]> git.proxmox.com Git - proxmox-backup.git/blob - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blob
? search:


523966cff57235a1bf31c9f3123169e2e2497575
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
1 use std::sync::{Mutex, Arc};
2 use std::path::{Path, PathBuf};
3 use std::os::unix::io::AsRawFd;
4 use std::future::Future;
5 use std::pin::Pin;
6
7 use anyhow::{bail, format_err, Error};
8 use futures::*;
9 use http::request::Parts;
10 use http::Response;
11 use hyper::{Body, StatusCode};
12 use hyper::header;
13 use url::form_urlencoded;
14
15 use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
16 use tokio_stream::wrappers::ReceiverStream;
17 use serde_json::{json, Value};
18 use http::{Method, HeaderMap};
19
20 use proxmox_sys::linux::socket::set_tcp_keepalive;
21 use proxmox_sys::fs::CreateOptions;
22 use proxmox_lang::try_block;
23 use proxmox_router::{RpcEnvironment, RpcEnvironmentType, UserInformation};
24 use proxmox_http::client::{RateLimitedStream, ShareableRateLimit};
25 use proxmox_sys::{task_log, task_warn};
26 use proxmox_sys::logrotate::LogRotate;
27
28 use pbs_datastore::DataStore;
29
30 use proxmox_rest_server::{
31 rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
32 ServerAdapter, WorkerTask, cleanup_old_tasks,
33 };
34
35 use proxmox_backup::rrd_cache::{
36 initialize_rrd_cache, rrd_update_gauge, rrd_update_derive, rrd_sync_journal,
37 };
38 use proxmox_backup::{
39 TRAFFIC_CONTROL_CACHE,
40 server::{
41 auth::check_pbs_auth,
42 jobstate::{
43 self,
44 Job,
45 },
46 },
47 };
48
49 use pbs_buildcfg::configdir;
50 use proxmox_time::CalendarEvent;
51
52 use pbs_api_types::{
53 Authid, TapeBackupJobConfig, VerificationJobConfig, SyncJobConfig, DataStoreConfig,
54 PruneOptions,
55 };
56
57 use proxmox_rest_server::daemon;
58
59 use proxmox_backup::server;
60 use proxmox_backup::auth_helpers::*;
61 use proxmox_backup::tools::{
62 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
63 disks::{
64 DiskManage,
65 zfs_dataset_stats,
66 },
67 };
68
69
70 use proxmox_backup::api2::pull::do_sync_job;
71 use proxmox_backup::api2::tape::backup::do_tape_backup_job;
72 use proxmox_backup::server::do_verification_job;
73 use proxmox_backup::server::do_prune_job;
74
75 fn main() -> Result<(), Error> {
76 proxmox_backup::tools::setup_safe_path_env();
77
78 let backup_uid = pbs_config::backup_user()?.uid;
79 let backup_gid = pbs_config::backup_group()?.gid;
80 let running_uid = nix::unistd::Uid::effective();
81 let running_gid = nix::unistd::Gid::effective();
82
83 if running_uid != backup_uid || running_gid != backup_gid {
84 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
85 }
86
87 proxmox_async::runtime::main(run())
88 }
89
90
91 struct ProxmoxBackupProxyAdapter;
92
93 impl ServerAdapter for ProxmoxBackupProxyAdapter {
94
95 fn get_index(
96 &self,
97 env: RestEnvironment,
98 parts: Parts,
99 ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
100 Box::pin(get_index_future(env, parts))
101 }
102
103 fn check_auth<'a>(
104 &'a self,
105 headers: &'a HeaderMap,
106 method: &'a Method,
107 ) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
108 Box::pin(async move {
109 check_pbs_auth(headers, method).await
110 })
111 }
112 }
113
114 fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
115 if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
116 return extract_cookie(cookie, "PBSLangCookie");
117 }
118 None
119 }
120
121 async fn get_index_future(
122 env: RestEnvironment,
123 parts: Parts,
124 ) -> Response<Body> {
125
126 let auth_id = env.get_auth_id();
127 let api = env.api_config();
128 let language = extract_lang_header(&parts.headers);
129
130 // fixme: make all IO async
131
132 let (userid, csrf_token) = match auth_id {
133 Some(auth_id) => {
134 let auth_id = auth_id.parse::<Authid>();
135 match auth_id {
136 Ok(auth_id) if !auth_id.is_token() => {
137 let userid = auth_id.user().clone();
138 let new_csrf_token = assemble_csrf_prevention_token(csrf_secret(), &userid);
139 (Some(userid), Some(new_csrf_token))
140 }
141 _ => (None, None)
142 }
143 }
144 None => (None, None),
145 };
146
147 let nodename = proxmox_sys::nodename();
148 let user = userid.as_ref().map(|u| u.as_str()).unwrap_or("");
149
150 let csrf_token = csrf_token.unwrap_or_else(|| String::from(""));
