From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup v10 20/46] datastore: prune groups/snapshots from s3 object store backend
Date: Mon, 21 Jul 2025 18:44:41 +0200 [thread overview]
Message-ID: <20250721164507.1045869-24-c.ebner@proxmox.com> (raw)
In-Reply-To: <20250721164507.1045869-1-c.ebner@proxmox.com>
When pruning a backup group or a backup snapshot for a datastore with
S3 object store backend, remove the associated objects by removing
them based on the prefix.
In order to exclude protected contents, add a filtering based on the
presence of the protected marker.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
changes since version 9:
- no changes
pbs-datastore/src/backup_info.rs | 49 ++++++++++++++++++++++++++++++--
pbs-datastore/src/datastore.rs | 48 +++++++++++++++++++++++++++----
src/api2/admin/datastore.rs | 24 ++++++++++------
3 files changed, 104 insertions(+), 17 deletions(-)
diff --git a/pbs-datastore/src/backup_info.rs b/pbs-datastore/src/backup_info.rs
index 26f03a0ae..4b10b6435 100644
--- a/pbs-datastore/src/backup_info.rs
+++ b/pbs-datastore/src/backup_info.rs
@@ -9,6 +9,7 @@ use std::time::Duration;
use anyhow::{bail, format_err, Context, Error};
use const_format::concatcp;
+use proxmox_s3_client::S3PathPrefix;
use proxmox_sys::fs::{lock_dir_noblock, lock_dir_noblock_shared, replace_file, CreateOptions};
use proxmox_systemd::escape_unit;
@@ -18,7 +19,9 @@ use pbs_api_types::{
};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
+use crate::datastore::{GROUP_NOTES_FILE_NAME, GROUP_OWNER_FILE_NAME};
use crate::manifest::{BackupManifest, MANIFEST_LOCK_NAME};
+use crate::s3::S3_CONTENT_PREFIX;
use crate::{DataBlob, DataStore, DatastoreBackend};
pub const DATASTORE_LOCKS_DIR: &str = "/run/proxmox-backup/locks";
@@ -218,7 +221,7 @@ impl BackupGroup {
///
/// Returns `BackupGroupDeleteStats`, containing the number of deleted snapshots
/// and number of protected snaphsots, which therefore were not removed.
- pub fn destroy(&self) -> Result<BackupGroupDeleteStats, Error> {
+ pub fn destroy(&self, backend: &DatastoreBackend) -> Result<BackupGroupDeleteStats, Error> {
let _guard = self
.lock()
.with_context(|| format!("while destroying group '{self:?}'"))?;
@@ -232,10 +235,30 @@ impl BackupGroup {
delete_stats.increment_protected_snapshots();
continue;
}
- snap.destroy(false)?;
+ // also for S3 cleanup local only, the actual S3 objects will be removed below,
+ // reducing the number of required API calls.
+ snap.destroy(false, &DatastoreBackend::Filesystem)?;
delete_stats.increment_removed_snapshots();
}
+ if let DatastoreBackend::S3(s3_client) = backend {
+ let path = self.relative_group_path();
+ let group_prefix = path
+ .to_str()
+ .ok_or_else(|| format_err!("invalid group path prefix"))?;
+ let prefix = format!("{S3_CONTENT_PREFIX}/{group_prefix}");
+ let delete_objects_error = proxmox_async::runtime::block_on(
+ s3_client.delete_objects_by_prefix_with_suffix_filter(
+ &S3PathPrefix::Some(prefix),
+ PROTECTED_MARKER_FILENAME,
+ &[GROUP_OWNER_FILE_NAME, GROUP_NOTES_FILE_NAME],
+ ),
+ )?;
+ if delete_objects_error {
+ bail!("deleting objects failed");
+ }
+ }
+
// Note: make sure the old locking mechanism isn't used as `remove_dir_all` is not safe in
// that case
if delete_stats.all_removed() && !*OLD_LOCKING {
@@ -588,7 +611,7 @@ impl BackupDir {
/// Destroy the whole snapshot, bails if it's protected
///
/// Setting `force` to true skips locking and thus ignores if the backup is currently in use.
- pub fn destroy(&self, force: bool) -> Result<(), Error> {
+ pub fn destroy(&self, force: bool, backend: &DatastoreBackend) -> Result<(), Error> {
let (_guard, _manifest_guard);
if !force {
_guard = self
@@ -601,6 +624,20 @@ impl BackupDir {
bail!("cannot remove protected snapshot"); // use special error type?
}
+ if let DatastoreBackend::S3(s3_client) = backend {
+ let path = self.relative_path();
+ let snapshot_prefix = path
+ .to_str()
+ .ok_or_else(|| format_err!("invalid snapshot path"))?;
+ let prefix = format!("{S3_CONTENT_PREFIX}/{snapshot_prefix}");
+ let delete_objects_error = proxmox_async::runtime::block_on(
+ s3_client.delete_objects_by_prefix(&S3PathPrefix::Some(prefix)),
+ )?;
+ if delete_objects_error {
+ bail!("deleting objects failed");
+ }
+ }
+
let full_path = self.full_path();
log::info!("removing backup snapshot {:?}", full_path);
std::fs::remove_dir_all(&full_path).map_err(|err| {
@@ -630,6 +667,12 @@ impl BackupDir {
// do to rectify the situation.
if guard.is_ok() && group.list_backups()?.is_empty() && !*OLD_LOCKING {
group.remove_group_dir()?;
+ if let DatastoreBackend::S3(s3_client) = backend {
+ let object_key =
+ super::s3::object_key_from_path(&group.relative_group_path(), "owner")
+ .context("invalid owner file object key")?;
+ proxmox_async::runtime::block_on(s3_client.delete_object(object_key))?;
+ }
} else if let Err(err) = guard {
log::debug!("{err:#}");
}
diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs
index fb6e14a35..d5eb1ca8f 100644
--- a/pbs-datastore/src/datastore.rs
+++ b/pbs-datastore/src/datastore.rs
@@ -12,7 +12,9 @@ use pbs_tools::lru_cache::LruCache;
use tracing::{info, warn};
use proxmox_human_byte::HumanByte;
-use proxmox_s3_client::{S3Client, S3ClientConfig, S3ClientOptions, S3ClientSecretsConfig};
+use proxmox_s3_client::{
+ S3Client, S3ClientConfig, S3ClientOptions, S3ClientSecretsConfig, S3PathPrefix,
+};
use proxmox_schema::ApiType;
use proxmox_sys::error::SysError;
@@ -39,13 +41,17 @@ use crate::dynamic_index::{DynamicIndexReader, DynamicIndexWriter};
use crate::fixed_index::{FixedIndexReader, FixedIndexWriter};
use crate::hierarchy::{ListGroups, ListGroupsType, ListNamespaces, ListNamespacesRecursive};
use crate::index::IndexFile;
+use crate::s3::S3_CONTENT_PREFIX;
use crate::task_tracking::{self, update_active_operations};
use crate::DataBlob;
static DATASTORE_MAP: LazyLock<Mutex<HashMap<String, Arc<DataStoreImpl>>>> =
LazyLock::new(|| Mutex::new(HashMap::new()));
-const GROUP_NOTES_FILE_NAME: &str = "notes";
+/// Filename to store backup group notes
+pub const GROUP_NOTES_FILE_NAME: &str = "notes";
+/// Filename to store backup group owner
+pub const GROUP_OWNER_FILE_NAME: &str = "owner";
const NAMESPACE_MARKER_FILENAME: &str = ".namespace";
