]> git.proxmox.com Git - pve-storage.git/blame - PVE/Storage/PBSPlugin.pm
projects / pve-storage.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
feature: enable 'content-dirs' property for cephfs
[pve-storage.git] / PVE / Storage / PBSPlugin.pm
CommitLineData
271fe394
DM		 1package PVE::Storage::PBSPlugin;
2
3# Plugin to access Proxmox Backup Server
4
5use strict;
6use warnings;
4133e6e2 7
76bb5feb 8use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
76bb5feb 9use IO::File;
271fe394 10use JSON;
c56f7a71 11use MIME::Base64 qw(decode_base64);
bfba9626
FE		 12use POSIX qw(mktime strftime ENOENT);
13use POSIX::strptime;
271fe394 14
2f9eb6dc 15use PVE::APIClient::LWP;
271fe394 16use PVE::JSONSchema qw(get_standard_option);
4133e6e2 17use PVE::Network;
53003cb5 18use PVE::PBSClient;
4133e6e2
TL		 19use PVE::Storage::Plugin;
20use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach $IPV6RE);
271fe394
DM		 21
22use base qw(PVE::Storage::Plugin);
23
24# Configuration
25
26sub type {
27 return 'pbs';
28}
29
30sub plugindata {
31 return {
32 content => [ {backup => 1, none => 1}, { backup => 1 }],
33 };
34}
35
36sub properties {
37 return {
38 datastore => {
4133e6e2 39 description => "Proxmox Backup Server datastore name.",
271fe394
DM		 40 type => 'string',
41 },
42 # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
43 fingerprint => get_standard_option('fingerprint-sha256'),
ce2e2733 44 'encryption-key' => {
1aeb322b 45 description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
76bb5feb
WB		 46 type => 'string',
47 },
c56f7a71 48 'master-pubkey' => {
5b955999 49 description => "Base64-encoded, PEM-formatted public RSA key. Used to encrypt a copy of the encryption-key which will be added to each encrypted backup.",
c56f7a71
FG		 50 type => 'string',
51 },
4133e6e2
TL		 52 port => {
53 description => "For non default port.",
54 type => 'integer',
55 minimum => 1,
56 maximum => 65535,
57 default => 8007,
2f9eb6dc 58 },
271fe394
DM		 59 };
60}
61
62sub options {
63 return {
64 server => { fixed => 1 },
65 datastore => { fixed => 1 },
78eac5ba 66 namespace => { optional => 1 },
4133e6e2 67 port => { optional => 1 },
271fe394
DM		 68 nodes => { optional => 1},
69 disable => { optional => 1},
70 content => { optional => 1},
71 username => { optional => 1 },
ce2e2733
TL		 72 password => { optional => 1 },
73 'encryption-key' => { optional => 1 },
c56f7a71 74 'master-pubkey' => { optional => 1 },
271fe394 75 maxfiles => { optional => 1 },
3353698f 76 'prune-backups' => { optional => 1 },
8009417d 77 'max-protected-backups' => { optional => 1 },
271fe394
DM		 78 fingerprint => { optional => 1 },
79 };
80}
81
82# Helpers
83
84sub pbs_password_file_name {
85 my ($scfg, $storeid) = @_;
86
462537a2 87 return "/etc/pve/priv/storage/${storeid}.pw";
271fe394
DM		 88}
89
90sub pbs_set_password {
91 my ($scfg, $storeid, $password) = @_;
92
93 my $pwfile = pbs_password_file_name($scfg, $storeid);
9e34813f 94 mkdir "/etc/pve/priv/storage";
271fe394
DM		 95
96 PVE::Tools::file_set_contents($pwfile, "$password\n");
97}
98
99sub pbs_delete_password {
100 my ($scfg, $storeid) = @_;
101
102 my $pwfile = pbs_password_file_name($scfg, $storeid);
103
104 unlink $pwfile;
105}
106
107sub pbs_get_password {
108 my ($scfg, $storeid) = @_;
109
110 my $pwfile = pbs_password_file_name($scfg, $storeid);
111
112 return PVE::Tools::file_read_firstline($pwfile);
113}
114
76bb5feb
WB		 115sub pbs_encryption_key_file_name {
116 my ($scfg, $storeid) = @_;
117
118 return "/etc/pve/priv/storage/${storeid}.enc";
119}
120
121sub pbs_set_encryption_key {
122 my ($scfg, $storeid, $key) = @_;
123
124 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
