]> git.proxmox.com Git - pve-storage.git/blob - src/PVE/Storage/PBSPlugin.pm
projects / pve-storage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fixup error messages when getting file size info
[pve-storage.git] / src / PVE / Storage / PBSPlugin.pm
1 package PVE::Storage::PBSPlugin;
2
3 # Plugin to access Proxmox Backup Server
4
5 use strict;
6 use warnings;
7
8 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
9 use IO::File;
10 use JSON;
11 use MIME::Base64 qw(decode_base64);
12 use POSIX qw(mktime strftime ENOENT);
13 use POSIX::strptime;
14
15 use PVE::APIClient::LWP;
16 use PVE::JSONSchema qw(get_standard_option);
17 use PVE::Network;
18 use PVE::PBSClient;
19 use PVE::Storage::Plugin;
20 use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach $IPV6RE);
21
22 use base qw(PVE::Storage::Plugin);
23
24 # Configuration
25
26 sub type {
27 return 'pbs';
28 }
29
30 sub plugindata {
31 return {
32 content => [ {backup => 1, none => 1}, { backup => 1 }],
33 };
34 }
35
36 sub properties {
37 return {
38 datastore => {
39 description => "Proxmox Backup Server datastore name.",
40 type => 'string',
41 },
42 # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
43 fingerprint => get_standard_option('fingerprint-sha256'),
44 'encryption-key' => {
45 description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
46 type => 'string',
47 },
48 'master-pubkey' => {
49 description => "Base64-encoded, PEM-formatted public RSA key. Used to encrypt a copy of the encryption-key which will be added to each encrypted backup.",
50 type => 'string',
51 },
52 port => {
53 description => "For non default port.",
54 type => 'integer',
55 minimum => 1,
56 maximum => 65535,
57 },
58 };
59 }
60
61 sub options {
62 return {
63 server => { fixed => 1 },
64 datastore => { fixed => 1 },
65 namespace => { optional => 1 },
66 port => { optional => 1 },
67 nodes => { optional => 1},
68 disable => { optional => 1},
69 content => { optional => 1},
70 username => { optional => 1 },
71 password => { optional => 1 },
72 'encryption-key' => { optional => 1 },
73 'master-pubkey' => { optional => 1 },
74 maxfiles => { optional => 1 },
75 'prune-backups' => { optional => 1 },
76 'max-protected-backups' => { optional => 1 },
77 fingerprint => { optional => 1 },
78 };
79 }
80
81 # Helpers
82
83 sub pbs_password_file_name {
84 my ($scfg, $storeid) = @_;
85
86 return "/etc/pve/priv/storage/${storeid}.pw";
87 }
88
89 sub pbs_set_password {
90 my ($scfg, $storeid, $password) = @_;
91
92 my $pwfile = pbs_password_file_name($scfg, $storeid);
93 mkdir "/etc/pve/priv/storage";
94
95 PVE::Tools::file_set_contents($pwfile, "$password\n");
96 }
97
98 sub pbs_delete_password {
99 my ($scfg, $storeid) = @_;
100
101 my $pwfile = pbs_password_file_name($scfg, $storeid);
102
103 unlink $pwfile;
104 }
105
106 sub pbs_get_password {
107 my ($scfg, $storeid) = @_;
108
109 my $pwfile = pbs_password_file_name($scfg, $storeid);
110
111 return PVE::Tools::file_read_firstline($pwfile);
112 }
113
114 sub pbs_encryption_key_file_name {
115 my ($scfg, $storeid) = @_;
116
117 return "/etc/pve/priv/storage/${storeid}.enc";
118 }
119
120 sub pbs_set_encryption_key {
121 my ($scfg, $storeid, $key) = @_;
122
123 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
124 mkdir "/etc/pve/priv/storage";
125
126 PVE::Tools::file_set_contents($pwfile, "$key\n");
127 }
128
129 sub pbs_delete_encryption_key {
130 my ($scfg, $storeid) = @_;
131
132 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
133
134 if (!unlink $pwfile) {
135 return if $! == ENOENT;
136 die "failed to delete encryption key! $!\n";
137 }
138 delete $scfg->{'encryption-key'};
139 }
140
141 sub pbs_get_encryption_key {
142 my ($scfg, $storeid) = @_;
143
144 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
145
146 return PVE::Tools::file_get_contents($pwfile);
147 }
148
149 # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
150 sub pbs_open_encryption_key {
151 my ($scfg, $storeid) = @_;
152
153 my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid);
154
155 my $keyfd;
156 if (!open($keyfd, '<', $encryption_key_file)) {
157 if ($! == ENOENT) {
158 my $encryption_fp = $scfg->{'encryption-key'};
159 die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
160 if $encryption_fp;
161 return undef;
162 }
163 die "failed to open encryption key: $encryption_key_file: $!\n";
164 }
165
166 return $keyfd;
167 }
168
169 sub pbs_master_pubkey_file_name {
170 my ($scfg, $storeid) = @_;
171
172 return "/etc/pve/priv/storage/${storeid}.master.pem";
173 }
174
175 sub pbs_set_master_pubkey {
176 my ($scfg, $storeid, $key) = @_;
177
178 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
179 mkdir "/etc/pve/priv/storage";
180
181 PVE::Tools::file_set_contents($pwfile, "$key\n");
182 }
183
184 sub pbs_delete_master_pubkey {
185 my ($scfg, $storeid) = @_;
186
187 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
188
189 if (!unlink $pwfile) {
190 return if $! == ENOENT;
191 die "failed to delete master public key! $!\n";
192 }
193 delete $scfg->{'master-pubkey'};
194 }
195
196 sub pbs_get_master_pubkey {
197 my ($scfg, $storeid) = @_;
198
199 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
200
201 return PVE::Tools::file_get_contents($pwfile);
202 }
203
204 # Returns a file handle if there is a master key, or `undef` if there is not. Dies on error.
205 sub pbs_open_master_pubkey {
206 my ($scfg, $storeid) = @_;
207
208 my $master_pubkey_file = pbs_master_pubkey_file_name($scfg, $storeid);
209
210 my $keyfd;
211 if (!open($keyfd, '<', $master_pubkey_file)) {
212 if ($! == ENOENT) {
213 die "master public key configured but no key file found!\n"
214 if $scfg->{'master-pubkey'};
215 return undef;
216 }
217 die "failed to open master public key: $master_pubkey_file: $!\n";
218 }
219
220 return $keyfd;
221 }
222
223 sub print_volid {
224 my ($storeid, $btype, $bid, $btime) = @_;
225
226 my $time_str = strftime("%FT%TZ", gmtime($btime));
227 my $volname = "backup/${btype}/${bid}/${time_str}";
228
229 return "${storeid}:${volname}";
230 }
231
232 my sub ns : prototype($$) {
233 my ($scfg, $name) = @_;
234 my $ns = $scfg->{namespace};
235 return defined($ns) ? ($name, $ns) : ();
236 }
237
238 # essentially the inverse of print_volid
239 my sub api_param_from_volname : prototype($$$) {
240 my ($class, $scfg, $volname) = @_;
241
242 my $name = ($class->parse_volname($volname))[1];
243
244 my ($btype, $bid, $timestr) = split('/', $name);
245
246 my @tm = (POSIX::strptime($timestr, "%FT%TZ"));
247 # expect sec, min, hour, mday, mon, year
248 die "error parsing time from '$volname'" if grep { !defined($_) } @tm[0..5];
249
250 my $btime;
251 {
252 local $ENV{TZ} = 'UTC'; # $timestr is UTC
253
254 # Fill in isdst to avoid undef warning. No daylight saving time for UTC.
255 $tm[8] //= 0;
256
257 my $since_epoch = mktime(@tm) or die "error converting time from '$volname'\n";
258 $btime = int($since_epoch);
259 }
260
261 return {
262 (ns($scfg, 'ns')),
263 'backup-type' => $btype,
264 'backup-id' => $bid,
265 'backup-time' => $btime,
266 };
267 }
268
269 my $USE_CRYPT_PARAMS = {
270 backup => 1,
271 restore => 1,
272 'upload-log' => 1,
273 };
274
275 my $USE_MASTER_KEY = {
276 backup => 1,
277 };
278
279 my sub do_raw_client_cmd {
280 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
281
282 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
283 my $use_master = $USE_MASTER_KEY->{$client_cmd};
284
285 my $client_exe = '/usr/bin/proxmox-backup-client';
286 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
287 if ! -x $client_exe;
288
289 my $repo = PVE::PBSClient::get_repository($scfg);
290
291 my $userns_cmd = delete $opts{userns_cmd};
292
293 my $cmd = [];
294
295 push @$cmd, @$userns_cmd if defined($userns_cmd);
296
297 push @$cmd, $client_exe, $client_cmd;
298
299 # This must live in the top scope to not get closed before the `run_command`
300 my ($keyfd, $master_fd);
301 if ($use_crypto) {
302 if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
303 my $flags = fcntl($keyfd, F_GETFD, 0)
304 // die "failed to get file descriptor flags: $!\n";
305 fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
306 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
307 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
308 if ($use_master && defined($master_fd = pbs_open_master_pubkey($scfg, $storeid))) {
309 my $flags = fcntl($master_fd, F_GETFD, 0)
310 // die "failed to get file descriptor flags: $!\n";
311 fcntl($master_fd, F_SETFD, $flags & ~FD_CLOEXEC)
312 or die "failed to remove FD_CLOEXEC from master public key file descriptor\n";
313 push @$cmd, '--master-pubkey-fd='.fileno($master_fd);
314 }
315 } else {
316 push @$cmd, '--crypt-mode=none';
317 }
318 }
319
320 push @$cmd, @$param if defined($param);
321
322 push @$cmd, "--repository", $repo;
323 if ($client_cmd ne 'status' && defined(my $ns = $scfg->{namespace})) {
324 push @$cmd, '--ns', $ns;
325 }
326
327 local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
328
329 local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
330
331 # no ascii-art on task logs
332 local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
333 local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
334
335 if (my $logfunc = $opts{logfunc}) {
336 $logfunc->("run: " . join(' ', @$cmd));
337 }
338
339 run_command($cmd, %opts);
340 }
341
342 # FIXME: External perl code should NOT have access to this.
343 #
344 # There should be separate functions to
345 # - make backups
346 # - restore backups
347 # - restore files
348 # with a sane API
349 sub run_raw_client_cmd {
350 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
351 return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
352 }
353
354 sub run_client_cmd {
355 my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_;
356
357 my $json_str = '';
358 my $outfunc = sub { $json_str .= "$_[0]\n" };
359
360 $param = [] if !defined($param);
361 $param = [ $param ] if !ref($param);
362
363 $param = [@$param, '--output-format=json'] if !$no_output;
364
365 do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
366 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
367
368 return undef if $no_output;
369
370 my $res = decode_json($json_str);
371
372 return $res;
373 }
374
375 # Storage implementation
376
377 sub extract_vzdump_config {
378 my ($class, $scfg, $volname, $storeid) = @_;
379
380 my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname);
381
382 my $config = '';
383 my $outfunc = sub { $config .= "$_[0]\n" };
384
385 my $config_name;
386 if ($format eq 'pbs-vm') {
387 $config_name = 'qemu-server.conf';
388 } elsif ($format eq 'pbs-ct') {
389 $config_name = 'pct.conf';
390 } else {
391 die "unable to extract configuration for backup format '$format'\n";
392 }
393
394 do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
395 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
396
397 return $config;
398 }
399
400 sub prune_backups {
401 my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
402
403 $logfunc //= sub { print "$_[1]\n" };
404
405 $type = 'vm' if defined($type) && $type eq 'qemu';
406 $type = 'ct' if defined($type) && $type eq 'lxc';
407
408 my $backup_groups = {};
409
410 if (defined($vmid) && defined($type)) {
411 # no need to get the list of volumes, we only got a single backup group anyway
412 $backup_groups->{"$type/$vmid"} = 1;
413 } else {
414 my $backups = eval { $class->list_volumes($storeid, $scfg, $vmid, ['backup']) };
415 die "failed to get list of all backups to prune - $@" if $@;
416
417 foreach my $backup (@{$backups}) {
418 (my $backup_type = $backup->{format}) =~ s/^pbs-//;
419 next if defined($type) && $backup_type ne $type;
420
421 my $backup_group = "$backup_type/$backup->{vmid}";
422 $backup_groups->{$backup_group} = 1;
423 }
424 }
425
426 my @param;
427
428 my $keep_all = delete $keep->{'keep-all'};
429
430 if (!$keep_all) {
431 foreach my $opt (keys %{$keep}) {
432 next if $keep->{$opt} == 0;
433 push @param, "--$opt";
434 push @param, "$keep->{$opt}";
435 }
436 } else { # no need to pass anything to PBS
437 $keep = { 'keep-all' => 1 };
438 }
439
440 push @param, '--dry-run' if $dryrun;
441
442 my $prune_list = [];
443 my $failed;
444
445 foreach my $backup_group (keys %{$backup_groups}) {
446 $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
447 if !$dryrun;
448 eval {
449 my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
450
451 foreach my $backup (@{$res}) {
452 die "result from proxmox-backup-client is not as expected\n"
453 if !defined($backup->{'backup-time'})
454 || !defined($backup->{'backup-type'})
455 || !defined($backup->{'backup-id'})
456 || !defined($backup->{'keep'});
457
458 my $ctime = $backup->{'backup-time'};
459 my $type = $backup->{'backup-type'};
460 my $vmid = $backup->{'backup-id'};
461 my $volid = print_volid($storeid, $type, $vmid, $ctime);
462
463 my $mark = $backup->{keep} ? 'keep' : 'remove';
464 $mark = 'protected' if $backup->{protected};
465
466 push @{$prune_list}, {
467 ctime => $ctime,
468 mark => $mark,
469 type => $type eq 'vm' ? 'qemu' : 'lxc',
470 vmid => $vmid,
471 volid => $volid,
472 };
473 }
474 };
475 if (my $err = $@) {
476 $logfunc->('err', "prune '$backup_group': $err\n");
477 $failed = 1;
478 }
479 }
480 die "error pruning backups - check log\n" if $failed;
481
482 return $prune_list;
483 }
484
485 my $autogen_encryption_key = sub {
486 my ($scfg, $storeid) = @_;
487 my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
488 if (-f $encfile) {
489 rename $encfile, "$encfile.old";
490 }
491 my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
492 run_command($cmd, errmsg => 'failed to create encryption key');
493 return PVE::Tools::file_get_contents($encfile);
494 };
495
496 sub on_add_hook {
497 my ($class, $storeid, $scfg, %param) = @_;
498
499 my $res = {};
500
501 if (defined(my $password = $param{password})) {
502 pbs_set_password($scfg, $storeid, $password);
503 } else {
504 pbs_delete_password($scfg, $storeid);
505 }
506
507 if (defined(my $encryption_key = $param{'encryption-key'})) {
508 my $decoded_key;
509 if ($encryption_key eq 'autogen') {
510 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
511 $decoded_key = decode_json($res->{'encryption-key'});
512 } else {
513 $decoded_key = eval { decode_json($encryption_key) };
514 if ($@ || !exists($decoded_key->{data})) {
515 die "Value does not seems like a valid, JSON formatted encryption key!\n";
516 }
517 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
518 $res->{'encryption-key'} = $encryption_key;
519 }
520 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
521 } else {
522 pbs_delete_encryption_key($scfg, $storeid);
523 }
524
525 if (defined(my $master_key = delete $param{'master-pubkey'})) {
526 die "'master-pubkey' can only be used together with 'encryption-key'\n"
527 if !defined($scfg->{'encryption-key'});
528
529 my $decoded = decode_base64($master_key);
530 pbs_set_master_pubkey($scfg, $storeid, $decoded);
531 $scfg->{'master-pubkey'} = 1;
532 } else {
533 pbs_delete_master_pubkey($scfg, $storeid);
534 }
535
536 return $res;
537 }
538
539 sub on_update_hook {
540 my ($class, $storeid, $scfg, %param) = @_;
541
542 my $res = {};
543
544 if (exists($param{password})) {
545 if (defined($param{password})) {
546 pbs_set_password($scfg, $storeid, $param{password});
547 } else {
548 pbs_delete_password($scfg, $storeid);
549 }
550 }
551
552 if (exists($param{'encryption-key'})) {
553 if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
554 my $decoded_key;
555 if ($encryption_key eq 'autogen') {
556 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
557 $decoded_key = decode_json($res->{'encryption-key'});
558 } else {
559 $decoded_key = eval { decode_json($encryption_key) };
560 if ($@ || !exists($decoded_key->{data})) {
561 die "Value does not seems like a valid, JSON formatted encryption key!\n";
562 }
563 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
564 $res->{'encryption-key'} = $encryption_key;
565 }
566 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
567 } else {
568 pbs_delete_encryption_key($scfg, $storeid);
569 delete $scfg->{'encryption-key'};
570 }
571 }
572
573 if (exists($param{'master-pubkey'})) {
574 if (defined(my $master_key = delete($param{'master-pubkey'}))) {
575 my $decoded = decode_base64($master_key);
576
577 pbs_set_master_pubkey($scfg, $storeid, $decoded);
578 $scfg->{'master-pubkey'} = 1;
579 } else {
580 pbs_delete_master_pubkey($scfg, $storeid);
581 }
582 }
583
584 return $res;
585 }
586
587 sub on_delete_hook {
588 my ($class, $storeid, $scfg) = @_;
589
590 pbs_delete_password($scfg, $storeid);
591 pbs_delete_encryption_key($scfg, $storeid);
592 pbs_delete_master_pubkey($scfg, $storeid);
593
594 return;
595 }
596
597 sub parse_volname {
598 my ($class, $volname) = @_;
599
600 if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) {
601 my $btype = $1;
602 my $bid = $2;
603 my $btime = $3;
604 my $format = "pbs-$btype";
605
606 my $name = "$btype/$bid/$btime";
607
608 if ($bid =~ m/^\d+$/) {
609 return ('backup', $name, $bid, undef, undef, undef, $format);
610 } else {
611 return ('backup', $name, undef, undef, undef, undef, $format);
612 }
613 }
614
615 die "unable to parse PBS volume name '$volname'\n";
616 }
617
618 sub path {
619 my ($class, $scfg, $volname, $storeid, $snapname) = @_;
620
621 die "volume snapshot is not possible on pbs storage"
622 if defined($snapname);
623
624 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
625
626 my $repo = PVE::PBSClient::get_repository($scfg);
627
628 # artificial url - we currently do not use that anywhere
629 my $path = "pbs://$repo/$name";
630 if (defined(my $ns = $scfg->{namespace})) {
631 $ns =~ s|/|%2f|g; # other characters to escape aren't allowed in the namespace schema
632 $path .= "?ns=$ns";
633 }
634
635 return ($path, $vmid, $vtype);
636 }
637
638 sub create_base {
639 my ($class, $storeid, $scfg, $volname) = @_;
640
641 die "can't create base images in pbs storage\n";
642 }
643
644 sub clone_image {
645 my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_;
646
647 die "can't clone images in pbs storage\n";
648 }
649
650 sub alloc_image {
651 my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_;
652
653 die "can't allocate space in pbs storage\n";
654 }
655
656 sub free_image {
657 my ($class, $storeid, $scfg, $volname, $isBase) = @_;
658
659 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
660
661 run_client_cmd($scfg, $storeid, "forget", [ $name ], 1);
662
663 return;
664 }
665
666
667 sub list_images {
668 my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_;
669
670 my $res = [];
671
672 return $res;
673 }
674
675 my sub snapshot_files_encrypted {
676 my ($files) = @_;
677 return 0 if !$files;
678
679 my $any;
680 my $all = 1;
681 for my $file (@$files) {
682 my $fn = $file->{filename};
683 next if $fn eq 'client.log.blob' || $fn eq 'index.json.blob';
684
685 my $crypt = $file->{'crypt-mode'};
686
687 $all = 0 if !$crypt || $crypt ne 'encrypt';
688 $any ||= defined($crypt) && $crypt eq 'encrypt';
689 }
690 return $any && $all;
691 }
692
693 # TODO: use a client with native rust/proxmox-backup bindings to profit from
694 # API schema checks and types
695 my sub pbs_api_connect {
696 my ($scfg, $password, $timeout) = @_;
697
698 my $params = {};
699
700 my $user = $scfg->{username} // 'root@pam';
701
702 if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
703 $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
704 } else {
705 $params->{password} = $password;
706 $params->{username} = $user;
707 }
708
709 if (my $fp = $scfg->{fingerprint}) {
710 $params->{cached_fingerprints}->{uc($fp)} = 1;
711 }
712
713 my $conn = PVE::APIClient::LWP->new(
714 %$params,
715 host => $scfg->{server},
716 port => $scfg->{port} // 8007,
717 timeout => ($timeout // 7), # cope with a 401 (3s api delay) and high latency
718 cookie_name => 'PBSAuthCookie',
719 );
720
721 return $conn;
722 }
723
724 sub list_volumes {
725 my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
726
727 my $res = [];
728
729 return $res if !grep { $_ eq 'backup' } @$content_types;
730
731 my $password = pbs_get_password($scfg, $storeid);
732 my $conn = pbs_api_connect($scfg, $password, 120);
733 my $datastore = $scfg->{datastore};
734
735 my $param = {};
736 $param->{'backup-id'} = "$vmid" if defined($vmid);
737 $param->{'ns'} = "$scfg->{namespace}" if defined($scfg->{namespace});
738 my $data = eval { $conn->get("/api2/json/admin/datastore/$datastore/snapshots", $param); };
739 die "error listing snapshots - $@" if $@;
740
741 foreach my $item (@$data) {
742 my $btype = $item->{"backup-type"};
743 my $bid = $item->{"backup-id"};
744 my $epoch = $item->{"backup-time"};
745 my $size = $item->{size} // 1;
746
747 next if !($btype eq 'vm' || $btype eq 'ct');
748 next if $bid !~ m/^\d+$/;
749 next if defined($vmid) && $bid ne $vmid;
750
751 my $volid = print_volid($storeid, $btype, $bid, $epoch);
752
753 my $info = {
754 volid => $volid,
755 format => "pbs-$btype",
756 size => $size,
757 content => 'backup',
758 vmid => int($bid),
759 ctime => $epoch,
760 subtype => $btype eq 'vm' ? 'qemu' : 'lxc', # convert to PVE backup type
761 };
762
763 $info->{verification} = $item->{verification} if defined($item->{verification});
764 $info->{notes} = $item->{comment} if defined($item->{comment});
765 $info->{protected} = 1 if $item->{protected};
766 if (defined($item->{fingerprint})) {
767 $info->{encrypted} = $item->{fingerprint};
768 } elsif (snapshot_files_encrypted($item->{files})) {
769 $info->{encrypted} = '1';
770 }
771
772 push @$res, $info;
773 }
774
775 return $res;
776 }
777
778 sub status {
779 my ($class, $storeid, $scfg, $cache) = @_;
780
781 my $total = 0;
782 my $free = 0;
783 my $used = 0;
784 my $active = 0;
785
786 eval {
787 my $res = run_client_cmd($scfg, $storeid, "status");
788
789 $active = 1;
790 $total = $res->{total};
791 $used = $res->{used};
792 $free = $res->{avail};
793 };
794 if (my $err = $@) {
795 warn $err;
796 }
797
798 return ($total, $free, $used, $active);
799 }
800
801 # can also be used for not (yet) added storages, pass $scfg with
802 # {
803 # server
804 # user
805 # port (optional default to 8007)
806 # fingerprint (optional for trusted certs)
807 # }
808 sub scan_datastores {
809 my ($scfg, $password) = @_;
810
811 my $conn = pbs_api_connect($scfg, $password);
812
813 my $response = eval { $conn->get('/api2/json/admin/datastore', {}) };
814 die "error fetching datastores - $@" if $@;
815
816 return $response;
817 }
818
819 sub activate_storage {
820 my ($class, $storeid, $scfg, $cache) = @_;
821
822 my $password = pbs_get_password($scfg, $storeid);
823
824 my $datastores = eval { scan_datastores($scfg, $password) };
825 die "$storeid: $@" if $@;
826
827 my $datastore = $scfg->{datastore};
828
829 for my $ds (@$datastores) {
830 if ($ds->{store} eq $datastore) {
831 return 1;
832 }
833 }
834
835 die "$storeid: Cannot find datastore '$datastore', check permissions and existence!\n";
836 }
837
838 sub deactivate_storage {
839 my ($class, $storeid, $scfg, $cache) = @_;
840 return 1;
841 }
842
843 sub activate_volume {
844 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
845
846 die "volume snapshot is not possible on pbs device" if $snapname;
847
848 return 1;
849 }
850
851 sub deactivate_volume {
852 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
853
854 die "volume snapshot is not possible on pbs device" if $snapname;
855
856 return 1;
857 }
858
859 # FIXME remove on the next APIAGE reset.
