1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-14 10:13:05 +02:00
Commit Graph

1100 Commits

Author SHA1 Message Date
David Steele
14190f9e6c Update URL for Docker install.
As usual the old URL started providing a broken version of Docker rather than producing a clear error message.  This happens once a year or so.
2018-12-03 12:41:53 -05:00
David Steele
17e611cb88 Replace keywords with more flexible if statements.
Keywords were extremely limited and prevented us from generating multi-version documentation and other improvements.

Replace keywords with an if statement that can evaluate a Perl expression with variable replacement.

Since keywords were used to generate cache keys, add a --key-var parameter to identify which variables should make up the key.
2018-12-01 12:40:01 -05:00
David Steele
977506b446 Clarify that region/endpoint must be configured correctly for the bucket.
Suggested by Pritam Barhate.
2018-11-30 11:15:52 -05:00
David Steele
64b97fd7ca Correct archive-get-queue-max to be size type.
This somehow was not configured as a size option when it was added.  It worked, but queue sizes could not be specified in shorthand, e.g. 128GB.

This is not a breaking change because currently configured integer values will be read as bytes.

Reported by Ronan Dunklau.
2018-11-30 10:55:29 -05:00
David Steele
1ad67644da Remove request for S3 object info directly after putting it.
After a file is copied during backup the size is requested from the storage in case it differs from what was written so that repo-size can be reported accurately. This is useful for situations where compression is being done by the filesystem (e.g. ZFS) and what is stored can differ in size from what was written.

In S3 the reported size will always be exactly what was written so there is no need to check the size and doing so immediately can cause problems because the new file might not appear in list commands. This has not been observed on S3 (though it seems to be possible) but it has been reported on the Swift S3 gateway.

Add a driver capability to determine if size needs to be called after a file is written and if not then simply use the number of bytes written for repo-size.

Reported by Matt Kunkel.
2018-11-30 10:38:02 -05:00
David Steele
5d3c8e47f1 Pre-build containers for any execute elements marked pre.
This allows the documentation to be built more quickly and offline during development when --pre is specified on the command line.

Each host gets a pre-built container with all the execute elements marked pre. As long as the pre elements do not change the container will not need to be rebuilt.

The feature should not be used for CI builds as it may hide errors in the documentation.
2018-11-29 14:45:15 -05:00
David Steele
74b72df9db Improve error message when info files are missing/corrupt.
The previous error message only showed the last error.  In addition, some errors were missed (such as directory permission errors) that could prevent the copy from being checked.

Show both errors below a generic "unable to load" error.  Details are now given explaining exactly why the primary and copy failed.

Previously if one file could not be loaded a warning would be output.  This has been removed because it is not clear what the user should do in this case.  Should they do a stanza-create --force?  Maybe the best idea is to automatically repair the corrupt file, but on the other hand that might just spread corruption if pgBackRest makes the wrong choice.
2018-11-28 18:41:21 -05:00
David Steele
7c2fcb63e4 Enable encryption for archive-get command in C.
The decryption filter was added in archiveGetFile() and archiveGetCheck() was modified to return the WAL decryption key stored in archive.info.  The rest was plumbing.

The mock/archive/1 integration test added encryption to provide coverage for the new code paths while mock/archive/2 dropped encryption to provide coverage for the existing code paths. This caused some churn in the expect logs but there was no change in behavior.
2018-11-28 14:56:26 -05:00
David Steele
6c23830991 Add encryption capability to Info* objects.
Info objects can be stored encrypted and loaded with a cipher type and passphrase.
2018-11-28 14:41:10 -05:00
David Steele
410a04a58e Allow arbitary InOut filters to be chained in IoFilterGroup.
If InOut filters were placed next to each other then the second filter would never get a NULL input signaling it to flush.  This arrangement only worked if the second filter had some other indication that it should flush, such as a decompression filter where the flush is indicated in the input stream.

This is not a live issue because currently no InOut filters are chained together.
2018-11-28 14:20:12 -05:00
David Steele
838cfa44b7 Allow arbitrary multiplier and flush character in IoTestFilterMultiply.
This allows for more complex test filter chains.

Rename from IoTestFilterDouble to reflect the new functionality.
2018-11-28 14:02:14 -05:00
David Steele
3e254f4cff Add IoFilter interface to CipherBlock object.
This allows CipherBlock to be used as a filter in an IoFilterGroup.  The C-style functions used by Perl are now deprecated and should not be used for any new code.

Also add functions to convert between cipher names and CipherType.
2018-11-28 12:42:36 -05:00
David Steele
c3a84ccae0 Merge cipher.h into crypto.h.
There is not enough in cipher.h to make it worth having a separate header.
2018-11-28 12:03:27 -05:00
David Steele
fea27dbd7e Return IoFilterGroup * from ioFilterGroupAdd().
This allows filters adds to be chained.
2018-11-27 22:02:08 -05:00
David Steele
56ce98b2f0 Explicitly compile with Posix 2001 standard.
This standard was being selectively applied in modules that needed it.

Instead, apply the standard to all compilation for consistency.
2018-11-25 10:06:31 -05:00
David Steele
315aa2c451 Conditional compilation of Perl logic in exit.c.
This file is the only one to contain Perl logic outside of the perl module.  Make the Perl logic conditional to improve reusability.
2018-11-25 08:39:41 -05:00
David Steele
78fe642eae Remove extraneous use/include statements.
Use conditional loading to make docs work in the absence of LibC.

Somehow this also required a use statement to be added. Perl, go figure.
2018-11-24 20:31:35 -05:00
David Steele
801e2a5a2c Rename PGBACKREST/BACKREST constants to PROJECT.
This brings consistency between the C and Perl constants and allows for easier code reuse.
2018-11-24 19:05:03 -05:00
Cynthia Shang
f4a1751abc Improve JSON to Variant conversion and add Variant to JSON conversion.
Add boolean and one-dimensional list types to jsonToKv().

Add varToJson() and kvToJson() to convert Variants and KeyValues to JSON.

Contributed by Cynthia Shang.
2018-11-23 16:02:33 -05:00
David Steele
e641c130d3 Fix release note typo. 2018-11-23 12:19:56 -05:00
David Steele
beae375330 Enable S3 storage for archive-get command in C.
The only change required was to remove the filter that prevented S3 storage from being used.  The archive-get command did not require any modification which demonstrates that the storage interface is working as intended.

The mock/archive/3 integration test was modified to run S3 storage locally to provide coverage for the new code paths while mock/stanza/3 was modified to run S3 storage remotely to provide coverage for the existing code paths.  This caused some churn in the expect logs but there was no change in behavior.
2018-11-23 12:18:07 -05:00
David Steele
b5690e21a4 Allow I/O read interface to explicitly request blocking reads.
TlsClient introduced a non-blocking read which is required to read protocol messages that are linefeed-terminated rather than a known size. However, in many cases the expected number of bytes is known in advance so in that case it is more efficient to have tlsClientRead() block until all the bytes are read.

Add block parameter to all read functions and use it when a blocking read is required. For most read functions this is a noop, i.e. if the read function never blocks then it can ignore the parameter.

In passing, set the log level of storageNew*() functions to debug to expose more high-level I/O operations.
2018-11-23 12:01:36 -05:00
David Steele
256b727a3d Add S3 storage driver.
Only the storageNewRead() and storageList() functions are currently implemented, but this is enough to enable S3 for the archive-get command.
2018-11-21 19:32:49 -05:00
David Steele
72252ed2a1 Add HttpClient object.
A robust HTTP client with pipelining support and automatic retries.

Using a single object to make multiple requests is more efficient because requests are pipelined whenever possible. Requests are automatically retried when the connection has been closed by the server. Any 5xx response is also retried.

Only the HTTPS protocol is currently supported.
2018-11-21 19:11:45 -05:00
David Steele
1dd06a6e46 Add TlsClient object.
A simple, secure TLS client intended to allow access to services that are exposed via HTTPS. We call it TLS instead of SSL because SSL methods are disabled so only TLS connections are allowed.

This object is intended to be used for multiple TLS connections against a service so tlsClientOpen() can be called each time a new connection is needed. By default, an open connection will be reused for pipelining so the user must be prepared to retry their transaction on a read/write error if the server closes the connection before it can be reused. If this behavior is not desirable then tlsClientClose() may be used to ensure that the next call to tlsClientOpen() will create a new TLS session.

Note that tlsClientRead() is non-blocking unless there are *zero* bytes to be read from the session in which case it will raise an error after the defined timeout. In any case the tlsClientRead()/tlsClientWrite()/tlsClientEof() functions should not generally be called directly. Instead use the read/write interfaces available from tlsClientIoRead()/tlsClientIoWrite().
2018-11-21 18:43:25 -05:00
David Steele
ac426bc456 New test containers with static test certificates.
Test certificates were generated dynamically but there are advantages to using static certificates.  For example, it possible to use the same certificate between container versions.  Mostly, it is easier to document the certificates if they are not buried deep in the container code.

The new test certificates are initially intended to be used with the C unit tests but they will eventually be used for integration tests as well.

Two new certificates have been defined. See test/certificate/README.md for details.

The old dynamic certificates will be retained until they are replaced.
2018-11-21 18:13:37 -05:00
David Steele
53e3651cca Remove embedded semicolon from String constant macros.
The embedded semicolon led to inconsistent semicolons when using the macro and is not our general convention.

Remove embedded semicolons from the macros and add semicolons in usage where they were not present.
2018-11-21 08:30:14 -05:00
David Steele
bc25db5667 Add interface objects for libxml2.
Add XmlDocument, XmlNode, and XmlNodeList objects as a thin interface layer on libxml2.

This interface is not intended to be comprehensive. Only a few libxml2 capabilities are exposed but more can be added as needed.
2018-11-20 20:40:11 -05:00
David Steele
6680130c6f Require S3 key options except for local/remote commands.
S3 key options (repo1-s3-key/repo1-s3-key-secret) were not required which meant that users got an ugly assertion when they were missing rather than a tidy configuration error.

Only the local/remote commands need them to be optional.  This is because local/remote commands get all their options from the command line but secrets cannot be passed on the command line.  Instead, secrets are passed to the local/remote commands via the protocol for any operation that needs them.

The configuration system allows required to be set per command so use that to improve the error messages while not breaking the local/remote commands.
2018-11-20 19:24:53 -05:00
David Steele
f743d4e924 Add testRepoPath() to let C unit tests know where the code repository is located.
This allows a C unit test to access data in the code repository that might be useful for testing.

Add testRepoPathSet() to set the repository path.

In passing remove extra whitespace in the TEST_RESULT_VOID() macro.
2018-11-20 15:48:56 -05:00
David Steele
b0659278cc Add ServiceError for errors from a service that can be retried.
An example is HTTP 5xx errors which should mostly be retried.
2018-11-16 17:22:22 -05:00
David Steele
3aa4fda573 Add missing LOG_DEBUG() macro. 2018-11-16 16:17:24 -05:00
David Steele
d0e553e4c2 Reduce debug level for infoIni() to test.
Getters should generally not be logging at debug or trace level since it clutters the log.

In passing move the destructor to the end of the file.
2018-11-16 16:05:06 -05:00
David Steele
6532912d51 Begin v2.08 development. 2018-11-16 10:04:14 -05:00
David Steele
04d9e4d5a8 v2.07: Automatic Backup Checksum Delta
Bug Fixes:

* Fix issue with archive-push-queue-max not being honored on connection error. (Reported by Lardière Sébastien.)
* Fix static WAL segment size used to determine if archive-push-queue-max has been exceeded.
* Fix error after log file open failure when processing should continue. (Reported by vthriller.)

Features:

* Automatically enable backup checksum delta when anomalies (e.g. timeline switch) are detected. (Contributed by Cynthia Shang.)

Improvements:

* Retry all S3 5xx errors rather than just 500 internal errors. (Suggested by Craig A. James.)
2018-11-16 09:50:50 -05:00
David Steele
b6f7cbc315 Add destructors to IoRead and IoWrite objects.
These interfaces previously used the memory context of the object they were associated with and did not have their own destructors.

There are times when it is useful to free the interface without also freeing the underlying object so give IoRead and IoWrite their own memory contexts and destructors.

In passing fix a comment type in bufferRead.c.
2018-11-15 16:25:46 -05:00
David Steele
480e1da798 Add ioWriteFlush() to flush pending output.
By default the IoWrite object does not write until the output buffer is full but this is a problem for protocol messages that must be sent in order to get a response.

ioWriteFlush() is not called internally by IoWrite but can be used at any time to immediately write all bytes from the output buffer without closing the IoWrite object.
2018-11-14 08:53:42 -05:00
David Steele
7918629f59 Modify value of PERL_EMBED_ERROR macro.
Remove !!! which by convention we use as a marker for code that needs attention before it can be committed to master.
2018-11-14 08:16:53 -05:00
David Steele
504e7d77fa Add comment regarding vars being required in blocks.
Documentation block syntax requires that at least one var be specified.

This limitation should be removed but for now add a comment to describe why a bogus var is defined.
2018-11-14 08:13:01 -05:00
David Steele
14d2f8b86c Reword misleading message in stack trace when parameter buffer is full.
The prior message stated that there had been a buffer overrun which is not true since the code prevents that.

In fact, this message means the parameter buffer filled while building the parameter list. Rather than display a partial list we output this message instead.

Also remove !!! which by convention we use as a marker for code that needs attention before it can be committed to master.
2018-11-14 08:11:11 -05:00
David Steele
a0b2af567a Add TEST_LOG() and TEST_LOG_FMT() macros.
These macros provide a convenient way to output debug information in tests.

They are not intended to be left in test code when it is committed to master.
2018-11-13 20:58:32 -05:00
David Steele
a582ad837f Add logging macros for TimeMSec type. 2018-11-13 20:43:08 -05:00
David Steele
086bc35ddc Make ioReadLine() read less aggressively.
ioReadLine() calls ioRead(), which aggressively tries to fill the output buffer, but this doesn't play well with blocking reads.

Give ioReadLine() an option that tells it to read only what is available.  That doesn't mean the function will never block but at least it won't do so by reading too far.
2018-11-12 21:18:53 -05:00
David Steele
bc810e5a87 Remove error suppression for pgBackRest make.
This looks like a copy-pasto because make works just fine without it.
2018-11-12 20:44:56 -05:00
David Steele
a2672557f8 Allow storage path and file mode to be 0.
Not all storage drivers support Posix-style permissions, e.g. S3.
2018-11-12 20:00:57 -05:00
David Steele
aff9693e64 Add strEmpty() to String object.
strEmpty() is more concise and explanatory than strSize() == 0.
2018-11-12 14:13:55 -05:00
David Steele
38c5f65770 Use THROW_ON_SYS_ERROR macro to improve fork code coverage.
Lack of code coverage in this module is just noise since these functions cannot generally be made to fail.

Any failures are fatal.
2018-11-11 18:12:43 -05:00
David Steele
72ea47bfb3 Add KernelError to report miscellaneous kernel errors. 2018-11-11 18:07:56 -05:00
David Steele
257df96b12 Add THROW*_ON_SYS_ERROR* macros to test and throw system errors.
These macros check the error result internally and are appropriate for system calls that won't return errors and so break coverage.
2018-11-11 18:06:09 -05:00
David Steele
22ecbc153a New, concise coverage report for C.
The report HTML generated by lcov is overly verbose and cumbersome to navigate. Since we maintain 100% coverage it's far more interesting to look at what is not covered than what is.

The new report presents all missing coverage on a single page and excludes code that is covered for brevity.
2018-11-11 17:32:42 -05:00
David Steele
3cd43fd60c Add new HTML tags and strExtra to DocHtmlElement.
Add HTML tags for table elements.

The strExtra parameter allows adhoc tags to be added to an element for features that can't be implemented with CSS, e.g. colspan.
2018-11-11 16:34:15 -05:00
David Steele
5e3b7cbe6e Apply String constant macros where appropriate.
This may not be all the places where the macros can be useful but it's a good start.
2018-11-10 18:32:49 -05:00
David Steele
8f857a975e Add constant macros to String object.
There are many places (and the number is growing) where a zero-terminated string constant must be transformed into a String object to be usable.  This pattern wastes time and memory, especially since the created string is generally used in a read-only fashion.

Define macros to create constant String objects that are initialized at compile time rather than at run time.
2018-11-10 09:37:12 -05:00
David Steele
df200bee2a Add regExpPrefix() to aid in static prefix searches.
The storageList() command accepts a regular expression as a filter.  This works fine for local filesystems where it is relatively cheap to get a complete list of files and filter them in code.  However, for remote filesystems like S3 it can be expensive to fetch a complete list of files only to discard the bulk of them locally.

S3 does not filter on regular expressions but it can accept a static prefix so this function extracts a prefix from a regular expression when possible.

Even a few characters can drastically reduce the amount of data that must be fetched remotely so the function does not try to be too clever.  It requires a ^ anchor and stops scanning when the first special character is found.
2018-11-09 16:50:22 -05:00
David Steele
8c504bd2f9 Improve alignment of expected vs. got error test results.
It is easier to compare the error messages when they start at the same column.
2018-11-09 10:37:59 -05:00
David Steele
b5a3c8c84b Add strCatChr() to String object. 2018-11-09 09:54:55 -05:00
David Steele
3e695af961 New test containers.
* Add libxml2 library needed for S3 development.
* Minor version updates for PostgreSQL.
* Remove PostgreSQL 11 beta/rc repository.
2018-11-08 21:41:41 -05:00
David Steele
7cf1f42c5c Add time since the beginning of the run to each test statement.
Output the time in seconds of each test statement since the start of the test run.

This helps find individual tests that are running slowly.
2018-11-08 19:50:31 -05:00
David Steele
2150a26424 Storage interface methods no longer declare the driver as const.
This works for the Posix driver but is bad for more dynamic drivers (e.g. S3) that need write access to the driver object.
2018-11-08 18:03:18 -05:00
David Steele
12b3be1d8e Limit usable Buffer size without changing allocated size.
Allow buffers to report a lower size than their allocated size. This means a larger buffer can be used to do the work of a smaller buffer without having to create a new buffer and concatenate.

This is useful for blocking I/O where the buffer may be too large for the amount of data that is available to read.
2018-11-08 16:48:33 -05:00
David Steele
edb2c6eb26 Construct Wait object in milliseconds instead of fractional seconds.
The Wait object accepted a double in the constructor for wait time but used TimeMSec internally.  This was done for compatibility with the Perl code.

Instead, use TimeMSec in the Wait constructor and make changes as needed to calling code.

Note that Perl still uses a double for its Wait object so translation is needed in some places.  There are no plans to update the Perl code as it will become obsolete.
2018-11-08 08:37:57 -05:00
David Steele
a9feaba9e5 Add memContextCallbackClear() to prevent double free() calls.
If an object free() method was called manually when a callback was set then the callback would call free() again.  This meant that each free() method had to protect against a subsequent call.

Instead, clear the callback (if present) before calling memContextFree().  This is faster (since there is no unecessary callback) and removes the need for semaphores to protect against a double free().
2018-11-07 08:51:32 -05:00
David Steele
48d2795f31 Merge crypto/random module into crypto/crypto.
There wasn't enough code to justify a separate module/test and it seems to fit just fine in crypto/crypto.
2018-11-06 20:04:16 -05:00
David Steele
8efa5e6a6a Rename CipherError to CryptoError.
This aligns with the general renaming from cipher to crypto.
2018-11-06 19:38:38 -05:00
David Steele
2cb312ef5a Add cryptoError() and update crypto code to use it.
This adds detail to error messages when available and improves code coverage.
2018-11-06 19:16:00 -05:00
David Steele
bef31f1802 Add base variants to all integer to string conversion functions.
Previously these functions were fixed at base 10 conversion. Add variants that can convert from any base.
2018-11-06 18:32:44 -05:00
David Steele
57d7809297 Improve efficiency of code generation.
Code generation saved files even when they had not changed, which often caused code generation cascades. So, don't save files unless they have changed.

Use rsync to determine which files have changed since the last test run. The manifest of changed files is saved and not removed until all code generation and builds have completed. If an error occurs the work will be redone on the next run.

The eventual goal is to do all the builds from the test/repo directory created by rsync but for now it is only used to track changes.
2018-11-03 19:52:46 -04:00
David Steele
7794ab50dc Preserve contents of C unit test build directory between test.pl executions.
The contents were already preserved between tests in a single test.pl run but for a separate execution the entire project had to be built from scratch, which was getting slower as we added code.

Save the important build flags in a file so the new execution knows whether the build contents can be reused.
2018-11-02 11:56:13 -04:00
David Steele
1a98bd41b4 Mount tmpfs in Vagrantfile instead test.pl.
Mounting/unmounting tmpfs on /home/[user]/test takes time, forces at least 3GB of memory to be available for tests, and makes it harder to preserve data between tests.

Instead, move mounting of tmpfs to the Vagrantfile and add it to fstab so it survives reboots.
2018-11-02 08:37:27 -04:00
Cynthia Shang
34c63276cd Automatically enable backup checksum delta when anomalies (e.g. timeline switch) are detected.
There are a number of cases where a checksum delta is more appropriate than the default time-based delta:

* Timeline has switched since the prior backup
* File timestamp is older than recorded in the prior backup
* File size changed but timestamp did not
* File timestamp is in the future compared to the start of the backup
* Online option has changed since the prior backup

A practical example is that checksum delta will be enabled after a failover to standby due to the timeline switch.  In this case, timestamps can't be trusted and our recommendation has been to run a full backup, which can impact the retention schedule and requires manual intervention.

Now, a checksum delta will be performed if the backup type is incr/diff.  This means more CPU will be used during the backup but the backup size will be smaller and the retention schedule will not be impacted.

Contributed by Cynthia Shang.
2018-11-01 11:31:25 -04:00
David Steele
cca7a4ffd4 Retry all S3 5xx errors rather than just 500 internal errors.
We were already retrying 500 errors but 503 (rate-limiting) errors were not being retried and would cause an instant failure which aborted the command.

There are only two 5xx errors currently implemented by S3 but instead of adding 503 simply retry all 5xx errors. This is consistent with the http definition of this error class, "the server failed to fulfill an apparently valid request."

Suggested by Craig A. James.
2018-10-30 16:45:42 -04:00
David Steele
286f7e5011 Fix static WAL segment size used to determine if archive-push-queue-max has been exceeded.
This calculation was missed when the WAL segment size was made dynamic in preparation for PostgreSQL 11.

Fix the calculation by checking the actual WAL file sizes instead of using an estimate based on WAL segment size.  This is more accurate because it takes into account .history and .backup files, which are smaller.  Since the calculation is done in the async process the additional processing time should not adversely affect performance.

Remove the PG_WAL_SIZE constant and instead use local constants where the old value is still required.  This is only the case for some tests and PostgreSQL 8.3 which does not provide a way to get the WAL segment size from pg_control.
2018-10-27 20:00:00 +01:00
David Steele
41b00dc204 Fix issue with archive-push-queue-max not being honored on connection error.
If an error occurred while acquiring a lock on a remote server the error would be reported correctly, but the queue max detection code was not reached.  The tests failed to detect this because they fixed the connection before queue max, allowing the ccde to be reached.

Move the queue max code before the lock so it will run even when remote connections are not working.  This means that no attempt will be made to transfer WAL once queue max has been exceeded, but it makes it much more likely that the code will be reach without error.

Update tests to continue errors up to the point where queue max is exceeded.

Reported by Lardière Sébastien.
2018-10-27 16:57:57 +01:00
David Steele
03b9db9aa2 Fix error after log file open failure when processing should continue.
The C code was warning on failure and continuing but the Perl logging code was never updated with the same feature.

Rather than add the feature to Perl, just disable file logging if the log file cannot be opened.  Log files are always opened by C first, so this will eliminate the error in Perl.

Reported by vthriller.
2018-10-25 14:58:25 +01:00
Cynthia Shang
d301720c58 Change infoArchiveCheckPg() to display the PostgreSQL version as a string in errors.
Previously an integer representation (e.g. 90400) would be displayed which is correct but not as friendly to the user.

Contributed by Cynthia Shang.
2018-10-25 10:48:37 +01:00
Cynthia Shang
5590bfa84c Add tests for InfoPg history fixes introduced in 070455ce.
The existing tests were not adequate to ensure the history was being added in the correct order when some entries were loaded from a file and others added with infoPgAdd().

Contributed by Cynthia Shang.
2018-10-19 18:31:05 +02:00
David Steele
070455ce44 Correct current history item in InfoPg to always be in position 0.
The InfoPg object was partially modified in 960ad732 to place the current history item in position 0, but infoPgDataCurrent() didn't get updated correctly.

Remove this->indexCurrent and make the current position always equal 0.  Use the new lstInsert() function when adding new history items via infoPgAdd(), but continue to use lstAdd() when loading from a file for efficiency.