125 mkdir "/etc/pve/priv/storage";
126
127 PVE::Tools::file_set_contents($pwfile, "$key\n");
128}
129
130sub pbs_delete_encryption_key {
131 my ($scfg, $storeid) = @_;
132
133 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
134
4ef17e1f
TL		 135 if (!unlink $pwfile) {
136 return if $! == ENOENT;
137 die "failed to delete encryption key! $!\n";
138 }
18cf6c9f 139 delete $scfg->{'encryption-key'};
76bb5feb
WB		 140}
141
142sub pbs_get_encryption_key {
143 my ($scfg, $storeid) = @_;
144
145 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
146
147 return PVE::Tools::file_get_contents($pwfile);
148}
149
150# Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
151sub pbs_open_encryption_key {
152 my ($scfg, $storeid) = @_;
153
154 my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid);
155
156 my $keyfd;
157 if (!open($keyfd, '<', $encryption_key_file)) {
2bc4cfb8
FG		 158 if ($! == ENOENT) {
159 my $encryption_fp = $scfg->{'encryption-key'};
160 die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
161 if $encryption_fp;
162 return undef;
163 }
76bb5feb
WB		 164 die "failed to open encryption key: $encryption_key_file: $!\n";
165 }
166
167 return $keyfd;
168}
169
c56f7a71
FG		 170sub pbs_master_pubkey_file_name {
171 my ($scfg, $storeid) = @_;
172
173 return "/etc/pve/priv/storage/${storeid}.master.pem";
174}
175
176sub pbs_set_master_pubkey {
177 my ($scfg, $storeid, $key) = @_;
178
179 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
180 mkdir "/etc/pve/priv/storage";
181
182 PVE::Tools::file_set_contents($pwfile, "$key\n");
183}
184
185sub pbs_delete_master_pubkey {
186 my ($scfg, $storeid) = @_;
187
188 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
189
190 if (!unlink $pwfile) {
191 return if $! == ENOENT;
192 die "failed to delete master public key! $!\n";
193 }
194 delete $scfg->{'master-pubkey'};
195}
196
197sub pbs_get_master_pubkey {
198 my ($scfg, $storeid) = @_;
199
200 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
201
202 return PVE::Tools::file_get_contents($pwfile);
203}
204
205# Returns a file handle if there is a master key, or `undef` if there is not. Dies on error.
206sub pbs_open_master_pubkey {
207 my ($scfg, $storeid) = @_;
208
209 my $master_pubkey_file = pbs_master_pubkey_file_name($scfg, $storeid);
210
211 my $keyfd;
212 if (!open($keyfd, '<', $master_pubkey_file)) {
de635c26 213 if ($! == ENOENT) {
de0f9244 214 die "master public key configured but no key file found!\n"
de635c26
FG		 215 if $scfg->{'master-pubkey'};
216 return undef;
217 }
c56f7a71
FG		 218 die "failed to open master public key: $master_pubkey_file: $!\n";
219 }
220
221 return $keyfd;
222}
223
8602fd56
FE		 224sub print_volid {
225 my ($storeid, $btype, $bid, $btime) = @_;
226
227 my $time_str = strftime("%FT%TZ", gmtime($btime));
228 my $volname = "backup/${btype}/${bid}/${time_str}";
229
230 return "${storeid}:${volname}";
231}
271fe394 232
78eac5ba
WB		 233my sub ns : prototype($$) {
234 my ($scfg, $name) = @_;
235 my $ns = $scfg->{namespace};
236 return defined($ns) ? ($name, $ns) : ();
237}
238
bfba9626 239# essentially the inverse of print_volid
78eac5ba
WB		 240my sub api_param_from_volname : prototype($$$) {
241 my ($class, $scfg, $volname) = @_;
bfba9626
FE		 242
243 my $name = ($class->parse_volname($volname))[1];
244
245 my ($btype, $bid, $timestr) = split('/', $name);
246
247 my @tm = (POSIX::strptime($timestr, "%FT%TZ"));
248 # expect sec, min, hour, mday, mon, year
249 die "error parsing time from '$volname'" if grep { !defined($_) } @tm[0..5];
250
251 my $btime;
252 {
253 local $ENV{TZ} = 'UTC'; # $timestr is UTC
254
255 # Fill in isdst to avoid undef warning. No daylight saving time for UTC.
