Restic doesn't break stale locks

[wmertens]

Describe the bug

Restic locks remote repos, and if the backup is interrupted somehow, the lock doesn't disappear.

The service could run restic unlock before running, or maybe make it configurable defaulting to true?

Notify maintainers

@robryk

[robryk]

Hm~

I'm somewhat afraid of edge cases that can cause this to remove locks that belong to still-running operations (examples: deviating system clocks, PID namespaces or other mechanisms that prevent the other restic process that's running on the same machine from being seen). The description of consequences of removing locks that are still in use makes me very wary of that issue, given that it can break future backups.

It'd be much nicer if (given that restic will refresh the lock timestamp every 5 walltime minutes when running) there was a mode of restic unlock that waited for, say, 10 minutes and removed the lock only if it wasn't refreshed during that period.

[robryk]

@i077 @bbigras

[robryk]

(As a workaround in the meantime you might wish to use backupPrepareCommand to run restic-$YOURBACKUP unlock in the way you described.)

[i077]

I am also wary of auto-removing locks at the start of a backup job, even as an option in this module. I think leaving it to the user to verify that the lock belongs to a dead operation, then manually run restic unlock on their repository is the proper course of action in these scenarios. If we just blindly unlock a repository, we risk data loss on it. I don't think this is a bug, given that interrupted backups are themselves edge cases.