| blob | f581a5f9e68f93a24ec125bf1269e2aad8465b5d |
1 /*-------------------------------------------------------------------------
2 *
3 * basebackup_incremental.c
4 * code for incremental backup support
5 *
6 * This code isn't actually in charge of taking an incremental backup;
7 * the actual construction of the incremental backup happens in
8 * basebackup.c. Here, we're concerned with providing the necessary
9 * supports for that operation. In particular, we need to parse the
10 * backup manifest supplied by the user taking the incremental backup
11 * and extract the required information from it.
12 *
13 * Portions Copyright (c) 2010-2024, PostgreSQL Global Development Group
14 *
15 * IDENTIFICATION
16 * src/backend/backup/basebackup_incremental.c
17 *
18 *-------------------------------------------------------------------------
19 */
34 #define BLOCKS_PER_READ 512
36 /*
37 * We expect to find the last lines of the manifest, including the checksum,
38 * in the last MIN_CHUNK bytes of the manifest. We trigger an incremental
39 * parse step if we are about to overflow MAX_CHUNK bytes.
40 */
41 #define MIN_CHUNK 1024
42 #define MAX_CHUNK (128 * 1024)
44 /*
45 * Details extracted from the WAL ranges present in the supplied backup manifest.
46 */
48 {
49 TimeLineID tli;
50 XLogRecPtr start_lsn;
51 XLogRecPtr end_lsn;
54 /*
55 * Details extracted from the file list present in the supplied backup manifest.
56 */
58 {
59 uint32 status;
61 uint64 size;
65 #define SH_PREFIX backup_file
66 #define SH_ELEMENT_TYPE backup_file_entry
67 #define SH_KEY_TYPE const char *
68 #define SH_KEY path
69 #define SH_HASH_KEY(tb, key) hash_string_pointer(key)
70 #define SH_EQUAL(tb, a, b) (strcmp(a, b) == 0)
71 #define SH_SCOPE static inline
72 #define SH_DECLARE
73 #define SH_DEFINE
76 struct IncrementalBackupInfo
77 {
78 /* Memory context for this object and its subsidiary objects. */
79 MemoryContext mcxt;
81 /* Temporary buffer for storing the manifest while parsing it. */
82 StringInfoData buf;
84 /* WAL ranges extracted from the backup manifest. */
87 /*
88 * Files extracted from the backup manifest.
89 *
90 * We don't really need this information, because we use WAL summaries to
91 * figure out what's changed. It would be unsafe to just rely on the list
92 * of files that existed before, because it's possible for a file to be
93 * removed and a new one created with the same name and different
94 * contents. In such cases, the whole file must still be sent. We can tell
95 * from the WAL summaries whether that happened, but not from the file
96 * list.
97 *
98 * Nonetheless, this data is useful for sanity checking. If a file that we
99 * think we shouldn't need to send is not present in the manifest for the
100 * prior backup, something has gone terribly wrong. We retain the file
101 * names and sizes, but not the checksums or last modified times, for
102 * which we have no use.
103 *
104 * One significant downside of storing this data is that it consumes
105 * memory. If that turns out to be a problem, we might have to decide not
106 * to retain this information, or to make it optional.
107 */
110 /*
111 * Block-reference table for the incremental backup.
112 *
113 * It's possible that storing the entire block-reference table in memory
114 * will be a problem for some users. The in-memory format that we're using
115 * here is pretty efficient, converging to little more than 1 bit per
116 * block for relation forks with large numbers of modified blocks. It's
117 * possible, however, that if you try to perform an incremental backup of
118 * a database with a sufficiently large number of relations on a
119 * sufficiently small machine, you could run out of memory here. If that
120 * turns out to be a problem in practice, we'll need to be more clever.
121 */
124 /*
125 * State object for incremental JSON parsing
126 */
128 };
133 uint64 manifest_system_identifier);
136 uint64 size,
137 pg_checksum_type checksum_type,
141 TimeLineID tli,
142 XLogRecPtr start_lsn,
143 XLogRecPtr end_lsn);
149 /*
150 * Create a new object for storing information extracted from the manifest
151 * supplied when creating an incremental backup.