256 $tm[8] //= 0;
257
258 my $since_epoch = mktime(@tm) or die "error converting time from '$volname'\n";
259 $btime = int($since_epoch);
260 }
261
262 return {
4c9c5f37 263 (ns($scfg, 'ns')),
bfba9626
FE		 264 'backup-type' => $btype,
265 'backup-id' => $bid,
266 'backup-time' => $btime,
267 };
268}
269
02cc5e10
WB		 270my $USE_CRYPT_PARAMS = {
271 backup => 1,
272 restore => 1,
273 'upload-log' => 1,
274};
275
c56f7a71
FG		 276my $USE_MASTER_KEY = {
277 backup => 1,
278};
279
76bb5feb 280my sub do_raw_client_cmd {
02cc5e10
WB		 281 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
282
283 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
c56f7a71 284 my $use_master = $USE_MASTER_KEY->{$client_cmd};
271fe394 285
1574a590
TL		 286 my $client_exe = '/usr/bin/proxmox-backup-client';
287 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
288 if ! -x $client_exe;
289
53003cb5 290 my $repo = PVE::PBSClient::get_repository($scfg);
271fe394
DM		 291
292 my $userns_cmd = delete $opts{userns_cmd};
293
294 my $cmd = [];
295
296 push @$cmd, @$userns_cmd if defined($userns_cmd);
297
1574a590 298 push @$cmd, $client_exe, $client_cmd;
271fe394 299
76bb5feb 300 # This must live in the top scope to not get closed before the `run_command`
c56f7a71 301 my ($keyfd, $master_fd);
02cc5e10 302 if ($use_crypto) {
76bb5feb
WB		 303 if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
304 my $flags = fcntl($keyfd, F_GETFD, 0)
305 // die "failed to get file descriptor flags: $!\n";
306 fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
307 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
308 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
c56f7a71
FG		 309 if ($use_master && defined($master_fd = pbs_open_master_pubkey($scfg, $storeid))) {
310 my $flags = fcntl($master_fd, F_GETFD, 0)
311 // die "failed to get file descriptor flags: $!\n";
312 fcntl($master_fd, F_SETFD, $flags & ~FD_CLOEXEC)
313 or die "failed to remove FD_CLOEXEC from master public key file descriptor\n";
314 push @$cmd, '--master-pubkey-fd='.fileno($master_fd);
315 }
76bb5feb
WB		 316 } else {
317 push @$cmd, '--crypt-mode=none';
318 }
319 }
320
271fe394
DM		 321 push @$cmd, @$param if defined($param);
322
53003cb5 323 push @$cmd, "--repository", $repo;
78eac5ba
WB		 324 if ($client_cmd ne 'status' && defined(my $ns = $scfg->{namespace})) {
325 push @$cmd, '--ns', $ns;
326 }
271fe394
DM		 327
328 local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
329
330 local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
331
8b4c2a7e
DM		 332 # no ascii-art on task logs
333 local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
334 local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
335
271fe394 336 if (my $logfunc = $opts{logfunc}) {
e6d1edcb 337 $logfunc->("run: " . join(' ', @$cmd));
271fe394
DM		 338 }
339
340 run_command($cmd, %opts);
341}
342
76bb5feb
WB		 343# FIXME: External perl code should NOT have access to this.
