[pve-manager.git] / PVE / API2 / VZDump.pm

package PVE::API2::VZDump;

use strict;
use warnings;
use PVE::Exception qw(raise_param_exc);
use PVE::Tools qw(extract_param);
use PVE::Cluster qw(cfs_register_file cfs_read_file);
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Storage;
use PVE::VZDump;
use PVE::VZDump::Common;
use PVE::API2Tools;

use Data::Dumper; # fixme: remove


use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    name => 'vzdump',
    path => '',
    method => 'POST',
    description => "Create backup.",
    permissions => {
	description => "The user needs 'VM.Backup' permissions on any VM, and 'Datastore.AllocateSpace' on the backup storage. The 'maxfiles', 'prune-backups', 'tmpdir', 'dumpdir', 'script', 'bwlimit' and 'ionice' parameters are restricted to the 'root\@pam' user.",
	user => 'all',
    },
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => PVE::VZDump::Common::json_config_properties({
	    stdout => {
		type => 'boolean',
		description => "Write tar to stdout, not to a file.",
		optional => 1,
	    },
        }),
    },
    returns => { type => 'string' },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $user = $rpcenv->get_user();

	my $nodename = PVE::INotify::nodename();

	if ($rpcenv->{type} ne 'cli') {
	    raise_param_exc({ node => "option is only allowed on the command line interface."})
		if $param->{node} && $param->{node} ne $nodename;

	    raise_param_exc({ stdout => "option is only allowed on the command line interface."})
		if $param->{stdout};
	}

	foreach my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit ionice)) {
	    raise_param_exc({ $key => "Only root may set this option."})
		if defined($param->{$key}) && ($user ne 'root@pam');
	}

	PVE::VZDump::verify_vzdump_parameters($param, 1);

	# silent exit if we run on wrong node
	return 'OK' if $param->{node} && $param->{node} ne $nodename;

	my $cmdline = PVE::VZDump::Common::command_line($param);

	my $vmids_per_node = PVE::VZDump::get_included_guests($param);

	my $local_vmids = delete $vmids_per_node->{$nodename} // [];

	# include IDs for deleted guests, and visibly fail later
	my $orphaned_vmids = delete $vmids_per_node->{''} // [];
	push @{$local_vmids}, @{$orphaned_vmids};

	my $skiplist = [ map { @$_ } values $vmids_per_node->%* ];

	if($param->{stop}){
	    PVE::VZDump::stop_running_backups();
	    return 'OK' if !scalar(@{$local_vmids});
	}

	# silent exit if specified VMs run on other nodes
	return "OK" if !scalar(@{$local_vmids}) && !$param->{all};

	PVE::VZDump::parse_mailto_exclude_path($param);

	die "you can only backup a single VM with option --stdout\n"
	    if $param->{stdout} && scalar(@{$local_vmids}) != 1;

	$rpcenv->check($user, "/storage/$param->{storage}", [ 'Datastore.AllocateSpace' ])
	    if $param->{storage};

	my $worker = sub {
	    my $upid = shift;

	    $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = $SIG{PIPE} = sub {
		die "interrupted by signal\n";
	    };

	    $param->{vmids} = $local_vmids;
	    my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);

	    my $LOCK_FH = eval {
		$vzdump->getlock($upid); # only one process allowed
	    };
	    if (my $err = $@) {
		$vzdump->sendmail([], 0, $err);
		exit(-1);
	    }

	    if (defined($param->{ionice})) {
		if ($param->{ionice} > 7) {
		    PVE::VZDump::run_command(undef, "ionice -c3 -p $$");
		} else {
		    PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
		}
	    }
	    $vzdump->exec_backup($rpcenv, $user);

	    close($LOCK_FH);
	};

	open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
	open STDERR, '>/dev/null' if $param->{quiet};

	if ($rpcenv->{type} eq 'cli') {
	    if ($param->{stdout}) {

		open my $saved_stdout, ">&STDOUT"
		    || die "can't dup STDOUT: $!\n";

		open STDOUT, '>&STDERR' ||
		    die "unable to redirect STDOUT: $!\n";

		$param->{stdout} = $saved_stdout;
	    }
	}

	my $taskid;
	$taskid = $local_vmids->[0] if scalar(@{$local_vmids}) == 1;

	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
   }});

