Kern's ToDo List 2 December 2002 Documentation to do: (a little bit at a time) - Document running a test version. - Make sure restore options are documented - Document query file format. Testing to do: (painful) - that restore options work in FD. - that mod of restore options works. - that console command line options work - blocksize recognition code. - Test new BSR code For 1.28 release: - Make BSR accept count (total files to be restored). - Make BSR return next_block when it knows record is not in block, done when count is reached, and possibly other optimizations. I.e. add a state word. - Continue improving the restore process (handling of tapes, efficiency improvements e.g. use FSF to position the tape, ...) - Add code to fast seek to proper place on tape/file when doing Restore. If it doesn't work, try linear search as before. - Add code to reject whole blocks if not wanted on restore. - Figure out how to allow multiple simultaneous file Volumes on a single device. - Start working on Base jobs. - Implement FileOptions (see end of this document) - Replace popen() and pclose() -- fail safe and timeout, no SIG dep. - Ensure that restore of differential jobs works (check SQL). - Make sure the MaxVolFiles is fully implemented in SD - Flush all the daemon messages at the end of every job. - Check if both CatalogFiles and UseCatalog are set to SD. - Check if we can bump Bacula FD priorty in Win2000 - Make bcopy read through bad tape records. - Need return status on read_cb() from read_records(). Need multiple records -- one per Job, maybe a JCR or some other structure with a block and a record. - Think about how to make Bacula work better with File archives. - Work more on how to to a Bacula restore beginning with just a Bacula tape and a boot floppy (bare metal recovery). - Try bare metal Windows restore - Fix read_record to handle multiple sessions. - Program files (i.e. execute a program to read/write files). Pass read date of last backup, size of file last time. - Put system type returned by FD into catalog. - Possibly add email to Watchdog if drive is unmounted too long and a job is waiting on the drive. - Strip trailing slashes from Include directory names in the FD. - Use read_record.c in SD code. - Why don't we get an error message from Win32 FD when bootstrap file cannot be created for restore command? - When Marking a file in Restore that is a hard link, also mark the link so that the data will be reloaded. - Restore program that errors in SD due to no tape reports OK incorrectly in output. - After unmount, if restore job started, ask to mount. - Fix db_get_fileset in cats/sql_get.c for multiple records. - Fix catalog filename truncation in sql_get and sql_create. Use only a single filename split routine. - Make Restore report an error if FD or SD term codes are not OK. - Convert all %x substitution variables, which are hard to remember and read to %(variable-name). Idea from TMDA. - Add JobLevel in FD status (but make sure it is defined). - Make Pool resource handle Counter resources. - Remove NextId for SQLite. Optimize. - Fix gethostbyname() to use gethostbyname_r() - Implement ./configure --with-client-only - Strip trailing / from Include - Move all SQL statements into a single location. - Cleanup db_update_media and db_update_pool - Add UA rc and history files. - put termcap (used by console) in ./configure and allow -with-termcap-dir. - Enhance time and size scanning routines. - Fix Autoprune for Volumes to respect need for full save. - DateWritten field on tape may be wrong. - Fix Win32 config file definition name on /install - No READLINE_SRC if found in alternate directory. - Add Client FS/OS id (Linux, Win95/98, ...). - Test a second language e.g. french. - Compare tape to Client files (attributes, or attributes and data) - Restore options (overwrite, overwrite if older, overwrite if newer, never overwrite, ...) - Restore to a particular time -- e.g. before date, after date. - Make all database Ids 64 bit. - Write an applet for Linux. - Add estimate to Console commands - Find solution to blank filename (i.e. path only) problem. - Implement new daemon communications protocol. - Remove PoolId from Job table, it exists in Media. - Allow console commands to detach or run in background. - Fix status delay on storage daemon during rewind. - Add SD message variables to control operator wait time - Maximum Operator Wait - Minimum Message Interval - Maximum Message Interval - Send Operator message when cannot read tape label. - Verify level=Volume (scan only), level=Data (compare of data to file). Verify