]> git.proxmox.com Git - proxmox-backup.git/blob - src/bin/proxmox-backup-proxy.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
refactor send_command
[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs
1 use std::sync::Arc;
2 use std::path::{Path, PathBuf};
3 use std::pin::Pin;
4 use std::os::unix::io::AsRawFd;
5
6 use anyhow::{bail, format_err, Error};
7 use futures::*;
8
9 use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
10 use tokio_stream::wrappers::ReceiverStream;
11 use serde_json::Value;
12
13 use proxmox::try_block;
14 use proxmox::api::RpcEnvironmentType;
15
16 use proxmox_backup::{
17 backup::DataStore,
18 server::{
19 auth::default_api_auth,
20 WorkerTask,
21 ApiConfig,
22 rest::*,
23 jobstate::{
24 self,
25 Job,
26 },
27 rotate_task_log_archive,
28 },
29 tools::systemd::time::{
30 parse_calendar_event,
31 compute_next_event,
32 },
33 };
34
35
36 use proxmox_backup::api2::types::Authid;
37 use proxmox_backup::configdir;
38 use proxmox_backup::buildcfg;
39 use proxmox_backup::server;
40 use proxmox_backup::auth_helpers::*;
41 use proxmox_backup::tools::{
42 daemon,
43 disks::{
44 DiskManage,
45 zfs_pool_stats,
46 get_pool_from_dataset,
47 },
48 logrotate::LogRotate,
49 socket::{
50 set_tcp_keepalive,
51 PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
52 },
53 };
54
55 use proxmox_backup::api2::pull::do_sync_job;
56 use proxmox_backup::api2::tape::backup::do_tape_backup_job;
57 use proxmox_backup::server::do_verification_job;
58 use proxmox_backup::server::do_prune_job;
59
60 fn main() -> Result<(), Error> {
61 proxmox_backup::tools::setup_safe_path_env();
62
63 let backup_uid = proxmox_backup::backup::backup_user()?.uid;
64 let backup_gid = proxmox_backup::backup::backup_group()?.gid;
65 let running_uid = nix::unistd::Uid::effective();
66 let running_gid = nix::unistd::Gid::effective();
67
68 if running_uid != backup_uid || running_gid != backup_gid {
69 bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
70 }
71
72 proxmox_backup::tools::runtime::main(run())
73 }
74
75 async fn run() -> Result<(), Error> {
76 if let Err(err) = syslog::init(
77 syslog::Facility::LOG_DAEMON,
78 log::LevelFilter::Info,
79 Some("proxmox-backup-proxy")) {
80 bail!("unable to inititialize syslog - {}", err);
81 }
82
83 // Note: To debug early connection error use
84 // PROXMOX_DEBUG=1 ./target/release/proxmox-backup-proxy
85 let debug = std::env::var("PROXMOX_DEBUG").is_ok();
86
87 let _ = public_auth_key(); // load with lazy_static
88 let _ = csrf_secret(); // load with lazy_static
89
90 let mut config = ApiConfig::new(
91 buildcfg::JS_DIR,
92 &proxmox_backup::api2::ROUTER,
93 RpcEnvironmentType::PUBLIC,
94 default_api_auth(),
95 )?;
96
97 config.add_alias("novnc", "/usr/share/novnc-pve");
98 config.add_alias("extjs", "/usr/share/javascript/extjs");
99 config.add_alias("qrcodejs", "/usr/share/javascript/qrcodejs");
100 config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
101 config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
102 config.add_alias("locale", "/usr/share/pbs-i18n");
103 config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
104 config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
105
106 let mut indexpath = PathBuf::from(buildcfg::JS_DIR);
107 indexpath.push("index.hbs");
108 config.register_template("index", &indexpath)?;
109 config.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?;
110
111 let mut commando_sock = server::CommandoSocket::new(server::our_ctrl_sock());
112
113 config.enable_file_log(buildcfg::API_ACCESS_LOG_FN, &mut commando_sock)?;
114
115 let rest_server = RestServer::new(config);
116
117 //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
118
119 // we build the initial acceptor here as we cannot start if this fails - certificate reloads
120 // will be handled inside the accept loop and simply log an error if we cannot load the new
121 // certificate!
