1 //! Datastore Management
3 use std
::collections
::HashSet
;
5 use std
::os
::unix
::ffi
::OsStrExt
;
6 use std
::path
::PathBuf
;
8 use anyhow
::{bail, format_err, Error}
;
10 use hyper
::http
::request
::Parts
;
11 use hyper
::{header, Body, Response, StatusCode}
;
12 use serde_json
::{json, Value}
;
13 use tokio_stream
::wrappers
::ReceiverStream
;
15 use proxmox_async
::blocking
::WrappedReaderStream
;
16 use proxmox_async
::{io::AsyncChannelWriter, stream::AsyncReaderStream}
;
17 use proxmox_compression
::zstd
::ZstdEncoder
;
19 http_err
, list_subdirs_api_method
, ApiHandler
, ApiMethod
, ApiResponseFuture
, Permission
,
20 Router
, RpcEnvironment
, RpcEnvironmentType
, SubdirMap
,
22 use proxmox_schema
::*;
23 use proxmox_sys
::fs
::{
24 file_read_firstline
, file_read_optional_string
, replace_file
, CreateOptions
,
26 use proxmox_sys
::sortable
;
27 use proxmox_sys
::{task_log, task_warn}
;
29 use pxar
::accessor
::aio
::Accessor
;
33 Authid
, BackupContent
, Counts
, CryptMode
, DataStoreListItem
, DataStoreStatus
,
34 GarbageCollectionStatus
, GroupListItem
, Operation
, PruneOptions
, RRDMode
, RRDTimeFrame
,
35 SnapshotListItem
, SnapshotVerifyState
, BACKUP_ARCHIVE_NAME_SCHEMA
, BACKUP_ID_SCHEMA
,
36 BACKUP_TIME_SCHEMA
, BACKUP_TYPE_SCHEMA
, DATASTORE_SCHEMA
, IGNORE_VERIFIED_BACKUPS_SCHEMA
,
37 PRIV_DATASTORE_AUDIT
, PRIV_DATASTORE_BACKUP
, PRIV_DATASTORE_MODIFY
, PRIV_DATASTORE_PRUNE
,
38 PRIV_DATASTORE_READ
, PRIV_DATASTORE_VERIFY
, UPID_SCHEMA
, VERIFICATION_OUTDATED_AFTER_SCHEMA
,
40 use pbs_client
::pxar
::{create_tar, create_zip}
;
41 use pbs_config
::CachedUserInfo
;
42 use pbs_datastore
::backup_info
::BackupInfo
;
43 use pbs_datastore
::cached_chunk_reader
::CachedChunkReader
;
44 use pbs_datastore
::catalog
::{ArchiveEntry, CatalogReader}
;
45 use pbs_datastore
::data_blob
::DataBlob
;
46 use pbs_datastore
::data_blob_reader
::DataBlobReader
;
47 use pbs_datastore
::dynamic_index
::{BufferedDynamicReader, DynamicIndexReader, LocalDynamicReadAt}
;
48 use pbs_datastore
::fixed_index
::FixedIndexReader
;
49 use pbs_datastore
::index
::IndexFile
;
50 use pbs_datastore
::manifest
::{BackupManifest, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME}
;
51 use pbs_datastore
::prune
::compute_prune_info
;
53 check_backup_owner
, task_tracking
, BackupDir
, BackupGroup
, DataStore
, LocalChunkReader
,
54 StoreProgress
, CATALOG_NAME
,
56 use pbs_tools
::json
::{required_integer_param, required_string_param}
;
57 use proxmox_rest_server
::{formatter, WorkerTask}
;
59 use crate::api2
::node
::rrd
::create_value_from_rrd
;
60 use crate::backup
::{verify_all_backups, verify_backup_dir, verify_backup_group, verify_filter}
;
62 use crate::server
::jobstate
::Job
;
64 const GROUP_NOTES_FILE_NAME
: &str = "notes";
66 fn get_group_note_path(store
: &DataStore
, group
: &BackupGroup
) -> PathBuf
{
67 let mut note_path
= store
.base_path();
68 note_path
.push(group
.group_path());
69 note_path
.push(GROUP_NOTES_FILE_NAME
);
73 fn check_priv_or_backup_owner(
78 ) -> Result
<(), Error
> {
79 let user_info
= CachedUserInfo
::new()?
;
80 let privs
= user_info
.lookup_privs(auth_id
, &["datastore", store
.name()]);
82 if privs
& required_privs
== 0 {
83 let owner
= store
.get_owner(group
)?
;
84 check_backup_owner(&owner
, auth_id
)?
;
91 backup_dir
: &BackupDir
,
92 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
93 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
95 let mut result
= Vec
::new();
96 for item
in manifest
.files() {
97 result
.push(BackupContent
{
98 filename
: item
.filename
.clone(),
99 crypt_mode
: Some(item
.crypt_mode
),
100 size
: Some(item
.size
),
104 result
.push(BackupContent
{
105 filename
: MANIFEST_BLOB_NAME
.to_string(),
106 crypt_mode
: match manifest
.signature
{
107 Some(_
) => Some(CryptMode
::SignOnly
),
108 None
=> Some(CryptMode
::None
),
110 size
: Some(index_size
),
113 Ok((manifest
, result
))
116 fn get_all_snapshot_files(
119 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
120 let (manifest
, mut files
) = read_backup_index(store
, &info
.backup_dir
)?
