[pve-manager.git] / PVE / API2 / VZDump.pm

package PVE::API2::VZDump;

use strict;
use warnings;
use PVE::Exception qw(raise_param_exc);
use PVE::Tools qw(extract_param);
use PVE::Cluster qw(cfs_register_file cfs_read_file);
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Storage;
use PVE::VZDump;
use PVE::VZDump::Common;
use PVE::API2Tools;

use Data::Dumper; # fixme: remove


use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    name => 'vzdump',
    path => '',
    method => 'POST',
    description => "Create backup.",
    permissions => {
	description => "The user needs 'VM.Backup' permissions on any VM, and 'Datastore.AllocateSpace'"
	    ." on the backup storage. The 'maxfiles', 'prune-backups', 'tmpdir', 'dumpdir', 'script',"
	    ." 'bwlimit' and 'ionice' parameters are restricted to the 'root\@pam' user.",
	user => 'all',
    },
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => PVE::VZDump::Common::json_config_properties({
	    stdout => {
		type => 'boolean',
		description => "Write tar to stdout, not to a file.",
		optional => 1,
	    },
        }),
    },
    returns => { type => 'string' },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $user = $rpcenv->get_user();

	my $nodename = PVE::INotify::nodename();

	if ($rpcenv->{type} ne 'cli') {
	    raise_param_exc({ node => "option is only allowed on the command line interface."})
		if $param->{node} && $param->{node} ne $nodename;

	    raise_param_exc({ stdout => "option is only allowed on the command line interface."})
		if $param->{stdout};
	}

	foreach my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit ionice)) {
	    raise_param_exc({ $key => "Only root may set this option."})
		if defined($param->{$key}) && ($user ne 'root@pam');
	}

	PVE::VZDump::verify_vzdump_parameters($param, 1);

	# silent exit if we run on wrong node
	return 'OK' if $param->{node} && $param->{node} ne $nodename;

	my $cmdline = PVE::VZDump::Common::command_line($param);

	my $vmids_per_node = PVE::VZDump::get_included_guests($param);

	my $local_vmids = delete $vmids_per_node->{$nodename} // [];

	# include IDs for deleted guests, and visibly fail later
	my $orphaned_vmids = delete $vmids_per_node->{''} // [];
	push @{$local_vmids}, @{$orphaned_vmids};

	my $skiplist = [ map { @$_ } values $vmids_per_node->%* ];

	if($param->{stop}){
	    PVE::VZDump::stop_running_backups();
	    return 'OK' if !scalar(@{$local_vmids});
	}

	# silent exit if specified VMs run on other nodes
	return "OK" if !scalar(@{$local_vmids}) && !$param->{all};

	PVE::VZDump::parse_mailto_exclude_path($param);

	die "you can only backup a single VM with option --stdout\n"
	    if $param->{stdout} && scalar(@{$local_vmids}) != 1;

	$rpcenv->check($user, "/storage/$param->{storage}", [ 'Datastore.AllocateSpace' ])
	    if $param->{storage};

	my $worker = sub {
	    my $upid = shift;

	    $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = $SIG{PIPE} = sub {
		die "interrupted by signal\n";
	    };

	    $param->{vmids} = $local_vmids;
	    my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);

	    my $LOCK_FH = eval {
		$vzdump->getlock($upid); # only one process allowed
	    };
	    if (my $err = $@) {
		$vzdump->sendmail([], 0, $err);
		exit(-1);
	    }

	    if (defined($param->{ionice})) {
		if ($param->{ionice} > 7) {
		    PVE::VZDump::run_command(undef, "ionice -c3 -p $$");
		} else {
		    PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
		}
	    }
	    $vzdump->exec_backup($rpcenv, $user);

	    close($LOCK_FH);
	};

	open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
	open STDERR, '>/dev/null' if $param->{quiet};

	if ($rpcenv->{type} eq 'cli') {
	    if ($param->{stdout}) {

		open my $saved_stdout, ">&STDOUT"
		    || die "can't dup STDOUT: $!\n";

		open STDOUT, '>&STDERR' ||
		    die "unable to redirect STDOUT: $!\n";

		$param->{stdout} = $saved_stdout;
	    }
	}

	my $taskid;
	$taskid = $local_vmids->[0] if scalar(@{$local_vmids}) == 1;

	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
   }});

__PACKAGE__->register_method ({
    name => 'defaults',
    path => 'defaults',
    method => 'GET',
    description => "Get the currently configured vzdump defaults.",
    permissions => {
	description => "The user needs 'Datastore.Audit' or 'Datastore.AllocateSpace' " .
	    "permissions for the specified storage (or default storage if none specified). Some " .
	    "properties are only returned when the user has 'Sys.Audit' permissions for the node.",
	user => 'all',
    },
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    storage => get_standard_option('pve-storage-id', { optional => 1 }),
	},
    },
    returns => {
	type => 'object',
	additionalProperties => 0,
	properties => PVE::VZDump::Common::json_config_properties(),
    },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $storage = extract_param($param, 'storage');

