2 extern crate proxmox_backup
;
5 use nix
::unistd
::{fork, ForkResult, pipe}
;
6 use std
::os
::unix
::io
::RawFd
;
7 use chrono
::{Local, Utc, TimeZone}
;
8 use std
::path
::{Path, PathBuf}
;
9 use std
::collections
::{HashSet, HashMap}
;
11 use std
::io
::{BufReader, Read, Write, Seek, SeekFrom}
;
12 use std
::os
::unix
::fs
::OpenOptionsExt
;
14 use proxmox
::tools
::fs
::{file_get_contents, file_get_json, file_set_contents, image_size}
;
16 use proxmox_backup
::tools
;
17 use proxmox_backup
::cli
::*;
18 use proxmox_backup
::api2
::types
::*;
19 use proxmox_backup
::api_schema
::*;
20 use proxmox_backup
::api_schema
::router
::*;
21 use proxmox_backup
::client
::*;
22 use proxmox_backup
::backup
::*;
23 use proxmox_backup
::pxar
::{ self, catalog::* }
;
25 //use proxmox_backup::backup::image_index::*;
26 //use proxmox_backup::config::datastore;
27 //use proxmox_backup::pxar::encoder::*;
28 //use proxmox_backup::backup::datastore::*;
30 use serde_json
::{json, Value}
;
32 use std
::sync
::{Arc, Mutex}
;
34 use xdg
::BaseDirectories
;
36 use lazy_static
::lazy_static
;
38 use tokio
::sync
::mpsc
;
41 static ref BACKUPSPEC_REGEX
: Regex
= Regex
::new(r
"^([a-zA-Z0-9_-]+\.(?:pxar|img|conf|log)):(.+)$").unwrap();
43 static ref REPO_URL_SCHEMA
: Arc
<Schema
> = Arc
::new(
44 StringSchema
::new("Repository URL.")
45 .format(BACKUP_REPO_URL
.clone())
52 fn get_default_repository() -> Option
<String
> {
53 std
::env
::var("PBS_REPOSITORY").ok()
56 fn extract_repository_from_value(
58 ) -> Result
<BackupRepository
, Error
> {
60 let repo_url
= param
["repository"]
63 .or_else(get_default_repository
)
64 .ok_or_else(|| format_err
!("unable to get (default) repository"))?
;
66 let repo
: BackupRepository
= repo_url
.parse()?
;
71 fn extract_repository_from_map(
72 param
: &HashMap
<String
, String
>,
73 ) -> Option
<BackupRepository
> {
75 param
.get("repository")
77 .or_else(get_default_repository
)
78 .and_then(|repo_url
| repo_url
.parse
::<BackupRepository
>().ok())
81 fn record_repository(repo
: &BackupRepository
) {
83 let base
= match BaseDirectories
::with_prefix("proxmox-backup") {
88 // usually $HOME/.cache/proxmox-backup/repo-list
89 let path
= match base
.place_cache_file("repo-list") {
94 let mut data
= file_get_json(&path
, None
).unwrap_or(json
!({}
));
96 let repo
= repo
.to_string();
98 data
[&repo
] = json
!{ data[&repo].as_i64().unwrap_or(0) + 1 }
;
100 let mut map
= serde_json
::map
::Map
::new();
103 let mut max_used
= 0;
104 let mut max_repo
= None
;
105 for (repo
, count
) in data
.as_object().unwrap() {
106 if map
.contains_key(repo
) { continue; }
107 if let Some(count
) = count
.as_i64() {
108 if count
> max_used
{
110 max_repo
= Some(repo
);
114 if let Some(repo
) = max_repo
{
115 map
.insert(repo
.to_owned(), json
!(max_used
));
119 if map
.len() > 10 { // store max. 10 repos
124 let new_data
= json
!(map
);
126 let _
= file_set_contents(path
, new_data
.to_string().as_bytes(), None
);
129 fn complete_repository(_arg
: &str, _param
: &HashMap
<String
, String
>) -> Vec
<String
> {
131 let mut result
= vec
![];
133 let base
= match BaseDirectories
::with_prefix("proxmox-backup") {
138 // usually $HOME/.cache/proxmox-backup/repo-list
139 let path
= match base
.place_cache_file("repo-list") {
144 let data
= file_get_json(&path
, None
).unwrap_or(json
!({}
));
146 if let Some(map
) = data
.as_object() {
147 for (repo
, _count
) in map
{
148 result
.push(repo
.to_owned());
155 fn compute_file_csum(file
: &mut std
::fs
::File
) -> Result
<([u8; 32], u64), Error
> {
157 file
.seek(SeekFrom
::Start(0))?
;
159 let mut hasher
= openssl
::sha
::Sha256
::new();
160 let mut buffer
= proxmox
::tools
::vec
::undefined(256*1024);
161 let mut size
: u64 = 0;
164 let count
= match file
.read(&mut buffer
) {
166 Err(ref err
) if err
.kind() == std
::io
::ErrorKind
::Interrupted
=> { continue; }
167 Err(err
) => return Err(err
.into()),
172 size
+= count
as u64;
173 hasher
.update(&buffer
[..count
]);
176 let csum
= hasher
.finish();
182 async
fn backup_directory
<P
: AsRef
<Path
>>(
183 client
: &BackupWriter
,
186 chunk_size
: Option
<usize>,
187 device_set
: Option
<HashSet
<u64>>,
189 skip_lost_and_found
: bool
,
190 crypt_config
: Option
<Arc
<CryptConfig
>>,
191 catalog
: Arc
<Mutex
<CatalogBlobWriter
<std
::fs
::File
>>>,
192 ) -> Result
<BackupStats
, Error
> {
194 let pxar_stream
= PxarBackupStream
::open(dir_path
.as_ref(), device_set
, verbose
, skip_lost_and_found
, catalog
)?
;
195 let mut chunk_stream
= ChunkStream
::new(pxar_stream
, chunk_size
);
197 let (mut tx
, rx
) = mpsc
::channel(10); // allow to buffer 10 chunks
200 .map_err(Error
::from
);
202 // spawn chunker inside a separate task so that it can run parallel
203 tokio
::spawn(async
move {
204 let _
= tx
.send_all(&mut chunk_stream
).await
;
208 .upload_stream(archive_name
, stream
, "dynamic", None
, crypt_config
)
214 async
fn backup_image
<P
: AsRef
<Path
>>(
215 client
: &BackupWriter
,
219 chunk_size
: Option
<usize>,
221 crypt_config
: Option
<Arc
<CryptConfig
>>,
222 ) -> Result
<BackupStats
, Error
> {
224 let path
= image_path
.as_ref().to_owned();
226 let file
= tokio
::fs
::File
::open(path
).await?
;
228 let stream
= tokio
::codec
::FramedRead
::new(file
, tokio
::codec
::BytesCodec
::new())
229 .map_err(Error
::from
);
231 let stream
= FixedChunkStream
::new(stream
, chunk_size
.unwrap_or(4*1024*1024));
234 .upload_stream(archive_name
, stream
, "fixed", Some(image_size
), crypt_config
)
240 fn strip_server_file_expenstion(name
: &str) -> String
{
242 if name
.ends_with(".didx") {
243 return name
[..name
.len()-5].to_owned();
244 } else if name
.ends_with(".fidx") {
245 return name
[..name
.len()-5].to_owned();
246 } else if name
.ends_with(".blob") {
247 return name
[..name
.len()-5].to_owned();
249 return name
.to_owned(); // should not happen
253 fn list_backup_groups(
256 _rpcenv
: &mut dyn RpcEnvironment
,
257 ) -> Result
<Value
, Error
> {
259 let repo
= extract_repository_from_value(¶m
)?
