Fixing and optimization of tape positioning for restores

[bacula/bacula] / bacula / kernstodo

                 Kern's ToDo List
                30 September 2003 

Documentation to do: (any release a little bit at a time)
- Document running a test version.
- Document query file format.
- Document static linking
- Document problems with Verify and pruning.
- Document how to use multiple databases.
- For FreeBSD typical /dev/nrsa0 and for mtx /dev/pass1
- VXA drives have a "cleaning required"
  indicator, but Exabyte recommends preventive cleaning after every 75
  hours of operation.
- Lookup HP cleaning recommendations.
- Lookup HP tape replacement recommendations (see trouble shooting autochanger)
          
Testing to do: (painful)
- that ALL console command line options work and are always implemented
- blocksize recognition code.
- Test if rewind at end of tape waits for tape to rewind.
- Test cancel at EOM.       
- Test not zeroing Autochanger slot when it is wrong.
- Figure out how to use ssh or stunnel to protect Bacula communications.

For 1.33 Testing/Documentation:
- Document to start higher priorty jobs before lower ones.
- suppress "Do not forget to mount the drive!!!" if error
- Document new records in Director. SDAddress SDDeviceName, SDPassword.
  FDPassword, FDAddress, DBAddress, DBPort, DBPassword.
- Document new Include/Exclude ...
- Add test of exclusion, test multiple Include {} statements.
- Add counter variable test.
- Document ln -sf /usr/lib/libncurses.so /usr/lib/libtermcap.so
  and install the esound-dev  package for compiling Console on 
  SuSE.
                
For 1.33
- I want to restore by file to some date.
- Implement fast block rejection.
- Is it really important to make Job name the same to find the
  Full backup to avoid promoting an Incremental job?
- Start label, then run job when tape labeled, it should broadcast.
- Implement a RunAfterFailedJob
- Zap illegal characters in job name for mail files (e.g. /).
- From Lars Köllers:
    Yes, it would allow to highly automatic the request for new tapes. If a 
    tape is empty, bacula reads the barcodes (native or simulated), and if 
    an unused tape is found, it runs the label command with all the 
    necessary parameters.

    By the way can bacula automatically "move" an empry/purged volume say 
    in the "short" pool to the "long" pool if this pool runs out of volume 
    space?
- Implement a move Volume from one pool to another.
- Either restrict the characters in a name, or fix the problem 
  emailing with names containing / (smtp command line breaks).
- Eliminate ua_retention.c (retentioncmd) if possible.
- Eliminate orphaned jobs: dbcheck, normal pruning, delete job command.
  Hm.  Well, there are the remaining orphaned job records:

     |   105 | Llioness Save  | 0000-00-00 00:00:00 | B    | D     |        0 |             0 | f         |
     |   110 | Llioness Save  | 0000-00-00 00:00:00 | B    | I     |        0 |             0 | f         |
     |   115 | Llioness Save  | 2003-09-10 02:22:03 | B    | I     |        0 |             0 | A         |
     |   128 | Catalog Save   | 2003-09-11 03:53:32 | B    | I     |        0 |             0 | C         |
     |   131 | Catalog Save   | 0000-00-00 00:00:00 | B    | I     |        0 |             0 | f         |

     As you can see, three of the five are failures.  I already deleted the
     one restore and one other failure using the by-client option.  Deciding
     what is an orphaned job is a tricky problem though, I agree.  All these
     records have or had 0 files/ 0 bytes, except for the restore.  With no
     files, of course, I don't know of the job ever actually becomes
     associated with a Volume.

     (I'm not sure if this is documented anywhere -- what are the meanings of
     all the possible JobStatus codes?)

     Looking at my database, it appears to me as though all the "orphaned"
     jobs fit into one of two categories:

     1)  The Job record has a StartTime but no EndTime, and the job is not
         currently running;
     or
     2)  The Job record has an EndTime, indicating that it completed, but
         it has no associated JobMedia record.


     This does suggest an approach.  If failed jobs (or jobs that, for some
     other reason, write no files) are associated with a volume via a
     JobMedia record, then they should be purged when the associated volume
     is purged.  I see two ways to handle jobs that are NOT associated with a
     specific volume:

     1)  purge them automatically whenever any volume is manually purged;
     or
     2)  add an option to the purge command to manually purge all jobs with
         no associated volume.