151
152 let mut debug = false;
153 let mut template_file = "index";
154
155 if let Some(query_str) = parts.uri.query() {
156 for (k, v) in form_urlencoded::parse(query_str.as_bytes()).into_owned() {
157 if k == "debug" && v != "0" && v != "false" {
158 debug = true;
159 } else if k == "console" {
160 template_file = "console";
161 }
162 }
163 }
164
165 let mut lang = String::from("");
166 if let Some(language) = language {
167 if Path::new(&format!("/usr/share/pbs-i18n/pbs-lang-{}.js", language)).exists() {
168 lang = language;
169 }
170 }
171
172 let data = json!({
173 "NodeName": nodename,
174 "UserName": user,
175 "CSRFPreventionToken": csrf_token,
176 "language": lang,
177 "debug": debug,
178 });
179
180 let (ct, index) = match api.render_template(template_file, &data) {
181 Ok(index) => ("text/html", index),
182 Err(err) => ("text/plain", format!("Error rendering template: {}", err)),
183 };
184
185 let mut resp = Response::builder()
186 .status(StatusCode::OK)
187 .header(header::CONTENT_TYPE, ct)
188 .body(index.into())
189 .unwrap();
190
191 if let Some(userid) = userid {
192 resp.extensions_mut().insert(Authid::from((userid, None)));
193 }
194
195 resp
196 }
197
198 async fn run() -> Result<(), Error> {
199 if let Err(err) = syslog::init(
200 syslog::Facility::LOG_DAEMON,
201 log::LevelFilter::Info,
202 Some("proxmox-backup-proxy")) {
203 bail!("unable to inititialize syslog - {}", err);
204 }
205
206 // Note: To debug early connection error use
207 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
208 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
209
210 let _ = public_auth_key(); // load with lazy_static
211 let _ = csrf_secret(); // load with lazy_static
212
213 let rrd_cache = initialize_rrd_cache()?;
214 rrd_cache.apply_journal()?;
215
216 let mut config = ApiConfig::new(
217 pbs_buildcfg::JS_DIR,
218 &proxmox_backup::api2::ROUTER,
219 RpcEnvironmentType::PUBLIC,
220 ProxmoxBackupProxyAdapter,
221 )?;
222
223 config.add_alias("novnc", "/usr/share/novnc-pve");
224 config.add_alias("extjs", "/usr/share/javascript/extjs");
225 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
226 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
227 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
228 config.add_alias("locale", "/usr/share/pbs-i18n");
229 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
230 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
231
232 let mut indexpath = PathBuf::from(pbs_buildcfg::JS_DIR);
233 indexpath.push("index.hbs");
234 config.register_template("index", &indexpath)?;
235 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
236
237 let backup_user = pbs_config::backup_user()?;
238 let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid);
239
240 let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
241 let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
242
243 config.enable_access_log(
244 pbs_buildcfg::API_ACCESS_LOG_FN,
245 Some(dir_opts.clone()),
246 Some(file_opts.clone()),
247 &mut commando_sock,
248 )?;
249
250 config.enable_auth_log(
251 pbs_buildcfg::API_AUTH_LOG_FN,
252 Some(dir_opts.clone()),
253 Some(file_opts.clone()),
254 &mut commando_sock,
255 )?;
256
257 let rest_server = RestServer::new(config);
258 proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?;
259
260 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
261
262 // we build the initial acceptor here as we cannot start if this fails
263 let acceptor = make_tls_acceptor()?;
264 let acceptor = Arc::new(Mutex::new(acceptor));
265
266 // to renew the acceptor we just add a command-socket handler
267 commando_sock.register_command(
268 "reload-certificate".to_string(),
269 {
270 let acceptor = Arc::clone(&acceptor);
271 move |_value| -> Result<_, Error> {
272 log::info!("reloading certificate");
273 match make_tls_acceptor() {
274 Err(err) => log::error!("error reloading certificate: {}", err),
275 Ok(new_acceptor) => {
276 let mut guard = acceptor.lock().unwrap();
277 *guard = new_acceptor;
278 }
279 }
280 Ok(Value::Null)
281 }
282 },
283 )?;
284
285 // to remove references for not configured datastores
286 commando_sock.register_command(
287 "datastore-removed".to_string(),
288 |_value| {
289 if let Err(err) = DataStore::remove_unused_datastores() {
