]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
proxmox-rest-server: use new ServerAdapter trait instead of callbacks
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
6680878b
DM		 4use std::future::Future;
5use std::pin::Pin;
a2479cfa 6
f7d4e4b5 7use anyhow::{bail, format_err, Error};
a2479cfa 8use futures::*;
7fa9a37c
DM		 9use http::request::Parts;
10use http::Response;
11use hyper::{Body, StatusCode};
12use hyper::header;
13use url::form_urlencoded;
ea368a06 14
a2479cfa 15use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 16use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 17use serde_json::{json, Value};
608806e8 18use http::{Method, HeaderMap};
a2479cfa 19
9ea4bce4 20use proxmox::try_block;
608806e8 21use proxmox::api::{RpcEnvironment, RpcEnvironmentType, UserInformation};
32413921 22use proxmox::sys::linux::socket::set_tcp_keepalive;
fd6d2438
DM		 23use proxmox::tools::fs::CreateOptions;
24
1ec0d70d 25use pbs_tools::task_log;
6d5d305d 26use pbs_datastore::DataStore;
48176b0a 27use proxmox_rest_server::{
608806e8
DM		 28 rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
29 ServerAdapter, WorkerTask,
48176b0a 30};
a2479cfa 31
1298618a 32use proxmox_backup::{
1298618a 33 server::{
608806e8 34 auth::check_pbs_auth,
1298618a
DM		 35 jobstate::{
36 self,
37 Job,
38 },
1298618a 39 },
1298618a
DM		 40};
41
af06decd 42use pbs_buildcfg::configdir;
84af82e8 43use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
6c76aa43 44use pbs_tools::logrotate::LogRotate;
1298618a 45
89725197
DM		 46use pbs_api_types::{
47 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
48 PruneOptions,
49};
e7d4be9d 50
8bca935f
DM		 51use proxmox_rest_server::daemon;
52
e3f41f21 53use proxmox_backup::server;
d01e2420 54use proxmox_backup::auth_helpers::*;
97168f92 55use proxmox_backup::tools::{
32413921 56 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 57 disks::{
58 DiskManage,
59 zfs_pool_stats,
368f4c54 60 get_pool_from_dataset,
97168f92 61 },
97168f92 62};
02c7a755 63
e7d4be9d 64
a13573c2 65use proxmox_backup::api2::pull::do_sync_job;
8513626b 66use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 67use proxmox_backup::server::do_verification_job;
b8d90798 68use proxmox_backup::server::do_prune_job;
a13573c2 69
946c3e8a 70fn main() -> Result<(), Error> {
ac7513e3
DM		 71 proxmox_backup::tools::setup_safe_path_env();
72
21211748
DM		 73 let backup_uid = pbs_config::backup_user()?.uid;
74 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 75 let running_uid = nix::unistd::Uid::effective();
76 let running_gid = nix::unistd::Gid::effective();
77
78 if running_uid != backup_uid || running_gid != backup_gid {
79 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
80 }
81
d420962f 82 pbs_runtime::main(run())
4223d9f8
DM		 83}
84
48176b0a 85
608806e8
DM		 86struct ProxmoxBackupProxyAdapter;
87
88impl ServerAdapter for ProxmoxBackupProxyAdapter {
89
90 fn get_index(
91 &self,
92 env: RestEnvironment,
93 parts: Parts,
94 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
95 Box::pin(get_index_future(env, parts))
96 }
97
98 fn check_auth<'a>(
99 &'a self,
100 headers: &'a HeaderMap,
101 method: &'a Method,
102 ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
103 Box::pin(async move {
104 check_pbs_auth(headers, method).await
105 })
106 }
107}
108
48176b0a
DM		 109fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
110 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
111 return extract_cookie(cookie, "PBSLangCookie");
112 }
113 None
114}
115
6680878b 116async fn get_index_future(
48176b0a 117 env: RestEnvironment,
7fa9a37c
DM		 118 parts: Parts,
119) -> Response<Body> {
120
48176b0a
DM		 121 let auth_id = env.get_auth_id();
122 let api = env.api_config();
123 let language = extract_lang_header(&parts.headers);
124
125 // fixme: make all IO async
6680878b 126
7fa9a37c
DM		 127 let (userid, csrf_token) = match auth_id {
128 Some(auth_id) => {
129 let auth_id = auth_id.parse::<Authid>();
130 match auth_id {
131 Ok(auth_id) if !auth_id.is_token() => {
132 let userid = auth_id.user().clone();
133 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
134 (Some(userid), Some(new_csrf_token))
135 }
136 _ => (None, None)
137 }
138 }
139 None => (None, None),
140 };
