1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-12 10:04:14 +02:00
Commit Graph

2082 Commits

Author SHA1 Message Date
Reid Thompson
70bda2cfb2
Improve SFTP error messages.
The numbers by themselves weren't very informative and required looking into the libssh2_sftp.h header file for the definition.
2024-10-10 11:17:35 +03:00
Thibault VINCENT
c8ccaaa755
Fix PostgreSQL query performance for large datasets.
The asynchronous logic used to implement the query timeout was misusing PQisBusy(), which caused the wait handler to throttle the consumption of command results. It could introduce a large delay on a query up to `db-timeout` because of the back-off sequence.

Following the recommendation of libpq, fix by polling the client socket for data availability and then continue consuming results and checking for command busyness.
2024-10-10 09:48:43 +03:00
David Steele
b50ad48fd4 Use systemctl replacement to generate documentation.
Containers are notoriously unfriendly to systemctl (really systemd) but we prefer to use systemctl to make our documentation as accurate as possible. This replacement performs all the functions of systemctl without requiring systemd, which great simplifies container configuration and allows the documentation build to work in more environments.
2024-10-08 11:01:55 +03:00
David Steele
b3ca2e3482
Correctly display current values for indexed options in help.
The current value for an indexed option was always for the first index, e.g. pg1-path. This is likely legacy from before indexing was added (and faithfully copied over from Perl, apparently).

Fix this by enumerating the current values in the option help and displaying <multi> in the option list when more than one value exists.
2024-10-05 09:41:50 +03:00
David Steele
9f97269678 Use uname -m to get architecture for RHEL package in user guide. 2024-10-02 18:02:15 +03:00
David Steele
278319eba3
Add performance tuning section to user guide.
We frequently tell users to enable to these options but they are spread through the documentation and not at all obvious. Hopefully putting them in the quick start will make them more visible and also provide an easy place to link.
2024-09-20 15:49:26 +03:00
David Steele
b19134dccd
Allow repositories on versioned storage to be read at a target time.
This feature allows the archive-get, info, repo-get, repo-ls, restore, and verify commands to operate at a point-in-time on versioned buckets in Azure, GCS, and S3. This allows recovery even if a repository has been accidentally or maliciously deleted or corrupted.
2024-09-17 10:51:21 +03:00
David Steele
46c1297be3
Remove limitation on reading files in parallel during restore.
This restriction prevented multiple files being read from a remote simultaneously, which was not supported by the protocol. Although the limitation only applied to remotes, it was applied in all cases for testing purposes and because we planned to fix it.

Protocol command multiplexing added in df8cbc91 allows files to be read simultaneously from a remote so this restriction is no longer required.

Note that there is a test for this condition since the prior code had coverage. It might be tricky to ensure that test doesn't go away, but in general we should have enough tests in place to ensure simultaneous reads function as expected.
2024-09-09 15:47:23 +03:00
David Steele
a42629f87a
Allow requested standby backup to proceed with no standby.
Add a "prefer" value to the backup-standby option to allow the backup to proceed when no standby is found. Note that this will not help if the standby is responding but fails to sync with the primary after the backup has started.

Introduce a new option modifier, bool-like, that allows a boolean option to be converted to a string or string-id option while still allowing the option to act like a boolean on the command-line, e.g. --no-backup-standby.
2024-09-09 12:56:52 +03:00
David Steele
b454b9e403 Save backup.info only when contents have changed.
This prevents backup.info from being saved again when expire does not make any changes.

More importantly, as we look to support versioning on object stores, it will be much easier to determine a good point-in-time to use for restore if there are no extraneous saves of backup.info.
2024-09-05 11:38:42 +03:00
Brent Graveland
95a4b9e10a
Refresh web-id token for each S3 authentication.
The token file pointed to by the AWS_WEB_IDENTITY_TOKEN_FILE environment variable was read once at startup, but for long operations the token might expire before completion.

Instead read the token on each S3 authentication so the current token is always used.
2024-09-01 11:21:56 +07:00
David Steele
f6aaa3672b Merge v2.53.1 release. 2024-08-20 11:03:24 +07:00
David Steele
60f96429b8
Fix segfault on delayed connection errors.
Connection errors could cause a segfault if the error was delayed enough to pass the initial call to sckClientOpenWait() and the error was instead thrown by a subsequent call to sckClientOpenWait(), which was not correctly initializing a variable required for error handling.

