1 use std
::collections
::HashMap
;
3 use std
::hash
::BuildHasher
;
4 use std
::os
::unix
::io
::AsRawFd
;
5 use std
::path
::{Path, PathBuf}
;
8 use anyhow
::{bail, format_err, Error}
;
9 use futures
::future
::FutureExt
;
11 use futures
::stream
::{StreamExt, TryStreamExt}
;
12 use nix
::unistd
::{fork, ForkResult}
;
13 use serde_json
::Value
;
14 use tokio
::signal
::unix
::{signal, SignalKind}
;
16 use proxmox
::{sortable, identity}
;
17 use proxmox
::api
::{ApiHandler, ApiMethod, RpcEnvironment, schema::*, cli::*}
;
18 use proxmox
::tools
::fd
::Fd
;
20 use proxmox_backup
::tools
;
21 use proxmox_backup
::backup
::{
27 BufferedDynamicReader
,
31 use proxmox_backup
::client
::*;
35 extract_repository_from_value
,
36 complete_pxar_archive_name
,
37 complete_img_archive_name
,
38 complete_group_or_snapshot
,
42 api_datastore_latest_snapshot
,
43 BufferedDynamicReadAt
,
46 use crate::proxmox_client_tools
::key_source
::get_encryption_key_password
;
49 const API_METHOD_MOUNT
: ApiMethod
= ApiMethod
::new(
50 &ApiHandler
::Sync(&mount
),
52 "Mount pxar archive.",
54 ("snapshot", false, &StringSchema
::new("Group/Snapshot path.").schema()),
55 ("archive-name", false, &StringSchema
::new("Backup archive name.").schema()),
56 ("target", false, &StringSchema
::new("Target directory path.").schema()),
57 ("repository", true, &REPO_URL_SCHEMA
),
58 ("keyfile", true, &StringSchema
::new("Path to encryption key.").schema()),
59 ("verbose", true, &BooleanSchema
::new("Verbose output and stay in foreground.").default(false).schema()),
65 const API_METHOD_MAP
: ApiMethod
= ApiMethod
::new(
66 &ApiHandler
::Sync(&mount
),
68 "Map a drive image from a VM backup to a local loopback device. Use 'unmap' to undo.
69 WARNING: Only do this with *trusted* backups!",
71 ("snapshot", false, &StringSchema
::new("Group/Snapshot path.").schema()),
72 ("archive-name", false, &StringSchema
::new("Backup archive name.").schema()),
73 ("repository", true, &REPO_URL_SCHEMA
),
74 ("keyfile", true, &StringSchema
::new("Path to encryption key.").schema()),
75 ("verbose", true, &BooleanSchema
::new("Verbose output and stay in foreground.").default(false).schema()),
81 const API_METHOD_UNMAP
: ApiMethod
= ApiMethod
::new(
82 &ApiHandler
::Sync(&unmap
),
84 "Unmap a loop device mapped with 'map' and release all resources.",
86 ("name", true, &StringSchema
::new(
87 concat
!("Archive name, path to loopdev (/dev/loopX) or loop device number. ",
88 "Omit to list all current mappings and force cleaning up leftover instances.")
94 pub fn mount_cmd_def() -> CliCommand
{
96 CliCommand
::new(&API_METHOD_MOUNT
)
97 .arg_param(&["snapshot", "archive-name", "target"])
98 .completion_cb("repository", complete_repository
)
99 .completion_cb("snapshot", complete_group_or_snapshot
)
100 .completion_cb("archive-name", complete_pxar_archive_name
)
101 .completion_cb("target", tools
::complete_file_name
)
104 pub fn map_cmd_def() -> CliCommand
{
106 CliCommand
::new(&API_METHOD_MAP
)
107 .arg_param(&["snapshot", "archive-name"])
108 .completion_cb("repository", complete_repository
)
109 .completion_cb("snapshot", complete_group_or_snapshot
)
110 .completion_cb("archive-name", complete_img_archive_name
)
113 pub fn unmap_cmd_def() -> CliCommand
{
115 CliCommand
::new(&API_METHOD_UNMAP
)
116 .arg_param(&["name"])
117 .completion_cb("name", complete_mapping_names
)
120 fn complete_mapping_names
<S
: BuildHasher
>(_arg
: &str, _param
: &HashMap
<String
, String
, S
>)
123 match tools
::fuse_loop
::find_all_mappings() {
124 Ok(mappings
) => mappings
125 .filter_map(|(name
, _
)| {
126 tools
::systemd
::unescape_unit(&name
).ok()
135 _rpcenv
: &mut dyn RpcEnvironment
,
136 ) -> Result
<Value
, Error
> {
138 let verbose
= param
["verbose"].as_bool().unwrap_or(false);
140 // This will stay in foreground with debug output enabled as None is
141 // passed for the RawFd.