     I think Restore jobs also fall into category 2 above ....  so one might
     want to make that "The Job record has an EndTime,, but no associated
     JobMedia record, and is not a Restore job."  
- Implement RestoreJobRetention? Maybe better "JobRetention" in a Job,
  which would take precidence over the Catalog "JobRetention".
- Implement Label Format in Add and Label console commands.
- make "btape /tmp" work.
- Make sure a rescheduled job is properly reported by status.
- Walk through the Pool records rather than the Job records
  in dird.c to create/update pools.
- Figure out a way to move Volumes from one pool to another.
- What to do about "list files job=xxx".
- Implement delete Job.
- Document need to put LabelFormat in quotes.
- Implement scan: for every slot it finds, zero the slot of
  Volume other volume having that slot.
- When job rescheduled, status gives is waiting for Client Rufus 
  to connect to Storage File. Dir needs to inform SD that job
  is rescheduled.
- Fix get_storage_from_media_type (ua_restore) to use command line     
  storage=
- Enhance "update slots" to include a "scan" feature
  scan 1; scan 1-5; scan 1,2,4 ...  to update the catalog 
- Allow a slot or range of slots on the label barcodes command.
- Don't print "Warning: Wrong Volume mounted ..." if mounting second volume.
- Make Dmsg look at global before calling subroutine.
- Enable trace output at runtime for Win32
- Make sure that Volumes are recycled based on "Least recently used"
  rather than lowest MediaId.
- Available volumes for autochangers (see patrick@baanboard.com 3 Sep 03 
  and 4 Sep) scan slots.
- Upgrade to cygwin 1.5
- Get MySQL 3.23.58
- Get and test MySQL 4.0
- Do a complete audit of all pthreads_mutex, cond, ... to ensure that
  any that are dynamically initialized are destroyed when no longer used.
- Write a mini-readline with history and editing.
- Look at how fuser works and /proc/PID/fd that is how Nic found the
  file descriptor leak in Bacula.
- Implement WrapCounters in Counters.
- Turn on SIGHUP in dird.c and test.
- Use system dependent calls to get more precise info on tape errors.
- Add heartbeat from FD to SD if hb interval expires.
- Suppress read error on blank tape when doing a label.
- Can we dynamically change FileSets?
- If pool specified to label command and Label Format is specified,
  automatically generate the Volume name.
- Take a careful look a the Basic recycling algorithm.  When Bacula
  chooses, the order should be:
   - Look for Append
   - Look for Recycle or Purged
   - Prune volumes
   - Look for purged
  Instead of using lowest media Id, find the least recently used
  volume.

  When the tape is mounted and Bacula requests the status
  - Do everything possible to use it.

  Define a "available" status, which is the currently mounted 
  Volume and all volumes that are currently in the autochanger.

- Why can't SQL do the filename sort for restore?
- Is a pool specification really needed for a restore?  Yes, and
  you may want to exclude archive Pools.
- Look at libkse (man kse) for FreeBSD threading.
- Look into Microsoft Volume Shadowcopy Service VSS for backing
  up system state components (Active Directory, System Volume, ...)
- Add ExhautiveRestoreSearch
- Look at the possibility of loading only the necessary 
  data into the restore tree (i.e. do it one directory at a
  time as the user walks through the tree).
- Possibly use the hash code if the user selects all for a restore command.
- Orphaned Dir buffer at parse_conf.c:373 =>  store_dir
- Implement some way for the File daemon to contact the Director 
  to start a job or pass its DHCP obtained IP number.
- Implement multiple Consoles.
- Add Console usr permissions.
- Fix "restore all" to bypass building the tree.
- Fix restore to list errors if Invalid block found, and if # files
  restored does not match # expected.
- Prohibit backing up archive device (findlib/find_one.c:128)
- Implement Release Device in the Job resource to unmount a drive.
- Implement Acquire Device in the Job resource to mount a drive,
  be sure this works with admin jobs so that the user can get
  prompted to insert the correct tape.  Possibly some way to say to
  run the job but don't save the files.
- Add JobName= to VerifyToCatalog so that all verifies can be done at the end.
- Implement FileOptions (see end of this document)
- Make things like list where a file is saved case independent for
  Windows.
- Edit the Client/Storage name into authentication failure messages.
- Implement job in VerifyToCatalog
- Implement migrate
- Implement a PostgreSQL driver.
- Bacula needs to propagate SD errors.
  > > cluster-dir: Start Backup JobId 252, Job=REUTERS.2003-08-11_15.04.12
  > > prod4-sd: REUTERS.2003-08-11_15.04.12 Error: Write error on device 
       /dev/nst0. ERR=Input/output error.
  > > prod4-sd: REUTERS.2003-08-11_15.04.12 Error: Re-read of last block failed. 
       Last block=5162 Current block=5164.
  > > prod4-sd: End of medium on Volume "REU007" Bytes=16,303,521,933 

