[proxmox-backup.git] / src / tools / daemon.rs

//! Helpers for daemons/services.

use std::ffi::CString;
use std::future::Future;
use std::os::raw::{c_char, c_int};
use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd, RawFd};
use std::os::unix::ffi::OsStrExt;
use std::panic::UnwindSafe;
use std::pin::Pin;
use std::task::{Context, Poll};

use failure::*;

use proxmox::tools::io::{ReadExt, WriteExt};

use crate::server;
use crate::tools::{fd_change_cloexec, self};

// Unfortunately FnBox is nightly-only and Box<FnOnce> is unusable, so just use Box<Fn>...
pub type BoxedStoreFunc = Box<dyn FnMut() -> Result<String, Error> + UnwindSafe + Send>;

/// Helper trait to "store" something in the environment to be re-used after re-executing the
/// service on a reload.
pub trait Reloadable: Sized {
    fn restore(var: &str) -> Result<Self, Error>;
    fn get_store_func(&self) -> Result<BoxedStoreFunc, Error>;
}

/// Manages things to be stored and reloaded upon reexec.
/// Anything which should be restorable should be instantiated via this struct's `restore` method,
#[derive(Default)]
pub struct Reloader {
    pre_exec: Vec<PreExecEntry>,
}

// Currently we only need environment variables for storage, but in theory we could also add
// variants which need temporary files or pipes...
struct PreExecEntry {
    name: &'static str, // Feel free to change to String if necessary...
    store_fn: BoxedStoreFunc,
}

impl Reloader {
    pub fn new() -> Self {
        Self {
            pre_exec: Vec::new(),
        }
    }

    /// Restore an object from an environment variable of the given name, or, if none exists, uses
    /// the function provided in the `or_create` parameter to instantiate the new "first" instance.
    ///
    /// Values created via this method will be remembered for later re-execution.
    pub async fn restore<T, F, U>(&mut self, name: &'static str, or_create: F) -> Result<T, Error>
    where
        T: Reloadable,
        F: FnOnce() -> U,
        U: Future<Output = Result<T, Error>>,
    {
        let res = match std::env::var(name) {
            Ok(varstr) => T::restore(&varstr)?,
            Err(std::env::VarError::NotPresent) => or_create().await?,
            Err(_) => bail!("variable {} has invalid value", name),
        };

        self.pre_exec.push(PreExecEntry {
            name,
            store_fn: res.get_store_func()?,
        });
        Ok(res)
    }

    fn pre_exec(self) -> Result<(), Error> {
        for mut item in self.pre_exec {
            std::env::set_var(item.name, (item.store_fn)()?);
        }
        Ok(())
    }

    pub fn fork_restart(self) -> Result<(), Error> {
        // Get the path to our executable as CString
        let exe = CString::new(
            std::fs::read_link("/proc/self/exe")?
                .into_os_string()
                .as_bytes()
        )?;

        // Get our parameters as Vec<CString>
        let args = std::env::args_os();
        let mut new_args = Vec::with_capacity(args.len());
        for arg in args {
            new_args.push(CString::new(arg.as_bytes())?);
        }

        // Synchronisation pipe:
        let (pin, pout) = super::pipe()?;

        // Start ourselves in the background:
        use nix::unistd::{fork, ForkResult};
        match fork() {
            Ok(ForkResult::Child) => {
                // Double fork so systemd can supervise us without nagging...
                match fork() {
                    Ok(ForkResult::Child) => {
                        std::mem::drop(pin);
                        // At this point we call pre-exec helpers. We must be certain that if they fail for
                        // whatever reason we can still call `_exit()`, so use catch_unwind.
                        match std::panic::catch_unwind(move || {
                            let mut pout = unsafe {
                                std::fs::File::from_raw_fd(pout.into_raw_fd())
                            };
                            let pid = nix::unistd::Pid::this();
                            if let Err(e) = unsafe { pout.write_host_value(pid.as_raw()) } {
                                log::error!("failed to send new server PID to parent: {}", e);
                                unsafe {
                                    libc::_exit(-1);
                                }
                            }
                            std::mem::drop(pout);
                            self.do_exec(exe, new_args)
                        })
                        {
                            Ok(_) => eprintln!("do_exec returned unexpectedly!"),
                            Err(_) => eprintln!("panic in re-exec"),
                        }
                    }
                    Ok(ForkResult::Parent { child }) => {
                        std::mem::drop((pin, pout));
                        log::debug!("forked off a new server (second pid: {})", child);
                    }
                    Err(e) => log::error!("fork() failed, restart delayed: {}", e),
                }
                // No matter how we managed to get here, this is the time where we bail out quickly:
                unsafe {
                    libc::_exit(-1)
                }
            }
            Ok(ForkResult::Parent { child }) => {
                log::debug!("forked off a new server (first pid: {}), waiting for 2nd pid", child);
                std::mem::drop(pout);
                let mut pin = unsafe {
                    std::fs::File::from_raw_fd(pin.into_raw_fd())
                };
                let child = nix::unistd::Pid::from_raw(match unsafe { pin.read_le_value() } {
                    Ok(v) => v,
                    Err(e) => {
                        log::error!("failed to receive pid of double-forked child process: {}", e);
                        // systemd will complain but won't kill the service...
                        return Ok(());
                    }
                });

