]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
move worker_task.rs into proxmox-rest-server crate
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
a2479cfa 4
f7d4e4b5 5use anyhow::{bail, format_err, Error};
a2479cfa 6use futures::*;
7fa9a37c
DM		 7use http::request::Parts;
8use http::Response;
9use hyper::{Body, StatusCode};
10use hyper::header;
11use url::form_urlencoded;
ea368a06 12
a2479cfa 13use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 14use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 15use serde_json::{json, Value};
a2479cfa 16
9ea4bce4 17use proxmox::try_block;
a2479cfa 18use proxmox::api::RpcEnvironmentType;
32413921 19use proxmox::sys::linux::socket::set_tcp_keepalive;
fd6d2438
DM		 20use proxmox::tools::fs::CreateOptions;
21
b9700a9f 22use proxmox_rest_server::{rotate_task_log_archive, ApiConfig, RestServer, WorkerTask};
a2479cfa 23
1298618a
DM		 24use proxmox_backup::{
25 backup::DataStore,
26 server::{
26858dba 27 auth::default_api_auth,
1298618a
DM		 28 jobstate::{
29 self,
30 Job,
31 },
1298618a 32 },
1298618a
DM		 33};
34
af06decd 35use pbs_buildcfg::configdir;
84af82e8 36use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
6c76aa43 37use pbs_tools::logrotate::LogRotate;
1298618a 38
89725197
DM		 39use pbs_api_types::{
40 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
41 PruneOptions,
42};
e7d4be9d 43
8bca935f
DM		 44use proxmox_rest_server::daemon;
45
e3f41f21 46use proxmox_backup::server;
d01e2420 47use proxmox_backup::auth_helpers::*;
97168f92 48use proxmox_backup::tools::{
32413921 49 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 50 disks::{
51 DiskManage,
52 zfs_pool_stats,
368f4c54 53 get_pool_from_dataset,
97168f92 54 },
97168f92 55};
02c7a755 56
e7d4be9d 57
a13573c2 58use proxmox_backup::api2::pull::do_sync_job;
8513626b 59use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 60use proxmox_backup::server::do_verification_job;
b8d90798 61use proxmox_backup::server::do_prune_job;
a13573c2 62
946c3e8a 63fn main() -> Result<(), Error> {
ac7513e3
DM		 64 proxmox_backup::tools::setup_safe_path_env();
65
21211748
DM		 66 let backup_uid = pbs_config::backup_user()?.uid;
67 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 68 let running_uid = nix::unistd::Uid::effective();
69 let running_gid = nix::unistd::Gid::effective();
70
71 if running_uid != backup_uid || running_gid != backup_gid {
72 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
73 }
74
d420962f 75 pbs_runtime::main(run())
4223d9f8
DM		 76}
77
7fa9a37c
DM		 78fn get_index(
79 auth_id: Option<String>,
80 language: Option<String>,
81 api: &ApiConfig,
82 parts: Parts,
83) -> Response<Body> {
84
85 let (userid, csrf_token) = match auth_id {
86 Some(auth_id) => {
87 let auth_id = auth_id.parse::<Authid>();
88 match auth_id {
89 Ok(auth_id) if !auth_id.is_token() => {
90 let userid = auth_id.user().clone();
91 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
92 (Some(userid), Some(new_csrf_token))
93 }
94 _ => (None, None)
95 }
96 }
97 None => (None, None),
98 };
99
100 let nodename = proxmox::tools::nodename();
101 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
102
103 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
104
105 let mut debug = false;
106 let mut template_file = "index";
107
108 if let Some(query_str) = parts.uri.query() {
109 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
110 if k == "debug" && v != "0" && v != "false" {
111 debug = true;
112 } else if k == "console" {
113 template_file = "console";
114 }
115 }
116 }
117
118 let mut lang = String::from("");
119 if let Some(language) = language {
120 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
121 lang = language;
122 }
123 }
124
125 let data = json!({
126 "NodeName": nodename,
127 "UserName": user,
128 "CSRFPreventionToken": csrf_token,
129 "language": lang,
130 "debug": debug,
131 });
132
133 let (ct, index) = match api.render_template(template_file, &data) {
134 Ok(index) => ("text/html", index),
135 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
136 };
137
138 let mut resp = Response::builder()
139 .status(StatusCode::OK)
140 .header(header::CONTENT_TYPE, ct)
141 .body(index.into())
142 .unwrap();
143
144 if let Some(userid) = userid {
145 resp.extensions_mut().insert(Authid::from((userid, None)));
146 }
147
148 resp
149}
150
fda5797b 151async fn run() -> Result<(), Error> {
02c7a755
DM		 152 if let Err(err) = syslog::init(
153 syslog::Facility::LOG_DAEMON,
154 log::LevelFilter::Info,
155 Some("proxmox-backup-proxy")) {
4223d9f8 156 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 157 }
158
e1d367df
DM		 159 // Note: To debug early connection error use
160 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
161 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
162
d01e2420
DM		 163 let _ = public_auth_key(); // load with lazy_static
164 let _ = csrf_secret(); // load with lazy_static
165
02c7a755 166 let mut config = ApiConfig::new(
af06decd 167 pbs_buildcfg::JS_DIR,
26858dba
SR		 168 &proxmox_backup::api2::ROUTER,
169 RpcEnvironmentType::PUBLIC,
170 default_api_auth(),
7fa9a37c 171 get_index,
26858dba 172 )?;
02c7a755 173
02c7a755
DM		 174 config.add_alias("novnc", "/usr/share/novnc-pve");
175 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 176 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 177 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
178 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 179 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 180 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 181 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 182
af06decd 183 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 184 indexpath.push("index.hbs");
185 config.register_template("index", &indexpath)?;
01ca99da 186 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 187
fd6d2438 188 let backup_user = pbs_config::backup_user()?;
b9700a9f 189 let mut commando_sock = proxmox_rest_server::CommandoSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 190
191 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
192 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 193
fd6d2438
DM		 194 config.enable_file_log(
195 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 196 Some(dir_opts.clone()),
197 Some(file_opts.clone()),
198 &mut commando_sock,
199 )?;
200
201 config.enable_auth_log(
202 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 203 Some(dir_opts.clone()),
204 Some(file_opts.clone()),
fd6d2438
DM		 205 &mut commando_sock,
206 )?;
8e7e2223 207
02c7a755 208 let rest_server = RestServer::new(config);
b9700a9f 209 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 210
6d1f61b2 211 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 212
4ce7da51 213 // we build the initial acceptor here as we cannot start if this fails
c381a162 214 let acceptor = make_tls_acceptor()?;
4ce7da51 215 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 216
4ce7da51 217 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 218 commando_sock.register_command(
219 "reload-certificate".to_string(),
220 {
4ce7da51 221 let acceptor = Arc::clone(&acceptor);
a723c087 222 move |_value| -> Result<_, Error> {
4ce7da51
DM		 223 log::info!("reloading certificate");
224 match make_tls_acceptor() {
225 Err(err) => log::error!("error reloading certificate: {}", err),
226 Ok(new_acceptor) => {
227 let mut guard = acceptor.lock().unwrap();
228 *guard = new_acceptor;
229 }
230 }
a723c087
WB		 231 Ok(Value::Null)
232 }
233 },
234 )?;
0d176f36 235
062cf75c
DC		 236 // to remove references for not configured datastores
237 commando_sock.register_command(
238 "datastore-removed".to_string(),
239 |_value| {
240 if let Err(err) = proxmox_backup::backup::DataStore::remove_unused_datastores() {
241 log::error!("could not refresh datastores: {}", err);
242 }
243 Ok(Value::Null)
244 }
245 )?;
246
a690ecac
WB		 247 let server = daemon::create_daemon(
248 ([0,0,0,0,0,0,0,0], 8007).into(),
a723c087 249 move |listener, ready| {
97168f92 250
4ce7da51 251 let connections = accept_connections(listener, acceptor, debug);
7c667013 252 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd
WB		 253
254 Ok(ready
48aa2b93 255 .and_then(|_| hyper::Server::builder(connections)
