2 use nix
::unistd
::{fork, ForkResult, pipe}
;
3 use std
::os
::unix
::io
::RawFd
;
4 use chrono
::{Local, DateTime, Utc, TimeZone}
;
5 use std
::path
::{Path, PathBuf}
;
6 use std
::collections
::{HashSet, HashMap}
;
8 use std
::io
::{Write, Seek, SeekFrom}
;
9 use std
::os
::unix
::fs
::OpenOptionsExt
;
11 use proxmox
::{sortable, identity}
;
12 use proxmox
::tools
::fs
::{file_get_contents, file_get_json, replace_file, CreateOptions, image_size}
;
13 use proxmox
::sys
::linux
::tty
;
14 use proxmox
::api
::{ApiHandler, ApiMethod, RpcEnvironment}
;
15 use proxmox
::api
::schema
::*;
16 use proxmox
::api
::cli
::*;
17 use proxmox
::api
::api
;
19 use proxmox_backup
::tools
;
20 use proxmox_backup
::api2
::types
::*;
21 use proxmox_backup
::client
::*;
22 use proxmox_backup
::backup
::*;
23 use proxmox_backup
::pxar
::{ self, catalog::* }
;
25 //use proxmox_backup::backup::image_index::*;
26 //use proxmox_backup::config::datastore;
27 //use proxmox_backup::pxar::encoder::*;
28 //use proxmox_backup::backup::datastore::*;
30 use serde_json
::{json, Value}
;
32 use std
::sync
::{Arc, Mutex}
;
34 use xdg
::BaseDirectories
;
37 use tokio
::sync
::mpsc
;
39 const ENV_VAR_PBS_FINGERPRINT
: &str = "PBS_FINGERPRINT";
40 const ENV_VAR_PBS_PASSWORD
: &str = "PBS_PASSWORD";
42 proxmox
::const_regex
! {
43 BACKUPSPEC_REGEX
= r
"^([a-zA-Z0-9_-]+\.(?:pxar|img|conf|log)):(.+)$";
46 const REPO_URL_SCHEMA
: Schema
= StringSchema
::new("Repository URL.")
47 .format(&BACKUP_REPO_URL
)
51 const BACKUP_SOURCE_SCHEMA
: Schema
= StringSchema
::new(
52 "Backup source specification ([<label>:<path>]).")
53 .format(&ApiStringFormat
::Pattern(&BACKUPSPEC_REGEX
))
56 const KEYFILE_SCHEMA
: Schema
= StringSchema
::new(
57 "Path to encryption key. All data will be encrypted using this key.")
60 const CHUNK_SIZE_SCHEMA
: Schema
= IntegerSchema
::new(
61 "Chunk size in KB. Must be a power of 2.")
67 fn get_default_repository() -> Option
<String
> {
68 std
::env
::var("PBS_REPOSITORY").ok()
71 fn extract_repository_from_value(
73 ) -> Result
<BackupRepository
, Error
> {
75 let repo_url
= param
["repository"]
78 .or_else(get_default_repository
)
79 .ok_or_else(|| format_err
!("unable to get (default) repository"))?
;
81 let repo
: BackupRepository
= repo_url
.parse()?
;
86 fn extract_repository_from_map(
87 param
: &HashMap
<String
, String
>,
88 ) -> Option
<BackupRepository
> {
90 param
.get("repository")
92 .or_else(get_default_repository
)
93 .and_then(|repo_url
| repo_url
.parse
::<BackupRepository
>().ok())
96 fn record_repository(repo
: &BackupRepository
) {
98 let base
= match BaseDirectories
::with_prefix("proxmox-backup") {
103 // usually $HOME/.cache/proxmox-backup/repo-list
104 let path
= match base
.place_cache_file("repo-list") {
109 let mut data
= file_get_json(&path
, None
).unwrap_or_else(|_
| json
!({}
));
111 let repo
= repo
.to_string();
113 data
[&repo
] = json
!{ data[&repo].as_i64().unwrap_or(0) + 1 }
;
115 let mut map
= serde_json
::map
::Map
::new();
118 let mut max_used
= 0;
119 let mut max_repo
= None
;
120 for (repo
, count
) in data
.as_object().unwrap() {
121 if map
.contains_key(repo
) { continue; }
122 if let Some(count
) = count
.as_i64() {
123 if count
> max_used
{
125 max_repo
= Some(repo
);
129 if let Some(repo
) = max_repo
{
130 map
.insert(repo
.to_owned(), json
!(max_used
));
134 if map
.len() > 10 { // store max. 10 repos
139 let new_data
= json
!(map
);
141 let _
= replace_file(path
, new_data
.to_string().as_bytes(), CreateOptions
::new());
144 fn complete_repository(_arg
: &str, _param
: &HashMap
<String
, String
>) -> Vec
<String
> {
146 let mut result
= vec
![];
148 let base
= match BaseDirectories
::with_prefix("proxmox-backup") {
153 // usually $HOME/.cache/proxmox-backup/repo-list
154 let path
= match base
.place_cache_file("repo-list") {
159 let data
= file_get_json(&path
, None
).unwrap_or_else(|_
| json
!({}
));
161 if let Some(map
) = data
.as_object() {
162 for (repo
, _count
) in map
{
163 result
.push(repo
.to_owned());
170 fn connect(server
: &str, userid
: &str) -> Result
<HttpClient
, Error
> {
172 let fingerprint
= std
::env
::var(ENV_VAR_PBS_FINGERPRINT
).ok();
174 use std
::env
::VarError
::*;
175 let password
= match std
::env
::var(ENV_VAR_PBS_PASSWORD
) {
177 Err(NotUnicode(_
)) => bail
!(format
!("{} contains bad characters", ENV_VAR_PBS_PASSWORD
)),
178 Err(NotPresent
) => None
,
181 let options
= HttpClientOptions
::new()
182 .prefix(Some("proxmox-backup".to_string()))
185 .fingerprint(fingerprint
)
186 .fingerprint_cache(true)
189 HttpClient
::new(server
, userid
, options
)
192 async
fn view_task_result(
196 ) -> Result
<(), Error
> {
197 let data
= &result
["data"];
198 if output_format
== "text" {
199 if let Some(upid
) = data
.as_str() {
200 display_task_log(client
, upid
, true).await?
;
203 format_and_print_result(&data
, &output_format
);
209 async
fn api_datastore_list_snapshots(
212 group
: Option
<BackupGroup
>,
213 ) -> Result
<Value
, Error
> {
215 let path
= format
!("api2/json/admin/datastore/{}/snapshots", store
);
217 let mut args
= json
!({}
);
218 if let Some(group
) = group
{
219 args
["backup-type"] = group
.backup_type().into();
220 args
["backup-id"] = group
.backup_id().into();
223 let mut result
= client
.get(&path
, Some(args
)).await?
;
225 Ok(result
["data"].take())
228 async
fn api_datastore_latest_snapshot(
232 ) -> Result
<(String
, String
, DateTime
<Utc
>), Error
> {
234 let list
= api_datastore_list_snapshots(client
, store
, Some(group
.clone())).await?
;
235 let mut list
: Vec
<SnapshotListItem
> = serde_json
::from_value(list
)?
;
238 bail
!("backup group {:?} does not contain any snapshots.", group
.group_path());
241 list
.sort_unstable_by(|a
, b
| b
.backup_time
.cmp(&a
.backup_time
));
243 let backup_time
= Utc
.timestamp(list
[0].backup_time
, 0);
245 Ok((group
.backup_type().to_owned(), group
.backup_id().to_owned(), backup_time
))
249 async
fn backup_directory
<P
: AsRef
<Path
>>(
250 client
: &BackupWriter
,
253 chunk_size
: Option
<usize>,
254 device_set
: Option
<HashSet
<u64>>,
256 skip_lost_and_found
: bool
,
257 crypt_config
: Option
<Arc
<CryptConfig
>>,
258 catalog
: Arc
<Mutex
<CatalogWriter
<crate::tools
::StdChannelWriter
>>>,
260 ) -> Result
<BackupStats
, Error
> {
262 let pxar_stream
= PxarBackupStream
::open(
270 let mut chunk_stream
= ChunkStream
::new(pxar_stream
, chunk_size
);
272 let (mut tx
, rx
) = mpsc
::channel(10); // allow to buffer 10 chunks
275 .map_err(Error
::from
);
277 // spawn chunker inside a separate task so that it can run parallel
278 tokio
::spawn(async
move {
279 while let Some(v
) = chunk_stream
.next().await
{
280 let _
= tx
.send(v
).await
;
285 .upload_stream(archive_name
, stream
, "dynamic", None
, crypt_config
)
291 async
fn backup_image
<P
: AsRef
<Path
>>(
292 client
: &BackupWriter
,
296 chunk_size
: Option
<usize>,
298 crypt_config
: Option
<Arc
<CryptConfig
>>,
299 ) -> Result
<BackupStats
, Error
> {
301 let path
= image_path
.as_ref().to_owned();
303 let file
= tokio
::fs
::File
::open(path
).await?
;
305 let stream
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
306 .map_err(Error
::from
);
308 let stream
= FixedChunkStream
::new(stream
, chunk_size
.unwrap_or(4*1024*1024));
311 .upload_stream(archive_name
, stream
, "fixed", Some(image_size
), crypt_config
)
317 fn strip_server_file_expenstion(name
: &str) -> String
{
319 if name
.ends_with(".didx") || name
.ends_with(".fidx") || name
.ends_with(".blob") {
320 name
[..name
.len()-5].to_owned()
322 name
.to_owned() // should not happen
330 schema
: REPO_URL_SCHEMA
,
334 schema
: OUTPUT_FORMAT
,
340 /// List backup groups.
341 async
fn list_backup_groups(param
: Value
) -> Result
<Value
, Error
> {
343 let repo
= extract_repository_from_value(¶m
)?
;
345 let client
= connect(repo
.host(), repo
.user())?
;
347 let path
= format
!("api2/json/admin/datastore/{}/groups", repo
.store());
349 let mut result
= client
.get(&path
, None
).await?
;
351 record_repository(&repo
);
353 // fixme: implement and use output formatter instead ..
354 let list
= result
["data"].as_array_mut().unwrap();
356 list
.sort_unstable_by(|a
, b
| {
357 let a_id
= a
["backup-id"].as_str().unwrap();
358 let a_backup_type
= a
["backup-type"].as_str().unwrap();
359 let b_id
= b
["backup-id"].as_str().unwrap();
360 let b_backup_type
= b
["backup-type"].as_str().unwrap();
362 let type_order
= a_backup_type
.cmp(b_backup_type
);
363 if type_order
== std
::cmp
::Ordering
::Equal
{
370 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
372 let mut result
= vec
![];
376 let id
= item
["backup-id"].as_str().unwrap();
377 let btype
= item
["backup-type"].as_str().unwrap();
378 let epoch
= item
["last-backup"].as_i64().unwrap();
379 let last_backup
= Utc
.timestamp(epoch
, 0);
380 let backup_count
= item
["backup-count"].as_u64().unwrap();
382 let group
= BackupGroup
::new(btype
, id
);
384 let path
= group
.group_path().to_str().unwrap().to_owned();
386 let files
= item
["files"].as_array().unwrap().iter()
387 .map(|v
| strip_server_file_expenstion(v
.as_str().unwrap())).collect();
389 if output_format
== "text" {
391 "{:20} | {} | {:5} | {}",
393 BackupDir
::backup_time_to_string(last_backup
),
395 tools
::join(&files
, ' '
),
399 "backup-type": btype
,
401 "last-backup": epoch
,
402 "backup-count": backup_count
,
408 if output_format
!= "text" { format_and_print_result(&result.into(), &output_format); }
417 schema
: REPO_URL_SCHEMA
,
422 description
: "Backup group.",
426 schema
: OUTPUT_FORMAT
,
432 /// List backup snapshots.
433 async
fn list_snapshots(param
: Value
) -> Result
<Value
, Error
> {
435 let repo
= extract_repository_from_value(¶m
)?
;
437 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
439 let client
= connect(repo
.host(), repo
.user())?
;
441 let group
= if let Some(path
) = param
["group"].as_str() {
442 Some(BackupGroup
::parse(path
)?
)
447 let mut data
= api_datastore_list_snapshots(&client
, repo
.store(), group
).await?
;
449 record_repository(&repo
);
451 let render_snapshot_path
= |_v
: &Value
, record
: &Value
| -> Result
<String
, Error
> {
452 let item
: SnapshotListItem
= serde_json
::from_value(record
.to_owned())?
;
453 let snapshot
= BackupDir
::new(item
.backup_type
, item
.backup_id
, item
.backup_time
);
454 Ok(snapshot
.relative_path().to_str().unwrap().to_owned())
457 let render_files
= |_v
: &Value
, record
: &Value
| -> Result
<String
, Error
> {
458 let item
: SnapshotListItem
= serde_json
::from_value(record
.to_owned())?
;
459 let mut files
: Vec
<String
> = item
.files
.iter()
460 .map(|v
| strip_server_file_expenstion(&v
))
465 Ok(tools
::join(&files
, ' '
))
468 let options
= TableFormatOptions
::new()
471 .sortby("backup-type", false)
472 .sortby("backup-id", false)
473 .sortby("backup-time", false)
474 .column(ColumnConfig
::new("backup-id").renderer(render_snapshot_path
).header("snapshot"))
475 .column(ColumnConfig
::new("size"))
476 .column(ColumnConfig
::new("files").renderer(render_files
))
479 let info
= &proxmox_backup
::api2
::admin
::datastore
::API_RETURN_SCHEMA_LIST_SNAPSHOTS
;
481 format_and_print_result_full(&mut data
, info
, &output_format
, &options
);
490 schema
: REPO_URL_SCHEMA
,
495 description
: "Snapshot path.",
500 /// Forget (remove) backup snapshots.
501 async
fn forget_snapshots(param
: Value
) -> Result
<Value
, Error
> {
503 let repo
= extract_repository_from_value(¶m
)?
;
505 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
506 let snapshot
= BackupDir
::parse(path
)?
;
508 let mut client
= connect(repo
.host(), repo
.user())?
;
510 let path
= format
!("api2/json/admin/datastore/{}/snapshots", repo
.store());
512 let result
= client
.delete(&path
, Some(json
!({
513 "backup-type": snapshot
.group().backup_type(),
514 "backup-id": snapshot
.group().backup_id(),
515 "backup-time": snapshot
.backup_time().timestamp(),
518 record_repository(&repo
);
527 schema
: REPO_URL_SCHEMA
,
533 /// Try to login. If successful, store ticket.
534 async
fn api_login(param
: Value
) -> Result
<Value
, Error
> {
536 let repo
= extract_repository_from_value(¶m
)?
;
538 let client
= connect(repo
.host(), repo
.user())?
;
539 client
.login().await?
;
541 record_repository(&repo
);
550 schema
: REPO_URL_SCHEMA
,
556 /// Logout (delete stored ticket).
557 fn api_logout(param
: Value
) -> Result
<Value
, Error
> {
559 let repo
= extract_repository_from_value(¶m
)?
;
561 delete_ticket_info("proxmox-backup", repo
.host(), repo
.user())?
;
570 schema
: REPO_URL_SCHEMA
,
575 description
: "Snapshot path.",
581 async
fn dump_catalog(param
: Value
) -> Result
<Value
, Error
> {
583 let repo
= extract_repository_from_value(¶m
)?
;
585 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
586 let snapshot
= BackupDir
::parse(path
)?
;
588 let keyfile
= param
["keyfile"].as_str().map(PathBuf
::from
);
590 let crypt_config
= match keyfile
{
593 let (key
, _
) = load_and_decrypt_key(&path
, &get_encryption_key_password
)?
;
594 Some(Arc
::new(CryptConfig
::new(key
)?
))
598 let client
= connect(repo
.host(), repo
.user())?
;
600 let client
= BackupReader
::start(
602 crypt_config
.clone(),
604 &snapshot
.group().backup_type(),
605 &snapshot
.group().backup_id(),
606 snapshot
.backup_time(),
610 let manifest
= client
.download_manifest().await?
;
612 let index
= client
.download_dynamic_index(&manifest
, CATALOG_NAME
).await?
;
614 let most_used
= index
.find_most_used_chunks(8);
616 let chunk_reader
= RemoteChunkReader
::new(client
.clone(), crypt_config
, most_used
);
618 let mut reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
620 let mut catalogfile
= std
::fs
::OpenOptions
::new()
623 .custom_flags(libc
::O_TMPFILE
)
626 std
::io
::copy(&mut reader
, &mut catalogfile
)
627 .map_err(|err
| format_err
!("unable to download catalog - {}", err
))?
;
629 catalogfile
.seek(SeekFrom
::Start(0))?