142 return pbs_runtime
::main(mount_do(param
, None
));
145 // Process should be daemonized.
146 // Make sure to fork before the async runtime is instantiated to avoid troubles.
147 let (pr
, pw
) = proxmox_backup
::tools
::pipe()?
;
148 match unsafe { fork() }
{
149 Ok(ForkResult
::Parent { .. }
) => {
151 // Blocks the parent process until we are ready to go in the child
152 let _res
= nix
::unistd
::read(pr
.as_raw_fd(), &mut [0]).unwrap();
155 Ok(ForkResult
::Child
) => {
157 nix
::unistd
::setsid().unwrap();
158 pbs_runtime
::main(mount_do(param
, Some(pw
)))
160 Err(_
) => bail
!("failed to daemonize process"),
164 async
fn mount_do(param
: Value
, pipe
: Option
<Fd
>) -> Result
<Value
, Error
> {
165 let repo
= extract_repository_from_value(¶m
)?
;
166 let archive_name
= tools
::required_string_param(¶m
, "archive-name")?
;
167 let client
= connect(&repo
)?
;
169 let target
= param
["target"].as_str();
171 record_repository(&repo
);
173 let path
= tools
::required_string_param(¶m
, "snapshot")?
;
174 let (backup_type
, backup_id
, backup_time
) = if path
.matches('
/'
).count() == 1 {
175 let group
: BackupGroup
= path
.parse()?
;
176 api_datastore_latest_snapshot(&client
, repo
.store(), group
).await?
178 let snapshot
: BackupDir
= path
.parse()?
;
179 (snapshot
.group().backup_type().to_owned(), snapshot
.group().backup_id().to_owned(), snapshot
.backup_time())
182 let keyfile
= param
["keyfile"].as_str().map(PathBuf
::from
);
183 let crypt_config
= match keyfile
{
186 println
!("Encryption key file: '{:?}'", path
);
187 let (key
, _
, fingerprint
) = load_and_decrypt_key(&path
, &get_encryption_key_password
)?
;
188 println
!("Encryption key fingerprint: '{}'", fingerprint
);
189 Some(Arc
::new(CryptConfig
::new(key
)?
))
193 let server_archive_name
= if archive_name
.ends_with(".pxar") {
194 if target
.is_none() {
195 bail
!("use the 'mount' command to mount pxar archives");
197 format
!("{}.didx", archive_name
)
198 } else if archive_name
.ends_with(".img") {
199 if target
.is_some() {
200 bail
!("use the 'map' command to map drive images");
202 format
!("{}.fidx", archive_name
)
204 bail
!("Can only mount/map pxar archives and drive images.");
207 let client
= BackupReader
::start(
209 crypt_config
.clone(),
217 let (manifest
, _
) = client
.download_manifest().await?
;
218 manifest
.check_fingerprint(crypt_config
.as_ref().map(Arc
::as_ref
))?
;
220 let file_info
= manifest
.lookup_file_info(&server_archive_name
)?
;
222 let daemonize
= || -> Result
<(), Error
> {
223 if let Some(pipe
) = pipe
{
224 nix
::unistd
::chdir(Path
::new("/")).unwrap();
225 // Finish creation of daemon by redirecting filedescriptors.
226 let nullfd
= nix
::fcntl
::open(
228 nix
::fcntl
::OFlag
::O_RDWR
,
229 nix
::sys
::stat
::Mode
::empty(),
231 nix
::unistd
::dup2(nullfd
, 0).unwrap();
232 nix
::unistd
::dup2(nullfd
, 1).unwrap();
233 nix
::unistd
::dup2(nullfd
, 2).unwrap();
235 nix
::unistd
::close(nullfd
).unwrap();
237 // Signal the parent process that we are done with the setup and it can
239 nix
::unistd
::write(pipe
.as_raw_fd(), &[0u8])?
;
246 let options
= OsStr
::new("ro,default_permissions");
248 // handle SIGINT and SIGTERM
249 let mut interrupt_int
= signal(SignalKind
::interrupt())?
