]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-client.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ui: fix typo in comment
[proxmox-backup.git] / src / bin / proxmox-backup-client.rs
CommitLineData
f1a83e97 1use std::collections::HashSet;
0351f23b
WB		 2use std::convert::TryFrom;
3use std::io::{self, Read, Write, Seek, SeekFrom};
4use std::os::unix::io::{FromRawFd, RawFd};
c443f58b
WB		 5use std::path::{Path, PathBuf};
6use std::pin::Pin;
7use std::sync::{Arc, Mutex};
a6f87283 8use std::task::Context;
c443f58b
WB		 9
10use anyhow::{bail, format_err, Error};
c443f58b 11use futures::future::FutureExt;
c443f58b 12use futures::stream::{StreamExt, TryStreamExt};
c443f58b 13use serde_json::{json, Value};
c443f58b 14use tokio::sync::mpsc;
7c667013 15use tokio_stream::wrappers::ReceiverStream;
c443f58b 16use xdg::BaseDirectories;
2761d6a4 17
c443f58b 18use pathpatterns::{MatchEntry, MatchType, PatternFlag};
6a7be83e
DM		 19use proxmox::{
20 tools::{
21 time::{strftime_local, epoch_i64},
22 fs::{file_get_contents, file_get_json, replace_file, CreateOptions, image_size},
23 },
24 api::{
25 api,
26 ApiHandler,
27 ApiMethod,
28 RpcEnvironment,
29 schema::*,
30 cli::*,
31 },
32};
a6f87283 33use pxar::accessor::{MaybeReady, ReadAt, ReadAtOperation};
ff5d3707 34
fe0e04c6 35use proxmox_backup::tools;
bbf9e7e9 36use proxmox_backup::api2::types::*;
e39974af 37use proxmox_backup::api2::version;
151c6ce2 38use proxmox_backup::client::*;
c443f58b 39use proxmox_backup::pxar::catalog::*;
4d16badf
WB		 40use proxmox_backup::backup::{
41 archive_type,
0351f23b 42 decrypt_key,
8acfd15d 43 rsa_encrypt_key_config,
4d16badf
WB		 44 verify_chunk_size,
45 ArchiveType,
8e6e18b7 46 AsyncReadChunk,
4d16badf
WB		 47 BackupDir,
48 BackupGroup,
49 BackupManifest,
50 BufferedDynamicReader,
f28d9088 51 CATALOG_NAME,
4d16badf
WB		 52 CatalogReader,
53 CatalogWriter,
4d16badf
WB		 54 ChunkStream,
55 CryptConfig,
f28d9088 56 CryptMode,
4d16badf 57 DynamicIndexReader,
9990af30 58 ENCRYPTED_KEY_BLOB_NAME,
4d16badf
WB		 59 FixedChunkStream,
60 FixedIndexReader,
8acfd15d 61 KeyConfig,
4d16badf 62 IndexFile,
4d16badf 63 MANIFEST_BLOB_NAME,
4d16badf
WB		 64 Shell,
65};
ae0be2dd 66
caea8d61
DM		 67mod proxmox_backup_client;
68use proxmox_backup_client::*;
69
f1a83e97
SR		 70mod proxmox_client_tools;
71use proxmox_client_tools::*;
2665cef7 72
d0a03d40
DM		 73fn record_repository(repo: &BackupRepository) {
74
75 let base = match BaseDirectories::with_prefix("proxmox-backup") {
76 Ok(v) => v,
77 _ => return,
78 };
79
80 // usually $HOME/.cache/proxmox-backup/repo-list
81 let path = match base.place_cache_file("repo-list") {
82 Ok(v) => v,
83 _ => return,
84 };
85
11377a47 86 let mut data = file_get_json(&path, None).unwrap_or_else(|_| json!({}));
d0a03d40
DM		 87
88 let repo = repo.to_string();
89
90 data[&repo] = json!{ data[&repo].as_i64().unwrap_or(0) + 1 };
91
92 let mut map = serde_json::map::Map::new();
93
94 loop {
95 let mut max_used = 0;
96 let mut max_repo = None;
97 for (repo, count) in data.as_object().unwrap() {
98 if map.contains_key(repo) { continue; }
99 if let Some(count) = count.as_i64() {
100 if count > max_used {
101 max_used = count;
102 max_repo = Some(repo);
103 }
104 }
105 }
106 if let Some(repo) = max_repo {
107 map.insert(repo.to_owned(), json!(max_used));
108 } else {
109 break;
110 }
111 if map.len() > 10 { // store max. 10 repos
112 break;
113 }
114 }
115
116 let new_data = json!(map);
117
feaa1ad3 118 let _ = replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new());
d0a03d40
DM		 119}
120
42af4b8f
DM		 121async fn api_datastore_list_snapshots(
122 client: &HttpClient,
123 store: &str,
124 group: Option<BackupGroup>,
f24fc116 125) -> Result<Value, Error> {
42af4b8f
DM		 126
127 let path = format!("api2/json/admin/datastore/{}/snapshots", store);
128
129 let mut args = json!({});
130 if let Some(group) = group {
131 args["backup-type"] = group.backup_type().into();
132 args["backup-id"] = group.backup_id().into();
133 }
134
135 let mut result = client.get(&path, Some(args)).await?;
136
f24fc116 137 Ok(result["data"].take())
42af4b8f
DM		 138}
139
43abba4b 140pub async fn api_datastore_latest_snapshot(
27c9affb
DM		 141 client: &HttpClient,
142 store: &str,
143 group: BackupGroup,
6a7be83e 144) -> Result<(String, String, i64), Error> {
27c9affb 145
f24fc116
DM		 146 let list = api_datastore_list_snapshots(client, store, Some(group.clone())).await?;
147 let mut list: Vec<SnapshotListItem> = serde_json::from_value(list)?;
27c9affb
DM		 148
149 if list.is_empty() {
150 bail!("backup group {:?} does not contain any snapshots.", group.group_path());
151 }
152
153 list.sort_unstable_by(|a, b| b.backup_time.cmp(&a.backup_time));
154
6a7be83e 155 let backup_time = list[0].backup_time;
27c9affb
DM		 156
157 Ok((group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time))
158}
159
e9722f8b 160async fn backup_directory<P: AsRef<Path>>(
cf9271e2 161 client: &BackupWriter,
17d6979a 162 dir_path: P,
247cdbce 163 archive_name: &str,
36898ffc 164 chunk_size: Option<usize>,
f1d99e3f 165 catalog: Arc<Mutex<CatalogWriter<crate::tools::StdChannelWriter>>>,
77486a60 166 pxar_create_options: proxmox_backup::pxar::PxarCreateOptions,
e43b9175 167 upload_options: UploadOptions,
2c3891d1 168) -> Result<BackupStats, Error> {
33d64b81 169
6fc053ed
CE		 170 let pxar_stream = PxarBackupStream::open(
171 dir_path.as_ref(),
6fc053ed 172 catalog,
77486a60 173 pxar_create_options,
6fc053ed 174 )?;
e9722f8b 175 let mut chunk_stream = ChunkStream::new(pxar_stream, chunk_size);
ff3d3100 176
0bfcea6a 177 let (tx, rx) = mpsc::channel(10); // allow to buffer 10 chunks
5e7a09be 178
7c667013 179 let stream = ReceiverStream::new(rx)
e9722f8b 180 .map_err(Error::from);
17d6979a 181
c4ff3dce 182 // spawn chunker inside a separate task so that it can run parallel
e9722f8b 183 tokio::spawn(async move {
db0cb9ce
WB		 184 while let Some(v) = chunk_stream.next().await {
185 let _ = tx.send(v).await;
186 }
e9722f8b 187 });
17d6979a 188
e43b9175
FG		 189 if upload_options.fixed_size.is_some() {
190 bail!("cannot backup directory with fixed chunk size!");
191 }
192
e9722f8b 193 let stats = client
e43b9175 194 .upload_stream(archive_name, stream, upload_options)
e9722f8b 195 .await?;
bcd879cf 196
2c3891d1 197 Ok(stats)
bcd879cf
DM		 198}
199
e9722f8b 200async fn backup_image<P: AsRef<Path>>(
cf9271e2 201 client: &BackupWriter,
6af905c1
DM		 202 image_path: P,
203 archive_name: &str,
36898ffc 204 chunk_size: Option<usize>,
e43b9175 205 upload_options: UploadOptions,
2c3891d1 206) -> Result<BackupStats, Error> {
6af905c1 207
6af905c1
DM		 208 let path = image_path.as_ref().to_owned();
209
e9722f8b 210 let file = tokio::fs::File::open(path).await?;
6af905c1 211
db0cb9ce 212 let stream = tokio_util::codec::FramedRead::new(file, tokio_util::codec::BytesCodec::new())
6af905c1
DM		 213 .map_err(Error::from);
214
36898ffc 215 let stream = FixedChunkStream::new(stream, chunk_size.unwrap_or(4*1024*1024));
6af905c1 216
e43b9175
FG		 217 if upload_options.fixed_size.is_none() {
218 bail!("cannot backup image with dynamic chunk size!");
219 }
220
e9722f8b 221 let stats = client
e43b9175 222 .upload_stream(archive_name, stream, upload_options)
e9722f8b 223 .await?;
6af905c1 224
2c3891d1 225 Ok(stats)
6af905c1
DM		 226}
227
a47a02ae
DM		 228#[api(
229 input: {
230 properties: {
231 repository: {
232 schema: REPO_URL_SCHEMA,
233 optional: true,
234 },
235 "output-format": {
236 schema: OUTPUT_FORMAT,
237 optional: true,
238 },
239 }
240 }
241)]
242/// List backup groups.