- Use autochanger to handle multiple devices.
- Fix packet too big problem. This is most likely a Windows TCP stack 
  problem.
- Add SuSE install doc to list.
- Check and rechedk "Invalid block number"
- Make bextract release the drive properly between tapes 
  so that an autochanger can be made to work.
- User wants to NOT backup up certain big files (email files).
- Maybe remove multiple simultaneous devices code in SD.
- On Windows with very long path names, it may be impossible to create 
  a file (and thus restore it) because the total length is too long.
  We must cd into the directory then create the file without the
  full path name.
- lstat() is not going to work on Win32 for testing date.
- Something is not right in last block of fill command.
- Implement a Recycle command
- Add FileSet to command line arguments for restore.
- Allow multiple Storage specifications (or multiple names on
  a single Storage specification) in the Job record. Thus a job 
  can be backed up to a number of storage devices.
- Add client name to cram-md5 challenge so Director can immediately
  verify if it is the correct client.
- Implement ClientRunBeforeJob and ClientRunAfterJob.
- Add JobLevel in FD status (but make sure it is defined).
- Audit all UA commands to ensure that we always prompt where possible.
- Restrict characters permitted in a Resource name, and don't permit
  duplicate names.
- Check Jmsg in bnet, may not work, must dup bsock.
- Suppress Job Name in Jmsg for console
- Create Pools that are referenced in a Run statement at startup if possible.
- Use runbeforejob to unload, then reload a volume previously used,
  then the next job run gets an error reading the drive.
- Make bootstrap filename unique.
- Test a second language e.g. french.
- Start working on Base jobs.
- Make "make binary-release" work from any directory.
- Implement UnsavedFiles DB record.
- Implement argc/argv for daemon command line scanning using table driven
  stuff below.
- Implement table driven single argc/argv scanner to pickup all arguments.
  Much like xxx_conf.c scan table.
  keyword, handler(store_routine), store_address, code, flags, default.
- From Phil Stracchino:
  It would probably be a per-client option, and would be called
  something like, say, "Automatically purge obsoleted jobs".  What it
  would do is, when you successfully complete a Differential backup of a
  client, it would automatically purge all Incremental backups for that
  client that are rendered redundant by that Differential.  Likewise,
  when a Full backup on a client completed, it would automatically purge
  all Differential and Incremental jobs obsoleted by that Full backup.
  This would let people minimize the number of tapes they're keeping on
  hand without having to master the art of retention times.
- Implement new serialize subroutines
   send(socket, "string", &Vol, "uint32", &i, NULL)
- Scratch Pool where the volumes can be re-assigned to any Pool.
- Implement a M_SECURITY message class.
- Implement forward spacing block/file: position_device(bsr) --
  just before read_block_from_device();
- When doing a Backup send all attributes back to the Director, who
  would then figure out what files have been deleted.
- Currently in mount.c:236 the SD simply creates a Volume. It should have
  explicit permission to do so.  It should also mark the tape in error
  if there is an error.
- Make sure all restore counters are working correctly in the FD.
- SD Bytes Read is wrong.
- Look at ALL higher level routines that call block.c to be sure
  they don't expect something in errmsg.
- Investigate doing RAW backup of Win32 partition.
- Add thread specific data to hold the jcr -- send error messages from
  low level routines by accessing it and using Jmsg().
- Cancel waiting for Client connect in SD if FD goes away.

- Add Progress command that periodically reports the progress of
  a job or all jobs.
- One block was orphaned in the SD probably after cancel.


- Examine Bare Metal restore problem (a FD crash exists somewhere ...).
- Implement timeout in response() when it should come quickly.
- Implement console @echo command.
- Implement a Slot priority (loaded/not loaded).
- Implement "vacation" Incremental only saves.
- Implement single pane restore (much like the Gftp panes).
- Implement Automatic Mount even in operator wait.
- Implement create "FileSet"?
- Fix watchdog pthread crash on Win32 (this is pthread_kill() Cygwin bug)
- Implement "scratch pool" where tapes are defined and can be
  taken by any pool that needs them.
- Implement restore "current system", but take all files without
  doing selection tree -- so that jobs without File records can
  be restored.
- Implement disk spooling. Two parts: 1. Spool to disk then
  immediately to tape to speed up tape operations. 2. Spool to
  disk only when the tape is full, then when a tape is hung move
  it to tape.
- Implement a relocatable bacula.spec 
- Implement dump/print label to UA
- Add prefixlinks to where or not where absolute links to FD.
- Issue message to mount a new tape before the rewind.
- Simplified client job initiation for portables.
- If SD cannot open a drive, make it periodically retry.
- Implement LabelTemplate (at least first cut).
- Add more of the config info to the tape label.
- Implement a Mount Command and an Unmount Command where
  the users could specify a system command to be performed
  to do the mount, after which Bacula could attempt to
  read the device. This is for Removeable media such as a CDROM.
  - Most likely, this mount command would be invoked explicitly
  by the user using the current Console "mount" and "unmount" 
  commands -- the Storage Daemon would do the right thing 
  depending on the exact nature of the device.
  - As with tape drives, when Bacula wanted a new removable
  disk mounted, it would unmount the old one, and send a message
  to the user, who would then use "mount" as described above 
  once he had actually inserted the disk.

