Make backups openable as read-only DBs (#8142)
Summary:
A current limitation of backups is that you don't know the
exact database state of when the backup was taken. With this new
feature, you can at least inspect the backup's DB state without
restoring it by opening it as a read-only DB.
Rather than add something like OpenAsReadOnlyDB to the BackupEngine API,
which would inhibit opening stackable DB implementations read-only
(if/when their APIs support it), we instead provide a DB name and Env
that can be used to open as a read-only DB.
Possible follow-up work:
* Add a version of GetBackupInfo for a single backup.
* Let CreateNewBackup return the BackupID of the newly-created backup.
Implementation details:
Refactored ChrootFileSystem to split off new base class RemapFileSystem,
which allows more general remapping of files. We use this base class to
implement BackupEngineImpl::RemapSharedFileSystem.
To minimize API impact, I decided to just add these fields `name_for_open`
and `env_for_open` to those set by GetBackupInfo when
include_file_details=true. Creating the RemapSharedFileSystem adds a bit
to the memory consumption, perhaps unnecessarily in some cases, but this
has been mitigated by (a) only initialize the RemapSharedFileSystem
lazily when GetBackupInfo with include_file_details=true is called, and
(b) using the existing `shared_ptr<FileInfo>` objects to hold most of the
mapping data.
To enhance API safety, RemapSharedFileSystem is wrapped by new
ReadOnlyFileSystem which rejects any attempts to write. This uncovered a
couple of places in which DB::OpenForReadOnly would write to the
filesystem, so I fixed these. Added a release note because this affects
logging.
Additional minor refactoring in backupable_db.cc to support the new
functionality.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8142
Test Plan:
new test (run with ASAN and UBSAN), added to stress test and
ran it for a while with amplified backup_one_in
Reviewed By: ajkr
Differential Revision: D27535408
Pulled By: pdillinger
fbshipit-source-id: 04666d310aa0261ef6b2385c43ca793ce1dfd148
2021-04-06 21:36:45 +00:00
|
|
|
// Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved.
|
|
|
|
// This source code is licensed under both the GPLv2 (found in the
|
|
|
|
// COPYING file in the root directory) and Apache 2.0 License
|
|
|
|
// (found in the LICENSE.Apache file in the root directory).
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
|
|
#include <utility>
|
|
|
|
|
|
|
|
#include "rocksdb/file_system.h"
|
|
|
|
|
|
|
|
namespace ROCKSDB_NAMESPACE {
|
|
|
|
|
|
|
|
// An abstract FileSystem wrapper that creates a view of an existing
|
|
|
|
// FileSystem by remapping names in some way.
|
|
|
|
//
|
|
|
|
// This class has not been fully analyzed for providing strong security
|
|
|
|
// guarantees.
|
|
|
|
class RemapFileSystem : public FileSystemWrapper {
|
|
|
|
public:
|
2021-04-07 06:30:55 +00:00
|
|
|
explicit RemapFileSystem(const std::shared_ptr<FileSystem>& base);
|
Make backups openable as read-only DBs (#8142)
Summary:
A current limitation of backups is that you don't know the
exact database state of when the backup was taken. With this new
feature, you can at least inspect the backup's DB state without
restoring it by opening it as a read-only DB.
Rather than add something like OpenAsReadOnlyDB to the BackupEngine API,
which would inhibit opening stackable DB implementations read-only
(if/when their APIs support it), we instead provide a DB name and Env
that can be used to open as a read-only DB.
Possible follow-up work:
* Add a version of GetBackupInfo for a single backup.
* Let CreateNewBackup return the BackupID of the newly-created backup.
Implementation details:
Refactored ChrootFileSystem to split off new base class RemapFileSystem,
which allows more general remapping of files. We use this base class to
implement BackupEngineImpl::RemapSharedFileSystem.
To minimize API impact, I decided to just add these fields `name_for_open`
and `env_for_open` to those set by GetBackupInfo when
include_file_details=true. Creating the RemapSharedFileSystem adds a bit
to the memory consumption, perhaps unnecessarily in some cases, but this
has been mitigated by (a) only initialize the RemapSharedFileSystem
lazily when GetBackupInfo with include_file_details=true is called, and
(b) using the existing `shared_ptr<FileInfo>` objects to hold most of the
mapping data.
To enhance API safety, RemapSharedFileSystem is wrapped by new
ReadOnlyFileSystem which rejects any attempts to write. This uncovered a
couple of places in which DB::OpenForReadOnly would write to the
filesystem, so I fixed these. Added a release note because this affects
logging.
Additional minor refactoring in backupable_db.cc to support the new
functionality.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8142
Test Plan:
new test (run with ASAN and UBSAN), added to stress test and
ran it for a while with amplified backup_one_in
Reviewed By: ajkr
Differential Revision: D27535408
Pulled By: pdillinger
fbshipit-source-id: 04666d310aa0261ef6b2385c43ca793ce1dfd148
2021-04-06 21:36:45 +00:00
|
|
|
|
|
|
|
protected:
|
|
|
|
// Returns status and mapped-to path in the wrapped filesystem.
|
|
|
|
// If it returns non-OK status, the returned path should not be used.
|
|
|
|
virtual std::pair<IOStatus, std::string> EncodePath(
|
|
|
|
const std::string& path) = 0;
|
|
|
|
|
|
|
|
// Similar to EncodePath() except used in cases in which it is OK for
|
|
|
|
// no file or directory on 'path' to already exist, such as if the
|
|
|
|
// operation would create one. However, the parent of 'path' is expected
|
|
|
|
// to exist for the operation to succeed.
|
|
|
|
// Default implementation: call EncodePath
|
|
|
|
virtual std::pair<IOStatus, std::string> EncodePathWithNewBasename(
|
|
|
|
const std::string& path);
|
|
|
|
|
|
|
|
public:
|
|
|
|
// Left abstract:
|
|
|
|
// const char* Name() const override { ... }
|
2021-11-02 16:06:02 +00:00
|
|
|
static const char* kClassName() { return "RemapFileSystem"; }
|
|
|
|
bool IsInstanceOf(const std::string& id) const override {
|
|
|
|
if (id == kClassName()) {
|
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return FileSystemWrapper::IsInstanceOf(id);
|
|
|
|
}
|
|
|
|
}
|
Make backups openable as read-only DBs (#8142)
Summary:
A current limitation of backups is that you don't know the
exact database state of when the backup was taken. With this new
feature, you can at least inspect the backup's DB state without
restoring it by opening it as a read-only DB.
Rather than add something like OpenAsReadOnlyDB to the BackupEngine API,
which would inhibit opening stackable DB implementations read-only
(if/when their APIs support it), we instead provide a DB name and Env
that can be used to open as a read-only DB.
Possible follow-up work:
* Add a version of GetBackupInfo for a single backup.
* Let CreateNewBackup return the BackupID of the newly-created backup.
Implementation details:
Refactored ChrootFileSystem to split off new base class RemapFileSystem,
which allows more general remapping of files. We use this base class to
implement BackupEngineImpl::RemapSharedFileSystem.
To minimize API impact, I decided to just add these fields `name_for_open`
and `env_for_open` to those set by GetBackupInfo when
include_file_details=true. Creating the RemapSharedFileSystem adds a bit
to the memory consumption, perhaps unnecessarily in some cases, but this
has been mitigated by (a) only initialize the RemapSharedFileSystem
lazily when GetBackupInfo with include_file_details=true is called, and
(b) using the existing `shared_ptr<FileInfo>` objects to hold most of the
mapping data.
To enhance API safety, RemapSharedFileSystem is wrapped by new
ReadOnlyFileSystem which rejects any attempts to write. This uncovered a
couple of places in which DB::OpenForReadOnly would write to the
filesystem, so I fixed these. Added a release note because this affects
logging.
Additional minor refactoring in backupable_db.cc to support the new
functionality.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8142
Test Plan:
new test (run with ASAN and UBSAN), added to stress test and
ran it for a while with amplified backup_one_in
Reviewed By: ajkr
Differential Revision: D27535408
Pulled By: pdillinger
fbshipit-source-id: 04666d310aa0261ef6b2385c43ca793ce1dfd148
2021-04-06 21:36:45 +00:00
|
|
|
|
|
|
|
Status RegisterDbPaths(const std::vector<std::string>& paths) override;
|
|
|
|
|
|
|
|
Status UnregisterDbPaths(const std::vector<std::string>& paths) override;
|
|
|
|
|
|
|
|
IOStatus NewSequentialFile(const std::string& fname,
|
|
|
|
const FileOptions& options,
|
|
|
|
std::unique_ptr<FSSequentialFile>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus NewRandomAccessFile(const std::string& fname,
|
|
|
|
const FileOptions& options,
|
|
|
|
std::unique_ptr<FSRandomAccessFile>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus NewWritableFile(const std::string& fname, const FileOptions& options,
|
|
|
|
std::unique_ptr<FSWritableFile>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus ReuseWritableFile(const std::string& fname,
|
|
|
|
const std::string& old_fname,
|
|
|
|
const FileOptions& options,
|
|
|
|
std::unique_ptr<FSWritableFile>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus NewRandomRWFile(const std::string& fname, const FileOptions& options,
|
|
|
|
std::unique_ptr<FSRandomRWFile>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus NewDirectory(const std::string& dir, const IOOptions& options,
|
|
|
|
std::unique_ptr<FSDirectory>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus FileExists(const std::string& fname, const IOOptions& options,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus GetChildren(const std::string& dir, const IOOptions& options,
|
|
|
|
std::vector<std::string>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus GetChildrenFileAttributes(const std::string& dir,
|
|
|
|
const IOOptions& options,
|
|
|
|
std::vector<FileAttributes>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus DeleteFile(const std::string& fname, const IOOptions& options,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus CreateDir(const std::string& dirname, const IOOptions& options,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus CreateDirIfMissing(const std::string& dirname,
|
|
|
|
const IOOptions& options,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus DeleteDir(const std::string& dirname, const IOOptions& options,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus GetFileSize(const std::string& fname, const IOOptions& options,
|
|
|
|
uint64_t* file_size, IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus GetFileModificationTime(const std::string& fname,
|
|
|
|
const IOOptions& options,
|
|
|
|
uint64_t* file_mtime,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus IsDirectory(const std::string& path, const IOOptions& options,
|
|
|
|
bool* is_dir, IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus RenameFile(const std::string& src, const std::string& dest,
|
|
|
|
const IOOptions& options, IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus LinkFile(const std::string& src, const std::string& dest,
|
|
|
|
const IOOptions& options, IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus LockFile(const std::string& fname, const IOOptions& options,
|
|
|
|
FileLock** lock, IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus NewLogger(const std::string& fname, const IOOptions& options,
|
|
|
|
std::shared_ptr<Logger>* result,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
|
|
|
|
IOStatus GetAbsolutePath(const std::string& db_path, const IOOptions& options,
|
|
|
|
std::string* output_path,
|
|
|
|
IODebugContext* dbg) override;
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace ROCKSDB_NAMESPACE
|
|
|
|
|