860 # Deprecated, use get_volume_attribute instead.
861 sub get_volume_notes {
862 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
863
864 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
865
866 my $data = run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "show", $name ]);
867
868 return $data->{notes};
869 }
870
871 # FIXME remove on the next APIAGE reset.
872 # Deprecated, use update_volume_attribute instead.
873 sub update_volume_notes {
874 my ($class, $scfg, $storeid, $volname, $notes, $timeout) = @_;
875
876 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
877
878 run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "update", $name, $notes ], 1);
879
880 return undef;
881 }
882
883 sub get_volume_attribute {
884 my ($class, $scfg, $storeid, $volname, $attribute) = @_;
885
886 if ($attribute eq 'notes') {
887 return $class->get_volume_notes($scfg, $storeid, $volname);
888 }
889
890 if ($attribute eq 'protected') {
891 my $param = api_param_from_volname($class, $scfg, $volname);
892
893 my $password = pbs_get_password($scfg, $storeid);
894 my $conn = pbs_api_connect($scfg, $password);
895 my $datastore = $scfg->{datastore};
896
897 my $res = eval { $conn->get("/api2/json/admin/datastore/$datastore/$attribute", $param); };
898 if (my $err = $@) {
899 return if $err->{code} == 404; # not supported
900 die $err;
901 }
902 return $res;
903 }
904
905 return;
906 }
907
908 sub update_volume_attribute {
909 my ($class, $scfg, $storeid, $volname, $attribute, $value) = @_;
910
911 if ($attribute eq 'notes') {
912 return $class->update_volume_notes($scfg, $storeid, $volname, $value);
913 }
914
915 if ($attribute eq 'protected') {
916 my $param = api_param_from_volname($class, $scfg, $volname);
917 $param->{$attribute} = $value;
918
919 my $password = pbs_get_password($scfg, $storeid);
920 my $conn = pbs_api_connect($scfg, $password);
921 my $datastore = $scfg->{datastore};
922
923 eval { $conn->put("/api2/json/admin/datastore/$datastore/$attribute", $param); };
924 if (my $err = $@) {
925 die "Server is not recent enough to support feature '$attribute'\n"
926 if $err->{code} == 404;
927 die $err;
928 }
929 return;
930 }
931
932 die "attribute '$attribute' is not supported for storage type '$scfg->{type}'\n";
933 }
934
935 sub volume_size_info {
936 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
937
938 my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
939
940 my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]);
941
942 my $size = 0;
943 foreach my $info (@$data) {
944 if ($info->{size} && $info->{size} =~ /^(\d+)$/) { # untaints
945 $size += $1;
946 }
947 }
948
949 my $used = $size;
950
951 return wantarray ? ($size, $format, $used, undef) : $size;
952 }
953
954 sub volume_resize {
955 my ($class, $scfg, $storeid, $volname, $size, $running) = @_;
956 die "volume resize is not possible on pbs device";
957 }
958
959 sub volume_snapshot {
960 my ($class, $scfg, $storeid, $volname, $snap) = @_;
961 die "volume snapshot is not possible on pbs device";
962 }
963
964 sub volume_snapshot_rollback {
965 my ($class, $scfg, $storeid, $volname, $snap) = @_;
966 die "volume snapshot rollback is not possible on pbs device";
967 }
968
969 sub volume_snapshot_delete {
970 my ($class, $scfg, $storeid, $volname, $snap) = @_;
971 die "volume snapshot delete is not possible on pbs device";
972 }
973
974 sub volume_has_feature {
975 my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_;
976
977 return undef;
978 }
979
980 1;
Storage library