]> git.proxmox.com Git - proxmox-backup.git/blob - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blob
? search:


4b84e8b2740122083f9bf29f9d46df6c5353321a
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
1 use std::sync::{Mutex, Arc};
2 use std::path::{Path, PathBuf};
3 use std::os::unix::io::AsRawFd;
4 use std::future::Future;
5 use std::pin::Pin;
6
7 use anyhow::{bail, format_err, Error};
8 use futures::*;
9 use http::request::Parts;
10 use http::Response;
11 use hyper::{Body, StatusCode};
12 use hyper::header;
13 use url::form_urlencoded;
14
15 use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
16 use tokio_stream::wrappers::ReceiverStream;
17 use serde_json::{json, Value};
18
19 use proxmox::try_block;
20 use proxmox::api::RpcEnvironmentType;
21 use proxmox::sys::linux::socket::set_tcp_keepalive;
22 use proxmox::tools::fs::CreateOptions;
23
24 use pbs_tools::task_log;
25 use pbs_datastore::DataStore;
26 use proxmox_rest_server::{rotate_task_log_archive, ApiConfig, RestServer, WorkerTask};
27
28 use proxmox_backup::{
29 server::{
30 auth::default_api_auth,
31 jobstate::{
32 self,
33 Job,
34 },
35 },
36 };
37
38 use pbs_buildcfg::configdir;
39 use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
40 use pbs_tools::logrotate::LogRotate;
41
42 use pbs_api_types::{
43 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
44 PruneOptions,
45 };
46
47 use proxmox_rest_server::daemon;
48
49 use proxmox_backup::server;
50 use proxmox_backup::auth_helpers::*;
51 use proxmox_backup::tools::{
52 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
53 disks::{
54 DiskManage,
55 zfs_pool_stats,
56 get_pool_from_dataset,
57 },
58 };
59
60
61 use proxmox_backup::api2::pull::do_sync_job;
62 use proxmox_backup::api2::tape::backup::do_tape_backup_job;
63 use proxmox_backup::server::do_verification_job;
64 use proxmox_backup::server::do_prune_job;
65
66 fn main() -> Result<(), Error> {
67 proxmox_backup::tools::setup_safe_path_env();
68
69 let backup_uid = pbs_config::backup_user()?.uid;
70 let backup_gid = pbs_config::backup_group()?.gid;
71 let running_uid = nix::unistd::Uid::effective();
72 let running_gid = nix::unistd::Gid::effective();
73
74 if running_uid != backup_uid || running_gid != backup_gid {
75 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
76 }
77
78 pbs_runtime::main(run())
79 }
80
81 fn get_index<'a>(
82 auth_id: Option<String>,
83 language: Option<String>,
84 api: &'a ApiConfig,
85 parts: Parts,
86 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send + 'a>> {
87 Box::pin(get_index_future(auth_id, language, api, parts))
88 }
89
90 async fn get_index_future(
91 auth_id: Option<String>,
92 language: Option<String>,
93 api: &ApiConfig,
94 parts: Parts,
95 ) -> Response<Body> {
96
97 // fixme: make all IO async
98
99 let (userid, csrf_token) = match auth_id {
100 Some(auth_id) => {
101 let auth_id = auth_id.parse::<Authid>();
102 match auth_id {
103 Ok(auth_id) if !auth_id.is_token() => {
104 let userid = auth_id.user().clone();
105 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
106 (Some(userid), Some(new_csrf_token))
107 }
108 _ => (None, None)
109 }
110 }
111 None => (None, None),
112 };
113
114 let nodename = proxmox::tools::nodename();
115 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
116
117 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
118
119 let mut debug = false;
120 let mut template_file = "index";
121
122 if let Some(query_str) = parts.uri.query() {
123 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
124 if k == "debug" && v != "0" && v != "false" {
125 debug = true;
126 } else if k == "console" {
127 template_file = "console";
128 }
129 }
130 }
131
132 let mut lang = String::from("");
133 if let Some(language) = language {
134 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
135 lang = language;
136 }
137 }
138
139 let data = json!({
140 "NodeName": nodename,
141 "UserName": user,
142 "CSRFPreventionToken": csrf_token,
143 "language": lang,
144 "debug": debug,
145 });
146
147 let (ct, index) = match api.render_template(template_file, &data) {
148 Ok(index) => ("text/html", index),
149 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
150 };
151
152 let mut resp = Response::builder()
153 .status(StatusCode::OK)
154 .header(header::CONTENT_TYPE, ct)
