Velero: remove .velero folder after restic restore

Created on 18 Jul 2020  路  4Comments  路  Source: vmware-tanzu/velero

i have been using velero(with restic) for my local backup and restore purposes. I did observe that during restore a folder named .velero is created in the volumes of every statefulset that is restored back.

can we have an enhancement where we can remove .velero as a cleanup?

why would this cause an issue even though it doesn't contain any data is because statefulset like kafka would parse the folder and complain them if it is not part of their topic partition table.

as a workaround i manually delete it and restart the pod but would love to have this minor enhancement included in newer release

[supreme@worker-16070 kafka-data]$ ls -a
----trimmed----
__consumer_offsets-8
__consumer_offsets-9
.lock
log-start-offset-checkpoint
meta.properties
recovery-point-offset-checkpoint
replication-offset-checkpoint
.velero
Bug Restic Restic - GA Reviewed Q2 2021
Source
picture vinayus

All 4 comments

Thanks for the report @vinayus! This seems like a fairly low effort fix, so I'll add it to the backlog.

nrb picture nrb on 20 Jul 2020
👍1

There are a couple of things that make this change non-trivial.

root@restic-jq4rh:/host_pods# hostname
restic-jq4rh
root@restic-jq4rh:/host_pods# umask
0022
root@restic-jq4rh:/host_pods#
  • This can be solved by os.Chmod to 0777 on the .velero and 0666 on the doneFile. This will let the restic-wait init container to delete the doneFile
  • However, the restic-wait init container cannot delete the .velero directory even though the permissions on them are 0777
    From the velero-restic-restore-helper code
Permissions on /restores/pvc2-vm/.velero [drwxrwxrwx]
Failed to delete directory /restores/pvc1-vm/.velero: unlinkat /restores/pvc1-vm/.velero: permission denied

From exec-ing into the restic-wait container

$ kcn csi-app exec -it csi-app1 -c restic-wait bash
nobody@csi-app1:/$ hostname
csi-app1
nobody@csi-app1:/$ rm -rf /restores/pvc1-vm/.velero/
rm: cannot remove '/restores/pvc1-vm/.velero/': Permission denied
nobody@csi-app1:/$ rm -rf /restores/pvc2-vm/.velero/
rm: cannot remove '/restores/pvc2-vm/.velero/': Permission denied

this is most likely because of how the volume is shared by the restic daemon set with the restic-wait container.

The solution to this is to have the restic daemon-set pod to delete the .velero directory once restic-wait init container has completed. But this requires the restic-wait init container to communicate w/ the restic daemon set pod that it has "finished" waiting and has completed. The deletion of the doneFile can be used to signal this.

ashish-amarnath picture ashish-amarnath on 8 Aug 2020

@nrb removing this from the 1.5 milestone.

ashish-amarnath picture ashish-amarnath on 11 Aug 2020
👍1

Closing because duplicate of #2812

eleanor-millman picture eleanor-millman on 11 May 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

totemcaf picture totemcaf  路  4Comments
ncdc picture ncdc  路  3Comments
onedr0p picture onedr0p  路  3Comments
abh picture abh  路  4Comments
Berndinox picture Berndinox  路  3Comments