postgres-ai
diff --git a/‎engine/configs/config.example.objbacker.yml‎
Lines changed: 168 additions & 0 deletions b/‎engine/configs/config.example.objbacker.yml‎
Lines changed: 168 additions & 0 deletions
diff --git a/‎engine/internal/provision/thinclones/objbacker/config.go‎
Lines changed: 200 additions & 0 deletions b/‎engine/internal/provision/thinclones/objbacker/config.go‎
Lines changed: 200 additions & 0 deletions
@@ -0,0 +1,168 @@
+# Copy this configuration to: ~/.dblab/engine/configs/server.yml
+# Configuration reference guide: https://postgres.ai/docs/reference-guides/database-lab-engine-configuration-reference
+#
+# EXPERIMENTAL: This configuration demonstrates objbacker integration for tiered storage.
+# Objbacker is a native ZFS VDEV that talks directly to S3/GCS/Azure blob storage,
+# enabling cost-effective storage for database snapshots.
+# See: https://www.zettalane.com/blog/openzfs-summit-2025-mayanas-objbacker.html
+#
+# REQUIREMENTS:
+# - objbacker kernel module loaded (/dev/zfs_objbacker must exist)
+# - objbacker daemon installed (zfs_objbacker_daemon)
+# - Fast local NVMe for cache (recommended: 10GB+ for metadata caching)
+# - Cloud storage credentials configured
+
+server:
+  verificationToken: "secret_token"
+  port: 2345
+  disableConfigModification: false
+
+embeddedUI:
+  enabled: true
+  dockerImage: "postgresai/ce-ui:latest"
+  host: "127.0.0.1"
+  port: 2346
+
+global:
+  engine: postgres
+  debug: true
+  database:
+    username: postgres
+    dbname: postgres
+
+poolManager:
+  mountDir: /var/lib/dblab
+  dataSubDir: data
+  clonesMountSubDir: clones
+  socketSubDir: sockets
+  observerSubDir: observer
+  preSnapshotSuffix: "_pre"
+  selectedPool: ""
+
+# EXPERIMENTAL: objbacker configuration for tiered/archival storage
+objbacker:
+  enabled: true # Enable objbacker integration
+
+  # Object storage backend: s3, gcs, or azure
+  storageType: s3
+
+  # Object storage configuration
+  endpoint: "" # Leave empty for AWS S3, or set for MinIO/other S3-compatible
+  bucket: "my-dblab-snapshots"
+  prefix: "dblab/production" # Optional prefix within the bucket
+  region: "us-east-1" # Required for S3
+
+  # Authentication (choose one method)
+  credentials:
+    accessKeyId: "" # Set via environment variable: DBLAB_OBJBACKER_ACCESS_KEY_ID
+    secretAccessKey: "" # Set via environment variable: DBLAB_OBJBACKER_SECRET_ACCESS_KEY
+    credentialsFile: "" # Alternative: path to credentials file (for GCS service account)
+    useIamRole: true # Use IAM role on cloud VMs (recommended for AWS/GCP)
+
+  # Performance tuning
+  performance:
+    blockSize: 1048576 # 1MB - larger blocks for streaming efficiency
+    localCacheSize: 10737418240 # 10GB - cache for metadata and hot data
+    localCachePath: "/var/cache/objbacker" # Should be on fast NVMe storage
+    readAheadSize: 4194304 # 4MB prefetch for sequential reads
+    maxConcurrentOps: 32 # Concurrent object storage operations
+    connectionTimeout: 30s
+    requestTimeout: 5m
+
+  # Tiering configuration for automatic hot/cold data management
+  tiering:
+    enabled: true # Enable automatic tiering
+    hotDataThreshold: 24h # Data accessed within 24h stays hot
+    metadataLocal: true # Keep ZFS metadata on local storage
+    promoteOnRead: true # Promote cold data to hot tier when accessed
+
+  # Device paths (usually don't need to change)
+  devicePath: "/dev/zfs_objbacker"
+  daemonSocketPath: "/var/run/zfs_objbacker.sock"
+
+# Automatic snapshot archival policy
+snapshotArchival:
+  enabled: true
+
+  # Archive snapshots older than this to object storage
+  archiveAfter: 168h # 7 days
+
+  # Always keep at least this many recent snapshots locally
+  keepLocalCount: 3
+
+  # Delete archived snapshots after this time (0 = keep forever)
+  deleteArchivedAfter: 2160h # 90 days
+
+  # Branches to exclude from archival (e.g., production branch stays local)
+  excludeBranches: []
+
+  # How often to run the archival check
+  scheduleInterval: 6h
+
+databaseContainer: &db_container
+  dockerImage: "postgresai/extended-postgres:18-0.6.2"
+  containerConfig:
+    "shm-size": 1gb
+
+databaseConfigs: &db_configs