155 .body(index.into())
156 .unwrap();
157
158 if let Some(userid) = userid {
159 resp.extensions_mut().insert(Authid::from((userid, None)));
160 }
161
162 resp
163 }
164
165 async fn run() -> Result<(), Error> {
166 if let Err(err) = syslog::init(
167 syslog::Facility::LOG_DAEMON,
168 log::LevelFilter::Info,
169 Some("proxmox-backup-proxy")) {
170 bail!("unable to inititialize syslog - {}", err);
171 }
172
173 // Note: To debug early connection error use
174 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
175 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
176
177 let _ = public_auth_key(); // load with lazy_static
178 let _ = csrf_secret(); // load with lazy_static
179
180 let mut config = ApiConfig::new(
181 pbs_buildcfg::JS_DIR,
182 &proxmox_backup::api2::ROUTER,
183 RpcEnvironmentType::PUBLIC,
184 default_api_auth(),
185 &get_index,
186 )?;
187
188 config.add_alias("novnc", "/usr/share/novnc-pve");
189 config.add_alias("extjs", "/usr/share/javascript/extjs");
190 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
191 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
192 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
193 config.add_alias("locale", "/usr/share/pbs-i18n");
194 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
195 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
196
197 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
198 indexpath.push("index.hbs");
199 config.register_template("index", &indexpath)?;
200 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
201
202 let backup_user = pbs_config::backup_user()?;
203 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
204
205 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
206 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
207
208 config.enable_access_log(
209 pbs_buildcfg::API_ACCESS_LOG_FN,
210 Some(dir_opts.clone()),
211 Some(file_opts.clone()),
212 &mut commando_sock,
213 )?;
214
215 config.enable_auth_log(
216 pbs_buildcfg::API_AUTH_LOG_FN,
217 Some(dir_opts.clone()),
218 Some(file_opts.clone()),
219 &mut commando_sock,
220 )?;
221
222 let rest_server = RestServer::new(config);
223 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
224
225 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
226
227 // we build the initial acceptor here as we cannot start if this fails
228 let acceptor = make_tls_acceptor()?;
229 let acceptor = Arc::new(Mutex::new(acceptor));
230
231 // to renew the acceptor we just add a command-socket handler
232 commando_sock.register_command(
233 "reload-certificate".to_string(),
234 {
235 let acceptor = Arc::clone(&acceptor);
236 move |_value| -> Result<_, Error> {
237 log::info!("reloading certificate");
238 match make_tls_acceptor() {
239 Err(err) => log::error!("error reloading certificate: {}", err),
240 Ok(new_acceptor) => {
241 let mut guard = acceptor.lock().unwrap();
242 *guard = new_acceptor;
243 }
244 }
245 Ok(Value::Null)
246 }
247 },
248 )?;
249
250 // to remove references for not configured datastores
251 commando_sock.register_command(
252 "datastore-removed".to_string(),
253 |_value| {
254 if let Err(err) = DataStore::remove_unused_datastores() {
255 log::error!("could not refresh datastores: {}", err);
256 }
257 Ok(Value::Null)
258 }
259 )?;
260
261 let server = daemon::create_daemon(
262 ([0,0,0,0,0,0,0,0], 8007).into(),
263 move |listener| {
264
265 let connections = accept_connections(listener, acceptor, debug);
266 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
267
268 Ok(async {
269 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
270
271 hyper::Server::builder(connections)
272 .serve(rest_server)
273 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
274 .map_err(Error::from)
275 .await
276 })
277 },
278 "proxmox-backup-proxy.service",
279 );
280
281 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
282
283 let init_result: Result<(), Error> = try_block!({
284 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
285 commando_sock.spawn()?;
286 proxmox_rest_server::catch_shutdown_signal()?;
287 proxmox_rest_server::catch_reload_signal()?;
288 Ok(())
289 });
290
291 if let Err(err) = init_result {
292 bail!("unable to start daemon - {}", err);
293 }
294
295 start_task_scheduler();
296 start_stat_generator();
297
298 server.await?;
