Don't fail backup deletion if downloading tarball fails #2993
Conversation
zubron
force-pushed
the
fix-deletion-of-cloud-deleted-backups-2980
branch
2 times, most recently
from
6cf52a6 to
df96e0c
Compare
zubron
force-pushed
the
fix-deletion-of-cloud-deleted-backups-2980
branch
from
df96e0c to
0808786
Compare
zubron
changed the title
zubron
force-pushed
the
fix-deletion-of-cloud-deleted-backups-2980
branch
from
0808786 to
383f3ac
Compare
zubron
force-pushed
the
fix-deletion-of-cloud-deleted-backups-2980
branch
from
383f3ac to
d83759b
Compare
There was a problem hiding this comment.
I think the correct fix is to not delete the backup from the object store if there were any errors in the process of deleting the backup.
refer #3094 (comment)
|
@ashish-amarnath #3094 is related but I think this PR and the issue it is addressing are different enough that they should be considered separately. This PR will only deal with the case where there are DeleteItemAction plugins to run and the backup tarball doesn't exist. The fact that a backup deletion fails due to missing cloud resources is a change in behaviour from 1.4 so this PR was to restore the previous behaviour. For example, if someone manually removes the backup tarball from their object storage or the backup tarball was never written in the first place, then attempting to delete those backups through velero will always result in an error and the deletion will fail. In #3094, the issue is that Velero should not have deleted any backup resources in the first place if there was an error. They are related, in that the error described in #2980 will appear on following deletion attempts, but I still think they are distinct issues. I think the issue of orphaned resources described in #3094 would have existed prior to the introduction of DeleteItemActions. All that said, I think we need both this change and the one you mentioned in #3094 😄 |
| if err != nil { | ||
| log.WithError(err).Errorf("Unable to download tarball for backup %s, skipping associated DeleteItemAction plugins", backup.Name) | ||
| } else { | ||
| defer closeAndRemoveFile(backupFile, c.logger) |
There was a problem hiding this comment.
Should this defer be in the else block? I don't think the backupFile variable exists here, unless I'm reading something wrong.
There was a problem hiding this comment.
It's defined on 307. I put the defer here thinking that we shouldn't attempt to close and remove it unless it was successfully created, but I should check the implementation of both functions. downloadToTempFile might create the file and not write to it, or closeAndRemoveFile might be able to handle the case where it doesn't exist and in that case it would be safe to move it to the outer scope where backupFile was defined.
There was a problem hiding this comment.
downloadToTempFile returns a nil file pointer in the case where there was an error. This means that closeAndRemoveFile will panic as it was passed nil. I can leave the defer in the else block or update closeAndRemoveFile to handle the case where the file is nil. I'm leaning towards the latter option but let me know what you think!
There was a problem hiding this comment.
Got it, thanks for the detailed reply. I was actually confusing the ifs and thought the else was part of the len(actions) > 0 condition.
I think updating closeAndRemoveFile to handle a nil file is a good idea. That way, we can move the defer right after the downloadToTempFile call, which is more idiomatic Go, where the defer is put right after the creation or fetching of the resource.
The other option is a short comment above the defer statement where it's at now to explain why, but I think updating closeAndRemoveFile is the better choice.
|
I think we need both fixes as well. If nothing else, this is an optimization that we won't try to download the backup tarball when we don't need to act on it. |
zubron
force-pushed
the
fix-deletion-of-cloud-deleted-backups-2980
branch
from
d83759b to
feaff55
Compare
Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]>
Signed-off-by: Bridget McErlean <[email protected]>
zubron
force-pushed
the
fix-deletion-of-cloud-deleted-backups-2980
branch
from
feaff55 to
fd6035c
Compare
There was a problem hiding this comment.
Thanks for your patience @zubron :)
@ashish-amarnath Could you please revisit your review?
…#2993) * Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
|
When will this fix be released? |
* Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
…#2993) * Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
…#2993) * Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
…#2993) * Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
…#2993) * Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
…#2993) * Don't fail backup if downloading tarball fails Previously, we would always attempt to download the tarball for a backup for processing DeleteItemAction plugins, even if there weren't any. This caused an issue for some users in the case where the backup tarball had been deleted from object storage as the backup deletion would fail. Now, we only attempt to download the tarball in the case where there are DeleteItemAction plugins. If downloading that tarball fails, we log the error, skip the processing of the DeleteItemAction plugins and proceed with the rest of the deletion. Signed-off-by: Bridget McErlean <[email protected]> * Skip file removal in closeAndRemoveFile if nil Signed-off-by: Bridget McErlean <[email protected]>
Previously, we would always attempt to download the tarball for a backup
for processing DeleteItemAction plugins, even if there weren't any.
This caused an issue for some users in the case where the backup tarball
had been deleted from object storage as the backup deletion would fail.
Now, we only attempt to download the tarball in the case where there are
DeleteItemAction plugins. If downloading that tarball fails, we log
the error, skip the processing of the DeleteItemAction plugins and
proceed with the rest of the deletion.
Fixes #2980
Signed-off-by: Bridget McErlean [email protected]