141
142 let nodename = proxmox::tools::nodename();
143 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
144
145 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
146
147 let mut debug = false;
148 let mut template_file = "index";
149
150 if let Some(query_str) = parts.uri.query() {
151 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
152 if k == "debug" && v != "0" && v != "false" {
153 debug = true;
154 } else if k == "console" {
155 template_file = "console";
156 }
157 }
158 }
159
160 let mut lang = String::from("");
161 if let Some(language) = language {
162 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
163 lang = language;
164 }
165 }
166
167 let data = json!({
168 "NodeName": nodename,
169 "UserName": user,
170 "CSRFPreventionToken": csrf_token,
171 "language": lang,
172 "debug": debug,
173 });
174
175 let (ct, index) = match api.render_template(template_file, &data) {
176 Ok(index) => ("text/html", index),
177 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
178 };
179
180 let mut resp = Response::builder()
181 .status(StatusCode::OK)
182 .header(header::CONTENT_TYPE, ct)
183 .body(index.into())
184 .unwrap();
185
186 if let Some(userid) = userid {
187 resp.extensions_mut().insert(Authid::from((userid, None)));
188 }
189
190 resp
191}
192
fda5797b 193async fn run() -> Result<(), Error> {
02c7a755
DM		 194 if let Err(err) = syslog::init(
195 syslog::Facility::LOG_DAEMON,
196 log::LevelFilter::Info,
197 Some("proxmox-backup-proxy")) {
4223d9f8 198 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 199 }
200
e1d367df
DM		 201 // Note: To debug early connection error use
202 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
203 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
204
d01e2420
DM		 205 let _ = public_auth_key(); // load with lazy_static
206 let _ = csrf_secret(); // load with lazy_static
207
02c7a755 208 let mut config = ApiConfig::new(
af06decd 209 pbs_buildcfg::JS_DIR,
26858dba
SR		 210 &proxmox_backup::api2::ROUTER,
211 RpcEnvironmentType::PUBLIC,
608806e8 212 ProxmoxBackupProxyAdapter,
26858dba 213 )?;
02c7a755 214
02c7a755
DM		 215 config.add_alias("novnc", "/usr/share/novnc-pve");
216 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 217 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 218 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
219 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 220 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 221 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 222 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 223
af06decd 224 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 225 indexpath.push("index.hbs");
226 config.register_template("index", &indexpath)?;
01ca99da 227 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 228
fd6d2438 229 let backup_user = pbs_config::backup_user()?;
49e25688 230 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 231
232 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
233 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 234
0d5d15c9 235 config.enable_access_log(
fd6d2438 236 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 237 Some(dir_opts.clone()),
238 Some(file_opts.clone()),
239 &mut commando_sock,
240 )?;
241
242 config.enable_auth_log(
243 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 244 Some(dir_opts.clone()),
245 Some(file_opts.clone()),
fd6d2438
DM		 246 &mut commando_sock,
247 )?;
8e7e2223 248
02c7a755 249 let rest_server = RestServer::new(config);
b9700a9f 250 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 251
6d1f61b2 252 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 253
4ce7da51 254 // we build the initial acceptor here as we cannot start if this fails
c381a162 255 let acceptor = make_tls_acceptor()?;
4ce7da51 256 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 257
4ce7da51 258 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 259 commando_sock.register_command(
260 "reload-certificate".to_string(),
261 {
4ce7da51 262 let acceptor = Arc::clone(&acceptor);
a723c087 263 move |_value| -> Result<_, Error> {
4ce7da51
DM		 264 log::info!("reloading certificate");
265 match make_tls_acceptor() {
266 Err(err) => log::error!("error reloading certificate: {}", err),