+  configs:
+    shared_buffers: 1GB
+    shared_preload_libraries: "pg_stat_statements, pg_stat_kcache, auto_explain, logerrors"
+    maintenance_work_mem: "500MB"
+    work_mem: "100MB"
+
+provision:
+  <<: *db_container
+  portPool:
+    from: 6000
+    to: 6099
+  useSudo: false
+  keepUserPasswords: false
+  cloneAccessAddresses: "127.0.0.1"
+
+retrieval:
+  jobs:
+    - physicalRestore
+    - physicalSnapshot
+  spec:
+    physicalRestore:
+      options:
+        <<: *db_container
+        tool: walg
+        sync:
+          enabled: true
+          healthCheck:
+            interval: 5
+            maxRetries: 200
+          configs:
+            shared_buffers: 2GB
+
+        envs:
+          WALG_GS_PREFIX: "gs://{BUCKET}/{SCOPE}"
+          GOOGLE_APPLICATION_CREDENTIALS: "/tmp/sa.json"
+
+        walg:
+          backupName: LATEST
+
+    physicalSnapshot:
+      options:
+        skipStartSnapshot: false
+        <<: *db_configs
+        promotion:
+          <<: *db_container
+          enabled: true
+          healthCheck:
+            interval: 5
+            maxRetries: 200
+          queryPreprocessing:
+            queryPath: ""
+            maxParallelWorkers: 2
+            inline: ""
+          configs:
+            shared_buffers: 2GB
+        scheduler:
+          snapshot:
+            timetable: "0 */6 * * *" # Take snapshots every 6 hours
+          retention:
+            timetable: "0 * * * *"
+            limit: 10 # Keep more snapshots locally since archival handles old ones
@@ -0,0 +1,200 @@
+/*
+2025 © Postgres.ai
+*/
+
+// Package objbacker provides an interface to work with objbacker-backed ZFS pools.
+// Objbacker is a native ZFS VDEV that talks directly to S3/GCS/Azure blob storage,
+// enabling cost-effective tiered storage for database clones.
+package objbacker
+
+import (
+	"fmt"
+	"time"
+)
+
+// StorageType defines the type of object storage backend.
+type StorageType string
+
+const (
+	// StorageTypeS3 represents Amazon S3 or S3-compatible storage.
+	StorageTypeS3 StorageType = "s3"
+	// StorageTypeGCS represents Google Cloud Storage.
+	StorageTypeGCS StorageType = "gcs"
+	// StorageTypeAzure represents Azure Blob Storage.
+	StorageTypeAzure StorageType = "azure"
+)
+
+// Config defines configuration for objbacker-backed storage.
+type Config struct {
+	// Enabled determines if objbacker integration is active.
+	Enabled bool `yaml:"enabled"`
+
+	// StorageType specifies the object storage backend (s3, gcs, azure).
+	StorageType StorageType `yaml:"storageType"`
+
+	// Endpoint is the object storage endpoint URL.
+	// For S3: https://s3.amazonaws.com or custom endpoint for MinIO/etc.
+	// For GCS: https://storage.googleapis.com
+	// For Azure: https://<account>.blob.core.windows.net
+	Endpoint string `yaml:"endpoint"`
+
+	// Bucket is the name of the bucket/container for storing data.
+	Bucket string `yaml:"bucket"`
+
+	// Prefix is the optional path prefix within the bucket.
+	Prefix string `yaml:"prefix"`
+
+	// Region is the cloud region (required for S3).
+	Region string `yaml:"region"`
+
+	// Credentials holds authentication configuration.
+	Credentials CredentialsConfig `yaml:"credentials"`
+
+	// Performance tuning options.
+	Performance PerformanceConfig `yaml:"performance"`
+
+	// Tiering configuration for hot/cold data separation.
+	Tiering TieringConfig `yaml:"tiering"`
+
+	// DevicePath is the path to the objbacker character device.
+	// Defaults to /dev/zfs_objbacker.
+	DevicePath string `yaml:"devicePath"`
+
+	// DaemonSocketPath is the path to the objbacker daemon socket.
+	DaemonSocketPath string `yaml:"daemonSocketPath"`
+}
+
+// CredentialsConfig holds authentication settings for object storage.
+type CredentialsConfig struct {
+	// AccessKeyID is the access key for S3/GCS.
+	AccessKeyID string `yaml:"accessKeyId"`
+
+	// SecretAccessKey is the secret key for S3/GCS.
+	SecretAccessKey string `yaml:"secretAccessKey"`
+
+	// CredentialsFile is the path to credentials file (for GCS service account).
+	CredentialsFile string `yaml:"credentialsFile"`
+
+	// UseIAMRole enables IAM role-based authentication (for cloud VMs).
