feat: Add configurable compression level and parallel blocks for backups

[caffeinated92]

This PR adds configurable compression level and parallel decompression parameters to the klauspost/pgzip implementation used in replication-manager, allowing users to optimize backup performance and compression ratio based on their specific hardware and network requirements.

Problem Statement

Previously, pgzip compression in replication-manager used hardcoded values:

• Compression level: Fixed at default (6)
• Parallel blocks: Hardcoded to 4 or 16 with no user control
  This one-size-fits-all approach prevented users from optimizing for their specific needs:
• Fast networks with slow storage → prefer fast compression (level 1)
• Slow networks with ample storage → prefer small files (level 9)
• Multi-core systems → prefer parallel decompression (16+ blocks)
• Memory-constrained systems → prefer fewer blocks (2-4)

Solution

Implement two new configurable parameters that provide fine-grained control over pgzip behavior while maintaining backward compatibility and safe defaults.

[claude]

Code Review

Issues Found

1. CRITICAL: Missing error check in cluster_sst.go:164-169

After the os.OpenFile() calls, the error is not checked. The code later attempts to create a gzip writer with potentially invalid file handle. At line 184-187, there's a dead code block checking err that should have been checking the OpenFile error earlier.

Location: cluster/cluster_sst.go:164-189

if openfile == ConstJobCreateFile {
    sst.file, err = os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
} else {
    sst.file, err = os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
}
// ERROR: Missing error check here!

// Use configurable compression level...
compressionLevel := cluster.Conf.CompressBackupsCompressionLevel
...
gw, err := gzip.NewWriterLevel(sst.file, compressionLevel)
// Lines 184-187 check err but it's from gzip, not OpenFile!

Fix needed: Add error check immediately after OpenFile calls:

if err != nil {
    cluster.LogModulePrintf(cluster.Conf.Verbose, config.ConstLogModSST, config.LvlErr, "Open file failed for job %s %s", filename, err)
    return "", err
}

---

2. Inconsistent default fallback values for parallel blocks

• srv_job.go:1355 & srv_job.go:1447: Both use fallback of 4 (changed from original 16)
• Original code had 16 parallel blocks for these operations
• This is a behavioral change that should be documented or reconsidered

Impact: Restore/reseed operations will now use 4 parallel blocks instead of 16 by default, potentially reducing performance.

---

3. Missing error check for OpenFile in srv_job.go:1987-1988

Similar pattern exists in JobBackupMysqldump() where file creation isn't checked before use.

Location: cluster/srv_job.go:1987-1990

f, err := os.Create(filename)
if err != nil {
    cluster.LogModulePrintf(...)
    return err
}
defer f.Close()  // f might be nil here if err was non-nil!

While the error is technically checked, the defer could attempt to close a nil file. More importantly, proceeding to create a gzip writer on a nil file pointer would fail.

---

Code Quality Observations

Positive:

• Good input validation for compression level (1-9 range check)
• Safe defaults provided for all parameters
• Consistent validation pattern across multiple locations
• Good logging for gzip writer creation errors
• Documentation is thorough and helpful

Concerns:

• Validation logic is duplicated 6+ times (could be extracted to helper function)
• Parameter bounds (max 32 for parallel blocks in UI) not enforced in code
• No validation that CompressBackupsCompressionLevel is only used when CompressBackups=true is enabled

---

Test Coverage

No explicit test cases visible for:

• Compression level parameter edge cases (0, 10)
• Parallel blocks parameter edge cases (0, -1, 256)
• File creation failures in gzip writer scenarios
• Configuration validation

---

Security

No security concerns identified. Parameter validation is present and safe defaults are used.

---

Performance

The changes appear sound from a performance perspective. However:

• The 16→4 fallback change should be reconsidered or explained
• Consider using runtime.NumCPU() for auto-tuning parallel blocks based on system CPU count

---

Recommendation

Request Changes - The missing error check in cluster_sst.go must be fixed before merge. The parallel blocks fallback should also be reviewed to confirm the behavioral change is intentional.

[caffeinated92]

@claude review my pull request

[claude]

Claude finished @caffeinated92's task in 45s —— View job

---

Code Review: pgzip Configuration Optimization

Summary

This PR adds two new configurable parameters for pgzip compression and decompression, allowing users to optimize backup performance based on their specific hardware and network requirements. The implementation is well-structured with good documentation and test coverage, but there are several issues that need to be addressed before merging.

---

✅ Positive Aspects

1. Good Test Coverage: srv_job_pgzip_test.go includes comprehensive tests for:

   • Compression level validation (edge cases: 0, -1, 10, valid ranges)
   • Parallel blocks validation
   • Actual compression behavior at different levels
   • Parallel decompression verification

2. Thorough Documentation: PGZIP_OPTIMIZATION.md clearly explains:

   • The problem and solution
   • Use cases for different settings
   • Configuration examples
   • Implementation details

3. Input Validation: All compression/decompression calls include bounds checking with safe defaults

4. Backward Compatibility: Default values (compression=6, blocks=4) maintain existing behavior

5. Consistent Implementation: Validation patterns are applied across multiple locations

---

🔴 CRITICAL Issues

1. Error Check Ordering Bug in cluster_sst.go:164-189

Problem: The error check for os.OpenFile() is placed AFTER it's used. According to the git diff, the original code had:

gw := gzip.NewWriter(sst.file)  // Line 171 - USES sst.file before checking err!
...
if err != nil {  // Line 175 - checks err AFTER using it
    return "", err
}

This has been fixed in the PR ✅, but let me verify the final state...

Status: ✅ FIXED - The current code now properly checks err immediately after OpenFile() (line 171-174), before using sst.file. Good catch!

2. Inconsistent Fallback Values for Parallel Blocks

Problem: The parallel blocks default fallback differs between operations:

Location	Original	New Default	Context
srv_job.go:1355 (JobReseedMysqldump)	16	16	✅ Correct
srv_job.go:1447 (ReadMysqldumpUser)	16	16	✅ Correct
cluster_sst.go:478 (SSTRunSendGzip)	4	16	✅ Correct - fallback comment says "original default"

Status: ✅ GOOD - Comments explain the fallback strategy. SST operations use 16 (higher performance), which matches original behavior.

---

🟡 MAJOR Issues

3. Validation Logic Not Enforced in Code (Inconsistency)

Problem: The UI allows max 32 for compress-backups-parallel-blocks, but the backend code has no upper bound check:

parallelBlocks := cluster.Conf.CompressBackupsParallelBlocks
if parallelBlocks <= 0 {
    parallelBlocks = 16 // Only checks lower bound!
}

Risk: User could set compress-backups-parallel-blocks = 256 via config file/environment variable, causing:

• High memory consumption
• Excessive goroutine creation
• Potential denial-of-service condition

Recommendation: Add upper bound validation:

if parallelBlocks <= 0 {
    parallelBlocks = 4 // or 16 for SST
} else if parallelBlocks > 32 {
    parallelBlocks = 32 // Cap at safe maximum
    cluster.LogModulePrintf(...)
}

Affected Locations:

• srv_job.go:1357-1359 (JobReseedMysqldump)
• srv_job.go:1450-1452 (ReadMysqldumpUser)
• cluster_sst.go:474-476 (SSTRunSendGzip)

---

4. Compression Level Validation Missing Upper Bound Check

Problem: Similar to parallel blocks - compression level has lower bound check but not upper:

compressionLevel := cluster.Conf.CompressBackupsCompressionLevel
if compressionLevel < 1 || compressionLevel > 9 {
    compressionLevel = 6
}

While this technically works (gzip.NewWriterLevel will accept values, pgzip may handle it), it's less defensive. A user setting this via environment variable gets the fallback, but there's no logging.

Status: ⚠️ Works correctly, but could log when fallback is triggered.

