]> git.proxmox.com Git - pve-storage.git/blame - PVE/Storage/PBSPlugin.pm
projects / pve-storage.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fix #3803: ZFSPoolPlugin: zfs_request: increase minimum timeout in worker
[pve-storage.git] / PVE / Storage / PBSPlugin.pm
CommitLineData
271fe394
DM		 1package PVE::Storage::PBSPlugin;
2
3# Plugin to access Proxmox Backup Server
4
5use strict;
6use warnings;
4133e6e2 7
76bb5feb 8use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
76bb5feb 9use IO::File;
271fe394 10use JSON;
c56f7a71 11use MIME::Base64 qw(decode_base64);
bfba9626
FE		 12use POSIX qw(mktime strftime ENOENT);
13use POSIX::strptime;
271fe394 14
2f9eb6dc 15use PVE::APIClient::LWP;
271fe394 16use PVE::JSONSchema qw(get_standard_option);
4133e6e2 17use PVE::Network;
53003cb5 18use PVE::PBSClient;
4133e6e2
TL		 19use PVE::Storage::Plugin;
20use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach $IPV6RE);
271fe394
DM		 21
22use base qw(PVE::Storage::Plugin);
23
24# Configuration
25
26sub type {
27 return 'pbs';
28}
29
30sub plugindata {
31 return {
32 content => [ {backup => 1, none => 1}, { backup => 1 }],
33 };
34}
35
36sub properties {
37 return {
38 datastore => {
4133e6e2 39 description => "Proxmox Backup Server datastore name.",
271fe394
DM		 40 type => 'string',
41 },
42 # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
43 fingerprint => get_standard_option('fingerprint-sha256'),
ce2e2733 44 'encryption-key' => {
1aeb322b 45 description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
76bb5feb
WB		 46 type => 'string',
47 },
c56f7a71 48 'master-pubkey' => {
5b955999 49 description => "Base64-encoded, PEM-formatted public RSA key. Used to encrypt a copy of the encryption-key which will be added to each encrypted backup.",
c56f7a71
FG		 50 type => 'string',
51 },
4133e6e2
TL		 52 port => {
53 description => "For non default port.",
54 type => 'integer',
55 minimum => 1,
56 maximum => 65535,
57 default => 8007,
2f9eb6dc 58 },
271fe394
DM		 59 };
60}
61
62sub options {
63 return {
64 server => { fixed => 1 },
65 datastore => { fixed => 1 },
4133e6e2 66 port => { optional => 1 },
271fe394
DM		 67 nodes => { optional => 1},
68 disable => { optional => 1},
69 content => { optional => 1},
70 username => { optional => 1 },
ce2e2733
TL		 71 password => { optional => 1 },
72 'encryption-key' => { optional => 1 },
c56f7a71 73 'master-pubkey' => { optional => 1 },
271fe394 74 maxfiles => { optional => 1 },
3353698f 75 'prune-backups' => { optional => 1 },
8009417d 76 'max-protected-backups' => { optional => 1 },
271fe394
DM		 77 fingerprint => { optional => 1 },
78 };
79}
80
81# Helpers
82
83sub pbs_password_file_name {
84 my ($scfg, $storeid) = @_;
85
462537a2 86 return "/etc/pve/priv/storage/${storeid}.pw";
271fe394
DM		 87}
88
89sub pbs_set_password {
90 my ($scfg, $storeid, $password) = @_;
91
92 my $pwfile = pbs_password_file_name($scfg, $storeid);
9e34813f 93 mkdir "/etc/pve/priv/storage";
271fe394
DM		 94
95 PVE::Tools::file_set_contents($pwfile, "$password\n");
96}
97
98sub pbs_delete_password {
99 my ($scfg, $storeid) = @_;
100
101 my $pwfile = pbs_password_file_name($scfg, $storeid);
102
103 unlink $pwfile;
104}
105
106sub pbs_get_password {
107 my ($scfg, $storeid) = @_;
108
109 my $pwfile = pbs_password_file_name($scfg, $storeid);
110
111 return PVE::Tools::file_read_firstline($pwfile);
112}
113
76bb5feb
