[pve-manager.git] / PVE / API2 / VZDump.pm

package PVE::API2::VZDump;

use strict;
use warnings;

use PVE::AccessControl;
use PVE::Cluster;
use PVE::Exception qw(raise_param_exc);
use PVE::INotify;
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;
use PVE::Storage;
use PVE::Tools qw(extract_param);
use PVE::VZDump::Common;
use PVE::VZDump;

use PVE::API2::Backup;
use PVE::API2Tools;

use Data::Dumper; # fixme: remove

use base qw(PVE::RESTHandler);

my sub assert_param_permission_vzdump {
    my ($rpcenv, $user, $param) = @_;
    return if $user eq 'root@pam'; # always OK

    PVE::API2::Backup::assert_param_permission_common($rpcenv, $user, $param);

    if (defined($param->{maxfiles}) || defined($param->{'prune-backups'})) {
	if (my $storeid = PVE::VZDump::get_storage_param($param)) {
	    $rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Allocate' ]);
	}
    }
}

__PACKAGE__->register_method ({
    name => 'vzdump',
    path => '',
    method => 'POST',
    description => "Create backup.",
    permissions => {
	description => "The user needs 'VM.Backup' permissions on any VM, and "
	    ."'Datastore.AllocateSpace' on the backup storage. The 'tmpdir', 'dumpdir' and "
	    ."'script' parameters are restricted to the 'root\@pam' user. The 'maxfiles' and "
	    ."'prune-backups' settings require 'Datastore.Allocate' on the backup storage. The "
	    ."'bwlimit', 'performance' and 'ionice' parameters require 'Sys.Modify' on '/'.",
	user => 'all',
    },
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => PVE::VZDump::Common::json_config_properties({
	    stdout => {
		type => 'boolean',
		description => "Write tar to stdout, not to a file.",
		optional => 1,
	    },
        }),
    },
    returns => { type => 'string' },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $user = $rpcenv->get_user();

	my $nodename = PVE::INotify::nodename();

	if ($rpcenv->{type} ne 'cli') {
	    raise_param_exc({ node => "option is only allowed on the command line interface."})
		if $param->{node} && $param->{node} ne $nodename;

	    raise_param_exc({ stdout => "option is only allowed on the command line interface."})
		if $param->{stdout};
	}

	assert_param_permission_vzdump($rpcenv, $user, $param);

	PVE::VZDump::verify_vzdump_parameters($param, 1);

	# silent exit if we run on wrong node
	return 'OK' if $param->{node} && $param->{node} ne $nodename;

	my $cmdline = PVE::VZDump::Common::command_line($param);

	my $vmids_per_node = PVE::VZDump::get_included_guests($param);

	my $local_vmids = delete $vmids_per_node->{$nodename} // [];

	# include IDs for deleted guests, and visibly fail later
	my $orphaned_vmids = delete $vmids_per_node->{''} // [];
	push @{$local_vmids}, @{$orphaned_vmids};

	my $skiplist = [ map { @$_ } values $vmids_per_node->%* ];

	if($param->{stop}){
	    PVE::VZDump::stop_running_backups();
	    return 'OK' if !scalar(@{$local_vmids});
	}

	# silent exit if specified VMs run on other nodes
	return "OK" if !scalar(@{$local_vmids}) && !$param->{all};

	PVE::VZDump::parse_mailto_exclude_path($param);

	die "you can only backup a single VM with option --stdout\n"
	    if $param->{stdout} && scalar(@{$local_vmids}) != 1;

	if (my $storeid = PVE::VZDump::get_storage_param($param)) {
	    $rpcenv->check($user, "/storage/$storeid", [ 'Datastore.AllocateSpace' ]);
	}

	my $worker = sub {
	    my $upid = shift;

	    $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = $SIG{PIPE} = sub {
		die "interrupted by signal\n";
	    };