122 let acceptor = make_tls_acceptor()?;
123
124 // to renew the acceptor we just let a command-socket handler trigger a Notify:
125 let notify_tls_cert_reload = Arc::new(tokio::sync::Notify::new());
126 commando_sock.register_command(
127 "reload-certificate".to_string(),
128 {
129 let notify_tls_cert_reload = Arc::clone(&notify_tls_cert_reload);
130 move |_value| -> Result<_, Error> {
131 notify_tls_cert_reload.notify_one();
132 Ok(Value::Null)
133 }
134 },
135 )?;
136
137 let server = daemon::create_daemon(
138 ([0,0,0,0,0,0,0,0], 8007).into(),
139 move |listener, ready| {
140
141 let connections = accept_connections(listener, acceptor, debug, notify_tls_cert_reload);
142 let connections = hyper::server::accept::from_stream(ReceiverStream::new(connections));
143
144 Ok(ready
145 .and_then(|_| hyper::Server::builder(connections)
146 .serve(rest_server)
147 .with_graceful_shutdown(server::shutdown_future())
148 .map_err(Error::from)
149 )
150 .map_err(|err| eprintln!("server error: {}", err))
151 .map(|_| ())
152 )
153 },
154 "proxmox-backup-proxy.service",
155 );
156
157 server::write_pid(buildcfg::PROXMOX_BACKUP_PROXY_PID_FN)?;
158 daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
159
160 let init_result: Result<(), Error> = try_block!({
161 server::register_task_control_commands(&mut commando_sock)?;
162 commando_sock.spawn()?;
163 server::server_state_init()?;
164 Ok(())
165 });
166
167 if let Err(err) = init_result {
168 bail!("unable to start daemon - {}", err);
169 }
170
171 start_task_scheduler();
172 start_stat_generator();
173
174 server.await?;
175 log::info!("server shutting down, waiting for active workers to complete");
176 proxmox_backup::server::last_worker_future().await?;
177 log::info!("done - exit server");
178
179 Ok(())
180 }
181
182 fn make_tls_acceptor() -> Result<Arc<SslAcceptor>, Error> {
183 let key_path = configdir!("/proxy.key");
184 let cert_path = configdir!("/proxy.pem");
185
186 let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
187 acceptor.set_private_key_file(key_path, SslFiletype::PEM)
188 .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
189 acceptor.set_certificate_chain_file(cert_path)
190 .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
191 acceptor.check_private_key().unwrap();
192
193 Ok(Arc::new(acceptor.build()))
194 }
195
196 type ClientStreamResult =
197 Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>;
198 const MAX_PENDING_ACCEPTS: usize = 1024;
199
200 fn accept_connections(
201 listener: tokio::net::TcpListener,
202 acceptor: Arc<openssl::ssl::SslAcceptor>,
203 debug: bool,
204 notify_tls_cert_reload: Arc<tokio::sync::Notify>,
205 ) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
206
207 let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
208
209 tokio::spawn(accept_connection(listener, acceptor, debug, sender, notify_tls_cert_reload));
210
211 receiver
212 }
213
214 async fn accept_connection(
215 listener: tokio::net::TcpListener,
216 mut acceptor: Arc<openssl::ssl::SslAcceptor>,
217 debug: bool,
218 sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
219 notify_tls_cert_reload: Arc<tokio::sync::Notify>,
220 ) {
221 let accept_counter = Arc::new(());
222
223 // Note that these must not be moved out/modified directly, they get pinned in the loop and
224 // "rearmed" after waking up:
225 let mut reload_tls = notify_tls_cert_reload.notified();
226 let mut accept = listener.accept();
227
228 loop {
229 let sock;
230
231 // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we
232 // need to be able to "rearm" the futures:
