]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rest-server: add cleanup_old_tasks
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
6680878b
DM		 4use std::future::Future;
5use std::pin::Pin;
a2479cfa 6
f7d4e4b5 7use anyhow::{bail, format_err, Error};
a2479cfa 8use futures::*;
7fa9a37c
DM		 9use http::request::Parts;
10use http::Response;
11use hyper::{Body, StatusCode};
12use hyper::header;
13use url::form_urlencoded;
ea368a06 14
a2479cfa 15use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 16use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 17use serde_json::{json, Value};
608806e8 18use http::{Method, HeaderMap};
a2479cfa 19
9ea4bce4 20use proxmox::try_block;
608806e8 21use proxmox::api::{RpcEnvironment, RpcEnvironmentType, UserInformation};
32413921 22use proxmox::sys::linux::socket::set_tcp_keepalive;
fd6d2438
DM		 23use proxmox::tools::fs::CreateOptions;
24
1ec0d70d 25use pbs_tools::task_log;
6d5d305d 26use pbs_datastore::DataStore;
09340f28
DM		 27use proxmox_rrd::DST;
28
48176b0a 29use proxmox_rest_server::{
608806e8
DM		 30 rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
31 ServerAdapter, WorkerTask,
48176b0a 32};
a2479cfa 33
1298618a 34use proxmox_backup::{
09340f28 35 RRD_CACHE,
1298618a 36 server::{
608806e8 37 auth::check_pbs_auth,
1298618a
DM		 38 jobstate::{
39 self,
40 Job,
41 },
1298618a 42 },
1298618a
DM		 43};
44
af06decd 45use pbs_buildcfg::configdir;
84af82e8 46use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
6c76aa43 47use pbs_tools::logrotate::LogRotate;
1298618a 48
89725197
DM		 49use pbs_api_types::{
50 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
51 PruneOptions,
52};
e7d4be9d 53
8bca935f
DM		 54use proxmox_rest_server::daemon;
55
e3f41f21 56use proxmox_backup::server;
d01e2420 57use proxmox_backup::auth_helpers::*;
97168f92 58use proxmox_backup::tools::{
32413921 59 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 60 disks::{
61 DiskManage,
62 zfs_pool_stats,
368f4c54 63 get_pool_from_dataset,
97168f92 64 },
97168f92 65};
02c7a755 66
e7d4be9d 67
a13573c2 68use proxmox_backup::api2::pull::do_sync_job;
8513626b 69use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 70use proxmox_backup::server::do_verification_job;
b8d90798 71use proxmox_backup::server::do_prune_job;
a13573c2 72
946c3e8a 73fn main() -> Result<(), Error> {
ac7513e3
DM		 74 proxmox_backup::tools::setup_safe_path_env();
75
21211748
DM		 76 let backup_uid = pbs_config::backup_user()?.uid;
77 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 78 let running_uid = nix::unistd::Uid::effective();
79 let running_gid = nix::unistd::Gid::effective();
80
81 if running_uid != backup_uid || running_gid != backup_gid {
82 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
83 }
84
d420962f 85 pbs_runtime::main(run())
4223d9f8
DM		 86}
87
48176b0a 88
608806e8
DM		 89struct ProxmoxBackupProxyAdapter;
90
91impl ServerAdapter for ProxmoxBackupProxyAdapter {
92
93 fn get_index(
94 &self,
95 env: RestEnvironment,
96 parts: Parts,
97 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
98 Box::pin(get_index_future(env, parts))
99 }
100
101 fn check_auth<'a>(
102 &'a self,
103 headers: &'a HeaderMap,
104 method: &'a Method,
105 ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
106 Box::pin(async move {
107 check_pbs_auth(headers, method).await
108 })
109 }
110}
111
48176b0a
DM		 112fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
113 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
114 return extract_cookie(cookie, "PBSLangCookie");
115 }
116 None
117}
118
6680878b 119async fn get_index_future(
48176b0a 120 env: RestEnvironment,
7fa9a37c
DM		 121 parts: Parts,
122) -> Response<Body> {
123
48176b0a
DM		 124 let auth_id = env.get_auth_id();
125 let api = env.api_config();
126 let language = extract_lang_header(&parts.headers);
127
128 // fixme: make all IO async
6680878b 129
7fa9a37c
DM		 130 let (userid, csrf_token) = match auth_id {
131 Some(auth_id) => {
132 let auth_id = auth_id.parse::<Authid>();
133 match auth_id {
134 Ok(auth_id) if !auth_id.is_token() => {
135 let userid = auth_id.user().clone();
136 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
137 (Some(userid), Some(new_csrf_token))
138 }
139 _ => (None, None)
140 }
141 }
