1 //! Datastore Management
3 use std
::collections
::HashSet
;
5 use std
::os
::unix
::ffi
::OsStrExt
;
6 use std
::path
::PathBuf
;
8 use anyhow
::{bail, format_err, Error}
;
10 use hyper
::http
::request
::Parts
;
11 use hyper
::{header, Body, Response, StatusCode}
;
12 use serde_json
::{json, Value}
;
13 use tokio_stream
::wrappers
::ReceiverStream
;
16 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
17 RpcEnvironment
, RpcEnvironmentType
, Permission
19 use proxmox
::api
::router
::SubdirMap
;
20 use proxmox
::api
::schema
::*;
21 use proxmox
::tools
::fs
::{
22 file_read_firstline
, file_read_optional_string
, replace_file
, CreateOptions
,
24 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
26 use pxar
::accessor
::aio
::Accessor
;
29 use pbs_api_types
::{ Authid
, BackupContent
, Counts
, CryptMode
,
30 DataStoreListItem
, GarbageCollectionStatus
, GroupListItem
,
31 SnapshotListItem
, SnapshotVerifyState
, PruneOptions
,
32 DataStoreStatus
, RRDMode
, RRDTimeFrameResolution
,
33 BACKUP_ARCHIVE_NAME_SCHEMA
, BACKUP_ID_SCHEMA
, BACKUP_TIME_SCHEMA
,
34 BACKUP_TYPE_SCHEMA
, DATASTORE_SCHEMA
,
35 IGNORE_VERIFIED_BACKUPS_SCHEMA
, UPID_SCHEMA
,
36 VERIFICATION_OUTDATED_AFTER_SCHEMA
, PRIV_DATASTORE_AUDIT
,
37 PRIV_DATASTORE_MODIFY
, PRIV_DATASTORE_READ
, PRIV_DATASTORE_PRUNE
,
38 PRIV_DATASTORE_BACKUP
, PRIV_DATASTORE_VERIFY
,
41 use pbs_client
::pxar
::create_zip
;
42 use pbs_datastore
::{BackupDir, BackupGroup, StoreProgress, CATALOG_NAME}
;
43 use pbs_datastore
::backup_info
::BackupInfo
;
44 use pbs_datastore
::cached_chunk_reader
::CachedChunkReader
;
45 use pbs_datastore
::catalog
::{ArchiveEntry, CatalogReader}
;
46 use pbs_datastore
::data_blob
::DataBlob
;
47 use pbs_datastore
::data_blob_reader
::DataBlobReader
;
48 use pbs_datastore
::dynamic_index
::{BufferedDynamicReader, DynamicIndexReader, LocalDynamicReadAt}
;
49 use pbs_datastore
::fixed_index
::{FixedIndexReader}
;
50 use pbs_datastore
::index
::IndexFile
;
51 use pbs_datastore
::manifest
::{BackupManifest, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME}
;
52 use pbs_datastore
::prune
::compute_prune_info
;
53 use pbs_tools
::blocking
::WrappedReaderStream
;
54 use pbs_tools
::stream
::{AsyncReaderStream, AsyncChannelWriter}
;
55 use pbs_tools
::json
::{required_integer_param, required_string_param}
;
56 use pbs_config
::CachedUserInfo
;
57 use proxmox_rest_server
::{WorkerTask, formatter}
;
59 use crate::api2
::node
::rrd
::create_value_from_rrd
;
61 check_backup_owner
, verify_all_backups
, verify_backup_group
, verify_backup_dir
, verify_filter
,
62 DataStore
, LocalChunkReader
,
65 use crate::server
::jobstate
::Job
;
68 const GROUP_NOTES_FILE_NAME
: &str = "notes";
70 fn get_group_note_path(store
: &DataStore
, group
: &BackupGroup
) -> PathBuf
{
71 let mut note_path
= store
.base_path();
72 note_path
.push(group
.group_path());
73 note_path
.push(GROUP_NOTES_FILE_NAME
);
77 fn check_priv_or_backup_owner(
82 ) -> Result
<(), Error
> {
83 let user_info
= CachedUserInfo
::new()?
;
84 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", store
.name()]);
86 if privs
& required_privs
== 0 {
87 let owner
= store
.get_owner(group
)?
;
88 check_backup_owner(&owner
, auth_id
)?
;
95 backup_dir
: &BackupDir
,
96 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
98 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
100 let mut result
= Vec
::new();
101 for item
in manifest
.files() {
102 result
.push(BackupContent
{
103 filename
: item
.filename
.clone(),
104 crypt_mode
: Some(item
.crypt_mode
),
105 size
: Some(item
.size
),
109 result
.push(BackupContent
{
110 filename
: MANIFEST_BLOB_NAME
.to_string(),
111 crypt_mode
: match manifest
.signature
{
112 Some(_
) => Some(CryptMode
::SignOnly
),
113 None
=> Some(CryptMode
::None
),
115 size
: Some(index_size
),
118 Ok((manifest
, result
))
121 fn get_all_snapshot_files(
124 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
126 let (manifest
, mut files
) = read_backup_index(&store
, &info
.backup_dir
)?
;
128 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
129 acc
.insert(item
.filename
.clone());
133 for file
in &info
.files
{
134 if file_set
.contains(file
) { continue; }
135 files
.push(BackupContent
{
136 filename
: file
.to_string(),
142 Ok((manifest
, files
))
149 schema
: DATASTORE_SCHEMA
,
153 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_GROUPS_RETURN_TYPE
,
155 permission
: &Permission
::Privilege(
156 &["datastore", "{store}"],
157 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
161 /// List backup groups.
164 rpcenv
: &mut dyn RpcEnvironment
,
165 ) -> Result
<Vec
<GroupListItem
>, Error
> {
167 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
168 let user_info
= CachedUserInfo
::new()?
;
169 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
171 let datastore
= DataStore
::lookup_datastore(&store
)?
;
172 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
174 let backup_groups
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
176 let group_info
= backup_groups
178 .fold(Vec
::new(), |mut group_info
, group
| {
179 let owner
= match datastore
.get_owner(&group
) {
180 Ok(auth_id
) => auth_id
,
182 eprintln
!("Failed to get owner of group '{}/{}' - {}",
189 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
193 let snapshots
= match group
.list_backups(&datastore
.base_path()) {
194 Ok(snapshots
) => snapshots
,
200 let backup_count
: u64 = snapshots
.len() as u64;
201 if backup_count
== 0 {
205 let last_backup
= snapshots
207 .fold(&snapshots
[0], |last
, curr
| {
208 if curr
.is_finished()
209 && curr
.backup_dir
.backup_time() > last
.backup_dir
.backup_time() {
217 let note_path
= get_group_note_path(&datastore
, &group
);
218 let comment
= file_read_firstline(¬e_path
).ok();
220 group_info
.push(GroupListItem
{
221 backup_type
: group
.backup_type().to_string(),
222 backup_id
: group
.backup_id().to_string(),
223 last_backup
: last_backup
.backup_dir
.backup_time(),
226 files
: last_backup
.files
,
240 schema
: DATASTORE_SCHEMA
,
243 schema
: BACKUP_TYPE_SCHEMA
,
246 schema
: BACKUP_ID_SCHEMA
,
251 permission
: &Permission
::Privilege(
252 &["datastore", "{store}"],
253 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
257 /// Delete backup group including all snapshots.
263 rpcenv
: &mut dyn RpcEnvironment
,
264 ) -> Result
<Value
, Error
> {
266 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
268 let group
= BackupGroup
::new(backup_type
, backup_id
);
269 let datastore
= DataStore
::lookup_datastore(&store
)?
;
271 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
273 datastore
.remove_backup_group(&group
)?
;
282 schema
: DATASTORE_SCHEMA
,
285 schema
: BACKUP_TYPE_SCHEMA
,
288 schema
: BACKUP_ID_SCHEMA
,
291 schema
: BACKUP_TIME_SCHEMA
,
295 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOT_FILES_RETURN_TYPE
,
297 permission
: &Permission
::Privilege(
298 &["datastore", "{store}"],
299 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
303 /// List snapshot files.
304 pub fn list_snapshot_files(
310 rpcenv
: &mut dyn RpcEnvironment
,
311 ) -> Result
<Vec
<BackupContent
>, Error
> {
313 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
314 let datastore
= DataStore
::lookup_datastore(&store
)?
;
316 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
318 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)?
;
320 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
322 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
331 schema
: DATASTORE_SCHEMA
,
334 schema
: BACKUP_TYPE_SCHEMA
,
337 schema
: BACKUP_ID_SCHEMA
,
340 schema
: BACKUP_TIME_SCHEMA
,
345 permission
: &Permission
::Privilege(
346 &["datastore", "{store}"],
347 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
351 /// Delete backup snapshot.
352 pub fn delete_snapshot(
358 rpcenv
: &mut dyn RpcEnvironment
,
359 ) -> Result
<Value
, Error
> {
361 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
363 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
364 let datastore
= DataStore
::lookup_datastore(&store
)?
;
366 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
368 datastore
.remove_backup_dir(&snapshot
, false)?
