| blob | 87cc1b96cbced284fd9eadf5f737e66fa1769fb1 |
1 /*-------------------------------------------------------------------------
2 *
3 * basebackup_incremental.c
4 * code for incremental backup support
5 *
6 * This code isn't actually in charge of taking an incremental backup;
7 * the actual construction of the incremental backup happens in
8 * basebackup.c. Here, we're concerned with providing the necessary
9 * supports for that operation. In particular, we need to parse the
10 * backup manifest supplied by the user taking the incremental backup
11 * and extract the required information from it.
12 *
13 * Portions Copyright (c) 2010-2024, PostgreSQL Global Development Group
14 *
15 * IDENTIFICATION
16 * src/backend/backup/basebackup_incremental.c
17 *
18 *-------------------------------------------------------------------------
19 */
32 #define BLOCKS_PER_READ 512
34 /*
35 * We expect to find the last lines of the manifest, including the checksum,
36 * in the last MIN_CHUNK bytes of the manifest. We trigger an incremental
37 * parse step if we are about to overflow MAX_CHUNK bytes.
38 */
39 #define MIN_CHUNK 1024
40 #define MAX_CHUNK (128 * 1024)
42 /*
43 * Details extracted from the WAL ranges present in the supplied backup manifest.
44 */
46 {
47 TimeLineID tli;
48 XLogRecPtr start_lsn;
49 XLogRecPtr end_lsn;
52 /*
53 * Details extracted from the file list present in the supplied backup manifest.
54 */
56 {
57 uint32 status;
59 uint64 size;
63 #define SH_PREFIX backup_file
64 #define SH_ELEMENT_TYPE backup_file_entry
65 #define SH_KEY_TYPE const char *
66 #define SH_KEY path
67 #define SH_HASH_KEY(tb, key) hash_string_pointer(key)
68 #define SH_EQUAL(tb, a, b) (strcmp(a, b) == 0)
69 #define SH_SCOPE static inline
70 #define SH_DECLARE
71 #define SH_DEFINE
74 struct IncrementalBackupInfo
75 {
76 /* Memory context for this object and its subsidiary objects. */
77 MemoryContext mcxt;
79 /* Temporary buffer for storing the manifest while parsing it. */
80 StringInfoData buf;
82 /* WAL ranges extracted from the backup manifest. */
85 /*
86 * Files extracted from the backup manifest.
87 *
88 * We don't really need this information, because we use WAL summaries to
89 * figure out what's changed. It would be unsafe to just rely on the list
90 * of files that existed before, because it's possible for a file to be
91 * removed and a new one created with the same name and different
92 * contents. In such cases, the whole file must still be sent. We can tell
93 * from the WAL summaries whether that happened, but not from the file
94 * list.
95 *
96 * Nonetheless, this data is useful for sanity checking. If a file that we
97 * think we shouldn't need to send is not present in the manifest for the
98 * prior backup, something has gone terribly wrong. We retain the file
99 * names and sizes, but not the checksums or last modified times, for
100 * which we have no use.
101 *
102 * One significant downside of storing this data is that it consumes
103 * memory. If that turns out to be a problem, we might have to decide not
104 * to retain this information, or to make it optional.
105 */
108 /*
109 * Block-reference table for the incremental backup.
110 *
111 * It's possible that storing the entire block-reference table in memory
112 * will be a problem for some users. The in-memory format that we're using
113 * here is pretty efficient, converging to little more than 1 bit per
114 * block for relation forks with large numbers of modified blocks. It's
115 * possible, however, that if you try to perform an incremental backup of
116 * a database with a sufficiently large number of relations on a
117 * sufficiently small machine, you could run out of memory here. If that
118 * turns out to be a problem in practice, we'll need to be more clever.
119 */
122 /*
123 * State object for incremental JSON parsing
124 */
126 };
131 uint64 manifest_system_identifier);
134 uint64 size,
135 pg_checksum_type checksum_type,
139 TimeLineID tli,
140 XLogRecPtr start_lsn,
141 XLogRecPtr end_lsn);
147 /*
148 * Create a new object for storing information extracted from the manifest
149 * supplied when creating an incremental backup.
