1 //! Datastore Management
3 use std
::collections
::HashSet
;
6 use std
::os
::unix
::ffi
::OsStrExt
;
7 use std
::path
::{Path, PathBuf}
;
10 use anyhow
::{bail, format_err, Error}
;
12 use hyper
::http
::request
::Parts
;
13 use hyper
::{header, Body, Response, StatusCode}
;
14 use serde
::Deserialize
;
15 use serde_json
::{json, Value}
;
16 use tokio_stream
::wrappers
::ReceiverStream
;
17 use tracing
::{info, warn}
;
19 use proxmox_async
::blocking
::WrappedReaderStream
;
20 use proxmox_async
::{io::AsyncChannelWriter, stream::AsyncReaderStream}
;
21 use proxmox_compression
::zstd
::ZstdEncoder
;
23 http_err
, list_subdirs_api_method
, ApiHandler
, ApiMethod
, ApiResponseFuture
, Permission
,
24 Router
, RpcEnvironment
, RpcEnvironmentType
, SubdirMap
,
26 use proxmox_rrd_api_types
::{RrdMode, RrdTimeframe}
;
27 use proxmox_schema
::*;
28 use proxmox_sortable_macro
::sortable
;
29 use proxmox_sys
::fs
::{
30 file_read_firstline
, file_read_optional_string
, replace_file
, CreateOptions
,
32 use proxmox_time
::CalendarEvent
;
33 use proxmox_worker_task
::WorkerTaskContext
;
35 use pxar
::accessor
::aio
::Accessor
;
39 print_ns_and_snapshot
, print_store_and_ns
, ArchiveType
, Authid
, BackupArchiveName
,
40 BackupContent
, BackupGroupDeleteStats
, BackupNamespace
, BackupType
, Counts
, CryptMode
,
41 DataStoreConfig
, DataStoreListItem
, DataStoreMountStatus
, DataStoreStatus
,
42 GarbageCollectionJobStatus
, GroupListItem
, JobScheduleStatus
, KeepOptions
, MaintenanceMode
,
43 MaintenanceType
, Operation
, PruneJobOptions
, SnapshotListItem
, SnapshotVerifyState
,
44 BACKUP_ARCHIVE_NAME_SCHEMA
, BACKUP_ID_SCHEMA
, BACKUP_NAMESPACE_SCHEMA
, BACKUP_TIME_SCHEMA
,
45 BACKUP_TYPE_SCHEMA
, CATALOG_NAME
, CLIENT_LOG_BLOB_NAME
, DATASTORE_SCHEMA
,
46 IGNORE_VERIFIED_BACKUPS_SCHEMA
, MANIFEST_BLOB_NAME
, MAX_NAMESPACE_DEPTH
, NS_MAX_DEPTH_SCHEMA
,
47 PRIV_DATASTORE_AUDIT
, PRIV_DATASTORE_BACKUP
, PRIV_DATASTORE_MODIFY
, PRIV_DATASTORE_PRUNE
,
48 PRIV_DATASTORE_READ
, PRIV_DATASTORE_VERIFY
, PRIV_SYS_MODIFY
, UPID
, UPID_SCHEMA
,
49 VERIFICATION_OUTDATED_AFTER_SCHEMA
,
51 use pbs_client
::pxar
::{create_tar, create_zip}
;
52 use pbs_config
::CachedUserInfo
;
53 use pbs_datastore
::backup_info
::BackupInfo
;
54 use pbs_datastore
::cached_chunk_reader
::CachedChunkReader
;
55 use pbs_datastore
::catalog
::{ArchiveEntry, CatalogReader}
;
56 use pbs_datastore
::data_blob
::DataBlob
;
57 use pbs_datastore
::data_blob_reader
::DataBlobReader
;
58 use pbs_datastore
::dynamic_index
::{BufferedDynamicReader, DynamicIndexReader, LocalDynamicReadAt}
;
59 use pbs_datastore
::fixed_index
::FixedIndexReader
;
60 use pbs_datastore
::index
::IndexFile
;
61 use pbs_datastore
::manifest
::BackupManifest
;
62 use pbs_datastore
::prune
::compute_prune_info
;
64 check_backup_owner
, ensure_datastore_is_mounted
, task_tracking
, BackupDir
, BackupGroup
,
65 DataStore
, LocalChunkReader
, StoreProgress
,
67 use pbs_tools
::json
::required_string_param
;
68 use proxmox_rest_server
::{formatter, WorkerTask}
;
70 use crate::api2
::backup
::optional_ns_param
;
71 use crate::api2
::node
::rrd
::create_value_from_rrd
;
73 check_ns_privs_full
, verify_all_backups
, verify_backup_dir
, verify_backup_group
, verify_filter
,
74 ListAccessibleBackupGroups
, NS_PRIVS_OK
,
77 use crate::server
::jobstate
::{compute_schedule_status, Job, JobState}
;
79 const GROUP_NOTES_FILE_NAME
: &str = "notes";
81 fn get_group_note_path(
84 group
: &pbs_api_types
::BackupGroup
,
86 let mut note_path
= store
.group_path(ns
, group
);
87 note_path
.push(GROUP_NOTES_FILE_NAME
);
91 // helper to unify common sequence of checks:
92 // 1. check privs on NS (full or limited access)
94 // 3. if needed (only limited access), check owner of group
95 fn check_privs_and_load_store(
99 full_access_privs
: u64,
100 partial_access_privs
: u64,
101 operation
: Option
<Operation
>,
102 backup_group
: &pbs_api_types
::BackupGroup
,
103 ) -> Result
<Arc
<DataStore
>, Error
> {
104 let limited
= check_ns_privs_full(store
, ns
, auth_id
, full_access_privs
, partial_access_privs
)?
;
106 let datastore
= DataStore
::lookup_datastore(store
, operation
)?
;
109 let owner
= datastore
.get_owner(ns
, backup_group
)?
;
110 check_backup_owner(&owner
, auth_id
)?
;
116 fn read_backup_index(
117 backup_dir
: &BackupDir
,
118 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
119 let (manifest
, index_size
) = backup_dir
.load_manifest()?
;
121 let mut result
= Vec
::new();
122 for item
in manifest
.files() {
123 result
.push(BackupContent
{
124 filename
: item
.filename
.clone(),
125 crypt_mode
: Some(item
.crypt_mode
),
126 size
: Some(item
.size
),
130 result
.push(BackupContent
{
131 filename
: MANIFEST_BLOB_NAME
.to_string(),
132 crypt_mode
: match manifest
.signature
{
133 Some(_
) => Some(CryptMode
::SignOnly
),
134 None
=> Some(CryptMode
::None
),
136 size
: Some(index_size
),
139 Ok((manifest
, result
))
142 fn get_all_snapshot_files(
144 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
145 let (manifest
, mut files
) = read_backup_index(&info
.backup_dir
)?
;
147 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
148 acc
.insert(item
.filename
.clone());
152 for file
in &info
.files
{
153 if file_set
.contains(file
) {
156 files
.push(BackupContent
{
157 filename
: file
.to_string(),
163 Ok((manifest
, files
))
170 schema
: DATASTORE_SCHEMA
,
173 type: BackupNamespace
,
178 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_GROUPS_RETURN_TYPE
,
180 permission
: &Permission
::Anybody
,
181 description
: "Requires DATASTORE_AUDIT for all or DATASTORE_BACKUP for owned groups on \
182 /datastore/{store}[/{namespace}]",
185 /// List backup groups.
188 ns
: Option
<BackupNamespace
>,
189 rpcenv
: &mut dyn RpcEnvironment
,
190 ) -> Result
<Vec
<GroupListItem
>, Error
> {
191 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
192 let ns
= ns
.unwrap_or_default();
194 let list_all
= !check_ns_privs_full(
198 PRIV_DATASTORE_AUDIT
,
199 PRIV_DATASTORE_BACKUP
,
202 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
205 .iter_backup_groups(ns
.clone())?
// FIXME: Namespaces and recursion parameters!
206 .try_fold(Vec
::new(), |mut group_info
, group
| {
209 let owner
= match datastore
.get_owner(&ns
, group
.as_ref()) {
210 Ok(auth_id
) => auth_id
,
213 "Failed to get owner of group '{}' in {} - {}",
215 print_store_and_ns(&store
, &ns
),
218 return Ok(group_info
);
221 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
222 return Ok(group_info
);
225 let snapshots
= match group
.list_backups() {
226 Ok(snapshots
) => snapshots
,
227 Err(_
) => return Ok(group_info
),
230 let backup_count
: u64 = snapshots
.len() as u64;
231 if backup_count
== 0 {
232 return Ok(group_info
);
235 let last_backup
= snapshots
237 .fold(&snapshots
[0], |a
, b
| {
238 if a
.is_finished() && a
.backup_dir
.backup_time() > b
.backup_dir
.backup_time() {
246 let note_path
= get_group_note_path(&datastore
, &ns
, group
.as_ref());
247 let comment
= file_read_firstline(note_path
).ok();
249 group_info
.push(GroupListItem
{
250 backup
: group
.into(),
251 last_backup
: last_backup
.backup_dir
.backup_time(),
254 files
: last_backup
.files
,
265 store
: { schema: DATASTORE_SCHEMA }
,
267 type: BackupNamespace
,
271 type: pbs_api_types
::BackupGroup
,
274 "error-on-protected": {
278 description
: "Return error when group cannot be deleted because of protected snapshots",
283 type: BackupGroupDeleteStats
,
286 permission
: &Permission
::Anybody
,
287 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_MODIFY for any \
288 or DATASTORE_PRUNE and being the owner of the group",
291 /// Delete backup group including all snapshots.
292 pub async
fn delete_group(
294 ns
: Option
<BackupNamespace
>,
295 error_on_protected
: bool
,
296 group
: pbs_api_types
::BackupGroup
,
297 rpcenv
: &mut dyn RpcEnvironment
,
298 ) -> Result
<BackupGroupDeleteStats
, Error
> {
299 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
301 tokio
::task
::spawn_blocking(move || {
302 let ns
= ns
.unwrap_or_default();
304 let datastore
= check_privs_and_load_store(
308 PRIV_DATASTORE_MODIFY
,
309 PRIV_DATASTORE_PRUNE
,
310 Some(Operation
::Write
),
314 let delete_stats
= datastore
.remove_backup_group(&ns
, &group
)?
;
315 if !delete_stats
.all_removed() {
316 if error_on_protected
{
317 bail
!("group only partially deleted due to protected snapshots");
319 warn
!("group only partially deleted due to protected snapshots");
330 store
: { schema: DATASTORE_SCHEMA }
,
332 type: BackupNamespace
,
336 type: pbs_api_types
::BackupDir
,
341 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOT_FILES_RETURN_TYPE
,
343 permission
: &Permission
::Anybody
,
344 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT or \
345 DATASTORE_READ for any or DATASTORE_BACKUP and being the owner of the group",
348 /// List snapshot files.
349 pub async
fn list_snapshot_files(
351 ns
: Option
<BackupNamespace
>,
352 backup_dir
: pbs_api_types
::BackupDir
,
354 rpcenv
: &mut dyn RpcEnvironment
,
355 ) -> Result
<Vec
<BackupContent
>, Error
> {
356 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
358 tokio
::task
::spawn_blocking(move || {
359 let ns
= ns
.unwrap_or_default();
361 let datastore
= check_privs_and_load_store(
365 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
,
366 PRIV_DATASTORE_BACKUP
,
367 Some(Operation
::Read
),
371 let snapshot
= datastore
.backup_dir(ns
, backup_dir
)?
;
373 let info
= BackupInfo
::new(snapshot
)?
;
375 let (_manifest
, files
) = get_all_snapshot_files(&info
)?
;
385 store
: { schema: DATASTORE_SCHEMA }
,
387 type: BackupNamespace
,
391 type: pbs_api_types
::BackupDir
,
397 permission
: &Permission
::Anybody
,
398 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_MODIFY for any \
399 or DATASTORE_PRUNE and being the owner of the group",
402 /// Delete backup snapshot.
403 pub async
fn delete_snapshot(
405 ns
: Option
<BackupNamespace
>,
406 backup_dir
: pbs_api_types
::BackupDir
,
408 rpcenv
: &mut dyn RpcEnvironment
,
409 ) -> Result
<Value
, Error
> {
410 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
412 tokio
::task
::spawn_blocking(move || {
413 let ns
= ns
.unwrap_or_default();
415 let datastore
= check_privs_and_load_store(
419 PRIV_DATASTORE_MODIFY
,
420 PRIV_DATASTORE_PRUNE
,
421 Some(Operation
::Write
),
425 let snapshot
= datastore
.backup_dir(ns
, backup_dir
)?
;
427 snapshot
.destroy(false)?
;
438 store
: { schema: DATASTORE_SCHEMA }
,
440 type: BackupNamespace
,
449 schema
: BACKUP_ID_SCHEMA
,
453 returns
: pbs_api_types
::ADMIN_DATASTORE_LIST_SNAPSHOTS_RETURN_TYPE
,
455 permission
: &Permission
::Anybody
,
456 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT for any \
457 or DATASTORE_BACKUP and being the owner of the group",
460 /// List backup snapshots.
461 pub async
fn list_snapshots(
463 ns
: Option
<BackupNamespace
>,
464 backup_type
: Option
<BackupType
>,
465 backup_id
: Option
<String
>,
468 rpcenv
: &mut dyn RpcEnvironment
,
469 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
470 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
472 tokio
::task
::spawn_blocking(move || unsafe {
473 list_snapshots_blocking(store
, ns
, backup_type
, backup_id
, auth_id
)
476 .map_err(|err
| format_err
!("failed to await blocking task: {err}"))?
479 /// This must not run in a main worker thread as it potentially does tons of I/O.
480 unsafe fn list_snapshots_blocking(
482 ns
: Option
<BackupNamespace
>,
483 backup_type
: Option
<BackupType
>,
484 backup_id
: Option
<String
>,
486 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
487 let ns
= ns
.unwrap_or_default();
489 let list_all
= !check_ns_privs_full(
493 PRIV_DATASTORE_AUDIT
,
494 PRIV_DATASTORE_BACKUP
,
497 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
499 // FIXME: filter also owner before collecting, for doing that nicely the owner should move into
500 // backup group and provide an error free (Err -> None) accessor
501 let groups
= match (backup_type
, backup_id
) {
502 (Some(backup_type
), Some(backup_id
)) => {
503 vec
![datastore
.backup_group_from_parts(ns
.clone(), backup_type
, backup_id
)]
506 (Some(backup_type
), None
) => datastore
507 .iter_backup_type_ok(ns
.clone(), backup_type
)?
510 (None
, Some(backup_id
)) => BackupType
::iter()
511 .filter_map(|backup_type
| {
513 datastore
.backup_group_from_parts(ns
.clone(), backup_type
, backup_id
.clone());
514 group
.exists().then_some(group
)
518 (None
, None
) => datastore
.list_backup_groups(ns
.clone())?
,
521 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
522 let backup
= pbs_api_types
::BackupDir
{
524 time
: info
.backup_dir
.backup_time(),
526 let protected
= info
.protected
;
528 match get_all_snapshot_files(&info
) {
529 Ok((manifest
, files
)) => {
530 // extract the first line from notes
531 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
533 .and_then(|notes
| notes
.lines().next())
536 let fingerprint
= match manifest
.fingerprint() {
539 eprintln
!("error parsing fingerprint: '{}'", err
);
544 let verification
: Option
<SnapshotVerifyState
> = match manifest
.verify_state() {
545 Ok(verify
) => verify
,
547 eprintln
!("error parsing verification state : '{}'", err
);
552 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
566 eprintln
!("error during snapshot file listing: '{}'", err
);
570 .map(|filename
| BackupContent
{
591 groups
.iter().try_fold(Vec
::new(), |mut snapshots
, group
| {
592 let owner
= match group
.get_owner() {
593 Ok(auth_id
) => auth_id
,
596 "Failed to get owner of group '{}' in {} - {}",
598 print_store_and_ns(&store
, &ns
),
601 return Ok(snapshots
);
605 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
606 return Ok(snapshots
);
609 let group_backups
= group
.list_backups()?
;
614 .map(|info
| info_to_snapshot_list_item(group
, Some(owner
.clone()), info
)),
621 async
fn get_snapshots_count(
622 store
: &Arc
<DataStore
>,
623 owner
: Option
<&Authid
>,
624 ) -> Result
<Counts
, Error
> {
625 let store
= Arc
::clone(store
);
626 let owner
= owner
.cloned();
627 tokio
::task
::spawn_blocking(move || {
628 let root_ns
= Default
::default();
629 ListAccessibleBackupGroups
::new_with_privs(
633 Some(PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
),
637 .try_fold(Counts
::default(), |mut counts
, group
| {
638 let group
= match group
{
640 Err(_
) => return Ok(counts
), // TODO: add this as error counts?
642 let snapshot_count
= group
.list_backups()?
.len() as u64;
644 // only include groups with snapshots, counting/displaying empty groups can confuse
645 if snapshot_count
> 0 {
646 let type_count
= match group
.backup_type() {
647 BackupType
::Ct
=> counts
.ct
.get_or_insert(Default
::default()),
648 BackupType
::Vm
=> counts
.vm
.get_or_insert(Default
::default()),
649 BackupType
::Host
=> counts
.host
.get_or_insert(Default
::default()),
652 type_count
.groups
+= 1;
653 type_count
.snapshots
+= snapshot_count
;
666 schema
: DATASTORE_SCHEMA
,
672 description
: "Include additional information like snapshot counts and GC status.",
678 type: DataStoreStatus
,
681 permission
: &Permission
::Anybody
,
682 description
: "Requires on /datastore/{store} either DATASTORE_AUDIT or DATASTORE_BACKUP for \
683 the full statistics. Counts of accessible groups are always returned, if any",
686 /// Get datastore status.