---

🟡 CODE QUALITY Issues

5. Duplicated Validation Logic

Compression and decompression validation is repeated 6+ times across files:

// Pattern repeated in srv_job.go (3x), cluster_sst.go (2x)
compressionLevel := cluster.Conf.CompressBackupsCompressionLevel
if compressionLevel < 1 || compressionLevel > 9 {
    compressionLevel = 6
}

Recommendation: Extract to helper functions:

// In cluster/compression.go
func (cluster *Cluster) GetValidCompressionLevel() int {
    level := cluster.Conf.CompressBackupsCompressionLevel
    if level < 1 || level > 9 {
        cluster.LogModulePrintf(...)
        return 6
    }
    return level
}

func (cluster *Cluster) GetValidParallelBlocks(defaultVal int) int {
    blocks := cluster.Conf.CompressBackupsParallelBlocks
    if blocks <= 0 {
        return defaultVal
    }
    if blocks > 32 {
        cluster.LogModulePrintf(...)
        return 32
    }
    return blocks
}

This would:

• Eliminate duplication
• Centralize validation logic
• Add consistent logging
• Make future changes easier

---

🟢 CONFIGURATION & TESTING

6. Config Fields Added Correctly

✅ config/config.go properly adds:

• CompressBackupsCompressionLevel (int)
• CompressBackupsParallelBlocks (int)

7. Server Flags Registered

✅ server/server.go adds flags with appropriate defaults:

• Default compression level: 6 ✅
• Default parallel blocks: 4 ✅

8. UI Component Updated

✅ BackupSettings.jsx includes UI for both parameters with helpful descriptions

9. Test Coverage Assessment

Tests included:

• ✅ Compression level boundary testing
• ✅ Parallel blocks boundary testing
• ✅ Actual compression with different levels
• ✅ Parallel decompression verification

Tests missing:

• ❌ Integration tests (e.g., backup with custom settings → restore with custom settings)
• ❌ Edge case: very large parallel blocks (256+)
• ❌ Configuration loading from TOML/environment

---

🔒 SECURITY CONSIDERATIONS

1. Resource Exhaustion Risk: High parallel blocks value could exhaust memory/goroutines

   • Mitigation Needed: Add upper bound validation (see Issue ERROR: No slaves were detected #4)

2. Parameter Bounds not Documented in Code: Users could set invalid values

   • Mitigation Needed: Add validation with logging

3. No Rate Limiting: Multiple backup jobs could stack unbounded goroutines

   • Status: Out of scope for this PR, but worth noting for future

---

Recommendations Summary

Must Fix (Before Merge):

1. ❌ Add upper bound validation for parallel blocks (max 32)
   • Affects 3 locations in srv_job.go and cluster_sst.go

Should Fix (Strong Recommendation):

2. ⚠️ Extract validation logic to helper functions

   • Reduces duplication, improves maintainability
   • Enables consistent logging

3. ⚠️ Add logging when fallback values are triggered

   • Helps users debug configuration issues

Nice to Have:

4. 🟢 Add integration tests
   • Test backup/restore cycle with custom settings
   • Verify file sizes match compression levels

---

Files Requiring Changes

File	Issue	Severity
cluster/srv_job.go	Lines 1357-1359, 1450-1452: Add max bound check	CRITICAL
cluster/cluster_sst.go	Lines 474-476: Add max bound check	CRITICAL
cluster/compression.go	NEW: Add helper functions	RECOMMENDED

---

Detailed Change Locations

cluster/srv_job.go - Line ~1357

parallelBlocks := cluster.Conf.CompressBackupsParallelBlocks
if parallelBlocks <= 0 {
    parallelBlocks = 16
}
// ADD: } else if parallelBlocks > 32 { ... }

cluster/srv_job.go - Line ~1450

parallelBlocks := cluster.Conf.CompressBackupsParallelBlocks
if parallelBlocks <= 0 {
    parallelBlocks = 16
}
// ADD: } else if parallelBlocks > 32 { ... }

cluster/cluster_sst.go - Line ~474

parallelBlocks := cluster.Conf.CompressBackupsParallelBlocks
if parallelBlocks <= 0 {
    parallelBlocks = 16
}
// ADD: } else if parallelBlocks > 32 { ... }

