2 use std
::sync
::{Mutex, Arc}
;
4 use anyhow
::{bail, format_err, Error}
;
19 Authid
, Userid
, TapeBackupJobConfig
, TapeBackupJobSetup
, TapeBackupJobStatus
, MediaPoolConfig
,
20 UPID_SCHEMA
, JOB_ID_SCHEMA
, PRIV_DATASTORE_READ
, PRIV_TAPE_AUDIT
, PRIV_TAPE_WRITE
,
23 use pbs_datastore
::{task_log, task_warn, StoreProgress}
;
24 use pbs_datastore
::backup_info
::{BackupDir, BackupInfo}
;
25 use pbs_datastore
::task
::TaskState
;
26 use pbs_config
::CachedUserInfo
;
35 compute_schedule_status
,
38 backup
::{DataStore, SnapshotReader}
,
49 set_tape_device_state
,
51 changer
::update_changer_online_status
,
55 const TAPE_BACKUP_JOB_ROUTER
: Router
= Router
::new()
56 .post(&API_METHOD_RUN_TAPE_BACKUP_JOB
);
58 pub const ROUTER
: Router
= Router
::new()
59 .get(&API_METHOD_LIST_TAPE_BACKUP_JOBS
)
60 .post(&API_METHOD_BACKUP
)
61 .match_all("id", &TAPE_BACKUP_JOB_ROUTER
);
63 fn check_backup_permission(
68 ) -> Result
<(), Error
> {
70 let user_info
= CachedUserInfo
::new()?
;
72 let privs
= user_info
.lookup_privs(auth_id
, &["datastore", store
]);
73 if (privs
& PRIV_DATASTORE_READ
) == 0 {
74 bail
!("no permissions on /datastore/{}", store
);
77 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "drive", drive
]);
78 if (privs
& PRIV_TAPE_WRITE
) == 0 {
79 bail
!("no permissions on /tape/drive/{}", drive
);
82 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "pool", pool
]);
83 if (privs
& PRIV_TAPE_WRITE
) == 0 {
84 bail
!("no permissions on /tape/pool/{}", pool
);
92 description
: "List configured thape backup jobs and their status",
94 items
: { type: TapeBackupJobStatus }
,
97 description
: "List configured tape jobs filtered by Tape.Audit privileges",
98 permission
: &Permission
::Anybody
,
101 /// List all tape backup jobs
102 pub fn list_tape_backup_jobs(
104 mut rpcenv
: &mut dyn RpcEnvironment
,
105 ) -> Result
<Vec
<TapeBackupJobStatus
>, Error
> {
106 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
107 let user_info
= CachedUserInfo
::new()?
;
109 let (job_config
, digest
) = pbs_config
::tape_job
::config()?
;
110 let (pool_config
, _pool_digest
) = pbs_config
::media_pool
::config()?
;
111 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
113 let job_list_iter
= job_config
114 .convert_to_typed_array("backup")?
116 .filter(|_job
: &TapeBackupJobConfig
| {
117 // fixme: check access permission
121 let mut list
= Vec
::new();
122 let status_path
= Path
::new(TAPE_STATUS_DIR
);
123 let current_time
= proxmox
::tools
::time
::epoch_i64();
125 for job
in job_list_iter
{
126 let privs
= user_info
.lookup_privs(&auth_id
, &["tape", "job", &job
.id
]);
127 if (privs
& PRIV_TAPE_AUDIT
) == 0 {
131 let last_state
= JobState
::load("tape-backup-job", &job
.id
)
132 .map_err(|err
| format_err
!("could not open statefile for {}: {}", &job
.id
, err
))?
;
134 let status
= compute_schedule_status(&last_state
, job
.schedule
.as_deref())?
;
136 let next_run
= status
.next_run
.unwrap_or(current_time
);
138 let mut next_media_label
= None
;
140 if let Ok(pool
) = pool_config
.lookup
::<MediaPoolConfig
>("pool", &job
.setup
.pool
) {
141 let mut changer_name
= None
;
142 if let Ok(Some((_
, name
))) = media_changer(&drive_config
, &job
.setup
.drive
) {
143 changer_name
= Some(name
);
145 if let Ok(mut pool
) = MediaPool
::with_config(status_path
, &pool
, changer_name
, true) {
146 if pool
.start_write_session(next_run
, false).is_ok() {
147 if let Ok(media_id
) = pool
.guess_next_writable_media(next_run
) {
148 next_media_label
= Some(media_id
.label
.label_text
);
154 list
.push(TapeBackupJobStatus { config: job, status, next_media_label }
);
157 rpcenv
["digest"] = proxmox
::tools
::digest_to_hex(&digest
).into();
162 pub fn do_tape_backup_job(
164 setup
: TapeBackupJobSetup
,
166 schedule
: Option
<String
>,
167 ) -> Result
<String
, Error
> {
169 let job_id
= format
!("{}:{}:{}:{}",
175 let worker_type
= job
.jobtype().to_string();
177 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
179 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
180 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
182 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
184 // for scheduled jobs we acquire the lock later in the worker
185 let drive_lock
= if schedule
.is_some() {
188 Some(lock_tape_device(&drive_config
, &setup
.drive
)?
)
191 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
192 let email
= lookup_user_email(notify_user
);
194 let upid_str
= WorkerTask
::new_thread(
196 Some(job_id
.clone()),
200 job
.start(&worker
.upid().to_string())?
;
201 let mut drive_lock
= drive_lock
;
203 let mut summary
= Default
::default();
204 let job_result
= try_block
!({
205 if schedule
.is_some() {
206 // for scheduled tape backup jobs, we wait indefinitely for the lock
207 task_log
!(worker
, "waiting for drive lock...");
209 worker
.check_abort()?
;
210 match lock_tape_device(&drive_config
, &setup
.drive
) {
212 drive_lock
= Some(lock
);
215 Err(TapeLockError
::TimeOut
) => continue,
216 Err(TapeLockError
::Other(err
)) => return Err(err
),
220 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
222 task_log
!(worker
,"Starting tape backup job '{}'", job_id
);
223 if let Some(event_str
) = schedule
{
224 task_log
!(worker
,"task triggered by schedule '{}'", event_str
);
239 let status
= worker
.create_state(&job_result
);
241 if let Some(email
) = email
{
242 if let Err(err
) = crate::server
::send_tape_backup_status(
249 eprintln
!("send tape backup notification failed: {}", err
);
253 if let Err(err
) = job
.finish(status
) {
255 "could not finish job state for {}: {}",
256 job
.jobtype().to_string(),
261 if let Err(err
) = set_tape_device_state(&setup
.drive
, "") {
263 "could not unset drive state for {}: {}",
280 schema
: JOB_ID_SCHEMA
,
285 // Note: parameters are from job config, so we need to test inside function body
286 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
287 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
288 permission
: &Permission
::Anybody
,
291 /// Runs a tape backup job manually.
292 pub fn run_tape_backup_job(
294 rpcenv
: &mut dyn RpcEnvironment
,
295 ) -> Result
<String
, Error
> {
296 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
298 let (config
, _digest
) = pbs_config
::tape_job
::config()?
;
299 let backup_job
: TapeBackupJobConfig
= config
.lookup("backup", &id
)?
;
301 check_backup_permission(
303 &backup_job
.setup
.store
,
304 &backup_job
.setup
.pool
,
305 &backup_job
.setup
.drive
,
308 let job
= Job
::new("tape-backup-job", &id
)?
;
310 let upid_str
= do_tape_backup_job(job
, backup_job
.setup
, &auth_id
, None
)?
;
319 type: TapeBackupJobSetup
,
323 description
: "Ignore the allocation policy and start a new media-set.",
334 // Note: parameters are no uri parameter, so we need to test inside function body
335 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
336 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
337 permission
: &Permission
::Anybody
,
340 /// Backup datastore to tape media pool
342 setup
: TapeBackupJobSetup
,
343 force_media_set
: bool
,
344 rpcenv
: &mut dyn RpcEnvironment
,
345 ) -> Result
<Value
, Error
> {
347 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
349 check_backup_permission(
356 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
358 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
359 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
361 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
363 // early check/lock before starting worker
364 let drive_lock
= lock_tape_device(&drive_config
, &setup
.drive
)?
;
366 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
368 let job_id
= format
!("{}:{}:{}", setup
.store
, setup
.pool
, setup
.drive
);
370 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
371 let email
= lookup_user_email(notify_user
);
373 let upid_str
= WorkerTask
::new_thread(
379 let _drive_lock
= drive_lock
; // keep lock guard
380 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
382 let mut summary
= Default
::default();
383 let job_result
= backup_worker(
393 if let Some(email
) = email
{
394 if let Err(err
) = crate::server
::send_tape_backup_status(
401 eprintln
!("send tape backup notification failed: {}", err
);
406 let _
= set_tape_device_state(&setup
.drive
, "");
416 datastore
: Arc
<DataStore
>,
417 pool_config
: &MediaPoolConfig
,
418 setup
: &TapeBackupJobSetup
,
419 email
: Option
<String
>,
420 summary
: &mut TapeBackupJobSummary
,
421 force_media_set
: bool
,
422 ) -> Result
<(), Error
> {
424 let status_path
= Path
::new(TAPE_STATUS_DIR
);
425 let start
= std
::time
::Instant
::now();
427 task_log
!(worker
, "update media online status");
428 let changer_name
= update_media_online_status(&setup
.drive
)?
;
430 let pool
= MediaPool
::with_config(status_path
, &pool_config
, changer_name
, false)?
;
432 let mut pool_writer
= PoolWriter
::new(
440 let mut group_list
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
442 group_list
.sort_unstable();
444 let group_count
= group_list
.len();
445 task_log
!(worker
, "found {} groups", group_count
);
447 let mut progress
= StoreProgress
::new(group_count
as u64);
449 let latest_only
= setup
.latest_only
.unwrap_or(false);
452 task_log
!(worker
, "latest-only: true (only considering latest snapshots)");
455 let datastore_name
= datastore
.name();
457 let mut errors
= false;
459 let mut need_catalog
= false; // avoid writing catalog for empty jobs
461 for (group_number
, group
) in group_list
.into_iter().enumerate() {
462 progress
.done_groups
= group_number
as u64;
463 progress
.done_snapshots
= 0;
464 progress
.group_snapshots
= 0;
466 let snapshot_list
= group
.list_backups(&datastore
.base_path())?
