1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-14 10:13:05 +02:00
Commit Graph

2434 Commits

Author SHA1 Message Date
David Steele
1d5563288c Parse defaults and text sections in help.xml.
These will be required to build documentation in C.
2023-09-29 17:28:00 -04:00
David Steele
217584a2c4 Add new XML functions required for building documentation. 2023-09-29 16:52:08 -04:00
David Steele
a7ab686d0e v2.48: Repository Storage Tags
Bug Fixes:

* Fix issue restoring block incremental without a block list. (Reviewed by Stephen Frost, Burak Yurdakul. Reported by Burak Yurdakul.)

Features:

* Add --repo-storage-tag option to create object tags. (Reviewed by Stephen Frost, Stefan Fercot, Timothée Peignier.)
* Add known hosts checking for SFTP storage driver. (Contributed by Reid Thompson. Reviewed by Stephen Frost, David Steele.)
* Support for dual stack connections. (Reviewed by Stephen Frost.)
* Add backup size completed/total to info command JSON output. (Contributed by Stefan Fercot. Reviewed by David Steele.)

Improvements:

* Multi-stanza check command. (Reviewed by Stephen Frost.)
* Retry reads of pg_control until checksum is valid. (Reviewed by Stefan Fercot, Stephen Frost.)
* Optimize WAL segment check after successful backup. (Reviewed by Stephen Frost.)
* Improve GCS multi-part performance. (Reviewed by Reid Thompson.)
* Allow archive-get command to run when stanza is stopped. (Reviewed by Tom Swartz, David Christensen, Reid Thompson.)
* Accept leading tilde in paths for SFTP public/private keys. (Contributed by Reid Thompson. Reviewed by David Steele.)
* Reload GCS credentials before renewing authentication token. (Reviewed by Stephen Frost. Suggested by Daniel Farina.)

Documentation Bug Fixes:

* Fix configuration reference example for the tls-server-address option. (Fixed by Hartmut Goebel. Reviewed by David Steele.)
* Fix command reference example for the filter option.

Test Suite Improvements:

* Allow storage/sftp unit test to run without libssh2 installed. (Contributed by Reid Thompson. Reviewed by David Steele. Suggested by Wu Ning.)
2023-09-25 09:32:15 -04:00
Reid Thompson
c3c0834e17
Allow storage/sftp unit test to run without libssh2 installed.
Add missing #ifdefs and update tests to prevent test compilation failure and test run issues when libssh2 is not present.
2023-09-19 16:26:13 -04:00
David Steele
bb752cd111 Remove duplicate tests from storage/sftp unit test module.
These tests are already run as part of storage/posix and do not need to be duplicated in storage/sftp.
2023-09-19 12:08:09 -04:00
David Steele
31de127cf4
Fix issue restoring block incremental without a block list.
It is currently possible for a block map to be written without any accompanying blocks. This happens when a file timestamp is updated but the file has not changed. On restore, this caused problems when encryption was enabled, the block map was bundled after a file that had been stored without block incremental, and both files were included in a single bundle read. In this case the block map would not be decrypted and the encrypted data was passed to blockMapNewRead() with unpredictable results. In many cases built-in retries would rectify this problem as long as delta was enabled since block maps would move to the beginning of the bundle read and be decrypted properly. If enough files were affected, however, it could overwhelm the retries and throw an error. Subsequent delta restores would eventually be able to produce a valid result.

Fix this by moving block map decryption so it works correctly no matter where the block map is located in the read. This has the additional benefit of limiting how far the block map can read so it will error earlier if corrupt. Though in this case there was no repository corruption involved, it appeared that way to blockMapNewRead() since it was reading encrypted data.

Arguably block maps without blocks should not be written at all, but it would be better to consider that as a separate change. This pattern clearly exists in the wild and needs to be handled, plus the new implementation has other benefits.
2023-09-19 11:30:29 -04:00
David Steele
88edea4571 Add block incremental info to restore detail logging.
Log that block incremental was used and the delta size if less than the entire file was updated.
2023-09-18 11:30:42 -04:00
David Steele
d27533b40f Fix manifest command filter for files in a tablespace.
pg_data/ was appended at the beginning of the filter, which meant that files in tablespaces could never be queried directly.

Update the filter to require the full path, including pg_data/ or pg_tblspc/.
2023-09-17 17:06:42 -04:00
Reid Thompson
ce9ba0fade
Add known hosts checking for SFTP storage driver.
By default require a known hosts match as part of the SFTP storage driver's authentication process, i.e. repo-sftp-host-key-check-type=strict. The match is expected to be found in the default list or in a list of known hosts files provided by the user. An exception is made if a fingerprint has been manually configured with repo-sftp-host-fingerprint or repo-sftp-host-key-check-type=accept-new can be used to automatically add new hosts.

Also allow host key verification to be skipped, as before, but require the user to explicitly set this (repo-sftp-host-key-check-type=none) rather than it being the default.
2023-09-15 20:22:38 -04:00
David Steele
f5c730fd03 Add prefix to meson build target to avoid conflicts.
Older versions of meson fail when a build target in a subproject has the same name as another subproject.

This has been fixed in newer versions, but we still need to support older versions and in any case this seems cleaner and the help build target is already prefixed in this fashion.
2023-09-15 18:15:02 -04:00
David Steele
9039d20b5b
Add report option to check command.
This option is intended to eventually create a comprehensive report about the state of the pgBackRest configuration based on the results of the check command.

Implement a detailed report of the configuration options in the environment and configuration files. This should be useful information when debugging configuration errors, since invalid options and configurations are automatically noted. While custom config locations will not be found automatically, it will at least be clear that the config is not in a standard location.

For now keep this option internal since there is a lot of work to be done, but commit it so that it can be used when needed and tested in various environments.

Note that for now when --report is specified, the check command is not being run at all. Only the config report is generated. This behavior will be improved in the future.
2023-09-15 09:30:40 -04:00
David Steele
657c1a3e06 Finalize catalog number for PostgreSQL 16 release. 2023-09-14 18:41:36 -04:00
David Steele
1b4e0cce5f
Add --repo-storage-tag option to create object tags.
This new option allows tags to be added to objects in S3, GCS, and Azure repositories.

This was fairly straightforward for S3 and Azure, but GCS does not allow tags for a simple upload using the JSON interface. If tags are required then the resumable interface must be used even if the file falls below the limit that usually triggers a resumable upload (i.e. size < repo-storage-upload-chunk-size).

This option is structured so that tags must be specified per-repo rather than globally for all repos. This seems logical since the tag keys and values may vary by service, e.g. S3 vs GCS.

These storage tags are independent of backup annotations since they are likely to be used for different purposes, e.g. billing, while the backup annotations are primarily intended for monitoring.
2023-09-14 08:22:21 -04:00
Reid Thompson
3b9c31f6e3 Use PROJECT_NAME constant instead of string literal. 2023-09-13 16:59:52 -04:00
David Steele
39bb8a0d3a
Support for dual stack connections.
The prior code would only connect to the first address provided by getaddrinfo().

Instead try each address in the list. If all connections fail then wait and try them all again until timeout.

Currently a round robin approach is used where each connection attempt must fail before the next connection is attempted. This works fine, for example, when an ipv6 address has no route to the host, but will work less well when a host answers but doesn't respond in a timely fashion.

We may consider a Happy Eyeballs approach in the future, but since pgBackRest is primarily a background process, it is not clear that slightly improved response time (in the case of failed connections) is worth the extra complexity.
2023-09-12 18:09:58 -04:00
David Steele
9d3a605900
Optimize WAL segment check after successful backup.
The prior code did one list command against the storage for each WAL segment. This led to a lot of lists and was especially inefficient when the WAL (or the majority of it) was already present.