;
377 schema
: DATASTORE_SCHEMA
,
381 schema
: BACKUP_TYPE_SCHEMA
,
385 schema
: BACKUP_ID_SCHEMA
,
389 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOTS_RETURN_TYPE
,
391 permission
: &Permission
::Privilege(
392 &["datastore", "{store}"],
393 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
397 /// List backup snapshots.
398 pub fn list_snapshots (
400 backup_type
: Option
<String
>,
401 backup_id
: Option
<String
>,
404 rpcenv
: &mut dyn RpcEnvironment
,
405 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
407 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
408 let user_info
= CachedUserInfo
::new()?
;
409 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
411 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
413 let datastore
= DataStore
::lookup_datastore(&store
)?
;
415 let base_path
= datastore
.base_path();
417 let groups
= match (backup_type
, backup_id
) {
418 (Some(backup_type
), Some(backup_id
)) => {
419 let mut groups
= Vec
::with_capacity(1);
420 groups
.push(BackupGroup
::new(backup_type
, backup_id
));
423 (Some(backup_type
), None
) => {
424 BackupInfo
::list_backup_groups(&base_path
)?
426 .filter(|group
| group
.backup_type() == backup_type
)
429 (None
, Some(backup_id
)) => {
430 BackupInfo
::list_backup_groups(&base_path
)?
432 .filter(|group
| group
.backup_id() == backup_id
)
435 _
=> BackupInfo
::list_backup_groups(&base_path
)?
,
438 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
439 let backup_type
= group
.backup_type().to_string();
440 let backup_id
= group
.backup_id().to_string();
441 let backup_time
= info
.backup_dir
.backup_time();
443 match get_all_snapshot_files(&datastore
, &info
) {
444 Ok((manifest
, files
)) => {
445 // extract the first line from notes
446 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
448 .and_then(|notes
| notes
.lines().next())
451 let fingerprint
= match manifest
.fingerprint() {
454 eprintln
!("error parsing fingerprint: '{}'", err
);
459 let verification
= manifest
.unprotected
["verify_state"].clone();
460 let verification
: Option
<SnapshotVerifyState
> = match serde_json
::from_value(verification
) {
461 Ok(verify
) => verify
,
463 eprintln
!("error parsing verification state : '{}'", err
);
468 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
483 eprintln
!("error during snapshot file listing: '{}'", err
);
487 .map(|filename
| BackupContent
{
511 .try_fold(Vec
::new(), |mut snapshots
, group
| {
512 let owner
= match datastore
.get_owner(group
) {
513 Ok(auth_id
) => auth_id
,
515 eprintln
!("Failed to get owner of group '{}/{}' - {}",
519 return Ok(snapshots
);
523 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
524 return Ok(snapshots
);
527 let group_backups
= group
.list_backups(&datastore
.base_path())?
;
532 .map(|info
| info_to_snapshot_list_item(&group
, Some(owner
.clone()), info
))
539 fn get_snapshots_count(store
: &DataStore
, filter_owner
: Option
<&Authid
>) -> Result
<Counts
, Error
> {
540 let base_path
= store
.base_path();
541 let groups
= BackupInfo
::list_backup_groups(&base_path
)?
;
545 let owner
= match store
.get_owner(&group
) {
548 eprintln
!("Failed to get owner of group '{}/{}' - {}",
557 Some(filter
) => check_backup_owner(&owner
, filter
).is_ok(),
561 .try_fold(Counts
::default(), |mut counts
, group
| {
562 let snapshot_count
= group
.list_backups(&base_path
)?
.len() as u64;
564 let type_count
= match group
.backup_type() {
565 "ct" => counts
.ct
.get_or_insert(Default
::default()),
566 "vm" => counts
.vm
.get_or_insert(Default
::default()),
567 "host" => counts
.host
.get_or_insert(Default
::default()),
568 _
=> counts
.other
.get_or_insert(Default
::default()),
571 type_count
.groups
+= 1;
572 type_count
.snapshots
+= snapshot_count
;
582 schema
: DATASTORE_SCHEMA
,
588 description
: "Include additional information like snapshot counts and GC status.",
594 type: DataStoreStatus
,
597 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
600 /// Get datastore status.
605 rpcenv
: &mut dyn RpcEnvironment
,
606 ) -> Result
<DataStoreStatus
, Error
> {
607 let datastore
= DataStore
::lookup_datastore(&store
)?
;
608 let storage
= crate::tools
::disks
::disk_usage(&datastore
.base_path())?
;
609 let (counts
, gc_status
) = if verbose
{
610 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
611 let user_info
= CachedUserInfo
::new()?
;
613 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
614 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
620 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
)?
);
621 let gc_status
= Some(datastore
.last_gc_status());
629 total
: storage
.total
,
631 avail
: storage
.avail
,
641 schema
: DATASTORE_SCHEMA
,
644 schema
: BACKUP_TYPE_SCHEMA
,
648 schema
: BACKUP_ID_SCHEMA
,
652 schema
: IGNORE_VERIFIED_BACKUPS_SCHEMA
,
656 schema
: VERIFICATION_OUTDATED_AFTER_SCHEMA
,
660 schema
: BACKUP_TIME_SCHEMA
,
669 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_VERIFY
| PRIV_DATASTORE_BACKUP
, true),
674 /// This function can verify a single backup snapshot, all backup from a backup group,
675 /// or all backups in the datastore.
678 backup_type
: Option
<String
>,
679 backup_id
: Option
<String
>,
680 backup_time
: Option
<i64>,
681 ignore_verified
: Option
<bool
>,
682 outdated_after
: Option
<i64>,
683 rpcenv
: &mut dyn RpcEnvironment
,
684 ) -> Result
<Value
, Error
> {
685 let datastore
= DataStore
::lookup_datastore(&store
)?
;
686 let ignore_verified
= ignore_verified
.unwrap_or(true);
688 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
691 let mut backup_dir
= None
;
692 let mut backup_group
= None
;
693 let mut worker_type
= "verify";
695 match (backup_type
, backup_id
, backup_time
) {
696 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
697 worker_id
= format
!("{}:{}/{}/{:08X}", store
, backup_type
, backup_id
, backup_time
);
698 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
700 check_priv_or_backup_owner(&datastore
, dir
.group(), &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
702 backup_dir
= Some(dir
);
703 worker_type
= "verify_snapshot";
705 (Some(backup_type
), Some(backup_id
), None
) => {
706 worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
707 let group
= BackupGroup
::new(backup_type
, backup_id
);
709 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
711 backup_group
= Some(group
);
712 worker_type
= "verify_group";
714 (None
, None
, None
) => {
715 worker_id
= store
.clone();
717 _
=> bail
!("parameters do not specify a backup group or snapshot"),
720 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
722 let upid_str
= WorkerTask
::new_thread(
728 let verify_worker
= crate::backup
::VerifyWorker
::new(worker
.clone(), datastore
);
729 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
730 let mut res
= Vec
::new();
731 if !verify_backup_dir(
734 worker
.upid().clone(),
735 Some(&move |manifest
| {
736 verify_filter(ignore_verified
, outdated_after
, manifest
)
739 res
.push(backup_dir
.to_string());
742 } else if let Some(backup_group
) = backup_group
{
743 let failed_dirs
= verify_backup_group(
746 &mut StoreProgress
::new(1),
748 Some(&move |manifest
| {
749 verify_filter(ignore_verified
, outdated_after
, manifest
)
754 let privs
= CachedUserInfo
::new()?
755 .lookup_privs(&auth_id
, &["datastore", &store
]);
757 let owner
= if privs
& PRIV_DATASTORE_VERIFY
== 0 {
767 Some(&move |manifest
| {
768 verify_filter(ignore_verified
, outdated_after
, manifest
)
772 if !failed_dirs
.is_empty() {
773 worker
.log("Failed to verify the following snapshots/groups:");
774 for dir
in failed_dirs
{
775 worker
.log(format
!("\t{}", dir
));
777 bail
!("verification failed - please check the log for details");
790 schema
: BACKUP_ID_SCHEMA
,
793 schema
: BACKUP_TYPE_SCHEMA
,
799 description
: "Just show what prune would do, but do not delete anything.",
806 schema
: DATASTORE_SCHEMA
,
810 returns
: pbs_api_types
::ADMIN_DATASTORE_PRUNE_RETURN_TYPE
,
812 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
815 /// Prune a group on the datastore
820 prune_options
: PruneOptions
,
823 rpcenv
: &mut dyn RpcEnvironment
,
824 ) -> Result
<Value
, Error
> {
826 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
828 let group
= BackupGroup
::new(&backup_type
, &backup_id
);
830 let datastore
= DataStore
::lookup_datastore(&store
)?
;
832 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
834 let worker_id
= format
!("{}:{}/{}", store
, &backup_type
, &backup_id
);
836 let mut prune_result
= Vec
::new();
838 let list
= group
.list_backups(&datastore
.base_path())?
