* [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks @ 2025-11-22 10:41 Christian Ebner 2025-11-22 14:56 ` Thomas Lamprecht 2025-11-24 9:41 ` Christian Ebner 0 siblings, 2 replies; 9+ messages in thread From: Christian Ebner @ 2025-11-22 10:41 UTC (permalink / raw) To: pbs-devel If a chunk object is located on the s3 object store only, not being referenced by any index file and having no local marker file it is marked for cleanup by pretending an atime equal to the unix epoch. While this will mark the chunk for deletion from the backend and include it in the delete list for the next s3 delete objects call, it also will lead to the chunk marker and LRU cache entry being tried to clean up locally, which however fails since there is no marker to be cleaned up. In order to treat this edge case with the same cleanup logic, simply insert the marker file if not present, for it to get correctly cleaned up as expected afterwards. This should not happen under normal datastore operation anyways, most likely to appear after re-creation of the datastore from existing bucket contents containing such unreferenced chunks. Fixes: https://forum.proxmox.com/threads/176567/ Signed-off-by: Christian Ebner <c.ebner@proxmox.com> --- pbs-datastore/src/datastore.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs index 65299cca9..a24392d9f 100644 --- a/pbs-datastore/src/datastore.rs +++ b/pbs-datastore/src/datastore.rs @@ -1711,11 +1711,12 @@ impl DataStore { let atime = match std::fs::metadata(&chunk_path) { Ok(stat) => stat.accessed()?, Err(err) if err.kind() == std::io::ErrorKind::NotFound => { + unsafe { + // chunk store lock held + // insert marke unconditionally, cleaned up again below if required + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; + } if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { - unsafe { - // chunk store lock held - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; - } SystemTime::now() } else { // File not found, delete by setting atime to unix epoch -- 2.47.3 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-22 10:41 [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks Christian Ebner @ 2025-11-22 14:56 ` Thomas Lamprecht 2025-11-24 7:35 ` Christian Ebner 2025-11-24 9:41 ` Christian Ebner 1 sibling, 1 reply; 9+ messages in thread From: Thomas Lamprecht @ 2025-11-22 14:56 UTC (permalink / raw) To: Proxmox Backup Server development discussion, Christian Ebner Am 22.11.25 um 11:41 schrieb Christian Ebner: > If a chunk object is located on the s3 object store only, not being > referenced by any index file and having no local marker file it is > marked for cleanup by pretending an atime equal to the unix epoch. > > While this will mark the chunk for deletion from the backend and > include it in the delete list for the next s3 delete objects call, it > also will lead to the chunk marker and LRU cache entry being tried to > clean up locally, which however fails since there is no marker to be > cleaned up. > > In order to treat this edge case with the same cleanup logic, simply > insert the marker file if not present, for it to get correctly > cleaned up as expected afterwards. This should not happen under > normal datastore operation anyways, most likely to appear after > re-creation of the datastore from existing bucket contents containing > such unreferenced chunks. > > Fixes: https://forum.proxmox.com/threads/176567/ > Signed-off-by: Christian Ebner <c.ebner@proxmox.com> > --- > pbs-datastore/src/datastore.rs | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs > index 65299cca9..a24392d9f 100644 > --- a/pbs-datastore/src/datastore.rs > +++ b/pbs-datastore/src/datastore.rs > @@ -1711,11 +1711,12 @@ impl DataStore { > let atime = match std::fs::metadata(&chunk_path) { > Ok(stat) => stat.accessed()?, > Err(err) if err.kind() == std::io::ErrorKind::NotFound => { > + unsafe { > + // chunk store lock held > + // insert marke unconditionally, cleaned up again below if required > + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; > + } > if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { > - unsafe { > - // chunk store lock held > - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; > - } > SystemTime::now() Why not drop that whole branch instead, it does not really makes sense IIUC. And `replace_chunk_with_marker` replaces the chunk file directly (no extension) whereas `clear_chunk_expected_mark` checks the chunk.using file, so does your reordering even change anything, or is there a bug in `replace_chunk_with_marker`? And independent of that, would it be better (more performant