299 log::info!("server shutting down, waiting for active workers to complete");
300 proxmox_rest_server::last_worker_future().await?;
301 log::info!("done - exit server");
302
303 Ok(())
304 }
305
306 fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
307 let key_path = configdir!("/proxy.key");
308 let cert_path = configdir!("/proxy.pem");
309
310 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
311 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
312 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
313 acceptor.set_certificate_chain_file(cert_path)
314 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
315 acceptor.check_private_key().unwrap();
316
317 Ok(acceptor.build())
318 }
319
320 type ClientStreamResult =
321 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
322 const MAX_PENDING_ACCEPTS: usize = 1024;
323
324 fn accept_connections(
325 listener: tokio::net::TcpListener,
326 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
327 debug: bool,
328 ) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
329
330 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
331
332 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
333
334 receiver
335 }
336
337 async fn accept_connection(
338 listener: tokio::net::TcpListener,
339 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
340 debug: bool,
341 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
342 ) {
343 let accept_counter = Arc::new(());
344
345 loop {
346 let (sock, _addr) = match listener.accept().await {
347 Ok(conn) => conn,
348 Err(err) => {
349 eprintln!("error accepting tcp connection: {}", err);
350 continue;
351 }
352 };
353
354 sock.set_nodelay(true).unwrap();
355 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
356
357 let ssl = { // limit acceptor_guard scope
358 // Acceptor can be reloaded using the command socket "reload-certificate" command
359 let acceptor_guard = acceptor.lock().unwrap();
360
361 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
362 Ok(ssl) => ssl,
363 Err(err) => {
364 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
365 continue;
366 },
367 }
368 };
369
370 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
371 Ok(stream) => stream,
372 Err(err) => {
373 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
374 continue;
375 },
376 };
377
378 let mut stream = Box::pin(stream);
379 let sender = sender.clone();
380
381 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
382 eprintln!("connection rejected - to many open connections");
383 continue;
384 }
385
386 let accept_counter = Arc::clone(&accept_counter);
387 tokio::spawn(async move {
388 let accept_future = tokio::time::timeout(
389 Duration::new(10, 0), stream.as_mut().accept());
390
391 let result = accept_future.await;
392
393 match result {
394 Ok(Ok(())) => {
395 if sender.send(Ok(stream)).await.is_err() && debug {
396 eprintln!("detect closed connection channel");
397 }
398 }
399 Ok(Err(err)) => {
400 if debug {
401 eprintln!("https handshake failed - {}", err);
402 }
403 }
404 Err(_) => {
405 if debug {
406 eprintln!("https handshake timeout");
407 }
408 }
409 }
410
411 drop(accept_counter); // decrease reference count
412 });
413 }
414 }
415
416 fn start_stat_generator() {
417 let abort_future = proxmox_rest_server::shutdown_future();
418 let future = Box::pin(run_stat_generator());
419 let task = futures::future::select(future, abort_future);
420 tokio::spawn(task.map(|_| ()));
421 }
422
423 fn start_task_scheduler() {
424 let abort_future = proxmox_rest_server::shutdown_future();
425 let future = Box::pin(run_task_scheduler());
426 let task = futures::future::select(future, abort_future);
427 tokio::spawn(task.map(|_| ()));
428 }
429
430 use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
431
432 fn next_minute() -> Result<Instant, Error> {
433 let now = SystemTime::now();
434 let epoch_now = now.duration_since(UNIX_EPOCH)?;
435 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
436 Ok(Instant::now() + epoch_next - epoch_now)
437 }
438
439 async fn run_task_scheduler() {
440
441 let mut count: usize = 0;
442
443 loop {
444 count += 1;
445
446 let delay_target = match next_minute() { // try to run very minute
447 Ok(d) => d,
448 Err(err) => {
449 eprintln!("task scheduler: compute next minute failed - {}", err);
