columns. Column width is specified as a percentage rather that using latex-specific notation. Fix missing variable replace for <code>code-block</code> title.</p>
<p>Add <id>id</id> param for hosts created with <code>host-add</code>. The <id>host-*-ip</id> variable is created from the <id>id</id> param so the <id>name</id> param can be changed without affecting the <id>host-*-ip</id> variable. If <id>id</id> is not specified then it is copied from <id>name</id>.</p>
<p>No longer run <id>master</id> branch through CI. The <id>integration</id> branch will be run through CI and then pushed to <id>master</id> with github status checks.</p>
</release-item>
<release-item>
<p>Rename Perl tests so they don't conflict with their C counterparts.</p>
<releasedate="2018-07-05"version="1.29"title="Critical Bug Fix for Backup Resume">
<release-core-list>
<p><b>IMPORTANT NOTE</b>: This release fixes a critical bug in the backup resume feature. All resumed backups prior to this release should be considered inconsistent. A backup will be resumed after a prior backup fails, unless <br-option>resume=n</br-option> has been specified. A resumed backup can be identified by checking the backup log for the message <quote>aborted backup of same type exists, will be cleaned to remove invalid files and resumed</quote>. If the message exists, do not use this backup or any backup in the same set for a restore and check the restore logs to see if a resumed backup was restored. If so, there may be inconsistent data in the cluster.</p>
<p>Fix critical bug in resume that resulted in inconsistent backups. A regression in <id>v0.82</id> removed the timestamp comparison when deciding which files from the aborted backup to keep on resume. See note above for more details.</p>
<p>Fix non-compliant ISO-8601 timestamp format in S3 authorization headers. AWS and some gateways were tolerant of space rather than zero-padded hours while others were not.</p>
<p>Fix <br-option>--target-action</br-option> and <br-option>--recovery-option</br-option> options being reported as invalid when restoring with <br-option>--type=immediate</br-option>.</p>
<p>Improve the HTTP client to set <id>content-length</id> to 0 when not specified by the server. S3 (and gateways) always set <id>content-length</id> or <id>transfer-encoding</id> but <id>HTTP 1.1</id> does not require it and proxies (e.g. <proper>HAProxy</proper>) may not include either.</p>
</release-item>
<release-item>
<p>Improve performance of HTTPS client. Buffering now takes the <code>pending</code> bytes on the socket into account (when present) rather than relying entirely on <code>select()</code>. In some instances the final bytes would not be flushed until the connection was closed.</p>
</release-item>
<release-item>
<p>Improve S3 delete performance. The constant <id>S3_BATCH_MAX</id> had been replaced with a hard-coded value of 2, probably during testing.</p>
</release-item>
<release-item>
<p>Make backup/restore path sync more efficient. Scanning the entire directory can be very expensive if there are a lot of small tables. The backup manifest contains the path list so use it to perform syncs instead of scanning the backup/restore path. Remove recursive path sync functionality since it is no longer used.</p>
</release-item>
</release-improvement-list>
<release-development-list>
<release-item>
<p>Make <path>backup.history</path> sync more efficient. Only the <path>backup.history/[year]</path> directory was being synced, so check if the <path>backup.history</path> is newly created and sync it as well.</p>
</release-item>
<release-item>
<p>Add log-level-stderr option for stanza-* commands.</p>
<p>Clarify that S3 buckets must be created by the user.</p>
</release-item>
<release-item>
<p>Update out-of-date description for the <br-option>spool-path</br-option> option.</p>
</release-item>
</release-improvement-list>
<release-development-list>
<release-item>
<p>Remove call to <file>lscpu</file> which can vary widely by build host.</p>
</release-item>
</release-development-list>
</release-doc-list>
<release-test-list>
<release-development-list>
<release-item>
<p>Add new test for <code>Common::Io::Process</code> to show that output on stderr will raise an exception on <code>close()</code> even if the exit code is 0.</p>
</release-item>
<release-item>
<p>Add zero-length file to <id>mock</id>/<id>all</id> test.</p>
</release-item>
<release-item>
<p>Disable package build tests since <id>v1</id> will no longer be packaged. Users installing packages should update to <id>v2</id>. <id>v1</id> builds are intended for users installing from source.</p>
</release-item>
<release-item>
<p>Update SSL error message test on CentOS 7.</p>
</release-item>
<release-item>
<p>Update URL for Debian package repository.</p>
</release-item>
<release-item>
<p>Make <file>ls</file> ordering deterministic in <id>mock</id>/<id>all</id> test.</p>
</release-item>
<release-item>
<p>Change backup test user from <id>backrest</id> to <id>pgbackrest</id>.</p>
<p>Ensure latest <id>db-id</id> is selected on when matching <file>archive.info</file> to <file>backup.info</file>. This provides correct matching in the event there are <id>system-id</id> and <id>db-version</id> duplicates (e.g. after reverting a <id>pg_upgrade</id>).</p>
<p>Fixed an issue that suppressed locality errors for <cmd>backup</cmd> and <cmd>restore</cmd>. When a backup host is present, backups should only be allowed on the backup host and restores should only be allowed on the database host unless an alternate configuration is created that ignores the remote host.</p>
<p>Fixed an issue where WAL was not expired on <postgres/> 10. This was caused by a faulty regex that expected all <postgres/> major versions to be X.X.</p>
<p>Fixed an issue where the <br-option>--no-config</br-option> option was not passed to child processes. This meant the child processes would still read the local config file and possibly cause unexpected behaviors.</p>
<p>Split <quote>refactor</quote> sections into <quote>improvements</quote> and <quote>development</quote> in the release notes. Many development notes are not relevant to users and simply clutter the release notes, so they are no longer shown on the website.</p>
<p>No longer run <id>release/1</id> branch through CI. The <id>release/1-integration</id> branch will be run through CI and then pushed to <id>release/1</id> with github status checks.</p>
<p>Move restore test infrastructure to <code>HostBackup.pm</code>. Required to test restores on the backup server, a fairly common scenario. Improve the restore function to accept optional parameters rather than a long list of parameters. In passing, clean up extraneous use of <code>strType</code> and <code>strComment</code> variables.</p>
<p>Fixed an issue retrieving WAL for old database versions. After a <cmd>stanza-upgrade</cmd> it should still be possible to restore backups from the previous version and perform recovery with <cmd>archive-get</cmd>. However, archive-get only checked the most recent db version/id and failed. Also clean up some issues when the same db version/id appears multiple times in the history.</p>