WB		 114sub pbs_encryption_key_file_name {
115 my ($scfg, $storeid) = @_;
116
117 return "/etc/pve/priv/storage/${storeid}.enc";
118}
119
120sub pbs_set_encryption_key {
121 my ($scfg, $storeid, $key) = @_;
122
123 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
124 mkdir "/etc/pve/priv/storage";
125
126 PVE::Tools::file_set_contents($pwfile, "$key\n");
127}
128
129sub pbs_delete_encryption_key {
130 my ($scfg, $storeid) = @_;
131
132 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
133
4ef17e1f
TL		 134 if (!unlink $pwfile) {
135 return if $! == ENOENT;
136 die "failed to delete encryption key! $!\n";
137 }
18cf6c9f 138 delete $scfg->{'encryption-key'};
76bb5feb
WB		 139}
140
141sub pbs_get_encryption_key {
142 my ($scfg, $storeid) = @_;
143
144 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
145
146 return PVE::Tools::file_get_contents($pwfile);
147}
148
149# Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
150sub pbs_open_encryption_key {
151 my ($scfg, $storeid) = @_;
152
153 my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid);
154
155 my $keyfd;
156 if (!open($keyfd, '<', $encryption_key_file)) {
157 return undef if $! == ENOENT;
158 die "failed to open encryption key: $encryption_key_file: $!\n";
159 }
160
161 return $keyfd;
162}
163
c56f7a71
FG		 164sub pbs_master_pubkey_file_name {
165 my ($scfg, $storeid) = @_;
166
167 return "/etc/pve/priv/storage/${storeid}.master.pem";
168}
169
170sub pbs_set_master_pubkey {
171 my ($scfg, $storeid, $key) = @_;
172
173 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
174 mkdir "/etc/pve/priv/storage";
175
176 PVE::Tools::file_set_contents($pwfile, "$key\n");
177}
178
179sub pbs_delete_master_pubkey {
180 my ($scfg, $storeid) = @_;
181
182 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
183
184 if (!unlink $pwfile) {
185 return if $! == ENOENT;
186 die "failed to delete master public key! $!\n";
187 }
188 delete $scfg->{'master-pubkey'};
189}
190
191sub pbs_get_master_pubkey {
192 my ($scfg, $storeid) = @_;
193
194 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
195
196 return PVE::Tools::file_get_contents($pwfile);
197}
198
199# Returns a file handle if there is a master key, or `undef` if there is not. Dies on error.
200sub pbs_open_master_pubkey {
201 my ($scfg, $storeid) = @_;
202
203 my $master_pubkey_file = pbs_master_pubkey_file_name($scfg, $storeid);
204
205 my $keyfd;
206 if (!open($keyfd, '<', $master_pubkey_file)) {
207 return undef if $! == ENOENT;
208 die "failed to open master public key: $master_pubkey_file: $!\n";
209 }
210
211 return $keyfd;
212}
213
8602fd56
FE		 214sub print_volid {
215 my ($storeid, $btype, $bid, $btime) = @_;
216
217 my $time_str = strftime("%FT%TZ", gmtime($btime));
218 my $volname = "backup/${btype}/${bid}/${time_str}";
219
220 return "${storeid}:${volname}";
221}
271fe394 222
bfba9626
FE		 223# essentially the inverse of print_volid
224sub api_param_from_volname {
225 my ($class, $volname) = @_;
226
227 my $name = ($class->parse_volname($volname))[1];
228
229 my ($btype, $bid, $timestr) = split('/', $name);
230
231 my @tm = (POSIX::strptime($timestr, "%FT%TZ"));
232 # expect sec, min, hour, mday, mon, year
233 die "error parsing time from '$volname'" if grep { !defined($_) } @tm[0..5];
234
235 my $btime;
236 {
237 local $ENV{TZ} = 'UTC'; # $timestr is UTC
238
239 # Fill in isdst to avoid undef warning. No daylight saving time for UTC.
