use strict;
use warnings;
+
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
use HTTP::Request;
use IO::File;
use LWP::UserAgent;
use POSIX qw(strftime ENOENT);
-use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach);
-use PVE::Storage::Plugin;
use PVE::JSONSchema qw(get_standard_option);
+use PVE::Network;
+use PVE::Storage::Plugin;
+use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach $IPV6RE);
use base qw(PVE::Storage::Plugin);
sub properties {
return {
datastore => {
- description => "Proxmox backup server datastore name.",
+ description => "Proxmox Backup Server datastore name.",
type => 'string',
},
# openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
fingerprint => get_standard_option('fingerprint-sha256'),
- encryption_key => {
- description => "Encryption key.",
+ 'encryption-key' => {
+ description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
type => 'string',
},
+ port => {
+ description => "For non default port.",
+ type => 'integer',
+ minimum => 1,
+ maximum => 65535,
+ default => 8007,
+ }
};
}
return {
server => { fixed => 1 },
datastore => { fixed => 1 },
+ port => { optional => 1 },
nodes => { optional => 1},
disable => { optional => 1},
content => { optional => 1},
username => { optional => 1 },
- password => { optional => 1},
- encryption_key => { optional => 1 },
+ password => { optional => 1 },
+ 'encryption-key' => { optional => 1 },
maxfiles => { optional => 1 },
+ 'prune-backups' => { optional => 1 },
fingerprint => { optional => 1 },
};
}
my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
- unlink $pwfile;
+ if (!unlink $pwfile) {
+ return if $! == ENOENT;
+ die "failed to delete encryption key! $!\n";
+ }
+ delete $scfg->{'encryption-key'};
}
sub pbs_get_encryption_key {
return "${storeid}:${volname}";
}
+my sub get_server_with_port {
+ my ($scfg) = @_;
+
+ my $server = $scfg->{server};
+ $server = "[$server]" if $server =~ /^$IPV6RE$/;
+
+ if (my $port = $scfg->{port}) {
+ $server .= ":$port" if $port != 8007;
+ }
+ return $server;
+}
+
+my $USE_CRYPT_PARAMS = {
+ backup => 1,
+ restore => 1,
+ 'upload-log' => 1,
+};
+
my sub do_raw_client_cmd {
- my ($scfg, $storeid, $client_cmd, $param, $can_encrypt, %opts) = @_;
+ my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
+
+ my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
my $client_exe = '/usr/bin/proxmox-backup-client';
die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
if ! -x $client_exe;
- my $server = $scfg->{server};
+ my $server = get_server_with_port($scfg);
my $datastore = $scfg->{datastore};
my $username = $scfg->{username} // 'root@pam';
# This must live in the top scope to not get closed before the `run_command`
my $keyfd;
- if ($can_encrypt) {
+ if ($use_crypto) {
if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
my $flags = fcntl($keyfd, F_GETFD, 0)
// die "failed to get file descriptor flags: $!\n";
# - restore backups
# - restore files
# with a sane API
-sub run_raw_client_cmd{
+sub run_raw_client_cmd {
my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
- return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, 1, %opts);
+ return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
}
sub run_client_cmd {
$param = [@$param, '--output-format=json'] if !$no_output;
- do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, 0,
+ do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
return undef if $no_output;
die "unable to extract configuration for backup format '$format'\n";
}
- do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ], 0,
+ do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
return $config;
}
+sub prune_backups {
+ my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
+
+ $logfunc //= sub { print "$_[1]\n" };
+
+ my $backups = $class->list_volumes($storeid, $scfg, $vmid, ['backup']);
+
+ $type = 'vm' if defined($type) && $type eq 'qemu';
+ $type = 'ct' if defined($type) && $type eq 'lxc';
+
+ my $backup_groups = {};
+ foreach my $backup (@{$backups}) {
+ (my $backup_type = $backup->{format}) =~ s/^pbs-//;
+
+ next if defined($type) && $backup_type ne $type;
+
+ my $backup_group = "$backup_type/$backup->{vmid}";
+ $backup_groups->{$backup_group} = 1;
+ }
+
+ my @param;
+
+ my $keep_all = delete $keep->{'keep-all'};
+
+ if (!$keep_all) {
+ foreach my $opt (keys %{$keep}) {
+ next if $keep->{$opt} == 0;
+ push @param, "--$opt";
+ push @param, "$keep->{$opt}";
+ }
+ } else { # no need to pass anything to PBS
+ $keep = { 'keep-all' => 1 };
+ }
+
+ push @param, '--dry-run' if $dryrun;
+
+ my $prune_list = [];
+ my $failed;
+
+ foreach my $backup_group (keys %{$backup_groups}) {
+ $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
+ if !$dryrun;
+ eval {
+ my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
+
+ foreach my $backup (@{$res}) {
+ die "result from proxmox-backup-client is not as expected\n"
+ if !defined($backup->{'backup-time'})
+ || !defined($backup->{'backup-type'})
+ || !defined($backup->{'backup-id'})
+ || !defined($backup->{'keep'});
+
+ my $ctime = $backup->{'backup-time'};
+ my $type = $backup->{'backup-type'};
+ my $vmid = $backup->{'backup-id'};
+ my $volid = print_volid($storeid, $type, $vmid, $ctime);
+
+ push @{$prune_list}, {
+ ctime => $ctime,
+ mark => $backup->{keep} ? 'keep' : 'remove',
+ type => $type eq 'vm' ? 'qemu' : 'lxc',
+ vmid => $vmid,
+ volid => $volid,
+ };
+ }
+ };
+ if (my $err = $@) {
+ $logfunc->('err', "prune '$backup_group': $err\n");
+ $failed = 1;
+ }
+ }
+ die "error pruning backups - check log\n" if $failed;
+
+ return $prune_list;
+}
+
+my $autogen_encryption_key = sub {
+ my ($scfg, $storeid) = @_;
+ my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
+ my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
+ run_command($cmd, errmsg => 'failed to create encryption key');
+ return PVE::Tools::file_get_contents($encfile);
+};
+
sub on_add_hook {
my ($class, $storeid, $scfg, %param) = @_;
+ my $res = {};
+
if (defined(my $password = $param{password})) {
pbs_set_password($scfg, $storeid, $password);
} else {
pbs_delete_password($scfg, $storeid);
}
- if (defined(my $encryption_key = delete($scfg->{encryption_key}))) {
- pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ if (defined(my $encryption_key = $param{'encryption-key'})) {
+ if ($encryption_key eq 'autogen') {
+ $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
+ } else {
+ pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ $res->{'encryption-key'} = $encryption_key;
+ }
+ $scfg->{'encryption-key'} = 1;
} else {
pbs_delete_encryption_key($scfg, $storeid);
}
+
+ return $res;
}
sub on_update_hook {
my ($class, $storeid, $scfg, %param) = @_;
+ my $res = {};
+
if (exists($param{password})) {
if (defined($param{password})) {
pbs_set_password($scfg, $storeid, $param{password});
}
}
- if (exists($scfg->{encryption_key})) {
- if (defined(my $encryption_key = delete($scfg->{encryption_key}))) {
- pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ if (exists($param{'encryption-key'})) {
+ if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
+ if ($encryption_key eq 'autogen') {
+ $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
+ } else {
+ pbs_set_encryption_key($scfg, $storeid, $encryption_key);
+ $res->{'encryption-key'} = $encryption_key;
+ }
+ $scfg->{'encryption-key'} = 1;
} else {
pbs_delete_encryption_key($scfg, $storeid);
}
}
+
+ return $res;
}
sub on_delete_hook {
my ($vtype, $name, $vmid) = $class->parse_volname($volname);
- my $server = $scfg->{server};
+ my $server = get_server_with_port($scfg);
my $datastore = $scfg->{datastore};
my $username = $scfg->{username} // 'root@pam';
ctime => $epoch,
};
+ $info->{verification} = $item->{verification} if defined($item->{verification});
+ $info->{comment} = $item->{comment} if defined($item->{comment});
+
push @$res, $info;
}
sub activate_storage {
my ($class, $storeid, $scfg, $cache) = @_;
+
+ # a 'status' client command is to expensive here
+ # TODO: use a dummy ping API call to ensure the PBS API daemon is available for real
+ my $server = $scfg->{server};
+ my $port = $scfg->{port} // 8007;
+ PVE::Network::tcp_ping($server, $port, 2);
+
return 1;
}