344#
345# There should be separate functions to
346# - make backups
347# - restore backups
348# - restore files
349# with a sane API
02cc5e10 350sub run_raw_client_cmd {
76bb5feb 351 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
02cc5e10 352 return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
76bb5feb
WB		 353}
354
271fe394
DM		 355sub run_client_cmd {
356 my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_;
357
358 my $json_str = '';
fee2ece3 359 my $outfunc = sub { $json_str .= "$_[0]\n" };
271fe394
DM		 360
361 $param = [] if !defined($param);
362 $param = [ $param ] if !ref($param);
363
364 $param = [@$param, '--output-format=json'] if !$no_output;
365
02cc5e10 366 do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
76bb5feb 367 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
271fe394
DM		 368
369 return undef if $no_output;
370
371 my $res = decode_json($json_str);
372
373 return $res;
374}
375
376# Storage implementation
377
c855ac15
DM		 378sub extract_vzdump_config {
379 my ($class, $scfg, $volname, $storeid) = @_;
380
381 my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname);
382
383 my $config = '';
fee2ece3 384 my $outfunc = sub { $config .= "$_[0]\n" };
c855ac15
DM		 385
386 my $config_name;
387 if ($format eq 'pbs-vm') {
388 $config_name = 'qemu-server.conf';
389 } elsif ($format eq 'pbs-ct') {
390 $config_name = 'pct.conf';
391 } else {
392 die "unable to extract configuration for backup format '$format'\n";
393 }
394
02cc5e10 395 do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
76bb5feb 396 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
c855ac15
DM		 397
398 return $config;
399}
400
8f26b391
FE		 401sub prune_backups {
402 my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
403
404 $logfunc //= sub { print "$_[1]\n" };
405
8f26b391
FE		 406 $type = 'vm' if defined($type) && $type eq 'qemu';
407 $type = 'ct' if defined($type) && $type eq 'lxc';
408
409 my $backup_groups = {};
8f26b391 410
0bcfafa4
TL		 411 if (defined($vmid) && defined($type)) {
412 # no need to get the list of volumes, we only got a single backup group anyway
413 $backup_groups->{"$type/$vmid"} = 1;
414 } else {
415 my $backups = eval { $class->list_volumes($storeid, $scfg, $vmid, ['backup']) };
416 die "failed to get list of all backups to prune - $@" if $@;
417
418 foreach my $backup (@{$backups}) {
419 (my $backup_type = $backup->{format}) =~ s/^pbs-//;
420 next if defined($type) && $backup_type ne $type;
421
422 my $backup_group = "$backup_type/$backup->{vmid}";
423 $backup_groups->{$backup_group} = 1;
424 }
8f26b391
FE		 425 }
426
427 my @param;
1b87f013
FE		 428
429 my $keep_all = delete $keep->{'keep-all'};
430
431 if (!$keep_all) {
432 foreach my $opt (keys %{$keep}) {
433 next if $keep->{$opt} == 0;
434 push @param, "--$opt";
435 push @param, "$keep->{$opt}";
436 }
437 } else { # no need to pass anything to PBS
438 $keep = { 'keep-all' => 1 };
8f26b391
FE		 439 }
440
441 push @param, '--dry-run' if $dryrun;
442
443 my $prune_list = [];
444 my $failed;
445
446 foreach my $backup_group (keys %{$backup_groups}) {
447 $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
448 if !$dryrun;
449 eval {
450 my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
451
452 foreach my $backup (@{$res}) {
453 die "result from proxmox-backup-client is not as expected\n"
454 if !defined($backup->{'backup-time'})
455 || !defined($backup->{'backup-type'})
456 || !defined($backup->{'backup-id'})
457 || !defined($backup->{'keep'});
458
459 my $ctime = $backup->{'backup-time'};
460 my $type = $backup->{'backup-type'};
461 my $vmid = $backup->{'backup-id'};
462 my $volid = print_volid($storeid, $type, $vmid, $ctime);
463
bfba9626
FE		 464 my $mark = $backup->{keep} ? 'keep' : 'remove';
465 $mark = 'protected' if $backup->{protected};
466
8f26b391
FE		 467 push @{$prune_list}, {