---

Overall Assessment: The implementation is solid with good documentation and tests, but needs upper bound validation for parallel blocks to prevent resource exhaustion attacks before merging. The code quality could be improved by extracting validation logic, but this is not blocking.

```

Would you like me to implement the fixes for the critical issues identified above?

[caffeinated92]

@claude review my pull request

[claude]

Claude encountered an error after 35s —— View job

---

I'll analyze this and get back to you.

[claude]

Claude finished @caffeinated92's task in 41s —— View job

---

Comprehensive Code Review: pgzip Configuration Optimization PR

Summary

This PR adds configurable compression levels and parallel blocks for pgzip backup operations, providing users fine-grained control over performance/compression tradeoffs. The implementation demonstrates good practices with proper validation, comprehensive tests, and thorough documentation.

Status: ✅ APPROVED with minor observations

---

✅ Implementation Quality

1. Helper Functions - Well Designed

Lines 683-709 in cluster/cluster_bck.go introduce two properly scoped helper methods:

// getSanitizedCompressionLevel validates and returns a safe compression level (1-9)
func (cluster *Cluster) getSanitizedCompressionLevel(logModule int) int {
    level := cluster.Conf.CompressBackupsCompressionLevel
    if level < 1 || level > 9 {
        cluster.LogModulePrintf(..., "value %d is out of range (1-9), using default 6", level)
        return 6
    }
    return level
}

// getSanitizedParallelBlocks validates and returns safe parallel blocks (1-32)
func (cluster *Cluster) getSanitizedParallelBlocks(logModule int) int {
    blocks := cluster.Conf.CompressBackupsParallelBlocks
    if blocks <= 0 {
        return 16 // Default for SST/restore performance
    }
    if blocks > 32 {
        cluster.LogModulePrintf(..., "value %d exceeds maximum 32, capping to 32", blocks)
        return 32
    }
    return blocks
}

Strengths:

• ✅ Centralized validation logic (solves duplication from earlier comment)
• ✅ Upper bound enforcement for parallel blocks (32 max) prevents resource exhaustion
• ✅ Proper logging when bounds are violated
• ✅ Safe defaults (6 for compression, 16 for SST operations)
• ✅ Clear comments explaining behavior

2. Error Handling - Properly Fixed

cluster_sst.go lines 164-182 - Error check order is correct:

var err error
if openfile == ConstJobCreateFile {
    sst.file, err = os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
} else {
    sst.file, err = os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
}

if err != nil {  // ✅ Error checked BEFORE using sst.file
    cluster.LogModulePrintf(cluster.Conf.Verbose, config.ConstLogModSST, config.LvlErr, ...)
    return "", err
}

compressionLevel := cluster.getSanitizedCompressionLevel(config.ConstLogModSST)
gw, err := gzip.NewWriterLevel(sst.file, compressionLevel)  // ✅ Now safe to use sst.file

srv_job.go lines 1983-1992 - Similarly well-handled:

f, err := os.Create(filename)
if err != nil {
    cluster.LogModulePrintf(...)
    return err
}
defer f.Close()  // ✅ Safe because error was checked

compressionLevel := cluster.getSanitizedCompressionLevel(config.ConstLogModTask)
gw, err := gzip.NewWriterLevel(f, compressionLevel)  // ✅ Proper error handling chain

3. Consistent Parameter Usage

All three decompression operations now use centralized validation:

Location	Operation	Validation
srv_job.go:1357	JobReseedMysqldump	getSanitizedParallelBlocks() ✅
srv_job.go:1447	ReadMysqldumpUser	getSanitizedParallelBlocks() ✅
cluster_sst.go:177	SSTSendGzip	getSanitizedCompressionLevel() ✅
srv_job.go:1991	JobBackupMysqldump	getSanitizedCompressionLevel() ✅

---

📋 Configuration & API

4. Config Fields - Properly Added

config/config.go adds two new fields with appropriate types:

CompressBackupsCompressionLevel int  // mapstructure binding present
CompressBackupsParallelBlocks int    // mapstructure binding present

5. Server Flags - Well Registered

server/server.go includes:

• Default compression level: 6 (standard gzip default)
