fix(backup): make infrastructure DB backup opt-in, add unit tests

jmsperu · jmsperu · commit 432c049a7e48 · 2026-05-23T01:11:21.000+03:00
Addresses @weizhouapache's review: by default, production deployments should manage CloudStack DB backups via existing external tooling (cron + mysqldump, replication, etc), not via the in-process backup task. The DB component is now gated on a new explicit ConfigKey that defaults to false. - New ConfigKey: nas.infra.backup.include.database (Boolean, default false, Global scope). When false, the InfrastructureBackupTask runs only the configs + certs path (where there is no reasonable external alternative). - nas.infra.backup.enabled description rewritten to make the new split clear and to steer production users toward the cron-job pattern for the DB. - nas.infra.backup.include.usage.db description updated to clarify it has no effect unless include.database is also true. - New InfrastructureBackupTaskTest with 9 tests covering the gating decisions: master switch off, empty location, DB-skipped-by-default, both DBs when usage enabled, usage flag ignored when DB excluded, props unreadable, retention always runs, daily interval. Addresses codecov coverage gap on this PR (143 untested lines was the original report). - backupDatabase/backupDirectory/cleanupOldBackups + loadDbProperties + the ConfigKey accessors made protected so tests can override the side-effecting paths without standing up ProcessBuilder.
diff --git a/plugins/backup/nas/src/main/java/org/apache/cloudstack/backup/InfrastructureBackupTask.java b/plugins/backup/nas/src/main/java/org/apache/cloudstack/backup/InfrastructureBackupTask.java
@@ -68,26 +68,48 @@ public Long getDelay() {
         return DAILY_INTERVAL_MS;
     }
 
+    /** Indirection so tests can override without standing up the ConfigDepot. */
+    protected boolean isEnabled() {
+        return Boolean.TRUE.equals(NASBackupProvider.NASInfraBackupEnabled.value());
+    }
+
+    protected String getBackupLocation() {
+        return NASBackupProvider.NASInfraBackupLocation.value();
+    }
+
+    protected int getRetentionCount() {
+        return NASBackupProvider.NASInfraBackupRetention.value();
+    }
+
+    protected boolean isDatabaseIncluded() {
+        return Boolean.TRUE.equals(NASBackupProvider.NASInfraBackupIncludeDatabase.value());
+    }
+
+    protected boolean isUsageDbIncluded() {
+        return Boolean.TRUE.equals(NASBackupProvider.NASInfraBackupUsageDb.value());
+    }
+
     @Override
     protected void runInContext() {
-        if (!Boolean.TRUE.equals(NASBackupProvider.NASInfraBackupEnabled.value())) {
+        if (!isEnabled()) {
             LOG.debug("Infrastructure backup is disabled (nas.infra.backup.enabled=false)");
             return;
         }
 
-        String nasBackupPath = NASBackupProvider.NASInfraBackupLocation.value();
+        String nasBackupPath = getBackupLocation();
         if (nasBackupPath == null || nasBackupPath.isEmpty()) {
             LOG.error("Infrastructure backup location not configured (nas.infra.backup.location is empty)");
             return;
         }
 
-        int retentionCount = NASBackupProvider.NASInfraBackupRetention.value();
-        boolean includeUsageDb = Boolean.TRUE.equals(NASBackupProvider.NASInfraBackupUsageDb.value());
+        int retentionCount = getRetentionCount();
+        boolean includeDatabase = isDatabaseIncluded();
+        boolean includeUsageDb = isUsageDbIncluded();
 
         String timestamp = LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyyMMdd-HHmmss"));
         String backupDir = nasBackupPath + "/infra-backup/" + timestamp;
 
-        LOG.info("Starting infrastructure backup to {}", backupDir);
+        LOG.info("Starting infrastructure backup to {} (database included: {})", backupDir, includeDatabase);
 
         try {
             File dir = new File(backupDir);
@@ -96,26 +118,30 @@ protected void runInContext() {
                 return;
             }
 
-            // Read database credentials from db.properties
-            Properties dbProps = loadDbProperties();
-            if (dbProps == null) {
-                LOG.error("Failed to load database properties from {}", DB_PROPERTIES_PATH);
-                return;
-            }
-
-            String dbHost = dbProps.getProperty("db.cloud.host", "localhost");
-            String dbUser = dbProps.getProperty("db.cloud.username", "cloud");
-            String dbPassword = dbProps.getProperty("db.cloud.password", "");
+            // 1 & 2. Database backup — opt-in via nas.infra.backup.include.database.
+            // Production deployments typically run their own mysqldump cron jobs and disable this;
+            // it exists for small/edge deployments wanting unified DR on the same NAS as VM backups.
+            if (includeDatabase) {
+                Properties dbProps = loadDbProperties();
+                if (dbProps == null) {
+                    LOG.error("Database backup requested but failed to load properties from {} — skipping DB component", DB_PROPERTIES_PATH);
+                } else {
+                    String dbHost = dbProps.getProperty("db.cloud.host", "localhost");
+                    String dbUser = dbProps.getProperty("db.cloud.username", "cloud");
+                    String dbPassword = dbProps.getProperty("db.cloud.password", "");
 
-            // 1. Backup CloudStack database
-            backupDatabase("cloud", backupDir, timestamp, dbHost, dbUser, dbPassword);
+                    backupDatabase("cloud", backupDir, timestamp, dbHost, dbUser, dbPassword);
 