150 */
151 IncrementalBackupInfo *
153 {
155 MemoryContext oldcontext;
164 /*
165 * It's hard to guess how many files a "typical" installation will have in
166 * the data directory, but a fresh initdb creates almost 1000 files as of
167 * this writing, so it seems to make sense for our estimate to
168 * substantially higher.
169 */
173 /* Parse the manifest. */
186 }
188 /*
189 * Before taking an incremental backup, the caller must supply the backup
190 * manifest from a prior backup. Each chunk of manifest data received
191 * from the client should be passed to this function.
192 */
193 void
196 {
197 MemoryContext oldcontext;
199 /* Switch to our memory context. */
203 {
204 /*
205 * time for an incremental parse. We'll do all but the last MIN_CHUNK
206 * so that we have enough left for the final piece.
207 */
210 /* now remove what we just parsed */
214 }
218 /* Switch back to previous memory context. */
220 }
222 /*
223 * Finalize an IncrementalBackupInfo object after all manifest data has
224 * been supplied via calls to AppendIncrementalManifestData.
225 */
226 void
228 {
229 MemoryContext oldcontext;
231 /* Switch to our memory context. */
234 /* Parse the last chunk of the manifest */
238 /* Done with the buffer, so release memory. */
242 /* Done with inc_state, so release that memory too */
245 /* Switch back to previous memory context. */
247 }
249 /*
250 * Prepare to take an incremental backup.
251 *
252 * Before this function is called, AppendIncrementalManifestData and
253 * FinalizeIncrementalManifest should have already been called to pass all
254 * the manifest data to this object.
255 *
256 * This function performs sanity checks on the data extracted from the
257 * manifest and figures out for which WAL ranges we need summaries, and
258 * whether those summaries are available. Then, it reads and combines the
259 * data from those summary files. It also updates the backup_state with the
260 * reference TLI and LSN for the prior backup.
261 */
262 void
265 {
266 MemoryContext oldcontext;
281 /* Switch to our memory context. */
284 /*
285 * A valid backup manifest must always contain at least one WAL range
286 * (usually exactly one, unless the backup spanned a timeline switch).
287 */
294 /*
295 * Match up the TLIs that appear in the WAL ranges of the backup manifest
296 * with those that appear in this server's timeline history. We expect
297 * every backup_wal_range to match to a TimeLineHistoryEntry; if it does
298 * not, that's an error.
299 *
300 * This loop also decides which of the WAL ranges is the manifest is most
301 * ancient and which one is the newest, according to the timeline history
302 * of this server, and stores TLIs of those WAL ranges into
303 * earliest_wal_range_tli and latest_wal_range_tli. It also updates
304 * earliest_wal_range_start_lsn to the start LSN of the WAL range for
305 * earliest_wal_range_tli.
306 *
307 * Note that the return value of readTimeLineHistory puts the latest
308 * timeline at the beginning of the list, not the end. Hence, the earliest
309 * TLI is the one that occurs nearest the end of the list returned by
310 * readTimeLineHistory, and the latest TLI is the one that occurs closest
311 * to the beginning.
312 */
316 {
321 /* Search this server's history for this WAL range's TLI. */
323 {
327 {
330 }
336 }
338 /*
339 * An incremental backup can only be taken relative to a backup that
340 * represents a previous state of this server. If the backup requires
341 * WAL from a timeline that's not in our history, that definitely
342 * isn't the case.
343 */
350 /*
351 * If we found this TLI in the server's history before encountering
352 * the latest TLI seen so far in the server's history, then this TLI
353 * is the latest one seen so far.
354 *
355 * If on the other hand we saw the earliest TLI seen so far before
356 * finding this TLI, this TLI is earlier than the earliest one seen so
357 * far. And if this is the first TLI for which we've searched, it's
358 * also the earliest one seen so far.
359 *
360 * On the first loop iteration, both things should necessarily be
361 * true.
362 */
366 {
369 }
370 }
372 /*
373 * Propagate information about the prior backup into the backup_label that
374 * will be generated for this backup.
375 */
379 /*
380 * Sanity check start and end LSNs for the WAL ranges in the manifest.
381 *
382 * Commonly, there won't be any timeline switches during the prior backup
383 * at all, but if there are, they should happen at the same LSNs that this
384 * server switched timelines.