;
631 let mut catalog_reader
= CatalogReader
::new(catalogfile
);
633 catalog_reader
.dump()?
;
635 record_repository(&repo
);
644 schema
: REPO_URL_SCHEMA
,
649 description
: "Snapshot path.",
652 schema
: OUTPUT_FORMAT
,
658 /// List snapshot files.
659 async
fn list_snapshot_files(param
: Value
) -> Result
<Value
, Error
> {
661 let repo
= extract_repository_from_value(¶m
)?
;
663 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
664 let snapshot
= BackupDir
::parse(path
)?
;
666 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
668 let client
= connect(repo
.host(), repo
.user())?
;
670 let path
= format
!("api2/json/admin/datastore/{}/files", repo
.store());
672 let mut result
= client
.get(&path
, Some(json
!({
673 "backup-type": snapshot
.group().backup_type(),
674 "backup-id": snapshot
.group().backup_id(),
675 "backup-time": snapshot
.backup_time().timestamp(),
678 record_repository(&repo
);
680 let info
= &proxmox_backup
::api2
::admin
::datastore
::API_RETURN_SCHEMA_LIST_SNAPSHOT_FILES
;
682 let mut data
: Value
= result
["data"].take();
684 let options
= TableFormatOptions
::new()
688 format_and_print_result_full(&mut data
, info
, &output_format
, &options
);
697 schema
: REPO_URL_SCHEMA
,
701 schema
: OUTPUT_FORMAT
,
707 /// Start garbage collection for a specific repository.
708 async
fn start_garbage_collection(param
: Value
) -> Result
<Value
, Error
> {
710 let repo
= extract_repository_from_value(¶m
)?
;
711 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
713 let mut client
= connect(repo
.host(), repo
.user())?
;
715 let path
= format
!("api2/json/admin/datastore/{}/gc", repo
.store());
717 let result
= client
.post(&path
, None
).await?
;
719 record_repository(&repo
);
721 view_task_result(client
, result
, &output_format
).await?
;
726 fn parse_backupspec(value
: &str) -> Result
<(&str, &str), Error
> {
728 if let Some(caps
) = (BACKUPSPEC_REGEX
.regex_obj
)().captures(value
) {
729 return Ok((caps
.get(1).unwrap().as_str(), caps
.get(2).unwrap().as_str()));
731 bail
!("unable to parse directory specification '{}'", value
);
734 fn spawn_catalog_upload(
735 client
: Arc
<BackupWriter
>,
736 crypt_config
: Option
<Arc
<CryptConfig
>>,
739 Arc
<Mutex
<CatalogWriter
<crate::tools
::StdChannelWriter
>>>,
740 tokio
::sync
::oneshot
::Receiver
<Result
<BackupStats
, Error
>>
743 let (catalog_tx
, catalog_rx
) = std
::sync
::mpsc
::sync_channel(10); // allow to buffer 10 writes
744 let catalog_stream
= crate::tools
::StdChannelStream(catalog_rx
);
745 let catalog_chunk_size
= 512*1024;
746 let catalog_chunk_stream
= ChunkStream
::new(catalog_stream
, Some(catalog_chunk_size
));
748 let catalog
= Arc
::new(Mutex
::new(CatalogWriter
::new(crate::tools
::StdChannelWriter
::new(catalog_tx
))?
));
750 let (catalog_result_tx
, catalog_result_rx
) = tokio
::sync
::oneshot
::channel();
752 tokio
::spawn(async
move {
753 let catalog_upload_result
= client
754 .upload_stream(CATALOG_NAME
, catalog_chunk_stream
, "dynamic", None
, crypt_config
)
757 if let Err(ref err
) = catalog_upload_result
{
758 eprintln
!("catalog upload error - {}", err
);
762 let _
= catalog_result_tx
.send(catalog_upload_result
);
765 Ok((catalog
, catalog_result_rx
))
773 description
: "List of backup source specifications ([<label.ext>:<path>] ...)",
775 schema
: BACKUP_SOURCE_SCHEMA
,
779 schema
: REPO_URL_SCHEMA
,
783 description
: "Include mountpoints with same st_dev number (see ``man fstat``) as specified files.",
787 description
: "Path to file.",
791 schema
: KEYFILE_SCHEMA
,
794 "skip-lost-and-found": {
796 description
: "Skip lost+found directory.",
800 schema
: BACKUP_TYPE_SCHEMA
,
804 schema
: BACKUP_ID_SCHEMA
,
808 schema
: BACKUP_TIME_SCHEMA
,
812 schema
: CHUNK_SIZE_SCHEMA
,
817 description
: "Max number of entries to hold in memory.",
819 default: pxar
::ENCODER_MAX_ENTRIES
as isize,
823 description
: "Verbose output.",
829 /// Create (host) backup.
830 async
fn create_backup(
833 _rpcenv
: &mut dyn RpcEnvironment
,
834 ) -> Result
<Value
, Error
> {
836 let repo
= extract_repository_from_value(¶m
)?
;
838 let backupspec_list
= tools
::required_array_param(¶m
, "backupspec")?
;
840 let all_file_systems
= param
["all-file-systems"].as_bool().unwrap_or(false);
842 let skip_lost_and_found
= param
["skip-lost-and-found"].as_bool().unwrap_or(false);
844 let verbose
= param
["verbose"].as_bool().unwrap_or(false);
846 let backup_time_opt
= param
["backup-time"].as_i64();
848 let chunk_size_opt
= param
["chunk-size"].as_u64().map(|v
| (v
*1024) as usize);
850 if let Some(size
) = chunk_size_opt
{
851 verify_chunk_size(size
)?
;
854 let keyfile
= param
["keyfile"].as_str().map(PathBuf
::from
);
856 let backup_id
= param
["backup-id"].as_str().unwrap_or(&proxmox
::tools
::nodename());
858 let backup_type
= param
["backup-type"].as_str().unwrap_or("host");
860 let include_dev
= param
["include-dev"].as_array();
862 let entries_max
= param
["entries-max"].as_u64().unwrap_or(pxar
::ENCODER_MAX_ENTRIES
as u64);
864 let mut devices
= if all_file_systems { None }
else { Some(HashSet::new()) }
;
866 if let Some(include_dev
) = include_dev
{
867 if all_file_systems
{
868 bail
!("option 'all-file-systems' conflicts with option 'include-dev'");
871 let mut set
= HashSet
::new();
872 for path
in include_dev
{
873 let path
= path
.as_str().unwrap();
874 let stat
= nix
::sys
::stat
::stat(path
)
875 .map_err(|err
| format_err
!("fstat {:?} failed - {}", path
, err
))?
;
876 set
.insert(stat
.st_dev
);
881 let mut upload_list
= vec
![];
883 enum BackupType { PXAR, IMAGE, CONFIG, LOGFILE }
;
885 let mut upload_catalog
= false;
887 for backupspec
in backupspec_list
{
888 let (target
, filename
) = parse_backupspec(backupspec
.as_str().unwrap())?
;
890 use std
::os
::unix
::fs
::FileTypeExt
;
892 let metadata
= std
::fs
::metadata(filename
)
893 .map_err(|err
| format_err
!("unable to access '{}' - {}", filename
, err
))?
;
894 let file_type
= metadata
.file_type();
896 let extension
= target
.rsplit('
.'
).next()
897 .ok_or_else(|| format_err
!("missing target file extenion '{}'", target
))?
;
901 if !file_type
.is_dir() {
902 bail
!("got unexpected file type (expected directory)");
904 upload_list
.push((BackupType
::PXAR
, filename
.to_owned(), format
!("{}.didx", target
), 0));
905 upload_catalog
= true;
909 if !(file_type
.is_file() || file_type
.is_block_device()) {
910 bail
!("got unexpected file type (expected file or block device)");
913 let size
= image_size(&PathBuf
::from(filename
))?
