]>
Commit | Line | Data |
---|---|---|
1 | use std::sync::Arc; | |
2 | use std::path::{Path, PathBuf}; | |
3 | use std::pin::Pin; | |
4 | use std::os::unix::io::AsRawFd; | |
5 | ||
6 | use anyhow::{bail, format_err, Error}; | |
7 | use futures::*; | |
8 | ||
9 | use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype}; | |
10 | use tokio_stream::wrappers::ReceiverStream; | |
11 | use serde_json::Value; | |
12 | ||
13 | use proxmox::try_block; | |
14 | use proxmox::api::RpcEnvironmentType; | |
15 | ||
16 | use proxmox_backup::{ | |
17 | backup::DataStore, | |
18 | server::{ | |
19 | auth::default_api_auth, | |
20 | WorkerTask, | |
21 | ApiConfig, | |
22 | rest::*, | |
23 | jobstate::{ | |
24 | self, | |
25 | Job, | |
26 | }, | |
27 | rotate_task_log_archive, | |
28 | }, | |
29 | tools::systemd::time::{ | |
30 | parse_calendar_event, | |
31 | compute_next_event, | |
32 | }, | |
33 | }; | |
34 | ||
35 | ||
36 | use proxmox_backup::api2::types::Authid; | |
37 | use proxmox_backup::configdir; | |
38 | use proxmox_backup::buildcfg; | |
39 | use proxmox_backup::server; | |
40 | use proxmox_backup::auth_helpers::*; | |
41 | use proxmox_backup::tools::{ | |
42 | daemon, | |
43 | disks::{ | |
44 | DiskManage, | |
45 | zfs_pool_stats, | |
46 | get_pool_from_dataset, | |
47 | }, | |
48 | logrotate::LogRotate, | |
49 | socket::{ | |
50 | set_tcp_keepalive, | |
51 | PROXMOX_BACKUP_TCP_KEEPALIVE_TIME, | |
52 | }, | |
53 | }; | |
54 | ||
55 | use proxmox_backup::api2::pull::do_sync_job; | |
56 | use proxmox_backup::api2::tape::backup::do_tape_backup_job; | |
57 | use proxmox_backup::server::do_verification_job; | |
58 | use proxmox_backup::server::do_prune_job; | |
59 | ||
60 | fn main() -> Result<(), Error> { | |
61 | proxmox_backup::tools::setup_safe_path_env(); | |
62 | ||
63 | let backup_uid = proxmox_backup::backup::backup_user()?.uid; | |
64 | let backup_gid = proxmox_backup::backup::backup_group()?.gid; | |
65 | let running_uid = nix::unistd::Uid::effective(); | |
66 | let running_gid = nix::unistd::Gid::effective(); | |
67 | ||
68 | if running_uid != backup_uid || running_gid != backup_gid { | |
69 | bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid); | |
70 | } | |
71 | ||
72 | proxmox_backup::tools::runtime::main(run()) | |
73 | } | |
74 | ||
75 | async fn run() -> Result<(), Error> { | |
76 | if let Err(err) = syslog::init( | |
77 | syslog::Facility::LOG_DAEMON, | |
78 | log::LevelFilter::Info, | |
79 | Some("proxmox-backup-proxy")) { | |
80 | bail!("unable to inititialize syslog - {}", err); | |
81 | } | |
82 | ||
83 | // Note: To debug early connection error use | |
84 | // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy | |
85 | let debug = std::env::var("PROXMOX_DEBUG").is_ok(); | |
86 | ||
87 | let _ = public_auth_key(); // load with lazy_static | |
88 | let _ = csrf_secret(); // load with lazy_static | |
89 | ||
90 | let mut config = ApiConfig::new( | |
91 | buildcfg::JS_DIR, | |
92 | &proxmox_backup::api2::ROUTER, | |
93 | RpcEnvironmentType::PUBLIC, | |
94 | default_api_auth(), | |
95 | )?; | |
96 | ||
97 | config.add_alias("novnc", "/usr/share/novnc-pve"); | |
98 | config.add_alias("extjs", "/usr/share/javascript/extjs"); | |
99 | config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs"); | |
100 | config.add_alias("fontawesome", "/usr/share/fonts-font-awesome"); | |
101 | config.add_alias("xtermjs", "/usr/share/pve-xtermjs"); | |
102 | config.add_alias("locale", "/usr/share/pbs-i18n"); | |
103 | config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit"); | |
104 | config.add_alias("docs", "/usr/share/doc/proxmox-backup/html"); | |
105 | ||
106 | let mut indexpath = PathBuf::from(buildcfg::JS_DIR); | |
107 | indexpath.push("index.hbs"); | |
108 | config.register_template("index", &indexpath)?; | |
109 | config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?; | |
110 | ||
111 | let mut commando_sock = server::CommandoSocket::new(server::our_ctrl_sock()); | |
112 | ||
113 | config.enable_file_log(buildcfg::API_ACCESS_LOG_FN, &mut commando_sock)?; | |
114 | ||
115 | let rest_server = RestServer::new(config); | |
116 | ||
117 | //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes | |
118 | ||
119 | // we build the initial acceptor here as we cannot start if this fails - certificate reloads | |
120 | // will be handled inside the accept loop and simply log an error if we cannot load the new | |
121 | // certificate! | |
122 | let acceptor = make_tls_acceptor()?; | |
123 | ||
124 | // to renew the acceptor we just let a command-socket handler trigger a Notify: | |
125 | let notify_tls_cert_reload = Arc::new(tokio::sync::Notify::new()); | |
126 | commando_sock.register_command( | |
127 | "reload-certificate".to_string(), | |
128 | { | |
129 | let notify_tls_cert_reload = Arc::clone(¬ify_tls_cert_reload); | |
130 | move |_value| -> Result<_, Error> { | |
131 | notify_tls_cert_reload.notify_one(); | |
132 | Ok(Value::Null) | |
133 | } | |
134 | }, | |
135 | )?; | |
136 | ||
137 | let server = daemon::create_daemon( | |
138 | ([0,0,0,0,0,0,0,0], 8007).into(), | |
139 | move |listener, ready| { | |
140 | ||
141 | let connections = accept_connections(listener, acceptor, debug, notify_tls_cert_reload); | |
142 | let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections)); | |
143 | ||
144 | Ok(ready | |
145 | .and_then(|_| hyper::Server::builder(connections) | |
146 | .serve(rest_server) | |
147 | .with_graceful_shutdown(server::shutdown_future()) | |
148 | .map_err(Error::from) | |
149 | ) | |
150 | .map_err(|err| eprintln!("server error: {}", err)) | |
151 | .map(|_| ()) | |
152 | ) | |
153 | }, | |
154 | "proxmox-backup-proxy.service", | |
155 | ); | |
156 | ||
157 | server::write_pid(buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?; | |
158 | daemon::systemd_notify(daemon::SystemdNotify::Ready)?; | |
159 | ||
160 | let init_result: Result<(), Error> = try_block!({ | |
161 | server::register_task_control_commands(&mut commando_sock)?; | |
162 | commando_sock.spawn()?; | |
163 | server::server_state_init()?; | |
164 | Ok(()) | |
165 | }); | |
166 | ||
167 | if let Err(err) = init_result { | |
168 | bail!("unable to start daemon - {}", err); | |
169 | } | |
170 | ||
171 | start_task_scheduler(); | |
172 | start_stat_generator(); | |
173 | ||
174 | server.await?; | |
175 | log::info!("server shutting down, waiting for active workers to complete"); | |
176 | proxmox_backup::server::last_worker_future().await?; | |
177 | log::info!("done - exit server"); | |
178 | ||
179 | Ok(()) | |
180 | } | |
181 | ||
182 | fn make_tls_acceptor() -> Result<Arc<SslAcceptor>, Error> { | |
183 | let key_path = configdir!("/proxy.key"); | |
184 | let cert_path = configdir!("/proxy.pem"); | |
185 | ||
186 | let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); | |
187 | acceptor.set_private_key_file(key_path, SslFiletype::PEM) | |
188 | .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?; | |
189 | acceptor.set_certificate_chain_file(cert_path) | |
190 | .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?; | |
191 | acceptor.check_private_key().unwrap(); | |
192 | ||
193 | Ok(Arc::new(acceptor.build())) | |
194 | } | |
195 | ||
196 | type ClientStreamResult = | |
197 | Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>; | |
198 | const MAX_PENDING_ACCEPTS: usize = 1024; | |
199 | ||
200 | fn accept_connections( | |
201 | listener: tokio::net::TcpListener, | |
202 | acceptor: Arc<openssl::ssl::SslAcceptor>, | |
203 | debug: bool, | |
204 | notify_tls_cert_reload: Arc<tokio::sync::Notify>, | |
205 | ) -> tokio::sync::mpsc::Receiver<ClientStreamResult> { | |
206 | ||
207 | let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS); | |
208 | ||
209 | tokio::spawn(accept_connection(listener, acceptor, debug, sender, notify_tls_cert_reload)); | |
210 | ||
211 | receiver | |
212 | } | |
213 | ||
214 | async fn accept_connection( | |
215 | listener: tokio::net::TcpListener, | |
216 | mut acceptor: Arc<openssl::ssl::SslAcceptor>, | |
217 | debug: bool, | |
218 | sender: tokio::sync::mpsc::Sender<ClientStreamResult>, | |
219 | notify_tls_cert_reload: Arc<tokio::sync::Notify>, | |
220 | ) { | |
221 | let accept_counter = Arc::new(()); | |
222 | ||
223 | // Note that these must not be moved out/modified directly, they get pinned in the loop and | |
224 | // "rearmed" after waking up: | |
