[pve-common.git] / src / PVE / PBSClient.pm

package PVE::PBSClient;

# utility functions for interaction with Proxmox Backup Server

use strict;
use warnings;
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
use IO::File;
use JSON;
use POSIX qw(strftime ENOENT);

use PVE::Tools qw(run_command file_set_contents file_get_contents file_read_firstline);
use PVE::JSONSchema qw(get_standard_option);

sub new {
    my ($class, $scfg, $storeid, $sdir) = @_;

    die "no section config provided\n" if ref($scfg) eq '';
    die "undefined store id\n" if !defined($storeid);

    my $secret_dir = $sdir // '/etc/pve/priv/storage';

    my $self = bless { scfg => $scfg, storeid => $storeid, secret_dir => $secret_dir }, $class;
}

my sub password_file_name {
    my ($self) = @_;

    return "$self->{secret_dir}/$self->{storeid}.pw";
}

sub set_password {
    my ($self, $password) = @_;

    my $pwfile = password_file_name($self);
    mkdir $self->{secret_dir};

    PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
};

sub delete_password {
    my ($self) = @_;

    my $pwfile = password_file_name($self);

    unlink $pwfile;
};

sub get_password {
    my ($self) = @_;

    my $pwfile = password_file_name($self);

    return PVE::Tools::file_read_firstline($pwfile);
}

sub encryption_key_file_name {
    my ($self) = @_;

    return "$self->{secret_dir}/$self->{storeid}.enc";
};

sub set_encryption_key {
    my ($self, $key) = @_;

    my $encfile = encryption_key_file_name($self);
    mkdir $self->{secret_dir};

    PVE::Tools::file_set_contents($encfile, "$key\n", 0600);
};

sub delete_encryption_key {
    my ($self) = @_;

    my $encfile = encryption_key_file_name($self);

    if (!unlink $encfile) {
	return if $! == ENOENT;
	die "failed to delete encryption key! $!\n";
    }
};

# Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
my sub open_encryption_key {
    my ($self) = @_;

    my $encryption_key_file = encryption_key_file_name($self);

    my $keyfd;
    if (!open($keyfd, '<', $encryption_key_file)) {
	return undef if $! == ENOENT;
	die "failed to open encryption key: $encryption_key_file: $!\n";
    }

    return $keyfd;
}

my $USE_CRYPT_PARAMS = {
    backup => 1,
    restore => 1,
    'upload-log' => 1,
};

my sub do_raw_client_cmd {
    my ($self, $client_cmd, $param, %opts) = @_;

    my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};

    my $client_exe = '/usr/bin/proxmox-backup-client';
    die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
	if ! -x $client_exe;

    my $scfg = $self->{scfg};
    my $server = $scfg->{server};
    my $datastore = $scfg->{datastore};
    my $username = $scfg->{username} // 'root@pam';

    my $userns_cmd = delete $opts{userns_cmd};

    my $cmd = [];

    push @$cmd, @$userns_cmd if defined($userns_cmd);

    push @$cmd, $client_exe, $client_cmd;

    # This must live in the top scope to not get closed before the `run_command`
    my $keyfd;
    if ($use_crypto) {
	if (defined($keyfd = open_encryption_key($self))) {
	    my $flags = fcntl($keyfd, F_GETFD, 0)
		// die "failed to get file descriptor flags: $!\n";
	    fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
		or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
	    push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
	} else {
	    push @$cmd, '--crypt-mode=none';
	}
    }

    push @$cmd, @$param if defined($param);

    push @$cmd, "--repository", "$username\@$server:$datastore";

    local $ENV{PBS_PASSWORD} = get_password($self);

    local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};

    # no ascii-art on task logs
    local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
    local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;

    if (my $logfunc = $opts{logfunc}) {
	$logfunc->("run: " . join(' ', @$cmd));
    }

    run_command($cmd, %opts);
}

my sub run_raw_client_cmd {
    my ($self, $client_cmd, $param, %opts) = @_;
    return do_raw_client_cmd($self, $client_cmd, $param, %opts);
}

my sub run_client_cmd {
    my ($self, $client_cmd, $param, $no_output) = @_;

    my $json_str = '';
    my $outfunc = sub { $json_str .= "$_[0]\n" };

