1 use std
::collections
::{HashSet, HashMap}
;
2 use std
::convert
::TryFrom
;
4 use chrono
::{TimeZone, Local}
;
5 use anyhow
::{bail, Error}
;
7 use hyper
::http
::request
::Parts
;
8 use hyper
::{header, Body, Response, StatusCode}
;
9 use serde_json
::{json, Value}
;
12 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
13 RpcEnvironment
, RpcEnvironmentType
, Permission
, UserInformation
};
14 use proxmox
::api
::router
::SubdirMap
;
15 use proxmox
::api
::schema
::*;
16 use proxmox
::tools
::fs
::{file_get_contents, replace_file, CreateOptions}
;
17 use proxmox
::try_block
;
18 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
20 use crate::api2
::types
::*;
22 use crate::config
::datastore
;
23 use crate::config
::cached_user_info
::CachedUserInfo
;
25 use crate::server
::WorkerTask
;
27 use crate::config
::acl
::{
29 PRIV_DATASTORE_MODIFY
,
32 PRIV_DATASTORE_BACKUP
,
35 fn check_backup_owner(store
: &DataStore
, group
: &BackupGroup
, userid
: &str) -> Result
<(), Error
> {
36 let owner
= store
.get_owner(group
)?
;
38 bail
!("backup owner check failed ({} != {})", userid
, owner
);
43 fn read_backup_index(store
: &DataStore
, backup_dir
: &BackupDir
) -> Result
<Vec
<BackupContent
>, Error
> {
45 let mut path
= store
.base_path();
46 path
.push(backup_dir
.relative_path());
47 path
.push("index.json.blob");
49 let raw_data
= file_get_contents(&path
)?
;
50 let index_size
= raw_data
.len() as u64;
51 let blob
= DataBlob
::from_raw(raw_data
)?
;
53 let manifest
= BackupManifest
::try_from(blob
)?
;
55 let mut result
= Vec
::new();
56 for item
in manifest
.files() {
57 result
.push(BackupContent
{
58 filename
: item
.filename
.clone(),
59 size
: Some(item
.size
),
63 result
.push(BackupContent
{
64 filename
: "index.json.blob".to_string(),
65 size
: Some(index_size
),
71 fn group_backups(backup_list
: Vec
<BackupInfo
>) -> HashMap
<String
, Vec
<BackupInfo
>> {
73 let mut group_hash
= HashMap
::new();
75 for info
in backup_list
{
76 let group_id
= info
.backup_dir
.group().group_path().to_str().unwrap().to_owned();
77 let time_list
= group_hash
.entry(group_id
).or_insert(vec
![]);
88 schema
: DATASTORE_SCHEMA
,
94 description
: "Returns the list of backup groups.",
100 permission
: &Permission
::Privilege(
101 &["datastore", "{store}"],
102 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
106 /// List backup groups.
109 rpcenv
: &mut dyn RpcEnvironment
,
110 ) -> Result
<Vec
<GroupListItem
>, Error
> {
112 let username
= rpcenv
.get_user().unwrap();
113 let user_info
= CachedUserInfo
::new()?
;
114 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
116 let datastore
= DataStore
::lookup_datastore(&store
)?
;
118 let backup_list
= BackupInfo
::list_backups(&datastore
.base_path())?
;
120 let group_hash
= group_backups(backup_list
);
122 let mut groups
= Vec
::new();
124 for (_group_id
, mut list
) in group_hash
{
126 BackupInfo
::sort_list(&mut list
, false);
130 let group
= info
.backup_dir
.group();
132 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
134 let owner
= datastore
.get_owner(group
)?
;
135 if owner
!= username { continue; }
138 let result_item
= GroupListItem
{
139 backup_type
: group
.backup_type().to_string(),
140 backup_id
: group
.backup_id().to_string(),
141 last_backup
: info
.backup_dir
.backup_time().timestamp(),
142 backup_count
: list
.len() as u64,
143 files
: info
.files
.clone(),
145 groups
.push(result_item
);
155 schema
: DATASTORE_SCHEMA
,
158 schema
: BACKUP_TYPE_SCHEMA
,
161 schema
: BACKUP_ID_SCHEMA
,
164 schema
: BACKUP_TIME_SCHEMA
,
170 description
: "Returns the list of archive files inside a backup snapshots.",
176 permission
: &Permission
::Privilege(
177 &["datastore", "{store}"],
178 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
182 /// List snapshot files.
183 pub fn list_snapshot_files(
189 rpcenv
: &mut dyn RpcEnvironment
,
190 ) -> Result
<Vec
<BackupContent
>, Error
> {
192 let username
= rpcenv
.get_user().unwrap();
193 let user_info
= CachedUserInfo
::new()?
;
194 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
196 let datastore
= DataStore
::lookup_datastore(&store
)?
;
198 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
200 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)) != 0;
201 if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
203 let mut files
= read_backup_index(&datastore
, &snapshot
)?
;
205 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
207 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
208 acc
.insert(item
.filename
.clone());
212 for file
in info
.files
{
213 if file_set
.contains(&file
) { continue; }
214 files
.push(BackupContent { filename: file, size: None }
);
224 schema
: DATASTORE_SCHEMA
,
227 schema
: BACKUP_TYPE_SCHEMA
,
230 schema
: BACKUP_ID_SCHEMA
,
233 schema
: BACKUP_TIME_SCHEMA
,
238 permission
: &Permission
::Privilege(
239 &["datastore", "{store}"],
240 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
244 /// Delete backup snapshot.
251 rpcenv
: &mut dyn RpcEnvironment
,
252 ) -> Result
<Value
, Error
> {
254 let username
= rpcenv
.get_user().unwrap();
255 let user_info
= CachedUserInfo
::new()?
;
256 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
258 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
260 let datastore
= DataStore
::lookup_datastore(&store
)?
;
262 let allowed
= (user_privs
& PRIV_DATASTORE_MODIFY
) != 0;
263 if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
265 datastore
.remove_backup_dir(&snapshot
)?
;
274 schema
: DATASTORE_SCHEMA
,
278 schema
: BACKUP_TYPE_SCHEMA
,
282 schema
: BACKUP_ID_SCHEMA
,
288 description
: "Returns the list of snapshots.",
290 type: SnapshotListItem
,
294 permission
: &Permission
::Privilege(
295 &["datastore", "{store}"],
296 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
300 /// List backup snapshots.
301 pub fn list_snapshots (
303 backup_type
: Option
<String
>,
304 backup_id
: Option
<String
>,
307 rpcenv
: &mut dyn RpcEnvironment
,
308 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
310 let username
= rpcenv
.get_user().unwrap();
311 let user_info
= CachedUserInfo
::new()?
;
312 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
314 let datastore
= DataStore
::lookup_datastore(&store
)?
;
316 let base_path
= datastore
.base_path();
318 let backup_list
= BackupInfo
::list_backups(&base_path
)?
;
320 let mut snapshots
= vec
![];
322 for info
in backup_list
{
323 let group
= info
.backup_dir
.group();
324 if let Some(ref backup_type
) = backup_type
{
325 if backup_type
!= group
.backup_type() { continue; }
327 if let Some(ref backup_id
) = backup_id
{
328 if backup_id
!= group
.backup_id() { continue; }
331 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
333 let owner
= datastore
.get_owner(group
)?
;
334 if owner
!= username { continue; }
337 let mut result_item
= SnapshotListItem
{
338 backup_type
: group
.backup_type().to_string(),
339 backup_id
: group
.backup_id().to_string(),
340 backup_time
: info
.backup_dir
.backup_time().timestamp(),
345 if let Ok(index
) = read_backup_index(&datastore
, &info
.backup_dir
) {
346 let mut backup_size
= 0;
347 for item
in index
.iter() {
348 if let Some(item_size
) = item
.size
{
349 backup_size
+= item_size
;
352 result_item
.size
= Some(backup_size
);
355 snapshots
.push(result_item
);
365 schema
: DATASTORE_SCHEMA
,
373 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
376 /// Get datastore status.
380 _rpcenv
: &mut dyn RpcEnvironment
,
381 ) -> Result
<StorageStatus
, Error
> {
383 let datastore
= DataStore
::lookup_datastore(&store
)?
;
385 let base_path
= datastore
.base_path();
387 let mut stat
: libc
::statfs64
= unsafe { std::mem::zeroed() }
;
391 let res
= base_path
.with_nix_path(|cstr
| unsafe { libc::statfs64(cstr.as_ptr(), &mut stat) }
)?
;
392 nix
::errno
::Errno
::result(res
)?
;
394 let bsize
= stat
.f_bsize
as u64;
397 total
: stat
.f_blocks
*bsize
,
398 used
: (stat
.f_blocks
-stat
.f_bfree
)*bsize
,
399 avail
: stat
.f_bavail
*bsize
,
404 macro_rules
! add_common_prune_prameters
{
405 ( [ $
( $list1
:tt
)* ] ) => {
406 add_common_prune_prameters
!([$
( $list1
)* ] , [])
408 ( [ $
( $list1
:tt
)* ] , [ $
( $list2
:tt
)* ] ) => {
414 &IntegerSchema
::new("Number of daily backups to keep.")
421 &IntegerSchema
::new("Number of hourly backups to keep.")
428 &IntegerSchema
::new("Number of backups to keep.")
435 &IntegerSchema
::new("Number of monthly backups to keep.")
442 &IntegerSchema
::new("Number of weekly backups to keep.")
449 &IntegerSchema
::new("Number of yearly backups to keep.")
458 pub const API_RETURN_SCHEMA_PRUNE
: Schema
= ArraySchema
::new(
459 "Returns the list of snapshots and a flag indicating if there are kept or removed.",
460 PruneListItem
::API_SCHEMA
463 const API_METHOD_PRUNE
: ApiMethod
= ApiMethod
::new(
464 &ApiHandler
::Sync(&prune
),
466 "Prune the datastore.",
467 &add_common_prune_prameters
!([
468 ("backup-id", false, &BACKUP_ID_SCHEMA
),
469 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
470 ("dry-run", true, &BooleanSchema
::new(
471 "Just show what prune would do, but do not delete anything.")
475 ("store", false, &DATASTORE_SCHEMA
),
478 .returns(&API_RETURN_SCHEMA_PRUNE
)
479 .access(None
, &Permission
::Privilege(
480 &["datastore", "{store}"],
481 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
488 rpcenv
: &mut dyn RpcEnvironment
,
489 ) -> Result
<Value
, Error
> {
491 let store
= tools
::required_string_param(¶m
, "store")?
;
492 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
493 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
495 let username
= rpcenv
.get_user().unwrap();
496 let user_info
= CachedUserInfo
::new()?
;
497 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
499 let dry_run
= param
["dry-run"].as_bool().unwrap_or(false);
501 let group
= BackupGroup
::new(backup_type
, backup_id
);
503 let datastore
= DataStore
::lookup_datastore(&store
)?
;
505 let allowed
= (user_privs
& PRIV_DATASTORE_MODIFY
) != 0;
506 if !allowed { check_backup_owner(&datastore, &group, &username)?; }
508 let prune_options
= PruneOptions
{
509 keep_last
: param
["keep-last"].as_u64(),
510 keep_hourly
: param
["keep-hourly"].as_u64(),
511 keep_daily
: param
["keep-daily"].as_u64(),
512 keep_weekly
: param
["keep-weekly"].as_u64(),
513 keep_monthly
: param
["keep-monthly"].as_u64(),
514 keep_yearly
: param
["keep-yearly"].as_u64(),
517 let worker_id
= format
!("{}_{}_{}", store
, backup_type
, backup_id
);
519 let mut prune_result
= Vec
::new();
521 let list
= group
.list_backups(&datastore
.base_path())?
;
523 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
525 prune_info
.reverse(); // delete older snapshots first
527 let keep_all
= !prune_options
.keeps_something();
530 for (info
, mut keep
) in prune_info
{
531 if keep_all { keep = true; }
533 let backup_time
= info
.backup_dir
.backup_time();
534 let group
= info
.backup_dir
.group();
536 prune_result
.push(json
!({
537 "backup-type": group
.backup_type(),
538 "backup-id": group
.backup_id(),
539 "backup-time": backup_time
.timestamp(),
543 return Ok(json
!(prune_result
));
547 // We use a WorkerTask just to have a task log, but run synchrounously
548 let worker
= WorkerTask
::new("prune", Some(worker_id
), "root@pam", true)?
;
550 let result
= try_block
! {
552 worker
.log("No prune selection - keeping all files.");
554 worker
.log(format
!("retention options: {}", prune_options
.cli_options_string()));
555 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
556 store
, backup_type
, backup_id
));
559 for (info
, mut keep
) in prune_info
{
560 if keep_all { keep = true; }
562 let backup_time
= info
.backup_dir
.backup_time();
563 let timestamp
= BackupDir
::backup_time_to_string(backup_time
);
564 let group
= info
.backup_dir
.group();
572 if keep { "keep" }
else { "remove" }
,
577 prune_result
.push(json
!({
578 "backup-type": group
.backup_type(),
579 "backup-id": group
.backup_id(),
580 "backup-time": backup_time
.timestamp(),
584 if !(dry_run
|| keep
) {
585 datastore
.remove_backup_dir(&info
.backup_dir
)?
;
592 worker
.log_result(&result
);
594 if let Err(err
) = result
{
595 bail
!("prune failed - {}", err
);
598 Ok(json
!(prune_result
))
605 schema
: DATASTORE_SCHEMA
,
613 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
616 /// Start garbage collection.
617 fn start_garbage_collection(
620 rpcenv
: &mut dyn RpcEnvironment
,
621 ) -> Result
<Value
, Error
> {
623 let datastore
= DataStore
::lookup_datastore(&store
)?
;
625 println
!("Starting garbage collection on store {}", store
);
627 let to_stdout
= if rpcenv
.env_type() == RpcEnvironmentType
::CLI { true }
else { false }
;
629 let upid_str
= WorkerTask
::new_thread(
630 "garbage_collection", Some(store
.clone()), "root@pam", to_stdout
, move |worker
|
632 worker
.log(format
!("starting garbage collection on store {}", store
));
633 datastore
.garbage_collection(&worker
)
643 schema
: DATASTORE_SCHEMA
,
648 type: GarbageCollectionStatus
,
651 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
654 /// Garbage collection status.
655 pub fn garbage_collection_status(
658 _rpcenv
: &mut dyn RpcEnvironment
,
659 ) -> Result
<GarbageCollectionStatus
, Error
> {
661 let datastore
= DataStore
::lookup_datastore(&store
)?
;
663 let status
= datastore
.last_gc_status();
670 description
: "List the accessible datastores.",
673 description
: "Datastore name and description.",
676 schema
: DATASTORE_SCHEMA
,
680 schema
: SINGLE_LINE_COMMENT_SCHEMA
,
686 permission
: &Permission
::Anybody
,
690 fn get_datastore_list(
693 rpcenv
: &mut dyn RpcEnvironment
,
694 ) -> Result
<Value
, Error
> {
696 let (config
, _digest
) = datastore
::config()?
;
698 let username
= rpcenv
.get_user().unwrap();
699 let user_info
= CachedUserInfo
::new()?
;
701 let mut list
= Vec
::new();
703 for (store
, (_
, data
)) in &config
.sections
{
704 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
705 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
707 let mut entry
= json
!({ "store": store }
);
708 if let Some(comment
) = data
["comment"].as_str() {
709 entry
["comment"] = comment
.into();
719 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
720 &ApiHandler
::AsyncHttp(&download_file
),
722 "Download single raw file from backup snapshot.",
724 ("store", false, &DATASTORE_SCHEMA
),
725 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
726 ("backup-id", false, &BACKUP_ID_SCHEMA
),
727 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
728 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
731 ).access(None
, &Permission
::Privilege(
732 &["datastore", "{store}"],
733 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
742 rpcenv
: Box
<dyn RpcEnvironment
>,
743 ) -> ApiResponseFuture
{
746 let store
= tools
::required_string_param(¶m
, "store")?
