From Fedora Project Wiki

Revision as of 06:42, 14 November 2009 by Cjb (talk | contribs) (create page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Draft
This feature is still in early draft stage, and has not been formally proposed yet.

System Rollback With Btrfs

Summary

If a user has chosen to use Btrfs on one or more partitions, this feature will:

  1. automatically create new disk snapshots before each yum transaction
  2. enable the user to change which snapshot will be next booted into, if desired
  3. enable the user to manually create a new snapshot, if desired

All of the above will require superuser privileges.

Owner

Current status

  • Targeted release: Fedora 13
  • Last updated: 2009-11-13
  • Percentage of completion: 0%

Detailed Description

Btrfs is capable of creating lightweight whole-filesystem snapshots that can be mounted (and booted into) selectively. The created snapshots are copy-on-write snapshots, so there is no file duplication overhead involved for files that do not change between snapshots.

This feature will create a new snapshot at the start of every yum transaction, and offer methods for changing which snapshot will be booted into at next reboot, as well as a method for manually triggering a new snapshot to be made.

It's important to note that these snapshots are whole-filesystem snapshots -- while we propose to create a new snapshot each time a yum transaction happens, that doesn't mean reverting to an earlier snapshot will only revert the files changed by yum! The entire root filesystem will be reverted, including users' home directories if they are on btrfs. (Because of this, a user may decide to keep /home on a separate, non-btrfs partition where it is unaffected by rollbacks they decide to initiate.)

A "rollback" to an older snapshot is not destructive; it switches to an earlier snapshot, and later snapshots are still available afterwards, so no data is lost. We allow the user to choose which snapshot to boot into next, and making that choice does not affect or destroy any other snapshots.

Btrfs will certainly not be the default filesystem for Fedora 13, so this feature is only usable on installs where Btrfs has been specifically chosen for at least one filesystem.

Benefit to Fedora

There are several interesting use cases for this feature:

  • Aaron is a developer whose laptop tracks Rawhide daily. There will be days where Rawhide is not bootable/usable, though. When Rawhide breaks, automated snapshots allow Aaron to easily revert to the previous day's filesystem until Rawhide's known-working again.
  • Barbara wishes to bisect a mysterious bug that appears to have crept in on one of her recent Rawhide updates. Performing the full-system bisection is made easy by binary searching the snapshots on her disk, to narrow down responsibility for the bug to a small list of modified packages and their versions.
  • Christine wishes to create weekly snapshots by hand in case she later wants to have access to older versions of the files she's been working on.
  • Donald has, independent of yum/rpm, somehow hosed his system and doesn't know how to recover it. He'd like to revert back to the last checkpoint that was made.

Of these, the ability for our developers to feel comfortable tracking Rawhide without fear of an unusable install seems to have the most immediate utility to Fedora.

Scope

We propose to create:

  • (required) a new graphical control panel: system-config-rollback, or system-config-rollback-btrfs, which retrieves a list of snapshots present on mounted Btrfs volumes, offers a choice of which snapshot will be booted into on next reboot, and also allows the user to manually create a new snapshot if desired. (cjb)
  • (required) a yum plugin to create a timestamped snapshot just before starting each yum transaction. (josef, skvidal)
  • (optional) a patch to grub1 -- on top of the already existing patch to support btrfs in grub1 -- to allow selecting between snapshots of the boot partition.
  • (optional) a patch to btrfs to set an fs-specific option of which snapshot shouldbe the next "default" to boot. This avoids having the control panel need to modify either the grub config or /etc/fstab; instead it would just set a filesystem property with btrfsctl(1).

How To Test

The test plan will look something like:

  • Make your root filesystem be on btrfs. This can be by selecting it in the installer, or running the btrfs migration tool from ext3 or ext4. Make sure to have a backup first!
  • Boot into the new btrfs system, and perform a "yum install". Does system-config-rollback-btrfs show that a new snapshot was created? Does it allow you to set that snapshot as active for the next book without any errors?
  • When you reboot, verify that the application you successfully yum-installed is no longer present on the system.
  • Switch back to the latest "default" snapshot and reboot. Test that the yum-installed app is present once more.
  • Try creating a snapshot by hand using system-config-rollback-btrfs, and set it as active for the next boot. Before rebooting, touch a file in the root directory of the filesystem. After you reboot, it should be gone.

User Experience

There will be a new control panel available. If there is a mounted btrfs partition, the control panel will offer a selection of old snapshots to next boot from, and offer the creation of new ones.

If the grub subfeature is completed, and a user has chosen to use btrfs as their boot filesystem, users will see a list of date/timestamps corresponding to snapshots that they can select from if they interrupt grub at boot-time.

Dependencies

The support needed for btrfs snapshots is already present in the kernel. The patch to support btrfs in grub has not been committed to grub1 so far (although we note that Gentoo already carries it locally). We would have to persuade the Fedora Grub maintainer(s) to adopt the patch for the grub subfeature to be completed.

Contingency Plan

None necessary, revert if not completed.

Documentation

Here is generic documentation on btrfs snapshots:

There will be significant documentation work needed to explain the following about this feature:

  • While the snapshots are automatically created as part of yum transactions, they are full disk snapshots, not only snapshots of package changes.
  • Rolling back to an earlier snapshot is not destructive. You can go back to the most recent version of the filesystem again afterwards using the same tool you used to go backwards.

Release Notes

To follow.

Comments and Discussion