385 *
386 * Whether there are any timeline switches during the prior backup or not,
387 * the prior backup shouldn't require any WAL from a timeline prior to the
388 * start of that timeline. It also shouldn't require any WAL from later
389 * than the start of this backup.
390 *
391 * If any of these sanity checks fail, one possible explanation is that
392 * the user has generated WAL on the same timeline with the same LSNs more
393 * than once. For instance, if two standbys running on timeline 1 were
394 * both promoted and (due to a broken archiving setup) both selected new
395 * timeline ID 2, then it's possible that one of these checks might trip.
396 *
397 * Note that there are lots of ways for the user to do something very bad
398 * without tripping any of these checks, and they are not intended to be
399 * comprehensive. It's pretty hard to see how we could be certain of
400 * anything here. However, if there's a problem staring us right in the
401 * face, it's best to report it, so we do.
402 */
404 {
408 {
412 errmsg("manifest requires WAL from initial timeline %u starting at %X/%X, but that timeline begins at %X/%X",
416 }
417 else
418 {
422 errmsg("manifest requires WAL from continuation timeline %u starting at %X/%X, but that timeline begins at %X/%X",
426 }
429 {
433 errmsg("manifest requires WAL from final timeline %u ending at %X/%X, but this backup starts at %X/%X",
437 errhint("This can happen for incremental backups on a standby if there was little activity since the previous backup.")));
438 }
439 else
440 {
444 errmsg("manifest requires WAL from non-final timeline %u ending at %X/%X, but this server switched timelines at %X/%X",
448 }
450 }
452 /*
453 * Wait for WAL summarization to catch up to the backup start LSN. This
454 * will throw an error if the WAL summarizer appears to be stuck. If WAL
455 * summarization gets disabled while we're waiting, this will return
456 * immediately, and we'll error out further down if the WAL summaries are
457 * incomplete.
458 */
461 /*
462 * Retrieve a list of all WAL summaries on any timeline that overlap with
463 * the LSN range of interest. We could instead call GetWalSummaries() once
464 * per timeline in the loop that follows, but that would involve reading
465 * the directory multiple times. It should be mildly faster - and perhaps
466 * a bit safer - to do it just once.
467 */
471 /*
472 * We need WAL summaries for everything that happened during the prior
473 * backup and everything that happened afterward up until the point where
474 * the current backup started.
475 */
477 {
484 /*
485 * Working through the history of this server from the current
486 * timeline backwards, we skip everything until we find the timeline
487 * where this backup started. Most of the time, this means we won't
488 * skip anything at all, as it's unlikely that the timeline has
489 * changed since the beginning of the backup moments ago.
490 */
492 {
495 }
499 /*
500 * Find the summaries that overlap the LSN range of interest for this
501 * timeline. If this is the earliest timeline involved, the range of
502 * interest begins with the start LSN of the prior backup; otherwise,
503 * it begins at the LSN at which this timeline came into existence. If
504 * this is the latest TLI involved, the range of interest ends at the
505 * start LSN of the current backup; otherwise, it ends at the point
506 * where we switched from this timeline to the next one.
507 */
513 /*
514 * There is no guarantee that the WAL summaries we found cover the
515 * entire range of LSNs for which summaries are required, or indeed
516 * that we found any WAL summaries at all. Check whether we have a
517 * problem of that sort.
518 */
521 {
525 errmsg("WAL summaries are required on timeline %u from %X/%X to %X/%X, but no summaries for that timeline and LSN range exist",
529 else
532 errmsg("WAL summaries are required on timeline %u from %X/%X to %X/%X, but the summaries for that timeline and LSN range are incomplete",
538 }
540 /*
541 * Remember that we need to read these summaries.
542 *
543 * Technically, it's possible that this could read more files than
544 * required, since tli_wslist in theory could contain redundant
545 * summaries. For instance, if we have a summary from 0/10000000 to
546 * 0/20000000 and also one from 0/00000000 to 0/30000000, then the
547 * latter subsumes the former and the former could be ignored.
548 *
549 * We ignore this possibility because the WAL summarizer only tries to
550 * generate summaries that do not overlap. If somehow they exist,
551 * we'll do a bit of extra work but the results should still be
552 * correct.