225 | let mut reload_tls = notify_tls_cert_reload.notified(); | |
226 | let mut accept = listener.accept(); | |
227 | ||
228 | loop { | |
229 | let sock; | |
230 | ||
231 | // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we | |
232 | // need to be able to "rearm" the futures: | |
233 | let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) }; | |
234 | let accept_pin = unsafe { Pin::new_unchecked(&mut accept) }; | |
235 | tokio::select! { | |
236 | _ = reload_tls_pin => { | |
237 | // rearm the notification: | |
238 | reload_tls = notify_tls_cert_reload.notified(); | |
239 | ||
240 | log::info!("reloading certificate"); | |
241 | match make_tls_acceptor() { | |
242 | Err(err) => eprintln!("error reloading certificate: {}", err), | |
243 | Ok(new_acceptor) => acceptor = new_acceptor, | |
244 | } | |
245 | continue; | |
246 | } | |
247 | res = accept_pin => match res { | |
248 | Err(err) => { | |
249 | eprintln!("error accepting tcp connection: {}", err); | |
250 | continue; | |
251 | } | |
252 | Ok((new_sock, _addr)) => { | |
253 | // rearm the accept future: | |
254 | accept = listener.accept(); | |
255 | ||
256 | sock = new_sock; | |
257 | } | |
258 | } | |
259 | }; | |
260 | ||
261 | sock.set_nodelay(true).unwrap(); | |
262 | let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME); | |
263 | let acceptor = Arc::clone(&acceptor); | |
264 | ||
265 | let ssl = match openssl::ssl::Ssl::new(acceptor.context()) { | |
266 | Ok(ssl) => ssl, | |
267 | Err(err) => { | |
268 | eprintln!("failed to create Ssl object from Acceptor context - {}", err); | |
269 | continue; | |
270 | }, | |
271 | }; | |
272 | let stream = match tokio_openssl::SslStream::new(ssl, sock) { | |
273 | Ok(stream) => stream, | |
274 | Err(err) => { | |
275 | eprintln!("failed to create SslStream using ssl and connection socket - {}", err); | |
276 | continue; | |
277 | }, | |
278 | }; | |
279 | ||
280 | let mut stream = Box::pin(stream); | |
281 | let sender = sender.clone(); | |
282 | ||
283 | if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS { | |
284 | eprintln!("connection rejected - to many open connections"); | |
285 | continue; | |
286 | } | |
287 | ||
288 | let accept_counter = Arc::clone(&accept_counter); | |
289 | tokio::spawn(async move { | |
290 | let accept_future = tokio::time::timeout( | |
291 | Duration::new(10, 0), stream.as_mut().accept()); | |
292 | ||
293 | let result = accept_future.await; | |
294 | ||
295 | match result { | |
296 | Ok(Ok(())) => { | |
297 | if sender.send(Ok(stream)).await.is_err() && debug { | |
298 | eprintln!("detect closed connection channel"); | |
299 | } | |
300 | } | |
301 | Ok(Err(err)) => { | |
302 | if debug { | |
303 | eprintln!("https handshake failed - {}", err); | |
304 | } | |
305 | } | |
306 | Err(_) => { | |
307 | if debug { | |
308 | eprintln!("https handshake timeout"); | |
309 | } | |
310 | } | |
311 | } | |
312 | ||
313 | drop(accept_counter); // decrease reference count | |
314 | }); | |
315 | } | |
316 | } | |
317 | ||
318 | fn start_stat_generator() { | |
319 | let abort_future = server::shutdown_future(); | |
320 | let future = Box::pin(run_stat_generator()); | |
321 | let task = futures::future::select(future, abort_future); | |
322 | tokio::spawn(task.map(|_| ())); | |
323 | } | |
324 | ||
325 | fn start_task_scheduler() { | |
326 | let abort_future = server::shutdown_future(); | |
327 | let future = Box::pin(run_task_scheduler()); | |
328 | let task = futures::future::select(future, abort_future); | |
329 | tokio::spawn(task.map(|_| ())); | |
330 | } | |
331 | ||
332 | use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH}; | |
333 | ||
334 | fn next_minute() -> Result<Instant, Error> { | |
335 | let now = SystemTime::now(); | |
336 | let epoch_now = now.duration_since(UNIX_EPOCH)?; | |
337 | let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60); | |
338 | Ok(Instant::now() + epoch_next - epoch_now) | |
339 | } | |
340 | ||
341 | async fn run_task_scheduler() { | |
342 | ||
343 | let mut count: usize = 0; | |
344 | ||
345 | loop { | |
346 | count += 1; | |
347 | ||
348 | let delay_target = match next_minute() { // try to run very minute | |
349 | Ok(d) => d, | |
350 | Err(err) => { | |