142 None => (None, None),
143 };
144
145 let nodename = proxmox::tools::nodename();
146 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
147
148 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
149
150 let mut debug = false;
151 let mut template_file = "index";
152
153 if let Some(query_str) = parts.uri.query() {
154 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
155 if k == "debug" && v != "0" && v != "false" {
156 debug = true;
157 } else if k == "console" {
158 template_file = "console";
159 }
160 }
161 }
162
163 let mut lang = String::from("");
164 if let Some(language) = language {
165 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
166 lang = language;
167 }
168 }
169
170 let data = json!({
171 "NodeName": nodename,
172 "UserName": user,
173 "CSRFPreventionToken": csrf_token,
174 "language": lang,
175 "debug": debug,
176 });
177
178 let (ct, index) = match api.render_template(template_file, &data) {
179 Ok(index) => ("text/html", index),
180 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
181 };
182
183 let mut resp = Response::builder()
184 .status(StatusCode::OK)
185 .header(header::CONTENT_TYPE, ct)
186 .body(index.into())
187 .unwrap();
188
189 if let Some(userid) = userid {
190 resp.extensions_mut().insert(Authid::from((userid, None)));
191 }
192
193 resp
194}
195
fda5797b 196async fn run() -> Result<(), Error> {
02c7a755
DM		 197 if let Err(err) = syslog::init(
198 syslog::Facility::LOG_DAEMON,
199 log::LevelFilter::Info,
200 Some("proxmox-backup-proxy")) {
4223d9f8 201 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 202 }
203
e1d367df
DM		 204 // Note: To debug early connection error use
205 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
206 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
207
d01e2420
DM		 208 let _ = public_auth_key(); // load with lazy_static
209 let _ = csrf_secret(); // load with lazy_static
210
02c7a755 211 let mut config = ApiConfig::new(
af06decd 212 pbs_buildcfg::JS_DIR,
26858dba
SR		 213 &proxmox_backup::api2::ROUTER,
214 RpcEnvironmentType::PUBLIC,
608806e8 215 ProxmoxBackupProxyAdapter,
26858dba 216 )?;
02c7a755 217
02c7a755
DM		 218 config.add_alias("novnc", "/usr/share/novnc-pve");
219 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 220 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 221 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
222 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 223 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 224 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 225 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 226
af06decd 227 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 228 indexpath.push("index.hbs");
229 config.register_template("index", &indexpath)?;
01ca99da 230 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 231
fd6d2438 232 let backup_user = pbs_config::backup_user()?;
49e25688 233 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 234
235 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
236 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 237
0d5d15c9 238 config.enable_access_log(
fd6d2438 239 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 240 Some(dir_opts.clone()),
241 Some(file_opts.clone()),
242 &mut commando_sock,
243 )?;
244
245 config.enable_auth_log(
246 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 247 Some(dir_opts.clone()),
248 Some(file_opts.clone()),
fd6d2438
DM		 249 &mut commando_sock,
250 )?;
8e7e2223 251
02c7a755 252 let rest_server = RestServer::new(config);
b9700a9f 253 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 254
6d1f61b2 255 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 256
4ce7da51 257 // we build the initial acceptor here as we cannot start if this fails
c381a162 258 let acceptor = make_tls_acceptor()?;
4ce7da51 259 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 260
4ce7da51 261 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 262 commando_sock.register_command(
263 "reload-certificate".to_string(),
264 {
4ce7da51 265 let acceptor = Arc::clone(&acceptor);
a723c087 266 move |_value| -> Result<_, Error> {
4ce7da51
DM		 267 log::info!("reloading certificate");
268 match make_tls_acceptor() {
269 Err(err) => log::error!("error reloading certificate: {}", err),
270 Ok(new_acceptor) => {
271 let mut guard = acceptor.lock().unwrap();
272 *guard = new_acceptor;
273 }
274 }
a723c087
WB		 275 Ok(Value::Null)
276 }
277 },
278 )?;
0d176f36 279
062cf75c
DC		 280 // to remove references for not configured datastores
281 commando_sock.register_command(
282 "datastore-removed".to_string(),
283 |_value| {
6d5d305d 284 if let Err(err) = DataStore::remove_unused_datastores() {
062cf75c
DC		 285 log::error!("could not refresh datastores: {}", err);
286 }
287 Ok(Value::Null)
288 }
289 )?;
290
a690ecac
WB		 291 let server = daemon::create_daemon(
292 ([0,0,0,0,0,0,0,0], 8007).into(),
d2654200 293 move |listener| {
97168f92 294
4ce7da51 295 let connections = accept_connections(listener, acceptor, debug);
7c667013 296 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd 297
d2654200
DM		 298 Ok(async {
299 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
300
301 hyper::Server::builder(connections)
083ff3fd 302 .serve(rest_server)
fd6d2438 303 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd 304 .map_err(Error::from)
d2654200
DM		 305 .await
306 })
a2ca7137 307 },
083ff3fd 308 );
a2ca7137 309
b9700a9f 310 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a 311
fda5797b 312 let init_result: Result<(), Error> = try_block!({
b9700a9f 313 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 314 commando_sock.spawn()?;
fd1b65cc
DM		 315 proxmox_rest_server::catch_shutdown_signal()?;
316 proxmox_rest_server::catch_reload_signal()?;
fda5797b
WB		 317 Ok(())
318 });
d607b886 319
fda5797b
WB		 320 if let Err(err) = init_result {
321 bail!("unable to start daemon - {}", err);
322 }
e3f41f21 323
8545480a 324 start_task_scheduler();
eaeda365 325 start_stat_generator();
8545480a 326
083ff3fd 327 server.await?;
a546a8a0 328 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 329 proxmox_rest_server::last_worker_future().await?;
fda5797b 330 log::info!("done - exit server");
e3f41f21 331
4223d9f8 332 Ok(())
02c7a755 333}
8545480a 334
4ce7da51 335fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 336 let key_path = configdir!("/proxy.key");
337 let cert_path = configdir!("/proxy.pem");
338
339 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
340 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
341 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
342 acceptor.set_certificate_chain_file(cert_path)
343 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
344 acceptor.check_private_key().unwrap();
345
4ce7da51 346 Ok(acceptor.build())
c381a162
WB		 347}
348
a5e3be49
WB		 349type ClientStreamResult =
350 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
351const MAX_PENDING_ACCEPTS: usize = 1024;
352
48aa2b93 353fn accept_connections(
0bfcea6a 354 listener: tokio::net::TcpListener,
4ce7da51 355 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 356 debug: bool,
a5e3be49 357) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 358
ea93bea7 359 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 360
4ce7da51 361 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 362
363 receiver
364}
365
366async fn accept_connection(
367 listener: tokio::net::TcpListener,
4ce7da51 368 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 369 debug: bool,
370 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
371) {
ea93bea7 372 let accept_counter = Arc::new(());
48aa2b93 373
a5e3be49 374 loop {
4ce7da51
DM		 375 let (sock, _addr) = match listener.accept().await {
376 Ok(conn) => conn,
377 Err(err) => {
378 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 379 continue;
a5e3be49 380 }
cc269b9f 381 };
48aa2b93 382
cc269b9f
WB		 383 sock.set_nodelay(true).unwrap();
384 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 385
4ce7da51
DM		 386 let ssl = { // limit acceptor_guard scope
387 // Acceptor can be reloaded using the command socket "reload-certificate" command
388 let acceptor_guard = acceptor.lock().unwrap();
389
390 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
391 Ok(ssl) => ssl,
392 Err(err) => {
393 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
394 continue;
395 },
396 }
cc269b9f 397 };
4ce7da51 398
cc269b9f
WB		 399 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
400 Ok(stream) => stream,