While this can be produced fairly easily in a test environment, I was unable to craft a unit test to hit this exact condition, probably due to timing. The new code still has full coverage and I added several comments to help prevent regressions.
2024-08-16 10:56:07 +07:00
Reid Thompson
04ef43d9ed
Skip local repository duplicate check for SFTP.
This check does not make sense for SFTP since the repository will never be local.
2024-08-13 13:45:24 +08:00
David Steele
80c9b3001c PostgreSQL 17beta3 support.
This release changed the control and WAL format, which is very unusual for a beta. Update control and WAL versions/structs to match.
2024-08-13 11:53:12 +08:00
David Steele
ed9b0c260a
Fix permissions when restore run as root user.
When restore was run as the root user the pg_control file would end up with root permissions. This bug was introduced in e634fd8. Fix this by directly overwriting the pg_control temp file rather than doing an atomic write that updates permissions. Also update other parameters to more closely match similar calls.

There was also an adjacent error where restore as the root user would fail if the base path did not exist. Fix this by ignoring the missing path since it will be created later and this logic is just trying to find an alternate user for permissions if the user in the manifest does not exist.
2024-08-13 11:43:05 +08:00
Stefan Fercot
b306f83493
Summarize backup reference list for info command text output.
The backup reference list can be very long so it seems better to summarize the list by default for text output and keep the full list when --set is specified.
2024-07-31 18:53:02 +07:00
Aleksey Tsalolikhin
c42d484c9d
Fix typo in user guide. 2024-07-30 12:48:32 +07:00
David Steele
ee70c2e26e Remove internal repo-create command.
This command was used by the Perl integration tests to create buckets for storage types that required it. Now that the integration tests are written in C they can simply use the same code to create buckets.

The command was also used in the documentation but there it seems more appropriate to use the corresponding vendor CLI.
2024-07-22 14:17:47 +07:00
David Steele
df8cbc91c3
Protocol command multiplexing.
Previously it was not possible to read or write two files at the same time on the same remote because the protocol was entirely taken over by the read or write command. Multiple reads are required to make restores efficient when a list of bundled files is being read but blocks need to be retrieved from a separate file or a different part of the same file.

Improve that situation with sessions that allow related commands to be run with shared state. Also break read/write into separate requests (rather than pushing all data at once) so they can be multiplexed.

The disadvantage for read/write is that they now require more back and forth to transfer a file. This is mitigated by sending asynchronous read/write requests to keep both server and client as busy as possible. Reads that can fit into a single buffer are optimized to transfer in a single command. Reads that transfer the entire file can also skip the close command since it is implicit on end-of-file.

These changes allow the protocol to be simplified to provide one response per request, which makes the data end message obsolete. Any data sent for the request is now added to the parameters so no data needs to be sent separately to the server outside the request parameters.

Also update the Db protocol to use the new sessions. Previously this code had tracked its own sessions.
2024-07-22 11:48:32 +07:00
David Steele
e7f4e8d800 Begin v2.54 development. 2024-07-22 09:42:33 +07:00
David Steele
6e8a45f650 v2.53: Concurrent Backups
IMPORTANT NOTE: The log-level-stderr option default has been changed from warn to off. This makes it easier to capture errors when only redirecting stdout. To preserve the prior behavior set log-level-stderr=warn.

NOTE TO PACKAGERS: The lz4 library is now required by the meson build.

NOTE TO PACKAGERS: Compiler support for __builtin_clzl() and __builtin_bswap64() is now required by the meson build.

Bug Fixes:

* Fix SFTP renaming failure when file already exists. (Fixed by Reid Thompson. Reviewed by David Steele. Reported by ahmed112212.)

Features:

* Allow backups to run concurrently on different repositories. (Reviewed by Reid Thompson, Stefan Fercot.)
* Support IP-based SANs for TLS certificate validation. (Contributed by David Christensen. Reviewed by David Steele.)

Improvements:

* Default log-level-stderr option to off. (Reviewed by Greg Sabino Mullane, Stefan Fercot.)
* Allow alternative WAL segment sizes for PostgreSQL ≤ 10. (Contributed by Viktor Kurilko. Reviewed by David Steele.)
* Add hint to check SFTP authorization log. (Contributed by Vitalii Zurian. Reviewed by Reid Thompson, David Steele.)

Documentation Improvements:

* Clarify archive-push multi-repo behavior. (Reviewed by Stefan Fercot.)
2024-07-22 09:33:31 +07:00
David Steele
ec3e387bb7
Clarify archive-push multi-repo behavior.
Clarify that archive-push will not be able to push ahead in other repositories if one is failing unless archive-async in enabled.
2024-07-18 11:19:25 +07:00
David Steele
c85191e024 Update Minio test/documentation container version. 2024-07-16 09:45:22 +07:00
David Christensen
dfb620b0b8
Support IP-based SANs for TLS certificate validation.
The prior SAN code only recognized DNS-based SANs, which meant that it would not properly validate if using an IP-based SAN. 

Add support for IPv4 and IPv6 SANs with exact matching only.