and less confusing) if we ignore the "not present in LRU or no marker" in that edge case rather than creating a file (doing more IO) just to delete that then again? > } else { > // File not found, delete by setting atime to unix epoch _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-22 14:56 ` Thomas Lamprecht @ 2025-11-24 7:35 ` Christian Ebner 2025-11-24 8:13 ` Fabian Grünbichler 0 siblings, 1 reply; 9+ messages in thread From: Christian Ebner @ 2025-11-24 7:35 UTC (permalink / raw) To: Thomas Lamprecht, Proxmox Backup Server development discussion Thanks for taking a look at this already! On 11/22/25 3:55 PM, Thomas Lamprecht wrote: > Am 22.11.25 um 11:41 schrieb Christian Ebner: >> If a chunk object is located on the s3 object store only, not being >> referenced by any index file and having no local marker file it is >> marked for cleanup by pretending an atime equal to the unix epoch. >> >> While this will mark the chunk for deletion from the backend and >> include it in the delete list for the next s3 delete objects call, it >> also will lead to the chunk marker and LRU cache entry being tried to >> clean up locally, which however fails since there is no marker to be >> cleaned up. >> >> In order to treat this edge case with the same cleanup logic, simply >> insert the marker file if not present, for it to get correctly >> cleaned up as expected afterwards. This should not happen under >> normal datastore operation anyways, most likely to appear after >> re-creation of the datastore from existing bucket contents containing >> such unreferenced chunks. >> >> Fixes: https://forum.proxmox.com/threads/176567/ >> Signed-off-by: Christian Ebner <c.ebner@proxmox.com> >> --- >> pbs-datastore/src/datastore.rs | 9 +++++---- >> 1 file changed, 5 insertions(+), 4 deletions(-) >> >> diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs >> index 65299cca9..a24392d9f 100644 >> --- a/pbs-datastore/src/datastore.rs >> +++ b/pbs-datastore/src/datastore.rs >> @@ -1711,11 +1711,12 @@ impl DataStore { >> let atime = match std::fs::metadata(&chunk_path) { >> Ok(stat) => stat.accessed()?, >> Err(err) if err.kind() == std::io::ErrorKind::NotFound => { >> + unsafe { >> + // chunk store lock held >> + // insert marke unconditionally, cleaned up again below if required >> + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >> + } >> if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { >> - unsafe { >> - // chunk store lock held >> - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >> - } >> SystemTime::now() > > Why not drop that whole branch instead, it does not really makes sense IIUC. No, this branch is needed. This is required for avoiding API calls to the s3 backend in case the chunk is referenced by an index file as detected during phase 1, but the local marker file is not present. In that case we do not want to directly check the existence on the backend (which we need to make sure to not mark a chunk which is however not present on the backend), but defer that check to phase 2, where we do the listing of all chunks anyways. This is done by flagging that chunk via the <digest>.using file. Here, if the chunk is encountered during s3 object store listing, but the local file is missing, we check and clear the chunk expected marker, which if present tells us the chunk still needs to be used. If not it is safe to clear it from the backend. > > And `replace_chunk_with_marker` replaces the chunk file directly (no extension) whereas > `clear_chunk_expected_mark` checks the chunk.using file, so does your reordering even > change anything, or is there a bug in `replace_chunk_with_marker`? `replace_chunk_with_marker` replaces a full chunk file with an empty marker, but also creates the empty marker if the original file is not present, so in this particular case it is actually used to create the marker, not to evict chunks from local datastore cache as under normal operation. I can send a patch to rename that method to make that clear. > > And independent of that, would it be better (more performant and less confusing) if > we ignore the "not present in LRU or no marker" in that edge case rather than creating > a file (doing more IO) just to delete that then again? I can do that as well of course by checking a flag in the remove callback. I opted for not doing that however since above is a very unlikely case to happen, as the s3 backend and local datastore cache should be in sync most of the time. Adding that check would be performed for each chunk being removed, this only once if the chunk is still present on the backend, but not on the