__PACKAGE__->register_method ({
    name => 'defaults',
    path => 'defaults',
    method => 'GET',
    description => "Get the currently configured vzdump defaults.",
    permissions => {
	description => "The user needs 'Datastore.Audit' or 'Datastore.AllocateSpace' " .
	    "permissions for the specified storage (or default storage if none specified). Some " .
	    "properties are only returned when the user has 'Sys.Audit' permissions for the node.",
	user => 'all',
    },
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    storage => get_standard_option('pve-storage-id', { optional => 1 }),
	},
    },
    returns => {
	type => 'object',
	additionalProperties => 0,
	properties => PVE::VZDump::Common::json_config_properties(),
    },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $storage = extract_param($param, 'storage');

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $res = PVE::VZDump::read_vzdump_defaults();

	$res->{storage} = $storage if defined($storage);

	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
	    $res->{storage} = 'local';
	}

	if (defined($res->{storage})) {
	    $rpcenv->check_any(
		$authuser,
		"/storage/$res->{storage}",
		['Datastore.Audit', 'Datastore.AllocateSpace'],
	    );

	    my $info = PVE::VZDump::storage_info($res->{storage});
	    for my $key (qw(dumpdir prune-backups)) {
		$res->{$key} = $info->{$key} if defined($info->{$key});
	    }
	}

	if (defined($res->{'prune-backups'})) {
	    $res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
		$res->{'prune-backups'},
		'prune-backups',
	    );
	}

	$res->{mailto} = join(",", @{$res->{mailto}})
	    if defined($res->{mailto});

	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
	    if defined($res->{'exclude-path'});

	# normal backup users don't need to know these
	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
	    delete $res->{mailto};
	    delete $res->{tmpdir};
	    delete $res->{dumpdir};
	    delete $res->{script};
	    delete $res->{ionice};
	}

	my $pool = $res->{pool};
	if (defined($pool) &&
	    !$rpcenv->check($authuser, "/pool/$pool", ['Pool.Audit'], 1)) {
	    delete $res->{pool};
	}

	delete $res->{size}; # deprecated, to be dropped with PVE 7.0

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'extractconfig',
    path => 'extractconfig',
    method => 'GET',
    description => "Extract configuration from vzdump backup archive.",
    permissions => {
	description => "The user needs 'VM.Backup' permissions on the backed up guest ID, and 'Datastore.AllocateSpace' on the backup storage.",
	user => 'all',
    },
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    volume => {
		description => "Volume identifier",
		type => 'string',
		completion => \&PVE::Storage::complete_volume,
	    },
	},
    },
    returns => { type => 'string' },
    code => sub {
	my ($param) = @_;

	my $volume = extract_param($param, 'volume');

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $storage_cfg = PVE::Storage::config();
	PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, undef, $volume);

	return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
    }});