351 | eprintln!("task scheduler: compute next minute failed - {}", err); | |
352 | tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await; | |
353 | continue; | |
354 | } | |
355 | }; | |
356 | ||
357 | if count > 2 { // wait 1..2 minutes before starting | |
358 | match schedule_tasks().catch_unwind().await { | |
359 | Err(panic) => { | |
360 | match panic.downcast::<&str>() { | |
361 | Ok(msg) => { | |
362 | eprintln!("task scheduler panic: {}", msg); | |
363 | } | |
364 | Err(_) => { | |
365 | eprintln!("task scheduler panic - unknown type"); | |
366 | } | |
367 | } | |
368 | } | |
369 | Ok(Err(err)) => { | |
370 | eprintln!("task scheduler failed - {:?}", err); | |
371 | } | |
372 | Ok(Ok(_)) => {} | |
373 | } | |
374 | } | |
375 | ||
376 | tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await; | |
377 | } | |
378 | } | |
379 | ||
380 | async fn schedule_tasks() -> Result<(), Error> { | |
381 | ||
382 | schedule_datastore_garbage_collection().await; | |
383 | schedule_datastore_prune().await; | |
384 | schedule_datastore_sync_jobs().await; | |
385 | schedule_datastore_verify_jobs().await; | |
386 | schedule_tape_backup_jobs().await; | |
387 | schedule_task_log_rotate().await; | |
388 | ||
389 | Ok(()) | |
390 | } | |
391 | ||
392 | async fn schedule_datastore_garbage_collection() { | |
393 | ||
394 | use proxmox_backup::config::{ | |
395 | datastore::{ | |
396 | self, | |
397 | DataStoreConfig, | |
398 | }, | |
399 | }; | |
400 | ||
401 | let config = match datastore::config() { | |
402 | Err(err) => { | |
403 | eprintln!("unable to read datastore config - {}", err); | |
404 | return; | |
405 | } | |
406 | Ok((config, _digest)) => config, | |
407 | }; | |
408 | ||
409 | for (store, (_, store_config)) in config.sections { | |
410 | let datastore = match DataStore::lookup_datastore(&store) { | |
411 | Ok(datastore) => datastore, | |
412 | Err(err) => { | |
413 | eprintln!("lookup_datastore failed - {}", err); | |
414 | continue; | |
415 | } | |
416 | }; | |
417 | ||
418 | let store_config: DataStoreConfig = match serde_json::from_value(store_config) { | |
419 | Ok(c) => c, | |
420 | Err(err) => { | |
421 | eprintln!("datastore config from_value failed - {}", err); | |
422 | continue; | |
423 | } | |
424 | }; | |
425 | ||
426 | let event_str = match store_config.gc_schedule { | |
427 | Some(event_str) => event_str, | |
428 | None => continue, | |
429 | }; | |
430 | ||
431 | let event = match parse_calendar_event(&event_str) { | |
432 | Ok(event) => event, | |
433 | Err(err) => { | |
434 | eprintln!("unable to parse schedule '{}' - {}", event_str, err); | |
435 | continue; | |
436 | } | |
437 | }; | |
438 | ||
439 | if datastore.garbage_collection_running() { continue; } | |
440 | ||
441 | let worker_type = "garbage_collection"; | |
442 | ||
443 | let last = match jobstate::last_run_time(worker_type, &store) { | |
444 | Ok(time) => time, | |
445 | Err(err) => { | |
446 | eprintln!("could not get last run time of {} {}: {}", worker_type, store, err); | |
447 | continue; | |
448 | } | |
449 | }; | |
450 | ||
451 | let next = match compute_next_event(&event, last, false) { | |
452 | Ok(Some(next)) => next, | |
453 | Ok(None) => continue, | |
454 | Err(err) => { | |
455 | eprintln!("compute_next_event for '{}' failed - {}", event_str, err); | |
456 | continue; | |
457 | } | |
458 | }; | |
459 | ||
460 | let now = proxmox::tools::time::epoch_i64(); | |
461 | ||
462 | if next > now { continue; } | |
463 | ||
464 | let job = match Job::new(worker_type, &store) { | |
465 | Ok(job) => job, | |
466 | Err(_) => continue, // could not get lock | |
467 | }; | |
468 | ||
469 | let auth_id = Authid::root_auth_id(); | |
470 | ||
471 | if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) { | |
472 | eprintln!("unable to start garbage collection job on datastore {} - {}", store, err); | |
473 | } | |
474 | } | |
475 | } | |
476 | ||
477 | async fn schedule_datastore_prune() { | |
478 | ||
479 | use proxmox_backup::{ | |
480 | backup::{ | |
481 | PruneOptions, | |
482 | }, | |
483 | config::datastore::{ | |
484 | self, | |
485 | DataStoreConfig, | |
486 | }, | |
487 | }; | |
488 | ||
489 | let config = match datastore::config() { | |
