]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Set MMAP_THRESHOLD to a fixed value (128K)
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
CommitLineData
4ce7da51 1use std::sync::{Mutex, Arc};
2ab5acac 2use std::path::{Path, PathBuf};
97168f92 3use std::os::unix::io::AsRawFd;
6680878b
DM		 4use std::future::Future;
5use std::pin::Pin;
a2479cfa 6
f7d4e4b5 7use anyhow::{bail, format_err, Error};
a2479cfa 8use futures::*;
7fa9a37c
DM		 9use http::request::Parts;
10use http::Response;
11use hyper::{Body, StatusCode};
12use hyper::header;
13use url::form_urlencoded;
ea368a06 14
a2479cfa 15use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
7c667013 16use tokio_stream::wrappers::ReceiverStream;
7fa9a37c 17use serde_json::{json, Value};
608806e8 18use http::{Method, HeaderMap};
a2479cfa 19
25877d05
DM		 20use proxmox_sys::linux::socket::set_tcp_keepalive;
21use proxmox_sys::fs::CreateOptions;
6ef1b649
WB		 22use proxmox_lang::try_block;
23use proxmox_router::{RpcEnvironment, RpcEnvironmentType, UserInformation};
d5f58006 24use proxmox_http::client::{RateLimitedStream, ShareableRateLimit};
d5790a9f
DM		 25use proxmox_sys::{task_log, task_warn};
26use proxmox_sys::logrotate::LogRotate;
fd6d2438 27
6d5d305d 28use pbs_datastore::DataStore;
09340f28 29
48176b0a 30use proxmox_rest_server::{
608806e8 31 rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
0e1edf19 32 ServerAdapter, WorkerTask, cleanup_old_tasks,
48176b0a 33};
a2479cfa 34
98eb435d
DM		 35use proxmox_backup::rrd_cache::{
36 initialize_rrd_cache, rrd_update_gauge, rrd_update_derive, rrd_sync_journal,
37};
1298618a 38use proxmox_backup::{
a0172d76 39 TRAFFIC_CONTROL_CACHE,
1298618a 40 server::{
608806e8 41 auth::check_pbs_auth,
1298618a
DM		 42 jobstate::{
43 self,
44 Job,
45 },
1298618a 46 },
1298618a
DM		 47};
48
af06decd 49use pbs_buildcfg::configdir;
68b6c120 50use proxmox_time::CalendarEvent;
1298618a 51
89725197
DM		 52use pbs_api_types::{
53 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
54 PruneOptions,
55};
e7d4be9d 56
8bca935f
DM		 57use proxmox_rest_server::daemon;
58
e3f41f21 59use proxmox_backup::server;
d01e2420 60use proxmox_backup::auth_helpers::*;
97168f92 61use proxmox_backup::tools::{
32413921 62 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
97168f92
DM		 63 disks::{
64 DiskManage,
7c069e82 65 zfs_dataset_stats,
97168f92 66 },
97168f92 67};
02c7a755 68
e7d4be9d 69
a13573c2 70use proxmox_backup::api2::pull::do_sync_job;
8513626b 71use proxmox_backup::api2::tape::backup::do_tape_backup_job;
1298618a 72use proxmox_backup::server::do_verification_job;
b8d90798 73use proxmox_backup::server::do_prune_job;
a13573c2 74
946c3e8a 75fn main() -> Result<(), Error> {
d91a0f9f
DM		 76 pbs_tools::setup_libc_malloc_opts();
77
ac7513e3
DM		 78 proxmox_backup::tools::setup_safe_path_env();
79
21211748
DM		 80 let backup_uid = pbs_config::backup_user()?.uid;
81 let backup_gid = pbs_config::backup_group()?.gid;
843880f0
TL		 82 let running_uid = nix::unistd::Uid::effective();
83 let running_gid = nix::unistd::Gid::effective();
84
85 if running_uid != backup_uid || running_gid != backup_gid {
86 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
87 }
88
9a1b24b6 89 proxmox_async::runtime::main(run())
4223d9f8
DM		 90}
91
48176b0a 92
608806e8
DM		 93struct ProxmoxBackupProxyAdapter;
94
95impl ServerAdapter for ProxmoxBackupProxyAdapter {
96
97 fn get_index(
98 &self,
99 env: RestEnvironment,
100 parts: Parts,
101 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
102 Box::pin(get_index_future(env, parts))
103 }
104
105 fn check_auth<'a>(
106 &'a self,
107 headers: &'a HeaderMap,
108 method: &'a Method,
109 ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
110 Box::pin(async move {
111 check_pbs_auth(headers, method).await
112 })
113 }
114}
115
48176b0a
DM		 116fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
117 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
118 return extract_cookie(cookie, "PBSLangCookie");
119 }
120 None
121}
122
6680878b 123async fn get_index_future(
48176b0a 124 env: RestEnvironment,
7fa9a37c
DM		 125 parts: Parts,
126) -> Response<Body> {
127
48176b0a
DM		 128 let auth_id = env.get_auth_id();
129 let api = env.api_config();
130 let language = extract_lang_header(&parts.headers);
131
132 // fixme: make all IO async
6680878b 133
7fa9a37c
DM		 134 let (userid, csrf_token) = match auth_id {
135 Some(auth_id) => {
136 let auth_id = auth_id.parse::<Authid>();
137 match auth_id {
138 Ok(auth_id) if !auth_id.is_token() => {
139 let userid = auth_id.user().clone();
140 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
141 (Some(userid), Some(new_csrf_token))
142 }
143 _ => (None, None)
144 }
145 }
146 None => (None, None),