This does not appear to be a live bug because infoPgDataCurrent() and infoPgAdd() are not yet used in any production code.  The archive-get command is the only C code using InfoPG and it always looks at the entire list of items rather than just the current item.

Suggested by Cynthia Shang.
2018-10-19 12:31:56 +02:00
David Steele
f345db3f7c Add lstInsert() to List object.
Add general purpose insert function and make lstAdd() a special insert case.
2018-10-19 11:52:17 +02:00
Cynthia Shang
09a1ad2c10 Correct cfgDefDataFind() to use UINTP instead of VOIDPP.
Also add the UINTP macro.

Contributed by Cynthia Shang.
2018-10-19 10:51:33 +02:00
David Steele
06d68eada0 Begin v2.07 development. 2018-10-16 17:21:01 +01:00
David Steele
904550c97f v2.06: Checksum Delta Backup and PostgreSQL 11 Support
Bug Fixes:

* Fix missing missing URI encoding in S3 driver. (Reported by Dan Farrell.)
* Fix incorrect error message for duplicate options in configuration files. (Reported by Jesper St John.)
* Fix incorrectly reported error return in info logging. A return code of 1 from the archive-get was being logged as an error message at info level but otherwise worked correctly.

Features:

* Add checksum delta for incremental backups which uses checksums rather than timestamps to determine if files have changed. (Contributed by Cynthia Shang.)
* PostgreSQL 11 support, including configurable WAL segment size.

Improvements:

* Ignore all files in a linked tablespace directory except the subdirectory for the current version of PostgreSQL. Previously an error would be generated if other files were present and not owned by the PostgreSQL user.
* Improve info command to display the stanza cipher type. (Contributed by Cynthia Shang. Suggested by Douglas J Hunley.)
* Improve support for special characters in filenames.
* Allow delta option to be specified in the pgBackRest configuration file. (Contributed by Cynthia Shang.)
2018-10-16 14:56:51 +01:00
David Steele
2c272c220b PostgreSQL 11 support.
PostgreSQL 11 RC1 support was tested in 9ae3d8c46 when the u18 container was rebuilt.  Nothing substantive changed after RC1 so pgBackRest is ready for PostgreSQL 11 GA.
2018-10-15 23:23:49 +01:00
David Steele
9ae3d8c46a Install nodejs from deb.nodesource.com.
The standard npm packages on Ubuntu 18.04 suddenly required libssl1.0 which broke the pgbackrest package builds. Installing nodejs from deb.nodesource.com seems to work fine with standard libssl.

This package is required by ScalityS3 which is used for local S3 testing.
2018-10-15 23:13:08 +01:00
David Steele
98ff8ccc59 Improve documentation in filter.h and filter.internal.h.
When the filter interface internals were split out into a new header file the documentation was not moved as it should have been.  Additionally some functions which should have been moved were left behind.

Move the documentation and functions to filter.internal.h and add more documentation.  Filters are a tricky subject so the more documentation the better.

Also add documentation for the user-facing filter functions in filter.h.
2018-10-09 15:08:49 +01:00
David Steele
68110d04b2 Add ioReadLine()/ioWriteLine() to IoRead/IoWrite objects.
Allow a single linefeed-terminated line to be read or written.  This is useful for various protocol implementations, including HTTP and pgBackRest's protocol.

On read the maximum line size is limited to buffer-size to prevent runaway memory usage in case a linefeed is not found.  This seems fine for HTTP but we may need to revisit this decision when implementing the pgBackRest protocol.  Another option would be to increase the minimum buffer size (currently 16KB).
2018-10-07 17:50:10 +01:00
David Steele
db8dce7adc Disable flapping archive/get unit on CentOS 6.
This test has been flapping since 9b9396c7.  It seems to be some kind of timing issue since all integration tests pass and this unit passes on all other VMs.  It only happens on Travis and is not reproducible in any development environment that we have tried.

For now, disable the test since the constant flapping is causing major delays in testing and quite a bit of time has been spent trying to identify the root cause.  We are actively developing these tests and hope the issue will be identified during the course of normal development.

A number of improvements were made to the tests while searching for this issue.  While none of them helped, it makes sense to keep the improvements.
2018-10-02 17:54:43 +01:00
Stephen Frost
ed5d7a53de Add .gitignore to C src directory.
Suggested by Stephen Frost.
2018-09-30 12:27:05 +01:00
Stephen Frost
3be9f2dee7 Avoid calling strlen() twice in bufNewZ(). 2018-09-30 11:45:37 +01:00
David Steele
5404628148 Fix incorrect error message for duplicate options in configuration files.
Duplicating a non-multi-value option was not throwing the correct message when the option was a boolean.

The reason was that the option was being validated as a boolean before the multi-value check was being done.  The validation code assumed it was operating on a string but was instead operating on a string list causing an assertion to fail.

Since it's not safe to do the multi-value check so late, move it up to the command-line and configuration file parse phases instead.

Reported by Jesper St John.
2018-09-27 17:48:40 +01:00
David Steele
be2271f6d3 Add cfgDefOptionMulti() to identify multi-value options.
Previously this was done in two separate places by checking if an option was type hash or list.

Bad enough that it was in two places, but an upcoming bug fix will add another instance so make it a function.
2018-09-27 17:24:06 +01:00
David Steele
e66e68e324 Add cryptoHmacOne() for HMAC support.
There doesn't seem to be any need to implement this as a filter since current use cases (S3 authentication) work on small datasets.

So, use the single function method provided by OpenSSL for simplicity.
2018-09-27 09:20:47 +01:00
David Steele
bcca625062 Add bufHex()to Buffer object.
A general-purpose function for converting buffers to hex strings.
2018-09-26 22:33:48 +01:00
David Steele
51484a008f Add bufNewZ() to Buffer object.
This constructor creates a Buffer object directly from a zero-terminated string.  The old way was to create a String object first, then convert that to a Buffer using bufNewStr().

Updated in all places that used the old pattern.
2018-09-26 18:46:52 +01:00
David Steele
d038b9a029 Support configurable WAL segment size.
PostgreSQL 11 introduces configurable WAL segment sizes, from 1MB to 1GB.

There are two areas that needed to be updated to support this: building the archive-get queue and checking that WAL has been archived after a backup.  Both operations require the WAL segment size to properly build a list.

Checking the archive after a backup is still implemented in Perl and has an active database connection, so just get the WAL segment size from the database.