local datastore cache. The additional IO is therefore justfied IMO. I could of course also go the route of just setting a boolean flag and checking that in the callback? What do you think? >> } else { >> // File not found, delete by setting atime to unix epoch > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-24 7:35 ` Christian Ebner @ 2025-11-24 8:13 ` Fabian Grünbichler 2025-11-24 8:22 ` Christian Ebner 0 siblings, 1 reply; 9+ messages in thread From: Fabian Grünbichler @ 2025-11-24 8:13 UTC (permalink / raw) To: Proxmox Backup Server development discussion, Thomas Lamprecht On November 24, 2025 8:35 am, Christian Ebner wrote: > Thanks for taking a look at this already! > > On 11/22/25 3:55 PM, Thomas Lamprecht wrote: >> Am 22.11.25 um 11:41 schrieb Christian Ebner: >>> If a chunk object is located on the s3 object store only, not being >>> referenced by any index file and having no local marker file it is >>> marked for cleanup by pretending an atime equal to the unix epoch. >>> >>> While this will mark the chunk for deletion from the backend and >>> include it in the delete list for the next s3 delete objects call, it >>> also will lead to the chunk marker and LRU cache entry being tried to >>> clean up locally, which however fails since there is no marker to be >>> cleaned up. >>> >>> In order to treat this edge case with the same cleanup logic, simply >>> insert the marker file if not present, for it to get correctly >>> cleaned up as expected afterwards. This should not happen under >>> normal datastore operation anyways, most likely to appear after >>> re-creation of the datastore from existing bucket contents containing >>> such unreferenced chunks. >>> >>> Fixes: https://forum.proxmox.com/threads/176567/ >>> Signed-off-by: Christian Ebner <c.ebner@proxmox.com> >>> --- >>> pbs-datastore/src/datastore.rs | 9 +++++---- >>> 1 file changed, 5 insertions(+), 4 deletions(-) >>> >>> diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs >>> index 65299cca9..a24392d9f 100644 >>> --- a/pbs-datastore/src/datastore.rs >>> +++ b/pbs-datastore/src/datastore.rs >>> @@ -1711,11 +1711,12 @@ impl DataStore { >>> let atime = match std::fs::metadata(&chunk_path) { >>> Ok(stat) => stat.accessed()?, >>> Err(err) if err.kind() == std::io::ErrorKind::NotFound => { >>> + unsafe { >>> + // chunk store lock held >>> + // insert marke unconditionally, cleaned up again below if required >>> + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>> + } >>> if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { >>> - unsafe { >>> - // chunk store lock held >>> - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>> - } >>> SystemTime::now() >> >> Why not drop that whole branch instead, it does not really makes sense IIUC. > > No, this branch is needed. This is required for avoiding API calls to > the s3 backend in case the chunk is referenced by an index file as > detected during phase 1, but the local marker file is not present. In > that case we do not want to directly check the existence on the backend > (which we need to make sure to not mark a chunk which is however not > present on the backend), but defer that check to phase 2, where we do > the listing of all chunks anyways. This is done by flagging that chunk > via the <digest>.using file. > > Here, if the chunk is encountered during s3 object store listing, but > the local file is missing, we check and clear the chunk expected marker, > which if present tells us the chunk still needs to be used. If not it is > safe to clear it from the backend. > >> >> And `replace_chunk_with_marker` replaces the chunk file directly (no extension) whereas >> `clear_chunk_expected_mark` checks the chunk.using file, so does your reordering even >> change anything, or is there a bug in `replace_chunk_with_marker`? > > `replace_chunk_with_marker` replaces a full chunk file with an empty > marker, but also creates the empty marker if the original file is not > present, so in this particular case it is actually used to create the > marker, not to evict chunks from local datastore cache as under normal > operation. I can send a patch to rename that method to make that clear. > >> >> And independent of that, would it be better (more performant and less confusing) if >> we ignore the "not present in LRU or no marker" in that edge case rather than creating >> a file (doing more IO) just to delete that then again? > > I can do that as well of course by checking a flag in the remove > callback. I opted for not doing that however since above is a very > unlikely case to happen, as the s3 backend and local