;
915 if size
== 0 { bail!("got zero-sized file '{}'
", filename); }
917 upload_list.push((BackupType::IMAGE, filename.to_owned(), format!("{}
.fidx
", target), size));
920 if !file_type.is_file() {
921 bail!("got unexpected file
type (expected regular file
)");
923 upload_list.push((BackupType::CONFIG, filename.to_owned(), format!("{}
.blob
", target), metadata.len()));
926 if !file_type.is_file() {
927 bail!("got unexpected file
type (expected regular file
)");
929 upload_list.push((BackupType::LOGFILE, filename.to_owned(), format!("{}
.blob
", target), metadata.len()));
932 bail!("got unknown archive extension '{}'
", extension);
937 let backup_time = Utc.timestamp(backup_time_opt.unwrap_or_else(|| Utc::now().timestamp()), 0);
939 let client = connect(repo.host(), repo.user())?;
940 record_repository(&repo);
942 println!("Starting backup
: {}
/{}
/{}
", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time));
944 println!("Client name
: {}
", proxmox::tools::nodename());
946 let start_time = Local::now();
948 println!("Starting protocol
: {}
", start_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
950 let (crypt_config, rsa_encrypted_key) = match keyfile {
951 None => (None, None),
953 let (key, created) = load_and_decrypt_key(&path, &get_encryption_key_password)?;
955 let crypt_config = CryptConfig::new(key)?;
957 let path = master_pubkey_path()?;
959 let pem_data = file_get_contents(&path)?;
960 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
961 let enc_key = crypt_config.generate_rsa_encoded_key(rsa, created)?;
962 (Some(Arc::new(crypt_config)), Some(enc_key))
964 (Some(Arc::new(crypt_config)), None)
969 let client = BackupWriter::start(
978 let snapshot = BackupDir::new(backup_type, backup_id, backup_time.timestamp());
979 let mut manifest = BackupManifest::new(snapshot);
981 let (catalog, catalog_result_rx) = spawn_catalog_upload(client.clone(), crypt_config.clone())?;
983 for (backup_type, filename, target, size) in upload_list {
985 BackupType::CONFIG => {
986 println!("Upload config file '{}' to '{:?}'
as {}
", filename, repo, target);
988 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
990 manifest.add_file(target, stats.size, stats.csum)?;
992 BackupType::LOGFILE => { // fixme: remove - not needed anymore ?
993 println!("Upload log file '{}' to '{:?}'
as {}
", filename, repo, target);
995 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
997 manifest.add_file(target, stats.size, stats.csum)?;
999 BackupType::PXAR => {
1000 println!("Upload directory '{}' to '{:?}'
as {}
", filename, repo, target);
1001 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
1002 let stats = backup_directory(
1009 skip_lost_and_found,
1010 crypt_config.clone(),
1012 entries_max as usize,
1014 manifest.add_file(target, stats.size, stats.csum)?;
1015 catalog.lock().unwrap().end_directory()?;
1017 BackupType::IMAGE => {
1018 println!("Upload image '{}' to '{:?}'
as {}
", filename, repo, target);
1019 let stats = backup_image(
1026 crypt_config.clone(),
1028 manifest.add_file(target, stats.size, stats.csum)?;
1033 // finalize and upload catalog
1035 let mutex = Arc::try_unwrap(catalog)
1036 .map_err(|_| format_err!("unable to get
catalog (still used
)"))?;
1037 let mut catalog = mutex.into_inner().unwrap();
1041 drop(catalog); // close upload stream
1043 let stats = catalog_result_rx.await??;
1045 manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum)?;
1048 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
1049 let target = "rsa
-encrypted
.key
";
1050 println!("Upload RSA encoded key to '{:?}'
as {}
", repo, target);
1052 .upload_blob_from_data(rsa_encrypted_key, target, None, false, false)
1054 manifest.add_file(format!("{}
.blob
", target), stats.size, stats.csum)?;
1056 // openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t
1058 let mut buffer2 = vec![0u8; rsa.size() as usize];
1059 let pem_data = file_get_contents("master
-private
.pem
")?;
1060 let rsa = openssl::rsa::Rsa::private_key_from_pem(&pem_data)?;
1061 let len = rsa.private_decrypt(&buffer, &mut buffer2, openssl::rsa::Padding::PKCS1)?;
1062 println!("TEST {} {:?}
", len, buffer2);
1066 // create manifest (index.json)
1067 let manifest = manifest.into_json();
1069 println!("Upload index
.json to '{:?}'
", repo);
1070 let manifest = serde_json::to_string_pretty(&manifest)?.into();
1072 .upload_blob_from_data(manifest, MANIFEST_BLOB_NAME, crypt_config.clone(), true, true)
1075 client.finish().await?;
1077 let end_time = Local::now();
1078 let elapsed = end_time.signed_duration_since(start_time);
1079 println!("Duration
: {}
", elapsed);
1081 println!("End Time
: {}
", end_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
1086 fn complete_backup_source(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1088 let mut result = vec![];
1090 let data: Vec<&str> = arg.splitn(2, ':').collect();
1092 if data.len() != 2 {
1093 result.push(String::from("root
.pxar
:/"));
1094 result.push(String::from("etc
.pxar
:/etc
"));
1098 let files = tools::complete_file_name(data[1], param);
1101 result.push(format!("{}
:{}
", data[0], file));
1107 fn dump_image<W: Write>(
1108 client: Arc<BackupReader>,
1109 crypt_config: Option<Arc<CryptConfig>>,
1110 index: FixedIndexReader,
1113 ) -> Result<(), Error> {
1115 let most_used = index.find_most_used_chunks(8);
1117 let mut chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1119 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
1120 // and thus slows down reading. Instead, directly use RemoteChunkReader
1123 let start_time = std::time::Instant::now();
1125 for pos in 0..index.index_count() {
1126 let digest = index.index_digest(pos).unwrap();
1127 let raw_data = chunk_reader.read_chunk(&digest)?;
1128 writer.write_all(&raw_data)?;
1129 bytes += raw_data.len();
1131 let next_per = ((pos+1)*100)/index.index_count();
1132 if per != next_per {
1133 eprintln!("progress {}
% (read {} bytes
, duration {} sec
)",
1134 next_per, bytes, start_time.elapsed().as_secs());
1140 let end_time = std::time::Instant::now();
1141 let elapsed = end_time.duration_since(start_time);
1142 eprintln!("restore image
complete (bytes
={}
, duration
={:.2}s
, speed
={:.2}MB
/s
)",
1144 elapsed.as_secs_f64(),
1145 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
1156 schema: REPO_URL_SCHEMA,
1161 description: "Group
/Snapshot path
.",
1164 description: "Backup archive name
.",
1169 description: r###"Target directory path
. Use '
-' to write to standard output
.
1171 We
do not extraxt '
.pxar' archives when writing to standard output
.
1175 "allow
-existing
-dirs
": {
1177 description: "Do not fail
if directories already exists
.",
1181 schema: KEYFILE_SCHEMA,
1187 /// Restore backup repository.
1188 async fn restore(param: Value) -> Result<Value, Error> {
1189 let repo = extract_repository_from_value(¶m)?;
1191 let verbose = param["verbose
"].as_bool().unwrap_or(false);
1193 let allow_existing_dirs = param["allow
-existing
-dirs
"].as_bool().unwrap_or(false);
1195 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
1197 let client = connect(repo.host(), repo.user())?;
1199 record_repository(&repo);
1201 let path = tools::required_string_param(¶m, "snapshot
")?;
1203 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1204 let group = BackupGroup::parse(path)?;
1205 api_datastore_latest_snapshot(&client, repo.store(), group).await?
1207 let snapshot = BackupDir::parse(path)?;
1208 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1211 let target = tools::required_string_param(¶m, "target
")?;
1212 let target = if target == "-" { None } else { Some(target) };
1214 let keyfile = param["keyfile
"].as_str().map(PathBuf::from);
1216 let crypt_config = match keyfile {
1219 let (key, _) = load_and_decrypt_key(&path, &get_encryption_key_password)?;