;
261 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
263 let path
= format
!("api2/json/admin/datastore/{}/groups", repo
.store());
265 let mut result
= async_main(async
move {
266 client
.get(&path
, None
).await
269 record_repository(&repo
);
271 // fixme: implement and use output formatter instead ..
272 let list
= result
["data"].as_array_mut().unwrap();
274 list
.sort_unstable_by(|a
, b
| {
275 let a_id
= a
["backup-id"].as_str().unwrap();
276 let a_backup_type
= a
["backup-type"].as_str().unwrap();
277 let b_id
= b
["backup-id"].as_str().unwrap();
278 let b_backup_type
= b
["backup-type"].as_str().unwrap();
280 let type_order
= a_backup_type
.cmp(b_backup_type
);
281 if type_order
== std
::cmp
::Ordering
::Equal
{
288 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
290 let mut result
= vec
![];
294 let id
= item
["backup-id"].as_str().unwrap();
295 let btype
= item
["backup-type"].as_str().unwrap();
296 let epoch
= item
["last-backup"].as_i64().unwrap();
297 let last_backup
= Utc
.timestamp(epoch
, 0);
298 let backup_count
= item
["backup-count"].as_u64().unwrap();
300 let group
= BackupGroup
::new(btype
, id
);
302 let path
= group
.group_path().to_str().unwrap().to_owned();
304 let files
= item
["files"].as_array().unwrap().iter()
305 .map(|v
| strip_server_file_expenstion(v
.as_str().unwrap())).collect();
307 if output_format
== "text" {
309 "{:20} | {} | {:5} | {}",
311 BackupDir
::backup_time_to_string(last_backup
),
313 tools
::join(&files
, ' '
),
317 "backup-type": btype
,
319 "last-backup": epoch
,
320 "backup-count": backup_count
,
326 if output_format
!= "text" { format_and_print_result(&result.into(), &output_format); }
334 _rpcenv
: &mut dyn RpcEnvironment
,
335 ) -> Result
<Value
, Error
> {
337 let repo
= extract_repository_from_value(¶m
)?
;
339 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
341 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
343 let path
= format
!("api2/json/admin/datastore/{}/snapshots", repo
.store());
345 let mut args
= json
!({}
);
346 if let Some(path
) = param
["group"].as_str() {
347 let group
= BackupGroup
::parse(path
)?
;
348 args
["backup-type"] = group
.backup_type().into();
349 args
["backup-id"] = group
.backup_id().into();
352 let result
= async_main(async
move {
353 client
.get(&path
, Some(args
)).await
356 record_repository(&repo
);
358 let list
= result
["data"].as_array().unwrap();
360 let mut result
= vec
![];
364 let id
= item
["backup-id"].as_str().unwrap();
365 let btype
= item
["backup-type"].as_str().unwrap();
366 let epoch
= item
["backup-time"].as_i64().unwrap();
368 let snapshot
= BackupDir
::new(btype
, id
, epoch
);
370 let path
= snapshot
.relative_path().to_str().unwrap().to_owned();
372 let files
= item
["files"].as_array().unwrap().iter()
373 .map(|v
| strip_server_file_expenstion(v
.as_str().unwrap())).collect();
375 if output_format
== "text" {
376 let size_str
= if let Some(size
) = item
["size"].as_u64() {
381 println
!("{} | {} | {}", path
, size_str
, tools
::join(&files
, ' '
));
383 let mut data
= json
!({
384 "backup-type": btype
,
386 "backup-time": epoch
,
389 if let Some(size
) = item
["size"].as_u64() {
390 data
["size"] = size
.into();
396 if output_format
!= "text" { format_and_print_result(&result.into(), &output_format); }
404 _rpcenv
: &mut dyn RpcEnvironment
,
405 ) -> Result
<Value
, Error
> {
407 let repo
= extract_repository_from_value(¶m
)?
;
409 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
410 let snapshot
= BackupDir
::parse(path
)?
;
412 let mut client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
414 let path
= format
!("api2/json/admin/datastore/{}/snapshots", repo
.store());
416 let result
= async_main(async
move {
417 client
.delete(&path
, Some(json
!({
418 "backup-type": snapshot
.group().backup_type(),
419 "backup-id": snapshot
.group().backup_id(),
420 "backup-time": snapshot
.backup_time().timestamp(),
424 record_repository(&repo
);
432 _rpcenv
: &mut dyn RpcEnvironment
,
433 ) -> Result
<Value
, Error
> {
435 let repo
= extract_repository_from_value(¶m
)?
;
437 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
438 async_main(async
move { client.login().await }
)?
;
440 record_repository(&repo
);
448 _rpcenv
: &mut dyn RpcEnvironment
,
449 ) -> Result
<Value
, Error
> {
451 let repo
= extract_repository_from_value(¶m
)?
;
453 delete_ticket_info(repo
.host(), repo
.user())?
;
461 _rpcenv
: &mut dyn RpcEnvironment
,
462 ) -> Result
<Value
, Error
> {
464 let repo
= extract_repository_from_value(¶m
)?
;
466 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
467 let snapshot
= BackupDir
::parse(path
)?
;
469 let keyfile
= param
["keyfile"].as_str().map(|p
| PathBuf
::from(p
));
471 let crypt_config
= match keyfile
{
474 let (key
, _
) = load_and_decrtypt_key(&path
, get_encryption_key_password
)?
;
475 Some(Arc
::new(CryptConfig
::new(key
)?
))
479 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
481 async_main(async
move {
482 let client
= BackupReader
::start(
485 &snapshot
.group().backup_type(),
486 &snapshot
.group().backup_id(),
487 snapshot
.backup_time(),
491 let backup_index_data
= download_index_blob(client
.clone(), crypt_config
.clone()).await?
;
492 let backup_index
: Value
= serde_json
::from_slice(&backup_index_data
[..])?
;
494 let blob_file
= std
::fs
::OpenOptions
::new()
497 .custom_flags(libc
::O_TMPFILE
)
500 let mut blob_file
= client
.download(CATALOG_BLOB_NAME
, blob_file
).await?
;
502 let (csum
, size
) = compute_file_csum(&mut blob_file
)?
;
503 verify_index_file(&backup_index
, CATALOG_BLOB_NAME
, &csum
, size
)?
;
505 blob_file
.seek(SeekFrom
::Start(0))?
;
507 let reader
= BufReader
::new(blob_file
);
508 let mut catalog_reader
= CatalogBlobReader
::new(reader
, crypt_config
)?
;
510 catalog_reader
.dump()?
;
512 record_repository(&repo
);
520 fn list_snapshot_files(
523 _rpcenv
: &mut dyn RpcEnvironment
,
524 ) -> Result
<Value
, Error
> {
526 let repo
= extract_repository_from_value(¶m
)?
;
528 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
529 let snapshot
= BackupDir
::parse(path
)?
;
531 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
533 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
535 let path
= format
!("api2/json/admin/datastore/{}/files", repo
.store());
537 let mut result
= async_main(async
move {
538 client
.get(&path
, Some(json
!({
539 "backup-type": snapshot
.group().backup_type(),
540 "backup-id": snapshot
.group().backup_id(),
541 "backup-time": snapshot
.backup_time().timestamp(),
545 record_repository(&repo
);
547 let list
: Value
= result
["data"].take();
549 if output_format
== "text" {
550 for item
in list
.as_array().unwrap().iter() {
553 strip_server_file_expenstion(item
["filename"].as_str().unwrap()),
554 item
["size"].as_u64().unwrap_or(0),
558 format_and_print_result(&list
, &output_format
);
564 fn start_garbage_collection(
567 _rpcenv
: &mut dyn RpcEnvironment
,
568 ) -> Result
<Value
, Error
> {
570 let repo
= extract_repository_from_value(¶m
)?