	    $param->{vmids} = $local_vmids;
	    my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);

	    my $LOCK_FH = eval {
		$vzdump->getlock($upid); # only one process allowed
	    };
	    if (my $err = $@) {
		$vzdump->sendmail([], 0, $err);
		exit(-1);
	    }

	    if (defined($param->{ionice})) {
		if ($param->{ionice} > 7) {
		    PVE::VZDump::run_command(undef, "ionice -c3 -p $$");
		} else {
		    PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
		}
	    }
	    $vzdump->exec_backup($rpcenv, $user);

	    close($LOCK_FH);
	};

	open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
	open STDERR, '>/dev/null' if $param->{quiet};

	if ($rpcenv->{type} eq 'cli') {
	    if ($param->{stdout}) {

		open my $saved_stdout, ">&STDOUT"
		    || die "can't dup STDOUT: $!\n";

		open STDOUT, '>&STDERR' ||
		    die "unable to redirect STDOUT: $!\n";

		$param->{stdout} = $saved_stdout;
	    }
	}

	my $taskid;
	$taskid = $local_vmids->[0] if scalar(@{$local_vmids}) == 1;

	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
   }});

__PACKAGE__->register_method ({
    name => 'defaults',
    path => 'defaults',
    method => 'GET',
    description => "Get the currently configured vzdump defaults.",
    permissions => {
	description => "The user needs 'Datastore.Audit' or 'Datastore.AllocateSpace' " .
	    "permissions for the specified storage (or default storage if none specified). Some " .
	    "properties are only returned when the user has 'Sys.Audit' permissions for the node.",
	user => 'all',
    },
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    storage => get_standard_option('pve-storage-id', { optional => 1 }),
	},
    },
    returns => {
	type => 'object',
	additionalProperties => 0,
	properties => PVE::VZDump::Common::json_config_properties(),
    },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $storage = extract_param($param, 'storage');

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $res = PVE::VZDump::read_vzdump_defaults();

	$res->{storage} = $storage if defined($storage);

	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
	    $res->{storage} = 'local';
	}

	if (defined($res->{storage})) {
	    $rpcenv->check_any(
		$authuser,
		"/storage/$res->{storage}",
		['Datastore.Audit', 'Datastore.AllocateSpace'],
	    );

	    my $info = PVE::VZDump::storage_info($res->{storage});
	    for my $key (qw(dumpdir prune-backups)) {
		$res->{$key} = $info->{$key} if defined($info->{$key});
	    }
	}

	if (defined($res->{'prune-backups'})) {
	    $res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
		$res->{'prune-backups'},
		'prune-backups',
	    );
	}

	$res->{mailto} = join(",", @{$res->{mailto}})
	    if defined($res->{mailto});

	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
	    if defined($res->{'exclude-path'});

	# normal backup users don't need to know these
	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
	    delete $res->{mailto};
	    delete $res->{tmpdir};
	    delete $res->{dumpdir};
	    delete $res->{script};
	    delete $res->{ionice};
	}

	my $pool = $res->{pool};
	if (defined($pool) &&
	    !$rpcenv->check($authuser, "/pool/$pool", ['Pool.Audit'], 1)) {
	    delete $res->{pool};
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'extractconfig',
    path => 'extractconfig',
    method => 'GET',
    description => "Extract configuration from vzdump backup archive.",
    permissions => {
	description => "The user needs 'VM.Backup' permissions on the backed up guest ID, and 'Datastore.AllocateSpace' on the backup storage.",
	user => 'all',
    },
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    volume => {
		description => "Volume identifier",
		type => 'string',
		completion => \&PVE::Storage::complete_volume,
	    },
	},
    },
    returns => { type => 'string' },
    code => sub {
	my ($param) = @_;

	my $volume = extract_param($param, 'volume');

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $storage_cfg = PVE::Storage::config();
	PVE::Storage::check_volume_access(
	    $rpcenv,
	    $authuser,
	    $storage_cfg,
	    undef,
	    $volume,
	    'backup',
	);

	if (PVE::Storage::parse_volume_id($volume, 1)) {
	    my (undef, undef, $ownervm) = PVE::Storage::parse_volname($storage_cfg, $volume);
	    $rpcenv->check($authuser, "/vms/$ownervm", ['VM.Backup']);
	}

	return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
    }});