;
468 // filter out unfinished backups
469 let mut snapshot_list
: Vec
<_
> = snapshot_list
471 .filter(|item
| item
.is_finished())
474 if snapshot_list
.is_empty() {
475 task_log
!(worker
, "group {} was empty", group
);
479 BackupInfo
::sort_list(&mut snapshot_list
, true); // oldest first
482 progress
.group_snapshots
= 1;
483 if let Some(info
) = snapshot_list
.pop() {
484 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
485 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
491 let snapshot_name
= info
.backup_dir
.to_string();
492 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
495 summary
.snapshot_list
.push(snapshot_name
);
497 progress
.done_snapshots
= 1;
500 "percentage done: {}",
505 progress
.group_snapshots
= snapshot_list
.len() as u64;
506 for (snapshot_number
, info
) in snapshot_list
.into_iter().enumerate() {
507 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
508 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
514 let snapshot_name
= info
.backup_dir
.to_string();
515 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
518 summary
.snapshot_list
.push(snapshot_name
);
520 progress
.done_snapshots
= snapshot_number
as u64 + 1;
523 "percentage done: {}",
530 pool_writer
.commit()?
;
533 task_log
!(worker
, "append media catalog");
535 let uuid
= pool_writer
.load_writable_media(worker
)?
;
536 let done
= pool_writer
.append_catalog_archive(worker
)?
;
538 task_log
!(worker
, "catalog does not fit on tape, writing to next volume");
539 pool_writer
.set_media_status_full(&uuid
)?
;
540 pool_writer
.load_writable_media(worker
)?
;
541 let done
= pool_writer
.append_catalog_archive(worker
)?
;
543 bail
!("write_catalog_archive failed on second media");
548 if setup
.export_media_set
.unwrap_or(false) {
549 pool_writer
.export_media_set(worker
)?
;
550 } else if setup
.eject_media
.unwrap_or(false) {
551 pool_writer
.eject_media(worker
)?
;
555 bail
!("Tape backup finished with some errors. Please check the task log.");
558 summary
.duration
= start
.elapsed();
563 // Try to update the the media online status
564 fn update_media_online_status(drive
: &str) -> Result
<Option
<String
>, Error
> {
566 let (config
, _digest
) = pbs_config
::drive
::config()?
;
568 if let Ok(Some((mut changer
, changer_name
))) = media_changer(&config
, drive
) {
570 let label_text_list
= changer
.online_media_label_texts()?
;
572 let status_path
= Path
::new(TAPE_STATUS_DIR
);
573 let mut inventory
= Inventory
::load(status_path
)?
;
575 update_changer_online_status(
582 Ok(Some(changer_name
))
588 pub fn backup_snapshot(
590 pool_writer
: &mut PoolWriter
,
591 datastore
: Arc
<DataStore
>,
593 ) -> Result
<bool
, Error
> {
595 task_log
!(worker
, "backup snapshot {}", snapshot
);
597 let snapshot_reader
= match SnapshotReader
::new(datastore
.clone(), snapshot
.clone()) {
598 Ok(reader
) => reader
,
600 // ignore missing snapshots and continue
601 task_warn
!(worker
, "failed opening snapshot '{}': {}", snapshot
, err
);
606 let snapshot_reader
= Arc
::new(Mutex
::new(snapshot_reader
));
608 let (reader_thread
, chunk_iter
) = pool_writer
.spawn_chunk_reader_thread(
610 snapshot_reader
.clone(),
613 let mut chunk_iter
= chunk_iter
.peekable();
616 worker
.check_abort()?
;
618 // test is we have remaining chunks
619 match chunk_iter
.peek() {
621 Some(Ok(_
)) => { /* Ok */ }
,
622 Some(Err(err
)) => bail
!("{}", err
),
625 let uuid
= pool_writer
.load_writable_media(worker
)?
;
627 worker
.check_abort()?
;
629 let (leom
, _bytes
) = pool_writer
.append_chunk_archive(worker
, &mut chunk_iter
, datastore
.name())?
;
632 pool_writer
.set_media_status_full(&uuid
)?
;
636 if let Err(_
) = reader_thread
.join() {
637 bail
!("chunk reader thread failed");
640 worker
.check_abort()?
;
642 let uuid
= pool_writer
.load_writable_media(worker
)?
;
644 worker
.check_abort()?
;
646 let snapshot_reader
= snapshot_reader
.lock().unwrap();
648 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
651 // does not fit on tape, so we try on next volume
652 pool_writer
.set_media_status_full(&uuid
)?
;
654 worker
.check_abort()?
;
656 pool_writer
.load_writable_media(worker
)?
;
657 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
660 bail
!("write_snapshot_archive failed on second media");
664 task_log
!(worker
, "end backup {}:{}", datastore
.name(), snapshot
);