- If tape is marked read-only, then try opening it read-only rather than
  failing, and remember that it cannot be written.
- Refine SD waiting output:
    Device is being positioned
    >     Device is being positioned for append
    >     Device is being positioned to file x
    > 
- Figure out some way to estimate output size and to avoid splitting
  a backup across two Volumes -- this could be useful for writing CDROMs
  where you really prefer not to have it split -- not serious.
- Have SD compute MD5 or SHA1 and compare to what FD computes.
- Make VolumeToCatalog calculate an MD5 or SHA1 from the 
  actual data on the Volume and compare it.                  
- Implement Bacula plugins -- design API
- Make bcopy read through bad tape records.
- Program files (i.e. execute a program to read/write files).
  Pass read date of last backup, size of file last time.
- Add Signature type to File DB record.
- CD into subdirectory when open()ing files for backup to
  speed up things.  Test with testfind().
- Priority job to go to top of list.
- Why are save/restore of device different sizes (sparse?)   Yup! Fix it.
- Implement some way for the Console to dynamically create a job.
- Restore to a particular time -- e.g. before date, after date. 
- Solaris -I on tar for include list
- Need a verbose mode in restore, perhaps to bsr.
- bscan without -v is too quiet -- perhaps show jobs.
- Add code to reject whole blocks if not wanted on restore.
- Check if we can increase Bacula FD priorty in Win2000
- Make sure the MaxVolFiles is fully implemented in SD
- Check if both CatalogFiles and UseCatalog are set to SD.
- Figure out how to do a bare metal Windows restore
- Possibly add email to Watchdog if drive is unmounted too
  long and a job is waiting on the drive.
- Restore program that errs in SD due to no tape, reports
  OK incorrectly in output.
- After unmount, if restore job started, ask to mount.
- Convert all %x substitution variables, which are hard to remember
  and read to %(variable-name).  Idea from TMDA.
- Remove NextId for SQLite. Optimize.
- Move all SQL statements into a single location.
- Add UA rc and history files.
- put termcap (used by console) in ./configure and
  allow -with-termcap-dir.
- Enhance time and size scanning routines.
- Fix Autoprune for Volumes to respect need for full save.
- Fix Win32 config file definition name on /install
- Compare tape to Client files (attributes, or attributes and data) 
- Make all database Ids 64 bit.
- Write an applet for Linux.
- Implement new inter-daemon communications protocol.
- Allow console commands to detach or run in background.
- Fix status delay on storage daemon during rewind.
- Add SD message variables to control operator wait time
  - Maximum Operator Wait
  - Minimum Message Interval
  - Maximum Message Interval
- Send Operator message when cannot read tape label.
- Verify level=Volume (scan only), level=Data (compare of data to file).
  Verify level=Catalog, level=InitCatalog
- Events file
- Add keyword search to show command in Console.
- Events : tape has more than xxx bytes.
- Complete code in Bacula Resources -- this will permit
  reading a new config file at any time.
- Handle ctl-c in Console
- Implement script driven addition of File daemon to config files.
- Think about how to make Bacula work better with File (non-tape) archives.
- Write Unix emulator for Windows.
- Put memory utilization in Status output of each daemon
  if full status requested or if some level of debug on.
- Make database type selectable by .conf files i.e. at runtime
- Set flag for uname -a.  Add to Volume label.
- Implement throttled work queue.
- Restore files modified after date
- SET LD_RUN_PATH=$HOME/mysql/lib/mysql
- Implement Restore FileSet=
- Create a protocol.h and protocol.c where all protocol messages
  are concentrated.
- Remove duplicate fields from jcr (e.g. jcr.level and jcr.jr.Level, ...).
- Timout a job or terminate if link goes down, or reopen link and query.
- Concept of precious tapes (cannot be reused).
- Make bcopy copy with a single tape drive.
- Permit changing ownership during restore.

- From Phil:
  > My suggestion:  Add a feature on the systray menu-icon menu to request
  > an immediate backup now.  This would be useful for laptop users who may
  > not be on the network when the regular scheduled backup is run.
  > 
  > My wife's suggestion: Add a setting to the win32 client to allow it to
  > shut down the machine after backup is complete (after, of course,
  > displaying a "System will shut down in one minute, click here to cancel"
  > warning dialog).  This would be useful for sites that want user
  > woorkstations to be shut down overnight to save power.
  > 

- From Terry Manderson <terry@apnic.net>
   jobset { # new structure
   name = "monthlyUnixBoxen"
   type = backup
   level = full
   jobs = "wakame;durian;soy;wasabi;miso" #new!
   schedule = monthly
   storage = DLT
   messages = Standard
   pool = MonthlyPool
   priority = 10
   }

   job {
   name = "wakame"
    fileset = "genericUnixSet"
   client = wakame-fd
   }

   job {
   name = "durian"
   fileset = "genericUnixSet"
   client = durian-fd
   }