083ff3fd 256 .serve(rest_server)
fd6d2438 257 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd
WB		 258 .map_err(Error::from)
259 )
260 .map_err(|err| eprintln!("server error: {}", err))
261 .map(|_| ())
a690ecac 262 )
a2ca7137 263 },
d7c6ad60 264 "proxmox-backup-proxy.service",
083ff3fd 265 );
a2ca7137 266
b9700a9f 267 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a
WB		 268 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
269
fda5797b 270 let init_result: Result<(), Error> = try_block!({
b9700a9f 271 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 272 commando_sock.spawn()?;
fd6d2438 273 proxmox_rest_server::server_state_init()?;
fda5797b
WB		 274 Ok(())
275 });
d607b886 276
fda5797b
WB		 277 if let Err(err) = init_result {
278 bail!("unable to start daemon - {}", err);
279 }
e3f41f21 280
8545480a 281 start_task_scheduler();
eaeda365 282 start_stat_generator();
8545480a 283
083ff3fd 284 server.await?;
a546a8a0 285 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 286 proxmox_rest_server::last_worker_future().await?;
fda5797b 287 log::info!("done - exit server");
e3f41f21 288
4223d9f8 289 Ok(())
02c7a755 290}
8545480a 291
4ce7da51 292fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 293 let key_path = configdir!("/proxy.key");
294 let cert_path = configdir!("/proxy.pem");
295
296 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
297 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
298 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
299 acceptor.set_certificate_chain_file(cert_path)
300 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
301 acceptor.check_private_key().unwrap();
302
4ce7da51 303 Ok(acceptor.build())
c381a162
WB		 304}
305
a5e3be49
WB		 306type ClientStreamResult =
307 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
308const MAX_PENDING_ACCEPTS: usize = 1024;
309
48aa2b93 310fn accept_connections(
0bfcea6a 311 listener: tokio::net::TcpListener,
4ce7da51 312 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 313 debug: bool,
a5e3be49 314) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 315
ea93bea7 316 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 317
4ce7da51 318 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 319
320 receiver
321}
322
323async fn accept_connection(
324 listener: tokio::net::TcpListener,
4ce7da51 325 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 326 debug: bool,
327 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
328) {
ea93bea7 329 let accept_counter = Arc::new(());
48aa2b93 330
a5e3be49 331 loop {
4ce7da51
DM		 332 let (sock, _addr) = match listener.accept().await {
333 Ok(conn) => conn,
334 Err(err) => {
335 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 336 continue;
a5e3be49 337 }
cc269b9f 338 };
48aa2b93 339
cc269b9f
WB		 340 sock.set_nodelay(true).unwrap();
341 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 342
4ce7da51
DM		 343 let ssl = { // limit acceptor_guard scope
344 // Acceptor can be reloaded using the command socket "reload-certificate" command
345 let acceptor_guard = acceptor.lock().unwrap();
346
347 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
348 Ok(ssl) => ssl,
349 Err(err) => {
350 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
351 continue;
352 },
353 }
cc269b9f 354 };
4ce7da51 355
cc269b9f
WB		 356 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
357 Ok(stream) => stream,
358 Err(err) => {
359 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
360 continue;
361 },
362 };
363
364 let mut stream = Box::pin(stream);
365 let sender = sender.clone();
366
367 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
368 eprintln!("connection rejected - to many open connections");
369 continue;
48aa2b93 370 }
cc269b9f 371
b4931192 372 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 373 tokio::spawn(async move {
374 let accept_future = tokio::time::timeout(
375 Duration::new(10, 0), stream.as_mut().accept());
376
377 let result = accept_future.await;
378
379 match result {
380 Ok(Ok(())) => {
381 if sender.send(Ok(stream)).await.is_err() && debug {
