]>
Commit | Line | Data |
---|---|---|
271fe394 DM |
1 | package PVE::Storage::PBSPlugin; |
2 | ||
3 | # Plugin to access Proxmox Backup Server | |
4 | ||
5 | use strict; | |
6 | use warnings; | |
76bb5feb | 7 | use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC); |
271fe394 | 8 | use HTTP::Request; |
76bb5feb | 9 | use IO::File; |
271fe394 | 10 | use JSON; |
76bb5feb WB |
11 | use LWP::UserAgent; |
12 | use POSIX qw(strftime ENOENT); | |
271fe394 DM |
13 | |
14 | use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach); | |
15 | use PVE::Storage::Plugin; | |
16 | use PVE::JSONSchema qw(get_standard_option); | |
17 | ||
18 | use base qw(PVE::Storage::Plugin); | |
19 | ||
20 | # Configuration | |
21 | ||
22 | sub type { | |
23 | return 'pbs'; | |
24 | } | |
25 | ||
26 | sub plugindata { | |
27 | return { | |
28 | content => [ {backup => 1, none => 1}, { backup => 1 }], | |
29 | }; | |
30 | } | |
31 | ||
32 | sub properties { | |
33 | return { | |
34 | datastore => { | |
35 | description => "Proxmox backup server datastore name.", | |
36 | type => 'string', | |
37 | }, | |
38 | # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256 | |
39 | fingerprint => get_standard_option('fingerprint-sha256'), | |
ce2e2733 | 40 | 'encryption-key' => { |
1aeb322b | 41 | description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.", |
76bb5feb WB |
42 | type => 'string', |
43 | }, | |
271fe394 DM |
44 | }; |
45 | } | |
46 | ||
47 | sub options { | |
48 | return { | |
49 | server => { fixed => 1 }, | |
50 | datastore => { fixed => 1 }, | |
51 | nodes => { optional => 1}, | |
52 | disable => { optional => 1}, | |
53 | content => { optional => 1}, | |
54 | username => { optional => 1 }, | |
ce2e2733 TL |
55 | password => { optional => 1 }, |
56 | 'encryption-key' => { optional => 1 }, | |
271fe394 DM |
57 | maxfiles => { optional => 1 }, |
58 | fingerprint => { optional => 1 }, | |
59 | }; | |
60 | } | |
61 | ||
62 | # Helpers | |
63 | ||
64 | sub pbs_password_file_name { | |
65 | my ($scfg, $storeid) = @_; | |
66 | ||
462537a2 | 67 | return "/etc/pve/priv/storage/${storeid}.pw"; |
271fe394 DM |
68 | } |
69 | ||
70 | sub pbs_set_password { | |
71 | my ($scfg, $storeid, $password) = @_; | |
72 | ||
73 | my $pwfile = pbs_password_file_name($scfg, $storeid); | |
9e34813f | 74 | mkdir "/etc/pve/priv/storage"; |
271fe394 DM |
75 | |
76 | PVE::Tools::file_set_contents($pwfile, "$password\n"); | |
77 | } | |
78 | ||
79 | sub pbs_delete_password { | |
80 | my ($scfg, $storeid) = @_; | |
81 | ||
82 | my $pwfile = pbs_password_file_name($scfg, $storeid); | |
83 | ||
84 | unlink $pwfile; | |
85 | } | |
86 | ||
87 | sub pbs_get_password { | |
88 | my ($scfg, $storeid) = @_; | |
89 | ||
90 | my $pwfile = pbs_password_file_name($scfg, $storeid); | |
91 | ||
92 | return PVE::Tools::file_read_firstline($pwfile); | |
93 | } | |
94 | ||
76bb5feb WB |
95 | sub pbs_encryption_key_file_name { |
96 | my ($scfg, $storeid) = @_; | |
97 | ||
98 | return "/etc/pve/priv/storage/${storeid}.enc"; | |
99 | } | |
100 | ||
101 | sub pbs_set_encryption_key { | |
102 | my ($scfg, $storeid, $key) = @_; | |
103 | ||
104 | my $pwfile = pbs_encryption_key_file_name($scfg, $storeid); | |
105 | mkdir "/etc/pve/priv/storage"; | |
106 | ||
107 | PVE::Tools::file_set_contents($pwfile, "$key\n"); | |
108 | } | |
109 | ||
110 | sub pbs_delete_encryption_key { | |
111 | my ($scfg, $storeid) = @_; | |
112 | ||
113 | my $pwfile = pbs_encryption_key_file_name($scfg, $storeid); | |