243async fn list_backup_groups(param: Value) -> Result<Value, Error> {
812c6f87 244
c81b2b7c
DM		 245 let output_format = get_output_format(&param);
246
2665cef7 247 let repo = extract_repository_from_value(&param)?;
812c6f87 248
f3fde36b 249 let client = connect(&repo)?;
812c6f87 250
d0a03d40 251 let path = format!("api2/json/admin/datastore/{}/groups", repo.store());
812c6f87 252
8a8a4703 253 let mut result = client.get(&path, None).await?;
812c6f87 254
d0a03d40
DM		 255 record_repository(&repo);
256
c81b2b7c
DM		 257 let render_group_path = |_v: &Value, record: &Value| -> Result<String, Error> {
258 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
259 let group = BackupGroup::new(item.backup_type, item.backup_id);
260 Ok(group.group_path().to_str().unwrap().to_owned())
261 };
812c6f87 262
18deda40
DM		 263 let render_last_backup = |_v: &Value, record: &Value| -> Result<String, Error> {
264 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
e0e5b442 265 let snapshot = BackupDir::new(item.backup_type, item.backup_id, item.last_backup)?;
18deda40 266 Ok(snapshot.relative_path().to_str().unwrap().to_owned())
c81b2b7c 267 };
812c6f87 268
c81b2b7c
DM		 269 let render_files = |_v: &Value, record: &Value| -> Result<String, Error> {
270 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
4939255f 271 Ok(tools::format::render_backup_file_list(&item.files))
c81b2b7c 272 };
812c6f87 273
c81b2b7c
DM		 274 let options = default_table_format_options()
275 .sortby("backup-type", false)
276 .sortby("backup-id", false)
277 .column(ColumnConfig::new("backup-id").renderer(render_group_path).header("group"))
18deda40
DM		 278 .column(
279 ColumnConfig::new("last-backup")
280 .renderer(render_last_backup)
281 .header("last snapshot")
282 .right_align(false)
283 )
c81b2b7c
DM		 284 .column(ColumnConfig::new("backup-count"))
285 .column(ColumnConfig::new("files").renderer(render_files));
ad20d198 286
c81b2b7c 287 let mut data: Value = result["data"].take();
ad20d198 288
b2362a12 289 let return_type = &proxmox_backup::api2::admin::datastore::API_METHOD_LIST_GROUPS.returns;
812c6f87 290
b2362a12 291 format_and_print_result_full(&mut data, return_type, &output_format, &options);
34a816cc 292
812c6f87
DM		 293 Ok(Value::Null)
294}
295
344add38
DW		 296#[api(
297 input: {
298 properties: {
299 repository: {
300 schema: REPO_URL_SCHEMA,
301 optional: true,
302 },
303 group: {
304 type: String,
305 description: "Backup group.",
306 },
307 "new-owner": {
e6dc35ac 308 type: Authid,
344add38
DW		 309 },
310 }
311 }
312)]
313/// Change owner of a backup group
314async fn change_backup_owner(group: String, mut param: Value) -> Result<(), Error> {
315
316 let repo = extract_repository_from_value(&param)?;
317
f3fde36b 318 let mut client = connect(&repo)?;
344add38
DW		 319
320 param.as_object_mut().unwrap().remove("repository");
321
322 let group: BackupGroup = group.parse()?;
323
324 param["backup-type"] = group.backup_type().into();
325 param["backup-id"] = group.backup_id().into();
326
327 let path = format!("api2/json/admin/datastore/{}/change-owner", repo.store());
328 client.post(&path, Some(param)).await?;
329
330 record_repository(&repo);
331
332 Ok(())
333}
334
a47a02ae
DM		 335#[api(
336 input: {
337 properties: {
338 repository: {
339 schema: REPO_URL_SCHEMA,
340 optional: true,
341 },
342 }
343 }
344)]
345/// Try to login. If successful, store ticket.
346async fn api_login(param: Value) -> Result<Value, Error> {
e240d8be
DM		 347
348 let repo = extract_repository_from_value(&param)?;
349
f3fde36b 350 let client = connect(&repo)?;
8a8a4703 351 client.login().await?;
e240d8be
DM		 352
353 record_repository(&repo);
354
355 Ok(Value::Null)
356}
357
a47a02ae
DM		 358#[api(
359 input: {
360 properties: {
361 repository: {
362 schema: REPO_URL_SCHEMA,
363 optional: true,
364 },
365 }
366 }
367)]
368/// Logout (delete stored ticket).
369fn api_logout(param: Value) -> Result<Value, Error> {
e240d8be
DM		 370
371 let repo = extract_repository_from_value(&param)?;
372
5030b7ce 373 delete_ticket_info("proxmox-backup", repo.host(), repo.user())?;
e240d8be
DM		 374
375 Ok(Value::Null)
376}
377
e39974af
TL		 378#[api(
379 input: {
380 properties: {
381 repository: {
382 schema: REPO_URL_SCHEMA,
383 optional: true,
384 },
385 "output-format": {
386 schema: OUTPUT_FORMAT,
387 optional: true,
388 },
389 }
390 }
391)]
392/// Show client and optional server version
393async fn api_version(param: Value) -> Result<(), Error> {
394
395 let output_format = get_output_format(&param);
396
397 let mut version_info = json!({
398 "client": {
399 "version": version::PROXMOX_PKG_VERSION,
400 "release": version::PROXMOX_PKG_RELEASE,
401 "repoid": version::PROXMOX_PKG_REPOID,
402 }
403 });
404
405 let repo = extract_repository_from_value(&param);
406 if let Ok(repo) = repo {
f3fde36b 407 let client = connect(&repo)?;
e39974af
TL		 408
409 match client.get("api2/json/version", None).await {
410 Ok(mut result) => version_info["server"] = result["data"].take(),
411 Err(e) => eprintln!("could not connect to server - {}", e),
412 }
413 }
414 if output_format == "text" {
415 println!("client version: {}.{}", version::PROXMOX_PKG_VERSION, version::PROXMOX_PKG_RELEASE);
416 if let Some(server) = version_info["server"].as_object() {
417 let server_version = server["version"].as_str().unwrap();
418 let server_release = server["release"].as_str().unwrap();
419 println!("server version: {}.{}", server_version, server_release);
420 }
421 } else {
422 format_and_print_result(&version_info, &output_format);
423 }
424
425 Ok(())
426}
427
a47a02ae 428#[api(
94913f35 429 input: {
a47a02ae
DM		 430 properties: {
431 repository: {
432 schema: REPO_URL_SCHEMA,
433 optional: true,
434 },
94913f35
DM		 435 "output-format": {
436 schema: OUTPUT_FORMAT,
437 optional: true,
438 },
439 },
440 },
a47a02ae
DM		 441)]
442/// Start garbage collection for a specific repository.
443async fn start_garbage_collection(param: Value) -> Result<Value, Error> {
8cc0d6af 444
2665cef7 445 let repo = extract_repository_from_value(&param)?;
c2043614
DM		 446
447 let output_format = get_output_format(&param);
8cc0d6af 448
f3fde36b 449 let mut client = connect(&repo)?;
8cc0d6af 450
d0a03d40 451 let path = format!("api2/json/admin/datastore/{}/gc", repo.store());
8cc0d6af 452
8a8a4703 453 let result = client.post(&path, None).await?;
8cc0d6af 454
8a8a4703 455 record_repository(&repo);
d0a03d40 456
e68269fc 457 view_task_result(&mut client, result, &output_format).await?;
e5f7def4 458
e5f7def4 459 Ok(Value::Null)
8cc0d6af 460}
33d64b81 461
6d233161
FG		 462struct CatalogUploadResult {
463 catalog_writer: Arc<Mutex<CatalogWriter<crate::tools::StdChannelWriter>>>,
464 result: tokio::sync::oneshot::Receiver<Result<BackupStats, Error>>,
465}
466
bf6e3217 467fn spawn_catalog_upload(
3bad3e6e 468 client: Arc<BackupWriter>,
3638341a 469 encrypt: bool,
6d233161 470) -> Result<CatalogUploadResult, Error> {
f1d99e3f
DM		 471 let (catalog_tx, catalog_rx) = std::sync::mpsc::sync_channel(10); // allow to buffer 10 writes
472 let catalog_stream = crate::tools::StdChannelStream(catalog_rx);
bf6e3217
DM		 473 let catalog_chunk_size = 512*1024;
474 let catalog_chunk_stream = ChunkStream::new(catalog_stream, Some(catalog_chunk_size));
475
6d233161 476 let catalog_writer = Arc::new(Mutex::new(CatalogWriter::new(crate::tools::StdChannelWriter::new(catalog_tx))?));
bf6e3217
DM		 477
478 let (catalog_result_tx, catalog_result_rx) = tokio::sync::oneshot::channel();
479
e43b9175
FG		 480 let upload_options = UploadOptions {
481 encrypt,
482 compress: true,
483 ..UploadOptions::default()
484 };
485
bf6e3217
DM		 486 tokio::spawn(async move {
487 let catalog_upload_result = client
e43b9175 488 .upload_stream(CATALOG_NAME, catalog_chunk_stream, upload_options)
bf6e3217
DM		 489 .await;
490
491 if let Err(ref err) = catalog_upload_result {
492 eprintln!("catalog upload error - {}", err);
493 client.cancel();
494 }
495
496 let _ = catalog_result_tx.send(catalog_upload_result);
497 });
498
6d233161 499 Ok(CatalogUploadResult { catalog_writer, result: catalog_result_rx })
bf6e3217
DM		 500}
501
2f26b866
FG		 502#[derive(Clone, Debug, Eq, PartialEq)]
503enum KeySource {
504 DefaultKey,
505 Fd,
506 Path(String),
507}
508
509fn format_key_source(source: &KeySource, key_type: &str) -> String {
510 match source {
511 KeySource::DefaultKey => format!("Using default {} key..", key_type),
512 KeySource::Fd => format!("Using {} key from file descriptor..", key_type),
513 KeySource::Path(path) => format!("Using {} key from '{}'..", key_type, path),
514 }
515}
516
517#[derive(Clone, Debug, Eq, PartialEq)]
518struct KeyWithSource {
519 pub source: KeySource,
520 pub key: Vec<u8>,
521}
522
523impl KeyWithSource {
524 pub fn from_fd(key: Vec<u8>) -> Self {
525 Self {
526 source: KeySource::Fd,
527 key,
528 }
529 }
530
531 pub fn from_default(key: Vec<u8>) -> Self {
532 Self {
533 source: KeySource::DefaultKey,
534 key,
535 }
536 }
537
538 pub fn from_path(path: String, key: Vec<u8>) -> Self {
539 Self {
540 source: KeySource::Path(path),
541 key,
542 }
543 }
544}
545
c6a7ea0a
FG		 546#[derive(Debug, Eq, PartialEq)]
547struct CryptoParams {
548 mode: CryptMode,
2f26b866 549 enc_key: Option<KeyWithSource>,
c0a87c12 550 // FIXME switch to openssl::rsa::rsa<openssl::pkey::Public> once that is Eq?
