Skip to content

Backup drivers for ZFS volumes (zvol)#84

Open
akremenetsky wants to merge 1 commit intomasterfrom
feat/#72/zfs-backup-local-s3-drivers
Open

Backup drivers for ZFS volumes (zvol)#84
akremenetsky wants to merge 1 commit intomasterfrom
feat/#72/zfs-backup-local-s3-drivers

Conversation

@akremenetsky
Copy link
Member

@akremenetsky akremenetsky commented Dec 15, 2025

Two drivers added:

  • LocalZFSBackuper - to backup on local storage
  • S3ZFSBackuper - to backup on S3

Closes #72

@akremenetsky akremenetsky self-assigned this Dec 15, 2025
@gemini-code-assist
Copy link

gemini-code-assist bot commented Dec 15, 2025

Summary of Changes

Hello @akremenetsky, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the backup capabilities of the genesis_devtools project by introducing dedicated drivers for ZFS volumes. It provides robust solutions for backing up virtual machine disks and their configurations, allowing storage to either local filesystems or Amazon S3. The implementation includes essential ZFS operations like snapshot management and integrates encryption and compression options, ensuring data integrity and security. This change broadens the scope of supported storage technologies for backups.

Highlights

  • New ZFS Backup Drivers: Introduced LocalZFSBackuper and S3ZFSBackuper for managing ZFS volume backups, extending the backup capabilities of the project.
  • Abstract ZFS Backuper Base Class: A new base class AbstractZfsBackuper was added to encapsulate common ZFS backup logic, including snapshot creation/destruction and volume identification.
  • Local ZFS Backup Implementation: The LocalZFSBackuper enables backing up ZFS volumes to local storage, supporting domain XML and disk data, with optional encryption and compression.
  • S3 ZFS Backup Implementation: The S3ZFSBackuper facilitates streaming ZFS volume backups directly to Amazon S3, also with optional encryption.
  • Enhanced Libvirt ZFS Volume Detection: Updated libvirt utilities to correctly identify ZFS volumes specified via <source dev='...'/> in addition to existing <source file='...'/> attributes in domain XML.
  • Driver Registration: The newly implemented ZFS backup drivers are registered in setup.cfg for proper discoverability and integration within the system.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 15, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces backup drivers for ZFS volumes, for both local and S3 storage. The implementation is comprehensive, adding an abstract base class for ZFS backupers and concrete implementations for local and S3 targets. The changes are generally well-structured.

However, I've identified several critical and high-severity issues that should be addressed. These include a command injection vulnerability, a resource leak bug that can leave ZFS snapshots behind, incorrect coupling between modules, and some unimplemented features that are presented as available. I've provided detailed comments and suggestions for each of these points.

@akremenetsky akremenetsky force-pushed the feat/#72/zfs-backup-local-s3-drivers branch from a7a9197 to 0f7b3d4 Compare December 28, 2025 11:12
@akremenetsky
Backup drivers for ZFS volumes (zvol)
df6a311 
Two drivers added:
- LocalZFSBackuper - to backup on local storage
- S3ZFSBackuper - to backup on S3

Signed-off-by: Anton Kremenetsky <[email protected]>
@akremenetsky akremenetsky force-pushed the feat/#72/zfs-backup-local-s3-drivers branch from 0f7b3d4 to df6a311 Compare January 15, 2026 11:01
@akremenetsky akremenetsky marked this pull request as ready for review January 15, 2026 11:51
gmelikov
gmelikov reviewed Jan 16, 2026
View reviewed changes
genesis_devtools/backup/local.py
[
"sudo",
"zfs",
"send",
Copy link
Member

@gmelikov gmelikov Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe for future:

zfs send by default generates raw data with maximum compatibility with pretty old ZFS versions, i.e. if compression was on - it will decompress data. And vice versa - on zfs recv it will compress data again.

Compression is pretty interesting case, because it's easy to write really compressible data, which on backup will be inflated here by multiple size! (I saw example with x1600! so, 2GB of compressed junk of vim tmp file gave 2TB of inflight data). We should think about it too.

Good flags to use: -Lec:

  • -L - use "large" zfs blocks (i.e. support latest ZFS feature)
  • -e use embedded blocks (<~100bytes files may be written in block pointer itself)
  • -c don't decompress, send as-is

Last useful flag - -w/--raw - if native ZFS encryption used - it will send encrypted data as is, so keys are not needed at all.

I think we don't need to change anything now, but at least see this comment for future reference @akremenetsky

Copy link
Member

@gmelikov gmelikov Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, and additional note - in future we may support incremental backup too, you can set -I pool/dataset@parent_snap_name for that.

Copy link
Member

@gmelikov gmelikov Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, to be safe from decompress inflation - we may check zfs zvols' compressratio. If it's > x100 - something's pretty nasty.

gmelikov
gmelikov reviewed Jan 16, 2026
View reviewed changes
genesis_devtools/backup/local.py
)

if encryption:
utils.encrypt_file(target_path, encryption.key, encryption.iv)
Copy link
Member

@gmelikov gmelikov Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again - for future:

I propose to think about make a chain of different steps, maybe via pipes as a start. So we won't need much temporary space and time.

gmelikov
gmelikov reviewed Jan 16, 2026
View reviewed changes
genesis_devtools/backup/local.py

self.backup_domains(backup_path, list(domains), encryption)

if not compress:
Copy link
Member

@gmelikov gmelikov Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Compress is effective only before encryption, encrypted data is nearly incompressible. Maybe it's a little bit offtopic for this PR, but FYI.

Some security guys say that you should not even compress data before encryption at all, but it's not a practical way.

I see best case as - compress beforce, encrypt at the end.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gmelikov gmelikov gmelikov left review comments

@phantomii phantomii phantomii approved these changes

@Kulv3r Kulv3r Awaiting requested review from Kulv3r

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@akremenetsky akremenetsky

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Backup driver for ZFS volumes (zvol)

3 participants

@akremenetsky @phantomii @gmelikov