On Thursday, October 19, 2023, David Steele <da...@pgmasters.net> wrote:
> On 10/19/23 10:24, Robert Haas wrote: > >> On Wed, Oct 18, 2023 at 7:15 PM David Steele <da...@pgmasters.net> wrote: >> >>> >>>> pg_llbackup -d $CONNTR --backup-label=PATH --tablespace-map=PATH >>>> --copy-data-directory=SHELLCOMMAND >>>> >>>> I think in most cases where this would be useful the user should just be >>> using pg_basebackup. If the backup is trying to use snapshots, then >>> backup_label needs to be stored outside the snapshot and we won't be >>> able to easily help. >>> >> >> Right, the idea of the above was that you would specify paths for the >> backup label and the tablespace map that were outside of the snapshot >> directory in that kind of case. But you couldn't screw up the line >> endings or whatever because pg_llbackup would take care of that aspect >> of it for you. >> > > What I meant here (but said badly) is that in the case of snapshot > backups, the backup_label and tablespace_map will likely need to be stored > somewhere off the server since they can't be part of the snapshot, perhaps > in a key store. In that case the backup software would still need to read > the files from wherever we stored then and correctly handle them when > storing elsewhere. If you were moving the files to say, S3, a similar thing > needs to happen. In general, I think a locally mounted filesystem is very > unlikely to be the final destination for these files, and if it is then > probably pg_basebackup is your friend. > We are choosing to not take responsibility if the procedure used by the dba is one that takes a full live backup of the data directory as-is and then brings that backup back into production without making any changes to it. That restored copy will be bootable but quite probably corrupted. That is on them as we have no way to make it non-bootable without risking source database being unable to be restarted automatically upon a crash. In short, a snapshot methodology is beyond what we are willing to provide protections for. What I do kinda gather from the above is we should be providing a pg_baserestore application if we want to give our users fewer reasons to write their own tooling against the API and/or want to add more complexity to pg_basebackup to handle various needs that need corresponding recovery needs that we should implement as code instead of documentation. David J.
