tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

datastore: add manifest locking

Browse Source 
Avoid races when updating manifest data by flocking a lock file.
update_manifest is used to ensure updates always happen with the lock
held.

Snapshot deletion also acquires the lock, so it cannot interfere with an
outstanding manifest write.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
This commit is contained in:
Stefan Reiter 2020-10-16 09:31:12 +02:00 committed by Dietmar Maurer
parent e07620028d
commit 1a374fcfd6
5 changed files with 50 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/api2/admin/datastore.rs
View File

@ -1481,11 +1481,9 @@ fn set_notes(
let allowed = (user_privs & PRIV_DATASTORE_READ) != 0; let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; } if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
let (mut manifest, _) = datastore.load_manifest(&backup_dir)?; datastore.update_manifest(&backup_dir,|manifest| {
manifest.unprotected["notes"] = notes.into();
manifest.unprotected["notes"] = notes.into(); }).map_err(|err| format_err!("unable to update manifest blob - {}", err))?;
datastore.store_manifest(&backup_dir, manifest)?;
Ok(()) Ok(())
} }

13
src/api2/backup/environment.rs
View File

@ -472,16 +472,11 @@ impl BackupEnvironment {
bail!("backup does not contain valid files (file count == 0)"); bail!("backup does not contain valid files (file count == 0)");
} }
// check manifest // check for valid manifest and store stats
let (mut manifest, _) = self.datastore.load_manifest(&self.backup_dir)
.map_err(|err| format_err!("unable to load manifest blob - {}", err))?;
let stats = serde_json::to_value(state.backup_stat)?; let stats = serde_json::to_value(state.backup_stat)?;
self.datastore.update_manifest(&self.backup_dir, |manifest| {
manifest.unprotected["chunk_upload_stats"] = stats; manifest.unprotected["chunk_upload_stats"] = stats;
}).map_err(|err| format_err!("unable to update manifest blob - {}", err))?;
self.datastore.store_manifest(&self.backup_dir, manifest)
.map_err(|err| format_err!("unable to store manifest blob - {}", err))?;
if let Some(base) = &self.last_backup { if let Some(base) = &self.last_backup {
let path = self.datastore.snapshot_path(&base.backup_dir); let path = self.datastore.snapshot_path(&base.backup_dir);