152 */
153 IncrementalBackupInfo *
155 {
157 MemoryContext oldcontext;
166 /*
167 * It's hard to guess how many files a "typical" installation will have in
168 * the data directory, but a fresh initdb creates almost 1000 files as of
169 * this writing, so it seems to make sense for our estimate to
170 * substantially higher.
171 */
175 /* Parse the manifest. */
188 }
190 /*
191 * Before taking an incremental backup, the caller must supply the backup
192 * manifest from a prior backup. Each chunk of manifest data received
193 * from the client should be passed to this function.
194 */
195 void
198 {
199 MemoryContext oldcontext;
201 /* Switch to our memory context. */
205 {
206 /*
207 * time for an incremental parse. We'll do all but the last MIN_CHUNK
208 * so that we have enough left for the final piece.
209 */
212 /* now remove what we just parsed */
216 }
220 /* Switch back to previous memory context. */
222 }
224 /*
225 * Finalize an IncrementalBackupInfo object after all manifest data has
226 * been supplied via calls to AppendIncrementalManifestData.
227 */
228 void
230 {
231 MemoryContext oldcontext;
233 /* Switch to our memory context. */
236 /* Parse the last chunk of the manifest */
240 /* Done with the buffer, so release memory. */
244 /* Done with inc_state, so release that memory too */
247 /* Switch back to previous memory context. */
249 }
251 /*
252 * Prepare to take an incremental backup.
253 *
254 * Before this function is called, AppendIncrementalManifestData and
255 * FinalizeIncrementalManifest should have already been called to pass all
256 * the manifest data to this object.
257 *
258 * This function performs sanity checks on the data extracted from the
259 * manifest and figures out for which WAL ranges we need summaries, and
260 * whether those summaries are available. Then, it reads and combines the
261 * data from those summary files. It also updates the backup_state with the
262 * reference TLI and LSN for the prior backup.
263 */
264 void
267 {
268 MemoryContext oldcontext;
283 /* Switch to our memory context. */
286 /*
287 * A valid backup manifest must always contain at least one WAL range
288 * (usually exactly one, unless the backup spanned a timeline switch).
289 */
296 /*
297 * Match up the TLIs that appear in the WAL ranges of the backup manifest
298 * with those that appear in this server's timeline history. We expect
299 * every backup_wal_range to match to a TimeLineHistoryEntry; if it does
300 * not, that's an error.
301 *
302 * This loop also decides which of the WAL ranges is the manifest is most
303 * ancient and which one is the newest, according to the timeline history
304 * of this server, and stores TLIs of those WAL ranges into
305 * earliest_wal_range_tli and latest_wal_range_tli. It also updates
306 * earliest_wal_range_start_lsn to the start LSN of the WAL range for
307 * earliest_wal_range_tli.
308 *
309 * Note that the return value of readTimeLineHistory puts the latest
310 * timeline at the beginning of the list, not the end. Hence, the earliest
311 * TLI is the one that occurs nearest the end of the list returned by
312 * readTimeLineHistory, and the latest TLI is the one that occurs closest
313 * to the beginning.
314 */
318 {
323 /* Search this server's history for this WAL range's TLI. */
325 {
329 {
332 }
338 }
340 /*
341 * An incremental backup can only be taken relative to a backup that
342 * represents a previous state of this server. If the backup requires
343 * WAL from a timeline that's not in our history, that definitely
344 * isn't the case.
345 */
352 /*
353 * If we found this TLI in the server's history before encountering
354 * the latest TLI seen so far in the server's history, then this TLI
355 * is the latest one seen so far.
356 *
357 * If on the other hand we saw the earliest TLI seen so far before
358 * finding this TLI, this TLI is earlier than the earliest one seen so
359 * far. And if this is the first TLI for which we've searched, it's
360 * also the earliest one seen so far.
361 *
362 * On the first loop iteration, both things should necessarily be
363 * true.
364 */
368 {
371 }
372 }
374 /*
375 * Propagate information about the prior backup into the backup_label that
376 * will be generated for this backup.
377 */
381 /*
382 * Sanity check start and end LSNs for the WAL ranges in the manifest.
383 *
384 * Commonly, there won't be any timeline switches during the prior backup
385 * at all, but if there are, they should happen at the same LSNs that this
386 * server switched timelines.