382 eprintln!("detect closed connection channel");
383 }
384 }
385 Ok(Err(err)) => {
386 if debug {
387 eprintln!("https handshake failed - {}", err);
388 }
389 }
390 Err(_) => {
391 if debug {
392 eprintln!("https handshake timeout");
393 }
394 }
395 }
396
397 drop(accept_counter); // decrease reference count
398 });
a5e3be49 399 }
48aa2b93
DM		 400}
401
eaeda365 402fn start_stat_generator() {
fd6d2438 403 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 404 let future = Box::pin(run_stat_generator());
405 let task = futures::future::select(future, abort_future);
406 tokio::spawn(task.map(|_| ()));
407}
408
8545480a 409fn start_task_scheduler() {
fd6d2438 410 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 411 let future = Box::pin(run_task_scheduler());
412 let task = futures::future::select(future, abort_future);
413 tokio::spawn(task.map(|_| ()));
414}
415
6a7be83e 416use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 417
418fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 419 let now = SystemTime::now();
420 let epoch_now = now.duration_since(UNIX_EPOCH)?;
421 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 422 Ok(Instant::now() + epoch_next - epoch_now)
423}
424
425async fn run_task_scheduler() {
426
427 let mut count: usize = 0;
428
429 loop {
430 count += 1;
431
432 let delay_target = match next_minute() { // try to run very minute
433 Ok(d) => d,
434 Err(err) => {
435 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 436 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 437 continue;
438 }
439 };
440
441 if count > 2 { // wait 1..2 minutes before starting
442 match schedule_tasks().catch_unwind().await {
443 Err(panic) => {
444 match panic.downcast::<&str>() {
445 Ok(msg) => {
446 eprintln!("task scheduler panic: {}", msg);
447 }
448 Err(_) => {
449 eprintln!("task scheduler panic - unknown type");
450 }
451 }
452 }
453 Ok(Err(err)) => {
454 eprintln!("task scheduler failed - {:?}", err);
455 }
456 Ok(Ok(_)) => {}
457 }
458 }
459
0a8d773a 460 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 461 }
462}
463
464async fn schedule_tasks() -> Result<(), Error> {
465
466 schedule_datastore_garbage_collection().await;
25829a87 467 schedule_datastore_prune().await;
a6160cdf 468 schedule_datastore_sync_jobs().await;
73df9c51 469 schedule_datastore_verify_jobs().await;
8513626b 470 schedule_tape_backup_jobs().await;
9a760917 471 schedule_task_log_rotate().await;
8545480a
DM		 472
473 Ok(())
474}
475
8545480a
DM		 476async fn schedule_datastore_garbage_collection() {
477
e7d4be9d 478 let config = match pbs_config::datastore::config() {
8545480a
DM		 479 Err(err) => {
480 eprintln!("unable to read datastore config - {}", err);
481 return;
482 }
483 Ok((config, _digest)) => config,
484 };
485
486 for (store, (_, store_config)) in config.sections {
487 let datastore = match DataStore::lookup_datastore(&store) {
488 Ok(datastore) => datastore,
489 Err(err) => {
490 eprintln!("lookup_datastore failed - {}", err);
491 continue;
492 }
493 };
494
25829a87 495 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 496 Ok(c) => c,
497 Err(err) => {
498 eprintln!("datastore config from_value failed - {}", err);
499 continue;
500 }
501 };
502
503 let event_str = match store_config.gc_schedule {
504 Some(event_str) => event_str,
505 None => continue,
506 };
507
508 let event = match parse_calendar_event(&event_str) {
509 Ok(event) => event,
510 Err(err) => {
511 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
512 continue;
513 }
514 };
515
516 if datastore.garbage_collection_running() { continue; }
517
518 let worker_type = "garbage_collection";
519
b6ba5acd
DC		 520 let last = match jobstate::last_run_time(worker_type, &store) {
521 Ok(time) => time,
522 Err(err) => {
523 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
524 continue;
8545480a
DM		 525 }
526 };
527
528 let next = match compute_next_event(&event, last, false) {
15ec790a
DC		 529 Ok(Some(next)) => next,
530 Ok(None) => continue,
8545480a
DM		 531 Err(err) => {
532 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
533 continue;
534 }
535 };
e693818a 536
6a7be83e
