From Fedora Project Wiki

< Features

Revision as of 00:47, 17 November 2009 by Cjb (talk | contribs)

Important.png
Draft
This feature is still in early draft stage, and has not been formally proposed yet.

System Rollback With Btrfs

Summary

If a user has chosen to use Btrfs on one or more partitions, this feature will:

  1. automatically create new disk snapshots before each yum transaction
  2. enable the user to change which snapshot will be next booted into, if desired
  3. enable the user to manually create a new snapshot, if desired

All of the above will require superuser privileges.

Owner

Current status

  • Targeted release: Fedora 13
  • Last updated: 2009-11-13
  • Percentage of completion: 0%

Detailed Description

Btrfs is capable of creating lightweight whole-filesystem snapshots that can be mounted (and booted into) selectively. The created snapshots are copy-on-write snapshots, so there is no file duplication overhead involved for files that do not change between snapshots.

It's important to note that these snapshots are whole-filesystem snapshots -- while we propose to create a new snapshot each time a yum transaction happens, that doesn't mean reverting to an earlier snapshot will only revert the files changed by yum! The entire root filesystem will be reverted, including users' home directories if they are on btrfs. (Because of this, a user may decide to keep /home on a separate, non-btrfs partition where it is unaffected by rollbacks they decide to initiate.)

A "rollback" to an older snapshot is not destructive to data. It switches to an earlier snapshot, and later snapshots are still available afterwards. We allow the user to choose which snapshot to boot into next, and making that choice does not affect or destroy any other snapshots.

We are not proposing Btrfs to be the default filesystem for Fedora 13; this feature would only be present on installs where Btrfs has been optionally chosen for at least one filesystem.

Benefit to Fedora

There are several interesting use cases for this feature:

  • Aaron is a developer whose laptop tracks Rawhide daily. There will be days where Rawhide is not bootable/usable, though. When Rawhide breaks, automated snapshots allow Aaron to easily revert to the previous day's filesystem until Rawhide's known-working again.
  • Barbara wishes to bisect a mysterious bug that appears to have crept in on one of her recent Rawhide updates. Performing the full-system bisection is made easier by binary searching the snapshots on her disk, to narrow down responsibility for the bug to a small list of modified packages and their versions.
  • Christine wishes to create weekly snapshots by hand in case she later wants to have access to older versions of the files she's been working on.
  • Donald has, independent of yum/rpm, somehow hosed his system and doesn't know how to recover it. He'd like to revert back to the last snapshot that was made.

Of these, the ability for our developers to feel comfortable tracking Rawhide without fear of an unusable install seems to have the most immediate utility to Fedora.

Scope

We propose to create:

  • (required) a new graphical control panel: system-config-snapshots, or system-config-snapshots-btrfs, which retrieves a list of snapshots present on mounted Btrfs volumes, offers a choice of which snapshot will be booted into on next reboot, and also allows the user to manually create a new snapshot if desired. (cjb)
  • (required) a yum plugin to create a timestamped snapshot just before starting each yum transaction. (josef, skvidal)
  • (optional) a patch to grub1 -- on top of the already existing patch to support btrfs in grub1 -- to allow selecting between snapshots of the boot partition.
  • (optional) a patch to btrfs to set an fs-specific option of which snapshot should be the next "default" to boot. This avoids having the control panel need to modify either the grub config or /etc/fstab; instead it would just set a filesystem property with btrfsctl(1).

How To Test

The test plan will look something like:

  • Make your root filesystem be on btrfs. This can be by selecting it in the installer, or running the btrfs migration tool from ext3 or ext4. Make sure to have a backup first!
  • Boot into the new btrfs system, and perform a "yum install". Does system-config-rollback-btrfs show that a new snapshot was created? Does it allow you to set that snapshot as active for the next book without any errors?
  • When you reboot, verify that the application you successfully yum-installed is no longer present on the system.
  • Switch back to the latest "default" snapshot and reboot. Test that the yum-installed app is present once more.
  • Try creating a snapshot by hand using system-config-rollback-btrfs, and set it as active for the next boot. Before rebooting, touch a file in the root directory of the filesystem. After you reboot, it should be gone.

User Experience

There will be a new control panel available. If there is a mounted btrfs partition, the control panel will offer a selection of old snapshots to next boot from, and offer the creation of new ones. If there are no btrfs mounts, the control panel should explain the situation and then quit.

If the grub subfeature is completed, and a user has chosen to use btrfs as their boot filesystem, users will see a list of date/timestamps corresponding to snapshots that they can select from by interrupting grub at boot-time.

Dependencies

All of the support needed for btrfs snapshots should be already present in the kernel. The patch to support btrfs in grub has not been committed to grub1 so far (although we note that Gentoo already carries it locally). We would have to persuade the Fedora Grub maintainer(s) to adopt the patch for the grub subfeature to be completed.

Contingency Plan

None necessary, revert if not completed.

Documentation

Here is generic documentation on btrfs snapshots:

There will be significant documentation work needed to explain the following about this feature:

  • While the snapshots are automatically created as part of yum transactions, they are full disk snapshots, not merely snapshots of the package changes.
  • Rolling back to an earlier snapshot is not destructive. You can go back to the most recent version of the filesystem again afterwards using the same tool you used to switch to the earlier one.

Release Notes

To follow.

Comments and Discussion