fix(backup,snapshot): avoid parallel actions on endpoints (cloudnative-pg#6890)

armru · leonardoce · mnencia · web-flow · commit e2bcca88f8bb · 2025-02-25T09:48:07.000+01:00
Multiple backup operations on the same instance were able to execute simultaneously, potentially causing conflicts and data inconsistencies. This patch introduces a mechanism to serialize these operations, ensuring that only one backup can proceed at a time per instance. Partially Closes cloudnative-pg#6761 Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
diff --git a/pkg/management/postgres/webserver/backup_connection.go b/pkg/management/postgres/webserver/backup_connection.go
@@ -57,7 +57,6 @@ const (
 var replicationSlotInvalidCharacters = regexp.MustCompile(`[^a-z0-9_]`)
 
 type backupConnection struct {
-	sync                 sync.Mutex
 	immediateCheckpoint  bool
 	waitForArchive       bool
 	conn                 *sql.Conn
@@ -66,44 +65,6 @@ type backupConnection struct {
 	err                  error
 }
 
-func (bc *backupConnection) setPhase(phase BackupConnectionPhase, backupName string) {
-	bc.sync.Lock()
-	defer bc.sync.Unlock()
-	if backupName != bc.data.BackupName {
-		return
-	}
-	bc.data.Phase = phase
-}
-
-func (bc *backupConnection) closeConnection(backupName string) error {
-	bc.sync.Lock()
-	defer bc.sync.Unlock()
-	if backupName != bc.data.BackupName {
-		return nil
-	}
-
-	return bc.conn.Close()
-}
-
-func (bc *backupConnection) forceCloseConnection() error {
-	bc.sync.Lock()
-	defer bc.sync.Unlock()
-
-	return bc.conn.Close()
-}
-
-func (bc *backupConnection) executeWithLock(backupName string, cb func() error) {
-	bc.sync.Lock()
-	defer bc.sync.Unlock()
-	if backupName != bc.data.BackupName {
-		return
-	}
-
-	if err := cb(); err != nil {
-		bc.err = err
-	}
-}
-
 func newBackupConnection(
 	ctx context.Context,
 	instance *postgres.Instance,
@@ -139,8 +100,10 @@ func newBackupConnection(
 	}, nil
 }
 
-func (bc *backupConnection) startBackup(ctx context.Context, backupName string) {
+func (bc *backupConnection) startBackup(ctx context.Context, sync *sync.Mutex) {
 	contextLogger := log.FromContext(ctx).WithValues("step", "start")
+	sync.Lock()
+	defer sync.Unlock()
 
 	if bc == nil {
 		return
@@ -152,7 +115,7 @@ func (bc *backupConnection) startBackup(ctx context.Context, backupName string)
 		}
 		contextLogger.Error(bc.err, "encountered error while starting backup")
 
-		if err := bc.closeConnection(backupName); err != nil {
+		if err := bc.conn.Close(); err != nil {
 			if !errors.Is(err, sql.ErrConnDone) {
 				contextLogger.Error(err, "while closing backup connection")
 			}
@@ -180,25 +143,25 @@ func (bc *backupConnection) startBackup(ctx context.Context, backupName string)
 			bc.immediateCheckpoint)
 	}
 
-	bc.executeWithLock(backupName, func() error {
-		if err := row.Scan(&bc.data.BeginLSN); err != nil {
-			return fmt.Errorf("while scanning backup start: %w", err)
-		}
-		bc.data.Phase = Started
+	if err := row.Scan(&bc.data.BeginLSN); err != nil {
+		bc.err = fmt.Errorf("while scanning backup start: %w", err)
+		return
+	}
 
