Crash-proof writes to sensitive files

[stormi]

Sometimes power outages happen and sometimes there's no UPS.

In the context of XCP-ng, this led, sometimes, to critical files being truncated. My assumption is that they were being written, in a destructive way (rewritten from scratch nothing each time there's a change), and then the power outage happened, leaving the file in a half-written state. I will gladly accept other theories :)

We've seen at least one case where /etc/xensource-inventory did not contain more than 4 lines after the outage (see https://xcp-ng.org/forum/topic/2182/brand_console-error-on-boot-no-networking). I think I also remember a case where the XAPI database was truncated in a similar situation.

1) Such writes should probably be more atomic to avoid that situation so that it never happens

2) Local backups should be available. XAPI offers a function to backup the XAPI database and one to backup the host, but a local copy would save time when bad things happen.

[stormi]

Reported to Citrix: https://bugs.xenserver.org/browse/XSO-969

[stormi]

According to XAPI developers, this should be OK since XCP-ng 8.2 (was supposed to be atomic before already but there was a bug).

See https://github.com/xapi-project/xen-api/issues/4319