233 let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) };
234 let accept_pin = unsafe { Pin::new_unchecked(&mut accept) };
235 tokio::select! {
236 _ = reload_tls_pin => {
237 // rearm the notification:
238 reload_tls = notify_tls_cert_reload.notified();
239
240 log::info!("reloading certificate");
241 match make_tls_acceptor() {
242 Err(err) => eprintln!("error reloading certificate: {}", err),
243 Ok(new_acceptor) => acceptor = new_acceptor,
244 }
245 continue;
246 }
247 res = accept_pin => match res {
248 Err(err) => {
249 eprintln!("error accepting tcp connection: {}", err);
250 continue;
251 }
252 Ok((new_sock, _addr)) => {
253 // rearm the accept future:
254 accept = listener.accept();
255
256 sock = new_sock;
257 }
258 }
259 };
260
261 sock.set_nodelay(true).unwrap();
262 let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
263 let acceptor = Arc::clone(&acceptor);
264
265 let ssl = match openssl::ssl::Ssl::new(acceptor.context()) {
266 Ok(ssl) => ssl,
267 Err(err) => {
268 eprintln!("failed to create Ssl object from Acceptor context - {}", err);
269 continue;
270 },
271 };
272 let stream = match tokio_openssl::SslStream::new(ssl, sock) {
273 Ok(stream) => stream,
274 Err(err) => {
275 eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
276 continue;
277 },
278 };
279
280 let mut stream = Box::pin(stream);
281 let sender = sender.clone();
282
283 if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
284 eprintln!("connection rejected - to many open connections");
285 continue;
286 }
287
288 let accept_counter = Arc::clone(&accept_counter);
289 tokio::spawn(async move {
290 let accept_future = tokio::time::timeout(
291 Duration::new(10, 0), stream.as_mut().accept());
292
293 let result = accept_future.await;
294
295 match result {
296 Ok(Ok(())) => {
297 if sender.send(Ok(stream)).await.is_err() && debug {
298 eprintln!("detect closed connection channel");
299 }
300 }
301 Ok(Err(err)) => {
302 if debug {
303 eprintln!("https handshake failed - {}", err);
304 }
305 }
306 Err(_) => {
307 if debug {
308 eprintln!("https handshake timeout");
309 }
310 }
311 }
312
313 drop(accept_counter); // decrease reference count
314 });
315 }
316 }
317
318 fn start_stat_generator() {
319 let abort_future = server::shutdown_future();
320 let future = Box::pin(run_stat_generator());
321 let task = futures::future::select(future, abort_future);
322 tokio::spawn(task.map(|_| ()));
323 }
324
325 fn start_task_scheduler() {
326 let abort_future = server::shutdown_future();
327 let future = Box::pin(run_task_scheduler());
328 let task = futures::future::select(future, abort_future);
329 tokio::spawn(task.map(|_| ()));
330 }
331
332 use std::time::{SystemTime, Instant, Duration, UNIX_EPOCH};
333
334 fn next_minute() -> Result<Instant, Error> {
335 let now = SystemTime::now();
336 let epoch_now = now.duration_since(UNIX_EPOCH)?;
337 let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
338 Ok(Instant::now() + epoch_next - epoch_now)
339 }
340
341 async fn run_task_scheduler() {
342
343 let mut count: usize = 0;
344
345 loop {
346 count += 1;
347
348 let delay_target = match next_minute() { // try to run very minute
349 Ok(d) => d,
350 Err(err) => {
351 eprintln!("task scheduler: compute next minute failed - {}", err);
352 tokio::time::sleep_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
353 continue;
354 }
355 };
356
357 if count > 2 { // wait 1..2 minutes before starting
358 match schedule_tasks().catch_unwind().await {
359 Err(panic) => {
360 match panic.downcast::<&str>() {
361 Ok(msg) => {
362 eprintln!("task scheduler panic: {}", msg);
363 }
