[bacula/bacula] / bacula / kernstodo

                 Kern's ToDo List
                 22 December 2002

Documentation to do: (a little bit at a time)
- Document running a test version.
- Make sure restore options are documented
- Document query file format.

Testing to do: (painful)
- that restore options work in FD (mostly done).
- that console command line options work
- blocksize recognition code.

For 1.28 release:
- Look at ua_prune.c in detail. Why did JobType work at all??????
- Implement FileOptions (see end of this document)
- Make hash table for linked files in findlib/find_one.c:161
- Make bcopy read through bad tape records.
- Need a verbose mode in restore, perhaps to bsr.
- Should we dump a SOS when starting a new tape?
- bscan without -v is too quiet -- perhaps show jobs.
- Add code to reject whole blocks if not wanted on restore.

- Figure out how to allow multiple simultaneous file Volumes on
  a single device.
- Start working on Base jobs.
- Make sure the MaxVolFiles is fully implemented in SD
- Flush all the daemon messages at the end of every job.
- Check if both CatalogFiles and UseCatalog are set to SD.
- Check if we can increase Bacula FD priorty in Win2000
- Need return status on read_cb() from read_records(). Need multiple
  records -- one per Job, maybe a JCR or some other structure with
  a block and a record.

- Implement Bacula plugins -- design API

- Work more on how to to a Bacula restore beginning with
  just a Bacula tape and a boot floppy (bare metal recovery).
- Try bare metal Windows restore
- Fix read_record to handle multiple sessions.
- Program files (i.e. execute a program to read/write files).
  Pass read date of last backup, size of file last time.
- Put system type returned by FD into catalog.
- Possibly add email to Watchdog if drive is unmounted too
  long and a job is waiting on the drive.
- Strip trailing slashes from Include directory names in the FD.
- Use read_record.c in SD code.
- Why don't we get an error message from Win32 FD when bootstrap 
  file cannot be created for restore command?
- When Marking a file in Restore that is a hard link, also
  mark the link so that the data will be reloaded.
- Restore program that errors in SD due to no tape reports
  OK incorrectly in output.
- After unmount, if restore job started, ask to mount.
- Fix db_get_fileset in cats/sql_get.c for multiple records.
- Fix catalog filename truncation in sql_get and sql_create. Use
  only a single filename split routine.
- Make Restore report an error if FD or SD term codes are not OK.
- Convert all %x substitution variables, which are hard to remember
  and read to %(variable-name).  Idea from TMDA.
- Add JobLevel in FD status (but make sure it is defined).
- Make Pool resource handle Counter resources.
- Remove NextId for SQLite. Optimize.
- Fix gethostbyname() to use gethostbyname_r()
- Implement ./configure --with-client-only
- Strip trailing / from Include
- Move all SQL statements into a single location.
- Cleanup db_update_media and db_update_pool
- Add UA rc and history files.
- put termcap (used by console) in ./configure and
  allow -with-termcap-dir.
- Enhance time and size scanning routines.
- Fix Autoprune for Volumes to respect need for full save.
- Fix Win32 config file definition name on /install
- No READLINE_SRC if found in alternate directory.
- Add Client FS/OS id (Linux, Win95/98, ...).
- Test a second language e.g. french.
- Compare tape to Client files (attributes, or attributes and data) 
- Restore options (overwrite, overwrite if older,
   overwrite if newer, never overwrite, ...)
- Restore to a particular time -- e.g. before date, after date. 
- Make all database Ids 64 bit.
- Write an applet for Linux.
- Add estimate to Console commands
- Find solution to blank filename (i.e. path only) problem.
- Implement new daemon communications protocol.
- Remove PoolId from Job table, it exists in Media.
- Allow console commands to detach or run in background.
- Fix status delay on storage daemon during rewind.
- Add SD message variables to control operator wait time
  - Maximum Operator Wait
  - Minimum Message Interval
  - Maximum Message Interval
- Send Operator message when cannot read tape label.
- Verify level=Volume (scan only), level=Data (compare of data to file).
  Verify level=Catalog, level=InitCatalog
- Events file
- Add keyword search to show command in Console.
- Fix Win2000 error with no messages during startup.
- Events : tape has more than xxx bytes.
- Restrict characters permitted in a Resource name.
- Complete  code in Bacula Resources -- this will permit
  reading a new config file at any time.
- Handle ctl-c in Console
- Implement LabelTemplate (at least first cut).
- Implement script driven addition of File daemon to config files.
- Think about how to make Bacula work better with File archives.