490 | Err(err) => { | |
491 | eprintln!("unable to read datastore config - {}", err); | |
492 | return; | |
493 | } | |
494 | Ok((config, _digest)) => config, | |
495 | }; | |
496 | ||
497 | for (store, (_, store_config)) in config.sections { | |
498 | ||
499 | let store_config: DataStoreConfig = match serde_json::from_value(store_config) { | |
500 | Ok(c) => c, | |
501 | Err(err) => { | |
502 | eprintln!("datastore '{}' config from_value failed - {}", store, err); | |
503 | continue; | |
504 | } | |
505 | }; | |
506 | ||
507 | let event_str = match store_config.prune_schedule { | |
508 | Some(event_str) => event_str, | |
509 | None => continue, | |
510 | }; | |
511 | ||
512 | let prune_options = PruneOptions { | |
513 | keep_last: store_config.keep_last, | |
514 | keep_hourly: store_config.keep_hourly, | |
515 | keep_daily: store_config.keep_daily, | |
516 | keep_weekly: store_config.keep_weekly, | |
517 | keep_monthly: store_config.keep_monthly, | |
518 | keep_yearly: store_config.keep_yearly, | |
519 | }; | |
520 | ||
521 | if !prune_options.keeps_something() { // no prune settings - keep all | |
522 | continue; | |
523 | } | |
524 | ||
525 | let worker_type = "prune"; | |
526 | if check_schedule(worker_type, &event_str, &store) { | |
527 | let job = match Job::new(worker_type, &store) { | |
528 | Ok(job) => job, | |
529 | Err(_) => continue, // could not get lock | |
530 | }; | |
531 | ||
532 | let auth_id = Authid::root_auth_id().clone(); | |
533 | if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) { | |
534 | eprintln!("unable to start datastore prune job {} - {}", &store, err); | |
535 | } | |
536 | }; | |
537 | } | |
538 | } | |
539 | ||
540 | async fn schedule_datastore_sync_jobs() { | |
541 | ||
542 | use proxmox_backup::config::sync::{ | |
543 | self, | |
544 | SyncJobConfig, | |
545 | }; | |
546 | ||
547 | let config = match sync::config() { | |
548 | Err(err) => { | |
549 | eprintln!("unable to read sync job config - {}", err); | |
550 | return; | |
551 | } | |
552 | Ok((config, _digest)) => config, | |
553 | }; | |
554 | ||
555 | for (job_id, (_, job_config)) in config.sections { | |
556 | let job_config: SyncJobConfig = match serde_json::from_value(job_config) { | |
557 | Ok(c) => c, | |
558 | Err(err) => { | |
559 | eprintln!("sync job config from_value failed - {}", err); | |
560 | continue; | |
561 | } | |
562 | }; | |
563 | ||
564 | let event_str = match job_config.schedule { | |
565 | Some(ref event_str) => event_str.clone(), | |
566 | None => continue, | |
567 | }; | |
568 | ||
569 | let worker_type = "syncjob"; | |
570 | if check_schedule(worker_type, &event_str, &job_id) { | |
571 | let job = match Job::new(worker_type, &job_id) { | |
572 | Ok(job) => job, | |
573 | Err(_) => continue, // could not get lock | |
574 | }; | |
575 | ||
576 | let auth_id = Authid::root_auth_id().clone(); | |
577 | if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str)) { | |
578 | eprintln!("unable to start datastore sync job {} - {}", &job_id, err); | |
579 | } | |
580 | }; | |
581 | } | |
582 | } | |
583 | ||
584 | async fn schedule_datastore_verify_jobs() { | |
585 | ||
586 | use proxmox_backup::config::verify::{ | |
587 | self, | |
588 | VerificationJobConfig, | |
589 | }; | |
590 | ||
591 | let config = match verify::config() { | |
592 | Err(err) => { | |
593 | eprintln!("unable to read verification job config - {}", err); | |
594 | return; | |
595 | } | |
596 | Ok((config, _digest)) => config, | |
597 | }; | |
598 | for (job_id, (_, job_config)) in config.sections { | |
599 | let job_config: VerificationJobConfig = match serde_json::from_value(job_config) { | |
600 | Ok(c) => c, | |
601 | Err(err) => { | |
602 | eprintln!("verification job config from_value failed - {}", err); | |
603 | continue; | |
604 | } | |
605 | }; | |
606 | let event_str = match job_config.schedule { | |
607 | Some(ref event_str) => event_str.clone(), | |
608 | None => continue, | |
609 | }; | |
610 | ||
611 | let worker_type = "verificationjob"; | |
612 | let auth_id = Authid::root_auth_id().clone(); | |
613 | if check_schedule(worker_type, &event_str, &job_id) { | |
614 | let job = match Job::new(&worker_type, &job_id) { | |