<p>Fixed an issue with invalid backup groups being set correctly on restore. If the backup cannot map a group to a name it stores the group in the manifest as <id>false</id> then uses either the owner of $PGDATA to set the group during restore or failing that the group of the current user. This logic was not working correctly because the selected group was overwriting the user on restore leaving the group undefined and the user incorrectly set to the group.</p>
<p>Fixed an issue passing parameters to remotes. When more than one db was specified the path, port, and socket path would for db1 were passed no matter which db was actually being addressed.</p>
<p>Disable gzip filter when <br-option>--compress-level-network=0</br-option>. The filter was used with compress level set to 0 which added overhead without any benefit.</p>
<p>Refactor protocol param generation into a new function. This allows the code to be tested more precisely and doesn't require executing a remote process.</p>
<p>Add <id>list</id> type for options. The <id>hash</id> type was being used for lists with an additional flag (`value-hash`) to indicate that it was not really a hash.</p>
<p>Remove configurable option hints. <br-option>db-path</br-option> was the only option with a hint so the feature seemed wasteful. All missing stanza options now output the same hint without needing configuration.</p>
<p>Improve base64 implementation. Different encoded strings could be generated based on compiler optimizations. Even though decoding was still successful the encoded strings did not match the standard.</p>
<p>Clarify usage of the <br-option>archive-timeout</br-option> option and describe how it is distinct from the <postgres/><pg-option>archive_timeout</pg-option> setting.</p>
<p>Fix flapping protocol timeout test. It only matters that the correct error code is returned, so disable logging to prevent message ordering from failing the expect test.</p>
<p>Designate a single distro (Ubuntu 16.04) for coverage testing. Running coverage testing on multiple distros takes time but doesn't add significant value. Also ensure that the distro designated to run coverage tests is one of the default test distros. For C tests, enable optimizations on the distros that don't do coverage testing.</p>
<p>Automate generation of WAL and <file>pg_control</file> test files. The existing static files would not work with 32-bit or big-endian systems so create functions to generate these files dynamically rather than creating a bunch of new static files.</p>
<p>Improve performance of list requests on S3. Any beginning literal portion of a filter expression is used to generate a search prefix which often helps keep the request small enough to avoid rate limiting.</p>
<p>Allow functions with sensitive options to be logged at debug level with redactions. Previously, functions with sensitive options had to be logged at trace level to avoid exposing them. Trace level logging may still expose secrets so use with caution.</p>
<p>Exclude contents of <path>pg_snapshots</path>, <path>pg_serial</path>, <path>pg_notify</path>, and <path>pg_dynshmem</path> from backup since they are rebuilt on startup.</p>
</release-item>
<release-item>
<p>Exclude <file>pg_internal.init</file> files from backup since they are rebuilt on startup.</p>
<p>The <path>archive_status</path> directory is now recreated on restore to support <postgres/> 8.3 which does not recreate it automatically like more recent versions do.</p>
<p>Modified the <cmd>info</cmd> command (both text and JSON output) to display the archive ID and minimum/maximum WAL currently present in the archive for the current and prior, if any, database cluster version.</p>
<p>Fix log checking after <postgres/> shuts down to include <id>FATAL</id> messages and disallow immediate shutdowns which can throw <id>FATAL</id> errors in the log.</p>
<p><b>IMPORTANT NOTE</b>: <postgres/><proper>8.3</proper> and <proper>8.4</proper> installations utilizing tablespaces should upgrade immediately from any <proper>v1</proper> release and run a full backup. A bug prevented tablespaces from being backed up on these versions only. <postgres/>&ge; <proper>9.0</proper> is not affected.</p>
<p>Add <br-option>s3-repo-ca-path</br-option> and <br-option>s3-repo-ca-file</br-option> options to accommodate systems where CAs are not automatically found by <code>IO::Socket::SSL</code>, i.e. <proper>RHEL7</proper>, or to load custom CAs.</p>
<p>Remove <setting>process-max</setting> option. Parallelism is now tested in a more targeted manner and the high level option is no longer needed.</p>
<p>Fixed the <cmd>backup</cmd> command so the <br-setting>backup-standby</br-setting> option is reset (and the backup proceeds on the primary) if the standby is not configured and/or reachable.</p>
<p>Fixed an issue where read-only operations that used local worker processes (i.e. <cmd>restore</cmd>) were creating write locks that could interfere with parallel <cmd>archive-push</cmd>.</p>
<p>Simplify locking scheme. Now, only the master process will hold write locks (for <cmd>archive-push</cmd> and <cmd>backup</cmd> commands) and not all local and remote worker processes as before.</p>
<p>Do not set timestamps of files in the backup directories to match timestamps in the cluster directory. This was originally done to enable backup resume, but that process is now implemented with checksums.</p>
<p>The <cmd>backup</cmd> and <cmd>restore</cmd> commands no longer copy via temp files. In both cases the files are checksummed on resume so there's no danger of partial copies.</p>
<p>Ignore clock skew in container libc/package builds using make. It is common for containers to have clock skew so the build process takes care of this issue independently.</p>
<p>Fixed an issue where databases created with a non-default tablespace would raise bogus warnings about <file>pg_filenode.map</file> and <file>pg_internal.init</file> not being page aligned.</p>
<p>Improved the code and tests for <code>fileManifest()</code> to prevent a possible race condition when files are removed by the database while the manifest is being built.</p>
<p>Fixed a regression introduced in <proper>v1.13</proper> that could cause backups to fail if files were removed (e.g. tables dropped) while the manifest was being built.</p>
<p>Refactor <code>FileCommon::fileManifest()</code> and <code>FileCommon::fileStat</code> to be more modular to allow complete branch/statement level coverage testing.</p>
<p>Complete branch/statement level coverage testing for <code>FileCommon::fileManifest()</code> and <code>FileCommon::fileStat</code> functions and helper functions.</p>
<p>Fixed an issue where an archive-push error would not be retried and would instead return errors to <postgres/> indefinitely (unless the <file>.error</file> file was manually deleted).</p>
<p>Fixed a race condition in parallel archiving where creation of new paths generated an error when multiple processes attempted to do so at the same time.</p>
<p><b>IMPORTANT NOTE</b>: The new implementation of asynchronous archiving no longer copies WAL to a separate queue. If there is any WAL left over in the old queue after upgrading to <id>1.13</id>, it will be abandoned and <b>not</b> pushed to the repository.
