]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
implement a traffic control cache for fast rate control limiter lockups
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
6680878b
DM		 4use std::future::Future;
5use std::pin::Pin;
a2479cfa 6
f7d4e4b5 7use anyhow::{bail, format_err, Error};
a2479cfa 8use futures::*;
7fa9a37c
DM		 9use http::request::Parts;
10use http::Response;
11use hyper::{Body, StatusCode};
12use hyper::header;
13use url::form_urlencoded;
ea368a06 14
a2479cfa 15use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 16use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 17use serde_json::{json, Value};
608806e8 18use http::{Method, HeaderMap};
a2479cfa 19
32413921 20use proxmox::sys::linux::socket::set_tcp_keepalive;
fd6d2438 21use proxmox::tools::fs::CreateOptions;
6ef1b649
WB		 22use proxmox_lang::try_block;
23use proxmox_router::{RpcEnvironment, RpcEnvironmentType, UserInformation};
fd6d2438 24
0e1edf19 25use pbs_tools::{task_log, task_warn};
6d5d305d 26use pbs_datastore::DataStore;
09340f28 27
48176b0a 28use proxmox_rest_server::{
608806e8 29 rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
0e1edf19 30 ServerAdapter, WorkerTask, cleanup_old_tasks,
48176b0a 31};
a2479cfa 32
98eb435d
DM		 33use proxmox_backup::rrd_cache::{
34 initialize_rrd_cache, rrd_update_gauge, rrd_update_derive, rrd_sync_journal,
35};
1298618a 36use proxmox_backup::{
1298618a 37 server::{
608806e8 38 auth::check_pbs_auth,
1298618a
DM		 39 jobstate::{
40 self,
41 Job,
42 },
1298618a 43 },
1298618a
DM		 44};
45
af06decd 46use pbs_buildcfg::configdir;
84af82e8 47use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
6c76aa43 48use pbs_tools::logrotate::LogRotate;
1298618a 49
89725197
DM		 50use pbs_api_types::{
51 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
52 PruneOptions,
53};
e7d4be9d 54
8bca935f
DM		 55use proxmox_rest_server::daemon;
56
e3f41f21 57use proxmox_backup::server;
d01e2420 58use proxmox_backup::auth_helpers::*;
97168f92 59use proxmox_backup::tools::{
32413921 60 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 61 disks::{
62 DiskManage,
63 zfs_pool_stats,
368f4c54 64 get_pool_from_dataset,
97168f92 65 },
97168f92 66};
02c7a755 67
e7d4be9d 68
a13573c2 69use proxmox_backup::api2::pull::do_sync_job;
8513626b 70use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 71use proxmox_backup::server::do_verification_job;
b8d90798 72use proxmox_backup::server::do_prune_job;
a13573c2 73
946c3e8a 74fn main() -> Result<(), Error> {
ac7513e3
DM		 75 proxmox_backup::tools::setup_safe_path_env();
76
21211748
DM		 77 let backup_uid = pbs_config::backup_user()?.uid;
78 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 79 let running_uid = nix::unistd::Uid::effective();
80 let running_gid = nix::unistd::Gid::effective();
81
82 if running_uid != backup_uid || running_gid != backup_gid {
83 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
84 }
85
d420962f 86 pbs_runtime::main(run())
4223d9f8
DM		 87}
88
48176b0a 89
608806e8
DM		 90struct ProxmoxBackupProxyAdapter;
91
92impl ServerAdapter for ProxmoxBackupProxyAdapter {
93
94 fn get_index(
95 &self,
96 env: RestEnvironment,
97 parts: Parts,
98 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
99 Box::pin(get_index_future(env, parts))
100 }
101
102 fn check_auth<'a>(
103 &'a self,
104 headers: &'a HeaderMap,
105 method: &'a Method,
106 ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
107 Box::pin(async move {
108 check_pbs_auth(headers, method).await
109 })
110 }
111}
112
48176b0a
DM		 113fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
114 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
115 return extract_cookie(cookie, "PBSLangCookie");
116 }
117 None
118}
119
6680878b 120async fn get_index_future(
48176b0a 121 env: RestEnvironment,
7fa9a37c
DM		 122 parts: Parts,
123) -> Response<Body> {
124
48176b0a
DM		 125 let auth_id = env.get_auth_id();
126 let api = env.api_config();
127 let language = extract_lang_header(&parts.headers);
128
129 // fixme: make all IO async
6680878b 130
7fa9a37c
DM		 131 let (userid, csrf_token) = match auth_id {
132 Some(auth_id) => {
133 let auth_id = auth_id.parse::<Authid>();
134 match auth_id {
135 Ok(auth_id) if !auth_id.is_token() => {