615 | Ok(job) => job, | |
616 | Err(_) => continue, // could not get lock | |
617 | }; | |
618 | if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str)) { | |
619 | eprintln!("unable to start datastore verification job {} - {}", &job_id, err); | |
620 | } | |
621 | }; | |
622 | } | |
623 | } | |
624 | ||
625 | async fn schedule_tape_backup_jobs() { | |
626 | ||
627 | use proxmox_backup::config::tape_job::{ | |
628 | self, | |
629 | TapeBackupJobConfig, | |
630 | }; | |
631 | ||
632 | let config = match tape_job::config() { | |
633 | Err(err) => { | |
634 | eprintln!("unable to read tape job config - {}", err); | |
635 | return; | |
636 | } | |
637 | Ok((config, _digest)) => config, | |
638 | }; | |
639 | for (job_id, (_, job_config)) in config.sections { | |
640 | let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) { | |
641 | Ok(c) => c, | |
642 | Err(err) => { | |
643 | eprintln!("tape backup job config from_value failed - {}", err); | |
644 | continue; | |
645 | } | |
646 | }; | |
647 | let event_str = match job_config.schedule { | |
648 | Some(ref event_str) => event_str.clone(), | |
649 | None => continue, | |
650 | }; | |
651 | ||
652 | let worker_type = "tape-backup-job"; | |
653 | let auth_id = Authid::root_auth_id().clone(); | |
654 | if check_schedule(worker_type, &event_str, &job_id) { | |
655 | let job = match Job::new(&worker_type, &job_id) { | |
656 | Ok(job) => job, | |
657 | Err(_) => continue, // could not get lock | |
658 | }; | |
659 | if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str)) { | |
660 | eprintln!("unable to start tape backup job {} - {}", &job_id, err); | |
661 | } | |
662 | }; | |
663 | } | |
664 | } | |
665 | ||
666 | ||
667 | async fn schedule_task_log_rotate() { | |
668 | ||
669 | let worker_type = "logrotate"; | |
670 | let job_id = "access-log_and_task-archive"; | |
671 | ||
672 | // schedule daily at 00:00 like normal logrotate | |
673 | let schedule = "00:00"; | |
674 | ||
675 | if !check_schedule(worker_type, schedule, job_id) { | |
676 | // if we never ran the rotation, schedule instantly | |
677 | match jobstate::JobState::load(worker_type, job_id) { | |
678 | Ok(state) => match state { | |
679 | jobstate::JobState::Created { .. } => {}, | |
680 | _ => return, | |
681 | }, | |
682 | _ => return, | |
683 | } | |
684 | } | |
685 | ||
686 | let mut job = match Job::new(worker_type, job_id) { | |
687 | Ok(job) => job, | |
688 | Err(_) => return, // could not get lock | |
689 | }; | |
690 | ||
691 | if let Err(err) = WorkerTask::new_thread( | |
692 | worker_type, | |
693 | None, | |
694 | Authid::root_auth_id().clone(), | |
695 | false, | |
696 | move |worker| { | |
697 | job.start(&worker.upid().to_string())?; | |
698 | worker.log("starting task log rotation".to_string()); | |
699 | ||
700 | let result = try_block!({ | |
701 | let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file | |
702 | let max_files = 20; // times twenty files gives > 100000 task entries | |
703 | let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?; | |
704 | if has_rotated { | |
705 | worker.log("task log archive was rotated".to_string()); | |
706 | } else { | |
707 | worker.log("task log archive was not rotated".to_string()); | |
708 | } | |
709 | ||
710 | let max_size = 32 * 1024 * 1024 - 1; | |
711 | let max_files = 14; | |
712 | let mut logrotate = LogRotate::new(buildcfg::API_ACCESS_LOG_FN, true) | |
713 | .ok_or_else(|| format_err!("could not get API access log file names"))?; | |
714 | ||
715 | if logrotate.rotate(max_size, None, Some(max_files))? { | |
716 | println!("rotated access log, telling daemons to re-open log file"); | |
717 | proxmox_backup::tools::runtime::block_on(command_reopen_logfiles())?; | |
718 | worker.log("API access log was rotated".to_string()); | |
719 | } else { | |
720 | worker.log("API access log was not rotated".to_string()); | |
721 | } | |
722 | ||
723 | let mut logrotate = LogRotate::new(buildcfg::API_AUTH_LOG_FN, true) | |
724 | .ok_or_else(|| format_err!("could not get API auth log file names"))?; | |
725 | ||
726 | if logrotate.rotate(max_size, None, Some(max_files))? { | |
727 | worker.log("API authentication log was rotated".to_string()); | |