level=Catalog, level=InitCatalog - Events file - Add keyword search to show command in Console. - Fix Win2000 error with no messages during startup. - Events : tape has more than xxx bytes. - Restrict characters permitted in a Resource name. - Complete code in Bacula Resources -- this will permit reading a new config file at any time. - Handle ctl-c in Console - Implement LabelTemplate (at least first cut). - Implement script driven addition of File daemon to config files. - see setgroup and user for Bacula p4-5 of stunnel.c - Implement new serialize subroutines send(socket, "string", &Vol, "uint32", &i, NULL) - Audit all UA commands to ensure that we always prompt where possible. - If ./btape is called without /dev, assume argument is a Storage resource name. - Put memory utilization in Status output of each daemon if full status requested or if some level of debug on. - Make database type selectable by .conf files i.e. at runtime - gethostbyname failure in bnet_connect() continues generating errors -- should stop. - Add HOST to Volume label. - Set flag for uname -a. Add to Volume label. - Implement throttled work queue. - Check for EOT at ENOSPC or EIO or ENXIO (unix Pc) - Allow multiple Storage specifications (or multiple names on a single Storage specification) in the Job record. Thus a job can be backed up to a number of storage devices. - Implement dump label to UA - Copy volume using single drive. - Concept of VolumeSet during restore which is a list of Volume names needed. - Restore files modified after date - Restore file modified before date - Emergency restore info: - Backup Bacula - Backup working directory - Backup Catalog - Restore -- do nothing but show what would happen - SET LD_RUN_PATH=$HOME/mysql/lib/mysql - Implement Restore FileSet= - Create a protocol.h and protocol.c where all protocol messages are concentrated. - If SD cannot open a drive, make it periodically retry. - Remove duplicate fields from jcr (e.g. jcr.level and jcr.jr.Level, ...). - Timout a job or terminate if link goes down, or reopen link and query. - Fill all fields in Vol/Job Header -- ensure that everything needed is written to tape. Think about restore to Catalog from tape. Client record needs improving. - Find general solution for sscanf size problems (as well as sprintf. Do at run time? - Concept of precious tapes (cannot be reused). - Make bcopy copy with a single tape drive. - Permit changing ownership during restore. - Restore should get Device and Pool information from job record rather than from config. - Autolabel should be specified by DR instead of SD. - Find out how to get the system tape block limits, e.g.: Apr 22 21:22:10 polymatou kernel: st1: Block limits 1 - 245760 bytes. Apr 22 21:22:10 polymatou kernel: st0: Block limits 2 - 16777214 bytes. - Storage daemon - Add media capacity - AutoScan (check checksum of tape) - Format command = "format /dev/nst0" - MaxRewindTime - MinRewindTime - MaxBufferSize - Seek resolution (usually corresponds to buffer size) - EODErrorCode=ENOSPC or code - Partial Read error code - Partial write error code - Nonformatted read error - Nonformatted write error - WriteProtected error - IOTimeout - OpenRetries - OpenTimeout - IgnoreCloseErrors=yes - Tape=yes - NoRewind=yes - Pool - Maxwrites - Recycle period - Job - MaxWarnings - MaxErrors (job?) ===== - FD sends unsaved file list to Director at end of job. - Write a Storage daemon that uses pipes and standard Unix programs to write to the tape. See afbackup. - Need something that monitors the JCR queue and times out jobs by asking the deamons where they are. - Enhance Jmsg code to permit buffering and saving to disk. - device driver = "xxxx" for drives. - restart: paranoid: read label fsf to eom read append block, and go super-paranoid: read label, read all files in between, read append block, and go verify: backspace, read append block, and go permissive: same as above but frees drive if tape is not valid. - Verify from Volume - Ensure that /dev/null works - File daemon should build list of files skipped, and then at end of save retry and report any errors. - Need report class for messages. Perhaps report resource where report=group of messages - enhance scan_attrib and rename scan_jobtype, and fill in code for "since" option - Need to save contents of FileSet to tape? - Director needs a time after which the report status is sent anyway -- or better yet, a retry time for the job. Don't reschedule a job if previous incarnation is still running. - Figure out how to save the catalog (possibly a special FileSet). - Figure out how to restore the