- see setgroup and user for Bacula p4-5 of stunnel.c
- Implement new serialize subroutines
   send(socket, "string", &Vol, "uint32", &i, NULL)
- Audit all UA commands to ensure that we always prompt where possible.
- If ./btape is called without /dev, assume argument is a Storage resource name.
- Put memory utilization in Status output of each daemon
  if full status requested or if some level of debug on.
- Make database type selectable by .conf files i.e. at runtime
- gethostbyname failure in bnet_connect() continues
  generating errors -- should stop.
- Add HOST to Volume label.
- Set flag for uname -a.  Add to Volume label.
- Implement throttled work queue.
- Check for EOT at ENOSPC or EIO or ENXIO (unix Pc)
- Allow multiple Storage specifications (or multiple names on
  a single Storage specification) in the Job record. Thus a job 
  can be backed up to a number of storage devices.
- Implement dump label to UA
- Concept of VolumeSet during restore which is a list
  of Volume names needed.
- Restore files modified after date
- Restore file modified before date
- Emergency restore info:
  - Backup Bacula
  - Backup working directory
  - Backup Catalog
- Restore -- do nothing but show what would happen
- SET LD_RUN_PATH=$HOME/mysql/lib/mysql
- Implement Restore FileSet=
- Create a protocol.h and protocol.c where all protocol messages
  are concentrated.
- If SD cannot open a drive, make it periodically retry.
- Remove duplicate fields from jcr (e.g. jcr.level and jcr.jr.Level, ...).
- Timout a job or terminate if link goes down, or reopen link and query.
- Fill all fields in Vol/Job Header -- ensure that everything
  needed is written to tape. Think about restore to Catalog
  from tape.  Client record needs improving.
- Find general solution for sscanf size problems (as well
  as sprintf. Do at run time?
- Concept of precious tapes (cannot be reused).
- Make bcopy copy with a single tape drive.
- Permit changing ownership during restore.

- Restore should get Device and Pool information from
  job record rather than from config.
- Autolabel should be specified by DR instead of SD.
- Find out how to get the system tape block limits, e.g.:
  Apr 22 21:22:10 polymatou kernel: st1: Block limits 1 - 245760 bytes.  
  Apr 22 21:22:10 polymatou kernel: st0: Block limits 2 - 16777214 bytes.
- Storage daemon    
  - Add media capacity
  - AutoScan (check checksum of tape)
  - Format command = "format /dev/nst0"
  - MaxRewindTime
  - MinRewindTime
  - MaxBufferSize
  - Seek resolution (usually corresponds to buffer size)
  - EODErrorCode=ENOSPC or code
  - Partial Read error code
  - Partial write error code
  - Nonformatted read error
  - Nonformatted write error
  - WriteProtected error
  - IOTimeout
  - OpenRetries
  - OpenTimeout
  - IgnoreCloseErrors=yes
  - Tape=yes
  - NoRewind=yes
- Pool
  - Maxwrites
  - Recycle period
- Job
  - MaxWarnings
  - MaxErrors (job?)
=====
- FD sends unsaved file list to Director at end of job. 
- Write a Storage daemon that uses pipes and
  standard Unix programs to write to the tape.
  See afbackup.
- Need something that monitors the JCR queue and
  times out jobs by asking the deamons where they are.

- Enhance Jmsg code to permit buffering and saving to disk.
- device driver = "xxxx" for drives.
- restart: paranoid: read label fsf to
  eom read append block, and go
  super-paranoid: read label, read all files
  in between, read append block, and go
  verify: backspace, read append block, and go
  permissive: same as above but frees drive
  if tape is not valid.
- Verify from Volume
- Ensure that /dev/null works
- File daemon should build list of files skipped, and then
  at end of save retry and report any errors.
- Need report class for messages. Perhaps
  report resource where report=group of messages
- enhance scan_attrib and rename scan_jobtype, and
  fill in code for "since" option 
- Need to save contents of FileSet to tape?
- Director needs a time after which the report status is sent
  anyway -- or better yet, a retry time for the job.
  Don't reschedule a job if previous incarnation is still running.
- Figure out how to save the catalog (possibly a special FileSet).
- Figure out how to restore the catalog.
- Some way to automatically backup everything is needed????
- Need a structure for pending actions:
  - buffered messages
  - termination status (part of buffered msgs?)
- Concept of grouping Storage devices and job can use
  any of a number of devices
- Drive management
  Read, Write, Clean, Delete
- Login to Bacula; Bacula users with different permissions:
   owner, group, user, quotas
- Store info on each file system type (probably in the job header on tape.
  This could be the output of df; or perhaps some sort of /etc/mtab record.