387 *
388 * Whether there are any timeline switches during the prior backup or not,
389 * the prior backup shouldn't require any WAL from a timeline prior to the
390 * start of that timeline. It also shouldn't require any WAL from later
391 * than the start of this backup.
392 *
393 * If any of these sanity checks fail, one possible explanation is that
394 * the user has generated WAL on the same timeline with the same LSNs more
395 * than once. For instance, if two standbys running on timeline 1 were
396 * both promoted and (due to a broken archiving setup) both selected new
397 * timeline ID 2, then it's possible that one of these checks might trip.
398 *
399 * Note that there are lots of ways for the user to do something very bad
400 * without tripping any of these checks, and they are not intended to be
401 * comprehensive. It's pretty hard to see how we could be certain of
402 * anything here. However, if there's a problem staring us right in the
403 * face, it's best to report it, so we do.
404 */
406 {
410 {
414 errmsg("manifest requires WAL from initial timeline %u starting at %X/%X, but that timeline begins at %X/%X",
418 }
419 else
420 {
424 errmsg("manifest requires WAL from continuation timeline %u starting at %X/%X, but that timeline begins at %X/%X",
428 }
431 {
435 errmsg("manifest requires WAL from final timeline %u ending at %X/%X, but this backup starts at %X/%X",
439 errhint("This can happen for incremental backups on a standby if there was little activity since the previous backup.")));
440 }
441 else
442 {
446 errmsg("manifest requires WAL from non-final timeline %u ending at %X/%X, but this server switched timelines at %X/%X",
450 }
452 }
454 /*
455 * Wait for WAL summarization to catch up to the backup start LSN. This
456 * will throw an error if the WAL summarizer appears to be stuck. If WAL
457 * summarization gets disabled while we're waiting, this will return
458 * immediately, and we'll error out further down if the WAL summaries are
459 * incomplete.
460 */
463 /*
464 * Retrieve a list of all WAL summaries on any timeline that overlap with
465 * the LSN range of interest. We could instead call GetWalSummaries() once
466 * per timeline in the loop that follows, but that would involve reading
467 * the directory multiple times. It should be mildly faster - and perhaps
468 * a bit safer - to do it just once.
469 */
473 /*
474 * We need WAL summaries for everything that happened during the prior
475 * backup and everything that happened afterward up until the point where
476 * the current backup started.
477 */
479 {
486 /*
487 * Working through the history of this server from the current
488 * timeline backwards, we skip everything until we find the timeline
489 * where this backup started. Most of the time, this means we won't
490 * skip anything at all, as it's unlikely that the timeline has
491 * changed since the beginning of the backup moments ago.
492 */
494 {
497 }
501 /*
502 * Find the summaries that overlap the LSN range of interest for this
503 * timeline. If this is the earliest timeline involved, the range of
504 * interest begins with the start LSN of the prior backup; otherwise,
505 * it begins at the LSN at which this timeline came into existence. If
506 * this is the latest TLI involved, the range of interest ends at the
507 * start LSN of the current backup; otherwise, it ends at the point
508 * where we switched from this timeline to the next one.
509 */
515 /*
516 * There is no guarantee that the WAL summaries we found cover the
517 * entire range of LSNs for which summaries are required, or indeed
518 * that we found any WAL summaries at all. Check whether we have a
519 * problem of that sort.
520 */
523 {
527 errmsg("WAL summaries are required on timeline %u from %X/%X to %X/%X, but no summaries for that timeline and LSN range exist",
531 else
534 errmsg("WAL summaries are required on timeline %u from %X/%X to %X/%X, but the summaries for that timeline and LSN range are incomplete",
540 }
542 /*
543 * Remember that we need to read these summaries.
544 *
545 * Technically, it's possible that this could read more files than
546 * required, since tli_wslist in theory could contain redundant
547 * summaries. For instance, if we have a summary from 0/10000000 to
548 * 0/20000000 and also one from 0/00000000 to 0/30000000, then the
549 * latter subsumes the former and the former could be ignored.
550 *
551 * We ignore this possibility because the WAL summarizer only tries to
552 * generate summaries that do not overlap. If somehow they exist,
553 * we'll do a bit of extra work but the results should still be
554 * correct.
