• Robert Haas's avatar
    Generate backup manifests for base backups, and validate them. · 0d8c9c12
    Robert Haas authored
    A manifest is a JSON document which includes (1) the file name, size,
    last modification time, and an optional checksum for each file backed
    up, (2) timelines and LSNs for whatever WAL will need to be replayed
    to make the backup consistent, and (3) a checksum for the manifest
    itself. By default, we use CRC-32C when checksumming data files,
    because we are trying to detect corruption and user error, not foil an
    adversary. However, pg_basebackup and the server-side BASE_BACKUP
    command now have options to select a different algorithm, so users
    wanting a cryptographic hash function can select SHA-224, SHA-256,
    SHA-384, or SHA-512. Users not wanting file checksums at all can
    disable them, or disable generating of the backup manifest altogether.
    Using a cryptographic hash function in place of CRC-32C consumes
    significantly more CPU cycles, which may slow down backups in some
    cases.
    
    A new tool called pg_validatebackup can validate a backup against the
    manifest. If no checksums are present, it can still check that the
    right files exist and that they have the expected sizes. If checksums
    are present, it can also verify that each file has the expected
    checksum. Additionally, it calls pg_waldump to verify that the
    expected WAL files are present and parseable. Only plain format
    backups can be validated directly, but tar format backups can be
    validated after extracting them.
    
    Robert Haas, with help, ideas, review, and testing from David Steele,
    Stephen Frost, Andrew Dunstan, Rushabh Lathia, Suraj Kharage, Tushar
    Ahuja, Rajkumar Raghuwanshi, Mark Dilger, Davinder Singh, Jeevan
    Chalke, Amit Kapila, Andres Freund, and Noah Misch.
    
    Discussion: http://postgr.es/m/CA+TgmoZV8dw1H2bzZ9xkKwdrk8+XYa+DC9H=F7heO2zna5T6qg@mail.gmail.com
    0d8c9c12
basebackup.c 64.6 KB