147 };
148
25877d05 149 let nodename = proxmox_sys::nodename();
7fa9a37c
DM		 150 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
151
152 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
153
154 let mut debug = false;
155 let mut template_file = "index";
156
157 if let Some(query_str) = parts.uri.query() {
158 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
159 if k == "debug" && v != "0" && v != "false" {
160 debug = true;
161 } else if k == "console" {
162 template_file = "console";
163 }
164 }
165 }
166
167 let mut lang = String::from("");
168 if let Some(language) = language {
169 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
170 lang = language;
171 }
172 }
173
174 let data = json!({
175 "NodeName": nodename,
176 "UserName": user,
177 "CSRFPreventionToken": csrf_token,
178 "language": lang,
179 "debug": debug,
180 });
181
182 let (ct, index) = match api.render_template(template_file, &data) {
183 Ok(index) => ("text/html", index),
184 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
185 };
186
187 let mut resp = Response::builder()
188 .status(StatusCode::OK)
189 .header(header::CONTENT_TYPE, ct)
190 .body(index.into())
191 .unwrap();
192
193 if let Some(userid) = userid {
194 resp.extensions_mut().insert(Authid::from((userid, None)));
195 }
196
197 resp
198}
199
fda5797b 200async fn run() -> Result<(), Error> {
02c7a755
DM		 201 if let Err(err) = syslog::init(
202 syslog::Facility::LOG_DAEMON,
203 log::LevelFilter::Info,
204 Some("proxmox-backup-proxy")) {
4223d9f8 205 bail!("unable to inititialize syslog - {}", err);
02c7a755
DM		 206 }
207
e1d367df
DM		 208 // Note: To debug early connection error use
209 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
210 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
211
d01e2420
DM		 212 let _ = public_auth_key(); // load with lazy_static
213 let _ = csrf_secret(); // load with lazy_static
214
fa49d0fd
DM		 215 let rrd_cache = initialize_rrd_cache()?;
216 rrd_cache.apply_journal()?;
217
02c7a755 218 let mut config = ApiConfig::new(
af06decd 219 pbs_buildcfg::JS_DIR,
26858dba
SR		 220 &proxmox_backup::api2::ROUTER,
221 RpcEnvironmentType::PUBLIC,
608806e8 222 ProxmoxBackupProxyAdapter,
26858dba 223 )?;
02c7a755 224
02c7a755
DM		 225 config.add_alias("novnc", "/usr/share/novnc-pve");
226 config.add_alias("extjs", "/usr/share/javascript/extjs");
7f066a9b 227 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
02c7a755
DM		 228 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
229 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
abd4c4cb 230 config.add_alias("locale", "/usr/share/pbs-i18n");
02c7a755 231 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
9c01e73c 232 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 233
af06decd 234 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
2ab5acac
DC		 235 indexpath.push("index.hbs");
236 config.register_template("index", &indexpath)?;
01ca99da 237 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
2ab5acac 238
fd6d2438 239 let backup_user = pbs_config::backup_user()?;
49e25688 240 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
fd6d2438
DM		 241
242 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
243 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
a68768cf 244
0d5d15c9 245 config.enable_access_log(
fd6d2438 246 pbs_buildcfg::API_ACCESS_LOG_FN,
36b7085e
DM		 247 Some(dir_opts.clone()),
248 Some(file_opts.clone()),
249 &mut commando_sock,
250 )?;
251
252 config.enable_auth_log(
253 pbs_buildcfg::API_AUTH_LOG_FN,
0a33fba4
DM		 254 Some(dir_opts.clone()),
255 Some(file_opts.clone()),
fd6d2438
DM		 256 &mut commando_sock,
257 )?;
8e7e2223 258
02c7a755 259 let rest_server = RestServer::new(config);
b9700a9f 260 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
02c7a755 261
6d1f61b2 262 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
6d1f61b2 263
4ce7da51 264 // we build the initial acceptor here as we cannot start if this fails
c381a162 265 let acceptor = make_tls_acceptor()?;
4ce7da51 266 let acceptor = Arc::new(Mutex::new(acceptor));
6d1f61b2 267
4ce7da51 268 // to renew the acceptor we just add a command-socket handler
a723c087
WB		 269 commando_sock.register_command(
270 "reload-certificate".to_string(),
271 {
4ce7da51 272 let acceptor = Arc::clone(&acceptor);
a723c087 273 move |_value| -> Result<_, Error> {
4ce7da51
DM		 274 log::info!("reloading certificate");
275 match make_tls_acceptor() {
276 Err(err) => log::error!("error reloading certificate: {}", err),
277 Ok(new_acceptor) => {
278 let mut guard = acceptor.lock().unwrap();
279 *guard = new_acceptor;
280 }
281 }
a723c087
WB		 282 Ok(Value::Null)
283 }
284 },
285 )?;
0d176f36 286
062cf75c