1;
Commit	Line	Data
bf58f8dd DM	1	package PVE::API2::VZDump;
	2
	3	use strict;
	4	use warnings;
2b5f3f98 TL	5
	6	use PVE::AccessControl;
	7	use PVE::Cluster;
31aef761	8	use PVE::Exception qw(raise_param_exc);
bf58f8dd	9	use PVE::INotify;
bf58f8dd	10	use PVE::JSONSchema qw(get_standard_option);
2b5f3f98	11	use PVE::RPCEnvironment;
bf58f8dd	12	use PVE::Storage;
2b5f3f98	13	use PVE::Tools qw(extract_param);
2424074e	14	use PVE::VZDump::Common;
2b5f3f98 TL	15	use PVE::VZDump;
2b5f3f98 TL	16
2b233ecc	17	use PVE::API2::Backup;
f3376261	18	use PVE::API2Tools;
bf58f8dd DM	19
	20	use Data::Dumper; # fixme: remove
	21
bf58f8dd DM	22	use base qw(PVE::RESTHandler);
bf58f8dd DM	23
2b233ecc FE	24	my sub assert_param_permission_vzdump {
	25	my ($rpcenv, $user, $param) = @_;
	26	return if $user eq 'root@pam'; # always OK
	27
	28	PVE::API2::Backup::assert_param_permission_common($rpcenv, $user, $param);
	29
43f83ad9 FE	30	if (defined($param->{maxfiles}) \|\| defined($param->{'prune-backups'})) {
	31	if (my $storeid = PVE::VZDump::get_storage_param($param)) {
	32	$rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Allocate' ]);
	33	}
	34	}
2b233ecc FE	35	}
2b233ecc FE	36
bf58f8dd	37	__PACKAGE__->register_method ({
60e049c2	38	name => 'vzdump',
bf58f8dd DM	39	path => '',
	40	method => 'POST',
	41	description => "Create backup.",
98e84b16	42	permissions => {
93880785	43	description => "The user needs 'VM.Backup' permissions on any VM, and "
2b233ecc FE	44	."'Datastore.AllocateSpace' on the backup storage. The 'tmpdir', 'dumpdir' and "
	45	."'script' parameters are restricted to the 'root\@pam' user. The 'maxfiles' and "
	46	."'prune-backups' settings require 'Datastore.Allocate' on the backup storage. The "
	47	."'bwlimit', 'performance' and 'ionice' parameters require 'Sys.Modify' on '/'.",
98e84b16 DM	48	user => 'all',
98e84b16 DM	49	},
30edfad9	50	protected => 1,
49046e53	51	proxyto => 'node',
bf58f8dd	52	parameters => {
ff119724	53	additionalProperties => 0,
2424074e	54	properties => PVE::VZDump::Common::json_config_properties({
bf58f8dd DM	55	stdout => {
	56	type => 'boolean',
	57	description => "Write tar to stdout, not to a file.",
	58	optional => 1,
	59	},
ac27b58d	60	}),
bf58f8dd DM	61	},
	62	returns => { type => 'string' },
	63	code => sub {
	64	my ($param) = @_;
	65
	66	my $rpcenv = PVE::RPCEnvironment::get();
	67
	68	my $user = $rpcenv->get_user();
	69
	70	my $nodename = PVE::INotify::nodename();
	71
	72	if ($rpcenv->{type} ne 'cli') {
	73	raise_param_exc({ node => "option is only allowed on the command line interface."})
	74	if $param->{node} && $param->{node} ne $nodename;
	75
	76	raise_param_exc({ stdout => "option is only allowed on the command line interface."})
	77	if $param->{stdout};
	78	}
	79
2b233ecc	80	assert_param_permission_vzdump($rpcenv, $user, $param);
6d0507a8	81
31aef761	82	PVE::VZDump::verify_vzdump_parameters($param, 1);
bf58f8dd DM	83
bf58f8dd DM	84	# silent exit if we run on wrong node
eab837c4	85	return 'OK' if $param->{node} && $param->{node} ne $nodename;
60e049c2	86
2424074e	87	my $cmdline = PVE::VZDump::Common::command_line($param);
df5875b4 AL	88
	89	my $vmids_per_node = PVE::VZDump::get_included_guests($param);
	90
	91	my $local_vmids = delete $vmids_per_node->{$nodename} // [];
	92
7f874148 FE	93	# include IDs for deleted guests, and visibly fail later