2f26b866 551 master_pubkey: Option<KeyWithSource>,
c6a7ea0a
FG		 552}
553
554fn crypto_parameters(param: &Value) -> Result<CryptoParams, Error> {
f28d9088
WB		 555 let keyfile = match param.get("keyfile") {
556 Some(Value::String(keyfile)) => Some(keyfile),
557 Some(_) => bail!("bad --keyfile parameter type"),
558 None => None,
559 };
560
0351f23b
WB		 561 let key_fd = match param.get("keyfd") {
562 Some(Value::Number(key_fd)) => Some(
563 RawFd::try_from(key_fd
564 .as_i64()
565 .ok_or_else(|| format_err!("bad key fd: {:?}", key_fd))?
566 )
567 .map_err(|err| format_err!("bad key fd: {:?}: {}", key_fd, err))?
568 ),
569 Some(_) => bail!("bad --keyfd parameter type"),
570 None => None,
571 };
572
c0a87c12
FG		 573 let master_pubkey_file = match param.get("master-pubkey-file") {
574 Some(Value::String(keyfile)) => Some(keyfile),
575 Some(_) => bail!("bad --master-pubkey-file parameter type"),
576 None => None,
577 };
578
579 let master_pubkey_fd = match param.get("master-pubkey-fd") {
580 Some(Value::Number(key_fd)) => Some(
581 RawFd::try_from(key_fd
582 .as_i64()
583 .ok_or_else(|| format_err!("bad master public key fd: {:?}", key_fd))?
584 )
585 .map_err(|err| format_err!("bad public master key fd: {:?}: {}", key_fd, err))?
586 ),
587 Some(_) => bail!("bad --master-pubkey-fd parameter type"),
588 None => None,
589 };
590
c6a7ea0a 591 let mode: Option<CryptMode> = match param.get("crypt-mode") {
f28d9088
WB		 592 Some(mode) => Some(serde_json::from_value(mode.clone())?),
593 None => None,
594 };
595
2f26b866 596 let key = match (keyfile, key_fd) {
0351f23b
WB		 597 (None, None) => None,
598 (Some(_), Some(_)) => bail!("--keyfile and --keyfd are mutually exclusive"),
2f26b866
FG		 599 (Some(keyfile), None) => Some(KeyWithSource::from_path(
600 keyfile.clone(),
601 file_get_contents(keyfile)?,
602 )),
0351f23b
WB		 603 (None, Some(fd)) => {
604 let input = unsafe { std::fs::File::from_raw_fd(fd) };
605 let mut data = Vec::new();
2f26b866
FG		 606 let _len: usize = { input }.read_to_end(&mut data).map_err(|err| {
607 format_err!("error reading encryption key from fd {}: {}", fd, err)
608 })?;
609 Some(KeyWithSource::from_fd(data))
0351f23b
WB		 610 }
611 };
612
2f26b866 613 let master_pubkey = match (master_pubkey_file, master_pubkey_fd) {
c0a87c12
FG		 614 (None, None) => None,
615 (Some(_), Some(_)) => bail!("--keyfile and --keyfd are mutually exclusive"),
2f26b866
FG		 616 (Some(keyfile), None) => Some(KeyWithSource::from_path(
617 keyfile.clone(),
618 file_get_contents(keyfile)?,
619 )),
c0a87c12
FG		 620 (None, Some(fd)) => {
621 let input = unsafe { std::fs::File::from_raw_fd(fd) };
622 let mut data = Vec::new();
2f26b866
FG		 623 let _len: usize = { input }
624 .read_to_end(&mut data)
625 .map_err(|err| format_err!("error reading master key from fd {}: {}", fd, err))?;
626 Some(KeyWithSource::from_fd(data))
c0a87c12
FG		 627 }
628 };
629
94328389
FG		 630 let res = match mode {
631 // no crypt mode, enable encryption if keys are available
2f26b866 632 None => match (key, master_pubkey) {
94328389
FG		 633 // only default keys if available
634 (None, None) => match key::read_optional_default_encryption_key()? {
635 None => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None },
636 enc_key => {
94328389
FG		 637 let master_pubkey = key::read_optional_default_master_pubkey()?;
638 CryptoParams {
639 mode: CryptMode::Encrypt,
640 enc_key,
641 master_pubkey,
642 }
643 },
644 },
645
646 // explicit master key, default enc key needed
647 (None, master_pubkey) => match key::read_optional_default_encryption_key()? {
648 None => bail!("--master-pubkey-file/--master-pubkey-fd specified, but no key available"),
649 enc_key => {
94328389
FG		 650 CryptoParams {
651 mode: CryptMode::Encrypt,
652 enc_key,
653 master_pubkey,
654 }
655 },
8c6854c8 656 },
96ee8577 657
94328389
FG		 658 // explicit keyfile, maybe default master key
659 (enc_key, None) => CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey: key::read_optional_default_master_pubkey()? },
c0a87c12 660
94328389
FG		 661 // explicit keyfile and master key
662 (enc_key, master_pubkey) => CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey },
c0a87c12
FG		 663 },
664
94328389 665 // explicitly disabled encryption
2f26b866 666 Some(CryptMode::None) => match (key, master_pubkey) {
94328389
FG		 667 // no keys => OK, no encryption
668 (None, None) => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None },
669
670 // --keyfile and --crypt-mode=none
671 (Some(_), _) => bail!("--keyfile/--keyfd and --crypt-mode=none are mutually exclusive"),
672
673 // --master-pubkey-file and --crypt-mode=none
674 (_, Some(_)) => bail!("--master-pubkey-file/--master-pubkey-fd and --crypt-mode=none are mutually exclusive"),
c0a87c12 675 },
96ee8577 676
94328389 677 // explicitly enabled encryption
2f26b866 678 Some(mode) => match (key, master_pubkey) {
94328389
FG		 679 // no key, maybe master key
680 (None, master_pubkey) => match key::read_optional_default_encryption_key()? {
681 None => bail!("--crypt-mode without --keyfile and no default key file available"),
c0a87c12
FG		 682 enc_key => {
683 eprintln!("Encrypting with default encryption key!");
94328389
FG		 684 let master_pubkey = match master_pubkey {
685 None => key::read_optional_default_master_pubkey()?,
686 master_pubkey => master_pubkey,
687 };
688
c0a87c12 689 CryptoParams {
94328389 690 mode,
c0a87c12
FG		 691 enc_key,
692 master_pubkey,
693 }
694 },
94328389 695 },
c0a87c12 696
94328389
FG		 697 // --keyfile and --crypt-mode other than none
698 (enc_key, master_pubkey) => {
c0a87c12
FG		 699 let master_pubkey = match master_pubkey {
700 None => key::read_optional_default_master_pubkey()?,
701 master_pubkey => master_pubkey,
702 };
c6a7ea0a 703
94328389 704 CryptoParams { mode, enc_key, master_pubkey }
beb07279 705 },
c0a87c12 706 },
94328389 707 };
96ee8577 708
94328389 709 Ok(res)
96ee8577
WB		 710}
711
5bb057e5 712#[test]
c6a7ea0a 713// WARNING: there must only be one test for crypto_parameters as the default key handling is not
5bb057e5 714// safe w.r.t. concurrency
c6a7ea0a 715fn test_crypto_parameters_handling() -> Result<(), Error> {
2f26b866
FG		 716 let some_key = vec![1;1];
717 let default_key = vec![2;1];
5bb057e5 718
2f26b866
FG		 719 let some_master_key = vec![3;1];
720 let default_master_key = vec![4;1];
721
15d2c778
FG		 722 let keypath = "./target/testout/keyfile.test";
723 let master_keypath = "./target/testout/masterkeyfile.test";
724 let invalid_keypath = "./target/testout/invalid_keyfile.test";
1a89a779 725
c0a87c12
FG		 726 let no_key_res = CryptoParams {
727 enc_key: None,
728 master_pubkey: None,
729 mode: CryptMode::None,
730 };
731 let some_key_res = CryptoParams {
2f26b866
FG		 732 enc_key: Some(KeyWithSource::from_path(
733 keypath.to_string(),
734 some_key.clone(),
735 )),
c0a87c12
FG		 736 master_pubkey: None,
737 mode: CryptMode::Encrypt,
738 };
1a89a779 739 let some_key_some_master_res = CryptoParams {
2f26b866
FG		 740 enc_key: Some(KeyWithSource::from_path(
741 keypath.to_string(),
742 some_key.clone(),
743 )),
744 master_pubkey: Some(KeyWithSource::from_path(
745 master_keypath.to_string(),
746 some_master_key.clone(),
747 )),
1a89a779
FG		 748 mode: CryptMode::Encrypt,
749 };
750 let some_key_default_master_res = CryptoParams {
2f26b866
FG		 751 enc_key: Some(KeyWithSource::from_path(
752 keypath.to_string(),
753 some_key.clone(),
754 )),
755 master_pubkey: Some(KeyWithSource::from_default(default_master_key.clone())),
1a89a779
FG		 756 mode: CryptMode::Encrypt,
757 };
758
c0a87c12 759 let some_key_sign_res = CryptoParams {
2f26b866
FG		 760 enc_key: Some(KeyWithSource::from_path(
761 keypath.to_string(),
762 some_key.clone(),
763 )),
c0a87c12
FG		 764 master_pubkey: None,
765 mode: CryptMode::SignOnly,
766 };
767 let default_key_res = CryptoParams {
2f26b866 768 enc_key: Some(KeyWithSource::from_default(default_key.clone())),
c0a87c12
FG		 769 master_pubkey: None,
770 mode: CryptMode::Encrypt,
771 };
772 let default_key_sign_res = CryptoParams {
2f26b866 773 enc_key: Some(KeyWithSource::from_default(default_key.clone())),
c0a87c12
FG		 774 master_pubkey: None,
775 mode: CryptMode::SignOnly,
776 };
5bb057e5 777
2f26b866
FG		 778 replace_file(&keypath, &some_key, CreateOptions::default())?;
779 replace_file(&master_keypath, &some_master_key, CreateOptions::default())?;
5bb057e5
FG		 780
781 // no params, no default key == no key
c6a7ea0a 782 let res = crypto_parameters(&json!({}));
5bb057e5
FG		 783 assert_eq!(res.unwrap(), no_key_res);
784
785 // keyfile param == key from keyfile
c6a7ea0a 786 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 787 assert_eq!(res.unwrap(), some_key_res);
788
789 // crypt mode none == no key
c6a7ea0a 790 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 791 assert_eq!(res.unwrap(), no_key_res);
792
