2 use std
::sync
::{Mutex, Arc}
;
4 use anyhow
::{bail, format_err, Error}
;
19 Authid
, Userid
, TapeBackupJobConfig
, TapeBackupJobSetup
, TapeBackupJobStatus
, MediaPoolConfig
,
20 UPID_SCHEMA
, JOB_ID_SCHEMA
,
23 use pbs_datastore
::{task_log, task_warn, StoreProgress}
;
24 use pbs_datastore
::backup_info
::{BackupDir, BackupInfo}
;
25 use pbs_datastore
::task
::TaskState
;
29 cached_user_info
::CachedUserInfo
,
42 compute_schedule_status
,
57 set_tape_device_state
,
59 changer
::update_changer_online_status
,
63 const TAPE_BACKUP_JOB_ROUTER
: Router
= Router
::new()
64 .post(&API_METHOD_RUN_TAPE_BACKUP_JOB
);
66 pub const ROUTER
: Router
= Router
::new()
67 .get(&API_METHOD_LIST_TAPE_BACKUP_JOBS
)
68 .post(&API_METHOD_BACKUP
)
69 .match_all("id", &TAPE_BACKUP_JOB_ROUTER
);
71 fn check_backup_permission(
76 ) -> Result
<(), Error
> {
78 let user_info
= CachedUserInfo
::new()?
;
80 let privs
= user_info
.lookup_privs(auth_id
, &["datastore", store
]);
81 if (privs
& PRIV_DATASTORE_READ
) == 0 {
82 bail
!("no permissions on /datastore/{}", store
);
85 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "drive", drive
]);
86 if (privs
& PRIV_TAPE_WRITE
) == 0 {
87 bail
!("no permissions on /tape/drive/{}", drive
);
90 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "pool", pool
]);
91 if (privs
& PRIV_TAPE_WRITE
) == 0 {
92 bail
!("no permissions on /tape/pool/{}", pool
);
100 description
: "List configured thape backup jobs and their status",
102 items
: { type: TapeBackupJobStatus }
,
105 description
: "List configured tape jobs filtered by Tape.Audit privileges",
106 permission
: &Permission
::Anybody
,
109 /// List all tape backup jobs
110 pub fn list_tape_backup_jobs(
112 mut rpcenv
: &mut dyn RpcEnvironment
,
113 ) -> Result
<Vec
<TapeBackupJobStatus
>, Error
> {
114 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
115 let user_info
= CachedUserInfo
::new()?
;
117 let (job_config
, digest
) = pbs_config
::tape_job
::config()?
;
118 let (pool_config
, _pool_digest
) = pbs_config
::media_pool
::config()?
;
119 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
121 let job_list_iter
= job_config
122 .convert_to_typed_array("backup")?
124 .filter(|_job
: &TapeBackupJobConfig
| {
125 // fixme: check access permission
129 let mut list
= Vec
::new();
130 let status_path
= Path
::new(TAPE_STATUS_DIR
);
131 let current_time
= proxmox
::tools
::time
::epoch_i64();
133 for job
in job_list_iter
{
134 let privs
= user_info
.lookup_privs(&auth_id
, &["tape", "job", &job
.id
]);
135 if (privs
& PRIV_TAPE_AUDIT
) == 0 {
139 let last_state
= JobState
::load("tape-backup-job", &job
.id
)
140 .map_err(|err
| format_err
!("could not open statefile for {}: {}", &job
.id
, err
))?
;
142 let status
= compute_schedule_status(&last_state
, job
.schedule
.as_deref())?
;
144 let next_run
= status
.next_run
.unwrap_or(current_time
);
146 let mut next_media_label
= None
;
148 if let Ok(pool
) = pool_config
.lookup
::<MediaPoolConfig
>("pool", &job
.setup
.pool
) {
149 let mut changer_name
= None
;
150 if let Ok(Some((_
, name
))) = media_changer(&drive_config
, &job
.setup
.drive
) {
151 changer_name
= Some(name
);
153 if let Ok(mut pool
) = MediaPool
::with_config(status_path
, &pool
, changer_name
, true) {
154 if pool
.start_write_session(next_run
, false).is_ok() {
155 if let Ok(media_id
) = pool
.guess_next_writable_media(next_run
) {
156 next_media_label
= Some(media_id
.label
.label_text
);
162 list
.push(TapeBackupJobStatus { config: job, status, next_media_label }
);
165 rpcenv
["digest"] = proxmox
::tools
::digest_to_hex(&digest
).into();
170 pub fn do_tape_backup_job(
172 setup
: TapeBackupJobSetup
,
174 schedule
: Option
<String
>,
175 ) -> Result
<String
, Error
> {
177 let job_id
= format
!("{}:{}:{}:{}",
183 let worker_type
= job
.jobtype().to_string();
185 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
187 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
188 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
190 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
192 // for scheduled jobs we acquire the lock later in the worker
193 let drive_lock
= if schedule
.is_some() {
196 Some(lock_tape_device(&drive_config
, &setup
.drive
)?
