src/PVE/PBSClient.pm

   1 package PVE::PBSClient;
   2 # utility functions for interaction with Proxmox Backup client CLI executable
   3
   4 use strict;
   5 use warnings;
   6
   7 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
   8 use IO::File;
   9 use JSON;
  10 use POSIX qw(strftime ENOENT);
  11
  12 use PVE::JSONSchema qw(get_standard_option);
  13 use PVE::Tools qw(run_command file_set_contents file_get_contents file_read_firstline $IPV6RE);
  14
  15 # returns a repository string suitable for proxmox-backup-client, pbs-restore, etc.
  16 # $scfg must have the following structure:
  17 # {
  18 #     datastore
  19 #     server
  20 #     port        (optional defaults to 8007)
  21 #     username    (optional defaults to 'root@pam')
  22 # }
  23 sub get_repository {
  24     my ($scfg) = @_;
  25
  26     my $server = $scfg->{server};
  27     die "no server given\n" if !defined($server);
  28
  29     $server = "[$server]" if $server =~ /^$IPV6RE$/;
  30
  31     if (my $port = $scfg->{port}) {
  32         $server .= ":$port" if $port != 8007;
  33     }
  34
  35     my $datastore = $scfg->{datastore};
  36     die "no datastore given\n" if !defined($datastore);
  37
  38     my $username = $scfg->{username} // 'root@pam';
  39
  40     return "$username\@$server:$datastore";
  41 }
  42
  43 sub new {
  44     my ($class, $scfg, $storeid, $sdir) = @_;
  45
  46     die "no section config provided\n" if ref($scfg) eq '';
  47     die "undefined store id\n" if !defined($storeid);
  48
  49     my $secret_dir = $sdir // '/etc/pve/priv/storage';
  50
  51     my $self = bless {
  52         scfg => $scfg,
  53         storeid => $storeid,
  54         secret_dir => $secret_dir
  55     }, $class;
  56     return $self;
  57 }
  58
  59 my sub password_file_name {
  60     my ($self) = @_;
  61
  62     return "$self->{secret_dir}/$self->{storeid}.pw";
  63 }
  64
  65 sub set_password {
  66     my ($self, $password) = @_;
  67
  68     my $pwfile = password_file_name($self);
  69     mkdir $self->{secret_dir};
  70
  71     PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
  72 };
  73
  74 sub delete_password {
  75     my ($self) = @_;
  76
  77     my $pwfile = password_file_name($self);
  78
  79     unlink $pwfile or die "deleting password file failed - $!\n";
  80 };
  81
  82 sub get_password {
  83     my ($self) = @_;
  84
  85     my $pwfile = password_file_name($self);
  86
  87     return PVE::Tools::file_read_firstline($pwfile);
  88 }
  89
  90 sub encryption_key_file_name {
  91     my ($self) = @_;
  92
  93     return "$self->{secret_dir}/$self->{storeid}.enc";
  94 };
  95
  96 sub set_encryption_key {
  97     my ($self, $key) = @_;
  98
  99     my $encfile = $self->encryption_key_file_name();
 100     mkdir $self->{secret_dir};
 101
 102     PVE::Tools::file_set_contents($encfile, "$key\n", 0600);
 103 };
 104
 105 sub delete_encryption_key {
 106     my ($self) = @_;
 107
 108     my $encfile = $self->encryption_key_file_name();
 109
 110     if (!unlink $encfile) {
 111         return if $! == ENOENT;
 112         die "failed to delete encryption key! $!\n";
 113     }
 114 };
 115
 116 # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
 117 my sub open_encryption_key {
 118     my ($self) = @_;
 119
 120     my $encryption_key_file = $self->encryption_key_file_name();
 121
 122     my $keyfd;
 123     if (!open($keyfd, '<', $encryption_key_file)) {
 124         return undef if $! == ENOENT;
 125         die "failed to open encryption key: $encryption_key_file: $!\n";
 126     }
 127
 128     return $keyfd;
 129 }
 130
 131 my $USE_CRYPT_PARAMS = {
 132     backup => 1,
 133     restore => 1,
 134     'upload-log' => 1,
 135 };
 136
 137 my sub do_raw_client_cmd {
 138     my ($self, $client_cmd, $param, %opts) = @_;
 139
 140     my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
 141
 142     my $client_exe = (delete $opts{binary}) || 'proxmox-backup-client';
 143     $client_exe = "/usr/bin/$client_exe";
 144     die "executable not found '$client_exe'! proxmox-backup-client or proxmox-backup-file-restore not installed?\n"
 145         if ! -x $client_exe;
 146
 147     my $scfg = $self->{scfg};
 148     my $repo = get_repository($scfg);
 149
 150     my $userns_cmd = delete $opts{userns_cmd};
 151
 152     my $cmd = [];
 153
 154     push @$cmd, @$userns_cmd if defined($userns_cmd);
 155
 156     push @$cmd, $client_exe, $client_cmd;
 157
 158     # This must live in the top scope to not get closed before the `run_command`
 159     my $keyfd;
 160     if ($use_crypto) {
 161         if (defined($keyfd = open_encryption_key($self))) {
 162             my $flags = fcntl($keyfd, F_GETFD, 0)
 163                 // die "failed to get file descriptor flags: $!\n";
 164             fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
 165                 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