Optimize to keep the contents of a WAL directory and use them on a subsequent search. Leave the optimizations for a single WAL segment since other places still use that mode.
2023-09-10 12:45:58 -04:00
David Steele
edbd520c81
Refactor address list lookup to include all returned addresses.
sckHostLookup() only returned the first address record returned from getaddrinfo(). The new AddressInfo object provides a full list of values returned from getaddrinfo(). Freeing the list is also handled by the object so there is no longer a need for FINALLY blocks to ensure the list is freed.

Add the selected address to the client/server names for debugging purposes.

This code does not attempt to connect to multiple addresses. It just lays the groundwork for a future commit to do so.
2023-09-10 10:36:58 -04:00
David Steele
f42d927d2d
Retry reads of pg_control until checksum is valid.
On certain file systems (e.g. ext4) pg_control may appear torn if there is a concurrent write while reading the file. To prevent an invalid read, retry until the checksum matches the control data.

Special handling is required for the pg-version-force feature since the offset of the checksum is not known. In this case, scan from the default position to the end of the data looking for a checksum match. This is a bit imprecise, but better than nothing, and the chance of a random collision in the control data seems very remote considering the ratio of data size (< 512 bytes) to checksum size (4 bytes).

This was discovered and a possible solution proposed for PostgreSQL in [1]. The proposed solution may work for backup, but pgBackRest needs to be able to read pg_control reliably outside of backup. So no matter what fix is adopted for PostgreSQL, pgBackRest need retries. Further adjustment may be required as the PostgreSQL fix evolves.

[1] https://www.postgresql.org/message-id/20221123014224.xisi44byq3cf5psi%40awork3.anarazel.de
2023-09-10 09:47:49 -04:00
David Steele
c1805134b3 Aggregate error retries in ErrorRetry output.
If there are a lot of retries then the output might be very large and even be truncated by the error module. Either way, it is not good information for the user.

When a message is repeated, aggregate so that total retries and time range are output for the message. This provides helpful information about what happened without overwhelming the user with data.
2023-09-09 12:54:55 -04:00
David Steele
5314dbffc7 Adjust Wait object to be more accurate when nested.
The prior code gave a "free" extra iteration at the end of the wait, functionality that was copied directly from the equivalent code in Perl. This works and is mostly negligible except when wait loops are nested, in which case outer loops will always run twice even if an inner loop times out, which has a multiplying effect. For example, three nested wait loops with a timeout of three seconds will result in the inner loop being run four times (for a total of twelve seconds) even if it times out each time.

Instead make waitMore() stop exactly when time is up. This makes more sense because a complete failure and timeout of an inner loop means retrying an outer loop is probably a waste of time since that inner loop will likely continue to fail.

Also make waitRemaining() recalculate the remaining time rather than depending on the prior result.

Some tests needed to be adjusted to take into account there being one less loop. In general this led to a simplification of the tests.

Reinit a begin value in the wait unit tests. This is not related to the current change but it does make the time measurements more accurate and less likely to fail on an edge case, which has been observed from time to time.

This change appears to have a benefit for test runtime, which seems plausible especially for nested waits, but a larger sample of CI runs are needed to be sure.
2023-09-09 11:22:33 -04:00
David Steele
d57900839a Improve backup test harness to handle very large quantities of WAL.
The current tests only generate small quantities of WAL per backup but sometimes it is useful to generate large quantities for testing.

Fix the issues with generating large quantities of WAL and also improve memory management.
2023-09-04 18:51:44 -04:00
David Steele
6cb9c40fb8
Improve GCS multi-part performance.
The prior code avoided uploading a chunk if it was not clear whether the write was complete or not. This was primarily due to the GCS documentation being very vague on what to do in the case of a zero-size chunk.

Now chunks are uploaded as they are available. This should improve performance and also reduces the diff against a future commit that absolutely requires zero-size chunks.
2023-09-04 10:39:19 -04:00
David Steele
fd9c6b0e9d Add missing const qualifier to errorTypeList. 2023-09-01 12:03:39 -04:00
David Steele
4f52015b14 New CI container build for PostgreSQL 16 rc1. 2023-08-31 20:22:01 -04:00
Stefan Fercot
e3fcd8cd9e
Add backup size completed/total to info command JSON output.
This allows for backup progress to be monitored by external processes, whereas before backup progress was only available via text output.
2023-08-31 16:36:52 -04:00
David Steele
fbd992adc7 Allow archive-get command to run when stanza is stopped.
The restore command can run while the stanza is stopped so it makes sense for the archive-get command to follow the same rule.