728 | } else { | |
729 | worker.log("API authentication log was not rotated".to_string()); | |
730 | } | |
731 | ||
732 | Ok(()) | |
733 | }); | |
734 | ||
735 | let status = worker.create_state(&result); | |
736 | ||
737 | if let Err(err) = job.finish(status) { | |
738 | eprintln!("could not finish job state for {}: {}", worker_type, err); | |
739 | } | |
740 | ||
741 | result | |
742 | }, | |
743 | ) { | |
744 | eprintln!("unable to start task log rotation: {}", err); | |
745 | } | |
746 | ||
747 | } | |
748 | ||
749 | async fn command_reopen_logfiles() -> Result<(), Error> { | |
750 | // only care about the most recent daemon instance for each, proxy & api, as other older ones | |
751 | // should not respond to new requests anyway, but only finish their current one and then exit. | |
752 | let sock = server::our_ctrl_sock(); | |
753 | let f1 = server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n"); | |
754 | ||
755 | let pid = server::read_pid(buildcfg::PROXMOX_BACKUP_API_PID_FN)?; | |
756 | let sock = server::ctrl_sock_from_pid(pid); | |
757 | let f2 = server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n"); | |
758 | ||
759 | match futures::join!(f1, f2) { | |
760 | (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)), | |
761 | (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)), | |
762 | (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)), | |
763 | _ => Ok(()), | |
764 | } | |
765 | } | |
766 | ||
767 | async fn run_stat_generator() { | |
768 | ||
769 | let mut count = 0; | |
770 | loop { | |
771 | count += 1; | |
772 | let save = if count >= 6 { count = 0; true } else { false }; | |
773 | ||
774 | let delay_target = Instant::now() + Duration::from_secs(10); | |
775 | ||
776 | generate_host_stats(save).await; | |
777 | ||
778 | tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await; | |
779 | ||
780 | } | |
781 | ||
782 | } | |
783 | ||
784 | fn rrd_update_gauge(name: &str, value: f64, save: bool) { | |
785 | use proxmox_backup::rrd; | |
786 | if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) { | |
787 | eprintln!("rrd::update_value '{}' failed - {}", name, err); | |
788 | } | |
789 | } | |
790 | ||
791 | fn rrd_update_derive(name: &str, value: f64, save: bool) { | |
792 | use proxmox_backup::rrd; | |
793 | if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) { | |
794 | eprintln!("rrd::update_value '{}' failed - {}", name, err); | |
795 | } | |
796 | } | |
797 | ||
798 | async fn generate_host_stats(save: bool) { | |
799 | use proxmox::sys::linux::procfs::{ | |
800 | read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg}; | |
801 | use proxmox_backup::config::datastore; | |
802 | ||
803 | ||
804 | proxmox_backup::tools::runtime::block_in_place(move || { | |
805 | ||
806 | match read_proc_stat() { | |
807 | Ok(stat) => { | |
808 | rrd_update_gauge("host/cpu", stat.cpu, save); | |
809 | rrd_update_gauge("host/iowait", stat.iowait_percent, save); | |
810 | } | |
811 | Err(err) => { | |
812 | eprintln!("read_proc_stat failed - {}", err); | |
813 | } | |
814 | } | |
815 | ||
816 | match read_meminfo() { | |
817 | Ok(meminfo) => { | |
818 | rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save); | |
819 | rrd_update_gauge("host/memused", meminfo.memused as f64, save); | |
820 | rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save); | |
821 | rrd_update_gauge("host/swapused", meminfo.swapused as f64, save); | |
822 | } | |
823 | Err(err) => { | |
824 | eprintln!("read_meminfo failed - {}", err); | |
825 | } | |
826 | } | |
827 | ||
828 | match read_proc_net_dev() { | |
829 | Ok(netdev) => { | |
830 | use proxmox_backup::config::network::is_physical_nic; | |
831 | let mut netin = 0; | |
832 | let mut netout = 0; | |
833 | for item in netdev { | |
834 | if !is_physical_nic(&item.device) { continue; } | |
835 | netin += item.receive; | |
836 | netout += item.send; | |
837 | } | |
838 | rrd_update_derive("host/netin", netin as f64, save); | |
839 | rrd_update_derive("host/netout", netout as f64, save); | |
840 | } | |
841 | Err(err) => { | |
842 | eprintln!("read_prox_net_dev failed - {}", err); | |
843 | } | |
844 | } | |
845 | ||
846 | match read_loadavg() { | |
