backupccl: add tenant backup nemesis tests

[stevendanna]

This adds a bit of randomized testing to stress incremental tenant backups.

Tenant backups were previously untenable because of non-MVCC operations. Now that we support MVCC-compatible bulk operations, they should in principal be possible.

Epic: CRDB-20264

Release note: None

[cockroach-teamcity]

This change is 

[stevendanna]

@msbutler Friendly ping here. I think this should be RFAL now that we've fixed some of the underlying issues that were preventing it from working before.

[msbutler]

This looks great! I'm having a hard time understanding/reviewing the new nemesis infra. I'll give it another pass once you add some comments, or we can setup a time to chat if that's better.

[msbutler]

seems like we only run validation on the latest aost set in the above goroutine. What if we randomly chose an aost so that we restore at some random point in the chain?

[stevendanna]

I'm going to leave this as a follow up. To do this, we need to track which tables are valid to test at the point of the restore.

Perhaps we could get around that by just fingerprinting the whole tenant.

[msbutler]

Sounds good. We could use Aditya's fingerprint job here and remove the TablesToCheck stuff.

[stevendanna]

The reason table-by-table is nice for now is that the table names are directly related to the nemesis that runs which gives you a foothold into what failed.

[msbutler]

ah, good point. This also makes me wonder: should we print or log the seed returned by the NewPseudoRand() call to make it easier to repro a future test failure?

[msbutler]

these helper functions are quite nice, I wonder if it's worth putting them in the backup utils_test.go package. Happy to leave this as a todo.

[msbutler]

the number of incremental backups the import job spanned had some affect on the corruption cases we saw. I wonder if we could randomly vary the speed of the import job, or any of the jobs below.

[stevendanna]

This seems like it would be a fun thing to add. The other thing I was thinking of adding to the "listener" stuff was something where the operations could let you know when an "interesting" point in the operations was occurring and then allow you to block the operation, take a backup, and continue.

[msbutler]

either would be great. whatever is easier to implement!

[stevendanna]

Well, this would require a good deal more infrastructure such as that which is already causing confusion. So I'll leave this to whoever is motivated to touch this test next.

[stevendanna]

@msbutler I left a few new comments. All of the "oneTimeListener" stuff is there because I was playing around with whether forcing the nemesis operations to be interleaved with the incrementals was important. In the end I decided to just bump the incremental count to 30 and let randomness take its course, but since it is just a few lines of code I've left it to keep playing with as we add more operations.

[stevendanna]

Okie Dokie @msbutler I went ahead and removed the RequireStart stuff and confirmed that this still catches the import bug with range tombstones turned off.

[msbutler]

LGTM! Thanks for simplifying the test a bit!

[msbutler]

And good call to revert the extra infra in a separate commit -- it will make it easy to come back to.

[stevendanna]

bors r=msbutler

[craig]

Build failed (retrying...):

• Bazel Essential CI (Cockroach)

[craig]

Build succeeded:

• Bazel Essential CI (Cockroach)