To prevent this outcome, stop archiving by setting <setting>archive_command = false</setting>. Next, drain the async queue by running <code>pgbackrest --stanza=[stanza-name] archive-push</code> and wait for the process to complete. Check that the queue in <path>[spool-path]/archive/[stanza-name]/out</path> is empty. Finally, install <code>1.13</code> and restore the original <setting>archive_command</setting>.
<b>IMPORTANT NOTE</b>: The <cmd>stanza-create</cmd> command is not longer optional and must be executed before backup or archiving can be performed on a <b>new</b> stanza. Pre-existing stanzas do not require <cmd>stanza-create</cmd> to be executed.</p>
<p>Improved <cmd>check</cmd> command to run on a standby, though only basic checks are done because <code>pg_switch_xlog()</code> cannot be executed on a replica.</p>
<p>Remove remote lock requirements for the <cmd>archive-get</cmd>, <cmd>restore</cmd>, <cmd>info</cmd>, and <cmd>check</cmd> commands since they are read-only operations.</p>
<p>Remove Intel-specific optimization from C library build flags.</p>
</release-item>
<release-item>
<p>Remove <br-option>--lock</br-option> option. This option was introduced before the lock directory could be located outside the repository and is now obsolete.</p>
</release-item>
<release-item>
<p>Added <br-option>--log-timestamp</br-option> option to allow timestamps to be suppressed in logging. This is primarily used to avoid filters in the automated documentation.</p>
<p>Moved the <code>Archive</code> modules to the <path>Archive</path> directory and split the <cmd>archive-get</cmd> and <cmd>archive-push</cmd> commands into separate modules.</p>
<p>Split test modules into separate files to make the code more maintainable. Tests are dynamically loaded by name rather than requiring an if-else block.</p>
<p>Allow multiple <setting>--module</setting>, <setting>--test</setting>, and <setting>--run</setting> options to be used for <file>test.pl</file>.</p>
<p><b>IMPORTANT NOTE</b>: In prior releases it was possible to specify options on the command-line that were invalid for the current command without getting an error. An error will now be generated for invalid options so it is important to carefully check command-line options in your environment to prevent disruption.</p>
<p>Fixed an issue where options that were invalid for the specified command could be provided on the command-line without generating an error. The options were ignored and did not cause any change in behavior, but it did lead to some confusion. Invalid options will now generate an error.</p>
<p>Fixed an issue where internal symlinks were not being created for tablespaces in the repository. This issue was only apparent when trying to bring up clusters in-place manually using filesystem snapshots and did not affect normal backup and restore.</p>
<p>Fixed an issue that prevented errors from being output to the console before the logging system was initialized, i.e. while parsing options. Error codes were still being returned accurately so this would not have made a process look like it succeeded when it did not.</p>
<p>Fixed an issue where the <br-option>db-port</br-option> option specified on the backup server would not be properly passed to the remote unless it was from the first configured database.</p>
<p>Added the <br-option>--checksum-page</br-option> option to allow pgBackRest to validate page checksums in data files when checksums are enabled on <postgres/> >= 9.3. Note that this functionality requires a C library which may not initially be available in OS packages. The option will automatically be enabled when the library is present and checksums are enabled on the cluster.</p>
<p>Added the <br-option>--repo-link</br-option> option to allow internal symlinks to be suppressed when the repository is located on a filesystem that does not support symlinks. This does not affect any <backrest/> functionality, but the convenience link <path>latest</path> will not be created and neither will internal tablespace symlinks, which will affect the ability to bring up clusters in-place manually using filesystem snapshots.</p>
<p>Added the <br-option>--repo-sync</br-option> option to allow directory syncs in the repository to be disabled for file systems that do not support them, e.g. NTFS.</p>
<p>Added a predictable log entry to signal that a command has completed successfully. For example a backup ends successfully with: <code>INFO: backup command end: completed successfully</code>.</p>
<p>For simplicity, the <file>pg_control</file> file is now copied with the rest of the files instead of by itself of at the end of the process. The <cmd>backup</cmd> command does not require this behavior and the <cmd>restore</cmd> copies to a temporary file which is renamed at the end of the restore.</p>
<p>Allow a source to be included as a section so large documents can be broken up.</p>
</release-item>
<release-item>
<p>Added section link support to Markdown output.</p>
</release-item>
<release-item>
<p>Added list support to PDF output.</p>
</release-item>
<release-item>
<p>Added <setting>include</setting> option to explicitly build sources (complements the <setting>exclude</setting> option though both cannot be used in the same invocation).</p>
</release-item>
<release-item>
<p>Added <setting>keyword-add</setting> option to add keywords without overriding the <id>default</id> keyword.</p>
</release-item>
<release-item>
<p>Added <setting>debug</setting> option to <file>doc.pl</file> to easily add the <id>debug</id> keyword to documentation builds.</p>
</release-item>
<release-item>
<p>Added <setting>pre</setting> option to <file>doc.pl</file> to easily add the <id>pre</id> keyword to documentation builds.</p>
<p>Fixed an issue where asynchronous archiving was transferring one file per execution instead of transferring files in batches. This regression was introduced in <proper>v1.09</proper> and affected efficiency only, all WAL segments were correctly archived in asynchronous mode.</p>
<p>Fixed an issue where the async archiver would not be started if <cmd>archive-push</cmd> did not have enough space to queue a new WAL segment. This meant that the queue would never be cleared without manual intervention (such as calling <cmd>archive-push</cmd> directly). <postgres/> now receives errors when there is not enough space to store new WAL segments but the async process will still be started so that space is eventually freed.</p>
<p>Fixed a remote timeout that occurred when a local process generated checksums (during resume or restore) but did not copy files, allowing the remote to go idle.</p>
<p>Added the <br-option>log-level-stderr</br-option> option to control whether console log messages are sent to <id>stderr</id> or <id>stdout</id>. By default this is set to <setting>warn</setting> which represents a change in behavior from previous versions, even though it may be more intuitive. Setting <br-option>log-level-stderr=off</br-option> will preserve the old behavior.</p>
<p>Fixed an issue where <br-option>retention-archive</br-option> was not automatically being set when <br-option>retention-archive-type=diff</br-option>, resulting in a less aggressive than intended expiration of archive.</p>