793 // crypt mode encrypt/sign-only, no keyfile, no default key == Error
c6a7ea0a
FG		 794 assert!(crypto_parameters(&json!({"crypt-mode": "sign-only"})).is_err());
795 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 796
797 // crypt mode none with explicit key == Error
c6a7ea0a 798 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 799
800 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 801 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 802 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 803 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 804 assert_eq!(res.unwrap(), some_key_res);
805
806 // invalid keyfile parameter always errors
c6a7ea0a
FG		 807 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
808 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
809 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
810 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 811
812 // now set a default key
2f26b866 813 unsafe { key::set_test_encryption_key(Ok(Some(default_key.clone()))); }
5bb057e5
FG		 814
815 // and repeat
816
817 // no params but default key == default key
c6a7ea0a 818 let res = crypto_parameters(&json!({}));
5bb057e5
FG		 819 assert_eq!(res.unwrap(), default_key_res);
820
821 // keyfile param == key from keyfile
c6a7ea0a 822 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 823 assert_eq!(res.unwrap(), some_key_res);
824
825 // crypt mode none == no key
c6a7ea0a 826 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 827 assert_eq!(res.unwrap(), no_key_res);
828
829 // crypt mode encrypt/sign-only, no keyfile, default key == default key with correct mode
c6a7ea0a 830 let res = crypto_parameters(&json!({"crypt-mode": "sign-only"}));
5bb057e5 831 assert_eq!(res.unwrap(), default_key_sign_res);
c6a7ea0a 832 let res = crypto_parameters(&json!({"crypt-mode": "encrypt"}));
5bb057e5
FG		 833 assert_eq!(res.unwrap(), default_key_res);
834
835 // crypt mode none with explicit key == Error
c6a7ea0a 836 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 837
838 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 839 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 840 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 841 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 842 assert_eq!(res.unwrap(), some_key_res);
843
844 // invalid keyfile parameter always errors
c6a7ea0a
FG		 845 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
846 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
847 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
848 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 849
850 // now make default key retrieval error
851 unsafe { key::set_test_encryption_key(Err(format_err!("test error"))); }
852
853 // and repeat
854
855 // no params, default key retrieval errors == Error
c6a7ea0a 856 assert!(crypto_parameters(&json!({})).is_err());
5bb057e5
FG		 857
858 // keyfile param == key from keyfile
c6a7ea0a 859 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 860 assert_eq!(res.unwrap(), some_key_res);
861
862 // crypt mode none == no key
c6a7ea0a 863 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 864 assert_eq!(res.unwrap(), no_key_res);
865
866 // crypt mode encrypt/sign-only, no keyfile, default key error == Error
c6a7ea0a
FG		 867 assert!(crypto_parameters(&json!({"crypt-mode": "sign-only"})).is_err());
868 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 869
870 // crypt mode none with explicit key == Error
c6a7ea0a 871 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 872
873 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 874 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 875 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 876 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 877 assert_eq!(res.unwrap(), some_key_res);
878
879 // invalid keyfile parameter always errors
c6a7ea0a
FG		 880 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
881 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
882 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
883 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
1a89a779
FG		 884
885 // now remove default key again
886 unsafe { key::set_test_encryption_key(Ok(None)); }
887 // set a default master key
2f26b866 888 unsafe { key::set_test_default_master_pubkey(Ok(Some(default_master_key.clone()))); }
1a89a779
FG		 889
890 // and use an explicit master key
891 assert!(crypto_parameters(&json!({"master-pubkey-file": master_keypath})).is_err());
892 // just a default == no key
893 let res = crypto_parameters(&json!({}));
894 assert_eq!(res.unwrap(), no_key_res);
895
896 // keyfile param == key from keyfile
897 let res = crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": master_keypath}));
898 assert_eq!(res.unwrap(), some_key_some_master_res);
899 // same with fallback to default master key
900 let res = crypto_parameters(&json!({"keyfile": keypath}));
901 assert_eq!(res.unwrap(), some_key_default_master_res);
902
903 // crypt mode none == error
904 assert!(crypto_parameters(&json!({"crypt-mode": "none", "master-pubkey-file": master_keypath})).is_err());
905 // with just default master key == no key
906 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
907 assert_eq!(res.unwrap(), no_key_res);
908
909 // crypt mode encrypt without enc key == error
910 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt", "master-pubkey-file": master_keypath})).is_err());
911 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
912
913 // crypt mode none with explicit key == Error
914 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath, "master-pubkey-file": master_keypath})).is_err());
915 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
916
917 // crypt mode encrypt with keyfile == key from keyfile with correct mode
918 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath, "master-pubkey-file": master_keypath}));
919 assert_eq!(res.unwrap(), some_key_some_master_res);
920 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
921 assert_eq!(res.unwrap(), some_key_default_master_res);
922
923 // invalid master keyfile parameter always errors when a key is passed, even with a valid
924 // default master key
925 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath})).is_err());
926 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath,"crypt-mode": "none"})).is_err());
927 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath,"crypt-mode": "sign-only"})).is_err());
928 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath,"crypt-mode": "encrypt"})).is_err());
929
5bb057e5
FG		 930 Ok(())
931}
932
a47a02ae
DM		 933#[api(
934 input: {
935 properties: {
936 backupspec: {
937 type: Array,
938 description: "List of backup source specifications ([<label.ext>:<path>] ...)",
939 items: {
940 schema: BACKUP_SOURCE_SCHEMA,
941 }
942 },
943 repository: {
944 schema: REPO_URL_SCHEMA,
945 optional: true,
946 },
947 "include-dev": {
948 description: "Include mountpoints with same st_dev number (see ``man fstat``) as specified files.",
949 optional: true,
950 items: {
951 type: String,
952 description: "Path to file.",
953 }
954 },
58fcbf5a
FE		 955 "all-file-systems": {
956 type: Boolean,
957 description: "Include all mounted subdirectories.",
958 optional: true,
959 },
a47a02ae
DM		 960 keyfile: {
961 schema: KEYFILE_SCHEMA,
962 optional: true,
963 },
0351f23b
WB		 964 "keyfd": {
965 schema: KEYFD_SCHEMA,
966 optional: true,
967 },
c0a87c12
FG		 968 "master-pubkey-file": {
969 schema: MASTER_PUBKEY_FILE_SCHEMA,
970 optional: true,
971 },
972 "master-pubkey-fd": {
973 schema: MASTER_PUBKEY_FD_SCHEMA,
974 optional: true,
975 },
24be37e3
WB		 976 "crypt-mode": {
977 type: CryptMode,
96ee8577
WB		 978 optional: true,
979 },
a47a02ae
DM		 980 "skip-lost-and-found": {
981 type: Boolean,
982 description: "Skip lost+found directory.",
983 optional: true,
984 },
985 "backup-type": {
986 schema: BACKUP_TYPE_SCHEMA,
987 optional: true,
988 },
989 "backup-id": {
990 schema: BACKUP_ID_SCHEMA,
991 optional: true,
992 },
993 "backup-time": {
994 schema: BACKUP_TIME_SCHEMA,
995 optional: true,
996 },
997 "chunk-size": {
998 schema: CHUNK_SIZE_SCHEMA,
999 optional: true,
1000 },
189996cf
CE		 1001 "exclude": {
1002 type: Array,
1003 description: "List of paths or patterns for matching files to exclude.",
1004 optional: true,
1005 items: {
1006 type: String,
1007 description: "Path or match pattern.",
1008 }
1009 },
6fc053ed
CE		 1010 "entries-max": {
1011 type: Integer,
1012 description: "Max number of entries to hold in memory.",
1013 optional: true,
c443f58b 1014 default: proxmox_backup::pxar::ENCODER_MAX_ENTRIES as isize,
6fc053ed 1015 },
e02c3d46
DM		 1016 "verbose": {
1017 type: Boolean,
1018 description: "Verbose output.",
1019 optional: true,
1020 },
a47a02ae
DM		 1021 }
1022 }
1023)]
1024/// Create (host) backup.
