-extern crate proxmox_backup;
+use std::future::Future;
+use std::pin::Pin;
-use std::sync::Arc;
+use anyhow::{bail, Error};
+use futures::*;
+use http::request::Parts;
+use http::Response;
+use hyper::{Body, Method, StatusCode};
+use http::HeaderMap;
-use proxmox_backup::tools;
-use proxmox_backup::api::schema::*;
-use proxmox_backup::api::router::*;
-use proxmox_backup::api::config::*;
-use proxmox_backup::server::rest::*;
-use proxmox_backup::getopts;
+use proxmox_lang::try_block;
+use proxmox_router::{RpcEnvironmentType, UserInformation};
+use proxmox_sys::fs::CreateOptions;
-use failure::*;
-use lazy_static::lazy_static;
-use openssl::rsa::{Rsa};
-use std::path::PathBuf;
+use proxmox_rest_server::{daemon, AuthError, ApiConfig, RestServer, RestEnvironment, ServerAdapter};
-use futures::future::Future;
+use proxmox_backup::server::auth::check_pbs_auth;
+use proxmox_backup::auth_helpers::*;
+use proxmox_backup::config;
-use hyper;
-
-pub fn generate_csrf_key() -> Result<(), Error> {
-
- let path = PathBuf::from("/etc/proxmox-backup/csrf.key");
-
- if path.exists() { return Ok(()); }
-
- let rsa = Rsa::generate(2048).unwrap();
-
- let pem = rsa.private_key_to_pem()?;
-
- use nix::sys::stat::Mode;
-
- tools::file_set_contents(
- &path, &pem, Some(Mode::from_bits_truncate(0o0640)))?;
+fn main() {
+ pbs_tools::setup_libc_malloc_opts();
- nix::unistd::chown(&path, Some(nix::unistd::ROOT), Some(nix::unistd::Gid::from_raw(33)))?;
+ proxmox_backup::tools::setup_safe_path_env();
- Ok(())
+ if let Err(err) = proxmox_async::runtime::main(run()) {
+ eprintln!("Error: {}", err);
+ std::process::exit(-1);
+ }
}
-pub fn generate_auth_key() -> Result<(), Error> {
+struct ProxmoxBackupApiAdapter;
- let priv_path = PathBuf::from("/etc/proxmox-backup/authkey.key");
+impl ServerAdapter for ProxmoxBackupApiAdapter {
- let mut public_path = priv_path.clone();
- public_path.set_extension("pub");
+ fn get_index(
+ &self,
+ _env: RestEnvironment,
+ _parts: Parts,
+ ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
+ Box::pin(async move {
- if priv_path.exists() && public_path.exists() { return Ok(()); }
+ let index = "<center><h1>Proxmox Backup API Server</h1></center>";
- let rsa = Rsa::generate(4096).unwrap();
-
- let priv_pem = rsa.private_key_to_pem()?;
-
- use nix::sys::stat::Mode;
-
- tools::file_set_contents(
- &priv_path, &priv_pem, Some(Mode::from_bits_truncate(0o0600)))?;
-
-
- let public_pem = rsa.public_key_to_pem()?;
-
- tools::file_set_contents(&public_path, &public_pem, None)?;
+ Response::builder()
+ .status(StatusCode::OK)
+ .header(hyper::header::CONTENT_TYPE, "text/html")
+ .body(index.into())
+ .unwrap()
+ })
+ }
- Ok(())
+ fn check_auth<'a>(
+ &'a self,
+ headers: &'a HeaderMap,
+ method: &'a Method,
+ ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
+ Box::pin(async move {
+ check_pbs_auth(headers, method).await
+ })
+ }
}
-fn main() {
-
+async fn run() -> Result<(), Error> {
if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON,
log::LevelFilter::Info,
Some("proxmox-backup-api")) {
- eprintln!("unable to inititialize syslog: {}", err);
- std::process::exit(-1);
+ bail!("unable to inititialize syslog - {}", err);
}
+ config::create_configdir()?;
+
+ config::update_self_signed_cert(false)?;
+
+ proxmox_backup::server::create_run_dir()?;
+ proxmox_backup::server::create_state_dir()?;
+ proxmox_backup::server::jobstate::create_jobstate_dir()?;
+ proxmox_backup::tape::create_tape_status_dir()?;
+ proxmox_backup::tape::create_drive_state_dir()?;
+ proxmox_backup::tape::create_changer_state_dir()?;
+ proxmox_backup::tape::create_drive_lock_dir()?;
+
if let Err(err) = generate_auth_key() {
- eprintln!("unable to generate auth key: {}", err);
- std::process::exit(-1);
+ bail!("unable to generate auth key - {}", err);
}
+ let _ = private_auth_key(); // load with lazy_static
if let Err(err) = generate_csrf_key() {
- eprintln!("unable to generate csrf key: {}", err);
- std::process::exit(-1);
+ bail!("unable to generate csrf key - {}", err);
}
+ let _ = csrf_secret(); // load with lazy_static
- let command : Arc<Schema> = StringSchema::new("Command.")