401 Err(err) => {
402 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
403 continue;
404 },
405 };
406
407 let mut stream = Box::pin(stream);
408 let sender = sender.clone();
409
410 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
411 eprintln!("connection rejected - to many open connections");
412 continue;
48aa2b93 413 }
cc269b9f 414
b4931192 415 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 416 tokio::spawn(async move {
417 let accept_future = tokio::time::timeout(
418 Duration::new(10, 0), stream.as_mut().accept());
419
420 let result = accept_future.await;
421
422 match result {
423 Ok(Ok(())) => {
424 if sender.send(Ok(stream)).await.is_err() && debug {
425 eprintln!("detect closed connection channel");
426 }
427 }
428 Ok(Err(err)) => {
429 if debug {
430 eprintln!("https handshake failed - {}", err);
431 }
432 }
433 Err(_) => {
434 if debug {
435 eprintln!("https handshake timeout");
436 }
437 }
438 }
439
440 drop(accept_counter); // decrease reference count
441 });
a5e3be49 442 }
48aa2b93
DM		 443}
444
eaeda365 445fn start_stat_generator() {
fd6d2438 446 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 447 let future = Box::pin(run_stat_generator());
448 let task = futures::future::select(future, abort_future);
449 tokio::spawn(task.map(|_| ()));
450}
451
8545480a 452fn start_task_scheduler() {
fd6d2438 453 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 454 let future = Box::pin(run_task_scheduler());
455 let task = futures::future::select(future, abort_future);
456 tokio::spawn(task.map(|_| ()));
457}
458
6a7be83e 459use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 460
461fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 462 let now = SystemTime::now();
463 let epoch_now = now.duration_since(UNIX_EPOCH)?;
464 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 465 Ok(Instant::now() + epoch_next - epoch_now)
466}
467
468async fn run_task_scheduler() {
469
470 let mut count: usize = 0;
471
472 loop {
473 count += 1;
474
475 let delay_target = match next_minute() { // try to run very minute
476 Ok(d) => d,
477 Err(err) => {
478 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 479 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 480 continue;
481 }
482 };
483
484 if count > 2 { // wait 1..2 minutes before starting
485 match schedule_tasks().catch_unwind().await {
486 Err(panic) => {
487 match panic.downcast::<&str>() {
488 Ok(msg) => {
489 eprintln!("task scheduler panic: {}", msg);
490 }
491 Err(_) => {
492 eprintln!("task scheduler panic - unknown type");
493 }
494 }
495 }
496 Ok(Err(err)) => {
497 eprintln!("task scheduler failed - {:?}", err);
498 }
499 Ok(Ok(_)) => {}
500 }
501 }
502
0a8d773a 503 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 504 }
505}
506
507async fn schedule_tasks() -> Result<(), Error> {
508
509 schedule_datastore_garbage_collection().await;
25829a87 510 schedule_datastore_prune().await;
a6160cdf 511 schedule_datastore_sync_jobs().await;
73df9c51 512 schedule_datastore_verify_jobs().await;
8513626b 513 schedule_tape_backup_jobs().await;
9a760917 514 schedule_task_log_rotate().await;
8545480a
DM		 515
516 Ok(())
517}
518
8545480a
DM		 519async fn schedule_datastore_garbage_collection() {
520
e7d4be9d 521 let config = match pbs_config::datastore::config() {
8545480a
DM		 522 Err(err) => {
523 eprintln!("unable to read datastore config - {}", err);
524 return;
525 }
526 Ok((config, _digest)) => config,
527 };
528
529 for (store, (_, store_config)) in config.sections {
530 let datastore = match DataStore::lookup_datastore(&store) {
531 Ok(datastore) => datastore,
532 Err(err) => {
533 eprintln!("lookup_datastore failed - {}", err);
534 continue;
535 }
536 };
537
25829a87 538 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 539 Ok(c) => c,
540 Err(err) => {
541 eprintln!("datastore config from_value failed - {}", err);
542 continue;
543 }
544 };
545
546 let event_str = match store_config.gc_schedule {
547 Some(event_str) => event_str,
548 None => continue,
549 };
550
551 let event = match parse_calendar_event(&event_str) {
552 Ok(event) => event,
553 Err(err) => {
554 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
555 continue;
556 }
557 };
558
559 if datastore.garbage_collection_running() { continue; }
560
561 let worker_type = "garbage_collection";
562
b6ba5acd
DC		 563 let last = match jobstate::last_run_time(worker_type, &store) {
564 Ok(time) => time,
565 Err(err) => {
566 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
567 continue;
8545480a
DM		 568 }
569 };
570
571 let next = match compute_next_event(&event, last, false) {
15ec790a
DC		 572 Ok(Some(next)) => next,
573 Ok(None) => continue,
8545480a
DM		 574 Err(err) => {
575 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
576 continue;
577 }
578 };
e693818a 579
6a7be83e
DM		 580 let now = proxmox::tools::time::epoch_i64();
581
8545480a
DM		 582 if next > now { continue; }
583
1cd951c9 584 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 585 Ok(job) => job,
586 Err(_) => continue, // could not get lock
587 };
588
ad54df31 589 let auth_id = Authid::root_auth_id();
d7a122a0 590
c724f658 591 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 592 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 593 }
594 }
595}
25829a87
DM		 596
597async fn schedule_datastore_prune() {
598
e7d4be9d 599 let config = match pbs_config::datastore::config() {
25829a87
DM		 600 Err(err) => {
601 eprintln!("unable to read datastore config - {}", err);
602 return;
603 }
604 Ok((config, _digest)) => config,
605 };
606
607 for (store, (_, store_config)) in config.sections {
25829a87
DM		 608
609 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
610 Ok(c) => c,
611 Err(err) => {
a6160cdf 612 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 613 continue;
614 }
615 };
616
617 let event_str = match store_config.prune_schedule {
618 Some(event_str) => event_str,
619 None => continue,
620 };
621
622 let prune_options = PruneOptions {
623 keep_last: store_config.keep_last,
624 keep_hourly: store_config.keep_hourly,
625 keep_daily: store_config.keep_daily,
626 keep_weekly: store_config.keep_weekly,
627 keep_monthly: store_config.keep_monthly,
628 keep_yearly: store_config.keep_yearly,
629 };
630
89725197 631 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 632 continue;
633 }
634
25829a87 635 let worker_type = "prune";
b15751bf 636 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 637 let job = match Job::new(worker_type, &store) {
638 Ok(job) => job,
639 Err(_) => continue, // could not get lock
640 };
25829a87 641
ad54df31 642 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 643 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
644 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 645 }
646 };
25829a87
DM		 647 }
648}
a6160cdf
DM		 649
650async fn schedule_datastore_sync_jobs() {
651
a6160cdf 652
a4e5a0fc 653 let config = match pbs_config::sync::config() {
a6160cdf
DM		 654 Err(err) => {
655 eprintln!("unable to read sync job config - {}", err);
656 return;
657 }
658 Ok((config, _digest)) => config,
659 };
660
a6160cdf
DM		 661 for (job_id, (_, job_config)) in config.sections {
662 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
663 Ok(c) => c,
664 Err(err) => {
665 eprintln!("sync job config from_value failed - {}", err);
666 continue;
667 }
668 };
669
670 let event_str = match job_config.schedule {
671 Some(ref event_str) => event_str.clone(),
672 None => continue,
673 };
674
c67b1fa7 675 let worker_type = "syncjob";
b15751bf 676 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 677 let job = match Job::new(worker_type, &job_id) {
678 Ok(job) => job,
679 Err(_) => continue, // could not get lock
680 };
a6160cdf 681
ad54df31 682 let auth_id = Authid::root_auth_id().clone();
bfa942c0 683 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 684 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 685 }
686 };
a6160cdf
DM		 687 }
688}
eaeda365 689
73df9c51 690async fn schedule_datastore_verify_jobs() {
1298618a 691
802189f7 692 let config = match pbs_config::verify::config() {
73df9c51
HL		 693 Err(err) => {
694 eprintln!("unable to read verification job config - {}", err);
695 return;
696 }
697 Ok((config, _digest)) => config,
698 };
699 for (job_id, (_, job_config)) in config.sections {
700 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
701 Ok(c) => c,
702 Err(err) => {
703 eprintln!("verification job config from_value failed - {}", err);
704 continue;
705 }
706 };
707 let event_str = match job_config.schedule {
708 Some(ref event_str) => event_str.clone(),
709 None => continue,
710 };
82c05b41 711
73df9c51 712 let worker_type = "verificationjob";
ad54df31 713 let auth_id = Authid::root_auth_id().clone();
b15751bf 714 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 715 let job = match Job::new(&worker_type, &job_id) {
716 Ok(job) => job,
717 Err(_) => continue, // could not get lock
718 };
bfa942c0 719 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 720 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 721 }
722 };
73df9c51
HL		 723 }
724}
725
8513626b
DM		 726async fn schedule_tape_backup_jobs() {
727
e3619d41 728 let config = match pbs_config::tape_job::config() {
8513626b
DM		 729 Err(err) => {
730 eprintln!("unable to read tape job config - {}", err);
731 return;
732 }
733 Ok((config, _digest)) => config,
734 };
735 for (job_id, (_, job_config)) in config.sections {
736 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
737 Ok(c) => c,
738 Err(err) => {
739 eprintln!("tape backup job config from_value failed - {}", err);
740 continue;
741 }
742 };
743 let event_str = match job_config.schedule {
744 Some(ref event_str) => event_str.clone(),
745 None => continue,
746 };
747
748 let worker_type = "tape-backup-job";
749 let auth_id = Authid::root_auth_id().clone();
750 if check_schedule(worker_type, &event_str, &job_id) {
751 let job = match Job::new(&worker_type, &job_id) {
752 Ok(job) => job,
753 Err(_) => continue, // could not get lock
754 };
bfa942c0 755 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 756 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 757 }
758 };
759 }
760}
761
762
9a760917 763async fn schedule_task_log_rotate() {
9a760917
DC		 764
765 let worker_type = "logrotate";
72aa1834 766 let job_id = "access-log_and_task-archive";
9a760917 767
9a760917
DC		 768 // schedule daily at 00:00 like normal logrotate
769 let schedule = "00:00";
770
b15751bf 771 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 772 // if we never ran the rotation, schedule instantly
773 match jobstate::JobState::load(worker_type, job_id) {
774 Ok(state) => match state {
775 jobstate::JobState::Created { .. } => {},
776 _ => return,
777 },
778 _ => return,
779 }
780 }
781
782 let mut job = match Job::new(worker_type, job_id) {
783 Ok(job) => job,
784 Err(_) => return, // could not get lock
785 };
786
787 if let Err(err) = WorkerTask::new_thread(
788 worker_type,
72aa1834 789 None,
049a22a3 790 Authid::root_auth_id().to_string(),
9a760917
DC		 791 false,
792 move |worker| {
793 job.start(&worker.upid().to_string())?;
1ec0d70d 794 task_log!(worker, "starting task log rotation");
e4f5f59e 795
9a760917 796 let result = try_block!({
b7f2be51
TL		 797 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
798 let max_files = 20; // times twenty files gives > 100000 task entries
9a760917
DC		 799 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
800 if has_rotated {
1ec0d70d 801 task_log!(worker, "task log archive was rotated");
9a760917 802 } else {
1ec0d70d 803 task_log!(worker, "task log archive was not rotated");
9a760917
DC		 804 }
805
fe4cc5b1
TL		 806 let max_size = 32 * 1024 * 1024 - 1;
807 let max_files = 14;
af06decd 808 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
fe4cc5b1
TL		 809 .ok_or_else(|| format_err!("could not get API access log file names"))?;
810
fe7bdc9d 811 if logrotate.rotate(max_size, None, Some(max_files))? {
fe4cc5b1 812 println!("rotated access log, telling daemons to re-open log file");
36b7085e 813 pbs_runtime::block_on(command_reopen_access_logfiles())?;
1ec0d70d 814 task_log!(worker, "API access log was rotated");
fe7bdc9d 815 } else {
1ec0d70d 816 task_log!(worker, "API access log was not rotated");
fe7bdc9d
TL		 817 }
818
af06decd 819 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
fe7bdc9d 820 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
fe4cc5b1 821
fe7bdc9d 822 if logrotate.rotate(max_size, None, Some(max_files))? {
36b7085e
DM		 823 println!("rotated auth log, telling daemons to re-open log file");
824 pbs_runtime::block_on(command_reopen_auth_logfiles())?;
1ec0d70d 825 task_log!(worker, "API authentication log was rotated");
fe4cc5b1 826 } else {
1ec0d70d 827 task_log!(worker, "API authentication log was not rotated");
fe4cc5b1
TL		 828 }
829
9a760917
DC		 830 Ok(())
831 });
832
833 let status = worker.create_state(&result);
834
835 if let Err(err) = job.finish(status) {
836 eprintln!("could not finish job state for {}: {}", worker_type, err);
837 }
838
839 result
840 },
841 ) {
842 eprintln!("unable to start task log rotation: {}", err);
843 }
844
845}
846
36b7085e 847async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 848 // only care about the most recent daemon instance for each, proxy & api, as other older ones
849 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 850 let sock = proxmox_rest_server::our_ctrl_sock();
fd6d2438 851 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 852
b9700a9f
DM		 853 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
854 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
fd6d2438 855 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 856
857 match futures::join!(f1, f2) {
858 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
859 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 860 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
861 _ => Ok(()),
862 }
863}
864
865async fn command_reopen_auth_logfiles() -> Result<(), Error> {
866 // only care about the most recent daemon instance for each, proxy & api, as other older ones
867 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 868 let sock = proxmox_rest_server::our_ctrl_sock();
36b7085e
DM		 869 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
870
b9700a9f
DM		 871 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
872 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
36b7085e
DM		 873 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
874
875 match futures::join!(f1, f2) {
876 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
877 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 878 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
879 _ => Ok(()),
880 }
fe4cc5b1
TL		 881}
882
eaeda365
DM		 883async fn run_stat_generator() {
884
013fa7bb 885 let mut count = 0;
eaeda365 886 loop {
013fa7bb 887 count += 1;
a720894f 888 let save = if count >= 6 { count = 0; true } else { false };
013fa7bb 889
eaeda365
DM		 890 let delay_target = Instant::now() + Duration::from_secs(10);
891
013fa7bb 892 generate_host_stats(save).await;
eaeda365 893
0a8d773a 894 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 895
896 }
eaeda365
DM		 897
898}
899
013fa7bb 900fn rrd_update_gauge(name: &str, value: f64, save: bool) {
09340f28 901 if let Err(err) = RRD_CACHE.update_value(name, value, DST::Gauge, save) {
309ef20d
DM		 902 eprintln!("rrd::update_value '{}' failed - {}", name, err);
903 }
904}
905
013fa7bb 906fn rrd_update_derive(name: &str, value: f64, save: bool) {
09340f28 907 if let Err(err) = RRD_CACHE.update_value(name, value, DST::Derive, save) {
309ef20d
DM		 908 eprintln!("rrd::update_value '{}' failed - {}", name, err);
909 }
910}
911
013fa7bb 912async fn generate_host_stats(save: bool) {
8f0cec26 913 use proxmox::sys::linux::procfs::{
485841da 914 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 915
d420962f 916 pbs_runtime::block_in_place(move || {
4f951399
DM		 917
918 match read_proc_stat() {
919 Ok(stat) => {
013fa7bb
DM		 920 rrd_update_gauge("host/cpu", stat.cpu, save);
921 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
4f951399
DM		 922 }
923 Err(err) => {
924 eprintln!("read_proc_stat failed - {}", err);
eaeda365
DM		 925 }
926 }
2c66a590 927
4f951399
DM		 928 match read_meminfo() {
929 Ok(meminfo) => {
013fa7bb
DM		 930 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
931 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
932 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
933 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
a4a3f7ca 934 }
4f951399
DM		 935 Err(err) => {
936 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca
DM		 937 }
938 }
8f0cec26 939
4f951399
DM		 940 match read_proc_net_dev() {
941 Ok(netdev) => {
6f422880 942 use pbs_config::network::is_physical_nic;
4f951399
DM		 943 let mut netin = 0;
944 let mut netout = 0;
945 for item in netdev {
946 if !is_physical_nic(&item.device) { continue; }
947 netin += item.receive;
948 netout += item.send;
