-use proxmox_backup::configdir;
-use proxmox_backup::tools;
-use proxmox_backup::tools::daemon::ReexecStore;
-use proxmox_backup::api_schema::router::*;
-use proxmox_backup::api_schema::config::*;
-use proxmox_backup::server::rest::*;
-use proxmox_backup::auth_helpers::*;
+use std::sync::Arc;
use failure::*;
-use lazy_static::lazy_static;
-
-use futures::stream::Stream;
-use tokio::prelude::*;
-
+use futures::*;
use hyper;
+use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
-static mut QUIT_MAIN: bool = false;
+use proxmox::try_block;
+use proxmox::api::RpcEnvironmentType;
-fn main() {
+use proxmox_backup::configdir;
+use proxmox_backup::buildcfg;
+use proxmox_backup::server;
+use proxmox_backup::tools::daemon;
+use proxmox_backup::server::{ApiConfig, rest::*};
+use proxmox_backup::auth_helpers::*;
- if let Err(err) = run() {
+fn main() {
+ if let Err(err) = proxmox_backup::tools::runtime::main(run()) {
eprintln!("Error: {}", err);
std::process::exit(-1);
}
}
-fn run() -> Result<(), Error> {
+async fn run() -> Result<(), Error> {
if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON,
log::LevelFilter::Info,
let _ = public_auth_key(); // load with lazy_static
let _ = csrf_secret(); // load with lazy_static
- lazy_static!{
- static ref ROUTER: Router = proxmox_backup::api2::router();
- }
-
let mut config = ApiConfig::new(
- env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);
+ buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC);
// add default dirs which includes jquery and bootstrap
// my $base = '/usr/share/libpve-http-server-perl';
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
+ config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");
+ config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
let rest_server = RestServer::new(config);
- let cert_path = configdir!("/proxy.pfx");
- let raw_cert = tools::file_get_contents(cert_path)?;
+ //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
+ let key_path = configdir!("/proxy.key");
+ let cert_path = configdir!("/proxy.pem");
+
+ let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+ acceptor.set_private_key_file(key_path, SslFiletype::PEM)
+ .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
+ acceptor.set_certificate_chain_file(cert_path)
+ .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
+ acceptor.check_private_key().unwrap();
+
+ let acceptor = Arc::new(acceptor.build());
+
+ let server = daemon::create_daemon(
+ ([0,0,0,0,0,0,0,0], 8007).into(),
+ |listener, ready| {
+ let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
+ .map_err(Error::from)
+ .try_filter_map(move |(sock, _addr)| {
+ let acceptor = Arc::clone(&acceptor);
+ async move {
+ sock.set_nodelay(true).unwrap();
+ sock.set_send_buffer_size(1024*1024).unwrap();
+ sock.set_recv_buffer_size(1024*1024).unwrap();
+ Ok(tokio_openssl::accept(&acceptor, sock)
+ .await
+ .ok() // handshake errors aren't be fatal, so return None to filter
+ )
+ }
+ });
+ let connections = proxmox_backup::tools::async_io::HyperAccept(connections);
+
+ Ok(ready
+ .and_then(|_| hyper::Server::builder(connections)
+ .serve(rest_server)
+ .with_graceful_shutdown(server::shutdown_future())
+ .map_err(Error::from)
+ )
+ .map_err(|err| eprintln!("server error: {}", err))
+ .map(|_| ())
+ )
+ },
+ );
- let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
- Ok(data) => data,
- Err(err) => bail!("unabled to decode pkcs12 identity {} - {}", cert_path, err),
- };
+ daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
- // This manages data for reloads:
- let mut reexecer = ReexecStore::new();
+ let init_result: Result<(), Error> = try_block!({
+ server::create_task_control_socket()?;
+ server::server_state_init()?;
+ Ok(())
+ });
- // http server future:
+ if let Err(err) = init_result {
+ bail!("unable to start daemon - {}", err);
+ }
- let listener: tokio::net::TcpListener = reexecer.restore(
- "PROXMOX_BACKUP_LISTEN_FD",
- || {
- let addr = ([0,0,0,0,0,0,0,0], 8007).into();
- Ok(tokio::net::TcpListener::bind(&addr)?)
- },
- )?;
- let acceptor = native_tls::TlsAcceptor::new(identity)?;
- let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor));
- let connections = listener
- .incoming()
- .map_err(Error::from)
- .and_then(move |sock| acceptor.accept(sock).map_err(|e| e.into()))
- .then(|r| match r {
- // accept()s can fail here with an Err() when eg. the client rejects
- // the cert and closes the connection, so we follow up with mapping
- // it to an option and then filtering None with filter_map
- Ok(c) => Ok::<_, Error>(Some(c)),
- Err(e) => {
- if let Some(_io) = e.downcast_ref::<std::io::Error>() {
- // "real" IO errors should not simply be ignored
- bail!("shutting down...");
- } else {
- // handshake errors just get filtered by filter_map() below:
- Ok(None)
- }
- }
- })
- .filter_map(|r| {
- // Filter out the Nones
- r
- });
-
- let mut http_server = hyper::Server::builder(connections)
- .serve(rest_server)
- .map_err(|e| eprintln!("server error: {}", e));
-
- // signalfd future:
- let signal_handler =
- proxmox_backup::tools::daemon::default_signalfd_stream(
- reexecer,
- || {
- unsafe { QUIT_MAIN = true; }
- Ok(())
- },
- )?
- .map(|si| {
- // debugging...
- eprintln!("received signal: {}", si.ssi_signo);
- })
- .map_err(|e| {
- eprintln!("error from signalfd: {}, shutting down...", e);
- unsafe {
- QUIT_MAIN = true;
- }
- });
-
- // Combined future for signalfd & http server, we want to quit as soon as either of them ends.
- // Neither of them is supposed to end unless some weird error happens, so just bail out if is
- // the case...
- let mut signal_handler = signal_handler.into_future();
- let main = futures::future::poll_fn(move || {
- // Helper for some diagnostic error messages:
- fn poll_helper<S: Future>(stream: &mut S, name: &'static str) -> bool {
- match stream.poll() {
- Ok(Async::Ready(_)) => {
- eprintln!("{} ended, shutting down", name);
- true
- }
- Err(_) => {
- eprintln!("{} error, shutting down", name);
- true
- },
- _ => false,
- }
- }
- if poll_helper(&mut http_server, "http server") ||
- poll_helper(&mut signal_handler, "signalfd handler")
- {
- return Ok(Async::Ready(()));
- }
-
- if unsafe { QUIT_MAIN } {
- eprintln!("shutdown requested");
- Ok(Async::Ready(()))
- } else {
- Ok(Async::NotReady)
- }
- });
+ server.await?;
+ log::info!("server shutting down, waiting for active workers to complete");
+ proxmox_backup::server::last_worker_future().await?;
+ log::info!("done - exit server");
- hyper::rt::run(main);
Ok(())
}