DC		 287 // to remove references for not configured datastores
288 commando_sock.register_command(
289 "datastore-removed".to_string(),
290 |_value| {
6d5d305d 291 if let Err(err) = DataStore::remove_unused_datastores() {
062cf75c
DC		 292 log::error!("could not refresh datastores: {}", err);
293 }
294 Ok(Value::Null)
295 }
296 )?;
297
a690ecac
WB		 298 let server = daemon::create_daemon(
299 ([0,0,0,0,0,0,0,0], 8007).into(),
d2654200 300 move |listener| {
97168f92 301
4ce7da51 302 let connections = accept_connections(listener, acceptor, debug);
7c667013 303 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
083ff3fd 304
d2654200
DM		 305 Ok(async {
306 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
307
308 hyper::Server::builder(connections)
083ff3fd 309 .serve(rest_server)
fd6d2438 310 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
083ff3fd 311 .map_err(Error::from)
d2654200
DM		 312 .await
313 })
a2ca7137 314 },
083ff3fd 315 );
a2ca7137 316
b9700a9f 317 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
d98c9a7a 318
fda5797b 319 let init_result: Result<(), Error> = try_block!({
b9700a9f 320 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
a68768cf 321 commando_sock.spawn()?;
fd1b65cc
DM		 322 proxmox_rest_server::catch_shutdown_signal()?;
323 proxmox_rest_server::catch_reload_signal()?;
fda5797b
WB		 324 Ok(())
325 });
d607b886 326
fda5797b
WB		 327 if let Err(err) = init_result {
328 bail!("unable to start daemon - {}", err);
329 }
e3f41f21 330
8545480a 331 start_task_scheduler();
eaeda365 332 start_stat_generator();
a0172d76 333 start_traffic_control_updater();
8545480a 334
083ff3fd 335 server.await?;
a546a8a0 336 log::info!("server shutting down, waiting for active workers to complete");
fd6d2438 337 proxmox_rest_server::last_worker_future().await?;
fda5797b 338 log::info!("done - exit server");
e3f41f21 339
4223d9f8 340 Ok(())
02c7a755 341}
8545480a 342
4ce7da51 343fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
c381a162
WB		 344 let key_path = configdir!("/proxy.key");
345 let cert_path = configdir!("/proxy.pem");
346
2eba3967 347 let (config, _) = proxmox_backup::config::node::config()?;
5ee8dd78
FG		 348 let ciphers_tls_1_3 = config.ciphers_tls_1_3;
349 let ciphers_tls_1_2 = config.ciphers_tls_1_2;
2eba3967 350
c381a162 351 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
5ee8dd78 352 if let Some(ciphers) = ciphers_tls_1_3.as_deref() {
2eba3967
HL		 353 acceptor.set_ciphersuites(ciphers)?;
354 }
5ee8dd78 355 if let Some(ciphers) = ciphers_tls_1_2.as_deref() {
2eba3967
HL		 356 acceptor.set_cipher_list(ciphers)?;
357 }
c381a162
WB		 358 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
359 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
360 acceptor.set_certificate_chain_file(cert_path)
361 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
a0c69902 362 acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION);
c381a162
WB		 363 acceptor.check_private_key().unwrap();
364
4ce7da51 365 Ok(acceptor.build())
c381a162
WB		 366}
367
a5e3be49 368type ClientStreamResult =
e511e0e5 369 Result<std::pin::Pin<Box<tokio_openssl::SslStream<RateLimitedStream<tokio::net::TcpStream>>>>, Error>;
a5e3be49
WB		 370const MAX_PENDING_ACCEPTS: usize = 1024;
371
48aa2b93 372fn accept_connections(
0bfcea6a 373 listener: tokio::net::TcpListener,
4ce7da51 374 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
e1d367df 375 debug: bool,
a5e3be49 376) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
48aa2b93 377
ea93bea7 378 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
48aa2b93 379
4ce7da51 380 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
a5e3be49
WB		 381
382 receiver
383}
384
385async fn accept_connection(
386 listener: tokio::net::TcpListener,
4ce7da51 387 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
a5e3be49
WB		 388 debug: bool,
389 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
390) {
ea93bea7 391 let accept_counter = Arc::new(());
48aa2b93 392
a5e3be49 393 loop {
4ce7da51
DM		 394 let (sock, _addr) = match listener.accept().await {
395 Ok(conn) => conn,
396 Err(err) => {
397 eprintln!("error accepting tcp connection: {}", err);
cc269b9f 398 continue;
a5e3be49 399 }
cc269b9f 400 };
48aa2b93 401
cc269b9f
WB		 402 sock.set_nodelay(true).unwrap();
403 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
48aa2b93 404
e511e0e5
DM		 405 let peer = sock.peer_addr().ok();
406 let sock = RateLimitedStream::with_limiter_update_cb(sock, move || lookup_rate_limiter(peer));
407
4ce7da51
DM		 408 let ssl = { // limit acceptor_guard scope
409 // Acceptor can be reloaded using the command socket "reload-certificate" command
410 let acceptor_guard = acceptor.lock().unwrap();
411