                if let Err(e) = systemd_notify(SystemdNotify::MainPid(child)) {
                    log::error!("failed to notify systemd about the new main pid: {}", e);
                }
                Ok(())
            }
            Err(e) => {
                log::error!("fork() failed, restart delayed: {}", e);
                Ok(())
            }
        }
    }

    fn do_exec(self, exe: CString, args: Vec<CString>) -> Result<(), Error> {
        self.pre_exec()?;
        nix::unistd::setsid()?;
        nix::unistd::execvp(&exe, &args)?;
        Ok(())
    }
}

// For now all we need to do is store and reuse a tcp listening socket:
impl Reloadable for tokio::net::TcpListener {
    // NOTE: The socket must not be closed when the store-function is called:
    // FIXME: We could become "independent" of the TcpListener and its reference to the file
    // descriptor by `dup()`ing it (and check if the listener still exists via kcmp()?)
    fn get_store_func(&self) -> Result<BoxedStoreFunc, Error> {
        let mut fd_opt = Some(tools::Fd(
            nix::fcntl::fcntl(self.as_raw_fd(), nix::fcntl::FcntlArg::F_DUPFD_CLOEXEC(0))?
        ));
        Ok(Box::new(move || {
            let fd = fd_opt.take().unwrap();
            fd_change_cloexec(fd.as_raw_fd(), false)?;
            Ok(fd.into_raw_fd().to_string())
        }))
    }

    fn restore(var: &str) -> Result<Self, Error> {
        let fd = var.parse::<u32>()
            .map_err(|e| format_err!("invalid file descriptor: {}", e))?
            as RawFd;
        fd_change_cloexec(fd, true)?;
        Ok(Self::from_std(
            unsafe { std::net::TcpListener::from_raw_fd(fd) },
        )?)
    }
}

pub struct NotifyReady;

impl Future for NotifyReady {
    type Output = Result<(), Error>;

    fn poll(self: Pin<&mut Self>, _cx: &mut Context) -> Poll<Result<(), Error>> {
        systemd_notify(SystemdNotify::Ready)?;
        Poll::Ready(Ok(()))
    }
}

/// This creates a future representing a daemon which reloads itself when receiving a SIGHUP.
/// If this is started regularly, a listening socket is created. In this case, the file descriptor
/// number will be remembered in `PROXMOX_BACKUP_LISTEN_FD`.
/// If the variable already exists, its contents will instead be used to restore the listening
/// socket.  The finished listening socket is then passed to the `create_service` function which
/// can be used to setup the TLS and the HTTP daemon.
pub async fn create_daemon<F, S>(
    address: std::net::SocketAddr,
    create_service: F,
) -> Result<(), Error>
where
    F: FnOnce(tokio::net::TcpListener, NotifyReady) -> Result<S, Error>,
    S: Future<Output = ()>,
{
    let mut reloader = Reloader::new();

    let listener: tokio::net::TcpListener = reloader.restore(
        "PROXMOX_BACKUP_LISTEN_FD",
        move || async move { Ok(tokio::net::TcpListener::bind(&address).await?) },
    ).await?;

    create_service(listener, NotifyReady)?.await;

    let mut reloader = Some(reloader);

    crate::tools::request_shutdown(); // make sure we are in shutdown mode
    if server::is_reload_request() {
        log::info!("daemon reload...");
        if let Err(e) = systemd_notify(SystemdNotify::Reloading) {
            log::error!("failed to notify systemd about the state change: {}", e);
        }
        if let Err(e) = reloader.take().unwrap().fork_restart() {
            log::error!("error during reload: {}", e);
            let _ = systemd_notify(SystemdNotify::Status("error during reload".to_string()));
        }
    } else {
        log::info!("daemon shutting down...");
    }
    Ok(())
}