This simplifies testing when certificate generation tools have trouble generating a DNS:1.2.3.4-style SAN, preferring to include the SAN as IP:1.2.3.4.
2024-07-11 10:54:20 +07:00
Vitalii Zurian
ccae609402
Add hint to check SFTP authorization log.
In the case of authorization failures there many be valuable information in the log.
2024-07-09 11:34:13 +07:00
Reid Thompson
d6f0bf88af
Fix SFTP renaming failure when file already exists.
Update error handling for libssh2_sftp_rename_ex() in storageWriteSftpClose() when a file already exists. 

The SFTP servers used during development and testing never returned LIBSSH2_FX_FILE_ALREADY_EXISTS, rather they returned LIBSSH2_FX_FAILURE when a file already existed. However, it is clear that some SFTP servers use LIBSSH2_FX_FILE_ALREADY_EXISTS so add support.
2024-07-04 16:53:07 +07:00
David Steele
edd61636a9
Allow backups to run concurrently on different repositories.
The prior locking only allowed one backup per stanza, which was required by PostgreSQL <= 9.5 and didn't present a problem when only one stanza could be created.

Now that multiple stanzas are allowed relax this restriction so that backups can run concurrently for PostgreSQL > 9.5. To do this, update the locking to be per stanza and repo rather than per stanza. Remotes are not aware of the repos that require locking so send an explicit list of files to be locked to the remote. Also remove the advisory lock for PostgreSQL > 9.5.

For info output the running backups are combined for progress output in order to avoid changing the JSON format. It definitely makes sense to have per repo progress as well but that will be left for a future commit.
2024-07-04 16:22:17 +07:00
David Steele
7d54073094
Default log-level-stderr option to off.
Writing warnings and errors to stderr by default leads to error messages being lost when the user does not correctly redirect stderr while generating logs for analysis. This happens so often that it seems worth changing the default to increase the quality of the logs we receive.

If the user has explicitly set log-level-stderr then there is no change in behavior.
2024-06-25 16:45:47 +08:00
David Steele
1094aecab5 Require compiler support for __builtin_clzl() and __builtin_bswap64().
These functions will be useful for optimizing varint-128 functions.

Require them in the meson build before adding new code in case there are problems with packaging.
2024-06-25 16:16:55 +08:00
David Steele
0c32757fd9 Require the lz4 library in the meson build.
We would like to use lz4 for protocol compression instead of gz but first we need to make sure this is not going to cause a problem for packaging.

To do this make lz4 required in meson but make no changes to the code so this is an easy revert for packagers if there is an issue.
2024-06-25 16:04:02 +08:00
David Steele
cfb8aa202e Add remote locks for stanza commands missed in 31c7824a.
31c7824a should have added remote locks when the commands were modified to run remotely. This is unlikely to have caused issues since these commands are generally not run concurrently with backup/expire but having the locks is safer.
2024-06-21 13:29:17 +08:00
David Steele
b9a9ef2d5f Clarify when code generation is run when modifying config.yaml.
The contributing guide indicated that this happened at compile time but in fact it happens when test.pl is run.
2024-06-21 11:17:42 +08:00
David Steele
270dce41b6
Refactor lock module.
Refactor the lock module to split command-specific logic from the basic file locking functionality. Command specific logic is now in command/lock.c. This will make it easier to implement new features such as repository locking and updating lock file contents on remotes.

This implementation is essentially a drop-in replacement but there are a few differences. First, the lock names no longer require a path (the path is added in the lock module). Second, the timeout functionality has been removed since it was not being used.
2024-06-18 10:43:54 +08:00
David Steele
ad7377c75b
Fix issue with files larger on the replica than on the primary.
If a file on the primary was larger than on the replica then the next diff/incr backup would store the primary size instead of the replica size when block incremental was enabled. On the next diff/incr backup this would lead to a repo size must be > 0 for file error when validating the manifest.

Fix this by limiting copy based on sizeOriginal rather than size so size can be set to the value expected to be stored in the manifest. As a bonus sizePrior is no longer needed since size can be used for the same purpose.
2024-06-16 11:55:04 +08:00
Viktor Kurilko
4ac3b82c99 Allow alternative WAL segment sizes for PostgreSQL <= 10.
Alternative WAL segment sizes can be configured in PostgreSQL <= 10 with compile-time options. We have not allowed these before since it was not a well-tested feature of PostgreSQL.

However, forks such as Greenplum allow alternative WAL segment sizes at initdb time (which are presumably well-tested) so it makes sense to allow it.

Since the PostgreSQL versions in question are all EOL it is not important to have this restriction in place anymore.
2024-06-11 12:08:52 +10:00
David Steele
6f562fba60 Migrate coverage testing to C and remove dependency on lcov.
lcov does not seem to be very well maintained and is often not compatible with the version of gcc it ships with until a few months after a new distro is released. In any case, lcov is that not useful for us because it generates reports on all coverage while we are mainly interested in missing coverage during development.