290 log::error!("could not refresh datastores: {}", err);
291 }
292 Ok(Value::Null)
293 }
294 )?;
295
296 let server = daemon::create_daemon(
297 ([0,0,0,0,0,0,0,0], 8007).into(),
298 move |listener| {
299
300 let connections = accept_connections(listener, acceptor, debug);
301 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
302
303 Ok(async {
304 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
305
306 hyper::Server::builder(connections)
307 .serve(rest_server)
308 .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
309 .map_err(Error::from)
310 .await
311 })
312 },
313 );
314
315 proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
316
317 let init_result: Result<(), Error> = try_block!({
318 proxmox_rest_server::register_task_control_commands(&mut commando_sock)?;
319 commando_sock.spawn()?;
320 proxmox_rest_server::catch_shutdown_signal()?;
321 proxmox_rest_server::catch_reload_signal()?;
322 Ok(())
323 });
324
325 if let Err(err) = init_result {
326 bail!("unable to start daemon - {}", err);
327 }
328
329 start_task_scheduler();
330 start_stat_generator();
331 start_traffic_control_updater();
332
333 server.await?;
334 log::info!("server shutting down, waiting for active workers to complete");
335 proxmox_rest_server::last_worker_future().await?;
336 log::info!("done - exit server");
337
338 Ok(())
339 }
340
341 fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
342 let key_path = configdir!("/proxy.key");
343 let cert_path = configdir!("/proxy.pem");
344
345 let (config, _) = proxmox_backup::config::node::config()?;
346 let ciphers_tls_1_3 = config.ciphers_tls_1_3;
347 let ciphers_tls_1_2 = config.ciphers_tls_1_2;
348
349 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
350 if let Some(ciphers) = ciphers_tls_1_3.as_deref() {
351 acceptor.set_ciphersuites(ciphers)?;
352 }
353 if let Some(ciphers) = ciphers_tls_1_2.as_deref() {
354 acceptor.set_cipher_list(ciphers)?;
355 }
356 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
357 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
358 acceptor.set_certificate_chain_file(cert_path)
359 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
360 acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION);
361 acceptor.check_private_key().unwrap();
362
363 Ok(acceptor.build())
364 }
365
366 type ClientStreamResult =
367 Result<std::pin::Pin<Box<tokio_openssl::SslStream<RateLimitedStream<tokio::net::TcpStream>>>>, Error>;
368 const MAX_PENDING_ACCEPTS: usize = 1024;
369
370 fn accept_connections(
371 listener: tokio::net::TcpListener,
372 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
373 debug: bool,
374 ) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
375
376 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
377
378 tokio::spawn(accept_connection(listener, acceptor, debug, sender));
379
380 receiver
381 }
382
383 async fn accept_connection(
384 listener: tokio::net::TcpListener,
385 acceptor: Arc<Mutex<openssl::ssl::SslAcceptor>>,
386 debug: bool,
387 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
388 ) {
389 let accept_counter = Arc::new(());
390
391 loop {
392 let (sock, _addr) = match listener.accept().await {
393 Ok(conn) => conn,
394 Err(err) => {
395 eprintln!("error accepting tcp connection: {}", err);
396 continue;
397 }
398 };
399
400 sock.set_nodelay(true).unwrap();
401 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
402
403 let peer = sock.peer_addr().ok();
404 let sock = RateLimitedStream::with_limiter_update_cb(sock, move || lookup_rate_limiter(peer));
405
406 let ssl = { // limit acceptor_guard scope
407 // Acceptor can be reloaded using the command socket "reload-certificate" command
408 let acceptor_guard = acceptor.lock().unwrap();
409
410 match openssl::ssl::Ssl::new(acceptor_guard.context()) {
411 Ok(ssl) => ssl,
412 Err(err) => {
413 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
414 continue;
415 },
416 }
417 };
418
419 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
420 Ok(stream) => stream,
421 Err(err) => {
422 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
423 continue;
424 },
425 };
426
427 let mut stream = Box::pin(stream);
428 let sender = sender.clone();
429
430 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
431 eprintln!("connection rejected - to many open connections");