;
572 let mut client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
574 let path
= format
!("api2/json/admin/datastore/{}/gc", repo
.store());
576 let result
= async_main(async
move { client.post(&path, None).await }
)?
;
578 record_repository(&repo
);
583 fn parse_backupspec(value
: &str) -> Result
<(&str, &str), Error
> {
585 if let Some(caps
) = BACKUPSPEC_REGEX
.captures(value
) {
586 return Ok((caps
.get(1).unwrap().as_str(), caps
.get(2).unwrap().as_str()));
588 bail
!("unable to parse directory specification '{}'", value
);
594 _rpcenv
: &mut dyn RpcEnvironment
,
595 ) -> Result
<Value
, Error
> {
597 let repo
= extract_repository_from_value(¶m
)?
;
599 let backupspec_list
= tools
::required_array_param(¶m
, "backupspec")?
;
601 let all_file_systems
= param
["all-file-systems"].as_bool().unwrap_or(false);
603 let skip_lost_and_found
= param
["skip-lost-and-found"].as_bool().unwrap_or(false);
605 let verbose
= param
["verbose"].as_bool().unwrap_or(false);
607 let backup_time_opt
= param
["backup-time"].as_i64();
609 let chunk_size_opt
= param
["chunk-size"].as_u64().map(|v
| (v
*1024) as usize);
611 if let Some(size
) = chunk_size_opt
{
612 verify_chunk_size(size
)?
;
615 let keyfile
= param
["keyfile"].as_str().map(|p
| PathBuf
::from(p
));
617 let backup_id
= param
["backup-id"].as_str().unwrap_or(&proxmox
::tools
::nodename());
619 let backup_type
= param
["backup-type"].as_str().unwrap_or("host");
621 let include_dev
= param
["include-dev"].as_array();
623 let mut devices
= if all_file_systems { None }
else { Some(HashSet::new()) }
;
625 if let Some(include_dev
) = include_dev
{
626 if all_file_systems
{
627 bail
!("option 'all-file-systems' conflicts with option 'include-dev'");
630 let mut set
= HashSet
::new();
631 for path
in include_dev
{
632 let path
= path
.as_str().unwrap();
633 let stat
= nix
::sys
::stat
::stat(path
)
634 .map_err(|err
| format_err
!("fstat {:?} failed - {}", path
, err
))?
;
635 set
.insert(stat
.st_dev
);
640 let mut upload_list
= vec
![];
642 enum BackupType { PXAR, IMAGE, CONFIG, LOGFILE }
;
644 for backupspec
in backupspec_list
{
645 let (target
, filename
) = parse_backupspec(backupspec
.as_str().unwrap())?
;
647 use std
::os
::unix
::fs
::FileTypeExt
;
649 let metadata
= std
::fs
::metadata(filename
)
650 .map_err(|err
| format_err
!("unable to access '{}' - {}", filename
, err
))?
;
651 let file_type
= metadata
.file_type();
653 let extension
= target
.rsplit('
.'
).next()
654 .ok_or(format_err
!("missing target file extenion '{}'", target
))?
;
658 if !file_type
.is_dir() {
659 bail
!("got unexpected file type (expected directory)");
661 upload_list
.push((BackupType
::PXAR
, filename
.to_owned(), format
!("{}.didx", target
), 0));
665 if !(file_type
.is_file() || file_type
.is_block_device()) {
666 bail
!("got unexpected file type (expected file or block device)");
669 let size
= image_size(&PathBuf
::from(filename
))?
;
671 if size
== 0 { bail!("got zero-sized file '{}'
", filename); }
673 upload_list.push((BackupType::IMAGE, filename.to_owned(), format!("{}
.fidx
", target), size));
676 if !file_type.is_file() {
677 bail!("got unexpected file
type (expected regular file
)");
679 upload_list.push((BackupType::CONFIG, filename.to_owned(), format!("{}
.blob
", target), metadata.len()));
682 if !file_type.is_file() {
683 bail!("got unexpected file
type (expected regular file
)");
685 upload_list.push((BackupType::LOGFILE, filename.to_owned(), format!("{}
.blob
", target), metadata.len()));
688 bail!("got unknown archive extension '{}'
", extension);
693 let backup_time = Utc.timestamp(backup_time_opt.unwrap_or(Utc::now().timestamp()), 0);
695 let client = HttpClient::new(repo.host(), repo.user(), None)?;
696 record_repository(&repo);
698 println!("Starting backup
: {}
/{}
/{}
", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time));
700 println!("Client name
: {}
", proxmox::tools::nodename());
702 let start_time = Local::now();
704 println!("Starting protocol
: {}
", start_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
706 let (crypt_config, rsa_encrypted_key) = match keyfile {
707 None => (None, None),
709 let (key, created) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
711 let crypt_config = CryptConfig::new(key)?;
713 let path = master_pubkey_path()?;
715 let pem_data = file_get_contents(&path)?;
716 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
717 let enc_key = crypt_config.generate_rsa_encoded_key(rsa, created)?;
718 (Some(Arc::new(crypt_config)), Some(enc_key))
720 (Some(Arc::new(crypt_config)), None)
725 async_main(async move {
726 let client = BackupWriter::start(
735 let mut file_list = vec![];
737 // fixme: encrypt/sign catalog?
738 let catalog_file = std::fs::OpenOptions::new()
741 .custom_flags(libc::O_TMPFILE)
744 let catalog = Arc::new(Mutex::new(CatalogBlobWriter::new_compressed(catalog_file)?));
745 let mut upload_catalog = false;
747 for (backup_type, filename, target, size) in upload_list {
749 BackupType::CONFIG => {
750 println!("Upload config file '{}' to '{:?}'
as {}
", filename, repo, target);
752 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
754 file_list.push((target, stats));
756 BackupType::LOGFILE => { // fixme: remove - not needed anymore ?
757 println!("Upload log file '{}' to '{:?}'
as {}
", filename, repo, target);
759 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
761 file_list.push((target, stats));
763 BackupType::PXAR => {
764 upload_catalog = true;
765 println!("Upload directory '{}' to '{:?}'
as {}
", filename, repo, target);
766 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
767 let stats = backup_directory(
775 crypt_config.clone(),
778 file_list.push((target, stats));
779 catalog.lock().unwrap().end_directory()?;
781 BackupType::IMAGE => {
782 println!("Upload image '{}' to '{:?}'
as {}
", filename, repo, target);
783 let stats = backup_image(
790 crypt_config.clone(),
792 file_list.push((target, stats));
797 // finalize and upload catalog
799 let mutex = Arc::try_unwrap(catalog)
800 .map_err(|_| format_err!("unable to get
catalog (still used
)"))?;
801 let mut catalog_file = mutex.into_inner().unwrap().finish()?;
803 let target = CATALOG_BLOB_NAME;
805 catalog_file.seek(SeekFrom::Start(0))?;
807 let stats = client.upload_blob(catalog_file, target).await?;
808 file_list.push((target.to_owned(), stats));
811 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
812 let target = "rsa
-encrypted
.key
";
813 println!("Upload RSA encoded key to '{:?}'
as {}
", repo, target);
815 .upload_blob_from_data(rsa_encrypted_key, target, None, false, false)
817 file_list.push((format!("{}
.blob
", target), stats));
819 // openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t
821 let mut buffer2 = vec![0u8; rsa.size() as usize];
822 let pem_data = file_get_contents("master
-private
.pem
")?;
823 let rsa = openssl::rsa::Rsa::private_key_from_pem(&pem_data)?;
824 let len = rsa.private_decrypt(&buffer, &mut buffer2, openssl::rsa::Padding::PKCS1)?;
825 println!("TEST {} {:?}
", len, buffer2);
830 let file_list = file_list.iter()
831 .fold(vec![], |mut acc, (filename, stats)| {
833 "filename
": filename,
835 "csum
": proxmox::tools::digest_to_hex(&stats.csum),
841 "backup
-type": backup_type,
842 "backup
-id
": backup_id,
843 "backup
-time
": backup_time.timestamp(),
847 println!("Upload index
.json to '{:?}'
", repo);
848 let index_data = serde_json::to_string_pretty(&index)?.into();
850 .upload_blob_from_data(index_data, "index
.json
.blob
", crypt_config.clone(), true, true)
853 client.finish().await?;
855 let end_time = Local::now();
856 let elapsed = end_time.signed_duration_since(start_time);
857 println!("Duration
: {}
", elapsed);
859 println!("End Time
: {}
", end_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
865 fn complete_backup_source(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
867 let mut result = vec![];
869 let data: Vec<&str> = arg.splitn(2, ':').collect();
872 result.push(String::from("root
.pxar
:/"));
873 result.push(String::from("etc
.pxar
:/etc
"));
877 let files = tools::complete_file_name(data[1], param);
880 result.push(format!("{}
:{}
", data[0], file));
889 _rpcenv: &mut dyn RpcEnvironment,
890 ) -> Result<Value, Error> {
891 async_main(restore_do(param))
894 async fn download_index_blob(client: Arc<BackupReader>, crypt_config: Option<Arc<CryptConfig>>) -> Result<Vec<u8>, Error> {
896 let index_data = client.download(INDEX_BLOB_NAME, Vec::with_capacity(64*1024)).await?;
897 let blob = DataBlob::from_raw(index_data)?;
899 blob.decode(crypt_config.as_ref().map(Arc::as_ref))
902 fn verify_index_file(backup_index: &Value, name: &str, csum: &[u8; 32], size: u64) -> Result<(), Error> {
904 let files = backup_index["files
"]
906 .ok_or_else(|| format_err!("mailformed index
- missing 'files' property
"))?;
908 let info = files.iter().find(|v| {
909 match v["filename
"].as_str() {
910 Some(filename) => filename == name,
915 let info = match info {
916 None => bail!("index does not contain file '{}'
", name),
920 match info["size
"].as_u64() {
921 None => bail!("index does not contain property 'size'
for file '{}'
", name),
922 Some(expected_size) => {
923 if expected_size != size {
924 bail!("verify index failed
- wrong size
for file '{}'
({}
!= {}
", name, expected_size, size);
929 match info["csum
"].as_str() {
930 None => bail!("index does not contain property 'csum'
for file '{}'
", name),
931 Some(expected_csum) => {
932 let expected_csum = &proxmox::tools::hex_to_digest(expected_csum)?;
933 if expected_csum != csum {
934 bail!("verify index failed
- wrong checksum
for file '{}'
", name);
942 fn dump_image<W: Write>(
943 client: Arc<BackupReader>,
944 crypt_config: Option<Arc<CryptConfig>>,
945 index: FixedIndexReader,
948 ) -> Result<(), Error> {
950 let most_used = index.find_most_used_chunks(8);
952 let mut chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
954 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
955 // and thus slows down reading. Instead, directly use RemoteChunkReader
958 let start_time = std::time::Instant::now();
960 for pos in 0..index.index_count() {
961 let digest = index.index_digest(pos).unwrap();
962 let raw_data = chunk_reader.read_chunk(&digest)?;
963 writer.write_all(&raw_data)?;
964 bytes += raw_data.len();
966 let next_per = ((pos+1)*100)/index.index_count();
968 eprintln!("progress {}
% (read {} bytes
, duration {} sec
)",
969 next_per, bytes, start_time.elapsed().as_secs());
975 let end_time = std::time::Instant::now();
976 let elapsed = end_time.duration_since(start_time);
977 eprintln!("restore image
complete (bytes
={}
, duration
={:.2}s
, speed
={:.2}MB
/s
)",
979 elapsed.as_secs_f64(),
980 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
987 async fn restore_do(param: Value) -> Result<Value, Error> {
988 let repo = extract_repository_from_value(¶m)?;
990 let verbose = param["verbose
"].as_bool().unwrap_or(false);
992 let allow_existing_dirs = param["allow
-existing
-dirs
"].as_bool().unwrap_or(false);
994 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
996 let client = HttpClient::new(repo.host(), repo.user(), None)?;
998 record_repository(&repo);
1000 let path = tools::required_string_param(¶m, "snapshot
")?;
1002 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1003 let group = BackupGroup::parse(path)?;
1005 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1006 let result = client.get(&path, Some(json!({
1007 "backup
-type": group.backup_type(),
1008 "backup
-id
": group.backup_id(),
1011 let list = result["data
"].as_array().unwrap();
1012 if list.len() == 0 {
1013 bail!("backup group '{}' does not contain any snapshots
:", path);
1016 let epoch = list[0]["backup
-time
"].as_i64().unwrap();
1017 let backup_time = Utc.timestamp(epoch, 0);
1018 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
1020 let snapshot = BackupDir::parse(path)?;
1021 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1024 let target = tools::required_string_param(¶m, "target
")?;
1025 let target = if target == "-" { None } else { Some(target) };
1027 let keyfile = param["keyfile
"].as_str().map(|p| PathBuf::from(p));
1029 let crypt_config = match keyfile {
1032 let (key, _) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
1033 Some(Arc::new(CryptConfig::new(key)?))
1037 let server_archive_name = if archive_name.ends_with(".pxar
") {
1038 format!("{}
.didx
", archive_name)
1039 } else if archive_name.ends_with(".img
") {
1040 format!("{}
.fidx
", archive_name)
1042 format!("{}
.blob
", archive_name)
1045 let client = BackupReader::start(client, repo.store(), &backup_type, &backup_id, backup_time, true).await?;
1047 let tmpfile = std::fs::OpenOptions::new()
1050 .custom_flags(libc::O_TMPFILE)
1054 let backup_index_data = download_index_blob(client.clone(), crypt_config.clone()).await?;
1055 let backup_index: Value = serde_json::from_slice(&backup_index_data[..])?;
1057 if server_archive_name == INDEX_BLOB_NAME {
1058 if let Some(target) = target {
1059 file_set_contents(target, &backup_index_data, None)?;
1061 let stdout = std::io::stdout();
1062 let mut writer = stdout.lock();
1063 writer.write_all(&backup_index_data)
1064 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1067 } else if server_archive_name.ends_with(".blob
") {
1068 let mut tmpfile = client.download(&server_archive_name, tmpfile).await?;
1070 let (csum, size) = compute_file_csum(&mut tmpfile)?;
1071 verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
1073 tmpfile.seek(SeekFrom::Start(0))?;
1074 let mut reader = DataBlobReader::new(tmpfile, crypt_config)?;
1076 if let Some(target) = target {
1077 let mut writer = std::fs::OpenOptions::new()
1082 .map_err(|err| format_err!("unable to create target file {:?}
- {}
", target, err))?;
1083 std::io::copy(&mut reader, &mut writer)?;
1085 let stdout = std::io::stdout();
1086 let mut writer = stdout.lock();
1087 std::io::copy(&mut reader, &mut writer)
1088 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1091 } else if server_archive_name.ends_with(".didx
") {
1092 let tmpfile = client.download(&server_archive_name, tmpfile).await?;
1094 let index = DynamicIndexReader::new(tmpfile)
1095 .map_err(|err| format_err!("unable to read dynamic index '{}'
- {}
", archive_name, err))?;
1097 // Note: do not use values stored in index (not trusted) - instead, computed them again
1098 let (csum, size) = index.compute_csum();
1100 verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
1102 let most_used = index.find_most_used_chunks(8);
1104 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1106 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
1108 if let Some(target) = target {
1110 let feature_flags = pxar::flags::DEFAULT;
1111 let mut decoder = pxar::SequentialDecoder::new(&mut reader, feature_flags, |path| {
1113 eprintln!("{:?}
", path);
1117 decoder.set_allow_existing_dirs(allow_existing_dirs);
1119 decoder.restore(Path::new(target), &Vec::new())?;
1121 let mut writer = std::fs::OpenOptions::new()
1123 .open("/dev
/stdout
")
1124 .map_err(|err| format_err!("unable to open
/dev
/stdout
- {}
", err))?;
1126 std::io::copy(&mut reader, &mut writer)
1127 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1129 } else if server_archive_name.ends_with(".fidx
") {
1130 let tmpfile = client.download(&server_archive_name, tmpfile).await?;
1132 let index = FixedIndexReader::new(tmpfile)
1133 .map_err(|err| format_err!("unable to read fixed index '{}'
- {}
", archive_name, err))?;
1135 // Note: do not use values stored in index (not trusted) - instead, computed them again
1136 let (csum, size) = index.compute_csum();
1138 verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
1140 let mut writer = if let Some(target) = target {
1141 std::fs::OpenOptions::new()
1146 .map_err(|err| format_err!("unable to create target file {:?}
- {}
", target, err))?
