New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tarsnap: add symlink options and a restore service #37897
Conversation
A new option `explicitSymlinks` will set `-H` when creating an archive. This option makes tarsnap follow any symlinks specified explicitly on the commandline, but not any found inside the file tree. A new option `followSymlinks` will set `-L` when creating an archive. This option makes tarsnap follow any symlinks found anywhere in the file tree instead of storing them as-is.
This service will never run automatically, but it encapsulates the necessary logic and configuration to run a restore of the latest archive, and allows to hook more specific logic, such as loading a database dump, via `postStart`.
4121dcc
to
bde525a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, locking snippet is symmetrical to Tarsnap archive service.
description = "Tarsnap restore '${name}'"; | ||
requires = [ "network-online.target" ]; | ||
|
||
path = [ pkgs.iputils pkgs.tarsnap pkgs.utillinux ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: path = with pkgs; [ iputils tarsnap utillinux ];
|
||
path = [ pkgs.iputils pkgs.tarsnap pkgs.utillinux ]; | ||
|
||
## |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Empty comment?
''; | ||
|
||
script = | ||
let |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: seemingly, indentation is off.
script = let
...
in
|
||
## | ||
preStart = '' | ||
while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: should probably be split to multiple lines to fit 80 chars.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sits at 88 characters, but only because of indentation. I think leaving it as-is is more readable than splitting it.
mkdir -p ${cfg.cachedir} | ||
chmod 0700 ${cfg.cachedir} | ||
|
||
( flock 9 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By the way, why one has to lock and write to files in cache dir? Seems like running tarsnap --fsck
should be enough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this module generates one service per archive, all with the same period, they all fire at the same time. The flock
dance prevents locking issues while --fsck
runs.
I have my doubts about the double flock
just to have the unit abort, when you can presumably achieve the same thing with flock -n
, but I did not write the original part, and it has no comments to the respect, so I'm unwilling to touch.
The part was introduced in this commit two years ago by @abbradar. Perhaps he is willing to comment on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've traced back my email exchange with tarsnap developers and my possible thought process, which runs like this:
- Lock
lockf
which is a locktarsnap
also uses; - Check if
firstrun
exists. This is our own lock that is used to force systemd services to order themselves; - If it doesn't exist create and lock it; we need to release our lock on
lockf
fortarsnap
to do its job; - When it's done we relock
lockf
(I likely did this for consistency -- it shouldn't be needed);
Then we perform the operation itself, locking firstrun
in process.
While tarsnap --fsck
still starts lockf
isn't locked; that's why we keep firstrun
locked to avoid a race condition when other operation can start before it. lockf
itself is locked so that we can check if firstrun
exists to decide if --fsck
is needed. Hence double locking -- this should have been commented in the code.
Perhaps this can be simplified somehow?
EDIT: First message was inconsistent babble because I was thinking while writing :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To answer @mkaito -- this locking doesn't abort units, it properly orders them instead. I don't think it's a good idea to make a backup unit abort if another one is already running.
Evaluates with |
Motivation for this change
Improvements to the tarsnap module
Things done
The options are:
exclusiveSymlinks
will set-H
.followSymlinks
will set-L
.The restore service is a mirror of the archive service, but does not ever run
automatically. It serves as a known interface to restore the last archive
(
systemctl start tarsnap-restore-foo
), as well as providing a hook viapostStart
to run service-specific post-restore logic, such as loadinga database dump.
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)