The archive-get command does not have a connection to the database, so get the WAL segment size from pg_control instead.  This requires a deeper inspection of pg_control than has been done in the past, so it seemed best to copy the relevant data structures from each version of PostgreSQL and build a generic interface layer to address them.  While this approach is a bit verbose, it has the advantage of being relatively simple, and can easily be updated for new versions of PostgreSQL.

Since the integration tests generate pg_control files for testing, teach Perl how to generate files with the correct offsets for both 32-bit and 64-bit architectures.
2018-09-25 10:24:42 +01:00
David Steele
c0b0b4e541 PostgreSQL 11 Beta 4 support.
Catalog version changed for this release, so update it.

Also update and upload a new container with beta 4 installed.
2018-09-21 13:25:27 -04:00
David Steele
d513a46e6d Update introduction to be pithy. 2018-09-19 18:26:12 -04:00
David Steele
50266cc26c Use command in authorized_hosts to improve SSH security.
Unsecured, passwordless SSH can be a scary thing. If an attacker gains access to one system they can easily hop to other systems.

Add documentation on how to use the command parameter in authorized_keys to limit ssh to running a single command, pgbackrest. There is more that could be done for security but this likely addresses most needs.

Also change references to "trusted ssh" to "passwordless ssh" since this seems more correct.

Suggested by Stephen Frost, Magnus Hagander.
2018-09-19 16:41:20 -04:00
Cynthia Shang
880fbb5e57 Add checksum delta for incremental backups.
Use checksums rather than timestamps to determine if files have changed.  This is useful in cases where the timestamps may not be trustworthy, e.g. when performing an incremental after failing over to a standby.

If checksum delta is enabled then checksums will be used for verification of resumed backups, even if they are full.  Resumes have always used checksums to verify the files in the repository, enabling delta performs checksums on the database files as well.

Note that the user must manually enable this feature in cases were it would be useful or just keep in enabled all the time.  A future commit will address automatically enabling the feature in cases where it seems likely to be useful.

Contributed by Cynthia Shang.
2018-09-19 11:12:45 -04:00
Cynthia Shang
bf0691576a Allow delta option to be specified in the pgBackRest configuration file.
This option was previously allowed on the command-line only for no particular reason that we could determine.

Being able to specify it in the config file seems like a good idea and won't change current usage.

Contributed by Cynthia Shang.
2018-09-18 13:29:05 -04:00
Cynthia Shang
b6b2c915b2 Allow hashSize() to run on remote storage.
Apparently we never needed to run this function remotely.

It will be needed by the backup checksum delta feature, so implement it now.

Contributed by Cynthia Shang.
2018-09-18 11:39:48 -04:00
Cynthia Shang
052e483057 Restore bIgnoreMissing flag in backupFile() lost in storage refactor.
The test to make sure that some files (e.g. pg_control) do not get removed during the backup was lost during the storage refactor committed at de7fc37f.

This did not impact the integrity of the backups, but bring it back since it is a nice sanity check.

Contributed by Cynthia Shang.
2018-09-18 10:18:39 -04:00
David Steele
03003562d8 Merge all posix storage tests into a single unit.
As we add storage drivers it's important to keep the tests for each completely separate.  Rather than have three tests for each driver, standardize on having a single test unit for each driver.
2018-09-17 11:45:41 -04:00
David Steele
e55d733041 Add -ftree-coalesce-vars option to unit test compilation.
This is a workaround for inefficient handling of many setjmps in gcc >= 4.9.  Setjmp is used in all error handling, but in the unit tests each test macro contains an error handling block so they add up pretty quickly for large unit tests.

Enabling -ftree-coalesce-vars in affected versions reduces build time and memory requirements by nearly an order of magnitude.  Even so, compiles are much slower than gcc <= 4.8.

We submitted a bug for this at: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87316
Which was marked as a duplicate of: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63155
2018-09-17 11:38:10 -04:00
David Steele
b5f749b21c Add CIFS driver to storage helper for read-only repositories.
For read-only repositories the Posix and CIFS drivers behave exactly the same.  Since that's all we support in C right now it's valid to treat them as the same thing.  An assertion has been added to remind us to add the CIFS driver before allowing the repository to be writable.

Mostly we want to make sure that the C code does not blow up when the repository type is CIFS.
2018-09-16 18:41:30 -04:00
David Steele
a6c346cb04 Clear test directory between test runs.
Previously it was the responsibility of the individual tests to clean up after themselves.  Now the test harness now does the cleanup automatically.

This means that some paths/files need to be recreated with each run but that doesn't happen very often.

An attempt has been made to remove all redundant cleanup code but it's hard to know if everything has been caught.  No issues will be caused by anything that was missed, but they will continue to chew up time in the tests.
2018-09-16 17:26:04 -04:00
David Steele
4119ce208d Move test expect log out of the regular test directory.
Storing the expect log (created by common/harnessLog) in the regular test directory was not ideal.  It showed up in tests and made it difficult to clear the test directory between each run.

Move the expect log to a purpose-built directory one level up so it does not interfere with regular testing.
2018-09-16 15:58:46 -04:00
David Steele
8852622fa2 Fix missing test caused by a misplaced YAML tag. 2018-09-16 15:53:19 -04:00
David Steele
c47fc28c8b Make comment blocks consistent across all tests. 2018-09-16 14:15:21 -04:00
David Steele
84ab787b1a Merge protocol storage helper into storage helper.
These are separated the same way in the Perl code where the remote storage driver is located in the Protocol module. However, in the C code the intention is to implement the remote storage driver as a regular driver in the storage layer rather than making a special case out of it.

So, merge the storage helpers. This also has the benefit of making the code a bit simpler.

Also separate storageSpool() and storageSpoolWrite() to make it clearer which operations require write access and to maintain consistency with the other storage helper functions.
2018-09-16 14:12:53 -04:00
David Steele
3014b05dab Fix buffer underrun in configuration test harness.
If the total bytes read from the expect log file was 0 then the last byte of whatever was in memory before harnessLogBuffer would be set to 0.

On 32-bit systems this expressed as the high order byte of a pointer being cleared and wackiness (in the form of segfaults) ensued.
2018-09-16 13:41:49 -04:00
David Steele
0c02481d6e Update all interfaces to use variable parameter constructors.
Fixed parameter constructors made adding new interface functions a burden, so we switched to using structs to define interfaces in the storage module at c49eaec7.