catalog. - Some way to automatically backup everything is needed???? - Need a structure for pending actions: - buffered messages - termination status (part of buffered msgs?) - Concept of grouping Storage devices and job can use any of a number of devices - Drive management Read, Write, Clean, Delete - Login to Bacula; Bacula users with different permissions: owner, group, user, quotas - Store info on each file system type (probably in the job header on tape. This could be the output of df; or perhaps some sort of /etc/mtab record. Longer term to do: - Implement FSM (File System Modules). - Identify unchanged or "system" files and save them to a special tape thus removing them from the standard backup FileSet -- BASE backup. - Turn virutally all sprintfs into snprintfs. - Heartbeat between daemons. - Audit M_ error codes to ensure they are correct and consistent. - Add variable break characters to lex analyzer. Either a bit mask or a string of chars so that the caller can change the break characters. - Make a single T_BREAK to replace T_COMMA, etc. - Ensure that File daemon and Storage daemon can continue a save if the Director goes down (this is NOT currently the case). Must detect socket error, buffer messages for later. - Enhance time/duration input to allow multiple qualifiers e.g. 3d2h Projects: Bacula Projects Roadmap 17 August 2002 last update 27 November 2002 Item 1: Multiple simultaneous Jobs. (done) Done What: Permit multiple simultaneous jobs in Bacula. Why: An enterprise level solution needs to go fast without the need for the system administrator to carefully tweak timing. Based on the benchmarks, during a full backup, NetWorker typically hit 10 times the bandwidth to the tape compared to Bacula--largely. This is probably due to running parallel jobs and multi-threaded filling of buffers and writing them to tape. This should also make things work better when you have a mix of fast and slow machines backing up at the same time. Notes: Bacula was designed to run multiple simultaneous jobs. Thus implementing this is a matter of some small cleanups and careful testing. Item 2: Make the Storage daemon use intermediate file storage to buffer data. Deferred -- not necessary yet. What: If data is coming into the SD too fast, buffer it to disk if the user has configured this option. Why: This would be nice, especially if it more or less falls out when implementing (1) above. If not, it probably should not be given a high priority because fundamentally the backup time is limited by the tape bandwidth. Even though you may finish a client job quicker by spilling to disk, you still have to eventually get it onto tape. If intermediate disk buffering allows us to improve write bandwidth to tape, it may make sense. Notes: Whether or not this is implemented will depend upon performance testing after item 1 is implemented. Item 3: Write the bscan program -- also write a bcopy program. Done What: Write a program that reads a Bacula tape and puts all the appropriate data into the catalog. This allows recovery from a tape that is no longer in the database, or it allows re-creation of a database if lost. Why: This is a fundamental robustness and disaster recovery tool which will increase the comfort level of a sysadmin considering adopting Bacula. Notes: A skeleton of this program already exists, but much work needs to be done. Implementing this will also make apparent any deficiencies in the current Bacula tape format. Item 4: Implement Base jobs. What: A base job is sort of like a Full save except that you will want the FileSet to contain only files that are unlikely to change in the future (i.e. a snapshot of most of your system after installing it). After the base job has been run, when you are doing a Full save, you can specify to exclude all files saved by the base job that have not been modified. Why: This is something none of the competition does, as far as we know (except BackupPC, which is a Perl program that saves to disk only). It is big win for the user, it makes Bacula stand out as offering a unique optimization that immediately saves time and money. Notes: Big savings in tape usage. Will require more resources because the e. DIR must send FD a list of files/attribs, and the FD must search the list and compare it for each file to be saved. Item 5: Implement Label templates What: This is a mechanism whereby Bacula can automatically create a tape label for new tapes according to a detailed specification provided by the user. Why: It is a major convenience item for folks who use automated label creation. Notes: Bacula already