<p>The <setting>archive-start</setting> and <setting>archive-stop</setting> settings are now filled in <file>backup.manifest</file> even when <br-option>archive-check=n</br-option>.</p>
<p>Experimental support for non-exclusive backups in <postgres/> 9.6 rc1. Changes to the control/catalog/WAL versions in subsequent release candidates may break compatibility but <backrest/> will be updated with each release to keep pace.</p>
<p>Changed temporary file names to consistently use the <file>.pgbackrest.tmp</file> extension even if the destination file is compressed or has an appended checksum.</p>
<p>Fixed an issue where options that should not allow multiple values could be specified multiple times in <file>pgbackrest.conf</file> without an error being raised.</p>
<p>Fixed an issue where the <br-option>protocol-timeout</br-option> option was not automatically increased when the <br-option>db-timeout</br-option> option was increased.</p>
<p>Backup from a standby cluster. A connection to the primary cluster is still required to start/stop the backup and copy files that are not replicated, but the vast majority of files are copied from the standby in order to reduce load on the primary.</p>
<p>More flexible configuration for databases. Master and standby can both be configured on the backup server and <backrest/> will automatically determine which is the primary. This means no configuration changes for backup are required after failing over from a primary to standby when a separate backup server is used.</p>
<p>Exclude directories during backup that are cleaned, recreated, or zeroed by <postgres/> at startup. These include <path>pgsql_tmp</path> and <path>pg_stat_tmp</path>. The <file>postgresql.auto.conf.tmp</file> file is now excluded in addition to files that were already excluded: <file>backup_label.old</file>, <file>postmaster.opts</file>, <file>postmaster.pid</file>, <file>recovery.conf</file>, <file>recovery.done</file>.</p>
<p>Experimental support for non-exclusive backups in <postgres/> 9.6 beta4. Changes to the control/catalog/WAL versions in subsequent betas may break compatibility but <backrest/> will be updated with each release to keep pace.</p>
<p>Removed all <code>OP_*</code> function constants that were used only for debugging, not in the protocol, and replaced with <code>__PACKAGE__</code>.</p>
<p>Improvements in <code>Db</code> module: separated out <code>connect()</code> function, allow <code>executeSql()</code> calls that do not return data, and improve error handling.</p>
<p>Fixed an issue where tablespace paths that had $PGDATA as a substring would be identified as a subdirectories of $PGDATA even when they were not. Also hardened relative path checking a bit.</p>
<p>Fixed an issue where db-path was not required for the <cmd>check</cmd> command so an assert was raised when it was missing rather than a polite error message.</p>
<p>Fixed an issue where a remote could try to start its own remote when the <br-option>backup-host</br-option> option was not present in <file>pgbackrest.conf</file> on the database server.</p>
<p>Fixed an issue where the contents of <path>pg_xlog</path> were being backed up if the directory was symlinked. This didn't cause any issues during restore but was a waste of space.</p>
<p>Experimental support for non-exclusive backups in <postgres/> 9.6 beta3. Changes to the control/catalog/WAL versions in subsequent betas may break compatibility but <backrest/> will be updated with each release to keep pace.</p>
<p>Fixed an issue where <id>keep-alives</id> could be starved out by lots of small files during multi-threaded <cmd>backup</cmd>. They were also completely absent from single/multi-threaded <cmd>backup</cmd> resume and <cmd>restore</cmd> checksumming.</p>
<p>Fixed an issue where the <cmd>expire</cmd> command would refuse to run when explicitly called from the command line if the <br-option>db-host</br-option> option was set. This was not an issue when <cmd>expire</cmd> was run automatically after a <cmd>backup</cmd></p>
<p>Fixed an issue where validation was being running on <pg-setting>archive_command</pg-setting> even when the <br-option>archive-check</br-option> option was disabled.</p>
<p>Added the <br-option>protocol-timeout</br-option> option. Previously <br-option>protocol-timeout</br-option> was set as <br-option>db-timeout</br-option> + 30 seconds.</p>
<p>Failure to shutdown remotes at the end of the backup no longer throws an exception. Instead a warning is generated that recommends a higher <br-option>protocol-timeout</br-option>.</p>
<p>Experimental support for non-exclusive backups in <postgres/> 9.6 beta2. Changes to the control/catalog/WAL versions in subsequent betas may break compatibility but <backrest/> will be updated with each release to keep pace.</p>
<p>Improved handling of users/groups captured during backup that do not exist on the restore host. Also explicitly handle the case where user/group is not mapped to a name.</p>
<p>Option handling is now far more strict. Previously it was possible for a command to use an option that was not explicitly assigned to it. This was especially true for the <br-option>backup-host</br-option> and <br-option>db-host</br-option> options which are used to determine locality.</p>
<p>The <code>pg_xlogfile_name()</code> function is no longer used to construct WAL filenames from LSNs. While this function is convenient it is not available on a standby. Instead, the archive is searched for the LSN in order to find the timeline. If due to some misadventure the LSN appears on multiple timelines then an error will be thrown, whereas before this condition would have passed unnoticed.</p>
<p>Changed version variable to a constant. It had originally been designed to play nice with a specific packaging tool but that tool was never used.</p>
<p>Recommended install location for <backrest/> modules is now <path>/usr/share/perl5</path> since <path>/usr/lib/perl5</path> has been removed from the search path in newer versions of Perl.</p>
<p>Allow hidden options to be added to a command. This allows certain commands (like <id>apt-get</id>) to be forced during the build without making that a part of the documentation.</p>
<p>Major refactor of the test suite to make it more modular and object-oriented. Multiple Docker containers can now be created for a single test to simulate more realistic environments. Tests paths have been renamed for clarity.</p>
<p>Greatly reduced the quantity of Docker containers built by default. Containers are only built for <postgres/> versions specified in <id>db-minimal</id> and those required to build documentation. Additional containers can be built with <br-option>--db-version=all</br-option> or by specifying a version, e.g. <br-option>--db-version=9.4</br-option>.</p>
<p>Release notes are now broken into sections so that bugs, features, and refactors are clearly delineated. An <quote>Additional Notes</quote> section has been added for changes to documentation and the test suite that do not affect the core code.</p>
<p>The change log was the last piece of documentation to be rendered in Markdown only. Wrote a converter so the document can be output by the standard renderers. The change log will now be located on the website and has been renamed to <quote>Releases</quote>.</p>