#[link(name = "systemd")]
extern "C" {
    fn sd_notify(unset_environment: c_int, state: *const c_char) -> c_int;
}

pub enum SystemdNotify {
    Ready,
    Reloading,
    Stopping,
    Status(String),
    MainPid(nix::unistd::Pid),
}

pub fn systemd_notify(state: SystemdNotify) -> Result<(), Error> {
    let message = match state {
        SystemdNotify::Ready => CString::new("READY=1"),
        SystemdNotify::Reloading => CString::new("RELOADING=1"),
        SystemdNotify::Stopping => CString::new("STOPPING=1"),
        SystemdNotify::Status(msg) => CString::new(format!("STATUS={}", msg)),
        SystemdNotify::MainPid(pid) => CString::new(format!("MAINPID={}", pid)),
    }?;
    let rc = unsafe { sd_notify(0, message.as_ptr()) };
    if rc < 0 {
        bail!(
            "systemd_notify failed: {}",
            std::io::Error::from_raw_os_error(-rc),
        );
    }
    Ok(())
}
Commit	Line	Data
dce94d0e WB	1	//! Helpers for daemons/services.
	2
	3	use std::ffi::CString;
083ff3fd	4	use std::future::Future;
9c351a36	5	use std::os::raw::{c_char, c_int};
620dccf1	6	use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd, RawFd};
dce94d0e WB	7	use std::os::unix::ffi::OsStrExt;
dce94d0e WB	8	use std::panic::UnwindSafe;
083ff3fd WB	9	use std::pin::Pin;
083ff3fd WB	10	use std::task::{Context, Poll};
dce94d0e WB	11
dce94d0e WB	12	use failure::*;
4422ba2c	13
ca3c3ce9 WB	14	use proxmox::tools::io::{ReadExt, WriteExt};
ca3c3ce9 WB	15
e3f41f21	16	use crate::server;
620dccf1	17	use crate::tools::{fd_change_cloexec, self};
dce94d0e WB	18
dce94d0e WB	19	// Unfortunately FnBox is nightly-only and Box<FnOnce> is unusable, so just use Box<Fn>...
620dccf1	20	pub type BoxedStoreFunc = Box<dyn FnMut() -> Result<String, Error> + UnwindSafe + Send>;
dce94d0e WB	21
	22	/// Helper trait to "store" something in the environment to be re-used after re-executing the
	23	/// service on a reload.
e4311382	24	pub trait Reloadable: Sized {
dce94d0e	25	fn restore(var: &str) -> Result<Self, Error>;
620dccf1	26	fn get_store_func(&self) -> Result<BoxedStoreFunc, Error>;
dce94d0e WB	27	}
	28
	29	/// Manages things to be stored and reloaded upon reexec.
	30	/// Anything which should be restorable should be instantiated via this struct's `restore` method,
62ee2eb4	31	#[derive(Default)]
e4311382	32	pub struct Reloader {
dce94d0e WB	33	pre_exec: Vec<PreExecEntry>,
	34	}
	35
	36	// Currently we only need environment variables for storage, but in theory we could also add
	37	// variants which need temporary files or pipes...
	38	struct PreExecEntry {
	39	name: &'static str, // Feel free to change to String if necessary...
	40	store_fn: BoxedStoreFunc,
	41	}
	42
e4311382	43	impl Reloader {
dce94d0e WB	44	pub fn new() -> Self {
	45	Self {
	46	pre_exec: Vec::new(),
	47	}
	48	}
	49
	50	/// Restore an object from an environment variable of the given name, or, if none exists, uses
	51	/// the function provided in the `or_create` parameter to instantiate the new "first" instance.
	52	///
	53	/// Values created via this method will be remembered for later re-execution.
083ff3fd	54	pub async fn restore<T, F, U>(&mut self, name: &'static str, or_create: F) -> Result<T, Error>
dce94d0e	55	where
e4311382	56	T: Reloadable,
083ff3fd WB	57	F: FnOnce() -> U,
083ff3fd WB	58	U: Future<Output = Result<T, Error>>,
dce94d0e WB	59	{
	60	let res = match std::env::var(name) {
	61	Ok(varstr) => T::restore(&varstr)?,
083ff3fd	62	Err(std::env::VarError::NotPresent) => or_create().await?,
dce94d0e WB	63	Err(_) => bail!("variable {} has invalid value", name),
	64	};
	65
	66	self.pre_exec.push(PreExecEntry {
	67	name,
620dccf1	68	store_fn: res.get_store_func()?,
dce94d0e WB	69	});
	70	Ok(res)
	71	}
	72
	73	fn pre_exec(self) -> Result<(), Error> {