553 */
556 /*
557 * Timelines earlier than the one in which the prior backup began are
558 * not relevant.
559 */
562 }
564 /*
565 * Read all of the required block reference table files and merge all of
566 * the data into a single in-memory block reference table.
567 *
568 * See the comments for struct IncrementalBackupInfo for some thoughts on
569 * memory usage.
570 */
573 {
575 WalSummaryIO wsio;
577 RelFileLocator rlocator;
578 ForkNumber forknum;
579 BlockNumber limit_block;
592 {
597 {
602 BLOCKS_PER_READ);
609 }
610 }
613 }
615 /* Switch back to previous memory context. */
617 }
619 /*
620 * Get the pathname that should be used when a file is sent incrementally.
621 *
622 * The result is a palloc'd string.
623 */
627 {
633 forknum);
641 else
647 }
649 /*
650 * How should we back up a particular file as part of an incremental backup?
651 *
652 * If the return value is BACK_UP_FILE_FULLY, caller should back up the whole
653 * file just as if this were not an incremental backup. The contents of the
654 * relative_block_numbers array are unspecified in this case.
655 *
656 * If the return value is BACK_UP_FILE_INCREMENTALLY, caller should include
657 * an incremental file in the backup instead of the entire file. On return,
658 * *num_blocks_required will be set to the number of blocks that need to be
659 * sent, and the actual block numbers will have been stored in
660 * relative_block_numbers, which should be an array of at least RELSEG_SIZE.
661 * In addition, *truncation_block_length will be set to the value that should
662 * be included in the incremental file.
663 */
664 FileBackupMethod
672 {
673 BlockNumber limit_block;
674 BlockNumber start_blkno;
675 BlockNumber stop_blkno;
676 RelFileLocator rlocator;
681 /* Should only be called after PrepareForIncrementalBackup. */
684 /*
685 * dboid could be InvalidOid if shared rel, but spcoid and relfilenumber
686 * should have legal values.
687 */
691 /*
692 * If the file size is too large or not a multiple of BLCKSZ, then
693 * something weird is happening, so give up and send the whole file.
694 */
698 /*
699 * The free-space map fork is not properly WAL-logged, so we need to
700 * backup the entire file every time.
701 */
705 /*
706 * If this file was not part of the prior backup, back it up fully.
707 *
708 * If this file was created after the prior backup and before the start of
709 * the current backup, then the WAL summary information will tell us to
710 * back up the whole file. However, if this file was created after the
711 * start of the current backup, then the WAL summary won't know anything
712 * about it. Without this logic, we would erroneously conclude that it was
713 * OK to send it incrementally.
714 *
715 * Note that the file could have existed at the time of the prior backup,
716 * gotten deleted, and then a new file with the same name could have been
717 * created. In that case, this logic won't prevent the file from being
718 * backed up incrementally. But, if the deletion happened before the start
719 * of the current backup, the limit block will be 0, inducing a full
720 * backup. If the deletion happened after the start of the current backup,
721 * reconstruction will erroneously combine blocks from the current
722 * lifespan of the file with blocks from the previous lifespan -- but in
723 * this type of case, WAL replay to reach backup consistency should remove
724 * and recreate the file anyway, so the initial bogus contents should not
725 * matter.
726 */
728 {
735 }
737 /*
738 * Look up the special block reference table entry for the database as a
739 * whole.
740 */
746 {
747 /*
748 * According to the WAL summary, this database OID/tablespace OID
749 * pairing has been created since the previous backup. So, everything
750 * in it must be backed up fully.
751 */
753 }
755 /* Look up the block reference table entry for this relfilenode. */
760 /*
761 * If there is no entry, then there have been no WAL-logged changes to the
762 * relation since the predecessor backup was taken, so we can back it up
763 * incrementally and need not include any modified blocks.
764 *
765 * However, if the file is zero-length, we should do a full backup,
766 * because an incremental file is always more than zero length, and it's
767 * silly to take an incremental backup when a full backup would be
768 * smaller.
769 */
771 {
777 }
779 /*
780 * If the limit_block is less than or equal to the point where this
781 * segment starts, send the whole file.
782 */
786 /*
787 * Get relevant entries from the block reference table entry.