114 | ||
115 | unlink $pwfile; | |
116 | } | |
117 | ||
118 | sub pbs_get_encryption_key { | |
119 | my ($scfg, $storeid) = @_; | |
120 | ||
121 | my $pwfile = pbs_encryption_key_file_name($scfg, $storeid); | |
122 | ||
123 | return PVE::Tools::file_get_contents($pwfile); | |
124 | } | |
125 | ||
126 | # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error. | |
127 | sub pbs_open_encryption_key { | |
128 | my ($scfg, $storeid) = @_; | |
129 | ||
130 | my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid); | |
131 | ||
132 | my $keyfd; | |
133 | if (!open($keyfd, '<', $encryption_key_file)) { | |
134 | return undef if $! == ENOENT; | |
135 | die "failed to open encryption key: $encryption_key_file: $!\n"; | |
136 | } | |
137 | ||
138 | return $keyfd; | |
139 | } | |
140 | ||
8602fd56 FE |
141 | sub print_volid { |
142 | my ($storeid, $btype, $bid, $btime) = @_; | |
143 | ||
144 | my $time_str = strftime("%FT%TZ", gmtime($btime)); | |
145 | my $volname = "backup/${btype}/${bid}/${time_str}"; | |
146 | ||
147 | return "${storeid}:${volname}"; | |
148 | } | |
271fe394 | 149 | |
02cc5e10 WB |
150 | my $USE_CRYPT_PARAMS = { |
151 | backup => 1, | |
152 | restore => 1, | |
153 | 'upload-log' => 1, | |
154 | }; | |
155 | ||
76bb5feb | 156 | my sub do_raw_client_cmd { |
02cc5e10 WB |
157 | my ($scfg, $storeid, $client_cmd, $param, %opts) = @_; |
158 | ||
159 | my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd}; | |
271fe394 | 160 | |
1574a590 TL |
161 | my $client_exe = '/usr/bin/proxmox-backup-client'; |
162 | die "executable not found '$client_exe'! Proxmox backup client not installed?\n" | |
163 | if ! -x $client_exe; | |
164 | ||
271fe394 DM |
165 | my $server = $scfg->{server}; |
166 | my $datastore = $scfg->{datastore}; | |
167 | my $username = $scfg->{username} // 'root@pam'; | |
168 | ||
169 | my $userns_cmd = delete $opts{userns_cmd}; | |
170 | ||
171 | my $cmd = []; | |
172 | ||
173 | push @$cmd, @$userns_cmd if defined($userns_cmd); | |
174 | ||
1574a590 | 175 | push @$cmd, $client_exe, $client_cmd; |
271fe394 | 176 | |
76bb5feb WB |
177 | # This must live in the top scope to not get closed before the `run_command` |
178 | my $keyfd; | |
02cc5e10 | 179 | if ($use_crypto) { |
76bb5feb WB |
180 | if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) { |
181 | my $flags = fcntl($keyfd, F_GETFD, 0) | |
182 | // die "failed to get file descriptor flags: $!\n"; | |
183 | fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC) | |
184 | or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n"; | |
185 | push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd); | |
186 | } else { | |
187 | push @$cmd, '--crypt-mode=none'; | |
188 | } | |
189 | } | |
190 | ||
271fe394 DM |
191 | push @$cmd, @$param if defined($param); |
192 | ||
193 | push @$cmd, "--repository", "$username\@$server:$datastore"; | |
194 | ||
195 | local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid); | |
196 | ||
197 | local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint}; | |
198 | ||
8b4c2a7e DM |
199 | # no ascii-art on task logs |
200 | local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1; | |
201 | local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1; | |
202 | ||
271fe394 | 203 | if (my $logfunc = $opts{logfunc}) { |
e6d1edcb | 204 | $logfunc->("run: " . join(' ', @$cmd)); |
271fe394 DM |
205 | } |
206 | ||
207 | run_command($cmd, %opts); | |
208 | } | |
209 | ||
76bb5feb WB |