555 */
558 /*
559 * Timelines earlier than the one in which the prior backup began are
560 * not relevant.
561 */
564 }
566 /*
567 * Read all of the required block reference table files and merge all of
568 * the data into a single in-memory block reference table.
569 *
570 * See the comments for struct IncrementalBackupInfo for some thoughts on
571 * memory usage.
572 */
575 {
577 WalSummaryIO wsio;
579 RelFileLocator rlocator;
580 ForkNumber forknum;
581 BlockNumber limit_block;
594 {
599 {
604 BLOCKS_PER_READ);
611 }
612 }
615 }
617 /* Switch back to previous memory context. */
619 }
621 /*
622 * Get the pathname that should be used when a file is sent incrementally.
623 *
624 * The result is a palloc'd string.
625 */
629 {
635 forknum);
643 else
649 }
651 /*
652 * How should we back up a particular file as part of an incremental backup?
653 *
654 * If the return value is BACK_UP_FILE_FULLY, caller should back up the whole
655 * file just as if this were not an incremental backup. The contents of the
656 * relative_block_numbers array are unspecified in this case.
657 *
658 * If the return value is BACK_UP_FILE_INCREMENTALLY, caller should include
659 * an incremental file in the backup instead of the entire file. On return,
660 * *num_blocks_required will be set to the number of blocks that need to be
661 * sent, and the actual block numbers will have been stored in
662 * relative_block_numbers, which should be an array of at least RELSEG_SIZE.
663 * In addition, *truncation_block_length will be set to the value that should
664 * be included in the incremental file.
665 */
666 FileBackupMethod
674 {
675 BlockNumber limit_block;
676 BlockNumber start_blkno;
677 BlockNumber stop_blkno;
678 RelFileLocator rlocator;
683 /* Should only be called after PrepareForIncrementalBackup. */
686 /*
687 * dboid could be InvalidOid if shared rel, but spcoid and relfilenumber
688 * should have legal values.
689 */
693 /*
694 * If the file size is too large or not a multiple of BLCKSZ, then
695 * something weird is happening, so give up and send the whole file.
696 */
700 /*
701 * The free-space map fork is not properly WAL-logged, so we need to
702 * backup the entire file every time.
703 */
707 /*
708 * If this file was not part of the prior backup, back it up fully.
709 *
710 * If this file was created after the prior backup and before the start of
711 * the current backup, then the WAL summary information will tell us to
712 * back up the whole file. However, if this file was created after the
713 * start of the current backup, then the WAL summary won't know anything
714 * about it. Without this logic, we would erroneously conclude that it was
715 * OK to send it incrementally.
716 *
717 * Note that the file could have existed at the time of the prior backup,
718 * gotten deleted, and then a new file with the same name could have been
719 * created. In that case, this logic won't prevent the file from being
720 * backed up incrementally. But, if the deletion happened before the start
721 * of the current backup, the limit block will be 0, inducing a full
722 * backup. If the deletion happened after the start of the current backup,
723 * reconstruction will erroneously combine blocks from the current
724 * lifespan of the file with blocks from the previous lifespan -- but in
725 * this type of case, WAL replay to reach backup consistency should remove
726 * and recreate the file anyway, so the initial bogus contents should not
727 * matter.
728 */
730 {
737 }
739 /*
740 * Look up the special block reference table entry for the database as a
741 * whole.
742 */
748 {
749 /*
750 * According to the WAL summary, this database OID/tablespace OID
751 * pairing has been created since the previous backup. So, everything
752 * in it must be backed up fully.
753 */
755 }
757 /* Look up the block reference table entry for this relfilenode. */
762 /*
763 * If there is no entry, then there have been no WAL-logged changes to the
764 * relation since the predecessor backup was taken, so we can back it up
765 * incrementally and need not include any modified blocks.
766 *
767 * However, if the file is zero-length, we should do a full backup,
768 * because an incremental file is always more than zero length, and it's
769 * silly to take an incremental backup when a full backup would be
770 * smaller.
771 */
773 {
779 }
781 /*
782 * If the limit_block is less than or equal to the point where this
783 * segment starts, send the whole file.
784 */
788 /*
789 * Get relevant entries from the block reference table entry.