<p>Added an execution cache so that documentation can be generated without setting up the full container environment. This is useful for packaging, keeps the documentation consistent for a release, and speeds up generation when no changes are made in the execution list.</p>
<p>Remove function constants and pass strings directly to logDebugParam(). The function names were only used once so creating constants for them was wasteful.</p>
</release-item>
<release-item>
<p>Lists can now be used outside of <id>p</id> and <id>text</id> tags for more flexible document structuring.</p>
<p>Upgraded doc/test VM to Ubuntu 16.04. This will help catch Perl errors in the doc code since it is not run across multiple distributions like the core and test code. It is also to be hoped that a newer kernel will make Docker more stable.</p>
<p>Allow selective restore of databases from a cluster backup. This feature can result in major space and time savings when only specific databases are restored. Unrestored databases will not be accessible but must be manually dropped before they will be removed from the shared catalogue.</p>
<p>Experimental support for non-exclusive backups in <postgres/> 9.6 beta1. Changes to the control/catalog/WAL versions in subsequent betas may break compatibility but <backrest/> will be updated with each release to keep pace.</p>
</release-item>
</release-feature-list>
</release-core-list>
</release>
<releasedate="2016-04-14"version="1.00"title="New Repository Format and Configuration Scheme, Link Support">
<release-core-list>
<p><b>IMPORTANT NOTE</b>: This flag day release breaks compatibility with older versions of <backrest/>. The manifest format, on-disk structure, configuration scheme, and the exe/path names have all changed. You must create a new repository to hold backups for this version of <backrest/> and keep your older repository for a time in case you need to do a restore. Restores from the prior repository will require the prior version of <backrest/> but because of name changes it is possible to have <id>1.00</id> and a prior version of <backrest/> installed at the same time. See the notes below for more detailed information on what has changed.</p>
<p>Implemented a new configuration scheme which should be far simpler to use. See the User Guide and Configuration Reference for details but for a simple configuration all options can now be placed in the <setting>stanza</setting> section. Options that are shared between stanzas can be placed in the <setting>[global]</setting> section. More complex configurations can still make use of command sections though this should be a rare use case.</p>
</release-item>
<release-item>
<p>The <setting>repo-path</setting> option now always refers to the repository where backups and archive are stored, whether local or remote, so the <setting>repo-remote-path</setting> option has been removed. The new <setting>spool-path</setting> option can be used to define a location for queueing WAL segments when archiving asynchronously. A local repository is no longer required.</p>
<p>The default configuration filename is now <file>pgbackrest.conf</file> instead of <file>pg_backrest.conf</file>. This was done for consistency with other naming changes but also to prevent old config files from being loaded accidentally when migrating to <id>1.00</id>.</p>
<p>Lock files are now stored in <path>/tmp/pgbackrest</path> by default. These days <path>/run/pgbackrest</path> is the preferred location but that would require init scripts which are not part of this release. The <setting>lock-path</setting> option can be used to configure the lock directory.</p>
<p>Log files are now stored in <path>/var/log/pgbackrest</path> by default and no longer have the date appended so they can be managed with <id>logrotate</id>. The <setting>log-path</setting> option can be used to configure the lock directory.</p>
<p>Executable filename changed from <file>pg_backrest</file> to <file>pgbackrest</file>.</p>
</release-item>
<release-item>
<p>All files and directories linked from PGDATA are now included in the backup. By default links will be restored directly into PGDATA as files or directories. The <setting>{[dash]}-link-all</setting> option can be used to restore all links to their original locations. The <setting>{[dash]}-link-map</setting> option can be used to remap a link to a new location.</p>
</release-item>
<release-item>
<p>Removed <setting>{[dash]}-tablespace</setting> option and replaced with <setting>{[dash]}-tablespace-map-all</setting> option which should more clearly indicate its function.</p>
</release-item>
<release-item>
<p>Added <id>detail</id> log level which will output more information than <id>info</id> without being as verbose as <id>debug</id>.</p>
<p>Fixed an issue where the master process was passing <setting>{[dash]}-repo-remote-path</setting> instead of <setting>{[dash]}-repo-path</setting> to the remote and causing the lock files to be created in the default repository directory (<path>/var/lib/backup</path>), generally ending in failure. This was only an issue when <setting>{[dash]}-repo-remote-path</setting> was defined on the command line rather than in <file>pg_backrest.conf</file>.</p>
</release-item>
</release-bug-list>
</release-core-list>
</release>
<releasedate="2016-03-22"version="0.91"title="Tablespace Bug Fix and Minor Enhancements">
<release-core-list>
<p><b>IMPORTANT BUG FIX FOR TABLESPACES</b>: A change to the repository format was accidentally introduced in 0.90 which means the on-disk backup was no longer a valid <postgres/> cluster when the backup contained tablespaces. This only affected users who directly copied the backups to restore <postgres/> clusters rather than using the restore command. However, the fix breaks compatibility with older backups that contain tablespaces no matter how they are being restored (<backrest/> will throw errors and refuse to restore). New full backups should be taken immediately after installing version 0.91 for any clusters that contain tablespaces. If older backups need to be restored then use a version of <backrest/> that matches the backup version.</p>
<p>Fixed an issue where specifying <setting>{[dash]}-no-archive-check</setting> would throw a configuration error.</p>
</release-item>
<release-item>
<p>Fixed an issue where a temp WAL file left over after a well-timed system crash could cause the next <cmd>archive-push</cmd> to fail.</p>
</release-item>
<release-item>
<p>The <setting>retention-archive</setting> option can now be be safely set to less than backup retention (<setting>retention-full</setting> or <setting>retention-diff</setting>) without also specifying <setting>archive-copy=n</setting>. The WAL required to make the backups that fall outside of archive retention consistent will be preserved in the archive. However, in this case PITR will not be possible for the backups that fall outside of archive retention.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>When backing up and restoring tablespaces <backrest/> only operates on the subdirectory created for the version of <postgres/> being run against. Since multiple versions can live in a tablespace (especially during a binary upgrade) this prevents too many files from being copied during a backup and other versions possibly being wiped out during a restore. This only applies to <postgres/> >= 9.0 &mdash; prior versions of <postgres/> could not share a tablespace directory.</p>