The important thing is to ensure that all commands that write to the repository are stopped when the stanza is stopped.
2023-08-29 13:49:49 -04:00
David Steele
8424737697 Encode key in HTTP query.
The key also needs to be encoded (not just the value).

This is not currently an issue because none of the keys in use require encoding.
2023-08-29 12:35:29 -04:00
David Steele
d24180e4da Fix conflicting group in test containers.
The tests expect the group name/id to match between the host system and the container. If there is a conflict rename the group with the required id to the expected name.

This could have unintended consequences but it seems reasonably safe since we control everything that runs in the container and there should never be any system processes running.
2023-08-29 12:28:02 -04:00
Reid Thompson
eb32d6de5e
Accept leading tilde in paths for SFTP public/private keys.
The documentation indicates that leading tilde file paths for public/private keys are valid but the functionality was omitted from the original implementation.
2023-08-08 08:41:34 +01:00
David Steele
1141dc2070
Multi-stanza check command.
Check command now checks multiple stanzas when the stanza option is omitted.

The stanza list is extracted from the current configuration rather than scanning the repository like the info command. Scanning the repository is a problem because configuration for each stanza may not be present in the current configuration. Since this functionality is new for check there is no regression.

Add a new section to the user guide to cover multi-stanza configuration and provide additional coverage for this feature.

Also fix a small issue in the parser when an indexed option has a dependency on a non-indexed option. There were no examples of this case in the previous configuration.
2023-08-07 17:03:09 +01:00
David Steele
f55c8f1b81 Rename HRN_PG_CONTROL_OVERRIDE_PUT().
Rename to HRN_PG_CONTROL_OVERRIDE_VERSION_PUT() since other types of overrides are possible (and coming).
2023-07-26 10:45:12 +02:00
David Steele
b5b033cc1c v2.47: Performance Improvements and Bug Fixes
Bug Fixes:

* Preserve block incremental info in manifest during delta backup. (Reviewed by Stephen Frost. Reported by Francisco Miguel Biete Banon.)
* Fix block incremental file names in verify command. (Reviewed by Reid Thompson. Reported by Francisco Miguel Biete Banon.)
* Fix spurious automatic delta backup on backup from standby. (Reviewed by Stephen Frost. Reported by krmozejko, Don Seiler.)
* Skip recovery.signal for PostgreSQL >= 12 when recovery type=none. (Reviewed by Stefan Fercot. Reported by T.Anastacio.)
* Fix unique label generation for diff/incr backup. (Fixed by Andrey Sokolov. Reviewed by David Steele.)
* Fix time-based archive expiration when no backups are expired. (Reviewed by Stefan Fercot.)

Improvements:

* Improve performance of SFTP storage driver. (Contributed by Stephen Frost, Reid Thompson. Reviewed by David Steele.)
* Add timezone offset to info command date/time output. (Reviewed by Stefan Fercot, Philip Hurst. Suggested by Philip Hurst.)
* Centralize error handling for unsupported features. (Reviewed by Stefan Fercot.)

Documentation Improvements:

* Clarify preference to install from packages in the user guide. (Reviewed by Stefan Fercot. Suggested by dr-kd.)
2023-07-24 09:12:30 +02:00
David Steele
5ed6f8df14
Fix spurious automatic delta backup on backup from standby.
When performing backup from standby the file sizes on the standby may not be equal to file sizes on the primary. This is because replication continues during the backup and by the time the file is copied from the standby it may have changed. Since we cap the size of all files copied from the standby this practically applies to truncation and in particular truncation of free space maps (at least, every case we have seen so far is an fsm). Free space maps are especially vulnerable since they are only partially replicated, which amplifies the difference between the primary and standby.