;
122 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
123 acc
.insert(item
.filename
.clone());
127 for file
in &info
.files
{
128 if file_set
.contains(file
) {
131 files
.push(BackupContent
{
132 filename
: file
.to_string(),
138 Ok((manifest
, files
))
145 schema
: DATASTORE_SCHEMA
,
149 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_GROUPS_RETURN_TYPE
,
151 permission
: &Permission
::Privilege(
152 &["datastore", "{store}"],
153 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
157 /// List backup groups.
160 rpcenv
: &mut dyn RpcEnvironment
,
161 ) -> Result
<Vec
<GroupListItem
>, Error
> {
162 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
163 let user_info
= CachedUserInfo
::new()?
;
164 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
166 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
167 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
169 let backup_groups
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
171 let group_info
= backup_groups
173 .fold(Vec
::new(), |mut group_info
, group
| {
174 let owner
= match datastore
.get_owner(&group
) {
175 Ok(auth_id
) => auth_id
,
178 "Failed to get owner of group '{}/{}' - {}",
184 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
188 let snapshots
= match group
.list_backups(&datastore
.base_path()) {
189 Ok(snapshots
) => snapshots
,
195 let backup_count
: u64 = snapshots
.len() as u64;
196 if backup_count
== 0 {
200 let last_backup
= snapshots
202 .fold(&snapshots
[0], |last
, curr
| {
203 if curr
.is_finished()
204 && curr
.backup_dir
.backup_time() > last
.backup_dir
.backup_time()
213 let note_path
= get_group_note_path(&datastore
, &group
);
214 let comment
= file_read_firstline(¬e_path
).ok();
216 group_info
.push(GroupListItem
{
217 backup_type
: group
.backup_type().to_string(),
218 backup_id
: group
.backup_id().to_string(),
219 last_backup
: last_backup
.backup_dir
.backup_time(),
222 files
: last_backup
.files
,
236 schema
: DATASTORE_SCHEMA
,
239 schema
: BACKUP_TYPE_SCHEMA
,
242 schema
: BACKUP_ID_SCHEMA
,
247 permission
: &Permission
::Privilege(
248 &["datastore", "{store}"],
249 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
253 /// Delete backup group including all snapshots.
259 rpcenv
: &mut dyn RpcEnvironment
,
260 ) -> Result
<Value
, Error
> {
261 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
263 let group
= BackupGroup
::new(backup_type
, backup_id
);
264 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
266 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
268 if !datastore
.remove_backup_group(&group
)?
{
269 bail
!("group only partially deleted due to protected snapshots");
279 schema
: DATASTORE_SCHEMA
,
282 schema
: BACKUP_TYPE_SCHEMA
,
285 schema
: BACKUP_ID_SCHEMA
,
288 schema
: BACKUP_TIME_SCHEMA
,
292 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOT_FILES_RETURN_TYPE
,
294 permission
: &Permission
::Privilege(
295 &["datastore", "{store}"],
296 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
300 /// List snapshot files.
301 pub fn list_snapshot_files(
307 rpcenv
: &mut dyn RpcEnvironment
,
308 ) -> Result
<Vec
<BackupContent
>, Error
> {
309 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
310 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
312 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
314 check_priv_or_backup_owner(
318 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
,
321 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
323 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
332 schema
: DATASTORE_SCHEMA
,
335 schema
: BACKUP_TYPE_SCHEMA
,
338 schema
: BACKUP_ID_SCHEMA
,
341 schema
: BACKUP_TIME_SCHEMA
,
346 permission
: &Permission
::Privilege(
347 &["datastore", "{store}"],
348 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
352 /// Delete backup snapshot.
353 pub fn delete_snapshot(
359 rpcenv
: &mut dyn RpcEnvironment
,
360 ) -> Result
<Value
, Error
> {
361 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
363 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
364 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
366 check_priv_or_backup_owner(
370 PRIV_DATASTORE_MODIFY
,
373 datastore
.remove_backup_dir(&snapshot
, false)?
;
383 schema
: DATASTORE_SCHEMA
,
387 schema
: BACKUP_TYPE_SCHEMA
,
391 schema
: BACKUP_ID_SCHEMA
,
395 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOTS_RETURN_TYPE
,
397 permission
: &Permission
::Privilege(
398 &["datastore", "{store}"],
399 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
403 /// List backup snapshots.
404 pub fn list_snapshots(
406 backup_type
: Option
<String
>,
407 backup_id
: Option
<String
>,
410 rpcenv
: &mut dyn RpcEnvironment
,
411 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
412 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
413 let user_info
= CachedUserInfo
::new()?
;
414 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
416 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
418 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
420 let base_path
= datastore
.base_path();
422 let groups
= match (backup_type
, backup_id
) {
423 (Some(backup_type
), Some(backup_id
)) => {
424 let mut groups
= Vec
::with_capacity(1);
425 groups
.push(BackupGroup
::new(backup_type
, backup_id
));
428 (Some(backup_type
), None
) => BackupInfo
::list_backup_groups(&base_path
)?