450 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
451 continue;
452 }
453 };
454
455 if count > 2 { // wait 1..2 minutes before starting
456 match schedule_tasks().catch_unwind().await {
457 Err(panic) => {
458 match panic.downcast::<&str>() {
459 Ok(msg) => {
460 eprintln!("task scheduler panic: {}", msg);
461 }
462 Err(_) => {
463 eprintln!("task scheduler panic - unknown type");
464 }
465 }
466 }
467 Ok(Err(err)) => {
468 eprintln!("task scheduler failed - {:?}", err);
469 }
470 Ok(Ok(_)) => {}
471 }
472 }
473
474 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
475 }
476 }
477
478 async fn schedule_tasks() -> Result<(), Error> {
479
480 schedule_datastore_garbage_collection().await;
481 schedule_datastore_prune().await;
482 schedule_datastore_sync_jobs().await;
483 schedule_datastore_verify_jobs().await;
484 schedule_tape_backup_jobs().await;
485 schedule_task_log_rotate().await;
486
487 Ok(())
488 }
489
490 async fn schedule_datastore_garbage_collection() {
491
492 let config = match pbs_config::datastore::config() {
493 Err(err) => {
494 eprintln!("unable to read datastore config - {}", err);
495 return;
496 }
497 Ok((config, _digest)) => config,
498 };
499
500 for (store, (_, store_config)) in config.sections {
501 let datastore = match DataStore::lookup_datastore(&store) {
502 Ok(datastore) => datastore,
503 Err(err) => {
504 eprintln!("lookup_datastore failed - {}", err);
505 continue;
506 }
507 };
508
509 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
510 Ok(c) => c,
511 Err(err) => {
512 eprintln!("datastore config from_value failed - {}", err);
513 continue;
514 }
515 };
516
517 let event_str = match store_config.gc_schedule {
518 Some(event_str) => event_str,
519 None => continue,
520 };
521
522 let event = match parse_calendar_event(&event_str) {
523 Ok(event) => event,
524 Err(err) => {
525 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
526 continue;
527 }
528 };
529
530 if datastore.garbage_collection_running() { continue; }
531
532 let worker_type = "garbage_collection";
533
534 let last = match jobstate::last_run_time(worker_type, &store) {
535 Ok(time) => time,
536 Err(err) => {
537 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
538 continue;
539 }
540 };
541
542 let next = match compute_next_event(&event, last, false) {
543 Ok(Some(next)) => next,
544 Ok(None) => continue,
545 Err(err) => {
546 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
547 continue;
548 }
549 };
550
551 let now = proxmox::tools::time::epoch_i64();
552
553 if next > now { continue; }
554
555 let job = match Job::new(worker_type, &store) {
556 Ok(job) => job,
557 Err(_) => continue, // could not get lock
558 };
559
560 let auth_id = Authid::root_auth_id();
561
562 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
563 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
564 }
565 }
566 }
567
568 async fn schedule_datastore_prune() {
569
570 let config = match pbs_config::datastore::config() {
571 Err(err) => {
572 eprintln!("unable to read datastore config - {}", err);
573 return;
574 }
575 Ok((config, _digest)) => config,
576 };
577
578 for (store, (_, store_config)) in config.sections {
579
580 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
581 Ok(c) => c,
582 Err(err) => {
583 eprintln!("datastore '{}' config from_value failed - {}", store, err);
584 continue;
585 }
586 };
587
588 let event_str = match store_config.prune_schedule {
589 Some(event_str) => event_str,
590 None => continue,
591 };
592
593 let prune_options = PruneOptions {
594 keep_last: store_config.keep_last,
595 keep_hourly: store_config.keep_hourly,
596 keep_daily: store_config.keep_daily,
597 keep_weekly: store_config.keep_weekly,
598 keep_monthly: store_config.keep_monthly,
599 keep_yearly: store_config.keep_yearly,
600 };
601
602 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
603 continue;
604 }
605
606 let worker_type = "prune";
607 if check_schedule(worker_type, &event_str, &store) {
608 let job = match Job::new(worker_type, &store) {
609 Ok(job) => job,
610 Err(_) => continue, // could not get lock
611 };
612
613 let auth_id = Authid::root_auth_id().clone();
614 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
615 eprintln!("unable to start datastore prune job {} - {}", &store, err);
616 }
617 };
618 }
619 }
620