   job {
   name = "soy"
   fileset = "UnixDevelBoxSet"
   client = soy-fd
   }


- Autolabel should be specified by DIR instead of SD.
- Storage daemon    
  - Add media capacity
  - AutoScan (check checksum of tape)
  - Format command = "format /dev/nst0"
  - MaxRewindTime
  - MinRewindTime
  - MaxBufferSize
  - Seek resolution (usually corresponds to buffer size)
  - EODErrorCode=ENOSPC or code
  - Partial Read error code
  - Partial write error code
  - Nonformatted read error
  - Nonformatted write error
  - WriteProtected error
  - IOTimeout
  - OpenRetries
  - OpenTimeout
  - IgnoreCloseErrors=yes
  - Tape=yes
  - NoRewind=yes
- Pool
  - Maxwrites
  - Recycle period
- Job
  - MaxWarnings
  - MaxErrors (job?)
=====
- FD sends unsaved file list to Director at end of job (see
  RFC below).
- File daemon should build list of files skipped, and then
  at end of save retry and report any errors.
- Write a Storage daemon that uses pipes and
  standard Unix programs to write to the tape.
  See afbackup.
- Need something that monitors the JCR queue and
  times out jobs by asking the deamons where they are.
- Enhance Jmsg code to permit buffering and saving to disk.
- device driver = "xxxx" for drives.
- Verify from Volume
- Ensure that /dev/null works
- Need report class for messages. Perhaps
  report resource where report=group of messages
- enhance scan_attrib and rename scan_jobtype, and
  fill in code for "since" option 
- Director needs a time after which the report status is sent
  anyway -- or better yet, a retry time for the job.
- Don't reschedule a job if previous incarnation is still running.
- Some way to automatically backup everything is needed????
- Need a structure for pending actions:
  - buffered messages
  - termination status (part of buffered msgs?)
- Drive management
  Read, Write, Clean, Delete
- Login to Bacula; Bacula users with different permissions:
   owner, group, user, quotas
- Store info on each file system type (probably in the job header on tape.
  This could be the output of df; or perhaps some sort of /etc/mtab record.

Longer term to do:
- Design at hierarchial storage for Bacula. Migration and Clone. 
- Implement FSM (File System Modules).
- Audit M_ error codes to ensure they are correct and consistent.
- Add variable break characters to lex analyzer.
  Either a bit mask or a string of chars so that
  the caller can change the break characters.
- Make a single T_BREAK to replace T_COMMA, etc.
- Ensure that File daemon and Storage daemon can
  continue a save if the Director goes down (this
  is NOT currently the case). Must detect socket error,
  buffer messages for later. 
- Enhance time/duration input to allow multiple qualifiers e.g. 3d2h
- Add ability to backup to two Storage devices (two SD sessions) at
  the same time -- e.g. onsite, offsite.
- Add the ability to consolidate old backup sets (basically do a restore
  to tape and appropriately update the catalog). Compress Volume sets.
  Might need to spool via file is only one drive is available.
- Compress or consolidate Volumes of old possibly deleted files. Perhaps
  someway to do so with every volume that has less than x% valid 
  files.


Migration: Move a backup from one Volume to another
Clone:     Copy a backup -- two Volumes

Bacula Migration is based on Jobs (apparently Networker is file by file).

Migration triggered by:
  Number of Jobs
  Number of Volumes
  Age of Jobs
  Highwater mark (keep total size)
  Lowwater mark
  
Projects:
            Bacula Projects Roadmap 
               17 August 2002
           last update 8 May 2003

Item 1:   Multiple simultaneous Jobs. (done)
Done -- Restore part needs better implementation to work correctly
        Also, it needs considerable testing

  What:   Permit multiple simultaneous jobs in Bacula.

  Why:    An enterprise level solution needs to go fast without the
          need for the system administrator to carefully tweak
          timing.  Based on the benchmarks, during a full
          backup, NetWorker typically hit 10 times the bandwidth to
          the tape compared to Bacula--largely. This is probably due to
          running parallel jobs and multi-threaded filling of buffers
          and writing them to tape.  This should also make things work
          better when you have a mix of fast and slow machines backing
          up at the same time.

  Notes:  Bacula was designed to run multiple simultaneous jobs. Thus
          implementing this is a matter of some small cleanups and
          careful testing.


Item 2:   Make the Storage daemon use intermediate file storage to buffer data.
Deferred -- not necessary yet -- possibly implement with Migration.

  What:   If data is coming into the SD too fast, buffer it to 
          disk if the user has configured this option.

  Why:    This would be nice, especially if it more or less falls out
          when implementing (1) above.  If not, it probably should not
          be given a high priority because fundamentally the backup time
          is limited by the tape bandwidth.  Even though you may finish a
          client job quicker by spilling to disk, you still have to
          eventually get it onto tape.  If intermediate disk buffering
          allows us to improve write bandwidth to tape, it may make
          sense.

  Notes:  Whether or not this is implemented will depend upon performance
          testing after item 1 is implemented.


Item 3:   Write the bscan program -- also write a bcopy program.
Done

  What:   Write a program that reads a Bacula tape and puts all the 
          appropriate data into the catalog. This allows recovery
          from a tape that is no longer in the database, or it allows
          re-creation of a database if lost.

  Why:    This is a fundamental robustness and disaster recovery tool
          which will increase the comfort level of a sysadmin
          considering adopting Bacula.

  Notes:  A skeleton of this program already exists, but much work
          needs to be done. Implementing this will also make apparent
          any deficiencies in the current Bacula tape format.