364 Err(_) => {
365 eprintln!("task scheduler panic - unknown type");
366 }
367 }
368 }
369 Ok(Err(err)) => {
370 eprintln!("task scheduler failed - {:?}", err);
371 }
372 Ok(Ok(_)) => {}
373 }
374 }
375
376 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
377 }
378 }
379
380 async fn schedule_tasks() -> Result<(), Error> {
381
382 schedule_datastore_garbage_collection().await;
383 schedule_datastore_prune().await;
384 schedule_datastore_sync_jobs().await;
385 schedule_datastore_verify_jobs().await;
386 schedule_tape_backup_jobs().await;
387 schedule_task_log_rotate().await;
388
389 Ok(())
390 }
391
392 async fn schedule_datastore_garbage_collection() {
393
394 use proxmox_backup::config::{
395 datastore::{
396 self,
397 DataStoreConfig,
398 },
399 };
400
401 let config = match datastore::config() {
402 Err(err) => {
403 eprintln!("unable to read datastore config - {}", err);
404 return;
405 }
406 Ok((config, _digest)) => config,
407 };
408
409 for (store, (_, store_config)) in config.sections {
410 let datastore = match DataStore::lookup_datastore(&store) {
411 Ok(datastore) => datastore,
412 Err(err) => {
413 eprintln!("lookup_datastore failed - {}", err);
414 continue;
415 }
416 };
417
418 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
419 Ok(c) => c,
420 Err(err) => {
421 eprintln!("datastore config from_value failed - {}", err);
422 continue;
423 }
424 };
425
426 let event_str = match store_config.gc_schedule {
427 Some(event_str) => event_str,
428 None => continue,
429 };
430
431 let event = match parse_calendar_event(&event_str) {
432 Ok(event) => event,
433 Err(err) => {
434 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
435 continue;
436 }
437 };
438
439 if datastore.garbage_collection_running() { continue; }
440
441 let worker_type = "garbage_collection";
442
443 let last = match jobstate::last_run_time(worker_type, &store) {
444 Ok(time) => time,
445 Err(err) => {
446 eprintln!("could not get last run time of {} {}: {}", worker_type, store, err);
447 continue;
448 }
449 };
450
451 let next = match compute_next_event(&event, last, false) {
452 Ok(Some(next)) => next,
453 Ok(None) => continue,
454 Err(err) => {
455 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
456 continue;
457 }
458 };
459
460 let now = proxmox::tools::time::epoch_i64();
461
462 if next > now { continue; }
463
464 let job = match Job::new(worker_type, &store) {
465 Ok(job) => job,
466 Err(_) => continue, // could not get lock
467 };
468
469 let auth_id = Authid::root_auth_id();
470
471 if let Err(err) = crate::server::do_garbage_collection_job(job, datastore, auth_id, Some(event_str), false) {
472 eprintln!("unable to start garbage collection job on datastore {} - {}", store, err);
473 }
474 }
475 }
476
477 async fn schedule_datastore_prune() {
478
479 use proxmox_backup::{
480 backup::{
481 PruneOptions,
482 },
483 config::datastore::{
484 self,
485 DataStoreConfig,
486 },
487 };
488
489 let config = match datastore::config() {
490 Err(err) => {
491 eprintln!("unable to read datastore config - {}", err);
492 return;
493 }
494 Ok((config, _digest)) => config,
495 };
496
497 for (store, (_, store_config)) in config.sections {
498
499 let store_config: DataStoreConfig = match serde_json::from_value(store_config) {
500 Ok(c) => c,
501 Err(err) => {
502 eprintln!("datastore '{}' config from_value failed - {}", store, err);
503 continue;
504 }
505 };
506
507 let event_str = match store_config.prune_schedule {
508 Some(event_str) => event_str,
509 None => continue,
510 };
511
512 let prune_options = PruneOptions {
513 keep_last: store_config.keep_last,