1025async fn create_backup(
6049b71f
DM		 1026 param: Value,
1027 _info: &ApiMethod,
dd5495d6 1028 _rpcenv: &mut dyn RpcEnvironment,
6049b71f 1029) -> Result<Value, Error> {
ff5d3707 1030
2665cef7 1031 let repo = extract_repository_from_value(&param)?;
ae0be2dd
DM		 1032
1033 let backupspec_list = tools::required_array_param(&param, "backupspec")?;
a914a774 1034
eed6db39
DM		 1035 let all_file_systems = param["all-file-systems"].as_bool().unwrap_or(false);
1036
5b72c9b4
DM		 1037 let skip_lost_and_found = param["skip-lost-and-found"].as_bool().unwrap_or(false);
1038
219ef0e6
DM		 1039 let verbose = param["verbose"].as_bool().unwrap_or(false);
1040
ca5d0b61
DM		 1041 let backup_time_opt = param["backup-time"].as_i64();
1042
36898ffc 1043 let chunk_size_opt = param["chunk-size"].as_u64().map(|v| (v*1024) as usize);
2d9d143a 1044
247cdbce
DM		 1045 if let Some(size) = chunk_size_opt {
1046 verify_chunk_size(size)?;
2d9d143a
DM		 1047 }
1048
c6a7ea0a 1049 let crypto = crypto_parameters(&param)?;
6d0983db 1050
f69adc81 1051 let backup_id = param["backup-id"].as_str().unwrap_or(&proxmox::tools::nodename());
fba30411 1052
bbf9e7e9 1053 let backup_type = param["backup-type"].as_str().unwrap_or("host");
ca5d0b61 1054
2eeaacb9
DM		 1055 let include_dev = param["include-dev"].as_array();
1056
c443f58b
WB		 1057 let entries_max = param["entries-max"].as_u64()
1058 .unwrap_or(proxmox_backup::pxar::ENCODER_MAX_ENTRIES as u64);
6fc053ed 1059
189996cf 1060 let empty = Vec::new();
c443f58b
WB		 1061 let exclude_args = param["exclude"].as_array().unwrap_or(&empty);
1062
239e49f9 1063 let mut pattern_list = Vec::with_capacity(exclude_args.len());
c443f58b
WB		 1064 for entry in exclude_args {
1065 let entry = entry.as_str().ok_or_else(|| format_err!("Invalid pattern string slice"))?;
239e49f9 1066 pattern_list.push(
c443f58b
WB		 1067 MatchEntry::parse_pattern(entry, PatternFlag::PATH_NAME, MatchType::Exclude)
1068 .map_err(|err| format_err!("invalid exclude pattern entry: {}", err))?
1069 );
189996cf
CE		 1070 }
1071
2eeaacb9
DM		 1072 let mut devices = if all_file_systems { None } else { Some(HashSet::new()) };
1073
1074 if let Some(include_dev) = include_dev {
1075 if all_file_systems {
1076 bail!("option 'all-file-systems' conflicts with option 'include-dev'");
1077 }
1078
1079 let mut set = HashSet::new();
1080 for path in include_dev {
1081 let path = path.as_str().unwrap();
1082 let stat = nix::sys::stat::stat(path)
1083 .map_err(|err| format_err!("fstat {:?} failed - {}", path, err))?;
1084 set.insert(stat.st_dev);
1085 }
1086 devices = Some(set);
1087 }
1088
ae0be2dd 1089 let mut upload_list = vec![];
f2b4b4b9 1090 let mut target_set = HashSet::new();
a914a774 1091
ae0be2dd 1092 for backupspec in backupspec_list {
7cc3473a
DM		 1093 let spec = parse_backup_specification(backupspec.as_str().unwrap())?;
1094 let filename = &spec.config_string;
1095 let target = &spec.archive_name;
bcd879cf 1096
f2b4b4b9
SI		 1097 if target_set.contains(target) {
1098 bail!("got target twice: '{}'", target);
1099 }
1100 target_set.insert(target.to_string());
1101
eb1804c5
DM		 1102 use std::os::unix::fs::FileTypeExt;
1103
3fa71727
CE		 1104 let metadata = std::fs::metadata(filename)
1105 .map_err(|err| format_err!("unable to access '{}' - {}", filename, err))?;
eb1804c5 1106 let file_type = metadata.file_type();
23bb8780 1107
7cc3473a
DM		 1108 match spec.spec_type {
1109 BackupSpecificationType::PXAR => {
ec8a9bb9
DM		 1110 if !file_type.is_dir() {
1111 bail!("got unexpected file type (expected directory)");
1112 }
7cc3473a 1113 upload_list.push((BackupSpecificationType::PXAR, filename.to_owned(), format!("{}.didx", target), 0));
ec8a9bb9 1114 }
7cc3473a 1115 BackupSpecificationType::IMAGE => {
ec8a9bb9
DM		 1116 if !(file_type.is_file() || file_type.is_block_device()) {
1117 bail!("got unexpected file type (expected file or block device)");
1118 }
eb1804c5 1119
e18a6c9e 1120 let size = image_size(&PathBuf::from(filename))?;
23bb8780 1121
ec8a9bb9 1122 if size == 0 { bail!("got zero-sized file '{}'", filename); }
ae0be2dd 1123
7cc3473a 1124 upload_list.push((BackupSpecificationType::IMAGE, filename.to_owned(), format!("{}.fidx", target), size));
ec8a9bb9 1125 }
7cc3473a 1126 BackupSpecificationType::CONFIG => {
ec8a9bb9
DM		 1127 if !file_type.is_file() {
1128 bail!("got unexpected file type (expected regular file)");
1129 }
7cc3473a 1130 upload_list.push((BackupSpecificationType::CONFIG, filename.to_owned(), format!("{}.blob", target), metadata.len()));
ec8a9bb9 1131 }
7cc3473a 1132 BackupSpecificationType::LOGFILE => {
79679c2d
DM		 1133 if !file_type.is_file() {
1134 bail!("got unexpected file type (expected regular file)");
1135 }
7cc3473a 1136 upload_list.push((BackupSpecificationType::LOGFILE, filename.to_owned(), format!("{}.blob", target), metadata.len()));
ec8a9bb9 1137 }
ae0be2dd
DM		 1138 }
1139 }
1140
22a9189e 1141 let backup_time = backup_time_opt.unwrap_or_else(epoch_i64);
ae0be2dd 1142
f3fde36b 1143 let client = connect(&repo)?;
d0a03d40
DM		 1144 record_repository(&repo);
1145
6a7be83e 1146 println!("Starting backup: {}/{}/{}", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time)?);
ca5d0b61 1147
f69adc81 1148 println!("Client name: {}", proxmox::tools::nodename());
ca5d0b61 1149
6a7be83e 1150 let start_time = std::time::Instant::now();
ca5d0b61 1151
6a7be83e 1152 println!("Starting backup protocol: {}", strftime_local("%c", epoch_i64())?);
51144821 1153
c6a7ea0a 1154 let (crypt_config, rsa_encrypted_key) = match crypto.enc_key {
bb823140 1155 None => (None, None),
2f26b866
FG		 1156 Some(key_with_source) => {
1157 println!(
1158 "{}",
1159 format_key_source(&key_with_source.source, "encryption")
1160 );
1161
1162 let (key, created, fingerprint) =
1163 decrypt_key(&key_with_source.key, &key::get_encryption_key_password)?;
6f2626ae 1164 println!("Encryption key fingerprint: {}", fingerprint);
bb823140 1165
44288184 1166 let crypt_config = CryptConfig::new(key)?;
bb823140 1167
c0a87c12 1168 match crypto.master_pubkey {
2f26b866
FG		 1169 Some(pem_with_source) => {
1170 println!("{}", format_key_source(&pem_with_source.source, "master"));
1171
1172 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_with_source.key)?;
82a103c8 1173
1c86893d 1174 let mut key_config = KeyConfig::without_password(key)?;
82a103c8 1175 key_config.created = created; // keep original value
82a103c8 1176
8acfd15d 1177 let enc_key = rsa_encrypt_key_config(rsa, &key_config)?;
6f2626ae 1178
05389a01 1179 (Some(Arc::new(crypt_config)), Some(enc_key))
2f26b866 1180 },
05389a01 1181 _ => (Some(Arc::new(crypt_config)), None),
bb823140 1182 }
6d0983db
DM		 1183 }
1184 };
f98ac774 1185
8a8a4703
DM		 1186 let client = BackupWriter::start(
1187 client,
b957aa81 1188 crypt_config.clone(),
8a8a4703
DM		 1189 repo.store(),
1190 backup_type,
1191 &backup_id,
1192 backup_time,
1193 verbose,
61d7b501 1194 false
8a8a4703
DM		 1195 ).await?;
1196
8b7f8d3f
FG		 1197 let download_previous_manifest = match client.previous_backup_time().await {
1198 Ok(Some(backup_time)) => {
1199 println!(
1200 "Downloading previous manifest ({})",
1201 strftime_local("%c", backup_time)?
1202 );
1203 true
1204 }
1205 Ok(None) => {
1206 println!("No previous manifest available.");
1207 false
1208 }
1209 Err(_) => {
1210 // Fallback for outdated server, TODO remove/bubble up with 2.0
1211 true
1212 }
1213 };
1214
1215 let previous_manifest = if download_previous_manifest {
1216 match client.download_previous_manifest().await {
1217 Ok(previous_manifest) => {
1218 match previous_manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref)) {
1219 Ok(()) => Some(Arc::new(previous_manifest)),
1220 Err(err) => {
1221 println!("Couldn't re-use previous manifest - {}", err);
1222 None
1223 }
1224 }
23f9503a 1225 }
8b7f8d3f
FG		 1226 Err(err) => {
1227 println!("Couldn't download previous manifest - {}", err);
1228 None
1229 }
1230 }
1231 } else {
1232 None
b957aa81
DM		 1233 };
1234
6a7be83e 1235 let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
8a8a4703
DM		 1236 let mut manifest = BackupManifest::new(snapshot);
1237
5d85847f 1238 let mut catalog = None;
6d233161 1239 let mut catalog_result_rx = None;
8a8a4703
DM		 1240
1241 for (backup_type, filename, target, size) in upload_list {
1242 match backup_type {
7cc3473a 1243 BackupSpecificationType::CONFIG => {
e43b9175
FG		 1244 let upload_options = UploadOptions {
1245 compress: true,
c6a7ea0a 1246 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1247 ..UploadOptions::default()
1248 };
1249
5b32820e 1250 println!("Upload config file '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1251 let stats = client
e43b9175 1252 .upload_blob_from_file(&filename, &target, upload_options)
8a8a4703 1253 .await?;
c6a7ea0a 1254 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703 1255 }
7cc3473a 1256 BackupSpecificationType::LOGFILE => { // fixme: remove - not needed anymore ?