412 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
413 Ok(ssl) => ssl,
414 Err(err) => {
415 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
416 continue;
417 },
418 }
cc269b9f 419 };
4ce7da51 420
cc269b9f
WB		 421 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
422 Ok(stream) => stream,
423 Err(err) => {
424 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
425 continue;
426 },
427 };
428
429 let mut stream = Box::pin(stream);
430 let sender = sender.clone();
431
432 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
433 eprintln!("connection rejected - to many open connections");
434 continue;
48aa2b93 435 }
cc269b9f 436
b4931192 437 let accept_counter = Arc::clone(&accept_counter);
cc269b9f
WB		 438 tokio::spawn(async move {
439 let accept_future = tokio::time::timeout(
440 Duration::new(10, 0), stream.as_mut().accept());
441
442 let result = accept_future.await;
443
444 match result {
445 Ok(Ok(())) => {
446 if sender.send(Ok(stream)).await.is_err() && debug {
447 eprintln!("detect closed connection channel");
448 }
449 }
450 Ok(Err(err)) => {
451 if debug {
452 eprintln!("https handshake failed - {}", err);
453 }
454 }
455 Err(_) => {
456 if debug {
457 eprintln!("https handshake timeout");
458 }
459 }
460 }
461
462 drop(accept_counter); // decrease reference count
463 });
a5e3be49 464 }
48aa2b93
DM		 465}
466
eaeda365 467fn start_stat_generator() {
fd6d2438 468 let abort_future = proxmox_rest_server::shutdown_future();
eaeda365
DM		 469 let future = Box::pin(run_stat_generator());
470 let task = futures::future::select(future, abort_future);
471 tokio::spawn(task.map(|_| ()));
472}
473
8545480a 474fn start_task_scheduler() {
fd6d2438 475 let abort_future = proxmox_rest_server::shutdown_future();
8545480a
DM		 476 let future = Box::pin(run_task_scheduler());
477 let task = futures::future::select(future, abort_future);
478 tokio::spawn(task.map(|_| ()));
479}
480
a0172d76
DM		 481fn start_traffic_control_updater() {
482 let abort_future = proxmox_rest_server::shutdown_future();
483 let future = Box::pin(run_traffic_control_updater());
484 let task = futures::future::select(future, abort_future);
485 tokio::spawn(task.map(|_| ()));
486}
487
6a7be83e 488use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
8545480a
DM		 489
490fn next_minute() -> Result<Instant, Error> {
6a7be83e
DM		 491 let now = SystemTime::now();
492 let epoch_now = now.duration_since(UNIX_EPOCH)?;
493 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
8545480a
DM		 494 Ok(Instant::now() + epoch_next - epoch_now)
495}
496
497async fn run_task_scheduler() {
498
499 let mut count: usize = 0;
500
501 loop {
502 count += 1;
503
504 let delay_target = match next_minute() { // try to run very minute
505 Ok(d) => d,
506 Err(err) => {
507 eprintln!("task scheduler: compute next minute failed - {}", err);
0a8d773a 508 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
8545480a
DM		 509 continue;
510 }
511 };
512
513 if count > 2 { // wait 1..2 minutes before starting
514 match schedule_tasks().catch_unwind().await {
515 Err(panic) => {
516 match panic.downcast::<&str>() {
517 Ok(msg) => {
518 eprintln!("task scheduler panic: {}", msg);
519 }
520 Err(_) => {
521 eprintln!("task scheduler panic - unknown type");
522 }
523 }
524 }
525 Ok(Err(err)) => {
526 eprintln!("task scheduler failed - {:?}", err);
527 }
528 Ok(Ok(_)) => {}
529 }
530 }
531
0a8d773a 532 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
8545480a
DM		 533 }
534}
535
536async fn schedule_tasks() -> Result<(), Error> {
537
538 schedule_datastore_garbage_collection().await;
25829a87 539 schedule_datastore_prune().await;
a6160cdf 540 schedule_datastore_sync_jobs().await;
73df9c51 541 schedule_datastore_verify_jobs().await;
8513626b 542 schedule_tape_backup_jobs().await;
9a760917 543 schedule_task_log_rotate().await;
8545480a
DM		 544
545 Ok(())
546}
547
8545480a
DM		 548async fn schedule_datastore_garbage_collection() {
549
e7d4be9d 550 let config = match pbs_config::datastore::config() {
8545480a
DM		 551 Err(err) => {
552 eprintln!("unable to read datastore config - {}", err);
553 return;
554 }
555 Ok((config, _digest)) => config,
556 };
557
558 for (store, (_, store_config)) in config.sections {
559 let datastore = match DataStore::lookup_datastore(&store) {
560 Ok(datastore) => datastore,
561 Err(err) => {
562 eprintln!("lookup_datastore failed - {}", err);
563 continue;
564 }
565 };
566
25829a87 567 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
8545480a
DM		 568 Ok(c) => c,
569 Err(err) => {
570 eprintln!("datastore config from_value failed - {}", err);
571 continue;
572 }
573 };
574
575 let event_str = match store_config.gc_schedule {
576 Some(event_str) => event_str,
