use warnings;
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
+use File::Temp qw(tempdir);
use IO::File;
use JSON;
-use POSIX qw(strftime ENOENT);
+use POSIX qw(mkfifo strftime ENOENT);
use PVE::JSONSchema qw(get_standard_option);
-use PVE::Tools qw(run_command file_set_contents file_get_contents file_read_firstline);
+use PVE::Tools qw(run_command file_set_contents file_get_contents file_read_firstline $IPV6RE);
+
+# returns a repository string suitable for proxmox-backup-client, pbs-restore, etc.
+# $scfg must have the following structure:
+# {
+# datastore
+# server
+# port (optional defaults to 8007)
+# username (optional defaults to 'root@pam')
+# }
+sub get_repository {
+ my ($scfg) = @_;
+
+ my $server = $scfg->{server};
+ die "no server given\n" if !defined($server);
+
+ $server = "[$server]" if $server =~ /^$IPV6RE$/;
+
+ if (my $port = $scfg->{port}) {
+ $server .= ":$port" if $port != 8007;
+ }
+
+ my $datastore = $scfg->{datastore};
+ die "no datastore given\n" if !defined($datastore);
+
+ my $username = $scfg->{username} // 'root@pam';
+
+ return "$username\@$server:$datastore";
+}
sub new {
my ($class, $scfg, $storeid, $sdir) = @_;
sub set_password {
my ($self, $password) = @_;
- my $pwfile = $self->password_file_name();
+ my $pwfile = password_file_name($self);
mkdir $self->{secret_dir};
PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
sub delete_password {
my ($self) = @_;
- my $pwfile = $self->password_file_name();
+ my $pwfile = password_file_name($self);
- unlink $pwfile;
+ unlink $pwfile or $! == ENOENT or die "deleting password file failed - $!\n";
};
sub get_password {
my ($self) = @_;
- my $pwfile = $self->password_file_name();
+ my $pwfile = password_file_name($self);
return PVE::Tools::file_read_firstline($pwfile);
}
}
my $USE_CRYPT_PARAMS = {
- backup => 1,
- restore => 1,
- 'upload-log' => 1,
+ 'proxmox-backup-client' => {
+ backup => 1,
+ restore => 1,
+ 'upload-log' => 1,
+ },
+ 'proxmox-file-restore' => {
+ list => 1,
+ extract => 1,
+ },
};
my sub do_raw_client_cmd {
my ($self, $client_cmd, $param, %opts) = @_;
- my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
+ my $client_bin = (delete $opts{binary}) || 'proxmox-backup-client';
+ my $use_crypto = $USE_CRYPT_PARAMS->{$client_bin}->{$client_cmd} // 0;
- my $client_exe = '/usr/bin/proxmox-backup-client';
- die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
- if ! -x $client_exe;
+ my $client_exe = "/usr/bin/$client_bin";
+ die "executable not found '$client_exe'! $client_bin not installed?\n" if ! -x $client_exe;
my $scfg = $self->{scfg};
- my $server = $scfg->{server};
- my $datastore = $scfg->{datastore};
- my $username = $scfg->{username} // 'root@pam';
+ my $repo = get_repository($scfg);
my $userns_cmd = delete $opts{userns_cmd};
# This must live in the top scope to not get closed before the `run_command`
my $keyfd;
if ($use_crypto) {
- if (defined($keyfd = $self->open_encryption_key())) {
+ if (defined($keyfd = open_encryption_key($self))) {
my $flags = fcntl($keyfd, F_GETFD, 0)
// die "failed to get file descriptor flags: $!\n";
fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
push @$cmd, @$param if defined($param);
- push @$cmd, "--repository", "$username\@$server:$datastore";
+ push @$cmd, "--repository", $repo;
+ if (defined(my $ns = delete($opts{namespace}))) {
+ push @$cmd, '--ns', $ns;
+ }
local $ENV{PBS_PASSWORD} = $self->get_password();
run_command($cmd, %opts);
}
-my sub run_raw_client_cmd {
+my sub run_raw_client_cmd : prototype($$$%) {
my ($self, $client_cmd, $param, %opts) = @_;
- return $self->do_raw_client_cmd($client_cmd, $param, %opts);
+ return do_raw_client_cmd($self, $client_cmd, $param, %opts);
}
-my sub run_client_cmd {
- my ($self, $client_cmd, $param, $no_output) = @_;
+my sub run_client_cmd : prototype($$;$$$$) {
+ my ($self, $client_cmd, $param, $no_output, $binary, $namespace) = @_;
my $json_str = '';
my $outfunc = sub { $json_str .= "$_[0]\n" };
+ $binary //= 'proxmox-backup-client';
+
$param = [] if !defined($param);
$param = [ $param ] if !ref($param);
$param = [@$param, '--output-format=json'] if !$no_output;
- $self->do_raw_client_cmd(
- $client_cmd,
- $param,
- outfunc => $outfunc,
- errmsg => 'proxmox-backup-client failed'
+ do_raw_client_cmd(
+ $self,
+ $client_cmd,
+ $param,
+ outfunc => $outfunc,
+ errmsg => "$binary failed",
+ binary => $binary,
+ namespace => $namespace,
);
return undef if $no_output;
return file_get_contents($encfile);
};
+# TODO remove support for namespaced parameters. Needs Breaks for pmg-api and libpve-storage-perl.
+# Deprecated! The namespace should be passed in as part of the config in new().
+# Snapshot or group parameters can be either just a string and will then default to the namespace
+# that's part of the initial configuration in new(), or a tuple of `[namespace, snapshot]`.
+my sub split_namespaced_parameter : prototype($$) {
+ my ($self, $snapshot) = @_;
+ return ($self->{scfg}->{namespace}, $snapshot) if !ref($snapshot);
+
+ (my $namespace, $snapshot) = @$snapshot;
+ return ($namespace, $snapshot);
+}
+
+# lists all snapshots, optionally limited to a specific group
sub get_snapshots {
- my ($self, $opts) = @_;
+ my ($self, $group) = @_;
+
+ my $namespace;
+ if (defined($group)) {
+ ($namespace, $group) = split_namespaced_parameter($self, $group);
+ } else {
+ $namespace = $self->{scfg}->{namespace};
+ }
my $param = [];
- push @$param, $opts->{group} if defined($opts->{group});
+ push @$param, $group if defined($group);
- return $self->run_client_cmd("snapshots", $param);
+ return run_client_cmd($self, "snapshots", $param, undef, undef, $namespace);
};
-sub backup_tree {
- my ($self, $opts) = @_;
+# create a new PXAR backup of a FS directory tree - doesn't cross FS boundary
+# by default.
+sub backup_fs_tree {
+ my ($self, $root, $id, $pxarname, $cmd_opts) = @_;
- my $type = delete $opts->{type};
- die "backup-type not provided\n" if !defined($type);
- my $id = delete $opts->{id};
die "backup-id not provided\n" if !defined($id);
- my $root = delete $opts->{root};
- die "root dir not provided\n" if !defined($root);
- my $pxarname = delete $opts->{pxarname};
+ die "backup root dir not provided\n" if !defined($root);
die "archive name not provided\n" if !defined($pxarname);
- my $time = delete $opts->{time};
my $param = [
"$pxarname.pxar:$root",
- '--backup-type', $type,
+ '--backup-type', 'host',
'--backup-id', $id,
];
- push @$param, '--backup-time', $time if defined($time);
- return $self->run_raw_client_cmd('backup', $param, %$opts);
+ $cmd_opts //= {};
+
+ $cmd_opts->{namespace} = $self->{scfg}->{namespace} if defined($self->{scfg}->{namespace});
+
+ return run_raw_client_cmd($self, 'backup', $param, %$cmd_opts);
};
sub restore_pxar {
die "archive name not provided\n" if !defined($pxarname);
die "restore-target not provided\n" if !defined($target);
+ (my $namespace, $snapshot) = split_namespaced_parameter($self, $snapshot);
+
my $param = [
"$snapshot",
"$pxarname.pxar",
];
$cmd_opts //= {};
- return $self->run_raw_client_cmd('restore', $param, %$cmd_opts);
+ $cmd_opts->{namespace} = $namespace;
+
+ return run_raw_client_cmd($self, 'restore', $param, %$cmd_opts);
};
sub forget_snapshot {
die "snapshot not provided\n" if !defined($snapshot);
- return $self->run_raw_client_cmd('forget', ["$snapshot"]);
+ (my $namespace, $snapshot) = split_namespaced_parameter($self, $snapshot);
+
+ return run_client_cmd($self, 'forget', ["$snapshot"], 1, undef, $namespace)
};
sub prune_group {
die "group not provided\n" if !defined($group);
+ (my $namespace, $group) = split_namespaced_parameter($self, $group);
+
# do nothing if no keep options specified for remote
return [] if scalar(keys %$prune_opts) == 0;
}
push @$param, "$group";
- return $self->run_client_cmd('prune', $param);
+ return run_client_cmd($self, 'prune', $param, undef, undef, $namespace);
};
sub status {
my $active = 0;
eval {
- my $res = $self->run_client_cmd("status");
+ my $res = run_client_cmd($self, "status");
$active = 1;
$total = $res->{total};
return ($total, $free, $used, $active);
};
+sub file_restore_list {
+ my ($self, $snapshot, $filepath, $base64, $extra_params) = @_;
+
+ (my $namespace, $snapshot) = split_namespaced_parameter($self, $snapshot);
+ my $cmd = [ $snapshot, $filepath, "--base64", $base64 ? 1 : 0];
+
+ if (my $timeout = $extra_params->{timeout}) {
+ push $cmd->@*, '--timeout', $timeout;
+ }
+
+ return run_client_cmd(
+ $self,
+ "list",
+ $cmd,
+ 0,
+ "proxmox-file-restore",
+ $namespace,
+ );
+}
+
+# call sync from API, returns a fifo path for streaming data to clients,
+# pass it to file_restore_extract to start transfering data
+sub file_restore_extract_prepare {
+ my ($self) = @_;
+
+ my $tmpdir = tempdir();
+ mkfifo("$tmpdir/fifo", 0600)
+ or die "creating file download fifo '$tmpdir/fifo' failed: $!\n";
+
+ # allow reading data for proxy user
+ my $wwwid = getpwnam('www-data') ||
+ die "getpwnam failed";
+ chown $wwwid, -1, "$tmpdir"
+ or die "changing permission on fifo dir '$tmpdir' failed: $!\n";
+ chown $wwwid, -1, "$tmpdir/fifo"
+ or die "changing permission on fifo '$tmpdir/fifo' failed: $!\n";
+
+ return "$tmpdir/fifo";
+}
+
+# this blocks while data is transfered, call this from a background worker
+sub file_restore_extract {
+ my ($self, $output_file, $snapshot, $filepath, $base64) = @_;
+
+ (my $namespace, $snapshot) = split_namespaced_parameter($self, $snapshot);
+
+ my $ret = eval {
+ local $SIG{ALRM} = sub { die "got timeout\n" };
+ alarm(30);
+ sysopen(my $fh, "$output_file", O_WRONLY)
+ or die "open target '$output_file' for writing failed: $!\n";
+ alarm(0);
+
+ my $fn = fileno($fh);
+ my $errfunc = sub { print $_[0], "\n"; };
+
+ return run_raw_client_cmd(
+ $self,
+ "extract",
+ [ $snapshot, $filepath, "-", "--base64", $base64 ? 1 : 0 ],
+ binary => "proxmox-file-restore",
+ namespace => $namespace,
+ errfunc => $errfunc,
+ output => ">&$fn",
+ );
+ };
+ my $err = $@;
+
+ unlink($output_file);
+ $output_file =~ s/fifo$//;
+ rmdir($output_file) if -d $output_file;
+
+ die "file restore task failed: $err" if $err;
+ return $ret;
+}
+
1;