...
Excerpt |
---|
The Fedora 4 Backup capability allows a user, such as the repository manager, make a REST call to have the repository binaries and metadata exported to the local file system. Inversely, the Restore capability allows a user to make a REST call to have the repository restored from the contents of a previous Backup operation. In addition, with the default configuration, files are stored on disk named according to their SHA1 digest, so a filesystem backup approach can also be used. |
Design Considerations
Panel | ||
---|---|---|
| ||
Historically, Fedora fulfilled its promise of durability by choosing transparent forms of persistence (e.g. human-readable XML) and using them in ways that systems outside the repository could readily penetrate if needed. Transparency in support of durability is as valid a principle as ever, but there is a weakness to it: transparent forms of persistence are not performant. What's more, many users didn't particularly care for that principle, but they were still stuck paying the performance costs associated with it. So in Fedora 4, we shifted responsibility for transparent persistence away from the core repository software. If you'd like to maintain some simple, human-readable form of your repository, that's fine, but you need to support that with an integration around the core. The form of persistence used by the core repository component itself is not meant to be manipulated directly by a human except in the most unusual situations, it's meant instead for use by the software to provide speedy service at the repository's API. You might compare this to the use of database software. You don't expect to directly manipulate database indexes, and if you are concerned for the durability of your data in the database, you take backups in a transparent format and use _those_ to ensure durability. |
...
On success
- HTTP/1.1 204 No Content
Configurations
The following configurations have been successfully tested with the Backup and Restore functionality
- Non-clustered Fedora, using Infinispan cache backed by LevelDB (config)
Backup Format
Regardless of the repository configuration, the output of the backup process creates resources of the same format. Further details on backup contents and the underlying implementation can be found in ModeShape's documentation.
...
By default, files larger than 4KB are stored on disk named after their SHA1 digest, in the directory fcrepo.binary.directory
. (4KB is the default, but can be changed by updating the minimumBinarySizeInBytes
property in repository.json). That is, a file with the SHA1 "a1b2c369563c0465ab82cdb2789d45ce1c3585b1" would be stored on disk in /path/to/fcrepo4-data/fcrepo.binary.directory/a1/b2/c3/a1b2c369563c0465ab82cdb2789d45ce1c3585b1
. So files in the repository can be backed up backing up the directory fcrepo.binary.directory
.
LevelDB Backup
LevelDB stores it's data as flat files in the directory fcrepo.ispn.repo.cache
of the fcrepo home. The fcrepo home directory can be backed up as a whole to create a snapshot of the repository with both the binaries and the metadata. Though, the fcrepo.binary.directory and fcrepo.ispn.repo.cache
are the only directories necessary for backup. (See ModeShape Artifacts Layout). The backup can be created on a live repository without having to shutdown or restricting ingests to the repository. Though, it would be good idea to schedule the backups after any batch ingests, so that the newly ingested data is also included in the backup.
Backup Strategies
Here are a few strategies for backup:
WITH SHUTTING DOWN FEDORA (CONSISTENTLY RELIABLE BACKUPS)
STEPS:
- Shutdown Fedora
- Backup of FCREPO HOME (or just fcrepo.binary.directory and fcrepo.ispn.repo.cache)
- Restart Fedora
WITH PAUSING WRITES TO FEDORA
STEPS:
...
- Do not create, delete, or update OBJECTS or DATASTREAMS.
...
- For serialization of newly created objects to complete.
- And, for leveldb background compaction to complete (usually in seconds), if the previous updates triggered a compaction.
...
- Verify successful backup.
...
.
...
HOT BACKUPS (LESS RELIABLE UNLESS VERFIED)
...
binary
...
- Verify successful backup.
Verifying Backups:
...
- Verify the leveldb opens.