<p>Generate an error when <setting>archive-check=y</setting> but <setting>archive_command</setting> does not execute <file>pg_backrest</file>.</p>
</release-item>
<release-item>
<p>Improved error message when <setting>repo-path</setting> or <setting>repo-remote-path</setting> does not exist.</p>
</release-item>
<release-item>
<p>Added checks for <setting>{[dash]}-delta</setting> and <setting>{[dash]}-force</setting> restore options to ensure that the destination is a valid $PGDATA directory. <backrest/> will check for the presence of <file>PG_VERSION</file> or <file>backup.manifest</file> (left over from an aborted restore). If neither file is found then <setting>{[dash]}-delta</setting> and <setting>{[dash]}-force</setting> will be disabled but the restore will proceed unless there are files in the $PGDATA directory (or any tablespace directories) in which case the operation will be aborted.</p>
</release-item>
<release-item>
<p>When restore <setting>{[dash]}-set=latest</setting> (the default) the actual backup restored will be output to the log.</p>
</release-item>
<release-item>
<p>Support for <postgres/> 9.5 partial WAL segments and <setting>recovery_target_action</setting> setting. The <setting>archive_mode = 'always'</setting> setting is not yet supported.</p>
</release-item>
<release-item>
<p>Support for <setting>recovery_target = 'immediate'</setting> recovery setting introduced in <postgres/> 9.4.</p>
</release-item>
<release-item>
<p>The following tablespace checks have been added: paths or files in pg_tblspc, relative links in pg_tblspc, tablespaces in $PGDATA. All three will generate errors.</p>
<p>Fixed an issue where document generation failed because some OSs are not tolerant of having multiple installed versions of <postgres/>. A separate VM is now created for each version. Also added a sleep after database starts during document generation to ensure the database is running before the next command runs.</p>
<p>Fixed an issue where longer-running backups/restores would timeout when remote and threaded. Keepalives are now used to make sure the remote for the main process does not timeout while the thread remotes do all the work. The error message for timeouts was also improved to make debugging easier.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Allow restores to be performed on a read-only repository by using <setting>{[dash]}-no-lock</setting> and <setting>{[dash]}-log-level-file=off</setting>. The <setting>{[dash]}-no-lock</setting> option can only be used with restores.</p>
<p>The dev branch has been renamed to master and for the time being the master branch has renamed to release, though it will probably be removed at some point {[dash]}- thus ends the gitflow experiment for <backrest/>. It is recommended that any forks get re-forked and clones get re-cloned.</p>
<p>Symlinks are no longer created in backup directories in the repository. These symlinks could point virtually anywhere and potentially be dangerous. Symlinks are still recreated during a restore.</p>
</release-item>
<release-item>
<p>Added better messaging for backup expiration. Full and differential backup expirations are logged on a single line along with a list of all dependent backups expired.</p>
</release-item>
<release-item>
<p>Archive retention is automatically set to full backup retention if not explicitly configured.</p>
</release-item>
</release-feature-list>
</release-core-list>
<release-doc-list>
<release-feature-list>
<release-item>
<p>Added documentation in the user guide for delta restores, expiration, dedicated backup hosts, starting and stopping <backrest/>, and replication.</p>
</release-item>
</release-feature-list>
</release-doc-list>
</release>
<releasedate="2015-10-28"version="0.87"title="Website and User Guide">
<release-core-list>
<release-feature-list>
<release-item>
<p>The <file>backup_label.old</file> and <file>recovery.done</file> files are now excluded from backups.</p>
<releasedate="2015-10-08"version="0.85"title="Start/Stop Commands and Minor Bug Fixes">
<release-core-list>
<release-bug-list>
<release-item>
<p>Fixed an issue where an error could be returned after a backup or restore completely successfully.</p>
</release-item>
<release-item>
<p>Fixed an issue where a resume would fail if temp files were left in the root backup directory when the backup failed. This scenario was likely if the backup process got terminated during the copy phase.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Added <cmd>stop</cmd> and <cmd>start</cmd> commands to prevent <backrest/> processes from running on a system where <postgres/> is shutdown or the system needs to be quiesced for some other reason.</p>
</release-item>
<release-item>
<p>Experimental support for <postgres/> 9.5 beta1. This may break when the control version or WAL magic changes in future versions but will be updated in each <backrest/> release to keep pace. All regression tests pass except for <setting>{[dash]}-target-resume</setting> tests (this functionality has changed in 9.5) and there is no testing yet for <file>.partial</file> WAL segments.</p>
<releasedate="2015-09-14"version="0.82"title="Refactoring, Command-line Help, and Minor Bug Fixes">
<release-core-list>
<release-bug-list>
<release-item>
<p>Fixed an issue where resumed compressed backups were not preserving existing files.</p>
</release-item>
<release-item>
<p>Fixed an issue where resume and incr/diff would not ensure that the prior backup had the same compression and hardlink settings.</p>
</release-item>
<release-item>
<p>Fixed an issue where a cold backup using <setting>{[dash]}-no-start-stop</setting> could be started on a running <postgres/> cluster without <setting>{[dash]}-force</setting> specified.</p>
</release-item>
<release-item>
<p>Fixed an issue where a thread could be started even when none were requested.</p>
</release-item>
<release-item>
<p>Fixed an issue where the <backrest/> version number was not being updated in <file>backup.info</file> and <file>archive.info</file> after an upgrade/downgrade.</p>
<p>Fixed an issue where the <postgres/><code>pg_stop_backup()</code> NOTICEs were being output to <id>stderr</id>.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Experimental support for <postgres/> 9.5 alpha2. This may break when the control version or WAL magic changes in future versions but will be updated in each <backrest/> release to keep pace. All regression tests pass except for <setting>{[dash]}-target-resume</setting> tests (this functionality has changed in 9.5) and there is no testing yet for <file>.partial</file> WAL segments.</p>
<p>Renamed <setting>recovery-setting</setting> option and section to <setting>recovery-option</setting> to be more consistent with <backrest/> naming conventions.</p>
<p>Fixed an issue that caused the formatted timestamp for both the oldest and newest backups to be reported as the current time by the <cmd>info</cmd> command. Only <id>text</id> output was affected {[dash]}- <id>json</id> output reported the correct epoch values.</p>
</release-item>
<release-item>
<p>Fixed protocol issue that was preventing ssh errors (especially on connection) from being logged.</p>
<p>The repository is now created and updated with consistent directory and file modes. By default <id>umask</id> is set to <id>0000</id> but this can be disabled with the <setting>neutral-umask</setting> setting.</p>
</release-item>
<release-item>
<p>Added the <br-option>stop-auto</br-option> option to allow failed backups to automatically be stopped when a new backup starts.</p>
</release-item>
<release-item>
<p>Added the <br-option>db-timeout</br-option> option to limit the amount of time <backrest/> will wait for <code>pg_start_backup()</code> and <code>pg_stop_backup()</code> to return.</p>
</release-item>
<release-item>
<p>Remove <file>pg_control</file> file at the beginning of the restore and copy it back at the very end. This prevents the possibility that a partial restore can be started by <postgres/>.</p>
</release-item>
<release-item>
<p>Added checks to be sure the <setting>db-path</setting> setting is consistent with <setting>db-port</setting> by comparing the <setting>data_directory</setting> as reported by the cluster against the <setting>db-path</setting> setting and the version as reported by the cluster against the value read from <file>pg_control</file>. The <setting>db-socket-path</setting> setting is checked to be sure it is an absolute path.</p>
</release-item>
<release-item>
<p>Experimental support for <postgres/> 9.5 alpha1. This may break when the control version or WAL magic changes in future versions but will be updated in each <backrest/> release to keep pace. All regression tests pass except for <setting>{[dash]}-target-resume</setting> tests (this functionality has changed in 9.5) and there is no testing yet for <file>.partial</file> WAL segments.</p>
<p>Now using Perl <code>DBI</code> and <code>DBD::Pg</code> for connections to <postgres/> rather than <cmd>psql</cmd>. The <setting>cmd-psql</setting> and <setting>cmd-psql-option</setting> settings have been removed and replaced with <setting>db-port</setting> and <setting>db-socket-path</setting>. Follow the instructions in the Installation Guide to install <code>DBD::Pg</code> on your operating system.</p>
<p>Split most of <file>README.md</file> out into <file>USERGUIDE.md</file> and <file>CHANGELOG.md</file> because it was becoming unwieldy. Changed most references to <quote>database</quote> in the user guide to <quote>database cluster</quote> for clarity.</p>
</release-item>
<release-item>
<p>Changed most references to <quote>database</quote> in the user guide to <quote>database cluster</quote> for clarity.</p>
<p>Removed dependency on CPAN packages for multi-threaded operation. While it might not be a bad idea to update the <code>threads</code> and <code>Thread::Queue</code> packages, it is no longer necessary.</p>
</release-item>
<release-item>
<p>Modified wait backoff to use a Fibonacci rather than geometric sequence. This will make wait time grow less aggressively while still giving reasonable values.</p>
<p>Improved error message when backup is run without <setting>archive_command</setting> set and without <setting>{[dash]}-no-archive-check</setting> specified.</p>
<p>Moved version number out of the <file>VERSION</file> file to <file>Version.pm</file> to better support packaging.</p>
</release-item>
<release-item>
<p>Replaced <code>IPC::System::Simple</code> and <code>Net::OpenSSH</code> with <code>IPC::Open3</code> to eliminate CPAN dependency for multiple operating systems.</p>
<releasedate="2015-06-14"version="0.75"title="New Repository Format, Info Command and Experimental 9.5 Support">
<release-core-list>
<p><b>IMPORTANT NOTE</b>: This flag day release breaks compatibility with older versions of <backrest/>. The manifest format, on-disk structure, and the binary names have all changed. You must create a new repository to hold backups for this version of <backrest/> and keep your older repository for a time in case you need to do a restore. The <file>pg_backrest.conf</file> file has not changed but you'll need to change any references to <file>pg_backrest.pl</file> in cron (or elsewhere) to <file>pg_backrest</file> (without the <file>.pl</file> extension).</p>
<p>More efficient file ordering for <cmd>backup</cmd>. Files are copied in descending size order so a single thread does not end up copying a large file at the end. This had already been implemented for <cmd>restore</cmd>.</p>
<p>Fixed an issue where <cmd>archive-copy</cmd> would fail on an incr/diff backup when <setting>hardlink=n</setting>. In this case the <path>pg_xlog</path> path does not already exist and must be created.</p>
<p>Fixed an issue in async archiving where <cmd>archive-push</cmd> was not properly returning 0 when <setting>archive-max-mb</setting> was reached and moved the async check after transfer to avoid having to remove the stop file twice. Also added unit tests for this case and improved error messages to make it clearer to the user what went wrong.</p>
<p>Fixed a locking issue that could allow multiple operations of the same type against a single stanza. This appeared to be benign in terms of data integrity but caused spurious errors while archiving and could lead to errors in backup/restore.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Allow duplicate WAL segments to be archived when the checksum matches. This is necessary for some recovery scenarios.</p>
<p>Allow comments/disabling in <file>pg_backrest.conf</file> using the <id>#</id> character. Only <id>#</id> characters in the forst character of the line are honored.</p>
<releasedate="2015-05-11"version="0.65"title="Improved Resume and Restore Logging, Compact Restores">
<release-core-list>
<release-bug-list>
<release-item>
<p>Fixed an issue where an absolute path was not written into <file>recovery.conf</file> when the restore was run with a relative path.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Better resume support. Resumed files are checked to be sure they have not been modified and the manifest is saved more often to preserve checksums as the backup progresses. More unit tests to verify each resume case.</p>
</release-item>
<release-item>
<p>Resume is now optional. Use the <setting>resume</setting> setting or <setting>{[dash]}-no-resume</setting> from the command line to disable.</p>
</release-item>
<release-item>
<p>More info messages during restore. Previously, most of the restore messages were debug level so not a lot was output in the log.</p>
</release-item>
<release-item>
<p>Added <setting>tablespace</setting> setting to allow tablespaces to be restored into the <path>pg_tblspc</path> path. This produces compact restores that are convenient for development, staging, etc. Currently these restores cannot be backed up as <backrest/> expects only links in the <path>pg_tblspc</path> path.</p>
</release-item>
</release-feature-list>
</release-core-list>
</release>
<releasedate="2015-04-21"version="0.61"title="Bug Fix for Uncompressed Remote Destination">
<release-core-list>
<release-bug-list>
<release-item>