While propagating this pattern to the IO interfaces it became obvious that the existing variable parameter function pattern (begun in the storage module) was more succinct and consistent with the existing code.

So, use variable parameter functions to define all interfaces. This assumes that the non-interface parameters will be fixed, which seems reasonable for low-level code.
2018-09-15 21:07:00 -04:00
David Steele
f0ed89f21f Allow C or Perl coverage to run on more than one VM.
C or Perl coverage tests can now be run on any VM provided a recent enough version of Devel::Cover or lcov is available.

For now, leave u18 as the only VM to run coverage tests due to some issues with older versions of lcov.
2018-09-15 13:27:06 -04:00
David Steele
31cdd9d20b Remove compiler warnings that are not valid for u16. 2018-09-15 08:23:55 -04:00
David Steele
c49eaec776 Full abstraction of storage driver interface.
The external storage interfaces (Storage, StorageFileRead, etc.) have been stable for a while, but internally they were calling the posix driver functions directly.

Create driver interfaces for storage, fileRead, and fileWrite and remove all references to the posix driver outside storage/driver/posix (with the exception of a direct call to pathRemove() in Perl LibC).

Posix is still the only available driver so more adjustment may be needed, but this should represent the bulk of the changes.
2018-09-14 16:08:33 -04:00
David Steele
aeb1fa3dfb Don't perform valgrind when requested.
The --no-valgrind flag was not being honored.  It's not clear if this flag ever worked, but it does now.
2018-09-13 19:12:40 -04:00
David Steele
fd14ceb399 Rename posix driver files/functions for consistency.
The posix driver was developed over time and the naming is not very consistent.

Rename the files and functions to work well with other drivers and generally favor longer names since the driver functions are seldom (eventually never) used outside the driver itself.
2018-09-13 18:58:22 -04:00
David Steele
ab1762663c Don't use negations in objects below Storage.
The Storage object represents some some optional parameters as negated if the default is true.  This allows sensible defaults without having to specify most optional parameters.

However, there's no need to propagate this down to functions that require all parameters to be passed -- it makes the code and logging more confusing.  Rename the parameters and update logic to remove negations.
2018-09-13 17:53:48 -04:00
David Steele
5aa458ffae Simplify debug logging by allowing log functions to return String objects.
Previously, debug log functions had to handle NULLs and truncate output to the available buffer size.  This was verbose for both coding and testing.

Instead, create a function/macro combination that allows log functions to return a simple String object.  The wrapper function takes care of the memory context, handles NULLs, and truncates the log string based on the available buffer size.
2018-09-11 18:32:56 -04:00
David Steele
9b9396c7b7 Migrate local, unencrypted, non-S3 archive-get command to C.
The archive-get command will only be executed in C if the repository is local, unencrypted, and type posix or cifs.  Admittedly a limited use case, but this is just the first step in migrating the archive-get command entirely into C.

This is a direct migration from the Perl code (including messages) to integrate as seamlessly with the remaining Perl code as possible.  It should not be possible to determine if the C version is running unless debug-level logging is enabled.
2018-09-11 15:42:31 -04:00
David Steele
787e7c295f Change locking around async process forking to be more test friendly.
The lock is now released before the fork and reacquired after the fork so the parent process no longer needs to worry about clearing the lock.

This is the same locking mechanism that will be used once archive-get-async is exec'd as a separate command, so introduce it now to simplify testing.
2018-09-11 14:43:16 -04:00
David Steele
9e574a37dc Make archive-get info messages consistent between C and Perl implementations.
The info messages were spread around and logged differently based on the execution path and in some cases logged nothing at all.

Temporarily track the async server status with a flag so that info messages are not output in the async process.  The async process will be refactored as a separate command to be exec'd in a future commit.
2018-09-11 12:30:48 -04:00
Cynthia Shang
cabb3f8577 List allowable values for the buffer-size option in the configuration reference.
Contributed by Cynthia Shang.
Suggested by Stéphane Schildknecht.
2018-09-10 13:33:39 -04:00
Cynthia Shang
e351b8c67c Improve info command to display the stanza cipher type.
Contributed by Cynthia Shang.
Suggested by Douglas J Hunley.
2018-09-10 13:09:45 -04:00
David Steele
c688bc8627 Improve support for special characters in filenames.
% characters caused issues in backup/restore due to filenames being appended directly into a format string.

Reserved XML characters (<>&') caused issues in the S3 driver due to improper escaping.

Add a file with all common special characters to regression testing.
2018-09-10 10:54:34 -04:00
David Steele
80ef6fce75 Fix missing missing URI encoding in S3 driver.
File names with uncommon characters (e.g. @) caused authentication failures due to S3 encoding them correctly while the S3 driver did not.

Reported by Dan Farrell.
2018-09-10 10:47:00 -04:00
David Steele
f7fc8422f7 Make Valgrind return an error even when a non-fatal issue is detected.
By default Valgrind does not exit with an error code when a non-fatal error is detected, e.g. unfreed memory.  Use the --error-exitcode option to enabled this behavior.

Update some minor issues discovered in the tests as a result.  Luckily, no issues were missed in the core code.
2018-09-07 16:50:01 -07:00
David Steele
faaa9a91fd Fix typo in unit test error messages, EXECTED => EXPECTED. 2018-09-07 08:03:56 -07:00
David Steele
6e9b6fdca9 Migrate control functions to detect stop files to C from Perl.
Basic functions to detect the presence of stanza or all stop files and error when they are present.

The functionality to detect stop files without error was not migrated. This functionality is only used by stanza-delete and will be migrated with that command.
2018-09-07 08:03:05 -07:00
David Steele
5bdaa35fa5 Migrate walIsPartial(), walIsSegment(), and walSegmentFind() from Perl to C.
Also refactor regular expression defines to make them more reusable.
2018-09-07 08:00:18 -07:00
David Steele
9660076093 Add helper for repository storage.
Implement rules for generating paths within the archive part of the repository. Add a helper function, storageRepo(), to create the repository storage based on configuration settings.

The repository storage helper is located in the protocol module because it will support remote file systems in the future, just as the Perl version does.

Also, improve the existing helper functions a bit using string functions that were not available when they were written.
2018-09-07 07:58:08 -07:00
David Steele
960ad73298 Info objects now parse JSON and use specified storage.
Use JSON code now that it is available and remove temporary hacks used to get things working initially.