240 $tm[8] //= 0;
241
242 my $since_epoch = mktime(@tm) or die "error converting time from '$volname'\n";
243 $btime = int($since_epoch);
244 }
245
246 return {
247 'backup-type' => $btype,
248 'backup-id' => $bid,
249 'backup-time' => $btime,
250 };
251}
252
02cc5e10
WB		 253my $USE_CRYPT_PARAMS = {
254 backup => 1,
255 restore => 1,
256 'upload-log' => 1,
257};
258
c56f7a71
FG		 259my $USE_MASTER_KEY = {
260 backup => 1,
261};
262
76bb5feb 263my sub do_raw_client_cmd {
02cc5e10
WB		 264 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
265
266 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
c56f7a71 267 my $use_master = $USE_MASTER_KEY->{$client_cmd};
271fe394 268
1574a590
TL		 269 my $client_exe = '/usr/bin/proxmox-backup-client';
270 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
271 if ! -x $client_exe;
272
53003cb5 273 my $repo = PVE::PBSClient::get_repository($scfg);
271fe394
DM		 274
275 my $userns_cmd = delete $opts{userns_cmd};
276
277 my $cmd = [];
278
279 push @$cmd, @$userns_cmd if defined($userns_cmd);
280
1574a590 281 push @$cmd, $client_exe, $client_cmd;
271fe394 282
76bb5feb 283 # This must live in the top scope to not get closed before the `run_command`
c56f7a71 284 my ($keyfd, $master_fd);
02cc5e10 285 if ($use_crypto) {
76bb5feb
WB		 286 if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
287 my $flags = fcntl($keyfd, F_GETFD, 0)
288 // die "failed to get file descriptor flags: $!\n";
289 fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
290 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
291 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
c56f7a71
FG		 292 if ($use_master && defined($master_fd = pbs_open_master_pubkey($scfg, $storeid))) {
293 my $flags = fcntl($master_fd, F_GETFD, 0)
294 // die "failed to get file descriptor flags: $!\n";
295 fcntl($master_fd, F_SETFD, $flags & ~FD_CLOEXEC)
296 or die "failed to remove FD_CLOEXEC from master public key file descriptor\n";
297 push @$cmd, '--master-pubkey-fd='.fileno($master_fd);
298 }
76bb5feb
WB		 299 } else {
300 push @$cmd, '--crypt-mode=none';
301 }
302 }
303
271fe394
DM		 304 push @$cmd, @$param if defined($param);
305
53003cb5 306 push @$cmd, "--repository", $repo;
271fe394
DM		 307
308 local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
309
310 local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
311
8b4c2a7e
DM		 312 # no ascii-art on task logs
313 local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
314 local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
315
271fe394 316 if (my $logfunc = $opts{logfunc}) {
e6d1edcb 317 $logfunc->("run: " . join(' ', @$cmd));
271fe394
DM		 318 }
319
320 run_command($cmd, %opts);
321}
322
76bb5feb
WB		 323# FIXME: External perl code should NOT have access to this.
324#
325# There should be separate functions to
326# - make backups
327# - restore backups
328# - restore files
329# with a sane API
02cc5e10 330sub run_raw_client_cmd {
76bb5feb 331 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
02cc5e10 332 return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
76bb5feb
WB		 333}
334
271fe394
DM		 335sub run_client_cmd {
336 my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_;
337
338 my $json_str = '';
fee2ece3 339 my $outfunc = sub { $json_str .= "$_[0]\n" };
271fe394
DM		 340
341 $param = [] if !defined($param);
342 $param = [ $param ] if !ref($param);
343
344 $param = [@$param, '--output-format=json'] if !$no_output;
345
02cc5e10 346 do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
76bb5feb 347 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
271fe394
DM		 348
349 return undef if $no_output;
350
351 my $res = decode_json($json_str);
352
353 return $res;
354}
355
356# Storage implementation
357
c855ac15
DM		 358sub extract_vzdump_config {