	94	my $orphaned_vmids = delete $vmids_per_node->{''} // [];
	95	push @{$local_vmids}, @{$orphaned_vmids};
	96
df5875b4	97	my $skiplist = [ map { @$_ } values $vmids_per_node->%* ];
bf58f8dd	98
eab837c4 DM	99	if($param->{stop}){
eab837c4 DM	100	PVE::VZDump::stop_running_backups();
df5875b4	101	return 'OK' if !scalar(@{$local_vmids});
eab837c4 DM	102	}
eab837c4 DM	103
5c4da4c3	104	# silent exit if specified VMs run on other nodes
df5875b4	105	return "OK" if !scalar(@{$local_vmids}) && !$param->{all};
336ec53a	106
f8ed6af8	107	PVE::VZDump::parse_mailto_exclude_path($param);
bf58f8dd DM	108
bf58f8dd DM	109	die "you can only backup a single VM with option --stdout\n"
df5875b4	110	if $param->{stdout} && scalar(@{$local_vmids}) != 1;
bf58f8dd	111
43f83ad9 FE	112	if (my $storeid = PVE::VZDump::get_storage_param($param)) {
	113	$rpcenv->check($user, "/storage/$storeid", [ 'Datastore.AllocateSpace' ]);
	114	}
4412265f	115
bf58f8dd	116	my $worker = sub {
eab837c4 DM	117	my $upid = shift;
eab837c4 DM	118
bf58f8dd DM	119	$SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = $SIG{PIPE} = sub {
	120	die "interrupted by signal\n";
	121	};
	122
df5875b4	123	$param->{vmids} = $local_vmids;
403761c4 WB	124	my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);
403761c4 WB	125
875c2e5a	126	my $LOCK_FH = eval {
eab837c4	127	$vzdump->getlock($upid); # only one process allowed
6ec9de44	128	};
eab837c4 DM	129	if (my $err = $@) {
eab837c4 DM	130	$vzdump->sendmail([], 0, $err);
6ec9de44 SP	131	exit(-1);
6ec9de44 SP	132	}
bf58f8dd DM	133
	134	if (defined($param->{ionice})) {
	135	if ($param->{ionice} > 7) {
	136	PVE::VZDump::run_command(undef, "ionice -c3 -p $$");
	137	} else {
	138	PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
	139	}
	140	}
60e049c2	141	$vzdump->exec_backup($rpcenv, $user);
875c2e5a FE	142
875c2e5a FE	143	close($LOCK_FH);
60e049c2	144	};
bf58f8dd DM	145
	146	open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
	147	open STDERR, '>/dev/null' if $param->{quiet};
	148
	149	if ($rpcenv->{type} eq 'cli') {
	150	if ($param->{stdout}) {
	151
	152	open my $saved_stdout, ">&STDOUT"
	153	\|\| die "can't dup STDOUT: $!\n";
	154
	155	open STDOUT, '>&STDERR' \|\|
	156	die "unable to redirect STDOUT: $!\n";
	157
	158	$param->{stdout} = $saved_stdout;
	159	}
	160	}
	161
742d2ad2	162	my $taskid;
df5875b4	163	$taskid = $local_vmids->[0] if scalar(@{$local_vmids}) == 1;
742d2ad2 FG	164
742d2ad2 FG	165	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
bf58f8dd	166	}});
7619e4dd	167
5b9a4030 FE	168	__PACKAGE__->register_method ({
	169	name => 'defaults',
	170	path => 'defaults',
	171	method => 'GET',
	172	description => "Get the currently configured vzdump defaults.",
	173	permissions => {
	174	description => "The user needs 'Datastore.Audit' or 'Datastore.AllocateSpace' " .
	175	"permissions for the specified storage (or default storage if none specified). Some " .
	176	"properties are only returned when the user has 'Sys.Audit' permissions for the node.",
	177	user => 'all',
	178	},
	179	proxyto => 'node',
	180	parameters => {
	181	additionalProperties => 0,
	182	properties => {
	183	node => get_standard_option('pve-node'),
	184	storage => get_standard_option('pve-storage-id', { optional => 1 }),
	185	},
	186	},
