From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 42F401FF16F for ; Tue, 22 Jul 2025 12:11:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E7ACE35E20; Tue, 22 Jul 2025 12:12:17 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Date: Tue, 22 Jul 2025 12:10:39 +0200 Message-ID: <20250722101106.526438-24-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250722101106.526438-1-c.ebner@proxmox.com> References: <20250722101106.526438-1-c.ebner@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1753179083142 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.045 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup v11 19/46] datastore: create/delete protected marker file on s3 storage backend X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Commit 8292d3d2 ("api2/admin/datastore: add get/set_protection") introduced the protected flag for backup snapshots, considering snapshots as protected based on the presence/absence of the `.protected` marker file in the corresponding snapshot directory. To allow independent recovery of a datastore backed by an S3 bucket, also create/delete the marker file on the object store backend. For actual checks, still rely on the marker as encountered in the local cache store. Signed-off-by: Christian Ebner Reviewed-by: Lukas Wagner Reviewed-by: Hannes Laimer --- changes since version 10: - no changes pbs-datastore/src/backup_info.rs | 2 +- pbs-datastore/src/datastore.rs | 42 +++++++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 7 deletions(-) diff --git a/pbs-datastore/src/backup_info.rs b/pbs-datastore/src/backup_info.rs index a4bf958cf..26f03a0ae 100644 --- a/pbs-datastore/src/backup_info.rs +++ b/pbs-datastore/src/backup_info.rs @@ -22,7 +22,7 @@ use crate::manifest::{BackupManifest, MANIFEST_LOCK_NAME}; use crate::{DataBlob, DataStore, DatastoreBackend}; pub const DATASTORE_LOCKS_DIR: &str = "/run/proxmox-backup/locks"; -const PROTECTED_MARKER_FILENAME: &str = ".protected"; +pub const PROTECTED_MARKER_FILENAME: &str = ".protected"; proxmox_schema::const_regex! { pub BACKUP_FILES_AND_PROTECTED_REGEX = concatcp!(r"^(.*\.([fd]idx|blob)|\", PROTECTED_MARKER_FILENAME, ")$"); diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs index 820c039db..63dc91cb8 100644 --- a/pbs-datastore/src/datastore.rs +++ b/pbs-datastore/src/datastore.rs @@ -31,7 +31,9 @@ use pbs_api_types::{ use pbs_config::s3::S3_CFG_TYPE_ID; use pbs_config::BackupLockGuard; -use crate::backup_info::{BackupDir, BackupGroup, BackupInfo, OLD_LOCKING}; +use crate::backup_info::{ + BackupDir, BackupGroup, BackupInfo, OLD_LOCKING, PROTECTED_MARKER_FILENAME, +}; use crate::chunk_store::ChunkStore; use crate::dynamic_index::{DynamicIndexReader, DynamicIndexWriter}; use crate::fixed_index::{FixedIndexReader, FixedIndexWriter}; @@ -1572,12 +1574,40 @@ impl DataStore { let protected_path = backup_dir.protected_file(); if protection { - std::fs::File::create(protected_path) + std::fs::File::create(&protected_path) .map_err(|err| format_err!("could not create protection file: {}", err))?; - } else if let Err(err) = std::fs::remove_file(protected_path) { - // ignore error for non-existing file - if err.kind() != std::io::ErrorKind::NotFound { - bail!("could not remove protection file: {}", err); + if let DatastoreBackend::S3(s3_client) = self.backend()? { + let object_key = crate::s3::object_key_from_path( + &backup_dir.relative_path(), + PROTECTED_MARKER_FILENAME, + ) + .context("invalid protected marker object key")?; + let _is_duplicate = proxmox_async::runtime::block_on( + s3_client + .upload_no_replace_with_retry(object_key, hyper::body::Bytes::from("")), + ) + .context("failed to mark snapshot as protected on s3 backend")?; + } + } else { + if let Err(err) = std::fs::remove_file(&protected_path) { + // ignore error for non-existing file + if err.kind() != std::io::ErrorKind::NotFound { + bail!("could not remove protection file: {err}"); + } + } + if let DatastoreBackend::S3(s3_client) = self.backend()? { + let object_key = crate::s3::object_key_from_path( + &backup_dir.relative_path(), + PROTECTED_MARKER_FILENAME, + ) + .context("invalid protected marker object key")?; + if let Err(err) = + proxmox_async::runtime::block_on(s3_client.delete_object(object_key)) + { + std::fs::File::create(&protected_path) + .map_err(|err| format_err!("could not re-create protection file: {err}"))?; + return Err(err); + } } } -- 2.47.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel