Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storage: Add support for storage bucket backup (from Incus) #13924

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Storage: Add support for storage bucket backup (from Incus) #13924

wants to merge 19 commits into from

Conversation

boltmark
Copy link
Contributor

@boltmark boltmark commented Aug 12, 2024
edited
Loading

This PR adds support for storage bucket backups. It includes cherry-picks from lxc/incus#365, and the below description comes in part from the associated incus PR.

Description

API

The following endpoints are added, along with the storage_bucket_backup extension:

GET /1.0/storage-pools/<pool>/buckets/<bucket>/backups

POST /1.0/storage-pools/<pool>/buckets/<bucket>/backups

GET /1.0/storage-pools/<pool>/buckets/<bucket>/backups/<name>

POST /1.0/storage-pools/<pool>/buckets/<bucket>/backups/<name>

DELETE /1.0/storage-pools/<pool>/buckets/<bucket>/backups/<name>

GET /1.0/storage-pools/<pool>/buckets/<bucket>/backups/<name>/export

Export

CLI

$ lxc storage bucket export
Description:
  Export storage buckets as tarball.

Usage:
  lxc storage bucket export [<remote>:]<pool> <bucket> [<path>] [flags]

Examples:
  lxc storage bucket default b1
      Download a backup tarball of the b1 storage bucket.

Flags:
      --compression   Define a compression algorithm: for backup or none
      --target        Cluster member name

Global Flags:
      --debug          Show all debug messages
      --force-local    Force using the local unix socket
  -h, --help           Print help
      --project        Override the source project
  -q, --quiet          Don't show progress information
      --sub-commands   Use with help or --help to view sub-commands
  -v, --verbose        Show all information messages
      --version        Print version number

$ lxc storage bucket export default bucket0
Backup exported successfully!

Archive

The export command creates a tarball from the defined bucket, which is structured as follows:

bucket0.tar.gz
├── backup
│   └── index.yaml
│   └── bucket
    │   └── file1
    │   └── file2
  • The bucket directory contains the actual data
  • backup.yml contains the bucket metadata and keys:
name: bucket0
backend: dir
pool: default
config:
  bucket:
    config: {}
    description: ""
    name: bucket0
    s3_url: ""
    location: none
  bucket_keys:
  - description: Admin user
    role: admin
    access-key: OO9O3OXLJWMED0W8P2I5
    secret-key: Ny4W9glDRFks7DzxlPQibREOAUSc1De9Yv0mOkuY
    name: admin
  - description: ""
    role: read-only
    access-key: JIY5PI6RPQWP7CAKJN57
    secret-key: APC95jzb9u7XUKw7J7AWAdVnaNVbjqj5dOLddkhT
    name: reader

Import

CLI

$ lxc storage bucket import
Description:
  Import backups of storage buckets.

Usage:
  lxc storage bucket import [<remote>:]<pool> <backup file> [<bucket>] [flags]

Examples:
  lxc storage bucket import default backup0.tar.gz
                Create a new storage bucket using backup0.tar.gz as the source.

Flags:
      --target   Cluster member name

Global Flags:
      --debug          Show all debug messages
      --force-local    Force using the local unix socket
  -h, --help           Print help
      --project        Override the source project
  -q, --quiet          Don't show progress information
      --sub-commands   Use with help or --help to view sub-commands
  -v, --verbose        Show all information messages
      --version        Print version number

$ lxc storage bucket import default backup.tar.gz bucket0
Backup exported successfully!

Design decisions of note

  • One of the existing bucket keys is used by default, as everyone can at least read the bucket.
  • A TransferManager struct is implemented, which utilizes MinIO to handle downloading files from a bucket to create the backup, and uploading files to a bucket when creating a bucket from a backup.

Overall, what's been changed

  • The command storage bucket export and storage bucket import has been added to the command line interface (CLI).
  • New APIs added
  • Added new functionality for performing storage bucket backups and cleaning up expired backups
  • Added new functionality for importing storage bucket backups
  • Updated API and CLI documentation

@github-actions github-actions bot added Documentation Documentation needs updating API Changes to the REST API labels Aug 12, 2024
@boltmark boltmark changed the title Storage: Add support for storage buckets backup Storage: Add support for storage bucket backup Aug 12, 2024
@boltmark boltmark changed the title Storage: Add support for storage bucket backup Storage: Add support for storage bucket backup (from Incus) Aug 12, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 12, 2024
View reviewed changes
lxd/backup.go Fixed Show fixed Hide fixed
lxd/backup.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/storage/s3/transfer_manager.go Fixed Show resolved Hide resolved
@boltmark boltmark force-pushed the storage-buckets-backup branch from 08a58ba to 8fdf38f Compare August 15, 2024 16:15
@github-actions GitHub Actions
Copy link

Heads up @mionaalex - the "Documentation" label was applied to this issue.

@boltmark boltmark force-pushed the storage-buckets-backup branch 4 times, most recently from 19cae2b to 8b2a40c Compare August 16, 2024 01:30
@boltmark

This comment was marked as outdated.

Sign in to view
@boltmark boltmark force-pushed the storage-buckets-backup branch from 8b2a40c to 94eb9bf Compare August 22, 2024 00:29
@boltmark boltmark force-pushed the storage-buckets-backup branch 6 times, most recently from eb04463 to ccbbddd Compare September 4, 2024 05:44
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2024
View reviewed changes
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2024
View reviewed changes
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
lxd/backup/backup_bucket.go Fixed Show fixed Hide fixed
@boltmark boltmark force-pushed the storage-buckets-backup branch 9 times, most recently from d70a96f to b1894d6 Compare September 5, 2024 15:35
@tomponline
Copy link
Member

please can you rebase

@boltmark boltmark force-pushed the storage-buckets-backup branch 3 times, most recently from 4a4b0ad to a58a3e1 Compare February 3, 2025 18:36
@boltmark
Copy link
Contributor Author

boltmark commented Feb 3, 2025

@tomponline I've isolated the storage bucket backups functionality as discussed, though I'm seeing the pipeline fail due to large lxc binary size:
FAIL: lxc binary size exceeds 15MiB

I'm not entirely sure what to do about this.

@tomponline
Copy link
Member

@simondeziel can point u in right direction to update this (if the growth is expected, but it sounds like you may have increasex the lxc command unexpectedly via import changes)

simondeziel
simondeziel reviewed Feb 3, 2025
View reviewed changes
client/lxd_storage_buckets.go Outdated
return nil, err
}

op, _, err := r.queryOperation("POST", fmt.Sprintf("/storage-pools/%s/buckets/%s/backups", url.PathEscape(poolName), url.PathEscape(bucketName)), backup, "", true)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use string concatenation ("/storage-pools"+url.PathEscape(poolName)+"/buckets/"+...) instead of fmt.Sprintf().

Same applies to each of the new funcs.

lxd/project/project.go Outdated
@@ -123,6 +123,11 @@ func StorageVolumeProjectFromRecord(p *api.Project, volumeType int) string {
return api.ProjectDefaultName
}

// StorageBucket adds the "<project>_prefix" to the storage bucket name. Even if the project name is "default".
func StorageBucket(projectName string, storageBucketName string) string {
return fmt.Sprintf("%s%s%s", projectName, separator, storageBucketName)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return fmt.Sprintf("%s%s%s", projectName, separator, storageBucketName)
return projectName + separator + storageBucketName

lxd/storage/s3/transfer_manager.go Outdated
}

fi := instancewriter.FileInfo{
FileName: fmt.Sprintf("backup/bucket/%s", objectInfo.Key),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
FileName: fmt.Sprintf("backup/bucket/%s", objectInfo.Key),
FileName: "backup/bucket/" + objectInfo.Key,

lxd/storage/s3/transfer_manager.go Outdated
func (t TransferManager) getEndpoint() string {
hostname := t.s3URL.Hostname()
if validate.IsNetworkAddressV6(hostname) == nil {
hostname = fmt.Sprintf("[%s]", hostname)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
hostname = fmt.Sprintf("[%s]", hostname)
hostname = "[" + hostname + "]"

lxd/storage/s3/transfer_manager.go Outdated
hostname = fmt.Sprintf("[%s]", hostname)
}

return fmt.Sprintf("%s:%s", hostname, t.s3URL.Port())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return fmt.Sprintf("%s:%s", hostname, t.s3URL.Port())
return hostname + ":" + t.s3URL.Port()

lxd/storage/s3/transfer_manager.go Fixed Show resolved Hide resolved
lxd/storage/s3/transfer_manager.go Outdated
DisableCompression: true,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dunno if that'd be applicable here but we have some helper function to get a TLS/HTTPS enabled connection where it uses some LXD specific tweaks like requiring TLS 1.3+.

lxd/storage_buckets.go Outdated
defer revert.Fail()

// Create temporary file to store uploaded backup data.
backupFile, err := os.CreateTemp(shared.VarPath("backups"), fmt.Sprintf("%s_", backup.WorkingDirPrefix))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
backupFile, err := os.CreateTemp(shared.VarPath("backups"), fmt.Sprintf("%s_", backup.WorkingDirPrefix))
backupFile, err := os.CreateTemp(shared.VarPath("backups"), backup.WorkingDirPrefix+"_")

test/suites/storage_buckets.sh
@@ -186,3 +186,107 @@ EOF

delete_object_storage_pool "${poolName}"
}

test_storage_bucket_export() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At first glance, that's a rather extensive test script, thanks for that!!

test/suites/storage_buckets.sh Outdated
@@ -186,3 +186,107 @@ EOF

delete_object_storage_pool "${poolName}"
}

test_storage_bucket_export() {
# shellcheck disable=2039,3043
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Disabling those shouldn't be needed AFAIK.

@simondeziel
Copy link
Member

@tomponline I've isolated the storage bucket backups functionality as discussed, though I'm seeing the pipeline fail due to large lxc binary size: FAIL: lxc binary size exceeds 15MiB

main has lxc at 15717840 bytes ATM. You PR barely brings it above this with:

+ '[' 15746576 -gt 15728640 ']'
FAIL: lxc binary size exceeds 15MiB

15746576 (your PR) - 15717840 (main) = 28736 => ~28KiB.

I'm not entirely sure what to do about this.

It seems like lxc has slowly been growing and your PR just happen to make it above the 15MiB limit. We can probably bump it to 16MiB for now and think about putting it to diet later on ;)

@boltmark boltmark force-pushed the storage-buckets-backup branch from a58a3e1 to 818d31b Compare February 5, 2025 04:19
maveonair and others added 19 commits February 4, 2025 20:20
@maveonair @boltmark
api: Add storage_bucket_backup extension
f776e38 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 21ed02ae159abd398ea623406101f877d4092b59)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
shared/api: Add storage bucket backup
18b8450 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 95bfa8881566ab6a66135a4709065d97feeaaa6b)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxd/db: Add storage bucket backup functions
ab12981 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit b2dbe44d3447c554d9d7e5d4ee855238a7b27c6e)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxd/db/operation: Add storage volume backup types
bdf171a 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 8f0061f699db14ba101378ca4314c3ee33afd93c)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxd/lifecycle: Add storage bucket backup events
56cd88b 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit f4b0e4dad87ebc1bd0cc94d9b6b0cdaa0a848020)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxd/project: Add StorageBucket function
d611d33 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit db96183b5d2f728bcf92f65b54e9265a8ff7a5f5)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxd/storage/s3: Add transfer manager
2209878 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 5f6dbb7bea79b315797533d792ff81c3a0bc8fbb)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxd: Add storage bucket backup
d7a1148 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit d5b4350adc2f318ed9fdfd1078eaf8e7f00e8f88)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@boltmark
lxd/auth/drivers: Add can_manage_backups to type storage_bucket
edfcc58 
Signed-off-by: Mark Bolton <[email protected]>
@boltmark
lxd/auth: Run make update-auth
ae2179d 
Signed-off-by: Mark Bolton <[email protected]>
@boltmark
lxd/metadata: Run make update-metadata
8eb0c8f 
Signed-off-by: Mark Bolton <[email protected]>
@boltmark
doc: Run make update-metadata
0271867 
Signed-off-by: Mark Bolton <[email protected]>
@maveonair @boltmark
client: Add storage bucket backup
3c45ed1 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 679ce9355b1f16cbf2a825eb3f0b901b80f35298)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
lxc: Add storage bucket import/export
3460da0 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 2e6756328f2e72b1d2b1704a2b2b4373230e2cee)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@maveonair @boltmark
doc/rest-api: Refresh swagger YAML
e71202f 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 98693c062efc05ec500022e7032e63ca96c291ba)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@boltmark
lxc: Use errors.New instead of fmt.Errorf
9b9bbe8 
Signed-off-by: Mark Bolton <[email protected]>
@maveonair @boltmark
test: Add storage bucket backup
4ab6aba 
Signed-off-by: Fabian Mettler <[email protected]>
(cherry picked from commit 50f73d42057032403b29e5986763d265cfcb5256)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@boltmark
.github/workflows: Update max lxc binary size to 16MiB
16a2742 
Signed-off-by: Mark Bolton <[email protected]>
@boltmark
i18n: Update translation templates
1bf4b1a 
Signed-off-by: Mark Bolton <[email protected]>
@boltmark boltmark force-pushed the storage-buckets-backup branch from 818d31b to 1bf4b1a Compare February 5, 2025 04:23
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 5, 2025
View reviewed changes
lxd/storage/s3/transfer_manager.go
IdleConnTimeout: 30 * time.Second,
DisableCompression: true,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simondeziel simondeziel simondeziel left review comments

@tomponline tomponline tomponline requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
API Changes to the REST API Documentation Documentation needs updating
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@boltmark @tomponline @simondeziel @maveonair