<p>Fixed a buffering error that could occur on large, highly-compressible files when copying to an uncompressed remote destination. The error was detected in the decompression code and resulted in a failed backup rather than corruption so it should not affect successful backups made with previous versions.</p>
</release-item>
</release-bug-list>
</release-core-list>
</release>
<releasedate="2015-04-19"version="0.60"title="Better Version Support and WAL Improvements">
<release-core-list>
<release-bug-list>
<release-item>
<p>Pushing duplicate WAL now generates an error. This worked before only if checksums were disabled.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Database System IDs are used to make sure that all WAL in an archive matches up. This should help prevent misconfigurations that send WAL from multiple clusters to the same archive.</p>
<p>Regression tests working back to <postgres/> 8.3.</p>
</release-item>
</release-feature-list>
</release-test-list>
</release>
<releasedate="2015-03-25"version="0.50"title="Restore and Much More">
<release-core-list>
<release-bug-list>
<release-item>
<p>Fixed broken checksums and now they work with normal and resumed backups. Finally realized that checksums and checksum deltas should be functionally separated and this simplified a number of things. Issue #28 has been created for checksum deltas.</p>
</release-item>
<release-item>
<p>Fixed an issue where a backup could be resumed from an aborted backup that didn't have the same type and prior backup.</p>
</release-item>
</release-bug-list>
<release-feature-list>
<release-item>
<p>Added restore functionality.</p>
</release-item>
<release-item>
<p>All options can now be set on the command-line making <file>pg_backrest.conf</file> optional.</p>
</release-item>
<release-item>
<p>De/compression is now performed without threads and checksum/size is calculated in stream. That means file checksums are no longer optional.</p>
</release-item>
<release-item>
<p>Added option <setting>{[dash]}-no-start-stop</setting> to allow backups when Postgres is shut down. If <file>postmaster.pid</file> is present then <setting>{[dash]}-force</setting> is required to make the backup run (though if Postgres is running an inconsistent backup will likely be created). This option was added primarily for the purpose of unit testing, but there may be applications in the real world as well.</p>
</release-item>
<release-item>
<p>Checksum for <file>backup.manifest</file> to detect a corrupted/modified manifest.</p>
</release-item>
<release-item>
<p>Link <path>latest</path> always points to the last backup. This has been added for convenience and to make restores simpler.</p>
<p>Complete rewrite of <code>BackRest::File</code> module to use a custom protocol for remote operations and Perl native GZIP and SHA operations. Compression is performed in threads rather than forked processes.</p>
</release-item>
<release-item>
<p>Removed dependency on <code>Storable</code> and replaced with a custom ini file implementation.</p>
</release-item>
<release-item>
<p>Numerous other changes that can only be identified with a diff.</p>
<p>Fairly comprehensive unit tests for all the basic operations. More work to be done here for sure, but then there is always more work to be done on unit tests.</p>
<p>Found and squashed a nasty bug where <code>file_copy()</code> was defaulted to ignore errors. There was also an issue in <code>file_exists()</code> that was causing the test to fail when the file actually did exist. Together they could have resulted in a corrupt backup with no errors, though it is very unlikely.</p>
<p>Worked on improving error handling in the <code>File</code> object. This is not complete, but works well enough to find a few errors that have been causing us problems (notably, find is occasionally failing building the archive async manifest when system is under load).</p>
<p>The <cmd>archive-get</cmd> command now returns a 1 when the archive file is missing to differentiate from hard errors (ssh connection failure, file copy error, etc.) This lets <postgres/> know that that the archive stream has terminated normally. However, this does not take into account possible holes in the archive stream.</p>
</release-item>
</release-bug-list>
</release-core-list>
</release>
<releasedate="2014-04-03"version="0.17"title="Warn When Archive Directories Cannot Be Deleted">
<release-core-list>
<release-bug-list>
<release-item>
<p>If an archive directory which should be empty could not be deleted backrest was throwing an error. There's a good fix for that coming, but for the time being it has been changed to a warning so processing can continue. This was impacting backups as sometimes the final archive file would not get pushed if the first archive file had been in a different directory (plus some bad luck).</p>
</release-item>
</release-bug-list>
</release-core-list>
</release>
<releasedate="2014-04-01"version="0.16"title="RequestTTY=yes for SSH Sessions">
<release-core-list>
<release-bug-list>
<release-item>
<p>Added <setting>RequestTTY=yes</setting> to ssh sessions. Hoping this will prevent random lockups.</p>
<p>Removed <setting>master_stderr_discard</setting> option on database SSH connections. There have been occasional lockups and they could be related to issues originally seen in the file code.</p>
</release-item>
<release-item>
<p>Changed lock file conflicts on <cmd>backup</cmd> and <cmd>expire</cmd> commands to <id>ERROR</id>. They were set to <id>DEBUG</id> due to a copy-and-paste from the archive locks.</p>
</release-item>
</release-bug-list>
</release-core-list>
</release>
<releasedate="2014-03-05"version="0.10"title="Backup and Archiving are Functional">
<release-core-list>
<release-feature-list>
<release-item>
<p>No restore functionality, but the backup directories are consistent <postgres/> data directories. You'll need to either uncompress the files or turn off compression in the backup. Uncompressed backups on a ZFS (or similar) filesystem are a good option because backups can be restored locally via a snapshot to create logical backups or do spot data recovery.</p>
</release-item>
<release-item>
<p>Archiving is single-threaded. This has not posed an issue on our multi-terabyte databases with heavy write volume. Recommend a large WAL volume or to use the async option with a large volume nearby.</p>
</release-item>
<release-item>
<p>Backups are multi-threaded, but the <code>Net::OpenSSH</code> library does not appear to be 100% thread-safe so it will very occasionally lock up on a thread. There is an overall process timeout that resolves this issue by killing the process. Yes, very ugly.</p>
</release-item>
<release-item>
<p>Checksums are lost on any resumed backup. Only the final backup will record checksum on multiple resumes. Checksums from previous backups are correctly recorded and a full backup will reset everything.</p>
</release-item>
<release-item>
<p>The <file>backup.manifest</file> is being written as <code>Storable</code> because <code>Config::IniFile</code> does not seem to handle large files well. Would definitely like to save these as human-readable text.</p>
</release-item>
</release-feature-list>
</release-core-list>
<release-doc-list>
<release-feature-list>
<release-item>
<p>Absolutely no documentation (outside the code). Well, excepting these release notes.</p>