return {
server => { fixed => 1 },
datastore => { fixed => 1 },
+ namespace => { optional => 1 },
port => { optional => 1 },
nodes => { optional => 1},
disable => { optional => 1},
my $keyfd;
if (!open($keyfd, '<', $encryption_key_file)) {
- return undef if $! == ENOENT;
+ if ($! == ENOENT) {
+ my $encryption_fp = $scfg->{'encryption-key'};
+ die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
+ if $encryption_fp;
+ return undef;
+ }
die "failed to open encryption key: $encryption_key_file: $!\n";
}
my $keyfd;
if (!open($keyfd, '<', $master_pubkey_file)) {
- return undef if $! == ENOENT;
+ if ($! == ENOENT) {
+ die "master public key configured but no key file found!\n"
+ if $scfg->{'master-pubkey'};
+ return undef;
+ }
die "failed to open master public key: $master_pubkey_file: $!\n";
}
return "${storeid}:${volname}";
}
+my sub ns : prototype($$) {
+ my ($scfg, $name) = @_;
+ my $ns = $scfg->{namespace};
+ return defined($ns) ? ($name, $ns) : ();
+}
+
# essentially the inverse of print_volid
-sub api_param_from_volname {
- my ($class, $volname) = @_;
+my sub api_param_from_volname : prototype($$$) {
+ my ($class, $scfg, $volname) = @_;
my $name = ($class->parse_volname($volname))[1];
}
return {
+ (ns($scfg, 'ns')),
'backup-type' => $btype,
'backup-id' => $bid,
'backup-time' => $btime,
push @$cmd, @$param if defined($param);
push @$cmd, "--repository", $repo;
+ if ($client_cmd ne 'status' && defined(my $ns = $scfg->{namespace})) {
+ push @$cmd, '--ns', $ns;
+ }
local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
$logfunc //= sub { print "$_[1]\n" };
- my $backups = $class->list_volumes($storeid, $scfg, $vmid, ['backup']);
-
$type = 'vm' if defined($type) && $type eq 'qemu';
$type = 'ct' if defined($type) && $type eq 'lxc';
my $backup_groups = {};
- foreach my $backup (@{$backups}) {
- (my $backup_type = $backup->{format}) =~ s/^pbs-//;
- next if defined($type) && $backup_type ne $type;
+ if (defined($vmid) && defined($type)) {
+ # no need to get the list of volumes, we only got a single backup group anyway
+ $backup_groups->{"$type/$vmid"} = 1;
+ } else {
+ my $backups = eval { $class->list_volumes($storeid, $scfg, $vmid, ['backup']) };
+ die "failed to get list of all backups to prune - $@" if $@;
- my $backup_group = "$backup_type/$backup->{vmid}";
- $backup_groups->{$backup_group} = 1;
+ foreach my $backup (@{$backups}) {
+ (my $backup_type = $backup->{format}) =~ s/^pbs-//;
+ next if defined($type) && $backup_type ne $type;
+
+ my $backup_group = "$backup_type/$backup->{vmid}";
+ $backup_groups->{$backup_group} = 1;
+ }
}
my @param;
# artificial url - we currently do not use that anywhere
my $path = "pbs://$repo/$name";
+ if (defined(my $ns = $scfg->{namespace})) {
+ $ns =~ s|/|%2f|g; # other characters to escape aren't allowed in the namespace schema
+ $path .= "?ns=$ns";
+ }
return ($path, $vmid, $vtype);
}
return $any && $all;
}
+# TODO: use a client with native rust/proxmox-backup bindings to profit from
+# API schema checks and types
+my sub pbs_api_connect {
+ my ($scfg, $password, $timeout) = @_;
+
+ my $params = {};
+
+ my $user = $scfg->{username} // 'root@pam';
+
+ if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
+ $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
+ } else {
+ $params->{password} = $password;
+ $params->{username} = $user;
+ }
+
+ if (my $fp = $scfg->{fingerprint}) {
+ $params->{cached_fingerprints}->{uc($fp)} = 1;
+ }
+
+ my $conn = PVE::APIClient::LWP->new(
+ %$params,
+ host => $scfg->{server},
+ port => $scfg->{port} // 8007,
+ timeout => ($timeout // 7), # cope with a 401 (3s api delay) and high latency
+ cookie_name => 'PBSAuthCookie',
+ );
+
+ return $conn;
+}
+
sub list_volumes {
my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
return $res if !grep { $_ eq 'backup' } @$content_types;
- my $data = run_client_cmd($scfg, $storeid, "snapshots");
+ my $password = pbs_get_password($scfg, $storeid);
+ my $conn = pbs_api_connect($scfg, $password, 120);
+ my $datastore = $scfg->{datastore};
+
+ my $param = {};
+ $param->{'backup-id'} = "$vmid" if defined($vmid);
+ $param->{'ns'} = "$scfg->{namespace}" if defined($scfg->{namespace});
+ my $data = eval { $conn->get("/api2/json/admin/datastore/$datastore/snapshots", $param); };
+ die "error listing snapshots - $@" if $@;
foreach my $item (@$data) {
my $btype = $item->{"backup-type"};
return ($total, $free, $used, $active);
}
-# TODO: use a client with native rust/proxmox-backup bindings to profit from
-# API schema checks and types
-my sub pbs_api_connect {
- my ($scfg, $password) = @_;
-
- my $params = {};
-
- my $user = $scfg->{username} // 'root@pam';
-
- if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
- $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
- } else {
- $params->{password} = $password;
- $params->{username} = $user;
- }
-
- if (my $fp = $scfg->{fingerprint}) {
- $params->{cached_fingerprints}->{uc($fp)} = 1;
- }
-
- my $conn = PVE::APIClient::LWP->new(
- %$params,
- host => $scfg->{server},
- port => $scfg->{port} // 8007,
- timeout => 7, # cope with a 401 (3s api delay) and high latency
- cookie_name => 'PBSAuthCookie',
- );
-
- return $conn;
-}
-
# can also be used for not (yet) added storages, pass $scfg with
# {
# server
}
if ($attribute eq 'protected') {
- my $param = $class->api_param_from_volname($volname);
+ my $param = api_param_from_volname($class, $scfg, $volname);
my $password = pbs_get_password($scfg, $storeid);
my $conn = pbs_api_connect($scfg, $password);
}
if ($attribute eq 'protected') {
- my $param = $class->api_param_from_volname($volname);
+ my $param = api_param_from_volname($class, $scfg, $volname);
$param->{$attribute} = $value;
my $password = pbs_get_password($scfg, $storeid);