691 rpcenv
: &mut dyn RpcEnvironment
,
692 ) -> Result
<DataStoreStatus
, Error
> {
693 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
694 let user_info
= CachedUserInfo
::new()?
;
695 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
697 let store_stats
= if store_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
) != 0 {
699 } else if store_privs
& PRIV_DATASTORE_READ
!= 0 {
700 false // allow at least counts, user can read groups anyway..
702 match user_info
.any_privs_below(&auth_id
, &["datastore", &store
], NS_PRIVS_OK
) {
703 // avoid leaking existence info if users hasn't at least any priv. below
704 Ok(false) | Err(_
) => return Err(http_err
!(FORBIDDEN
, "permission check failed")),
709 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
711 let (counts
, gc_status
) = if verbose
{
712 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
718 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
).await?
);
719 let gc_status
= if store_stats
{
720 Some(datastore
.last_gc_status())
731 let storage
= crate::tools
::fs
::fs_info(datastore
.base_path()).await?
;
733 total
: storage
.total
,
735 avail
: storage
.available
,
754 schema
: DATASTORE_SCHEMA
,
757 type: BackupNamespace
,
765 schema
: BACKUP_ID_SCHEMA
,
769 schema
: IGNORE_VERIFIED_BACKUPS_SCHEMA
,
773 schema
: VERIFICATION_OUTDATED_AFTER_SCHEMA
,
777 schema
: BACKUP_TIME_SCHEMA
,
781 schema
: NS_MAX_DEPTH_SCHEMA
,
790 permission
: &Permission
::Anybody
,
791 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_VERIFY for any \
792 or DATASTORE_BACKUP and being the owner of the group",
797 /// This function can verify a single backup snapshot, all backup from a backup group,
798 /// or all backups in the datastore.
799 #[allow(clippy::too_many_arguments)]
802 ns
: Option
<BackupNamespace
>,
803 backup_type
: Option
<BackupType
>,
804 backup_id
: Option
<String
>,
805 backup_time
: Option
<i64>,
806 ignore_verified
: Option
<bool
>,
807 outdated_after
: Option
<i64>,
808 max_depth
: Option
<usize>,
809 rpcenv
: &mut dyn RpcEnvironment
,
810 ) -> Result
<Value
, Error
> {
811 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
812 let ns
= ns
.unwrap_or_default();
814 let owner_check_required
= check_ns_privs_full(
818 PRIV_DATASTORE_VERIFY
,
819 PRIV_DATASTORE_BACKUP
,
822 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
823 let ignore_verified
= ignore_verified
.unwrap_or(true);
827 let mut backup_dir
= None
;
828 let mut backup_group
= None
;
829 let mut worker_type
= "verify";
831 match (backup_type
, backup_id
, backup_time
) {
832 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
834 "{}:{}/{}/{}/{:08X}",
836 ns
.display_as_path(),
842 datastore
.backup_dir_from_parts(ns
.clone(), backup_type
, backup_id
, backup_time
)?
;
844 if owner_check_required
{
845 let owner
= datastore
.get_owner(dir
.backup_ns(), dir
.as_ref())?
;
846 check_backup_owner(&owner
, &auth_id
)?
;
849 backup_dir
= Some(dir
);
850 worker_type
= "verify_snapshot";
852 (Some(backup_type
), Some(backup_id
), None
) => {
856 ns
.display_as_path(),
860 let group
= pbs_api_types
::BackupGroup
::from((backup_type
, backup_id
));
862 if owner_check_required
{
863 let owner
= datastore
.get_owner(&ns
, &group
)?
;
864 check_backup_owner(&owner
, &auth_id
)?
;
867 backup_group
= Some(datastore
.backup_group(ns
.clone(), group
));
868 worker_type
= "verify_group";
870 (None
, None
, None
) => {
871 worker_id
= if ns
.is_root() {
874 format
!("{}:{}", store
, ns
.display_as_path())
877 _
=> bail
!("parameters do not specify a backup group or snapshot"),
880 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
882 let upid_str
= WorkerTask
::new_thread(
888 let verify_worker
= crate::backup
::VerifyWorker
::new(worker
.clone(), datastore
);
889 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
890 let mut res
= Vec
::new();
891 if !verify_backup_dir(
894 worker
.upid().clone(),
895 Some(&move |manifest
| verify_filter(ignore_verified
, outdated_after
, manifest
)),
897 res
.push(print_ns_and_snapshot(
898 backup_dir
.backup_ns(),
903 } else if let Some(backup_group
) = backup_group
{
907 &mut StoreProgress
::new(1),
909 Some(&move |manifest
| verify_filter(ignore_verified
, outdated_after
, manifest
)),
912 let owner
= if owner_check_required
{
924 Some(&move |manifest
| verify_filter(ignore_verified
, outdated_after
, manifest
)),
927 if !failed_dirs
.is_empty() {
928 info
!("Failed to verify the following snapshots/groups:");
929 for dir
in failed_dirs
{
932 bail
!("verification failed - please check the log for details");
945 type: pbs_api_types
::BackupGroup
,
952 description
: "Just show what prune would do, but do not delete anything.",
959 schema
: DATASTORE_SCHEMA
,
962 type: BackupNamespace
,
969 description
: "Spins up an asynchronous task that does the work.",
973 returns
: pbs_api_types
::ADMIN_DATASTORE_PRUNE_RETURN_TYPE
,
975 permission
: &Permission
::Anybody
,
976 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_MODIFY for any \
977 or DATASTORE_PRUNE and being the owner of the group",
980 /// Prune a group on the datastore
982 group
: pbs_api_types
::BackupGroup
,
984 keep_options
: KeepOptions
,
986 ns
: Option
<BackupNamespace
>,
988 rpcenv
: &mut dyn RpcEnvironment
,
989 ) -> Result
<Value
, Error
> {
990 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
991 let ns
= ns
.unwrap_or_default();
992 let datastore
= check_privs_and_load_store(
996 PRIV_DATASTORE_MODIFY
,
997 PRIV_DATASTORE_PRUNE
,
998 Some(Operation
::Write
),
1002 let worker_id
= format
!("{}:{}:{}", store
, ns
, group
);
1003 let group
= datastore
.backup_group(ns
.clone(), group
);
1005 #[derive(Debug, serde::Serialize)]
1006 struct PruneResult
{
1007 #[serde(rename = "backup-type")]
1008 backup_type
: BackupType
,
1009 #[serde(rename = "backup-id")]
1011 #[serde(rename = "backup-time")]
1015 #[serde(skip_serializing_if = "Option::is_none")]
1016 ns
: Option
<BackupNamespace
>,
1018 let mut prune_result
: Vec
<PruneResult
> = Vec
::new();
1020 let list
= group
.list_backups()?
;
1022 let mut prune_info
= compute_prune_info(list
, &keep_options
)?
;
1024 prune_info
.reverse(); // delete older snapshots first
1026 let keep_all
= !keep_options
.keeps_something();
1029 for (info
, mark
) in prune_info
{
1030 let keep
= keep_all
|| mark
.keep();
1031 let backup_dir
= &info
.backup_dir
;
1033 let mut result
= PruneResult
{
1034 backup_type
: backup_dir
.backup_type(),
1035 backup_id
: backup_dir
.backup_id().to_owned(),
1036 backup_time
: backup_dir
.backup_time(),
1038 protected
: mark
.protected(),
1041 let prune_ns
= backup_dir
.backup_ns();
1042 if !prune_ns
.is_root() {
1043 result
.ns
= Some(prune_ns
.to_owned());
1045 prune_result
.push(result
);
1047 return Ok(json
!(prune_result
));
1050 let prune_group
= move |_worker
: Arc
<WorkerTask
>| {
1052 info
!("No prune selection - keeping all files.");
1054 let mut opts
= Vec
::new();
1056 opts
.push(format
!("--ns {ns}"));
1058 crate::server
::cli_keep_options(&mut opts
, &keep_options
);
1060 info
!("retention options: {}", opts
.join(" "));
1062 "Starting prune on {} group \"{}\"",
1063 print_store_and_ns(&store
, &ns
),
1068 for (info
, mark
) in prune_info
{
1069 let keep
= keep_all
|| mark
.keep();
1070 let backup_dir
= &info
.backup_dir
;
1072 let backup_time
= backup_dir
.backup_time();
1073 let timestamp
= backup_dir
.backup_time_string();
1074 let group
: &pbs_api_types
::BackupGroup
= backup_dir
.as_ref();
1076 let msg
= format
!("{}/{}/{timestamp} {mark}", group
.ty
, group
.id
);
1080 prune_result
.push(PruneResult
{
1081 backup_type
: group
.ty
,
1082 backup_id
: group
.id
.clone(),
1085 protected
: mark
.protected(),
1090 if let Err(err
) = backup_dir
.destroy(false) {
1092 "failed to remove dir {:?}: {}",
1093 backup_dir
.relative_path(),
1102 if param
["use-task"].as_bool().unwrap_or(false) {
1103 let upid
= WorkerTask
::spawn(
1106 auth_id
.to_string(),
1108 move |worker
| async
move {
1109 let _
= prune_group(worker
.clone());
1115 let (worker
, _
) = WorkerTask
::new("prune", Some(worker_id
), auth_id
.to_string(), true)?
;
1116 let result
= prune_group(worker
.clone());
1117 worker
.log_result(&Ok(()));
1129 description
: "Just show what prune would do, but do not delete anything.",
1132 type: PruneJobOptions
,
1136 schema
: DATASTORE_SCHEMA
,
1141 schema
: UPID_SCHEMA
,
1144 permission
: &Permission
::Anybody
,
1145 description
: "Requires Datastore.Modify or Datastore.Prune on the datastore/namespace.",
1148 /// Prune the datastore
1149 pub fn prune_datastore(
1151 prune_options
: PruneJobOptions
,
1154 rpcenv
: &mut dyn RpcEnvironment
,
1155 ) -> Result
<String
, Error
> {
1156 let user_info
= CachedUserInfo
::new()?
;
1158 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1160 user_info
.check_privs(
1162 &prune_options
.acl_path(&store
),
1163 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
1167 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1168 let ns
= prune_options
.ns
.clone().unwrap_or_default();
1169 let worker_id
= format
!("{}:{}", store
, ns
);
1171 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1173 let upid_str
= WorkerTask
::new_thread(
1176 auth_id
.to_string(),
1178 move |_worker
| crate::server
::prune_datastore(auth_id
, prune_options
, datastore
, dry_run
),
1188 schema
: DATASTORE_SCHEMA
,
1193 schema
: UPID_SCHEMA
,
1196 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
1199 /// Start garbage collection.
1200 pub fn start_garbage_collection(
1203 rpcenv
: &mut dyn RpcEnvironment
,
1204 ) -> Result
<Value
, Error
> {
1205 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
1206 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1208 let job
= Job
::new("garbage_collection", &store
)
1209 .map_err(|_
| format_err
!("garbage collection already running"))?
;
1211 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
1214 crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
1217 "unable to start garbage collection job on datastore {} - {}",
1230 schema
: DATASTORE_SCHEMA
,
1235 type: GarbageCollectionJobStatus
,
1238 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
1241 /// Garbage collection status.
1242 pub fn garbage_collection_status(
1245 _rpcenv
: &mut dyn RpcEnvironment
,
1246 ) -> Result
<GarbageCollectionJobStatus
, Error
> {
1247 let (config
, _
) = pbs_config
::datastore
::config()?
;
1248 let store_config
: DataStoreConfig
= config
.lookup("datastore", &store
)?
;
1250 let mut info
= GarbageCollectionJobStatus
{
1251 store
: store
.clone(),
1252 schedule
: store_config
.gc_schedule
,
1253 ..Default
::default()
1256 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1257 let status_in_memory
= datastore
.last_gc_status();
1258 let state_file
= JobState
::load("garbage_collection", &store
)
1259 .map_err(|err
| log
::error
!("could not open GC statefile for {store}: {err}"))
1262 let mut last
= proxmox_time
::epoch_i64();
1264 if let Some(ref upid
) = status_in_memory
.upid
{
1265 let mut computed_schedule
: JobScheduleStatus
= JobScheduleStatus
::default();
1266 if let Some(state
) = state_file
{
1267 if let Ok(cs
) = compute_schedule_status(&state
, Some(upid
)) {
1268 computed_schedule
= cs
;
1272 if let Some(endtime
) = computed_schedule
.last_run_endtime
{
1274 if let Ok(parsed_upid
) = upid
.parse
::<UPID
>() {
1275 info
.duration
= Some(endtime
- parsed_upid
.starttime
);
1279 info
.next_run
= computed_schedule
.next_run
;
1280 info
.last_run_endtime
= computed_schedule
.last_run_endtime
;
1281 info
.last_run_state
= computed_schedule
.last_run_state
;
1284 info
.next_run
= info
1288 s
.parse
::<CalendarEvent
>()
1289 .map_err(|err
| log
::error
!("{err}"))
1293 e
.compute_next_event(last
)
1294 .map_err(|err
| log
::error
!("{err}"))
1299 info
.status
= status_in_memory
;
1306 description
: "List the accessible datastores.",
1308 items
: { type: DataStoreListItem }
,
1311 permission
: &Permission
::Anybody
,
1315 pub fn get_datastore_list(
1318 rpcenv
: &mut dyn RpcEnvironment
,
1319 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
1320 let (config
, _digest
) = pbs_config
::datastore
::config()?
;
1322 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1323 let user_info
= CachedUserInfo
::new()?
;
1325 let mut list
= Vec
::new();
1327 for (store
, (_
, data
)) in config
.sections
{
1328 let acl_path
= &["datastore", &store
];
1329 let user_privs
= user_info
.lookup_privs(&auth_id
, acl_path
);
1330 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1332 let mut allow_id
= false;
1334 if let Ok(any_privs
) = user_info
.any_privs_below(&auth_id
, acl_path
, NS_PRIVS_OK
) {
1335 allow_id
= any_privs
;
1339 if allowed
|| allow_id
{
1340 let store_config
: DataStoreConfig
= serde_json
::from_value(data
)?
;
1342 let mount_status
= match pbs_datastore
::get_datastore_mount_status(&store_config
) {
1343 Some(true) => DataStoreMountStatus
::Mounted
,
1344 Some(false) => DataStoreMountStatus
::NotMounted
,
1345 None
=> DataStoreMountStatus
::NonRemovable
,
1348 list
.push(DataStoreListItem
{
1349 store
: store
.clone(),
1350 comment
: store_config
.comment
.filter(|_
| allowed
),
1352 maintenance
: store_config
.maintenance_mode
,
1361 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1362 &ApiHandler
::AsyncHttp(&download_file
),
1364 "Download single raw file from backup snapshot.",
1366 ("store", false, &DATASTORE_SCHEMA
),
1367 ("ns", true, &BACKUP_NAMESPACE_SCHEMA
),
1368 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1369 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1370 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1371 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1377 "Requires on /datastore/{store}[/{namespace}] either DATASTORE_READ for any or \
1378 DATASTORE_BACKUP and being the owner of the group",
1380 &Permission
::Anybody
,
1383 pub fn download_file(
1388 rpcenv
: Box
<dyn RpcEnvironment
>,
1389 ) -> ApiResponseFuture
{
1391 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1392 let store
= required_string_param(¶m
, "store")?
;
1393 let backup_ns
= optional_ns_param(¶m
)?
;
1395 let backup_dir
: pbs_api_types
::BackupDir
= Deserialize
::deserialize(¶m
)?
;
1396 let datastore
= check_privs_and_load_store(
1400 PRIV_DATASTORE_READ
,
1401 PRIV_DATASTORE_BACKUP
,
1402 Some(Operation
::Read
),
1406 let file_name
= required_string_param(¶m
, "file-name")?
.to_owned();
1409 "Download {} from {} ({}/{})",
1411 print_store_and_ns(store
, &backup_ns
),
1416 let backup_dir
= datastore
.backup_dir(backup_ns
, backup_dir
)?
;
1418 let mut path
= datastore
.base_path();
1419 path
.push(backup_dir
.relative_path());
1420 path
.push(&file_name
);
1422 let file
= tokio
::fs
::File
::open(&path
)
1424 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1427 tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1428 .map_ok(|bytes
| bytes
.freeze())
1429 .map_err(move |err
| {
1430 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1433 let body
= Body
::wrap_stream(payload
);
1435 // fixme: set other headers ?
1436 Ok(Response
::builder()
1437 .status(StatusCode
::OK
)
1438 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1446 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1447 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1449 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1451 ("store", false, &DATASTORE_SCHEMA
),
1452 ("ns", true, &BACKUP_NAMESPACE_SCHEMA
),
1453 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1454 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1455 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1456 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1462 "Requires on /datastore/{store}[/{namespace}] either DATASTORE_READ for any or \
1463 DATASTORE_BACKUP and being the owner of the group",
1465 &Permission
::Anybody
,
1468 pub fn download_file_decoded(
1473 rpcenv
: Box
<dyn RpcEnvironment
>,
1474 ) -> ApiResponseFuture
{
1476 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1477 let store
= required_string_param(¶m
, "store")?
;
1478 let backup_ns
= optional_ns_param(¶m
)?
;
1480 let backup_dir_api
: pbs_api_types
::BackupDir
= Deserialize
::deserialize(¶m
)?
;
1481 let datastore
= check_privs_and_load_store(
1485 PRIV_DATASTORE_READ
,
1486 PRIV_DATASTORE_BACKUP
,
1487 Some(Operation
::Read
),
1488 &backup_dir_api
.group
,
1491 let file_name
: BackupArchiveName
=
1492 required_string_param(¶m
, "file-name")?
.try_into()?
;
1493 let backup_dir
= datastore
.backup_dir(backup_ns
.clone(), backup_dir_api
.clone())?
;
1495 let (manifest
, files
) = read_backup_index(&backup_dir
)?
;
1497 if file
.filename
== file_name
.as_ref() && file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1498 bail
!("cannot decode '{}' - is encrypted", file_name
);
1503 "Download {} from {} ({}/{})",
1505 print_store_and_ns(store
, &backup_ns
),
1510 let mut path
= datastore
.base_path();
1511 path
.push(backup_dir
.relative_path());
1512 path
.push(file_name
.as_ref());
1514 let body
= match file_name
.archive_type() {
1515 ArchiveType
::DynamicIndex
=> {
1516 let index
= DynamicIndexReader
::open(&path
).map_err(|err
| {
1517 format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
)
1519 let (csum
, size
) = index
.compute_csum();
1520 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1522 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1523 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1524 Body
::wrap_stream(AsyncReaderStream
::new(reader
).map_err(move |err
| {
1525 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1529 ArchiveType
::FixedIndex
=> {
1530 let index
= FixedIndexReader
::open(&path
).map_err(|err
| {
1531 format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
)
1534 let (csum
, size
) = index
.compute_csum();
1535 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1537 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1538 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 1).seekable();
1540 AsyncReaderStream
::with_buffer_size(reader
, 4 * 1024 * 1024).map_err(
1542 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1548 ArchiveType
::Blob
=> {
1549 let file
= std
::fs
::File
::open(&path
)
1550 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1552 // FIXME: load full blob to verify index checksum?
1555 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
).map_err(
1557 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1565 // fixme: set other headers ?
1566 Ok(Response
::builder()
1567 .status(StatusCode
::OK
)
1568 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1576 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1577 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1579 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1581 ("store", false, &DATASTORE_SCHEMA
),
1582 ("ns", true, &BACKUP_NAMESPACE_SCHEMA
),
1583 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1584 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1585 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1590 Some("Only the backup creator/owner is allowed to do this."),
1591 &Permission
::Anybody
,
1594 pub fn upload_backup_log(
1599 rpcenv
: Box
<dyn RpcEnvironment
>,
1600 ) -> ApiResponseFuture
{
1602 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1603 let store
= required_string_param(¶m
, "store")?
;
1604 let backup_ns
= optional_ns_param(¶m
)?
;
1606 let backup_dir_api
: pbs_api_types
::BackupDir
= Deserialize
::deserialize(¶m
)?
;
1608 let datastore
= check_privs_and_load_store(
1613 PRIV_DATASTORE_BACKUP
,
1614 Some(Operation
::Write
),
1615 &backup_dir_api
.group
,
1617 let backup_dir
= datastore
.backup_dir(backup_ns
.clone(), backup_dir_api
.clone())?
;
1619 let file_name
= &CLIENT_LOG_BLOB_NAME
;
1621 let mut path
= backup_dir
.full_path();
1622 path
.push(file_name
.as_ref());
1625 bail
!("backup already contains a log.");
1629 "Upload backup log to {} {backup_dir_api}/{file_name}",
1630 print_store_and_ns(store
, &backup_ns
),
1631 file_name
= file_name
.deref(),
1635 .map_err(Error
::from
)
1636 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1637 acc
.extend_from_slice(&chunk
);
1638 future
::ok
::<_
, Error
>(acc
)
1642 // always verify blob/CRC at server side
1643 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1645 replace_file(&path
, blob
.raw_data(), CreateOptions
::new(), false)?
;
1647 // fixme: use correct formatter
1648 Ok(formatter
::JSON_FORMATTER
.format_data(Value
::Null
, &*rpcenv
))
1653 fn decode_path(path
: &str) -> Result
<Vec
<u8>, Error
> {
1654 if path
!= "root" && path
!= "/" {
1655 base64
::decode(path
).map_err(|err
| format_err
!("base64 decoding of path failed - {err}"))
1664 store
: { schema: DATASTORE_SCHEMA }
,
1666 type: BackupNamespace
,
1670 type: pbs_api_types
::BackupDir
,
1674 description
: "Base64 encoded path.",
1678 type: BackupArchiveName
,
1684 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_READ for any or \
1685 DATASTORE_BACKUP and being the owner of the group",
1686 permission
: &Permission
::Anybody
,
1689 /// Get the entries of the given path of the catalog
1690 pub async
fn catalog(
1692 ns
: Option
<BackupNamespace
>,
1693 backup_dir
: pbs_api_types
::BackupDir
,
1695 archive_name
: Option
<BackupArchiveName
>,
1696 rpcenv
: &mut dyn RpcEnvironment
,
1697 ) -> Result
<Vec
<ArchiveEntry
>, Error
> {
1698 let file_name
= archive_name
.clone().unwrap_or_else(|| CATALOG_NAME
.clone());
1700 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1702 let ns
= ns
.unwrap_or_default();
1704 let datastore
= check_privs_and_load_store(
1708 PRIV_DATASTORE_READ
,
1709 PRIV_DATASTORE_BACKUP
,
1710 Some(Operation
::Read
),
1714 let backup_dir
= datastore
.backup_dir(ns
, backup_dir
)?
;
1716 let (manifest
, files
) = read_backup_index(&backup_dir
)?
;
1718 if file
.filename
== file_name
.as_ref() && file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1719 bail
!("cannot decode '{file_name}' - is encrypted");
1723 if archive_name
.is_none() {
1724 tokio
::task
::spawn_blocking(move || {
1725 let mut path
= datastore
.base_path();
1726 path
.push(backup_dir
.relative_path());
1727 path
.push(file_name
.as_ref());
1729 let index
= DynamicIndexReader
::open(&path
)
1730 .map_err(|err
| format_err
!("unable to read dynamic index '{path:?}' - {err}"))?
;
1732 let (csum
, size
) = index
.compute_csum();
1733 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1735 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1736 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1738 let mut catalog_reader
= CatalogReader
::new(reader
);
1740 let path
= decode_path(&filepath
)?
;
1741 catalog_reader
.list_dir_contents(&path
)
1745 let (archive_name
, _payload_archive_name
) =
1746 pbs_client
::tools
::get_pxar_archive_names(&file_name
, &manifest
)?
;
1747 let (reader
, archive_size
) =
1748 get_local_pxar_reader(datastore
.clone(), &manifest
, &backup_dir
, &archive_name
)?
;
1750 // only care about the metadata, don't attach a payload reader
1751 let reader
= pxar
::PxarVariant
::Unified(reader
);
1752 let accessor
= Accessor
::new(reader
, archive_size
).await?
;
1754 let file_path
= decode_path(&filepath
)?
;
1755 pbs_client
::pxar
::tools
::pxar_metadata_catalog_lookup(
1757 OsStr
::from_bytes(&file_path
),
1765 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1766 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1768 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1770 ("store", false, &DATASTORE_SCHEMA
),
1771 ("ns", true, &BACKUP_NAMESPACE_SCHEMA
),
1772 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1773 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1774 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1775 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1776 ("tar", true, &BooleanSchema
::new("Download as .tar.zst").schema()),
1777 ("archive-name", true, &BackupArchiveName
::API_SCHEMA
),
1782 "Requires on /datastore/{store}[/{namespace}] either DATASTORE_READ for any or \
1783 DATASTORE_BACKUP and being the owner of the group",
1785 &Permission
::Anybody
,
1788 fn get_local_pxar_reader(
1789 datastore
: Arc
<DataStore
>,
1790 manifest
: &BackupManifest
,
1791 backup_dir
: &BackupDir
,
1792 pxar_name
: &BackupArchiveName
,
1793 ) -> Result
<(LocalDynamicReadAt
<LocalChunkReader
>, u64), Error
> {
1794 let mut path
= datastore
.base_path();
1795 path
.push(backup_dir
.relative_path());
1796 path
.push(pxar_name
.as_ref());
1798 let index
= DynamicIndexReader
::open(&path
)
1799 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1801 let (csum
, size
) = index
.compute_csum();
1802 manifest
.verify_file(pxar_name
, &csum
, size
)?
;
1804 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1805 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1806 let archive_size
= reader
.archive_size();
1808 Ok((LocalDynamicReadAt
::new(reader
), archive_size
))
1811 pub fn pxar_file_download(
1816 rpcenv
: Box
<dyn RpcEnvironment
>,
1817 ) -> ApiResponseFuture
{
1819 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1820 let store
= required_string_param(¶m
, "store")?
;
1821 let ns
= optional_ns_param(¶m
)?
;
1823 let backup_dir
: pbs_api_types
::BackupDir
= Deserialize
::deserialize(¶m
)?
;
1824 let datastore
= check_privs_and_load_store(
1828 PRIV_DATASTORE_READ
,
1829 PRIV_DATASTORE_BACKUP
,
1830 Some(Operation
::Read
),
1834 let backup_dir
= datastore
.backup_dir(ns
, backup_dir
)?
;
1836 let filepath
= required_string_param(¶m
, "filepath")?
.to_owned();
1838 let tar
= param
["tar"].as_bool().unwrap_or(false);
1840 let mut components
= base64
::decode(&filepath
)?
;
1841 if !components
.is_empty() && components
[0] == b'
/'
{
1842 components
.remove(0);
1845 let (pxar_name
, file_path
) = if let Some(archive_name
) = param
["archive-name"].as_str() {
1846 let archive_name
= archive_name
.as_bytes().to_owned();
1847 (archive_name
, base64
::decode(&filepath
)?
)
1849 let mut split
= components
.splitn(2, |c
| *c
== b'
/'
);
1850 let pxar_name
= split
.next().unwrap();
1851 let file_path
= split
.next().unwrap_or(b
"/");
1852 (pxar_name
.to_owned(), file_path
.to_owned())
1854 let pxar_name
: BackupArchiveName
= std
::str::from_utf8(&pxar_name
)?
.try_into()?
;
1855 let (manifest
, files
) = read_backup_index(&backup_dir
)?
;
1857 if file
.filename
== pxar_name
.as_ref() && file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1858 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1862 let (pxar_name
, payload_archive_name
) =
1863 pbs_client
::tools
::get_pxar_archive_names(&pxar_name
, &manifest
)?
;
1864 let (reader
, archive_size
) =
1865 get_local_pxar_reader(datastore
.clone(), &manifest
, &backup_dir
, &pxar_name
)?
;
1867 let reader
= if let Some(payload_archive_name
) = payload_archive_name
{
1869 get_local_pxar_reader(datastore
, &manifest
, &backup_dir
, &payload_archive_name
)?
;
1870 pxar
::PxarVariant
::Split(reader
, payload_input
)
1872 pxar
::PxarVariant
::Unified(reader
)
1874 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1876 let root
= decoder
.open_root().await?
;
1877 let path
= OsStr
::from_bytes(&file_path
).to_os_string();
1881 .ok_or_else(|| format_err
!("error opening '{:?}'", path
))?
;
1883 let body
= match file
.kind() {
1884 EntryKind
::File { .. }
=> Body
::wrap_stream(
1885 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1886 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1890 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1891 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1892 .map_err(move |err
| {
1893 eprintln
!("error during streaming of hardlink '{:?}' - {}", path
, err
);
1897 EntryKind
::Directory
=> {
1898 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel
::<Result
<_
, Error
>>(100);
1899 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1901 proxmox_rest_server
::spawn_internal_task(create_tar(
1906 let zstdstream
= ZstdEncoder
::new(ReceiverStream
::new(receiver
))?
;
1907 Body
::wrap_stream(zstdstream
.map_err(move |err
| {
1908 log
::error
!("error during streaming of tar.zst '{:?}' - {}", path
, err
);
1912 proxmox_rest_server
::spawn_internal_task(create_zip(
1917 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1918 log
::error
!("error during streaming of zip '{:?}' - {}", path
, err
);
1923 other
=> bail
!("cannot download file of type {:?}", other
),
1926 // fixme: set other headers ?
1927 Ok(Response
::builder()
1928 .status(StatusCode
::OK
)
1929 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1940 schema
: DATASTORE_SCHEMA
,
1951 permission
: &Permission
::Privilege(
1952 &["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1955 /// Read datastore stats
1956 pub fn get_rrd_stats(
1958 timeframe
: RrdTimeframe
,
1961 ) -> Result
<Value
, Error
> {
1962 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Read
))?
;
1963 let disk_manager
= crate::tools
::disks
::DiskManage
::new();
1965 let mut rrd_fields
= vec
![
1975 // we do not have io_ticks for zpools, so don't include them
1976 match disk_manager
.find_mounted_device(&datastore
.base_path()) {
1977 Ok(Some((fs_type
, _
, _
))) if fs_type
.as_str() == "zfs" => {}
1978 _
=> rrd_fields
.push("io_ticks"),
1981 create_value_from_rrd(&format
!("datastore/{}", store
), &rrd_fields
, timeframe
, cf
)
1988 schema
: DATASTORE_SCHEMA
,
1993 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, true),
1996 /// Read datastore stats
1997 pub fn get_active_operations(store
: String
, _param
: Value
) -> Result
<Value
, Error
> {
1998 let active_operations
= task_tracking
::get_active_operations(&store
)?
;
2000 "read": active_operations
.read
,
2001 "write": active_operations
.write
,
2008 store
: { schema: DATASTORE_SCHEMA }
,
2010 type: BackupNamespace
,
2014 type: pbs_api_types
::BackupGroup
,
2020 permission
: &Permission
::Anybody
,
2021 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT for any \
2022 or DATASTORE_BACKUP and being the owner of the group",
2025 /// Get "notes" for a backup group
2026 pub fn get_group_notes(
2028 ns
: Option
<BackupNamespace
>,
2029 backup_group
: pbs_api_types
::BackupGroup
,
2030 rpcenv
: &mut dyn RpcEnvironment
,
2031 ) -> Result
<String
, Error
> {
2032 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2033 let ns
= ns
.unwrap_or_default();
2035 let datastore
= check_privs_and_load_store(
2039 PRIV_DATASTORE_AUDIT
,
2040 PRIV_DATASTORE_BACKUP
,
2041 Some(Operation
::Read
),
2045 let note_path
= get_group_note_path(&datastore
, &ns
, &backup_group
);
2046 Ok(file_read_optional_string(note_path
)?
.unwrap_or_else(|| "".to_owned()))
2052 store
: { schema: DATASTORE_SCHEMA }
,
2054 type: BackupNamespace
,
2058 type: pbs_api_types
::BackupGroup
,
2062 description
: "A multiline text.",
2067 permission
: &Permission
::Anybody
,
2068 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_MODIFY for any \
2069 or DATASTORE_BACKUP and being the owner of the group",
2072 /// Set "notes" for a backup group
2073 pub fn set_group_notes(
2075 ns
: Option
<BackupNamespace
>,
2076 backup_group
: pbs_api_types
::BackupGroup
,
2078 rpcenv
: &mut dyn RpcEnvironment
,
2079 ) -> Result
<(), Error
> {
2080 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2081 let ns
= ns
.unwrap_or_default();
2083 let datastore
= check_privs_and_load_store(
2087 PRIV_DATASTORE_MODIFY
,
2088 PRIV_DATASTORE_BACKUP
,
2089 Some(Operation
::Write
),
2093 let note_path
= get_group_note_path(&datastore
, &ns
, &backup_group
);
2094 replace_file(note_path
, notes
.as_bytes(), CreateOptions
::new(), false)?
;
2102 store
: { schema: DATASTORE_SCHEMA }
,
2104 type: BackupNamespace
,
2108 type: pbs_api_types
::BackupDir
,
2114 permission
: &Permission
::Anybody
,
2115 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT for any \
2116 or DATASTORE_BACKUP and being the owner of the group",
2119 /// Get "notes" for a specific backup
2122 ns
: Option
<BackupNamespace
>,
2123 backup_dir
: pbs_api_types
::BackupDir
,
2124 rpcenv
: &mut dyn RpcEnvironment
,
2125 ) -> Result
<String
, Error
> {
2126 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2127 let ns
= ns
.unwrap_or_default();
2129 let datastore
= check_privs_and_load_store(
2133 PRIV_DATASTORE_AUDIT
,
2134 PRIV_DATASTORE_BACKUP
,
2135 Some(Operation
::Read
),
2139 let backup_dir
= datastore
.backup_dir(ns
, backup_dir
)?
;
2141 let (manifest
, _
) = backup_dir
.load_manifest()?
;
2143 let notes
= manifest
.unprotected
["notes"].as_str().unwrap_or("");
2145 Ok(String
::from(notes
))
2151 store
: { schema: DATASTORE_SCHEMA }
,
2153 type: BackupNamespace
,
2157 type: pbs_api_types
::BackupDir
,
2161 description
: "A multiline text.",
2166 permission
: &Permission
::Anybody
,
2167 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_MODIFY for any \
2168 or DATASTORE_BACKUP and being the owner of the group",
2171 /// Set "notes" for a specific backup
2174 ns
: Option
<BackupNamespace
>,
2175 backup_dir
: pbs_api_types
::BackupDir
,
2177 rpcenv
: &mut dyn RpcEnvironment
,
2178 ) -> Result
<(), Error
> {
2179 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2180 let ns
= ns
.unwrap_or_default();
2182 let datastore
= check_privs_and_load_store(
2186 PRIV_DATASTORE_MODIFY
,
2187 PRIV_DATASTORE_BACKUP
,
2188 Some(Operation
::Write
),
2192 let backup_dir
= datastore
.backup_dir(ns
, backup_dir
)?
;
2195 .update_manifest(|manifest
| {
2196 manifest
.unprotected
["notes"] = notes
.into();
2198 .map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
2206 store
: { schema: DATASTORE_SCHEMA }
,
2208 type: BackupNamespace
,
2212 type: pbs_api_types
::BackupDir
,
2218 permission
: &Permission
::Anybody
,
2219 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_AUDIT for any \
2220 or DATASTORE_BACKUP and being the owner of the group",
2223 /// Query protection for a specific backup
2224 pub fn get_protection(
2226 ns
: Option
<BackupNamespace
>,
2227 backup_dir
: pbs_api_types
::BackupDir
,
2228 rpcenv
: &mut dyn RpcEnvironment
,
2229 ) -> Result
<bool
, Error
> {
2230 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2231 let ns
= ns
.unwrap_or_default();
2232 let datastore
= check_privs_and_load_store(
2236 PRIV_DATASTORE_AUDIT
,
2237 PRIV_DATASTORE_BACKUP
,
2238 Some(Operation
::Read
),
2242 let backup_dir
= datastore
.backup_dir(ns
, backup_dir
)?
;
2244 Ok(backup_dir
.is_protected())
2250 store
: { schema: DATASTORE_SCHEMA }
,
2252 type: BackupNamespace
,
2256 type: pbs_api_types
::BackupDir
,
2260 description
: "Enable/disable protection.",
2265 permission
: &Permission
::Anybody
,
2266 description
: "Requires on /datastore/{store}[/{namespace}] either DATASTORE_MODIFY for any \
2267 or DATASTORE_BACKUP and being the owner of the group",
2270 /// En- or disable protection for a specific backup
2271 pub async
fn set_protection(
2273 ns
: Option
<BackupNamespace
>,
2274 backup_dir
: pbs_api_types
::BackupDir
,
2276 rpcenv
: &mut dyn RpcEnvironment
,
2277 ) -> Result
<(), Error
> {
2278 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2280 tokio
::task
::spawn_blocking(move || {
2281 let ns
= ns
.unwrap_or_default();
2282 let datastore
= check_privs_and_load_store(
2286 PRIV_DATASTORE_MODIFY
,
2287 PRIV_DATASTORE_BACKUP
,
2288 Some(Operation
::Write
),
2292 let backup_dir
= datastore
.backup_dir(ns
, backup_dir
)?
;
2294 datastore
.update_protection(&backup_dir
, protected
)
2302 store
: { schema: DATASTORE_SCHEMA }
,
2304 type: BackupNamespace
,
2308 type: pbs_api_types
::BackupGroup
,
2317 permission
: &Permission
::Anybody
,
2318 description
: "Datastore.Modify on whole datastore, or changing ownership between user and \
2319 a user's token for owned backups with Datastore.Backup"
2322 /// Change owner of a backup group
2323 pub async
fn set_backup_owner(
2325 ns
: Option
<BackupNamespace
>,
2326 backup_group
: pbs_api_types
::BackupGroup
,
2328 rpcenv
: &mut dyn RpcEnvironment
,
2329 ) -> Result
<(), Error
> {
2330 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2332 tokio
::task
::spawn_blocking(move || {
2333 let ns
= ns
.unwrap_or_default();
2334 let owner_check_required
= check_ns_privs_full(
2338 PRIV_DATASTORE_MODIFY
,
2339 PRIV_DATASTORE_BACKUP
,
2342 let datastore
= DataStore
::lookup_datastore(&store
, Some(Operation
::Write
))?
;
2344 let backup_group
= datastore
.backup_group(ns
, backup_group
);
2346 if owner_check_required
{
2347 let owner
= backup_group
.get_owner()?
;
2349 let allowed
= match (owner
.is_token(), new_owner
.is_token()) {
2351 // API token to API token, owned by same user
2352 let owner
= owner
.user();
2353 let new_owner
= new_owner
.user();
2354 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
2357 // API token to API token owner
2358 Authid
::from(owner
.user().clone()) == auth_id
&& new_owner
== auth_id
2361 // API token owner to API token
2362 owner
== auth_id
&& Authid
::from(new_owner
.user().clone()) == auth_id
2365 // User to User, not allowed for unprivileged users
2371 return Err(http_err
!(
2373 "{} does not have permission to change owner of backup group '{}' to {}",
2375 backup_group
.group(),
2381 let user_info
= CachedUserInfo
::new()?
;
2383 if !user_info
.is_active_auth_id(&new_owner
) {
2385 "{} '{}' is inactive or non-existent",
2386 if new_owner
.is_token() {
2387 "API token".to_string()
2395 backup_group
.set_owner(&new_owner
, true)?
;
2402 fn setup_mounted_device(datastore
: &DataStoreConfig
, tmp_mount_path
: &str) -> Result
<(), Error
> {
2403 let default_options
= proxmox_sys
::fs
::CreateOptions
::new();
2404 let mount_point
= datastore
.absolute_path();
2405 let full_store_path
= format
!(
2406 "{tmp_mount_path}/{}",
2407 datastore
.path
.trim_start_matches('
/'
)
2409 let backup_user
= pbs_config
::backup_user()?
;
2410 let options
= CreateOptions
::new()
2411 .owner(backup_user
.uid
)
2412 .group(backup_user
.gid
);
2414 proxmox_sys
::fs
::create_path(
2416 Some(default_options
.clone()),
2417 Some(options
.clone()),
2419 .map_err(|e
| format_err
!("creating mountpoint '{mount_point}' failed: {e}"))?
;
2421 // can't be created before it is mounted, so we have to do it here
2422 proxmox_sys
::fs
::create_path(
2424 Some(default_options
.clone()),
2425 Some(options
.clone()),
2427 .map_err(|e
| format_err
!("creating datastore path '{full_store_path}' failed: {e}"))?
;
2430 "bind mount '{}'({}) to '{}'",
2431 datastore
.name
, datastore
.path
, mount_point
2434 crate::tools
::disks
::bind_mount(Path
::new(&full_store_path
), Path
::new(&mount_point
))
2439 /// 1. mount the removable device to `<PBS_RUN_DIR>/mount/<RANDOM_UUID>`
2440 /// 2. bind mount `<PBS_RUN_DIR>/mount/<RANDOM_UUID>/<datastore.path>` to `/mnt/datastore/<datastore.name>`
2441 /// 3. unmount `<PBS_RUN_DIR>/mount/<RANDOM_UUID>`
2443 /// leaving us with the datastore being mounted directly with its name under /mnt/datastore/...
2445 /// The reason for the randomized device mounting paths is to avoid two tasks trying to mount to
2446 /// the same path, this is *very* unlikely since the device is only mounted really shortly, but
2447 /// technically possible.
2448 pub fn do_mount_device(datastore
: DataStoreConfig
) -> Result
<(), Error
> {
2449 if let Some(uuid
) = datastore
.backing_device
.as_ref() {
2450 if pbs_datastore
::get_datastore_mount_status(&datastore
) == Some(true) {
2452 "device is already mounted at '{}'",
2453 datastore
.absolute_path()
2457 let tmp_mount_path
= format
!(
2459 pbs_buildcfg
::rundir
!("/mount"),
2460 proxmox_uuid
::Uuid
::generate()
2463 let default_options
= proxmox_sys
::fs
::CreateOptions
::new();
2464 proxmox_sys
::fs
::create_path(
2466 Some(default_options
.clone()),
2467 Some(default_options
.clone()),
2470 info
!("temporarily mounting '{uuid}' to '{}'", tmp_mount_path
);
2471 crate::tools
::disks
::mount_by_uuid(uuid
, Path
::new(&tmp_mount_path
))
2472 .map_err(|e
| format_err
!("mounting to tmp path failed: {e}"))?
;
2474 let setup_result
= setup_mounted_device(&datastore
, &tmp_mount_path
);
2476 let mut unmounted
= true;
2477 if let Err(e
) = crate::tools
::disks
::unmount_by_mountpoint(Path
::new(&tmp_mount_path
)) {
2479 warn
!("unmounting from tmp path '{tmp_mount_path} failed: {e}'");
2482 if let Err(e
) = std
::fs
::remove_dir(std
::path
::Path
::new(&tmp_mount_path
)) {
2483 warn
!("removing tmp path '{tmp_mount_path} failed: {e}'");
2487 setup_result
.map_err(|e
| {
2489 "Datastore '{}' could not be created: {}.",
2496 "Datastore '{}' cannot be mounted because it is not removable.",
2508 schema
: DATASTORE_SCHEMA
,
2513 schema
: UPID_SCHEMA
,
2516 permission
: &Permission
::And(&[
2517 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
2518 &Permission
::Privilege(&["system", "disks"], PRIV_SYS_MODIFY
, false)
2522 /// Mount removable datastore.
2523 pub fn mount(store
: String
, rpcenv
: &mut dyn RpcEnvironment
) -> Result
<Value
, Error
> {
2524 let (section_config
, _digest
) = pbs_config
::datastore
::config()?
;
2525 let datastore
: DataStoreConfig
= section_config
.lookup("datastore", &store
)?
;
2527 if datastore
.backing_device
.is_none() {
2528 bail
!("datastore '{store}' is not removable");
2531 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2532 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
2534 let upid
= WorkerTask
::new_thread(
2537 auth_id
.to_string(),
2539 move |_worker
| do_mount_device(datastore
),
2545 fn expect_maintanance_unmounting(
2547 ) -> Result
<(pbs_config
::BackupLockGuard
, DataStoreConfig
), Error
> {
2548 let lock
= pbs_config
::datastore
::lock_config()?
;
2549 let (section_config
, _digest
) = pbs_config
::datastore
::config()?
;
2550 let store_config
: DataStoreConfig
= section_config
.lookup("datastore", store
)?
;
2553 .get_maintenance_mode()
2554 .map_or(true, |m
| m
.ty
!= MaintenanceType
::Unmount
)
2556 bail
!("maintenance mode is not 'Unmount'");
2559 Ok((lock
, store_config
))
2562 fn unset_maintenance(
2563 _lock
: pbs_config
::BackupLockGuard
,
2564 mut config
: DataStoreConfig
,
2565 ) -> Result
<(), Error
> {
2566 let (mut section_config
, _digest
) = pbs_config
::datastore
::config()?
;
2567 config
.maintenance_mode
= None
;
2568 section_config
.set_data(&config
.name
, "datastore", &config
)?
;
2569 pbs_config
::datastore
::save_config(§ion_config
)?
;
2573 fn do_unmount_device(
2574 datastore
: DataStoreConfig
,
2575 worker
: Option
<&dyn WorkerTaskContext
>,
2576 ) -> Result
<(), Error
> {
2577 if datastore
.backing_device
.is_none() {
2578 bail
!("can't unmount non-removable datastore");
2580 let mount_point
= datastore
.absolute_path();
2582 let mut active_operations
= task_tracking
::get_active_operations(&datastore
.name
)?
;
2583 let mut old_status
= String
::new();
2584 let mut aborted
= false;
2585 while active_operations
.read
+ active_operations
.write
> 0 {
2586 if let Some(worker
) = worker
{
2587 if worker
.abort_requested() || expect_maintanance_unmounting(&datastore
.name
).is_err() {
2591 let status
= format
!(
2592 "cannot unmount yet, still {} read and {} write operations active",
2593 active_operations
.read
, active_operations
.write
2595 if status
!= old_status
{
2597 old_status
= status
;
2600 std
::thread
::sleep(std
::time
::Duration
::from_secs(1));
2601 active_operations
= task_tracking
::get_active_operations(&datastore
.name
)?
;
2604 if aborted
|| worker
.map_or(false, |w
| w
.abort_requested()) {
2605 let _
= expect_maintanance_unmounting(&datastore
.name
)
2606 .inspect_err(|e
| warn
!("maintenance mode was not as expected: {e}"))
2607 .and_then(|(lock
, config
)| {
2608 unset_maintenance(lock
, config
)
2609 .inspect_err(|e
| warn
!("could not reset maintenance mode: {e}"))
2611 bail
!("aborted, due to user request");
2613 let (lock
, config
) = expect_maintanance_unmounting(&datastore
.name
)?
;
2614 crate::tools
::disks
::unmount_by_mountpoint(Path
::new(&mount_point
))?
;
2615 unset_maintenance(lock
, config
)
2616 .map_err(|e
| format_err
!("could not reset maintenance mode: {e}"))?
;
2625 store
: { schema: DATASTORE_SCHEMA }
,
2629 schema
: UPID_SCHEMA
,
2632 permission
: &Permission
::And(&[
2633 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, true),
2634 &Permission
::Privilege(&["system", "disks"], PRIV_SYS_MODIFY
, false)
2638 /// Unmount a removable device that is associated with the datastore
2639 pub async
fn unmount(store
: String
, rpcenv
: &mut dyn RpcEnvironment
) -> Result
<Value
, Error
> {
2640 let _lock
= pbs_config
::datastore
::lock_config()?
;
2641 let (mut section_config
, _digest
) = pbs_config
::datastore
::config()?
;
2642 let mut datastore
: DataStoreConfig
= section_config
.lookup("datastore", &store
)?
;
2644 if datastore
.backing_device
.is_none() {
2645 bail
!("datastore '{store}' is not removable");
2648 ensure_datastore_is_mounted(&datastore
)?
;
2650 datastore
.set_maintenance_mode(Some(MaintenanceMode
{
2651 ty
: MaintenanceType
::Unmount
,
2654 section_config
.set_data(&store
, "datastore", &datastore
)?
;
2655 pbs_config
::datastore
::save_config(§ion_config
)?
;
2659 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
2660 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
2662 if let Ok(proxy_pid
) = proxmox_rest_server
::read_pid(pbs_buildcfg
::PROXMOX_BACKUP_PROXY_PID_FN
)
2664 let sock
= proxmox_daemon
::command_socket
::path_from_pid(proxy_pid
);
2665 let _
= proxmox_daemon
::command_socket
::send_raw(
2668 "{{\"command\":\"update-datastore-cache\",\"args\":\"{}\"}}\n",
2675 let upid
= WorkerTask
::new_thread(
2678 auth_id
.to_string(),
2680 move |worker
| do_unmount_device(datastore
, Some(&worker
)),
2687 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
2689 "active-operations",
2690 &Router
::new().get(&API_METHOD_GET_ACTIVE_OPERATIONS
),
2692 ("catalog", &Router
::new().get(&API_METHOD_CATALOG
)),
2695 &Router
::new().post(&API_METHOD_SET_BACKUP_OWNER
),
2699 &Router
::new().download(&API_METHOD_DOWNLOAD_FILE
),
2703 &Router
::new().download(&API_METHOD_DOWNLOAD_FILE_DECODED
),
2705 ("files", &Router
::new().get(&API_METHOD_LIST_SNAPSHOT_FILES
)),
2709 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
2710 .post(&API_METHOD_START_GARBAGE_COLLECTION
),
2715 .get(&API_METHOD_GET_GROUP_NOTES
)
2716 .put(&API_METHOD_SET_GROUP_NOTES
),
2721 .get(&API_METHOD_LIST_GROUPS
)
2722 .delete(&API_METHOD_DELETE_GROUP
),
2724 ("mount", &Router
::new().post(&API_METHOD_MOUNT
)),
2727 // FIXME: move into datastore:: sub-module?!
2728 &crate::api2
::admin
::namespace
::ROUTER
,
2733 .get(&API_METHOD_GET_NOTES
)
2734 .put(&API_METHOD_SET_NOTES
),
2739 .get(&API_METHOD_GET_PROTECTION
)
2740 .put(&API_METHOD_SET_PROTECTION
),
2742 ("prune", &Router
::new().post(&API_METHOD_PRUNE
)),
2745 &Router
::new().post(&API_METHOD_PRUNE_DATASTORE
),
2748 "pxar-file-download",
2749 &Router
::new().download(&API_METHOD_PXAR_FILE_DOWNLOAD
),
2751 ("rrd", &Router
::new().get(&API_METHOD_GET_RRD_STATS
)),
2755 .get(&API_METHOD_LIST_SNAPSHOTS
)
2756 .delete(&API_METHOD_DELETE_SNAPSHOT
),
2758 ("status", &Router
::new().get(&API_METHOD_STATUS
)),
2759 ("unmount", &Router
::new().post(&API_METHOD_UNMOUNT
)),
2761 "upload-backup-log",
2762 &Router
::new().upload(&API_METHOD_UPLOAD_BACKUP_LOG
),
2764 ("verify", &Router
::new().post(&API_METHOD_VERIFY
)),
2767 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
2768 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
2769 .subdirs(DATASTORE_INFO_SUBDIRS
);
2771 pub const ROUTER
: Router
= Router
::new()
2772 .get(&API_METHOD_GET_DATASTORE_LIST
)
2773 .match_all("store", &DATASTORE_INFO_ROUTER
);