Crashing during snapshot deletion might result in unreferenced data left in repository #13159
Description
It's currently possible to end up with unreferenced data in a snapshot repository, given the following steps:
- Create a index,
foobar, with sizeX bytes - Snapshot cluster
- Start deleting the snapshot, crash after deleting
snapshot-{}andmetadata-{}files - Delete index
foobar - Snapshot cluster again
Normally, step 5 would cause the files no longer referenced by any snapshots do be deleted, but if the underlying index is deleted as well, they won't get cleaned up. In the example above, there would be X bytes of disk space used without any snapshot referencing them. Given sufficiently large values of X, this could be a significant amount of storage wasted. Even with small amounts of data, this might accrue over time to become significant.
Suggestion: create a deleting-{} file as a sibling of the snapshot-{} file that gets written before the files referenced by the snapshot gets deleted. When the deletion has been completed, this file should be the last one deleted. These files indicates that a deletion is in progress or have been attempted so it's possible to tell that the snapshot might be in a half-deleted state (so we can avoid using it). It should also enable later snapshot processes to continue the deletion process where the previous left off.