514 keep_hourly: store_config.keep_hourly,
515 keep_daily: store_config.keep_daily,
516 keep_weekly: store_config.keep_weekly,
517 keep_monthly: store_config.keep_monthly,
518 keep_yearly: store_config.keep_yearly,
519 };
520
521 if !prune_options.keeps_something() { // no prune settings - keep all
522 continue;
523 }
524
525 let worker_type = "prune";
526 if check_schedule(worker_type, &event_str, &store) {
527 let job = match Job::new(worker_type, &store) {
528 Ok(job) => job,
529 Err(_) => continue, // could not get lock
530 };
531
532 let auth_id = Authid::root_auth_id().clone();
533 if let Err(err) = do_prune_job(job, prune_options, store.clone(), &auth_id, Some(event_str)) {
534 eprintln!("unable to start datastore prune job {} - {}", &store, err);
535 }
536 };
537 }
538 }
539
540 async fn schedule_datastore_sync_jobs() {
541
542 use proxmox_backup::config::sync::{
543 self,
544 SyncJobConfig,
545 };
546
547 let config = match sync::config() {
548 Err(err) => {
549 eprintln!("unable to read sync job config - {}", err);
550 return;
551 }
552 Ok((config, _digest)) => config,
553 };
554
555 for (job_id, (_, job_config)) in config.sections {
556 let job_config: SyncJobConfig = match serde_json::from_value(job_config) {
557 Ok(c) => c,
558 Err(err) => {
559 eprintln!("sync job config from_value failed - {}", err);
560 continue;
561 }
562 };
563
564 let event_str = match job_config.schedule {
565 Some(ref event_str) => event_str.clone(),
566 None => continue,
567 };
568
569 let worker_type = "syncjob";
570 if check_schedule(worker_type, &event_str, &job_id) {
571 let job = match Job::new(worker_type, &job_id) {
572 Ok(job) => job,
573 Err(_) => continue, // could not get lock
574 };
575
576 let auth_id = Authid::root_auth_id().clone();
577 if let Err(err) = do_sync_job(job, job_config, &auth_id, Some(event_str)) {
578 eprintln!("unable to start datastore sync job {} - {}", &job_id, err);
579 }
580 };
581 }
582 }
583
584 async fn schedule_datastore_verify_jobs() {
585
586 use proxmox_backup::config::verify::{
587 self,
588 VerificationJobConfig,
589 };
590
591 let config = match verify::config() {
592 Err(err) => {
593 eprintln!("unable to read verification job config - {}", err);
594 return;
595 }
596 Ok((config, _digest)) => config,
597 };
598 for (job_id, (_, job_config)) in config.sections {
599 let job_config: VerificationJobConfig = match serde_json::from_value(job_config) {
600 Ok(c) => c,
601 Err(err) => {
602 eprintln!("verification job config from_value failed - {}", err);
603 continue;
604 }
605 };
606 let event_str = match job_config.schedule {
607 Some(ref event_str) => event_str.clone(),
608 None => continue,
609 };
610
611 let worker_type = "verificationjob";
612 let auth_id = Authid::root_auth_id().clone();
613 if check_schedule(worker_type, &event_str, &job_id) {
614 let job = match Job::new(&worker_type, &job_id) {
615 Ok(job) => job,
616 Err(_) => continue, // could not get lock
617 };
618 if let Err(err) = do_verification_job(job, job_config, &auth_id, Some(event_str)) {
619 eprintln!("unable to start datastore verification job {} - {}", &job_id, err);
620 }
621 };
622 }
623 }
624
625 async fn schedule_tape_backup_jobs() {
626
627 use proxmox_backup::config::tape_job::{
628 self,
629 TapeBackupJobConfig,
630 };
631
632 let config = match tape_job::config() {
633 Err(err) => {
634 eprintln!("unable to read tape job config - {}", err);
635 return;
636 }
637 Ok((config, _digest)) => config,
638 };
639 for (job_id, (_, job_config)) in config.sections {
640 let job_config: TapeBackupJobConfig = match serde_json::from_value(job_config) {