datastore cache > should be in sync most of the time. > Adding that check would be performed for each chunk being removed, this > only once if the chunk is still present on the backend, but not on the > local datastore cache. > > The additional IO is therefore justfied IMO. > > I could of course also go the route of just setting a boolean flag and > checking that in the callback? we basically already have such a boolean marker - we set `atime` to 0 in this case (and only this case), and we could just ignore the removal errors then? possibly limited to just ignoring ENOTFOUND? > > What do you think? > >>> } else { >>> // File not found, delete by setting atime to unix epoch >> > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel > > > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-24 8:13 ` Fabian Grünbichler @ 2025-11-24 8:22 ` Christian Ebner 2025-11-24 8:29 ` Fabian Grünbichler 0 siblings, 1 reply; 9+ messages in thread From: Christian Ebner @ 2025-11-24 8:22 UTC (permalink / raw) To: Proxmox Backup Server development discussion, Fabian Grünbichler, Thomas Lamprecht On 11/24/25 9:13 AM, Fabian Grünbichler wrote: > On November 24, 2025 8:35 am, Christian Ebner wrote: >> Thanks for taking a look at this already! >> >> On 11/22/25 3:55 PM, Thomas Lamprecht wrote: >>> Am 22.11.25 um 11:41 schrieb Christian Ebner: >>>> If a chunk object is located on the s3 object store only, not being >>>> referenced by any index file and having no local marker file it is >>>> marked for cleanup by pretending an atime equal to the unix epoch. >>>> >>>> While this will mark the chunk for deletion from the backend and >>>> include it in the delete list for the next s3 delete objects call, it >>>> also will lead to the chunk marker and LRU cache entry being tried to >>>> clean up locally, which however fails since there is no marker to be >>>> cleaned up. >>>> >>>> In order to treat this edge case with the same cleanup logic, simply >>>> insert the marker file if not present, for it to get correctly >>>> cleaned up as expected afterwards. This should not happen under >>>> normal datastore operation anyways, most likely to appear after >>>> re-creation of the datastore from existing bucket contents containing >>>> such unreferenced chunks. >>>> >>>> Fixes: https://forum.proxmox.com/threads/176567/ >>>> Signed-off-by: Christian Ebner <c.ebner@proxmox.com> >>>> --- >>>> pbs-datastore/src/datastore.rs | 9 +++++---- >>>> 1 file changed, 5 insertions(+), 4 deletions(-) >>>> >>>> diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs >>>> index 65299cca9..a24392d9f 100644 >>>> --- a/pbs-datastore/src/datastore.rs >>>> +++ b/pbs-datastore/src/datastore.rs >>>> @@ -1711,11 +1711,12 @@ impl DataStore { >>>> let atime = match std::fs::metadata(&chunk_path) { >>>> Ok(stat) => stat.accessed()?, >>>> Err(err) if err.kind() == std::io::ErrorKind::NotFound => { >>>> + unsafe { >>>> + // chunk store lock held >>>> + // insert marke unconditionally, cleaned up again below if required >>>> + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>>> + } >>>> if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { >>>> - unsafe { >>>> - // chunk store lock held >>>> - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>>> - } >>>> SystemTime::now() >>> >>> Why not drop that whole branch instead, it does not really makes sense IIUC. >> >> No, this branch is needed. This is required for avoiding API calls to >> the s3 backend in case the chunk is referenced by an index file as >> detected during phase 1, but the local marker file is not present. In >> that case we do not want to directly check the existence on the backend >> (which we need to make sure to not mark a chunk which is however not >> present on the backend), but defer that check to phase 2, where we do >> the listing of all chunks anyways. This is done by flagging that chunk >> via the <digest>.using file. >> >> Here, if the chunk is encountered during s3 object store listing, but >> the local file is missing, we check and clear the chunk expected marker, >> which if present tells us the chunk still needs to be used. If not it is >> safe to clear it from the backend. >> >>> >>> And `replace_chunk_with_marker` replaces the chunk file directly (no extension) whereas >>> `clear_chunk_expected_mark` checks the chunk.using file, so does your reordering even >>> change anything, or is there a bug in `replace_chunk_with_marker`? >> >> `replace_chunk_with_marker` replaces a full chunk file with an empty >> marker, but also creates the empty marker if the original file is not >> present, so in this particular