267 Ok(new_acceptor) => {
268 let mut guard = acceptor.lock().unwrap();
269 *guard = new_acceptor;
270 }
271 }
a723c087
WB		 272 Ok(Value::Null)
273 }
274 },
275 )?;
0d176f36 276
062cf75c
DC		 277 // to remove references for not configured datastores
278 commando_sock.register_command(
279 "datastore-removed".to_string(),
280 |_value| {
6d5d305d 281 if let Err(err) = DataStore::remove_unused_datastores() {
062cf75c
DC		 282 log::error!("could not refresh datastores: {}", err);
283 }
284 Ok(Value::Null)
285 }
286 )?;
287
a690ecac
WB		 288 let server = daemon::create_daemon(
289 ([0,0,0,0,0,0,0,0], 8007).into(),
d2654200 290 move |listener| {
97168f92 291
4ce7da51 292 let connections = accept_connections(listener, acceptor, debug);
7c667013 293 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd 294
d2654200
DM		 295 Ok(async {
296 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
297
298 hyper::Server::builder(connections)
083ff3fd 299 .serve(rest_server)
fd6d2438 300 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd 301 .map_err(Error::from)
d2654200
DM		 302 .await
303 })
a2ca7137 304 },
083ff3fd 305 );
a2ca7137 306
b9700a9f 307 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a 308
fda5797b 309 let init_result: Result<(), Error> = try_block!({
b9700a9f 310 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 311 commando_sock.spawn()?;
fd1b65cc
DM		 312 proxmox_rest_server::catch_shutdown_signal()?;
313 proxmox_rest_server::catch_reload_signal()?;
fda5797b
WB		 314 Ok(())
315 });
d607b886 316
fda5797b
WB		 317 if let Err(err) = init_result {
318 bail!("unable to start daemon - {}", err);
319 }
e3f41f21 320
8545480a 321 start_task_scheduler();
eaeda365 322 start_stat_generator();
8545480a 323
083ff3fd 324 server.await?;
a546a8a0 325 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 326 proxmox_rest_server::last_worker_future().await?;
fda5797b 327 log::info!("done - exit server");
e3f41f21 328
4223d9f8 329 Ok(())
02c7a755 330}
8545480a 331
4ce7da51 332fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 333 let key_path = configdir!("/proxy.key");
334 let cert_path = configdir!("/proxy.pem");
335
336 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
337 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
338 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
339 acceptor.set_certificate_chain_file(cert_path)
340 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
341 acceptor.check_private_key().unwrap();
342
4ce7da51 343 Ok(acceptor.build())
c381a162
WB		 344}
345
a5e3be49
WB		 346type ClientStreamResult =
347 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
348const MAX_PENDING_ACCEPTS: usize = 1024;
349
48aa2b93 350fn accept_connections(
0bfcea6a 351 listener: tokio::net::TcpListener,
4ce7da51 352 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 353 debug: bool,
a5e3be49 354) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 355
ea93bea7 356 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 357
4ce7da51 358 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 359
360 receiver
361}
362
363async fn accept_connection(
364 listener: tokio::net::TcpListener,
4ce7da51 365 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 366 debug: bool,
367 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
368) {
ea93bea7 369 let accept_counter = Arc::new(());
48aa2b93 370
a5e3be49 371 loop {
4ce7da51
DM		 372 let (sock, _addr) = match listener.accept().await {
373 Ok(conn) => conn,
374 Err(err) => {
375 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 376 continue;
a5e3be49 377 }
cc269b9f 378 };
48aa2b93 379
cc269b9f
WB		 380 sock.set_nodelay(true).unwrap();
381 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 382
4ce7da51
DM		 383 let ssl = { // limit acceptor_guard scope
384 // Acceptor can be reloaded using the command socket "reload-certificate" command
385 let acceptor_guard = acceptor.lock().unwrap();
386
387 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
388 Ok(ssl) => ssl,
389 Err(err) => {
390 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
391 continue;
392 },
393 }
cc269b9f 394 };
4ce7da51 395
cc269b9f
WB		 396 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
397 Ok(stream) => stream,
398 Err(err) => {