620dccf1	74	for mut item in self.pre_exec {
dce94d0e WB	75	std::env::set_var(item.name, (item.store_fn)()?);
	76	}
	77	Ok(())
	78	}
	79
	80	pub fn fork_restart(self) -> Result<(), Error> {
	81	// Get the path to our executable as CString
	82	let exe = CString::new(
	83	std::fs::read_link("/proc/self/exe")?
	84	.into_os_string()
	85	.as_bytes()
	86	)?;
	87
	88	// Get our parameters as Vec<CString>
	89	let args = std::env::args_os();
	90	let mut new_args = Vec::with_capacity(args.len());
	91	for arg in args {
	92	new_args.push(CString::new(arg.as_bytes())?);
	93	}
	94
5e5eed5c WB	95	// Synchronisation pipe:
	96	let (pin, pout) = super::pipe()?;
	97
dce94d0e WB	98	// Start ourselves in the background:
	99	use nix::unistd::{fork, ForkResult};
	100	match fork() {
	101	Ok(ForkResult::Child) => {
5e5eed5c WB	102	// Double fork so systemd can supervise us without nagging...
	103	match fork() {
	104	Ok(ForkResult::Child) => {
	105	std::mem::drop(pin);
	106	// At this point we call pre-exec helpers. We must be certain that if they fail for
	107	// whatever reason we can still call `_exit()`, so use catch_unwind.
	108	match std::panic::catch_unwind(move \|\| {
	109	let mut pout = unsafe {
	110	std::fs::File::from_raw_fd(pout.into_raw_fd())
	111	};
	112	let pid = nix::unistd::Pid::this();
ca3c3ce9	113	if let Err(e) = unsafe { pout.write_host_value(pid.as_raw()) } {
5e5eed5c WB	114	log::error!("failed to send new server PID to parent: {}", e);
	115	unsafe {
	116	libc::_exit(-1);
	117	}
	118	}
	119	std::mem::drop(pout);
	120	self.do_exec(exe, new_args)
	121	})
	122	{
	123	Ok(_) => eprintln!("do_exec returned unexpectedly!"),
	124	Err(_) => eprintln!("panic in re-exec"),
	125	}
	126	}
	127	Ok(ForkResult::Parent { child }) => {
	128	std::mem::drop((pin, pout));
	129	log::debug!("forked off a new server (second pid: {})", child);
	130	}
	131	Err(e) => log::error!("fork() failed, restart delayed: {}", e),
dce94d0e WB	132	}
	133	// No matter how we managed to get here, this is the time where we bail out quickly:
	134	unsafe {
	135	libc::_exit(-1)
	136	}
	137	}
	138	Ok(ForkResult::Parent { child }) => {
5e5eed5c WB	139	log::debug!("forked off a new server (first pid: {}), waiting for 2nd pid", child);
	140	std::mem::drop(pout);
	141	let mut pin = unsafe {
	142	std::fs::File::from_raw_fd(pin.into_raw_fd())
	143	};
ca3c3ce9	144	let child = nix::unistd::Pid::from_raw(match unsafe { pin.read_le_value() } {
5e5eed5c WB	145	Ok(v) => v,
	146	Err(e) => {
	147	log::error!("failed to receive pid of double-forked child process: {}", e);
	148	// systemd will complain but won't kill the service...
	149	return Ok(());
	150	}
	151	});
	152
d98c9a7a WB	153	if let Err(e) = systemd_notify(SystemdNotify::MainPid(child)) {
	154	log::error!("failed to notify systemd about the new main pid: {}", e);
	155	}
dce94d0e WB	156	Ok(())
	157	}
	158	Err(e) => {
5e5eed5c	159	log::error!("fork() failed, restart delayed: {}", e);
dce94d0e WB	160	Ok(())
	161	}
	162	}
	163	}
	164
	165	fn do_exec(self, exe: CString, args: Vec<CString>) -> Result<(), Error> {
	166	self.pre_exec()?;
	167	nix::unistd::setsid()?;
	168	nix::unistd::execvp(&exe, &args)?;
	169	Ok(())
	170	}
	171	}
4422ba2c	172
af70c181	173	// For now all we need to do is store and reuse a tcp listening socket:
e4311382	174	impl Reloadable for tokio::net::TcpListener {
af70c181 WB	175	// NOTE: The socket must not be closed when the store-function is called:
	176	// FIXME: We could become "independent" of the TcpListener and its reference to the file
	177	// descriptor by `dup()`ing it (and check if the listener still exists via kcmp()?)
620dccf1 WB	178	fn get_store_func(&self) -> Result<BoxedStoreFunc, Error> {
	179	let mut fd_opt = Some(tools::Fd(
