On Tue, 2007-09-25 at 23:45 +0100, Phil Endecott wrote:> Dear Btrfs people,
>
> I saw Chris' Btrfs talk at LinuxConf.EU a few weeks ago and have since
> been thinking about how I would like to use this great code once you
> have done all the hard work :-)
>
> Fine-grain filesystem undo, thanks to cheap snapshots, is what I'm
> thinking about. The more I consider it the more useful I believe it
> will be; here's a recent example:
>
> # apt-get install libsomething-weird-and-wrong
> installing packages: that that and the other
> removing conflicting packages: important vital libc oh no oh dear
>
> Woops. I've spent days trying to recover from things like that.
> Wouldn't it be great to just "rollback"? But of course what
I don't
> want to do is to rollback /var/spool/mail, where an important message
> arrived in the middle of my disastrous apt-get. I think that if this
> works well it could change the way that we interact with our computers
> quite significantly; it would remove the need for most "are you
sure?"
> prompts, and make people less scared of breaking things.
>
> So I was wondering if you have thought about how this could be made to
> work, from the user's (or application developer's) viewpoint rather
> than in terms of the filesystem implementation. Certainly, more than
> just "snapshot create" and "snapshot delete" commands
are needed.
>
> One idea is to automatically take a snapshot when each processes
> starts, and to keep it until its parent process terminates. This means
> that from the command line I can rollback to between any commands in
> that shell's history. Perhaps applications that suffer an error could
> choose to revert all their changes on termination.
There are a lot of different factors in play here. First, once a new
snapshot is created, additional COW runs are required for any tree
metadata related to the snapshot. This can get expensive is you have
one snapshot for every process or change.
Picture a directory where process A and process B are both writing.
Process A decides it is time to rollback some changes, but what do we do
with process B? These are the kinds of sticky database problems that
filesystems generally pretend don't exist. For all the Linux
filesystems today, rollback is done by hitting the reset button.
In Btrfs, each transaction creates a new snapshot, and the previous
snapshot is automatically deleted after the transaction commits. But,
there's no requirement the old snapshot is deleted, it is just done to
recover free space.
So, a mount option could be added to automatically link old snapshots
into a directory instead of deleting them. Then a user level
application could decide when to delete them. You could for example:
keep one old snapshot per minute for the last 30 minutes
Keep one old snapshot per hour for the last 24 hours
keep one old snapshot per day for the last 30 days
keep on old snapshot per month for the last 12 months
etc.
-chris