432 continue;
433 }
434
435 let accept_counter = Arc::clone(&accept_counter);
436 tokio::spawn(async move {
437 let accept_future = tokio::time::timeout(
438 Duration::new(10, 0), stream.as_mut().accept());
439
440 let result = accept_future.await;
441
442 match result {
443 Ok(Ok(())) => {
444 if sender.send(Ok(stream)).await.is_err() && debug {
445 eprintln!("detect closed connection channel");
446 }
447 }
448 Ok(Err(err)) => {
449 if debug {
450 eprintln!("https handshake failed - {}", err);
451 }
452 }
453 Err(_) => {
454 if debug {
455 eprintln!("https handshake timeout");
456 }
457 }
458 }
459
460 drop(accept_counter); // decrease reference count
461 });
462 }
463 }
464
465 fn start_stat_generator() {
466 let abort_future = proxmox_rest_server::shutdown_future();
467 let future = Box::pin(run_stat_generator());
468 let task = futures::future::select(future, abort_future);
469 tokio::spawn(task.map(|_| ()));
470 }
471
472 fn start_task_scheduler() {
473 let abort_future = proxmox_rest_server::shutdown_future();
474 let future = Box::pin(run_task_scheduler());
475 let task = futures::future::select(future, abort_future);
476 tokio::spawn(task.map(|_| ()));
477 }
478
479 fn start_traffic_control_updater() {
480 let abort_future = proxmox_rest_server::shutdown_future();
481 let future = Box::pin(run_traffic_control_updater());
482 let task = futures::future::select(future, abort_future);
483 tokio::spawn(task.map(|_| ()));
484 }
485
486 use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
487
488 fn next_minute() -> Result<Instant, Error> {
489 let now = SystemTime::now();
490 let epoch_now = now.duration_since(UNIX_EPOCH)?;
491 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
492 Ok(Instant::now() + epoch_next - epoch_now)
493 }
494
495 async fn run_task_scheduler() {
496
497 let mut count: usize = 0;
498
499 loop {
500 count += 1;
501
502 let delay_target = match next_minute() { // try to run very minute
503 Ok(d) => d,
504 Err(err) => {
505 eprintln!("task scheduler: compute next minute failed - {}", err);
506 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
507 continue;
508 }
509 };
510
511 if count > 2 { // wait 1..2 minutes before starting
512 match schedule_tasks().catch_unwind().await {
513 Err(panic) => {
514 match panic.downcast::<&str>() {
515 Ok(msg) => {
516 eprintln!("task scheduler panic: {}", msg);
517 }
518 Err(_) => {
519 eprintln!("task scheduler panic - unknown type");
520 }
521 }
522 }
523 Ok(Err(err)) => {
524 eprintln!("task scheduler failed - {:?}", err);
525 }
526 Ok(Ok(_)) => {}
527 }
528 }
529
530 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
531 }
532 }
533
534 async fn schedule_tasks() -> Result<(), Error> {
535
536 schedule_datastore_garbage_collection().await;
537 schedule_datastore_prune().await;
538 schedule_datastore_sync_jobs().await;
539 schedule_datastore_verify_jobs().await;
540 schedule_tape_backup_jobs().await;
541 schedule_task_log_rotate().await;
542
543 Ok(())
544 }
545
546 async fn schedule_datastore_garbage_collection() {
547
548 let config = match pbs_config::datastore::config() {
549 Err(err) => {
550 eprintln!("unable to read datastore config - {}", err);
551 return;
552 }
553 Ok((config, _digest)) => config,
554 };
555
556 for (store, (_, store_config)) in config.sections {
557 let datastore = match DataStore::lookup_datastore(&store) {
558 Ok(datastore) => datastore,
559 Err(err) => {
560 eprintln!("lookup_datastore failed - {}", err);
561 continue;
562 }
563 };
564
565 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
566 Ok(c) => c,
567 Err(err) => {
568 eprintln!("datastore config from_value failed - {}", err);
569 continue;
570 }
571 };
572
573 let event_str = match store_config.gc_schedule {
574 Some(event_str) => event_str,
575 None => continue,
576 };
577
578 let event: CalendarEvent = match event_str.parse() {
579 Ok(event) => event,
580 Err(err) => {
581 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
582 continue;
583 }
584 };
585
586 if datastore.garbage_collection_running() { continue; }
587
588 let worker_type = "garbage_collection";
589
590 let last = match jobstate::last_run_time(worker_type, &store) {
591 Ok(time) => time,
592 Err(err) => {
593 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
