]> git.proxmox.com Git - proxmox-backup.git/blob - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
make get_index and ApiConfig property (callback)
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
1 use std::sync::{Mutex, Arc};
2 use std::path::{Path, PathBuf};
3 use std::os::unix::io::AsRawFd;
4
5 use anyhow::{bail, format_err, Error};
6 use futures::*;
7 use http::request::Parts;
8 use http::Response;
9 use hyper::{Body, StatusCode};
10 use hyper::header;
11 use url::form_urlencoded;
12
13 use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
14 use tokio_stream::wrappers::ReceiverStream;
15 use serde_json::{json, Value};
16
17 use proxmox::try_block;
18 use proxmox::api::RpcEnvironmentType;
19 use proxmox::sys::linux::socket::set_tcp_keepalive;
20 use proxmox::tools::fs::CreateOptions;
21
22 use proxmox_rest_server::ApiConfig;
23
24 use proxmox_backup::{
25 backup::DataStore,
26 server::{
27 auth::default_api_auth,
28 WorkerTask,
29 rest::*,
30 jobstate::{
31 self,
32 Job,
33 },
34 rotate_task_log_archive,
35 },
36 };
37
38 use pbs_buildcfg::configdir;
39 use pbs_systemd::time::{compute_next_event, parse_calendar_event};
40 use pbs_tools::logrotate::LogRotate;
41
42 use pbs_api_types::{
43 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
44 PruneOptions,
45 };
46
47 use proxmox_rest_server::daemon;
48
49 use proxmox_backup::server;
50 use proxmox_backup::auth_helpers::*;
51 use proxmox_backup::tools::{
52 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
53 disks::{
54 DiskManage,
55 zfs_pool_stats,
56 get_pool_from_dataset,
57 },
58 };
59
60
61 use proxmox_backup::api2::pull::do_sync_job;
62 use proxmox_backup::api2::tape::backup::do_tape_backup_job;
63 use proxmox_backup::server::do_verification_job;
64 use proxmox_backup::server::do_prune_job;
65
66 fn main() -> Result<(), Error> {
67 proxmox_backup::tools::setup_safe_path_env();
68
69 let backup_uid = pbs_config::backup_user()?.uid;
70 let backup_gid = pbs_config::backup_group()?.gid;
71 let running_uid = nix::unistd::Uid::effective();
72 let running_gid = nix::unistd::Gid::effective();
73
74 if running_uid != backup_uid || running_gid != backup_gid {
75 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
76 }
77
78 pbs_runtime::main(run())
79 }
80
81 fn get_index(
82 auth_id: Option<String>,
83 language: Option<String>,
84 api: &ApiConfig,
85 parts: Parts,
86 ) -> Response<Body> {
87
88 let (userid, csrf_token) = match auth_id {
89 Some(auth_id) => {
90 let auth_id = auth_id.parse::<Authid>();
91 match auth_id {
92 Ok(auth_id) if !auth_id.is_token() => {
93 let userid = auth_id.user().clone();
94 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
95 (Some(userid), Some(new_csrf_token))
96 }
97 _ => (None, None)
98 }
99 }
100 None => (None, None),
101 };
102
103 let nodename = proxmox::tools::nodename();
104 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
105
106 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
107
108 let mut debug = false;
109 let mut template_file = "index";
110
111 if let Some(query_str) = parts.uri.query() {
112 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
113 if k == "debug" && v != "0" && v != "false" {
114 debug = true;
115 } else if k == "console" {
116 template_file = "console";
117 }
118 }
119 }
120
121 let mut lang = String::from("");
122 if let Some(language) = language {
123 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
124 lang = language;
125 }
126 }
127
128 let data = json!({
129 "NodeName": nodename,
130 "UserName": user,
131 "CSRFPreventionToken": csrf_token,
132 "language": lang,
133 "debug": debug,
134 });
135
136 let (ct, index) = match api.render_template(template_file, &data) {
137 Ok(index) => ("text/html", index),
138 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
139 };
140
141 let mut resp = Response::builder()
142 .status(StatusCode::OK)
143 .header(header::CONTENT_TYPE, ct)
144 .body(index.into())
145 .unwrap();
146
147 if let Some(userid) = userid {
148 resp.extensions_mut().insert(Authid::from((userid, None)));
149 }
150
151 resp
152 }
153
