2 use nix
::unistd
::{fork, ForkResult, pipe}
;
3 use std
::os
::unix
::io
::RawFd
;
4 use chrono
::{Local, Utc, TimeZone}
;
5 use std
::path
::{Path, PathBuf}
;
6 use std
::collections
::{HashSet, HashMap}
;
8 use std
::io
::{Write, Seek, SeekFrom}
;
9 use std
::os
::unix
::fs
::OpenOptionsExt
;
11 use proxmox
::{sortable, identity}
;
12 use proxmox
::tools
::fs
::{file_get_contents, file_get_json, file_set_contents, image_size}
;
13 use proxmox
::api
::{ApiHandler, ApiMethod, RpcEnvironment}
;
14 use proxmox
::api
::schema
::*;
15 use proxmox
::api
::cli
::*;
16 use proxmox
::api
::api
;
18 use proxmox_backup
::tools
;
19 use proxmox_backup
::api2
::types
::*;
20 use proxmox_backup
::client
::*;
21 use proxmox_backup
::backup
::*;
22 use proxmox_backup
::pxar
::{ self, catalog::* }
;
24 //use proxmox_backup::backup::image_index::*;
25 //use proxmox_backup::config::datastore;
26 //use proxmox_backup::pxar::encoder::*;
27 //use proxmox_backup::backup::datastore::*;
29 use serde_json
::{json, Value}
;
31 use std
::sync
::{Arc, Mutex}
;
33 use xdg
::BaseDirectories
;
36 use tokio
::sync
::mpsc
;
38 proxmox
::api
::const_regex
! {
39 BACKUPSPEC_REGEX
= r
"^([a-zA-Z0-9_-]+\.(?:pxar|img|conf|log)):(.+)$";
42 const REPO_URL_SCHEMA
: Schema
= StringSchema
::new("Repository URL.")
43 .format(&BACKUP_REPO_URL
)
47 fn get_default_repository() -> Option
<String
> {
48 std
::env
::var("PBS_REPOSITORY").ok()
51 fn extract_repository_from_value(
53 ) -> Result
<BackupRepository
, Error
> {
55 let repo_url
= param
["repository"]
58 .or_else(get_default_repository
)
59 .ok_or_else(|| format_err
!("unable to get (default) repository"))?
;
61 let repo
: BackupRepository
= repo_url
.parse()?
;
66 fn extract_repository_from_map(
67 param
: &HashMap
<String
, String
>,
68 ) -> Option
<BackupRepository
> {
70 param
.get("repository")
72 .or_else(get_default_repository
)
73 .and_then(|repo_url
| repo_url
.parse
::<BackupRepository
>().ok())
76 fn record_repository(repo
: &BackupRepository
) {
78 let base
= match BaseDirectories
::with_prefix("proxmox-backup") {
83 // usually $HOME/.cache/proxmox-backup/repo-list
84 let path
= match base
.place_cache_file("repo-list") {
89 let mut data
= file_get_json(&path
, None
).unwrap_or_else(|_
| json
!({}
));
91 let repo
= repo
.to_string();
93 data
[&repo
] = json
!{ data[&repo].as_i64().unwrap_or(0) + 1 }
;
95 let mut map
= serde_json
::map
::Map
::new();
99 let mut max_repo
= None
;
100 for (repo
, count
) in data
.as_object().unwrap() {
101 if map
.contains_key(repo
) { continue; }
102 if let Some(count
) = count
.as_i64() {
103 if count
> max_used
{
105 max_repo
= Some(repo
);
109 if let Some(repo
) = max_repo
{
110 map
.insert(repo
.to_owned(), json
!(max_used
));
114 if map
.len() > 10 { // store max. 10 repos
119 let new_data
= json
!(map
);
121 let _
= file_set_contents(path
, new_data
.to_string().as_bytes(), None
);
124 fn complete_repository(_arg
: &str, _param
: &HashMap
<String
, String
>) -> Vec
<String
> {
126 let mut result
= vec
![];
128 let base
= match BaseDirectories
::with_prefix("proxmox-backup") {
133 // usually $HOME/.cache/proxmox-backup/repo-list
134 let path
= match base
.place_cache_file("repo-list") {
139 let data
= file_get_json(&path
, None
).unwrap_or_else(|_
| json
!({}
));
141 if let Some(map
) = data
.as_object() {
142 for (repo
, _count
) in map
{
143 result
.push(repo
.to_owned());
150 async
fn view_task_result(
154 ) -> Result
<(), Error
> {
155 let data
= &result
["data"];
156 if output_format
== "text" {
157 if let Some(upid
) = data
.as_str() {
158 display_task_log(client
, upid
, true).await?
;
161 format_and_print_result(&data
, &output_format
);
167 async
fn backup_directory
<P
: AsRef
<Path
>>(
168 client
: &BackupWriter
,
171 chunk_size
: Option
<usize>,
172 device_set
: Option
<HashSet
<u64>>,
174 skip_lost_and_found
: bool
,
175 crypt_config
: Option
<Arc
<CryptConfig
>>,
176 catalog
: Arc
<Mutex
<CatalogWriter
<SenderWriter
>>>,
177 ) -> Result
<BackupStats
, Error
> {
179 let pxar_stream
= PxarBackupStream
::open(dir_path
.as_ref(), device_set
, verbose
, skip_lost_and_found
, catalog
)?
;
180 let mut chunk_stream
= ChunkStream
::new(pxar_stream
, chunk_size
);
182 let (mut tx
, rx
) = mpsc
::channel(10); // allow to buffer 10 chunks
185 .map_err(Error
::from
);
187 // spawn chunker inside a separate task so that it can run parallel
188 tokio
::spawn(async
move {
189 let _
= tx
.send_all(&mut chunk_stream
).await
;
193 .upload_stream(archive_name
, stream
, "dynamic", None
, crypt_config
)
199 async
fn backup_image
<P
: AsRef
<Path
>>(
200 client
: &BackupWriter
,
204 chunk_size
: Option
<usize>,
206 crypt_config
: Option
<Arc
<CryptConfig
>>,
207 ) -> Result
<BackupStats
, Error
> {
209 let path
= image_path
.as_ref().to_owned();
211 let file
= tokio
::fs
::File
::open(path
).await?
;
213 let stream
= tokio
::codec
::FramedRead
::new(file
, tokio
::codec
::BytesCodec
::new())
214 .map_err(Error
::from
);
216 let stream
= FixedChunkStream
::new(stream
, chunk_size
.unwrap_or(4*1024*1024));
219 .upload_stream(archive_name
, stream
, "fixed", Some(image_size
), crypt_config
)
225 fn strip_server_file_expenstion(name
: &str) -> String
{
227 if name
.ends_with(".didx") || name
.ends_with(".fidx") || name
.ends_with(".blob") {
228 name
[..name
.len()-5].to_owned()
230 name
.to_owned() // should not happen
234 fn list_backup_groups(
237 _rpcenv
: &mut dyn RpcEnvironment
,
238 ) -> Result
<Value
, Error
> {
240 let repo
= extract_repository_from_value(¶m
)?
;
242 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
244 let path
= format
!("api2/json/admin/datastore/{}/groups", repo
.store());
246 let mut result
= async_main(async
move {
247 client
.get(&path
, None
).await
250 record_repository(&repo
);
252 // fixme: implement and use output formatter instead ..
253 let list
= result
["data"].as_array_mut().unwrap();
255 list
.sort_unstable_by(|a
, b
| {
256 let a_id
= a
["backup-id"].as_str().unwrap();
257 let a_backup_type
= a
["backup-type"].as_str().unwrap();
258 let b_id
= b
["backup-id"].as_str().unwrap();
259 let b_backup_type
= b
["backup-type"].as_str().unwrap();
261 let type_order
= a_backup_type
.cmp(b_backup_type
);
262 if type_order
== std
::cmp
::Ordering
::Equal
{
269 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
271 let mut result
= vec
![];
275 let id
= item
["backup-id"].as_str().unwrap();
276 let btype
= item
["backup-type"].as_str().unwrap();
277 let epoch
= item
["last-backup"].as_i64().unwrap();
278 let last_backup
= Utc
.timestamp(epoch
, 0);
279 let backup_count
= item
["backup-count"].as_u64().unwrap();
281 let group
= BackupGroup
::new(btype
, id
);
283 let path
= group
.group_path().to_str().unwrap().to_owned();
285 let files
= item
["files"].as_array().unwrap().iter()
286 .map(|v
| strip_server_file_expenstion(v
.as_str().unwrap())).collect();
288 if output_format
== "text" {
290 "{:20} | {} | {:5} | {}",
292 BackupDir
::backup_time_to_string(last_backup
),
294 tools
::join(&files
, ' '
),
298 "backup-type": btype
,
300 "last-backup": epoch
,
301 "backup-count": backup_count
,
307 if output_format
!= "text" { format_and_print_result(&result.into(), &output_format); }
315 _rpcenv
: &mut dyn RpcEnvironment
,
316 ) -> Result
<Value
, Error
> {
318 let repo
= extract_repository_from_value(¶m
)?