Item 4:   Implement Base jobs.

  What:   A base job is sort of like a Full save except that you 
          will want the FileSet to contain only files that are unlikely
          to change in the future (i.e. a snapshot of most of your
          system after installing it). After the base job has been run,
          when you are doing a Full save, you can specify to exclude
          all files saved by the base job that have not been modified.

  Why:    This is something none of the competition does, as far as we know
          (except BackupPC, which is a Perl program that saves to disk
          only).  It is big win for the user, it makes Bacula stand out
          as offering a unique optimization that immediately saves time
          and money.

  Notes:  Big savings in tape usage. Will require more resources because
          the e. DIR must send FD a list of files/attribs, and the FD must
          search the list and compare it for each file to be saved.


Item 5:   Implement Label templates
Done 

  What:   This is a mechanism whereby Bacula can automatically create
          a tape label for new tapes according to a detailed specification
          provided by the user.

  Why:    It is a major convenience item for folks who use automated label
          creation.

  Notes:  Bacula already has a working form of automatic tape label
          creation, but it is very crude. The design for the complete
          tape labeling project is already documented in the manual.


Item 6:   Write a regression script.
Done --   Continue to expand its testing.

  What:   This is an automatic script that runs and tests as many features
          of Bacula as possible. The output is compared to previous
          versions of Bacula and any differences are reported.

  Why:    This is an enormous help in preventing introduction of new
          errors in parts of the program that already work correctly.

  Notes:  This probably should be ranked higher, it's something the typical
          user doesn't see.  Depending on how it's implemented, it may
          make sense to defer it until the archival tape format and
          user interface mature.


Item 7:   GUI for interactive restore
Item 8:   GUI for interactive backup

  What:   The current interactive restore is implemented with a tty
          interface. It would be much nicer to be able to "see" the
          list of files backed up in typical GUI tree format.
          The same mechanism could also be used for creating 
          ad-hoc backup FileSets (item 8).

  Why:    Ease of use -- especially for the end user.

  Notes:  Rather than implementing in Gtk, we probably should go directly
          for a Browser implementation, even if doing so meant the
          capability wouldn't be available until much later.  Not only
          is there the question of Windows sites, most
          Solaris/HP/IRIX, etc,  shops can't currently run Gtk programs
          without installing lots of stuff admins are very wary about.
          Real sysadmins will always use the command line anyway, and
          the user who's doing an interactive restore or backup of his
          own files will in most cases be on a Windows machine running
          Exploder.


Item 9:   Add SSL to daemon communications.

  What:   This provides for secure communications between the daemons.

  Why:    This would allow doing backup across the Internet without
          privacy concerns (or with much less concern).

  Notes:  The vast majority of near term potential users will be backing up
          a single site over a LAN and, correctly or not, they probably
          won't be concerned with security, at least not enough to go to
          the trouble to set up keys, etc. to screw things down.  We suspect
          that many users genuinely interested in multi-site backup
          already run some form of VPN software in their internetwork
          connections, and are willing to delegate security to that layer.


Item 10:  Define definitive tape format.
Done (version 1.27)

  What:   Define that definitive tape format that will not change 
          for the next millennium.

  Why:    Stability, security.

  Notes:  See notes for item 11 below.


Item 11:  New daemon communication protocol.

  What:   The current daemon to daemon protocol is basically an ASCII
          printf() and sending the buffer. On the receiving end, the
          buffer is sscanf()ed to unpack it. The new scheme would
          be a binary format that allows quick packing and unpacking
          of any data type with named fields.

  Why:    Using binary packing would be faster. Named fields will permit
          error checking to ensure that what is sent is what the 
          receiver really wants.

  Notes:  These are internal improvements in the interest of the
          long-term stability and evolution of the program.  On the one
          hand, the sooner they're done, the less code we have to rip
          up when the time comes to install them.  On the other hand, they
          don't bring an immediately perceptible benefit to potential
          users.  Item 10 and possibly item 11 should be deferred until Bacula
          is well established with a growing user community more or
          less happy with the feature set.  At that time, it will make a
          good "next generation" upgrade in the interest of data
          immortality.