On an incremental backup it may look like the size has changed on the primary (because of the final size recorded by the standby in the prior backup) but the timestamp may not have changed on the primary and this will trigger a checksum delta for safety. While this has no impact on backup integrity, checksum delta incrementals can run much longer than regular incrementals and backup schedules may be impacted.

The solution is to preserve the original size in the manifest and use it to do the time/size check. In the case of backup from standby the original size will always be the size on the primary, which makes comparisons against subsequent file sizes on the primary consistent. Original size is only stored in the manifest when it differs from final size, so there should not be any noticeable manifest bloat.
2023-07-18 07:35:12 +02:00
David Steele
4c27d74bbd
Preserve block incremental info in manifest during delta backup.
It was possible for block incremental info to be lost if a file had been modified in such a way that block incremental would be disabled if the file were new, e.g. if the file shrank below the block incremental limit or the file timestamp regressed far enough into the past. In those cases the block incremental info would not be copied in manifestBuildIncr().

Instead always copy the block incremental info in case the file ends up being referenced to a prior backup.

The validation tests were not robust enough to catch this issue so they were improved in 1d42aed.

In the particular case that exposed this bug, a file had a timestamp that was almost four weeks in the past at full backup time. A few days later a fail over occurred and the next incremental ran on the new primary (old standby) in delta mode. The same file had a timestamp just a few hours older than in the full backup, but now four weeks older than the current backup. Block incremental was disabled for the file on initial manifest build because of its age, which meant the block incremental info was not copied into the new manifest. The delta then determined the file had not changed and referenced it to the full backup. On restore, the file appeared to be a normal file stored in a bundle but could not be decompressed because it was in fact a block incremental.
2023-07-17 22:37:02 +02:00
David Steele
cdb7e26350
Fix block incremental file names in verify command.
The verify command was not appending the .pgbi extension instead of the compression extension when verifying block incremental files stored outside a bundle.

Originally the idea was that verify would not need any changes (since it just examines repo-size and checksum) but at some point the new extension was added and broke that assumption.

Use backupFileRepoPathP() to generate the correct filename (Just like backup, restore, etc).
2023-07-14 17:53:58 +03:00
David Steele
1d42aed152 Improve validation of referenced files in command/backup unit test.
Referenced files were not being checked for validity unless they were hard linked to the current backup (which a lot of the tests did). Newer tests with bundling do not have hard links and so missed these checks.

Improve the validation code to check referenced files in the manifest even when they are not hard linked into the current backup.

Add a delta test for bundling/block incremental that includes a file old enough to get a block size of zero. These are good tests by themselves but they also reduce the churn in an upcoming bug fix.
2023-07-14 11:18:25 +03:00
David Steele
06536b5814 Rename macros in command/verify unit test.
These macros were redefined, which worked since they were identical to their prior definitions, but this will not always be true.
2023-07-12 10:20:09 +03:00
Stephen Frost
28b6b2d465
Improve performance of SFTP storage driver.
The initial implementation used simple waits when having to loop due to getting a LIBSSH2_ERROR_EAGAIN, but we don't want to just wait some amount of time, we want to wait until we're able to read or write on the fd that we would have blocked on.

This change removes all of the wait code from the SFTP driver and changes the loops to call the newly introduced storageSftpWaitFd(), which in turn checks with libssh2 to determine the appropriate direction to wait on (read, write, or both) and then calls fdReady() to perform the wait using the provided timeout.

This also removes the need to pass ioSession or timeout down into the SFTP read/write code.
2023-07-07 10:36:15 +02:00
David Steele
9efd5cd0bb
Add timezone offset to info command date/time output.
This makes it easier to use timestamps from the info command directly in PostgreSQL recovery settings, especially the --target option.
2023-07-06 18:46:31 +02:00
David Steele
762498f4cd
Fix time-based archive expiration when no backups are expired.
In the case that no backups were expired but time-based retention was met no archive expiration would occur and the following would be logged:

INFO: time-based archive retention not met - archive logs will not be expired

In most cases this was harmless, but when retention was first met or if retention was increased, it would require one additional backup to expire earlier WAL. After that expiration worked as normal.