case it is actually used to create the >> marker, not to evict chunks from local datastore cache as under normal >> operation. I can send a patch to rename that method to make that clear. >> >>> >>> And independent of that, would it be better (more performant and less confusing) if >>> we ignore the "not present in LRU or no marker" in that edge case rather than creating >>> a file (doing more IO) just to delete that then again? >> >> I can do that as well of course by checking a flag in the remove >> callback. I opted for not doing that however since above is a very >> unlikely case to happen, as the s3 backend and local datastore cache >> should be in sync most of the time. >> Adding that check would be performed for each chunk being removed, this >> only once if the chunk is still present on the backend, but not on the >> local datastore cache. >> >> The additional IO is therefore justfied IMO. >> >> I could of course also go the route of just setting a boolean flag and >> checking that in the callback? > > we basically already have such a boolean marker - we set `atime` to 0 in > this case (and only this case), and we could just ignore the removal > errors then? possibly limited to just ignoring ENOTFOUND? That's a good idea! So I will perform the additional checks based on that. _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-24 8:22 ` Christian Ebner @ 2025-11-24 8:29 ` Fabian Grünbichler 2025-11-24 8:34 ` Christian Ebner 2025-11-24 9:00 ` Thomas Lamprecht 0 siblings, 2 replies; 9+ messages in thread From: Fabian Grünbichler @ 2025-11-24 8:29 UTC (permalink / raw) To: Christian Ebner, Proxmox Backup Server development discussion, Thomas Lamprecht On November 24, 2025 9:22 am, Christian Ebner wrote: > On 11/24/25 9:13 AM, Fabian Grünbichler wrote: >> On November 24, 2025 8:35 am, Christian Ebner wrote: >>> Thanks for taking a look at this already! >>> >>> On 11/22/25 3:55 PM, Thomas Lamprecht wrote: >>>> Am 22.11.25 um 11:41 schrieb Christian Ebner: >>>>> If a chunk object is located on the s3 object store only, not being >>>>> referenced by any index file and having no local marker file it is >>>>> marked for cleanup by pretending an atime equal to the unix epoch. >>>>> >>>>> While this will mark the chunk for deletion from the backend and >>>>> include it in the delete list for the next s3 delete objects call, it >>>>> also will lead to the chunk marker and LRU cache entry being tried to >>>>> clean up locally, which however fails since there is no marker to be >>>>> cleaned up. >>>>> >>>>> In order to treat this edge case with the same cleanup logic, simply >>>>> insert the marker file if not present, for it to get correctly >>>>> cleaned up as expected afterwards. This should not happen under >>>>> normal datastore operation anyways, most likely to appear after >>>>> re-creation of the datastore from existing bucket contents containing >>>>> such unreferenced chunks. >>>>> >>>>> Fixes: https://forum.proxmox.com/threads/176567/ >>>>> Signed-off-by: Christian Ebner <c.ebner@proxmox.com> >>>>> --- >>>>> pbs-datastore/src/datastore.rs | 9 +++++---- >>>>> 1 file changed, 5 insertions(+), 4 deletions(-) >>>>> >>>>> diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs >>>>> index 65299cca9..a24392d9f 100644 >>>>> --- a/pbs-datastore/src/datastore.rs >>>>> +++ b/pbs-datastore/src/datastore.rs >>>>> @@ -1711,11 +1711,12 @@ impl DataStore { >>>>> let atime = match std::fs::metadata(&chunk_path) { >>>>> Ok(stat) => stat.accessed()?, >>>>> Err(err) if err.kind() == std::io::ErrorKind::NotFound => { >>>>> + unsafe { >>>>> + // chunk store lock held >>>>> + // insert marke unconditionally, cleaned up again below if required >>>>> + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>>>> + } >>>>> if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { >>>>> - unsafe { >>>>> - // chunk store lock held >>>>> - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>>>> - } >>>>> SystemTime::now() >>>> >>>> Why not drop that whole branch instead, it does not really makes sense IIUC. >>> >>> No, this branch is needed. This is required for avoiding API calls to >>> the s3 backend in case the chunk is referenced by an index file as >>> detected during phase 1, but the local marker file is not present. In >>> that case we do not want to directly check the existence on the backend >>> (which we need to make sure to not mark a chunk which is however not >>> present on the backend), but defer that check to phase 2, where we do >>> the listing of all chunks anyways. This is done by flagging that chunk >>> via the <digest>.using