 166             push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
 167         } else {
 168             push @$cmd, '--crypt-mode=none';
 169         }
 170     }
 171
 172     push @$cmd, @$param if defined($param);
 173
 174     push @$cmd, "--repository", $repo;
 175
 176     local $ENV{PBS_PASSWORD} = $self->get_password();
 177
 178     local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
 179
 180     # no ascii-art on task logs
 181     local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
 182     local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
 183
 184     if (my $logfunc = $opts{logfunc}) {
 185         $logfunc->("run: " . join(' ', @$cmd));
 186     }
 187
 188     run_command($cmd, %opts);
 189 }
 190
 191 my sub run_raw_client_cmd {
 192     my ($self, $client_cmd, $param, %opts) = @_;
 193     return do_raw_client_cmd($self, $client_cmd, $param, %opts);
 194 }
 195
 196 my sub run_client_cmd {
 197     my ($self, $client_cmd, $param, $no_output, $binary) = @_;
 198
 199     my $json_str = '';
 200     my $outfunc = sub { $json_str .= "$_[0]\n" };
 201
 202     $binary //= 'proxmox-backup-client';
 203
 204     $param = [] if !defined($param);
 205     $param = [ $param ] if !ref($param);
 206
 207     $param = [@$param, '--output-format=json'] if !$no_output;
 208
 209     do_raw_client_cmd(
 210         $self,
 211         $client_cmd,
 212         $param,
 213         outfunc => $outfunc,
 214         errmsg => "$binary failed",
 215         binary => $binary,
 216     );
 217
 218     return undef if $no_output;
 219
 220     my $res = decode_json($json_str);
 221
 222     return $res;
 223 }
 224
 225 sub autogen_encryption_key {
 226     my ($self) = @_;
 227     my $encfile = $self->encryption_key_file_name();
 228     run_command(
 229         ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile],
 230         errmsg => 'failed to create encryption key'
 231     );
 232     return file_get_contents($encfile);
 233 };
 234
 235 # lists all snapshots, optionally limited to a specific group
 236 sub get_snapshots {
 237     my ($self, $group) = @_;
 238
 239     my $param = [];
 240     push @$param, $group if defined($group);
 241
 242     return run_client_cmd($self, "snapshots", $param);
 243 };
 244
 245 # create a new PXAR backup of a FS directory tree - doesn't cross FS boundary
 246 # by default.
 247 sub backup_fs_tree {
 248     my ($self, $root, $id, $pxarname, $cmd_opts) = @_;
 249
 250     die "backup-id not provided\n" if !defined($id);
 251     die "backup root dir not provided\n" if !defined($root);
 252     die "archive name not provided\n" if !defined($pxarname);
 253
 254     my $param = [
 255         "$pxarname.pxar:$root",
 256         '--backup-type', 'host',
 257         '--backup-id', $id,
 258     ];
 259
 260     $cmd_opts //= {};
 261
 262     return run_raw_client_cmd($self, 'backup', $param, %$cmd_opts);
 263 };
 264
 265 sub restore_pxar {
 266     my ($self, $snapshot, $pxarname, $target, $cmd_opts) = @_;
 267
 268     die "snapshot not provided\n" if !defined($snapshot);
 269     die "archive name not provided\n" if !defined($pxarname);
 270     die "restore-target not provided\n" if !defined($target);
 271
 272     my $param = [
 273         "$snapshot",
 274         "$pxarname.pxar",
 275         "$target",
 276         "--allow-existing-dirs", 0,
 277     ];
 278     $cmd_opts //= {};
 279
 280     return run_raw_client_cmd($self, 'restore', $param, %$cmd_opts);
 281 };
 282
 283 sub forget_snapshot {
 284     my ($self, $snapshot) = @_;
 285
 286     die "snapshot not provided\n" if !defined($snapshot);
 287
 288     return run_raw_client_cmd($self, 'forget', ["$snapshot"]);
 289 };
 290
 291 sub prune_group {
 292     my ($self, $opts, $prune_opts, $group) = @_;
 293
 294     die "group not provided\n" if !defined($group);
 295
 296     # do nothing if no keep options specified for remote
 297     return [] if scalar(keys %$prune_opts) == 0;
 298
 299     my $param = [];
 300
 301     push @$param, "--quiet";
 302
 303     if (defined($opts->{'dry-run'}) && $opts->{'dry-run'}) {
 304         push @$param, "--dry-run", $opts->{'dry-run'};
 305     }
 306
 307     foreach my $keep_opt (keys %$prune_opts) {
 308         push @$param, "--$keep_opt", $prune_opts->{$keep_opt};
 309     }
 310     push @$param, "$group";
 311
 312     return run_client_cmd($self, 'prune', $param);
 313 };
 314
 315 sub status {
 316     my ($self) = @_;
 317
 318     my $total = 0;
 319     my $free = 0;
 320     my $used = 0;
 321     my $active = 0;
 322
 323     eval {
 324         my $res = run_client_cmd($self, "status");
 325
 326         $active = 1;
 327         $total = $res->{total};
 328         $used = $res->{used};
 329         $free = $res->{avail};
 330     };
 331     if (my $err = $@) {
 332         warn $err;
 333     }
 334
 335     return ($total, $free, $used, $active);
 336 };
 337
 338 1;