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $res = PVE::VZDump::read_vzdump_defaults();

	$res->{storage} = $storage if defined($storage);

	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
	    $res->{storage} = 'local';
	}

	if (defined($res->{storage})) {
	    $rpcenv->check_any(
		$authuser,
		"/storage/$res->{storage}",
		['Datastore.Audit', 'Datastore.AllocateSpace'],
	    );

	    my $info = PVE::VZDump::storage_info($res->{storage});
	    for my $key (qw(dumpdir prune-backups)) {
		$res->{$key} = $info->{$key} if defined($info->{$key});
	    }
	}

	if (defined($res->{'prune-backups'})) {
	    $res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
		$res->{'prune-backups'},
		'prune-backups',
	    );
	}

	$res->{mailto} = join(",", @{$res->{mailto}})
	    if defined($res->{mailto});

	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
	    if defined($res->{'exclude-path'});

	# normal backup users don't need to know these
	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
	    delete $res->{mailto};
	    delete $res->{tmpdir};
	    delete $res->{dumpdir};
	    delete $res->{script};
	    delete $res->{ionice};
	}

	my $pool = $res->{pool};
	if (defined($pool) &&
	    !$rpcenv->check($authuser, "/pool/$pool", ['Pool.Audit'], 1)) {
	    delete $res->{pool};
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'extractconfig',
    path => 'extractconfig',
    method => 'GET',
    description => "Extract configuration from vzdump backup archive.",
    permissions => {
	description => "The user needs 'VM.Backup' permissions on the backed up guest ID, and 'Datastore.AllocateSpace' on the backup storage.",
	user => 'all',
    },
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    volume => {
		description => "Volume identifier",
		type => 'string',
		completion => \&PVE::Storage::complete_volume,
	    },
	},
    },
    returns => { type => 'string' },
    code => sub {
	my ($param) = @_;

	my $volume = extract_param($param, 'volume');

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $storage_cfg = PVE::Storage::config();
	PVE::Storage::check_volume_access(
	    $rpcenv,
	    $authuser,
	    $storage_cfg,
	    undef,
	    $volume,
	    'backup',
	);

	if (PVE::Storage::parse_volume_id($volume, 1)) {
	    my (undef, undef, $ownervm) = PVE::Storage::parse_volname($storage_cfg, $volume);
	    $rpcenv->check($authuser, "/vms/$ownervm", ['VM.Backup']);
	}

	return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
    }});

