Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Velero delete "backup failed", It doesn't delete volume backup associated #116

Open
duy1600 opened this issue Aug 26, 2024 · 3 comments
Open

Velero delete "backup failed", It doesn't delete volume backup associated #116

duy1600 opened this issue Aug 26, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@duy1600
Copy link

duy1600 commented Aug 26, 2024

Describe the bug

  • Velero delete "backup failed" (backup include pv/pvc), It doesn't delete volume backup associated(velero-plugin-for-openstack method "backup")

Steps to reproduce the behavior

  1. Create BackupStorageLocation with fake s3 credentials
  2. Create a Velero backup all with pv/pvc using "backup" as method for volumeSnapshotLocation
  3. Velero delete backup failed
  4. Check on Openstack, the volume backup not delete

Expected behavior
Delete backup "failed" should remove volume backup associated

Used versions

  • Velero version(velero version): 1.14.0
  • Plugin version(kubectl describe pod velero-...): 0.8.0
  • Kubernetes version(kubectl version): 1.28.2
  • Openstack version: Zed
@duy1600 duy1600 added the bug Something isn't working label Aug 26, 2024
@Lirt
Copy link
Owner

Lirt commented Aug 29, 2024

Hello @duy1600,

I don't understand this expectation using first step for reproduction.

Create BackupStorageLocation with fake s3 credentials.

For Openstack with Swift you have to configure the authentication file or environment variables with Openstack RC or S3 (if your Swift has S3 api enabled). The credentials cannot be fake. If you cannot connect to Swift, Init will fail, you also cannot save backup contents and then you also cannot delete failed backup (backup object is created, but deletion will fail). If somehow the volume started to backup, you can only force-delete and that means you will have orphaned volume backup left.

For curiosity I tried to create BSL and VSL. I tried with BSL that had wrong credentials and VSL that had correct ones. Velero log was reporting plugin process exited, backup failed, Authentication failed. No volume backup was created as the code couldn't get to this point because it didn't pass authentication. At the same time the backup part couldn't start and main backup part is the one that will find PVCs and call volume backups.

velero-544b5979f6-vpf9x velero time="2024-08-29T16:08:51Z" level=info msg="ObjectStore.Init called" backup=kube-system/lirt-test-1 cmd=/plugins/velero-plugin-for-openstack config="map[bucket:velero-backup-redacted-location cloud:redacted-location prefix:list-cluster]" logSource="/go/src/github.com/Lirt/velero-plugin-for-openstack/src/swift/object_store.go:38" pluginName=velero-plugin-for-openstack
velero-544b5979f6-vpf9x velero time="2024-08-29T16:08:51Z" level=info msg="Authentication will be done for cloud redacted-location" backup=kube-system/lirt-test-1 cmd=/plugins/velero-plugin-for-openstack logSource="/go/src/github.com/Lirt/velero-plugin-for-openstack/src/utils/auth.go:33" pluginName=velero-plugin-for-openstack
velero-544b5979f6-vpf9x velero time="2024-08-29T16:08:51Z" level=info msg="Trying to authenticate against OpenStack using environment variables (including application credentials) or using files ~/.config/openstack/clouds.yaml, /etc/openstack/clouds.yaml and ./clouds.yaml" backup=kube-system/lirt-test-1 cmd=/plugins/velero-plugin-for-openstack logSource="/go/src/github.com/Lirt/velero-plugin-for-openstack/src/utils/auth.go:68" pluginName=velero-plugin-for-openstack
velero-544b5979f6-vpf9x velero time="2024-08-29T16:08:52Z" level=info msg="plugin process exited" backup=kube-system/lirt-test-1 cmd=/velero id=266 logSource="pkg/plugin/clientmgmt/process/logrus_adapter.go:80" plugin=/velero
velero-544b5979f6-vpf9x velero time="2024-08-29T16:08:52Z" level=error msg="backup failed" backuprequest=kube-system/lirt-test controller=backup error="rpc error: code = Unknown desc = failed to authenticate against OpenStack in object storage plugin: failed to authenticate: Authentication failed" logSource="pkg/controller/backup_controller.go:288"

From docs:

Can you explain how did you get to this point and how do I exactly reproduce this?

@duy1600
Copy link
Author

duy1600 commented Aug 30, 2024

Sorry about my fault, because it wasn't clear. Let's me explain the first step again

  1. First step, creating BSL with S3 (minio) bucket enable object lock and sse-c according velero-plugin-for-aws
  2. Create a Velero backup all with pv/pvc using "backup" as method for volumeSnapshotLocation - The backup was done, but when velero-plugin-for-aws upload backup manifest to S3, it was failed by some issue with Content-MD5 and object lock. Velero mark the backup failed. However, velero-plugin-for-openstack stared backup volume. It make orphaned volume backup
  3. Velero delete backup failed - Creating DeleteBackupRequest then kubectl apply, the backup failed was delete
  4. Check on Openstack, the volume backup not delete

@Lirt
Copy link
Owner

Lirt commented Aug 30, 2024

Thank you for explanation. Yes it makes sense..

I will check if it's possible to overcome this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Lirt @duy1600