DM		 537 let now = proxmox::tools::time::epoch_i64();
538
8545480a
DM		 539 if next > now { continue; }
540
1cd951c9 541 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 542 Ok(job) => job,
543 Err(_) => continue, // could not get lock
544 };
545
ad54df31 546 let auth_id = Authid::root_auth_id();
d7a122a0 547
c724f658 548 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 549 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 550 }
551 }
552}
25829a87
DM		 553
554async fn schedule_datastore_prune() {
555
e7d4be9d 556 let config = match pbs_config::datastore::config() {
25829a87
DM		 557 Err(err) => {
558 eprintln!("unable to read datastore config - {}", err);
559 return;
560 }
561 Ok((config, _digest)) => config,
562 };
563
564 for (store, (_, store_config)) in config.sections {
25829a87
DM		 565
566 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
567 Ok(c) => c,
568 Err(err) => {
a6160cdf 569 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 570 continue;
571 }
572 };
573
574 let event_str = match store_config.prune_schedule {
575 Some(event_str) => event_str,
576 None => continue,
577 };
578
579 let prune_options = PruneOptions {
580 keep_last: store_config.keep_last,
581 keep_hourly: store_config.keep_hourly,
582 keep_daily: store_config.keep_daily,
583 keep_weekly: store_config.keep_weekly,
584 keep_monthly: store_config.keep_monthly,
585 keep_yearly: store_config.keep_yearly,
586 };
587
89725197 588 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 589 continue;
590 }
591
25829a87 592 let worker_type = "prune";
b15751bf 593 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 594 let job = match Job::new(worker_type, &store) {
595 Ok(job) => job,
596 Err(_) => continue, // could not get lock
597 };
25829a87 598
ad54df31 599 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 600 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
601 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 602 }
603 };
25829a87
DM		 604 }
605}
a6160cdf
DM		 606
607async fn schedule_datastore_sync_jobs() {
608
a6160cdf 609
a4e5a0fc 610 let config = match pbs_config::sync::config() {
a6160cdf
DM		 611 Err(err) => {
612 eprintln!("unable to read sync job config - {}", err);
613 return;
614 }
615 Ok((config, _digest)) => config,
616 };
617
a6160cdf
DM		 618 for (job_id, (_, job_config)) in config.sections {
619 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
620 Ok(c) => c,
621 Err(err) => {
622 eprintln!("sync job config from_value failed - {}", err);
623 continue;
624 }
625 };
626
627 let event_str = match job_config.schedule {
628 Some(ref event_str) => event_str.clone(),
629 None => continue,
630 };
631
c67b1fa7 632 let worker_type = "syncjob";
b15751bf 633 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 634 let job = match Job::new(worker_type, &job_id) {
635 Ok(job) => job,
636 Err(_) => continue, // could not get lock
637 };
a6160cdf 638
ad54df31 639 let auth_id = Authid::root_auth_id().clone();
bfa942c0 640 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 641 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 642 }
643 };
a6160cdf
DM		 644 }
645}
eaeda365 646
73df9c51 647async fn schedule_datastore_verify_jobs() {
1298618a 648
802189f7 649 let config = match pbs_config::verify::config() {
73df9c51
HL		 650 Err(err) => {
651 eprintln!("unable to read verification job config - {}", err);
652 return;
653 }
654 Ok((config, _digest)) => config,
655 };
656 for (job_id, (_, job_config)) in config.sections {
657 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
658 Ok(c) => c,
659 Err(err) => {
660 eprintln!("verification job config from_value failed - {}", err);
661 continue;
662 }
663 };
664 let event_str = match job_config.schedule {
665 Some(ref event_str) => event_str.clone(),
666 None => continue,
667 };
82c05b41 668
73df9c51 669 let worker_type = "verificationjob";
ad54df31 670 let auth_id = Authid::root_auth_id().clone();
b15751bf 671 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 672 let job = match Job::new(&worker_type, &job_id) {
673 Ok(job) => job,
674 Err(_) => continue, // could not get lock
675 };
