2 use std
::sync
::{Mutex, Arc}
;
4 use anyhow
::{bail, format_err, Error}
;
19 Authid
, Userid
, TapeBackupJobConfig
, TapeBackupJobSetup
, TapeBackupJobStatus
, MediaPoolConfig
,
20 UPID_SCHEMA
, JOB_ID_SCHEMA
, PRIV_DATASTORE_READ
, PRIV_TAPE_AUDIT
, PRIV_TAPE_WRITE
,
23 use pbs_datastore
::StoreProgress
;
24 use pbs_datastore
::backup_info
::{BackupDir, BackupInfo}
;
25 use pbs_tools
::{task_log, task_warn, task::WorkerTaskContext}
;
26 use pbs_config
::CachedUserInfo
;
27 use proxmox_rest_server
::WorkerTask
;
36 compute_schedule_status
,
39 backup
::{DataStore, SnapshotReader}
,
49 set_tape_device_state
,
51 changer
::update_changer_online_status
,
55 const TAPE_BACKUP_JOB_ROUTER
: Router
= Router
::new()
56 .post(&API_METHOD_RUN_TAPE_BACKUP_JOB
);
58 pub const ROUTER
: Router
= Router
::new()
59 .get(&API_METHOD_LIST_TAPE_BACKUP_JOBS
)
60 .post(&API_METHOD_BACKUP
)
61 .match_all("id", &TAPE_BACKUP_JOB_ROUTER
);
63 fn check_backup_permission(
68 ) -> Result
<(), Error
> {
70 let user_info
= CachedUserInfo
::new()?
;
72 let privs
= user_info
.lookup_privs(auth_id
, &["datastore", store
]);
73 if (privs
& PRIV_DATASTORE_READ
) == 0 {
74 bail
!("no permissions on /datastore/{}", store
);
77 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "drive", drive
]);
78 if (privs
& PRIV_TAPE_WRITE
) == 0 {
79 bail
!("no permissions on /tape/drive/{}", drive
);
82 let privs
= user_info
.lookup_privs(auth_id
, &["tape", "pool", pool
]);
83 if (privs
& PRIV_TAPE_WRITE
) == 0 {
84 bail
!("no permissions on /tape/pool/{}", pool
);
92 description
: "List configured thape backup jobs and their status",
94 items
: { type: TapeBackupJobStatus }
,
97 description
: "List configured tape jobs filtered by Tape.Audit privileges",
98 permission
: &Permission
::Anybody
,
101 /// List all tape backup jobs
102 pub fn list_tape_backup_jobs(
104 mut rpcenv
: &mut dyn RpcEnvironment
,
105 ) -> Result
<Vec
<TapeBackupJobStatus
>, Error
> {
106 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
107 let user_info
= CachedUserInfo
::new()?
;
109 let (job_config
, digest
) = pbs_config
::tape_job
::config()?
;
110 let (pool_config
, _pool_digest
) = pbs_config
::media_pool
::config()?
;
111 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
113 let job_list_iter
= job_config
114 .convert_to_typed_array("backup")?
116 .filter(|_job
: &TapeBackupJobConfig
| {
117 // fixme: check access permission
121 let mut list
= Vec
::new();
122 let status_path
= Path
::new(TAPE_STATUS_DIR
);
123 let current_time
= proxmox
::tools
::time
::epoch_i64();
125 for job
in job_list_iter
{
126 let privs
= user_info
.lookup_privs(&auth_id
, &["tape", "job", &job
.id
]);
127 if (privs
& PRIV_TAPE_AUDIT
) == 0 {
131 let last_state
= JobState
::load("tape-backup-job", &job
.id
)
132 .map_err(|err
| format_err
!("could not open statefile for {}: {}", &job
.id
, err
))?
;
134 let status
= compute_schedule_status(&last_state
, job
.schedule
.as_deref())?
