[proxmox-backup.git] / src / bin / proxmox-restore-daemon.rs

///! Daemon binary to run inside a micro-VM for secure single file restore of disk images
use anyhow::{bail, format_err, Error};
use lazy_static::lazy_static;
use log::{info, error};

use std::os::unix::{
    io::{FromRawFd, RawFd},
    net,
};
use std::path::Path;
use std::sync::{Arc, Mutex};

use tokio::sync::mpsc;
use tokio_stream::wrappers::ReceiverStream;

use pbs_client::DEFAULT_VSOCK_PORT;

use proxmox::api::RpcEnvironmentType;
use proxmox_backup::server::{rest::*, ApiConfig};

mod proxmox_restore_daemon;
use proxmox_restore_daemon::*;

/// Maximum amount of pending requests. If saturated, virtio-vsock returns ETIMEDOUT immediately.
/// We should never have more than a few requests in queue, so use a low number.
pub const MAX_PENDING: usize = 32;

/// Will be present in base initramfs
pub const VM_DETECT_FILE: &str = "/restore-vm-marker";

lazy_static! {
    /// The current disks state. Use for accessing data on the attached snapshots.
    pub static ref DISK_STATE: Arc<Mutex<DiskState>> = {
        Arc::new(Mutex::new(DiskState::scan().unwrap()))
    };
}

/// This is expected to be run by 'proxmox-file-restore' within a mini-VM
fn main() -> Result<(), Error> {
    if !Path::new(VM_DETECT_FILE).exists() {
        bail!(
            "This binary is not supposed to be run manually, use 'proxmox-file-restore' instead."
        );
    }

    // don't have a real syslog (and no persistance), so use env_logger to print to a log file (via
    // stdout to a serial terminal attached by QEMU)
    env_logger::from_env(env_logger::Env::default().default_filter_or("info"))
        .write_style(env_logger::WriteStyle::Never)
        .format_timestamp_millis()
        .init();

    setup_system_env()?;

    // scan all attached disks now, before starting the API
    // this will panic and stop the VM if anything goes wrong
    info!("scanning all disks...");
    {
        let _disk_state = DISK_STATE.lock().unwrap();
    }

    info!("disk scan complete, starting main runtime...");

    pbs_runtime::main(run())
}

/// ensure we have our /run dirs, system users and stuff like that setup
fn setup_system_env() -> Result<(), Error> {
    // the API may save some stuff there, e.g., the memcon tracking file
    // we do not care much, but it's way less headache to just create it
    std::fs::create_dir_all("/run/proxmox-backup")?;

    Ok(())
}

async fn run() -> Result<(), Error> {
    watchdog_init();

    let auth_config = Arc::new(
        auth::ticket_auth().map_err(|err| format_err!("reading ticket file failed: {}", err))?,
    );
    let config = ApiConfig::new("", &ROUTER, RpcEnvironmentType::PUBLIC, auth_config)?;
    let rest_server = RestServer::new(config);

    let vsock_fd = get_vsock_fd()?;
    let connections = accept_vsock_connections(vsock_fd);
    let receiver_stream = ReceiverStream::new(connections);
    let acceptor = hyper::server::accept::from_stream(receiver_stream);

    hyper::Server::builder(acceptor).serve(rest_server).await?;

    bail!("hyper server exited");
}

fn accept_vsock_connections(
    vsock_fd: RawFd,
) -> mpsc::Receiver<Result<tokio::net::UnixStream, Error>> {
    use nix::sys::socket::*;
    let (sender, receiver) = mpsc::channel(MAX_PENDING);

    tokio::spawn(async move {
        loop {
            let stream: Result<tokio::net::UnixStream, Error> = tokio::task::block_in_place(|| {
                // we need to accept manually, as UnixListener aborts if socket type != AF_UNIX ...
                let client_fd = accept(vsock_fd)?;
                let stream = unsafe { net::UnixStream::from_raw_fd(client_fd) };
                stream.set_nonblocking(true)?;
                tokio::net::UnixStream::from_std(stream).map_err(|err| err.into())
            });

            match stream {
                Ok(stream) => {
                    if sender.send(Ok(stream)).await.is_err() {
                        error!("connection accept channel was closed");
                    }
                }
                Err(err) => {
                    error!("error accepting vsock connetion: {}", err);
                }
            }
        }
    });