file. >>> >>> Here, if the chunk is encountered during s3 object store listing, but >>> the local file is missing, we check and clear the chunk expected marker, >>> which if present tells us the chunk still needs to be used. If not it is >>> safe to clear it from the backend. >>> >>>> >>>> And `replace_chunk_with_marker` replaces the chunk file directly (no extension) whereas >>>> `clear_chunk_expected_mark` checks the chunk.using file, so does your reordering even >>>> change anything, or is there a bug in `replace_chunk_with_marker`? >>> >>> `replace_chunk_with_marker` replaces a full chunk file with an empty >>> marker, but also creates the empty marker if the original file is not >>> present, so in this particular case it is actually used to create the >>> marker, not to evict chunks from local datastore cache as under normal >>> operation. I can send a patch to rename that method to make that clear. >>> >>>> >>>> And independent of that, would it be better (more performant and less confusing) if >>>> we ignore the "not present in LRU or no marker" in that edge case rather than creating >>>> a file (doing more IO) just to delete that then again? >>> >>> I can do that as well of course by checking a flag in the remove >>> callback. I opted for not doing that however since above is a very >>> unlikely case to happen, as the s3 backend and local datastore cache >>> should be in sync most of the time. >>> Adding that check would be performed for each chunk being removed, this >>> only once if the chunk is still present on the backend, but not on the >>> local datastore cache. >>> >>> The additional IO is therefore justfied IMO. >>> >>> I could of course also go the route of just setting a boolean flag and >>> checking that in the callback? >> >> we basically already have such a boolean marker - we set `atime` to 0 in >> this case (and only this case), and we could just ignore the removal >> errors then? possibly limited to just ignoring ENOTFOUND? > > That's a good idea! So I will perform the additional checks based on that. alternatively, skipping cond_sweep_chunk entirely would also work (this is with `-w`): diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs index 65299cca9..b9debd2b1 100644 --- a/pbs-datastore/src/datastore.rs +++ b/pbs-datastore/src/datastore.rs @@ -1709,21 +1709,22 @@ impl DataStore { // Check local markers (created or atime updated during phase1) and // keep or delete chunk based on that. let atime = match std::fs::metadata(&chunk_path) { - Ok(stat) => stat.accessed()?, + Ok(stat) => Some(stat.accessed()?), Err(err) if err.kind() == std::io::ErrorKind::NotFound => { if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { unsafe { // chunk store lock held self.inner.chunk_store.replace_chunk_with_marker(&digest)?; } - SystemTime::now() + Some(SystemTime::now()) } else { - // File not found, delete by setting atime to unix epoch - SystemTime::UNIX_EPOCH + // File not found, only delete from S3 + None } } Err(err) => return Err(err.into()), }; + if let Some(atime) = atime { let atime = atime.duration_since(SystemTime::UNIX_EPOCH)?.as_secs() as i64; unsafe { @@ -1752,6 +1753,13 @@ impl DataStore { }, )?; } + } else { + // set age based on first insertion + if delete_list.is_empty() { + delete_list_age = epoch_i64(); + } + delete_list.push((content.key, _chunk_guard)); + } chunk_count += 1; _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-24 8:29 ` Fabian Grünbichler @ 2025-11-24 8:34 ` Christian Ebner 2025-11-24 9:00 ` Thomas Lamprecht 1 sibling, 0 replies; 9+ messages in thread From: Christian Ebner @ 2025-11-24 8:34 UTC (permalink / raw) To: Fabian Grünbichler, Proxmox Backup Server development discussion, Thomas Lamprecht On 11/24/25 9:29 AM, Fabian Grünbichler wrote: > On November 24, 2025 9:22 am, Christian Ebner wrote: >> On 11/24/25 9:13 AM, Fabian Grünbichler wrote: >>> On November 24, 2025 8:35 am, Christian Ebner wrote: >>>> Thanks for taking a look at this already! >>>> >>>> On 11/22/25 3:55 PM, Thomas Lamprecht wrote: >>>>> Am 22.11.25 um 11:41 schrieb Christian Ebner: >>>>>> If a chunk object is located on the s3 object store only, not being >>>>>> referenced by any index file and having no local marker file it is >>>>>> marked for cleanup by pretending an atime equal to the unix epoch. >>>>>> >>>>>> While this will mark the chunk for deletion from the backend and >>>>>> include it in the delete list for the next s3 delete objects call, it >>>>>> also will lead to the chunk marker and LRU cache entry being tried to >>>>>> clean up locally, which however fails since there is no marker to be >>>>>> cleaned up. >>>>>> >>>>>> In order to treat this edge case with the same cleanup logic, simply >>>>>> insert the marker file if not present, for it to get correctly >>>>>> cleaned up as expected afterwards. This should not happen under >>>>>> normal datastore operation anyways, most likely to appear after >>>>>> re-creation of the datastore from existing bucket contents containing >>>>>> such unreferenced chunks. >>>>>> >>>>>> Fixes: https://forum.proxmox.com/threads/176567/ >>>>>> Signed-off-by: Christian Ebner <c.ebner@proxmox.com> >>>>>> --- >>>>>> pbs-datastore/src/datastore.rs | 9 +++++---- >>>>>> 1 file changed, 5 insertions(+), 4 deletions(-) >>>>>> >>>>>> diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs >>>>>> index 65299cca9..a24392d9f 100644 >>>>>> --- a/pbs-datastore/src/datastore.rs >>>>>> +++ b/pbs-datastore/src/datastore.rs >>>>>> @@ -1711,11 +1711,12 @@ impl DataStore { >>>>>> let atime = match std::fs::metadata(&chunk_path) { >>>>>> Ok(stat) => stat.accessed()?, >>>>>> Err(err) if err.kind() == std::io::ErrorKind::NotFound => { >>>>>> + unsafe { >>>>>> + // chunk store lock held >>>>>> + // insert marke unconditionally, cleaned up again below if required >>>>>> + self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>>>>> + } >>>>>> if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { >>>>>> - unsafe { >>>>>> - // chunk store lock held >>>>>> - self.inner.chunk_store.replace_chunk_with_marker(&digest)?; >>>>>> - } >>>>>> SystemTime::now() >>>>> >>>>> Why not drop that whole branch instead, it does not really makes sense IIUC. >>>> >>>> No, this branch is needed. This is required for avoiding API calls to >>>> the s3 backend in case the chunk is referenced by an index file as >>>> detected during phase 1, but the local marker file is not present. In >>>> that case we do not want to directly check the existence on the backend >>>> (which we need to make sure to not mark a chunk which is however not >>>> present on the backend), but defer that check to phase 2, where we do >>>> the listing of all chunks anyways. This is done by flagging that chunk >>>> via the <digest>.using file. >>>> >>>> Here, if the chunk is encountered during s3 object store listing, but >>>> the local file is missing, we check and clear the chunk expected marker, >>>> which if present tells us the chunk still needs to be used. If not it is >>>> safe to clear it from the backend. >>>> >>>>> >>>>> And `replace_chunk_with_marker` replaces the chunk file directly (no extension) whereas >>>>> `clear_chunk_expected_mark` checks the chunk.using file, so does your reordering even >>>>> change anything, or is there a bug in `replace_chunk_with_marker`? >>>> >>>> `replace_chunk_with_marker` replaces a full chunk file with an empty >>>> marker, but also creates the empty marker if the original file is not >>>> present, so in this particular case it is actually used to create the >>>> marker, not to evict chunks from local datastore cache as under normal >>>> operation. I can send a patch to rename that method to make that clear. >>>> >>>>> >>>>> And independent of that, would it be better (more performant and less confusing) if >>>>> we ignore the "not present in LRU or no marker" in that edge case rather than creating >>>>> a file (doing more IO) just to delete that then again? >>>> >>>> I can do that as well of course by checking a flag in the remove >>>> callback. I opted for not doing that however since above is a very >>>> unlikely case to happen, as the s3 backend and local datastore cache >>>> should be in sync most of the time. >>>> Adding that check would be performed for each chunk being removed, this >>>> only once if the chunk is still present on the backend, but not on the >>>> local datastore cache. >>>> >>>> The additional IO is therefore justfied IMO. >>>> >>>> I could of course also go the route of just setting a boolean flag and >>>> checking that in the callback? >>> >>> we basically already have such a boolean marker - we set `atime` to 0 in >>> this case (and only this case), and we could just ignore the removal >>> errors then? possibly limited to just ignoring ENOTFOUND? >> >> That's a good idea! So I will perform the additional checks based on that. > > alternatively, skipping cond_sweep_chunk entirely would also work (this > is with `-w`): > > diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs > index 65299cca9..b9debd2b1 100644 > --- a/pbs-datastore/src/datastore.rs > +++ b/pbs-datastore/src/datastore.rs > @@ -1709,21 +1709,22 @@ impl DataStore { > // Check local markers (created or atime updated