;
136 let next_run
= status
.next_run
.unwrap_or(current_time
);
138 let mut next_media_label
= None
;
140 if let Ok(pool
) = pool_config
.lookup
::<MediaPoolConfig
>("pool", &job
.setup
.pool
) {
141 let mut changer_name
= None
;
142 if let Ok(Some((_
, name
))) = media_changer(&drive_config
, &job
.setup
.drive
) {
143 changer_name
= Some(name
);
145 if let Ok(mut pool
) = MediaPool
::with_config(status_path
, &pool
, changer_name
, true) {
146 if pool
.start_write_session(next_run
, false).is_ok() {
147 if let Ok(media_id
) = pool
.guess_next_writable_media(next_run
) {
148 next_media_label
= Some(media_id
.label
.label_text
);
154 list
.push(TapeBackupJobStatus { config: job, status, next_media_label }
);
157 rpcenv
["digest"] = proxmox
::tools
::digest_to_hex(&digest
).into();
162 pub fn do_tape_backup_job(
164 setup
: TapeBackupJobSetup
,
166 schedule
: Option
<String
>,
168 ) -> Result
<String
, Error
> {
170 let job_id
= format
!("{}:{}:{}:{}",
176 let worker_type
= job
.jobtype().to_string();
178 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
180 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
181 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
183 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
185 // for scheduled jobs we acquire the lock later in the worker
186 let drive_lock
= if schedule
.is_some() {
189 Some(lock_tape_device(&drive_config
, &setup
.drive
)?
)
192 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
193 let email
= lookup_user_email(notify_user
);
195 let upid_str
= WorkerTask
::new_thread(
197 Some(job_id
.clone()),
201 job
.start(&worker
.upid().to_string())?
;
202 let mut drive_lock
= drive_lock
;
204 let mut summary
= Default
::default();
205 let job_result
= try_block
!({
206 if schedule
.is_some() {
207 // for scheduled tape backup jobs, we wait indefinitely for the lock
208 task_log
!(worker
, "waiting for drive lock...");
210 worker
.check_abort()?
;
211 match lock_tape_device(&drive_config
, &setup
.drive
) {
213 drive_lock
= Some(lock
);
216 Err(TapeLockError
::TimeOut
) => continue,
217 Err(TapeLockError
::Other(err
)) => return Err(err
),
221 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
223 task_log
!(worker
,"Starting tape backup job '{}'", job_id
);
224 if let Some(event_str
) = schedule
{
225 task_log
!(worker
,"task triggered by schedule '{}'", event_str
);
240 let status
= worker
.create_state(&job_result
);
242 if let Some(email
) = email
{
243 if let Err(err
) = crate::server
::send_tape_backup_status(
250 eprintln
!("send tape backup notification failed: {}", err
);
254 if let Err(err
) = job
.finish(status
) {
256 "could not finish job state for {}: {}",
257 job
.jobtype().to_string(),
262 if let Err(err
) = set_tape_device_state(&setup
.drive
, "") {
264 "could not unset drive state for {}: {}",
281 schema
: JOB_ID_SCHEMA
,
286 // Note: parameters are from job config, so we need to test inside function body
287 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
288 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
289 permission
: &Permission
::Anybody
,
292 /// Runs a tape backup job manually.
293 pub fn run_tape_backup_job(
295 rpcenv
: &mut dyn RpcEnvironment
,
296 ) -> Result
<String
, Error
> {
297 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
299 let (config
, _digest
) = pbs_config
::tape_job
::config()?
;
300 let backup_job
: TapeBackupJobConfig
= config
.lookup("backup", &id
)?
;
302 check_backup_permission(
304 &backup_job
.setup
.store
,
305 &backup_job
.setup
.pool
,
306 &backup_job
.setup
.drive
,
309 let job
= Job
::new("tape-backup-job", &id
)?
;
311 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
313 let upid_str
= do_tape_backup_job(job
, backup_job
.setup
, &auth_id
, None
, to_stdout
)?
;
322 type: TapeBackupJobSetup
,
326 description
: "Ignore the allocation policy and start a new media-set.",
337 // Note: parameters are no uri parameter, so we need to test inside function body
338 description
: "The user needs Tape.Write privilege on /tape/pool/{pool} \
339 and /tape/drive/{drive}, Datastore.Read privilege on /datastore/{store}.",
340 permission
: &Permission
::Anybody
,
343 /// Backup datastore to tape media pool
345 setup
: TapeBackupJobSetup
,
346 force_media_set
: bool
,
347 rpcenv
: &mut dyn RpcEnvironment
,
348 ) -> Result
<Value
, Error
> {
350 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
352 check_backup_permission(
359 let datastore
= DataStore
::lookup_datastore(&setup
.store
)?