has a working form of automatic tape label creation, but it is very crude. The design for the complete tape labeling project is already documented in the manual. Item 6: Write a regression script. Started What: This is an automatic script that runs and tests as many features of Bacula as possible. The output is compared to previous versions of Bacula and any differences are reported. Why: This is an enormous help in preventing introduction of new errors in parts of the program that already work correctly. Notes: This probably should be ranked higher, it's something the typical user doesn't see. Depending on how it's implemented, it may make sense to defer it until the archival tape format and user interface mature. Item 7: GUI for interactive restore Item 8: GUI for interactive backup What: The current interactive restore is implemented with a tty interface. It would be much nicer to be able to "see" the list of files backed up in typical GUI tree format. The same mechanism could also be used for creating ad-hoc backup FileSets (item 8). Why: Ease of use -- especially for the end user. Notes: Rather than implementing in Gtk, we probably should go directly for a Browser implementation, even if doing so meant the capability wouldn't be available until much later. Not only is there the question of Windows sites, most Solaris/HP/IRIX, etc, shops can't currently run Gtk programs without installing lots of stuff admins are very wary about. Real sysadmins will always use the command line anyway, and the user who's doing an interactive restore or backup of his own files will in most cases be on a Windows machine running Exploder. Item 9: Add SSL to daemon communications. What: This provides for secure communications between the daemons. Why: This would allow doing backup across the Internet without privacy concerns (or with much less concern). Notes: The vast majority of near term potential users will be backing up a single site over a LAN and, correctly or not, they probably won't be concerned with security, at least not enough to go to the trouble to set up keys, etc. to screw things down. We suspect that many users genuinely interested in multi-site backup already run some form of VPN software in their internetwork connections, and are willing to delegate security to that layer. Item 10: Define definitive tape format. Done (version 1.27) What: Define that definitive tape format that will not change for the next millennium. Why: Stability, security. Notes: See notes for item 11 below. Item 11: New daemon communication protocol. What: The current daemon to daemon protocol is basically an ASCII printf() and sending the buffer. On the receiving end, the buffer is sscanf()ed to unpack it. The new scheme would be a binary format that allows quick packing and unpacking of any data type with named fields. Why: Using binary packing would be faster. Named fields will permit error checking to ensure that what is sent is what the receiver really wants. Notes: These are internal improvements in the interest of the long-term stability and evolution of the program. On the one hand, the sooner they're done, the less code we have to rip up when the time comes to install them. On the other hand, they don't bring an immediately perceptible benefit to potential users. Item 10 and possibly item 11 should be deferred until Bacula is well established with a growing user community more or less happy with the feature set. At that time, it will make a good "next generation" upgrade in the interest of data immortality. ==================================== Request For Comments 10 November 2002 Subject: File Backup Options Problem: A few days ago, a Bacula user who is backing up to file volumes and using compression asked if it was possible to suppress compressing all .gz files since it was a waste of CPU time. Although Bacula currently permits using different options (compression, ...) on a directory by directory basis, it cannot do it on a file by file basis, which is clearly what was desired. Proposed Implementation: To solve this problem, I propose the following: - Add a new Director resource type called FileOptions. - The FileOptions resource will have records for all options that can currently be specified on the Include record (in a FileSet). Examples below. - The FileOptions resource will permit an exclude option as well as a number of additional options. - The heart of the FileOptions resource is the ability to supply any number of ApplyTo records which specify POSIX regular expressions. These ApplyTo regular expressions are applied to the