Use passed storage objects rather than using storageLocal().  All storage objects in C are still local but this won't always be the case.

Also, move Postgres version conversion functions to postgres/info.c since they have no dependency on the info objects and will likely be useful elsewhere.
2018-09-06 10:12:14 -07:00
David Steele
6361a06181 Fix incorrectly reported error return in info logging.
A return code of 1 from the archive-get was being logged as an error message at info level but otherwise worked correctly.

Also improve info messages when an archive segment is or is not found.
2018-09-04 21:46:41 -04:00
David Steele
800afeef70 Posix file functions now differentiate between open and missing errors.
The Perl functions do so and the integration tests rely on checking for these errors.  This has been exposed as more functionality is moved into C.

Passing the errors types is now a bit complicated so instead use a flag to determine which errors to throw.
2018-09-04 17:47:23 -04:00
David Steele
375ff9f9d2 Ignore all files in a linked tablespace directory except the subdirectory for the current version of PostgreSQL.
Previously an error would be generated if other files were present and not owned by the PostgreSQL user.  This hasn't been a big deal in practice but it could cause issues.

Also add tests to make sure the same logic applies with links to files, i.e. all other files in the directory should be ignored.  This was actually working correctly, but there were no tests for it before.
2018-08-31 16:06:40 -04:00
David Steele
41746b53cd Begin v2.06 development. 2018-08-31 14:24:36 -04:00
David Steele
bc7462d86d v2.05: Environment Variable Options and Exclude Temporary/Unlogged Relations
Bug Fixes:

* Fix issue where relative links in $PGDATA could be stored in the backup with the wrong path. This issue did not affect absolute links and relative tablespace links were caught by other checks. (Reported by Cynthia Shang.)
* Remove incompletely implemented online option from the check command. Offline operation runs counter to the purpose of this command, which is to check if archiving and backups are working correctly. (Reported by Jason O'Donnell.)
* Fix issue where errors raised in C were not logged when called from Perl. pgBackRest properly terminated with the correct error code but lacked an error message to aid in debugging. (Reported by Douglas J Hunley.)
* Fix issue when a boolean option (e.g. delta) was specified more than once. (Reported by Yogesh Sharma.)

Features:

* Allow any option to be set in an environment variable. This includes options that previously could only be specified on the command line, e.g. stanza, and secret options that could not be specified on the command-line, e.g. repo1-s3-key-secret.
* Exclude temporary and unlogged relation (table/index) files from backup. Implemented using the same logic as the patches adding this feature to PostgreSQL, 8694cc96 and 920a5e50. Temporary relation exclusion is enabled in PostgreSQL ≥ 9.0. Unlogged relation exclusion is enabled in PostgreSQL ≥ 9.1, where the feature was introduced. (Contributed by Cynthia Shang.)
* Allow arbitrary directories and/or files to be excluded from a backup. Misuse of this feature can lead to inconsistent backups so read the --exclude documentation carefully before using. (Reviewed by Cynthia Shang.)
* Add log-subprocess option to allow file logging for local and remote subprocesses.
* PostgreSQL 11 Beta 3 support.

Improvements:

* Allow zero-size files in backup manifest to reference a prior manifest regardless of timestamp delta. (Contributed by Cynthia Shang.)
* Improve asynchronous archive-get/archive-push performance by directly checking status files. (Contributed by Stephen Frost.)
* Improve error message when a command is missing the stanza option. (Suggested by Sarah Conway.)
2018-08-31 13:19:43 -04:00
David Steele
70514061fd Fix issue where relative links in $PGDATA could be stored in the backup with the wrong path.
Relative link paths were being combined with the paths of previous links (relative or absolute) due to the $strPath variable being modified in the current iteration rather than simply being passed to the next level of recursion.

This issue did not affect absolute links and relative tablespace links were caught by other checks, though the error was confusing.

Reported by Cynthia Shang.
2018-08-30 16:27:36 -04:00
David Steele
c638490451 Documentation updates for exclude feature based on review.
Reviewed by Cynthia Shang.
2018-08-28 16:49:29 -04:00
David Steele
14cde54b37 Limit manifest build recursion (i.e. links followed) to sixteen levels to detect link loops. 2018-08-28 16:27:10 -04:00
David Steele
a6cecf7d5e Prevent manifest from being built more than once. 2018-08-28 16:22:30 -04:00
Stephen Frost
4498f726a5 Improve asynchronous archive-get/archive-push performance by directly checking status files.
Prior to this commit, an expression was used to search the spool directory for ok/error files for a specific WAL segment. This involved setting up a regular expression and using opendir/readdir.

Instead, directly probe for the status files, checking directly if a '.ok' or '.error' file exists, avoiding the regular expression and eliminating the directory scan.

Only the two files now probed for could have ever matched the regular expression which had been provided and it's unlikely that many more additional files will be added, so this is a good improvement, and optimization, with little downside.

Contributed by Stephen Frost.
2018-08-28 16:04:53 -04:00
David Steele
bef58a7974 Allow arbitrary directories and/or files to be excluded from a backup.
Misuse of this feature can lead to inconsistent backups so read the --exclude documentation carefully before using.
2018-08-27 15:51:05 -04:00
David Steele
77dca5b968 Allow command/option constants to autonumber in both C and Perl to reduce churn when a new command/option is added. 2018-08-24 19:31:45 -04:00
David Steele
4c3cf435c0 Add cvtZToUInt() to convert string to unsigned int. 2018-08-24 17:08:00 -04:00
Cynthia Shang
eb30d88b6a Allow zero-size files in backup manifest to reference a prior manifest regardless of timestamp delta.
Contributed by Cynthia Shang.
2018-08-24 16:50:33 -04:00
David Steele
0ed37ab9e7 Update Archive::Info->archiveIdList() to return a valid error code instead of unknown. 2018-08-24 12:13:10 -04:00
David Steele
2276567027 Add log-subprocess option to allow file logging for local and remote subprocesses. 2018-08-22 20:05:49 -04:00
David Steele
512da125ad Improve error reporting for TEST_ASSIGN() and TEST_RESULT_VOID() macros. 2018-08-22 19:03:13 -04:00
David Steele
ad989068d2 Fix issue when a boolean option (e.g. delta) was specified more than once.
Reported by Yogesh Sharma.
2018-08-22 16:45:25 -04:00
David Steele
8a8738308c Enable -Wvla. 2018-08-22 14:48:37 -04:00