430 .filter(|group
| group
.backup_type() == backup_type
)
432 (None
, Some(backup_id
)) => BackupInfo
::list_backup_groups(&base_path
)?
434 .filter(|group
| group
.backup_id() == backup_id
)
436 _
=> BackupInfo
::list_backup_groups(&base_path
)?
,
439 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
440 let backup_type
= group
.backup_type().to_string();
441 let backup_id
= group
.backup_id().to_string();
442 let backup_time
= info
.backup_dir
.backup_time();
443 let protected
= info
.backup_dir
.is_protected(base_path
.clone());
445 match get_all_snapshot_files(&datastore
, &info
) {
446 Ok((manifest
, files
)) => {
447 // extract the first line from notes
448 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
450 .and_then(|notes
| notes
.lines().next())
453 let fingerprint
= match manifest
.fingerprint() {
456 eprintln
!("error parsing fingerprint: '{}'", err
);
461 let verification
= manifest
.unprotected
["verify_state"].clone();
462 let verification
: Option
<SnapshotVerifyState
> =
463 match serde_json
::from_value(verification
) {
464 Ok(verify
) => verify
,
466 eprintln
!("error parsing verification state : '{}'", err
);
471 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
487 eprintln
!("error during snapshot file listing: '{}'", err
);
491 .map(|filename
| BackupContent
{
514 groups
.iter().try_fold(Vec
::new(), |mut snapshots
, group
| {
515 let owner
= match datastore
.get_owner(group
) {
516 Ok(auth_id
) => auth_id
,
519 "Failed to get owner of group '{}/{}' - {}",
522 return Ok(snapshots
);
526 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
527 return Ok(snapshots
);
530 let group_backups
= group
.list_backups(&datastore
.base_path())?
;
535 .map(|info
| info_to_snapshot_list_item(group
, Some(owner
.clone()), info
)),
542 fn get_snapshots_count(store
: &DataStore
, filter_owner
: Option
<&Authid
>) -> Result
<Counts
, Error
> {
543 let base_path
= store
.base_path();
544 let groups
= BackupInfo
::list_backup_groups(&base_path
)?
;
549 let owner
= match store
.get_owner(group
) {
553 "Failed to get owner of group '{}/{}' - {}",
563 Some(filter
) => check_backup_owner(&owner
, filter
).is_ok(),
567 .try_fold(Counts
::default(), |mut counts
, group
| {
568 let snapshot_count
= group
.list_backups(&base_path
)?
.len() as u64;
570 // only include groups with snapshots (avoid confusing users
571 // by counting/displaying emtpy groups)
572 if snapshot_count
> 0 {
573 let type_count
= match group
.backup_type() {
574 "ct" => counts
.ct
.get_or_insert(Default
::default()),
575 "vm" => counts
.vm
.get_or_insert(Default
::default()),
576 "host" => counts
.host
.get_or_insert(Default
::default()),
577 _
=> counts
.other
.get_or_insert(Default
::default()),
580 type_count
.groups
+= 1;
581 type_count
.snapshots
+= snapshot_count
;
592 schema
: DATASTORE_SCHEMA
,
598 description
: "Include additional information like snapshot counts and GC status.",
604 type: DataStoreStatus
,
607 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
610 /// Get datastore status.
615 rpcenv
: &mut dyn RpcEnvironment
,
616 ) -> Result
<DataStoreStatus
, Error
> {
617 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
618 let storage
= crate::tools
::disks
::disk_usage(&datastore
.base_path())?
;
619 let (counts
, gc_status
) = if verbose
{
620 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
621 let user_info
= CachedUserInfo
::new()?
;
623 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
624 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
630 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
)?
);
631 let gc_status
= Some(datastore
.last_gc_status());
639 total
: storage
.total
,
641 avail
: storage
.avail
,
651 schema
: DATASTORE_SCHEMA
,
654 schema
: BACKUP_TYPE_SCHEMA
,
658 schema
: BACKUP_ID_SCHEMA
,
662 schema
: IGNORE_VERIFIED_BACKUPS_SCHEMA
,
666 schema
: VERIFICATION_OUTDATED_AFTER_SCHEMA
,
670 schema
: BACKUP_TIME_SCHEMA
,
679 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_VERIFY
| PRIV_DATASTORE_BACKUP
, true),
684 /// This function can verify a single backup snapshot, all backup from a backup group,
685 /// or all backups in the datastore.