======================================================
        Base Jobs design
It is somewhat like a Full save becomes an incremental since
the Base job (or jobs) plus other non-base files.
Need:
- New BaseFile table that contains:
    JobId, BaseJobId, FileId (from Base).
  i.e. for each base file that exists but is not saved because
  it has not changed, the File daemon sends the JobId, BaseId,
  and FileId back to the Director who creates the DB entry.
- To initiate a Base save, the Director sends the FD 
  the FileId, and full filename for each file in the Base.
- When the FD finds a Base file, he requests the Director to
  send him the full File entry (stat packet plus MD5), or
  conversely, the FD sends it to the Director and the Director
  says yes or no. This can be quite rapid if the FileId is kept
  by the FD for each Base Filename.          
- It is probably better to have the comparison done by the FD
  despite the fact that the File entry must be sent across the
  network.
- An alternative would be to send the FD the whole File entry
  from the start. The disadvantage is that it requires a lot of
  space. The advantage is that it requires less communications
  during the save.
- The Job record must be updated to indicate that one or more
  Bases were used.
- At end of Job, FD returns:   
   1. Count of base files/bytes not written to tape (i.e. matches)
   2. Count of base file that were saved i.e. had changed.
- No tape record would be written for a Base file that matches, in the
  same way that no tape record is written for Incremental jobs where
  the file is not saved because it is unchanged.
- On a restore, all the Base file records must explicitly be
  found from the BaseFile tape. I.e. for each Full save that is marked
  to have one or more Base Jobs, search the BaseFile for all occurrences
  of JobId.
- An optimization might be to make the BaseFile have:
     JobId
     BaseId
     FileId
  plus
     FileIndex
  This would avoid the need to explicitly fetch each File record for
  the Base job.  The Base Job record will be fetched to get the
  VolSessionId and VolSessionTime.
=========================================================  

  

=============================================================

                Request For Comments For File Backup Options
                   10 November 2002

Subject: File Backup Options

Problem: 
  A few days ago, a Bacula user who is backing up to file volumes and
  using compression asked if it was possible to suppress compressing
  all .gz files since it was a waste of CPU time. Although Bacula
  currently permits using different options (compression, ...) on
  a directory by directory basis, it cannot do it on a file by 
  file basis, which is clearly what was desired.   

Proposed Implementation:
  To solve this problem, I propose the following:

  - Add a new Director resource type called Options.  

  - The Options resource will have records for all
    options that can currently be specified on the Include record 
    (in a FileSet).  Examples below.

  - The Options resource will permit an exclude option as well
    as a number of additional options.

  - The heart of the Options resource is the ability to
    supply any number of Match records which specify POSIX
    regular expressions.  These Match regular expressions are
    applied to the fully qualified filename (path and all). If
    one matches, then the Options will be used.

  - When an Match specification matches an included file, the
    options specified in the Options resource will override
    the default options specified on the Include record.

  - Include records will be modified to permit referencing one or
    more Options resources.  The Options will be used
    in the order listed on the Include record and the first
    one that matches will be applied.

  - Options (or specifications) currently supplied on the Include
    record will be deprecated (i.e. removed in a later version a
    year or so from now).

  - The Exclude record will be deprecated as the same functionality
    can be obtained by using an Exclude = yes in the Options.

Options records:
  The following records can appear in the Options resource. An
  asterisk preceding the name indicates a feature not currently
  implemented.

  For Backup Jobs:
    - Compression= (GZIP, ...)
    - Signature=   (MD5, SHA1, ...)
    - *Encryption=
    - OneFs=      (yes/no)    - remain on one filesystem
    - Recurse=    (yes/no)    - recurse into subdirectories
    - Sparse=     (yes/no)    - do sparse file backup
    - *Exclude=   (yes/no)    - exclude file from being saved
    - *Reader=    (filename)  - external read (backup) program
    - *Plugin=    (filename)  - read/write plugin module

  For Verify Jobs:
    - verify=     (ipnougsamc5) - verify options

  For Restore Jobs:
    - replace= (always/ifnewer/ifolder/never) - replace options currently
                                                implemented in 1.31
    - *Writer= (filename)   - external write (restore) program


Implementation:
  Currently options specifying compression, MD5 signatures, recursion,
  ... of a FileSet are supplied on the Include record. These will now
  all be collected into a Options resource, which will be
  specified in the Include in place of the options. Multiple Options
  may be specified.  Since the Options may contain regular expressions
  that are applied to the full filename, this will give the ability
  to specify backup options on a file by file basis to whatever level
  of detail you wish.

Example:

  Today:

    FileSet {
      Name = "FullSet"
      Include = compression=GZIP signature=MD5 {
        /
      }
    }

  Proposal:

    FileSet {
      Name = "FullSet"
      Include {
        Compression = GZIP;
        Signature = MD5
        Match = /*.?*/                # matches all files.
        File = /
      }
    }

  That's a lot more to do the same thing, but it gives the ability to
  apply options on a file by file basis.  For example, suppose you
  want to compress all files but not any file with extensions .gz or .Z.
  In that case, you will need to group two sets of options using
  the Options resource as follows:


    FileSet {
      Name = "FullSet"
      Include {
        Options {
          Signature = MD5
          # Note multiple Matches are ORed
          Match = /*.gz/   # matches .gz files */
          Match = /*.Z/    # matches .Z files */
        }
        Options {
          Compression = GZIP
          Signature = MD5
          Match = /*.?*/   # matches all files
        }
        File = /
      }
    }

  Now, since the no Compression option is specified in the
  first group of Options, *.gz or *.Z file will have an MD5 signature computed,
  but will not be compressed. For all other files, the *.gz *.Z will not
  match, so the second group of options will be used which will include GZIP
  compression.