359 my ($class, $scfg, $volname, $storeid) = @_;
360
361 my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname);
362
363 my $config = '';
fee2ece3 364 my $outfunc = sub { $config .= "$_[0]\n" };
c855ac15
DM		 365
366 my $config_name;
367 if ($format eq 'pbs-vm') {
368 $config_name = 'qemu-server.conf';
369 } elsif ($format eq 'pbs-ct') {
370 $config_name = 'pct.conf';
371 } else {
372 die "unable to extract configuration for backup format '$format'\n";
373 }
374
02cc5e10 375 do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
76bb5feb 376 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
c855ac15
DM		 377
378 return $config;
379}
380
8f26b391
FE		 381sub prune_backups {
382 my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
383
384 $logfunc //= sub { print "$_[1]\n" };
385
386 my $backups = $class->list_volumes($storeid, $scfg, $vmid, ['backup']);
387
388 $type = 'vm' if defined($type) && $type eq 'qemu';
389 $type = 'ct' if defined($type) && $type eq 'lxc';
390
391 my $backup_groups = {};
392 foreach my $backup (@{$backups}) {
393 (my $backup_type = $backup->{format}) =~ s/^pbs-//;
394
395 next if defined($type) && $backup_type ne $type;
396
397 my $backup_group = "$backup_type/$backup->{vmid}";
398 $backup_groups->{$backup_group} = 1;
399 }
400
401 my @param;
1b87f013
FE		 402
403 my $keep_all = delete $keep->{'keep-all'};
404
405 if (!$keep_all) {
406 foreach my $opt (keys %{$keep}) {
407 next if $keep->{$opt} == 0;
408 push @param, "--$opt";
409 push @param, "$keep->{$opt}";
410 }
411 } else { # no need to pass anything to PBS
412 $keep = { 'keep-all' => 1 };
8f26b391
FE		 413 }
414
415 push @param, '--dry-run' if $dryrun;
416
417 my $prune_list = [];
418 my $failed;
419
420 foreach my $backup_group (keys %{$backup_groups}) {
421 $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
422 if !$dryrun;
423 eval {
424 my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
425
426 foreach my $backup (@{$res}) {
427 die "result from proxmox-backup-client is not as expected\n"
428 if !defined($backup->{'backup-time'})
429 || !defined($backup->{'backup-type'})
430 || !defined($backup->{'backup-id'})
431 || !defined($backup->{'keep'});
432
433 my $ctime = $backup->{'backup-time'};
434 my $type = $backup->{'backup-type'};
435 my $vmid = $backup->{'backup-id'};
436 my $volid = print_volid($storeid, $type, $vmid, $ctime);
437
bfba9626
FE		 438 my $mark = $backup->{keep} ? 'keep' : 'remove';
439 $mark = 'protected' if $backup->{protected};
440
8f26b391
FE		 441 push @{$prune_list}, {
442 ctime => $ctime,
bfba9626 443 mark => $mark,
8f26b391
FE		 444 type => $type eq 'vm' ? 'qemu' : 'lxc',
445 vmid => $vmid,
446 volid => $volid,
447 };
448 }
449 };
450 if (my $err = $@) {
451 $logfunc->('err', "prune '$backup_group': $err\n");
452 $failed = 1;
453 }
454 }
455 die "error pruning backups - check log\n" if $failed;
456
457 return $prune_list;
458}
459
1aeb322b
TL		 460my $autogen_encryption_key = sub {
461 my ($scfg, $storeid) = @_;
462 my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
478609d3
TL		 463 if (-f $encfile) {
464 rename $encfile, "$encfile.old";
465 }
4558cb6e
TL		 466 my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
467 run_command($cmd, errmsg => 'failed to create encryption key');
468 return PVE::Tools::file_get_contents($encfile);
1aeb322b
TL		 469};
470
271fe394
DM		 471sub on_add_hook {
472 my ($class, $storeid, $scfg, %param) = @_;
473
0b6b98d1
TL		 474 my $res = {};
475
76bb5feb
WB		 476 if (defined(my $password = $param{password})) {
477 pbs_set_password($scfg, $storeid, $password);
b494636a
DM		 478 } else {
479 pbs_delete_password($scfg, $storeid);
480 }
76bb5feb 481
ce2e2733 482 if (defined(my $encryption_key = $param{'encryption-key'})) {
d2c47b38 483 my $decoded_key;
