Re: backup manifests
Andres Freund <andres@anarazel.de>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Try to avoid compiler warnings in optimized builds.
- 05021a2c0cd2 13.0 landed
-
Fix option related issues in pg_verifybackup.
- 0a89e93bfaa6 13.0 landed
-
Add index term for backup manifest in documentation.
- 4db819ba4039 13.0 landed
-
Code review for backup manifest.
- a2ac73e7be7a 13.0 landed
-
Document the backup manifest file format.
- 149f2ae88ab0 13.0 landed
-
Fix typo in pg_validatebackup documentation.
- c4f82a779d26 13.0 landed
-
Exclude backup_manifest file that existed in database, from BASE_BACKUP.
- 1ec50a81ec0a 13.0 landed
-
Msys2 tweaks for pg_validatebackup corruption test
- c3e4cbaab936 13.0 landed
-
Fix resource management bug with replication=database.
- 3e0d80fd8d3d 13.0 cited
-
Be more careful about time_t vs. pg_time_t in basebackup.c.
- db1531cae009 13.0 cited
-
pg_validatebackup: Fix 'make clean' to remove tmp_check.
- 9f8f881caa0f 13.0 landed
-
pg_validatebackup: Also use perl2host in TAP tests.
- 460314db08e8 13.0 landed
-
Generate backup manifests for base backups, and validate them.
- 0d8c9c1210c4 13.0 landed
-
Add checksum helper functions.
- c12e43a2e0d4 13.0 landed
-
pg_waldump: Add a --quiet option.
- ac44367efbef 13.0 landed
-
Catversion bump for b9b408c48724
- afb5465e0cfc 13.0 cited
-
pg_basebackup: Refactor code for reading COPY and tar data.
- 431ba7bebf13 13.0 landed
-
Use a ResourceOwner to track buffer pins in all cases.
- 3cb646264e8c 12.0 cited
-
Use ARMv8 CRC instructions where available.
- f044d71e331d 11.0 cited
-
Logical replication support for initial data copy
- 7c4f52409a8c 10.0 cited
-
Use Intel SSE 4.2 CRC instructions where available.
- 3dc2d62d0486 9.5.0 cited
-
Switch to CRC-32C in WAL and other places.
- 5028f22f6eb0 9.5.0 cited
-
Remove support for 64-bit CRC.
- 404bc51cde9d 9.5.0 cited
-
Change CRCs in WAL records from 64bit to 32bit for performance reasons.
- 21fda22ec46d 8.1.0 cited
Hi, On 2020-04-02 13:04:45 -0400, Robert Haas wrote: > And here's another new patch set. After some experimentation, I was > able to manually test the timeline-switch-during-a-base-backup case > and found that it had bugs in both pg_validatebackup and the code I > added to the backend's basebackup.c. So I fixed those. Cool. > It would be > nice to have automated tests, but you need a large database (so that > backing it up takes non-trivial time) and a load on the primary (so > that WAL is being replayed during the backup) and there's a race > condition (because the backup has to not finish before the cascading > standby learns that the upstream has been promoted), so I don't at > present see a practical way to automate that. I did verify, in manual > testing, that a problem with WAL files on either timeline caused a > validation failure. I also verified that the LSNs at which the standby > began replay and reached consistency matched what was stored in the > manifest. I suspect its possible to control the timing by preventing the checkpoint at the end of recovery from completing within a relevant timeframe. I think configuring a large checkpoint_timeout and using a non-fast base backup ought to do the trick. The state can be advanced by separately triggering an immediate checkpoint? Or by changing the checkpoint_timeout? > I also implemented Noah's suggestion that we should write the backup > manifest under a temporary name and then rename it afterward. > Stephen's original complaint that you could end up with a backup that > validates successfully even though we died before we got the WAL is, > at this point, moot, because pg_validatebackup is now capable of > noticing that the WAL is missing. Nevertheless, this seems like a nice > belt-and-suspenders check. Yea, it's imo generally a good idea. > I think this responds to pretty much all of the complaints that I know > about and upon which we have a reasonable degree of consensus. There > are still some things that not everybody is happy about. In > particular, Stephen and David are unhappy about using CRC-32C as the > default algorithm, but Andres and Noah both think it's a reasonable > choice, even if not as robust as everybody will want. As I agree, I'm > going to stick with that choice. I think it might be worth looking, in a later release, at something like blake3 for a fast cryptographic checksum. By allowing for instruction parallelism (by independently checksuming different blocks in data, and only advancing the "shared" checksum separately) it achieves considerably higher throughput rates. I suspect we should also look at a better non-crypto hash. xxhash or whatever. Not just for these checksums, but also for in-memory. > Also, there is still some debate about what the tool ought to be > called. My previous suggestion to rename this from pg_validatebackup > to pg_validatemanifest seems wrong now that WAL validation has been > added; in fact, given that we now have two independent sanity checks > on a backup, I'm going to argue that it would be reasonable to extend > that by adding more kinds of backup validation, perhaps even including > the permissions check that Andres suggested before. FWIW, the only check I'd really like to see in this release is the crosscheck with the files length and the actually read data (to be able to disagnose FS issues). Greetings, Andres Freund