399 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
400 continue;
401 },
402 };
403
404 let mut stream = Box::pin(stream);
405 let sender = sender.clone();
406
407 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
408 eprintln!("connection rejected - to many open connections");
409 continue;
48aa2b93 410 }
cc269b9f 411
b4931192 412 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 413 tokio::spawn(async move {
414 let accept_future = tokio::time::timeout(
415 Duration::new(10, 0), stream.as_mut().accept());
416
417 let result = accept_future.await;
418
419 match result {
420 Ok(Ok(())) => {
421 if sender.send(Ok(stream)).await.is_err() && debug {
422 eprintln!("detect closed connection channel");
423 }
424 }
425 Ok(Err(err)) => {
426 if debug {
427 eprintln!("https handshake failed - {}", err);
428 }
429 }
430 Err(_) => {
431 if debug {
432 eprintln!("https handshake timeout");
433 }
434 }
435 }
436
437 drop(accept_counter); // decrease reference count
438 });
a5e3be49 439 }
48aa2b93
DM		 440}
441
eaeda365 442fn start_stat_generator() {
fd6d2438 443 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 444 let future = Box::pin(run_stat_generator());
445 let task = futures::future::select(future, abort_future);
446 tokio::spawn(task.map(|_| ()));
447}
448
8545480a 449fn start_task_scheduler() {
fd6d2438 450 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 451 let future = Box::pin(run_task_scheduler());
452 let task = futures::future::select(future, abort_future);
453 tokio::spawn(task.map(|_| ()));
454}
455
6a7be83e 456use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 457
458fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 459 let now = SystemTime::now();
460 let epoch_now = now.duration_since(UNIX_EPOCH)?;
461 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 462 Ok(Instant::now() + epoch_next - epoch_now)
463}
464
465async fn run_task_scheduler() {
466
467 let mut count: usize = 0;
468
469 loop {
470 count += 1;
471
472 let delay_target = match next_minute() { // try to run very minute
473 Ok(d) => d,
474 Err(err) => {
475 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 476 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 477 continue;
478 }
479 };
480
481 if count > 2 { // wait 1..2 minutes before starting
482 match schedule_tasks().catch_unwind().await {
483 Err(panic) => {
484 match panic.downcast::<&str>() {
485 Ok(msg) => {
486 eprintln!("task scheduler panic: {}", msg);
487 }
488 Err(_) => {
489 eprintln!("task scheduler panic - unknown type");
490 }
491 }
492 }
493 Ok(Err(err)) => {
494 eprintln!("task scheduler failed - {:?}", err);
495 }
496 Ok(Ok(_)) => {}
497 }
498 }
499
0a8d773a 500 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 501 }
502}
503
504async fn schedule_tasks() -> Result<(), Error> {
505
506 schedule_datastore_garbage_collection().await;
25829a87 507 schedule_datastore_prune().await;
a6160cdf 508 schedule_datastore_sync_jobs().await;
73df9c51 509 schedule_datastore_verify_jobs().await;
8513626b 510 schedule_tape_backup_jobs().await;
9a760917 511 schedule_task_log_rotate().await;
8545480a
DM		 512
513 Ok(())
514}
515
8545480a
DM		 516async fn schedule_datastore_garbage_collection() {
517
e7d4be9d 518 let config = match pbs_config::datastore::config() {
8545480a
DM		 519 Err(err) => {
520 eprintln!("unable to read datastore config - {}", err);
521 return;
522 }
523 Ok((config, _digest)) => config,
524 };
525
526 for (store, (_, store_config)) in config.sections {
527 let datastore = match DataStore::lookup_datastore(&store) {
528 Ok(datastore) => datastore,
529 Err(err) => {
530 eprintln!("lookup_datastore failed - {}", err);
531 continue;
532 }
533 };
534
25829a87 535 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 536 Ok(c) => c,
537 Err(err) => {
538 eprintln!("datastore config from_value failed - {}", err);
539 continue;
540 }
541 };
542
543 let event_str = match store_config.gc_schedule {
544 Some(event_str) => event_str,
545 None => continue,
546 };
547
548 let event = match parse_calendar_event(&event_str) {
549 Ok(event) => event,
550 Err(err) => {
551 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
552 continue;
553 }
554 };
555
556 if datastore.garbage_collection_running() { continue; }
557