during phase1) and > // keep or delete chunk based on that. > let atime = match std::fs::metadata(&chunk_path) { > - Ok(stat) => stat.accessed()?, > + Ok(stat) => Some(stat.accessed()?), > Err(err) if err.kind() == std::io::ErrorKind::NotFound => { > if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { > unsafe { > // chunk store lock held > self.inner.chunk_store.replace_chunk_with_marker(&digest)?; > } > - SystemTime::now() > + Some(SystemTime::now()) > } else { > - // File not found, delete by setting atime to unix epoch > - SystemTime::UNIX_EPOCH > + // File not found, only delete from S3 > + None > } > } > Err(err) => return Err(err.into()), > }; > + if let Some(atime) = atime { > let atime = atime.duration_since(SystemTime::UNIX_EPOCH)?.as_secs() as i64; > > unsafe { > @@ -1752,6 +1753,13 @@ impl DataStore { > }, > )?; > } > + } else { > + // set age based on first insertion > + if delete_list.is_empty() { > + delete_list_age = epoch_i64(); > + } > + delete_list.push((content.key, _chunk_guard)); > + } > > chunk_count += 1; > > Nice, even better! By this we can also get rid of the hacky setting atime to unix epoch. Can I send this with: Originally-by Fabian Grünbichler <f.gruenbichler@proxmox.com>? Together with some followups to docstring and method renaming? _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-24 8:29 ` Fabian Grünbichler 2025-11-24 8:34 ` Christian Ebner @ 2025-11-24 9:00 ` Thomas Lamprecht 1 sibling, 0 replies; 9+ messages in thread From: Thomas Lamprecht @ 2025-11-24 9:00 UTC (permalink / raw) To: Fabian Grünbichler, Christian Ebner, Proxmox Backup Server development discussion Am 24.11.25 um 09:29 schrieb Fabian Grünbichler: > On November 24, 2025 9:22 am, Christian Ebner wrote: >> On 11/24/25 9:13 AM, Fabian Grünbichler wrote: >>> we basically already have such a boolean marker - we set `atime` to 0 in >>> this case (and only this case), and we could just ignore the removal >>> errors then? possibly limited to just ignoring ENOTFOUND? >> >> That's a good idea! So I will perform the additional checks based on that. > > alternatively, skipping cond_sweep_chunk entirely would also work (this > is with `-w`): > > diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs > index 65299cca9..b9debd2b1 100644 > --- a/pbs-datastore/src/datastore.rs > +++ b/pbs-datastore/src/datastore.rs > @@ -1709,21 +1709,22 @@ impl DataStore { > // Check local markers (created or atime updated during phase1) and > // keep or delete chunk based on that. > let atime = match std::fs::metadata(&chunk_path) { > - Ok(stat) => stat.accessed()?, > + Ok(stat) => Some(stat.accessed()?), > Err(err) if err.kind() == std::io::ErrorKind::NotFound => { > if self.inner.chunk_store.clear_chunk_expected_mark(&digest)? { > unsafe { > // chunk store lock held > self.inner.chunk_store.replace_chunk_with_marker(&digest)?; > } > - SystemTime::now() > + Some(SystemTime::now()) > } else { > - // File not found, delete by setting atime to unix epoch > - SystemTime::UNIX_EPOCH > + // File not found, only delete from S3 > + None > } > } > Err(err) => return Err(err.into()), > }; > + if let Some(atime) = atime { > let atime = atime.duration_since(SystemTime::UNIX_EPOCH)?.as_secs() as i64; > > unsafe { > @@ -1752,6 +1753,13 @@ impl DataStore { > }, > )?; > } > + } else { > + // set age based on first insertion > + if delete_list.is_empty() { > + delete_list_age = epoch_i64(); > + } > + delete_list.push((content.key, _chunk_guard)); > + } This is easier to understand for me change-wise and looks OK to me (no in-depth review though). _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks 2025-11-22 10:41 [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks Christian Ebner 2025-11-22 14:56 ` Thomas Lamprecht @ 2025-11-24 9:41 ` Christian Ebner 1 sibling, 0 replies; 9+ messages in thread From: Christian Ebner @ 2025-11-24 9:41 UTC (permalink / raw) To: pbs-devel superseded-by version 2: https://lore.proxmox.com/pbs-devel/20251124094018.224661-1-c.ebner@proxmox.com/T/ _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-11-24 9:41 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2025-11-22 10:41 [pbs-devel] [PATCH proxmox-backup] GC: s3: fix local marker cleanup for unreferenced, s3 only chunks Christian Ebner 2025-11-22 14:56 ` Thomas Lamprecht 2025-11-24 7:35 ` Christian Ebner 2025-11-24 8:13 ` Fabian Grünbichler 2025-11-24 8:22 ` Christian Ebner 2025-11-24 8:29 ` Fabian Grünbichler 2025-11-24 8:34 ` Christian Ebner 2025-11-24 9:00 ` Thomas Lamprecht 2025-11-24 9:41 ` Christian Ebner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.