1220 Some(Arc::new(CryptConfig::new(key)?))
1224 let server_archive_name = if archive_name.ends_with(".pxar
") {
1225 format!("{}
.didx
", archive_name)
1226 } else if archive_name.ends_with(".img
") {
1227 format!("{}
.fidx
", archive_name)
1229 format!("{}
.blob
", archive_name)
1232 let client = BackupReader::start(
1234 crypt_config.clone(),
1242 let manifest = client.download_manifest().await?;
1244 if server_archive_name == MANIFEST_BLOB_NAME {
1245 let backup_index_data = manifest.into_json().to_string();
1246 if let Some(target) = target {
1247 replace_file(target, backup_index_data.as_bytes(), CreateOptions::new())?;
1249 let stdout = std::io::stdout();
1250 let mut writer = stdout.lock();
1251 writer.write_all(backup_index_data.as_bytes())
1252 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1255 } else if server_archive_name.ends_with(".blob
") {
1257 let mut reader = client.download_blob(&manifest, &server_archive_name).await?;
1259 if let Some(target) = target {
1260 let mut writer = std::fs::OpenOptions::new()
1265 .map_err(|err| format_err!("unable to create target file {:?}
- {}
", target, err))?;
1266 std::io::copy(&mut reader, &mut writer)?;
1268 let stdout = std::io::stdout();
1269 let mut writer = stdout.lock();
1270 std::io::copy(&mut reader, &mut writer)
1271 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1274 } else if server_archive_name.ends_with(".didx
") {
1276 let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
1278 let most_used = index.find_most_used_chunks(8);
1280 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1282 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
1284 if let Some(target) = target {
1286 let feature_flags = pxar::flags::DEFAULT;
1287 let mut decoder = pxar::SequentialDecoder::new(&mut reader, feature_flags);
1288 decoder.set_callback(move |path| {
1290 eprintln!("{:?}
", path);
1294 decoder.set_allow_existing_dirs(allow_existing_dirs);
1296 decoder.restore(Path::new(target), &Vec::new())?;
1298 let mut writer = std::fs::OpenOptions::new()
1300 .open("/dev
/stdout
")
1301 .map_err(|err| format_err!("unable to open
/dev
/stdout
- {}
", err))?;
1303 std::io::copy(&mut reader, &mut writer)
1304 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1306 } else if server_archive_name.ends_with(".fidx
") {
1308 let index = client.download_fixed_index(&manifest, &server_archive_name).await?;
1310 let mut writer = if let Some(target) = target {
1311 std::fs::OpenOptions::new()
1316 .map_err(|err| format_err!("unable to create target file {:?}
- {}
", target, err))?
1318 std::fs::OpenOptions::new()
1320 .open("/dev
/stdout
")
1321 .map_err(|err| format_err!("unable to open
/dev
/stdout
- {}
", err))?
1324 dump_image(client.clone(), crypt_config.clone(), index, &mut writer, verbose)?;
1327 bail!("unknown archive file
extension (expected
.pxar of
.img
)");
1337 schema: REPO_URL_SCHEMA,
1342 description: "Group
/Snapshot path
.",
1346 description: "The path to the log file you want to upload
.",
1349 schema: KEYFILE_SCHEMA,
1355 /// Upload backup log file.
1356 async fn upload_log(param: Value) -> Result<Value, Error> {
1358 let logfile = tools::required_string_param(¶m, "logfile
")?;
1359 let repo = extract_repository_from_value(¶m)?;
1361 let snapshot = tools::required_string_param(¶m, "snapshot
")?;
1362 let snapshot = BackupDir::parse(snapshot)?;
1364 let mut client = connect(repo.host(), repo.user())?;
1366 let keyfile = param["keyfile
"].as_str().map(PathBuf::from);
1368 let crypt_config = match keyfile {
1371 let (key, _created) = load_and_decrypt_key(&path, &get_encryption_key_password)?;
1372 let crypt_config = CryptConfig::new(key)?;
1373 Some(Arc::new(crypt_config))
1377 let data = file_get_contents(logfile)?;
1379 let blob = DataBlob::encode(&data, crypt_config.as_ref().map(Arc::as_ref), true)?;
1381 let raw_data = blob.into_inner();
1383 let path = format!("api2
/json
/admin
/datastore
/{}
/upload
-backup
-log
", repo.store());
1386 "backup
-type": snapshot.group().backup_type(),
1387 "backup
-id
": snapshot.group().backup_id(),
1388 "backup
-time
": snapshot.backup_time().timestamp(),
1391 let body = hyper::Body::from(raw_data);
1393 client.upload("application
/octet
-stream
", body, &path, Some(args)).await
1396 const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
1397 &ApiHandler::Async(&prune),
1399 "Prune a backup repository
.",
1400 &proxmox_backup::add_common_prune_prameters!([
1401 ("dry
-run
", true, &BooleanSchema::new(
1402 "Just show what prune would
do, but
do not delete anything
.")
1404 ("group
", false, &StringSchema::new("Backup group
.").schema()),
1406 ("output
-format
", true, &OUTPUT_FORMAT),
1407 ("repository
", true, &REPO_URL_SCHEMA),
1415 _rpcenv: &'a mut dyn RpcEnvironment,
1416 ) -> proxmox::api::ApiFuture<'a> {
1418 prune_async(param).await
1422 async fn prune_async(mut param: Value) -> Result<Value, Error> {
1423 let repo = extract_repository_from_value(¶m)?;
1425 let mut client = connect(repo.host(), repo.user())?;
1427 let path = format!("api2
/json
/admin
/datastore
/{}
/prune
", repo.store());
1429 let group = tools::required_string_param(¶m, "group
")?;
1430 let group = BackupGroup::parse(group)?;
1431 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
1433 param.as_object_mut().unwrap().remove("repository
");
1434 param.as_object_mut().unwrap().remove("group
");
1435 param.as_object_mut().unwrap().remove("output
-format
");
1437 param["backup
-type"] = group.backup_type().into();
1438 param["backup
-id
"] = group.backup_id().into();
1440 let result = client.post(&path, Some(param)).await?;
1442 record_repository(&repo);
1444 view_task_result(client, result, &output_format).await?;
1453 schema: REPO_URL_SCHEMA,
1457 schema: OUTPUT_FORMAT,
1463 /// Get repository status.
1464 async fn status(param: Value) -> Result<Value, Error> {
1466 let repo = extract_repository_from_value(¶m)?;
1468 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
1470 let client = connect(repo.host(), repo.user())?;
1472 let path = format!("api2
/json
/admin
/datastore
/{}
/status
", repo.store());
1474 let mut result = client.get(&path, None).await?;
1475 let mut data = result["data
"].take();
1477 record_repository(&repo);
1479 let render_total_percentage = |v: &Value, record: &Value| -> Result<String, Error> {
1480 let v = v.as_u64().unwrap();
1481 let total = record["total
"].as_u64().unwrap();
1482 let roundup = total/200;
1483 let per = ((v+roundup)*100)/total;
1484 let info = format!(" ({}
%)", per);
1485 Ok(format!("{} {:>8}
", v, info))
1488 let options = TableFormatOptions::new()
1491 .column(ColumnConfig::new("total
").renderer(render_total_percentage))
1492 .column(ColumnConfig::new("used
").renderer(render_total_percentage))
1493 .column(ColumnConfig::new("avail
").renderer(render_total_percentage));
1495 let schema = &proxmox_backup::api2::admin::datastore::API_RETURN_SCHEMA_STATUS;
1497 format_and_print_result_full(&mut data, schema, &output_format, &options);
1502 // like get, but simply ignore errors and return Null instead
1503 async fn try_get(repo: &BackupRepository, url: &str) -> Value {
1505 let fingerprint = std::env::var(ENV_VAR_PBS_FINGERPRINT).ok();
1506 let password = std::env::var(ENV_VAR_PBS_PASSWORD).ok();
1508 let options = HttpClientOptions::new()
1509 .prefix(Some("proxmox
-backup
".to_string()))
1512 .fingerprint(fingerprint)
1513 .fingerprint_cache(true)
1514 .ticket_cache(true);
1516 let client = match HttpClient::new(repo.host(), repo.user(), options) {
1518 _ => return Value::Null,
1521 let mut resp = match client.get(url, None).await {
1523 _ => return Value::Null,
1526 if let Some(map) = resp.as_object_mut() {
1527 if let Some(data) = map.remove("data
") {
1534 fn complete_backup_group(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1535 proxmox_backup::tools::runtime::main(async { complete_backup_group_do(param).await })
1538 async fn complete_backup_group_do(param: &HashMap<String, String>) -> Vec<String> {
1540 let mut result = vec![];
1542 let repo = match extract_repository_from_map(param) {
1547 let path = format!("api2
/json
/admin
/datastore
/{}
/groups
", repo.store());
1549 let data = try_get(&repo, &path).await;
1551 if let Some(list) = data.as_array() {
1553 if let (Some(backup_id), Some(backup_type)) =
1554 (item["backup
-id
"].as_str(), item["backup
-type"].as_str())
1556 result.push(format!("{}
/{}
", backup_type, backup_id));
1564 fn complete_group_or_snapshot(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1565 proxmox_backup::tools::runtime::main(async { complete_group_or_snapshot_do(arg, param).await })
1568 async fn complete_group_or_snapshot_do(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1570 if arg.matches('/').count() < 2 {
1571 let groups = complete_backup_group_do(param).await;
1572 let mut result = vec![];
1573 for group in groups {
1574 result.push(group.to_string());
1575 result.push(format!("{}
/", group));
1580 complete_backup_snapshot_do(param).await
1583 fn complete_backup_snapshot(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1584 proxmox_backup::tools::runtime::main(async { complete_backup_snapshot_do(param).await })
1587 async fn complete_backup_snapshot_do(param: &HashMap<String, String>) -> Vec<String> {
1589 let mut result = vec![];
1591 let repo = match extract_repository_from_map(param) {
1596 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1598 let data = try_get(&repo, &path).await;
1600 if let Some(list) = data.as_array() {
1602 if let (Some(backup_id), Some(backup_type), Some(backup_time)) =
1603 (item["backup
-id
"].as_str(), item["backup
-type"].as_str(), item["backup
-time
"].as_i64())
1605 let snapshot = BackupDir::new(backup_type, backup_id, backup_time);
1606 result.push(snapshot.relative_path().to_str().unwrap().to_owned());
1614 fn complete_server_file_name(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1615 proxmox_backup::tools::runtime::main(async { complete_server_file_name_do(param).await })
1618 async fn complete_server_file_name_do(param: &HashMap<String, String>) -> Vec<String> {
1620 let mut result = vec![];
1622 let repo = match extract_repository_from_map(param) {
1627 let snapshot = match param.get("snapshot
") {
1629 match BackupDir::parse(path) {
1637 let query = tools::json_object_to_query(json!({
1638 "backup
-type": snapshot.group().backup_type(),
1639 "backup
-id
": snapshot.group().backup_id(),
1640 "backup
-time
": snapshot.backup_time().timestamp(),
1643 let path = format!("api2
/json
/admin
/datastore
/{}
/files?{}
", repo.store(), query);
1645 let data = try_get(&repo, &path).await;
1647 if let Some(list) = data.as_array() {
1649 if let Some(filename) = item["filename
"].as_str() {
1650 result.push(filename.to_owned());
1658 fn complete_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1659 complete_server_file_name(arg, param)
1661 .map(|v| strip_server_file_expenstion(&v))
1665 fn complete_pxar_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1666 complete_server_file_name(arg, param)
1669 let name = strip_server_file_expenstion(&v);
1670 if name.ends_with(".pxar
") {
1679 fn complete_chunk_size(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
1681 let mut result = vec![];
1685 result.push(size.to_string());
1687 if size > 4096 { break; }
1693 fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
1695 // fixme: implement other input methods
1697 use std::env::VarError::*;
1698 match std::env::var("PBS_ENCRYPTION_PASSWORD
") {
1699 Ok(p) => return Ok(p.as_bytes().to_vec()),
1700 Err(NotUnicode(_)) => bail!("PBS_ENCRYPTION_PASSWORD contains bad characters
"),
1701 Err(NotPresent) => {
1702 // Try another method
1706 // If we're on a TTY, query the user for a password
1707 if tty::stdin_isatty() {
1708 return Ok(tty::read_password("Encryption Key Password
: ")?);
1711 bail!("no password input mechanism available
");
1717 _rpcenv: &mut dyn RpcEnvironment,
1718 ) -> Result<Value, Error> {
1720 let path = tools::required_string_param(¶m, "path
")?;
1721 let path = PathBuf::from(path);
1723 let kdf = param["kdf
"].as_str().unwrap_or("scrypt
");
1725 let key = proxmox::sys::linux::random_data(32)?;
1727 if kdf == "scrypt
" {
1728 // always read passphrase from tty
1729 if !tty::stdin_isatty() {
1730 bail!("unable to read passphrase
- no tty
");
1733 let password = tty::read_and_verify_password("Encryption Key Password
: ")?;
1735 let key_config = encrypt_key_with_passphrase(&key, &password)?;
1737 store_key_config(&path, false, key_config)?;
1740 } else if kdf == "none
" {
1741 let created = Local.timestamp(Local::now().timestamp(), 0);
1743 store_key_config(&path, false, KeyConfig {
1756 fn master_pubkey_path() -> Result<PathBuf, Error> {
1757 let base = BaseDirectories::with_prefix("proxmox
-backup
")?;
1759 // usually $HOME/.config/proxmox-backup/master-public.pem
1760 let path = base.place_config_file("master
-public
.pem
")?;
1765 fn key_import_master_pubkey(
1768 _rpcenv: &mut dyn RpcEnvironment,
1769 ) -> Result<Value, Error> {
1771 let path = tools::required_string_param(¶m, "path
")?;
1772 let path = PathBuf::from(path);
1774 let pem_data = file_get_contents(&path)?;
1776 if let Err(err) = openssl::pkey::PKey::public_key_from_pem(&pem_data) {
1777 bail!("Unable to decode PEM data
- {}
", err);
1780 let target_path = master_pubkey_path()?;
1782 replace_file(&target_path, &pem_data, CreateOptions::new())?;
1784 println!("Imported public master key to {:?}
", target_path);
1789 fn key_create_master_key(
1792 _rpcenv: &mut dyn RpcEnvironment,
1793 ) -> Result<Value, Error> {
1795 // we need a TTY to query the new password
1796 if !tty::stdin_isatty() {
1797 bail!("unable to create master key
- no tty
");
1800 let rsa = openssl::rsa::Rsa::generate(4096)?;
1801 let pkey = openssl::pkey::PKey::from_rsa(rsa)?;
1804 let password = String::from_utf8(tty::read_and_verify_password("Master Key Password
: ")?)?;
1806 let pub_key: Vec<u8> = pkey.public_key_to_pem()?;
1807 let filename_pub = "master
-public
.pem
";
1808 println!("Writing public master key to {}
", filename_pub);
1809 replace_file(filename_pub, pub_key.as_slice(), CreateOptions::new())?;
1811 let cipher = openssl::symm::Cipher::aes_256_cbc();
1812 let priv_key: Vec<u8> = pkey.private_key_to_pem_pkcs8_passphrase(cipher, password.as_bytes())?;
1814 let filename_priv = "master
-private
.pem
";
1815 println!("Writing private master key to {}
", filename_priv);
1816 replace_file(filename_priv, priv_key.as_slice(), CreateOptions::new())?;
1821 fn key_change_passphrase(
1824 _rpcenv: &mut dyn RpcEnvironment,
1825 ) -> Result<Value, Error> {
1827 let path = tools::required_string_param(¶m, "path
")?;
1828 let path = PathBuf::from(path);
1830 let kdf = param["kdf
"].as_str().unwrap_or("scrypt
");
1832 // we need a TTY to query the new password
1833 if !tty::stdin_isatty() {
1834 bail!("unable to change passphrase
- no tty
");
1837 let (key, created) = load_and_decrypt_key(&path, &get_encryption_key_password)?;
1839 if kdf == "scrypt
" {
1841 let password = tty::read_and_verify_password("New Password
: ")?;
1843 let mut new_key_config = encrypt_key_with_passphrase(&key, &password)?;
1844 new_key_config.created = created; // keep original value
1846 store_key_config(&path, true, new_key_config)?;
1849 } else if kdf == "none
" {
1850 let modified = Local.timestamp(Local::now().timestamp(), 0);
1852 store_key_config(&path, true, KeyConfig {
1854 created, // keep original value
1865 fn key_mgmt_cli() -> CliCommandMap {
1867 const KDF_SCHEMA: Schema =
1868 StringSchema::new("Key derivation function
. Choose 'none' to store the key unecrypted
.")