847 | Ok(loadavg) => { | |
848 | rrd_update_gauge("host/loadavg", loadavg.0 as f64, save); | |
849 | } | |
850 | Err(err) => { | |
851 | eprintln!("read_loadavg failed - {}", err); | |
852 | } | |
853 | } | |
854 | ||
855 | let disk_manager = DiskManage::new(); | |
856 | ||
857 | gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save); | |
858 | ||
859 | match datastore::config() { | |
860 | Ok((config, _)) => { | |
861 | let datastore_list: Vec<datastore::DataStoreConfig> = | |
862 | config.convert_to_typed_array("datastore").unwrap_or_default(); | |
863 | ||
864 | for config in datastore_list { | |
865 | ||
866 | let rrd_prefix = format!("datastore/{}", config.name); | |
867 | let path = std::path::Path::new(&config.path); | |
868 | gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save); | |
869 | } | |
870 | } | |
871 | Err(err) => { | |
872 | eprintln!("read datastore config failed - {}", err); | |
873 | } | |
874 | } | |
875 | ||
876 | }); | |
877 | } | |
878 | ||
879 | fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool { | |
880 | let event = match parse_calendar_event(event_str) { | |
881 | Ok(event) => event, | |
882 | Err(err) => { | |
883 | eprintln!("unable to parse schedule '{}' - {}", event_str, err); | |
884 | return false; | |
885 | } | |
886 | }; | |
887 | ||
888 | let last = match jobstate::last_run_time(worker_type, &id) { | |
889 | Ok(time) => time, | |
890 | Err(err) => { | |
891 | eprintln!("could not get last run time of {} {}: {}", worker_type, id, err); | |
892 | return false; | |
893 | } | |
894 | }; | |
895 | ||
896 | let next = match compute_next_event(&event, last, false) { | |
897 | Ok(Some(next)) => next, | |
898 | Ok(None) => return false, | |
899 | Err(err) => { | |
900 | eprintln!("compute_next_event for '{}' failed - {}", event_str, err); | |
901 | return false; | |
902 | } | |
903 | }; | |
904 | ||
905 | let now = proxmox::tools::time::epoch_i64(); | |
906 | next <= now | |
907 | } | |
908 | ||
909 | fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) { | |
910 | ||
911 | match proxmox_backup::tools::disks::disk_usage(path) { | |
912 | Ok(status) => { | |
913 | let rrd_key = format!("{}/total", rrd_prefix); | |
914 | rrd_update_gauge(&rrd_key, status.total as f64, save); | |
915 | let rrd_key = format!("{}/used", rrd_prefix); | |
916 | rrd_update_gauge(&rrd_key, status.used as f64, save); | |
917 | } | |
918 | Err(err) => { | |
919 | eprintln!("read disk_usage on {:?} failed - {}", path, err); | |
920 | } | |
921 | } | |
922 | ||
923 | match disk_manager.find_mounted_device(path) { | |
924 | Ok(None) => {}, | |
925 | Ok(Some((fs_type, device, source))) => { | |
926 | let mut device_stat = None; | |
927 | match fs_type.as_str() { | |
928 | "zfs" => { | |
929 | if let Some(source) = source { | |
930 | let pool = get_pool_from_dataset(&source).unwrap_or(&source); | |
931 | match zfs_pool_stats(pool) { | |
932 | Ok(stat) => device_stat = stat, | |
933 | Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err), | |
934 | } | |
935 | } | |
936 | } | |
937 | _ => { | |
938 | if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) { | |
939 | match disk.read_stat() { | |
940 | Ok(stat) => device_stat = stat, | |
941 | Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err), | |
942 | } | |
943 | } | |
944 | } | |
945 | } | |
946 | if let Some(stat) = device_stat { | |
947 | let rrd_key = format!("{}/read_ios", rrd_prefix); | |
948 | rrd_update_derive(&rrd_key, stat.read_ios as f64, save); | |
949 | let rrd_key = format!("{}/read_bytes", rrd_prefix); | |
950 | rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save); | |
951 | ||
952 | let rrd_key = format!("{}/write_ios", rrd_prefix); | |
953 | rrd_update_derive(&rrd_key, stat.write_ios as f64, save); | |
954 | let rrd_key = format!("{}/write_bytes", rrd_prefix); | |
955 | rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save); | |
956 | ||
957 | let rrd_key = format!("{}/io_ticks", rrd_prefix); | |
958 | rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save); | |
959 | } | |
960 | } | |
961 | Err(err) => { | |
962 | eprintln!("find_mounted_device failed - {}", err); | |
963 | } | |
964 | } | |
965 | } |