    $param = [] if !defined($param);
    $param = [ $param ] if !ref($param);

    $param = [@$param, '--output-format=json'] if !$no_output;

    do_raw_client_cmd($self, $client_cmd, $param,
		      outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');

    return undef if $no_output;

    my $res = decode_json($json_str);

    return $res;
}

sub autogen_encryption_key {
    my ($self) = @_;
    my $encfile = encryption_key_file_name($self);
    run_command(['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile]);
};

sub get_snapshots {
    my ($self, $opts) = @_;

    my $param = [];
    if (defined($opts->{group})) {
	push @$param, $opts->{group};
    }

    return run_client_cmd($self, "snapshots", $param);
};

sub backup_tree {
    my ($self, $opts) = @_;

    my $type = delete $opts->{type};
    die "backup-type not provided\n" if !defined($type);
    my $id = delete $opts->{id};
    die "backup-id not provided\n" if !defined($id);
    my $root = delete $opts->{root};
    die "root dir not provided\n" if !defined($root);
    my $pxarname = delete $opts->{pxarname};
    die "archive name not provided\n" if !defined($pxarname);
    my $time = delete $opts->{time};

    my $param = [];

    push @$param, "$pxarname.pxar:$root";
    push @$param, '--backup-type', $type;
    push @$param, '--backup-id', $id;
    push @$param, '--backup-time', $time if defined($time);

    return run_raw_client_cmd($self, 'backup', $param, %$opts);
};

sub restore_pxar {
    my ($self, $opts) = @_;

    my $snapshot = delete $opts->{snapshot};
    die "snapshot not provided\n" if !defined($snapshot);
    my $pxarname = delete $opts->{pxarname};
    die "archive name not provided\n" if !defined($pxarname);
    my $target = delete $opts->{target};
    die "restore-target not provided\n" if !defined($target);
    #my $time = delete $opts->{time};

    my $param = [];

    push @$param, "$snapshot";
    push @$param, "$pxarname.pxar";
    push @$param, "$target";
    push @$param, "--allow-existing-dirs", 0;

    return run_raw_client_cmd($self, 'restore', $param, %$opts);
};

sub forget_snapshot {
    my ($self, $snapshot) = @_;

    die "snapshot not provided\n" if !defined($snapshot);

    my $param = [];

    push @$param, "$snapshot";

    return run_raw_client_cmd($self, 'forget', $param);
};

sub prune_group {
    my ($self, $opts, $prune_opts, $group) = @_;

    die "group not provided\n" if !defined($group);

    # do nothing if no keep options specified for remote
    return [] if scalar(keys %$prune_opts) == 0;

    my $param = [];

    push @$param, "--quiet";

    if (defined($opts->{'dry-run'}) && $opts->{'dry-run'}) {
	push @$param, "--dry-run", $opts->{'dry-run'};
    }

    foreach my $keep_opt (keys %$prune_opts) {
	push @$param, "--$keep_opt", $prune_opts->{$keep_opt};
    }
    push @$param, "$group";

    return run_client_cmd($self, 'prune', $param);
};

sub status {
    my ($self) = @_;

    my $total = 0;
    my $free = 0;
    my $used = 0;
    my $active = 0;

    eval {
	my $res = run_client_cmd($self, "status");

	$active = 1;
	$total = $res->{total};
	$used = $res->{used};
	$free = $res->{avail};
    };
    if (my $err = $@) {
	warn $err;
    }

    return ($total, $free, $used, $active);
};