;
840 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
842 prune_info
.reverse(); // delete older snapshots first
844 let keep_all
= !pbs_datastore
::prune
::keeps_something(&prune_options
);
847 for (info
, mut keep
) in prune_info
{
848 if keep_all { keep = true; }
850 let backup_time
= info
.backup_dir
.backup_time();
851 let group
= info
.backup_dir
.group();
853 prune_result
.push(json
!({
854 "backup-type": group
.backup_type(),
855 "backup-id": group
.backup_id(),
856 "backup-time": backup_time
,
860 return Ok(json
!(prune_result
));
864 // We use a WorkerTask just to have a task log, but run synchrounously
865 let worker
= WorkerTask
::new("prune", Some(worker_id
), auth_id
.to_string(), true)?
;
868 worker
.log("No prune selection - keeping all files.");
870 worker
.log(format
!("retention options: {}", pbs_datastore
::prune
::cli_options_string(&prune_options
)));
871 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
872 store
, backup_type
, backup_id
));
875 for (info
, mut keep
) in prune_info
{
876 if keep_all { keep = true; }
878 let backup_time
= info
.backup_dir
.backup_time();
879 let timestamp
= info
.backup_dir
.backup_time_string();
880 let group
= info
.backup_dir
.group();
888 if keep { "keep" }
else { "remove" }
,
893 prune_result
.push(json
!({
894 "backup-type": group
.backup_type(),
895 "backup-id": group
.backup_id(),
896 "backup-time": backup_time
,
900 if !(dry_run
|| keep
) {
901 if let Err(err
) = datastore
.remove_backup_dir(&info
.backup_dir
, false) {
904 "failed to remove dir {:?}: {}",
905 info
.backup_dir
.relative_path(), err
912 worker
.log_result(&Ok(()));
914 Ok(json
!(prune_result
))
924 description
: "Just show what prune would do, but do not delete anything.",
931 schema
: DATASTORE_SCHEMA
,
939 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
942 /// Prune the datastore
943 pub fn prune_datastore(
945 prune_options
: PruneOptions
,
948 rpcenv
: &mut dyn RpcEnvironment
,
949 ) -> Result
<String
, Error
> {
951 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
953 let datastore
= DataStore
::lookup_datastore(&store
)?
;
955 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
957 let upid_str
= WorkerTask
::new_thread(
962 move |worker
| crate::server
::prune_datastore(
979 schema
: DATASTORE_SCHEMA
,
987 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
990 /// Start garbage collection.
991 pub fn start_garbage_collection(
994 rpcenv
: &mut dyn RpcEnvironment
,
995 ) -> Result
<Value
, Error
> {
997 let datastore
= DataStore
::lookup_datastore(&store
)?
;
998 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1000 let job
= Job
::new("garbage_collection", &store
)
1001 .map_err(|_
| format_err
!("garbage collection already running"))?
;
1003 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1005 let upid_str
= crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
1006 .map_err(|err
| format_err
!("unable to start garbage collection job on datastore {} - {}", store
, err
))?
;
1015 schema
: DATASTORE_SCHEMA
,
1020 type: GarbageCollectionStatus
,
1023 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
1026 /// Garbage collection status.
1027 pub fn garbage_collection_status(
1030 _rpcenv
: &mut dyn RpcEnvironment
,
1031 ) -> Result
<GarbageCollectionStatus
, Error
> {
1033 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1035 let status
= datastore
.last_gc_status();
1042 description
: "List the accessible datastores.",
1044 items
: { type: DataStoreListItem }
,
1047 permission
: &Permission
::Anybody
,
1051 pub fn get_datastore_list(
1054 rpcenv
: &mut dyn RpcEnvironment
,
1055 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
1057 let (config
, _digest
) = pbs_config
::datastore
::config()?
;
1059 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1060 let user_info
= CachedUserInfo
::new()?
;
1062 let mut list
= Vec
::new();
1064 for (store
, (_
, data
)) in &config
.sections
{
1065 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1066 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1070 store
: store
.clone(),
1071 comment
: data
["comment"].as_str().map(String
::from
),
1081 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1082 &ApiHandler
::AsyncHttp(&download_file
),
1084 "Download single raw file from backup snapshot.",
1086 ("store", false, &DATASTORE_SCHEMA
),
1087 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1088 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1089 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1090 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1093 ).access(None
, &Permission
::Privilege(
1094 &["datastore", "{store}"],
1095 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1099 pub fn download_file(
1104 rpcenv
: Box
<dyn RpcEnvironment
>,
1105 ) -> ApiResponseFuture
{
1108 let store
= required_string_param(¶m
, "store")?
;
1109 let datastore
= DataStore
::lookup_datastore(store
)?