-		return nil
-	})
+	bc.data.Phase = Started
 }
 
-func (bc *backupConnection) stopBackup(ctx context.Context, backupName string) {
+func (bc *backupConnection) stopBackup(ctx context.Context, sync *sync.Mutex) {
 	contextLogger := log.FromContext(ctx).WithValues("step", "stop")
+	sync.Lock()
+	defer sync.Unlock()
 
 	if bc == nil {
 		return
 	}
 
 	defer func() {
-		if err := bc.closeConnection(backupName); err != nil {
+		if err := bc.conn.Close(); err != nil {
 			if !errors.Is(err, sql.ErrConnDone) {
 				contextLogger.Error(err, "while closing backup connection")
 			}
@@ -218,12 +181,11 @@ func (bc *backupConnection) stopBackup(ctx context.Context, backupName string) {
 			"SELECT lsn, labelfile, spcmapfile FROM pg_catalog.pg_backup_stop(wait_for_archive => $1);", bc.waitForArchive)
 	}
 
-	bc.executeWithLock(backupName, func() error {
-		if err := row.Scan(&bc.data.EndLSN, &bc.data.LabelFile, &bc.data.SpcmapFile); err != nil {
-			contextLogger.Error(err, "while stopping PostgreSQL physical backup")
-			return fmt.Errorf("while scanning backup stop: %w", err)
-		}
-		bc.data.Phase = Completed
-		return nil
-	})
+	if err := row.Scan(&bc.data.EndLSN, &bc.data.LabelFile, &bc.data.SpcmapFile); err != nil {
+		contextLogger.Error(err, "while stopping PostgreSQL physical backup")
+		bc.err = fmt.Errorf("while scanning backup stop: %w", err)
+		return
+	}
+
+	bc.data.Phase = Completed
 }
diff --git a/pkg/management/postgres/webserver/client/local/backup.go b/pkg/management/postgres/webserver/client/local/backup.go
@@ -33,8 +33,16 @@ import (
 // BackupClient is the interface to interact with the backup endpoints
 type BackupClient interface {
 	StatusWithErrors(ctx context.Context, pod *corev1.Pod) (*webserver.Response[webserver.BackupResultData], error)
-	Start(ctx context.Context, pod *corev1.Pod, sbq webserver.StartBackupRequest) error
-	Stop(ctx context.Context, pod *corev1.Pod, sbq webserver.StopBackupRequest) error
+	Start(
+		ctx context.Context,
+		pod *corev1.Pod,
+		sbq webserver.StartBackupRequest,
+	) (*webserver.Response[webserver.BackupResultData], error)
+	Stop(
+		ctx context.Context,
+		pod *corev1.Pod,
+		sbq webserver.StopBackupRequest,
+	) (*webserver.Response[webserver.BackupResultData], error)
 }
 
 // backupClientImpl a client to interact with the instance backup endpoints
@@ -59,40 +67,46 @@ func (c *backupClientImpl) StatusWithErrors(
 }
 
 // Start runs the pg_start_backup
-func (c *backupClientImpl) Start(ctx context.Context, pod *corev1.Pod, sbq webserver.StartBackupRequest) error {
+func (c *backupClientImpl) Start(
+	ctx context.Context,
+	pod *corev1.Pod,
+	sbq webserver.StartBackupRequest,
+) (*webserver.Response[webserver.BackupResultData], error) {
 	scheme := remote.GetStatusSchemeFromPod(pod)
 	httpURL := url.Build(scheme.ToString(), pod.Status.PodIP, url.PathPgModeBackup, url.StatusPort)
 
 	// Marshalling the payload to JSON
 	jsonBody, err := json.Marshal(sbq)
 	if err != nil {
-		return fmt.Errorf("failed to marshal start payload: %w", err)
+		return nil, fmt.Errorf("failed to marshal start payload: %w", err)
 	}
 
 	req, err := http.NewRequestWithContext(ctx, "POST", httpURL, bytes.NewReader(jsonBody))
 	if err != nil {
-		return err
+		return nil, err
 	}
 	req.Header.Set("Content-Type", "application/json")
 
-	_, err = executeRequestWithError[struct{}](ctx, c.cli, req, false)
-	return err
+	return executeRequestWithError[webserver.BackupResultData](ctx, c.cli, req, true)
 }
 