1148 std::fs::OpenOptions::new()
1150 .open("/dev
/stdout
")
1151 .map_err(|err| format_err!("unable to open
/dev
/stdout
- {}
", err))?
1154 dump_image(client.clone(), crypt_config.clone(), index, &mut writer, verbose)?;
1157 bail!("unknown archive file
extension (expected
.pxar of
.img
)");
1166 _rpcenv: &mut dyn RpcEnvironment,
1167 ) -> Result<Value, Error> {
1169 let logfile = tools::required_string_param(¶m, "logfile
")?;
1170 let repo = extract_repository_from_value(¶m)?;
1172 let snapshot = tools::required_string_param(¶m, "snapshot
")?;
1173 let snapshot = BackupDir::parse(snapshot)?;
1175 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
1177 let keyfile = param["keyfile
"].as_str().map(|p| PathBuf::from(p));
1179 let crypt_config = match keyfile {
1182 let (key, _created) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
1183 let crypt_config = CryptConfig::new(key)?;
1184 Some(Arc::new(crypt_config))
1188 let data = file_get_contents(logfile)?;
1190 let blob = DataBlob::encode(&data, crypt_config.as_ref().map(Arc::as_ref), true)?;
1192 let raw_data = blob.into_inner();
1194 let path = format!("api2
/json
/admin
/datastore
/{}
/upload
-backup
-log
", repo.store());
1197 "backup
-type": snapshot.group().backup_type(),
1198 "backup
-id
": snapshot.group().backup_id(),
1199 "backup
-time
": snapshot.backup_time().timestamp(),
1202 let body = hyper::Body::from(raw_data);
1204 async_main(async move {
1205 client.upload("application
/octet
-stream
", body, &path, Some(args)).await
1212 _rpcenv: &mut dyn RpcEnvironment,
1213 ) -> Result<Value, Error> {
1215 let repo = extract_repository_from_value(¶m)?;
1217 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
1219 let path = format!("api2
/json
/admin
/datastore
/{}
/prune
", repo.store());
1221 let group = tools::required_string_param(¶m, "group
")?;
1222 let group = BackupGroup::parse(group)?;
1224 param.as_object_mut().unwrap().remove("repository
");
1225 param.as_object_mut().unwrap().remove("group
");
1227 param["backup
-type"] = group.backup_type().into();
1228 param["backup
-id
"] = group.backup_id().into();
1230 let _result = async_main(async move { client.post(&path, Some(param)).await })?;
1232 record_repository(&repo);
1240 _rpcenv: &mut dyn RpcEnvironment,
1241 ) -> Result<Value, Error> {
1243 let repo = extract_repository_from_value(¶m)?;
1245 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
1247 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1249 let path = format!("api2
/json
/admin
/datastore
/{}
/status
", repo.store());
1251 let result = async_main(async move { client.get(&path, None).await })?;
1252 let data = &result["data
"];
1254 record_repository(&repo);
1256 if output_format == "text
" {
1257 let total = data["total
"].as_u64().unwrap();
1258 let used = data["used
"].as_u64().unwrap();
1259 let avail = data["avail
"].as_u64().unwrap();
1260 let roundup = total/200;
1263 "total
: {} used
: {}
({}
%) available
: {}
",
1266 ((used+roundup)*100)/total,
1270 format_and_print_result(data, &output_format);
1276 // like get, but simply ignore errors and return Null instead
1277 async fn try_get(repo: &BackupRepository, url: &str) -> Value {
1279 let client = match HttpClient::new(repo.host(), repo.user(), None) {
1281 _ => return Value::Null,
1284 let mut resp = match client.get(url, None).await {
1286 _ => return Value::Null,
1289 if let Some(map) = resp.as_object_mut() {
1290 if let Some(data) = map.remove("data
") {
1297 fn complete_backup_group(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1298 async_main(async { complete_backup_group_do(param).await })
1301 async fn complete_backup_group_do(param: &HashMap<String, String>) -> Vec<String> {
1303 let mut result = vec![];
1305 let repo = match extract_repository_from_map(param) {
1310 let path = format!("api2
/json
/admin
/datastore
/{}
/groups
", repo.store());
1312 let data = try_get(&repo, &path).await;
1314 if let Some(list) = data.as_array() {
1316 if let (Some(backup_id), Some(backup_type)) =
1317 (item["backup
-id
"].as_str(), item["backup
-type"].as_str())
1319 result.push(format!("{}
/{}
", backup_type, backup_id));
1327 fn complete_group_or_snapshot(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1328 async_main(async { complete_group_or_snapshot_do(arg, param).await })
1331 async fn complete_group_or_snapshot_do(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1333 if arg.matches('/').count() < 2 {
1334 let groups = complete_backup_group_do(param).await;
1335 let mut result = vec![];
1336 for group in groups {
1337 result.push(group.to_string());
1338 result.push(format!("{}
/", group));
1343 complete_backup_snapshot_do(param).await
1346 fn complete_backup_snapshot(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1347 async_main(async { complete_backup_snapshot_do(param).await })
1350 async fn complete_backup_snapshot_do(param: &HashMap<String, String>) -> Vec<String> {
1352 let mut result = vec![];
1354 let repo = match extract_repository_from_map(param) {
1359 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1361 let data = try_get(&repo, &path).await;
1363 if let Some(list) = data.as_array() {
1365 if let (Some(backup_id), Some(backup_type), Some(backup_time)) =
1366 (item["backup
-id
"].as_str(), item["backup
-type"].as_str(), item["backup
-time
"].as_i64())
1368 let snapshot = BackupDir::new(backup_type, backup_id, backup_time);
1369 result.push(snapshot.relative_path().to_str().unwrap().to_owned());
1377 fn complete_server_file_name(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1378 async_main(async { complete_server_file_name_do(param).await })
1381 async fn complete_server_file_name_do(param: &HashMap<String, String>) -> Vec<String> {
1383 let mut result = vec![];
1385 let repo = match extract_repository_from_map(param) {
1390 let snapshot = match param.get("snapshot
") {
1392 match BackupDir::parse(path) {
1400 let query = tools::json_object_to_query(json!({
1401 "backup
-type": snapshot.group().backup_type(),
1402 "backup
-id
": snapshot.group().backup_id(),
1403 "backup
-time
": snapshot.backup_time().timestamp(),
1406 let path = format!("api2
/json
/admin
/datastore
/{}
/files?{}
", repo.store(), query);
1408 let data = try_get(&repo, &path).await;
1410 if let Some(list) = data.as_array() {
1412 if let Some(filename) = item["filename
"].as_str() {
1413 result.push(filename.to_owned());
1421 fn complete_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1422 complete_server_file_name(arg, param)
1424 .map(|v| strip_server_file_expenstion(&v))
1428 fn complete_chunk_size(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
1430 let mut result = vec![];
1434 result.push(size.to_string());
1436 if size > 4096 { break; }
1442 fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
1444 // fixme: implement other input methods
1446 use std::env::VarError::*;
1447 match std::env::var("PBS_ENCRYPTION_PASSWORD
") {
1448 Ok(p) => return Ok(p.as_bytes().to_vec()),
1449 Err(NotUnicode(_)) => bail!("PBS_ENCRYPTION_PASSWORD contains bad characters
"),
1450 Err(NotPresent) => {
1451 // Try another method
1455 // If we're on a TTY, query the user for a password
1456 if crate::tools::tty::stdin_isatty() {
1457 return Ok(crate::tools::tty::read_password("Encryption Key Password
: ")?);
1460 bail!("no password input mechanism available
");
1466 _rpcenv: &mut dyn RpcEnvironment,
1467 ) -> Result<Value, Error> {
1469 let path = tools::required_string_param(¶m, "path
")?;
1470 let path = PathBuf::from(path);
1472 let kdf = param["kdf
"].as_str().unwrap_or("scrypt
");
1474 let key = proxmox::sys::linux::random_data(32)?;
1476 if kdf == "scrypt
" {
1477 // always read passphrase from tty
1478 if !crate::tools::tty::stdin_isatty() {
1479 bail!("unable to read passphrase
- no tty
");
1482 let password = crate::tools::tty::read_password("Encryption Key Password
: ")?;
1484 let key_config = encrypt_key_with_passphrase(&key, &password)?;
1486 store_key_config(&path, false, key_config)?;
1489 } else if kdf == "none
" {
1490 let created = Local.timestamp(Local::now().timestamp(), 0);
1492 store_key_config(&path, false, KeyConfig {
1505 fn master_pubkey_path() -> Result<PathBuf, Error> {
1506 let base = BaseDirectories::with_prefix("proxmox
-backup
")?;
1508 // usually $HOME/.config/proxmox-backup/master-public.pem
1509 let path = base.place_config_file("master
-public
.pem
")?;
1514 fn key_import_master_pubkey(
1517 _rpcenv: &mut dyn RpcEnvironment,
1518 ) -> Result<Value, Error> {
1520 let path = tools::required_string_param(¶m, "path
")?;
1521 let path = PathBuf::from(path);
1523 let pem_data = file_get_contents(&path)?;
1525 if let Err(err) = openssl::pkey::PKey::public_key_from_pem(&pem_data) {
1526 bail!("Unable to decode PEM data
- {}
", err);
1529 let target_path = master_pubkey_path()?;
1531 file_set_contents(&target_path, &pem_data, None)?;
1533 println!("Imported public master key to {:?}
", target_path);
1538 fn key_create_master_key(
1541 _rpcenv: &mut dyn RpcEnvironment,
1542 ) -> Result<Value, Error> {
1544 // we need a TTY to query the new password
1545 if !crate::tools::tty::stdin_isatty() {
1546 bail!("unable to create master key
- no tty
");
1549 let rsa = openssl::rsa::Rsa::generate(4096)?;
1550 let pkey = openssl::pkey::PKey::from_rsa(rsa)?;
1552 let new_pw = String::from_utf8(crate::tools::tty::read_password("Master Key Password
: ")?)?;
1553 let verify_pw = String::from_utf8(crate::tools::tty::read_password("Verify Password
: ")?)?;
1555 if new_pw != verify_pw {
1556 bail!("Password verification fail
!");
1559 if new_pw.len() < 5 {
1560 bail!("Password is too short
!");
1563 let pub_key: Vec<u8> = pkey.public_key_to_pem()?;
1564 let filename_pub = "master
-public
.pem
";
1565 println!("Writing public master key to {}
", filename_pub);
1566 file_set_contents(filename_pub, pub_key.as_slice(), None)?;
1568 let cipher = openssl::symm::Cipher::aes_256_cbc();
1569 let priv_key: Vec<u8> = pkey.private_key_to_pem_pkcs8_passphrase(cipher, new_pw.as_bytes())?;
1571 let filename_priv = "master
-private
.pem
";
1572 println!("Writing private master key to {}
", filename_priv);
1573 file_set_contents(filename_priv, priv_key.as_slice(), None)?;
1578 fn key_change_passphrase(
1581 _rpcenv: &mut dyn RpcEnvironment,
1582 ) -> Result<Value, Error> {
1584 let path = tools::required_string_param(¶m, "path
")?;
1585 let path = PathBuf::from(path);
1587 let kdf = param["kdf
"].as_str().unwrap_or("scrypt
");
1589 // we need a TTY to query the new password
1590 if !crate::tools::tty::stdin_isatty() {
1591 bail!("unable to change passphrase
- no tty
");
1594 let (key, created) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
1596 if kdf == "scrypt
" {
1598 let new_pw = String::from_utf8(crate::tools::tty::read_password("New Password
: ")?)?;
1599 let verify_pw = String::from_utf8(crate::tools::tty::read_password("Verify Password
: ")?)?;
1601 if new_pw != verify_pw {
1602 bail!("Password verification fail
!");
1605 if new_pw.len() < 5 {
1606 bail!("Password is too short
!");
1609 let mut new_key_config = encrypt_key_with_passphrase(&key, new_pw.as_bytes())?;
1610 new_key_config.created = created; // keep original value
1612 store_key_config(&path, true, new_key_config)?;
1615 } else if kdf == "none
" {
1616 let modified = Local.timestamp(Local::now().timestamp(), 0);
1618 store_key_config(&path, true, KeyConfig {
1620 created, // keep original value
1631 fn key_mgmt_cli() -> CliCommandMap {
1633 let kdf_schema: Arc<Schema> = Arc::new(
1634 StringSchema::new("Key derivation function
. Choose 'none' to store the key unecrypted
.")
1635 .format(Arc::new(ApiStringFormat::Enum(&["scrypt
", "none
"])))
1640 let key_create_cmd_def = CliCommand::new(
1643 ObjectSchema::new("Create a new encryption key
.")
1644 .required("path
", StringSchema::new("File system path
."))
1645 .optional("kdf
", kdf_schema.clone())
1647 .arg_param(vec!["path
"])
1648 .completion_cb("path
", tools::complete_file_name);
1650 let key_change_passphrase_cmd_def = CliCommand::new(
1652 key_change_passphrase,
1653 ObjectSchema::new("Change the passphrase required to decrypt the key
.")
1654 .required("path
", StringSchema::new("File system path
."))
1655 .optional("kdf
", kdf_schema.clone())
1657 .arg_param(vec!["path
"])
1658 .completion_cb("path
", tools::complete_file_name);
1660 let key_create_master_key_cmd_def = CliCommand::new(
1662 key_create_master_key,
1663 ObjectSchema::new("Create a new
4096 bit RSA master
pub/priv key pair
.")
1666 let key_import_master_pubkey_cmd_def = CliCommand::new(
1668 key_import_master_pubkey,
1669 ObjectSchema::new("Import a new RSA public key and
use it
as master key
. The key is expected to be
in '
.pem' format
.")
1670 .required("path
", StringSchema::new("File system path
."))
1672 .arg_param(vec!["path
"])
1673 .completion_cb("path
", tools::complete_file_name);
1675 let cmd_def = CliCommandMap::new()
1676 .insert("create
".to_owned(), key_create_cmd_def.into())
1677 .insert("create
-master
-key
".to_owned(), key_create_master_key_cmd_def.into())
1678 .insert("import
-master
-pubkey
".to_owned(), key_import_master_pubkey_cmd_def.into())
1679 .insert("change
-passphrase
".to_owned(), key_change_passphrase_cmd_def.into());
1688 _rpcenv: &mut dyn RpcEnvironment,
1689 ) -> Result<Value, Error> {
1690 let verbose = param["verbose
"].as_bool().unwrap_or(false);
1692 // This will stay in foreground with debug output enabled as None is
1693 // passed for the RawFd.
1694 return async_main(mount_do(param, None));
1697 // Process should be deamonized.
1698 // Make sure to fork before the async runtime is instantiated to avoid troubles.
1701 Ok(ForkResult::Parent { child: _, .. }) => {
1702 nix::unistd::close(pipe.1).unwrap();
1703 // Blocks the parent process until we are ready to go in the child
1704 let _res = nix::unistd::read(pipe.0, &mut [0]).unwrap();
1707 Ok(ForkResult::Child) => {
1708 nix::unistd::close(pipe.0).unwrap();
1709 nix::unistd::setsid().unwrap();
1710 async_main(mount_do(param, Some(pipe.1)))
1712 Err(_) => bail!("failed to daemonize process
"),
1716 async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
1717 let repo = extract_repository_from_value(¶m)?;
1718 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
1719 let target = tools::required_string_param(¶m, "target
")?;
1720 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1722 record_repository(&repo);
1724 let path = tools::required_string_param(¶m, "snapshot
")?;
1725 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1726 let group = BackupGroup::parse(path)?;
1728 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1729 let result = client.get(&path, Some(json!({
1730 "backup
-type": group.backup_type(),
1731 "backup
-id
": group.backup_id(),
1734 let list = result["data
"].as_array().unwrap();
1735 if list.len() == 0 {
1736 bail!("backup group '{}' does not contain any snapshots
:", path);
1739 let epoch = list[0]["backup
-time
"].as_i64().unwrap();
1740 let backup_time = Utc.timestamp(epoch, 0);
1741 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
1743 let snapshot = BackupDir::parse(path)?;
1744 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1747 let keyfile = param["keyfile
"].as_str().map(|p| PathBuf::from(p));
1748 let crypt_config = match keyfile {
1751 let (key, _) = load_and_decrtypt_key(&path, get_encryption_key_password)?;
1752 Some(Arc::new(CryptConfig::new(key)?))
1756 let server_archive_name = if archive_name.ends_with(".pxar
") {
1757 format!("{}
.didx
", archive_name)
1759 bail!("Can only mount pxar archives
.");
1762 let client = BackupReader::start(client, repo.store(), &backup_type, &backup_id, backup_time, true).await?;
1764 let tmpfile = std::fs::OpenOptions::new()
1767 .custom_flags(libc::O_TMPFILE)
1770 let backup_index_data = download_index_blob(client.clone(), crypt_config.clone()).await?;
1771 let backup_index: Value = serde_json::from_slice(&backup_index_data[..])?;
1772 if server_archive_name.ends_with(".didx
") {
1773 let tmpfile = client.download(&server_archive_name, tmpfile).await?;
1774 let index = DynamicIndexReader::new(tmpfile)
1775 .map_err(|err| format_err!("unable to read dynamic index '{}'
- {}
", archive_name, err))?;
1777 // Note: do not use values stored in index (not trusted) - instead, computed them again
1778 let (csum, size) = index.compute_csum();
1779 verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
1781 let most_used = index.find_most_used_chunks(8);
1782 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1783 let reader = BufferedDynamicReader::new(index, chunk_reader);
1785 pxar::Decoder::<Box<dyn pxar::fuse::ReadSeek>, fn(&Path) -> Result<(), Error>>::new(
1789 let options = OsStr::new("ro
,default_permissions
");
1790 let mut session = pxar::fuse::Session::from_decoder(decoder, &options, pipe.is_none())
1791 .map_err(|err| format_err!("pxar mount failed
: {}
", err))?;
1793 // Mount the session but not call fuse deamonize as this will cause
1794 // issues with the runtime after the fork
1795 let deamonize = false;
1796 session.mount(&Path::new(target), deamonize)?;
1798 if let Some(pipe) = pipe {
1799 nix::unistd::chdir(Path::new("/")).unwrap();
1800 // Finish creation of deamon by redirecting filedescriptors.
1801 let nullfd = nix::fcntl::open(
1803 nix::fcntl::OFlag::O_RDWR,
1804 nix::sys::stat::Mode::empty(),
1806 nix::unistd::dup2(nullfd, 0).unwrap();
1807 nix::unistd::dup2(nullfd, 1).unwrap();
1808 nix::unistd::dup2(nullfd, 2).unwrap();
1810 nix::unistd::close(nullfd).unwrap();
1812 // Signal the parent process that we are done with the setup and it can
1814 nix::unistd::write(pipe, &mut [0u8])?;
1815 nix::unistd::close(pipe).unwrap();
1818 let multithreaded = true;
1819 session.run_loop(multithreaded)?;
1821 bail!("unknown archive file
extension (expected
.pxar
)");
1829 let backup_source_schema: Arc<Schema> = Arc::new(
1830 StringSchema::new("Backup source
specification ([<label
>:<path
>]).")
1831 .format(Arc::new(ApiStringFormat::Pattern(&BACKUPSPEC_REGEX)))
1835 let backup_cmd_def = CliCommand::new(
1838 ObjectSchema::new("Create (host
) backup
.")
1842 "List of backup source
specifications ([<label
.ext
>:<path
>] ...)",
1843 backup_source_schema,
1846 .optional("repository
", REPO_URL_SCHEMA.clone())
1850 "Include mountpoints with same st_dev
number (see ``man fstat``
) as specified files
.",
1851 StringSchema::new("Path to file
.").into()
1856 StringSchema::new("Path to encryption key
. All data will be encrypted using this key
."))
1859 BooleanSchema::new("Verbose output
.").default(false))
1861 "skip
-lost
-and
-found
",
1862 BooleanSchema::new("Skip lost
+found directory
").default(false))
1865 BACKUP_TYPE_SCHEMA.clone()
1869 BACKUP_ID_SCHEMA.clone()
1873 BACKUP_TIME_SCHEMA.clone()
1877 IntegerSchema::new("Chunk size
in KB
. Must be a power of
2.")
1883 .arg_param(vec!["backupspec
"])
1884 .completion_cb("repository
", complete_repository)
1885 .completion_cb("backupspec
", complete_backup_source)
1886 .completion_cb("keyfile
", tools::complete_file_name)
1887 .completion_cb("chunk
-size
", complete_chunk_size);
1889 let upload_log_cmd_def = CliCommand::new(
1892 ObjectSchema::new("Upload backup log file
.")
1893 .required("snapshot
", StringSchema::new("Snapshot path
."))
1894 .required("logfile
", StringSchema::new("The path to the log file you want to upload
."))
1895 .optional("repository
", REPO_URL_SCHEMA.clone())
1898 StringSchema::new("Path to encryption key
. All data will be encrypted using this key
."))