621 async fn schedule_datastore_sync_jobs() {
622
623
624 let config = match pbs_config::sync::config() {
625 Err(err) => {
626 eprintln!("unable to read sync job config - {}", err);
627 return;
628 }
629 Ok((config, _digest)) => config,
630 };
631
632 for (job_id, (_, job_config)) in config.sections {
633 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
634 Ok(c) => c,
635 Err(err) => {
636 eprintln!("sync job config from_value failed - {}", err);
637 continue;
638 }
639 };
640
641 let event_str = match job_config.schedule {
642 Some(ref event_str) => event_str.clone(),
643 None => continue,
644 };
645
646 let worker_type = "syncjob";
647 if check_schedule(worker_type, &event_str, &job_id) {
648 let job = match Job::new(worker_type, &job_id) {
649 Ok(job) => job,
650 Err(_) => continue, // could not get lock
651 };
652
653 let auth_id = Authid::root_auth_id().clone();
654 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
655 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
656 }
657 };
658 }
659 }
660
661 async fn schedule_datastore_verify_jobs() {
662
663 let config = match pbs_config::verify::config() {
664 Err(err) => {
665 eprintln!("unable to read verification job config - {}", err);
666 return;
667 }
668 Ok((config, _digest)) => config,
669 };
670 for (job_id, (_, job_config)) in config.sections {
671 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
672 Ok(c) => c,
673 Err(err) => {
674 eprintln!("verification job config from_value failed - {}", err);
675 continue;
676 }
677 };
678 let event_str = match job_config.schedule {
679 Some(ref event_str) => event_str.clone(),
680 None => continue,
681 };
682
683 let worker_type = "verificationjob";
684 let auth_id = Authid::root_auth_id().clone();
685 if check_schedule(worker_type, &event_str, &job_id) {
686 let job = match Job::new(&worker_type, &job_id) {
687 Ok(job) => job,
688 Err(_) => continue, // could not get lock
689 };
690 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
691 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
692 }
693 };
694 }
695 }
696
697 async fn schedule_tape_backup_jobs() {
698
699 let config = match pbs_config::tape_job::config() {
700 Err(err) => {
701 eprintln!("unable to read tape job config - {}", err);
702 return;
703 }
704 Ok((config, _digest)) => config,
705 };
706 for (job_id, (_, job_config)) in config.sections {
707 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
708 Ok(c) => c,
709 Err(err) => {
710 eprintln!("tape backup job config from_value failed - {}", err);
711 continue;
712 }
713 };
714 let event_str = match job_config.schedule {
715 Some(ref event_str) => event_str.clone(),
716 None => continue,
717 };
718
719 let worker_type = "tape-backup-job";
720 let auth_id = Authid::root_auth_id().clone();
721 if check_schedule(worker_type, &event_str, &job_id) {
722 let job = match Job::new(&worker_type, &job_id) {
723 Ok(job) => job,
724 Err(_) => continue, // could not get lock
725 };
726 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
727 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
728 }
729 };
730 }
731 }
732
733
734 async fn schedule_task_log_rotate() {
735
736 let worker_type = "logrotate";
737 let job_id = "access-log_and_task-archive";
738
739 // schedule daily at 00:00 like normal logrotate
740 let schedule = "00:00";
741
742 if !check_schedule(worker_type, schedule, job_id) {
743 // if we never ran the rotation, schedule instantly
744 match jobstate::JobState::load(worker_type, job_id) {
745 Ok(state) => match state {
746 jobstate::JobState::Created { .. } => {},
747 _ => return,
748 },
749 _ => return,
750 }
751 }
752
753 let mut job = match Job::new(worker_type, job_id) {
754 Ok(job) => job,
755 Err(_) => return, // could not get lock
756 };
757
758 if let Err(err) = WorkerTask::new_thread(
759 worker_type,
760 None,
761 Authid::root_auth_id().to_string(),
762 false,
763 move |worker| {
764 job.start(&worker.upid().to_string())?;
765 task_log!(worker, "starting task log rotation");
766
767 let result = try_block!({
768 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
769 let max_files = 20; // times twenty files gives > 100000 task entries
770 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
771 if has_rotated {
772 task_log!(worker, "task log archive was rotated");
773 } else {