;
250 let mut interrupt_term
= signal(SignalKind
::terminate())?
;
252 let mut interrupt
= futures
::future
::select(interrupt_int
.recv().boxed(), interrupt_term
.recv().boxed());
254 if server_archive_name
.ends_with(".didx") {
255 let index
= client
.download_dynamic_index(&manifest
, &server_archive_name
).await?
;
256 let most_used
= index
.find_most_used_chunks(8);
257 let chunk_reader
= RemoteChunkReader
::new(client
.clone(), crypt_config
, file_info
.chunk_crypt_mode(), most_used
);
258 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
259 let archive_size
= reader
.archive_size();
260 let reader
: proxmox_backup
::pxar
::fuse
::Reader
=
261 Arc
::new(BufferedDynamicReadAt
::new(reader
));
262 let decoder
= proxmox_backup
::pxar
::fuse
::Accessor
::new(reader
, archive_size
).await?
;
264 let session
= proxmox_backup
::pxar
::fuse
::Session
::mount(
268 Path
::new(target
.unwrap()),
270 .map_err(|err
| format_err
!("pxar mount failed: {}", err
))?
;
275 res
= session
.fuse() => res?
,
277 // exit on interrupted
280 } else if server_archive_name
.ends_with(".fidx") {
281 let index
= client
.download_fixed_index(&manifest
, &server_archive_name
).await?
;
282 let size
= index
.index_bytes();
283 let chunk_reader
= RemoteChunkReader
::new(client
.clone(), crypt_config
, file_info
.chunk_crypt_mode(), HashMap
::new());
284 let reader
= CachedChunkReader
::new(chunk_reader
, index
, 8).seekable();
286 let name
= &format
!("{}:{}/{}", repo
.to_string(), path
, archive_name
);
287 let name_escaped
= tools
::systemd
::escape_unit(name
, false);
289 let mut session
= tools
::fuse_loop
::FuseLoopSession
::map_loop(size
, reader
, &name_escaped
, options
).await?
;
290 let loopdev
= session
.loopdev_path
.clone();
292 let (st_send
, st_recv
) = futures
::channel
::mpsc
::channel(1);
293 let (mut abort_send
, abort_recv
) = futures
::channel
::mpsc
::channel(1);
294 let mut st_recv
= st_recv
.fuse();
295 let mut session_fut
= session
.main(st_send
, abort_recv
).boxed().fuse();
297 // poll until loop file is mapped (or errors)
299 _res
= session_fut
=> {
300 bail
!("FUSE session unexpectedly ended before loop file mapping");
302 res
= st_recv
.try_next() => {
303 if let Err(err
) = res
{
304 // init went wrong, abort now
305 abort_send
.try_send(()).map_err(|err
|
306 format_err
!("error while sending abort signal - {}", err
))?
;
307 // ignore and keep original error cause
308 let _
= session_fut
.await
;
314 // daemonize only now to be able to print mapped loopdev or startup errors
315 println
!("Image '{}' mapped on {}", name
, loopdev
);
318 // continue polling until complete or interrupted (which also happens on unmap)
320 res
= session_fut
=> res?
,
322 // exit on interrupted
323 abort_send
.try_send(()).map_err(|err
|
324 format_err
!("error while sending abort signal - {}", err
))?
;
329 println
!("Image unmapped");
331 bail
!("unknown archive file extension (expected .pxar or .img)");
340 _rpcenv
: &mut dyn RpcEnvironment
,
341 ) -> Result
<Value
, Error
> {
343 let mut name
= match param
["name"].as_str() {
344 Some(name
) => name
.to_owned(),
346 tools
::fuse_loop
::cleanup_unused_run_files(None
);
348 for (backing
, loopdev
) in tools
::fuse_loop
::find_all_mappings()?
{
349 let name
= tools
::systemd
::unescape_unit(&backing
)?
;
350 println
!("{}:\t{}", loopdev
.unwrap_or_else(|| "(unmapped)".to_string()), name
);
354 println
!("Nothing mapped.");
356 return Ok(Value
::Null
);
360 // allow loop device number alone
361 if let Ok(num
) = name
.parse
::<u8>() {
362 name
= format
!("/dev/loop{}", num
);
365 if name
.starts_with("/dev/loop") {
366 tools
::fuse_loop
::unmap_loopdev(name
)?
;
368 let name
= tools
::systemd
::escape_unit(&name
, false);
369 tools
::fuse_loop
::unmap_name(name
)?
;