1;
Commit	Line	Data
bf58f8dd DM	1	package PVE::API2::VZDump;
	2
	3	use strict;
	4	use warnings;
31aef761	5	use PVE::Exception qw(raise_param_exc);
bf58f8dd DM	6	use PVE::Tools qw(extract_param);
	7	use PVE::Cluster qw(cfs_register_file cfs_read_file);
	8	use PVE::INotify;
	9	use PVE::RPCEnvironment;
	10	use PVE::AccessControl;
	11	use PVE::JSONSchema qw(get_standard_option);
	12	use PVE::Storage;
	13	use PVE::VZDump;
2424074e	14	use PVE::VZDump::Common;
f3376261	15	use PVE::API2Tools;
bf58f8dd DM	16
	17	use Data::Dumper; # fixme: remove
	18
	19
	20	use base qw(PVE::RESTHandler);
	21
	22	__PACKAGE__->register_method ({
60e049c2	23	name => 'vzdump',
bf58f8dd DM	24	path => '',
	25	method => 'POST',
	26	description => "Create backup.",
98e84b16	27	permissions => {
ff119724 TL	28	description => "The user needs 'VM.Backup' permissions on any VM, and 'Datastore.AllocateSpace'"
	29	." on the backup storage. The 'maxfiles', 'prune-backups', 'tmpdir', 'dumpdir', 'script',"
	30	." 'bwlimit' and 'ionice' parameters are restricted to the 'root\@pam' user.",
98e84b16 DM	31	user => 'all',
98e84b16 DM	32	},
30edfad9	33	protected => 1,
49046e53	34	proxyto => 'node',
bf58f8dd	35	parameters => {
ff119724	36	additionalProperties => 0,
2424074e	37	properties => PVE::VZDump::Common::json_config_properties({
bf58f8dd DM	38	stdout => {
	39	type => 'boolean',
	40	description => "Write tar to stdout, not to a file.",
	41	optional => 1,
	42	},
ac27b58d	43	}),
bf58f8dd DM	44	},
	45	returns => { type => 'string' },
	46	code => sub {
	47	my ($param) = @_;
	48
	49	my $rpcenv = PVE::RPCEnvironment::get();
	50
	51	my $user = $rpcenv->get_user();
	52
	53	my $nodename = PVE::INotify::nodename();
	54
	55	if ($rpcenv->{type} ne 'cli') {
	56	raise_param_exc({ node => "option is only allowed on the command line interface."})
	57	if $param->{node} && $param->{node} ne $nodename;
	58
	59	raise_param_exc({ stdout => "option is only allowed on the command line interface."})
	60	if $param->{stdout};
	61	}
	62
e6946086	63	foreach my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit ionice)) {
6d0507a8 FG	64	raise_param_exc({ $key => "Only root may set this option."})
	65	if defined($param->{$key}) && ($user ne 'root@pam');
	66	}
	67
31aef761	68	PVE::VZDump::verify_vzdump_parameters($param, 1);
bf58f8dd DM	69
bf58f8dd DM	70	# silent exit if we run on wrong node
eab837c4	71	return 'OK' if $param->{node} && $param->{node} ne $nodename;
60e049c2	72
2424074e	73	my $cmdline = PVE::VZDump::Common::command_line($param);
df5875b4 AL	74
	75	my $vmids_per_node = PVE::VZDump::get_included_guests($param);
	76
	77	my $local_vmids = delete $vmids_per_node->{$nodename} // [];
	78
7f874148 FE	79	# include IDs for deleted guests, and visibly fail later
	80	my $orphaned_vmids = delete $vmids_per_node->{''} // [];
	81	push @{$local_vmids}, @{$orphaned_vmids};
	82
df5875b4	83	my $skiplist = [ map { @$_ } values $vmids_per_node->%* ];
bf58f8dd	84
eab837c4 DM	85	if($param->{stop}){
eab837c4 DM	86	PVE::VZDump::stop_running_backups();
df5875b4	87	return 'OK' if !scalar(@{$local_vmids});
eab837c4 DM	88	}
eab837c4 DM	89
5c4da4c3	90	# silent exit if specified VMs run on other nodes
df5875b4	91	return "OK" if !scalar(@{$local_vmids}) && !$param->{all};
336ec53a	92
f8ed6af8	93	PVE::VZDump::parse_mailto_exclude_path($param);
bf58f8dd DM	94
bf58f8dd DM	95	die "you can only backup a single VM with option --stdout\n"
df5875b4	96	if $param->{stdout} && scalar(@{$local_vmids}) != 1;
bf58f8dd	97
4412265f DM	98	$rpcenv->check($user, "/storage/$param->{storage}", [ 'Datastore.AllocateSpace' ])
	99	if $param->{storage};
	100
bf58f8dd	101	my $worker = sub {
eab837c4 DM	102	my $upid = shift;
eab837c4 DM	103
bf58f8dd DM	104	$SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = $SIG{PIPE} = sub {
	105	die "interrupted by signal\n";
	106	};
	107
df5875b4	108	$param->{vmids} = $local_vmids;
403761c4 WB	109	my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);
403761c4 WB	110
875c2e5a	111	my $LOCK_FH = eval {
eab837c4	112	$vzdump->getlock($upid); # only one process allowed
6ec9de44	113	};
eab837c4 DM	114	if (my $err = $@) {
eab837c4 DM	115	$vzdump->sendmail([], 0, $err);
6ec9de44 SP	116	exit(-1);
6ec9de44 SP	117	}
bf58f8dd DM	118
	119	if (defined($param->{ionice})) {
	120	if ($param->{ionice} > 7) {
	121	PVE::VZDump::run_command(undef, "ionice -c3 -p $$");
	122	} else {
	123	PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
	124	}
	125	}
60e049c2	126	$vzdump->exec_backup($rpcenv, $user);
875c2e5a FE	127
875c2e5a FE	128	close($LOCK_FH);
60e049c2	129	};
bf58f8dd DM	130
	131	open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