594 continue;
595 }
596 };
597
598 let next = match event.compute_next_event(last) {
599 Ok(Some(next)) => next,
600 Ok(None) => continue,
601 Err(err) => {
602 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
603 continue;
604 }
605 };
606
607 let now = proxmox_time::epoch_i64();
608
609 if next > now { continue; }
610
611 let job = match Job::new(worker_type, &store) {
612 Ok(job) => job,
613 Err(_) => continue, // could not get lock
614 };
615
616 let auth_id = Authid::root_auth_id();
617
618 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
619 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
620 }
621 }
622 }
623
624 async fn schedule_datastore_prune() {
625
626 let config = match pbs_config::datastore::config() {
627 Err(err) => {
628 eprintln!("unable to read datastore config - {}", err);
629 return;
630 }
631 Ok((config, _digest)) => config,
632 };
633
634 for (store, (_, store_config)) in config.sections {
635
636 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
637 Ok(c) => c,
638 Err(err) => {
639 eprintln!("datastore '{}' config from_value failed - {}", store, err);
640 continue;
641 }
642 };
643
644 let event_str = match store_config.prune_schedule {
645 Some(event_str) => event_str,
646 None => continue,
647 };
648
649 let prune_options = PruneOptions {
650 keep_last: store_config.keep_last,
651 keep_hourly: store_config.keep_hourly,
652 keep_daily: store_config.keep_daily,
653 keep_weekly: store_config.keep_weekly,
654 keep_monthly: store_config.keep_monthly,
655 keep_yearly: store_config.keep_yearly,
656 };
657
658 if !pbs_datastore::prune::keeps_something(&prune_options) { // no prune settings - keep all
659 continue;
660 }
661
662 let worker_type = "prune";
663 if check_schedule(worker_type, &event_str, &store) {
664 let job = match Job::new(worker_type, &store) {
665 Ok(job) => job,
666 Err(_) => continue, // could not get lock
667 };
668
669 let auth_id = Authid::root_auth_id().clone();
670 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
671 eprintln!("unable to start datastore prune job {} - {}", &store, err);
672 }
673 };
674 }
675 }
676
677 async fn schedule_datastore_sync_jobs() {
678
679
680 let config = match pbs_config::sync::config() {
681 Err(err) => {
682 eprintln!("unable to read sync job config - {}", err);
683 return;
684 }
685 Ok((config, _digest)) => config,
686 };
687
688 for (job_id, (_, job_config)) in config.sections {
689 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
690 Ok(c) => c,
691 Err(err) => {
692 eprintln!("sync job config from_value failed - {}", err);
693 continue;
694 }
695 };
696
697 let event_str = match job_config.schedule {
698 Some(ref event_str) => event_str.clone(),
699 None => continue,
700 };
701
702 let worker_type = "syncjob";
703 if check_schedule(worker_type, &event_str, &job_id) {
704 let job = match Job::new(worker_type, &job_id) {
705 Ok(job) => job,
706 Err(_) => continue, // could not get lock
707 };
708
709 let auth_id = Authid::root_auth_id().clone();
710 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str), false) {
711 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
712 }
713 };
714 }
715 }
716
717 async fn schedule_datastore_verify_jobs() {
718
719 let config = match pbs_config::verify::config() {
720 Err(err) => {
721 eprintln!("unable to read verification job config - {}", err);
722 return;
723 }
724 Ok((config, _digest)) => config,
725 };
726 for (job_id, (_, job_config)) in config.sections {
727 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
728 Ok(c) => c,
729 Err(err) => {
730 eprintln!("verification job config from_value failed - {}", err);
731 continue;
732 }
733 };
734 let event_str = match job_config.schedule {
735 Some(ref event_str) => event_str.clone(),
736 None => continue,
737 };
738
739 let worker_type = "verificationjob";
740 let auth_id = Authid::root_auth_id().clone();
741 if check_schedule(worker_type, &event_str, &job_id) {
742 let job = match Job::new(worker_type, &job_id) {
743 Ok(job) => job,
744 Err(_) => continue, // could not get lock
745 };
746 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str), false) {
747 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
748 }
749 };
750 }
751 }
752
753 async fn schedule_tape_backup_jobs() {
754
