]>
git.proxmox.com Git - pve-common.git/blob - src/PVE/PBSClient.pm
1 package PVE
::PBSClient
;
2 # utility functions for interaction with Proxmox Backup client CLI executable
7 use Fcntl
qw(F_GETFD F_SETFD FD_CLOEXEC);
10 use POSIX
qw(strftime ENOENT);
12 use PVE
::JSONSchema
qw(get_standard_option);
13 use PVE
::Tools
qw(run_command file_set_contents file_get_contents file_read_firstline $IPV6RE);
15 # returns a repository string suitable for proxmox-backup-client, pbs-restore, etc.
16 # $scfg must have the following structure:
20 # port (optional defaults to 8007)
21 # username (optional defaults to 'root@pam')
26 my $server = $scfg->{server
};
27 die "no server given\n" if !defined($server);
29 $server = "[$server]" if $server =~ /^$IPV6RE$/;
31 if (my $port = $scfg->{port
}) {
32 $server .= ":$port" if $port != 8007;
35 my $datastore = $scfg->{datastore
};
36 die "no datastore given\n" if !defined($datastore);
38 my $username = $scfg->{username
} // 'root@pam';
40 return "$username\@$server:$datastore";
44 my ($class, $scfg, $storeid, $sdir) = @_;
46 die "no section config provided\n" if ref($scfg) eq '';
47 die "undefined store id\n" if !defined($storeid);
49 my $secret_dir = $sdir // '/etc/pve/priv/storage';
54 secret_dir
=> $secret_dir
59 my sub password_file_name
{
62 return "$self->{secret_dir}/$self->{storeid}.pw";
66 my ($self, $password) = @_;
68 my $pwfile = password_file_name
($self);
69 mkdir $self->{secret_dir
};
71 PVE
::Tools
::file_set_contents
($pwfile, "$password\n", 0600);
77 my $pwfile = password_file_name
($self);
79 unlink $pwfile or die "deleting password file failed - $!\n";
85 my $pwfile = password_file_name
($self);
87 return PVE
::Tools
::file_read_firstline
($pwfile);
90 sub encryption_key_file_name
{
93 return "$self->{secret_dir}/$self->{storeid}.enc";
96 sub set_encryption_key
{
97 my ($self, $key) = @_;
99 my $encfile = $self->encryption_key_file_name();
100 mkdir $self->{secret_dir
};
102 PVE
::Tools
::file_set_contents
($encfile, "$key\n", 0600);
105 sub delete_encryption_key
{
108 my $encfile = $self->encryption_key_file_name();
110 if (!unlink $encfile) {
111 return if $! == ENOENT
;
112 die "failed to delete encryption key! $!\n";
116 # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
117 my sub open_encryption_key
{
120 my $encryption_key_file = $self->encryption_key_file_name();
123 if (!open($keyfd, '<', $encryption_key_file)) {
124 return undef if $! == ENOENT
;
125 die "failed to open encryption key: $encryption_key_file: $!\n";
131 my $USE_CRYPT_PARAMS = {
137 my sub do_raw_client_cmd
{
138 my ($self, $client_cmd, $param, %opts) = @_;
140 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
142 my $client_exe = '/usr/bin/proxmox-backup-client';
143 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
146 my $scfg = $self->{scfg
};
147 my $repo = get_repository
($scfg);
149 my $userns_cmd = delete $opts{userns_cmd
};
153 push @$cmd, @$userns_cmd if defined($userns_cmd);
155 push @$cmd, $client_exe, $client_cmd;
157 # This must live in the top scope to not get closed before the `run_command`
160 if (defined($keyfd = open_encryption_key
($self))) {
161 my $flags = fcntl($keyfd, F_GETFD
, 0)
162 // die "failed to get file descriptor flags: $!\n";
163 fcntl($keyfd, F_SETFD
, $flags & ~FD_CLOEXEC
)
164 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
165 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
167 push @$cmd, '--crypt-mode=none';
171 push @$cmd, @$param if defined($param);
173 push @$cmd, "--repository", $repo;
175 local $ENV{PBS_PASSWORD
} = $self->get_password();
177 local $ENV{PBS_FINGERPRINT
} = $scfg->{fingerprint
};
179 # no ascii-art on task logs
180 local $ENV{PROXMOX_OUTPUT_NO_BORDER
} = 1;
181 local $ENV{PROXMOX_OUTPUT_NO_HEADER
} = 1;
183 if (my $logfunc = $opts{logfunc
}) {
184 $logfunc->("run: " . join(' ', @$cmd));
187 run_command
($cmd, %opts);
190 my sub run_raw_client_cmd
{
191 my ($self, $client_cmd, $param, %opts) = @_;
192 return do_raw_client_cmd
($self, $client_cmd, $param, %opts);
195 my sub run_client_cmd
{
196 my ($self, $client_cmd, $param, $no_output) = @_;
199 my $outfunc = sub { $json_str .= "$_[0]\n" };
201 $param = [] if !defined($param);
202 $param = [ $param ] if !ref($param);
204 $param = [@$param, '--output-format=json'] if !$no_output;
211 errmsg
=> 'proxmox-backup-client failed'
214 return undef if $no_output;
216 my $res = decode_json
($json_str);
221 sub autogen_encryption_key
{
223 my $encfile = $self->encryption_key_file_name();
225 ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile],
226 errmsg
=> 'failed to create encryption key'
228 return file_get_contents
($encfile);
231 # lists all snapshots, optionally limited to a specific group
233 my ($self, $group) = @_;
236 push @$param, $group if defined($group);
238 return run_client_cmd
($self, "snapshots", $param);
241 # create a new PXAR backup of a FS directory tree - doesn't cross FS boundary
244 my ($self, $root, $id, $pxarname, $cmd_opts) = @_;
246 die "backup-id not provided\n" if !defined($id);
247 die "backup root dir not provided\n" if !defined($root);
248 die "archive name not provided\n" if !defined($pxarname);
251 "$pxarname.pxar:$root",
252 '--backup-type', 'host',
258 return run_raw_client_cmd
($self, 'backup', $param, %$cmd_opts);
262 my ($self, $snapshot, $pxarname, $target, $cmd_opts) = @_;
264 die "snapshot not provided\n" if !defined($snapshot);
265 die "archive name not provided\n" if !defined($pxarname);
266 die "restore-target not provided\n" if !defined($target);
272 "--allow-existing-dirs", 0,
276 return run_raw_client_cmd
($self, 'restore', $param, %$cmd_opts);
279 sub forget_snapshot
{
280 my ($self, $snapshot) = @_;
282 die "snapshot not provided\n" if !defined($snapshot);
284 return run_raw_client_cmd
($self, 'forget', ["$snapshot"]);
288 my ($self, $opts, $prune_opts, $group) = @_;
290 die "group not provided\n" if !defined($group);
292 # do nothing if no keep options specified for remote
293 return [] if scalar(keys %$prune_opts) == 0;
297 push @$param, "--quiet";
299 if (defined($opts->{'dry-run'}) && $opts->{'dry-run'}) {
300 push @$param, "--dry-run", $opts->{'dry-run'};
303 foreach my $keep_opt (keys %$prune_opts) {
304 push @$param, "--$keep_opt", $prune_opts->{$keep_opt};
306 push @$param, "$group";
308 return run_client_cmd
($self, 'prune', $param);
320 my $res = run_client_cmd
($self, "status");
323 $total = $res->{total
};
324 $used = $res->{used
};
325 $free = $res->{avail
};
331 return ($total, $free, $used, $active);