13-backup-recovery

13 - Backup & Recovery

Why Backups Matter

Plain text

┌─────────────────────────────────────────────────────────────┐
│              Real-World Data Loss Scenarios                  │
├─────────────────────────────────────────────────────────────┤
│                                                              │
│  1. Accidental DELETE without WHERE                         │
│     DELETE FROM users;  -- Oops, no WHERE!                    │
│     100,000 users gone in 1 second                          │
│                                                              │
│  2. DROP TABLE in production                                │
│     DROP TABLE orders;  -- Wrong terminal!                   │
│     Table structure + all data gone                           │
│                                                              │
│  3. Ransomware/Malware                                        │
│     Database encrypted by attacker                          │
│     Must restore from clean backup                           │
│                                                              │
│  4. Hardware failure                                          │
│     Disk corruption, RAID failure                             │
│     Primary and replica affected                              │
│                                                              │
│  5. Application bug                                           │
│     Bug updates wrong rows                                  │
│     Data corruption spread over days                         │
│                                                              │
│  6. Natural disaster                                          │
│     Data center flood/fire                                  │
│     Need off-site backup                                      │
│                                                              │
│  Recovery Time Objective (RTO): How fast to recover?         │
│  Recovery Point Objective (RPO): How much data loss?         │
│                                                              │
└─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ Real-World Data Loss Scenarios │ ├─────────────────────────────────────────────────────────────┤ │ │ │ 1. Accidental DELETE without WHERE │ │ DELETE FROM users; -- Oops, no WHERE! │ │ 100,000 users gone in 1 second │ │ │ │ 2. DROP TABLE in production │ │ DROP TABLE orders; -- Wrong terminal! │ │ Table structure + all data gone │ │ │ │ 3. Ransomware/Malware │ │ Database encrypted by attacker │ │ Must restore from clean backup │ │ │ │ 4. Hardware failure │ │ Disk corruption, RAID failure │ │ Primary and replica affected │ │ │ │ 5. Application bug │ │ Bug updates wrong rows │ │ Data corruption spread over days │ │ │ │ 6. Natural disaster │ │ Data center flood/fire │ │ Need off-site backup │ │ │ │ Recovery Time Objective (RTO): How fast to recover? │ │ Recovery Point Objective (RPO): How much data loss? │ │ │ └─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ Physical Backup │ ├─────────────────────────────────────────────────────────────┤ │ │ │ What: Copy actual database files │ │ - Data files │ │ - WAL (Write-Ahead Log) files │ │ - Configuration files │ │ │ │ Tools: │ │ - PostgreSQL: pg_basebackup, pgBackRest, Barman │ │ - MySQL: XtraBackup, mysqldump (for small DBs) │ │ - Filesystem: LVM snapshots, ZFS snapshots │ │ │ │ Pros: │ │ - Fast (filesystem-level copy) │ │ - Exact replica (including indexes, etc.) │ │ - Point-in-time recovery possible │ │ - Can use for replication setup │ │ │ │ Cons: │ │ - Database must be running (usually) │ │ - Platform-specific (can't restore Linux backup to Windows)│ │ - Storage size = database size │ │ │ └─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ Logical Backup │ ├─────────────────────────────────────────────────────────────┤ │ │ │ What: Export as SQL statements │ │ - CREATE TABLE statements │ │ - INSERT statements for data │ │ - Schema definitions │ │ │ │ Tools: │ │ - PostgreSQL: pg_dump, pg_dumpall │ │ - MySQL: mysqldump, mydumper │ │ - MongoDB: mongodump │ │ │ │ Pros: │ │ - Human-readable (somewhat) │ │ - Cross-platform compatible │ │ - Can restore to different database version │ │ - Can restore subset of tables │ │ - Compressed size often smaller │ │ │ │ Cons: │ │ - Slow for large databases (millions of rows) │ │ - Restore is slow (re-executes every INSERT) │ │ - No point-in-time recovery │ │ - Can miss data between dump start and end │ │ │ └─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ Continuous Archiving │ ├─────────────────────────────────────────────────────────────┤ │ │ │ How it works: │ │ │ │ Database ──► WAL Files ──► Archive Storage │ │ writes (sequential (S3, NFS, │ │ changes logs) remote server) │ │ │ │ Base Backup + WAL Archive = Point-in-Time Recovery │ │ │ │ PostgreSQL configuration: │ │ wal_level = replica │ │ archive_mode = on │ │ archive_command = 'cp %p /backup/wal/%f' │ │ # Or use wal-g, pgBackRest for cloud │ │ │ │ Recovery: │ │ 1. Restore base backup │ │ 2. Replay WAL files to desired point in time │ │ 3. Can recover to any moment (up to latest) │ │ │ └─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ The 3-2-1 Backup Rule │ ├─────────────────────────────────────────────────────────────┤ │ │ │ 3 - Keep 3 copies of data │ │ - Primary database │ │ - Local backup │ │ - Off-site/cloud backup │ │ │ │ 2 - Use 2 different media types │ │ - Disk (fast, local) │ │ - Tape/Cloud (slow, durable) │ │ │ │ 1 - Keep 1 copy off-site │ │ - Different geographical location │ │ - Protects against fire, flood, disaster │ │ │ │ Example Implementation: │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Primary │ │ Local NAS │ │ S3/AWS │ │ │ │ Database │────►│ (nightly) │────►│ (hourly) │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ Production Backup Schedule │ ├─────────────────────────────────────────────────────────────┤ │ │ │ Continuous: │ │ - WAL archiving (real-time) │ │ - Streaming replication to hot standby │ │ │ │ Hourly: │ │ - Incremental WAL backups (pgBackRest) │ │ - Logical backup of critical tables │ │ │ │ Daily: │ │ - Full base backup (pg_basebackup) │ │ - Logical backup (pg_dump) to version control │ │ │ │ Weekly: │ │ - Test restore procedure (automated) │ │ - Archive old backups (move to cold storage) │ │ │ │ Monthly: │ │ - Full system backup (OS + database) │ │ - Disaster recovery drill │ │ │ │ Retention: │ │ - Keep 7 daily backups │ │ - Keep 4 weekly backups │ │ - Keep 12 monthly backups │ │ - Keep yearly backups indefinitely │ │ │ └─────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────┐ │ Backup Testing is CRITICAL │ ├─────────────────────────────────────────────────────────────┤ │ │ │ Untested backup = NO BACKUP │ │ │ │ Automated Testing: │ │ 1. Weekly restore test │ │ - Restore backup to test server │ │ - Run consistency checks │ │ - Verify row counts │ │ - Run application smoke tests │ │ │ │ 2. Automated restore pipeline │ │ - Spin up container/VM │ │ - Restore latest backup │ │ - Run test queries │ │ - Tear down │ │ - Report success/failure │ │ │ │ Manual Testing (Monthly): │ │ - Full disaster recovery drill │ │ - Document issues and timing │ │ - Update runbooks │ │ │ └─────────────────────────────────────────────────────────────┘