	187	returns => {
	188	type => 'object',
	189	additionalProperties => 0,
	190	properties => PVE::VZDump::Common::json_config_properties(),
	191	},
	192	code => sub {
	193	my ($param) = @_;
	194
	195	my $node = extract_param($param, 'node');
	196	my $storage = extract_param($param, 'storage');
	197
	198	my $rpcenv = PVE::RPCEnvironment::get();
	199	my $authuser = $rpcenv->get_user();
	200
	201	my $res = PVE::VZDump::read_vzdump_defaults();
	202
	203	$res->{storage} = $storage if defined($storage);
	204
	205	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
	206	$res->{storage} = 'local';
	207	}
	208
	209	if (defined($res->{storage})) {
	210	$rpcenv->check_any(
	211	$authuser,
	212	"/storage/$res->{storage}",
	213	['Datastore.Audit', 'Datastore.AllocateSpace'],
	214	);
	215
	216	my $info = PVE::VZDump::storage_info($res->{storage});
	217	for my $key (qw(dumpdir prune-backups)) {
	218	$res->{$key} = $info->{$key} if defined($info->{$key});
	219	}
	220	}
	221
	222	if (defined($res->{'prune-backups'})) {
	223	$res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
	224	$res->{'prune-backups'},
	225	'prune-backups',
	226	);
	227	}
	228
	229	$res->{mailto} = join(",", @{$res->{mailto}})
	230	if defined($res->{mailto});
	231
232	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
233	if defined($res->{'exclude-path'});
234
235	# normal backup users don't need to know these
236	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
237	delete $res->{mailto};
238	delete $res->{tmpdir};
239	delete $res->{dumpdir};
240	delete $res->{script};
241	delete $res->{ionice};
242	}
243
244	my $pool = $res->{pool};
245	if (defined($pool) &&
91db3ece	246	!$rpcenv->check($authuser, "/pool/$pool", ['Pool.Audit'], 1)) {
5b9a4030 FE	247	delete $res->{pool};
	248	}
	249
5b9a4030 FE	250	return $res;
	251	}});
	252
7619e4dd FG	253	__PACKAGE__->register_method ({
	254	name => 'extractconfig',
	255	path => 'extractconfig',
	256	method => 'GET',
	257	description => "Extract configuration from vzdump backup archive.",
	258	permissions => {
	259	description => "The user needs 'VM.Backup' permissions on the backed up guest ID, and 'Datastore.AllocateSpace' on the backup storage.",
	260	user => 'all',
	261	},
	262	protected => 1,
	263	proxyto => 'node',
	264	parameters => {
	265	additionalProperties => 0,
	266	properties => {
	267	node => get_standard_option('pve-node'),
	268	volume => {
	269	description => "Volume identifier",
	270	type => 'string',
	271	completion => \&PVE::Storage::complete_volume,
	272	},
	273	},
	274	},
	275	returns => { type => 'string' },
	276	code => sub {
	277	my ($param) = @_;
	278
	279	my $volume = extract_param($param, 'volume');
	280
	281	my $rpcenv = PVE::RPCEnvironment::get();
	282	my $authuser = $rpcenv->get_user();
	283
	284	my $storage_cfg = PVE::Storage::config();
c53d5c5e FE	285	PVE::Storage::check_volume_access(
	286	$rpcenv,
	287	$authuser,
	288	$storage_cfg,
	289	undef,
	290	$volume,
	291	'backup',
	292	);
7619e4dd	293
0bd224e5 FE	294	if (PVE::Storage::parse_volume_id($volume, 1)) {
	295	my (undef, undef, $ownervm) = PVE::Storage::parse_volname($storage_cfg, $volume);
	296	$rpcenv->check($authuser, "/vms/$ownervm", ['VM.Backup']);
	297	}
	298
7619e4dd FG	299	return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
	300	}});
	301
	302	1;