468 ctime => $ctime,
bfba9626 469 mark => $mark,
8f26b391
FE		 470 type => $type eq 'vm' ? 'qemu' : 'lxc',
471 vmid => $vmid,
472 volid => $volid,
473 };
474 }
475 };
476 if (my $err = $@) {
477 $logfunc->('err', "prune '$backup_group': $err\n");
478 $failed = 1;
479 }
480 }
481 die "error pruning backups - check log\n" if $failed;
482
483 return $prune_list;
484}
485
1aeb322b
TL		 486my $autogen_encryption_key = sub {
487 my ($scfg, $storeid) = @_;
488 my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
478609d3
TL		 489 if (-f $encfile) {
490 rename $encfile, "$encfile.old";
491 }
4558cb6e
TL		 492 my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
493 run_command($cmd, errmsg => 'failed to create encryption key');
494 return PVE::Tools::file_get_contents($encfile);
1aeb322b
TL		 495};
496
271fe394
DM		 497sub on_add_hook {
498 my ($class, $storeid, $scfg, %param) = @_;
499
0b6b98d1
TL		 500 my $res = {};
501
76bb5feb
WB		 502 if (defined(my $password = $param{password})) {
503 pbs_set_password($scfg, $storeid, $password);
b494636a
DM		 504 } else {
505 pbs_delete_password($scfg, $storeid);
506 }
76bb5feb 507
ce2e2733 508 if (defined(my $encryption_key = $param{'encryption-key'})) {
d2c47b38 509 my $decoded_key;
1aeb322b 510 if ($encryption_key eq 'autogen') {
0b6b98d1 511 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
3cc2eb73 512 $decoded_key = decode_json($res->{'encryption-key'});
1aeb322b 513 } else {
d2c47b38
TL		 514 $decoded_key = eval { decode_json($encryption_key) };
515 if ($@ || !exists($decoded_key->{data})) {
516 die "Value does not seems like a valid, JSON formatted encryption key!\n";
517 }
1aeb322b 518 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
0b6b98d1 519 $res->{'encryption-key'} = $encryption_key;
1aeb322b 520 }
3cc2eb73 521 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
76bb5feb
WB		 522 } else {
523 pbs_delete_encryption_key($scfg, $storeid);
524 }
0b6b98d1 525
c56f7a71
FG		 526 if (defined(my $master_key = delete $param{'master-pubkey'})) {
527 die "'master-pubkey' can only be used together with 'encryption-key'\n"
528 if !defined($scfg->{'encryption-key'});
529
530 my $decoded = decode_base64($master_key);
531 pbs_set_master_pubkey($scfg, $storeid, $decoded);
532 $scfg->{'master-pubkey'} = 1;
533 } else {
534 pbs_delete_master_pubkey($scfg, $storeid);
535 }
536
0b6b98d1 537 return $res;
b494636a
DM		 538}
539
540sub on_update_hook {
541 my ($class, $storeid, $scfg, %param) = @_;
542
0b6b98d1
TL		 543 my $res = {};
544
76bb5feb
WB		 545 if (exists($param{password})) {
546 if (defined($param{password})) {
547 pbs_set_password($scfg, $storeid, $param{password});
548 } else {
549 pbs_delete_password($scfg, $storeid);
550 }
551 }
b494636a 552
ce2e2733
TL		 553 if (exists($param{'encryption-key'})) {
554 if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
d2c47b38 555 my $decoded_key;
1aeb322b 556 if ($encryption_key eq 'autogen') {
0b6b98d1 557 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
3cc2eb73 558 $decoded_key = decode_json($res->{'encryption-key'});
1aeb322b 559 } else {
d2c47b38
TL		 560 $decoded_key = eval { decode_json($encryption_key) };
561 if ($@ || !exists($decoded_key->{data})) {
562 die "Value does not seems like a valid, JSON formatted encryption key!\n";
563 }
1aeb322b 564 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
0b6b98d1 565 $res->{'encryption-key'} = $encryption_key;
1aeb322b 566 }
3cc2eb73 567 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
76bb5feb
WB		 568 } else {
569 pbs_delete_encryption_key($scfg, $storeid);
c56f7a71
FG		 570 delete $scfg->{'encryption-key'};
571 }
572 }
573
574 if (exists($param{'master-pubkey'})) {
575 if (defined(my $master_key = delete($param{'master-pubkey'}))) {
576 my $decoded = decode_base64($master_key);
577
578 pbs_set_master_pubkey($scfg, $storeid, $decoded);
579 $scfg->{'master-pubkey'} = 1;