1;
Commit	Line	Data
0904f388 SI	1	package PVE::PBSClient;
	2
	3	# utility functions for interaction with Proxmox Backup Server
	4
	5	use strict;
	6	use warnings;
	7	use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
	8	use IO::File;
	9	use JSON;
	10	use POSIX qw(strftime ENOENT);
	11
	12	use PVE::Tools qw(run_command file_set_contents file_get_contents file_read_firstline);
	13	use PVE::JSONSchema qw(get_standard_option);
	14
	15	sub new {
	16	my ($class, $scfg, $storeid, $sdir) = @_;
	17
	18	die "no section config provided\n" if ref($scfg) eq '';
	19	die "undefined store id\n" if !defined($storeid);
	20
	21	my $secret_dir = $sdir // '/etc/pve/priv/storage';
	22
	23	my $self = bless { scfg => $scfg, storeid => $storeid, secret_dir => $secret_dir }, $class;
	24	}
	25
	26	my sub password_file_name {
	27	my ($self) = @_;
	28
	29	return "$self->{secret_dir}/$self->{storeid}.pw";
	30	}
	31
	32	sub set_password {
	33	my ($self, $password) = @_;
	34
	35	my $pwfile = password_file_name($self);
	36	mkdir $self->{secret_dir};
	37
	38	PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
	39	};
	40
	41	sub delete_password {
	42	my ($self) = @_;
	43
	44	my $pwfile = password_file_name($self);
	45
	46	unlink $pwfile;
	47	};
	48
	49	sub get_password {
	50	my ($self) = @_;
	51
	52	my $pwfile = password_file_name($self);
	53
	54	return PVE::Tools::file_read_firstline($pwfile);
	55	}
	56
	57	sub encryption_key_file_name {
	58	my ($self) = @_;
	59
	60	return "$self->{secret_dir}/$self->{storeid}.enc";
	61	};
	62
	63	sub set_encryption_key {
	64	my ($self, $key) = @_;
65
66	my $encfile = encryption_key_file_name($self);
67	mkdir $self->{secret_dir};
68
69	PVE::Tools::file_set_contents($encfile, "$key\n", 0600);
70	};
71
72	sub delete_encryption_key {
73	my ($self) = @_;
74
75	my $encfile = encryption_key_file_name($self);
76
77	if (!unlink $encfile) {
78	return if $! == ENOENT;
79	die "failed to delete encryption key! $!\n";
80	}
81	};
82
83	# Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
84	my sub open_encryption_key {
85	my ($self) = @_;
86
87	my $encryption_key_file = encryption_key_file_name($self);
88
89	my $keyfd;
90	if (!open($keyfd, '<', $encryption_key_file)) {
91	return undef if $! == ENOENT;
92	die "failed to open encryption key: $encryption_key_file: $!\n";
93	}
94
95	return $keyfd;
96	}
97
98	my $USE_CRYPT_PARAMS = {
99	backup => 1,
100	restore => 1,
101	'upload-log' => 1,
102	};
103
104	my sub do_raw_client_cmd {
105	my ($self, $client_cmd, $param, %opts) = @_;
106
107	my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
108
109	my $client_exe = '/usr/bin/proxmox-backup-client';
110	die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
111	if ! -x $client_exe;
112
113	my $scfg = $self->{scfg};
114	my $server = $scfg->{server};
115	my $datastore = $scfg->{datastore};
116	my $username = $scfg->{username} // 'root@pam';
117
118	my $userns_cmd = delete $opts{userns_cmd};
119
120	my $cmd = [];
121
122	push @$cmd, @$userns_cmd if defined($userns_cmd);
123
124	push @$cmd, $client_exe, $client_cmd;
125
126	# This must live in the top scope to not get closed before the `run_command`
127	my $keyfd;
128	if ($use_crypto) {
129	if (defined($keyfd = open_encryption_key($self))) {
130	my $flags = fcntl($keyfd, F_GETFD, 0)
131	// die "failed to get file descriptor flags: $!\n";
132	fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
133	or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
134	push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
135	} else {
136	push @$cmd, '--crypt-mode=none';
137	}
138	}
139
140	push @$cmd, @$param if defined($param);
141
142	push @$cmd, "--repository", "$username\@$server:$datastore";
143
144	local $ENV{PBS_PASSWORD} = get_password($self);
145
146	local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
147
148	# no ascii-art on task logs
149	local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
150	local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