688 backup_type
: Option
<String
>,
689 backup_id
: Option
<String
>,
690 backup_time
: Option
<i64>,
691 ignore_verified
: Option
<bool
>,
692 outdated_after
: Option
<i64>,
693 rpcenv
: &mut dyn RpcEnvironment
,
694 ) -> Result
<Value
, Error
> {
695 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
696 let ignore_verified
= ignore_verified
.unwrap_or(true);
698 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
701 let mut backup_dir
= None
;
702 let mut backup_group
= None
;
703 let mut worker_type
= "verify";
705 match (backup_type
, backup_id
, backup_time
) {
706 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
709 store
, backup_type
, backup_id
, backup_time
711 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
713 check_priv_or_backup_owner(&datastore
, dir
.group(), &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
715 backup_dir
= Some(dir
);
716 worker_type
= "verify_snapshot";
718 (Some(backup_type
), Some(backup_id
), None
) => {
719 worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
720 let group
= BackupGroup
::new(backup_type
, backup_id
);
722 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
724 backup_group
= Some(group
);
725 worker_type
= "verify_group";
727 (None
, None
, None
) => {
728 worker_id
= store
.clone();
730 _
=> bail
!("parameters do not specify a backup group or snapshot"),
733 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
735 let upid_str
= WorkerTask
::new_thread(
741 let verify_worker
= crate::backup
::VerifyWorker
::new(worker
.clone(), datastore
);
742 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
743 let mut res
= Vec
::new();
744 if !verify_backup_dir(
747 worker
.upid().clone(),
748 Some(&move |manifest
| verify_filter(ignore_verified
, outdated_after
, manifest
)),
750 res
.push(backup_dir
.to_string());
753 } else if let Some(backup_group
) = backup_group
{
754 let failed_dirs
= verify_backup_group(
757 &mut StoreProgress
::new(1),
759 Some(&move |manifest
| verify_filter(ignore_verified
, outdated_after
, manifest
)),
763 let privs
= CachedUserInfo
::new()?
.lookup_privs(&auth_id
, &["datastore", &store
]);
765 let owner
= if privs
& PRIV_DATASTORE_VERIFY
== 0 {
775 Some(&move |manifest
| verify_filter(ignore_verified
, outdated_after
, manifest
)),
778 if !failed_dirs
.is_empty() {
779 task_log
!(worker
, "Failed to verify the following snapshots/groups:");
780 for dir
in failed_dirs
{
781 task_log
!(worker
, "\t{}", dir
);
783 bail
!("verification failed - please check the log for details");
796 schema
: BACKUP_ID_SCHEMA
,
799 schema
: BACKUP_TYPE_SCHEMA
,
805 description
: "Just show what prune would do, but do not delete anything.",
812 schema
: DATASTORE_SCHEMA
,
816 returns
: pbs_api_types
::ADMIN_DATASTORE_PRUNE_RETURN_TYPE
,
818 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
821 /// Prune a group on the datastore
826 prune_options
: PruneOptions
,
829 rpcenv
: &mut dyn RpcEnvironment
,
830 ) -> Result
<Value
, Error
> {
831 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
833 let group
= BackupGroup
::new(&backup_type
, &backup_id
);
835 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
837 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
839 let worker_id
= format
!("{}:{}/{}", store
, &backup_type
, &backup_id
);
841 let mut prune_result
= Vec
::new();
843 let list
= group
.list_backups(&datastore
.base_path())?
;
845 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
847 prune_info
.reverse(); // delete older snapshots first
849 let keep_all
= !pbs_datastore
::prune
::keeps_something(&prune_options
);
852 for (info
, mark
) in prune_info
{
853 let keep
= keep_all
|| mark
.keep();
855 let backup_time
= info
.backup_dir
.backup_time();
856 let group
= info
.backup_dir
.group();
858 prune_result
.push(json
!({
859 "backup-type": group
.backup_type(),
860 "backup-id": group
.backup_id(),
861 "backup-time": backup_time
,
863 "protected": mark
.protected(),
866 return Ok(json
!(prune_result
));
869 // We use a WorkerTask just to have a task log, but run synchrounously
870 let worker
= WorkerTask
::new("prune", Some(worker_id
), auth_id
.to_string(), true)?
;
873 task_log
!(worker
, "No prune selection - keeping all files.");
877 "retention options: {}",
878 pbs_datastore
::prune
::cli_options_string(&prune_options
)
882 "Starting prune on store \"{}\" group \"{}/{}\"",
889 for (info
, mark
) in prune_info
{
890 let keep
= keep_all
|| mark
.keep();
892 let backup_time
= info
.backup_dir
.backup_time();
893 let timestamp
= info
.backup_dir
.backup_time_string();
894 let group
= info
.backup_dir
.group();
904 task_log
!(worker
, "{}", msg
);
906 prune_result
.push(json
!({
907 "backup-type": group
.backup_type(),
908 "backup-id": group
.backup_id(),
909 "backup-time": backup_time
,
911 "protected": mark
.protected(),
914 if !(dry_run
|| keep
) {
915 if let Err(err
) = datastore
.remove_backup_dir(&info
.backup_dir
, false) {
918 "failed to remove dir {:?}: {}",
919 info
.backup_dir
.relative_path(),
926 worker
.log_result(&Ok(()));
928 Ok(json
!(prune_result
))
938 description
: "Just show what prune would do, but do not delete anything.",
945 schema
: DATASTORE_SCHEMA
,
953 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
, true),
956 /// Prune the datastore
957 pub fn prune_datastore(
959 prune_options
: PruneOptions
,
962 rpcenv
: &mut dyn RpcEnvironment
,
963 ) -> Result
<String
, Error
> {
964 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
966 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
968 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
970 let upid_str
= WorkerTask
::new_thread(
976 crate::server
::prune_datastore(
994 schema
: DATASTORE_SCHEMA
,
1002 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
1005 /// Start garbage collection.
1006 pub fn start_garbage_collection(
1009 rpcenv
: &mut dyn RpcEnvironment
,
1010 ) -> Result
<Value
, Error
> {
1011 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1012 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1014 let job
= Job
::new("garbage_collection", &store
)
1015 .map_err(|_
| format_err
!("garbage collection already running"))?