580 } else {
581 pbs_delete_master_pubkey($scfg, $storeid);
76bb5feb 582 }
271fe394 583 }
0b6b98d1
TL		 584
585 return $res;
271fe394
DM		 586}
587
588sub on_delete_hook {
589 my ($class, $storeid, $scfg) = @_;
590
591 pbs_delete_password($scfg, $storeid);
76bb5feb 592 pbs_delete_encryption_key($scfg, $storeid);
c56f7a71 593 pbs_delete_master_pubkey($scfg, $storeid);
f3ccd0ef
FE		 594
595 return;
271fe394
DM		 596}
597
598sub parse_volname {
599 my ($class, $volname) = @_;
600
601 if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) {
602 my $btype = $1;
603 my $bid = $2;
604 my $btime = $3;
605 my $format = "pbs-$btype";
606
607 my $name = "$btype/$bid/$btime";
608
609 if ($bid =~ m/^\d+$/) {
610 return ('backup', $name, $bid, undef, undef, undef, $format);
611 } else {
612 return ('backup', $name, undef, undef, undef, undef, $format);
613 }
614 }
615
616 die "unable to parse PBS volume name '$volname'\n";
617}
618
619sub path {
620 my ($class, $scfg, $volname, $storeid, $snapname) = @_;
621
622 die "volume snapshot is not possible on pbs storage"
623 if defined($snapname);
624
625 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
626
53003cb5 627 my $repo = PVE::PBSClient::get_repository($scfg);
271fe394 628
ffc31266 629 # artificial url - we currently do not use that anywhere
53003cb5 630 my $path = "pbs://$repo/$name";
78eac5ba
WB		 631 if (defined(my $ns = $scfg->{namespace})) {
632 $ns =~ s|/|%2f|g; # other characters to escape aren't allowed in the namespace schema
633 $path .= "?ns=$ns";
634 }
271fe394
DM		 635
636 return ($path, $vmid, $vtype);
637}
638
639sub create_base {
640 my ($class, $storeid, $scfg, $volname) = @_;
641
642 die "can't create base images in pbs storage\n";
643}
644
645sub clone_image {
646 my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_;
647
648 die "can't clone images in pbs storage\n";
649}
650
651sub alloc_image {
652 my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_;
653
654 die "can't allocate space in pbs storage\n";
655}
656
657sub free_image {
658 my ($class, $storeid, $scfg, $volname, $isBase) = @_;
659
660 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
661
662 run_client_cmd($scfg, $storeid, "forget", [ $name ], 1);
7ae13a34
FE		 663
664 return;
271fe394
DM		 665}
666
667
668sub list_images {
669 my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_;
670
671 my $res = [];
672
673 return $res;
674}
675
878fe017
TL		 676my sub snapshot_files_encrypted {
677 my ($files) = @_;
678 return 0 if !$files;
679
680 my $any;
681 my $all = 1;
682 for my $file (@$files) {
683 my $fn = $file->{filename};
684 next if $fn eq 'client.log.blob' || $fn eq 'index.json.blob';
685
686 my $crypt = $file->{'crypt-mode'};
687
688 $all = 0 if !$crypt || $crypt ne 'encrypt';
dfa374d3 689 $any ||= defined($crypt) && $crypt eq 'encrypt';
878fe017
TL		 690 }
691 return $any && $all;
692}
693
af07f67a
WB		 694# TODO: use a client with native rust/proxmox-backup bindings to profit from
695# API schema checks and types
696my sub pbs_api_connect {
c560cb58 697 my ($scfg, $password, $timeout) = @_;
af07f67a
WB		 698
699 my $params = {};
700
701 my $user = $scfg->{username} // 'root@pam';
702
703 if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
704 $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
705 } else {
706 $params->{password} = $password;
707 $params->{username} = $user;
708 }
709
710 if (my $fp = $scfg->{fingerprint}) {
711 $params->{cached_fingerprints}->{uc($fp)} = 1;
712 }
713
714 my $conn = PVE::APIClient::LWP->new(
715 %$params,
716 host => $scfg->{server},
717 port => $scfg->{port} // 8007,
c560cb58 718 timeout => ($timeout // 7), # cope with a 401 (3s api delay) and high latency
af07f67a
WB		 719 cookie_name => 'PBSAuthCookie',
720 );
721
722 return $conn;
723}
724
271fe394
DM		 725sub list_volumes {
726 my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