e43b9175
FG		 1257 let upload_options = UploadOptions {
1258 compress: true,
c6a7ea0a 1259 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1260 ..UploadOptions::default()
1261 };
1262
5b32820e 1263 println!("Upload log file '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1264 let stats = client
e43b9175 1265 .upload_blob_from_file(&filename, &target, upload_options)
8a8a4703 1266 .await?;
c6a7ea0a 1267 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703 1268 }
7cc3473a 1269 BackupSpecificationType::PXAR => {
5d85847f
DC		 1270 // start catalog upload on first use
1271 if catalog.is_none() {
c6a7ea0a 1272 let catalog_upload_res = spawn_catalog_upload(client.clone(), crypto.mode == CryptMode::Encrypt)?;
6d233161
FG		 1273 catalog = Some(catalog_upload_res.catalog_writer);
1274 catalog_result_rx = Some(catalog_upload_res.result);
5d85847f
DC		 1275 }
1276 let catalog = catalog.as_ref().unwrap();
1277
5b32820e 1278 println!("Upload directory '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1279 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
77486a60
FG		 1280
1281 let pxar_options = proxmox_backup::pxar::PxarCreateOptions {
1282 device_set: devices.clone(),
1283 patterns: pattern_list.clone(),
1284 entries_max: entries_max as usize,
1285 skip_lost_and_found,
1286 verbose,
1287 };
1288
e43b9175
FG		 1289 let upload_options = UploadOptions {
1290 previous_manifest: previous_manifest.clone(),
1291 compress: true,
c6a7ea0a 1292 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1293 ..UploadOptions::default()
1294 };
1295
8a8a4703
DM		 1296 let stats = backup_directory(
1297 &client,
1298 &filename,
1299 &target,
1300 chunk_size_opt,
8a8a4703 1301 catalog.clone(),
77486a60 1302 pxar_options,
e43b9175 1303 upload_options,
8a8a4703 1304 ).await?;
c6a7ea0a 1305 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703
DM		 1306 catalog.lock().unwrap().end_directory()?;
1307 }
7cc3473a 1308 BackupSpecificationType::IMAGE => {
8a8a4703 1309 println!("Upload image '{}' to '{:?}' as {}", filename, repo, target);
e43b9175
FG		 1310
1311 let upload_options = UploadOptions {
1312 previous_manifest: previous_manifest.clone(),
1313 fixed_size: Some(size),
1314 compress: true,
c6a7ea0a 1315 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1316 };
1317
8a8a4703
DM		 1318 let stats = backup_image(
1319 &client,
e43b9175 1320 &filename,
8a8a4703 1321 &target,
8a8a4703 1322 chunk_size_opt,
e43b9175 1323 upload_options,
8a8a4703 1324 ).await?;
c6a7ea0a 1325 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
6af905c1
DM		 1326 }
1327 }
8a8a4703 1328 }
4818c8b6 1329
8a8a4703 1330 // finalize and upload catalog
5d85847f 1331 if let Some(catalog) = catalog {
8a8a4703
DM		 1332 let mutex = Arc::try_unwrap(catalog)
1333 .map_err(|_| format_err!("unable to get catalog (still used)"))?;
1334 let mut catalog = mutex.into_inner().unwrap();
bf6e3217 1335
8a8a4703 1336 catalog.finish()?;
2761d6a4 1337
8a8a4703 1338 drop(catalog); // close upload stream
2761d6a4 1339
6d233161 1340 if let Some(catalog_result_rx) = catalog_result_rx {
5d85847f 1341 let stats = catalog_result_rx.await??;
c6a7ea0a 1342 manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum, crypto.mode)?;
5d85847f 1343 }
8a8a4703 1344 }
2761d6a4 1345
8a8a4703 1346 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
9990af30 1347 let target = ENCRYPTED_KEY_BLOB_NAME;
8a8a4703 1348 println!("Upload RSA encoded key to '{:?}' as {}", repo, target);
e43b9175 1349 let options = UploadOptions { compress: false, encrypt: false, ..UploadOptions::default() };
8a8a4703 1350 let stats = client
e43b9175 1351 .upload_blob_from_data(rsa_encrypted_key, target, options)
8a8a4703 1352 .await?;
c6a7ea0a 1353 manifest.add_file(target.to_string(), stats.size, stats.csum, crypto.mode)?;
8a8a4703 1354
8a8a4703 1355 }
8a8a4703 1356 // create manifest (index.json)
3638341a 1357 // manifests are never encrypted, but include a signature
dfa517ad 1358 let manifest = manifest.to_string(crypt_config.as_ref().map(Arc::as_ref))
b53f6379 1359 .map_err(|err| format_err!("unable to format manifest - {}", err))?;
3638341a 1360
b53f6379 1361
9688f6de 1362 if verbose { println!("Upload index.json to '{}'", repo) };
e43b9175 1363 let options = UploadOptions { compress: true, encrypt: false, ..UploadOptions::default() };
8a8a4703 1364 client
e43b9175 1365 .upload_blob_from_data(manifest.into_bytes(), MANIFEST_BLOB_NAME, options)
8a8a4703 1366 .await?;
2c3891d1 1367
8a8a4703 1368 client.finish().await?;
c4ff3dce 1369
6a7be83e
DM		 1370 let end_time = std::time::Instant::now();
1371 let elapsed = end_time.duration_since(start_time);
1372 println!("Duration: {:.2}s", elapsed.as_secs_f64());
3ec3ec3f 1373
6a7be83e 1374 println!("End Time: {}", strftime_local("%c", epoch_i64())?);
3d5c11e5 1375
8a8a4703 1376 Ok(Value::Null)
f98ea63d
DM		 1377}
1378
8e6e18b7 1379async fn dump_image<W: Write>(
88892ea8
DM		 1380 client: Arc<BackupReader>,
1381 crypt_config: Option<Arc<CryptConfig>>,
14f6c9cb 1382 crypt_mode: CryptMode,
88892ea8
DM		 1383 index: FixedIndexReader,
1384 mut writer: W,
fd04ca7a 1385 verbose: bool,
88892ea8
DM		 1386) -> Result<(), Error> {
1387
1388 let most_used = index.find_most_used_chunks(8);
1389
14f6c9cb 1390 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, crypt_mode, most_used);
88892ea8
DM		 1391
1392 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
1393 // and thus slows down reading. Instead, directly use RemoteChunkReader
fd04ca7a
DM		 1394 let mut per = 0;
1395 let mut bytes = 0;
1396 let start_time = std::time::Instant::now();
1397
88892ea8
DM		 1398 for pos in 0..index.index_count() {
1399 let digest = index.index_digest(pos).unwrap();
8e6e18b7 1400 let raw_data = chunk_reader.read_chunk(&digest).await?;
88892ea8 1401 writer.write_all(&raw_data)?;
fd04ca7a
DM		 1402 bytes += raw_data.len();
1403 if verbose {
1404 let next_per = ((pos+1)*100)/index.index_count();
1405 if per != next_per {
1406 eprintln!("progress {}% (read {} bytes, duration {} sec)",
1407 next_per, bytes, start_time.elapsed().as_secs());
1408 per = next_per;
1409 }
1410 }
88892ea8
DM		 1411 }
1412
fd04ca7a
DM		 1413 let end_time = std::time::Instant::now();
1414 let elapsed = end_time.duration_since(start_time);
1415 eprintln!("restore image complete (bytes={}, duration={:.2}s, speed={:.2}MB/s)",
1416 bytes,
1417 elapsed.as_secs_f64(),
1418 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
1419 );
1420
1421
88892ea8
DM		 1422 Ok(())
1423}
1424
dc155e9b 1425fn parse_archive_type(name: &str) -> (String, ArchiveType) {
2d32fe2c
TL		 1426 if name.ends_with(".didx") || name.ends_with(".fidx") || name.ends_with(".blob") {
1427 (name.into(), archive_type(name).unwrap())
1428 } else if name.ends_with(".pxar") {
dc155e9b
TL		 1429 (format!("{}.didx", name), ArchiveType::DynamicIndex)
1430 } else if name.ends_with(".img") {
1431 (format!("{}.fidx", name), ArchiveType::FixedIndex)
1432 } else {
1433 (format!("{}.blob", name), ArchiveType::Blob)
1434 }
1435}
1436
a47a02ae
DM		 1437#[api(
1438 input: {
1439 properties: {
1440 repository: {
1441 schema: REPO_URL_SCHEMA,
1442 optional: true,
1443 },
1444 snapshot: {
1445 type: String,
1446 description: "Group/Snapshot path.",
1447 },
1448 "archive-name": {
1449 description: "Backup archive name.",
1450 type: String,
1451 },
1452 target: {
1453 type: String,
90c815bf 1454 description: r###"Target directory path. Use '-' to write to standard output.
8a8a4703 1455
5eee6d89 1456We do not extraxt '.pxar' archives when writing to standard output.
8a8a4703 1457
a47a02ae
DM		 1458"###
1459 },
1460 "allow-existing-dirs": {
1461 type: Boolean,
1462 description: "Do not fail if directories already exists.",
1463 optional: true,
1464 },
1465 keyfile: {
1466 schema: KEYFILE_SCHEMA,
1467 optional: true,
1468 },
0351f23b
WB		 1469 "keyfd": {
1470 schema: KEYFD_SCHEMA,
1471 optional: true,
1472 },
24be37e3
WB		 1473 "crypt-mode": {
1474 type: CryptMode,
96ee8577
WB		 1475 optional: true,
1476 },
a47a02ae
DM		 1477 }
1478 }
1479)]
1480/// Restore backup repository.