43
src/backup/datastore.rs
View File

@ -3,17 +3,19 @@ use std::io::{self, Write};
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use std::convert::TryFrom; use std::convert::TryFrom;
use std::time::Duration;
use std::fs::File;
use anyhow::{bail, format_err, Error}; use anyhow::{bail, format_err, Error};
use lazy_static::lazy_static; use lazy_static::lazy_static;
use proxmox::tools::fs::{replace_file, CreateOptions}; use proxmox::tools::fs::{replace_file, CreateOptions, open_file_locked};
use super::backup_info::{BackupGroup, BackupDir}; use super::backup_info::{BackupGroup, BackupDir};
use super::chunk_store::ChunkStore; use super::chunk_store::ChunkStore;
use super::dynamic_index::{DynamicIndexReader, DynamicIndexWriter}; use super::dynamic_index::{DynamicIndexReader, DynamicIndexWriter};
use super::fixed_index::{FixedIndexReader, FixedIndexWriter}; use super::fixed_index::{FixedIndexReader, FixedIndexWriter};
use super::manifest::{MANIFEST_BLOB_NAME, CLIENT_LOG_BLOB_NAME, BackupManifest}; use super::manifest::{MANIFEST_BLOB_NAME, MANIFEST_LOCK_NAME, CLIENT_LOG_BLOB_NAME, BackupManifest};
use super::index::*; use super::index::*;
use super::{DataBlob, ArchiveType, archive_type}; use super::{DataBlob, ArchiveType, archive_type};
use crate::config::datastore; use crate::config::datastore;
@ -231,9 +233,10 @@ impl DataStore {
let full_path = self.snapshot_path(backup_dir); let full_path = self.snapshot_path(backup_dir);
let _guard; let (_guard, _manifest_guard);
if !force { if !force {
_guard = lock_dir_noblock(&full_path, "snapshot", "possibly running or in use")?; _guard = lock_dir_noblock(&full_path, "snapshot", "possibly running or in use")?;
_manifest_guard = self.lock_manifest(backup_dir);
} }
log::info!("removing backup snapshot {:?}", full_path); log::info!("removing backup snapshot {:?}", full_path);
@ -629,8 +632,27 @@ impl DataStore {
digest_str, digest_str,
err, err,
)) ))
} }
fn lock_manifest(
&self,
backup_dir: &BackupDir,
) -> Result<File, Error> {
let mut path = self.base_path();
path.push(backup_dir.relative_path());
path.push(&MANIFEST_LOCK_NAME);
// update_manifest should never take a long time, so if someone else has
// the lock we can simply block a bit and should get it soon
open_file_locked(&path, Duration::from_secs(5), true)
.map_err(|err| {
format_err!(
"unable to acquire manifest lock {:?} - {}", &path, err
)
})
}
/// Load the manifest without a lock. Must not be written back.
pub fn load_manifest( pub fn load_manifest(
&self, &self,
backup_dir: &BackupDir, backup_dir: &BackupDir,
@ -641,11 +663,19 @@ impl DataStore {
Ok((manifest, raw_size)) Ok((manifest, raw_size))
} }
pub fn store_manifest( /// Update the manifest of the specified snapshot. Never write a manifest directly,
/// only use this method - anything else may break locking guarantees.
pub fn update_manifest(
&self, &self,
backup_dir: &BackupDir, backup_dir: &BackupDir,
manifest: BackupManifest, update_fn: impl FnOnce(&mut BackupManifest),
) -> Result<(), Error> { ) -> Result<(), Error> {
let _guard = self.lock_manifest(backup_dir)?;
let (mut manifest, _) = self.load_manifest(&backup_dir)?;
update_fn(&mut manifest);
let manifest = serde_json::to_value(manifest)?; let manifest = serde_json::to_value(manifest)?;
let manifest = serde_json::to_string_pretty(&manifest)?; let manifest = serde_json::to_string_pretty(&manifest)?;
let blob = DataBlob::encode(manifest.as_bytes(), None, true)?; let blob = DataBlob::encode(manifest.as_bytes(), None, true)?;
@ -655,6 +685,7 @@ impl DataStore {
path.push(backup_dir.relative_path()); path.push(backup_dir.relative_path());
path.push(MANIFEST_BLOB_NAME); path.push(MANIFEST_BLOB_NAME);
// atomic replace invalidates flock - no other writes past this point!
replace_file(&path, raw_data, CreateOptions::new())?; replace_file(&path, raw_data, CreateOptions::new())?;
Ok(()) Ok(())

1
src/backup/manifest.rs
View File

@ -8,6 +8,7 @@ use ::serde::{Deserialize, Serialize};
use crate::backup::{BackupDir, CryptMode, CryptConfig}; use crate::backup::{BackupDir, CryptMode, CryptConfig};
pub const MANIFEST_BLOB_NAME: &str = "index.json.blob"; pub const MANIFEST_BLOB_NAME: &str = "index.json.blob";
pub const MANIFEST_LOCK_NAME: &str = ".index.json.lck";
pub const CLIENT_LOG_BLOB_NAME: &str = "client.log.blob"; pub const CLIENT_LOG_BLOB_NAME: &str = "client.log.blob";
mod hex_csum { mod hex_csum {

9
src/backup/verify.rs
View File

@ -300,7 +300,7 @@ pub fn verify_backup_dir(
return Ok(true); return Ok(true);
} }
let mut manifest = match datastore.load_manifest(&backup_dir) { let manifest = match datastore.load_manifest(&backup_dir) {
Ok((manifest, _)) => manifest, Ok((manifest, _)) => manifest,
Err(err) => { Err(err) => {
task_log!( task_log!(
@ -367,9 +367,10 @@ pub fn verify_backup_dir(
state: verify_result, state: verify_result,
upid, upid,
}; };
manifest.unprotected["verify_state"] = serde_json::to_value(verify_state)?; let verify_state = serde_json::to_value(verify_state)?;
datastore.store_manifest(&backup_dir, manifest) datastore.update_manifest(&backup_dir, |manifest| {
.map_err(|err| format_err!("unable to store manifest blob - {}", err))?; manifest.unprotected["verify_state"] = verify_state;
}).map_err(|err| format_err!("unable to update manifest blob - {}", err))?;
Ok(error_count == 0) Ok(error_count == 0)
} }