788 *
789 * We shouldn't overflow computing the start or stop block numbers, but if
790 * it manages to happen somehow, detect it and throw an error.
791 */
800 /*
801 * This will write *absolute* block numbers into the output array, but
802 * we'll transpose them below.
803 */
808 /*
809 * If we're going to have to send nearly all of the blocks, then just send
810 * the whole file, because that won't require much extra storage or
811 * transfer and will speed up and simplify backup restoration. It's not
812 * clear what threshold is most appropriate here and perhaps it ought to
813 * be configurable, but for now we're just going to say that if we'd need
814 * to send 90% of the blocks anyway, give up and send the whole file.
815 *
816 * NB: If you change the threshold here, at least make sure to back up the
817 * file fully when every single block must be sent, because there's
818 * nothing good about sending an incremental file in that case.
819 */
823 /*
824 * Looks like we can send an incremental file, so sort the block numbers
825 * and then transpose them from absolute block numbers to relative block
826 * numbers if necessary.
827 *
828 * NB: If the block reference table was using the bitmap representation
829 * for a given chunk, the block numbers in that chunk will already be
830 * sorted, but when the array-of-offsets representation is used, we can
831 * receive block numbers here out of order.
832 */
834 compare_block_numbers);
836 {
839 }
842 /*
843 * The truncation block length is the minimum length of the reconstructed
844 * file. Any block numbers below this threshold that are not present in
845 * the backup need to be fetched from the prior backup. At or above this
846 * threshold, blocks should only be included in the result if they are
847 * present in the backup. (This may require inserting zero blocks if the
848 * blocks included in the backup are non-consecutive.)
849 */
852 {
857 }
859 /* Send it incrementally. */
861 }
863 /*
864 * Compute the size for a header of an incremental file containing a given
865 * number of blocks. The header is rounded to a multiple of BLCKSZ, but
866 * only if the file will store some block data.
867 */
868 size_t
870 {
873 /* Make sure we're not going to overflow. */
876 /*
877 * Three four byte quantities (magic number, truncation block length,
878 * block count) followed by block numbers.
879 */
882 /*
883 * Round the header size to a multiple of BLCKSZ - when not a multiple of
884 * BLCKSZ, add the missing fraction of a block. But do this only if the
885 * file will store data for some blocks, otherwise keep it small.
886 */
891 }
893 /*
894 * Compute the size for an incremental file containing a given number of blocks.
895 */
896 size_t
898 {
901 /* Make sure we're not going to overflow. */
904 /*
905 * Header with three four byte quantities (magic number, truncation block
906 * length, block count) followed by block numbers, rounded to a multiple
907 * of BLCKSZ (for files with block data), followed by block contents.
908 */
913 }
915 /*
916 * Helper function for filemap hash table.
917 */
918 static uint32
920 {
924 }
926 /*
927 * This callback to validate the manifest version for incremental backup.
928 */
929 static void
932 {
933 /* Incremental backups don't work with manifest version 1 */
937 }
939 /*
940 * This callback to validate the manifest system identifier against the current
941 * database server.
942 */
943 static void
945 uint64 manifest_system_identifier)
946 {
947 uint64 system_identifier;
949 /* Get system identifier of current system */
957 }
959 /*
960 * This callback is invoked for each file mentioned in the backup manifest.
961 *
962 * We store the path to each file and the size of each file for sanity-checking
963 * purposes. For further details, see comments for IncrementalBackupInfo.
964 */
965 static void
968 pg_checksum_type checksum_type,
971 {
978 {
980 pathname);
982 }
983 }
985 /*
986 * This callback is invoked for each WAL range mentioned in the backup
987 * manifest.
988 *
989 * We're just interested in learning the oldest LSN and the corresponding TLI
990 * that appear in any WAL range.
991 */
992 static void
995 XLogRecPtr end_lsn)
996 {
1004 }
1006 /*
1007 * This callback is invoked if an error occurs while parsing the backup
1008 * manifest.
1009 */
1010 static void
1012 {
1013 StringInfoData errbuf;
1018 {
1028 }
1032 }
1034 /*
1035 * Quicksort comparator for block numbers.
1036 */
1037 static int
1039 {
1044 }