558 let worker_type = "garbage_collection";
559
b6ba5acd
DC		 560 let last = match jobstate::last_run_time(worker_type, &store) {
561 Ok(time) => time,
562 Err(err) => {
563 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
564 continue;
8545480a
DM		 565 }
566 };
567
568 let next = match compute_next_event(&event, last, false) {
15ec790a
DC		 569 Ok(Some(next)) => next,
570 Ok(None) => continue,
8545480a
DM		 571 Err(err) => {
572 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
573 continue;
574 }
575 };
e693818a 576
6a7be83e
DM		 577 let now = proxmox::tools::time::epoch_i64();
578
8545480a
DM		 579 if next > now { continue; }
580
1cd951c9 581 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 582 Ok(job) => job,
583 Err(_) => continue, // could not get lock
584 };
585
ad54df31 586 let auth_id = Authid::root_auth_id();
d7a122a0 587
c724f658 588 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 589 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 590 }
591 }
592}
25829a87
DM		 593
594async fn schedule_datastore_prune() {
595
e7d4be9d 596 let config = match pbs_config::datastore::config() {
25829a87
DM		 597 Err(err) => {
598 eprintln!("unable to read datastore config - {}", err);
599 return;
600 }
601 Ok((config, _digest)) => config,
602 };
603
604 for (store, (_, store_config)) in config.sections {
25829a87
DM		 605
606 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
607 Ok(c) => c,
608 Err(err) => {
a6160cdf 609 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 610 continue;
611 }
612 };
613
614 let event_str = match store_config.prune_schedule {
615 Some(event_str) => event_str,
616 None => continue,
617 };
618
619 let prune_options = PruneOptions {
620 keep_last: store_config.keep_last,
621 keep_hourly: store_config.keep_hourly,
622 keep_daily: store_config.keep_daily,
623 keep_weekly: store_config.keep_weekly,
624 keep_monthly: store_config.keep_monthly,
625 keep_yearly: store_config.keep_yearly,
626 };
627
89725197 628 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 629 continue;
630 }
631
25829a87 632 let worker_type = "prune";
b15751bf 633 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 634 let job = match Job::new(worker_type, &store) {
635 Ok(job) => job,
636 Err(_) => continue, // could not get lock
637 };
25829a87 638
ad54df31 639 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 640 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
641 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 642 }
643 };
25829a87
DM		 644 }
645}
a6160cdf
DM		 646
647async fn schedule_datastore_sync_jobs() {
648
a6160cdf 649
a4e5a0fc 650 let config = match pbs_config::sync::config() {
a6160cdf
DM		 651 Err(err) => {
652 eprintln!("unable to read sync job config - {}", err);
653 return;
654 }
655 Ok((config, _digest)) => config,
656 };
657
a6160cdf
DM		 658 for (job_id, (_, job_config)) in config.sections {
659 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
660 Ok(c) => c,
661 Err(err) => {
662 eprintln!("sync job config from_value failed - {}", err);
663 continue;
664 }
665 };
666
667 let event_str = match job_config.schedule {
668 Some(ref event_str) => event_str.clone(),
669 None => continue,
670 };
671
c67b1fa7 672 let worker_type = "syncjob";
b15751bf 673 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 674 let job = match Job::new(worker_type, &job_id) {
675 Ok(job) => job,
676 Err(_) => continue, // could not get lock
677 };
a6160cdf 678
ad54df31 679 let auth_id = Authid::root_auth_id().clone();
bfa942c0 680 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 681 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 682 }
683 };
a6160cdf
DM		 684 }
685}
eaeda365 686
73df9c51 687async fn schedule_datastore_verify_jobs() {
1298618a 688
802189f7 689 let config = match pbs_config::verify::config() {
73df9c51
HL		 690 Err(err) => {
691 eprintln!("unable to read verification job config - {}", err);
692 return;
693 }
694 Ok((config, _digest)) => config,
695 };
696 for (job_id, (_, job_config)) in config.sections {
697 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
698 Ok(c) => c,
699 Err(err) => {
700 eprintln!("verification job config from_value failed - {}", err);
701 continue;
702 }
703 };
704 let event_str = match job_config.schedule {
