2 use std
::sync
::{Mutex, Arc}
;
4 use anyhow
::{bail, format_err, Error}
;
19 Authid
, Userid
, TapeBackupJobConfig
, TapeBackupJobSetup
, TapeBackupJobStatus
, MediaPoolConfig
,
20 UPID_SCHEMA
, JOB_ID_SCHEMA
, PRIV_DATASTORE_READ
, PRIV_TAPE_AUDIT
, PRIV_TAPE_WRITE
,
23 use pbs_datastore
::{task_log, task_warn, StoreProgress}
;
24 use pbs_datastore
::backup_info
::{BackupDir, BackupInfo}
;
25 use pbs_datastore
::task
::TaskState
;
26 use pbs_config
::CachedUserInfo
;
35 compute_schedule_status
,
50 set_tape_device_state
,
52 changer
::update_changer_online_status
,
56 const TAPE_BACKUP_JOB_ROUTER
: Router
= Router
::new()
57 .post(&API_METHOD_RUN_TAPE_BACKUP_JOB
);
59 pub const ROUTER
: Router
= Router
::new()
60 .get(&API_METHOD_LIST_TAPE_BACKUP_JOBS
)
61 .post(&API_METHOD_BACKUP
)
62 .match_all("id", &TAPE_BACKUP_JOB_ROUTER
);
64 fn check_backup_permission(
69 ) -> Result
<(), Error
> {
71 let user_info
= CachedUserInfo
::new()?
;
73 let privs
= user_info
.lookup_privs(auth_id
, &["datastore", store
]);
74 if (privs
& PRIV_DATASTORE_READ
) == 0 {
75 bail
!("no permissions on /datastore/{}", store
);
78 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "drive", drive
]);
79 if (privs
& PRIV_TAPE_WRITE
) == 0 {
80 bail
!("no permissions on /tape/drive/{}", drive
);
83 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "pool", pool
]);
84 if (privs
& PRIV_TAPE_WRITE
) == 0 {
85 bail
!("no permissions on /tape/pool/{}", pool
);
93 description
: "List configured thape backup jobs and their status",
95 items
: { type: TapeBackupJobStatus }
,
98 description
: "List configured tape jobs filtered by Tape.Audit privileges",
99 permission
: &Permission
::Anybody
,
102 /// List all tape backup jobs
103 pub fn list_tape_backup_jobs(
105 mut rpcenv
: &mut dyn RpcEnvironment
,
106 ) -> Result
<Vec
<TapeBackupJobStatus
>, Error
> {
107 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
108 let user_info
= CachedUserInfo
::new()?
;
110 let (job_config
, digest
) = pbs_config
::tape_job
::config()?
;
111 let (pool_config
, _pool_digest
) = pbs_config
::media_pool
::config()?
;
112 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
114 let job_list_iter
= job_config
115 .convert_to_typed_array("backup")?
117 .filter(|_job
: &TapeBackupJobConfig
| {
118 // fixme: check access permission
122 let mut list
= Vec
::new();
123 let status_path
= Path
::new(TAPE_STATUS_DIR
);
124 let current_time
= proxmox
::tools
::time
::epoch_i64();
126 for job
in job_list_iter
{
127 let privs
= user_info
.lookup_privs(&auth_id
, &["tape", "job", &job
.id
]);
128 if (privs
& PRIV_TAPE_AUDIT
) == 0 {
132 let last_state
= JobState
::load("tape-backup-job", &job
.id
)
133 .map_err(|err
| format_err
!("could not open statefile for {}: {}", &job
.id
, err
))?
;
135 let status
= compute_schedule_status(&last_state
, job
.schedule
.as_deref())?
;
137 let next_run
= status
.next_run
.unwrap_or(current_time
);
139 let mut next_media_label
= None
;
141 if let Ok(pool
) = pool_config
.lookup
::<MediaPoolConfig
>("pool", &job
.setup
.pool
) {
142 let mut changer_name
= None
;
143 if let Ok(Some((_
, name
))) = media_changer(&drive_config
, &job
.setup
.drive
) {
144 changer_name
= Some(name
);
146 if let Ok(mut pool
) = MediaPool
::with_config(status_path
, &pool
, changer_name
, true) {
147 if pool
.start_write_session(next_run
, false).is_ok() {
148 if let Ok(media_id
) = pool
.guess_next_writable_media(next_run
) {
149 next_media_label
= Some(media_id
.label
.label_text
);
155 list
.push(TapeBackupJobStatus { config: job, status, next_media_label }
);
158 rpcenv
["digest"] = proxmox
::tools
::digest_to_hex(&digest
).into();
163 pub fn do_tape_backup_job(
165 setup
: TapeBackupJobSetup
,
167 schedule
: Option
<String
>,
168 ) -> Result
<String
, Error
> {
170 let job_id
= format
!("{}:{}:{}:{}",
176 let worker_type
= job
.jobtype().to_string();
178 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
180 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
181 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
183 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
185 // for scheduled jobs we acquire the lock later in the worker
186 let drive_lock
= if schedule
.is_some() {
189 Some(lock_tape_device(&drive_config
, &setup
.drive
)?