;
361 let (config
, _digest
) = pbs_config
::media_pool
::config()?
;
362 let pool_config
: MediaPoolConfig
= config
.lookup("pool", &setup
.pool
)?
;
364 let (drive_config
, _digest
) = pbs_config
::drive
::config()?
;
366 // early check/lock before starting worker
367 let drive_lock
= lock_tape_device(&drive_config
, &setup
.drive
)?
;
369 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
371 let job_id
= format
!("{}:{}:{}", setup
.store
, setup
.pool
, setup
.drive
);
373 let notify_user
= setup
.notify_user
.as_ref().unwrap_or_else(|| &Userid
::root_userid());
374 let email
= lookup_user_email(notify_user
);
376 let upid_str
= WorkerTask
::new_thread(
382 let _drive_lock
= drive_lock
; // keep lock guard
383 set_tape_device_state(&setup
.drive
, &worker
.upid().to_string())?
;
385 let mut summary
= Default
::default();
386 let job_result
= backup_worker(
396 if let Some(email
) = email
{
397 if let Err(err
) = crate::server
::send_tape_backup_status(
404 eprintln
!("send tape backup notification failed: {}", err
);
409 let _
= set_tape_device_state(&setup
.drive
, "");
419 datastore
: Arc
<DataStore
>,
420 pool_config
: &MediaPoolConfig
,
421 setup
: &TapeBackupJobSetup
,
422 email
: Option
<String
>,
423 summary
: &mut TapeBackupJobSummary
,
424 force_media_set
: bool
,
425 ) -> Result
<(), Error
> {
427 let status_path
= Path
::new(TAPE_STATUS_DIR
);
428 let start
= std
::time
::Instant
::now();
430 task_log
!(worker
, "update media online status");
431 let changer_name
= update_media_online_status(&setup
.drive
)?
;
433 let pool
= MediaPool
::with_config(status_path
, &pool_config
, changer_name
, false)?
;
435 let mut pool_writer
= PoolWriter
::new(
443 let mut group_list
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
445 group_list
.sort_unstable();
447 let group_count
= group_list
.len();
448 task_log
!(worker
, "found {} groups", group_count
);
450 let mut progress
= StoreProgress
::new(group_count
as u64);
452 let latest_only
= setup
.latest_only
.unwrap_or(false);
455 task_log
!(worker
, "latest-only: true (only considering latest snapshots)");
458 let datastore_name
= datastore
.name();
460 let mut errors
= false;
462 let mut need_catalog
= false; // avoid writing catalog for empty jobs
464 for (group_number
, group
) in group_list
.into_iter().enumerate() {
465 progress
.done_groups
= group_number
as u64;
466 progress
.done_snapshots
= 0;
467 progress
.group_snapshots
= 0;
469 let snapshot_list
= group
.list_backups(&datastore
.base_path())?
;
471 // filter out unfinished backups
472 let mut snapshot_list
: Vec
<_
> = snapshot_list
474 .filter(|item
| item
.is_finished())
477 if snapshot_list
.is_empty() {
478 task_log
!(worker
, "group {} was empty", group
);
482 BackupInfo
::sort_list(&mut snapshot_list
, true); // oldest first
485 progress
.group_snapshots
= 1;
486 if let Some(info
) = snapshot_list
.pop() {
487 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
488 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
494 let snapshot_name
= info
.backup_dir
.to_string();
495 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
498 summary
.snapshot_list
.push(snapshot_name
);
500 progress
.done_snapshots
= 1;
503 "percentage done: {}",
508 progress
.group_snapshots
= snapshot_list
.len() as u64;
509 for (snapshot_number
, info
) in snapshot_list
.into_iter().enumerate() {
510 if pool_writer
.contains_snapshot(datastore_name
, &info
.backup_dir
.to_string()) {
511 task_log
!(worker
, "skip snapshot {}", info
.backup_dir
);
517 let snapshot_name
= info
.backup_dir
.to_string();
518 if !backup_snapshot(worker
, &mut pool_writer
, datastore
.clone(), info
.backup_dir
)?