577 None => continue,
578 };
579
68b6c120 580 let event: CalendarEvent = match event_str.parse() {
8545480a
DM		 581 Ok(event) => event,
582 Err(err) => {
583 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
584 continue;
585 }
586 };
587
588 if datastore.garbage_collection_running() { continue; }
589
590 let worker_type = "garbage_collection";
591
b6ba5acd
DC		 592 let last = match jobstate::last_run_time(worker_type, &store) {
593 Ok(time) => time,
594 Err(err) => {
595 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
596 continue;
8545480a
DM		 597 }
598 };
599
7549114c 600 let next = match event.compute_next_event(last) {
15ec790a
DC		 601 Ok(Some(next)) => next,
602 Ok(None) => continue,
8545480a
DM		 603 Err(err) => {
604 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
605 continue;
606 }
607 };
e693818a 608
6ef1b649 609 let now = proxmox_time::epoch_i64();
6a7be83e 610
8545480a
DM		 611 if next > now { continue; }
612
1cd951c9 613 let job = match Job::new(worker_type, &store) {
d7a122a0
DC		 614 Ok(job) => job,
615 Err(_) => continue, // could not get lock
616 };
617
ad54df31 618 let auth_id = Authid::root_auth_id();
d7a122a0 619
c724f658 620 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
3b707fbb 621 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
8545480a
DM		 622 }
623 }
624}
25829a87
DM		 625
626async fn schedule_datastore_prune() {
627
e7d4be9d 628 let config = match pbs_config::datastore::config() {
25829a87
DM		 629 Err(err) => {
630 eprintln!("unable to read datastore config - {}", err);
631 return;
632 }
633 Ok((config, _digest)) => config,
634 };
635
636 for (store, (_, store_config)) in config.sections {
25829a87
DM		 637
638 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
639 Ok(c) => c,
640 Err(err) => {
a6160cdf 641 eprintln!("datastore '{}' config from_value failed - {}", store, err);
25829a87
DM		 642 continue;
643 }
644 };
645
646 let event_str = match store_config.prune_schedule {
647 Some(event_str) => event_str,
648 None => continue,
649 };
650
651 let prune_options = PruneOptions {
652 keep_last: store_config.keep_last,
653 keep_hourly: store_config.keep_hourly,
654 keep_daily: store_config.keep_daily,
655 keep_weekly: store_config.keep_weekly,
656 keep_monthly: store_config.keep_monthly,
657 keep_yearly: store_config.keep_yearly,
658 };
659
89725197 660 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
25829a87
DM		 661 continue;
662 }
663
25829a87 664 let worker_type = "prune";
b15751bf 665 if check_schedule(worker_type, &event_str, &store) {
82c05b41
HL		 666 let job = match Job::new(worker_type, &store) {
667 Ok(job) => job,
668 Err(_) => continue, // could not get lock
669 };
25829a87 670
ad54df31 671 let auth_id = Authid::root_auth_id().clone();
82c05b41
HL		 672 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
673 eprintln!("unable to start datastore prune job {} - {}", &store, err);
25829a87
DM		 674 }
675 };
25829a87
DM		 676 }
677}
a6160cdf
DM		 678
679async fn schedule_datastore_sync_jobs() {
680
a6160cdf 681
a4e5a0fc 682 let config = match pbs_config::sync::config() {
a6160cdf
DM		 683 Err(err) => {
684 eprintln!("unable to read sync job config - {}", err);
685 return;
686 }
687 Ok((config, _digest)) => config,
688 };
689
a6160cdf
DM		 690 for (job_id, (_, job_config)) in config.sections {
691 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
692 Ok(c) => c,
693 Err(err) => {
694 eprintln!("sync job config from_value failed - {}", err);
695 continue;
696 }
697 };
698
699 let event_str = match job_config.schedule {
700 Some(ref event_str) => event_str.clone(),
701 None => continue,
702 };
703
c67b1fa7 704 let worker_type = "syncjob";
b15751bf 705 if check_schedule(worker_type, &event_str, &job_id) {
82c05b41
HL		 706 let job = match Job::new(worker_type, &job_id) {
707 Ok(job) => job,
708 Err(_) => continue, // could not get lock
709 };
a6160cdf 710
ad54df31 711 let auth_id = Authid::root_auth_id().clone();
bfa942c0 712 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 713 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
a6160cdf
DM		 714 }
715 };
a6160cdf
DM		 716 }
717}
eaeda365 718
73df9c51 719async fn schedule_datastore_verify_jobs() {
1298618a 720
802189f7 721 let config = match pbs_config::verify::config() {
73df9c51
HL		 722 Err(err) => {
723 eprintln!("unable to read verification job config - {}", err);
724 return;
725 }
726 Ok((config, _digest)) => config,
727 };
728 for (job_id, (_, job_config)) in config.sections {
729 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
730 Ok(c) => c,
731 Err(err) => {
732 eprintln!("verification job config from_value failed - {}", err);
733 continue;
734 }
735 };
736 let event_str = match job_config.schedule {