	132	open STDERR, '>/dev/null' if $param->{quiet};
	133
	134	if ($rpcenv->{type} eq 'cli') {
	135	if ($param->{stdout}) {
	136
	137	open my $saved_stdout, ">&STDOUT"
	138	\|\| die "can't dup STDOUT: $!\n";
	139
	140	open STDOUT, '>&STDERR' \|\|
	141	die "unable to redirect STDOUT: $!\n";
	142
	143	$param->{stdout} = $saved_stdout;
	144	}
	145	}
	146
742d2ad2	147	my $taskid;
df5875b4	148	$taskid = $local_vmids->[0] if scalar(@{$local_vmids}) == 1;
742d2ad2 FG	149
742d2ad2 FG	150	return $rpcenv->fork_worker('vzdump', $taskid, $user, $worker);
bf58f8dd	151	}});
7619e4dd	152
5b9a4030 FE	153	__PACKAGE__->register_method ({
	154	name => 'defaults',
	155	path => 'defaults',
	156	method => 'GET',
	157	description => "Get the currently configured vzdump defaults.",
	158	permissions => {
	159	description => "The user needs 'Datastore.Audit' or 'Datastore.AllocateSpace' " .
	160	"permissions for the specified storage (or default storage if none specified). Some " .
	161	"properties are only returned when the user has 'Sys.Audit' permissions for the node.",
	162	user => 'all',
	163	},
	164	proxyto => 'node',
	165	parameters => {
	166	additionalProperties => 0,
	167	properties => {
	168	node => get_standard_option('pve-node'),
	169	storage => get_standard_option('pve-storage-id', { optional => 1 }),
	170	},
	171	},
	172	returns => {
	173	type => 'object',
	174	additionalProperties => 0,
	175	properties => PVE::VZDump::Common::json_config_properties(),
	176	},
	177	code => sub {
	178	my ($param) = @_;
	179
	180	my $node = extract_param($param, 'node');
	181	my $storage = extract_param($param, 'storage');
	182
	183	my $rpcenv = PVE::RPCEnvironment::get();
	184	my $authuser = $rpcenv->get_user();
	185
	186	my $res = PVE::VZDump::read_vzdump_defaults();
	187
	188	$res->{storage} = $storage if defined($storage);
	189
	190	if (!defined($res->{dumpdir}) && !defined($res->{storage})) {
	191	$res->{storage} = 'local';
	192	}
	193
	194	if (defined($res->{storage})) {
	195	$rpcenv->check_any(
	196	$authuser,
	197	"/storage/$res->{storage}",
	198	['Datastore.Audit', 'Datastore.AllocateSpace'],
	199	);
	200
	201	my $info = PVE::VZDump::storage_info($res->{storage});
	202	for my $key (qw(dumpdir prune-backups)) {
	203	$res->{$key} = $info->{$key} if defined($info->{$key});
	204	}
	205	}
	206
	207	if (defined($res->{'prune-backups'})) {
	208	$res->{'prune-backups'} = PVE::JSONSchema::print_property_string(
	209	$res->{'prune-backups'},
	210	'prune-backups',
	211	);
	212	}
	213
	214	$res->{mailto} = join(",", @{$res->{mailto}})
	215	if defined($res->{mailto});
	216
217	$res->{'exclude-path'} = join(",", @{$res->{'exclude-path'}})
218	if defined($res->{'exclude-path'});
219
220	# normal backup users don't need to know these
221	if (!$rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1)) {
222	delete $res->{mailto};
223	delete $res->{tmpdir};
224	delete $res->{dumpdir};
225	delete $res->{script};
226	delete $res->{ionice};
227	}
228
229	my $pool = $res->{pool};
230	if (defined($pool) &&
91db3ece	231	!$rpcenv->check($authuser, "/pool/$pool", ['Pool.Audit'], 1)) {
5b9a4030 FE	232	delete $res->{pool};
	233	}
	234
5b9a4030 FE	235	return $res;
	236	}});
	237
7619e4dd FG	238	__PACKAGE__->register_method ({
	239	name => 'extractconfig',
	240	path => 'extractconfig',
	241	method => 'GET',
	242	description => "Extract configuration from vzdump backup archive.",
	243	permissions => {
	244	description => "The user needs 'VM.Backup' permissions on the backed up guest ID, and 'Datastore.AllocateSpace' on the backup storage.",
	245	user => 'all',
	246	},
	247	protected => 1,
	248	proxyto => 'node',
	249	parameters => {
	250	additionalProperties => 0,
	251	properties => {
	252	node => get_standard_option('pve-node'),
	253	volume => {
	254	description => "Volume identifier",
	255	type => 'string',
	256	completion => \&PVE::Storage::complete_volume,
	257	},
	258	},
	259	},
	260	returns => { type => 'string' },
	261	code => sub {
	262	my ($param) = @_;
	263
	264	my $volume = extract_param($param, 'volume');
	265
	266	my $rpcenv = PVE::RPCEnvironment::get();
	267	my $authuser = $rpcenv->get_user();
	268
	269	my $storage_cfg = PVE::Storage::config();
c53d5c5e FE	270	PVE::Storage::check_volume_access(
	271	$rpcenv,
	272	$authuser,
	273	$storage_cfg,
	274	undef,
	275	$volume,
	276	'backup',
	277	);
7619e4dd	278
0bd224e5 FE	279	if (PVE::Storage::parse_volume_id($volume, 1)) {
	280	my (undef, undef, $ownervm) = PVE::Storage::parse_volname($storage_cfg, $volume);
	281	$rpcenv->check($authuser, "/vms/$ownervm", ['VM.Backup']);
	282	}
	283
7619e4dd FG	284	return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
	285	}});
	286
	287	1;