Longer term to do:
- Design at hierarchial storage for Bacula.
- Implement FSM (File System Modules).
- Identify unchanged or "system" files and save them to a
  special tape thus removing them from the standard 
  backup FileSet -- BASE backup.
- Turn virutally all sprintfs into snprintfs.
- Heartbeat between daemons.
- Audit M_ error codes to ensure they are correct and consistent.
- Add variable break characters to lex analyzer.
  Either a bit mask or a string of chars so that
  the caller can change the break characters.
- Make a single T_BREAK to replace T_COMMA, etc.
- Ensure that File daemon and Storage daemon can
  continue a save if the Director goes down (this
  is NOT currently the case). Must detect socket error,
  buffer messages for later. 
- Enhance time/duration input to allow multiple qualifiers e.g. 3d2h

  
Projects:
            Bacula Projects Roadmap 
               17 August 2002
           last update 27 November 2002

Item 1:   Multiple simultaneous Jobs. (done)
Done

  What:   Permit multiple simultaneous jobs in Bacula.

  Why:    An enterprise level solution needs to go fast without the
          need for the system administrator to carefully tweak
          timing.  Based on the benchmarks, during a full
          backup, NetWorker typically hit 10 times the bandwidth to
          the tape compared to Bacula--largely. This is probably due to
          running parallel jobs and multi-threaded filling of buffers
          and writing them to tape.  This should also make things work
          better when you have a mix of fast and slow machines backing
          up at the same time.

  Notes:  Bacula was designed to run multiple simultaneous jobs. Thus
          implementing this is a matter of some small cleanups and
          careful testing.


Item 2:   Make the Storage daemon use intermediate file storage to buffer data.
Deferred -- not necessary yet.

  What:   If data is coming into the SD too fast, buffer it to 
          disk if the user has configured this option.

  Why:    This would be nice, especially if it more or less falls out
          when implementing (1) above.  If not, it probably should not
          be given a high priority because fundamentally the backup time
          is limited by the tape bandwidth.  Even though you may finish a
          client job quicker by spilling to disk, you still have to
          eventually get it onto tape.  If intermediate disk buffering
          allows us to improve write bandwidth to tape, it may make
          sense.

  Notes:  Whether or not this is implemented will depend upon performance
          testing after item 1 is implemented.


Item 3:   Write the bscan program -- also write a bcopy program.
Done

  What:   Write a program that reads a Bacula tape and puts all the 
          appropriate data into the catalog. This allows recovery
          from a tape that is no longer in the database, or it allows
          re-creation of a database if lost.

  Why:    This is a fundamental robustness and disaster recovery tool
          which will increase the comfort level of a sysadmin
          considering adopting Bacula.

  Notes:  A skeleton of this program already exists, but much work
          needs to be done. Implementing this will also make apparent
          any deficiencies in the current Bacula tape format.


Item 4:   Implement Base jobs.

  What:   A base job is sort of like a Full save except that you 
          will want the FileSet to contain only files that are unlikely
          to change in the future (i.e. a snapshot of most of your
          system after installing it). After the base job has been run,
          when you are doing a Full save, you can specify to exclude
          all files saved by the base job that have not been modified.

  Why:    This is something none of the competition does, as far as we know
          (except BackupPC, which is a Perl program that saves to disk
          only).  It is big win for the user, it makes Bacula stand out
          as offering a unique optimization that immediately saves time
          and money.

  Notes:  Big savings in tape usage. Will require more resources because
          the e. DIR must send FD a list of files/attribs, and the FD must
          search the list and compare it for each file to be saved.


Item 5:   Implement Label templates

  What:   This is a mechanism whereby Bacula can automatically create
          a tape label for new tapes according to a detailed specification
          provided by the user.

  Why:    It is a major convenience item for folks who use automated label
          creation.

  Notes:  Bacula already has a working form of automatic tape label
          creation, but it is very crude. The design for the complete
          tape labeling project is already documented in the manual.


Item 6:   Write a regression script.
Started

  What:   This is an automatic script that runs and tests as many features
          of Bacula as possible. The output is compared to previous
          versions of Bacula and any differences are reported.

  Why:    This is an enormous help in preventing introduction of new
          errors in parts of the program that already work correctly.

  Notes:  This probably should be ranked higher, it's something the typical
          user doesn't see.  Depending on how it's implemented, it may
          make sense to defer it until the archival tape format and
          user interface mature.