- .format(Arc::new(ApiStringFormat::Enum(vec![
- "start".into(),
- "status".into(),
- "stop".into()
- ])))
- .into();
-
- let schema = ObjectSchema::new("Parameters.")
- .required("command", command);
-
- let args: Vec<String> = std::env::args().skip(1).collect();
-
- let options = match getopts::parse_arguments(&args, &vec!["command"], &schema) {
- Ok((options, rest)) => {
- if !rest.is_empty() {
- eprintln!("Error: got additional arguments: {:?}", rest);
- std::process::exit(-1);
- }
- options
- }
- Err(err) => {
- eprintln!("Error: unable to parse arguments:\n{}", err);
- std::process::exit(-1);
- }
- };
-
- let command = options["command"].as_str().unwrap();
-
- match command {
- "start" => {
- println!("Starting server.");
- },
- "stop" => {
- println!("Stopping server.");
- std::process::exit(0);
- },
- "status" => {
- println!("Server status.");
- std::process::exit(0);
- },
- _ => {
- eprintln!("got unexpected command {}", command);
- std::process::exit(-1);
- },
- }
+ let mut config = ApiConfig::new(
+ pbs_buildcfg::JS_DIR,
+ &proxmox_backup::api2::ROUTER,
+ RpcEnvironmentType::PRIVILEGED,
+ ProxmoxBackupApiAdapter,
+ )?;
- let addr = ([127,0,0,1], 82).into();
+ let backup_user = pbs_config::backup_user()?;
+ let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
- lazy_static!{
- static ref ROUTER: Router = proxmox_backup::api2::router();
- }
+ let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
+ let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
+
+ config.enable_access_log(
+ pbs_buildcfg::API_ACCESS_LOG_FN,
+ Some(dir_opts.clone()),
+ Some(file_opts.clone()),
+ &mut commando_sock,
+ )?;
+
+ config.enable_auth_log(
+ pbs_buildcfg::API_AUTH_LOG_FN,
+ Some(dir_opts.clone()),
+ Some(file_opts.clone()),
+ &mut commando_sock,
+ )?;
- let config = ApiConfig::new(
- "/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PRIVILEDGED);
let rest_server = RestServer::new(config);
+ proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
+
+ // http server future:
+ let server = daemon::create_daemon(
+ ([127,0,0,1], 82).into(),
+ move |listener| {
+ let incoming = hyper::server::conn::AddrIncoming::from_listener(listener)?;
+
+ Ok(async {
+ daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
+
+ hyper::Server::builder(incoming)
+ .serve(rest_server)
+ .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
+ .map_err(Error::from)
+ .await
+ })
+ },
+ );
- let server = hyper::Server::bind(&addr)
- .serve(rest_server)
- .map_err(|e| eprintln!("server error: {}", e));
+ proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
+ let init_result: Result<(), Error> = try_block!({
+ proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
+ commando_sock.spawn()?;
+ proxmox_rest_server::catch_shutdown_signal()?;
+ proxmox_rest_server::catch_reload_signal()?;
+ Ok(())
+ });
- // Run this server for... forever!
- hyper::rt::run(server);
+ if let Err(err) = init_result {
+ bail!("unable to start daemon - {}", err);
+ }
+
+ server.await?;
+ log::info!("server shutting down, waiting for active workers to complete");
+ proxmox_rest_server::last_worker_future().await?;
+
+ log::info!("done - exit server");
+
+ Ok(())
}