-            // 2. Backup usage database if enabled
-            if (includeUsageDb) {
-                String usageHost = dbProps.getProperty("db.usage.host", dbHost);
-                String usageUser = dbProps.getProperty("db.usage.username", dbUser);
-                String usagePassword = dbProps.getProperty("db.usage.password", dbPassword);
-                backupDatabase("cloud_usage", backupDir, timestamp, usageHost, usageUser, usagePassword);
+                    if (includeUsageDb) {
+                        String usageHost = dbProps.getProperty("db.usage.host", dbHost);
+                        String usageUser = dbProps.getProperty("db.usage.username", dbUser);
+                        String usagePassword = dbProps.getProperty("db.usage.password", dbPassword);
+                        backupDatabase("cloud_usage", backupDir, timestamp, usageHost, usageUser, usagePassword);
+                    }
+                }
+            } else {
+                LOG.debug("Database backup skipped (nas.infra.backup.include.database=false). " +
+                        "Manage DB backups externally for production deployments.");
             }
 
             // 3. Backup management server configs
@@ -143,7 +169,7 @@ protected void runInContext() {
         }
     }
 
-    private Properties loadDbProperties() {
+    protected Properties loadDbProperties() {
         File propsFile = new File(DB_PROPERTIES_PATH);
         if (!propsFile.exists()) {
             LOG.warn("Database properties file not found: {}", DB_PROPERTIES_PATH);
@@ -160,7 +186,7 @@ private Properties loadDbProperties() {
         }
     }
 
-    private void backupDatabase(String dbName, String backupDir, String timestamp,
+    protected void backupDatabase(String dbName, String backupDir, String timestamp,
                                  String dbHost, String dbUser, String dbPassword) {
         String dumpFile = backupDir + "/" + dbName + "-" + timestamp + ".sql.gz";
 
@@ -198,7 +224,7 @@ private void backupDatabase(String dbName, String backupDir, String timestamp,
         }
     }
 
-    private void backupDirectory(String sourcePath, String backupDir, String archiveName) {
+    protected void backupDirectory(String sourcePath, String backupDir, String archiveName) {
         File source = new File(sourcePath);
         if (!source.exists() || !source.isDirectory()) {
             LOG.debug("Directory {} does not exist, skipping", sourcePath);
@@ -232,7 +258,7 @@ private void backupDirectory(String sourcePath, String backupDir, String archive
         }
     }
 
-    private void cleanupOldBackups(String nasBackupPath, int retentionCount) {
+    protected void cleanupOldBackups(String nasBackupPath, int retentionCount) {
         File infraDir = new File(nasBackupPath + "/infra-backup");
         if (!infraDir.exists()) {
             return;
diff --git a/plugins/backup/nas/src/main/java/org/apache/cloudstack/backup/NASBackupProvider.java b/plugins/backup/nas/src/main/java/org/apache/cloudstack/backup/NASBackupProvider.java
@@ -89,9 +89,26 @@ public class NASBackupProvider extends AdapterBase implements BackupProvider, Co
     static final ConfigKey<Boolean> NASInfraBackupEnabled = new ConfigKey<>("Advanced", Boolean.class,
             "nas.infra.backup.enabled",
             "false",
-            "Enable automated infrastructure backup (database, configs) to NAS storage. " +
-            "When enabled, the management server will perform a daily backup of the CloudStack " +
-            "database, configuration files, and SSL certificates to the configured NAS location.",
+            "Enable automated infrastructure backup to NAS storage. When enabled, the management " +
+            "server will perform a daily backup of CloudStack configuration files and SSL " +
+            "certificates to the configured NAS location. The CloudStack database is NOT included " +
+            "by default — for production deployments, manage database backups externally (e.g. via " +
+            "a cron job running mysqldump). To opt in to bundling the database with this backup " +
+            "(useful only for small / edge / single-MS deployments without separate ops tooling), " +
+            "also set nas.infra.backup.include.database=true.",
+            true,
+            ConfigKey.Scope.Global,
+            BackupFrameworkEnabled.key());
+
+    static final ConfigKey<Boolean> NASInfraBackupIncludeDatabase = new ConfigKey<>("Advanced", Boolean.class,
+            "nas.infra.backup.include.database",
+            "false",
+            "Include the CloudStack database in the daily infrastructure backup. Defaults to false " +
+            "because production deployments typically manage DB backups via external tooling (e.g. " +
+            "cron + mysqldump, replication, dedicated backup appliance) and are better served " +
+            "doing so. Only set true when you want one-knob disaster recovery for a small/edge " +
+            "deployment and the same NAS that already holds your VM backups is an acceptable " +
+            "target. Has no effect unless nas.infra.backup.enabled is also true.",
             true,
             ConfigKey.Scope.Global,
             BackupFrameworkEnabled.key());
@@ -116,7 +133,8 @@ public class NASBackupProvider extends AdapterBase implements BackupProvider, Co
     static final ConfigKey<Boolean> NASInfraBackupUsageDb = new ConfigKey<>("Advanced", Boolean.class,
             "nas.infra.backup.include.usage.db",
             "true",
-            "Include the cloud_usage database in infrastructure backup.",
+            "Also include the cloud_usage database when the CloudStack database is being backed " +
+            "up. Has no effect unless nas.infra.backup.include.database is also true.",
             true,
             ConfigKey.Scope.Global,
             BackupFrameworkEnabled.key());
@@ -643,6 +661,7 @@ public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey[]{
                 NASBackupRestoreMountTimeout,
                 NASInfraBackupEnabled,
+                NASInfraBackupIncludeDatabase,
                 NASInfraBackupLocation,
                 NASInfraBackupRetention,
                 NASInfraBackupUsageDb
diff --git a/plugins/backup/nas/src/test/java/org/apache/cloudstack/backup/InfrastructureBackupTaskTest.java b/plugins/backup/nas/src/test/java/org/apache/cloudstack/backup/InfrastructureBackupTaskTest.java