Item 7:   GUI for interactive restore
Item 8:   GUI for interactive backup

  What:   The current interactive restore is implemented with a tty
          interface. It would be much nicer to be able to "see" the
          list of files backed up in typical GUI tree format.
          The same mechanism could also be used for creating 
          ad-hoc backup FileSets (item 8).

  Why:    Ease of use -- especially for the end user.

  Notes:  Rather than implementing in Gtk, we probably should go directly
          for a Browser implementation, even if doing so meant the
          capability wouldn't be available until much later.  Not only
          is there the question of Windows sites, most
          Solaris/HP/IRIX, etc,  shops can't currently run Gtk programs
          without installing lots of stuff admins are very wary about.
          Real sysadmins will always use the command line anyway, and
          the user who's doing an interactive restore or backup of his
          own files will in most cases be on a Windows machine running
          Exploder.


Item 9:   Add SSL to daemon communications.

  What:   This provides for secure communications between the daemons.

  Why:    This would allow doing backup across the Internet without
          privacy concerns (or with much less concern).

  Notes:  The vast majority of near term potential users will be backing up
          a single site over a LAN and, correctly or not, they probably
          won't be concerned with security, at least not enough to go to
          the trouble to set up keys, etc. to screw things down.  We suspect
          that many users genuinely interested in multi-site backup
          already run some form of VPN software in their internetwork
          connections, and are willing to delegate security to that layer.


Item 10:  Define definitive tape format.
Done (version 1.27)

  What:   Define that definitive tape format that will not change 
          for the next millennium.

  Why:    Stability, security.

  Notes:  See notes for item 11 below.


Item 11:  New daemon communication protocol.

  What:   The current daemon to daemon protocol is basically an ASCII
          printf() and sending the buffer. On the receiving end, the
          buffer is sscanf()ed to unpack it. The new scheme would
          be a binary format that allows quick packing and unpacking
          of any data type with named fields.

  Why:    Using binary packing would be faster. Named fields will permit
          error checking to ensure that what is sent is what the 
          receiver really wants.

  Notes:  These are internal improvements in the interest of the
          long-term stability and evolution of the program.  On the one
          hand, the sooner they're done, the less code we have to rip
          up when the time comes to install them.  On the other hand, they
          don't bring an immediately perceptible benefit to potential
          users.  Item 10 and possibly item 11 should be deferred until Bacula
          is well established with a growing user community more or
          less happy with the feature set.  At that time, it will make a
          good "next generation" upgrade in the interest of data
          immortality.




====================================

                Request For Comments
                   10 November 2002

Subject: File Backup Options

Problem: 
  A few days ago, a Bacula user who is backing up to file volumes and
  using compression asked if it was possible to suppress compressing
  all .gz files since it was a waste of CPU time. Although Bacula
  currently permits using different options (compression, ...) on
  a directory by directory basis, it cannot do it on a file by 
  file basis, which is clearly what was desired.   

Proposed Implementation:
  To solve this problem, I propose the following:

  - Add a new Director resource type called FileOptions.  

  - The FileOptions resource will have records for all
    options that can currently be specified on the Include record 
    (in a FileSet).  Examples below.

  - The FileOptions resource will permit an exclude option as well
    as a number of additional options.

  - The heart of the FileOptions resource is the ability to
    supply any number of ApplyTo records which specify POSIX
    regular expressions.  These ApplyTo regular expressions are
    applied to the fully qualified filename (path and all). If
    one matches, then the FileOptions will be used.

  - When an ApplyTo specification matches an included file, the
    options specified in the FileOptions resource will override
    the default options specified on the Include record.

  - Include records will be modified to permit referencing one or
    more FileOptions resources.  The FileOptions will be used
    in the order listed on the Include record and the first
    one that matches will be applied.

  - Options (or specifications) currently supplied on the Include
    record will be deprecated (i.e. removed in a later version a
    year or so from now).

  - The Exclude record will be deprecated as the same functionality
    can be obtained by using an Exclude = yes in the FileOptions.

FileOptions records:
  The following records can appear in the FileOptions resource. An
  asterisk preceding the name indicates a feature not currently
  implemented.