1;
Commit	Line	Data
bf58f8dd DM	1	package PVE::API2::VZDump;
	2
	3	use strict;
	4	use warnings;
31aef761	5	use PVE::Exception qw(raise_param_exc);
bf58f8dd DM	6	use PVE::Tools qw(extract_param);
	7	use PVE::Cluster qw(cfs_register_file cfs_read_file);
	8	use PVE::INotify;
	9	use PVE::RPCEnvironment;
	10	use PVE::AccessControl;
	11	use PVE::JSONSchema qw(get_standard_option);
	12	use PVE::Storage;
	13	use PVE::VZDump;
2424074e	14	use PVE::VZDump::Common;
f3376261	15	use PVE::API2Tools;
bf58f8dd DM	16
	17	use Data::Dumper; # fixme: remove
	18
	19
	20	use base qw(PVE::RESTHandler);
	21
	22	__PACKAGE__->register_method ({
60e049c2	23	name => 'vzdump',
bf58f8dd DM	24	path => '',
	25	method => 'POST',
	26	description => "Create backup.",
98e84b16	27	permissions => {
e6946086	28	description => "The user needs 'VM.Backup' permissions on any VM, and 'Datastore.AllocateSpace' on the backup storage. The 'maxfiles', 'prune-backups', 'tmpdir', 'dumpdir', 'script', 'bwlimit' and 'ionice' parameters are restricted to the 'root\@pam' user.",
98e84b16 DM	29	user => 'all',
98e84b16 DM	30	},
30edfad9	31	protected => 1,
49046e53	32	proxyto => 'node',
bf58f8dd DM	33	parameters => {
bf58f8dd DM	34	additionalProperties => 0,
2424074e	35	properties => PVE::VZDump::Common::json_config_properties({
bf58f8dd DM	36	stdout => {
	37	type => 'boolean',
	38	description => "Write tar to stdout, not to a file.",
	39	optional => 1,
	40	},
ac27b58d	41	}),
bf58f8dd DM	42	},
	43	returns => { type => 'string' },
	44	code => sub {
	45	my ($param) = @_;
	46
	47	my $rpcenv = PVE::RPCEnvironment::get();
	48
	49	my $user = $rpcenv->get_user();
	50
	51	my $nodename = PVE::INotify::nodename();
	52
	53	if ($rpcenv->{type} ne 'cli') {
	54	raise_param_exc({ node => "option is only allowed on the command line interface."})
	55	if $param->{node} && $param->{node} ne $nodename;
	56
	57	raise_param_exc({ stdout => "option is only allowed on the command line interface."})
	58	if $param->{stdout};
	59	}
	60
e6946086	61	foreach my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit ionice)) {
6d0507a8 FG	62	raise_param_exc({ $key => "Only root may set this option."})
	63	if defined($param->{$key}) && ($user ne 'root@pam');
	64	}
	65
31aef761	66	PVE::VZDump::verify_vzdump_parameters($param, 1);
bf58f8dd DM	67
bf58f8dd DM	68	# silent exit if we run on wrong node
eab837c4	69	return 'OK' if $param->{node} && $param->{node} ne $nodename;
60e049c2	70
2424074e	71	my $cmdline = PVE::VZDump::Common::command_line($param);
df5875b4 AL	72
	73	my $vmids_per_node = PVE::VZDump::get_included_guests($param);
	74
	75	my $local_vmids = delete $vmids_per_node->{$nodename} // [];
	76
7f874148 FE	77	# include IDs for deleted guests, and visibly fail later
	78	my $orphaned_vmids = delete $vmids_per_node->{''} // [];
	79	push @{$local_vmids}, @{$orphaned_vmids};
	80
df5875b4	81	my $skiplist = [ map { @$_ } values $vmids_per_node->%* ];
bf58f8dd	82
eab837c4 DM	83	if($param->{stop}){
eab837c4 DM	84	PVE::VZDump::stop_running_backups();
df5875b4	85	return 'OK' if !scalar(@{$local_vmids});
eab837c4 DM	86	}
eab837c4 DM	87
5c4da4c3	88	# silent exit if specified VMs run on other nodes
df5875b4	89	return "OK" if !scalar(@{$local_vmids}) && !$param->{all};
336ec53a	90
f8ed6af8	91	PVE::VZDump::parse_mailto_exclude_path($param);
bf58f8dd DM	92
bf58f8dd DM	93	die "you can only backup a single VM with option --stdout\n"
df5875b4	94	if $param->{stdout} && scalar(@{$local_vmids}) != 1;
bf58f8dd	95
4412265f DM	96	$rpcenv->check($user, "/storage/$param->{storage}", [ 'Datastore.AllocateSpace' ])
	97	if $param->{storage};
	98
bf58f8dd	99	my $worker = sub {
eab837c4 DM	100	my $upid = shift;
eab837c4 DM	101
bf58f8dd DM	102	$SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = $SIG{PIPE} = sub {
	103	die "interrupted by signal\n";
	104	};
	105
df5875b4	106	$param->{vmids} = $local_vmids;
403761c4 WB	107	my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);
403761c4 WB	108
875c2e5a	109	my $LOCK_FH = eval {
eab837c4	110	$vzdump->getlock($upid); # only one process allowed
6ec9de44	111	};
eab837c4 DM	112	if (my $err = $@) {
eab837c4 DM	113	$vzdump->sendmail([], 0, $err);
6ec9de44 SP	114	exit(-1);
6ec9de44 SP	115	}
bf58f8dd DM	116
	117	if (defined($param->{ionice})) {
	118	if ($param->{ionice} > 7) {
	119	PVE::VZDump::run_command(undef, "ionice -c3 -p $$");
	120	} else {
	121	PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
	122	}
	123	}
60e049c2	124	$vzdump->exec_backup($rpcenv, $user);
875c2e5a FE	125