737 Some(ref event_str) => event_str.clone(),
738 None => continue,
739 };
82c05b41 740
73df9c51 741 let worker_type = "verificationjob";
ad54df31 742 let auth_id = Authid::root_auth_id().clone();
b15751bf 743 if check_schedule(worker_type, &event_str, &job_id) {
9a37bd6c 744 let job = match Job::new(worker_type, &job_id) {
82c05b41
HL		 745 Ok(job) => job,
746 Err(_) => continue, // could not get lock
747 };
bfa942c0 748 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
82c05b41 749 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
73df9c51
HL		 750 }
751 };
73df9c51
HL		 752 }
753}
754
8513626b
DM		 755async fn schedule_tape_backup_jobs() {
756
e3619d41 757 let config = match pbs_config::tape_job::config() {
8513626b
DM		 758 Err(err) => {
759 eprintln!("unable to read tape job config - {}", err);
760 return;
761 }
762 Ok((config, _digest)) => config,
763 };
764 for (job_id, (_, job_config)) in config.sections {
765 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
766 Ok(c) => c,
767 Err(err) => {
768 eprintln!("tape backup job config from_value failed - {}", err);
769 continue;
770 }
771 };
772 let event_str = match job_config.schedule {
773 Some(ref event_str) => event_str.clone(),
774 None => continue,
775 };
776
777 let worker_type = "tape-backup-job";
778 let auth_id = Authid::root_auth_id().clone();
779 if check_schedule(worker_type, &event_str, &job_id) {
9a37bd6c 780 let job = match Job::new(worker_type, &job_id) {
8513626b
DM		 781 Ok(job) => job,
782 Err(_) => continue, // could not get lock
783 };
bfa942c0 784 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
7a61f89e 785 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
8513626b
DM		 786 }
787 };
788 }
789}
790
791
9a760917 792async fn schedule_task_log_rotate() {
9a760917
DC		 793
794 let worker_type = "logrotate";
72aa1834 795 let job_id = "access-log_and_task-archive";
9a760917 796
9a760917
DC		 797 // schedule daily at 00:00 like normal logrotate
798 let schedule = "00:00";
799
b15751bf 800 if !check_schedule(worker_type, schedule, job_id) {
9a760917
DC		 801 // if we never ran the rotation, schedule instantly
802 match jobstate::JobState::load(worker_type, job_id) {
803 Ok(state) => match state {
804 jobstate::JobState::Created { .. } => {},
805 _ => return,
806 },
807 _ => return,
808 }
809 }
810
811 let mut job = match Job::new(worker_type, job_id) {
812 Ok(job) => job,
813 Err(_) => return, // could not get lock
814 };
815
816 if let Err(err) = WorkerTask::new_thread(
817 worker_type,
72aa1834 818 None,
049a22a3 819 Authid::root_auth_id().to_string(),
9a760917
DC		 820 false,
821 move |worker| {
822 job.start(&worker.upid().to_string())?;
1ec0d70d 823 task_log!(worker, "starting task log rotation");
e4f5f59e 824
9a760917 825 let result = try_block!({
b7f2be51
TL		 826 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
827 let max_files = 20; // times twenty files gives > 100000 task entries
d5790a9f
DM		 828
829 let user = pbs_config::backup_user()?;
25877d05 830 let options = proxmox_sys::fs::CreateOptions::new()
d5790a9f
DM		 831 .owner(user.uid)
832 .group(user.gid);
833
834 let has_rotated = rotate_task_log_archive(
835 max_size,
836 true,
837 Some(max_files),
838 Some(options.clone()),
839 )?;
840
9a760917 841 if has_rotated {
1ec0d70d 842 task_log!(worker, "task log archive was rotated");
9a760917 843 } else {
1ec0d70d 844 task_log!(worker, "task log archive was not rotated");
9a760917
DC		 845 }
846
fe4cc5b1
TL		 847 let max_size = 32 * 1024 * 1024 - 1;
848 let max_files = 14;
fe4cc5b1 849
d5790a9f
DM		 850
851 let mut logrotate = LogRotate::new(
852 pbs_buildcfg::API_ACCESS_LOG_FN,
853 true,
854 Some(max_files),
855 Some(options.clone()),
856 )?;
857
858 if logrotate.rotate(max_size)? {
fe4cc5b1 859 println!("rotated access log, telling daemons to re-open log file");
9a1b24b6 860 proxmox_async::runtime::block_on(command_reopen_access_logfiles())?;
1ec0d70d 861 task_log!(worker, "API access log was rotated");
fe7bdc9d 862 } else {
1ec0d70d 863 task_log!(worker, "API access log was not rotated");
fe7bdc9d
TL		 864 }
865
d5790a9f
DM		 866 let mut logrotate = LogRotate::new(
867 pbs_buildcfg::API_AUTH_LOG_FN,
868 true,
869 Some(max_files),
870 Some(options),
871 )?;
fe4cc5b1 872
d5790a9f 873 if logrotate.rotate(max_size)? {
36b7085e 874 println!("rotated auth log, telling daemons to re-open log file");
9a1b24b6 875 proxmox_async::runtime::block_on(command_reopen_auth_logfiles())?;
1ec0d70d 876 task_log!(worker, "API authentication log was rotated");
fe4cc5b1 877 } else {
1ec0d70d 878 task_log!(worker, "API authentication log was not rotated");
fe4cc5b1
TL		 879 }
880
0e1edf19
DC		 881 if has_rotated {