774 task_log!(worker, "task log archive was not rotated");
775 }
776
777 let max_size = 32 * 1024 * 1024 - 1;
778 let max_files = 14;
779 let mut logrotate = LogRotate::new(pbs_buildcfg::API_ACCESS_LOG_FN, true)
780 .ok_or_else(|| format_err!("could not get API access log file names"))?;
781
782 if logrotate.rotate(max_size, None, Some(max_files))? {
783 println!("rotated access log, telling daemons to re-open log file");
784 pbs_runtime::block_on(command_reopen_access_logfiles())?;
785 task_log!(worker, "API access log was rotated");
786 } else {
787 task_log!(worker, "API access log was not rotated");
788 }
789
790 let mut logrotate = LogRotate::new(pbs_buildcfg::API_AUTH_LOG_FN, true)
791 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
792
793 if logrotate.rotate(max_size, None, Some(max_files))? {
794 println!("rotated auth log, telling daemons to re-open log file");
795 pbs_runtime::block_on(command_reopen_auth_logfiles())?;
796 task_log!(worker, "API authentication log was rotated");
797 } else {
798 task_log!(worker, "API authentication log was not rotated");
799 }
800
801 Ok(())
802 });
803
804 let status = worker.create_state(&result);
805
806 if let Err(err) = job.finish(status) {
807 eprintln!("could not finish job state for {}: {}", worker_type, err);
808 }
809
810 result
811 },
812 ) {
813 eprintln!("unable to start task log rotation: {}", err);
814 }
815
816 }
817
818 async fn command_reopen_access_logfiles() -> Result<(), Error> {
819 // only care about the most recent daemon instance for each, proxy & api, as other older ones
820 // should not respond to new requests anyway, but only finish their current one and then exit.
821 let sock = proxmox_rest_server::our_ctrl_sock();
822 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
823
824 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
825 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
826 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
827
828 match futures::join!(f1, f2) {
829 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
830 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
831 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
832 _ => Ok(()),
833 }
834 }
835
836 async fn command_reopen_auth_logfiles() -> Result<(), Error> {
837 // only care about the most recent daemon instance for each, proxy & api, as other older ones
838 // should not respond to new requests anyway, but only finish their current one and then exit.
839 let sock = proxmox_rest_server::our_ctrl_sock();
840 let f1 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
841
842 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
843 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
844 let f2 = proxmox_rest_server::send_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
845
846 match futures::join!(f1, f2) {
847 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
848 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
849 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
850 _ => Ok(()),
851 }
852 }
853
854 async fn run_stat_generator() {
855
856 let mut count = 0;
857 loop {
858 count += 1;
859 let save = if count >= 6 { count = 0; true } else { false };
860
861 let delay_target = Instant::now() + Duration::from_secs(10);
862
863 generate_host_stats(save).await;
864
865 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
866
867 }
868
869 }
870
871 fn rrd_update_gauge(name: &str, value: f64, save: bool) {
872 use proxmox_backup::rrd;
873 if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) {
874 eprintln!("rrd::update_value '{}' failed - {}", name, err);
875 }
876 }
877
878 fn rrd_update_derive(name: &str, value: f64, save: bool) {
879 use proxmox_backup::rrd;
880 if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) {
881 eprintln!("rrd::update_value '{}' failed - {}", name, err);
882 }
883 }
884
885 async fn generate_host_stats(save: bool) {
886 use proxmox::sys::linux::procfs::{
887 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
888
889 pbs_runtime::block_in_place(move || {
890
891 match read_proc_stat() {
892 Ok(stat) => {
893 rrd_update_gauge("host/cpu", stat.cpu, save);
894 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
895 }
896 Err(err) => {
897 eprintln!("read_proc_stat failed - {}", err);
898 }
899 }
900
901 match read_meminfo() {