154 async fn run() -> Result<(), Error> {
155 if let Err(err) = syslog::init(
156 syslog::Facility::LOG_DAEMON,
157 log::LevelFilter::Info,
158 Some("proxmox-backup-proxy")) {
159 bail!("unable to inititialize syslog - {}", err);
160 }
161
162 // Note: To debug early connection error use
163 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
164 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
165
166 let _ = public_auth_key(); // load with lazy_static
167 let _ = csrf_secret(); // load with lazy_static
168
169 let mut config = ApiConfig::new(
170 pbs_buildcfg::JS_DIR,
171 &proxmox_backup::api2::ROUTER,
172 RpcEnvironmentType::PUBLIC,
173 default_api_auth(),
174 get_index,
175 )?;
176
177 config.add_alias("novnc", "/usr/share/novnc-pve");
178 config.add_alias("extjs", "/usr/share/javascript/extjs");
179 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
180 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
181 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
182 config.add_alias("locale", "/usr/share/pbs-i18n");
183 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
184 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
185
186 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
187 indexpath.push("index.hbs");
188 config.register_template("index", &indexpath)?;
189 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
190
191 let backup_user = pbs_config::backup_user()?;
192 let mut commando_sock = proxmox_rest_server::CommandoSocket::new(crate::server::our_ctrl_sock(), backup_user.gid);
193
194 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
195 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
196
197 config.enable_file_log(
198 pbs_buildcfg::API_ACCESS_LOG_FN,
199 Some(dir_opts),
200 Some(file_opts),
201 &mut commando_sock,
202 )?;
203
204 let rest_server = RestServer::new(config);
205
206 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
207
208 // we build the initial acceptor here as we cannot start if this fails
209 let acceptor = make_tls_acceptor()?;
210 let acceptor = Arc::new(Mutex::new(acceptor));
211
212 // to renew the acceptor we just add a command-socket handler
213 commando_sock.register_command(
214 "reload-certificate".to_string(),
215 {
216 let acceptor = Arc::clone(&acceptor);
217 move |_value| -> Result<_, Error> {
218 log::info!("reloading certificate");
219 match make_tls_acceptor() {
220 Err(err) => log::error!("error reloading certificate: {}", err),
221 Ok(new_acceptor) => {
222 let mut guard = acceptor.lock().unwrap();
223 *guard = new_acceptor;
224 }
225 }
226 Ok(Value::Null)
227 }
228 },
229 )?;
230
231 // to remove references for not configured datastores
232 commando_sock.register_command(
233 "datastore-removed".to_string(),
234 |_value| {
235 if let Err(err) = proxmox_backup::backup::DataStore::remove_unused_datastores() {
236 log::error!("could not refresh datastores: {}", err);
237 }
238 Ok(Value::Null)
239 }
240 )?;
241
242 let server = daemon::create_daemon(
243 ([0,0,0,0,0,0,0,0], 8007).into(),
244 move |listener, ready| {
245
246 let connections = accept_connections(listener, acceptor, debug);
247 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
248
249 Ok(ready
250 .and_then(|_| hyper::Server::builder(connections)
251 .serve(rest_server)
252 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
253 .map_err(Error::from)
254 )
255 .map_err(|err| eprintln!("server error: {}", err))
256 .map(|_| ())
257 )
258 },
259 "proxmox-backup-proxy.service",
260 );
261
262 server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
263 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
264
265 let init_result: Result<(), Error> = try_block!({
266 server::register_task_control_commands(&mut commando_sock)?;
267 commando_sock.spawn()?;
268 proxmox_rest_server::server_state_init()?;
269 Ok(())
270 });
271
272 if let Err(err) = init_result {
273 bail!("unable to start daemon - {}", err);
274 }
275
276 start_task_scheduler();
277 start_stat_generator();
278
279 server.await?;
280 log::info!("server shutting down, waiting for active workers to complete");
281 proxmox_rest_server::last_worker_future().await?;
282 log::info!("done - exit server");
283
284 Ok(())
285 }
286
287 fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
288 let key_path = configdir!("/proxy.key");
289 let cert_path = configdir!("/proxy.pem");
290
291 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
292 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
293 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
294 acceptor.set_certificate_chain_file(cert_path)
295 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
296 acceptor.check_private_key().unwrap();
297
298 Ok(acceptor.build())
299 }
300
301 type ClientStreamResult =
302 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
303 const MAX_PENDING_ACCEPTS: usize = 1024;
304
305 fn accept_connections(
306 listener: tokio::net::TcpListener,
307 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
308 debug: bool,
309 ) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
310
311 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
312
313 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
314
315 receiver
316 }
317
318 async fn accept_connection(
319 listener: tokio::net::TcpListener,
320 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
321 debug: bool,
322 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
323 ) {
324 let accept_counter = Arc::new(());
325
326 loop {
327 let (sock, _addr) = match listener.accept().await {
328 Ok(conn) => conn,
329 Err(err) => {
330 eprintln!("error accepting tcp connection: {}", err);
331 continue;
332 }
333 };
334
335 sock.set_nodelay(true).unwrap();
336 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
337
338 let ssl = { // limit acceptor_guard scope
339 // Acceptor can be reloaded using the command socket "reload-certificate" command
340 let acceptor_guard = acceptor.lock().unwrap();
341
342 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
343 Ok(ssl) => ssl,
344 Err(err) => {
345 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
346 continue;
347 },
348 }
349 };
350
351 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
352 Ok(stream) => stream,
353 Err(err) => {
354 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
355 continue;
356 },
357 };
358
359 let mut stream = Box::pin(stream);
360 let sender = sender.clone();
361
362 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
363 eprintln!("connection rejected - to many open connections");
364 continue;
365 }
366
367 let accept_counter = Arc::clone(&accept_counter);
368 tokio::spawn(async move {
369 let accept_future = tokio::time::timeout(
370 Duration::new(10, 0), stream.as_mut().accept());
371
372 let result = accept_future.await;
373
374 match result {
375 Ok(Ok(())) => {
376 if sender.send(Ok(stream)).await.is_err() && debug {
377 eprintln!("detect closed connection channel");
378 }
379 }
380 Ok(Err(err)) => {
381 if debug {
382 eprintln!("https handshake failed - {}", err);
383 }
384 }
385 Err(_) => {
386 if debug {
387 eprintln!("https handshake timeout");
388 }
389 }
390 }
391
392 drop(accept_counter); // decrease reference count
393 });
394 }
395 }
396
397 fn start_stat_generator() {
398 let abort_future = proxmox_rest_server::shutdown_future();
399 let future = Box::pin(run_stat_generator());
400 let task = futures::future::select(future, abort_future);
401 tokio::spawn(task.map(|_| ()));
402 }
403
404 fn start_task_scheduler() {
405 let abort_future = proxmox_rest_server::shutdown_future();
406 let future = Box::pin(run_task_scheduler());
407 let task = futures::future::select(future, abort_future);
408 tokio::spawn(task.map(|_| ()));
409 }
410
411 use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
412
413 fn next_minute() -> Result<Instant, Error> {
414 let now = SystemTime::now();
415 let epoch_now = now.duration_since(UNIX_EPOCH)?;
416 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
417 Ok(Instant::now() + epoch_next - epoch_now)
418 }
419
420 async fn run_task_scheduler() {
421
422 let mut count: usize = 0;
423
424 loop {
425 count += 1;
426
427 let delay_target = match next_minute() { // try to run very minute
428 Ok(d) => d,
429 Err(err) => {
430 eprintln!("task scheduler: compute next minute failed - {}", err);
431 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
432 continue;
433 }
434 };
435
436 if count > 2 { // wait 1..2 minutes before starting
437 match schedule_tasks().catch_unwind().await {
438 Err(panic) => {
439 match panic.downcast::<&str>() {
440 Ok(msg) => {
441 eprintln!("task scheduler panic: {}", msg);
442 }
443 Err(_) => {
444 eprintln!("task scheduler panic - unknown type");
445 }
446 }
447 }
448 Ok(Err(err)) => {
449 eprintln!("task scheduler failed - {:?}", err);
450 }
451 Ok(Ok(_)) => {}
452 }
453 }
454
455 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
456 }
457 }
458
459 async fn schedule_tasks() -> Result<(), Error> {
460
461 schedule_datastore_garbage_collection().await;
462 schedule_datastore_prune().await;
463 schedule_datastore_sync_jobs().await;
464 schedule_datastore_verify_jobs().await;
465 schedule_tape_backup_jobs().await;
466 schedule_task_log_rotate().await;
467
468 Ok(())
469 }
470
471 async fn schedule_datastore_garbage_collection() {
472
473 let config = match pbs_config::datastore::config() {
474 Err(err) => {
475 eprintln!("unable to read datastore config - {}", err);
476 return;
477 }
478 Ok((config, _digest)) => config,
479 };
480
481 for (store, (_, store_config)) in config.sections {
482 let datastore = match DataStore::lookup_datastore(&store) {
483 Ok(datastore) => datastore,
484 Err(err) => {
485 eprintln!("lookup_datastore failed - {}", err);
486 continue;
487 }
488 };
489
490 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
491 Ok(c) => c,
492 Err(err) => {
493 eprintln!("datastore config from_value failed - {}", err);
494 continue;
495 }
496 };
497
498 let event_str = match store_config.gc_schedule {
499 Some(event_str) => event_str,
500 None => continue,
501 };
502
503 let event = match parse_calendar_event(&event_str) {
504 Ok(event) => event,
505 Err(err) => {
506 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
507 continue;
508 }
509 };
510
511 if datastore.garbage_collection_running() { continue; }
512
513 let worker_type = "garbage_collection";
514
515 let last = match jobstate::last_run_time(worker_type, &store) {
516 Ok(time) => time,
517 Err(err) => {
518 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
519 continue;
520 }
521 };
522
523 let next = match compute_next_event(&event, last, false) {
524 Ok(Some(next)) => next,
525 Ok(None) => continue,
526 Err(err) => {
527 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
528 continue;
529 }
530 };
531
532 let now = proxmox::tools::time::epoch_i64();
533
534 if next > now { continue; }
535
536 let job = match Job::new(worker_type, &store) {
537 Ok(job) => job,
538 Err(_) => continue, // could not get lock
539 };
540
541 let auth_id = Authid::root_auth_id();
542
543 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
544 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
545 }
546 }
547 }
548
549 async fn schedule_datastore_prune() {
550
551 let config = match pbs_config::datastore::config() {
552 Err(err) => {
553 eprintln!("unable to read datastore config - {}", err);
554 return;
555 }
556 Ok((config, _digest)) => config,
557 };
558
559 for (store, (_, store_config)) in config.sections {
560
561 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
562 Ok(c) => c,
563 Err(err) => {
564 eprintln!("datastore '{}' config from_value failed - {}", store, err);
565 continue;
566 }
567 };
568
569 let event_str = match store_config.prune_schedule {
570 Some(event_str) => event_str,
571 None => continue,
572 };
573
574 let prune_options = PruneOptions {
575 keep_last: store_config.keep_last,
576 keep_hourly: store_config.keep_hourly,
577 keep_daily: store_config.keep_daily,
578 keep_weekly: store_config.keep_weekly,
579 keep_monthly: store_config.keep_monthly,
580 keep_yearly: store_config.keep_yearly,
581 };
582
583 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
584 continue;
585 }
586
587 let worker_type = "prune";
588 if check_schedule(worker_type, &event_str, &store) {