	180	nix::fcntl::fcntl(self.as_raw_fd(), nix::fcntl::FcntlArg::F_DUPFD_CLOEXEC(0))?
	181	));
	182	Ok(Box::new(move \|\| {
	183	let fd = fd_opt.take().unwrap();
	184	fd_change_cloexec(fd.as_raw_fd(), false)?;
	185	Ok(fd.into_raw_fd().to_string())
	186	}))
af70c181 WB	187	}
	188
	189	fn restore(var: &str) -> Result<Self, Error> {
	190	let fd = var.parse::<u32>()
	191	.map_err(\|e\| format_err!("invalid file descriptor: {}", e))?
	192	as RawFd;
	193	fd_change_cloexec(fd, true)?;
	194	Ok(Self::from_std(
	195	unsafe { std::net::TcpListener::from_raw_fd(fd) },
af70c181 WB	196	)?)
	197	}
	198	}
a690ecac	199
083ff3fd WB	200	pub struct NotifyReady;
	201
	202	impl Future for NotifyReady {
	203	type Output = Result<(), Error>;
	204
	205	fn poll(self: Pin<&mut Self>, _cx: &mut Context) -> Poll<Result<(), Error>> {
	206	systemd_notify(SystemdNotify::Ready)?;
	207	Poll::Ready(Ok(()))
	208	}
	209	}
	210
a690ecac WB	211	/// This creates a future representing a daemon which reloads itself when receiving a SIGHUP.
	212	/// If this is started regularly, a listening socket is created. In this case, the file descriptor
	213	/// number will be remembered in `PROXMOX_BACKUP_LISTEN_FD`.
	214	/// If the variable already exists, its contents will instead be used to restore the listening
	215	/// socket. The finished listening socket is then passed to the `create_service` function which
	216	/// can be used to setup the TLS and the HTTP daemon.
083ff3fd	217	pub async fn create_daemon<F, S>(
a690ecac WB	218	address: std::net::SocketAddr,
a690ecac WB	219	create_service: F,
083ff3fd	220	) -> Result<(), Error>
a690ecac	221	where
083ff3fd	222	F: FnOnce(tokio::net::TcpListener, NotifyReady) -> Result<S, Error>,
0f5856ac	223	S: Future<Output = ()>,
a690ecac WB	224	{
	225	let mut reloader = Reloader::new();
	226
	227	let listener: tokio::net::TcpListener = reloader.restore(
	228	"PROXMOX_BACKUP_LISTEN_FD",
083ff3fd WB	229	move \|\| async move { Ok(tokio::net::TcpListener::bind(&address).await?) },
083ff3fd WB	230	).await?;
a690ecac	231
083ff3fd	232	create_service(listener, NotifyReady)?.await;
a690ecac	233
a690ecac WB	234	let mut reloader = Some(reloader);
a690ecac WB	235
083ff3fd WB	236	crate::tools::request_shutdown(); // make sure we are in shutdown mode
	237	if server::is_reload_request() {
	238	log::info!("daemon reload...");
	239	if let Err(e) = systemd_notify(SystemdNotify::Reloading) {
	240	log::error!("failed to notify systemd about the state change: {}", e);
	241	}
	242	if let Err(e) = reloader.take().unwrap().fork_restart() {
	243	log::error!("error during reload: {}", e);
62ee2eb4	244	let _ = systemd_notify(SystemdNotify::Status("error during reload".to_string()));
083ff3fd WB	245	}
	246	} else {
	247	log::info!("daemon shutting down...");
	248	}
	249	Ok(())
a690ecac	250	}
9c351a36 WB	251
	252	#[link(name = "systemd")]
	253	extern "C" {
	254	fn sd_notify(unset_environment: c_int, state: *const c_char) -> c_int;
	255	}
	256
	257	pub enum SystemdNotify {
	258	Ready,
	259	Reloading,
	260	Stopping,
	261	Status(String),
	262	MainPid(nix::unistd::Pid),
	263	}
	264
	265	pub fn systemd_notify(state: SystemdNotify) -> Result<(), Error> {
	266	let message = match state {
	267	SystemdNotify::Ready => CString::new("READY=1"),
	268	SystemdNotify::Reloading => CString::new("RELOADING=1"),
	269	SystemdNotify::Stopping => CString::new("STOPPING=1"),
	270	SystemdNotify::Status(msg) => CString::new(format!("STATUS={}", msg)),
	271	SystemdNotify::MainPid(pid) => CString::new(format!("MAINPID={}", pid)),
	272	}?;
	273	let rc = unsafe { sd_notify(0, message.as_ptr()) };
	274	if rc < 0 {
	275	bail!(
	276	"systemd_notify failed: {}",
	277	std::io::Error::from_raw_os_error(-rc),
	278	);
	279	}
	280	Ok(())
	281	}