;
1111 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1113 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1115 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1116 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1117 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1119 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1121 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1123 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1125 let mut path
= datastore
.base_path();
1126 path
.push(backup_dir
.relative_path());
1127 path
.push(&file_name
);
1129 let file
= tokio
::fs
::File
::open(&path
)
1131 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1133 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1134 .map_ok(|bytes
| bytes
.freeze())
1135 .map_err(move |err
| {
1136 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1139 let body
= Body
::wrap_stream(payload
);
1141 // fixme: set other headers ?
1142 Ok(Response
::builder()
1143 .status(StatusCode
::OK
)
1144 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1151 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1152 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1154 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1156 ("store", false, &DATASTORE_SCHEMA
),
1157 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1158 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1159 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1160 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1163 ).access(None
, &Permission
::Privilege(
1164 &["datastore", "{store}"],
1165 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1169 pub fn download_file_decoded(
1174 rpcenv
: Box
<dyn RpcEnvironment
>,
1175 ) -> ApiResponseFuture
{
1178 let store
= required_string_param(¶m
, "store")?
;
1179 let datastore
= DataStore
::lookup_datastore(store
)?
;
1181 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1183 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1185 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1186 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1187 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1189 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1191 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1193 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1195 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1196 bail
!("cannot decode '{}' - is encrypted", file_name
);
1200 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1202 let mut path
= datastore
.base_path();
1203 path
.push(backup_dir
.relative_path());
1204 path
.push(&file_name
);
1206 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
1208 let body
= match extension
{
1210 let index
= DynamicIndexReader
::open(&path
)
1211 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1212 let (csum
, size
) = index
.compute_csum();
1213 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1215 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1216 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1217 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
1218 .map_err(move |err
| {
1219 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1224 let index
= FixedIndexReader
::open(&path
)
1225 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
1227 let (csum
, size
) = index
.compute_csum();
1228 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1230 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1231 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1232 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
1233 .map_err(move |err
| {
1234 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1239 let file
= std
::fs
::File
::open(&path
)
1240 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1242 // FIXME: load full blob to verify index checksum?
1245 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
1246 .map_err(move |err
| {
1247 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1253 bail
!("cannot download '{}' files", extension
);
1257 // fixme: set other headers ?
1258 Ok(Response
::builder()
1259 .status(StatusCode
::OK
)
1260 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1267 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1268 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1270 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1272 ("store", false, &DATASTORE_SCHEMA
),
1273 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1274 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1275 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1279 Some("Only the backup creator/owner is allowed to do this."),
1280 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1283 pub fn upload_backup_log(
1288 rpcenv
: Box
<dyn RpcEnvironment
>,
1289 ) -> ApiResponseFuture
{
1292 let store
= required_string_param(¶m
, "store")?
;
1293 let datastore
= DataStore
::lookup_datastore(store
)?
;
1295 let file_name
= CLIENT_LOG_BLOB_NAME
;
1297 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1298 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1299 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1301 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1303 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1304 let owner
= datastore
.get_owner(backup_dir
.group())?
;
1305 check_backup_owner(&owner
, &auth_id
)?
;
1307 let mut path
= datastore
.base_path();
1308 path
.push(backup_dir
.relative_path());
1309 path
.push(&file_name
);
1312 bail
!("backup already contains a log.");
1315 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1316 backup_type
, backup_id
, backup_dir
.backup_time_string(), file_name
);
1319 .map_err(Error
::from
)
1320 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1321 acc
.extend_from_slice(&*chunk
);
1322 future
::ok
::<_
, Error
>(acc
)
1326 // always verify blob/CRC at server side
1327 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1329 replace_file(&path
, blob
.raw_data(), CreateOptions
::new())?
;
1331 // fixme: use correct formatter
1332 Ok(formatter
::json_response(Ok(Value
::Null
)))
1340 schema
: DATASTORE_SCHEMA
,
1343 schema
: BACKUP_TYPE_SCHEMA
,
1346 schema
: BACKUP_ID_SCHEMA
,
1349 schema
: BACKUP_TIME_SCHEMA
,
1352 description
: "Base64 encoded path.",
1358 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1361 /// Get the entries of the given path of the catalog
1364 backup_type
: String
,
1368 rpcenv
: &mut dyn RpcEnvironment
,
1369 ) -> Result
<Vec
<ArchiveEntry
>, Error
> {
1370 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1372 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1374 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1376 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1378 let file_name
= CATALOG_NAME
;
1380 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1382 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1383 bail
!("cannot decode '{}' - is encrypted", file_name
);
1387 let mut path
= datastore
.base_path();
1388 path
.push(backup_dir
.relative_path());
1389 path
.push(file_name
);
1391 let index
= DynamicIndexReader
::open(&path
)
1392 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1394 let (csum
, size
) = index
.compute_csum();
1395 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1397 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1398 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1400 let mut catalog_reader
= CatalogReader
::new(reader
);
1402 let path
= if filepath
!= "root" && filepath
!= "/" {
1403 base64
::decode(filepath
)?