1481async fn restore(param: Value) -> Result<Value, Error> {
2665cef7 1482 let repo = extract_repository_from_value(&param)?;
9f912493 1483
86eda3eb
DM		 1484 let verbose = param["verbose"].as_bool().unwrap_or(false);
1485
46d5aa0a
DM		 1486 let allow_existing_dirs = param["allow-existing-dirs"].as_bool().unwrap_or(false);
1487
d5c34d98
DM		 1488 let archive_name = tools::required_string_param(&param, "archive-name")?;
1489
f3fde36b 1490 let client = connect(&repo)?;
d0a03d40 1491
d0a03d40 1492 record_repository(&repo);
d5c34d98 1493
9f912493 1494 let path = tools::required_string_param(&param, "snapshot")?;
9f912493 1495
86eda3eb 1496 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
d6d3b353 1497 let group: BackupGroup = path.parse()?;
27c9affb 1498 api_datastore_latest_snapshot(&client, repo.store(), group).await?
d5c34d98 1499 } else {
a67f7d0a 1500 let snapshot: BackupDir = path.parse()?;
86eda3eb
DM		 1501 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1502 };
9f912493 1503
d5c34d98 1504 let target = tools::required_string_param(&param, "target")?;
bf125261 1505 let target = if target == "-" { None } else { Some(target) };
2ae7d196 1506
c6a7ea0a 1507 let crypto = crypto_parameters(&param)?;
2ae7d196 1508
c6a7ea0a 1509 let crypt_config = match crypto.enc_key {
86eda3eb 1510 None => None,
2f26b866
FG		 1511 Some(ref key) => {
1512 let (key, _, _) =
1513 decrypt_key(&key.key, &key::get_encryption_key_password).map_err(|err| {
1514 eprintln!("{}", format_key_source(&key.source, "encryption"));
1515 err
1516 })?;
86eda3eb
DM		 1517 Some(Arc::new(CryptConfig::new(key)?))
1518 }
1519 };
d5c34d98 1520
296c50ba
DM		 1521 let client = BackupReader::start(
1522 client,
1523 crypt_config.clone(),
1524 repo.store(),
1525 &backup_type,
1526 &backup_id,
1527 backup_time,
1528 true,
1529 ).await?;
86eda3eb 1530
48fbbfeb
FG		 1531 let (archive_name, archive_type) = parse_archive_type(archive_name);
1532
2107a5ae 1533 let (manifest, backup_index_data) = client.download_manifest().await?;
02fcf372 1534
48fbbfeb
FG		 1535 if archive_name == ENCRYPTED_KEY_BLOB_NAME && crypt_config.is_none() {
1536 eprintln!("Restoring encrypted key blob without original key - skipping manifest fingerprint check!")
1537 } else {
2f26b866
FG		 1538 if manifest.signature.is_some() {
1539 if let Some(key) = &crypto.enc_key {
1540 eprintln!("{}", format_key_source(&key.source, "encryption"));
1541 }
1542 if let Some(config) = &crypt_config {
1543 eprintln!("Fingerprint: {}", config.fingerprint());
1544 }
1545 }
48fbbfeb
FG		 1546 manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
1547 }
dc155e9b
TL		 1548
1549 if archive_name == MANIFEST_BLOB_NAME {
02fcf372 1550 if let Some(target) = target {
2107a5ae 1551 replace_file(target, &backup_index_data, CreateOptions::new())?;
02fcf372
DM		 1552 } else {
1553 let stdout = std::io::stdout();
1554 let mut writer = stdout.lock();
2107a5ae 1555 writer.write_all(&backup_index_data)
02fcf372
DM		 1556 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1557 }
1558
14f6c9cb
FG		 1559 return Ok(Value::Null);
1560 }
1561
1562 let file_info = manifest.lookup_file_info(&archive_name)?;
1563
1564 if archive_type == ArchiveType::Blob {
d2267b11 1565
dc155e9b 1566 let mut reader = client.download_blob(&manifest, &archive_name).await?;
f8100e96 1567
bf125261 1568 if let Some(target) = target {
0d986280
DM		 1569 let mut writer = std::fs::OpenOptions::new()
1570 .write(true)
1571 .create(true)
1572 .create_new(true)
1573 .open(target)
1574 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?;
1575 std::io::copy(&mut reader, &mut writer)?;
bf125261
DM		 1576 } else {
1577 let stdout = std::io::stdout();
1578 let mut writer = stdout.lock();
0d986280 1579 std::io::copy(&mut reader, &mut writer)
bf125261
DM		 1580 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1581 }
f8100e96 1582
dc155e9b 1583 } else if archive_type == ArchiveType::DynamicIndex {
86eda3eb 1584
dc155e9b 1585 let index = client.download_dynamic_index(&manifest, &archive_name).await?;
df65bd3d 1586
f4bf7dfc
DM		 1587 let most_used = index.find_most_used_chunks(8);
1588
14f6c9cb 1589 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
f4bf7dfc 1590
afb4cd28 1591 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
86eda3eb 1592
72064fd0
FG		 1593 let options = proxmox_backup::pxar::PxarExtractOptions {
1594 match_list: &[],
1595 extract_match_default: true,
1596 allow_existing_dirs,
1597 on_error: None,
1598 };
1599
bf125261 1600 if let Some(target) = target {
c443f58b
WB		 1601 proxmox_backup::pxar::extract_archive(
1602 pxar::decoder::Decoder::from_std(reader)?,
1603 Path::new(target),
5444fa94 1604 proxmox_backup::pxar::Flags::DEFAULT,
c443f58b
WB		 1605 |path| {
1606 if verbose {
1607 println!("{:?}", path);
1608 }
1609 },
72064fd0 1610 options,
c443f58b
WB		 1611 )
1612 .map_err(|err| format_err!("error extracting archive - {}", err))?;
bf125261 1613 } else {
88892ea8
DM		 1614 let mut writer = std::fs::OpenOptions::new()
1615 .write(true)
1616 .open("/dev/stdout")
1617 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?;
afb4cd28 1618
bf125261
DM		 1619 std::io::copy(&mut reader, &mut writer)
1620 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1621 }
dc155e9b 1622 } else if archive_type == ArchiveType::FixedIndex {
afb4cd28 1623
dc155e9b 1624 let index = client.download_fixed_index(&manifest, &archive_name).await?;
df65bd3d 1625
88892ea8
DM		 1626 let mut writer = if let Some(target) = target {
1627 std::fs::OpenOptions::new()
bf125261
DM		 1628 .write(true)
1629 .create(true)
1630 .create_new(true)
1631 .open(target)
88892ea8 1632 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?
bf125261 1633 } else {
88892ea8
DM		 1634 std::fs::OpenOptions::new()
1635 .write(true)
1636 .open("/dev/stdout")
1637 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?
1638 };
afb4cd28 1639
14f6c9cb 1640 dump_image(client.clone(), crypt_config.clone(), file_info.chunk_crypt_mode(), index, &mut writer, verbose).await?;
3031e44c 1641 }
fef44d4f
DM		 1642
1643 Ok(Value::Null)
45db6f89
DM		 1644}
1645
032d3ad8
DM		 1646const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
1647 &ApiHandler::Async(&prune),
1648 &ObjectSchema::new(
1649 "Prune a backup repository.",
1650 &proxmox_backup::add_common_prune_prameters!([
1651 ("dry-run", true, &BooleanSchema::new(
1652 "Just show what prune would do, but do not delete anything.")
1653 .schema()),
1654 ("group", false, &StringSchema::new("Backup group.").schema()),
1655 ], [
1656 ("output-format", true, &OUTPUT_FORMAT),
c48aa39f
DM		 1657 (
1658 "quiet",
1659 true,
1660 &BooleanSchema::new("Minimal output - only show removals.")
1661 .schema()
1662 ),
032d3ad8
DM		 1663 ("repository", true, &REPO_URL_SCHEMA),
1664 ])
1665 )
1666);
1667
1668fn prune<'a>(
1669 param: Value,
1670 _info: &ApiMethod,
1671 _rpcenv: &'a mut dyn RpcEnvironment,
1672) -> proxmox::api::ApiFuture<'a> {
1673 async move {
1674 prune_async(param).await
1675 }.boxed()
1676}
83b7db02 1677
032d3ad8 1678async fn prune_async(mut param: Value) -> Result<Value, Error> {
2665cef7 1679 let repo = extract_repository_from_value(&param)?;
83b7db02 1680
f3fde36b 1681 let mut client = connect(&repo)?;
83b7db02 1682
d0a03d40 1683 let path = format!("api2/json/admin/datastore/{}/prune", repo.store());
83b7db02 1684
9fdc3ef4 1685 let group = tools::required_string_param(&param, "group")?;
d6d3b353 1686 let group: BackupGroup = group.parse()?;
c2043614
DM		 1687
1688 let output_format = get_output_format(&param);
9fdc3ef4 1689
c48aa39f
DM		 1690 let quiet = param["quiet"].as_bool().unwrap_or(false);
1691
ea7a7ef2
DM		 1692 param.as_object_mut().unwrap().remove("repository");
1693 param.as_object_mut().unwrap().remove("group");
163e9bbe 1694 param.as_object_mut().unwrap().remove("output-format");
c48aa39f 1695 param.as_object_mut().unwrap().remove("quiet");
ea7a7ef2
DM		 1696
1697 param["backup-type"] = group.backup_type().into();
1698 param["backup-id"] = group.backup_id().into();
83b7db02 1699
db1e061d 1700 let mut result = client.post(&path, Some(param)).await?;
74fa81b8 1701
87c42375 1702 record_repository(&repo);
3b03abfe 1703
db1e061d
DM		 1704 let render_snapshot_path = |_v: &Value, record: &Value| -> Result<String, Error> {
1705 let item: PruneListItem = serde_json::from_value(record.to_owned())?;
e0e5b442 1706 let snapshot = BackupDir::new(item.backup_type, item.backup_id, item.backup_time)?;
db1e061d
DM		 1707 Ok(snapshot.relative_path().to_str().unwrap().to_owned())
1708 };
1709
c48aa39f
DM		 1710 let render_prune_action = |v: &Value, _record: &Value| -> Result<String, Error> {
1711 Ok(match v.as_bool() {
1712 Some(true) => "keep",
1713 Some(false) => "remove",
1714 None => "unknown",
1715 }.to_string())
1716 };
1717
db1e061d
DM		 1718 let options = default_table_format_options()
1719 .sortby("backup-type", false)
1720 .sortby("backup-id", false)
1721 .sortby("backup-time", false)
1722 .column(ColumnConfig::new("backup-id").renderer(render_snapshot_path).header("snapshot"))
74f7240b 1723 .column(ColumnConfig::new("backup-time").renderer(tools::format::render_epoch).header("date"))
c48aa39f 1724 .column(ColumnConfig::new("keep").renderer(render_prune_action).header("action"))
db1e061d
DM		 1725 ;
1726
b2362a12 1727 let return_type = &proxmox_backup::api2::admin::datastore::API_METHOD_PRUNE.returns;
db1e061d
DM		 1728
1729 let mut data = result["data"].take();
1730
c48aa39f
DM		 1731 if quiet {
1732 let list: Vec<Value> = data.as_array().unwrap().iter().filter(|item| {
1733 item["keep"].as_bool() == Some(false)
a375df6f 1734 }).cloned().collect();
c48aa39f
DM		 1735 data = list.into();
1736 }
1737
b2362a12 1738 format_and_print_result_full(&mut data, return_type, &output_format, &options);
d0a03d40 1739
43a406fd 1740 Ok(Value::Null)
83b7db02
DM		 1741}
1742
a47a02ae
DM		 1743#[api(
1744 input: {
1745 properties: {
1746 repository: {
1747 schema: REPO_URL_SCHEMA,
1748 optional: true,
1749 },
1750 "output-format": {
1751 schema: OUTPUT_FORMAT,
1752 optional: true,
1753 },
1754 }
f9beae9c
TL		 1755 },
1756 returns: {
1757 type: StorageStatus,
1758 },
a47a02ae
DM		 1759)]
1760/// Get repository status.