;
320 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
322 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
324 let path
= format
!("api2/json/admin/datastore/{}/snapshots", repo
.store());
326 let mut args
= json
!({}
);
327 if let Some(path
) = param
["group"].as_str() {
328 let group
= BackupGroup
::parse(path
)?
;
329 args
["backup-type"] = group
.backup_type().into();
330 args
["backup-id"] = group
.backup_id().into();
333 let result
= async_main(async
move {
334 client
.get(&path
, Some(args
)).await
337 record_repository(&repo
);
339 let list
= result
["data"].as_array().unwrap();
341 let mut result
= vec
![];
345 let id
= item
["backup-id"].as_str().unwrap();
346 let btype
= item
["backup-type"].as_str().unwrap();
347 let epoch
= item
["backup-time"].as_i64().unwrap();
349 let snapshot
= BackupDir
::new(btype
, id
, epoch
);
351 let path
= snapshot
.relative_path().to_str().unwrap().to_owned();
353 let files
= item
["files"].as_array().unwrap().iter()
354 .map(|v
| strip_server_file_expenstion(v
.as_str().unwrap())).collect();
356 if output_format
== "text" {
357 let size_str
= if let Some(size
) = item
["size"].as_u64() {
362 println
!("{} | {} | {}", path
, size_str
, tools
::join(&files
, ' '
));
364 let mut data
= json
!({
365 "backup-type": btype
,
367 "backup-time": epoch
,
370 if let Some(size
) = item
["size"].as_u64() {
371 data
["size"] = size
.into();
377 if output_format
!= "text" { format_and_print_result(&result.into(), &output_format); }
385 _rpcenv
: &mut dyn RpcEnvironment
,
386 ) -> Result
<Value
, Error
> {
388 let repo
= extract_repository_from_value(¶m
)?
;
390 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
391 let snapshot
= BackupDir
::parse(path
)?
;
393 let mut client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
395 let path
= format
!("api2/json/admin/datastore/{}/snapshots", repo
.store());
397 let result
= async_main(async
move {
398 client
.delete(&path
, Some(json
!({
399 "backup-type": snapshot
.group().backup_type(),
400 "backup-id": snapshot
.group().backup_id(),
401 "backup-time": snapshot
.backup_time().timestamp(),
405 record_repository(&repo
);
413 _rpcenv
: &mut dyn RpcEnvironment
,
414 ) -> Result
<Value
, Error
> {
416 let repo
= extract_repository_from_value(¶m
)?
;
418 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
419 async_main(async
move { client.login().await }
)?
;
421 record_repository(&repo
);
429 _rpcenv
: &mut dyn RpcEnvironment
,
430 ) -> Result
<Value
, Error
> {
432 let repo
= extract_repository_from_value(¶m
)?
;
434 delete_ticket_info(repo
.host(), repo
.user())?
;
442 _rpcenv
: &mut dyn RpcEnvironment
,
443 ) -> Result
<Value
, Error
> {
445 let repo
= extract_repository_from_value(¶m
)?
;
447 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
448 let snapshot
= BackupDir
::parse(path
)?
;
450 let keyfile
= param
["keyfile"].as_str().map(PathBuf
::from
);
452 let crypt_config
= match keyfile
{
455 let (key
, _
) = load_and_decrtypt_key(&path
, &get_encryption_key_password
)?
;
456 Some(Arc
::new(CryptConfig
::new(key
)?
))
460 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
462 async_main(async
move {
463 let client
= BackupReader
::start(
465 crypt_config
.clone(),
467 &snapshot
.group().backup_type(),
468 &snapshot
.group().backup_id(),
469 snapshot
.backup_time(),
473 let manifest
= client
.download_manifest().await?
;
475 let index
= client
.download_dynamic_index(&manifest
, CATALOG_NAME
).await?
;
477 let most_used
= index
.find_most_used_chunks(8);
479 let chunk_reader
= RemoteChunkReader
::new(client
.clone(), crypt_config
, most_used
);
481 let mut reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
483 let mut catalogfile
= std
::fs
::OpenOptions
::new()
486 .custom_flags(libc
::O_TMPFILE
)
489 std
::io
::copy(&mut reader
, &mut catalogfile
)
490 .map_err(|err
| format_err
!("unable to download catalog - {}", err
))?
;
492 catalogfile
.seek(SeekFrom
::Start(0))?
;
494 let mut catalog_reader
= CatalogReader
::new(catalogfile
);
496 catalog_reader
.dump()?
;
498 record_repository(&repo
);
506 fn list_snapshot_files(
509 _rpcenv
: &mut dyn RpcEnvironment
,
510 ) -> Result
<Value
, Error
> {
512 let repo
= extract_repository_from_value(¶m
)?
;
514 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
515 let snapshot
= BackupDir
::parse(path
)?
;
517 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
519 let client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
521 let path
= format
!("api2/json/admin/datastore/{}/files", repo
.store());
523 let mut result
= async_main(async
move {
524 client
.get(&path
, Some(json
!({
525 "backup-type": snapshot
.group().backup_type(),
526 "backup-id": snapshot
.group().backup_id(),
527 "backup-time": snapshot
.backup_time().timestamp(),
531 record_repository(&repo
);
533 let list
: Value
= result
["data"].take();
535 if output_format
== "text" {
536 for item
in list
.as_array().unwrap().iter() {
539 strip_server_file_expenstion(item
["filename"].as_str().unwrap()),
540 item
["size"].as_u64().unwrap_or(0),
544 format_and_print_result(&list
, &output_format
);
550 fn start_garbage_collection(
553 _rpcenv
: &mut dyn RpcEnvironment
,
554 ) -> Result
<Value
, Error
> {
556 let repo
= extract_repository_from_value(¶m
)?
;
557 let output_format
= param
["output-format"].as_str().unwrap_or("text").to_owned();
559 let mut client
= HttpClient
::new(repo
.host(), repo
.user(), None
)?
;
561 let path
= format
!("api2/json/admin/datastore/{}/gc", repo
.store());
564 let result
= client
.post(&path
, None
).await?
;
566 record_repository(&repo
);
568 view_task_result(client
, result
, &output_format
).await
574 fn parse_backupspec(value
: &str) -> Result
<(&str, &str), Error
> {
576 if let Some(caps
) = (BACKUPSPEC_REGEX
.regex_obj
)().captures(value
) {
577 return Ok((caps
.get(1).unwrap().as_str(), caps
.get(2).unwrap().as_str()));
579 bail
!("unable to parse directory specification '{}'", value
);
582 fn spawn_catalog_upload(
583 client
: Arc
<BackupWriter
>,
584 crypt_config
: Option
<Arc
<CryptConfig
>>,
587 Arc
<Mutex
<CatalogWriter
<SenderWriter
>>>,
588 tokio
::sync
::oneshot
::Receiver
<Result
<BackupStats
, Error
>>
591 let (catalog_tx
, catalog_rx
) = mpsc
::channel(10); // allow to buffer 10 writes
592 let catalog_stream
= catalog_rx
.map_err(Error
::from
);
593 let catalog_chunk_size
= 512*1024;
594 let catalog_chunk_stream
= ChunkStream
::new(catalog_stream
, Some(catalog_chunk_size
));
596 let catalog
= Arc
::new(Mutex
::new(CatalogWriter
::new(SenderWriter
::new(catalog_tx
))?
));
598 let (catalog_result_tx
, catalog_result_rx
) = tokio
::sync
::oneshot
::channel();
600 tokio
::spawn(async
move {
601 let catalog_upload_result
= client
602 .upload_stream(CATALOG_NAME
, catalog_chunk_stream
, "dynamic", None
, crypt_config
)
605 if let Err(ref err
) = catalog_upload_result
{
606 eprintln
!("catalog upload error - {}", err
);
610 let _
= catalog_result_tx
.send(catalog_upload_result
);
613 Ok((catalog
, catalog_result_rx
))
619 _rpcenv
: &mut dyn RpcEnvironment
,
620 ) -> Result
<Value
, Error
> {
622 let repo
= extract_repository_from_value(¶m
)?
;
624 let backupspec_list
= tools
::required_array_param(¶m
, "backupspec")?
;
626 let all_file_systems
= param
["all-file-systems"].as_bool().unwrap_or(false);
628 let skip_lost_and_found
= param
["skip-lost-and-found"].as_bool().unwrap_or(false);
630 let verbose
= param
["verbose"].as_bool().unwrap_or(false);
632 let backup_time_opt
= param
["backup-time"].as_i64();
634 let chunk_size_opt
= param
["chunk-size"].as_u64().map(|v
| (v
*1024) as usize);
636 if let Some(size
) = chunk_size_opt
{
637 verify_chunk_size(size
)?
;
640 let keyfile
= param
["keyfile"].as_str().map(PathBuf
::from
);
642 let backup_id
= param
["backup-id"].as_str().unwrap_or(&proxmox
::tools
::nodename());
644 let backup_type
= param
["backup-type"].as_str().unwrap_or("host");
646 let include_dev
= param
["include-dev"].as_array();
648 let mut devices
= if all_file_systems { None }
else { Some(HashSet::new()) }
;
650 if let Some(include_dev
) = include_dev
{
651 if all_file_systems
{
652 bail
!("option 'all-file-systems' conflicts with option 'include-dev'");
655 let mut set
= HashSet
::new();
656 for path
in include_dev
{
657 let path
= path
.as_str().unwrap();
658 let stat
= nix
::sys
::stat
::stat(path
)
659 .map_err(|err
| format_err
!("fstat {:?} failed - {}", path
, err
))?
;
660 set
.insert(stat
.st_dev
);
665 let mut upload_list
= vec
![];
667 enum BackupType { PXAR, IMAGE, CONFIG, LOGFILE }
;
669 let mut upload_catalog
= false;
671 for backupspec
in backupspec_list
{
672 let (target
, filename
) = parse_backupspec(backupspec
.as_str().unwrap())?
;
674 use std
::os
::unix
::fs
::FileTypeExt
;
676 let metadata
= std
::fs
::metadata(filename
)
677 .map_err(|err
| format_err
!("unable to access '{}' - {}", filename
, err
))?
;
678 let file_type
= metadata
.file_type();
680 let extension
= target
.rsplit('
.'
).next()
681 .ok_or_else(|| format_err
!("missing target file extenion '{}'", target
))?
;
685 if !file_type
.is_dir() {
686 bail
!("got unexpected file type (expected directory)");
688 upload_list
.push((BackupType
::PXAR
, filename
.to_owned(), format
!("{}.didx", target
), 0));
689 upload_catalog
= true;
693 if !(file_type
.is_file() || file_type
.is_block_device()) {
694 bail
!("got unexpected file type (expected file or block device)");
697 let size
= image_size(&PathBuf
::from(filename
))?
;
699 if size
== 0 { bail!("got zero-sized file '{}'
", filename); }
701 upload_list.push((BackupType::IMAGE, filename.to_owned(), format!("{}
.fidx
", target), size));
704 if !file_type.is_file() {
705 bail!("got unexpected file
type (expected regular file
)");
707 upload_list.push((BackupType::CONFIG, filename.to_owned(), format!("{}
.blob
", target), metadata.len()));
710 if !file_type.is_file() {
711 bail!("got unexpected file
type (expected regular file
)");
713 upload_list.push((BackupType::LOGFILE, filename.to_owned(), format!("{}
.blob
", target), metadata.len()));
716 bail!("got unknown archive extension '{}'
", extension);
721 let backup_time = Utc.timestamp(backup_time_opt.unwrap_or_else(|| Utc::now().timestamp()), 0);
723 let client = HttpClient::new(repo.host(), repo.user(), None)?;
724 record_repository(&repo);
726 println!("Starting backup
: {}
/{}
/{}
", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time));
728 println!("Client name
: {}
", proxmox::tools::nodename());
730 let start_time = Local::now();
732 println!("Starting protocol
: {}
", start_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
734 let (crypt_config, rsa_encrypted_key) = match keyfile {
735 None => (None, None),
737 let (key, created) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
739 let crypt_config = CryptConfig::new(key)?;
741 let path = master_pubkey_path()?;
743 let pem_data = file_get_contents(&path)?;
744 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
745 let enc_key = crypt_config.generate_rsa_encoded_key(rsa, created)?;
746 (Some(Arc::new(crypt_config)), Some(enc_key))
748 (Some(Arc::new(crypt_config)), None)
753 async_main(async move {
754 let client = BackupWriter::start(
763 let snapshot = BackupDir::new(backup_type, backup_id, backup_time.timestamp());
764 let mut manifest = BackupManifest::new(snapshot);
766 let (catalog, catalog_result_rx) = spawn_catalog_upload(client.clone(), crypt_config.clone())?;
768 for (backup_type, filename, target, size) in upload_list {
770 BackupType::CONFIG => {
771 println!("Upload config file '{}' to '{:?}'
as {}
", filename, repo, target);
773 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
775 manifest.add_file(target, stats.size, stats.csum);
777 BackupType::LOGFILE => { // fixme: remove - not needed anymore ?
778 println!("Upload log file '{}' to '{:?}'
as {}
", filename, repo, target);
780 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
782 manifest.add_file(target, stats.size, stats.csum);
784 BackupType::PXAR => {
785 println!("Upload directory '{}' to '{:?}'
as {}
", filename, repo, target);
786 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
787 let stats = backup_directory(
795 crypt_config.clone(),
798 manifest.add_file(target, stats.size, stats.csum);
799 catalog.lock().unwrap().end_directory()?;
801 BackupType::IMAGE => {
802 println!("Upload image '{}' to '{:?}'
as {}
", filename, repo, target);
803 let stats = backup_image(
810 crypt_config.clone(),
812 manifest.add_file(target, stats.size, stats.csum);
817 // finalize and upload catalog
819 let mutex = Arc::try_unwrap(catalog)
820 .map_err(|_| format_err!("unable to get
catalog (still used
)"))?;
821 let mut catalog = mutex.into_inner().unwrap();
825 drop(catalog); // close upload stream
827 let stats = catalog_result_rx.await??;
829 manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum);
832 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
833 let target = "rsa
-encrypted
.key
";
834 println!("Upload RSA encoded key to '{:?}'
as {}
", repo, target);
836 .upload_blob_from_data(rsa_encrypted_key, target, None, false, false)
838 manifest.add_file(format!("{}
.blob
", target), stats.size, stats.csum);
840 // openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t
842 let mut buffer2 = vec![0u8; rsa.size() as usize];
843 let pem_data = file_get_contents("master
-private
.pem
")?;
844 let rsa = openssl::rsa::Rsa::private_key_from_pem(&pem_data)?;
845 let len = rsa.private_decrypt(&buffer, &mut buffer2, openssl::rsa::Padding::PKCS1)?;
846 println!("TEST {} {:?}
", len, buffer2);
850 // create manifest (index.json)
851 let manifest = manifest.into_json();
853 println!("Upload index
.json to '{:?}'
", repo);
854 let manifest = serde_json::to_string_pretty(&manifest)?.into();
856 .upload_blob_from_data(manifest, MANIFEST_BLOB_NAME, crypt_config.clone(), true, true)
859 client.finish().await?;
861 let end_time = Local::now();
862 let elapsed = end_time.signed_duration_since(start_time);
863 println!("Duration
: {}
", elapsed);
865 println!("End Time
: {}
", end_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
871 fn complete_backup_source(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
873 let mut result = vec![];
875 let data: Vec<&str> = arg.splitn(2, ':').collect();
878 result.push(String::from("root
.pxar
:/"));
879 result.push(String::from("etc
.pxar
:/etc
"));
883 let files = tools::complete_file_name(data[1], param);
886 result.push(format!("{}
:{}
", data[0], file));
895 _rpcenv: &mut dyn RpcEnvironment,
896 ) -> Result<Value, Error> {
897 async_main(restore_do(param))
900 fn dump_image<W: Write>(
901 client: Arc<BackupReader>,
902 crypt_config: Option<Arc<CryptConfig>>,
903 index: FixedIndexReader,
906 ) -> Result<(), Error> {
908 let most_used = index.find_most_used_chunks(8);
910 let mut chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
912 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
913 // and thus slows down reading. Instead, directly use RemoteChunkReader
916 let start_time = std::time::Instant::now();
918 for pos in 0..index.index_count() {
919 let digest = index.index_digest(pos).unwrap();
920 let raw_data = chunk_reader.read_chunk(&digest)?;
921 writer.write_all(&raw_data)?;
922 bytes += raw_data.len();
924 let next_per = ((pos+1)*100)/index.index_count();
926 eprintln!("progress {}
% (read {} bytes
, duration {} sec
)",
927 next_per, bytes, start_time.elapsed().as_secs());
933 let end_time = std::time::Instant::now();
934 let elapsed = end_time.duration_since(start_time);
935 eprintln!("restore image
complete (bytes
={}
, duration
={:.2}s
, speed
={:.2}MB
/s
)",
937 elapsed.as_secs_f64(),
938 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
945 async fn restore_do(param: Value) -> Result<Value, Error> {
946 let repo = extract_repository_from_value(¶m)?;
948 let verbose = param["verbose
"].as_bool().unwrap_or(false);
950 let allow_existing_dirs = param["allow
-existing
-dirs
"].as_bool().unwrap_or(false);
952 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
954 let client = HttpClient::new(repo.host(), repo.user(), None)?;
956 record_repository(&repo);
958 let path = tools::required_string_param(¶m, "snapshot
")?;
960 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
961 let group = BackupGroup::parse(path)?;
963 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
964 let result = client.get(&path, Some(json!({
965 "backup
-type": group.backup_type(),
966 "backup
-id
": group.backup_id(),
969 let list = result["data
"].as_array().unwrap();
971 bail!("backup group '{}' does not contain any snapshots
:", path);
974 let epoch = list[0]["backup
-time
"].as_i64().unwrap();
975 let backup_time = Utc.timestamp(epoch, 0);
976 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
978 let snapshot = BackupDir::parse(path)?;
979 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
982 let target = tools::required_string_param(¶m, "target
")?;
983 let target = if target == "-" { None } else { Some(target) };
985 let keyfile = param["keyfile
"].as_str().map(PathBuf::from);
987 let crypt_config = match keyfile {
990 let (key, _) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
991 Some(Arc::new(CryptConfig::new(key)?))
995 let server_archive_name = if archive_name.ends_with(".pxar
") {
996 format!("{}
.didx
", archive_name)
997 } else if archive_name.ends_with(".img
") {
998 format!("{}
.fidx
", archive_name)
1000 format!("{}
.blob
", archive_name)
1003 let client = BackupReader::start(
1005 crypt_config.clone(),
1013 let manifest = client.download_manifest().await?;
1015 if server_archive_name == MANIFEST_BLOB_NAME {
1016 let backup_index_data = manifest.into_json().to_string();
1017 if let Some(target) = target {
1018 file_set_contents(target, backup_index_data.as_bytes(), None)?;
1020 let stdout = std::io::stdout();
1021 let mut writer = stdout.lock();
1022 writer.write_all(backup_index_data.as_bytes())
1023 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1026 } else if server_archive_name.ends_with(".blob
") {
1028 let mut reader = client.download_blob(&manifest, &server_archive_name).await?;
1030 if let Some(target) = target {
1031 let mut writer = std::fs::OpenOptions::new()
1036 .map_err(|err| format_err!("unable to create target file {:?}
- {}
", target, err))?;
1037 std::io::copy(&mut reader, &mut writer)?;
1039 let stdout = std::io::stdout();
1040 let mut writer = stdout.lock();
1041 std::io::copy(&mut reader, &mut writer)
1042 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1045 } else if server_archive_name.ends_with(".didx
") {
1047 let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
1049 let most_used = index.find_most_used_chunks(8);
1051 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1053 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
1055 if let Some(target) = target {
1057 let feature_flags = pxar::flags::DEFAULT;
1058 let mut decoder = pxar::SequentialDecoder::new(&mut reader, feature_flags);
1059 decoder.set_callback(move |path| {
1061 eprintln!("{:?}
", path);
1065 decoder.set_allow_existing_dirs(allow_existing_dirs);
1067 decoder.restore(Path::new(target), &Vec::new())?;
1069 let mut writer = std::fs::OpenOptions::new()
1071 .open("/dev
/stdout
")
1072 .map_err(|err| format_err!("unable to open
/dev
/stdout
- {}
", err))?;
1074 std::io::copy(&mut reader, &mut writer)
1075 .map_err(|err| format_err!("unable to pipe data
- {}
", err))?;
1077 } else if server_archive_name.ends_with(".fidx
") {
1079 let index = client.download_fixed_index(&manifest, &server_archive_name).await?;
1081 let mut writer = if let Some(target) = target {
1082 std::fs::OpenOptions::new()
1087 .map_err(|err| format_err!("unable to create target file {:?}
- {}
", target, err))?
1089 std::fs::OpenOptions::new()
1091 .open("/dev
/stdout
")
1092 .map_err(|err| format_err!("unable to open
/dev
/stdout
- {}
", err))?
1095 dump_image(client.clone(), crypt_config.clone(), index, &mut writer, verbose)?;
1098 bail!("unknown archive file
extension (expected
.pxar of
.img
)");
1107 _rpcenv: &mut dyn RpcEnvironment,
1108 ) -> Result<Value, Error> {
1110 let logfile = tools::required_string_param(¶m, "logfile
")?;
1111 let repo = extract_repository_from_value(¶m)?;
1113 let snapshot = tools::required_string_param(¶m, "snapshot
")?;
1114 let snapshot = BackupDir::parse(snapshot)?;
1116 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
1118 let keyfile = param["keyfile
"].as_str().map(PathBuf::from);
1120 let crypt_config = match keyfile {
1123 let (key, _created) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1124 let crypt_config = CryptConfig::new(key)?;
1125 Some(Arc::new(crypt_config))
1129 let data = file_get_contents(logfile)?;
1131 let blob = DataBlob::encode(&data, crypt_config.as_ref().map(Arc::as_ref), true)?;
1133 let raw_data = blob.into_inner();
1135 let path = format!("api2
/json
/admin
/datastore
/{}
/upload
-backup
-log
", repo.store());
1138 "backup
-type": snapshot.group().backup_type(),
1139 "backup
-id
": snapshot.group().backup_id(),
1140 "backup
-time
": snapshot.backup_time().timestamp(),
1143 let body = hyper::Body::from(raw_data);
1145 async_main(async move {
1146 client.upload("application
/octet
-stream
", body, &path, Some(args)).await
1153 _rpcenv: &mut dyn RpcEnvironment,
1154 ) -> Result<Value, Error> {
1156 let repo = extract_repository_from_value(¶m)?;
1158 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
1160 let path = format!("api2
/json
/admin
/datastore
/{}
/prune
", repo.store());
1162 let group = tools::required_string_param(¶m, "group
")?;
1163 let group = BackupGroup::parse(group)?;
1164 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
1166 param.as_object_mut().unwrap().remove("repository
");
1167 param.as_object_mut().unwrap().remove("group
");
1168 param.as_object_mut().unwrap().remove("output
-format
");
1170 param["backup
-type"] = group.backup_type().into();
1171 param["backup
-id
"] = group.backup_id().into();
1174 let result = client.post(&path, Some(param)).await?;
1176 record_repository(&repo);
1178 view_task_result(client, result, &output_format).await
1187 _rpcenv: &mut dyn RpcEnvironment,
1188 ) -> Result<Value, Error> {
1190 let repo = extract_repository_from_value(¶m)?;
1192 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
1194 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1196 let path = format!("api2
/json
/admin
/datastore
/{}
/status
", repo.store());
1198 let result = async_main(async move { client.get(&path, None).await })?;
1199 let data = &result["data
"];
1201 record_repository(&repo);
1203 if output_format == "text
" {
1204 let total = data["total
"].as_u64().unwrap();
1205 let used = data["used
"].as_u64().unwrap();
1206 let avail = data["avail
"].as_u64().unwrap();
1207 let roundup = total/200;
1210 "total
: {} used
: {}
({}
%) available
: {}
",
1213 ((used+roundup)*100)/total,
1217 format_and_print_result(data, &output_format);
1223 // like get, but simply ignore errors and return Null instead
1224 async fn try_get(repo: &BackupRepository, url: &str) -> Value {
1226 let client = match HttpClient::new(repo.host(), repo.user(), None) {
1228 _ => return Value::Null,
1231 let mut resp = match client.get(url, None).await {
1233 _ => return Value::Null,
1236 if let Some(map) = resp.as_object_mut() {
1237 if let Some(data) = map.remove("data
") {
1244 fn complete_backup_group(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1245 async_main(async { complete_backup_group_do(param).await })
1248 async fn complete_backup_group_do(param: &HashMap<String, String>) -> Vec<String> {
1250 let mut result = vec![];
1252 let repo = match extract_repository_from_map(param) {
1257 let path = format!("api2
/json
/admin
/datastore
/{}
/groups
", repo.store());
1259 let data = try_get(&repo, &path).await;
1261 if let Some(list) = data.as_array() {
1263 if let (Some(backup_id), Some(backup_type)) =
1264 (item["backup
-id
"].as_str(), item["backup
-type"].as_str())
1266 result.push(format!("{}
/{}
", backup_type, backup_id));
1274 fn complete_group_or_snapshot(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1275 async_main(async { complete_group_or_snapshot_do(arg, param).await })
1278 async fn complete_group_or_snapshot_do(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1280 if arg.matches('/').count() < 2 {
1281 let groups = complete_backup_group_do(param).await;
1282 let mut result = vec![];
1283 for group in groups {
1284 result.push(group.to_string());
1285 result.push(format!("{}
/", group));
1290 complete_backup_snapshot_do(param).await
1293 fn complete_backup_snapshot(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1294 async_main(async { complete_backup_snapshot_do(param).await })
1297 async fn complete_backup_snapshot_do(param: &HashMap<String, String>) -> Vec<String> {
1299 let mut result = vec![];
1301 let repo = match extract_repository_from_map(param) {
1306 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1308 let data = try_get(&repo, &path).await;
1310 if let Some(list) = data.as_array() {
1312 if let (Some(backup_id), Some(backup_type), Some(backup_time)) =
1313 (item["backup
-id
"].as_str(), item["backup
-type"].as_str(), item["backup
-time
"].as_i64())
1315 let snapshot = BackupDir::new(backup_type, backup_id, backup_time);
1316 result.push(snapshot.relative_path().to_str().unwrap().to_owned());
1324 fn complete_server_file_name(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1325 async_main(async { complete_server_file_name_do(param).await })
1328 async fn complete_server_file_name_do(param: &HashMap<String, String>) -> Vec<String> {
1330 let mut result = vec![];
1332 let repo = match extract_repository_from_map(param) {
1337 let snapshot = match param.get("snapshot
") {
1339 match BackupDir::parse(path) {
1347 let query = tools::json_object_to_query(json!({
1348 "backup
-type": snapshot.group().backup_type(),
1349 "backup
-id
": snapshot.group().backup_id(),
1350 "backup
-time
": snapshot.backup_time().timestamp(),
1353 let path = format!("api2
/json
/admin
/datastore
/{}
/files?{}
", repo.store(), query);
1355 let data = try_get(&repo, &path).await;
1357 if let Some(list) = data.as_array() {
1359 if let Some(filename) = item["filename
"].as_str() {
1360 result.push(filename.to_owned());
1368 fn complete_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1369 complete_server_file_name(arg, param)
1371 .map(|v| strip_server_file_expenstion(&v))
1375 fn complete_pxar_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1376 complete_server_file_name(arg, param)
1379 let name = strip_server_file_expenstion(&v);
1380 if name.ends_with(".pxar
") {
1389 fn complete_chunk_size(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
1391 let mut result = vec![];
1395 result.push(size.to_string());
1397 if size > 4096 { break; }
1403 fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
1405 // fixme: implement other input methods
1407 use std::env::VarError::*;
1408 match std::env::var("PBS_ENCRYPTION_PASSWORD
") {
1409 Ok(p) => return Ok(p.as_bytes().to_vec()),
1410 Err(NotUnicode(_)) => bail!("PBS_ENCRYPTION_PASSWORD contains bad characters
"),
1411 Err(NotPresent) => {
1412 // Try another method
1416 // If we're on a TTY, query the user for a password
1417 if crate::tools::tty::stdin_isatty() {
1418 return Ok(crate::tools::tty::read_password("Encryption Key Password
: ")?);
1421 bail!("no password input mechanism available
");
1427 _rpcenv: &mut dyn RpcEnvironment,
1428 ) -> Result<Value, Error> {
1430 let path = tools::required_string_param(¶m, "path
")?;
1431 let path = PathBuf::from(path);
1433 let kdf = param["kdf
"].as_str().unwrap_or("scrypt
");
1435 let key = proxmox::sys::linux::random_data(32)?;
1437 if kdf == "scrypt
" {
1438 // always read passphrase from tty
1439 if !crate::tools::tty::stdin_isatty() {
1440 bail!("unable to read passphrase
- no tty
");
1443 let password = crate::tools::tty::read_password("Encryption Key Password
: ")?;
1445 let key_config = encrypt_key_with_passphrase(&key, &password)?;
1447 store_key_config(&path, false, key_config)?;
1450 } else if kdf == "none
" {
1451 let created = Local.timestamp(Local::now().timestamp(), 0);
1453 store_key_config(&path, false, KeyConfig {
1466 fn master_pubkey_path() -> Result<PathBuf, Error> {
1467 let base = BaseDirectories::with_prefix("proxmox
-backup
")?;
1469 // usually $HOME/.config/proxmox-backup/master-public.pem
1470 let path = base.place_config_file("master
-public
.pem
")?;
1475 fn key_import_master_pubkey(
1478 _rpcenv: &mut dyn RpcEnvironment,
1479 ) -> Result<Value, Error> {
1481 let path = tools::required_string_param(¶m, "path
")?;
1482 let path = PathBuf::from(path);
1484 let pem_data = file_get_contents(&path)?;
1486 if let Err(err) = openssl::pkey::PKey::public_key_from_pem(&pem_data) {
1487 bail!("Unable to decode PEM data
- {}
", err);
1490 let target_path = master_pubkey_path()?;
1492 file_set_contents(&target_path, &pem_data, None)?;
1494 println!("Imported public master key to {:?}
", target_path);
1499 fn key_create_master_key(
1502 _rpcenv: &mut dyn RpcEnvironment,
1503 ) -> Result<Value, Error> {
1505 // we need a TTY to query the new password
1506 if !crate::tools::tty::stdin_isatty() {
1507 bail!("unable to create master key
- no tty
");
1510 let rsa = openssl::rsa::Rsa::generate(4096)?;
1511 let pkey = openssl::pkey::PKey::from_rsa(rsa)?;
1513 let new_pw = String::from_utf8(crate::tools::tty::read_password("Master Key Password
: ")?)?;
1514 let verify_pw = String::from_utf8(crate::tools::tty::read_password("Verify Password
: ")?)?;
1516 if new_pw != verify_pw {
1517 bail!("Password verification fail
!");
1520 if new_pw.len() < 5 {
1521 bail!("Password is too short
!");
1524 let pub_key: Vec<u8> = pkey.public_key_to_pem()?;
1525 let filename_pub = "master
-public
.pem
";
1526 println!("Writing public master key to {}
", filename_pub);
1527 file_set_contents(filename_pub, pub_key.as_slice(), None)?;
1529 let cipher = openssl::symm::Cipher::aes_256_cbc();
1530 let priv_key: Vec<u8> = pkey.private_key_to_pem_pkcs8_passphrase(cipher, new_pw.as_bytes())?;
1532 let filename_priv = "master
-private
.pem
";
1533 println!("Writing private master key to {}
", filename_priv);
1534 file_set_contents(filename_priv, priv_key.as_slice(), None)?;
1539 fn key_change_passphrase(
1542 _rpcenv: &mut dyn RpcEnvironment,
1543 ) -> Result<Value, Error> {
1545 let path = tools::required_string_param(¶m, "path
")?;
1546 let path = PathBuf::from(path);
1548 let kdf = param["kdf
"].as_str().unwrap_or("scrypt
");
1550 // we need a TTY to query the new password
1551 if !crate::tools::tty::stdin_isatty() {
1552 bail!("unable to change passphrase
- no tty
");
1555 let (key, created) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1557 if kdf == "scrypt
" {
1559 let new_pw = String::from_utf8(crate::tools::tty::read_password("New Password
: ")?)?;
1560 let verify_pw = String::from_utf8(crate::tools::tty::read_password("Verify Password
: ")?)?;
1562 if new_pw != verify_pw {
1563 bail!("Password verification fail
!");
1566 if new_pw.len() < 5 {
1567 bail!("Password is too short
!");
1570 let mut new_key_config = encrypt_key_with_passphrase(&key, new_pw.as_bytes())?;
1571 new_key_config.created = created; // keep original value
1573 store_key_config(&path, true, new_key_config)?;
1576 } else if kdf == "none
" {
1577 let modified = Local.timestamp(Local::now().timestamp(), 0);
1579 store_key_config(&path, true, KeyConfig {
1581 created, // keep original value
1592 fn key_mgmt_cli() -> CliCommandMap {
1594 const KDF_SCHEMA: Schema =
1595 StringSchema::new("Key derivation function
. Choose 'none' to store the key unecrypted
.")
1596 .format(&ApiStringFormat::Enum(&["scrypt
", "none
"]))
1601 const API_METHOD_KEY_CREATE: ApiMethod = ApiMethod::new(
1602 &ApiHandler::Sync(&key_create),
1604 "Create a new encryption key
.",
1606 ("path
", false, &StringSchema::new("File system path
.").schema()),
1607 ("kdf
", true, &KDF_SCHEMA),
1612 let key_create_cmd_def = CliCommand::new(&API_METHOD_KEY_CREATE)
1613 .arg_param(&["path
"])
1614 .completion_cb("path
", tools::complete_file_name);
1617 const API_METHOD_KEY_CHANGE_PASSPHRASE: ApiMethod = ApiMethod::new(
1618 &ApiHandler::Sync(&key_change_passphrase),
1620 "Change the passphrase required to decrypt the key
.",
1622 ("path
", false, &StringSchema::new("File system path
.").schema()),
1623 ("kdf
", true, &KDF_SCHEMA),
1628 let key_change_passphrase_cmd_def = CliCommand::new(&API_METHOD_KEY_CHANGE_PASSPHRASE)
1629 .arg_param(&["path
"])
1630 .completion_cb("path
", tools::complete_file_name);
1632 const API_METHOD_KEY_CREATE_MASTER_KEY: ApiMethod = ApiMethod::new(
1633 &ApiHandler::Sync(&key_create_master_key),
1634 &ObjectSchema::new("Create a new
4096 bit RSA master
pub/priv key pair
.", &[])
1637 let key_create_master_key_cmd_def = CliCommand::new(&API_METHOD_KEY_CREATE_MASTER_KEY);
1640 const API_METHOD_KEY_IMPORT_MASTER_PUBKEY: ApiMethod = ApiMethod::new(
1641 &ApiHandler::Sync(&key_import_master_pubkey),
1643 "Import a new RSA public key and
use it
as master key
. The key is expected to be
in '
.pem' format
.",
1644 &sorted!([ ("path
", false, &StringSchema::new("File system path
.").schema()) ]),
1648 let key_import_master_pubkey_cmd_def = CliCommand::new(&API_METHOD_KEY_IMPORT_MASTER_PUBKEY)
1649 .arg_param(&["path
"])
1650 .completion_cb("path
", tools::complete_file_name);
1652 CliCommandMap::new()
1653 .insert("create
", key_create_cmd_def)
1654 .insert("create
-master
-key
", key_create_master_key_cmd_def)
1655 .insert("import
-master
-pubkey
", key_import_master_pubkey_cmd_def)
1656 .insert("change
-passphrase
", key_change_passphrase_cmd_def)
1662 _rpcenv: &mut dyn RpcEnvironment,
1663 ) -> Result<Value, Error> {
1664 let verbose = param["verbose
"].as_bool().unwrap_or(false);
1666 // This will stay in foreground with debug output enabled as None is
1667 // passed for the RawFd.
1668 return async_main(mount_do(param, None));
1671 // Process should be deamonized.
1672 // Make sure to fork before the async runtime is instantiated to avoid troubles.
1675 Ok(ForkResult::Parent { .. }) => {
1676 nix::unistd::close(pipe.1).unwrap();
1677 // Blocks the parent process until we are ready to go in the child
1678 let _res = nix::unistd::read(pipe.0, &mut [0]).unwrap();
1681 Ok(ForkResult::Child) => {
1682 nix::unistd::close(pipe.0).unwrap();
1683 nix::unistd::setsid().unwrap();
1684 async_main(mount_do(param, Some(pipe.1)))
1686 Err(_) => bail!("failed to daemonize process
"),
1690 async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
1691 let repo = extract_repository_from_value(¶m)?;
1692 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
1693 let target = tools::required_string_param(¶m, "target
")?;
1694 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1696 record_repository(&repo);
1698 let path = tools::required_string_param(¶m, "snapshot
")?;
1699 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1700 let group = BackupGroup::parse(path)?;
1702 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1703 let result = client.get(&path, Some(json!({
1704 "backup
-type": group.backup_type(),
1705 "backup
-id
": group.backup_id(),
1708 let list = result["data
"].as_array().unwrap();
1709 if list.is_empty() {
1710 bail!("backup group '{}' does not contain any snapshots
:", path);
1713 let epoch = list[0]["backup
-time
"].as_i64().unwrap();
1714 let backup_time = Utc.timestamp(epoch, 0);
1715 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
1717 let snapshot = BackupDir::parse(path)?;
1718 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1721 let keyfile = param["keyfile
"].as_str().map(PathBuf::from);
1722 let crypt_config = match keyfile {
1725 let (key, _) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1726 Some(Arc::new(CryptConfig::new(key)?))
1730 let server_archive_name = if archive_name.ends_with(".pxar
") {
1731 format!("{}
.didx
", archive_name)
1733 bail!("Can only mount pxar archives
.");
1736 let client = BackupReader::start(
1738 crypt_config.clone(),
1746 let manifest = client.download_manifest().await?;
1748 if server_archive_name.ends_with(".didx
") {
1749 let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
1750 let most_used = index.find_most_used_chunks(8);
1751 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1752 let reader = BufferedDynamicReader::new(index, chunk_reader);
1753 let decoder = pxar::Decoder::new(reader)?;
1754 let options = OsStr::new("ro
,default_permissions
");
1755 let mut session = pxar::fuse::Session::new(decoder, &options, pipe.is_none())
1756 .map_err(|err| format_err!("pxar mount failed
: {}
", err))?;
1758 // Mount the session but not call fuse deamonize as this will cause
1759 // issues with the runtime after the fork
1760 let deamonize = false;
1761 session.mount(&Path::new(target), deamonize)?;
1763 if let Some(pipe) = pipe {
1764 nix::unistd::chdir(Path::new("/")).unwrap();
1765 // Finish creation of deamon by redirecting filedescriptors.
1766 let nullfd = nix::fcntl::open(
1768 nix::fcntl::OFlag::O_RDWR,
1769 nix::sys::stat::Mode::empty(),
1771 nix::unistd::dup2(nullfd, 0).unwrap();
1772 nix::unistd::dup2(nullfd, 1).unwrap();
1773 nix::unistd::dup2(nullfd, 2).unwrap();
1775 nix::unistd::close(nullfd).unwrap();
1777 // Signal the parent process that we are done with the setup and it can
1779 nix::unistd::write(pipe, &[0u8])?;
1780 nix::unistd::close(pipe).unwrap();
1783 let multithreaded = true;
1784 session.run_loop(multithreaded)?;
1786 bail!("unknown archive file
extension (expected
.pxar
)");
1795 _rpcenv: &mut dyn RpcEnvironment,
1796 ) -> Result<Value, Error> {
1797 async_main(catalog_shell_async(param))
1800 async fn catalog_shell_async(param: Value) -> Result<Value, Error> {
1801 let repo = extract_repository_from_value(¶m)?;
1802 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1803 let path = tools::required_string_param(¶m, "snapshot
")?;
1804 let archive_name = tools::required_string_param(¶m, "archive
-name
")?;
1806 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1807 let group = BackupGroup::parse(path)?;
1809 let path = format!("api2
/json
/admin
/datastore
/{}
/snapshots
", repo.store());
1810 let result = client.get(&path, Some(json!({
1811 "backup
-type": group.backup_type(),
1812 "backup
-id
": group.backup_id(),
1815 let list = result["data
"].as_array().unwrap();
1816 if list.is_empty() {
1817 bail!("backup group '{}' does not contain any snapshots
:", path);
1820 let epoch = list[0]["backup
-time
"].as_i64().unwrap();
1821 let backup_time = Utc.timestamp(epoch, 0);
1822 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
1824 let snapshot = BackupDir::parse(path)?;
1825 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1828 let keyfile = param["keyfile
"].as_str().map(|p| PathBuf::from(p));
1829 let crypt_config = match keyfile {
1832 let (key, _) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1833 Some(Arc::new(CryptConfig::new(key)?))
1837 let server_archive_name = if archive_name.ends_with(".pxar
") {
1838 format!("{}
.didx
", archive_name)
1840 bail!("Can only mount pxar archives
.");
1843 let client = BackupReader::start(
1845 crypt_config.clone(),
1853 let tmpfile = std::fs::OpenOptions::new()
1856 .custom_flags(libc::O_TMPFILE)
1859 let manifest = client.download_manifest().await?;
1861 let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
1862 let most_used = index.find_most_used_chunks(8);
1863 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config.clone(), most_used);
1864 let reader = BufferedDynamicReader::new(index, chunk_reader);
1865 let mut decoder = pxar::Decoder::new(reader)?;
1866 decoder.set_callback(|path| {
1867 println!("{:?}
", path);
1871 let tmpfile = client.download(CATALOG_NAME, tmpfile).await?;
1872 let index = DynamicIndexReader::new(tmpfile)
1873 .map_err(|err| format_err!("unable to read catalog index
- {}
", err))?;
1875 // Note: do not use values stored in index (not trusted) - instead, computed them again
1876 let (csum, size) = index.compute_csum();
1877 manifest.verify_file(CATALOG_NAME, &csum, size)?;
1879 let most_used = index.find_most_used_chunks(8);
1880 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1881 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
1882 let mut catalogfile = std::fs::OpenOptions::new()
1885 .custom_flags(libc::O_TMPFILE)
1888 std::io::copy(&mut reader, &mut catalogfile)
1889 .map_err(|err| format_err!("unable to download catalog
- {}
", err))?;
1891 catalogfile.seek(SeekFrom::Start(0))?;
1892 let catalog_reader = CatalogReader::new(catalogfile);
1893 let state = Shell::new(
1895 &server_archive_name,
1899 println!("Starting interactive shell
");
1902 record_repository(&repo);
1907 fn catalog_mgmt_cli() -> CliCommandMap {
1910 const API_METHOD_SHELL: ApiMethod = ApiMethod::new(
1911 &ApiHandler::Sync(&catalog_shell),
1913 "Shell to interactively inspect and restore snapshots
.",
1915 ("snapshot
", false, &StringSchema::new("Group
/Snapshot path
.").schema()),
1916 ("archive
-name
", false, &StringSchema::new("Backup archive name
.").schema()),
1917 ("repository
", true, &REPO_URL_SCHEMA),
1918 ("keyfile
", true, &StringSchema::new("Path to encryption key
.").schema()),
1923 let catalog_shell_cmd_def = CliCommand::new(&API_METHOD_SHELL)
1924 .arg_param(&["snapshot
", "archive
-name
"])
1925 .completion_cb("repository
", complete_repository)
1926 .completion_cb("archive
-name
", complete_pxar_archive_name)
1927 .completion_cb("snapshot
", complete_group_or_snapshot);
1930 const API_METHOD_DUMP_CATALOG: ApiMethod = ApiMethod::new(
1931 &ApiHandler::Sync(&dump_catalog),
1935 ("snapshot
", false, &StringSchema::new("Snapshot path
.").schema()),
1936 ("repository
", true, &REPO_URL_SCHEMA),
1941 let catalog_dump_cmd_def = CliCommand::new(&API_METHOD_DUMP_CATALOG)
1942 .arg_param(&["snapshot
"])
1943 .completion_cb("repository
", complete_repository)
1944 .completion_cb("snapshot
", complete_backup_snapshot);
1946 CliCommandMap::new()
1947 .insert("dump
", catalog_dump_cmd_def)
1948 .insert("shell
", catalog_shell_cmd_def)
1955 schema: REPO_URL_SCHEMA,
1959 description: "The maximal number of tasks to list
.",
1967 schema: OUTPUT_FORMAT,
1973 /// List running server tasks for this repo user
1974 fn task_list(param: Value) -> Result<Value, Error> {
1977 let output_format = param["output
-format
"].as_str().unwrap_or("text
").to_owned();
1978 let repo = extract_repository_from_value(¶m)?;
1979 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1981 let limit = param["limit
"].as_u64().unwrap_or(50) as usize;
1983 let args = json!({ "start": 0, "limit": limit, "userfilter": repo.user()});
1984 let result = client.get("api2
/json
/nodes
/localhost
/tasks
", Some(args)).await?;
1986 let data = &result["data
"];
1988 if output_format == "text
" {
1989 for item in data.as_array().unwrap() {
1992 item["upid
"].as_str().unwrap(),
1993 item["status
"].as_str().unwrap_or("running
"),
1997 format_and_print_result(data, &output_format);
2010 schema: REPO_URL_SCHEMA,
2014 schema: UPID_SCHEMA,
2019 /// Display the task log.
2020 fn task_log(param: Value) -> Result<Value, Error> {
2023 let repo = extract_repository_from_value(¶m)?;
2024 let upid = tools::required_string_param(¶m, "upid
")?;
2026 let client = HttpClient::new(repo.host(), repo.user(), None)?;
2028 display_task_log(client, upid, true).await?;
2036 fn task_mgmt_cli() -> CliCommandMap {
2038 let task_list_cmd_def = CliCommand::new(&API_METHOD_TASK_LIST)
2039 .completion_cb("repository
", complete_repository);
2041 let task_log_cmd_def = CliCommand::new(&API_METHOD_TASK_LOG)
2042 .arg_param(&["upid
"]);
2044 CliCommandMap::new()
2045 .insert("log
", task_log_cmd_def)
2046 .insert("list
", task_list_cmd_def)
2052 const BACKUP_SOURCE_SCHEMA: Schema = StringSchema::new("Backup source
specification ([<label
>:<path
>]).")
2053 .format(&ApiStringFormat::Pattern(&BACKUPSPEC_REGEX))
2057 const API_METHOD_CREATE_BACKUP: ApiMethod = ApiMethod::new(
2058 &ApiHandler::Sync(&create_backup),
2060 "Create (host
) backup
.",
2066 "List of backup source
specifications ([<label
.ext
>:<path
>] ...)",
2067 &BACKUP_SOURCE_SCHEMA,
2068 ).min_length(1).schema()
2079 "Include mountpoints with same st_dev
number (see ``man fstat``
) as specified files
.",
2080 &StringSchema::new("Path to file
.").schema()
2086 &StringSchema::new("Path to encryption key
. All data will be encrypted using this key
.").schema()
2091 &BooleanSchema::new("Verbose output
.")
2096 "skip
-lost
-and
-found
",
2098 &BooleanSchema::new("Skip lost
+found directory
")
2105 &BACKUP_TYPE_SCHEMA,
2120 &IntegerSchema::new("Chunk size
in KB
. Must be a power of
2.")