705 Some(ref event_str) => event_str.clone(),
706 None => continue,
707 };
82c05b41 708
73df9c51 709 let worker_type = "verificationjob";
ad54df31 710 let auth_id = Authid::root_auth_id().clone();
b15751bf 711 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 712 let job = match Job::new(&worker_type, &job_id) {
713 Ok(job) => job,
714 Err(_) => continue, // could not get lock
715 };
bfa942c0 716 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 717 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 718 }
719 };
73df9c51
HL		 720 }
721}
722
8513626b
DM		 723async fn schedule_tape_backup_jobs() {
724
e3619d41 725 let config = match pbs_config::tape_job::config() {
8513626b
DM		 726 Err(err) => {
727 eprintln!("unable to read tape job config - {}", err);
728 return;
729 }
730 Ok((config, _digest)) => config,
731 };
732 for (job_id, (_, job_config)) in config.sections {
733 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
734 Ok(c) => c,
735 Err(err) => {
736 eprintln!("tape backup job config from_value failed - {}", err);
737 continue;
738 }
739 };
740 let event_str = match job_config.schedule {
741 Some(ref event_str) => event_str.clone(),
742 None => continue,
743 };
744
745 let worker_type = "tape-backup-job";
746 let auth_id = Authid::root_auth_id().clone();
747 if check_schedule(worker_type, &event_str, &job_id) {
748 let job = match Job::new(&worker_type, &job_id) {
749 Ok(job) => job,
750 Err(_) => continue, // could not get lock
751 };
bfa942c0 752 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 753 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 754 }
755 };
756 }
757}
758
759
9a760917 760async fn schedule_task_log_rotate() {
9a760917
DC		 761
762 let worker_type = "logrotate";
72aa1834 763 let job_id = "access-log_and_task-archive";
9a760917 764
9a760917
DC		 765 // schedule daily at 00:00 like normal logrotate
766 let schedule = "00:00";
767
b15751bf 768 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 769 // if we never ran the rotation, schedule instantly
770 match jobstate::JobState::load(worker_type, job_id) {
771 Ok(state) => match state {
772 jobstate::JobState::Created { .. } => {},
773 _ => return,
774 },
775 _ => return,
776 }
777 }
778
779 let mut job = match Job::new(worker_type, job_id) {
780 Ok(job) => job,
781 Err(_) => return, // could not get lock
782 };
783
784 if let Err(err) = WorkerTask::new_thread(
785 worker_type,
72aa1834 786 None,
049a22a3 787 Authid::root_auth_id().to_string(),
9a760917
DC		 788 false,
789 move |worker| {
790 job.start(&worker.upid().to_string())?;
1ec0d70d 791 task_log!(worker, "starting task log rotation");
e4f5f59e 792
9a760917 793 let result = try_block!({
b7f2be51
TL		 794 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
795 let max_files = 20; // times twenty files gives > 100000 task entries
9a760917
DC		 796 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
797 if has_rotated {
1ec0d70d 798 task_log!(worker, "task log archive was rotated");
9a760917 799 } else {
1ec0d70d 800 task_log!(worker, "task log archive was not rotated");
9a760917
DC		 801 }
802
fe4cc5b1
TL		 803 let max_size = 32 * 1024 * 1024 - 1;
804 let max_files = 14;
af06decd 805 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
fe4cc5b1
TL		 806 .ok_or_else(|| format_err!("could not get API access log file names"))?;
807
fe7bdc9d 808 if logrotate.rotate(max_size, None, Some(max_files))? {
fe4cc5b1 809 println!("rotated access log, telling daemons to re-open log file");
36b7085e 810 pbs_runtime::block_on(command_reopen_access_logfiles())?;
1ec0d70d 811 task_log!(worker, "API access log was rotated");
fe7bdc9d 812 } else {
1ec0d70d 813 task_log!(worker, "API access log was not rotated");
fe7bdc9d
TL		 814 }
815
af06decd 816 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
fe7bdc9d 817 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
fe4cc5b1 818
fe7bdc9d 819 if logrotate.rotate(max_size, None, Some(max_files))? {
36b7085e
DM		 820 println!("rotated auth log, telling daemons to re-open log file");
821 pbs_runtime::block_on(command_reopen_auth_logfiles())?;
1ec0d70d 822 task_log!(worker, "API authentication log was rotated");
fe4cc5b1 823 } else {
1ec0d70d 824 task_log!(worker, "API authentication log was not rotated");