210 | # FIXME: External perl code should NOT have access to this. |
211 | # | |
212 | # There should be separate functions to | |
213 | # - make backups | |
214 | # - restore backups | |
215 | # - restore files | |
216 | # with a sane API | |
02cc5e10 | 217 | sub run_raw_client_cmd { |
76bb5feb | 218 | my ($scfg, $storeid, $client_cmd, $param, %opts) = @_; |
02cc5e10 | 219 | return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts); |
76bb5feb WB |
220 | } |
221 | ||
271fe394 DM |
222 | sub run_client_cmd { |
223 | my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_; | |
224 | ||
225 | my $json_str = ''; | |
fee2ece3 | 226 | my $outfunc = sub { $json_str .= "$_[0]\n" }; |
271fe394 DM |
227 | |
228 | $param = [] if !defined($param); | |
229 | $param = [ $param ] if !ref($param); | |
230 | ||
231 | $param = [@$param, '--output-format=json'] if !$no_output; | |
232 | ||
02cc5e10 | 233 | do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, |
76bb5feb | 234 | outfunc => $outfunc, errmsg => 'proxmox-backup-client failed'); |
271fe394 DM |
235 | |
236 | return undef if $no_output; | |
237 | ||
238 | my $res = decode_json($json_str); | |
239 | ||
240 | return $res; | |
241 | } | |
242 | ||
243 | # Storage implementation | |
244 | ||
c855ac15 DM |
245 | sub extract_vzdump_config { |
246 | my ($class, $scfg, $volname, $storeid) = @_; | |
247 | ||
248 | my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname); | |
249 | ||
250 | my $config = ''; | |
fee2ece3 | 251 | my $outfunc = sub { $config .= "$_[0]\n" }; |
c855ac15 DM |
252 | |
253 | my $config_name; | |
254 | if ($format eq 'pbs-vm') { | |
255 | $config_name = 'qemu-server.conf'; | |
256 | } elsif ($format eq 'pbs-ct') { | |
257 | $config_name = 'pct.conf'; | |
258 | } else { | |
259 | die "unable to extract configuration for backup format '$format'\n"; | |
260 | } | |
261 | ||
02cc5e10 | 262 | do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ], |
76bb5feb | 263 | outfunc => $outfunc, errmsg => 'proxmox-backup-client failed'); |
c855ac15 DM |
264 | |
265 | return $config; | |
266 | } | |
267 | ||
1aeb322b TL |
268 | my $autogen_encryption_key = sub { |
269 | my ($scfg, $storeid) = @_; | |
270 | my $encfile = pbs_encryption_key_file_name($scfg, $storeid); | |
271 | run_command(['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile]); | |
272 | }; | |
273 | ||
271fe394 DM |
274 | sub on_add_hook { |
275 | my ($class, $storeid, $scfg, %param) = @_; | |
276 | ||
76bb5feb WB |
277 | if (defined(my $password = $param{password})) { |
278 | pbs_set_password($scfg, $storeid, $password); | |
b494636a DM |
279 | } else { |
280 | pbs_delete_password($scfg, $storeid); | |
281 | } | |
76bb5feb | 282 | |
ce2e2733 | 283 | if (defined(my $encryption_key = $param{'encryption-key'})) { |
1aeb322b TL |
284 | if ($encryption_key eq 'autogen') { |
285 | $autogen_encryption_key->($scfg, $storeid); | |
286 | } else { | |
287 | pbs_set_encryption_key($scfg, $storeid, $encryption_key); | |
288 | } | |
76bb5feb WB |
289 | } else { |
290 | pbs_delete_encryption_key($scfg, $storeid); | |
291 | } | |
b494636a DM |
292 | } |
293 | ||
294 | sub on_update_hook { | |
295 | my ($class, $storeid, $scfg, %param) = @_; | |
296 | ||
76bb5feb WB |
297 | if (exists($param{password})) { |
298 | if (defined($param{password})) { | |
299 | pbs_set_password($scfg, $storeid, $param{password}); | |
300 | } else { | |
301 | pbs_delete_password($scfg, $storeid); | |
302 | } | |
303 | } | |
b494636a | 304 | |
ce2e2733 TL |
305 | if (exists($param{'encryption-key'})) { |
306 | if (defined(my $encryption_key = delete($param{'encryption-key'}))) { | |
1aeb322b TL |
307 | if ($encryption_key eq 'autogen') { |
308 | $autogen_encryption_key->($scfg, $storeid); | |
309 | } else { | |
310 | pbs_set_encryption_key($scfg, $storeid, $encryption_key); | |
311 | } | |
76bb5feb WB |
312 | } else { |
313 | pbs_delete_encryption_key($scfg, $storeid); | |
314 | } | |
271fe394 DM |
315 | } |
316 | } | |
317 | ||
318 | sub on_delete_hook { | |
319 | my ($class, $storeid, $scfg) = @_; | |
320 | ||
321 | pbs_delete_password($scfg, $storeid); | |
76bb5feb | 322 | pbs_delete_encryption_key($scfg, $storeid); |
271fe394 DM |
323 | } |
324 | ||
325 | sub parse_volname { | |
326 | my ($class, $volname) = @_; | |
327 | ||
328 | if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) { | |
329 | my $btype = $1; | |
330 | my $bid = $2; | |
331 | my $btime = $3; | |
332 | my $format = "pbs-$btype"; | |
333 | ||
334 | my $name = "$btype/$bid/$btime"; | |
335 | ||
336 | if ($bid =~ m/^\d+$/) { | |
337 | return ('backup', $name, $bid, undef, undef, undef, $format); | |
338 | } else { | |
339 | return ('backup', $name, undef, undef, undef, undef, $format); | |
340 | } | |
341 | } | |
342 | ||
343 | die "unable to parse PBS volume name '$volname'\n"; | |
344 | } | |
345 | ||
346 | sub path { | |
347 | my ($class, $scfg, $volname, $storeid, $snapname) = @_; | |
348 | ||
349 | die "volume snapshot is not possible on pbs storage" | |
350 | if defined($snapname); | |
351 | ||
352 | my ($vtype, $name, $vmid) = $class->parse_volname($volname); | |
353 | ||
354 | my $server = $scfg->{server}; | |
355 | my $datastore = $scfg->{datastore}; | |
356 | my $username = $scfg->{username} // 'root@pam'; | |
357 | ||
358 | # artifical url - we currently do not use that anywhere | |
359 | my $path = "pbs://$username\@$server:$datastore/$name"; | |
360 | ||
361 | return ($path, $vmid, $vtype); | |
362 | } | |
363 | ||
364 | sub create_base { | |
365 | my ($class, $storeid, $scfg, $volname) = @_; | |
366 | ||
367 | die "can't create base images in pbs storage\n"; | |
368 | } | |
369 | ||
370 | sub clone_image { | |
371 | my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_; | |
372 | ||
373 | die "can't clone images in pbs storage\n"; | |
374 | } | |
375 | ||
376 | sub alloc_image { | |
377 | my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_; | |
378 | ||
379 | die "can't allocate space in pbs storage\n"; | |
380 | } | |
381 | ||
382 | sub free_image { | |
383 | my ($class, $storeid, $scfg, $volname, $isBase) = @_; | |
384 | ||
385 | my ($vtype, $name, $vmid) = $class->parse_volname($volname); | |
386 | ||
387 | run_client_cmd($scfg, $storeid, "forget", [ $name ], 1); | |
388 | } | |
389 | ||
390 | ||
391 | sub list_images { | |
392 | my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_; | |
393 | ||
394 | my $res = []; | |
395 | ||
396 | return $res; | |
397 | } | |
398 | ||
399 | sub list_volumes { | |
400 | my ($class, $storeid, $scfg, $vmid, $content_types) = @_; | |
401 | ||
402 | my $res = []; | |
403 | ||
404 | return $res if !grep { $_ eq 'backup' } @$content_types; | |
405 | ||
406 | my $data = run_client_cmd($scfg, $storeid, "snapshots"); | |
407 | ||
408 | foreach my $item (@$data) { | |
409 | my $btype = $item->{"backup-type"}; | |
410 | my $bid = $item->{"backup-id"}; | |
545e127e | 411 | my $epoch = $item->{"backup-time"}; |
271fe394 DM |
412 | my $size = $item->{size} // 1; |
413 | ||
414 | next if !($btype eq 'vm' || $btype eq 'ct'); | |
415 | next if $bid !~ m/^\d+$/; | |
ddf7fdaa | 416 | next if defined($vmid) && $bid ne $vmid; |
271fe394 | 417 | |
8602fd56 | 418 | my $volid = print_volid($storeid, $btype, $bid, $epoch); |
271fe394 | 419 | |
545e127e | 420 | my $info = { |
c05b1a8c TL |
421 | volid => $volid, |
422 | format => "pbs-$btype", | |
423 | size => $size, | |
424 | content => 'backup', | |
425 | vmid => int($bid), | |
426 | ctime => $epoch, | |
545e127e | 427 | }; |
271fe394 DM |
428 | |
429 | push @$res, $info; | |
430 | } | |
431 | ||
432 | return $res; | |
433 | } | |
434 | ||
435 | sub status { | |
436 | my ($class, $storeid, $scfg, $cache) = @_; | |
437 | ||
438 | my $total = 0; | |
439 | my $free = 0; | |
440 | my $used = 0; | |
441 | my $active = 0; | |
442 | ||
443 | eval { | |
444 | my $res = run_client_cmd($scfg, $storeid, "status"); | |
445 | ||
446 | $active = 1; | |
447 | $total = $res->{total}; | |
448 | $used = $res->{used}; | |
f155c912 TL |
449 | $free = $res->{avail}; |
450 | }; | |
271fe394 DM |
451 | if (my $err = $@) { |
452 | warn $err; | |
453 | } | |
454 | ||
455 | return ($total, $free, $used, $active); | |
456 | } | |
457 | ||
458 | sub activate_storage { | |
459 | my ($class, $storeid, $scfg, $cache) = @_; | |
bb0a0f96 TL |
460 | |
461 | run_client_cmd($scfg, $storeid, "status"); | |
462 | ||
271fe394 DM |
463 | return 1; |
464 | } | |
465 | ||
466 | sub deactivate_storage { | |
467 | my ($class, $storeid, $scfg, $cache) = @_; | |
468 | return 1; | |
469 | } | |
470 | ||
471 | sub activate_volume { | |
472 | my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_; | |
473 | ||
474 | die "volume snapshot is not possible on pbs device" if $snapname; | |
475 | ||
476 | return 1; | |
477 | } | |
478 | ||
479 | sub deactivate_volume { | |
480 | my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_; | |
481 | ||
482 | die "volume snapshot is not possible on pbs device" if $snapname; | |
483 | ||
484 | return 1; | |
485 | } | |
486 | ||
487 | sub volume_size_info { | |
488 | my ($class, $scfg, $storeid, $volname, $timeout) = @_; | |
489 | ||
490 | my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname); | |
491 | ||
492 | my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]); | |
493 | ||
494 | my $size = 0; | |
495 | foreach my $info (@$data) { | |
496 | $size += $info->{size} if $info->{size}; | |
497 | } | |
498 | ||
499 | my $used = $size; | |
500 | ||
501 | return wantarray ? ($size, $format, $used, undef) : $size; | |
502 | } | |
503 | ||
504 | sub volume_resize { | |
505 | my ($class, $scfg, $storeid, $volname, $size, $running) = @_; | |
506 | die "volume resize is not possible on pbs device"; | |
507 | } | |
508 | ||
509 | sub volume_snapshot { | |
510 | my ($class, $scfg, $storeid, $volname, $snap) = @_; | |
511 | die "volume snapshot is not possible on pbs device"; | |
512 | } | |
513 | ||
514 | sub volume_snapshot_rollback { | |
515 | my ($class, $scfg, $storeid, $volname, $snap) = @_; | |
516 | die "volume snapshot rollback is not possible on pbs device"; | |
517 | } | |
518 | ||
519 | sub volume_snapshot_delete { | |
520 | my ($class, $scfg, $storeid, $volname, $snap) = @_; | |
521 | die "volume snapshot delete is not possible on pbs device"; | |
522 | } | |
523 | ||
524 | sub volume_has_feature { | |
525 | my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_; | |
526 | ||
527 | return undef; | |
528 | } | |
529 | ||
530 | 1; |