bfa942c0 676 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 677 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 678 }
679 };
73df9c51
HL		 680 }
681}
682
8513626b
DM		 683async fn schedule_tape_backup_jobs() {
684
e3619d41 685 let config = match pbs_config::tape_job::config() {
8513626b
DM		 686 Err(err) => {
687 eprintln!("unable to read tape job config - {}", err);
688 return;
689 }
690 Ok((config, _digest)) => config,
691 };
692 for (job_id, (_, job_config)) in config.sections {
693 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
694 Ok(c) => c,
695 Err(err) => {
696 eprintln!("tape backup job config from_value failed - {}", err);
697 continue;
698 }
699 };
700 let event_str = match job_config.schedule {
701 Some(ref event_str) => event_str.clone(),
702 None => continue,
703 };
704
705 let worker_type = "tape-backup-job";
706 let auth_id = Authid::root_auth_id().clone();
707 if check_schedule(worker_type, &event_str, &job_id) {
708 let job = match Job::new(&worker_type, &job_id) {
709 Ok(job) => job,
710 Err(_) => continue, // could not get lock
711 };
bfa942c0 712 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 713 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 714 }
715 };
716 }
717}
718
719
9a760917 720async fn schedule_task_log_rotate() {
9a760917
DC		 721
722 let worker_type = "logrotate";
72aa1834 723 let job_id = "access-log_and_task-archive";
9a760917 724
9a760917
DC		 725 // schedule daily at 00:00 like normal logrotate
726 let schedule = "00:00";
727
b15751bf 728 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 729 // if we never ran the rotation, schedule instantly
730 match jobstate::JobState::load(worker_type, job_id) {
731 Ok(state) => match state {
732 jobstate::JobState::Created { .. } => {},
733 _ => return,
734 },
735 _ => return,
736 }
737 }
738
739 let mut job = match Job::new(worker_type, job_id) {
740 Ok(job) => job,
741 Err(_) => return, // could not get lock
742 };
743
744 if let Err(err) = WorkerTask::new_thread(
745 worker_type,
72aa1834 746 None,
049a22a3 747 Authid::root_auth_id().to_string(),
9a760917
DC		 748 false,
749 move |worker| {
750 job.start(&worker.upid().to_string())?;
3b82f3ee 751 worker.log("starting task log rotation".to_string());
e4f5f59e 752
9a760917 753 let result = try_block!({
b7f2be51
TL		 754 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
755 let max_files = 20; // times twenty files gives > 100000 task entries
9a760917
DC		 756 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
757 if has_rotated {
3b82f3ee 758 worker.log("task log archive was rotated".to_string());
9a760917 759 } else {
3b82f3ee 760 worker.log("task log archive was not rotated".to_string());
9a760917
DC		 761 }
762
fe4cc5b1
TL		 763 let max_size = 32 * 1024 * 1024 - 1;
764 let max_files = 14;
af06decd 765 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
fe4cc5b1
TL		 766 .ok_or_else(|| format_err!("could not get API access log file names"))?;
767
fe7bdc9d 768 if logrotate.rotate(max_size, None, Some(max_files))? {
fe4cc5b1 769 println!("rotated access log, telling daemons to re-open log file");
36b7085e 770 pbs_runtime::block_on(command_reopen_access_logfiles())?;
3b82f3ee 771 worker.log("API access log was rotated".to_string());
fe7bdc9d 772 } else {
3b82f3ee 773 worker.log("API access log was not rotated".to_string());
fe7bdc9d
TL		 774 }
775
af06decd 776 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
fe7bdc9d 777 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
fe4cc5b1 778
fe7bdc9d 779 if logrotate.rotate(max_size, None, Some(max_files))? {
36b7085e
DM		 780 println!("rotated auth log, telling daemons to re-open log file");
781 pbs_runtime::block_on(command_reopen_auth_logfiles())?;
3b82f3ee 782 worker.log("API authentication log was rotated".to_string());
fe4cc5b1 783 } else {
3b82f3ee 784 worker.log("API authentication log was not rotated".to_string());
fe4cc5b1
TL		 785 }
786
9a760917
DC		 787 Ok(())
788 });
789
790 let status = worker.create_state(&result);
791
792 if let Err(err) = job.finish(status) {
793 eprintln!("could not finish job state for {}: {}", worker_type, err);