641 Ok(c) => c,
642 Err(err) => {
643 eprintln!("tape backup job config from_value failed - {}", err);
644 continue;
645 }
646 };
647 let event_str = match job_config.schedule {
648 Some(ref event_str) => event_str.clone(),
649 None => continue,
650 };
651
652 let worker_type = "tape-backup-job";
653 let auth_id = Authid::root_auth_id().clone();
654 if check_schedule(worker_type, &event_str, &job_id) {
655 let job = match Job::new(&worker_type, &job_id) {
656 Ok(job) => job,
657 Err(_) => continue, // could not get lock
658 };
659 if let Err(err) = do_tape_backup_job(job, job_config.setup, &auth_id, Some(event_str)) {
660 eprintln!("unable to start tape backup job {} - {}", &job_id, err);
661 }
662 };
663 }
664 }
665
666
667 async fn schedule_task_log_rotate() {
668
669 let worker_type = "logrotate";
670 let job_id = "access-log_and_task-archive";
671
672 // schedule daily at 00:00 like normal logrotate
673 let schedule = "00:00";
674
675 if !check_schedule(worker_type, schedule, job_id) {
676 // if we never ran the rotation, schedule instantly
677 match jobstate::JobState::load(worker_type, job_id) {
678 Ok(state) => match state {
679 jobstate::JobState::Created { .. } => {},
680 _ => return,
681 },
682 _ => return,
683 }
684 }
685
686 let mut job = match Job::new(worker_type, job_id) {
687 Ok(job) => job,
688 Err(_) => return, // could not get lock
689 };
690
691 if let Err(err) = WorkerTask::new_thread(
692 worker_type,
693 None,
694 Authid::root_auth_id().clone(),
695 false,
696 move |worker| {
697 job.start(&worker.upid().to_string())?;
698 worker.log("starting task log rotation".to_string());
699
700 let result = try_block!({
701 let max_size = 512 * 1024 - 1; // an entry has ~ 100b, so > 5000 entries/file
702 let max_files = 20; // times twenty files gives > 100000 task entries
703 let has_rotated = rotate_task_log_archive(max_size, true, Some(max_files))?;
704 if has_rotated {
705 worker.log("task log archive was rotated".to_string());
706 } else {
707 worker.log("task log archive was not rotated".to_string());
708 }
709
710 let max_size = 32 * 1024 * 1024 - 1;
711 let max_files = 14;
712 let mut logrotate = LogRotate::new(buildcfg::API_ACCESS_LOG_FN, true)
713 .ok_or_else(|| format_err!("could not get API access log file names"))?;
714
715 if logrotate.rotate(max_size, None, Some(max_files))? {
716 println!("rotated access log, telling daemons to re-open log file");
717 proxmox_backup::tools::runtime::block_on(command_reopen_logfiles())?;
718 worker.log("API access log was rotated".to_string());
719 } else {
720 worker.log("API access log was not rotated".to_string());
721 }
722
723 let mut logrotate = LogRotate::new(buildcfg::API_AUTH_LOG_FN, true)
724 .ok_or_else(|| format_err!("could not get API auth log file names"))?;
725
726 if logrotate.rotate(max_size, None, Some(max_files))? {
727 worker.log("API authentication log was rotated".to_string());
728 } else {
729 worker.log("API authentication log was not rotated".to_string());
730 }
731
732 Ok(())
733 });
734
735 let status = worker.create_state(&result);
736
737 if let Err(err) = job.finish(status) {
738 eprintln!("could not finish job state for {}: {}", worker_type, err);
739 }
740
741 result
742 },
743 ) {
744 eprintln!("unable to start task log rotation: {}", err);
745 }
746
747 }
748
749 async fn command_reopen_logfiles() -> Result<(), Error> {
750 // only care about the most recent daemon instance for each, proxy & api, as other older ones
751 // should not respond to new requests anyway, but only finish their current one and then exit.