151
152	if (my $logfunc = $opts{logfunc}) {
153	$logfunc->("run: " . join(' ', @$cmd));
154	}
155
156	run_command($cmd, %opts);
157	}
158
159	my sub run_raw_client_cmd {
160	my ($self, $client_cmd, $param, %opts) = @_;
161	return do_raw_client_cmd($self, $client_cmd, $param, %opts);
162	}
163
164	my sub run_client_cmd {
165	my ($self, $client_cmd, $param, $no_output) = @_;
166
167	my $json_str = '';
168	my $outfunc = sub { $json_str .= "$_[0]\n" };
169
170	$param = [] if !defined($param);
171	$param = [ $param ] if !ref($param);
172
173	$param = [@$param, '--output-format=json'] if !$no_output;
174
175	do_raw_client_cmd($self, $client_cmd, $param,
176	outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
177
178	return undef if $no_output;
179
180	my $res = decode_json($json_str);
181
182	return $res;
183	}
184
185	sub autogen_encryption_key {
186	my ($self) = @_;
187	my $encfile = encryption_key_file_name($self);
188	run_command(['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile]);
189	};
190
191	sub get_snapshots {
192	my ($self, $opts) = @_;
193
194	my $param = [];
195	if (defined($opts->{group})) {
196	push @$param, $opts->{group};
197	}
198
199	return run_client_cmd($self, "snapshots", $param);
200	};
201
202	sub backup_tree {
203	my ($self, $opts) = @_;
204
205	my $type = delete $opts->{type};
206	die "backup-type not provided\n" if !defined($type);
207	my $id = delete $opts->{id};
208	die "backup-id not provided\n" if !defined($id);
209	my $root = delete $opts->{root};
210	die "root dir not provided\n" if !defined($root);
211	my $pxarname = delete $opts->{pxarname};
212	die "archive name not provided\n" if !defined($pxarname);
213	my $time = delete $opts->{time};
214
215	my $param = [];
216
217	push @$param, "$pxarname.pxar:$root";
218	push @$param, '--backup-type', $type;
219	push @$param, '--backup-id', $id;
220	push @$param, '--backup-time', $time if defined($time);
221
222	return run_raw_client_cmd($self, 'backup', $param, %$opts);
223	};
224
225	sub restore_pxar {
226	my ($self, $opts) = @_;
227
228	my $snapshot = delete $opts->{snapshot};
229	die "snapshot not provided\n" if !defined($snapshot);
230	my $pxarname = delete $opts->{pxarname};
231	die "archive name not provided\n" if !defined($pxarname);
232	my $target = delete $opts->{target};
233	die "restore-target not provided\n" if !defined($target);
234	#my $time = delete $opts->{time};
235
236	my $param = [];
237
238	push @$param, "$snapshot";
239	push @$param, "$pxarname.pxar";
240	push @$param, "$target";
241	push @$param, "--allow-existing-dirs", 0;
242
243	return run_raw_client_cmd($self, 'restore', $param, %$opts);
244	};
245
246	sub forget_snapshot {
247	my ($self, $snapshot) = @_;
248
249	die "snapshot not provided\n" if !defined($snapshot);
250
251	my $param = [];
252
253	push @$param, "$snapshot";
254
255	return run_raw_client_cmd($self, 'forget', $param);
256	};
257
258	sub prune_group {
259	my ($self, $opts, $prune_opts, $group) = @_;
260
261	die "group not provided\n" if !defined($group);
262
263	# do nothing if no keep options specified for remote
264	return [] if scalar(keys %$prune_opts) == 0;
265
266	my $param = [];
267
268	push @$param, "--quiet";
269
270	if (defined($opts->{'dry-run'}) && $opts->{'dry-run'}) {
271	push @$param, "--dry-run", $opts->{'dry-run'};
272	}
273
274	foreach my $keep_opt (keys %$prune_opts) {
275	push @$param, "--$keep_opt", $prune_opts->{$keep_opt};
276	}
277	push @$param, "$group";
278
279	return run_client_cmd($self, 'prune', $param);
280	};
281
282	sub status {
283	my ($self) = @_;
284
285	my $total = 0;
286	my $free = 0;
287	my $used = 0;
288	my $active = 0;
289
290	eval {
291	my $res = run_client_cmd($self, "status");
292
293	$active = 1;
294	$total = $res->{total};
295	$used = $res->{used};
296	$free = $res->{avail};
297	};
298	if (my $err = $@) {
299	warn $err;
300	}
301
302	return ($total, $free, $used, $active);
303	};
304
305	1;