794 }
795
796 result
797 },
798 ) {
799 eprintln!("unable to start task log rotation: {}", err);
800 }
801
802}
803
36b7085e 804async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 805 // only care about the most recent daemon instance for each, proxy & api, as other older ones
806 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 807 let sock = proxmox_rest_server::our_ctrl_sock();
fd6d2438 808 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 809
b9700a9f
DM		 810 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
811 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
fd6d2438 812 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 813
814 match futures::join!(f1, f2) {
815 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
816 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 817 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
818 _ => Ok(()),
819 }
820}
821
822async fn command_reopen_auth_logfiles() -> Result<(), Error> {
823 // only care about the most recent daemon instance for each, proxy & api, as other older ones
824 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 825 let sock = proxmox_rest_server::our_ctrl_sock();
36b7085e
DM		 826 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
827
b9700a9f
DM		 828 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
829 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
36b7085e
DM		 830 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
831
832 match futures::join!(f1, f2) {
833 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
834 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 835 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
836 _ => Ok(()),
837 }
fe4cc5b1
TL		 838}
839
eaeda365
DM		 840async fn run_stat_generator() {
841
013fa7bb 842 let mut count = 0;
eaeda365 843 loop {
013fa7bb 844 count += 1;
a720894f 845 let save = if count >= 6 { count = 0; true } else { false };
013fa7bb 846
eaeda365
DM		 847 let delay_target = Instant::now() + Duration::from_secs(10);
848
013fa7bb 849 generate_host_stats(save).await;
eaeda365 850
0a8d773a 851 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 852
853 }
eaeda365
DM		 854
855}
856
013fa7bb 857fn rrd_update_gauge(name: &str, value: f64, save: bool) {
309ef20d 858 use proxmox_backup::rrd;
013fa7bb 859 if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) {
309ef20d
DM		 860 eprintln!("rrd::update_value '{}' failed - {}", name, err);
861 }
862}
863
013fa7bb 864fn rrd_update_derive(name: &str, value: f64, save: bool) {
309ef20d 865 use proxmox_backup::rrd;
013fa7bb 866 if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) {
309ef20d
DM		 867 eprintln!("rrd::update_value '{}' failed - {}", name, err);
868 }
869}
870
013fa7bb 871async fn generate_host_stats(save: bool) {
8f0cec26 872 use proxmox::sys::linux::procfs::{
485841da 873 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 874
d420962f 875 pbs_runtime::block_in_place(move || {
4f951399
DM		 876
877 match read_proc_stat() {
878 Ok(stat) => {
013fa7bb
DM		 879 rrd_update_gauge("host/cpu", stat.cpu, save);
880 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
4f951399
DM		 881 }
882 Err(err) => {
883 eprintln!("read_proc_stat failed - {}", err);
eaeda365
DM		 884 }
885 }
2c66a590 886
4f951399
DM		 887 match read_meminfo() {
888 Ok(meminfo) => {
013fa7bb
DM		 889 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
890 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
891 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
892 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
a4a3f7ca 893 }
4f951399
DM		 894 Err(err) => {
895 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca
DM		 896 }
897 }
8f0cec26 898
4f951399
DM		 899 match read_proc_net_dev() {
900 Ok(netdev) => {
6f422880 901 use pbs_config::network::is_physical_nic;
4f951399
DM		 902 let mut netin = 0;
903 let mut netout = 0;
904 for item in netdev {
905 if !is_physical_nic(&item.device) { continue; }
906 netin += item.receive;
907 netout += item.send;
908 }
013fa7bb
DM		 909 rrd_update_derive("host/netin", netin as f64, save);