1408 catalog_reader
.list_dir_contents(&path
)
1412 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1413 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1415 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1417 ("store", false, &DATASTORE_SCHEMA
),
1418 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1419 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1420 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1421 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1424 ).access(None
, &Permission
::Privilege(
1425 &["datastore", "{store}"],
1426 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1430 pub fn pxar_file_download(
1435 rpcenv
: Box
<dyn RpcEnvironment
>,
1436 ) -> ApiResponseFuture
{
1439 let store
= required_string_param(¶m
, "store")?
;
1440 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1442 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1444 let filepath
= required_string_param(¶m
, "filepath")?
.to_owned();
1446 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1447 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1448 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1450 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1452 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1454 let mut components
= base64
::decode(&filepath
)?
;
1455 if !components
.is_empty() && components
[0] == b'
/'
{
1456 components
.remove(0);
1459 let mut split
= components
.splitn(2, |c
| *c
== b'
/'
);
1460 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1461 let file_path
= split
.next().unwrap_or(b
"/");
1462 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1464 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1465 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1469 let mut path
= datastore
.base_path();
1470 path
.push(backup_dir
.relative_path());
1471 path
.push(pxar_name
);
1473 let index
= DynamicIndexReader
::open(&path
)
1474 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1476 let (csum
, size
) = index
.compute_csum();
1477 manifest
.verify_file(&pxar_name
, &csum
, size
)?
;
1479 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1480 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1481 let archive_size
= reader
.archive_size();
1482 let reader
= LocalDynamicReadAt
::new(reader
);
1484 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1485 let root
= decoder
.open_root().await?
;
1486 let path
= OsStr
::from_bytes(file_path
).to_os_string();
1488 .lookup(&path
).await?
1489 .ok_or_else(|| format_err
!("error opening '{:?}'", path
))?
;
1491 let body
= match file
.kind() {
1492 EntryKind
::File { .. }
=> Body
::wrap_stream(
1493 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1494 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1498 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1499 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1500 .map_err(move |err
| {
1502 "error during streaming of hardlink '{:?}' - {}",
1508 EntryKind
::Directory
=> {
1509 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel(100);
1510 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1511 proxmox_rest_server
::spawn_internal_task(
1512 create_zip(channelwriter
, decoder
, path
.clone(), false)
1514 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1515 eprintln
!("error during streaming of zip '{:?}' - {}", path
, err
);
1519 other
=> bail
!("cannot download file of type {:?}", other
),
1522 // fixme: set other headers ?
1523 Ok(Response
::builder()
1524 .status(StatusCode
::OK
)
1525 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1535 schema
: DATASTORE_SCHEMA
,
1538 type: RRDTimeFrameResolution
,
1546 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1549 /// Read datastore stats
1550 pub fn get_rrd_stats(
1552 timeframe
: RRDTimeFrameResolution
,
1555 ) -> Result
<Value
, Error
> {
1557 create_value_from_rrd(
1558 &format
!("datastore/{}", store
),
1561 "read_ios", "read_bytes",
1562 "write_ios", "write_bytes",
1574 schema
: DATASTORE_SCHEMA
,
1577 schema
: BACKUP_TYPE_SCHEMA
,
1580 schema
: BACKUP_ID_SCHEMA
,
1585 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1588 /// Get "notes" for a backup group
1589 pub fn get_group_notes(
1591 backup_type
: String
,
1593 rpcenv
: &mut dyn RpcEnvironment
,
1594 ) -> Result
<String
, Error
> {
1595 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1597 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1598 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1600 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1602 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1603 Ok(file_read_optional_string(note_path
)?
.unwrap_or_else(|| "".to_owned()))
1610 schema
: DATASTORE_SCHEMA
,
1613 schema
: BACKUP_TYPE_SCHEMA
,
1616 schema
: BACKUP_ID_SCHEMA
,
1619 description
: "A multiline text.",
1624 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1625 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1629 /// Set "notes" for a backup group
1630 pub fn set_group_notes(
1632 backup_type
: String
,
1635 rpcenv
: &mut dyn RpcEnvironment
,
1636 ) -> Result
<(), Error
> {
1637 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1639 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1640 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1642 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1644 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1645 replace_file(note_path
, notes
.as_bytes(), CreateOptions
::new())?
