Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix audit log import to MySQL flag removal for old snapshots and skip rsync'ed indices #487

Merged
merged 6 commits into from May 3, 2019
Merged

Fix audit log import to MySQL flag removal for old snapshots and skip rsync'ed indices #487

merged 6 commits into from May 3, 2019

Conversation

juruen
Copy link
Contributor

@juruen juruen commented May 1, 2019
edited

This PR solves two issues that could potentially cause data loss in the upcoming 2.17 version.

Fix audit log import flag

Problem

If an old snapshot (<2.17) is restored in a 2.17 instance where the audit import to MySQL is marked as complete in /data/user/common/audit-log-import/complete, the restored instance wrongly keeps the flag that indicates the import is complete.

This could cause a data loss because under certain circumstances a new backup would assume that data is migrated to MySQL when it's not.

Solution

The solution is simple: if a restored snapshot doesn't contain an audit-log-mysql directory, it means it's an old snapshot. In that case, we remove the flag on the instance where the restore is happening.

Skip rsync'ed audit log indices when GHE_BACKUP_ES_AUDIT_LOGS=no

Problem

Audit log indices can be backed up from:

  • MySQL
  • Elasticsearch through JSON dumps
  • Elasticsearch through rsync

When GHE_BACKUP_ES_AUDIT_LOGS=no only MySQL should be used.

JSON dumps are correctly skipped, however all the indices including the audit log ones are rsynced in a subsequent step.

Solution

When GHE_BACKUP_ES_AUDIT_LOGS=no and the import is complete, we configure the rsync step to ignore all the audit log indices.

To do so, we build a file that contains the UUIDs of the audit log indices. Note this is what is used in disk and not the actual index name.

The UUIDs are fetched through a simple:

curl -s http://localhost:9201/_cat/indices/audit_log?h=uuid

The file containing this list is passed as a--exclude-from rsync parameter that contains one directory/pattern to exclude per line.

@juruen juruen changed the title Fix audit log import to MySQL flag removal for old snapshots Fix audit log import to MySQL flag removal for old snapshots and skip rsync'ed indices May 2, 2019
@juruen juruen marked this pull request as ready for review May 2, 2019 13:46
@juruen juruen requested review from rubiojr, anth1y and dctucker May 2, 2019 13:46
anth1y
anth1y approved these changes May 2, 2019
View reviewed changes
Copy link

@anth1y anth1y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the comments... lgtm

@juruen juruen merged commit 1720736 into master May 3, 2019
@juruen juruen deleted the juruen/fix-auditlog-flag branch May 3, 2019 07:40
bonsohi added a commit that referenced this pull request Aug 29, 2023
@bonsohi
Merge pull request #487 from github/enterprise-3.10-backport-486-fix-…
1f90d8d 
…es-backup-failures

Backport 486 for 3.10: Remove "exit on error" mode from helper script track-progress
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anth1y anth1y anth1y approved these changes

@dctucker dctucker dctucker approved these changes

@rubiojr rubiojr Awaiting requested review from rubiojr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@juruen @anth1y @dctucker