589 let job = match Job::new(worker_type, &store) {
590 Ok(job) => job,
591 Err(_) => continue, // could not get lock
592 };
593
594 let auth_id = Authid::root_auth_id().clone();
595 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
596 eprintln!("unable to start datastore prune job {} - {}", &store, err);
597 }
598 };
599 }
600 }
601
602 async fn schedule_datastore_sync_jobs() {
603
604
605 let config = match pbs_config::sync::config() {
606 Err(err) => {
607 eprintln!("unable to read sync job config - {}", err);
608 return;
609 }
610 Ok((config, _digest)) => config,
611 };
612
613 for (job_id, (_, job_config)) in config.sections {
614 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
615 Ok(c) => c,
616 Err(err) => {
617 eprintln!("sync job config from_value failed - {}", err);
618 continue;
619 }
620 };
621
622 let event_str = match job_config.schedule {
623 Some(ref event_str) => event_str.clone(),
624 None => continue,
625 };
626
627 let worker_type = "syncjob";
628 if check_schedule(worker_type, &event_str, &job_id) {
629 let job = match Job::new(worker_type, &job_id) {
630 Ok(job) => job,
631 Err(_) => continue, // could not get lock
632 };
633
634 let auth_id = Authid::root_auth_id().clone();
635 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str)) {
636 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
637 }
638 };
639 }
640 }
641
642 async fn schedule_datastore_verify_jobs() {
643
644 let config = match pbs_config::verify::config() {
645 Err(err) => {
646 eprintln!("unable to read verification job config - {}", err);
647 return;
648 }
649 Ok((config, _digest)) => config,
650 };
651 for (job_id, (_, job_config)) in config.sections {
652 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
653 Ok(c) => c,
654 Err(err) => {
655 eprintln!("verification job config from_value failed - {}", err);
656 continue;
657 }
658 };
659 let event_str = match job_config.schedule {
660 Some(ref event_str) => event_str.clone(),
661 None => continue,
662 };
663
664 let worker_type = "verificationjob";
665 let auth_id = Authid::root_auth_id().clone();
666 if check_schedule(worker_type, &event_str, &job_id) {
667 let job = match Job::new(&worker_type, &job_id) {
668 Ok(job) => job,
669 Err(_) => continue, // could not get lock
670 };
671 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str)) {
672 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
673 }
674 };
675 }
676 }
677
678 async fn schedule_tape_backup_jobs() {
679
680 let config = match pbs_config::tape_job::config() {
681 Err(err) => {
682 eprintln!("unable to read tape job config - {}", err);
683 return;
684 }
685 Ok((config, _digest)) => config,
686 };
687 for (job_id, (_, job_config)) in config.sections {
688 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
689 Ok(c) => c,
690 Err(err) => {
691 eprintln!("tape backup job config from_value failed - {}", err);
692 continue;
693 }
694 };
695 let event_str = match job_config.schedule {
696 Some(ref event_str) => event_str.clone(),
697 None => continue,
698 };
699
700 let worker_type = "tape-backup-job";
701 let auth_id = Authid::root_auth_id().clone();
702 if check_schedule(worker_type, &event_str, &job_id) {
703 let job = match Job::new(&worker_type, &job_id) {
704 Ok(job) => job,
705 Err(_) => continue, // could not get lock
706 };
707 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str)) {
708 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
709 }
710 };
711 }
712 }
713
714
715 async fn schedule_task_log_rotate() {
716
717 let worker_type = "logrotate";
718 let job_id = "access-log_and_task-archive";
719
720 // schedule daily at 00:00 like normal logrotate
721 let schedule = "00:00";
722
723 if !check_schedule(worker_type, schedule, job_id) {
724 // if we never ran the rotation, schedule instantly
725 match jobstate::JobState::load(worker_type, job_id) {
726 Ok(state) => match state {
727 jobstate::JobState::Created { .. } => {},
728 _ => return,
729 },
730 _ => return,
731 }
732 }
733
734 let mut job = match Job::new(worker_type, job_id) {
735 Ok(job) => job,
736 Err(_) => return, // could not get lock
737 };
738
739 if let Err(err) = WorkerTask::new_thread(
740 worker_type,
741 None,
742 Authid::root_auth_id().clone(),
743 false,
744 move |worker| {
745 job.start(&worker.upid().to_string())?;
746 worker.log("starting task log rotation".to_string());
747
748 let result = try_block!({
749 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
750 let max_files = 20; // times twenty files gives > 100000 task entries
751 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
752 if has_rotated {
753 worker.log("task log archive was rotated".to_string());
754 } else {
755 worker.log("task log archive was not rotated".to_string());
756 }
757
758 let max_size = 32 * 1024 * 1024 - 1;
759 let max_files = 14;
760 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
761 .ok_or_else(|| format_err!("could not get API access log file names"))?;
762
763 if logrotate.rotate(max_size, None, Some(max_files))? {
764 println!("rotated access log, telling daemons to re-open log file");
765 pbs_runtime::block_on(command_reopen_logfiles())?;
766 worker.log("API access log was rotated".to_string());
767 } else {
768 worker.log("API access log was not rotated".to_string());
769 }
770
771 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
772 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
773
774 if logrotate.rotate(max_size, None, Some(max_files))? {
775 worker.log("API authentication log was rotated".to_string());
776 } else {
777 worker.log("API authentication log was not rotated".to_string());
778 }
779
780 Ok(())
781 });
782
783 let status = worker.create_state(&result);
784
785 if let Err(err) = job.finish(status) {
786 eprintln!("could not finish job state for {}: {}", worker_type, err);
787 }
788
789 result
790 },
791 ) {
792 eprintln!("unable to start task log rotation: {}", err);
793 }
794
795 }
796
797 async fn command_reopen_logfiles() -> Result<(), Error> {
798 // only care about the most recent daemon instance for each, proxy & api, as other older ones
799 // should not respond to new requests anyway, but only finish their current one and then exit.
800 let sock = crate::server::our_ctrl_sock();
801 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
802
803 let pid = crate::server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
804 let sock = crate::server::ctrl_sock_from_pid(pid);
805 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
806
807 match futures::join!(f1, f2) {
808 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
809 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
810 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
811 _ => Ok(()),
812 }
813 }
814
815 async fn run_stat_generator() {
816
817 let mut count = 0;
818 loop {
819 count += 1;
820 let save = if count >= 6 { count = 0; true } else { false };
821
822 let delay_target = Instant::now() + Duration::from_secs(10);
823
824 generate_host_stats(save).await;
825
826 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
827
828 }
829
830 }
831
832 fn rrd_update_gauge(name: &str, value: f64, save: bool) {
833 use proxmox_backup::rrd;
834 if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) {
835 eprintln!("rrd::update_value '{}' failed - {}", name, err);
836 }
837 }
838
839 fn rrd_update_derive(name: &str, value: f64, save: bool) {
840 use proxmox_backup::rrd;
841 if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) {
842 eprintln!("rrd::update_value '{}' failed - {}", name, err);
843 }
844 }
845
846 async fn generate_host_stats(save: bool) {
847 use proxmox::sys::linux::procfs::{
848 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
849
850 pbs_runtime::block_in_place(move || {
851
852 match read_proc_stat() {
853 Ok(stat) => {
854 rrd_update_gauge("host/cpu", stat.cpu, save);
855 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
856 }
857 Err(err) => {
858 eprintln!("read_proc_stat failed - {}", err);
859 }
860 }
861
862 match read_meminfo() {
863 Ok(meminfo) => {
864 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
865 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
866 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
867 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
868 }
869 Err(err) => {
870 eprintln!("read_meminfo failed - {}", err);
871 }
872 }
873
874 match read_proc_net_dev() {
875 Ok(netdev) => {
876 use pbs_config::network::is_physical_nic;
877 let mut netin = 0;
878 let mut netout = 0;
879 for item in netdev {
880 if !is_physical_nic(&item.device) { continue; }
881 netin += item.receive;
882 netout += item.send;
883 }
884 rrd_update_derive("host/netin", netin as f64, save);
885 rrd_update_derive("host/netout", netout as f64, save);
886 }
887 Err(err) => {
888 eprintln!("read_prox_net_dev failed - {}", err);
889 }
890 }
891
892 match read_loadavg() {
893 Ok(loadavg) => {
894 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
895 }
896 Err(err) => {
897 eprintln!("read_loadavg failed - {}", err);
898 }
899 }
900
901 let disk_manager = DiskManage::new();
902
903 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
904
905 match pbs_config::datastore::config() {
906 Ok((config, _)) => {
907 let datastore_list: Vec<DataStoreConfig> =
908 config.convert_to_typed_array("datastore").unwrap_or_default();
909
910 for config in datastore_list {
911
912 let rrd_prefix = format!("datastore/{}", config.name);
913 let path = std::path::Path::new(&config.path);
914 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
915 }
916 }
917 Err(err) => {
918 eprintln!("read datastore config failed - {}", err);
919 }
920 }
921
922 });
923 }
924
925 fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
926 let event = match parse_calendar_event(event_str) {
927 Ok(event) => event,
928 Err(err) => {
929 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
930 return false;
931 }
932 };
933
934 let last = match jobstate::last_run_time(worker_type, &id) {
935 Ok(time) => time,
936 Err(err) => {
937 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
938 return false;
939 }
940 };
941
942 let next = match compute_next_event(&event, last, false) {
943 Ok(Some(next)) => next,
944 Ok(None) => return false,
945 Err(err) => {
946 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
947 return false;
948 }
949 };
950
951 let now = proxmox::tools::time::epoch_i64();
952 next <= now
953 }
954
955 fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
956
957 match proxmox_backup::tools::disks::disk_usage(path) {
958 Ok(status) => {
959 let rrd_key = format!("{}/total", rrd_prefix);
960 rrd_update_gauge(&rrd_key, status.total as f64, save);
961 let rrd_key = format!("{}/used", rrd_prefix);
962 rrd_update_gauge(&rrd_key, status.used as f64, save);
963 }
964 Err(err) => {
965 eprintln!("read disk_usage on {:?} failed - {}", path, err);
966 }
967 }
968
969 match disk_manager.find_mounted_device(path) {
970 Ok(None) => {},
971 Ok(Some((fs_type, device, source))) => {
972 let mut device_stat = None;
973 match fs_type.as_str() {
974 "zfs" => {
975 if let Some(source) = source {
976 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
977 match zfs_pool_stats(pool) {
978 Ok(stat) => device_stat = stat,
979 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
980 }
981 }
982 }
983 _ => {
984 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
985 match disk.read_stat() {
986 Ok(stat) => device_stat = stat,
987 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
988 }
989 }
990 }
991 }
992 if let Some(stat) = device_stat {
993 let rrd_key = format!("{}/read_ios", rrd_prefix);
994 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
995 let rrd_key = format!("{}/read_bytes", rrd_prefix);
996 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
997
998 let rrd_key = format!("{}/write_ios", rrd_prefix);
999 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
1000 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1001 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
1002
1003 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1004 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
1005 }
1006 }
1007 Err(err) => {
1008 eprintln!("find_mounted_device failed - {}", err);
1009 }
1010 }
1011 }
Proxmox Backup Server and Client