910 rrd_update_derive("host/netout", netout as f64, save);
8f0cec26 911 }
4f951399
DM		 912 Err(err) => {
913 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26
DM		 914 }
915 }
dd15c0aa 916
485841da
DM		 917 match read_loadavg() {
918 Ok(loadavg) => {
013fa7bb 919 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
485841da
DM		 920 }
921 Err(err) => {
922 eprintln!("read_loadavg failed - {}", err);
923 }
924 }
925
8c03041a
DM		 926 let disk_manager = DiskManage::new();
927
013fa7bb 928 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
91e5bb49 929
e7d4be9d 930 match pbs_config::datastore::config() {
d0833a70 931 Ok((config, _)) => {
e7d4be9d 932 let datastore_list: Vec<DataStoreConfig> =
17c7b46a 933 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70
DM		 934
935 for config in datastore_list {
8c03041a 936
91e5bb49 937 let rrd_prefix = format!("datastore/{}", config.name);
8c03041a 938 let path = std::path::Path::new(&config.path);
013fa7bb 939 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
d0833a70
DM		 940 }
941 }
942 Err(err) => {
943 eprintln!("read datastore config failed - {}", err);
944 }
945 }
946
4f951399 947 });
eaeda365 948}
dd15c0aa 949
b15751bf
DM		 950fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
951 let event = match parse_calendar_event(event_str) {
82c05b41
HL		 952 Ok(event) => event,
953 Err(err) => {
954 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
955 return false;
956 }
957 };
958
b15751bf 959 let last = match jobstate::last_run_time(worker_type, &id) {
82c05b41
HL		 960 Ok(time) => time,
961 Err(err) => {
962 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
963 return false;
964 }
965 };
966
967 let next = match compute_next_event(&event, last, false) {
968 Ok(Some(next)) => next,
969 Ok(None) => return false,
970 Err(err) => {
971 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
972 return false;
973 }
974 };
975
976 let now = proxmox::tools::time::epoch_i64();
977 next <= now
978}
979
013fa7bb 980fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
91e5bb49 981
934f5bb8 982 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 983 Ok(status) => {
91e5bb49 984 let rrd_key = format!("{}/total", rrd_prefix);
33070956 985 rrd_update_gauge(&rrd_key, status.total as f64, save);
91e5bb49 986 let rrd_key = format!("{}/used", rrd_prefix);
33070956 987 rrd_update_gauge(&rrd_key, status.used as f64, save);
91e5bb49
DM		 988 }
989 Err(err) => {
990 eprintln!("read disk_usage on {:?} failed - {}", path, err);
991 }
992 }
993
934f5bb8
DM		 994 match disk_manager.find_mounted_device(path) {
995 Ok(None) => {},
996 Ok(Some((fs_type, device, source))) => {
997 let mut device_stat = None;
998 match fs_type.as_str() {
999 "zfs" => {
368f4c54
DC		 1000 if let Some(source) = source {
1001 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1002 match zfs_pool_stats(pool) {
934f5bb8
DM		 1003 Ok(stat) => device_stat = stat,
1004 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
91e5bb49
DM		 1005 }
1006 }
934f5bb8
DM		 1007 }
1008 _ => {
1009 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1010 match disk.read_stat() {
1011 Ok(stat) => device_stat = stat,
1012 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1013 }
1014 }
1015 }
91e5bb49 1016 }
934f5bb8
DM		 1017 if let Some(stat) = device_stat {
1018 let rrd_key = format!("{}/read_ios", rrd_prefix);
1019 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
1020 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1021 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
dd15c0aa 1022
934f5bb8
DM		 1023 let rrd_key = format!("{}/write_ios", rrd_prefix);
1024 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
1025 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1026 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
dd15c0aa 1027
934f5bb8
DM		 1028 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1029 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
8c03041a
DM		 1030 }
1031 }
934f5bb8
DM		 1032 Err(err) => {
1033 eprintln!("find_mounted_device failed - {}", err);
1034 }
8c03041a 1035 }
8c03041a 1036}
Proxmox Backup Server and Client