Questions:
  - Is it necessary to provide some means of ANDing regular expressions
    and negation?  (not currently planned)

    e.g.  Match = /*.gz/ && !/big.gz/

  - I see that Networker has a "null" module which, if specified, does not 
    backup the file, but does make an record of the file in the catalog
    so that the catalog will reflect an exact picture of the filesystem.
    The result is that the file can be "seen" when "browsing" the save
    sets, but it cannot be restored.
    
    Is this really useful?  Should it be implemented in Bacula?
  
Results:
  After implementing the above, the user will be able to specify
  on a file by file basis (using regular expressions) what options are
  applied for the backup.


=============================================

========================================================== 
    Unsaved File design
For each Incremental job that is run, there may be files that
were found but not saved because they were locked (this applies
only to Windows). Such a system could send back to the Director
a list of Unsaved files.
Need:
- New UnSavedFiles table that contains:
  JobId
  PathId
  FilenameId
- Then in the next Incremental job, the list of Unsaved Files will be
  feed to the FD, who will ensure that they are explicitly chosen even
  if standard date/time check would not have selected them.
=============================================================


Done: (see kernsdone for more)
- Implement new alist in FileSet scanning.
- bls should continue reading even if it finds Win32 data on the tape.
  The error should be Warning rather the Error.
- Add user configurable timeout for connecting to SD.
- Unsaved Flag in Job record (use JobMissingFiles).
- Base Flag in Job record.
- Configure mtx-changer to have correct path to mtx.
- Add all command line arguments to "update", e.g. slot=nn volStatus=append, ...
- Make some way so that if a machine is skipped because it is not up 
  that Bacula will continue retrying for a specified period of time --
  periodically.
- Implement all command line args on run.
- Implement command line "restore" args.
- Implement "restore current select=no"
- Restore file modified before date
- Restore -- do nothing but show what would happen
- Add estimate to Console commands
- Use read_record.c in SD code.
- Fix read_record to handle multiple sessions.
- Tip from Steve Allam
  mt -f /dev/nst0 defblksize 0
- Document "status" in the console.
- Document driving console from shell script.
- Write JobMedia records with max file size is reached on tape.
- Handle the case of multiple JobMedia records pending (i.e. the
  thread is slow and multiple situations requiring a JobMedia
  record occur).
- Do performance analysis on the restore tree routines.
- Fix maximum file size (block.c) to generate JobMedia records.
- Make the default file size 1GB on the tape.
- Implement forward spacing between files.
- Add Machine type (Linux/Windows) to Status report for daemons. 
  Look at src/host.h
- Use repositioning at the beginning of the tape.                   
- Do full check the command line args in update (e.g. VolStatus ...).
- Specify list of files to restore
- Implement ClientRunBeforeJob and ClientRunAfterJob.
- Make | and < work on FD side.
- Check to see if "blocked" is set during restore.
- Figure out what is interrupting sql command in console.
- Make new job print warning User Unmounted Tape.
- Test recycling and purging (code changed in db_find_next_volume and
  in recycle.c).
- Document SDConnectTimeout (in FD).
- Add restore by filename test.
- Document restore by files.
- Make variable expansion work correctly.
- Implement List Volume Job=xxx  or List scheduled volumes or Status Director 
- Copy static programs into install directory.
- Think about changing Storage resource Device record to be
  SDDeviceName.
- Add RunBeforeJob and RunAfterJob to the Client program.
- Need return status on read_cb() from read_records(). Need multiple
  records -- one per Job, maybe a JCR or some other structure with
  a block and a record.
- LabelFormat on tape volume apparently creates the db record but 
  never actually labels the volume.
- Recycling a volume when two jobs are using it is going to break. Fixed.
- Document list nextvol and new format status dir.
- Client files in Win32 with Unix eol conventions doesn't work.
- Either fix or document that fill command in btape can be
  compressed enormously by the hardware - a 36GB tape wrote 750GB!
- Add multiple character duration qualifiers.
- Require some modifer.
- Restrict characters permitted in a Resource name, and don't permit
  duplicate names.
- Figure out some way to ignore or get past checksum errors in
  reading.
- The SD spooling file gets created even if it is not used.
- Look at Cleaning tape in ua_label.c for media create/update 
- Add regression testing to the manual
- End time: in job output of rescheduled job is time of first run.
- Document list nextvol and status output.
- Separate Dir heartbeat in FD from the SD heartbeat.
- Fix sparse file handeling so that it always reads a multiple
  of 512. Currently, it subtracts 8 bytes (for faddr).
  Kludged with #ifdef for FreeBSD.
- Document that Volume pruning can delete last Full backup and
  hence you will not have a valid backup.
- Clarify the fact that having the Bacula cygwin1.dll loaded
  is not the same as having cygwin installed.
- Document that it is safe to use the drive when the lights stop flashing.
- Document all the status codes JobLevel, JobType, JobStatus.
- Add GUI interface to manual
- Combine the 3 places that search run records for the next
  job. Use find_job_pool() modified in ua_output.c
- Test connect timeouts.
- Fix FreeBSD build with tcp_wrapper -- should not have -lnsl