902 Ok(meminfo) => {
903 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
904 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
905 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
906 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
907 }
908 Err(err) => {
909 eprintln!("read_meminfo failed - {}", err);
910 }
911 }
912
913 match read_proc_net_dev() {
914 Ok(netdev) => {
915 use pbs_config::network::is_physical_nic;
916 let mut netin = 0;
917 let mut netout = 0;
918 for item in netdev {
919 if !is_physical_nic(&item.device) { continue; }
920 netin += item.receive;
921 netout += item.send;
922 }
923 rrd_update_derive("host/netin", netin as f64, save);
924 rrd_update_derive("host/netout", netout as f64, save);
925 }
926 Err(err) => {
927 eprintln!("read_prox_net_dev failed - {}", err);
928 }
929 }
930
931 match read_loadavg() {
932 Ok(loadavg) => {
933 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
934 }
935 Err(err) => {
936 eprintln!("read_loadavg failed - {}", err);
937 }
938 }
939
940 let disk_manager = DiskManage::new();
941
942 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
943
944 match pbs_config::datastore::config() {
945 Ok((config, _)) => {
946 let datastore_list: Vec<DataStoreConfig> =
947 config.convert_to_typed_array("datastore").unwrap_or_default();
948
949 for config in datastore_list {
950
951 let rrd_prefix = format!("datastore/{}", config.name);
952 let path = std::path::Path::new(&config.path);
953 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
954 }
955 }
956 Err(err) => {
957 eprintln!("read datastore config failed - {}", err);
958 }
959 }
960
961 });
962 }
963
964 fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
965 let event = match parse_calendar_event(event_str) {
966 Ok(event) => event,
967 Err(err) => {
968 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
969 return false;
970 }
971 };
972
973 let last = match jobstate::last_run_time(worker_type, &id) {
974 Ok(time) => time,
975 Err(err) => {
976 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
977 return false;
978 }
979 };
980
981 let next = match compute_next_event(&event, last, false) {
982 Ok(Some(next)) => next,
983 Ok(None) => return false,
984 Err(err) => {
985 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
986 return false;
987 }
988 };
989
990 let now = proxmox::tools::time::epoch_i64();
991 next <= now
992 }
993
994 fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
995
996 match proxmox_backup::tools::disks::disk_usage(path) {
997 Ok(status) => {
998 let rrd_key = format!("{}/total", rrd_prefix);
999 rrd_update_gauge(&rrd_key, status.total as f64, save);
1000 let rrd_key = format!("{}/used", rrd_prefix);
1001 rrd_update_gauge(&rrd_key, status.used as f64, save);
1002 }
1003 Err(err) => {
1004 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1005 }
1006 }
1007
1008 match disk_manager.find_mounted_device(path) {
1009 Ok(None) => {},
1010 Ok(Some((fs_type, device, source))) => {
1011 let mut device_stat = None;
1012 match fs_type.as_str() {
1013 "zfs" => {
1014 if let Some(source) = source {
1015 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
1016 match zfs_pool_stats(pool) {
1017 Ok(stat) => device_stat = stat,
1018 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
1019 }
1020 }
1021 }
1022 _ => {
1023 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1024 match disk.read_stat() {
1025 Ok(stat) => device_stat = stat,
1026 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
1027 }
1028 }
1029 }
1030 }
1031 if let Some(stat) = device_stat {
1032 let rrd_key = format!("{}/read_ios", rrd_prefix);
1033 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
1034 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1035 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
1036
1037 let rrd_key = format!("{}/write_ios", rrd_prefix);
1038 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
1039 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1040 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
1041
1042 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1043 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
1044 }
1045 }
1046 Err(err) => {
1047 eprintln!("find_mounted_device failed - {}", err);
1048 }
1049 }
1050 }
Proxmox Backup Server and Client