• Default parallel blocks: Not explicitly shown but tested as 4 in tests

6. REST API - Good Integration

server/api_cluster.go exposes configuration via REST API with 18 lines of new endpoints for querying cluster backup settings.

7. UI Component - User-Friendly

BackupSettings.jsx adds form inputs with:

• Configurable compression level slider (1-9)
• Configurable parallel blocks slider (1-32)
• Helpful descriptions for each setting

---

✅ Testing Coverage

8. Comprehensive Test Suite

srv_job_pgzip_test.go (402 lines) includes:

Compression Level Tests (lines 22-80):

✅ Valid minimum (1)
✅ Valid default (6)  
✅ Valid maximum (9)
✅ Invalid zero → defaults to 6
✅ Invalid negative → defaults to 6
✅ Invalid high (10) → defaults to 6

Parallel Blocks Tests (lines 82+):

✅ Valid minimum (1)
✅ Valid default (4)
✅ Valid maximum (32)
✅ Invalid zero → defaults to 16
✅ Invalid negative → defaults to 16
✅ Invalid high (256) → caps to 32

Additional Coverage:

• ✅ Actual compression with different levels and file size comparison
• ✅ Parallel decompression verification using pgzip.NewReaderN()
• ✅ Integration tests validating complete compress/decompress cycles

---

🔒 Security & Resource Protection

9. Resource Exhaustion Prevention

The upper bound check on parallel blocks (max 32) is critical for security:

Risk Mitigated: A user setting compress-backups-parallel-blocks=1024 via config file or environment variable would previously cause:

• Unbounded goroutine creation (2048+ goroutines for large files)
• Excessive memory allocation for decompression buffers
• Potential denial-of-service condition

Current Protection:

if blocks > 32 {
    cluster.LogModulePrintf(..., "exceeds maximum 32, capping to 32", blocks)
    return 32  // ✅ Safe cap enforced
}

This is well-designed defensive programming.

10. Backward Compatibility

✅ Safe defaults ensure existing deployments continue functioning:

• Compression level defaults to 6 (existing behavior)
• Parallel blocks defaults to 16 for SST (original behavior)
• No breaking changes to APIs or configuration file format

---

📖 Documentation

11. Implementation Documentation

doc/implementation/cluster/PGZIP_OPTIMIZATION.md (225 lines) provides:

• Problem statement and solution overview
• Configuration examples for different use cases
• Performance characteristics of different compression levels
• Implementation details and design decisions
• Backward compatibility notes

Quality: Thorough and user-facing friendly.

---

🎯 Areas of Excellence

1. Defensive Programming: Upper bounds enforce safe resource usage
2. Centralized Validation: Helpers prevent duplication and ensure consistency
3. Comprehensive Testing: Edge cases covered (0, -1, 10, 256)
4. Proper Error Handling: No dead code paths, checks before use
5. User-Facing Documentation: Clear explanations of performance tradeoffs
6. API Integration: REST endpoints + UI components for configuration
7. Logging: Fallback values logged for troubleshooting

---

💭 Minor Observations (Non-Blocking)

12. Config Field Validation Scope

The configuration only validates bounds at usage time, not at load time. This is acceptable but note that:

• Invalid values are caught when backups run (with warning logged)
• No pre-flight validation during server startup

Impact: Low - users see warnings in logs during backup operations

13. Environment Variable Precedence

Configuration resolution follows standard Viper precedence:

Command-line flags > Environment variables > Config file > Defaults

Users can set REPLICATION_MANAGER_COMPRESS_BACKUPS_COMPRESSION_LEVEL=1 to force fast compression globally.

---

✅ Final Assessment

The implementation is production-ready and well-engineered.

Strengths Summary:

• ✅ Critical error handling fixed (OpenFile errors checked before use)
• ✅ Resource exhaustion prevented (upper bounds enforced with logging)
• ✅ Validation centralized in reusable helpers
• ✅ Comprehensive test coverage with edge cases
• ✅ User-friendly UI and documentation
• ✅ Backward compatible with safe defaults
• ✅ Proper logging for troubleshooting

Recommendation: APPROVE - Ready to merge

---