fe4cc5b1
TL		 825 }
826
9a760917
DC		 827 Ok(())
828 });
829
830 let status = worker.create_state(&result);
831
832 if let Err(err) = job.finish(status) {
833 eprintln!("could not finish job state for {}: {}", worker_type, err);
834 }
835
836 result
837 },
838 ) {
839 eprintln!("unable to start task log rotation: {}", err);
840 }
841
842}
843
36b7085e 844async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 845 // only care about the most recent daemon instance for each, proxy & api, as other older ones
846 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 847 let sock = proxmox_rest_server::our_ctrl_sock();
fd6d2438 848 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 849
b9700a9f
DM		 850 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
851 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
fd6d2438 852 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 853
854 match futures::join!(f1, f2) {
855 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
856 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 857 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
858 _ => Ok(()),
859 }
860}
861
862async fn command_reopen_auth_logfiles() -> Result<(), Error> {
863 // only care about the most recent daemon instance for each, proxy & api, as other older ones
864 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 865 let sock = proxmox_rest_server::our_ctrl_sock();
36b7085e
DM		 866 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
867
b9700a9f
DM		 868 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
869 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
36b7085e
DM		 870 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
871
872 match futures::join!(f1, f2) {
873 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
874 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 875 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
876 _ => Ok(()),
877 }
fe4cc5b1
TL		 878}
879
eaeda365
DM		 880async fn run_stat_generator() {
881
013fa7bb 882 let mut count = 0;
eaeda365 883 loop {
013fa7bb 884 count += 1;
a720894f 885 let save = if count >= 6 { count = 0; true } else { false };
013fa7bb 886
eaeda365
DM		 887 let delay_target = Instant::now() + Duration::from_secs(10);
888
013fa7bb 889 generate_host_stats(save).await;
eaeda365 890
0a8d773a 891 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 892
893 }
eaeda365
DM		 894
895}
896
013fa7bb 897fn rrd_update_gauge(name: &str, value: f64, save: bool) {
309ef20d 898 use proxmox_backup::rrd;
013fa7bb 899 if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) {
309ef20d
DM		 900 eprintln!("rrd::update_value '{}' failed - {}", name, err);
901 }
902}
903
013fa7bb 904fn rrd_update_derive(name: &str, value: f64, save: bool) {
309ef20d 905 use proxmox_backup::rrd;
013fa7bb 906 if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) {
309ef20d
DM		 907 eprintln!("rrd::update_value '{}' failed - {}", name, err);
908 }
909}
910
013fa7bb 911async fn generate_host_stats(save: bool) {
8f0cec26 912 use proxmox::sys::linux::procfs::{
485841da 913 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 914
d420962f 915 pbs_runtime::block_in_place(move || {
4f951399
DM		 916
917 match read_proc_stat() {
918 Ok(stat) => {
013fa7bb
DM		 919 rrd_update_gauge("host/cpu", stat.cpu, save);
920 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
4f951399
DM		 921 }
922 Err(err) => {
923 eprintln!("read_proc_stat failed - {}", err);
eaeda365
DM		 924 }
925 }
2c66a590 926
4f951399
DM		 927 match read_meminfo() {
928 Ok(meminfo) => {
013fa7bb
DM		 929 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
930 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
931 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
932 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
a4a3f7ca 933 }
4f951399
DM		 934 Err(err) => {
935 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca
DM		 936 }
937 }
8f0cec26 938
4f951399
DM		 939 match read_proc_net_dev() {
940 Ok(netdev) => {
6f422880 941 use pbs_config::network::is_physical_nic;
4f951399
DM		 942 let mut netin = 0;
943 let mut netout = 0;
944 for item in netdev {
945 if !is_physical_nic(&item.device) { continue; }
946 netin += item.receive;
947 netout += item.send;