755 let config = match pbs_config::tape_job::config() {
756 Err(err) => {
757 eprintln!("unable to read tape job config - {}", err);
758 return;
759 }
760 Ok((config, _digest)) => config,
761 };
762 for (job_id, (_, job_config)) in config.sections {
763 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
764 Ok(c) => c,
765 Err(err) => {
766 eprintln!("tape backup job config from_value failed - {}", err);
767 continue;
768 }
769 };
770 let event_str = match job_config.schedule {
771 Some(ref event_str) => event_str.clone(),
772 None => continue,
773 };
774
775 let worker_type = "tape-backup-job";
776 let auth_id = Authid::root_auth_id().clone();
777 if check_schedule(worker_type, &event_str, &job_id) {
778 let job = match Job::new(worker_type, &job_id) {
779 Ok(job) => job,
780 Err(_) => continue, // could not get lock
781 };
782 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str), false) {
783 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
784 }
785 };
786 }
787 }
788
789
790 async fn schedule_task_log_rotate() {
791
792 let worker_type = "logrotate";
793 let job_id = "access-log_and_task-archive";
794
795 // schedule daily at 00:00 like normal logrotate
796 let schedule = "00:00";
797
798 if !check_schedule(worker_type, schedule, job_id) {
799 // if we never ran the rotation, schedule instantly
800 match jobstate::JobState::load(worker_type, job_id) {
801 Ok(state) => match state {
802 jobstate::JobState::Created { .. } => {},
803 _ => return,
804 },
805 _ => return,
806 }
807 }
808
809 let mut job = match Job::new(worker_type, job_id) {
810 Ok(job) => job,
811 Err(_) => return, // could not get lock
812 };
813
814 if let Err(err) = WorkerTask::new_thread(
815 worker_type,
816 None,
817 Authid::root_auth_id().to_string(),
818 false,
819 move |worker| {
820 job.start(&worker.upid().to_string())?;
821 task_log!(worker, "starting task log rotation");
822
823 let result = try_block!({
824 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
825 let max_files = 20; // times twenty files gives > 100000 task entries
826
827 let user = pbs_config::backup_user()?;
828 let options = proxmox_sys::fs::CreateOptions::new()
829 .owner(user.uid)
830 .group(user.gid);
831
832 let has_rotated = rotate_task_log_archive(
833 max_size,
834 true,
835 Some(max_files),
836 Some(options.clone()),
837 )?;
838
839 if has_rotated {
840 task_log!(worker, "task log archive was rotated");
841 } else {
842 task_log!(worker, "task log archive was not rotated");
843 }
844
845 let max_size = 32 * 1024 * 1024 - 1;
846 let max_files = 14;
847
848
849 let mut logrotate = LogRotate::new(
850 pbs_buildcfg::API_ACCESS_LOG_FN,
851 true,
852 Some(max_files),
853 Some(options.clone()),
854 )?;
855
856 if logrotate.rotate(max_size)? {
857 println!("rotated access log, telling daemons to re-open log file");
858 proxmox_async::runtime::block_on(command_reopen_access_logfiles())?;
859 task_log!(worker, "API access log was rotated");
860 } else {
861 task_log!(worker, "API access log was not rotated");
862 }
863
864 let mut logrotate = LogRotate::new(
865 pbs_buildcfg::API_AUTH_LOG_FN,
866 true,
867 Some(max_files),
868 Some(options),
869 )?;
870
871 if logrotate.rotate(max_size)? {
872 println!("rotated auth log, telling daemons to re-open log file");
873 proxmox_async::runtime::block_on(command_reopen_auth_logfiles())?;
874 task_log!(worker, "API authentication log was rotated");
875 } else {
876 task_log!(worker, "API authentication log was not rotated");
877 }
878
879 if has_rotated {
880 task_log!(worker, "cleaning up old task logs");
881 if let Err(err) = cleanup_old_tasks(true) {
882 task_warn!(worker, "could not completely cleanup old tasks: {}", err);
883 }
884 }
885
886 Ok(())
887 });
888
889 let status = worker.create_state(&result);
890
891 if let Err(err) = job.finish(status) {
892 eprintln!("could not finish job state for {}: {}", worker_type, err);
893 }
894
895 result
896 },
897 ) {
898 eprintln!("unable to start task log rotation: {}", err);
899 }
900
901 }
902
903 async fn command_reopen_access_logfiles() -> Result<(), Error> {
904 // only care about the most recent daemon instance for each, proxy & api, as other older ones
905 // should not respond to new requests anyway, but only finish their current one and then exit.