949 }
013fa7bb
DM		 950 rrd_update_derive("host/netin", netin as f64, save);
951 rrd_update_derive("host/netout", netout as f64, save);
8f0cec26 952 }
4f951399
DM		 953 Err(err) => {
954 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26
DM		 955 }
956 }
dd15c0aa 957
485841da
DM		 958 match read_loadavg() {
959 Ok(loadavg) => {
013fa7bb 960 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
485841da
DM		 961 }
962 Err(err) => {
963 eprintln!("read_loadavg failed - {}", err);
964 }
965 }
966
8c03041a
DM		 967 let disk_manager = DiskManage::new();
968
013fa7bb 969 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
91e5bb49 970
e7d4be9d 971 match pbs_config::datastore::config() {
d0833a70 972 Ok((config, _)) => {
e7d4be9d 973 let datastore_list: Vec<DataStoreConfig> =
17c7b46a 974 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70
DM		 975
976 for config in datastore_list {
8c03041a 977
91e5bb49 978 let rrd_prefix = format!("datastore/{}", config.name);
8c03041a 979 let path = std::path::Path::new(&config.path);
013fa7bb 980 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
d0833a70
DM		 981 }
982 }
983 Err(err) => {
984 eprintln!("read datastore config failed - {}", err);
985 }
986 }
987
4f951399 988 });
eaeda365 989}
dd15c0aa 990
b15751bf
DM		 991fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
992 let event = match parse_calendar_event(event_str) {
82c05b41
HL		 993 Ok(event) => event,
994 Err(err) => {
995 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
996 return false;
997 }
998 };
999
b15751bf 1000 let last = match jobstate::last_run_time(worker_type, &id) {
82c05b41
HL		 1001 Ok(time) => time,
1002 Err(err) => {
1003 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
1004 return false;
1005 }
1006 };
1007
1008 let next = match compute_next_event(&event, last, false) {
1009 Ok(Some(next)) => next,
1010 Ok(None) => return false,
1011 Err(err) => {
1012 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
1013 return false;
1014 }
1015 };
1016
1017 let now = proxmox::tools::time::epoch_i64();
1018 next <= now
1019}
1020
013fa7bb 1021fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
91e5bb49 1022
934f5bb8 1023 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 1024 Ok(status) => {
91e5bb49 1025 let rrd_key = format!("{}/total", rrd_prefix);
33070956 1026 rrd_update_gauge(&rrd_key, status.total as f64, save);
91e5bb49 1027 let rrd_key = format!("{}/used", rrd_prefix);
33070956 1028 rrd_update_gauge(&rrd_key, status.used as f64, save);
91e5bb49
DM		 1029 }
1030 Err(err) => {
1031 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1032 }
1033 }
1034
934f5bb8
DM		 1035 match disk_manager.find_mounted_device(path) {
1036 Ok(None) => {},
1037 Ok(Some((fs_type, device, source))) => {
1038 let mut device_stat = None;
1039 match fs_type.as_str() {
1040 "zfs" => {
368f4c54
DC		 1041 if let Some(source) = source {
1042 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1043 match zfs_pool_stats(pool) {
934f5bb8
DM		 1044 Ok(stat) => device_stat = stat,
1045 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
91e5bb49
DM		 1046 }
1047 }
934f5bb8
DM		 1048 }
1049 _ => {
1050 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1051 match disk.read_stat() {
1052 Ok(stat) => device_stat = stat,
1053 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1054 }
1055 }
1056 }
91e5bb49 1057 }
934f5bb8
DM		 1058 if let Some(stat) = device_stat {
1059 let rrd_key = format!("{}/read_ios", rrd_prefix);
1060 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
1061 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1062 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
dd15c0aa 1063
934f5bb8
DM		 1064 let rrd_key = format!("{}/write_ios", rrd_prefix);
1065 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
1066 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1067 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
dd15c0aa 1068
934f5bb8
DM		 1069 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1070 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
8c03041a
DM		 1071 }
1072 }
934f5bb8
DM		 1073 Err(err) => {
1074 eprintln!("find_mounted_device failed - {}", err);
1075 }
8c03041a 1076 }
8c03041a 1077}
Proxmox Backup Server and Client