136 let userid = auth_id.user().clone();
137 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
138 (Some(userid), Some(new_csrf_token))
139 }
140 _ => (None, None)
141 }
142 }
143 None => (None, None),
144 };
145
146 let nodename = proxmox::tools::nodename();
147 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
148
149 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
150
151 let mut debug = false;
152 let mut template_file = "index";
153
154 if let Some(query_str) = parts.uri.query() {
155 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
156 if k == "debug" && v != "0" && v != "false" {
157 debug = true;
158 } else if k == "console" {
159 template_file = "console";
160 }
161 }
162 }
163
164 let mut lang = String::from("");
165 if let Some(language) = language {
166 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
167 lang = language;
168 }
169 }
170
171 let data = json!({
172 "NodeName": nodename,
173 "UserName": user,
174 "CSRFPreventionToken": csrf_token,
175 "language": lang,
176 "debug": debug,
177 });
178
179 let (ct, index) = match api.render_template(template_file, &data) {
180 Ok(index) => ("text/html", index),
181 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
182 };
183
184 let mut resp = Response::builder()
185 .status(StatusCode::OK)
186 .header(header::CONTENT_TYPE, ct)
187 .body(index.into())
188 .unwrap();
189
190 if let Some(userid) = userid {
191 resp.extensions_mut().insert(Authid::from((userid, None)));
192 }
193
194 resp
195}
196
fda5797b 197async fn run() -> Result<(), Error> {
02c7a755
DM		 198 if let Err(err) = syslog::init(
199 syslog::Facility::LOG_DAEMON,
200 log::LevelFilter::Info,
201 Some("proxmox-backup-proxy")) {
4223d9f8 202 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 203 }
204
e1d367df
DM		 205 // Note: To debug early connection error use
206 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
207 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
208
d01e2420
DM		 209 let _ = public_auth_key(); // load with lazy_static
210 let _ = csrf_secret(); // load with lazy_static
211
fa49d0fd
DM		 212 let rrd_cache = initialize_rrd_cache()?;
213 rrd_cache.apply_journal()?;
214
02c7a755 215 let mut config = ApiConfig::new(
af06decd 216 pbs_buildcfg::JS_DIR,
26858dba
SR		 217 &proxmox_backup::api2::ROUTER,
218 RpcEnvironmentType::PUBLIC,
608806e8 219 ProxmoxBackupProxyAdapter,
26858dba 220 )?;
02c7a755 221
02c7a755
DM		 222 config.add_alias("novnc", "/usr/share/novnc-pve");
223 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 224 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 225 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
226 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 227 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 228 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 229 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 230
af06decd 231 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 232 indexpath.push("index.hbs");
233 config.register_template("index", &indexpath)?;
01ca99da 234 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 235
fd6d2438 236 let backup_user = pbs_config::backup_user()?;
49e25688 237 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 238
239 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
240 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 241
0d5d15c9 242 config.enable_access_log(
fd6d2438 243 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 244 Some(dir_opts.clone()),
245 Some(file_opts.clone()),
246 &mut commando_sock,
247 )?;
248
249 config.enable_auth_log(
250 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 251 Some(dir_opts.clone()),
252 Some(file_opts.clone()),
fd6d2438
DM		 253 &mut commando_sock,
254 )?;
8e7e2223 255
02c7a755 256 let rest_server = RestServer::new(config);
b9700a9f 257 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 258
6d1f61b2 259 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 260
4ce7da51 261 // we build the initial acceptor here as we cannot start if this fails
c381a162 262 let acceptor = make_tls_acceptor()?;
4ce7da51 263 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 264
4ce7da51 265 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 266 commando_sock.register_command(
267 "reload-certificate".to_string(),
268 {
4ce7da51 269 let acceptor = Arc::clone(&acceptor);
a723c087 270 move |_value| -> Result<_, Error> {
4ce7da51
DM		 271 log::info!("reloading certificate");
272 match make_tls_acceptor() {
273 Err(err) => log::error!("error reloading certificate: {}", err),
274 Ok(new_acceptor) => {
275 let mut guard = acceptor.lock().unwrap();
276 *guard = new_acceptor;
277 }
278 }
a723c087
WB		 279 Ok(Value::Null)
280 }
281 },
282 )?;
0d176f36 283
062cf75c
DC		 284 // to remove references for not configured datastores
285 commando_sock.register_command(
286 "datastore-removed".to_string(),
287 |_value| {
6d5d305d 288 if let Err(err) = DataStore::remove_unused_datastores() {
062cf75c
DC		 289 log::error!("could not refresh datastores: {}", err);
290 }
291 Ok(Value::Null)
292 }
293 )?;
294
a690ecac
WB		 295 let server = daemon::create_daemon(
296 ([0,0,0,0,0,0,0,0], 8007).into(),
d2654200 297 move |listener| {
97168f92 298
4ce7da51 299 let connections = accept_connections(listener, acceptor, debug);
7c667013 300 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd 301
d2654200
DM		 302 Ok(async {
303 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
304
305 hyper::Server::builder(connections)
083ff3fd 306 .serve(rest_server)
fd6d2438 307 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd 308 .map_err(Error::from)
d2654200
DM		 309 .await
310 })
a2ca7137 311 },
083ff3fd 312 );
a2ca7137 313
b9700a9f 314 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a 315
fda5797b 316 let init_result: Result<(), Error> = try_block!({
b9700a9f 317 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 318 commando_sock.spawn()?;
fd1b65cc
DM		 319 proxmox_rest_server::catch_shutdown_signal()?;
320 proxmox_rest_server::catch_reload_signal()?;
fda5797b
WB		 321 Ok(())
322 });
d607b886 323
fda5797b
WB		 324 if let Err(err) = init_result {
325 bail!("unable to start daemon - {}", err);
326 }
e3f41f21 327
8545480a 328 start_task_scheduler();
eaeda365 329 start_stat_generator();
8545480a 330
083ff3fd 331 server.await?;
a546a8a0 332 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 333 proxmox_rest_server::last_worker_future().await?;
fda5797b 334 log::info!("done - exit server");
e3f41f21 335
4223d9f8 336 Ok(())
02c7a755 337}
8545480a 338
4ce7da51 339fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 340 let key_path = configdir!("/proxy.key");
341 let cert_path = configdir!("/proxy.pem");
342
343 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
344 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
345 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
346 acceptor.set_certificate_chain_file(cert_path)
347 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
348 acceptor.check_private_key().unwrap();
349
4ce7da51 350 Ok(acceptor.build())
c381a162
WB		 351}
352
a5e3be49
WB		 353type ClientStreamResult =
354 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
355const MAX_PENDING_ACCEPTS: usize = 1024;
356
48aa2b93 357fn accept_connections(
0bfcea6a 358 listener: tokio::net::TcpListener,
4ce7da51 359 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 360 debug: bool,
a5e3be49 361) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 362
ea93bea7 363 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 364
4ce7da51 365 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 366
367 receiver
368}
369
370async fn accept_connection(
371 listener: tokio::net::TcpListener,
4ce7da51 372 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 373 debug: bool,
374 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
375) {
ea93bea7 376 let accept_counter = Arc::new(());
48aa2b93 377
a5e3be49 378 loop {
4ce7da51
DM		 379 let (sock, _addr) = match listener.accept().await {
380 Ok(conn) => conn,
381 Err(err) => {
382 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 383 continue;
a5e3be49 384 }
cc269b9f 385 };
48aa2b93 386
cc269b9f
WB		 387 sock.set_nodelay(true).unwrap();
388 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 389
4ce7da51
DM		 390 let ssl = { // limit acceptor_guard scope
391 // Acceptor can be reloaded using the command socket "reload-certificate" command
392 let acceptor_guard = acceptor.lock().unwrap();
393
394 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
395 Ok(ssl) => ssl,
396 Err(err) => {
397 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
398 continue;
399 },
400 }
cc269b9f 401 };
4ce7da51 402
cc269b9f
WB		 403 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
404 Ok(stream) => stream,
405 Err(err) => {
406 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
407 continue;
408 },
409 };
410
411 let mut stream = Box::pin(stream);
412 let sender = sender.clone();
413
414 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
415 eprintln!("connection rejected - to many open connections");
416 continue;
48aa2b93 417 }
cc269b9f 418
b4931192 419 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 420 tokio::spawn(async move {
421 let accept_future = tokio::time::timeout(
422 Duration::new(10, 0), stream.as_mut().accept());
423
424 let result = accept_future.await;
425
426 match result {
427 Ok(Ok(())) => {
428 if sender.send(Ok(stream)).await.is_err() && debug {
429 eprintln!("detect closed connection channel");
430 }
431 }
432 Ok(Err(err)) => {
433 if debug {
434 eprintln!("https handshake failed - {}", err);
435 }
436 }
437 Err(_) => {
438 if debug {
439 eprintln!("https handshake timeout");
440 }
441 }
442 }
443
444 drop(accept_counter); // decrease reference count
445 });
a5e3be49 446 }
48aa2b93
DM		 447}
448
eaeda365 449fn start_stat_generator() {
fd6d2438 450 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 451 let future = Box::pin(run_stat_generator());
452 let task = futures::future::select(future, abort_future);
453 tokio::spawn(task.map(|_| ()));
454}
455
8545480a 456fn start_task_scheduler() {
fd6d2438 457 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 458 let future = Box::pin(run_task_scheduler());
459 let task = futures::future::select(future, abort_future);
460 tokio::spawn(task.map(|_| ()));
461}
462
6a7be83e 463use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 464
465fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 466 let now = SystemTime::now();
467 let epoch_now = now.duration_since(UNIX_EPOCH)?;
468 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 469 Ok(Instant::now() + epoch_next - epoch_now)
470}
471
472async fn run_task_scheduler() {
473
474 let mut count: usize = 0;
475
476 loop {
477 count += 1;
478
479 let delay_target = match next_minute() { // try to run very minute
480 Ok(d) => d,
481 Err(err) => {
482 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 483 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 484 continue;
485 }
486 };
487
488 if count > 2 { // wait 1..2 minutes before starting
489 match schedule_tasks().catch_unwind().await {
490 Err(panic) => {
491 match panic.downcast::<&str>() {
492 Ok(msg) => {
493 eprintln!("task scheduler panic: {}", msg);
494 }
495 Err(_) => {
496 eprintln!("task scheduler panic - unknown type");
497 }
498 }
499 }
500 Ok(Err(err)) => {
501 eprintln!("task scheduler failed - {:?}", err);
502 }
503 Ok(Ok(_)) => {}
504 }
505 }
506
0a8d773a 507 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 508 }
509}
510
511async fn schedule_tasks() -> Result<(), Error> {
512
513 schedule_datastore_garbage_collection().await;
25829a87 514 schedule_datastore_prune().await;
a6160cdf 515 schedule_datastore_sync_jobs().await;
73df9c51 516 schedule_datastore_verify_jobs().await;
8513626b 517 schedule_tape_backup_jobs().await;
9a760917 518 schedule_task_log_rotate().await;
8545480a
DM		 519
520 Ok(())
521}
522
8545480a
DM		 523async fn schedule_datastore_garbage_collection() {
524
e7d4be9d 525 let config = match pbs_config::datastore::config() {
8545480a
DM		 526 Err(err) => {
527 eprintln!("unable to read datastore config - {}", err);
528 return;
529 }
530 Ok((config, _digest)) => config,
531 };
532
533 for (store, (_, store_config)) in config.sections {
534 let datastore = match DataStore::lookup_datastore(&store) {
535 Ok(datastore) => datastore,
536 Err(err) => {
537 eprintln!("lookup_datastore failed - {}", err);
538 continue;
539 }
540 };
541
25829a87 542 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 543 Ok(c) => c,
544 Err(err) => {
545 eprintln!("datastore config from_value failed - {}", err);
546 continue;
547 }
548 };
549
550 let event_str = match store_config.gc_schedule {
551 Some(event_str) => event_str,
552 None => continue,
553 };
554
555 let event = match parse_calendar_event(&event_str) {
556 Ok(event) => event,
557 Err(err) => {
558 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
559 continue;
560 }
561 };
562
563 if datastore.garbage_collection_running() { continue; }
564
565 let worker_type = "garbage_collection";
566
b6ba5acd
DC		 567 let last = match jobstate::last_run_time(worker_type, &store) {
568 Ok(time) => time,
569 Err(err) => {
570 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
571 continue;
8545480a
DM		 572 }
573 };
574
575 let next = match compute_next_event(&event, last, false) {
15ec790a
DC		 576 Ok(Some(next)) => next,
577 Ok(None) => continue,
8545480a
DM		 578 Err(err) => {
579 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
580 continue;
581 }
582 };
e693818a 583
6ef1b649 584 let now = proxmox_time::epoch_i64();
6a7be83e 585
8545480a
DM		 586 if next > now { continue; }
587
1cd951c9 588 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 589 Ok(job) => job,
590 Err(_) => continue, // could not get lock
591 };
592
ad54df31 593 let auth_id = Authid::root_auth_id();
d7a122a0 594
c724f658 595 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 596 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 597 }
598 }
599}
25829a87
DM		 600
601async fn schedule_datastore_prune() {
602
e7d4be9d 603 let config = match pbs_config::datastore::config() {
25829a87
DM		 604 Err(err) => {
605 eprintln!("unable to read datastore config - {}", err);
606 return;
607 }
608 Ok((config, _digest)) => config,
609 };
610
611 for (store, (_, store_config)) in config.sections {
25829a87
DM		 612
613 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
614 Ok(c) => c,
615 Err(err) => {
a6160cdf 616 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 617 continue;
618 }
619 };
620
621 let event_str = match store_config.prune_schedule {
622 Some(event_str) => event_str,
623 None => continue,
624 };
625
626 let prune_options = PruneOptions {
627 keep_last: store_config.keep_last,
628 keep_hourly: store_config.keep_hourly,
629 keep_daily: store_config.keep_daily,
630 keep_weekly: store_config.keep_weekly,
631 keep_monthly: store_config.keep_monthly,
632 keep_yearly: store_config.keep_yearly,
633 };
634
89725197 635 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 636 continue;
637 }
638
25829a87 639 let worker_type = "prune";
b15751bf 640 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 641 let job = match Job::new(worker_type, &store) {
642 Ok(job) => job,
643 Err(_) => continue, // could not get lock
644 };
25829a87 645
ad54df31 646 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 647 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
648 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 649 }
650 };
25829a87
DM		 651 }
652}
a6160cdf
DM		 653
654async fn schedule_datastore_sync_jobs() {
655
a6160cdf 656
a4e5a0fc 657 let config = match pbs_config::sync::config() {
a6160cdf
DM		 658 Err(err) => {
659 eprintln!("unable to read sync job config - {}", err);
660 return;
661 }
662 Ok((config, _digest)) => config,
663 };
664
a6160cdf
DM		 665 for (job_id, (_, job_config)) in config.sections {
666 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
667 Ok(c) => c,
668 Err(err) => {
669 eprintln!("sync job config from_value failed - {}", err);
670 continue;
671 }
672 };
673
674 let event_str = match job_config.schedule {
675 Some(ref event_str) => event_str.clone(),
676 None => continue,
677 };
678
c67b1fa7 679 let worker_type = "syncjob";
b15751bf 680 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 681 let job = match Job::new(worker_type, &job_id) {
682 Ok(job) => job,
683 Err(_) => continue, // could not get lock
684 };
a6160cdf 685
ad54df31 686 let auth_id = Authid::root_auth_id().clone();
bfa942c0 687 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 688 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 689 }
690 };
a6160cdf
DM		 691 }
692}
eaeda365 693
73df9c51 694async fn schedule_datastore_verify_jobs() {
1298618a 695
802189f7 696 let config = match pbs_config::verify::config() {
73df9c51
HL		 697 Err(err) => {
698 eprintln!("unable to read verification job config - {}", err);
699 return;
700 }
701 Ok((config, _digest)) => config,
702 };
703 for (job_id, (_, job_config)) in config.sections {
704 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
705 Ok(c) => c,
706 Err(err) => {
707 eprintln!("verification job config from_value failed - {}", err);
708 continue;
709 }
710 };
711 let event_str = match job_config.schedule {
712 Some(ref event_str) => event_str.clone(),
713 None => continue,
714 };
82c05b41 715
73df9c51 716 let worker_type = "verificationjob";
ad54df31 717 let auth_id = Authid::root_auth_id().clone();
b15751bf 718 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 719 let job = match Job::new(&worker_type, &job_id) {
720 Ok(job) => job,
721 Err(_) => continue, // could not get lock
722 };
bfa942c0 723 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 724 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 725 }
726 };
73df9c51
HL		 727 }
728}
729
8513626b
DM		 730async fn schedule_tape_backup_jobs() {
731
e3619d41 732 let config = match pbs_config::tape_job::config() {
8513626b
DM		 733 Err(err) => {
734 eprintln!("unable to read tape job config - {}", err);
735 return;
736 }
737 Ok((config, _digest)) => config,
738 };
739 for (job_id, (_, job_config)) in config.sections {
740 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
741 Ok(c) => c,
742 Err(err) => {
743 eprintln!("tape backup job config from_value failed - {}", err);
744 continue;
745 }
746 };
747 let event_str = match job_config.schedule {
748 Some(ref event_str) => event_str.clone(),
749 None => continue,
750 };
751
752 let worker_type = "tape-backup-job";
753 let auth_id = Authid::root_auth_id().clone();
754 if check_schedule(worker_type, &event_str, &job_id) {
755 let job = match Job::new(&worker_type, &job_id) {
756 Ok(job) => job,
757 Err(_) => continue, // could not get lock
758 };
bfa942c0 759 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 760 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 761 }
762 };
763 }
764}
765
766
9a760917 767async fn schedule_task_log_rotate() {
9a760917
DC		 768
769 let worker_type = "logrotate";
72aa1834 770 let job_id = "access-log_and_task-archive";
9a760917 771
9a760917
DC		 772 // schedule daily at 00:00 like normal logrotate
773 let schedule = "00:00";
774
b15751bf 775 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 776 // if we never ran the rotation, schedule instantly
777 match jobstate::JobState::load(worker_type, job_id) {
778 Ok(state) => match state {
779 jobstate::JobState::Created { .. } => {},
780 _ => return,
781 },
782 _ => return,
783 }
784 }
785
786 let mut job = match Job::new(worker_type, job_id) {
787 Ok(job) => job,
788 Err(_) => return, // could not get lock
789 };
790
791 if let Err(err) = WorkerTask::new_thread(
792 worker_type,
72aa1834 793 None,
049a22a3 794 Authid::root_auth_id().to_string(),
9a760917
DC		 795 false,
796 move |worker| {
797 job.start(&worker.upid().to_string())?;
1ec0d70d 798 task_log!(worker, "starting task log rotation");
e4f5f59e 799
9a760917 800 let result = try_block!({
b7f2be51
TL		 801 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
802 let max_files = 20; // times twenty files gives > 100000 task entries
9a760917
DC		 803 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
804 if has_rotated {
1ec0d70d 805 task_log!(worker, "task log archive was rotated");
9a760917 806 } else {
1ec0d70d 807 task_log!(worker, "task log archive was not rotated");
9a760917
DC		 808 }
809
fe4cc5b1
TL		 810 let max_size = 32 * 1024 * 1024 - 1;
811 let max_files = 14;
af06decd 812 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
fe4cc5b1
TL		 813 .ok_or_else(|| format_err!("could not get API access log file names"))?;
814
fe7bdc9d 815 if logrotate.rotate(max_size, None, Some(max_files))? {
fe4cc5b1 816 println!("rotated access log, telling daemons to re-open log file");
36b7085e 817 pbs_runtime::block_on(command_reopen_access_logfiles())?;
1ec0d70d 818 task_log!(worker, "API access log was rotated");
fe7bdc9d 819 } else {
1ec0d70d 820 task_log!(worker, "API access log was not rotated");
fe7bdc9d
TL		 821 }
822
af06decd 823 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
fe7bdc9d 824 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
fe4cc5b1 825
fe7bdc9d 826 if logrotate.rotate(max_size, None, Some(max_files))? {
36b7085e
DM		 827 println!("rotated auth log, telling daemons to re-open log file");
828 pbs_runtime::block_on(command_reopen_auth_logfiles())?;
1ec0d70d 829 task_log!(worker, "API authentication log was rotated");
fe4cc5b1 830 } else {
1ec0d70d 831 task_log!(worker, "API authentication log was not rotated");
fe4cc5b1
TL		 832 }
833
0e1edf19
DC		 834 if has_rotated {
835 task_log!(worker, "cleaning up old task logs");
836 if let Err(err) = cleanup_old_tasks(true) {
837 task_warn!(worker, "could not completely cleanup old tasks: {}", err);
838 }
839 }
840
9a760917
DC		 841 Ok(())
842 });
843
844 let status = worker.create_state(&result);
845
846 if let Err(err) = job.finish(status) {
847 eprintln!("could not finish job state for {}: {}", worker_type, err);
848 }
849
850 result
851 },
852 ) {
853 eprintln!("unable to start task log rotation: {}", err);
854 }
855
856}
857
36b7085e 858async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 859 // only care about the most recent daemon instance for each, proxy & api, as other older ones
860 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 861 let sock = proxmox_rest_server::our_ctrl_sock();
75442e81 862 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 863
b9700a9f
DM		 864 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
865 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
75442e81 866 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 867
868 match futures::join!(f1, f2) {
869 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
870 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 871 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
872 _ => Ok(()),
873 }
874}
875
876async fn command_reopen_auth_logfiles() -> Result<(), Error> {
877 // only care about the most recent daemon instance for each, proxy & api, as other older ones
878 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 879 let sock = proxmox_rest_server::our_ctrl_sock();
75442e81 880 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
36b7085e 881
b9700a9f
DM		 882 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
883 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
75442e81 884 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
36b7085e
DM		 885
886 match futures::join!(f1, f2) {
887 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
888 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 889 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
890 _ => Ok(()),
891 }
fe4cc5b1
TL		 892}
893
eaeda365
DM		 894async fn run_stat_generator() {
895
896 loop {
897 let delay_target = Instant::now() + Duration::from_secs(10);
898
1d44f175 899 generate_host_stats().await;
eaeda365 900
98eb435d
DM		 901 rrd_sync_journal();
902
0a8d773a 903 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 904
905 }
eaeda365
DM		 906
907}
908
1d44f175 909async fn generate_host_stats() {
4b709ade
DM		 910 match tokio::task::spawn_blocking(generate_host_stats_sync).await {
911 Ok(()) => (),
912 Err(err) => log::error!("generate_host_stats paniced: {}", err),
913 }
914}
915
916fn generate_host_stats_sync() {
8f0cec26 917 use proxmox::sys::linux::procfs::{
485841da 918 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 919
4b709ade
DM		 920 match read_proc_stat() {
921 Ok(stat) => {
922 rrd_update_gauge("host/cpu", stat.cpu);
923 rrd_update_gauge("host/iowait", stat.iowait_percent);
eaeda365 924 }
4b709ade
DM		 925 Err(err) => {
926 eprintln!("read_proc_stat failed - {}", err);
927 }
928 }
2c66a590 929
4b709ade
DM		 930 match read_meminfo() {
931 Ok(meminfo) => {
932 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64);
933 rrd_update_gauge("host/memused", meminfo.memused as f64);
934 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64);
935 rrd_update_gauge("host/swapused", meminfo.swapused as f64);
936 }
937 Err(err) => {
938 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca 939 }
4b709ade 940 }
8f0cec26 941
4b709ade
DM		 942 match read_proc_net_dev() {
943 Ok(netdev) => {
944 use pbs_config::network::is_physical_nic;
945 let mut netin = 0;
946 let mut netout = 0;
947 for item in netdev {
948 if !is_physical_nic(&item.device) { continue; }
949 netin += item.receive;
950 netout += item.send;
951 }
952 rrd_update_derive("host/netin", netin as f64);
953 rrd_update_derive("host/netout", netout as f64);
954 }
955 Err(err) => {
956 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26 957 }
4b709ade 958 }
dd15c0aa 959
4b709ade
DM		 960 match read_loadavg() {
961 Ok(loadavg) => {
962 rrd_update_gauge("host/loadavg", loadavg.0 as f64);
963 }
964 Err(err) => {
965 eprintln!("read_loadavg failed - {}", err);
485841da 966 }
4b709ade 967 }
485841da 968
4b709ade 969 let disk_manager = DiskManage::new();
8c03041a 970
4b709ade 971 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host");
91e5bb49 972
4b709ade
DM		 973 match pbs_config::datastore::config() {
974 Ok((config, _)) => {
975 let datastore_list: Vec<DataStoreConfig> =
976 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70 977
4b709ade 978 for config in datastore_list {
8c03041a 979
4b709ade
DM		 980 let rrd_prefix = format!("datastore/{}", config.name);
981 let path = std::path::Path::new(&config.path);
982 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix);
d0833a70
DM		 983 }
984 }
4b709ade
DM		 985 Err(err) => {
986 eprintln!("read datastore config failed - {}", err);
987 }
988 }
eaeda365 989}
dd15c0aa 990
b15751bf
DM		 991fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
992 let event = match parse_calendar_event(event_str) {
82c05b41
HL		 993 Ok(event) => event,
994 Err(err) => {
995 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
996 return false;
997 }
998 };
999
b15751bf 1000 let last = match jobstate::last_run_time(worker_type, &id) {
82c05b41
HL		 1001 Ok(time) => time,
1002 Err(err) => {
1003 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
1004 return false;
1005 }
1006 };
1007
1008 let next = match compute_next_event(&event, last, false) {
1009 Ok(Some(next)) => next,
1010 Ok(None) => return false,
1011 Err(err) => {
1012 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
1013 return false;
1014 }
1015 };
1016
6ef1b649 1017 let now = proxmox_time::epoch_i64();
82c05b41
HL		 1018 next <= now
1019}
1020
1d44f175 1021fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str) {
91e5bb49 1022
934f5bb8 1023 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 1024 Ok(status) => {
91e5bb49 1025 let rrd_key = format!("{}/total", rrd_prefix);
1d44f175 1026 rrd_update_gauge(&rrd_key, status.total as f64);
91e5bb49 1027 let rrd_key = format!("{}/used", rrd_prefix);
1d44f175 1028 rrd_update_gauge(&rrd_key, status.used as f64);
91e5bb49
DM		 1029 }
1030 Err(err) => {
1031 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1032 }
1033 }
1034
934f5bb8
DM		 1035 match disk_manager.find_mounted_device(path) {
1036 Ok(None) => {},
1037 Ok(Some((fs_type, device, source))) => {
1038 let mut device_stat = None;
1039 match fs_type.as_str() {
1040 "zfs" => {
368f4c54
DC		 1041 if let Some(source) = source {
1042 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1043 match zfs_pool_stats(pool) {
934f5bb8
DM		 1044 Ok(stat) => device_stat = stat,
1045 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
91e5bb49
DM		 1046 }
1047 }
934f5bb8
DM		 1048 }
1049 _ => {
1050 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1051 match disk.read_stat() {
1052 Ok(stat) => device_stat = stat,
1053 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1054 }
1055 }
1056 }
91e5bb49 1057 }
934f5bb8
DM		 1058 if let Some(stat) = device_stat {
1059 let rrd_key = format!("{}/read_ios", rrd_prefix);
1d44f175 1060 rrd_update_derive(&rrd_key, stat.read_ios as f64);
934f5bb8 1061 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1d44f175 1062 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64);
dd15c0aa 1063
934f5bb8 1064 let rrd_key = format!("{}/write_ios", rrd_prefix);
1d44f175 1065 rrd_update_derive(&rrd_key, stat.write_ios as f64);
934f5bb8 1066 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1d44f175 1067 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64);
dd15c0aa 1068
934f5bb8 1069 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1d44f175 1070 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0);
8c03041a
DM		 1071 }
1072 }
934f5bb8
DM		 1073 Err(err) => {
1074 eprintln!("find_mounted_device failed - {}", err);
1075 }
8c03041a 1076 }
8c03041a 1077}
Proxmox Backup Server and Client