See PHI2004. This is mostly a clerical issue:
- If an rbak device does not exist, backups on the host will fail when they try to record that backups were created or pruned.
- Backups will then retry and succeed, since they see the backup exists on disk (so they don't try to create it again) or no longer exists (so they don't try to prune it again). Since the disk state is already correct, they conclude no bookkeeping is required and exit successfully.
The net effect is that we get an out-of-date view in the web record of backups, but everything ultimately works fine.
This system could be made "more atomic", although the outcome here is approximately the least bad failure. It's good that Almanac failures don't prevent backups from being written, and don't send the system into a death spiral where it repeatedly writes more and more copies of the same backups forever, etc.
For now, I expect to simply fix the affected Almanac definitions.