Latest revision as of 04:11, 1 April 2010

System Rollback With Btrfs

Summary

If a user has chosen to use Btrfs on one or more partitions, this feature will:

automatically create new disk snapshots before each yum transaction
enable the user to change which snapshot will be next booted into, if desired
enable the user to manually create a new snapshot, if desired

All of the above will require superuser privileges.

Owner

Name: Chris Ball, Josef Bacik
email: cjb@laptop.org, josef@redhat.com

Current status

Targeted release: Fedora 13
Last updated: 2010-04-01
Percentage of completion: 100%

Kernel patches for listing subvols and setting default subvolumes are in Linus' tree and the F13 kernel now
Josef's yum plugin has been merged
Palimpsest code is not finished, and will be deferred until F14.
- Bugs for UI changes: https://bugzilla.gnome.org/show_bug.cgi?id=608204 , http://bugs.freedesktop.org/show_bug.cgi?id=26258

Detailed Description

Btrfs is capable of creating lightweight filesystem snapshots that can be mounted (and booted into) selectively. The created snapshots are copy-on-write snapshots, so there is no file duplication overhead involved for files that do not change between snapshots.

It's important to note that these snapshots are whole-filesystem snapshots -- while we propose to create a new snapshot each time a yum transaction happens, that doesn't mean reverting to an earlier snapshot will only revert the files changed by yum! The entire root filesystem will be reverted, including users' home directories if they are on btrfs. (Because of this, a user may decide to keep /home on a separate, non-btrfs partition where it is unaffected by rollbacks they decide to initiate.)

A "rollback" to an older snapshot is not destructive to data. It switches to an earlier snapshot, and later snapshots are still available afterwards. We allow the user to choose which snapshot will be mounted next, and making that choice does not affect or destroy any other snapshots.

We are not proposing Btrfs to be the default filesystem for Fedora 13; this feature would only be present on installs where Btrfs has been optionally chosen for at least one filesystem.

Benefit to Fedora

There are several interesting use cases for this feature:

Aaron is a developer whose laptop tracks Rawhide daily. There will be days where Rawhide is not bootable/usable, though. When Rawhide breaks, automated snapshots allow Aaron to easily revert to the previous day's filesystem until Rawhide's known-working again.
Barbara wishes to bisect a mysterious bug that appears to have crept in on one of her recent Rawhide updates. Performing the full-system bisection is made easier by binary searching the snapshots on her disk, to narrow down responsibility for the bug to a small list of modified packages and their versions.
Christine wishes to create weekly snapshots by hand in case she later wants to have access to older versions of the files she's been working on.
Donald has, independent of yum/rpm, somehow hosed his system and doesn't know how to recover it. He'd like to revert back to the last snapshot that was made.

Of these, the ability for our developers to feel comfortable tracking Rawhide without fear of an unusable install seems to have the most immediate utility to Fedora.

Scope

We propose to create:

(deferred) a new "btrfs" section in gnome-disk-utility/Palimpsest. When a btrfs filesystem is highlighted, the user is shown a drop-down menu that allows choosing the snapshot that will be used the next time the filesystem is mounted, and a separate text box and "create" button for creating a new snapshot immediately. (cjb)
(finished) a yum plugin to create a timestamped snapshot just before starting each yum transaction. (josef, skvidal)
(deferred) a patch to grub1 -- on top of the already existing patch to support btrfs in grub1 -- to allow selecting between snapshots of the boot partition.
(finished) a patch to btrfs to set an fs-specific option of which snapshot should be the next "default" to boot. This avoids having the control panel need to modify either the grub config or /etc/fstab; instead it would just set a filesystem property with btrfsctl(1).

How To Test

The test plan will look something like:

Make your root filesystem be on btrfs. This can be by selecting it in the installer, or running the btrfs migration tool from ext3 or ext4. Make sure to have a backup first!
Boot into the new btrfs system, and perform a "yum install". Does palimpsest show that a new snapshot was created? Does it allow you to set that snapshot as active for the next book without any errors?
When you reboot, verify that the application you successfully yum-installed is no longer present on the system.
Switch back to the latest "default" snapshot and reboot. Test that the yum-installed app is present once more.
Try creating a snapshot by hand using palimpsest, and set it as active for the next boot. Before rebooting, touch a file in the root directory of the filesystem. After you reboot, it should be gone.

User Experience

There will be new options available if your disk contains btrfs filesystems and you run palimpsest. If there is a mounted btrfs partition, palimpsest will offer a selection of old snapshots to use at next mount, and offer the creation of new ones. If there are no btrfs mounts, the UI will be entirely unchanged.

If the grub subfeature is completed, and a user has chosen to use btrfs as their boot filesystem, users will see a list of date/timestamps corresponding to snapshots that they can select from by interrupting grub at boot-time.

Dependencies

All of the support needed for btrfs snapshots should be already present in the kernel. The patch to support btrfs in grub has not been committed to grub1 so far (although we note that Gentoo already carries it locally). We would have to persuade the Fedora Grub maintainer(s) to adopt the patch for the grub subfeature to be completed.

Contingency Plan

None necessary, revert if not completed.

Documentation

Here is generic documentation on btrfs snapshots:

There will be significant documentation work needed to explain the following about this feature:

While the snapshots are automatically created as part of yum transactions, they are full disk snapshots, not merely snapshots of the package changes.
Rolling back to an earlier snapshot is not destructive. You can go back to the most recent version of the filesystem again afterwards using the same tool you used to switch to the earlier one.

Release Notes

Users of the experimental btrfs filesystem in Fedora 13 benefit from automatic filesystem snapshots each time the yum package manager performs an installation or upgrade, and from a user interface to allow switching between snapshots.

Comments and Discussion

See Talk:Features/SystemRollbackWithBtrfs

@@ Line 1: / Line 1: @@
-{{Admon/important | Draft | This feature is still in early draft stage, and has not been formally proposed yet.}}
 = System Rollback With Btrfs =
@@ Line 20: / Line 18: @@
 == Current status ==
 * Targeted release: [[Releases/13 | Fedora 13]]
-* Last updated: 2009-11-13
+* Last updated: 2010-04-01
-* Percentage of completion: 0%
+* Percentage of completion: 100%
+* Kernel patches for listing subvols and setting default subvolumes are in Linus' tree and the F13 kernel now
+* Josef's yum plugin has been merged
+* Palimpsest code is not finished, and will be deferred until F14.
+** Bugs for UI changes:  https://bugzilla.gnome.org/show_bug.cgi?id=608204 , http://bugs.freedesktop.org/show_bug.cgi?id=26258
 == Detailed Description ==
-Btrfs is capable of creating lightweight whole-filesystem snapshots that can be mounted (and booted into) selectively.  The created snapshots are copy-on-write snapshots, so there is no file duplication overhead involved for files that do not change between snapshots.
+Btrfs is capable of creating lightweight filesystem snapshots that can be mounted (and booted into) selectively.  The created snapshots are copy-on-write snapshots, so there is no file duplication overhead involved for files that do not change between snapshots.
-This feature will create a new snapshot at the start of every yum transaction, and offer methods for changing which snapshot will be booted into at next reboot, as well as a method for manually triggering a new snapshot to be made.
 It's important to note that these snapshots are whole-filesystem snapshots -- while we propose to create a new snapshot each time a yum transaction happens, that doesn't mean reverting to an earlier snapshot will only revert the files changed by yum!  The entire root filesystem will be reverted, including users' home directories if they are on btrfs.  (Because of this, a user may decide to keep /home on a separate, non-btrfs partition where it is unaffected by rollbacks they decide to initiate.)
-A "rollback" to an older snapshot is not destructive; it switches to an earlier snapshot, and later snapshots are still available afterwards, so no data is lost.  We allow the user to choose which snapshot to boot into next, and making that choice does not affect or destroy any other snapshots.
+A "rollback" to an older snapshot is not destructive to data.  It switches to an earlier snapshot, and later snapshots are still available afterwards.  We allow the user to choose which snapshot will be mounted next, and making that choice does not affect or destroy any other snapshots.
-Btrfs will certainly not be the default filesystem for Fedora 13, so this feature is only usable on installs where Btrfs has been specifically chosen for at least one filesystem.
+We are not proposing Btrfs to be the default filesystem for Fedora 13; this feature would only be present on installs where Btrfs has been optionally chosen for at least one filesystem.
 == Benefit to Fedora ==
@@ Line 38: / Line 39: @@
 * Aaron is a developer whose laptop tracks Rawhide daily.  There will be days where Rawhide is not bootable/usable, though.  When Rawhide breaks, automated snapshots allow Aaron to easily revert to the previous day's filesystem until Rawhide's known-working again.
-* Barbara wishes to bisect a mysterious bug that appears to have crept in on one of her recent Rawhide updates.  Performing the full-system bisection is made easy by binary searching the snapshots on her disk, to narrow down responsibility for the bug to a small list of modified packages and their versions.
+* Barbara wishes to bisect a mysterious bug that appears to have crept in on one of her recent Rawhide updates.  Performing the full-system bisection is made easier by binary searching the snapshots on her disk, to narrow down responsibility for the bug to a small list of modified packages and their versions.
 * Christine wishes to create weekly snapshots by hand in case she later wants to have access to older versions of the files she's been working on.
-* Donald has, independent of yum/rpm, somehow hosed his system and doesn't know how to recover it.  He'd like to revert back to the last checkpoint that was made.
+* Donald has, independent of yum/rpm, somehow hosed his system and doesn't know how to recover it.  He'd like to revert back to the last snapshot that was made.
 Of these, the ability for our developers to feel comfortable tracking Rawhide without fear of an unusable install seems to have the most immediate utility to Fedora.
@@ Line 47: / Line 48: @@
 We propose to create:
-* (required) a new graphical control panel: system-config-rollback, or system-config-rollback-btrfs, which retrieves a list of snapshots present on mounted Btrfs volumes, offers a choice of which snapshot will be booted into on next reboot, and also allows the user to manually create a new snapshot if desired.  (cjb)
+* (deferred) a new "btrfs" section in gnome-disk-utility/Palimpsest.  When a btrfs filesystem is highlighted, the user is shown a drop-down menu that allows choosing the snapshot that will be used the next time the filesystem is mounted, and a separate text box and "create" button for creating a new snapshot immediately.  (cjb)
-* (required) a yum plugin to create a timestamped snapshot just before starting each yum transaction.  (josef, skvidal)
+* (finished) a yum plugin to create a timestamped snapshot just before starting each yum transaction.  (josef, skvidal)
-* (optional) a patch to grub1 -- on top of the already existing patch to support btrfs in grub1 -- to allow selecting between snapshots of the boot partition.
+* (deferred) a patch to grub1 -- on top of the already existing patch to support btrfs in grub1 -- to allow selecting between snapshots of the boot partition.
-* (optional) a patch to btrfs to set an fs-specific option of which snapshot shouldbe the next "default" to boot.  This avoids having the control panel need to modify either the grub config or /etc/fstab; instead it would just set a filesystem property with btrfsctl(1).
+* (finished) a patch to btrfs to set an fs-specific option of which snapshot should be the next "default" to boot.  This avoids having the control panel need to modify either the grub config or /etc/fstab; instead it would just set a filesystem property with btrfsctl(1).
 == How To Test ==
@@ Line 56: / Line 57: @@
 * Make your root filesystem be on btrfs.  This can be by selecting it in the installer, or running the btrfs migration tool from ext3 or ext4.  Make sure to have a backup first!
-* Boot into the new btrfs system, and perform a "yum install".  Does system-config-rollback-btrfs show that a new snapshot was created?  Does it allow you to set that snapshot as active for the next book without any errors?
+* Boot into the new btrfs system, and perform a "yum install".  Does palimpsest show that a new snapshot was created?  Does it allow you to set that snapshot as active for the next book without any errors?
 * When you reboot, verify that the application you successfully yum-installed is no longer present on the system.
 * Switch back to the latest "default" snapshot and reboot.  Test that the yum-installed app is present once more.
-* Try creating a snapshot by hand using system-config-rollback-btrfs, and set it as active for the next boot.  Before rebooting, touch a file in the root directory of the filesystem.  After you reboot, it should be gone.
+* Try creating a snapshot by hand using palimpsest, and set it as active for the next boot.  Before rebooting, touch a file in the root directory of the filesystem.  After you reboot, it should be gone.
 == User Experience ==
-There will be a new control panel available.  If there is a mounted btrfs partition, the control panel will offer a selection of old snapshots to next boot from, and offer the creation of new ones.
+There will be new options available if your disk contains btrfs filesystems and you run palimpsest.  If there is a mounted btrfs partition, palimpsest will offer a selection of old snapshots to use at next mount, and offer the creation of new ones.  If there are no btrfs mounts, the UI will be entirely unchanged.
-If the grub subfeature is completed, and a user has chosen to use btrfs as their boot filesystem, users will see a list of date/timestamps corresponding to snapshots that they can select from if they interrupt grub at boot-time.
+If the grub subfeature is completed, and a user has chosen to use btrfs as their boot filesystem, users will see a list of date/timestamps corresponding to snapshots that they can select from by interrupting grub at boot-time.
 == Dependencies ==
-The support needed for btrfs snapshots is already present in the kernel.  The patch to support btrfs in grub has not been committed to grub1 so far (although we note that Gentoo already carries it locally).  We would have to persuade the Fedora Grub maintainer(s) to adopt the patch for the grub subfeature to be completed.
+All of the support needed for btrfs snapshots should be already present in the kernel.  The patch to support btrfs in grub has not been committed to grub1 so far (although we note that Gentoo already carries it locally).  We would have to persuade the Fedora Grub maintainer(s) to adopt the patch for the grub subfeature to be completed.
 == Contingency Plan ==
@@ Line 80: / Line 81: @@
 There will be significant documentation work needed to explain the following about this feature:
-* While the snapshots are automatically created as part of yum transactions, they are full disk snapshots, not only snapshots of package changes.
+* While the snapshots are automatically created as part of yum transactions, they are full disk snapshots, not merely snapshots of the package changes.
-* Rolling back to an earlier snapshot is not destructive.  You can go back to the most recent version of the filesystem again afterwards using the same tool you used to go backwards.
+* Rolling back to an earlier snapshot is not destructive.  You can go back to the most recent version of the filesystem again afterwards using the same tool you used to switch to the earlier one.
 == Release Notes ==
-To follow.
+* Users of the experimental btrfs filesystem in Fedora 13 benefit from automatic filesystem snapshots each time the yum package manager performs an installation or upgrade, and from a user interface to allow switching between snapshots.
 == Comments and Discussion ==
 * See [[Talk:Features/SystemRollbackWithBtrfs]]
-[[Category:FeaturePageIncomplete]]
+[[Category:FeatureAcceptedF13]]
-<!-- When your feature page is completed and ready for review -->
-<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
 <!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
 <!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->

Search

Features/SystemRollbackWithBtrfs: Difference between revisions