  For Backup Jobs:
    - Compression= (GZIP, ...)
    - Signature=   (MD5, SHA1, ...)
    - *Encryption=
    - OneFs=      (yes/no)    - remain on one filesystem
    - Recurse=    (yes/no)    - recurse into subdirectories
    - Sparse=     (yes/no)    - do sparse file backup
    - *Exclude=   (yes/no)    - exclude file from being saved
    - *Reader=    (filename)  - external read (backup) program

  For Verify Jobs:
    - verify=     (ipnougsamc5) - verify options

  For Restore Jobs:
    - replace= (always/ifnewer/ifolder/never) - replace options currently
                                                implemented in 1.27
    - *Writer= (filename)   - external write (restore) program


Implementation:
  Currently options specifying compression, MD5 signatures, recursion,
  ... of a FileSet are supplied on the Include record. These will now
  all be collected into a FileOptions resource, which will be
  specified on the Include in place of the options. Multiple FileOptions
  may be specified.  Since the FileOptions contain regular expressions
  that are applied to the full filename, this will give the ability
  to specify backup options on a file by file basis to whatever level
  of detail you wish.

Example:

  Today:

    FileSet {
      Name = "FullSet"
      Include = compression=GZIP signature=MD5 {
        /
      }
    }

  Proposal:

    FileSet {
      Name = "FullSet"
      Include = FileOptions=Opts {
        /
      }
    }
    FileOptions {
      Name = Opts
      Compression = GZIP
      Signature = MD5
      ApplyTo = /*.?*/
    }

  That's a lot more to do the same thing, but it gives the ability to
  apply options on a file by file basis.  For example, suppose you
  want to compress all files but not any file with extensions .gz or .Z.
  You could do so as follows:

    FileSet {
      Name = "FullSet"
      Include = FileOptions=NoCompress FileOptions=Opts {
        /
      }
    }
    FileOptions {
      Name = Opts
      Compression = GZIP
      Signature = MD5
      ApplyTo = /*.?*/   # matches all files
    }
    FileOptions {
      Name = NoCompress
      Signature = MD5
      # Note multiple ApplyTos are ORed
      ApplyTo = /*.gz/   # matches .gz files */
      ApplyTo = /*.Z/    # matches .Z files */
    }

  Now, since the NoCompress FileOptions is specified first on the
  Include line, any *.gz or *.Z file will have an MD5 signature computed,
  but will not be compressed. For all other files, the NoCompress will not
  match, so the Opts options will be used which will include GZIP
  compression.

Questions:
  - Is it necessary to provide some means of ANDing regular expressions
    and negation?  (not currently planned)

    e.g.  ApplyTo = /*.gz/ && !/big.gz/

  - I see that Networker has a "null" module which, if specified, does not 
    backup the file, but does make an record of the file in the catalog
    so that the catalog will reflect an exact picture of the filesystem.
    The result is that the file can be "seen" when "browsing" the save
    sets, but it cannot be restored.
    
    Is this really useful?  Should it be implemented in Bacula?
  
Results:
  After implementing the above, the user will be able to specify
  on a file by file basis (using regular expressions) what options are
  applied for the backup.
====================================

Done: (see kernsdone for more)
- Add EOM records? No, not at this time. The current system works and
  above all is simple.
- Add VolumeUseDuration and MaximumVolumeJobs to Pool db record and
  to Media db record.
- Add VOLUME_CAT_INFO to the EOS tape record (as
  well as to the EOD record). -- No, not at this time.
- Put MaximumVolumeSize in Director (MaximumVolumeJobs, MaximumVolumeFiles,
   MaximumFileSize).
- Enhance schedule to have 1stSat, ...
- Make sure catalog doesn't keep growing.
- On I/O error, write EOF, then try to write again ? No, keep it simple.
- Figure out how compress everything except .gz,... files.
  Implement FileOptions.
- Put Bacula version somewhere in Job stream, probably Start Session Labels.
- Fix start/end blocks for File devices
- Make Job err if WriteBootstrap fails.
- Test that mod of restore options works.
- Test that week position schedule code works.
- Make BSR accept count (total files to be restored).
- Add code to fast seek to proper place on tape/file when doing Restore.
- Replace popen() and pclose() -- fail safe and timeout, no SIG dep.
- Add code to put VolFile in bsr for restore command.
- Volumes can be listed multiple times in Restore volume list.
- Add watchdog timeout for child processes start_child_timer()
  end_child_timer();
- Get rid of bscan.c:534 error message (one time only).
- Print some statistics when get EOF on device in bscan -- feedback
  to let user know it is working.
- DateWritten field on tape may be wrong.
- Ensure that restore of differential jobs works (check SQL).
- Count number of ignored messages in bscan and print when first SOS is found.
- Test that EndFile/Block are correctly updated at end of tape 
  (in view of new block reading code).
- Test watchdog child timer code.
- Test new BSR code (mostly done).