Instead use the JSON output generated by gcov to generate our minimal coverage report and metrics for the documentation.

There are some slight differences in the metrics. The difference in the common module was due to a bug in the old code -- build/common was being added into common as well as being reported separately. The source of the two additional branches in the backup module is unknown but almost certainly down to how exclusions are processed with regular expressions. Since there is additional coverage rather than coverage missing this seems fine.

Since this was pretty much a rewrite it was also a good time to migrate to C.
2024-05-31 14:52:07 +10:00
David Steele
49e252f492 Begin v2.53 development. 2024-05-27 11:49:21 +10:00
David Steele
dfc14b1934 v2.52: PostgreSQL 17 support
NOTE TO PACKAGERS: The build system for pgBackRest is now meson. The autoconf/make build will not receive any new features and will be removed after a few releases.

Features:

* Add GCS batch delete support. (Reviewed by Reid Thompson.)
* S3 SSE-C encryption support. (Reviewed by Tim Jones. Suggested by Tim Jones.)
* PostgreSQL 17 support. (Reviewed by Stefan Fercot.)

Improvements:

* Allow explicit disabling of optional dependencies in meson builds. (Contributed by Michael Schout. Reviewed by David Steele.)
* Dynamically find python in meson build. (Contributed by Michael Schout. Reviewed by David Steele.)
* Tag pgbackrest build target in meson as installable. (Contributed by Bradford Boyle. Reviewed by David Steele.)

Documentation Improvements:

* Update start/stop documentation to reflect actual functionality. (Reviewed by Stefan Fercot.)
2024-05-27 11:13:16 +10:00
David Steele
b6ac11beec
Update start/stop documentation to reflect actual functionality.
The exact functionality of start/stop has evolved over time and has become a bit confusing. It may be appropriate to make the behavior more consistent but for now at least document the behavior correctly. The documentation for start/stop was fairly inaccurate.
2024-05-23 08:17:02 +10:00
David Steele
76bcb740b6
Add GCS batch delete support.
The GCS driver sent a single file delete request for each file while deleting a path. Depending on latency this could lead to rather long delete times, especially noticeable during expiration.

Improve GCS delete to use batches, which require multipart HTTP, so also add multipart HTTP infrastructure.
2024-04-27 15:42:10 +10:00
Michael Schout
e00e33b528
Dynamically find python in meson build.
This is better than requiring a python3 binary to be on the path because some installations might have, e.g. python3.9.

Also add the python3-distutils package to Debian builds to make this work.
2024-04-25 19:32:07 +10:00
Reid Thompson
4ea4e3f380
Update Fedora test image to Fedora 38.
This should have been done in 434938e3 but somehow it didn't happen.

Fedora 38 requires 2048 bit keys so update the VM builds to use them. Update the documentation to use 2048 bit keys. This is not technically required by this commit but it makes sense to do it now.

Also update the key location for the yum.p.o repository.

Lastly, shuffle test PostgreSQL versions since PostgreSQL 11 is not longer available in the yum.p.o repository.
2024-04-23 22:34:32 +10:00
David Steele
987e6e31f4 Move packager note about meson to new version.
Since there were some issues found with the meson install (7877983a, 7b95fd3b) it makes sense for any packagers who have not made the migration to hold off until the next release.

Move the note to the next release where hopefully all issues have been addressed.
2024-04-21 09:42:11 +10:00
David Steele
fb22f04555
PostgreSQL 17 Support.
Add catalog version and WAL magic for PostgreSQL 17.
2024-04-18 10:56:24 +10:00
David Steele
c8cf8e1f2b Update contributor name. 2024-04-17 19:02:28 +10:00
udf2457
57731b6cd2
S3 SSE-C encryption support.
This feature (enabled with --repo-s3-sse-customer-key) provides an encryption key to encrypt the data after it has been transmitted to the server.

While not as secure as encrypting data before transmission (--repo-cipher-type), this may be useful in certain configurations.
2024-04-17 11:58:13 +10:00
Michael Schout
7b95fd3bd2
Allow explicit disabling of optional dependencies in meson builds.
On some platforms, e.g. FreeBSD, there is a requirement to allow the user to disable support for features even when the required library is present.

Introduce tri-state options for the optional features: auto mimics the current behavior and is the default, enable requires libraries for the feature to be present, and disable disables the feature without checking the libraries.
2024-04-10 09:23:17 +10:00
Bradford Boyle
7877983acb
Tag pgbackrest build target in meson as installable.
By default meson does not install anything. Targets can be installed by tagging them as installable in the build definition.
2024-03-27 09:29:37 +11:00
David Steele
924aa5e8b1 Begin v2.52 development. 2024-03-25 11:22:53 +13:00