)
199 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
200 let email
= lookup_user_email(notify_user
);
202 let upid_str
= WorkerTask
::new_thread(
204 Some(job_id
.clone()),
208 job
.start(&worker
.upid().to_string())?
;
209 let mut drive_lock
= drive_lock
;
211 let mut summary
= Default
::default();
212 let job_result
= try_block
!({
213 if schedule
.is_some() {
214 // for scheduled tape backup jobs, we wait indefinitely for the lock
215 task_log
!(worker
, "waiting for drive lock...");
217 worker
.check_abort()?
;
218 match lock_tape_device(&drive_config
, &setup
.drive
) {
220 drive_lock
= Some(lock
);
223 Err(TapeLockError
::TimeOut
) => continue,
224 Err(TapeLockError
::Other(err
)) => return Err(err
),
228 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
230 task_log
!(worker
,"Starting tape backup job '{}'", job_id
);
231 if let Some(event_str
) = schedule
{
232 task_log
!(worker
,"task triggered by schedule '{}'", event_str
);
247 let status
= worker
.create_state(&job_result
);
249 if let Some(email
) = email
{
250 if let Err(err
) = crate::server
::send_tape_backup_status(
257 eprintln
!("send tape backup notification failed: {}", err
);
261 if let Err(err
) = job
.finish(status
) {
263 "could not finish job state for {}: {}",
264 job
.jobtype().to_string(),
269 if let Err(err
) = set_tape_device_state(&setup
.drive
, "") {
271 "could not unset drive state for {}: {}",
288 schema
: JOB_ID_SCHEMA
,
293 // Note: parameters are from job config, so we need to test inside function body
294 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
295 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
296 permission
: &Permission
::Anybody
,
299 /// Runs a tape backup job manually.
300 pub fn run_tape_backup_job(
302 rpcenv
: &mut dyn RpcEnvironment
,
303 ) -> Result
<String
, Error
> {
304 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
306 let (config
, _digest
) = pbs_config
::tape_job
::config()?
;
307 let backup_job
: TapeBackupJobConfig
= config
.lookup("backup", &id
)?
;
309 check_backup_permission(
311 &backup_job
.setup
.store
,
312 &backup_job
.setup
.pool
,
313 &backup_job
.setup
.drive
,
316 let job
= Job
::new("tape-backup-job", &id
)?
;
318 let upid_str
= do_tape_backup_job(job
, backup_job
.setup
, &auth_id
, None
)?
;
327 type: TapeBackupJobSetup
,
331 description
: "Ignore the allocation policy and start a new media-set.",
342 // Note: parameters are no uri parameter, so we need to test inside function body
343 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
344 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
345 permission
: &Permission
::Anybody
,
348 /// Backup datastore to tape media pool
350 setup
: TapeBackupJobSetup
,
351 force_media_set
: bool
,
352 rpcenv
: &mut dyn RpcEnvironment
,
353 ) -> Result
<Value
, Error
> {
355 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
357 check_backup_permission(
364 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
366 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
367 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
369 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
371 // early check/lock before starting worker
372 let drive_lock
= lock_tape_device(&drive_config
, &setup
.drive
)?
;
374 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
376 let job_id
= format
!("{}:{}:{}", setup
.store
, setup
.pool
, setup
.drive
);
378 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
379 let email
= lookup_user_email(notify_user
);
381 let upid_str
= WorkerTask
::new_thread(
387 let _drive_lock
= drive_lock
; // keep lock guard
388 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
390 let mut summary
= Default
::default();
391 let job_result
= backup_worker(
401 if let Some(email
) = email
{
402 if let Err(err
) = crate::server
::send_tape_backup_status(
409 eprintln
!("send tape backup notification failed: {}", err
);
414 let _
= set_tape_device_state(&setup
.drive
, "");
424 datastore
: Arc
<DataStore
>,
425 pool_config
: &MediaPoolConfig
,
426 setup
: &TapeBackupJobSetup
,
427 email
: Option
<String
>,
428 summary
: &mut TapeBackupJobSummary
,
429 force_media_set
: bool
,
430 ) -> Result
<(), Error
> {
432 let status_path
= Path
::new(TAPE_STATUS_DIR
);
433 let start
= std
::time
::Instant
::now();
435 task_log
!(worker
, "update media online status");
436 let changer_name
= update_media_online_status(&setup
.drive
)?
;
438 let pool
= MediaPool
::with_config(status_path
, &pool_config
, changer_name
, false)?
;
440 let mut pool_writer
= PoolWriter
::new(
448 let mut group_list
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
450 group_list
.sort_unstable();
452 let group_count
= group_list
.len();
453 task_log
!(worker
, "found {} groups", group_count
);
455 let mut progress
= StoreProgress
::new(group_count
as u64);
457 let latest_only
= setup
.latest_only
.unwrap_or(false);
460 task_log
!(worker
, "latest-only: true (only considering latest snapshots)");
463 let datastore_name
= datastore
.name();
465 let mut errors
= false;
467 let mut need_catalog
= false; // avoid writing catalog for empty jobs
469 for (group_number
, group
) in group_list
.into_iter().enumerate() {
470 progress
.done_groups
= group_number
as u64;
471 progress
.done_snapshots
= 0;
472 progress
.group_snapshots
= 0;
474 let snapshot_list
= group
.list_backups(&datastore
.base_path())?