882 task_log!(worker, "cleaning up old task logs");
883 if let Err(err) = cleanup_old_tasks(true) {
884 task_warn!(worker, "could not completely cleanup old tasks: {}", err);
885 }
886 }
887
9a760917
DC		 888 Ok(())
889 });
890
891 let status = worker.create_state(&result);
892
893 if let Err(err) = job.finish(status) {
894 eprintln!("could not finish job state for {}: {}", worker_type, err);
895 }
896
897 result
898 },
899 ) {
900 eprintln!("unable to start task log rotation: {}", err);
901 }
902
903}
904
36b7085e 905async fn command_reopen_access_logfiles() -> Result<(), Error> {
fe4cc5b1
TL		 906 // only care about the most recent daemon instance for each, proxy & api, as other older ones
907 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 908 let sock = proxmox_rest_server::our_ctrl_sock();
75442e81 909 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
fe4cc5b1 910
b9700a9f
DM		 911 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
912 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
75442e81 913 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
546b6a23
TL		 914
915 match futures::join!(f1, f2) {
916 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
917 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
36b7085e
DM		 918 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
919 _ => Ok(()),
920 }
921}
922
923async fn command_reopen_auth_logfiles() -> Result<(), Error> {
924 // only care about the most recent daemon instance for each, proxy & api, as other older ones
925 // should not respond to new requests anyway, but only finish their current one and then exit.
b9700a9f 926 let sock = proxmox_rest_server::our_ctrl_sock();
75442e81 927 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
36b7085e 928
b9700a9f
DM		 929 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
930 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
75442e81 931 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
36b7085e
DM		 932
933 match futures::join!(f1, f2) {
934 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
935 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
546b6a23
TL		 936 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
937 _ => Ok(()),
938 }
fe4cc5b1
TL		 939}
940
eaeda365
DM		 941async fn run_stat_generator() {
942
943 loop {
944 let delay_target = Instant::now() + Duration::from_secs(10);
945
1d44f175 946 generate_host_stats().await;
eaeda365 947
98eb435d
DM		 948 rrd_sync_journal();
949
0a8d773a 950 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
013fa7bb
DM		 951
952 }
eaeda365
DM		 953
954}
955
1d44f175 956async fn generate_host_stats() {
4b709ade
DM		 957 match tokio::task::spawn_blocking(generate_host_stats_sync).await {
958 Ok(()) => (),
959 Err(err) => log::error!("generate_host_stats paniced: {}", err),
960 }
961}
962
963fn generate_host_stats_sync() {
25877d05 964 use proxmox_sys::linux::procfs::{
485841da 965 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
eaeda365 966
4b709ade
DM		 967 match read_proc_stat() {
968 Ok(stat) => {
969 rrd_update_gauge("host/cpu", stat.cpu);
970 rrd_update_gauge("host/iowait", stat.iowait_percent);
eaeda365 971 }
4b709ade
DM		 972 Err(err) => {
973 eprintln!("read_proc_stat failed - {}", err);
974 }
975 }
2c66a590 976
4b709ade
DM		 977 match read_meminfo() {
978 Ok(meminfo) => {
979 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64);
980 rrd_update_gauge("host/memused", meminfo.memused as f64);
981 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64);
982 rrd_update_gauge("host/swapused", meminfo.swapused as f64);
983 }
984 Err(err) => {
985 eprintln!("read_meminfo failed - {}", err);
a4a3f7ca 986 }
4b709ade 987 }
8f0cec26 988
4b709ade
DM		 989 match read_proc_net_dev() {
990 Ok(netdev) => {
991 use pbs_config::network::is_physical_nic;
992 let mut netin = 0;
993 let mut netout = 0;
994 for item in netdev {
995 if !is_physical_nic(&item.device) { continue; }
996 netin += item.receive;
997 netout += item.send;
998 }
999 rrd_update_derive("host/netin", netin as f64);
1000 rrd_update_derive("host/netout", netout as f64);
1001 }
1002 Err(err) => {
1003 eprintln!("read_prox_net_dev failed - {}", err);
8f0cec26 1004 }
4b709ade 1005 }
dd15c0aa 1006
4b709ade
DM		 1007 match read_loadavg() {
1008 Ok(loadavg) => {
1009 rrd_update_gauge("host/loadavg", loadavg.0 as f64);
1010 }
1011 Err(err) => {
1012 eprintln!("read_loadavg failed - {}", err);
485841da 1013 }
4b709ade 1014 }
485841da 1015
4b709ade 1016 let disk_manager = DiskManage::new();
8c03041a 1017
4b709ade 1018 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host");
91e5bb49 1019
4b709ade
DM		 1020 match pbs_config::datastore::config() {
1021 Ok((config, _)) => {
1022 let datastore_list: Vec<DataStoreConfig> =