948 }
013fa7bb
DM		 949 rrd_update_derive("host/netin", netin as f64, save);
950 rrd_update_derive("host/netout", netout as f64, save);
8f0cec26 951 }
4f951399
DM		 952 Err(err) => {
953 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26
DM		 954 }
955 }
dd15c0aa 956
485841da
DM		 957 match read_loadavg() {
958 Ok(loadavg) => {
013fa7bb 959 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
485841da
DM		 960 }
961 Err(err) => {
962 eprintln!("read_loadavg failed - {}", err);
963 }
964 }
965
8c03041a
DM		 966 let disk_manager = DiskManage::new();
967
013fa7bb 968 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
91e5bb49 969
e7d4be9d 970 match pbs_config::datastore::config() {
d0833a70 971 Ok((config, _)) => {
e7d4be9d 972 let datastore_list: Vec<DataStoreConfig> =
17c7b46a 973 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70
DM		 974
975 for config in datastore_list {
8c03041a 976
91e5bb49 977 let rrd_prefix = format!("datastore/{}", config.name);
8c03041a 978 let path = std::path::Path::new(&config.path);
013fa7bb 979 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
d0833a70
DM		 980 }
981 }
982 Err(err) => {
983 eprintln!("read datastore config failed - {}", err);
984 }
985 }
986
4f951399 987 });
eaeda365 988}
dd15c0aa 989
b15751bf
DM		 990fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
991 let event = match parse_calendar_event(event_str) {
82c05b41
HL		 992 Ok(event) => event,
993 Err(err) => {
994 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
995 return false;
996 }
997 };
998
b15751bf 999 let last = match jobstate::last_run_time(worker_type, &id) {
82c05b41
HL		 1000 Ok(time) => time,
1001 Err(err) => {
1002 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
1003 return false;
1004 }
1005 };
1006
1007 let next = match compute_next_event(&event, last, false) {
1008 Ok(Some(next)) => next,
1009 Ok(None) => return false,
1010 Err(err) => {
1011 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
1012 return false;
1013 }
1014 };
1015
1016 let now = proxmox::tools::time::epoch_i64();
1017 next <= now
1018}
1019
013fa7bb 1020fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
91e5bb49 1021
934f5bb8 1022 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 1023 Ok(status) => {
91e5bb49 1024 let rrd_key = format!("{}/total", rrd_prefix);
33070956 1025 rrd_update_gauge(&rrd_key, status.total as f64, save);
91e5bb49 1026 let rrd_key = format!("{}/used", rrd_prefix);
33070956 1027 rrd_update_gauge(&rrd_key, status.used as f64, save);
91e5bb49
DM		 1028 }
1029 Err(err) => {
1030 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1031 }
1032 }
1033
934f5bb8
DM		 1034 match disk_manager.find_mounted_device(path) {
1035 Ok(None) => {},
1036 Ok(Some((fs_type, device, source))) => {
1037 let mut device_stat = None;
1038 match fs_type.as_str() {
1039 "zfs" => {
368f4c54
DC		 1040 if let Some(source) = source {
1041 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1042 match zfs_pool_stats(pool) {
934f5bb8
DM		 1043 Ok(stat) => device_stat = stat,
1044 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
91e5bb49
DM		 1045 }
1046 }
934f5bb8
DM		 1047 }
1048 _ => {
1049 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1050 match disk.read_stat() {
1051 Ok(stat) => device_stat = stat,
1052 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1053 }
1054 }
1055 }
91e5bb49 1056 }
934f5bb8
DM		 1057 if let Some(stat) = device_stat {
1058 let rrd_key = format!("{}/read_ios", rrd_prefix);
1059 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
1060 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1061 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
dd15c0aa 1062
934f5bb8
DM		 1063 let rrd_key = format!("{}/write_ios", rrd_prefix);
1064 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
1065 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1066 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
dd15c0aa 1067
934f5bb8
DM		 1068 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1069 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
8c03041a
DM		 1070 }
1071 }
934f5bb8
DM		 1072 Err(err) => {
1073 eprintln!("find_mounted_device failed - {}", err);
1074 }
8c03041a 1075 }
8c03041a 1076}
Proxmox Backup Server and Client