752 let sock = server::our_ctrl_sock();
753 let f1 = server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
754
755 let pid = server::read_pid(buildcfg::PROXMOX_BACKUP_API_PID_FN)?;
756 let sock = server::ctrl_sock_from_pid(pid);
757 let f2 = server::send_command(sock, "{\"command\":\"api-access-log-reopen\"}\n");
758
759 match futures::join!(f1, f2) {
760 (Err(e1), Err(e2)) => Err(format_err!("reopen commands failed, proxy: {}; api: {}", e1, e2)),
761 (Err(e1), Ok(_)) => Err(format_err!("reopen commands failed, proxy: {}", e1)),
762 (Ok(_), Err(e2)) => Err(format_err!("reopen commands failed, api: {}", e2)),
763 _ => Ok(()),
764 }
765 }
766
767 async fn run_stat_generator() {
768
769 let mut count = 0;
770 loop {
771 count += 1;
772 let save = if count >= 6 { count = 0; true } else { false };
773
774 let delay_target = Instant::now() + Duration::from_secs(10);
775
776 generate_host_stats(save).await;
777
778 tokio::time::sleep_until(tokio::time::Instant::from_std(delay_target)).await;
779
780 }
781
782 }
783
784 fn rrd_update_gauge(name: &str, value: f64, save: bool) {
785 use proxmox_backup::rrd;
786 if let Err(err) = rrd::update_value(name, value, rrd::DST::Gauge, save) {
787 eprintln!("rrd::update_value '{}' failed - {}", name, err);
788 }
789 }
790
791 fn rrd_update_derive(name: &str, value: f64, save: bool) {
792 use proxmox_backup::rrd;
793 if let Err(err) = rrd::update_value(name, value, rrd::DST::Derive, save) {
794 eprintln!("rrd::update_value '{}' failed - {}", name, err);
795 }
796 }
797
798 async fn generate_host_stats(save: bool) {
799 use proxmox::sys::linux::procfs::{
800 read_meminfo, read_proc_stat, read_proc_net_dev, read_loadavg};
801 use proxmox_backup::config::datastore;
802
803
804 proxmox_backup::tools::runtime::block_in_place(move || {
805
806 match read_proc_stat() {
807 Ok(stat) => {
808 rrd_update_gauge("host/cpu", stat.cpu, save);
809 rrd_update_gauge("host/iowait", stat.iowait_percent, save);
810 }
811 Err(err) => {
812 eprintln!("read_proc_stat failed - {}", err);
813 }
814 }
815
816 match read_meminfo() {
817 Ok(meminfo) => {
818 rrd_update_gauge("host/memtotal", meminfo.memtotal as f64, save);
819 rrd_update_gauge("host/memused", meminfo.memused as f64, save);
820 rrd_update_gauge("host/swaptotal", meminfo.swaptotal as f64, save);
821 rrd_update_gauge("host/swapused", meminfo.swapused as f64, save);
822 }
823 Err(err) => {
824 eprintln!("read_meminfo failed - {}", err);
825 }
826 }
827
828 match read_proc_net_dev() {
829 Ok(netdev) => {
830 use proxmox_backup::config::network::is_physical_nic;
831 let mut netin = 0;
832 let mut netout = 0;
833 for item in netdev {
834 if !is_physical_nic(&item.device) { continue; }
835 netin += item.receive;
836 netout += item.send;
837 }
838 rrd_update_derive("host/netin", netin as f64, save);
839 rrd_update_derive("host/netout", netout as f64, save);
840 }
841 Err(err) => {
842 eprintln!("read_prox_net_dev failed - {}", err);
843 }
844 }
845
846 match read_loadavg() {
847 Ok(loadavg) => {
848 rrd_update_gauge("host/loadavg", loadavg.0 as f64, save);
849 }
850 Err(err) => {
851 eprintln!("read_loadavg failed - {}", err);
852 }
853 }
854
855 let disk_manager = DiskManage::new();
856
857 gather_disk_stats(disk_manager.clone(), Path::new("/"), "host", save);
858
859 match datastore::config() {