- Verify by iterating through the keys. (To expose any corruption)
Based on the flow of the background compaction process in the leveldb implementation ([1] and [2]), the manifest file is updated at the end of compaction, which is followed by the deletion of obsolete files. To verify successful backups, we can begin the backup with copying the manifest file followed by the rest of the files. And, at the end of the backup, the backed up manifest file can be compared with the current manifest. An unchanged manifest can be considered as a successful backup, and vice versa.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
#!/bin/bash
# Location of the fcrepo home directory
FCREPO_HOME=/var/lib/tomcat7/fcrepo4-data
# Destination Directory
BACKUP_TO=/home/vagrant/backup
# Backup exact (without the structural changes introduces by Python verfication script).
# (Additional temporary storage is used, if true)
BACKUP_EXACT=true
# Max Backup Attempts on failure
ATTEMPTS=10
echo `date`" $0: fcrepo home dir: $FCREPO_HOME"
echo `date`" $0: backup dir: $BACKUP_TO"
echo `date`" $0: max attempts on failure: $ATTEMPTS"
if [ ! -d $BACKUP_TO ]; then
mkdir $BACKUP_TO
fi
LEVELDB_DIR=fcrepo.ispn.repo.cache
DATA_DIR=dataFedoraRepository
backup_succeeded=false
attempts=$ATTEMPTS
echo `date`" $0: Backing up leveldb."
while [ $attempts -gt 0 ]; do
MANIFEST_FILE=`ls $FCREPO_HOME/$LEVELDB_DIR/$DATA_DIR/MANIFEST-*`
MANIFEST_MD5=`md5sum $MANIFEST_FILE`
rm -rf $BACKUP_TO/$LEVELDB_DIR"-tmp"
cp -r $FCREPO_HOME/$LEVELDB_DIR $BACKUP_TO/$LEVELDB_DIR"-tmp"
copy_success=$?
MANIFEST_FILE_POST_BACKUP=`ls $FCREPO_HOME/$LEVELDB_DIR/$DATA_DIR/MANIFEST-*`
MANIFEST_MD5_POST_BACKUP=`md5sum $MANIFEST_FILE_POST_BACKUP`
if [ "$MANIFEST_MD5" = "$MANIFEST_MD5_POST_BACKUP" ] && [ "$copy_success" = "0" ]; then
backup_succeeded=true
break;
fi
attempts=$((attempts - 1))
echo `date`" $0: leveldb manifest changed during backup process! $attempts attempts remaining."
done
if [ "$backup_succeeded" = false ]; then
echo `date`" $0: Failed to backup with a consistent leveldb manifest!"
else
echo `date`" $0: Backup created and verified leveldb manifest consistency!"
fi
if [ "$BACKUP_EXACT" = true ]; then
rm -rf $BACKUP_TO/$LEVELDB_DIR"-unchanged"
cp -r $BACKUP_TO/$LEVELDB_DIR"-tmp" $BACKUP_TO/$LEVELDB_DIR"-unchanged"
fi
backup_repaired=false
# Verify and repair using python script
python verify_leveldb.py $BACKUP_TO/$LEVELDB_DIR"-tmp"/$DATA_DIR
if [ "$?" != "0" ]; then
echo `date`" $0: Discovered backup corruption! Attempting to repair!"
python repair_leveldb.py $BACKUP_TO/$LEVELDB_DIR"-tmp"/$DATA_DIR
if [ "$?" != "0" ]; then
echo `date`" $0: Backup repair failed!"
else
python verify_leveldb.py $BACKUP_TO/$LEVELDB_DIR"-tmp"/$DATA_DIR
if [ "$?" != "0" ]; then
echo `date`" $0: Backup repair failed!"
else
echo `date`" $0: Backup repair succeeded!"
backup_repaired=true
backup_succeeded=true
fi
fi
else
echo `date`" $0: Backup passed corruption verification!"
fi
if [ "$backup_succeeded" = true ]; then
rm -rf $BACKUP_TO/$LEVELDB_DIR
if [ "$BACKUP_EXACT" = true ] && [ "$backup_repaired" = false ]; then
mv $BACKUP_TO/$LEVELDB_DIR"-unchanged" $BACKUP_TO/$LEVELDB_DIR
else
mv $BACKUP_TO/$LEVELDB_DIR"-tmp" $BACKUP_TO/$LEVELDB_DIR
fi
fi |
...
language | py |
---|---|
title | verify_leveldb.py |
collapse | true |
...
.
...
Repairing Corrupt LevelDB
When the LevelDB database becomes corrupted, the RepairDB option provided by the LevelDB API can be used to recover as much as data as possible. In LevelDB, the manifest file holds account of all files and their corresponding key ranges. The recovery process inspects each file in the leveldb directory
and updates the manifest accordingly. This implies that even with a successful repair missing-files could lead to loss of data, which in turn can prevent a successful restoration of the repository.
The below script can be used to repair corrupt leveldb cache:
...
.
...