;
1017 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1020 crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
1023 "unable to start garbage collection job on datastore {} - {}",
1036 schema
: DATASTORE_SCHEMA
,
1041 type: GarbageCollectionStatus
,
1044 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
1047 /// Garbage collection status.
1048 pub fn garbage_collection_status(
1051 _rpcenv
: &mut dyn RpcEnvironment
,
1052 ) -> Result
<GarbageCollectionStatus
, Error
> {
1053 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1055 let status
= datastore
.last_gc_status();
1062 description
: "List the accessible datastores.",
1064 items
: { type: DataStoreListItem }
,
1067 permission
: &Permission
::Anybody
,
1071 pub fn get_datastore_list(
1074 rpcenv
: &mut dyn RpcEnvironment
,
1075 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
1076 let (config
, _digest
) = pbs_config
::datastore
::config()?
;
1078 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1079 let user_info
= CachedUserInfo
::new()?
;
1081 let mut list
= Vec
::new();
1083 for (store
, (_
, data
)) in &config
.sections
{
1084 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", store
]);
1085 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1087 list
.push(DataStoreListItem
{
1088 store
: store
.clone(),
1089 comment
: data
["comment"].as_str().map(String
::from
),
1098 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1099 &ApiHandler
::AsyncHttp(&download_file
),
1101 "Download single raw file from backup snapshot.",
1103 ("store", false, &DATASTORE_SCHEMA
),
1104 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1105 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1106 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1107 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1113 &Permission
::Privilege(
1114 &["datastore", "{store}"],
1115 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1120 pub fn download_file(
1125 rpcenv
: Box
<dyn RpcEnvironment
>,
1126 ) -> ApiResponseFuture
{
1128 let store
= required_string_param(¶m
, "store")?
;
1129 let datastore
= DataStore
::lookup_datastore(store
, Some(Operation
::Read
))?
;
1131 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1133 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1135 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1136 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1137 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1139 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1141 check_priv_or_backup_owner(
1145 PRIV_DATASTORE_READ
,
1149 "Download {} from {} ({}/{})",
1150 file_name
, store
, backup_dir
, file_name
1153 let mut path
= datastore
.base_path();
1154 path
.push(backup_dir
.relative_path());
1155 path
.push(&file_name
);
1157 let file
= tokio
::fs
::File
::open(&path
)
1159 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1162 tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1163 .map_ok(|bytes
| bytes
.freeze())
1164 .map_err(move |err
| {
1165 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1168 let body
= Body
::wrap_stream(payload
);
1170 // fixme: set other headers ?
1171 Ok(Response
::builder()
1172 .status(StatusCode
::OK
)
1173 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1181 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1182 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1184 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1186 ("store", false, &DATASTORE_SCHEMA
),
1187 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1188 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1189 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1190 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1196 &Permission
::Privilege(
1197 &["datastore", "{store}"],
1198 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1203 pub fn download_file_decoded(
1208 rpcenv
: Box
<dyn RpcEnvironment
>,
1209 ) -> ApiResponseFuture
{
1211 let store
= required_string_param(¶m
, "store")?
;
1212 let datastore
= DataStore
::lookup_datastore(store
, Some(Operation
::Read
))?
;
1214 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1216 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1218 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1219 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1220 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1222 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1224 check_priv_or_backup_owner(
1228 PRIV_DATASTORE_READ
,
1231 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1233 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1234 bail
!("cannot decode '{}' - is encrypted", file_name
);
1239 "Download {} from {} ({}/{})",
1240 file_name
, store
, backup_dir
, file_name
1243 let mut path
= datastore
.base_path();
1244 path
.push(backup_dir
.relative_path());
1245 path
.push(&file_name
);
1247 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
1249 let body
= match extension
{
1251 let index
= DynamicIndexReader
::open(&path
).map_err(|err
| {
1252 format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
)
1254 let (csum
, size
) = index
.compute_csum();
1255 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1257 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1258 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1259 Body
::wrap_stream(AsyncReaderStream
::new(reader
).map_err(move |err
| {
1260 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1265 let index
= FixedIndexReader
::open(&path
).map_err(|err
| {
1266 format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
)
1269 let (csum
, size
) = index
.compute_csum();
1270 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1272 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1273 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1275 AsyncReaderStream
::with_buffer_size(reader
, 4 * 1024 * 1024).map_err(
1277 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1284 let file
= std
::fs
::File
::open(&path
)
1285 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1287 // FIXME: load full blob to verify index checksum?
1290 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
).map_err(
1292 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1299 bail
!("cannot download '{}' files", extension
);
1303 // fixme: set other headers ?
1304 Ok(Response
::builder()
1305 .status(StatusCode
::OK
)
1306 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1314 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1315 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1317 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1319 ("store", false, &DATASTORE_SCHEMA
),
1320 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1321 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1322 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1327 Some("Only the backup creator/owner is allowed to do this."),
1328 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false),
1331 pub fn upload_backup_log(
1336 rpcenv
: Box
<dyn RpcEnvironment
>,
1337 ) -> ApiResponseFuture
{
1339 let store
= required_string_param(¶m
, "store")?