)
192 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
193 let email
= lookup_user_email(notify_user
);
195 let upid_str
= WorkerTask
::new_thread(
197 Some(job_id
.clone()),
201 job
.start(&worker
.upid().to_string())?
;
202 let mut drive_lock
= drive_lock
;
204 let mut summary
= Default
::default();
205 let job_result
= try_block
!({
206 if schedule
.is_some() {
207 // for scheduled tape backup jobs, we wait indefinitely for the lock
208 task_log
!(worker
, "waiting for drive lock...");
210 worker
.check_abort()?
;
211 match lock_tape_device(&drive_config
, &setup
.drive
) {
213 drive_lock
= Some(lock
);
216 Err(TapeLockError
::TimeOut
) => continue,
217 Err(TapeLockError
::Other(err
)) => return Err(err
),
221 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
223 task_log
!(worker
,"Starting tape backup job '{}'", job_id
);
224 if let Some(event_str
) = schedule
{
225 task_log
!(worker
,"task triggered by schedule '{}'", event_str
);
240 let status
= worker
.create_state(&job_result
);
242 if let Some(email
) = email
{
243 if let Err(err
) = crate::server
::send_tape_backup_status(
250 eprintln
!("send tape backup notification failed: {}", err
);
254 if let Err(err
) = job
.finish(status
) {
256 "could not finish job state for {}: {}",
257 job
.jobtype().to_string(),
262 if let Err(err
) = set_tape_device_state(&setup
.drive
, "") {
264 "could not unset drive state for {}: {}",
281 schema
: JOB_ID_SCHEMA
,
286 // Note: parameters are from job config, so we need to test inside function body
287 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
288 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
289 permission
: &Permission
::Anybody
,
292 /// Runs a tape backup job manually.
293 pub fn run_tape_backup_job(
295 rpcenv
: &mut dyn RpcEnvironment
,
296 ) -> Result
<String
, Error
> {
297 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
299 let (config
, _digest
) = pbs_config
::tape_job
::config()?
;
300 let backup_job
: TapeBackupJobConfig
= config
.lookup("backup", &id
)?
;
302 check_backup_permission(
304 &backup_job
.setup
.store
,
305 &backup_job
.setup
.pool
,
306 &backup_job
.setup
.drive
,
309 let job
= Job
::new("tape-backup-job", &id
)?
;
311 let upid_str
= do_tape_backup_job(job
, backup_job
.setup
, &auth_id
, None
)?
;
320 type: TapeBackupJobSetup
,
324 description
: "Ignore the allocation policy and start a new media-set.",
335 // Note: parameters are no uri parameter, so we need to test inside function body
336 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
337 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
338 permission
: &Permission
::Anybody
,
341 /// Backup datastore to tape media pool
343 setup
: TapeBackupJobSetup
,
344 force_media_set
: bool
,
345 rpcenv
: &mut dyn RpcEnvironment
,
346 ) -> Result
<Value
, Error
> {
348 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
350 check_backup_permission(
357 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
359 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
360 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
362 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
364 // early check/lock before starting worker
365 let drive_lock
= lock_tape_device(&drive_config
, &setup
.drive
)?
;
367 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
369 let job_id
= format
!("{}:{}:{}", setup
.store
, setup
.pool
, setup
.drive
);
371 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
372 let email
= lookup_user_email(notify_user
);
374 let upid_str
= WorkerTask
::new_thread(
380 let _drive_lock
= drive_lock
; // keep lock guard
381 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
383 let mut summary
= Default
::default();
384 let job_result
= backup_worker(
394 if let Some(email
) = email
{
395 if let Err(err
) = crate::server
::send_tape_backup_status(
402 eprintln
!("send tape backup notification failed: {}", err
);
407 let _
= set_tape_device_state(&setup
.drive
, "");
417 datastore
: Arc
<DataStore
>,
418 pool_config
: &MediaPoolConfig
,
419 setup
: &TapeBackupJobSetup
,
420 email
: Option
<String
>,
421 summary
: &mut TapeBackupJobSummary
,
422 force_media_set
: bool
,
423 ) -> Result
<(), Error
> {
425 let status_path
= Path
::new(TAPE_STATUS_DIR
);
426 let start
= std
::time
::Instant
::now();
428 task_log
!(worker
, "update media online status");
429 let changer_name
= update_media_online_status(&setup
.drive
)?
;
431 let pool
= MediaPool
::with_config(status_path
, &pool_config
, changer_name
, false)?
;
433 let mut pool_writer
= PoolWriter
::new(
441 let mut group_list
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
443 group_list
.sort_unstable();
445 let group_count
= group_list
.len();
446 task_log
!(worker
, "found {} groups", group_count
);
448 let mut progress
= StoreProgress
::new(group_count
as u64);
450 let latest_only
= setup
.latest_only
.unwrap_or(false);
453 task_log
!(worker
, "latest-only: true (only considering latest snapshots)");
456 let datastore_name
= datastore
.name();
458 let mut errors
= false;
460 let mut need_catalog
= false; // avoid writing catalog for empty jobs
462 for (group_number
, group
) in group_list
.into_iter().enumerate() {
463 progress
.done_groups
= group_number
as u64;
464 progress
.done_snapshots
= 0;
465 progress
.group_snapshots
= 0;
467 let snapshot_list
= group
.list_backups(&datastore
.base_path())?
;
469 // filter out unfinished backups
470 let mut snapshot_list
: Vec
<_
> = snapshot_list
472 .filter(|item
| item
.is_finished())
475 if snapshot_list
.is_empty() {
476 task_log
!(worker
, "group {} was empty", group
);
480 BackupInfo
::sort_list(&mut snapshot_list
, true); // oldest first
483 progress
.group_snapshots
= 1;
484 if let Some(info
) = snapshot_list
.pop() {
485 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
486 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
492 let snapshot_name
= info
.backup_dir
.to_string();
493 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
496 summary
.snapshot_list
.push(snapshot_name
);
498 progress
.done_snapshots
= 1;
501 "percentage done: {}",
506 progress
.group_snapshots
= snapshot_list
.len() as u64;
507 for (snapshot_number
, info
) in snapshot_list
.into_iter().enumerate() {
508 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
509 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
515 let snapshot_name
= info
.backup_dir
.to_string();
516 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
519 summary
.snapshot_list
.push(snapshot_name
);
521 progress
.done_snapshots
= snapshot_number
as u64 + 1;
524 "percentage done: {}",
531 pool_writer
.commit()?
;
534 task_log
!(worker
, "append media catalog");
536 let uuid
= pool_writer
.load_writable_media(worker
)?
;
537 let done
= pool_writer
.append_catalog_archive(worker
)?
;
539 task_log
!(worker
, "catalog does not fit on tape, writing to next volume");
540 pool_writer
.set_media_status_full(&uuid
)?
;
541 pool_writer
.load_writable_media(worker
)?
;
542 let done
= pool_writer
.append_catalog_archive(worker
)?
;
544 bail
!("write_catalog_archive failed on second media");
549 if setup
.export_media_set
.unwrap_or(false) {
550 pool_writer
.export_media_set(worker
)?
;
551 } else if setup
.eject_media
.unwrap_or(false) {
552 pool_writer
.eject_media(worker
)?
;
556 bail
!("Tape backup finished with some errors. Please check the task log.");
559 summary
.duration
= start
.elapsed();
564 // Try to update the the media online status
565 fn update_media_online_status(drive
: &str) -> Result
<Option
<String
>, Error
> {
567 let (config
, _digest
) = pbs_config
::drive
::config()?
;
569 if let Ok(Some((mut changer
, changer_name
))) = media_changer(&config
, drive
) {
571 let label_text_list
= changer
.online_media_label_texts()?
;
573 let status_path
= Path
::new(TAPE_STATUS_DIR
);
574 let mut inventory
= Inventory
::load(status_path
)?
;
576 update_changer_online_status(
583 Ok(Some(changer_name
))
589 pub fn backup_snapshot(
591 pool_writer
: &mut PoolWriter
,
592 datastore
: Arc
<DataStore
>,
594 ) -> Result
<bool
, Error
> {
596 task_log
!(worker
, "backup snapshot {}", snapshot
);
598 let snapshot_reader
= match SnapshotReader
::new(datastore
.clone(), snapshot
.clone()) {
599 Ok(reader
) => reader
,
601 // ignore missing snapshots and continue
602 task_warn
!(worker
, "failed opening snapshot '{}': {}", snapshot
, err
);
607 let snapshot_reader
= Arc
::new(Mutex
::new(snapshot_reader
));
609 let (reader_thread
, chunk_iter
) = pool_writer
.spawn_chunk_reader_thread(
611 snapshot_reader
.clone(),
614 let mut chunk_iter
= chunk_iter
.peekable();
617 worker
.check_abort()?
;
619 // test is we have remaining chunks
620 match chunk_iter
.peek() {
622 Some(Ok(_
)) => { /* Ok */ }
,
623 Some(Err(err
)) => bail
!("{}", err
),
626 let uuid
= pool_writer
.load_writable_media(worker
)?
;
628 worker
.check_abort()?
;
630 let (leom
, _bytes
) = pool_writer
.append_chunk_archive(worker
, &mut chunk_iter
, datastore
.name())?
;
633 pool_writer
.set_media_status_full(&uuid
)?
;
637 if let Err(_
) = reader_thread
.join() {
638 bail
!("chunk reader thread failed");
641 worker
.check_abort()?
;
643 let uuid
= pool_writer
.load_writable_media(worker
)?
;
645 worker
.check_abort()?
;
647 let snapshot_reader
= snapshot_reader
.lock().unwrap();
649 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
652 // does not fit on tape, so we try on next volume
653 pool_writer
.set_media_status_full(&uuid
)?
;
655 worker
.check_abort()?
;
657 pool_writer
.load_writable_media(worker
)?
;
658 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
661 bail
!("write_snapshot_archive failed on second media");
665 task_log
!(worker
, "end backup {}:{}", datastore
.name(), snapshot
);