1023 config.convert_to_typed_array("datastore").unwrap_or_default();
d0833a70 1024
4b709ade 1025 for config in datastore_list {
8c03041a 1026
4b709ade
DM		 1027 let rrd_prefix = format!("datastore/{}", config.name);
1028 let path = std::path::Path::new(&config.path);
1029 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix);
d0833a70
DM		 1030 }
1031 }
4b709ade
DM		 1032 Err(err) => {
1033 eprintln!("read datastore config failed - {}", err);
1034 }
1035 }
eaeda365 1036}
dd15c0aa 1037
b15751bf 1038fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
68b6c120 1039 let event: CalendarEvent = match event_str.parse() {
82c05b41
HL		 1040 Ok(event) => event,
1041 Err(err) => {
1042 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
1043 return false;
1044 }
1045 };
1046
9a37bd6c 1047 let last = match jobstate::last_run_time(worker_type, id) {
82c05b41
HL		 1048 Ok(time) => time,
1049 Err(err) => {
1050 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
1051 return false;
1052 }
1053 };
1054
7549114c 1055 let next = match event.compute_next_event(last) {
82c05b41
HL		 1056 Ok(Some(next)) => next,
1057 Ok(None) => return false,
1058 Err(err) => {
1059 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
1060 return false;
1061 }
1062 };
1063
6ef1b649 1064 let now = proxmox_time::epoch_i64();
82c05b41
HL		 1065 next <= now
1066}
1067
1d44f175 1068fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str) {
91e5bb49 1069
934f5bb8 1070 match proxmox_backup::tools::disks::disk_usage(path) {
33070956 1071 Ok(status) => {
91e5bb49 1072 let rrd_key = format!("{}/total", rrd_prefix);
1d44f175 1073 rrd_update_gauge(&rrd_key, status.total as f64);
91e5bb49 1074 let rrd_key = format!("{}/used", rrd_prefix);
1d44f175 1075 rrd_update_gauge(&rrd_key, status.used as f64);
91e5bb49
DM		 1076 }
1077 Err(err) => {
1078 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1079 }
1080 }
1081
934f5bb8
DM		 1082 match disk_manager.find_mounted_device(path) {
1083 Ok(None) => {},
1084 Ok(Some((fs_type, device, source))) => {
1085 let mut device_stat = None;
7c069e82
DC		 1086 match (fs_type.as_str(), source) {
1087 ("zfs", Some(source)) => match source.into_string() {
1088 Ok(dataset) => match zfs_dataset_stats(&dataset) {
1089 Ok(stat) => device_stat = Some(stat),
1090 Err(err) => eprintln!("zfs_dataset_stats({:?}) failed - {}", dataset, err),
1091 },
1092 Err(source) => {
1093 eprintln!("zfs_pool_stats({:?}) failed - invalid characters", source)
91e5bb49 1094 }
7c069e82 1095 },
934f5bb8
DM		 1096 _ => {
1097 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1098 match disk.read_stat() {
1099 Ok(stat) => device_stat = stat,
1100 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
91e5bb49
DM		 1101 }
1102 }
1103 }
91e5bb49 1104 }
934f5bb8
DM		 1105 if let Some(stat) = device_stat {
1106 let rrd_key = format!("{}/read_ios", rrd_prefix);
1d44f175 1107 rrd_update_derive(&rrd_key, stat.read_ios as f64);
934f5bb8 1108 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1d44f175 1109 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64);
dd15c0aa 1110
934f5bb8 1111 let rrd_key = format!("{}/write_ios", rrd_prefix);
1d44f175 1112 rrd_update_derive(&rrd_key, stat.write_ios as f64);
934f5bb8 1113 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1d44f175 1114 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64);
dd15c0aa 1115
934f5bb8 1116 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1d44f175 1117 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0);
8c03041a
DM		 1118 }
1119 }
934f5bb8
DM		 1120 Err(err) => {
1121 eprintln!("find_mounted_device failed - {}", err);
1122 }
8c03041a 1123 }
8c03041a 1124}
e511e0e5
DM		 1125
1126// Rate Limiter lookup
1127
1128// Test WITH
1129// proxmox-backup-client restore vm/201/2021-10-22T09:55:56Z drive-scsi0.img img1.img --repository localhost:store2
1130
a0172d76
DM		 1131async fn run_traffic_control_updater() {
1132
1133 loop {
1134 let delay_target = Instant::now() + Duration::from_secs(1);
1135
1136 {
1137 let mut cache = TRAFFIC_CONTROL_CACHE.lock().unwrap();
1138 cache.compute_current_rates();
1139 }
1140
1141 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
1142 }
1143
e511e0e5
DM		 1144}
1145
1146fn lookup_rate_limiter(
1147 peer: Option<std::net::SocketAddr>,
d5f58006 1148) -> (Option<Arc<dyn ShareableRateLimit>>, Option<Arc<dyn ShareableRateLimit>>) {
e511e0e5
DM		 1149 let mut cache = TRAFFIC_CONTROL_CACHE.lock().unwrap();
1150
1151 let now = proxmox_time::epoch_i64();
1152
1153 cache.reload(now);
1154
1155 let (_rule_name, read_limiter, write_limiter) = cache.lookup_rate_limiter(peer, now);
1156
1157 (read_limiter, write_limiter)
1158}
Proxmox Backup Server and Client