;
747 let datastore
= DataStore
::lookup_datastore(store
)?
;
749 let username
= rpcenv
.get_user().unwrap();
750 let user_info
= CachedUserInfo
::new()?
;
751 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
753 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
755 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
756 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
757 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
759 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
761 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
762 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
764 println
!("Download {} from {} ({}/{}/{}/{})", file_name
, store
,
765 backup_type
, backup_id
, Local
.timestamp(backup_time
, 0), file_name
);
767 let mut path
= datastore
.base_path();
768 path
.push(backup_dir
.relative_path());
769 path
.push(&file_name
);
771 let file
= tokio
::fs
::File
::open(path
)
772 .map_err(|err
| http_err
!(BAD_REQUEST
, format
!("File open failed: {}", err
)))
775 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
776 .map_ok(|bytes
| hyper
::body
::Bytes
::from(bytes
.freeze()));
777 let body
= Body
::wrap_stream(payload
);
779 // fixme: set other headers ?
780 Ok(Response
::builder()
781 .status(StatusCode
::OK
)
782 .header(header
::CONTENT_TYPE
, "application/octet-stream")
789 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
790 &ApiHandler
::AsyncHttp(&upload_backup_log
),
792 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
794 ("store", false, &DATASTORE_SCHEMA
),
795 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
796 ("backup-id", false, &BACKUP_ID_SCHEMA
),
797 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
801 Some("Only the backup creator/owner is allowed to do this."),
802 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
805 fn upload_backup_log(
810 rpcenv
: Box
<dyn RpcEnvironment
>,
811 ) -> ApiResponseFuture
{
814 let store
= tools
::required_string_param(¶m
, "store")?
;
815 let datastore
= DataStore
::lookup_datastore(store
)?
;
817 let file_name
= "client.log.blob";
819 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
820 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
821 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
823 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
825 let username
= rpcenv
.get_user().unwrap();
826 check_backup_owner(&datastore
, backup_dir
.group(), &username
)?
;
828 let mut path
= datastore
.base_path();
829 path
.push(backup_dir
.relative_path());
830 path
.push(&file_name
);
833 bail
!("backup already contains a log.");
836 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
837 backup_type
, backup_id
, BackupDir
::backup_time_to_string(backup_dir
.backup_time()), file_name
);
840 .map_err(Error
::from
)
841 .try_fold(Vec
::new(), |mut acc
, chunk
| {
842 acc
.extend_from_slice(&*chunk
);
843 future
::ok
::<_
, Error
>(acc
)
847 let blob
= DataBlob
::from_raw(data
)?
;
848 // always verify CRC at server side
850 let raw_data
= blob
.raw_data();
851 replace_file(&path
, raw_data
, CreateOptions
::new())?
;
853 // fixme: use correct formatter
854 Ok(crate::server
::formatter
::json_response(Ok(Value
::Null
)))
859 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
863 .download(&API_METHOD_DOWNLOAD_FILE
)
868 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
873 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
874 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
879 .get(&API_METHOD_LIST_GROUPS
)
884 .post(&API_METHOD_PRUNE
)
889 .get(&API_METHOD_LIST_SNAPSHOTS
)
890 .delete(&API_METHOD_DELETE_SNAPSHOT
)
895 .get(&API_METHOD_STATUS
)
900 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
904 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
905 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
906 .subdirs(DATASTORE_INFO_SUBDIRS
);
909 pub const ROUTER
: Router
= Router
::new()
910 .get(&API_METHOD_GET_DATASTORE_LIST
)
911 .match_all("store", &DATASTORE_INFO_ROUTER
);