875c2e5a FE	126	close($LOCK_FH);
60e049c2	127	};
bf58f8dd DM	128
	129	open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
	130	open STDERR, '>/dev/null' if $param->{quiet};
	131
	132	if ($rpcenv->{type} eq 'cli') {
	133	if ($param->{stdout}) {
	134
	135	open my $saved_stdout, ">&STDOUT"
	136	\|\| die "can't dup STDOUT: $!\n";
	137
	138	open STDOUT, '>&STDERR' \|\|
	139	die "unable to redirect STDOUT: $!\n";
	140
	141	$param->{stdout} = $saved_stdout;
	142	}
	143	}
	144
742d2ad2	145	my $taskid;
df5875b4	146	$taskid = $local_vmids->[0] if scalar(@{$local_vmids}) == 1;
742d2ad2 FG	147
742d2ad2 FG	148	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
bf58f8dd	149	}});
7619e4dd	150
5b9a4030 FE	151	__PACKAGE__->register_method ({
	152	name => 'defaults',
	153	path => 'defaults',
	154	method => 'GET',
	155	description => "Get the currently configured vzdump defaults.",
	156	permissions => {
	157	description => "The user needs 'Datastore.Audit' or 'Datastore.AllocateSpace' " .
	158	"permissions for the specified storage (or default storage if none specified). Some " .
	159	"properties are only returned when the user has 'Sys.Audit' permissions for the node.",
	160	user => 'all',
	161	},
	162	proxyto => 'node',
	163	parameters => {
	164	additionalProperties => 0,
	165	properties => {
	166	node => get_standard_option('pve-node'),
	167	storage => get_standard_option('pve-storage-id', { optional => 1 }),
	168	},
	169	},
	170	returns => {
	171	type => 'object',
	172	additionalProperties => 0,
	173	properties => PVE::VZDump::Common::json_config_properties(),
	174	},
	175	code => sub {
	176	my ($param) = @_;
	177
	178	my $node = extract_param($param, 'node');
	179	my $storage = extract_param($param, 'storage');
	180
	181	my $rpcenv = PVE::RPCEnvironment::get();
	182	my $authuser = $rpcenv->get_user();
	183
	184	my $res = PVE::VZDump::read_vzdump_defaults();
	185
	186	$res->{storage} = $storage if defined($storage);
	187
	188	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
	189	$res->{storage} = 'local';
	190	}
	191
	192	if (defined($res->{storage})) {
	193	$rpcenv->check_any(
	194	$authuser,
	195	"/storage/$res->{storage}",
	196	['Datastore.Audit', 'Datastore.AllocateSpace'],
	197	);
	198
	199	my $info = PVE::VZDump::storage_info($res->{storage});
	200	for my $key (qw(dumpdir prune-backups)) {
	201	$res->{$key} = $info->{$key} if defined($info->{$key});
	202	}
	203	}
	204
	205	if (defined($res->{'prune-backups'})) {
	206	$res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
	207	$res->{'prune-backups'},
	208	'prune-backups',
	209	);
	210	}
	211
	212	$res->{mailto} = join(",", @{$res->{mailto}})
	213	if defined($res->{mailto});
	214
215	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
216	if defined($res->{'exclude-path'});
217
218	# normal backup users don't need to know these
219	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
220	delete $res->{mailto};
221	delete $res->{tmpdir};
222	delete $res->{dumpdir};
223	delete $res->{script};
224	delete $res->{ionice};
225	}
226
227	my $pool = $res->{pool};
228	if (defined($pool) &&
91db3ece	229	!$rpcenv->check($authuser, "/pool/$pool", ['Pool.Audit'], 1)) {
5b9a4030 FE	230	delete $res->{pool};
	231	}
	232
	233	delete $res->{size}; # deprecated, to be dropped with PVE 7.0
	234
	235	return $res;
	236	}});
	237
7619e4dd FG	238	__PACKAGE__->register_method ({
	239	name => 'extractconfig',
	240	path => 'extractconfig',
	241	method => 'GET',
	242	description => "Extract configuration from vzdump backup archive.",
	243	permissions => {
	244	description => "The user needs 'VM.Backup' permissions on the backed up guest ID, and 'Datastore.AllocateSpace' on the backup storage.",
	245	user => 'all',
	246	},
	247	protected => 1,
	248	proxyto => 'node',
	249	parameters => {
	250	additionalProperties => 0,
	251	properties => {
	252	node => get_standard_option('pve-node'),
	253	volume => {
	254	description => "Volume identifier",
	255	type => 'string',
	256	completion => \&PVE::Storage::complete_volume,
	257	},
	258	},
	259	},
	260	returns => { type => 'string' },
	261	code => sub {
	262	my ($param) = @_;
	263
	264	my $volume = extract_param($param, 'volume');
	265
	266	my $rpcenv = PVE::RPCEnvironment::get();
	267	my $authuser = $rpcenv->get_user();
	268
	269	my $storage_cfg = PVE::Storage::config();
989f3c7e	270	PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, undef, $volume);
7619e4dd FG	271
	272	return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
	273	}});
	274
	275	1;