1869 .format(&ApiStringFormat::Enum(&["scrypt
", "none
"]))
1874 const API_METHOD_KEY_CREATE: ApiMethod = ApiMethod::new(
1875 &ApiHandler::Sync(&key_create),
1877 "Create a new encryption key
.",
1879 ("path
", false, &StringSchema::new("File system path
.").schema()),
1880 ("kdf
", true, &KDF_SCHEMA),
1885 let key_create_cmd_def = CliCommand::new(&API_METHOD_KEY_CREATE)
1886 .arg_param(&["path
"])
1887 .completion_cb("path
", tools::complete_file_name);
1890 const API_METHOD_KEY_CHANGE_PASSPHRASE: ApiMethod = ApiMethod::new(
1891 &ApiHandler::Sync(&key_change_passphrase),
1893 "Change the passphrase required to decrypt the key
.",
1895 ("path
", false, &StringSchema::new("File system path
.").schema()),
1896 ("kdf
", true, &KDF_SCHEMA),
1901 let key_change_passphrase_cmd_def = CliCommand::new(&API_METHOD_KEY_CHANGE_PASSPHRASE)
1902 .arg_param(&["path
"])
1903 .completion_cb("path
", tools::complete_file_name);
1905 const API_METHOD_KEY_CREATE_MASTER_KEY: ApiMethod = ApiMethod::new(
1906 &ApiHandler::Sync(&key_create_master_key),
1907 &ObjectSchema::new("Create a new
4096 bit RSA master
pub/priv key pair
.", &[])
1910 let key_create_master_key_cmd_def = CliCommand::new(&API_METHOD_KEY_CREATE_MASTER_KEY);
1913 const API_METHOD_KEY_IMPORT_MASTER_PUBKEY: ApiMethod = ApiMethod::new(
1914 &ApiHandler::Sync(&key_import_master_pubkey),
1916 "Import a new RSA public key and
use it
as master key
. The key is expected to be
in '
.pem' format
.",
1917 &sorted!([ ("path
", false, &StringSchema::new("File system path
.").schema()) ]),
1921 let key_import_master_pubkey_cmd_def = CliCommand::new(&API_METHOD_KEY_IMPORT_MASTER_PUBKEY)
1922 .arg_param(&["path
"])
1923 .completion_cb("path
", tools::complete_file_name);
1925 CliCommandMap::new()
1926 .insert("create
", key_create_cmd_def)
1927 .insert("create
-master
-key
", key_create_master_key_cmd_def)
1928 .insert("import
-master
-pubkey
", key_import_master_pubkey_cmd_def)
1929 .insert("change
-passphrase
", key_change_passphrase_cmd_def)
1935 _rpcenv: &mut dyn RpcEnvironment,
1936 ) -> Result<Value, Error> {
1937 let verbose = param["verbose
"].as_bool().unwrap_or(false);
1939 // This will stay in foreground with debug output enabled as None is
1940 // passed for the RawFd.
1941 return proxmox_backup::tools::runtime::main(mount_do(param, None));
1944 // Process should be deamonized.
1945 // Make sure to fork before the async runtime is instantiated to avoid troubles.
1948 Ok(ForkResult::Parent { .. }) => {
1949 nix::unistd::close(pipe.1).unwrap();
1950 // Blocks the parent process until we are ready to go in the child
1951 let _res = nix::unistd::read(pipe.0, &mut [0]).unwrap();
1954 Ok(ForkResult::Child) => {
1955 nix::unistd::close(pipe.0).unwrap();
1956 nix::unistd::setsid().unwrap();
1957 proxmox_backup::tools::runtime::main(mount_do(param, Some(pipe.1)))
1959 Err(_) => bail!("failed to daemonize process
"),
1963 async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
1964 let repo = extract_repository_from_value(¶m)?;
1965 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
1966 let target = tools::required_string_param(¶m, "target
")?;
1967 let client = connect(repo.host(), repo.user())?;
1969 record_repository(&repo);
1971 let path = tools::required_string_param(¶m, "snapshot
")?;
1972 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1973 let group = BackupGroup::parse(path)?;
1974 api_datastore_latest_snapshot(&client, repo.store(), group).await?
1976 let snapshot = BackupDir::parse(path)?;
1977 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1980 let keyfile = param["keyfile
"].as_str().map(PathBuf::from);
1981 let crypt_config = match keyfile {
1984 let (key, _) = load_and_decrypt_key(&path, &get_encryption_key_password)?;
1985 Some(Arc::new(CryptConfig::new(key)?))
1989 let server_archive_name = if archive_name.ends_with(".pxar
") {
1990 format!("{}
.didx
", archive_name)
1992 bail!("Can only mount pxar archives
.");
1995 let client = BackupReader::start(
1997 crypt_config.clone(),
2005 let manifest = client.download_manifest().await?;
2007 if server_archive_name.ends_with(".didx
") {
2008 let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
2009 let most_used = index.find_most_used_chunks(8);
2010 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
2011 let reader = BufferedDynamicReader::new(index, chunk_reader);
2012 let decoder = pxar::Decoder::new(reader)?;
2013 let options = OsStr::new("ro
,default_permissions
");
2014 let mut session = pxar::fuse::Session::new(decoder, &options, pipe.is_none())
2015 .map_err(|err| format_err!("pxar mount failed
: {}
", err))?;
2017 // Mount the session but not call fuse deamonize as this will cause
2018 // issues with the runtime after the fork
2019 let deamonize = false;
2020 session.mount(&Path::new(target), deamonize)?;
2022 if let Some(pipe) = pipe {
2023 nix::unistd::chdir(Path::new("/")).unwrap();
2024 // Finish creation of deamon by redirecting filedescriptors.
2025 let nullfd = nix::fcntl::open(
2027 nix::fcntl::OFlag::O_RDWR,
2028 nix::sys::stat::Mode::empty(),
2030 nix::unistd::dup2(nullfd, 0).unwrap();
2031 nix::unistd::dup2(nullfd, 1).unwrap();
2032 nix::unistd::dup2(nullfd, 2).unwrap();
2034 nix::unistd::close(nullfd).unwrap();
2036 // Signal the parent process that we are done with the setup and it can
2038 nix::unistd::write(pipe, &[0u8])?;
2039 nix::unistd::close(pipe).unwrap();
2042 let multithreaded = true;
2043 session.run_loop(multithreaded)?;
2045 bail!("unknown archive file
extension (expected
.pxar
)");
2056 description: "Group
/Snapshot path
.",
2060 description: "Backup archive name
.",
2064 schema: REPO_URL_SCHEMA,
2069 description: "Path to encryption key
.",
2074 /// Shell to interactively inspect and restore snapshots.
2075 async fn catalog_shell(param: Value) -> Result<(), Error> {
2076 let repo = extract_repository_from_value(¶m)?;
2077 let client = connect(repo.host(), repo.user())?;
2078 let path = tools::required_string_param(¶m, "snapshot
")?;
2079 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
2081 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
2082 let group = BackupGroup::parse(path)?;
2083 api_datastore_latest_snapshot(&client, repo.store(), group).await?
2085 let snapshot = BackupDir::parse(path)?;
2086 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
2089 let keyfile = param["keyfile
"].as_str().map(|p| PathBuf::from(p));
2090 let crypt_config = match keyfile {
2093 let (key, _) = load_and_decrypt_key(&path, &get_encryption_key_password)?;
2094 Some(Arc::new(CryptConfig::new(key)?))
2098 let server_archive_name = if archive_name.ends_with(".pxar
") {
2099 format!("{}
.didx
", archive_name)
2101 bail!("Can only mount pxar archives
.");
2104 let client = BackupReader::start(
2106 crypt_config.clone(),
2114 let tmpfile = std::fs::OpenOptions::new()
2117 .custom_flags(libc::O_TMPFILE)
2120 let manifest = client.download_manifest().await?;
2122 let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
2123 let most_used = index.find_most_used_chunks(8);
2124 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config.clone(), most_used);
2125 let reader = BufferedDynamicReader::new(index, chunk_reader);
2126 let mut decoder = pxar::Decoder::new(reader)?;
2127 decoder.set_callback(|path| {
2128 println!("{:?}
", path);
2132 let tmpfile = client.download(CATALOG_NAME, tmpfile).await?;
2133 let index = DynamicIndexReader::new(tmpfile)
2134 .map_err(|err| format_err!("unable to read catalog index
- {}
", err))?;
2136 // Note: do not use values stored in index (not trusted) - instead, computed them again
2137 let (csum, size) = index.compute_csum();
2138 manifest.verify_file(CATALOG_NAME, &csum, size)?;
2140 let most_used = index.find_most_used_chunks(8);
2141 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
2142 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
2143 let mut catalogfile = std::fs::OpenOptions::new()
2146 .custom_flags(libc::O_TMPFILE)
2149 std::io::copy(&mut reader, &mut catalogfile)
2150 .map_err(|err| format_err!("unable to download catalog
- {}
", err))?;
2152 catalogfile.seek(SeekFrom::Start(0))?;
2153 let catalog_reader = CatalogReader::new(catalogfile);
2154 let state = Shell::new(
2156 &server_archive_name,
2160 println!("Starting interactive shell
");
2163 record_repository(&repo);
2168 fn catalog_mgmt_cli() -> CliCommandMap {
2169 let catalog_shell_cmd_def = CliCommand::new(&API_METHOD_CATALOG_SHELL)
2170 .arg_param(&["snapshot
", "archive
-name
"])
2171 .completion_cb("repository
", complete_repository)
2172 .completion_cb("archive
-name
", complete_pxar_archive_name)
2173 .completion_cb("snapshot
", complete_group_or_snapshot);
2175 let catalog_dump_cmd_def = CliCommand::new(&API_METHOD_DUMP_CATALOG)
2176 .arg_param(&["snapshot
"])
2177 .completion_cb("repository
", complete_repository)
2178 .completion_cb("snapshot
", complete_backup_snapshot);
2180 CliCommandMap::new()
2181 .insert("dump
", catalog_dump_cmd_def)
2182 .insert("shell
", catalog_shell_cmd_def)
2189 schema: REPO_URL_SCHEMA,
2193 description: "The maximal number of tasks to list
.",
2201 schema: OUTPUT_FORMAT,
2207 /// List running server tasks for this repo user
2208 async fn task_list(param: Value) -> Result<Value, Error> {
2210 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
2211 let repo = extract_repository_from_value(¶m)?;
2212 let client = connect(repo.host(), repo.user())?;
2214 let limit = param["limit
"].as_u64().unwrap_or(50) as usize;
2220 "userfilter
": repo.user(),
2221 "store
": repo.store(),
2223 let result = client.get("api2
/json
/nodes
/localhost
/tasks
", Some(args)).await?;
2225 let data = &result["data
"];
2227 if output_format == "text
" {
2228 for item in data.as_array().unwrap() {
2231 item["upid
"].as_str().unwrap(),
2232 item["status
"].as_str().unwrap_or("running
"),
2236 format_and_print_result(data, &output_format);
2246 schema: REPO_URL_SCHEMA,
2250 schema: UPID_SCHEMA,
2255 /// Display the task log.