;
1340 let datastore
= DataStore
::lookup_datastore(store
, Some(Operation
::Write
))?
;
1342 let file_name
= CLIENT_LOG_BLOB_NAME
;
1344 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1345 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1346 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1348 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1350 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1351 let owner
= datastore
.get_owner(backup_dir
.group())?
;
1352 check_backup_owner(&owner
, &auth_id
)?
;
1354 let mut path
= datastore
.base_path();
1355 path
.push(backup_dir
.relative_path());
1356 path
.push(&file_name
);
1359 bail
!("backup already contains a log.");
1363 "Upload backup log to {}/{}/{}/{}/{}",
1367 backup_dir
.backup_time_string(),
1372 .map_err(Error
::from
)
1373 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1374 acc
.extend_from_slice(&*chunk
);
1375 future
::ok
::<_
, Error
>(acc
)
1379 // always verify blob/CRC at server side
1380 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1382 replace_file(&path
, blob
.raw_data(), CreateOptions
::new(), false)?
;
1384 // fixme: use correct formatter
1385 Ok(formatter
::JSON_FORMATTER
.format_data(Value
::Null
, &*rpcenv
))
1394 schema
: DATASTORE_SCHEMA
,
1397 schema
: BACKUP_TYPE_SCHEMA
,
1400 schema
: BACKUP_ID_SCHEMA
,
1403 schema
: BACKUP_TIME_SCHEMA
,
1406 description
: "Base64 encoded path.",
1412 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1415 /// Get the entries of the given path of the catalog
1418 backup_type
: String
,
1422 rpcenv
: &mut dyn RpcEnvironment
,
1423 ) -> Result
<Vec
<ArchiveEntry
>, Error
> {
1424 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1426 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1428 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1430 check_priv_or_backup_owner(
1434 PRIV_DATASTORE_READ
,
1437 let file_name
= CATALOG_NAME
;
1439 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1441 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1442 bail
!("cannot decode '{}' - is encrypted", file_name
);
1446 let mut path
= datastore
.base_path();
1447 path
.push(backup_dir
.relative_path());
1448 path
.push(file_name
);
1450 let index
= DynamicIndexReader
::open(&path
)
1451 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1453 let (csum
, size
) = index
.compute_csum();
1454 manifest
.verify_file(file_name
, &csum
, size
)?
;
1456 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1457 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1459 let mut catalog_reader
= CatalogReader
::new(reader
);
1461 let path
= if filepath
!= "root" && filepath
!= "/" {
1462 base64
::decode(filepath
)?
1467 catalog_reader
.list_dir_contents(&path
)
1471 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1472 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1474 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1476 ("store", false, &DATASTORE_SCHEMA
),
1477 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1478 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1479 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1480 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1481 ("tar", true, &BooleanSchema
::new("Download as .tar.zst").schema()),
1484 ).access(None
, &Permission
::Privilege(
1485 &["datastore", "{store}"],
1486 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1490 pub fn pxar_file_download(
1495 rpcenv
: Box
<dyn RpcEnvironment
>,
1496 ) -> ApiResponseFuture
{
1498 let store
= required_string_param(¶m
, "store")?
;
1499 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1501 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1503 let filepath
= required_string_param(¶m
, "filepath")?
.to_owned();
1505 let backup_type
= required_string_param(¶m
, "backup-type")?
;
1506 let backup_id
= required_string_param(¶m
, "backup-id")?
;
1507 let backup_time
= required_integer_param(¶m
, "backup-time")?
;
1509 let tar
= param
["tar"].as_bool().unwrap_or(false);
1511 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1513 check_priv_or_backup_owner(
1517 PRIV_DATASTORE_READ
,
1520 let mut components
= base64
::decode(&filepath
)?
;
1521 if !components
.is_empty() && components
[0] == b'
/'
{
1522 components
.remove(0);
1525 let mut split
= components
.splitn(2, |c
| *c
== b'
/'
);
1526 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1527 let file_path
= split
.next().unwrap_or(b
"/");
1528 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1530 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1531 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1535 let mut path
= datastore
.base_path();
1536 path
.push(backup_dir
.relative_path());
1537 path
.push(pxar_name
);
1539 let index
= DynamicIndexReader
::open(&path
)
1540 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1542 let (csum
, size
) = index
.compute_csum();
1543 manifest
.verify_file(pxar_name
, &csum
, size
)?
;
1545 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1546 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1547 let archive_size
= reader
.archive_size();
1548 let reader
= LocalDynamicReadAt
::new(reader
);
1550 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1551 let root
= decoder
.open_root().await?
;
1552 let path
= OsStr
::from_bytes(file_path
).to_os_string();
1556 .ok_or_else(|| format_err
!("error opening '{:?}'", path
))?
;
1558 let body
= match file
.kind() {
1559 EntryKind
::File { .. }
=> Body
::wrap_stream(
1560 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1561 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1565 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1566 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1567 .map_err(move |err
| {
1568 eprintln
!("error during streaming of hardlink '{:?}' - {}", path
, err
);
1572 EntryKind
::Directory
=> {
1573 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel
::<Result
<_
, Error
>>(100);
1574 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1576 proxmox_rest_server
::spawn_internal_task(create_tar(
1582 let zstdstream
= ZstdEncoder
::new(ReceiverStream
::new(receiver
))?