1761async fn status(param: Value) -> Result<Value, Error> {
34a816cc
DM		 1762
1763 let repo = extract_repository_from_value(&param)?;
1764
c2043614 1765 let output_format = get_output_format(&param);
34a816cc 1766
f3fde36b 1767 let client = connect(&repo)?;
34a816cc
DM		 1768
1769 let path = format!("api2/json/admin/datastore/{}/status", repo.store());
1770
1dc117bb 1771 let mut result = client.get(&path, None).await?;
14e08625 1772 let mut data = result["data"].take();
34a816cc
DM		 1773
1774 record_repository(&repo);
1775
390c5bdd
DM		 1776 let render_total_percentage = |v: &Value, record: &Value| -> Result<String, Error> {
1777 let v = v.as_u64().unwrap();
1778 let total = record["total"].as_u64().unwrap();
1779 let roundup = total/200;
1780 let per = ((v+roundup)*100)/total;
e23f5863
DM		 1781 let info = format!(" ({} %)", per);
1782 Ok(format!("{} {:>8}", v, info))
390c5bdd 1783 };
1dc117bb 1784
c2043614 1785 let options = default_table_format_options()
be2425ff 1786 .noheader(true)
e23f5863 1787 .column(ColumnConfig::new("total").renderer(render_total_percentage))
390c5bdd
DM		 1788 .column(ColumnConfig::new("used").renderer(render_total_percentage))
1789 .column(ColumnConfig::new("avail").renderer(render_total_percentage));
34a816cc 1790
b2362a12 1791 let return_type = &API_METHOD_STATUS.returns;
390c5bdd 1792
b2362a12 1793 format_and_print_result_full(&mut data, return_type, &output_format, &options);
34a816cc
DM		 1794
1795 Ok(Value::Null)
1796}
1797
c443f58b
WB		 1798use proxmox_backup::client::RemoteChunkReader;
1799/// This is a workaround until we have cleaned up the chunk/reader/... infrastructure for better
1800/// async use!
1801///
1802/// Ideally BufferedDynamicReader gets replaced so the LruCache maps to `BroadcastFuture<Chunk>`,
1803/// so that we can properly access it from multiple threads simultaneously while not issuing
1804/// duplicate simultaneous reads over http.
43abba4b 1805pub struct BufferedDynamicReadAt {
c443f58b
WB		 1806 inner: Mutex<BufferedDynamicReader<RemoteChunkReader>>,
1807}
1808
1809impl BufferedDynamicReadAt {
1810 fn new(inner: BufferedDynamicReader<RemoteChunkReader>) -> Self {
1811 Self {
1812 inner: Mutex::new(inner),
1813 }
1814 }
1815}
1816
a6f87283
WB		 1817impl ReadAt for BufferedDynamicReadAt {
1818 fn start_read_at<'a>(
1819 self: Pin<&'a Self>,
c443f58b 1820 _cx: &mut Context,
a6f87283 1821 buf: &'a mut [u8],
c443f58b 1822 offset: u64,
a6f87283 1823 ) -> MaybeReady<io::Result<usize>, ReadAtOperation<'a>> {
a6f87283 1824 MaybeReady::Ready(tokio::task::block_in_place(move || {
c443f58b
WB		 1825 let mut reader = self.inner.lock().unwrap();
1826 reader.seek(SeekFrom::Start(offset))?;
a6f87283
WB		 1827 Ok(reader.read(buf)?)
1828 }))
1829 }
1830
1831 fn poll_complete<'a>(
1832 self: Pin<&'a Self>,
1833 _op: ReadAtOperation<'a>,
1834 ) -> MaybeReady<io::Result<usize>, ReadAtOperation<'a>> {
1835 panic!("LocalDynamicReadAt::start_read_at returned Pending");
c443f58b
WB		 1836 }
1837}
1838
f2401311 1839fn main() {
33d64b81 1840
255f378a 1841 let backup_cmd_def = CliCommand::new(&API_METHOD_CREATE_BACKUP)
49fddd98 1842 .arg_param(&["backupspec"])
d0a03d40 1843 .completion_cb("repository", complete_repository)
49811347 1844 .completion_cb("backupspec", complete_backup_source)
6d0983db 1845 .completion_cb("keyfile", tools::complete_file_name)
c0a87c12 1846 .completion_cb("master-pubkey-file", tools::complete_file_name)
49811347 1847 .completion_cb("chunk-size", complete_chunk_size);
f8838fe9 1848
caea8d61
DM		 1849 let benchmark_cmd_def = CliCommand::new(&API_METHOD_BENCHMARK)
1850 .completion_cb("repository", complete_repository)
1851 .completion_cb("keyfile", tools::complete_file_name);
1852
255f378a 1853 let list_cmd_def = CliCommand::new(&API_METHOD_LIST_BACKUP_GROUPS)
d0a03d40 1854 .completion_cb("repository", complete_repository);
41c039e1 1855
255f378a 1856 let garbage_collect_cmd_def = CliCommand::new(&API_METHOD_START_GARBAGE_COLLECTION)
d0a03d40 1857 .completion_cb("repository", complete_repository);
8cc0d6af 1858
255f378a 1859 let restore_cmd_def = CliCommand::new(&API_METHOD_RESTORE)
49fddd98 1860 .arg_param(&["snapshot", "archive-name", "target"])
b2388518 1861 .completion_cb("repository", complete_repository)
08dc340a
DM		 1862 .completion_cb("snapshot", complete_group_or_snapshot)
1863 .completion_cb("archive-name", complete_archive_name)
1864 .completion_cb("target", tools::complete_file_name);
9f912493 1865
255f378a 1866 let prune_cmd_def = CliCommand::new(&API_METHOD_PRUNE)
49fddd98 1867 .arg_param(&["group"])
9fdc3ef4 1868 .completion_cb("group", complete_backup_group)
d0a03d40 1869 .completion_cb("repository", complete_repository);
9f912493 1870
255f378a 1871 let status_cmd_def = CliCommand::new(&API_METHOD_STATUS)
34a816cc
DM		 1872 .completion_cb("repository", complete_repository);
1873
255f378a 1874 let login_cmd_def = CliCommand::new(&API_METHOD_API_LOGIN)
e240d8be
DM		 1875 .completion_cb("repository", complete_repository);
1876
255f378a 1877 let logout_cmd_def = CliCommand::new(&API_METHOD_API_LOGOUT)
e240d8be 1878 .completion_cb("repository", complete_repository);
32efac1c 1879
e39974af
TL		 1880 let version_cmd_def = CliCommand::new(&API_METHOD_API_VERSION)
1881 .completion_cb("repository", complete_repository);
1882
344add38
DW		 1883 let change_owner_cmd_def = CliCommand::new(&API_METHOD_CHANGE_BACKUP_OWNER)
1884 .arg_param(&["group", "new-owner"])
1885 .completion_cb("group", complete_backup_group)
0224c3c2 1886 .completion_cb("new-owner", complete_auth_id)
344add38
DW		 1887 .completion_cb("repository", complete_repository);
1888
41c039e1 1889 let cmd_def = CliCommandMap::new()
48ef3c33 1890 .insert("backup", backup_cmd_def)
48ef3c33
DM		 1891 .insert("garbage-collect", garbage_collect_cmd_def)
1892 .insert("list", list_cmd_def)
1893 .insert("login", login_cmd_def)
1894 .insert("logout", logout_cmd_def)
1895 .insert("prune", prune_cmd_def)
1896 .insert("restore", restore_cmd_def)
a65e3e4b 1897 .insert("snapshot", snapshot_mgtm_cli())
48ef3c33 1898 .insert("status", status_cmd_def)
9696f519 1899 .insert("key", key::cli())
43abba4b 1900 .insert("mount", mount_cmd_def())
45f9b32e
SR		 1901 .insert("map", map_cmd_def())
1902 .insert("unmap", unmap_cmd_def())
5830c205 1903 .insert("catalog", catalog_mgmt_cli())
caea8d61 1904 .insert("task", task_mgmt_cli())
e39974af 1905 .insert("version", version_cmd_def)
344add38 1906 .insert("benchmark", benchmark_cmd_def)
731eeef2
DM		 1907 .insert("change-owner", change_owner_cmd_def)
1908
61205f00 1909 .alias(&["files"], &["snapshot", "files"])
edebd523 1910 .alias(&["forget"], &["snapshot", "forget"])
0c9209b0 1911 .alias(&["upload-log"], &["snapshot", "upload-log"])
731eeef2
DM		 1912 .alias(&["snapshots"], &["snapshot", "list"])
1913 ;
48ef3c33 1914
7b22acd0
DM		 1915 let rpcenv = CliEnvironment::new();
1916 run_cli_command(cmd_def, rpcenv, Some(|future| {
d08bc483
DM		 1917 proxmox_backup::tools::runtime::main(future)
1918 }));
ff5d3707 1919}
Proxmox Backup Server and Client