906 let sock = proxmox_rest_server::our_ctrl_sock();
907 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
908
909 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
910 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
911 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
912
913 match futures::join!(f1, f2) {
914 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
915 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
916 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
917 _ => Ok(()),
918 }
919 }
920
921 async fn command_reopen_auth_logfiles() -> Result<(), Error> {
922 // only care about the most recent daemon instance for each, proxy & api, as other older ones
923 // should not respond to new requests anyway, but only finish their current one and then exit.
924 let sock = proxmox_rest_server::our_ctrl_sock();
925 let f1 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
926
927 let pid = proxmox_rest_server::read_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
928 let sock = proxmox_rest_server::ctrl_sock_from_pid(pid);
929 let f2 = proxmox_rest_server::send_raw_command(sock, "{\"command\":\"api-auth-log-reopen\"}\n");
930
931 match futures::join!(f1, f2) {
932 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
933 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
934 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
935 _ => Ok(()),
936 }
937 }
938
939 async fn run_stat_generator() {
940
941 loop {
942 let delay_target = Instant::now() + Duration::from_secs(10);
943
944 generate_host_stats().await;
945
946 rrd_sync_journal();
947
948 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
949
950 }
951
952 }
953
954 async fn generate_host_stats() {
955 match tokio::task::spawn_blocking(generate_host_stats_sync).await {
956 Ok(()) => (),
957 Err(err) => log::error!("generate_host_stats paniced: {}", err),
958 }
959 }
960
961 fn generate_host_stats_sync() {
962 use proxmox_sys::linux::procfs::{
963 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
964
965 match read_proc_stat() {
966 Ok(stat) => {
967 rrd_update_gauge("host/cpu", stat.cpu);
968 rrd_update_gauge("host/iowait", stat.iowait_percent);
969 }
970 Err(err) => {
971 eprintln!("read_proc_stat failed - {}", err);
972 }
973 }
974
975 match read_meminfo() {
976 Ok(meminfo) => {
977 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64);
978 rrd_update_gauge("host/memused", meminfo.memused as f64);
979 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64);
980 rrd_update_gauge("host/swapused", meminfo.swapused as f64);
981 }
982 Err(err) => {
983 eprintln!("read_meminfo failed - {}", err);
984 }
985 }
986
987 match read_proc_net_dev() {
988 Ok(netdev) => {
989 use pbs_config::network::is_physical_nic;
990 let mut netin = 0;
991 let mut netout = 0;
992 for item in netdev {
993 if !is_physical_nic(&item.device) { continue; }
994 netin += item.receive;
995 netout += item.send;
996 }
997 rrd_update_derive("host/netin", netin as f64);
998 rrd_update_derive("host/netout", netout as f64);
999 }
1000 Err(err) => {
1001 eprintln!("read_prox_net_dev failed - {}", err);
1002 }
1003 }
1004
1005 match read_loadavg() {
1006 Ok(loadavg) => {
1007 rrd_update_gauge("host/loadavg", loadavg.0 as f64);
1008 }
1009 Err(err) => {
1010 eprintln!("read_loadavg failed - {}", err);
1011 }
1012 }
1013
1014 let disk_manager = DiskManage::new();
1015
1016 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host");
1017
1018 match pbs_config::datastore::config() {
1019 Ok((config, _)) => {
1020 let datastore_list: Vec<DataStoreConfig> =
1021 config.convert_to_typed_array("datastore").unwrap_or_default();
1022
1023 for config in datastore_list {
1024
1025 let rrd_prefix = format!("datastore/{}", config.name);
1026 let path = std::path::Path::new(&config.path);
1027 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix);
