Re: backup manifests - Mailing list pgsql-hackers
| From | Stephen Frost |
|---|---|
| Subject | Re: backup manifests |
| Date | |
| Msg-id | 20200331115815.GU13712@tamriel.snowman.net Whole thread Raw |
| In response to | Re: backup manifests (Amit Kapila <amit.kapila16@gmail.com>) |
| List | pgsql-hackers |
Greetings, * Amit Kapila (amit.kapila16@gmail.com) wrote: > On Tue, Mar 31, 2020 at 11:10 AM Noah Misch <noah@leadboat.com> wrote: > > On Mon, Mar 30, 2020 at 12:16:31PM -0700, Andres Freund wrote: > > > On 2020-03-30 15:04:55 -0400, Robert Haas wrote: > > > > I guess I'd like to be clear here that I have no fundamental > > > > disagreement with taking this tool in any direction that people would > > > > like it to go. For me it's just a question of timing. Feature freeze > > > > is now a week or so away, and nothing complicated is going to get done > > > > in that time. If we can all agree on something simple based on > > > > Andres's recent proposal, cool, but I'm not yet sure that will be the > > > > case, so what's plan B? We could decide that what I have here is just > > > > too little to be a viable facility on its own, but I think Stephen is > > > > the only one taking that position. We could release it as > > > > pg_validatemanifest with a plan to rename it if other backup-related > > > > checks are added later. We could release it as pg_validatebackup with > > > > the idea to avoid having to rename it when more backup-related checks > > > > are added later, but with a greater possibility of confusion in the > > > > meantime and no hard guarantee that anyone will actually develop such > > > > checks. We could put it in to pg_checksums, but I think that's really > > > > backing ourselves into a corner: if backup validation develops other > > > > checks that are not checksum-related, what then? I'd much rather > > > > gamble on keeping things together by topic (backup) than technology > > > > used internally (checksum). Putting it into pg_basebackup is another > > > > option, and would avoid that problem, but it's not my preferred > > > > option, because as I noted before, I think the command-line options > > > > will get confusing. > > > > > > I'm mildly inclined to name it pg_validate, pg_validate_dbdir or > > > such. And eventually (definitely not this release) subsume pg_checksums > > > in it. That way we can add other checkers too. > > > > Works for me; of those two, I prefer pg_validate. > > pg_validate sounds like a tool with a much bigger purpose. I think > even things like amcheck could also fall under it. Yeah, I tend to agree with this. > This patch has two parts (a) Generate backup manifests for base > backups, and (b) Validate backup (manifest). It seems to me that > there are not many things pending for (a), can't we commit that first > or is it the case that (a) depends on (b)? This is *not* a suggestion > to leave pg_validatebackup from this release rather just to commit if > something is ready and meaningful on its own. I suspect the idea here is that we don't really want to commit something that nothing is actually using, and that's understandable and justified here- consider that even in this recent discussion there was talk that maybe we should have included permissions and ownership in the manifest, or starting and ending WAL positions, so that they'd be able to be checked by this tool more easily (and because it's just useful to have all that info in one place... I don't really agree with the concerns that it's an issue for static information like that to be duplicated). In other words, while the manifest creation code might be something we could commit, without a tool to use it (which does all the things that we think it needs to, to perform some high-level task, such as "validate a backup") we don't know that the manifest that's actually generated is really up to snuff and has what it needs to have to perform that task. I had been hoping that the discussion Andres was leading regarding leveraging pg_waldump (or maybe just code from it..) would get us to a point where pg_validatebackup would check that we have all of the WAL needed for the backup to be consistent and that it would then verify the internal checksums of the WAL. That would certainly be a good solution for this time around, in my view, and is already all existing client-side code. I do think we'd want to have a note about how we verify pg_wal differently from the other files which are in the manifest. Thanks, Stephen
Attachment
pgsql-hackers by date: