Re: refactoring basebackup.c
Robert Haas <robertmhaas@gmail.com>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Document BaseBackupSync and BaseBackupWrite wait events.
- 749320cdc3fd 15.3 landed
- 4b1ad19a4e22 16.0 landed
-
Support long distance matching for zstd compression
- 2820adf7755d 16.0 landed
-
Fix possible NULL-pointer-deference in backup_compression.c.
- 8e053dc6dfbe 15.0 landed
-
Allow parallel zstd compression when taking a base backup.
- 51c0d186d99a 15.0 landed
-
Make PostgreSQL::Test::Cluster::run_log() return a useful value.
- ad4f2c47de44 15.0 landed
-
Fix a few goofs in new backup compression code.
- 61762426e6ed 15.0 landed
-
Replace BASE_BACKUP COMPRESSION_LEVEL option with COMPRESSION_DETAIL.
- ffd53659c46a 15.0 landed
-
Add 'basebackup_to_shell' contrib module.
- c6306db24bd9 15.0 landed
-
Allow extensions to add new backup targets.
- e4ba69f3f4a1 15.0 landed
-
Change HAVE_LIBLZ4 and HAVE_LIBZSTD tests to USE_LZ4 and USE_ZSTD.
- 75eae090876f 15.0 landed
-
pg_basebackup: Clean up some bogus file extension tests.
- d6f1cdeb9a9e 15.0 landed
-
pg_basebackup: Avoid unclean failure with server-compression and -D -.
- b2de45f9200d 15.0 landed
-
Fix LZ4 tests for remaining buffer space.
- 1d4be6be65ab 15.0 landed
-
Add support for zstd base backup compression.
- 7cf085f077df 15.0 landed
-
pg_basebackup: Allow client-side LZ4 (de)compression.
- 751b8d23b788 15.0 landed
-
Add suport for server-side LZ4 base backup compression.
- dab298471ff2 15.0 landed
-
Add min() and max() aggregates for xid8.
- 400fc6b6487d 15.0 cited
-
Remove superfluous variable.
- 82331ed4dd60 15.0 landed
-
pg_basebackup: Cleaner handling when compression is multiply specified.
- 51891d5a9560 15.0 landed
-
Allow server-side compression to be used with -Fp.
- d45099425eb1 15.0 landed
-
pg_basebackup: Fix a couple of recently-introduced bugs.
- dabf63bc9a5b 15.0 landed
-
Tidy up a few cosmetic issues related to pg_basebackup.
- e1f860f13459 15.0 landed
-
Server-side gzip compression.
- 0ad8032910d5 15.0 landed
-
Unbreak pg_basebackup/t/010_pg_basebackup.pl on msys
- 4f0bcc735038 15.0 cited
-
Suppress variable-set-but-not-used warning from clang 13.
- dc43fc9b3aa3 15.0 cited
-
Extend the options of pg_basebackup to control compression
- 5c649fe15336 15.0 cited
-
Support base backup targets.
- 3500ccc39b0d 15.0 landed
-
Modify pg_basebackup to use a new COPY subprotocol for base backups.
- cc333f32336f 15.0 landed
-
Document that tar archives are now properly terminated.
- 81fca310b38e 15.0 landed
-
Fix thinko in bbsink_throttle_manifest_contents.
- 1b098da20093 15.0 landed
-
Have the server properly terminate tar archives.
- 5a1007a5088c 15.0 landed
-
Minimal fix for unterminated tar archive problem.
- 57b5a9646d97 15.0 landed
-
Introduce 'bbstreamer' abstraction to modularize pg_basebackup.
- 23a1c6578c87 15.0 landed
-
Introduce 'bbsink' abstraction to modularize base backup code.
- bef47ff85df1 15.0 landed
-
Refactor basebackup.c's _tarWriteDir() function.
- 967a17fe2fa7 15.0 landed
-
Flexible options for CREATE_REPLICATION_SLOT.
- 0266e98c6b86 15.0 landed
-
Flexible options for BASE_BACKUP.
- 0ba281cb4bf9 15.0 landed
Attachments
- 0001-Allow-extensions-to-add-new-backup-targets.patch (application/octet-stream) patch 0001
- 0002-Add-basebackup_to_shell-contrib-module.patch (application/octet-stream) patch 0002
On Tue, Jan 18, 2022 at 1:55 PM Robert Haas <robertmhaas@gmail.com> wrote: > 0001 adds "server" and "blackhole" as backup targets. It now has some > tests. This might be more or less ready to ship, unless somebody else > sees a problem, or I find one. I played around with this a bit and it seems quite easy to extend this further. So please find attached a couple more patches to generalize this mechanism. 0001 adds an extensibility framework for backup targets. The idea is that an extension loaded via shared_preload_libraries can call BaseBackupAddTarget() to define a new base backup target, which the user can then access via pg_basebackup --target TARGET_NAME, or if they want to pass a detail string, pg_basebackup --target TARGET_NAME:DETAIL. There might be slightly better ways of hooking this into the system. I'm not unhappy with this approach, but there might be a better idea out there. 0002 adds an example contrib module called basebackup_to_shell. The system administrator can set basebackup_to_shell.command='SOMETHING'. A backup directed to the 'shell' target will cause the server to execute the configured command once per generated archive, and once for the backup_manifest, if any. When executing the command, %f gets replaced with the archive filename (e.g. base.tar) and %d gets replaced with the detail. The actual contents of the file are passed to the command's standard input, and it can then do whatever it likes with that data. Clearly, this is not state of the art; for instance, if what you really want is to upload the backup files someplace via HTTP, using this to run 'curl' is probably not so good of an idea as using an extension module that links with libcurl. That would likely lead to better error checking, better performance, nicer configuration, and just generally fewer things that can go wrong. On the other hand, writing an integration in C is kind of tricky, and this thing is quite easy to use -- and it does work. There are a couple of things to be concerned about with 0002 from a security perspective. First, in a backend environment, we have a function to spawn a subprocess via popen(), namely OpenPipeStream(), but there is no function to spawn a subprocess with execve() and end up with a socket connected to its standard input. And that means that whatever command the administrator configures is being interpreted by the shell, which is a potential problem given that we're interpolating the target detail string supplied by the user, who must have at least replication privileges but need not be the superuser. I chose to handle this by allowing the target detail to contain only alphanumeric characters. Refinement is likely possible, but whether the effort is worthwhile seems questionable. Second, what if the superuser wants to allow the use of this module to only some of the users who have replication privileges? That seems a bit unlikely but it's possible, so I added a GUC basebackup_to_shell.required_role. If set, the functionality is only usable by members of the named role. If unset, anyone with replication privilege can use it. I guess someone could criticize this as defaulting to the least secure setting, but considering that you have to have replication privileges to use this at all, I don't find that argument much to get excited about. I have to say that I'm incredibly happy with how easy these patches were to write. I think this is going to make adding new base backup targets as accessible as we can realistically hope to make it. There is some boilerplate code, as an examination of the patches will reveal, but it's not a lot, and at least IMHO it's pretty straightforward. Granted, coding up a new base backup target is something only experienced C hackers are likely to do, but the fact that I was able to throw this together so quickly suggests to me that I've got the design basically right, and that anyone who does want to plug into the new mechanism shouldn't have too much trouble doing so. Thoughts? -- Robert Haas EDB: http://www.enterprisedb.com