From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 64919954A6 for ; Wed, 18 Jan 2023 10:29:57 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4752E1DDBD for ; Wed, 18 Jan 2023 10:29:27 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 18 Jan 2023 10:29:25 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2C50F446B4 for ; Wed, 18 Jan 2023 10:29:25 +0100 (CET) Date: Wed, 18 Jan 2023 10:29:18 +0100 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Stoiko Ivanov Cc: Proxmox VE development discussion References: <20230116122120.4063364-1-f.gruenbichler@proxmox.com> <20230117150739.4718f90a@rosa.proxmox.com> In-Reply-To: <20230117150739.4718f90a@rosa.proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1674033788.n7evldcam0.astroid@yuna.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.135 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [RFC manager] vzdump: exclude zfs control dirs by default X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2023 09:29:57 -0000 On January 17, 2023 3:07 pm, Stoiko Ivanov wrote: > Thanks for tackling this and providing the patch >=20 > LGTM code-wise and I think the potential for regression should be pretty > small (plus users who want this can always adapt the vzdump invocation). >=20 > small nit on the commit-message: >=20 > On Mon, 16 Jan 2023 13:21:20 +0100 > Fabian Gr=C3=BCnbichler wrote: >=20 >> else in the face of snapdir=3Dvisible on a ZFS-backed mountpoint/rootfs,= creating >> stop mode backups will fail (because automounting on access of >> .zfs/snapshot/XXX fails), and restoring a suspend mode backup onto a ZFS >=20 > While trying to reproduce this for a quick test I was confused - until I > noticed - that the first backup in any mode (suspend/stop) always works, > it's from the second backup where suspend and stop fail >=20 > The reason is that the first backup automounts the/all snapshots in the > PVE node, and the second backup again triggers a mount (probably due to > the different mount namespace), which in turn fails (because the snapshot > is already mounted. we did some more testing, and it's actually a tad bit more complicated.. so I'd adapt the commit message to say else in the face of snapdir=3Dvisible on a ZFS-backed mountpoint/rootfs, cr= eating stop or suspend mode backups will fail under certain circumstances (because automounting on access of .zfs/snapshot/XXX fails), and restoring a (successful) backup made in suspend mode onto a ZFS storage will fail (beca= use an attempt to `mkdir /path/to/target/.zfs/snapshot/XXX` fails - or worse, i= f the "zfs_admin_snapshot" module parameter is enabled, will create an XXX snapsh= ot for the newly-restored dataset). the exact failure modes are as follows: - suspend mode backups work, as long as the container is not restarted betw= een backups and only suspend mode is used - suspend mode backups fail if snapshots have been auto-mounted and the auto-mount was triggered outside the currently running container instance (= i.e., by a stop mode backup, directly on the host, before a container reboot, ..) - first stop mode backup is fine, if no snapshots have been auto-mounted ye= t - stop mode backup fails if auto-mounting has happened in any fashion befor= e the backup was started >=20 > w/ w/o a potential adaptation of the commit message: > Tested-by: Stoiko Ivanov > Reviewed-by: Stoiko Ivanov >=20 >> storage will fail (because an attempt to `mkdir /path/to/target/.zfs/sna= pshot/XXX` >> fails - or worse, if the "zfs_admin_snapshot" module parameter is enable= d, will >> create an XXX snapshot for the newly-restored dataset). >>=20 >> the two sub directories of .zfs were chosen to decrease the chance of fa= lse >> positives, since backing up or restoring the .zfs dir itself is unproble= matic. >>=20 >> Signed-off-by: Fabian Gr=C3=BCnbichler >> --- >>=20 >> Notes: >> see https://forum.proxmox.com/threads/restore-cannot-mkdir-permissio= n-denied.121096 >> =20 >> alternatively, this could also be handled in pve-container by checki= ng for each >> mountpoint and explicitly skipping .zfs only if that mountpoint is a= ctually >> backed by a ZFS storage.. >> =20 >> if this patch is ACKed, the description of 'stdexcludes' in pve-gues= t-common should >> probably also be updated.. >>=20 >> PVE/VZDump.pm | 2 ++ >> 1 file changed, 2 insertions(+) >>=20 >> diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm >> index a04837e7..9b9d37a8 100644 >> --- a/PVE/VZDump.pm >> +++ b/PVE/VZDump.pm >> @@ -542,6 +542,8 @@ sub new { >> '/tmp/?*', >> '/var/tmp/?*', >> '/var/run/?*.pid', >> + '.zfs/snapshot', >> + '.zfs/shares', >> ; >> } >> =20 >=20 >=20