2130 let backup_cmd_def = CliCommand::new(&API_METHOD_CREATE_BACKUP)
2131 .arg_param(&["backupspec
"])
2132 .completion_cb("repository
", complete_repository)
2133 .completion_cb("backupspec
", complete_backup_source)
2134 .completion_cb("keyfile
", tools::complete_file_name)
2135 .completion_cb("chunk
-size
", complete_chunk_size);
2138 const API_METHOD_UPLOAD_LOG: ApiMethod = ApiMethod::new(
2139 &ApiHandler::Sync(&upload_log),
2141 "Upload backup log file
.",
2146 &StringSchema::new("Snapshot path
.").schema()
2151 &StringSchema::new("The path to the log file you want to upload
.").schema()
2161 &StringSchema::new("Path to encryption key
. All data will be encrypted using this key
.").schema()
2167 let upload_log_cmd_def = CliCommand::new(&API_METHOD_UPLOAD_LOG)
2168 .arg_param(&["snapshot
", "logfile
"])
2169 .completion_cb("snapshot
", complete_backup_snapshot)
2170 .completion_cb("logfile
", tools::complete_file_name)
2171 .completion_cb("keyfile
", tools::complete_file_name)
2172 .completion_cb("repository
", complete_repository);
2175 const API_METHOD_LIST_BACKUP_GROUPS: ApiMethod = ApiMethod::new(
2176 &ApiHandler::Sync(&list_backup_groups),
2178 "List backup groups
.",
2180 ("repository
", true, &REPO_URL_SCHEMA),
2181 ("output
-format
", true, &OUTPUT_FORMAT),
2186 let list_cmd_def = CliCommand::new(&API_METHOD_LIST_BACKUP_GROUPS)
2187 .completion_cb("repository
", complete_repository);
2190 const API_METHOD_LIST_SNAPSHOTS: ApiMethod = ApiMethod::new(
2191 &ApiHandler::Sync(&list_snapshots),
2193 "List backup snapshots
.",
2195 ("group
", true, &StringSchema::new("Backup group
.").schema()),
2196 ("repository
", true, &REPO_URL_SCHEMA),
2197 ("output
-format
", true, &OUTPUT_FORMAT),
2202 let snapshots_cmd_def = CliCommand::new(&API_METHOD_LIST_SNAPSHOTS)
2203 .arg_param(&["group
"])
2204 .completion_cb("group
", complete_backup_group)
2205 .completion_cb("repository
", complete_repository);
2208 const API_METHOD_FORGET_SNAPSHOTS: ApiMethod = ApiMethod::new(
2209 &ApiHandler::Sync(&forget_snapshots),
2211 "Forget (remove
) backup snapshots
.",
2213 ("snapshot
", false, &StringSchema::new("Snapshot path
.").schema()),
2214 ("repository
", true, &REPO_URL_SCHEMA),
2219 let forget_cmd_def = CliCommand::new(&API_METHOD_FORGET_SNAPSHOTS)
2220 .arg_param(&["snapshot
"])
2221 .completion_cb("repository
", complete_repository)
2222 .completion_cb("snapshot
", complete_backup_snapshot);
2225 const API_METHOD_START_GARBAGE_COLLECTION: ApiMethod = ApiMethod::new(
2226 &ApiHandler::Sync(&start_garbage_collection),
2228 "Start garbage collection
for a specific repository
.",
2229 &sorted!([ ("repository
", true, &REPO_URL_SCHEMA) ]),
2233 let garbage_collect_cmd_def = CliCommand::new(&API_METHOD_START_GARBAGE_COLLECTION)
2234 .completion_cb("repository
", complete_repository);
2237 const API_METHOD_RESTORE: ApiMethod = ApiMethod::new(
2238 &ApiHandler::Sync(&restore),
2240 "Restore backup repository
.",
2242 ("snapshot
", false, &StringSchema::new("Group
/Snapshot path
.").schema()),
2243 ("archive
-name
", false, &StringSchema::new("Backup archive name
.").schema()),
2248 r###"Target directory path
. Use '
-' to write to stdandard output
.
2250 We
do not extraxt '
.pxar' archives when writing to stdandard output
.
2256 "allow
-existing
-dirs
",
2258 &BooleanSchema::new("Do not fail
if directories already exists
.")
2262 ("repository
", true, &REPO_URL_SCHEMA),
2263 ("keyfile
", true, &StringSchema::new("Path to encryption key
.").schema()),
2267 &BooleanSchema::new("Verbose output
.")
2275 let restore_cmd_def = CliCommand::new(&API_METHOD_RESTORE)
2276 .arg_param(&["snapshot
", "archive
-name
", "target
"])
2277 .completion_cb("repository
", complete_repository)
2278 .completion_cb("snapshot
", complete_group_or_snapshot)
2279 .completion_cb("archive
-name
", complete_archive_name)
2280 .completion_cb("target
", tools::complete_file_name);
2283 const API_METHOD_LIST_SNAPSHOT_FILES: ApiMethod = ApiMethod::new(
2284 &ApiHandler::Sync(&list_snapshot_files),
2286 "List snapshot files
.",
2288 ("snapshot
", false, &StringSchema::new("Snapshot path
.").schema()),
2289 ("repository
", true, &REPO_URL_SCHEMA),
2290 ("output
-format
", true, &OUTPUT_FORMAT),
2295 let files_cmd_def = CliCommand::new(&API_METHOD_LIST_SNAPSHOT_FILES)
2296 .arg_param(&["snapshot
"])
2297 .completion_cb("repository
", complete_repository)
2298 .completion_cb("snapshot
", complete_backup_snapshot);
2300 const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
2301 &ApiHandler::Sync(&prune),
2303 "Prune backup repository
.",
2304 &proxmox_backup::add_common_prune_prameters!([
2305 ("dry
-run
", true, &BooleanSchema::new(
2306 "Just show what prune would
do, but
do not delete anything
.")
2308 ("group
", false, &StringSchema::new("Backup group
.").schema()),
2310 ("output
-format
", true, &OUTPUT_FORMAT),
2311 ("repository
", true, &REPO_URL_SCHEMA),
2316 let prune_cmd_def = CliCommand::new(&API_METHOD_PRUNE)
2317 .arg_param(&["group
"])
2318 .completion_cb("group
", complete_backup_group)
2319 .completion_cb("repository
", complete_repository);
2322 const API_METHOD_STATUS: ApiMethod = ApiMethod::new(
2323 &ApiHandler::Sync(&status),
2325 "Get repository status
.",
2327 ("repository
", true, &REPO_URL_SCHEMA),
2328 ("output
-format
", true, &OUTPUT_FORMAT),
2333 let status_cmd_def = CliCommand::new(&API_METHOD_STATUS)
2334 .completion_cb("repository
", complete_repository);
2337 const API_METHOD_API_LOGIN: ApiMethod = ApiMethod::new(
2338 &ApiHandler::Sync(&api_login),
2340 "Try to login
. If successful
, store ticket
.",
2341 &sorted!([ ("repository
", true, &REPO_URL_SCHEMA) ]),
2345 let login_cmd_def = CliCommand::new(&API_METHOD_API_LOGIN)
2346 .completion_cb("repository
", complete_repository);
2349 const API_METHOD_API_LOGOUT: ApiMethod = ApiMethod::new(
2350 &ApiHandler::Sync(&api_logout),
2352 "Logout (delete stored ticket
).",
2353 &sorted!([ ("repository
", true, &REPO_URL_SCHEMA) ]),
2357 let logout_cmd_def = CliCommand::new(&API_METHOD_API_LOGOUT)
2358 .completion_cb("repository
", complete_repository);
2361 const API_METHOD_MOUNT: ApiMethod = ApiMethod::new(
2362 &ApiHandler::Sync(&mount),
2364 "Mount pxar archive
.",
2366 ("snapshot
", false, &StringSchema::new("Group
/Snapshot path
.").schema()),
2367 ("archive
-name
", false, &StringSchema::new("Backup archive name
.").schema()),
2368 ("target
", false, &StringSchema::new("Target directory path
.").schema()),
2369 ("repository
", true, &REPO_URL_SCHEMA),
2370 ("keyfile
", true, &StringSchema::new("Path to encryption key
.").schema()),
2371 ("verbose
", true, &BooleanSchema::new("Verbose output
.").default(false).schema()),
2376 let mount_cmd_def = CliCommand::new(&API_METHOD_MOUNT)
2377 .arg_param(&["snapshot
", "archive
-name
", "target
"])
2378 .completion_cb("repository
", complete_repository)
2379 .completion_cb("snapshot
", complete_group_or_snapshot)
2380 .completion_cb("archive
-name
", complete_pxar_archive_name)
2381 .completion_cb("target
", tools::complete_file_name);
2384 let cmd_def = CliCommandMap::new()
2385 .insert("backup
", backup_cmd_def)
2386 .insert("upload
-log
", upload_log_cmd_def)
2387 .insert("forget
", forget_cmd_def)
2388 .insert("garbage
-collect
", garbage_collect_cmd_def)
2389 .insert("list
", list_cmd_def)
2390 .insert("login
", login_cmd_def)
2391 .insert("logout
", logout_cmd_def)
2392 .insert("prune
", prune_cmd_def)
2393 .insert("restore
", restore_cmd_def)
2394 .insert("snapshots
", snapshots_cmd_def)
2395 .insert("files
", files_cmd_def)
2396 .insert("status
", status_cmd_def)
2397 .insert("key
", key_mgmt_cli())
2398 .insert("mount
", mount_cmd_def)
2399 .insert("catalog
", catalog_mgmt_cli())
2400 .insert("task
", task_mgmt_cli());
2402 run_cli_command(cmd_def);
2405 fn async_main<F: Future>(fut: F) -> <F as Future>::Output {
2406 let rt = tokio::runtime::Runtime::new().unwrap();
2407 let ret = rt.block_on(fut);