    receiver
}

fn get_vsock_fd() -> Result<RawFd, Error> {
    use nix::sys::socket::*;
    let sock_fd = socket(
        AddressFamily::Vsock,
        SockType::Stream,
        SockFlag::empty(),
        None,
    )?;
    let sock_addr = VsockAddr::new(libc::VMADDR_CID_ANY, DEFAULT_VSOCK_PORT as u32);
    bind(sock_fd, &SockAddr::Vsock(sock_addr))?;
    listen(sock_fd, MAX_PENDING)?;
    Ok(sock_fd)
}
Commit	Line	Data
dd9cef56 SR	1	///! Daemon binary to run inside a micro-VM for secure single file restore of disk images
dd9cef56 SR	2	use anyhow::{bail, format_err, Error};
d32a8652	3	use lazy_static::lazy_static;
9a06eb16	4	use log::{info, error};
dd9cef56 SR	5
	6	use std::os::unix::{
	7	io::{FromRawFd, RawFd},
	8	net,
	9	};
	10	use std::path::Path;
d32a8652	11	use std::sync::{Arc, Mutex};
dd9cef56 SR	12
	13	use tokio::sync::mpsc;
	14	use tokio_stream::wrappers::ReceiverStream;
	15
2b7f8dd5 WB	16	use pbs_client::DEFAULT_VSOCK_PORT;
2b7f8dd5 WB	17
dd9cef56	18	use proxmox::api::RpcEnvironmentType;
dd9cef56 SR	19	use proxmox_backup::server::{rest::*, ApiConfig};
	20
	21	mod proxmox_restore_daemon;
	22	use proxmox_restore_daemon::*;
	23
	24	/// Maximum amount of pending requests. If saturated, virtio-vsock returns ETIMEDOUT immediately.
	25	/// We should never have more than a few requests in queue, so use a low number.
	26	pub const MAX_PENDING: usize = 32;
	27
	28	/// Will be present in base initramfs
	29	pub const VM_DETECT_FILE: &str = "/restore-vm-marker";
	30
d32a8652 SR	31	lazy_static! {
	32	/// The current disks state. Use for accessing data on the attached snapshots.
	33	pub static ref DISK_STATE: Arc<Mutex<DiskState>> = {
	34	Arc::new(Mutex::new(DiskState::scan().unwrap()))
	35	};
	36	}
	37
dd9cef56 SR	38	/// This is expected to be run by 'proxmox-file-restore' within a mini-VM
	39	fn main() -> Result<(), Error> {
	40	if !Path::new(VM_DETECT_FILE).exists() {
309e14eb TL	41	bail!(
	42	"This binary is not supposed to be run manually, use 'proxmox-file-restore' instead."
	43	);
dd9cef56 SR	44	}
	45
	46	// don't have a real syslog (and no persistance), so use env_logger to print to a log file (via
	47	// stdout to a serial terminal attached by QEMU)
	48	env_logger::from_env(env_logger::Env::default().default_filter_or("info"))
	49	.write_style(env_logger::WriteStyle::Never)
ecd66eca	50	.format_timestamp_millis()
dd9cef56 SR	51	.init();
dd9cef56 SR	52
73e1ba65	53	setup_system_env()?;
33d7292f	54
d32a8652 SR	55	// scan all attached disks now, before starting the API
d32a8652 SR	56	// this will panic and stop the VM if anything goes wrong
9a06eb16	57	info!("scanning all disks...");
d32a8652 SR	58	{
	59	let _disk_state = DISK_STATE.lock().unwrap();
	60	}
	61
9a06eb16 TL	62	info!("disk scan complete, starting main runtime...");
9a06eb16 TL	63
d420962f	64	pbs_runtime::main(run())
dd9cef56 SR	65	}
dd9cef56 SR	66
73e1ba65 TL	67	/// ensure we have our /run dirs, system users and stuff like that setup
	68	fn setup_system_env() -> Result<(), Error> {
	69	// the API may save some stuff there, e.g., the memcon tracking file
	70	// we do not care much, but it's way less headache to just create it
	71	std::fs::create_dir_all("/run/proxmox-backup")?;
	72
	73	Ok(())
	74	}
	75
dd9cef56	76	async fn run() -> Result<(), Error> {
a26ebad5 SR	77	watchdog_init();
a26ebad5 SR	78
dd9cef56 SR	79	let auth_config = Arc::new(
	80	auth::ticket_auth().map_err(\|err\| format_err!("reading ticket file failed: {}", err))?,
	81	);
	82	let config = ApiConfig::new("", &ROUTER, RpcEnvironmentType::PUBLIC, auth_config)?;
	83	let rest_server = RestServer::new(config);
	84
	85	let vsock_fd = get_vsock_fd()?;
	86	let connections = accept_vsock_connections(vsock_fd);
	87	let receiver_stream = ReceiverStream::new(connections);
	88	let acceptor = hyper::server::accept::from_stream(receiver_stream);
	89
	90	hyper::Server::builder(acceptor).serve(rest_server).await?;
	91
	92	bail!("hyper server exited");
	93	}
	94
	95	fn accept_vsock_connections(
	96	vsock_fd: RawFd,
	97	) -> mpsc::Receiver<Result<tokio::net::UnixStream, Error>> {
	98	use nix::sys::socket::*;
	99	let (sender, receiver) = mpsc::channel(MAX_PENDING);
	100
	101	tokio::spawn(async move {
	102	loop {
	103	let stream: Result<tokio::net::UnixStream, Error> = tokio::task::block_in_place(\|\| {
	104	// we need to accept manually, as UnixListener aborts if socket type != AF_UNIX ...
	105	let client_fd = accept(vsock_fd)?;
	106	let stream = unsafe { net::UnixStream::from_raw_fd(client_fd) };
	107	stream.set_nonblocking(true)?;
	108	tokio::net::UnixStream::from_std(stream).map_err(\|err\| err.into())
	109	});
	110
	111	match stream {
	112	Ok(stream) => {
	113	if sender.send(Ok(stream)).await.is_err() {
	114	error!("connection accept channel was closed");
	115	}
	116	}
	117	Err(err) => {
	118	error!("error accepting vsock connetion: {}", err);
	119	}
	120	}
	121	}
	122	});
	123
	124	receiver
	125	}
	126
	127	fn get_vsock_fd() -> Result<RawFd, Error> {
	128	use nix::sys::socket::*;
	129	let sock_fd = socket(
	130	AddressFamily::Vsock,
	131	SockType::Stream,
	132	SockFlag::empty(),
	133	None,
	134	)?;
	135	let sock_addr = VsockAddr::new(libc::VMADDR_CID_ANY, DEFAULT_VSOCK_PORT as u32);
	136	bind(sock_fd, &SockAddr::Vsock(sock_addr))?;
	137	listen(sock_fd, MAX_PENDING)?;
	138	Ok(sock_fd)
	139	}