fully qualified filename (path and all). If one matches, then the FileOptions will be used. - When an ApplyTo specification matches an included file, the options specified in the FileOptions resource will override the default options specified on the Include record. - Include records will be modified to permit referencing one or more FileOptions resources. The FileOptions will be used in the order listed on the Include record and the first one that matches will be applied. - Options (or specifications) currently supplied on the Include record will be deprecated (i.e. removed in a later version a year or so from now). - The Exclude record will be deprecated as the same functionality can be obtained by using an Exclude = yes in the FileOptions. FileOptions records: The following records can appear in the FileOptions resource. An asterisk preceding the name indicates a feature not currently implemented. For Backup Jobs: - Compression= (GZIP, ...) - Signature= (MD5, SHA1, ...) - *Encryption= - OneFs= (yes/no) - remain on one filesystem - Recurse= (yes/no) - recurse into subdirectories - Sparse= (yes/no) - do sparse file backup - *Exclude= (yes/no) - exclude file from being saved - *Reader= (filename) - external read (backup) program For Verify Jobs: - verify= (ipnougsamc5) - verify options For Restore Jobs: - replace= (always/ifnewer/ifolder/never) - replace options currently implemented in 1.27 - *Writer= (filename) - external write (restore) program Implementation: Currently options specifying compression, MD5 signatures, recursion, ... of a FileSet are supplied on the Include record. These will now all be collected into a FileOptions resource, which will be specified on the Include in place of the options. Multiple FileOptions may be specified. Since the FileOptions contain regular expressions that are applied to the full filename, this will give the ability to specify backup options on a file by file basis to whatever level of detail you wish. Example: Today: FileSet { Name = "FullSet" Include = compression=GZIP signature=MD5 { / } } Proposal: FileSet { Name = "FullSet" Include = FileOptions=Opts { / } } FileOptions { Name = Opts Compression = GZIP Signature = MD5 ApplyTo = /*.?*/ } That's a lot more to do the same thing, but it gives the ability to apply options on a file by file basis. For example, suppose you want to compress all files but not any file with extensions .gz or .Z. You could do so as follows: FileSet { Name = "FullSet" Include = FileOptions=NoCompress FileOptions=Opts { / } } FileOptions { Name = Opts Compression = GZIP Signature = MD5 ApplyTo = /*.?*/ # matches all files } FileOptions { Name = NoCompress Signature = MD5 # Note multiple ApplyTos are ORed ApplyTo = /*.gz/ # matches .gz files */ ApplyTo = /*.Z/ # matches .Z files */ } Now, since the NoCompress FileOptions is specified first on the Include line, any *.gz or *.Z file will have an MD5 signature computed, but will not be compressed. For all other files, the NoCompress will not match, so the Opts options will be used which will include GZIP compression. Questions: - Is it necessary to provide some means of ANDing regular expressions and negation? (not currently planned) e.g. ApplyTo = /*.gz/ && !/big.gz/ - I see that Networker has a "null" module which, if specified, does not backup the file, but does make an record of the file in the catalog so that the catalog will reflect an exact picture of the filesystem. The result is that the file can be "seen" when "browsing" the save sets, but it cannot be restored. Is this really useful? Should it be implemented in Bacula? Results: After implementing the above, the user will be able to specify on a file by file basis (using regular expressions) what options are applied for the backup. ==================================== Done: (see kernsdone for more) - Add EOM records? No, not at this time. The current system works and above all is simple. - Add VolumeUseDuration and MaximumVolumeJobs to Pool db record and to Media db record. - Add VOLUME_CAT_INFO to the EOS tape record (as well as to the EOD record). -- No, not at this time. - Put MaximumVolumeSize in Director (MaximumVolumeJobs, MaximumVolumeFiles, MaximumFileSize). - Enhance schedule to have 1stSat, ... - Make sure catalog doesn't keep growing. - On I/O error, write EOF, then try to write again ? No, keep it simple. - Figure out how compress everything except .gz,... files. Implement FileOptions. - Put Bacula version somewhere in Job stream, probably Start Session Labels. - Fix start/end blocks for File devices - Make Job err if WriteBootstrap fails.