Make "read" commands/operations really read-only. #3639

julio-lopez · 2024-02-08T01:15:34Z

IOW, ensure no writes are performed during read operations such as snapshot list, snapshot restore, repo connect, etc.

The execution of read commands, such as snapshot list among many others, is expected to only read data from the (kopia) repository and not perform any writes or change the repository in any way.

Performing read-only operations is safer overall.
It allows for use cases where the repository is only accessible in read-only mode, for example, due to credentials that only have read permissions.
Performing writes during read commands is often unexpected and may lead to bad user experience, such as taking a long time to complete simple commands such as snapshot list or repo connect.

At the moment, kopia performs a write operations, primarily related to opportunistic cleanup tasks:

repository maintenance (Repository maintenance should only run after specific write operations #3174)
index compaction (Avoid index (epoch) cleanup and compaction during index reads #3638)
manifests compaction and maintenance
others ????

The objective is ensure only reads are issued to the storage during these commands.

The short term plan is to address solve the specific issues related to epoch index compaction (#3638) and repository maintenance (#3174).

Long term, we should consider adding the concept of an internal "read-only" session for operations to ensure (potentially at compile time) that no writes are performed in these read-only cases.

The text was updated successfully, but these errors were encountered:

Refactor: move index compaction and cleanup out of refreshAttemptLocked Introduces an `allowWritesOnLoadHelper` to check whether or not writes can be performed when loading the indexes. Currently this is only a function of whether the storage is in read-only mode. In the near future, an explicit flag will be added to control this behavior. Fix epoch manager: avoid single-epoch compaction when writes are disallowed. Functional change: prevents compacting single epochs when writes are disallowed, that is when using read-only storage. Currently, the epoch manager will attempt to perform single-epoch compactions for all eligible epochs, even on read-only storage. Ref: - #3224 - #3225 - #3638 - #3639

Conditionally disables epoch index maintenance operations when loading indexes. This prevents (potentially expensive) cleanup write operations on the index read path. The behavior is controlled via the `epoch.Manager.allowCleanupWritesOnIndexLoad` field, which can be temporarily overridden via an environment variable. This override mechanism will be removed in the near future. Refs: - #3174 - #3224 - #3225 - #3638 - #3639

@plar

Extracted from kopia#3651. Thanks to @plar and @redgoat650 for the suggestions. Ref: - kopia#3603 - kopia#3645 - kopia#3638 - kopia#3639

@plar

Extracted from #3651. Thanks to @plar and @redgoat650 for the suggestions. Ref: - #3603 - #3645 - #3638 - #3639

Refactor: move index compaction and cleanup out of refreshAttemptLocked Introduces an `allowWritesOnLoadHelper` to check whether or not writes can be performed when loading the indexes. Currently this is only a function of whether the storage is in read-only mode. In the near future, an explicit flag will be added to control this behavior. Fix epoch manager: avoid single-epoch compaction when writes are disallowed. Functional change: prevents compacting single epochs when writes are disallowed, that is when using read-only storage. Currently, the epoch manager will attempt to perform single-epoch compactions for all eligible epochs, even on read-only storage. Ref: - kopia#3224 - kopia#3225 - kopia#3638 - kopia#3639

…#3645) Conditionally disables epoch index maintenance operations when loading indexes. This prevents (potentially expensive) cleanup write operations on the index read path. The behavior is controlled via the `epoch.Manager.allowCleanupWritesOnIndexLoad` field, which can be temporarily overridden via an environment variable. This override mechanism will be removed in the near future. Refs: - kopia#3174 - kopia#3224 - kopia#3225 - kopia#3638 - kopia#3639

Add: - epoch.Manager.MaybeCompactSingleEpoch - getCompactedEpochRange helper - oldestUncompactedEpoch helper - TestOldestUncompactedEpoch - Tests for MaybeCompactSingleEpoch Ref: - Subset and dependency of #3651 - Depends on #3735 - Avoid index (epoch) cleanup and compaction during index reads #3638 - Make "read" commands/operations really read-only. #3639

Refactor: move index compaction and cleanup out of refreshAttemptLocked Introduces an `allowWritesOnLoadHelper` to check whether or not writes can be performed when loading the indexes. Currently this is only a function of whether the storage is in read-only mode. In the near future, an explicit flag will be added to control this behavior. Fix epoch manager: avoid single-epoch compaction when writes are disallowed. Functional change: prevents compacting single epochs when writes are disallowed, that is when using read-only storage. Currently, the epoch manager will attempt to perform single-epoch compactions for all eligible epochs, even on read-only storage. Ref: - kopia#3224 - kopia#3225 - kopia#3638 - kopia#3639

…#3645) Conditionally disables epoch index maintenance operations when loading indexes. This prevents (potentially expensive) cleanup write operations on the index read path. The behavior is controlled via the `epoch.Manager.allowCleanupWritesOnIndexLoad` field, which can be temporarily overridden via an environment variable. This override mechanism will be removed in the near future. Refs: - kopia#3174 - kopia#3224 - kopia#3225 - kopia#3638 - kopia#3639

…3651) Perform index epoch compaction and cleanup during repository maintenance * refactor: rename maintenance task for deleting superseded indexes * maintenance task to cleanup epoch markers * maintenance task to advance write index epoch * maintenance task to compact epoch ranges * quick maintenance task to compact a single (index) epoch * full maintenance task to compact a single (index) epoch Ref: - #3638 - #3639 Followup to: - #3603 - #3645 Related helpers and changes: - #3721 - #3735 - #3709 - #3728 - #3727 - #3726

…opia#3651) Perform index epoch compaction and cleanup during repository maintenance * refactor: rename maintenance task for deleting superseded indexes * maintenance task to cleanup epoch markers * maintenance task to advance write index epoch * maintenance task to compact epoch ranges * quick maintenance task to compact a single (index) epoch * full maintenance task to compact a single (index) epoch Ref: - kopia#3638 - kopia#3639 Followup to: - kopia#3603 - kopia#3645 Related helpers and changes: - kopia#3721 - kopia#3735 - kopia#3709 - kopia#3728 - kopia#3727 - kopia#3726

Change default 'allowWritesOnIndexLoad' to false when env var is unset Add TestNoEpochAdvanceOnIndexRead Ref: - Followup to #3645 - Avoid index (epoch) cleanup and compaction during index reads #3638 - Make "read" commands/operations really read-only. #3639

…3834) Cleanup. - Fixes: #3638 - #3639

…opia#3834) Cleanup. - Fixes: kopia#3638 - kopia#3639

julio-lopez added bug ux User eXperience enterprise For anything enterprise related helping reqs from the industry. keep-open resource-utilization labels Feb 8, 2024

julio-lopez mentioned this issue Feb 16, 2024

refactor(general): perform index compaction during repo maintenance #3651

Merged

6 tasks

julio-lopez added a commit to kastenhq/kopia that referenced this issue Mar 12, 2024

refactor(general): add epoch.getKeyRange helper

e5104a4

Extracted from kopia#3651. Thanks to @plar and @redgoat650 for the suggestions. Ref: - kopia#3603 - kopia#3645 - kopia#3638 - kopia#3639

julio-lopez mentioned this issue Mar 12, 2024

refactor(general): add epoch.getKeyRange helper #3721

Merged

julio-lopez added a commit that referenced this issue Mar 12, 2024

refactor(general): add epoch.getKeyRange helper (#3721)

e143c71

Extracted from #3651. Thanks to @plar and @redgoat650 for the suggestions. Ref: - #3603 - #3645 - #3638 - #3639

julio-lopez mentioned this issue Mar 19, 2024

refactor(general): add epoch.Manager.MaybeCompactSingleEpoch #3728

Merged

julio-lopez mentioned this issue Mar 22, 2024

refactor(general): add epoch.Manager.MaybeGenerateRangeCheckpoint #3727

Merged

julio-lopez mentioned this issue May 1, 2024

refactor(general): remove ability to enable compaction on index load #3834

Merged

julio-lopez added a commit that referenced this issue May 1, 2024

refactor(general): remove ability to enable compaction on index load (#…

ad06bb2

…3834) Cleanup. - Fixes: #3638 - #3639

Lyndon-Li pushed a commit to Lyndon-Li/kopia that referenced this issue Jun 3, 2024

refactor(general): remove ability to enable compaction on index load (k…

419c535

…opia#3834) Cleanup. - Fixes: kopia#3638 - kopia#3639

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make "read" commands/operations really read-only. #3639

Make "read" commands/operations really read-only. #3639

julio-lopez commented Feb 8, 2024 •

edited

Loading

Make "read" commands/operations really read-only. #3639

Make "read" commands/operations really read-only. #3639

Comments

julio-lopez commented Feb 8, 2024 • edited Loading

julio-lopez commented Feb 8, 2024 •

edited

Loading