+	UseIAMRole bool `yaml:"useIamRole"`
+}
+
+// PerformanceConfig defines performance tuning parameters.
+type PerformanceConfig struct {
+	// BlockSize is the block size for object storage operations.
+	// Larger blocks (1MB+) are more efficient for streaming.
+	// Smaller blocks (<128KB) are better for random access.
+	// Default: 1MB
+	BlockSize int64 `yaml:"blockSize"`
+
+	// LocalCacheSize is the size of the local NVMe cache in bytes.
+	// Used for metadata and frequently accessed small blocks.
+	// Default: 10GB
+	LocalCacheSize int64 `yaml:"localCacheSize"`
+
+	// LocalCachePath is the path to the local cache directory.
+	// Should be on fast storage (NVMe).
+	LocalCachePath string `yaml:"localCachePath"`
+
+	// ReadAheadSize is the prefetch size for sequential reads.
+	// Default: 4MB
+	ReadAheadSize int64 `yaml:"readAheadSize"`
+
+	// MaxConcurrentOps is the maximum number of concurrent object operations.
+	// Default: 32
+	MaxConcurrentOps int `yaml:"maxConcurrentOps"`
+
+	// ConnectionTimeout is the timeout for establishing connections.
+	ConnectionTimeout time.Duration `yaml:"connectionTimeout"`
+
+	// RequestTimeout is the timeout for individual requests.
+	RequestTimeout time.Duration `yaml:"requestTimeout"`
+}
+
+// TieringConfig defines data tiering behavior.
+type TieringConfig struct {
+	// Enabled determines if tiered storage is active.
+	// When enabled, hot data stays on local storage while cold data
+	// is automatically moved to object storage.
+	Enabled bool `yaml:"enabled"`
+
+	// HotDataThreshold is the age threshold for hot data in hours.
+	// Data accessed more recently than this stays on local storage.
+	// Default: 24 hours
+	HotDataThreshold time.Duration `yaml:"hotDataThreshold"`
+
+	// MetadataLocal keeps all metadata on local storage for faster access.
+	// Default: true
+	MetadataLocal bool `yaml:"metadataLocal"`
+
+	// PromoteOnRead automatically promotes cold data to hot tier on read.
+	// Default: true
+	PromoteOnRead bool `yaml:"promoteOnRead"`
+}
+
+// DefaultConfig returns a Config with sensible defaults.
+func DefaultConfig() Config {
+	return Config{
+		Enabled:          false,
+		StorageType:      StorageTypeS3,
+		DevicePath:       "/dev/zfs_objbacker",
+		DaemonSocketPath: "/var/run/zfs_objbacker.sock",
+		Performance: PerformanceConfig{
+			BlockSize:         1024 * 1024,             // 1MB
+			LocalCacheSize:    10 * 1024 * 1024 * 1024, // 10GB
+			LocalCachePath:    "/var/cache/objbacker",
+			ReadAheadSize:     4 * 1024 * 1024, // 4MB
+			MaxConcurrentOps:  32,
+			ConnectionTimeout: 30 * time.Second,
+			RequestTimeout:    5 * time.Minute,
+		},
+		Tiering: TieringConfig{
+			Enabled:          true,
+			HotDataThreshold: 24 * time.Hour,
+			MetadataLocal:    true,
+			PromoteOnRead:    true,
+		},
+	}
+}
+
+// Validate checks if the configuration is valid.
+func (c *Config) Validate() error {
+	if !c.Enabled {
+		return nil
+	}
+
+	if c.Bucket == "" {
+		return fmt.Errorf("objbacker: bucket is required")
+	}
+
+	switch c.StorageType {
+	case StorageTypeS3, StorageTypeGCS, StorageTypeAzure:
+		// valid
+	default:
+		return fmt.Errorf("objbacker: invalid storage type: %s", c.StorageType)
+	}
+
+	if c.StorageType == StorageTypeS3 && c.Region == "" && !c.Credentials.UseIAMRole {
+		return fmt.Errorf("objbacker: region is required for S3")
+	}
+
+	if !c.Credentials.UseIAMRole {
+		if c.Credentials.AccessKeyID == "" && c.Credentials.CredentialsFile == "" {
+			return fmt.Errorf("objbacker: credentials are required (accessKeyId or credentialsFile)")
+		}
+	}
+
+	if c.Performance.LocalCachePath == "" {
+		return fmt.Errorf("objbacker: localCachePath is required")
+	}
+
+	return nil
+}
+
+// ObjectPath returns the full object path for a given key.
+func (c *Config) ObjectPath(key string) string {
+	if c.Prefix != "" {
+		return fmt.Sprintf("%s/%s", c.Prefix, key)
+	}
+	return key
+}