;
476 // filter out unfinished backups
477 let mut snapshot_list
: Vec
<_
> = snapshot_list
479 .filter(|item
| item
.is_finished())
482 if snapshot_list
.is_empty() {
483 task_log
!(worker
, "group {} was empty", group
);
487 BackupInfo
::sort_list(&mut snapshot_list
, true); // oldest first
490 progress
.group_snapshots
= 1;
491 if let Some(info
) = snapshot_list
.pop() {
492 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
493 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
499 let snapshot_name
= info
.backup_dir
.to_string();
500 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
503 summary
.snapshot_list
.push(snapshot_name
);
505 progress
.done_snapshots
= 1;
508 "percentage done: {}",
513 progress
.group_snapshots
= snapshot_list
.len() as u64;
514 for (snapshot_number
, info
) in snapshot_list
.into_iter().enumerate() {
515 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
516 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
522 let snapshot_name
= info
.backup_dir
.to_string();
523 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
526 summary
.snapshot_list
.push(snapshot_name
);
528 progress
.done_snapshots
= snapshot_number
as u64 + 1;
531 "percentage done: {}",
538 pool_writer
.commit()?
;
541 task_log
!(worker
, "append media catalog");
543 let uuid
= pool_writer
.load_writable_media(worker
)?
;
544 let done
= pool_writer
.append_catalog_archive(worker
)?
;
546 task_log
!(worker
, "catalog does not fit on tape, writing to next volume");
547 pool_writer
.set_media_status_full(&uuid
)?
;
548 pool_writer
.load_writable_media(worker
)?
;
549 let done
= pool_writer
.append_catalog_archive(worker
)?
;
551 bail
!("write_catalog_archive failed on second media");
556 if setup
.export_media_set
.unwrap_or(false) {
557 pool_writer
.export_media_set(worker
)?
;
558 } else if setup
.eject_media
.unwrap_or(false) {
559 pool_writer
.eject_media(worker
)?
;
563 bail
!("Tape backup finished with some errors. Please check the task log.");
566 summary
.duration
= start
.elapsed();
571 // Try to update the the media online status
572 fn update_media_online_status(drive
: &str) -> Result
<Option
<String
>, Error
> {
574 let (config
, _digest
) = pbs_config
::drive
::config()?
;
576 if let Ok(Some((mut changer
, changer_name
))) = media_changer(&config
, drive
) {
578 let label_text_list
= changer
.online_media_label_texts()?
;
580 let status_path
= Path
::new(TAPE_STATUS_DIR
);
581 let mut inventory
= Inventory
::load(status_path
)?
;
583 update_changer_online_status(
590 Ok(Some(changer_name
))
596 pub fn backup_snapshot(
598 pool_writer
: &mut PoolWriter
,
599 datastore
: Arc
<DataStore
>,
601 ) -> Result
<bool
, Error
> {
603 task_log
!(worker
, "backup snapshot {}", snapshot
);
605 let snapshot_reader
= match SnapshotReader
::new(datastore
.clone(), snapshot
.clone()) {
606 Ok(reader
) => reader
,
608 // ignore missing snapshots and continue
609 task_warn
!(worker
, "failed opening snapshot '{}': {}", snapshot
, err
);
614 let snapshot_reader
= Arc
::new(Mutex
::new(snapshot_reader
));
616 let (reader_thread
, chunk_iter
) = pool_writer
.spawn_chunk_reader_thread(
618 snapshot_reader
.clone(),
621 let mut chunk_iter
= chunk_iter
.peekable();
624 worker
.check_abort()?
;
626 // test is we have remaining chunks
627 match chunk_iter
.peek() {
629 Some(Ok(_
)) => { /* Ok */ }
,
630 Some(Err(err
)) => bail
!("{}", err
),
633 let uuid
= pool_writer
.load_writable_media(worker
)?
;
635 worker
.check_abort()?
;
637 let (leom
, _bytes
) = pool_writer
.append_chunk_archive(worker
, &mut chunk_iter
, datastore
.name())?
;
640 pool_writer
.set_media_status_full(&uuid
)?
;
644 if let Err(_
) = reader_thread
.join() {
645 bail
!("chunk reader thread failed");
648 worker
.check_abort()?
;
650 let uuid
= pool_writer
.load_writable_media(worker
)?
;
652 worker
.check_abort()?
;
654 let snapshot_reader
= snapshot_reader
.lock().unwrap();
656 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
659 // does not fit on tape, so we try on next volume
660 pool_writer
.set_media_status_full(&uuid
)?
;
662 worker
.check_abort()?
;
664 pool_writer
.load_writable_media(worker
)?
;
665 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
668 bail
!("write_snapshot_archive failed on second media");
672 task_log
!(worker
, "end backup {}:{}", datastore
.name(), snapshot
);