860 Ok((config, _)) => {
861 let datastore_list: Vec<datastore::DataStoreConfig> =
862 config.convert_to_typed_array("datastore").unwrap_or_default();
863
864 for config in datastore_list {
865
866 let rrd_prefix = format!("datastore/{}", config.name);
867 let path = std::path::Path::new(&config.path);
868 gather_disk_stats(disk_manager.clone(), path, &rrd_prefix, save);
869 }
870 }
871 Err(err) => {
872 eprintln!("read datastore config failed - {}", err);
873 }
874 }
875
876 });
877 }
878
879 fn check_schedule(worker_type: &str, event_str: &str, id: &str) -> bool {
880 let event = match parse_calendar_event(event_str) {
881 Ok(event) => event,
882 Err(err) => {
883 eprintln!("unable to parse schedule '{}' - {}", event_str, err);
884 return false;
885 }
886 };
887
888 let last = match jobstate::last_run_time(worker_type, &id) {
889 Ok(time) => time,
890 Err(err) => {
891 eprintln!("could not get last run time of {} {}: {}", worker_type, id, err);
892 return false;
893 }
894 };
895
896 let next = match compute_next_event(&event, last, false) {
897 Ok(Some(next)) => next,
898 Ok(None) => return false,
899 Err(err) => {
900 eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
901 return false;
902 }
903 };
904
905 let now = proxmox::tools::time::epoch_i64();
906 next <= now
907 }
908
909 fn gather_disk_stats(disk_manager: Arc<DiskManage>, path: &Path, rrd_prefix: &str, save: bool) {
910
911 match proxmox_backup::tools::disks::disk_usage(path) {
912 Ok(status) => {
913 let rrd_key = format!("{}/total", rrd_prefix);
914 rrd_update_gauge(&rrd_key, status.total as f64, save);
915 let rrd_key = format!("{}/used", rrd_prefix);
916 rrd_update_gauge(&rrd_key, status.used as f64, save);
917 }
918 Err(err) => {
919 eprintln!("read disk_usage on {:?} failed - {}", path, err);
920 }
921 }
922
923 match disk_manager.find_mounted_device(path) {
924 Ok(None) => {},
925 Ok(Some((fs_type, device, source))) => {
926 let mut device_stat = None;
927 match fs_type.as_str() {
928 "zfs" => {
929 if let Some(source) = source {
930 let pool = get_pool_from_dataset(&source).unwrap_or(&source);
931 match zfs_pool_stats(pool) {
932 Ok(stat) => device_stat = stat,
933 Err(err) => eprintln!("zfs_pool_stats({:?}) failed - {}", pool, err),
934 }
935 }
936 }
937 _ => {
938 if let Ok(disk) = disk_manager.clone().disk_by_dev_num(device.into_dev_t()) {
939 match disk.read_stat() {
940 Ok(stat) => device_stat = stat,
941 Err(err) => eprintln!("disk.read_stat {:?} failed - {}", path, err),
942 }
943 }
944 }
945 }
946 if let Some(stat) = device_stat {
947 let rrd_key = format!("{}/read_ios", rrd_prefix);
948 rrd_update_derive(&rrd_key, stat.read_ios as f64, save);
949 let rrd_key = format!("{}/read_bytes", rrd_prefix);
950 rrd_update_derive(&rrd_key, (stat.read_sectors*512) as f64, save);
951
952 let rrd_key = format!("{}/write_ios", rrd_prefix);
953 rrd_update_derive(&rrd_key, stat.write_ios as f64, save);
954 let rrd_key = format!("{}/write_bytes", rrd_prefix);
955 rrd_update_derive(&rrd_key, (stat.write_sectors*512) as f64, save);
956
957 let rrd_key = format!("{}/io_ticks", rrd_prefix);
958 rrd_update_derive(&rrd_key, (stat.io_ticks as f64)/1000.0, save);
959 }
960 }
961 Err(err) => {
962 eprintln!("find_mounted_device failed - {}", err);
963 }
964 }
965 }
Proxmox Backup Server and Client