;
1583 Body
::wrap_stream(zstdstream
.map_err(move |err
| {
1584 eprintln
!("error during streaming of tar.zst '{:?}' - {}", path
, err
);
1588 proxmox_rest_server
::spawn_internal_task(create_zip(
1594 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1595 eprintln
!("error during streaming of zip '{:?}' - {}", path
, err
);
1600 other
=> bail
!("cannot download file of type {:?}", other
),
1603 // fixme: set other headers ?
1604 Ok(Response
::builder()
1605 .status(StatusCode
::OK
)
1606 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1617 schema
: DATASTORE_SCHEMA
,
1628 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1631 /// Read datastore stats
1632 pub fn get_rrd_stats(
1634 timeframe
: RRDTimeFrame
,
1637 ) -> Result
<Value
, Error
> {
1638 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1639 let disk_manager
= crate::tools
::disks
::DiskManage
::new();
1641 let mut rrd_fields
= vec
![
1650 // we do not have io_ticks for zpools, so don't include them
1651 match disk_manager
.find_mounted_device(&datastore
.base_path()) {
1652 Ok(Some((fs_type
, _
, _
))) if fs_type
.as_str() == "zfs" => {}
1653 _
=> rrd_fields
.push("io_ticks"),
1656 create_value_from_rrd(&format
!("datastore/{}", store
), &rrd_fields
, timeframe
, cf
)
1663 schema
: DATASTORE_SCHEMA
,
1668 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, true),
1671 /// Read datastore stats
1672 pub fn get_active_operations(store
: String
, _param
: Value
) -> Result
<Value
, Error
> {
1673 let active_operations
= task_tracking
::get_active_operations(&store
)?
;
1675 "read": active_operations
.read
,
1676 "write": active_operations
.write
,
1684 schema
: DATASTORE_SCHEMA
,
1687 schema
: BACKUP_TYPE_SCHEMA
,
1690 schema
: BACKUP_ID_SCHEMA
,
1695 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1698 /// Get "notes" for a backup group
1699 pub fn get_group_notes(
1701 backup_type
: String
,
1703 rpcenv
: &mut dyn RpcEnvironment
,
1704 ) -> Result
<String
, Error
> {
1705 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1707 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1708 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1710 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1712 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1713 Ok(file_read_optional_string(note_path
)?
.unwrap_or_else(|| "".to_owned()))
1720 schema
: DATASTORE_SCHEMA
,
1723 schema
: BACKUP_TYPE_SCHEMA
,
1726 schema
: BACKUP_ID_SCHEMA
,
1729 description
: "A multiline text.",
1734 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1735 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1739 /// Set "notes" for a backup group
1740 pub fn set_group_notes(
1742 backup_type
: String
,
1745 rpcenv
: &mut dyn RpcEnvironment
,
1746 ) -> Result
<(), Error
> {
1747 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1749 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1750 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1752 check_priv_or_backup_owner(&datastore
, &backup_group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1754 let note_path
= get_group_note_path(&datastore
, &backup_group
);
1755 replace_file(note_path
, notes
.as_bytes(), CreateOptions
::new(), false)?
;
1764 schema
: DATASTORE_SCHEMA
,
1767 schema
: BACKUP_TYPE_SCHEMA
,
1770 schema
: BACKUP_ID_SCHEMA
,
1773 schema
: BACKUP_TIME_SCHEMA
,
1778 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1781 /// Get "notes" for a specific backup
1784 backup_type
: String
,
1787 rpcenv
: &mut dyn RpcEnvironment
,
1788 ) -> Result
<String
, Error
> {
1789 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1791 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1792 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1794 check_priv_or_backup_owner(
1798 PRIV_DATASTORE_AUDIT
,
1801 let (manifest
, _
) = datastore
.load_manifest(&backup_dir
)?