;
1654 schema
: DATASTORE_SCHEMA
,
1657 schema
: BACKUP_TYPE_SCHEMA
,
1660 schema
: BACKUP_ID_SCHEMA
,
1663 schema
: BACKUP_TIME_SCHEMA
,
1668 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1671 /// Get "notes" for a specific backup
1674 backup_type
: String
,
1677 rpcenv
: &mut dyn RpcEnvironment
,
1678 ) -> Result
<String
, Error
> {
1679 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1681 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1682 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1684 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1686 let (manifest
, _
) = datastore
.load_manifest(&backup_dir
)?
;
1688 let notes
= manifest
.unprotected
["notes"]
1692 Ok(String
::from(notes
))
1699 schema
: DATASTORE_SCHEMA
,
1702 schema
: BACKUP_TYPE_SCHEMA
,
1705 schema
: BACKUP_ID_SCHEMA
,
1708 schema
: BACKUP_TIME_SCHEMA
,
1711 description
: "A multiline text.",
1716 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1717 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1721 /// Set "notes" for a specific backup
1724 backup_type
: String
,
1728 rpcenv
: &mut dyn RpcEnvironment
,
1729 ) -> Result
<(), Error
> {
1730 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1732 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1733 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1735 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1737 datastore
.update_manifest(&backup_dir
,|manifest
| {
1738 manifest
.unprotected
["notes"] = notes
.into();
1739 }).map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
1748 schema
: DATASTORE_SCHEMA
,
1751 schema
: BACKUP_TYPE_SCHEMA
,
1754 schema
: BACKUP_ID_SCHEMA
,
1762 permission
: &Permission
::Anybody
,
1763 description
: "Datastore.Modify on whole datastore, or changing ownership between user and a user's token for owned backups with Datastore.Backup"
1766 /// Change owner of a backup group
1767 pub fn set_backup_owner(
1769 backup_type
: String
,
1772 rpcenv
: &mut dyn RpcEnvironment
,
1773 ) -> Result
<(), Error
> {
1775 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1777 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1779 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1781 let user_info
= CachedUserInfo
::new()?
;
1783 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1785 let allowed
= if (privs
& PRIV_DATASTORE_MODIFY
) != 0 {
1786 // High-privilege user/token
1788 } else if (privs
& PRIV_DATASTORE_BACKUP
) != 0 {
1789 let owner
= datastore
.get_owner(&backup_group
)?
;
1791 match (owner
.is_token(), new_owner
.is_token()) {
1793 // API token to API token, owned by same user
1794 let owner
= owner
.user();
1795 let new_owner
= new_owner
.user();
1796 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
1799 // API token to API token owner
1800 Authid
::from(owner
.user().clone()) == auth_id
1801 && new_owner
== auth_id
1804 // API token owner to API token
1806 && Authid
::from(new_owner
.user().clone()) == auth_id
1809 // User to User, not allowed for unprivileged users
1818 return Err(http_err
!(UNAUTHORIZED
,
1819 "{} does not have permission to change owner of backup group '{}' to {}",
1826 if !user_info
.is_active_auth_id(&new_owner
) {
1827 bail
!("{} '{}' is inactive or non-existent",
1828 if new_owner
.is_token() {
1829 "API token".to_string()
1836 datastore
.set_owner(&backup_group
, &new_owner
, true)?
;
1842 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1846 .get(&API_METHOD_CATALOG
)
1851 .post(&API_METHOD_SET_BACKUP_OWNER
)
1856 .download(&API_METHOD_DOWNLOAD_FILE
)
1861 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1866 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1871 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1872 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1877 .get(&API_METHOD_GET_GROUP_NOTES
)
1878 .put(&API_METHOD_SET_GROUP_NOTES
)
1883 .get(&API_METHOD_LIST_GROUPS
)
1884 .delete(&API_METHOD_DELETE_GROUP
)
1889 .get(&API_METHOD_GET_NOTES
)
1890 .put(&API_METHOD_SET_NOTES
)
1895 .post(&API_METHOD_PRUNE
)
1900 .post(&API_METHOD_PRUNE_DATASTORE
)
1903 "pxar-file-download",
1905 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
1910 .get(&API_METHOD_GET_RRD_STATS
)
1915 .get(&API_METHOD_LIST_SNAPSHOTS
)
1916 .delete(&API_METHOD_DELETE_SNAPSHOT
)
1921 .get(&API_METHOD_STATUS
)
1924 "upload-backup-log",
1926 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
1931 .post(&API_METHOD_VERIFY
)
1935 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
1936 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
1937 .subdirs(DATASTORE_INFO_SUBDIRS
);
1940 pub const ROUTER
: Router
= Router
::new()
1941 .get(&API_METHOD_GET_DATASTORE_LIST
)
1942 .match_all("store", &DATASTORE_INFO_ROUTER
);