1900 .arg_param(vec!["snapshot
", "logfile
"])
1901 .completion_cb("snapshot
", complete_backup_snapshot)
1902 .completion_cb("logfile
", tools::complete_file_name)
1903 .completion_cb("keyfile
", tools::complete_file_name)
1904 .completion_cb("repository
", complete_repository);
1906 let list_cmd_def = CliCommand::new(
1909 ObjectSchema::new("List backup groups
.")
1910 .optional("repository
", REPO_URL_SCHEMA.clone())
1911 .optional("output
-format
", OUTPUT_FORMAT.clone())
1913 .completion_cb("repository
", complete_repository);
1915 let snapshots_cmd_def = CliCommand::new(
1918 ObjectSchema::new("List backup snapshots
.")
1919 .optional("group
", StringSchema::new("Backup group
."))
1920 .optional("repository
", REPO_URL_SCHEMA.clone())
1921 .optional("output
-format
", OUTPUT_FORMAT.clone())
1923 .arg_param(vec!["group
"])
1924 .completion_cb("group
", complete_backup_group)
1925 .completion_cb("repository
", complete_repository);
1927 let forget_cmd_def = CliCommand::new(
1930 ObjectSchema::new("Forget (remove
) backup snapshots
.")
1931 .required("snapshot
", StringSchema::new("Snapshot path
."))
1932 .optional("repository
", REPO_URL_SCHEMA.clone())
1934 .arg_param(vec!["snapshot
"])
1935 .completion_cb("repository
", complete_repository)
1936 .completion_cb("snapshot
", complete_backup_snapshot);
1938 let garbage_collect_cmd_def = CliCommand::new(
1940 start_garbage_collection,
1941 ObjectSchema::new("Start garbage collection
for a specific repository
.")
1942 .optional("repository
", REPO_URL_SCHEMA.clone())
1944 .completion_cb("repository
", complete_repository);
1946 let restore_cmd_def = CliCommand::new(
1949 ObjectSchema::new("Restore backup repository
.")
1950 .required("snapshot
", StringSchema::new("Group
/Snapshot path
."))
1951 .required("archive
-name
", StringSchema::new("Backup archive name
."))
1952 .required("target
", StringSchema::new(r###"Target directory path
. Use '
-' to write to stdandard output
.
1954 We
do not extraxt '
.pxar' archives when writing to stdandard output
.
1959 "allow
-existing
-dirs
",
1960 BooleanSchema::new("Do not fail
if directories already exists
.").default(false))
1961 .optional("repository
", REPO_URL_SCHEMA.clone())
1962 .optional("keyfile
", StringSchema::new("Path to encryption key
."))
1965 BooleanSchema::new("Verbose output
.").default(false)
1968 .arg_param(vec!["snapshot
", "archive
-name
", "target
"])
1969 .completion_cb("repository
", complete_repository)
1970 .completion_cb("snapshot
", complete_group_or_snapshot)
1971 .completion_cb("archive
-name
", complete_archive_name)
1972 .completion_cb("target
", tools::complete_file_name);
1974 let files_cmd_def = CliCommand::new(
1976 list_snapshot_files,
1977 ObjectSchema::new("List snapshot files
.")
1978 .required("snapshot
", StringSchema::new("Snapshot path
."))
1979 .optional("repository
", REPO_URL_SCHEMA.clone())
1980 .optional("output
-format
", OUTPUT_FORMAT.clone())
1982 .arg_param(vec!["snapshot
"])
1983 .completion_cb("repository
", complete_repository)
1984 .completion_cb("snapshot
", complete_backup_snapshot);
1986 let catalog_cmd_def = CliCommand::new(
1989 ObjectSchema::new("Dump catalog
.")
1990 .required("snapshot
", StringSchema::new("Snapshot path
."))
1991 .optional("repository
", REPO_URL_SCHEMA.clone())
1993 .arg_param(vec!["snapshot
"])
1994 .completion_cb("repository
", complete_repository)
1995 .completion_cb("snapshot
", complete_backup_snapshot);
1997 let prune_cmd_def = CliCommand::new(
2000 proxmox_backup::api2::admin::datastore::add_common_prune_prameters(
2001 ObjectSchema::new("Prune backup repository
.")
2002 .required("group
", StringSchema::new("Backup group
."))
2003 .optional("repository
", REPO_URL_SCHEMA.clone())
2006 .arg_param(vec!["group
"])
2007 .completion_cb("group
", complete_backup_group)
2008 .completion_cb("repository
", complete_repository);
2010 let status_cmd_def = CliCommand::new(
2013 ObjectSchema::new("Get repository status
.")
2014 .optional("repository
", REPO_URL_SCHEMA.clone())
2015 .optional("output
-format
", OUTPUT_FORMAT.clone())
2017 .completion_cb("repository
", complete_repository);
2019 let login_cmd_def = CliCommand::new(
2022 ObjectSchema::new("Try to login
. If successful
, store ticket
.")
2023 .optional("repository
", REPO_URL_SCHEMA.clone())
2025 .completion_cb("repository
", complete_repository);
2027 let logout_cmd_def = CliCommand::new(
2030 ObjectSchema::new("Logout (delete stored ticket
).")
2031 .optional("repository
", REPO_URL_SCHEMA.clone())
2033 .completion_cb("repository
", complete_repository);
2035 let mount_cmd_def = CliCommand::new(
2038 ObjectSchema::new("Mount pxar archive
.")
2039 .required("snapshot
", StringSchema::new("Group
/Snapshot path
."))
2040 .required("archive
-name
", StringSchema::new("Backup archive name
."))
2041 .required("target
", StringSchema::new("Target directory path
."))
2042 .optional("repository
", REPO_URL_SCHEMA.clone())
2043 .optional("keyfile
", StringSchema::new("Path to encryption key
."))
2044 .optional("verbose
", BooleanSchema::new("Verbose output
.").default(false))
2046 .arg_param(vec!["snapshot
", "archive
-name
", "target
"])
2047 .completion_cb("repository
", complete_repository)
2048 .completion_cb("snapshot
", complete_group_or_snapshot)
2049 .completion_cb("archive
-name
", complete_archive_name)
2050 .completion_cb("target
", tools::complete_file_name);
2052 let cmd_def = CliCommandMap::new()
2053 .insert("backup
".to_owned(), backup_cmd_def.into())
2054 .insert("upload
-log
".to_owned(), upload_log_cmd_def.into())
2055 .insert("forget
".to_owned(), forget_cmd_def.into())
2056 .insert("catalog
".to_owned(), catalog_cmd_def.into())
2057 .insert("garbage
-collect
".to_owned(), garbage_collect_cmd_def.into())
2058 .insert("list
".to_owned(), list_cmd_def.into())
2059 .insert("login
".to_owned(), login_cmd_def.into())
2060 .insert("logout
".to_owned(), logout_cmd_def.into())
2061 .insert("prune
".to_owned(), prune_cmd_def.into())
2062 .insert("restore
".to_owned(), restore_cmd_def.into())
2063 .insert("snapshots
".to_owned(), snapshots_cmd_def.into())
2064 .insert("files
".to_owned(), files_cmd_def.into())
2065 .insert("status
".to_owned(), status_cmd_def.into())
2066 .insert("key
".to_owned(), key_mgmt_cli().into())
2067 .insert("mount
".to_owned(), mount_cmd_def.into());
2069 run_cli_command(cmd_def.into());
2072 fn async_main<F: Future>(fut: F) -> <F as Future>::Output {
2073 let rt = tokio::runtime::Runtime::new().unwrap();
2074 let ret = rt.block_on(fut);