727
728 my $res = [];
729
730 return $res if !grep { $_ eq 'backup' } @$content_types;
731
af07f67a 732 my $password = pbs_get_password($scfg, $storeid);
c560cb58 733 my $conn = pbs_api_connect($scfg, $password, 120);
af07f67a
WB		 734 my $datastore = $scfg->{datastore};
735
736 my $param = {};
737 $param->{'backup-id'} = "$vmid" if defined($vmid);
ad3666d7 738 $param->{'ns'} = "$scfg->{namespace}" if defined($scfg->{namespace});
af07f67a
WB		 739 my $data = eval { $conn->get("/api2/json/admin/datastore/$datastore/snapshots", $param); };
740 die "error listing snapshots - $@" if $@;
271fe394
DM		 741
742 foreach my $item (@$data) {
743 my $btype = $item->{"backup-type"};
744 my $bid = $item->{"backup-id"};
545e127e 745 my $epoch = $item->{"backup-time"};
271fe394
DM		 746 my $size = $item->{size} // 1;
747
748 next if !($btype eq 'vm' || $btype eq 'ct');
749 next if $bid !~ m/^\d+$/;
ddf7fdaa 750 next if defined($vmid) && $bid ne $vmid;
271fe394 751
8602fd56 752 my $volid = print_volid($storeid, $btype, $bid, $epoch);
271fe394 753
545e127e 754 my $info = {
c05b1a8c
TL		 755 volid => $volid,
756 format => "pbs-$btype",
757 size => $size,
758 content => 'backup',
759 vmid => int($bid),
760 ctime => $epoch,
c66e0b8a 761 subtype => $btype eq 'vm' ? 'qemu' : 'lxc', # convert to PVE backup type
545e127e 762 };
271fe394 763
9778e5c2 764 $info->{verification} = $item->{verification} if defined($item->{verification});
6fef456c 765 $info->{notes} = $item->{comment} if defined($item->{comment});
bfba9626 766 $info->{protected} = 1 if $item->{protected};
878fe017
TL		 767 if (defined($item->{fingerprint})) {
768 $info->{encrypted} = $item->{fingerprint};
769 } elsif (snapshot_files_encrypted($item->{files})) {
770 $info->{encrypted} = '1';
771 }
9778e5c2 772
271fe394
DM		 773 push @$res, $info;
774 }
775
776 return $res;
777}
778
779sub status {
780 my ($class, $storeid, $scfg, $cache) = @_;
781
782 my $total = 0;
783 my $free = 0;
784 my $used = 0;
785 my $active = 0;
786
787 eval {
788 my $res = run_client_cmd($scfg, $storeid, "status");
789
790 $active = 1;
791 $total = $res->{total};
792 $used = $res->{used};
f155c912
TL		 793 $free = $res->{avail};
794 };
271fe394
DM		 795 if (my $err = $@) {
796 warn $err;
797 }
798
799 return ($total, $free, $used, $active);
800}
801
8b62ac6a
TL		 802# can also be used for not (yet) added storages, pass $scfg with
803# {
804# server
805# user
806# port (optional default to 8007)
807# fingerprint (optional for trusted certs)
808# }
809sub scan_datastores {
810 my ($scfg, $password) = @_;
811
812 my $conn = pbs_api_connect($scfg, $password);
813
814 my $response = eval { $conn->get('/api2/json/admin/datastore', {}) };
815 die "error fetching datastores - $@" if $@;
816
817 return $response;
818}
819
271fe394
DM		 820sub activate_storage {
821 my ($class, $storeid, $scfg, $cache) = @_;
bb0a0f96 822
2cd10f58 823 my $password = pbs_get_password($scfg, $storeid);
bb0a0f96 824
2cd10f58
TL		 825 my $datastores = eval { scan_datastores($scfg, $password) };
826 die "$storeid: $@" if $@;
827
828 my $datastore = $scfg->{datastore};
829
830 for my $ds (@$datastores) {
831 if ($ds->{store} eq $datastore) {
832 return 1;
833 }
834 }
835
ffc31266 836 die "$storeid: Cannot find datastore '$datastore', check permissions and existence!\n";
271fe394
DM		 837}
838
839sub deactivate_storage {
840 my ($class, $storeid, $scfg, $cache) = @_;
841 return 1;
842}
843
844sub activate_volume {
845 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
846
847 die "volume snapshot is not possible on pbs device" if $snapname;
848
849 return 1;
850}
851
852sub deactivate_volume {
853 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
854
855 die "volume snapshot is not possible on pbs device" if $snapname;
856
857 return 1;
858}
859
f1de8281
FE		 860# FIXME remove on the next APIAGE reset.
