]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
proxmox-rest-server: pass owned RestEnvironment to get_index
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
6680878b
DM		 4use std::future::Future;
5use std::pin::Pin;
a2479cfa 6
f7d4e4b5 7use anyhow::{bail, format_err, Error};
a2479cfa 8use futures::*;
7fa9a37c
DM		 9use http::request::Parts;
10use http::Response;
11use hyper::{Body, StatusCode};
12use hyper::header;
13use url::form_urlencoded;
ea368a06 14
a2479cfa 15use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 16use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 17use serde_json::{json, Value};
a2479cfa 18
9ea4bce4 19use proxmox::try_block;
48176b0a 20use proxmox::api::{RpcEnvironment, RpcEnvironmentType};
32413921 21use proxmox::sys::linux::socket::set_tcp_keepalive;
fd6d2438
DM		 22use proxmox::tools::fs::CreateOptions;
23
1ec0d70d 24use pbs_tools::task_log;
6d5d305d 25use pbs_datastore::DataStore;
48176b0a
DM		 26use proxmox_rest_server::{
27 rotate_task_log_archive, extract_cookie , ApiConfig, RestServer, RestEnvironment, WorkerTask,
28};
a2479cfa 29
1298618a 30use proxmox_backup::{
1298618a 31 server::{
26858dba 32 auth::default_api_auth,
1298618a
DM		 33 jobstate::{
34 self,
35 Job,
36 },
1298618a 37 },
1298618a
DM		 38};
39
af06decd 40use pbs_buildcfg::configdir;
84af82e8 41use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
6c76aa43 42use pbs_tools::logrotate::LogRotate;
1298618a 43
89725197
DM		 44use pbs_api_types::{
45 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
46 PruneOptions,
47};
e7d4be9d 48
8bca935f
DM		 49use proxmox_rest_server::daemon;
50
e3f41f21 51use proxmox_backup::server;
d01e2420 52use proxmox_backup::auth_helpers::*;
97168f92 53use proxmox_backup::tools::{
32413921 54 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 55 disks::{
56 DiskManage,
57 zfs_pool_stats,
368f4c54 58 get_pool_from_dataset,
97168f92 59 },
97168f92 60};
02c7a755 61
e7d4be9d 62
a13573c2 63use proxmox_backup::api2::pull::do_sync_job;
8513626b 64use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 65use proxmox_backup::server::do_verification_job;
b8d90798 66use proxmox_backup::server::do_prune_job;
a13573c2 67
946c3e8a 68fn main() -> Result<(), Error> {
ac7513e3
DM		 69 proxmox_backup::tools::setup_safe_path_env();
70
21211748
DM		 71 let backup_uid = pbs_config::backup_user()?.uid;
72 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 73 let running_uid = nix::unistd::Uid::effective();
74 let running_gid = nix::unistd::Gid::effective();
75
76 if running_uid != backup_uid || running_gid != backup_gid {
77 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
78 }
79
d420962f 80 pbs_runtime::main(run())
4223d9f8
DM		 81}
82
48176b0a
DM		 83
84fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
85 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
86 return extract_cookie(cookie, "PBSLangCookie");
87 }
88 None
89}
90
6680878b 91fn get_index<'a>(
48176b0a 92 env: RestEnvironment,
6680878b
DM		 93 parts: Parts,
94) -> Pin<Box<dyn Future<Output = Response<Body>> + Send + 'a>> {
48176b0a 95 Box::pin(get_index_future(env, parts))
6680878b
DM		 96}
97
98async fn get_index_future(
48176b0a 99 env: RestEnvironment,
7fa9a37c
DM		 100 parts: Parts,
101) -> Response<Body> {
102
48176b0a
DM		 103 let auth_id = env.get_auth_id();
104 let api = env.api_config();
105 let language = extract_lang_header(&parts.headers);
106
107 // fixme: make all IO async
6680878b 108
7fa9a37c
DM		 109 let (userid, csrf_token) = match auth_id {
110 Some(auth_id) => {
111 let auth_id = auth_id.parse::<Authid>();
112 match auth_id {
113 Ok(auth_id) if !auth_id.is_token() => {
114 let userid = auth_id.user().clone();
115 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
116 (Some(userid), Some(new_csrf_token))
117 }
118 _ => (None, None)
119 }
120 }
121 None => (None, None),
122 };
123
124 let nodename = proxmox::tools::nodename();
125 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
126
127 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
128
129 let mut debug = false;
130 let mut template_file = "index";
131
132 if let Some(query_str) = parts.uri.query() {
133 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
134 if k == "debug" && v != "0" && v != "false" {
135 debug = true;
136 } else if k == "console" {
137 template_file = "console";
138 }
139 }
140 }
141
142 let mut lang = String::from("");
143 if let Some(language) = language {
144 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
145 lang = language;
146 }
147 }
148
149 let data = json!({
150 "NodeName": nodename,
151 "UserName": user,
152 "CSRFPreventionToken": csrf_token,
153 "language": lang,
154 "debug": debug,
155 });
156
157 let (ct, index) = match api.render_template(template_file, &data) {
158 Ok(index) => ("text/html", index),
159 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
160 };
161
162 let mut resp = Response::builder()
163 .status(StatusCode::OK)
164 .header(header::CONTENT_TYPE, ct)
165 .body(index.into())
166 .unwrap();
167
168 if let Some(userid) = userid {
169 resp.extensions_mut().insert(Authid::from((userid, None)));
170 }
171
172 resp
173}
174
fda5797b 175async fn run() -> Result<(), Error> {
02c7a755
DM		 176 if let Err(err) = syslog::init(
177 syslog::Facility::LOG_DAEMON,
178 log::LevelFilter::Info,
179 Some("proxmox-backup-proxy")) {
4223d9f8 180 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 181 }
182
e1d367df
DM		 183 // Note: To debug early connection error use
184 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
185 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
186
d01e2420
DM		 187 let _ = public_auth_key(); // load with lazy_static
188 let _ = csrf_secret(); // load with lazy_static
189
02c7a755 190 let mut config = ApiConfig::new(
af06decd 191 pbs_buildcfg::JS_DIR,
26858dba
SR		 192 &proxmox_backup::api2::ROUTER,
193 RpcEnvironmentType::PUBLIC,
194 default_api_auth(),
6680878b 195 &get_index,
26858dba 196 )?;
02c7a755 197
02c7a755
DM		 198 config.add_alias("novnc", "/usr/share/novnc-pve");
199 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 200 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 201 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
202 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 203 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 204 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 205 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 206
af06decd 207 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 208 indexpath.push("index.hbs");
209 config.register_template("index", &indexpath)?;
01ca99da 210 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 211
fd6d2438 212 let backup_user = pbs_config::backup_user()?;
49e25688 213 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 214
215 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
216 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 217
0d5d15c9 218 config.enable_access_log(
fd6d2438 219 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 220 Some(dir_opts.clone()),
221 Some(file_opts.clone()),
222 &mut commando_sock,
223 )?;
224
225 config.enable_auth_log(
226 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 227 Some(dir_opts.clone()),
228 Some(file_opts.clone()),
fd6d2438
DM		 229 &mut commando_sock,
230 )?;
8e7e2223 231
02c7a755 232 let rest_server = RestServer::new(config);
b9700a9f 233 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 234
6d1f61b2 235 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 236
4ce7da51 237 // we build the initial acceptor here as we cannot start if this fails
c381a162 238 let acceptor = make_tls_acceptor()?;
4ce7da51 239 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 240
4ce7da51 241 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 242 commando_sock.register_command(
243 "reload-certificate".to_string(),
244 {
4ce7da51 245 let acceptor = Arc::clone(&acceptor);
a723c087 246 move |_value| -> Result<_, Error> {
4ce7da51
DM		 247 log::info!("reloading certificate");
248 match make_tls_acceptor() {
249 Err(err) => log::error!("error reloading certificate: {}", err),
250 Ok(new_acceptor) => {
251 let mut guard = acceptor.lock().unwrap();
252 *guard = new_acceptor;
253 }
254 }
a723c087
WB		 255 Ok(Value::Null)
256 }
257 },
258 )?;
0d176f36 259
062cf75c
DC		 260 // to remove references for not configured datastores
261 commando_sock.register_command(
262 "datastore-removed".to_string(),
263 |_value| {
6d5d305d 264 if let Err(err) = DataStore::remove_unused_datastores() {
062cf75c
DC		 265 log::error!("could not refresh datastores: {}", err);
266 }
267 Ok(Value::Null)
268 }
269 )?;
270
a690ecac
WB		 271 let server = daemon::create_daemon(
272 ([0,0,0,0,0,0,0,0], 8007).into(),
d2654200 273 move |listener| {
97168f92 274
4ce7da51 275 let connections = accept_connections(listener, acceptor, debug);
7c667013 276 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd 277
d2654200
DM		 278 Ok(async {
279 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
280
281 hyper::Server::builder(connections)
083ff3fd 282 .serve(rest_server)
fd6d2438 283 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd 284 .map_err(Error::from)
d2654200
DM		 285 .await
286 })
a2ca7137 287 },
083ff3fd 288 );
a2ca7137 289
b9700a9f 290 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a 291
fda5797b 292 let init_result: Result<(), Error> = try_block!({
b9700a9f 293 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 294 commando_sock.spawn()?;
fd1b65cc
DM		 295 proxmox_rest_server::catch_shutdown_signal()?;
296 proxmox_rest_server::catch_reload_signal()?;
fda5797b
WB		 297 Ok(())
298 });
d607b886 299
fda5797b
WB		 300 if let Err(err) = init_result {
301 bail!("unable to start daemon - {}", err);
302 }
e3f41f21 303
8545480a 304 start_task_scheduler();
eaeda365 305 start_stat_generator();
8545480a 306
083ff3fd 307 server.await?;
a546a8a0 308 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 309 proxmox_rest_server::last_worker_future().await?;
fda5797b 310 log::info!("done - exit server");
e3f41f21 311
4223d9f8 312 Ok(())
02c7a755 313}
8545480a 314
4ce7da51 315fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 316 let key_path = configdir!("/proxy.key");
317 let cert_path = configdir!("/proxy.pem");
318
319 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
320 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
321 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
322 acceptor.set_certificate_chain_file(cert_path)
323 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
324 acceptor.check_private_key().unwrap();
325
4ce7da51 326 Ok(acceptor.build())
c381a162
WB		 327}
328
a5e3be49
WB		 329type ClientStreamResult =
330 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
331const MAX_PENDING_ACCEPTS: usize = 1024;
332
48aa2b93 333fn accept_connections(
0bfcea6a 334 listener: tokio::net::TcpListener,
4ce7da51 335 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 336 debug: bool,
a5e3be49 337) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 338
ea93bea7 339 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 340
4ce7da51 341 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 342
343 receiver
344}
345
346async fn accept_connection(
347 listener: tokio::net::TcpListener,
4ce7da51 348 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 349 debug: bool,
350 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
351) {
ea93bea7 352 let accept_counter = Arc::new(());
48aa2b93 353
a5e3be49 354 loop {
4ce7da51
DM		 355 let (sock, _addr) = match listener.accept().await {
356 Ok(conn) => conn,
357 Err(err) => {
358 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 359 continue;
a5e3be49 360 }
cc269b9f 361 };
48aa2b93 362
cc269b9f
WB		 363 sock.set_nodelay(true).unwrap();
364 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 365
4ce7da51
DM		 366 let ssl = { // limit acceptor_guard scope
367 // Acceptor can be reloaded using the command socket "reload-certificate" command
368 let acceptor_guard = acceptor.lock().unwrap();
369
370 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
371 Ok(ssl) => ssl,
372 Err(err) => {
373 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
374 continue;
375 },
376 }
cc269b9f 377 };
4ce7da51 378
cc269b9f
WB		 379 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
380 Ok(stream) => stream,
381 Err(err) => {
382 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
383 continue;
384 },
385 };
386
387 let mut stream = Box::pin(stream);
388 let sender = sender.clone();
389
390 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
391 eprintln!("connection rejected - to many open connections");
392 continue;
48aa2b93 393 }
cc269b9f 394
b4931192 395 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 396 tokio::spawn(async move {
397 let accept_future = tokio::time::timeout(
398 Duration::new(10, 0), stream.as_mut().accept());
399
400 let result = accept_future.await;
401
402 match result {
403 Ok(Ok(())) => {
404 if sender.send(Ok(stream)).await.is_err() && debug {
405 eprintln!("detect closed connection channel");
406 }
407 }
408 Ok(Err(err)) => {
409 if debug {
410 eprintln!("https handshake failed - {}", err);
411 }
412 }
413 Err(_) => {
414 if debug {
415 eprintln!("https handshake timeout");
416 }
417 }
418 }
419
420 drop(accept_counter); // decrease reference count
421 });
a5e3be49 422 }
48aa2b93
DM		 423}
424
eaeda365 425fn start_stat_generator() {
fd6d2438 426 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 427 let future = Box::pin(run_stat_generator());
428 let task = futures::future::select(future, abort_future);
429 tokio::spawn(task.map(|_| ()));
430}
431
8545480a 432fn start_task_scheduler() {
fd6d2438 433 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 434 let future = Box::pin(run_task_scheduler());
435 let task = futures::future::select(future, abort_future);
436 tokio::spawn(task.map(|_| ()));
437}
438
6a7be83e 439use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 440
441fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 442 let now = SystemTime::now();
443 let epoch_now = now.duration_since(UNIX_EPOCH)?;
444 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 445 Ok(Instant::now() + epoch_next - epoch_now)
446}
447
448async fn run_task_scheduler() {
449
450 let mut count: usize = 0;
451
452 loop {
453 count += 1;
454
455 let delay_target = match next_minute() { // try to run very minute
456 Ok(d) => d,
457 Err(err) => {
458 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 459 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 460 continue;
461 }
462 };
463
464 if count > 2 { // wait 1..2 minutes before starting
465 match schedule_tasks().catch_unwind().await {
466 Err(panic) => {
467 match panic.downcast::<&str>() {
468 Ok(msg) => {
469 eprintln!("task scheduler panic: {}", msg);
470 }
471 Err(_) => {
472 eprintln!("task scheduler panic - unknown type");
473 }
474 }
475 }
476 Ok(Err(err)) => {
477 eprintln!("task scheduler failed - {:?}", err);
478 }
479 Ok(Ok(_)) => {}
480 }
481 }
482
0a8d773a 483 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 484 }
485}
486
487async fn schedule_tasks() -> Result<(), Error> {
488
489 schedule_datastore_garbage_collection().await;
25829a87 490 schedule_datastore_prune().await;
a6160cdf 491 schedule_datastore_sync_jobs().await;
73df9c51 492 schedule_datastore_verify_jobs().await;
8513626b 493 schedule_tape_backup_jobs().await;
9a760917 494 schedule_task_log_rotate().await;
8545480a
DM		 495
496 Ok(())
497}
498
8545480a
DM		 499async fn schedule_datastore_garbage_collection() {
500
e7d4be9d 501 let config = match pbs_config::datastore::config() {
8545480a
DM		 502 Err(err) => {
503 eprintln!("unable to read datastore config - {}", err);
504 return;
505 }
506 Ok((config, _digest)) => config,
507 };
508
509 for (store, (_, store_config)) in config.sections {
510 let datastore = match DataStore::lookup_datastore(&store) {
511 Ok(datastore) => datastore,
512 Err(err) => {
513 eprintln!("lookup_datastore failed - {}", err);
514 continue;
515 }
516 };
517
25829a87 518 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 519 Ok(c) => c,
520 Err(err) => {
521 eprintln!("datastore config from_value failed - {}", err);
522 continue;
523 }
524 };
525
526 let event_str = match store_config.gc_schedule {
527 Some(event_str) => event_str,
528 None => continue,
529 };
530
531 let event = match parse_calendar_event(&event_str) {
532 Ok(event) => event,
533 Err(err) => {
534 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
535 continue;
536 }
537 };
538
539 if datastore.garbage_collection_running() { continue; }
540
541 let worker_type = "garbage_collection";
542
b6ba5acd
DC		 543 let last = match jobstate::last_run_time(worker_type, &store) {
544 Ok(time) => time,
545 Err(err) => {
546 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
547 continue;
8545480a
DM		 548 }
549 };
550
551 let next = match compute_next_event(&event, last, false) {
15ec790a
DC		 552 Ok(Some(next)) => next,
553 Ok(None) => continue,
8545480a
DM		 554 Err(err) => {
555 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
556 continue;
557 }
558 };
e693818a 559
6a7be83e
DM		 560 let now = proxmox::tools::time::epoch_i64();
561
8545480a
DM		 562 if next > now { continue; }
563
1cd951c9 564 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 565 Ok(job) => job,
566 Err(_) => continue, // could not get lock
567 };
568
ad54df31 569 let auth_id = Authid::root_auth_id();
d7a122a0 570
c724f658 571 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 572 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 573 }
574 }
575}
25829a87
DM		 576
577async fn schedule_datastore_prune() {
578
e7d4be9d 579 let config = match pbs_config::datastore::config() {
25829a87
DM		 580 Err(err) => {
581 eprintln!("unable to read datastore config - {}", err);
582 return;
583 }
584 Ok((config, _digest)) => config,
585 };
586
587 for (store, (_, store_config)) in config.sections {
25829a87
DM		 588
589 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
590 Ok(c) => c,
591 Err(err) => {
a6160cdf 592 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 593 continue;
594 }
595 };
596
597 let event_str = match store_config.prune_schedule {
598 Some(event_str) => event_str,
599 None => continue,
600 };
601
602 let prune_options = PruneOptions {
603 keep_last: store_config.keep_last,
604 keep_hourly: store_config.keep_hourly,
605 keep_daily: store_config.keep_daily,
606 keep_weekly: store_config.keep_weekly,
607 keep_monthly: store_config.keep_monthly,
608 keep_yearly: store_config.keep_yearly,
609 };
610
89725197 611 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 612 continue;
613 }
614
25829a87 615 let worker_type = "prune";
b15751bf 616 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 617 let job = match Job::new(worker_type, &store) {
618 Ok(job) => job,
619 Err(_) => continue, // could not get lock
620 };
25829a87 621
ad54df31 622 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 623 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
624 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 625 }
626 };
25829a87
DM		 627 }
628}
a6160cdf
DM		 629
630async fn schedule_datastore_sync_jobs() {
631
a6160cdf 632
a4e5a0fc 633 let config = match pbs_config::sync::config() {
a6160cdf
DM		 634 Err(err) => {
635 eprintln!("unable to read sync job config - {}", err);
636 return;
637 }
638 Ok((config, _digest)) => config,
639 };
640
a6160cdf
DM		 641 for (job_id, (_, job_config)) in config.sections {
642 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
643 Ok(c) => c,
644 Err(err) => {
645 eprintln!("sync job config from_value failed - {}", err);
646 continue;
647 }
648 };
649
650 let event_str = match job_config.schedule {
651 Some(ref event_str) => event_str.clone(),
652 None => continue,
653 };
654
c67b1fa7 655 let worker_type = "syncjob";
b15751bf 656 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 657 let job = match Job::new(worker_type, &job_id) {
658 Ok(job) => job,
659 Err(_) => continue, // could not get lock
660 };
a6160cdf 661
ad54df31 662 let auth_id = Authid::root_auth_id().clone();
bfa942c0 663 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 664 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 665 }
666 };
a6160cdf
DM		 667 }
668}
eaeda365 669
73df9c51 670async fn schedule_datastore_verify_jobs() {
1298618a 671
802189f7 672 let config = match pbs_config::verify::config() {
73df9c51
HL		 673 Err(err) => {
674 eprintln!("unable to read verification job config - {}", err);
675 return;
676 }
677 Ok((config, _digest)) => config,
678 };
679 for (job_id, (_, job_config)) in config.sections {
680 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
681 Ok(c) => c,
682 Err(err) => {
683 eprintln!("verification job config from_value failed - {}", err);
684 continue;
685 }
686 };
687 let event_str = match job_config.schedule {
688 Some(ref event_str) => event_str.clone(),
689 None => continue,
690 };
82c05b41 691
73df9c51 692 let worker_type = "verificationjob";
ad54df31 693 let auth_id = Authid::root_auth_id().clone();
b15751bf 694 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 695 let job = match Job::new(&worker_type, &job_id) {
696 Ok(job) => job,
697 Err(_) => continue, // could not get lock
698 };
bfa942c0 699 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 700 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 701 }
702 };
73df9c51
HL		 703 }
704}
705
8513626b
DM		 706async fn schedule_tape_backup_jobs() {
707
e3619d41 708 let config = match pbs_config::tape_job::config() {
8513626b
DM		 709 Err(err) => {
710 eprintln!("unable to read tape job config - {}", err);
711 return;
712 }
713 Ok((config, _digest)) => config,
714 };
715 for (job_id, (_, job_config)) in config.sections {
716 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
717 Ok(c) => c,
718 Err(err) => {
719 eprintln!("tape backup job config from_value failed - {}", err);
720 continue;
721 }
722 };
723 let event_str = match job_config.schedule {
724 Some(ref event_str) => event_str.clone(),
725 None => continue,
726 };
727
728 let worker_type = "tape-backup-job";
729 let auth_id = Authid::root_auth_id().clone();
730 if check_schedule(worker_type, &event_str, &job_id) {
731 let job = match Job::new(&worker_type, &job_id) {
732 Ok(job) => job,
733 Err(_) => continue, // could not get lock
734 };
bfa942c0 735 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 736 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 737 }
738 };
739 }
740}
741
742
9a760917 743async fn schedule_task_log_rotate() {
9a760917
DC		 744
745 let worker_type = "logrotate";
72aa1834 746 let job_id = "access-log_and_task-archive";
9a760917 747
9a760917
DC		 748 // schedule daily at 00:00 like normal logrotate
749 let schedule = "00:00";
750
b15751bf 751 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 752 // if we never ran the rotation, schedule instantly
753 match jobstate::JobState::load(worker_type, job_id) {
754 Ok(state) => match state {
755 jobstate::JobState::Created { .. } => {},
756 _ => return,
757 },
758 _ => return,
759 }
760 }
761
762 let mut job = match Job::new(worker_type, job_id) {
763 Ok(job) => job,
764 Err(_) => return, // could not get lock
765 };
766
767 if let Err(err) = WorkerTask::new_thread(
768 worker_type,
72aa1834 769 None,
049a22a3 770 Authid::root_auth_id().to_string(),
9a760917
DC		 771 false,
772 move |worker| {
773 job.start(&worker.upid().to_string())?;
1ec0d70d 774 task_log!(worker, "starting task log rotation");
e4f5f59e 775
9a760917 776 let result = try_block!({
b7f2be51
TL		 777 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
778 let max_files = 20; // times twenty files gives > 100000 task entries
9a760917
DC		 779 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
780 if has_rotated {
1ec0d70d 781 task_log!(worker, "task log archive was rotated");
9a760917 782 } else {
1ec0d70d 783 task_log!(worker, "task log archive was not rotated");
9a760917
DC		 784 }
785
fe4cc5b1
TL		 786 let max_size = 32 * 1024 * 1024 - 1;
787 let max_files = 14;
af06decd 788 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
fe4cc5b1
TL		 789 .ok_or_else(|| format_err!("could not get API access log file names"))?;
790
fe7bdc9d 791 if logrotate.rotate(max_size, None, Some(max_files))? {
fe4cc5b1 792 println!("rotated access log, telling daemons to re-open log file");
36b7085e 793 pbs_runtime::block_on(command_reopen_access_logfiles())?;
1ec0d70d 794 task_log!(worker, "API access log was rotated");
fe7bdc9d 795 } else {
1ec0d70d 796 task_log!(worker, "API access log was not rotated");
fe7bdc9d
TL		 797 }
798
af06decd 799 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
fe7bdc9d 800 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
fe4cc5b1 801
fe7bdc9d 802 if logrotate.rotate(max_size, None, Some(max_files))? {
36b7085e
DM		 803 println!("rotated auth log, telling daemons to re-open log file");
804 pbs_runtime::block_on(command_reopen_auth_logfiles())?;
1ec0d70d 805 task_log!(worker, "API authentication log was rotated");
fe4cc5b1 806 } else {
1ec0d70d 807 task_log!(worker, "API authentication log was not rotated");
fe4cc5b1
TL		 808 }
809
9a760917
DC		 810 Ok(())
811 });
812
813 let status = worker.create_state(&result);
814
815 if let Err(err) = job.finish(status) {
816 eprintln!("could not finish job state for {}: {}", worker_type, err);
817 }
818
819 result
820 },
821 ) {
822 eprintln!("unable to start task log rotation: {}", err);
823 }
824
825}
826
36b7085e 827async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 828 // only care about the most recent daemon instance for each, proxy & api, as other older ones
829 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 830 let sock = proxmox_rest_server::our_ctrl_sock();
fd6d2438 831 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 832
b9700a9f
DM		 833 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
834 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
fd6d2438 835 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 836
837 match futures::join!(f1, f2) {
838 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
839 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 840 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
841 _ => Ok(()),
842 }
843}
844
845async fn command_reopen_auth_logfiles() -> Result<(), Error> {
846 // only care about the most recent daemon instance for each, proxy & api, as other older ones
847 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 848 let sock = proxmox_rest_server::our_ctrl_sock();
36b7085e
DM		 849 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
850
b9700a9f
DM		 851 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
852 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
36b7085e
DM		 853 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
854
855 match futures::join!(f1, f2) {
856 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
857 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 858 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
859 _ => Ok(()),
860 }
fe4cc5b1
TL		 861}
862
eaeda365
DM		 863async fn run_stat_generator() {
864
013fa7bb 865 let mut count = 0;
eaeda365 866 loop {
013fa7bb 867 count += 1;
a720894f 868 let save = if count >= 6 { count = 0; true } else { false };
013fa7bb 869
eaeda365
DM		 870 let delay_target = Instant::now() + Duration::from_secs(10);
871
013fa7bb 872 generate_host_stats(save).await;
eaeda365 873
0a8d773a 874 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 875
876 }
eaeda365
DM		 877
878}
879
013fa7bb 880fn rrd_update_gauge(name: &str, value: f64, save: bool) {
309ef20d 881 use proxmox_backup::rrd;
013fa7bb 882 if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) {
309ef20d
DM		 883 eprintln!("rrd::update_value '{}' failed - {}", name, err);
884 }
885}
886
013fa7bb 887fn rrd_update_derive(name: &str, value: f64, save: bool) {
309ef20d 888 use proxmox_backup::rrd;
013fa7bb 889 if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) {
309ef20d
DM		 890 eprintln!("rrd::update_value '{}' failed - {}", name, err);
891 }
892}
893
013fa7bb 894async fn generate_host_stats(save: bool) {
8f0cec26 895 use proxmox::sys::linux::procfs::{
485841da 896 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 897
d420962f 898 pbs_runtime::block_in_place(move || {
4f951399
DM		 899
900 match read_proc_stat() {
901 Ok(stat) => {
013fa7bb
DM		 902 rrd_update_gauge("host/cpu", stat.cpu, save);
903 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
4f951399
DM		 904 }
905 Err(err) => {
906 eprintln!("read_proc_stat failed - {}", err);
eaeda365
DM		 907 }
908 }
2c66a590 909
4f951399
DM		 910 match read_meminfo() {
911 Ok(meminfo) => {
013fa7bb
DM		 912 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
913 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
914 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
915 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
a4a3f7ca 916 }
4f951399
DM		 917 Err(err) => {
918 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca
DM		 919 }
920 }
8f0cec26 921
4f951399
DM		 922 match read_proc_net_dev() {
923 Ok(netdev) => {
6f422880 924 use pbs_config::network::is_physical_nic;
4f951399
DM		 925 let mut netin = 0;
926 let mut netout = 0;
927 for item in netdev {
928 if !is_physical_nic(&item.device) { continue; }
929 netin += item.receive;
930 netout += item.send;
931 }
013fa7bb
DM		 932 rrd_update_derive("host/netin", netin as f64, save);
933 rrd_update_derive("host/netout", netout as f64, save);
8f0cec26 934 }
4f951399
DM		 935 Err(err) => {
936 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26
DM		 937 }
938 }
dd15c0aa 939
485841da
DM		 940 match read_loadavg() {
941 Ok(loadavg) => {
013fa7bb 942 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
485841da
DM		 943 }
944 Err(err) => {
945 eprintln!("read_loadavg failed - {}", err);
946 }
947 }
948
8c03041a
DM		 949 let disk_manager = DiskManage::new();
950
013fa7bb 951 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
91e5bb49 952
e7d4be9d 953 match pbs_config::datastore::config() {
d0833a70 954 Ok((config, _)) => {
e7d4be9d 955 let datastore_list: Vec<DataStoreConfig> =
17c7b46a 956 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70
DM		 957
958 for config in datastore_list {
8c03041a 959
91e5bb49 960 let rrd_prefix = format!("datastore/{}", config.name);
8c03041a 961 let path = std::path::Path::new(&config.path);
013fa7bb 962 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
d0833a70
DM		 963 }
964 }
965 Err(err) => {
966 eprintln!("read datastore config failed - {}", err);
967 }
968 }
969
4f951399 970 });
eaeda365 971}
dd15c0aa 972
b15751bf
DM		 973fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
974 let event = match parse_calendar_event(event_str) {
82c05b41
HL		 975 Ok(event) => event,
976 Err(err) => {
977 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
978 return false;
979 }
980 };
981
b15751bf 982 let last = match jobstate::last_run_time(worker_type, &id) {
82c05b41
HL		 983 Ok(time) => time,
984 Err(err) => {
985 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
986 return false;
987 }
988 };
989
990 let next = match compute_next_event(&event, last, false) {
991 Ok(Some(next)) => next,
992 Ok(None) => return false,
993 Err(err) => {
994 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
995 return false;
996 }
997 };
998
999 let now = proxmox::tools::time::epoch_i64();
1000 next <= now
1001}
1002
013fa7bb 1003fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
91e5bb49 1004
934f5bb8 1005 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 1006 Ok(status) => {
91e5bb49 1007 let rrd_key = format!("{}/total", rrd_prefix);
33070956 1008 rrd_update_gauge(&rrd_key, status.total as f64, save);
91e5bb49 1009 let rrd_key = format!("{}/used", rrd_prefix);
33070956 1010 rrd_update_gauge(&rrd_key, status.used as f64, save);
91e5bb49
DM		 1011 }
1012 Err(err) => {
1013 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1014 }
1015 }
1016
934f5bb8
DM		 1017 match disk_manager.find_mounted_device(path) {
1018 Ok(None) => {},
1019 Ok(Some((fs_type, device, source))) => {
1020 let mut device_stat = None;
1021 match fs_type.as_str() {
1022 "zfs" => {
368f4c54
DC		 1023 if let Some(source) = source {
1024 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1025 match zfs_pool_stats(pool) {
934f5bb8
DM		 1026 Ok(stat) => device_stat = stat,
1027 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
91e5bb49
DM		 1028 }
1029 }
934f5bb8
DM		 1030 }
1031 _ => {
1032 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1033 match disk.read_stat() {
1034 Ok(stat) => device_stat = stat,
1035 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1036 }
1037 }
1038 }
91e5bb49 1039 }
934f5bb8
DM		 1040 if let Some(stat) = device_stat {
1041 let rrd_key = format!("{}/read_ios", rrd_prefix);
1042 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
1043 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1044 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
dd15c0aa 1045
934f5bb8
DM		 1046 let rrd_key = format!("{}/write_ios", rrd_prefix);
1047 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
1048 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1049 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
dd15c0aa 1050
934f5bb8
DM		 1051 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1052 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
8c03041a
DM		 1053 }
1054 }
934f5bb8
DM		 1055 Err(err) => {
1056 eprintln!("find_mounted_device failed - {}", err);
1057 }
8c03041a 1058 }
8c03041a 1059}
Proxmox Backup Server and Client