1aeb322b 484 if ($encryption_key eq 'autogen') {
0b6b98d1 485 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
3cc2eb73 486 $decoded_key = decode_json($res->{'encryption-key'});
1aeb322b 487 } else {
d2c47b38
TL		 488 $decoded_key = eval { decode_json($encryption_key) };
489 if ($@ || !exists($decoded_key->{data})) {
490 die "Value does not seems like a valid, JSON formatted encryption key!\n";
491 }
1aeb322b 492 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
0b6b98d1 493 $res->{'encryption-key'} = $encryption_key;
1aeb322b 494 }
3cc2eb73 495 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
76bb5feb
WB		 496 } else {
497 pbs_delete_encryption_key($scfg, $storeid);
498 }
0b6b98d1 499
c56f7a71
FG		 500 if (defined(my $master_key = delete $param{'master-pubkey'})) {
501 die "'master-pubkey' can only be used together with 'encryption-key'\n"
502 if !defined($scfg->{'encryption-key'});
503
504 my $decoded = decode_base64($master_key);
505 pbs_set_master_pubkey($scfg, $storeid, $decoded);
506 $scfg->{'master-pubkey'} = 1;
507 } else {
508 pbs_delete_master_pubkey($scfg, $storeid);
509 }
510
0b6b98d1 511 return $res;
b494636a
DM		 512}
513
514sub on_update_hook {
515 my ($class, $storeid, $scfg, %param) = @_;
516
0b6b98d1
TL		 517 my $res = {};
518
76bb5feb
WB		 519 if (exists($param{password})) {
520 if (defined($param{password})) {
521 pbs_set_password($scfg, $storeid, $param{password});
522 } else {
523 pbs_delete_password($scfg, $storeid);
524 }
525 }
b494636a 526
ce2e2733
TL		 527 if (exists($param{'encryption-key'})) {
528 if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
d2c47b38 529 my $decoded_key;
1aeb322b 530 if ($encryption_key eq 'autogen') {
0b6b98d1 531 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
3cc2eb73 532 $decoded_key = decode_json($res->{'encryption-key'});
1aeb322b 533 } else {
d2c47b38
TL		 534 $decoded_key = eval { decode_json($encryption_key) };
535 if ($@ || !exists($decoded_key->{data})) {
536 die "Value does not seems like a valid, JSON formatted encryption key!\n";
537 }
1aeb322b 538 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
0b6b98d1 539 $res->{'encryption-key'} = $encryption_key;
1aeb322b 540 }
3cc2eb73 541 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
76bb5feb
WB		 542 } else {
543 pbs_delete_encryption_key($scfg, $storeid);
c56f7a71
FG		 544 delete $scfg->{'encryption-key'};
545 }
546 }
547
548 if (exists($param{'master-pubkey'})) {
549 if (defined(my $master_key = delete($param{'master-pubkey'}))) {
550 my $decoded = decode_base64($master_key);
551
552 pbs_set_master_pubkey($scfg, $storeid, $decoded);
553 $scfg->{'master-pubkey'} = 1;
554 } else {
555 pbs_delete_master_pubkey($scfg, $storeid);
76bb5feb 556 }
271fe394 557 }
0b6b98d1
TL		 558
559 return $res;
271fe394
DM		 560}
561
562sub on_delete_hook {
563 my ($class, $storeid, $scfg) = @_;
564
565 pbs_delete_password($scfg, $storeid);
76bb5feb 566 pbs_delete_encryption_key($scfg, $storeid);
c56f7a71 567 pbs_delete_master_pubkey($scfg, $storeid);
f3ccd0ef
FE		 568
569 return;
271fe394
DM		 570}
571
572sub parse_volname {
573 my ($class, $volname) = @_;
574
575 if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) {
576 my $btype = $1;
577 my $bid = $2;
578 my $btime = $3;
579 my $format = "pbs-$btype";
580
581 my $name = "$btype/$bid/$btime";
582
583 if ($bid =~ m/^\d+$/) {
584 return ('backup', $name, $bid, undef, undef, undef, $format);
585 } else {
586 return ('backup', $name, undef, undef, undef, undef, $format);
587 }
588 }
589
590 die "unable to parse PBS volume name '$volname'\n";
591}
592
593sub path {
594 my ($class, $scfg, $volname, $storeid, $snapname) = @_;
595
596 die "volume snapshot is not possible on pbs storage"
597 if defined($snapname);
598