790 *
791 * We shouldn't overflow computing the start or stop block numbers, but if
792 * it manages to happen somehow, detect it and throw an error.
793 */
802 /*
803 * This will write *absolute* block numbers into the output array, but
804 * we'll transpose them below.
805 */
810 /*
811 * If we're going to have to send nearly all of the blocks, then just send
812 * the whole file, because that won't require much extra storage or
813 * transfer and will speed up and simplify backup restoration. It's not
814 * clear what threshold is most appropriate here and perhaps it ought to
815 * be configurable, but for now we're just going to say that if we'd need
816 * to send 90% of the blocks anyway, give up and send the whole file.
817 *
818 * NB: If you change the threshold here, at least make sure to back up the
819 * file fully when every single block must be sent, because there's
820 * nothing good about sending an incremental file in that case.
821 */
825 /*
826 * Looks like we can send an incremental file, so sort the block numbers
827 * and then transpose them from absolute block numbers to relative block
828 * numbers if necessary.
829 *
830 * NB: If the block reference table was using the bitmap representation
831 * for a given chunk, the block numbers in that chunk will already be
832 * sorted, but when the array-of-offsets representation is used, we can
833 * receive block numbers here out of order.
834 */
836 compare_block_numbers);
838 {
841 }
844 /*
845 * The truncation block length is the minimum length of the reconstructed
846 * file. Any block numbers below this threshold that are not present in
847 * the backup need to be fetched from the prior backup. At or above this
848 * threshold, blocks should only be included in the result if they are
849 * present in the backup. (This may require inserting zero blocks if the
850 * blocks included in the backup are non-consecutive.)
851 */
854 {
859 }
861 /* Send it incrementally. */
863 }
865 /*
866 * Compute the size for a header of an incremental file containing a given
867 * number of blocks. The header is rounded to a multiple of BLCKSZ, but
868 * only if the file will store some block data.
869 */
870 size_t
872 {
875 /* Make sure we're not going to overflow. */
878 /*
879 * Three four byte quantities (magic number, truncation block length,
880 * block count) followed by block numbers.
881 */
884 /*
885 * Round the header size to a multiple of BLCKSZ - when not a multiple of
886 * BLCKSZ, add the missing fraction of a block. But do this only if the
887 * file will store data for some blocks, otherwise keep it small.
888 */
893 }
895 /*
896 * Compute the size for an incremental file containing a given number of blocks.
897 */
898 size_t
900 {
903 /* Make sure we're not going to overflow. */
906 /*
907 * Header with three four byte quantities (magic number, truncation block
908 * length, block count) followed by block numbers, rounded to a multiple
909 * of BLCKSZ (for files with block data), followed by block contents.
910 */
915 }
917 /*
918 * Helper function for filemap hash table.
919 */
920 static uint32
922 {
926 }
928 /*
929 * This callback to validate the manifest version for incremental backup.
930 */
931 static void
934 {
935 /* Incremental backups don't work with manifest version 1 */
939 }
941 /*
942 * This callback to validate the manifest system identifier against the current
943 * database server.
944 */
945 static void
947 uint64 manifest_system_identifier)
948 {
949 uint64 system_identifier;
951 /* Get system identifier of current system */
959 }
961 /*
962 * This callback is invoked for each file mentioned in the backup manifest.
963 *
964 * We store the path to each file and the size of each file for sanity-checking
965 * purposes. For further details, see comments for IncrementalBackupInfo.
966 */
967 static void
970 pg_checksum_type checksum_type,
973 {
980 {
982 pathname);
984 }
985 }
987 /*
988 * This callback is invoked for each WAL range mentioned in the backup
989 * manifest.
990 *
991 * We're just interested in learning the oldest LSN and the corresponding TLI
992 * that appear in any WAL range.
993 */
994 static void
997 XLogRecPtr end_lsn)
998 {
1006 }
1008 /*
1009 * This callback is invoked if an error occurs while parsing the backup
1010 * manifest.
1011 */
1012 static void
1014 {
1015 StringInfoData errbuf;
1020 {
1030 }
1034 }
1036 /*
1037 * Quicksort comparator for block numbers.
1038 */
1039 static int
1041 {
1046 }