/// checks if auth_id is owner, or, if owner is a token, if
@@ -658,7 +664,9 @@ impl DataStore {
let mut stats = BackupGroupDeleteStats::default();
for group in self.iter_backup_groups(ns.to_owned())? {
- let delete_stats = group?.destroy()?;
+ let group = group?;
+ let backend = self.backend()?;
+ let delete_stats = group.destroy(&backend)?;
stats.add(&delete_stats);
removed_all_groups = removed_all_groups && delete_stats.all_removed();
}
@@ -692,6 +700,8 @@ impl DataStore {
let store = self.name();
let mut removed_all_requested = true;
let mut stats = BackupGroupDeleteStats::default();
+ let backend = self.backend()?;
+
if delete_groups {
log::info!("removing whole namespace recursively below {store}:/{ns}",);
for ns in self.recursive_iter_backup_ns(ns.to_owned())? {
@@ -699,6 +709,24 @@ impl DataStore {
stats.add(&delete_stats);
removed_all_requested = removed_all_requested && removed_ns_groups;
}
+
+ if let DatastoreBackend::S3(s3_client) = &backend {
+ let ns_dir = ns.path();
+ let ns_prefix = ns_dir
+ .to_str()
+ .ok_or_else(|| format_err!("invalid namespace path prefix"))?;
+ let prefix = format!("{S3_CONTENT_PREFIX}/{ns_prefix}");
+ let delete_objects_error = proxmox_async::runtime::block_on(
+ s3_client.delete_objects_by_prefix_with_suffix_filter(
+ &S3PathPrefix::Some(prefix),
+ PROTECTED_MARKER_FILENAME,
+ &[GROUP_OWNER_FILE_NAME, GROUP_NOTES_FILE_NAME],
+ ),
+ )?;
+ if delete_objects_error {
+ bail!("deleting objects failed");
+ }
+ }
} else {
log::info!("pruning empty namespace recursively below {store}:/{ns}");
}
@@ -734,6 +762,14 @@ impl DataStore {
log::warn!("failed to remove namespace {ns} - {err}")
}
}
+ if let DatastoreBackend::S3(s3_client) = &backend {
+ // Only remove the namespace marker, if it was empty,
+ // than this is the same as the namespace being removed.
+ let object_key =
+ crate::s3::object_key_from_path(&ns.path(), NAMESPACE_MARKER_FILENAME)
+ .context("invalid namespace marker object key")?;
+ proxmox_async::runtime::block_on(s3_client.delete_object(object_key))?;
+ }
}
}
@@ -751,7 +787,7 @@ impl DataStore {
) -> Result<BackupGroupDeleteStats, Error> {
let backup_group = self.backup_group(ns.clone(), backup_group.clone());
- backup_group.destroy()
+ backup_group.destroy(&self.backend()?)
}
/// Remove a backup directory including all content
@@ -763,7 +799,7 @@ impl DataStore {
) -> Result<(), Error> {
let backup_dir = self.backup_dir(ns.clone(), backup_dir.clone())?;
- backup_dir.destroy(force)
+ backup_dir.destroy(force, &self.backend()?)
}
/// Returns the time of the last successful backup
@@ -791,7 +827,7 @@ impl DataStore {
ns: &BackupNamespace,
group: &pbs_api_types::BackupGroup,
) -> PathBuf {
- self.group_path(ns, group).join("owner")
+ self.group_path(ns, group).join(GROUP_OWNER_FILE_NAME)
}
/// Returns the backup owner.
diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index 3e1610936..5f8394d5d 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -422,7 +422,7 @@ pub async fn delete_snapshot(
let snapshot = datastore.backup_dir(ns, backup_dir)?;
- snapshot.destroy(false)?;
+ snapshot.destroy(false, &datastore.backend()?)?;
Ok(Value::Null)
})
@@ -1088,13 +1088,21 @@ pub fn prune(
});
if !keep {
- if let Err(err) = backup_dir.destroy(false) {
- warn!(
- "failed to remove dir {:?}: {}",
- backup_dir.relative_path(),
- err,
- );
- }
+ match datastore.backend() {
+ Ok(backend) => {
+ if let Err(err) = backup_dir.destroy(false, &backend) {
+ warn!(
+ "failed to remove dir {:?}: {}",
+ backup_dir.relative_path(),
+ err,
+ );
+ }
+ }
+ Err(err) => warn!(
+ "failed to remove dir {:?}: {err}",
+ backup_dir.relative_path()
+ ),
+ };
}
}
prune_result
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-07-21 16:44 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-21 16:44 [pbs-devel] [PATCH proxmox{, -backup} v10 00/49] fix #2943: S3 storage backend for datastores Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox v10 1/3] pbs-api-types: extend datastore config by backend config enum Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox v10 2/3] pbs-api-types: maintenance: add new maintenance mode S3 refresh Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox v10 3/3] s3 client: Add missing S3 object key max length check Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 01/46] datastore: add helpers for path/digest to s3 object key conversion Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 02/46] config: introduce s3 object store client configuration Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 03/46] api: config: implement endpoints to manipulate and list s3 configs Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 04/46] api: datastore: check s3 backend bucket access on datastore create Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 05/46] api/cli: add endpoint and command to check s3 client connection Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 06/46] datastore: allow to get the backend for a datastore Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 07/46] api: backup: store datastore backend in runtime environment Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 08/46] api: backup: conditionally upload chunks to s3 object store backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 09/46] api: backup: conditionally upload blobs " Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 10/46] api: backup: conditionally upload indices " Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 11/46] api: backup: conditionally upload manifest " Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 12/46] api: datastore: conditionally upload client log to s3 backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 13/46] sync: pull: conditionally upload content " Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 14/46] api: reader: fetch chunks based on datastore backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 15/46] datastore: local chunk reader: read chunks based on backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 16/46] verify worker: add datastore backed to verify worker Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 17/46] verify: implement chunk verification for stores with s3 backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 18/46] datastore: create namespace marker in " Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 19/46] datastore: create/delete protected marker file on s3 storage backend Christian Ebner
2025-07-21 16:44 ` Christian Ebner [this message]
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 21/46] datastore: get and set owner for s3 store backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 22/46] datastore: implement garbage collection for s3 backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 23/46] ui: add datastore type selector and reorganize component layout Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 24/46] ui: add s3 client edit window for configuration create/edit Christian Ebner
2025-07-21 20:14 ` Thomas Lamprecht
2025-07-22 6:24 ` Christian Ebner
2025-07-22 7:00 ` Thomas Lamprecht
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 25/46] ui: add s3 client view for configuration Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 26/46] ui: expose the s3 client view in the navigation tree Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 27/46] ui: add s3 client selector and bucket field for s3 backend setup Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 28/46] tools: lru cache: add removed callback for evicted cache nodes Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 29/46] tools: async lru cache: implement insert, remove and contains methods Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 30/46] datastore: add local datastore cache for network attached storages Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 31/46] api: backup: use local datastore cache on s3 backend chunk upload Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 32/46] api: reader: use local datastore cache on s3 backend chunk fetching Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 33/46] datastore: local chunk reader: get cached chunk from local cache store Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 34/46] backup writer: refactor parameters into backup writer options struct Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 35/46] api: backup: add no-cache flag to bypass local datastore cache Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 36/46] api/datastore: implement refresh endpoint for stores with s3 backend Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 37/46] cli: add dedicated subcommand for datastore s3 refresh Christian Ebner
2025-07-21 16:44 ` [pbs-devel] [PATCH proxmox-backup v10 38/46] ui: render s3 refresh as valid maintenance type and task description Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 39/46] ui: expose s3 refresh button for datastores backed by object store Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 40/46] datastore: conditionally upload atime marker chunk to s3 backend Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 41/46] bin: implement client subcommands for s3 configuration manipulation Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 42/46] bin: expose reuse-datastore flag for proxmox-backup-manager Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 43/46] datastore: mark store as in-use by setting marker on s3 backend Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 44/46] datastore: run s3-refresh when reusing a datastore with " Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 45/46] api/ui: add flag to allow overwriting in-use marker for " Christian Ebner
2025-07-21 16:45 ` [pbs-devel] [PATCH proxmox-backup v10 46/46] docs: Add section describing how to setup s3 backed datastore Christian Ebner
2025-07-22 8:14 ` [pbs-devel] [PATCH proxmox{, -backup} v10 00/49] fix #2943: S3 storage backend for datastores Hannes Laimer
2025-07-22 9:29 ` Lukas Wagner
2025-07-22 10:13 ` [pbs-devel] superseded: " Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250721164507.1045869-24-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox