]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ui: SyncJobEdit: add second tab with group filters
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
6680878b
DM		 4use std::future::Future;
5use std::pin::Pin;
a2479cfa 6
f7d4e4b5 7use anyhow::{bail, format_err, Error};
a2479cfa 8use futures::*;
7fa9a37c
DM		 9use http::request::Parts;
10use http::Response;
11use hyper::{Body, StatusCode};
12use hyper::header;
13use url::form_urlencoded;
ea368a06 14
a2479cfa 15use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 16use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 17use serde_json::{json, Value};
608806e8 18use http::{Method, HeaderMap};
a2479cfa 19
25877d05
DM		 20use proxmox_sys::linux::socket::set_tcp_keepalive;
21use proxmox_sys::fs::CreateOptions;
6ef1b649
WB		 22use proxmox_lang::try_block;
23use proxmox_router::{RpcEnvironment, RpcEnvironmentType, UserInformation};
d5f58006 24use proxmox_http::client::{RateLimitedStream, ShareableRateLimit};
d5790a9f
DM		 25use proxmox_sys::{task_log, task_warn};
26use proxmox_sys::logrotate::LogRotate;
fd6d2438 27
6d5d305d 28use pbs_datastore::DataStore;
09340f28 29
48176b0a 30use proxmox_rest_server::{
608806e8 31 rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
0e1edf19 32 ServerAdapter, WorkerTask, cleanup_old_tasks,
48176b0a 33};
a2479cfa 34
98eb435d
DM		 35use proxmox_backup::rrd_cache::{
36 initialize_rrd_cache, rrd_update_gauge, rrd_update_derive, rrd_sync_journal,
37};
1298618a 38use proxmox_backup::{
a0172d76 39 TRAFFIC_CONTROL_CACHE,
1298618a 40 server::{
608806e8 41 auth::check_pbs_auth,
1298618a
DM		 42 jobstate::{
43 self,
44 Job,
45 },
1298618a 46 },
1298618a
DM		 47};
48
af06decd 49use pbs_buildcfg::configdir;
15cc41b6 50use proxmox_time::{compute_next_event, parse_calendar_event};
1298618a 51
89725197
DM		 52use pbs_api_types::{
53 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
54 PruneOptions,
55};
e7d4be9d 56
8bca935f
DM		 57use proxmox_rest_server::daemon;
58
e3f41f21 59use proxmox_backup::server;
d01e2420 60use proxmox_backup::auth_helpers::*;
97168f92 61use proxmox_backup::tools::{
32413921 62 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 63 disks::{
64 DiskManage,
65 zfs_pool_stats,
368f4c54 66 get_pool_from_dataset,
97168f92 67 },
97168f92 68};
02c7a755 69
e7d4be9d 70
a13573c2 71use proxmox_backup::api2::pull::do_sync_job;
8513626b 72use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 73use proxmox_backup::server::do_verification_job;
b8d90798 74use proxmox_backup::server::do_prune_job;
a13573c2 75
946c3e8a 76fn main() -> Result<(), Error> {
ac7513e3
DM		 77 proxmox_backup::tools::setup_safe_path_env();
78
21211748
DM		 79 let backup_uid = pbs_config::backup_user()?.uid;
80 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 81 let running_uid = nix::unistd::Uid::effective();
82 let running_gid = nix::unistd::Gid::effective();
83
84 if running_uid != backup_uid || running_gid != backup_gid {
85 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
86 }
87
9a1b24b6 88 proxmox_async::runtime::main(run())
4223d9f8
DM		 89}
90
48176b0a 91
608806e8
DM		 92struct ProxmoxBackupProxyAdapter;
93
94impl ServerAdapter for ProxmoxBackupProxyAdapter {
95
96 fn get_index(
97 &self,
98 env: RestEnvironment,
99 parts: Parts,
100 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
101 Box::pin(get_index_future(env, parts))
102 }
103
104 fn check_auth<'a>(
105 &'a self,
106 headers: &'a HeaderMap,
107 method: &'a Method,
108 ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
109 Box::pin(async move {
110 check_pbs_auth(headers, method).await
111 })
112 }
113}
114
48176b0a
DM		 115fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
116 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
117 return extract_cookie(cookie, "PBSLangCookie");
118 }
119 None
120}
121
6680878b 122async fn get_index_future(
48176b0a 123 env: RestEnvironment,
7fa9a37c
DM		 124 parts: Parts,
125) -> Response<Body> {
126
48176b0a
DM		 127 let auth_id = env.get_auth_id();
128 let api = env.api_config();
129 let language = extract_lang_header(&parts.headers);
130
131 // fixme: make all IO async
6680878b 132
7fa9a37c
DM		 133 let (userid, csrf_token) = match auth_id {
134 Some(auth_id) => {
135 let auth_id = auth_id.parse::<Authid>();
136 match auth_id {
137 Ok(auth_id) if !auth_id.is_token() => {
138 let userid = auth_id.user().clone();
139 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
140 (Some(userid), Some(new_csrf_token))
141 }
142 _ => (None, None)
143 }
144 }
145 None => (None, None),
146 };
147
25877d05 148 let nodename = proxmox_sys::nodename();
7fa9a37c
DM		 149 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
150
151 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
152
153 let mut debug = false;
154 let mut template_file = "index";
155
156 if let Some(query_str) = parts.uri.query() {
157 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
158 if k == "debug" && v != "0" && v != "false" {
159 debug = true;
160 } else if k == "console" {
161 template_file = "console";
162 }
163 }
164 }
165
166 let mut lang = String::from("");
167 if let Some(language) = language {
168 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
169 lang = language;
170 }
171 }
172
173 let data = json!({
174 "NodeName": nodename,
175 "UserName": user,
176 "CSRFPreventionToken": csrf_token,
177 "language": lang,
178 "debug": debug,
179 });
180
181 let (ct, index) = match api.render_template(template_file, &data) {
182 Ok(index) => ("text/html", index),
183 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
184 };
185
186 let mut resp = Response::builder()
187 .status(StatusCode::OK)
188 .header(header::CONTENT_TYPE, ct)
189 .body(index.into())
190 .unwrap();
191
192 if let Some(userid) = userid {
193 resp.extensions_mut().insert(Authid::from((userid, None)));
194 }
195
196 resp
197}
198
fda5797b 199async fn run() -> Result<(), Error> {
02c7a755
DM		 200 if let Err(err) = syslog::init(
201 syslog::Facility::LOG_DAEMON,
202 log::LevelFilter::Info,
203 Some("proxmox-backup-proxy")) {
4223d9f8 204 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 205 }
206
e1d367df
DM		 207 // Note: To debug early connection error use
208 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
209 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
210
d01e2420
DM		 211 let _ = public_auth_key(); // load with lazy_static
212 let _ = csrf_secret(); // load with lazy_static
213
fa49d0fd
DM		 214 let rrd_cache = initialize_rrd_cache()?;
215 rrd_cache.apply_journal()?;
216
02c7a755 217 let mut config = ApiConfig::new(
af06decd 218 pbs_buildcfg::JS_DIR,
26858dba
SR		 219 &proxmox_backup::api2::ROUTER,
220 RpcEnvironmentType::PUBLIC,
608806e8 221 ProxmoxBackupProxyAdapter,
26858dba 222 )?;
02c7a755 223
02c7a755
DM		 224 config.add_alias("novnc", "/usr/share/novnc-pve");
225 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 226 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 227 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
228 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 229 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 230 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 231 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 232
af06decd 233 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 234 indexpath.push("index.hbs");
235 config.register_template("index", &indexpath)?;
01ca99da 236 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 237
fd6d2438 238 let backup_user = pbs_config::backup_user()?;
49e25688 239 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 240
241 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
242 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 243
0d5d15c9 244 config.enable_access_log(
fd6d2438 245 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 246 Some(dir_opts.clone()),
247 Some(file_opts.clone()),
248 &mut commando_sock,
249 )?;
250
251 config.enable_auth_log(
252 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 253 Some(dir_opts.clone()),
254 Some(file_opts.clone()),
fd6d2438
DM		 255 &mut commando_sock,
256 )?;
8e7e2223 257
02c7a755 258 let rest_server = RestServer::new(config);
b9700a9f 259 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 260
6d1f61b2 261 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 262
4ce7da51 263 // we build the initial acceptor here as we cannot start if this fails
c381a162 264 let acceptor = make_tls_acceptor()?;
4ce7da51 265 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 266
4ce7da51 267 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 268 commando_sock.register_command(
269 "reload-certificate".to_string(),
270 {
4ce7da51 271 let acceptor = Arc::clone(&acceptor);
a723c087 272 move |_value| -> Result<_, Error> {
4ce7da51
DM		 273 log::info!("reloading certificate");
274 match make_tls_acceptor() {
275 Err(err) => log::error!("error reloading certificate: {}", err),
276 Ok(new_acceptor) => {
277 let mut guard = acceptor.lock().unwrap();
278 *guard = new_acceptor;
279 }
280 }
a723c087
WB		 281 Ok(Value::Null)
282 }
283 },
284 )?;
0d176f36 285
062cf75c
DC		 286 // to remove references for not configured datastores
287 commando_sock.register_command(
288 "datastore-removed".to_string(),
289 |_value| {
6d5d305d 290 if let Err(err) = DataStore::remove_unused_datastores() {
062cf75c
DC		 291 log::error!("could not refresh datastores: {}", err);
292 }
293 Ok(Value::Null)
294 }
295 )?;
296
a690ecac
WB		 297 let server = daemon::create_daemon(
298 ([0,0,0,0,0,0,0,0], 8007).into(),
d2654200 299 move |listener| {
97168f92 300
4ce7da51 301 let connections = accept_connections(listener, acceptor, debug);
7c667013 302 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd 303
d2654200
DM		 304 Ok(async {
305 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
306
307 hyper::Server::builder(connections)
083ff3fd 308 .serve(rest_server)
fd6d2438 309 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd 310 .map_err(Error::from)
d2654200
DM		 311 .await
312 })
a2ca7137 313 },
083ff3fd 314 );
a2ca7137 315
b9700a9f 316 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a 317
fda5797b 318 let init_result: Result<(), Error> = try_block!({
b9700a9f 319 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 320 commando_sock.spawn()?;
fd1b65cc
DM		 321 proxmox_rest_server::catch_shutdown_signal()?;
322 proxmox_rest_server::catch_reload_signal()?;
fda5797b
WB		 323 Ok(())
324 });
d607b886 325
fda5797b
WB		 326 if let Err(err) = init_result {
327 bail!("unable to start daemon - {}", err);
328 }
e3f41f21 329
8545480a 330 start_task_scheduler();
eaeda365 331 start_stat_generator();
a0172d76 332 start_traffic_control_updater();
8545480a 333
083ff3fd 334 server.await?;
a546a8a0 335 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 336 proxmox_rest_server::last_worker_future().await?;
fda5797b 337 log::info!("done - exit server");
e3f41f21 338
4223d9f8 339 Ok(())
02c7a755 340}
8545480a 341
4ce7da51 342fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 343 let key_path = configdir!("/proxy.key");
344 let cert_path = configdir!("/proxy.pem");
345
346 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
347 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
348 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
349 acceptor.set_certificate_chain_file(cert_path)
350 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
351 acceptor.check_private_key().unwrap();
352
4ce7da51 353 Ok(acceptor.build())
c381a162
WB		 354}
355
a5e3be49 356type ClientStreamResult =
e511e0e5 357 Result<std::pin::Pin<Box<tokio_openssl::SslStream<RateLimitedStream<tokio::net::TcpStream>>>>, Error>;
a5e3be49
WB		 358const MAX_PENDING_ACCEPTS: usize = 1024;
359
48aa2b93 360fn accept_connections(
0bfcea6a 361 listener: tokio::net::TcpListener,
4ce7da51 362 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 363 debug: bool,
a5e3be49 364) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 365
ea93bea7 366 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 367
4ce7da51 368 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 369
370 receiver
371}
372
373async fn accept_connection(
374 listener: tokio::net::TcpListener,
4ce7da51 375 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 376 debug: bool,
377 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
378) {
ea93bea7 379 let accept_counter = Arc::new(());
48aa2b93 380
a5e3be49 381 loop {
4ce7da51
DM		 382 let (sock, _addr) = match listener.accept().await {
383 Ok(conn) => conn,
384 Err(err) => {
385 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 386 continue;
a5e3be49 387 }
cc269b9f 388 };
48aa2b93 389
cc269b9f
WB		 390 sock.set_nodelay(true).unwrap();
391 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 392
e511e0e5
DM		 393 let peer = sock.peer_addr().ok();
394 let sock = RateLimitedStream::with_limiter_update_cb(sock, move || lookup_rate_limiter(peer));
395
4ce7da51
DM		 396 let ssl = { // limit acceptor_guard scope
397 // Acceptor can be reloaded using the command socket "reload-certificate" command
398 let acceptor_guard = acceptor.lock().unwrap();
399
400 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
401 Ok(ssl) => ssl,
402 Err(err) => {
403 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
404 continue;
405 },
406 }
cc269b9f 407 };
4ce7da51 408
cc269b9f
WB		 409 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
410 Ok(stream) => stream,
411 Err(err) => {
412 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
413 continue;
414 },
415 };
416
417 let mut stream = Box::pin(stream);
418 let sender = sender.clone();
419
420 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
421 eprintln!("connection rejected - to many open connections");
422 continue;
48aa2b93 423 }
cc269b9f 424
b4931192 425 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 426 tokio::spawn(async move {
427 let accept_future = tokio::time::timeout(
428 Duration::new(10, 0), stream.as_mut().accept());
429
430 let result = accept_future.await;
431
432 match result {
433 Ok(Ok(())) => {
434 if sender.send(Ok(stream)).await.is_err() && debug {
435 eprintln!("detect closed connection channel");
436 }
437 }
438 Ok(Err(err)) => {
439 if debug {
440 eprintln!("https handshake failed - {}", err);
441 }
442 }
443 Err(_) => {
444 if debug {
445 eprintln!("https handshake timeout");
446 }
447 }
448 }
449
450 drop(accept_counter); // decrease reference count
451 });
a5e3be49 452 }
48aa2b93
DM		 453}
454
eaeda365 455fn start_stat_generator() {
fd6d2438 456 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 457 let future = Box::pin(run_stat_generator());
458 let task = futures::future::select(future, abort_future);
459 tokio::spawn(task.map(|_| ()));
460}
461
8545480a 462fn start_task_scheduler() {
fd6d2438 463 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 464 let future = Box::pin(run_task_scheduler());
465 let task = futures::future::select(future, abort_future);
466 tokio::spawn(task.map(|_| ()));
467}
468
a0172d76
DM		 469fn start_traffic_control_updater() {
470 let abort_future = proxmox_rest_server::shutdown_future();
471 let future = Box::pin(run_traffic_control_updater());
472 let task = futures::future::select(future, abort_future);
473 tokio::spawn(task.map(|_| ()));
474}
475
6a7be83e 476use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 477
478fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 479 let now = SystemTime::now();
480 let epoch_now = now.duration_since(UNIX_EPOCH)?;
481 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 482 Ok(Instant::now() + epoch_next - epoch_now)
483}
484
485async fn run_task_scheduler() {
486
487 let mut count: usize = 0;
488
489 loop {
490 count += 1;
491
492 let delay_target = match next_minute() { // try to run very minute
493 Ok(d) => d,
494 Err(err) => {
495 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 496 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 497 continue;
498 }
499 };
500
501 if count > 2 { // wait 1..2 minutes before starting
502 match schedule_tasks().catch_unwind().await {
503 Err(panic) => {
504 match panic.downcast::<&str>() {
505 Ok(msg) => {
506 eprintln!("task scheduler panic: {}", msg);
507 }
508 Err(_) => {
509 eprintln!("task scheduler panic - unknown type");
510 }
511 }
512 }
513 Ok(Err(err)) => {
514 eprintln!("task scheduler failed - {:?}", err);
515 }
516 Ok(Ok(_)) => {}
517 }
518 }
519
0a8d773a 520 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 521 }
522}
523
524async fn schedule_tasks() -> Result<(), Error> {
525
526 schedule_datastore_garbage_collection().await;
25829a87 527 schedule_datastore_prune().await;
a6160cdf 528 schedule_datastore_sync_jobs().await;
73df9c51 529 schedule_datastore_verify_jobs().await;
8513626b 530 schedule_tape_backup_jobs().await;
9a760917 531 schedule_task_log_rotate().await;
8545480a
DM		 532
533 Ok(())
534}
535
8545480a
DM		 536async fn schedule_datastore_garbage_collection() {
537
e7d4be9d 538 let config = match pbs_config::datastore::config() {
8545480a
DM		 539 Err(err) => {
540 eprintln!("unable to read datastore config - {}", err);
541 return;
542 }
543 Ok((config, _digest)) => config,
544 };
545
546 for (store, (_, store_config)) in config.sections {
547 let datastore = match DataStore::lookup_datastore(&store) {
548 Ok(datastore) => datastore,
549 Err(err) => {
550 eprintln!("lookup_datastore failed - {}", err);
551 continue;
552 }
553 };
554
25829a87 555 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 556 Ok(c) => c,
557 Err(err) => {
558 eprintln!("datastore config from_value failed - {}", err);
559 continue;
560 }
561 };
562
563 let event_str = match store_config.gc_schedule {
564 Some(event_str) => event_str,
565 None => continue,
566 };
567
568 let event = match parse_calendar_event(&event_str) {
569 Ok(event) => event,
570 Err(err) => {
571 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
572 continue;
573 }
574 };
575
576 if datastore.garbage_collection_running() { continue; }
577
578 let worker_type = "garbage_collection";
579
b6ba5acd
DC		 580 let last = match jobstate::last_run_time(worker_type, &store) {
581 Ok(time) => time,
582 Err(err) => {
583 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
584 continue;
8545480a
DM		 585 }
586 };
587
588 let next = match compute_next_event(&event, last, false) {
15ec790a
DC		 589 Ok(Some(next)) => next,
590 Ok(None) => continue,
8545480a
DM		 591 Err(err) => {
592 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
593 continue;
594 }
595 };
e693818a 596
6ef1b649 597 let now = proxmox_time::epoch_i64();
6a7be83e 598
8545480a
DM		 599 if next > now { continue; }
600
1cd951c9 601 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 602 Ok(job) => job,
603 Err(_) => continue, // could not get lock
604 };
605
ad54df31 606 let auth_id = Authid::root_auth_id();
d7a122a0 607
c724f658 608 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 609 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 610 }
611 }
612}
25829a87
DM		 613
614async fn schedule_datastore_prune() {
615
e7d4be9d 616 let config = match pbs_config::datastore::config() {
25829a87
DM		 617 Err(err) => {
618 eprintln!("unable to read datastore config - {}", err);
619 return;
620 }
621 Ok((config, _digest)) => config,
622 };
623
624 for (store, (_, store_config)) in config.sections {
25829a87
DM		 625
626 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
627 Ok(c) => c,
628 Err(err) => {
a6160cdf 629 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 630 continue;
631 }
632 };
633
634 let event_str = match store_config.prune_schedule {
635 Some(event_str) => event_str,
636 None => continue,
637 };
638
639 let prune_options = PruneOptions {
640 keep_last: store_config.keep_last,
641 keep_hourly: store_config.keep_hourly,
642 keep_daily: store_config.keep_daily,
643 keep_weekly: store_config.keep_weekly,
644 keep_monthly: store_config.keep_monthly,
645 keep_yearly: store_config.keep_yearly,
646 };
647
89725197 648 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 649 continue;
650 }
651
25829a87 652 let worker_type = "prune";
b15751bf 653 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 654 let job = match Job::new(worker_type, &store) {
655 Ok(job) => job,
656 Err(_) => continue, // could not get lock
657 };
25829a87 658
ad54df31 659 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 660 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
661 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 662 }
663 };
25829a87
DM		 664 }
665}
a6160cdf
DM		 666
667async fn schedule_datastore_sync_jobs() {
668
a6160cdf 669
a4e5a0fc 670 let config = match pbs_config::sync::config() {
a6160cdf
DM		 671 Err(err) => {
672 eprintln!("unable to read sync job config - {}", err);
673 return;
674 }
675 Ok((config, _digest)) => config,
676 };
677
a6160cdf
DM		 678 for (job_id, (_, job_config)) in config.sections {
679 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
680 Ok(c) => c,
681 Err(err) => {
682 eprintln!("sync job config from_value failed - {}", err);
683 continue;
684 }
685 };
686
687 let event_str = match job_config.schedule {
688 Some(ref event_str) => event_str.clone(),
689 None => continue,
690 };
691
c67b1fa7 692 let worker_type = "syncjob";
b15751bf 693 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 694 let job = match Job::new(worker_type, &job_id) {
695 Ok(job) => job,
696 Err(_) => continue, // could not get lock
697 };
a6160cdf 698
ad54df31 699 let auth_id = Authid::root_auth_id().clone();
bfa942c0 700 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 701 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 702 }
703 };
a6160cdf
DM		 704 }
705}
eaeda365 706
73df9c51 707async fn schedule_datastore_verify_jobs() {
1298618a 708
802189f7 709 let config = match pbs_config::verify::config() {
73df9c51
HL		 710 Err(err) => {
711 eprintln!("unable to read verification job config - {}", err);
712 return;
713 }
714 Ok((config, _digest)) => config,
715 };
716 for (job_id, (_, job_config)) in config.sections {
717 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
718 Ok(c) => c,
719 Err(err) => {
720 eprintln!("verification job config from_value failed - {}", err);
721 continue;
722 }
723 };
724 let event_str = match job_config.schedule {
725 Some(ref event_str) => event_str.clone(),
726 None => continue,
727 };
82c05b41 728
73df9c51 729 let worker_type = "verificationjob";
ad54df31 730 let auth_id = Authid::root_auth_id().clone();
b15751bf 731 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 732 let job = match Job::new(&worker_type, &job_id) {
733 Ok(job) => job,
734 Err(_) => continue, // could not get lock
735 };
bfa942c0 736 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 737 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 738 }
739 };
73df9c51
HL		 740 }
741}
742
8513626b
DM		 743async fn schedule_tape_backup_jobs() {
744
e3619d41 745 let config = match pbs_config::tape_job::config() {
8513626b
DM		 746 Err(err) => {
747 eprintln!("unable to read tape job config - {}", err);
748 return;
749 }
750 Ok((config, _digest)) => config,
751 };
752 for (job_id, (_, job_config)) in config.sections {
753 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
754 Ok(c) => c,
755 Err(err) => {
756 eprintln!("tape backup job config from_value failed - {}", err);
757 continue;
758 }
759 };
760 let event_str = match job_config.schedule {
761 Some(ref event_str) => event_str.clone(),
762 None => continue,
763 };
764
765 let worker_type = "tape-backup-job";
766 let auth_id = Authid::root_auth_id().clone();
767 if check_schedule(worker_type, &event_str, &job_id) {
768 let job = match Job::new(&worker_type, &job_id) {
769 Ok(job) => job,
770 Err(_) => continue, // could not get lock
771 };
bfa942c0 772 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 773 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 774 }
775 };
776 }
777}
778
779
9a760917 780async fn schedule_task_log_rotate() {
9a760917
DC		 781
782 let worker_type = "logrotate";
72aa1834 783 let job_id = "access-log_and_task-archive";
9a760917 784
9a760917
DC		 785 // schedule daily at 00:00 like normal logrotate
786 let schedule = "00:00";
787
b15751bf 788 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 789 // if we never ran the rotation, schedule instantly
790 match jobstate::JobState::load(worker_type, job_id) {
791 Ok(state) => match state {
792 jobstate::JobState::Created { .. } => {},
793 _ => return,
794 },
795 _ => return,
796 }
797 }
798
799 let mut job = match Job::new(worker_type, job_id) {
800 Ok(job) => job,
801 Err(_) => return, // could not get lock
802 };
803
804 if let Err(err) = WorkerTask::new_thread(
805 worker_type,
72aa1834 806 None,
049a22a3 807 Authid::root_auth_id().to_string(),
9a760917
DC		 808 false,
809 move |worker| {
810 job.start(&worker.upid().to_string())?;
1ec0d70d 811 task_log!(worker, "starting task log rotation");
e4f5f59e 812
9a760917 813 let result = try_block!({
b7f2be51
TL		 814 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
815 let max_files = 20; // times twenty files gives > 100000 task entries
d5790a9f
DM		 816
817 let user = pbs_config::backup_user()?;
25877d05 818 let options = proxmox_sys::fs::CreateOptions::new()
d5790a9f
DM		 819 .owner(user.uid)
820 .group(user.gid);
821
822 let has_rotated = rotate_task_log_archive(
823 max_size,
824 true,
825 Some(max_files),
826 Some(options.clone()),
827 )?;
828
9a760917 829 if has_rotated {
1ec0d70d 830 task_log!(worker, "task log archive was rotated");
9a760917 831 } else {
1ec0d70d 832 task_log!(worker, "task log archive was not rotated");
9a760917
DC		 833 }
834
fe4cc5b1
TL		 835 let max_size = 32 * 1024 * 1024 - 1;
836 let max_files = 14;
fe4cc5b1 837
d5790a9f
DM		 838
839 let mut logrotate = LogRotate::new(
840 pbs_buildcfg::API_ACCESS_LOG_FN,
841 true,
842 Some(max_files),
843 Some(options.clone()),
844 )?;
845
846 if logrotate.rotate(max_size)? {
fe4cc5b1 847 println!("rotated access log, telling daemons to re-open log file");
9a1b24b6 848 proxmox_async::runtime::block_on(command_reopen_access_logfiles())?;
1ec0d70d 849 task_log!(worker, "API access log was rotated");
fe7bdc9d 850 } else {
1ec0d70d 851 task_log!(worker, "API access log was not rotated");
fe7bdc9d
TL		 852 }
853
d5790a9f
DM		 854 let mut logrotate = LogRotate::new(
855 pbs_buildcfg::API_AUTH_LOG_FN,
856 true,
857 Some(max_files),
858 Some(options),
859 )?;
fe4cc5b1 860
d5790a9f 861 if logrotate.rotate(max_size)? {
36b7085e 862 println!("rotated auth log, telling daemons to re-open log file");
9a1b24b6 863 proxmox_async::runtime::block_on(command_reopen_auth_logfiles())?;
1ec0d70d 864 task_log!(worker, "API authentication log was rotated");
fe4cc5b1 865 } else {
1ec0d70d 866 task_log!(worker, "API authentication log was not rotated");
fe4cc5b1
TL		 867 }
868
0e1edf19
DC		 869 if has_rotated {
870 task_log!(worker, "cleaning up old task logs");
871 if let Err(err) = cleanup_old_tasks(true) {
872 task_warn!(worker, "could not completely cleanup old tasks: {}", err);
873 }
874 }
875
9a760917
DC		 876 Ok(())
877 });
878
879 let status = worker.create_state(&result);
880
881 if let Err(err) = job.finish(status) {
882 eprintln!("could not finish job state for {}: {}", worker_type, err);
883 }
884
885 result
886 },
887 ) {
888 eprintln!("unable to start task log rotation: {}", err);
889 }
890
891}
892
36b7085e 893async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 894 // only care about the most recent daemon instance for each, proxy & api, as other older ones
895 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 896 let sock = proxmox_rest_server::our_ctrl_sock();
75442e81 897 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 898
b9700a9f
DM		 899 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
900 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
75442e81 901 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 902
903 match futures::join!(f1, f2) {
904 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
905 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 906 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
907 _ => Ok(()),
908 }
909}
910
911async fn command_reopen_auth_logfiles() -> Result<(), Error> {
912 // only care about the most recent daemon instance for each, proxy & api, as other older ones
913 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 914 let sock = proxmox_rest_server::our_ctrl_sock();
75442e81 915 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
36b7085e 916
b9700a9f
DM		 917 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
918 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
75442e81 919 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
36b7085e
DM		 920
921 match futures::join!(f1, f2) {
922 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
923 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 924 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
925 _ => Ok(()),
926 }
fe4cc5b1
TL		 927}
928
eaeda365
DM		 929async fn run_stat_generator() {
930
931 loop {
932 let delay_target = Instant::now() + Duration::from_secs(10);
933
1d44f175 934 generate_host_stats().await;
eaeda365 935
98eb435d
DM		 936 rrd_sync_journal();
937
0a8d773a 938 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 939
940 }
eaeda365
DM		 941
942}
943
1d44f175 944async fn generate_host_stats() {
4b709ade
DM		 945 match tokio::task::spawn_blocking(generate_host_stats_sync).await {
946 Ok(()) => (),
947 Err(err) => log::error!("generate_host_stats paniced: {}", err),
948 }
949}
950
951fn generate_host_stats_sync() {
25877d05 952 use proxmox_sys::linux::procfs::{
485841da 953 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 954
4b709ade
DM		 955 match read_proc_stat() {
956 Ok(stat) => {
957 rrd_update_gauge("host/cpu", stat.cpu);
958 rrd_update_gauge("host/iowait", stat.iowait_percent);
eaeda365 959 }
4b709ade
DM		 960 Err(err) => {
961 eprintln!("read_proc_stat failed - {}", err);
962 }
963 }
2c66a590 964
4b709ade
DM		 965 match read_meminfo() {
966 Ok(meminfo) => {
967 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64);
968 rrd_update_gauge("host/memused", meminfo.memused as f64);
969 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64);
970 rrd_update_gauge("host/swapused", meminfo.swapused as f64);
971 }
972 Err(err) => {
973 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca 974 }
4b709ade 975 }
8f0cec26 976
4b709ade
DM		 977 match read_proc_net_dev() {
978 Ok(netdev) => {
979 use pbs_config::network::is_physical_nic;
980 let mut netin = 0;
981 let mut netout = 0;
982 for item in netdev {
983 if !is_physical_nic(&item.device) { continue; }
984 netin += item.receive;
985 netout += item.send;
986 }
987 rrd_update_derive("host/netin", netin as f64);
988 rrd_update_derive("host/netout", netout as f64);
989 }
990 Err(err) => {
991 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26 992 }
4b709ade 993 }
dd15c0aa 994
4b709ade
DM		 995 match read_loadavg() {
996 Ok(loadavg) => {
997 rrd_update_gauge("host/loadavg", loadavg.0 as f64);
998 }
999 Err(err) => {
1000 eprintln!("read_loadavg failed - {}", err);
485841da 1001 }
4b709ade 1002 }
485841da 1003
4b709ade 1004 let disk_manager = DiskManage::new();
8c03041a 1005
4b709ade 1006 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host");
91e5bb49 1007
4b709ade
DM		 1008 match pbs_config::datastore::config() {
1009 Ok((config, _)) => {
1010 let datastore_list: Vec<DataStoreConfig> =
1011 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70 1012
4b709ade 1013 for config in datastore_list {
8c03041a 1014
4b709ade
DM		 1015 let rrd_prefix = format!("datastore/{}", config.name);
1016 let path = std::path::Path::new(&config.path);
1017 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix);
d0833a70
DM		 1018 }
1019 }
4b709ade
DM		 1020 Err(err) => {
1021 eprintln!("read datastore config failed - {}", err);
1022 }
1023 }
eaeda365 1024}
dd15c0aa 1025
b15751bf
DM		 1026fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
1027 let event = match parse_calendar_event(event_str) {
82c05b41
HL		 1028 Ok(event) => event,
1029 Err(err) => {
1030 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
1031 return false;
1032 }
1033 };
1034
b15751bf 1035 let last = match jobstate::last_run_time(worker_type, &id) {
82c05b41
HL		 1036 Ok(time) => time,
1037 Err(err) => {
1038 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
1039 return false;
1040 }
1041 };
1042
1043 let next = match compute_next_event(&event, last, false) {
1044 Ok(Some(next)) => next,
1045 Ok(None) => return false,
1046 Err(err) => {
1047 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
1048 return false;
1049 }
1050 };
1051
6ef1b649 1052 let now = proxmox_time::epoch_i64();
82c05b41
HL		 1053 next <= now
1054}
1055
1d44f175 1056fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str) {
91e5bb49 1057
934f5bb8 1058 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 1059 Ok(status) => {
91e5bb49 1060 let rrd_key = format!("{}/total", rrd_prefix);
1d44f175 1061 rrd_update_gauge(&rrd_key, status.total as f64);
91e5bb49 1062 let rrd_key = format!("{}/used", rrd_prefix);
1d44f175 1063 rrd_update_gauge(&rrd_key, status.used as f64);
91e5bb49
DM		 1064 }
1065 Err(err) => {
1066 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1067 }
1068 }
1069
934f5bb8
DM		 1070 match disk_manager.find_mounted_device(path) {
1071 Ok(None) => {},
1072 Ok(Some((fs_type, device, source))) => {
1073 let mut device_stat = None;
1074 match fs_type.as_str() {
1075 "zfs" => {
368f4c54
DC		 1076 if let Some(source) = source {
1077 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1078 match zfs_pool_stats(pool) {
934f5bb8
DM		 1079 Ok(stat) => device_stat = stat,
1080 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
91e5bb49
DM		 1081 }
1082 }
934f5bb8
DM		 1083 }
1084 _ => {
1085 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1086 match disk.read_stat() {
1087 Ok(stat) => device_stat = stat,
1088 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1089 }
1090 }
1091 }
91e5bb49 1092 }
934f5bb8
DM		 1093 if let Some(stat) = device_stat {
1094 let rrd_key = format!("{}/read_ios", rrd_prefix);
1d44f175 1095 rrd_update_derive(&rrd_key, stat.read_ios as f64);
934f5bb8 1096 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1d44f175 1097 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64);
dd15c0aa 1098
934f5bb8 1099 let rrd_key = format!("{}/write_ios", rrd_prefix);
1d44f175 1100 rrd_update_derive(&rrd_key, stat.write_ios as f64);
934f5bb8 1101 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1d44f175 1102 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64);
dd15c0aa 1103
934f5bb8 1104 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1d44f175 1105 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0);
8c03041a
DM		 1106 }
1107 }
934f5bb8
DM		 1108 Err(err) => {
1109 eprintln!("find_mounted_device failed - {}", err);
1110 }
8c03041a 1111 }
8c03041a 1112}
e511e0e5
DM		 1113
1114// Rate Limiter lookup
1115
1116// Test WITH
1117// proxmox-backup-client restore vm/201/2021-10-22T09:55:56Z drive-scsi0.img img1.img --repository localhost:store2
1118
a0172d76
DM		 1119async fn run_traffic_control_updater() {
1120
1121 loop {
1122 let delay_target = Instant::now() + Duration::from_secs(1);
1123
1124 {
1125 let mut cache = TRAFFIC_CONTROL_CACHE.lock().unwrap();
1126 cache.compute_current_rates();
1127 }
1128
1129 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
1130 }
1131
e511e0e5
DM		 1132}
1133
1134fn lookup_rate_limiter(
1135 peer: Option<std::net::SocketAddr>,
d5f58006 1136) -> (Option<Arc<dyn ShareableRateLimit>>, Option<Arc<dyn ShareableRateLimit>>) {
e511e0e5
DM		 1137 let mut cache = TRAFFIC_CONTROL_CACHE.lock().unwrap();
1138
1139 let now = proxmox_time::epoch_i64();
1140
1141 cache.reload(now);
1142
1143 let (_rule_name, read_limiter, write_limiter) = cache.lookup_rate_limiter(peer, now);
1144
1145 (read_limiter, write_limiter)
1146}
Proxmox Backup Server and Client