Even once expiration was working normally the message would continue to be output, which was pretty misleading since retention had been met, even though there was nothing to do.

Bring this code in line with count-based retention, i.e. always log what should be expired at detail level (even if nothing will be expired) and then log info about what was expired (even if nothing is expired). For example:

DETAIL: repo1: 11-1 archive retention on backup 20181119-152138F, start = 000000010000000000000002
INFO: repo1: 11-1 no archive to remove
2023-07-06 11:27:00 +02:00
David Steele
e280ed9098 Make result code handling in storage/sftp more consistent.
Initializers are useless since rc is always set later. Make rc checks consistent with the rest of the module.
2023-07-06 08:58:16 +02:00
David Steele
1fd8845c7f Remove unresolved todo from 87087fac.
Seems easiest just to make the additional config required since it tests that custom ports are being used correctly. The test for synthetic was a noop since SFTP is not used in synthetic tests.
2023-06-29 11:08:58 +02:00
Andrey Sokolov
0ac09344dc
Fix unique label generation for diff/incr backup.
If there were at least two full backups and the last one was expired, it was impossible to make either a differential or incremental backup without first making a new full backup. The backupLabelCreate() function identified this situation as clock skew because the new backup label was compared with label of the expired full backup.

If the new backup is differential or incremental, then its label is now compared with the labels of differential or incremental backups related to the same full backup.

Also convert a hard-coded date length to a macro.
2023-06-28 18:19:20 +02:00
David Steele
5cbef3ade2 Fix missed memory auditing in FUNCTION_LOG_RETURN_VOID().
9ca492c missed adding auditing to this macro and as a result a few memory leaks have slipped through. Add auditing to the macro to close this hole.

Of the leaks found the only possibly serious one is in blockIncrProcess(), which would leak a PackRead of about eight bytes with every superblock. Since superblocks max out at a few thousand per file this was probably not too bad.

Also change the ordering of auditing in FUNCTION_TEST_RETURN_VOID(). Even though the order does not matter, having it different from the other macros is confusing and looks like an error.
2023-06-25 17:36:57 +02:00
David Steele
ecae001653 Add test for configuration hash type override behavior.
This behavior is different than regular options where a repeated value will result in an error. It appears to be a legacy of the original Perl implementation, which used a hash as the underlying data type in the built-in command-line parser, and the C command-line parser was written to match.
2023-06-24 10:18:29 +02:00
David Steele
434938e32b Update Fedora test image to Fedora 38.
This adds testing for the latest tool versions, e.g. gcc.
2023-06-22 18:23:06 +02:00
David Steele
5531e2662d Add --tz param missed in C unit test migration.
This was missed in the C unit test migration and since then a new test was added that was not setting its timezone correctly.

This feature exists to make sure the tests will run on systems with different timezones and has no impact on the core code.
2023-06-18 12:55:29 +03:00
David Steele
5d671c63d8 New CI container build for PostgreSQL 16 beta1. 2023-05-25 20:08:12 +03:00
David Steele
9cceed6ac4
Skip recovery.signal for PostgreSQL >= 12 when recovery type=none.
Bring PostgreSQL >= 12 behavior in line with other versions when recovery type=none.

We are fairly sure this did not work correctly when PostgreSQL 12 was released, but apparently the issue has been fixed since then. Either way, after testing we have determined that the behavior is now as expected.
2023-05-24 16:34:21 +03:00
David Steele
36ff81dc6f
Centralize error handling for unsupported features.
Some features are conditionally compiled into pgBackRest (e.g. lz4). Previously checking to see if the feature existed was the responsibility of the feature's module.

Centralize this logic in the config/parse module to make the errors more detailed and consistent.

This also fixes the assert that is thrown when SFTP storage is specified but SFTP support is not compiled into pgBackRest.
2023-05-24 14:17:07 +03:00