861# Deprecated, use get_volume_attribute instead.
45e93e6d
DC		 862sub get_volume_notes {
863 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
864
865 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
866
867 my $data = run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "show", $name ]);
868
869 return $data->{notes};
870}
871
f1de8281
FE		 872# FIXME remove on the next APIAGE reset.
873# Deprecated, use update_volume_attribute instead.
45e93e6d
DC		 874sub update_volume_notes {
875 my ($class, $scfg, $storeid, $volname, $notes, $timeout) = @_;
876
877 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
878
879 run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "update", $name, $notes ], 1);
880
881 return undef;
882}
883
f1de8281
FE		 884sub get_volume_attribute {
885 my ($class, $scfg, $storeid, $volname, $attribute) = @_;
886
887 if ($attribute eq 'notes') {
888 return $class->get_volume_notes($scfg, $storeid, $volname);
889 }
890
bfba9626 891 if ($attribute eq 'protected') {
78eac5ba 892 my $param = api_param_from_volname($class, $scfg, $volname);
bfba9626
FE		 893
894 my $password = pbs_get_password($scfg, $storeid);
895 my $conn = pbs_api_connect($scfg, $password);
896 my $datastore = $scfg->{datastore};
897
898 my $res = eval { $conn->get("/api2/json/admin/datastore/$datastore/$attribute", $param); };
899 if (my $err = $@) {
900 return if $err->{code} == 404; # not supported
901 die $err;
902 }
903 return $res;
904 }
905
f1de8281
FE		 906 return;
907}
908
909sub update_volume_attribute {
910 my ($class, $scfg, $storeid, $volname, $attribute, $value) = @_;
911
912 if ($attribute eq 'notes') {
913 return $class->update_volume_notes($scfg, $storeid, $volname, $value);
914 }
915
bfba9626 916 if ($attribute eq 'protected') {
78eac5ba 917 my $param = api_param_from_volname($class, $scfg, $volname);
bfba9626
FE		 918 $param->{$attribute} = $value;
919
920 my $password = pbs_get_password($scfg, $storeid);
921 my $conn = pbs_api_connect($scfg, $password);
922 my $datastore = $scfg->{datastore};
923
904f06a8
FE		 924 eval { $conn->put("/api2/json/admin/datastore/$datastore/$attribute", $param); };
925 if (my $err = $@) {
926 die "Server is not recent enough to support feature '$attribute'\n"
927 if $err->{code} == 404;
928 die $err;
929 }
bfba9626
FE		 930 return;
931 }
932
f1de8281
FE		 933 die "attribute '$attribute' is not supported for storage type '$scfg->{type}'\n";
934}
935
271fe394
DM		 936sub volume_size_info {
937 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
938
939 my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
940
941 my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]);
942
943 my $size = 0;
944 foreach my $info (@$data) {
d4e00f2b 945 if ($info->{size} && $info->{size} =~ /^(\d+)$/) { # untaints
ac598d85
SI		 946 $size += $1;
947 }
271fe394
DM		 948 }
949
950 my $used = $size;
951
952 return wantarray ? ($size, $format, $used, undef) : $size;
953}
954
955sub volume_resize {
956 my ($class, $scfg, $storeid, $volname, $size, $running) = @_;
957 die "volume resize is not possible on pbs device";
958}
959
960sub volume_snapshot {
961 my ($class, $scfg, $storeid, $volname, $snap) = @_;
962 die "volume snapshot is not possible on pbs device";
963}
964
965sub volume_snapshot_rollback {
966 my ($class, $scfg, $storeid, $volname, $snap) = @_;
967 die "volume snapshot rollback is not possible on pbs device";
968}
969
970sub volume_snapshot_delete {
971 my ($class, $scfg, $storeid, $volname, $snap) = @_;
972 die "volume snapshot delete is not possible on pbs device";
973}
974
975sub volume_has_feature {
976 my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_;
977
978 return undef;
979}
980
9811;
Storage library