Change 32160
Enhanced opt_perforce_sdp_backup.sh to work with P4Depots volume on NFS
with 'root squash' feature enabled.
Fixes SDP-1236.
PROBLEM:
When the backup script runs as root and attempts to write to an NFS-mounted
P4Depots volume with root squash enabled, the script fails because root gets
squashed to nobody/nfsnobody and lacks write permissions to the NFS mount.
SOLUTION:
Implemented a staging and tarball approach to work around NFS root squash:
1. Staging Directory:
- Created a temporary staging directory under /tmp where all backup
operations write files as root (preserving proper ownership).
- All rsync and cp operations now target the staging directory instead
of directly writing to the NFS-mounted backup location.
2. Tarball Creation:
- After successful staging, a tarball is created from the staged content.
- The tarball uses --numeric-owner flag to preserve UIDs/GIDs.
- Tarball ownership is changed to the SDP owner user (not root).
3. NFS-Compatible Backup:
- BackupBase and BackupDir are now created as the SDP owner user using
runuser, not as root.
- The tarball (owned by SDP owner) is copied to the backup location as
the SDP owner user, bypassing root squash restrictions.
4. Updated Recovery Procedure:
- Recovery script now extracts the tarball locally before running recovery.
- Tarball extraction as root restores all files with correct ownership.
- Updated RECOVERY PROCEDURE documentation to reflect the new approach:
* Copy tarball from backup location to local directory
* Extract tarball as root (preserves ownership)
* Run recovery script from extracted content
5. Documentation Updates:
- Added explanation of tarball approach in DESCRIPTION
- Updated RECOVERY PROCEDURE with step-by-step tarball extraction
- Added LIMITATIONS section noting SELinux context handling is not
currently automated
ADDITIONAL CHANGES:
- All directory operations for BackupBase/BackupDir use runuser to operate
as SDP owner instead of root.
- Recovery script paths adjusted to point to extracted tarball content.
- Added cleanup of staging directory after successful backup.
- Improved messaging to distinguish between "staging" and "backup" operations.
TESTING:
This version maintains ShellCheck compliance (v0.11.0) and is designed to be
backward compatible with existing backup locations. The tarball approach
ensures that recovery works identically to before, with the added benefit of
supporting NFS mounts with root squash enabled.
The SDP Regression Test Suite for testing install_sdp.sh (which installs and
calls opt_perforce_sdp_backup.sh during installation) was updated for this
change. (The SDP Regression Test Suite for testing install_sdp.sh is one of
three SDP regression test suites). The change includes adpating the test
suite to the changed recover procedure, as documented with
'opt_perforce_sdp_backup.sh -man' in the updated 'RECOVERY PROCEDURE'
section.
with 'root squash' feature enabled.
Fixes SDP-1236.
PROBLEM:
When the backup script runs as root and attempts to write to an NFS-mounted
P4Depots volume with root squash enabled, the script fails because root gets
squashed to nobody/nfsnobody and lacks write permissions to the NFS mount.
SOLUTION:
Implemented a staging and tarball approach to work around NFS root squash:
1. Staging Directory:
- Created a temporary staging directory under /tmp where all backup
operations write files as root (preserving proper ownership).
- All rsync and cp operations now target the staging directory instead
of directly writing to the NFS-mounted backup location.
2. Tarball Creation:
- After successful staging, a tarball is created from the staged content.
- The tarball uses --numeric-owner flag to preserve UIDs/GIDs.
- Tarball ownership is changed to the SDP owner user (not root).
3. NFS-Compatible Backup:
- BackupBase and BackupDir are now created as the SDP owner user using
runuser, not as root.
- The tarball (owned by SDP owner) is copied to the backup location as
the SDP owner user, bypassing root squash restrictions.
4. Updated Recovery Procedure:
- Recovery script now extracts the tarball locally before running recovery.
- Tarball extraction as root restores all files with correct ownership.
- Updated RECOVERY PROCEDURE documentation to reflect the new approach:
* Copy tarball from backup location to local directory
* Extract tarball as root (preserves ownership)
* Run recovery script from extracted content
5. Documentation Updates:
- Added explanation of tarball approach in DESCRIPTION
- Updated RECOVERY PROCEDURE with step-by-step tarball extraction
- Added LIMITATIONS section noting SELinux context handling is not
currently automated
ADDITIONAL CHANGES:
- All directory operations for BackupBase/BackupDir use runuser to operate
as SDP owner instead of root.
- Recovery script paths adjusted to point to extracted tarball content.
- Added cleanup of staging directory after successful backup.
- Improved messaging to distinguish between "staging" and "backup" operations.
TESTING:
This version maintains ShellCheck compliance (v0.11.0) and is designed to be
backward compatible with existing backup locations. The tarball approach
ensures that recovery works identically to before, with the added benefit of
supporting NFS mounts with root squash enabled.
The SDP Regression Test Suite for testing install_sdp.sh (which installs and
calls opt_perforce_sdp_backup.sh during installation) was updated for this
change. (The SDP Regression Test Suite for testing install_sdp.sh is one of
three SDP regression test suites). The change includes adpating the test
suite to the changed recover procedure, as documented with
'opt_perforce_sdp_backup.sh -man' in the updated 'RECOVERY PROCEDURE'
section.