{
521 summary
.snapshot_list
.push(snapshot_name
);
523 progress
.done_snapshots
= snapshot_number
as u64 + 1;
526 "percentage done: {}",
533 pool_writer
.commit()?
;
536 task_log
!(worker
, "append media catalog");
538 let uuid
= pool_writer
.load_writable_media(worker
)?
;
539 let done
= pool_writer
.append_catalog_archive(worker
)?
;
541 task_log
!(worker
, "catalog does not fit on tape, writing to next volume");
542 pool_writer
.set_media_status_full(&uuid
)?
;
543 pool_writer
.load_writable_media(worker
)?
;
544 let done
= pool_writer
.append_catalog_archive(worker
)?
;
546 bail
!("write_catalog_archive failed on second media");
551 if setup
.export_media_set
.unwrap_or(false) {
552 pool_writer
.export_media_set(worker
)?
;
553 } else if setup
.eject_media
.unwrap_or(false) {
554 pool_writer
.eject_media(worker
)?
;
558 bail
!("Tape backup finished with some errors. Please check the task log.");
561 summary
.duration
= start
.elapsed();
566 // Try to update the the media online status
567 fn update_media_online_status(drive
: &str) -> Result
<Option
<String
>, Error
> {
569 let (config
, _digest
) = pbs_config
::drive
::config()?
;
571 if let Ok(Some((mut changer
, changer_name
))) = media_changer(&config
, drive
) {
573 let label_text_list
= changer
.online_media_label_texts()?
;
575 let status_path
= Path
::new(TAPE_STATUS_DIR
);
576 let mut inventory
= Inventory
::load(status_path
)?
;
578 update_changer_online_status(
585 Ok(Some(changer_name
))
591 pub fn backup_snapshot(
593 pool_writer
: &mut PoolWriter
,
594 datastore
: Arc
<DataStore
>,
596 ) -> Result
<bool
, Error
> {
598 task_log
!(worker
, "backup snapshot {}", snapshot
);
600 let snapshot_reader
= match SnapshotReader
::new(datastore
.clone(), snapshot
.clone()) {
601 Ok(reader
) => reader
,
603 // ignore missing snapshots and continue
604 task_warn
!(worker
, "failed opening snapshot '{}': {}", snapshot
, err
);
609 let snapshot_reader
= Arc
::new(Mutex
::new(snapshot_reader
));
611 let (reader_thread
, chunk_iter
) = pool_writer
.spawn_chunk_reader_thread(
613 snapshot_reader
.clone(),
616 let mut chunk_iter
= chunk_iter
.peekable();
619 worker
.check_abort()?
;
621 // test is we have remaining chunks
622 match chunk_iter
.peek() {
624 Some(Ok(_
)) => { /* Ok */ }
,
625 Some(Err(err
)) => bail
!("{}", err
),
628 let uuid
= pool_writer
.load_writable_media(worker
)?
;
630 worker
.check_abort()?
;
632 let (leom
, _bytes
) = pool_writer
.append_chunk_archive(worker
, &mut chunk_iter
, datastore
.name())?
;
635 pool_writer
.set_media_status_full(&uuid
)?
;
639 if let Err(_
) = reader_thread
.join() {
640 bail
!("chunk reader thread failed");
643 worker
.check_abort()?
;
645 let uuid
= pool_writer
.load_writable_media(worker
)?
;
647 worker
.check_abort()?
;
649 let snapshot_reader
= snapshot_reader
.lock().unwrap();
651 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
654 // does not fit on tape, so we try on next volume
655 pool_writer
.set_media_status_full(&uuid
)?
;
657 worker
.check_abort()?
;
659 pool_writer
.load_writable_media(worker
)?
;
660 let (done
, _bytes
) = pool_writer
.append_snapshot_archive(worker
, &snapshot_reader
)?
;
663 bail
!("write_snapshot_archive failed on second media");
667 task_log
!(worker
, "end backup {}:{}", datastore
.name(), snapshot
);