1028 }
1029 }
1030 Err(err) => {
1031 eprintln!("read datastore config failed - {}", err);
1032 }
1033 }
1034 }
1035
1036 fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
1037 let event: CalendarEvent = match event_str.parse() {
1038 Ok(event) => event,
1039 Err(err) => {
1040 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
1041 return false;
1042 }
1043 };
1044
1045 let last = match jobstate::last_run_time(worker_type, id) {
1046 Ok(time) => time,
1047 Err(err) => {
1048 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
1049 return false;
1050 }
1051 };
1052
1053 let next = match event.compute_next_event(last) {
1054 Ok(Some(next)) => next,
1055 Ok(None) => return false,
1056 Err(err) => {
1057 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
1058 return false;
1059 }
1060 };
1061
1062 let now = proxmox_time::epoch_i64();
1063 next <= now
1064 }
1065
1066 fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str) {
1067
1068 match proxmox_backup::tools::disks::disk_usage(path) {
1069 Ok(status) => {
1070 let rrd_key = format!("{}/total", rrd_prefix);
1071 rrd_update_gauge(&rrd_key, status.total as f64);
1072 let rrd_key = format!("{}/used", rrd_prefix);
1073 rrd_update_gauge(&rrd_key, status.used as f64);
1074 }
1075 Err(err) => {
1076 eprintln!("read disk_usage on {:?} failed - {}", path, err);
1077 }
1078 }
1079
1080 match disk_manager.find_mounted_device(path) {
1081 Ok(None) => {},
1082 Ok(Some((fs_type, device, source))) => {
1083 let mut device_stat = None;
1084 match (fs_type.as_str(), source) {
1085 ("zfs", Some(source)) => match source.into_string() {
1086 Ok(dataset) => match zfs_dataset_stats(&dataset) {
1087 Ok(stat) => device_stat = Some(stat),
1088 Err(err) => eprintln!("zfs_dataset_stats({:?}) failed - {}", dataset, err),
1089 },
1090 Err(source) => {
1091 eprintln!("zfs_pool_stats({:?}) failed - invalid characters", source)
1092 }
1093 },
1094 _ => {
1095 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
1096 match disk.read_stat() {
1097 Ok(stat) => device_stat = stat,
1098 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
1099 }
1100 }
1101 }
1102 }
1103 if let Some(stat) = device_stat {
1104 let rrd_key = format!("{}/read_ios", rrd_prefix);
1105 rrd_update_derive(&rrd_key, stat.read_ios as f64);
1106 let rrd_key = format!("{}/read_bytes", rrd_prefix);
1107 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64);
1108
1109 let rrd_key = format!("{}/write_ios", rrd_prefix);
1110 rrd_update_derive(&rrd_key, stat.write_ios as f64);
1111 let rrd_key = format!("{}/write_bytes", rrd_prefix);
1112 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64);
1113
1114 let rrd_key = format!("{}/io_ticks", rrd_prefix);
1115 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0);
1116 }
1117 }
1118 Err(err) => {
1119 eprintln!("find_mounted_device failed - {}", err);
1120 }
1121 }
1122 }
1123
1124 // Rate Limiter lookup
1125
1126 // Test WITH
1127 // proxmox-backup-client restore vm/201/2021-10-22T09:55:56Z drive-scsi0.img img1.img --repository localhost:store2
1128
1129 async fn run_traffic_control_updater() {
1130
1131 loop {
1132 let delay_target = Instant::now() + Duration::from_secs(1);
1133
1134 {
1135 let mut cache = TRAFFIC_CONTROL_CACHE.lock().unwrap();
1136 cache.compute_current_rates();
1137 }
1138
1139 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
1140 }
1141
1142 }
1143
1144 fn lookup_rate_limiter(
1145 peer: Option<std::net::SocketAddr>,
1146 ) -> (Option<Arc<dyn ShareableRateLimit>>, Option<Arc<dyn ShareableRateLimit>>) {
1147 let mut cache = TRAFFIC_CONTROL_CACHE.lock().unwrap();
1148
1149 let now = proxmox_time::epoch_i64();
1150
1151 cache.reload(now);
1152
1153 let (_rule_name, read_limiter, write_limiter) = cache.lookup_rate_limiter(peer, now);
1154
1155 (read_limiter, write_limiter)
1156 }
Proxmox Backup Server and Client