2256 async fn task_log(param: Value) -> Result<Value, Error> {
2258 let repo = extract_repository_from_value(¶m)?;
2259 let upid = tools::required_string_param(¶m, "upid
")?;
2261 let client = connect(repo.host(), repo.user())?;
2263 display_task_log(client, upid, true).await?;
2272 schema: REPO_URL_SCHEMA,
2276 schema: UPID_SCHEMA,
2281 /// Try to stop a specific task.
2282 async fn task_stop(param: Value) -> Result<Value, Error> {
2284 let repo = extract_repository_from_value(¶m)?;
2285 let upid_str = tools::required_string_param(¶m, "upid
")?;
2287 let mut client = connect(repo.host(), repo.user())?;
2289 let path = format!("api2
/json
/nodes
/localhost
/tasks
/{}
", upid_str);
2290 let _ = client.delete(&path, None).await?;
2295 fn task_mgmt_cli() -> CliCommandMap {
2297 let task_list_cmd_def = CliCommand::new(&API_METHOD_TASK_LIST)
2298 .completion_cb("repository
", complete_repository);
2300 let task_log_cmd_def = CliCommand::new(&API_METHOD_TASK_LOG)
2301 .arg_param(&["upid
"]);
2303 let task_stop_cmd_def = CliCommand::new(&API_METHOD_TASK_STOP)
2304 .arg_param(&["upid
"]);
2306 CliCommandMap::new()
2307 .insert("log
", task_log_cmd_def)
2308 .insert("list
", task_list_cmd_def)
2309 .insert("stop
", task_stop_cmd_def)
2314 let backup_cmd_def = CliCommand::new(&API_METHOD_CREATE_BACKUP)
2315 .arg_param(&["backupspec
"])
2316 .completion_cb("repository
", complete_repository)
2317 .completion_cb("backupspec
", complete_backup_source)
2318 .completion_cb("keyfile
", tools::complete_file_name)
2319 .completion_cb("chunk
-size
", complete_chunk_size);
2321 let upload_log_cmd_def = CliCommand::new(&API_METHOD_UPLOAD_LOG)
2322 .arg_param(&["snapshot
", "logfile
"])
2323 .completion_cb("snapshot
", complete_backup_snapshot)
2324 .completion_cb("logfile
", tools::complete_file_name)
2325 .completion_cb("keyfile
", tools::complete_file_name)
2326 .completion_cb("repository
", complete_repository);
2328 let list_cmd_def = CliCommand::new(&API_METHOD_LIST_BACKUP_GROUPS)
2329 .completion_cb("repository
", complete_repository);
2331 let snapshots_cmd_def = CliCommand::new(&API_METHOD_LIST_SNAPSHOTS)
2332 .arg_param(&["group
"])
2333 .completion_cb("group
", complete_backup_group)
2334 .completion_cb("repository
", complete_repository);
2336 let forget_cmd_def = CliCommand::new(&API_METHOD_FORGET_SNAPSHOTS)
2337 .arg_param(&["snapshot
"])
2338 .completion_cb("repository
", complete_repository)
2339 .completion_cb("snapshot
", complete_backup_snapshot);
2341 let garbage_collect_cmd_def = CliCommand::new(&API_METHOD_START_GARBAGE_COLLECTION)
2342 .completion_cb("repository
", complete_repository);
2344 let restore_cmd_def = CliCommand::new(&API_METHOD_RESTORE)
2345 .arg_param(&["snapshot
", "archive
-name
", "target
"])
2346 .completion_cb("repository
", complete_repository)
2347 .completion_cb("snapshot
", complete_group_or_snapshot)
2348 .completion_cb("archive
-name
", complete_archive_name)
2349 .completion_cb("target
", tools::complete_file_name);
2351 let files_cmd_def = CliCommand::new(&API_METHOD_LIST_SNAPSHOT_FILES)
2352 .arg_param(&["snapshot
"])
2353 .completion_cb("repository
", complete_repository)
2354 .completion_cb("snapshot
", complete_backup_snapshot);
2356 let prune_cmd_def = CliCommand::new(&API_METHOD_PRUNE)
2357 .arg_param(&["group
"])
2358 .completion_cb("group
", complete_backup_group)
2359 .completion_cb("repository
", complete_repository);
2361 let status_cmd_def = CliCommand::new(&API_METHOD_STATUS)
2362 .completion_cb("repository
", complete_repository);
2364 let login_cmd_def = CliCommand::new(&API_METHOD_API_LOGIN)
2365 .completion_cb("repository
", complete_repository);
2367 let logout_cmd_def = CliCommand::new(&API_METHOD_API_LOGOUT)
2368 .completion_cb("repository
", complete_repository);
2371 const API_METHOD_MOUNT: ApiMethod = ApiMethod::new(
2372 &ApiHandler::Sync(&mount),
2374 "Mount pxar archive
.",
2376 ("snapshot
", false, &StringSchema::new("Group
/Snapshot path
.").schema()),
2377 ("archive
-name
", false, &StringSchema::new("Backup archive name
.").schema()),
2378 ("target
", false, &StringSchema::new("Target directory path
.").schema()),
2379 ("repository
", true, &REPO_URL_SCHEMA),
2380 ("keyfile
", true, &StringSchema::new("Path to encryption key
.").schema()),
2381 ("verbose
", true, &BooleanSchema::new("Verbose output
.").default(false).schema()),
2386 let mount_cmd_def = CliCommand::new(&API_METHOD_MOUNT)
2387 .arg_param(&["snapshot
", "archive
-name
", "target
"])
2388 .completion_cb("repository
", complete_repository)
2389 .completion_cb("snapshot
", complete_group_or_snapshot)
2390 .completion_cb("archive
-name
", complete_pxar_archive_name)
2391 .completion_cb("target
", tools::complete_file_name);
2394 let cmd_def = CliCommandMap::new()
2395 .insert("backup
", backup_cmd_def)
2396 .insert("upload
-log
", upload_log_cmd_def)
2397 .insert("forget
", forget_cmd_def)
2398 .insert("garbage
-collect
", garbage_collect_cmd_def)
2399 .insert("list
", list_cmd_def)
2400 .insert("login
", login_cmd_def)
2401 .insert("logout
", logout_cmd_def)
2402 .insert("prune
", prune_cmd_def)
2403 .insert("restore
", restore_cmd_def)
2404 .insert("snapshots
", snapshots_cmd_def)
2405 .insert("files
", files_cmd_def)
2406 .insert("status
", status_cmd_def)
2407 .insert("key
", key_mgmt_cli())
2408 .insert("mount
", mount_cmd_def)
2409 .insert("catalog
", catalog_mgmt_cli())
2410 .insert("task
", task_mgmt_cli());
2412 run_cli_command(cmd_def, Some(|future| {
2413 proxmox_backup::tools::runtime::main(future)