 // Stop runs the command pg_stop_backup
-func (c *backupClientImpl) Stop(ctx context.Context, pod *corev1.Pod, sbq webserver.StopBackupRequest) error {
+func (c *backupClientImpl) Stop(
+	ctx context.Context,
+	pod *corev1.Pod,
+	sbq webserver.StopBackupRequest,
+) (*webserver.Response[webserver.BackupResultData], error) {
 	scheme := remote.GetStatusSchemeFromPod(pod)
 	httpURL := url.Build(scheme.ToString(), pod.Status.PodIP, url.PathPgModeBackup, url.StatusPort)
 	// Marshalling the payload to JSON
 	jsonBody, err := json.Marshal(sbq)
 	if err != nil {
-		return fmt.Errorf("failed to marshal stop payload: %w", err)
+		return nil, fmt.Errorf("failed to marshal stop payload: %w", err)
 	}
 
 	req, err := http.NewRequestWithContext(ctx, "PUT", httpURL, bytes.NewReader(jsonBody))
 	if err != nil {
-		return err
+		return nil, err
 	}
-	_, err = executeRequestWithError[webserver.BackupResultData](ctx, c.cli, req, false)
-	return err
+	return executeRequestWithError[webserver.BackupResultData](ctx, c.cli, req, true)
 }
diff --git a/pkg/management/postgres/webserver/remote.go b/pkg/management/postgres/webserver/remote.go
@@ -27,11 +27,13 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"sync"
 	"time"
 
 	"github.com/cloudnative-pg/machinery/pkg/execlog"
 	"github.com/cloudnative-pg/machinery/pkg/fileutils"
 	"github.com/cloudnative-pg/machinery/pkg/log"
+	"go.uber.org/multierr"
 	apierrs "k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -46,11 +48,22 @@ import (
 	"github.com/cloudnative-pg/cloudnative-pg/pkg/utils"
 )
 
+const errCodeAnotherRequestInProgress = "ANOTHER_REQUEST_IN_PROGRESS"
+
+// IsRetryableError checks if the error is retryable
+func IsRetryableError(err *Error) bool {
+	if err == nil {
+		return false
+	}
+	return err.Code == errCodeAnotherRequestInProgress
+}
+
 type remoteWebserverEndpoints struct {
 	typedClient      client.Client
 	instance         *postgres.Instance
 	currentBackup    *backupConnection
 	readinessChecker *readiness.Data
+	ongoingRequest   sync.Mutex
 }
 
 // StartBackupRequest the required data to execute the pg_start_backup
@@ -128,6 +141,7 @@ func (ws *remoteWebserverEndpoints) cleanupStaleCollections(ctx context.Context)
 		log.Warning("Closing stale PostgreSQL backup connection")
 
 		if err := bc.conn.Close(); err != nil {
+			bc.err = multierr.Append(bc.err, err)
 			log.Error(err, "Error while closing stale PostgreSQL backup connection")
 		}
 		bc.data.Phase = Completed
@@ -142,13 +156,13 @@ func (ws *remoteWebserverEndpoints) cleanupStaleCollections(ctx context.Context)
 			return
 		}
 
+		ws.ongoingRequest.Lock()
+		defer ws.ongoingRequest.Unlock()
+
 		if bc.data.Phase == Completed || bc.data.BackupName == "" {
 			return
 		}
 
-		bc.sync.Lock()
-		defer bc.sync.Unlock()
-
 		if bc.err != nil {
 			closeBackupConnection(bc)
 			return
@@ -317,6 +331,11 @@ func (ws *remoteWebserverEndpoints) updateInstanceManager(
 // nolint: gocognit
 func (ws *remoteWebserverEndpoints) backup(w http.ResponseWriter, req *http.Request) {
 	log.Trace("request method", "method", req.Method)
+	if !ws.ongoingRequest.TryLock() {
+		sendUnprocessableEntityJSONResponse(w, errCodeAnotherRequestInProgress, "")
+		return
+	}
+	defer ws.ongoingRequest.Unlock()
 
 	switch req.Method {
 	case http.MethodGet:
@@ -351,10 +370,10 @@ func (ws *remoteWebserverEndpoints) backup(w http.ResponseWriter, req *http.Requ
 			}
 		}()
 		if ws.currentBackup != nil {
-			log.Info("trying to close the current backup connection",
+			log.Debug("trying to close the current backup connection",
 				"backupName", ws.currentBackup.data.BackupName,
 			)
-			if err := ws.currentBackup.forceCloseConnection(); err != nil {
+			if err := ws.currentBackup.conn.Close(); err != nil {
 				if !errors.Is(err, sql.ErrConnDone) {
 					log.Error(err, "Error while closing backup connection (start)")
 				}
@@ -371,8 +390,12 @@ func (ws *remoteWebserverEndpoints) backup(w http.ResponseWriter, req *http.Requ
 			sendUnprocessableEntityJSONResponse(w, "CANNOT_INITIALIZE_CONNECTION", err.Error())
 			return
 		}
-		go ws.currentBackup.startBackup(context.Background(), p.BackupName)
-		sendJSONResponseWithData(w, 200, struct{}{})
+		go ws.currentBackup.startBackup(context.Background(), &ws.ongoingRequest)
+
+		res := Response[BackupResultData]{
+			Data: &ws.currentBackup.data,
+		}
+		sendJSONResponseWithData(w, 200, res)
 		return
 
 	case http.MethodPut:
@@ -398,8 +421,23 @@ func (ws *remoteWebserverEndpoints) backup(w http.ResponseWriter, req *http.Requ
 			return
 		}
 
+		if ws.currentBackup.err != nil {
+			if err := ws.currentBackup.conn.Close(); err != nil {
+				if !errors.Is(err, sql.ErrConnDone) {
+					log.Error(err, "Error while closing backup connection (stop)")
+				}
+			}
+
+			sendUnprocessableEntityJSONResponse(w, "BACKUP_FAILED", ws.currentBackup.err.Error())
+			return
+		}
+
+		res := Response[BackupResultData]{
+			Data: &ws.currentBackup.data,
+		}
+
 		if ws.currentBackup.data.Phase == Closing {
-			sendJSONResponseWithData(w, 200, struct{}{})
+			sendJSONResponseWithData(w, 200, res)
 			return
 		}
 
@@ -409,19 +447,10 @@ func (ws *remoteWebserverEndpoints) backup(w http.ResponseWriter, req *http.Requ
 			return
 		}
 
-		if ws.currentBackup.err != nil {
-			if err := ws.currentBackup.closeConnection(p.BackupName); err != nil {
-				if !errors.Is(err, sql.ErrConnDone) {
-					log.Error(err, "Error while closing backup connection (stop)")
-				}
-			}
+		ws.currentBackup.data.Phase = Closing
 
-			sendJSONResponseWithData(w, 200, struct{}{})
-			return
-		}
-		ws.currentBackup.setPhase(Closing, p.BackupName)
-		go ws.currentBackup.stopBackup(context.Background(), p.BackupName)
-		sendJSONResponseWithData(w, 200, struct{}{})
+		go ws.currentBackup.stopBackup(context.Background(), &ws.ongoingRequest)
+		sendJSONResponseWithData(w, 200, res)
 		return
 	}
 }
diff --git a/pkg/management/postgres/webserver/webserver.go b/pkg/management/postgres/webserver/webserver.go
@@ -50,18 +50,19 @@ type Response[T interface{}] struct {
 	Error *Error `json:"error,omitempty"`
 }
 
-// EnsureDataIsPresent returns an error if the data is field is nil
-func (body Response[T]) EnsureDataIsPresent() error {
-	status := body.Data
-	if status != nil {
-		return nil
-	}
-
+// GetError returns an error if an error response is detected or if the data
+// field is nil
+func (body Response[T]) GetError() error {
 	if body.Error != nil {
 		return fmt.Errorf("encountered a body error while preparing, code: '%s', message: %s",
 			body.Error.Code, body.Error.Message)
 	}
 
+	status := body.Data
+	if status != nil {
+		return nil
+	}
+
 	return fmt.Errorf("encounteered an empty body while expecting it to not be empty")
 }
 
diff --git a/pkg/reconciler/backup/volumesnapshot/online.go b/pkg/reconciler/backup/volumesnapshot/online.go
diff --git a/pkg/reconciler/backup/volumesnapshot/online_test.go b/pkg/reconciler/backup/volumesnapshot/online_test.go
