From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <t.lamprecht@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 6E2789693A
 for <pbs-devel@lists.proxmox.com>; Wed, 25 Jan 2023 17:00:06 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 4C8C61A05A
 for <pbs-devel@lists.proxmox.com>; Wed, 25 Jan 2023 17:00:06 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pbs-devel@lists.proxmox.com>; Wed, 25 Jan 2023 17:00:04 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A75C1460B0
 for <pbs-devel@lists.proxmox.com>; Wed, 25 Jan 2023 17:00:04 +0100 (CET)
Message-ID: <e81b304c-3d71-c906-5dce-0d7e728d59d1@proxmox.com>
Date: Wed, 25 Jan 2023 17:00:03 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:110.0) Gecko/20100101
 Thunderbird/110.0
Content-Language: de-AT, en-GB
To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>, Christoph Heiss <c.heiss@proxmox.com>
References: <20230125121902.404950-1-c.heiss@proxmox.com>
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <20230125121902.404950-1-c.heiss@proxmox.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 3.027 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -1.148 Looks like a legit reply (A)
 RCVD_IN_DNSWL_HI           -5 Sender listed at https://www.dnswl.org/,
 high trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [RFC PATCH v2 proxmox-backup{, -qemu}, pve-{qemu,
 manager}, qemu-server 0/7] fix #4289: Set protected flag on backup creation
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2023 16:00:06 -0000

Am 25/01/2023 um 13:18 schrieb Christoph Heiss:
> When a datastore has the "Verify New Snapshots" flag set and a backup
> with the protected flag set is created (e.g. using `vzdump --protected 1
> ..`), the job might fail in the final stages due to a locking race. The
> "Verify New Snapshots" flag means that backups are immediately locked for
> verification as soon as their transfer is finished and the `/finish`
> endpoint is called.
> 
> If vzdump then tries to set the `protected` flag on that backup, it can
> fail due to being currently locked by the verification task.

but the protection flag resides in the "unprotected" part of the manifest,
and IMO it seems very odd that I cannot change a protection flag if verification
is running, which can happen anytime not only on verify-new.

So why not adapt this that protection can be changed independent of verification,
which would require zero client changes and make for a better UX in general -
albeit it certainly needs some well thought out (lock) handling.