;
1803 let notes
= manifest
.unprotected
["notes"].as_str().unwrap_or("");
1805 Ok(String
::from(notes
))
1812 schema
: DATASTORE_SCHEMA
,
1815 schema
: BACKUP_TYPE_SCHEMA
,
1818 schema
: BACKUP_ID_SCHEMA
,
1821 schema
: BACKUP_TIME_SCHEMA
,
1824 description
: "A multiline text.",
1829 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1830 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1834 /// Set "notes" for a specific backup
1837 backup_type
: String
,
1841 rpcenv
: &mut dyn RpcEnvironment
,
1842 ) -> Result
<(), Error
> {
1843 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1845 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1846 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1848 check_priv_or_backup_owner(
1852 PRIV_DATASTORE_MODIFY
,
1856 .update_manifest(&backup_dir
, |manifest
| {
1857 manifest
.unprotected
["notes"] = notes
.into();
1859 .map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
1868 schema
: DATASTORE_SCHEMA
,
1871 schema
: BACKUP_TYPE_SCHEMA
,
1874 schema
: BACKUP_ID_SCHEMA
,
1877 schema
: BACKUP_TIME_SCHEMA
,
1882 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1885 /// Query protection for a specific backup
1886 pub fn get_protection(
1888 backup_type
: String
,
1891 rpcenv
: &mut dyn RpcEnvironment
,
1892 ) -> Result
<bool
, Error
> {
1893 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1895 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1896 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1898 check_priv_or_backup_owner(
1902 PRIV_DATASTORE_AUDIT
,
1905 Ok(backup_dir
.is_protected(datastore
.base_path()))
1912 schema
: DATASTORE_SCHEMA
,
1915 schema
: BACKUP_TYPE_SCHEMA
,
1918 schema
: BACKUP_ID_SCHEMA
,
1921 schema
: BACKUP_TIME_SCHEMA
,
1924 description
: "Enable/disable protection.",
1929 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1930 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1934 /// En- or disable protection for a specific backup
1935 pub fn set_protection(
1937 backup_type
: String
,
1941 rpcenv
: &mut dyn RpcEnvironment
,
1942 ) -> Result
<(), Error
> {
1943 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1945 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1946 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1948 check_priv_or_backup_owner(
1952 PRIV_DATASTORE_MODIFY
,
1955 datastore
.update_protection(&backup_dir
, protected
)
1962 schema
: DATASTORE_SCHEMA
,
1965 schema
: BACKUP_TYPE_SCHEMA
,
1968 schema
: BACKUP_ID_SCHEMA
,
1976 permission
: &Permission
::Anybody
,
1977 description
: "Datastore.Modify on whole datastore, or changing ownership between user and a user's token for owned backups with Datastore.Backup"
1980 /// Change owner of a backup group
1981 pub fn set_backup_owner(
1983 backup_type
: String
,
1986 rpcenv
: &mut dyn RpcEnvironment
,
1987 ) -> Result
<(), Error
> {
1988 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1990 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1992 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1994 let user_info
= CachedUserInfo
::new()?
;
1996 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1998 let allowed
= if (privs
& PRIV_DATASTORE_MODIFY
) != 0 {
1999 // High-privilege user/token
2001 } else if (privs
& PRIV_DATASTORE_BACKUP
) != 0 {
2002 let owner
= datastore
.get_owner(&backup_group
)?
;
2004 match (owner
.is_token(), new_owner
.is_token()) {
2006 // API token to API token, owned by same user
2007 let owner
= owner
.user();
2008 let new_owner
= new_owner
.user();
2009 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
2012 // API token to API token owner
2013 Authid
::from(owner
.user().clone()) == auth_id
&& new_owner
== auth_id
2016 // API token owner to API token
2017 owner
== auth_id
&& Authid
::from(new_owner
.user().clone()) == auth_id
2020 // User to User, not allowed for unprivileged users
2029 return Err(http_err
!(
2031 "{} does not have permission to change owner of backup group '{}' to {}",
2038 if !user_info
.is_active_auth_id(&new_owner
) {
2040 "{} '{}' is inactive or non-existent",
2041 if new_owner
.is_token() {
2042 "API token".to_string()
2050 datastore
.set_owner(&backup_group
, &new_owner
, true)?
;
2056 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
2058 "active-operations",
2059 &Router
::new().get(&API_METHOD_GET_ACTIVE_OPERATIONS
),
2061 ("catalog", &Router
::new().get(&API_METHOD_CATALOG
)),
2064 &Router
::new().post(&API_METHOD_SET_BACKUP_OWNER
),
2068 &Router
::new().download(&API_METHOD_DOWNLOAD_FILE
),
2072 &Router
::new().download(&API_METHOD_DOWNLOAD_FILE_DECODED
),
2074 ("files", &Router
::new().get(&API_METHOD_LIST_SNAPSHOT_FILES
)),
2078 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
2079 .post(&API_METHOD_START_GARBAGE_COLLECTION
),
2084 .get(&API_METHOD_GET_GROUP_NOTES
)
2085 .put(&API_METHOD_SET_GROUP_NOTES
),
2090 .get(&API_METHOD_LIST_GROUPS
)
2091 .delete(&API_METHOD_DELETE_GROUP
),
2096 .get(&API_METHOD_GET_NOTES
)
2097 .put(&API_METHOD_SET_NOTES
),
2102 .get(&API_METHOD_GET_PROTECTION
)
2103 .put(&API_METHOD_SET_PROTECTION
),
2105 ("prune", &Router
::new().post(&API_METHOD_PRUNE
)),
2108 &Router
::new().post(&API_METHOD_PRUNE_DATASTORE
),
2111 "pxar-file-download",
2112 &Router
::new().download(&API_METHOD_PXAR_FILE_DOWNLOAD
),
2114 ("rrd", &Router
::new().get(&API_METHOD_GET_RRD_STATS
)),
2118 .get(&API_METHOD_LIST_SNAPSHOTS
)
2119 .delete(&API_METHOD_DELETE_SNAPSHOT
),
2121 ("status", &Router
::new().get(&API_METHOD_STATUS
)),
2123 "upload-backup-log",
2124 &Router
::new().upload(&API_METHOD_UPLOAD_BACKUP_LOG
),
2126 ("verify", &Router
::new().post(&API_METHOD_VERIFY
)),
2129 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
2130 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
2131 .subdirs(DATASTORE_INFO_SUBDIRS
);
2133 pub const ROUTER
: Router
= Router
::new()
2134 .get(&API_METHOD_GET_DATASTORE_LIST
)
2135 .match_all("store", &DATASTORE_INFO_ROUTER
);