599 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
600
53003cb5 601 my $repo = PVE::PBSClient::get_repository($scfg);
271fe394 602
ffc31266 603 # artificial url - we currently do not use that anywhere
53003cb5 604 my $path = "pbs://$repo/$name";
271fe394
DM		 605
606 return ($path, $vmid, $vtype);
607}
608
609sub create_base {
610 my ($class, $storeid, $scfg, $volname) = @_;
611
612 die "can't create base images in pbs storage\n";
613}
614
615sub clone_image {
616 my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_;
617
618 die "can't clone images in pbs storage\n";
619}
620
621sub alloc_image {
622 my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_;
623
624 die "can't allocate space in pbs storage\n";
625}
626
627sub free_image {
628 my ($class, $storeid, $scfg, $volname, $isBase) = @_;
629
630 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
631
632 run_client_cmd($scfg, $storeid, "forget", [ $name ], 1);
7ae13a34
FE		 633
634 return;
271fe394
DM		 635}
636
637
638sub list_images {
639 my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_;
640
641 my $res = [];
642
643 return $res;
644}
645
878fe017
TL		 646my sub snapshot_files_encrypted {
647 my ($files) = @_;
648 return 0 if !$files;
649
650 my $any;
651 my $all = 1;
652 for my $file (@$files) {
653 my $fn = $file->{filename};
654 next if $fn eq 'client.log.blob' || $fn eq 'index.json.blob';
655
656 my $crypt = $file->{'crypt-mode'};
657
658 $all = 0 if !$crypt || $crypt ne 'encrypt';
dfa374d3 659 $any ||= defined($crypt) && $crypt eq 'encrypt';
878fe017
TL		 660 }
661 return $any && $all;
662}
663
271fe394
DM		 664sub list_volumes {
665 my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
666
667 my $res = [];
668
669 return $res if !grep { $_ eq 'backup' } @$content_types;
670
671 my $data = run_client_cmd($scfg, $storeid, "snapshots");
672
673 foreach my $item (@$data) {
674 my $btype = $item->{"backup-type"};
675 my $bid = $item->{"backup-id"};
545e127e 676 my $epoch = $item->{"backup-time"};
271fe394
DM		 677 my $size = $item->{size} // 1;
678
679 next if !($btype eq 'vm' || $btype eq 'ct');
680 next if $bid !~ m/^\d+$/;
ddf7fdaa 681 next if defined($vmid) && $bid ne $vmid;
271fe394 682
8602fd56 683 my $volid = print_volid($storeid, $btype, $bid, $epoch);
271fe394 684
545e127e 685 my $info = {
c05b1a8c
TL		 686 volid => $volid,
687 format => "pbs-$btype",
688 size => $size,
689 content => 'backup',
690 vmid => int($bid),
691 ctime => $epoch,
c66e0b8a 692 subtype => $btype eq 'vm' ? 'qemu' : 'lxc', # convert to PVE backup type
545e127e 693 };
271fe394 694
9778e5c2 695 $info->{verification} = $item->{verification} if defined($item->{verification});
6fef456c 696 $info->{notes} = $item->{comment} if defined($item->{comment});
bfba9626 697 $info->{protected} = 1 if $item->{protected};
878fe017
TL		 698 if (defined($item->{fingerprint})) {
699 $info->{encrypted} = $item->{fingerprint};
700 } elsif (snapshot_files_encrypted($item->{files})) {
701 $info->{encrypted} = '1';
702 }
9778e5c2 703
271fe394
DM		 704 push @$res, $info;
705 }
706
707 return $res;
708}
709
710sub status {
711 my ($class, $storeid, $scfg, $cache) = @_;
712
713 my $total = 0;
714 my $free = 0;
715 my $used = 0;
716 my $active = 0;
717
718 eval {
719 my $res = run_client_cmd($scfg, $storeid, "status");
720
721 $active = 1;
722 $total = $res->{total};
723 $used = $res->{used};
f155c912
TL		 724 $free = $res->{avail};
725 };
271fe394
DM		 726 if (my $err = $@) {
727 warn $err;
728 }
729
730 return ($total, $free, $used, $active);
731}
732
2f9eb6dc
TL		 733# TODO: use a client with native rust/proxmox-backup bindings to profit from
734# API schema checks and types
735my sub pbs_api_connect {
736 my ($scfg, $password) = @_;
737
738 my $params = {};
739
740 my $user = $scfg->{username} // 'root@pam';
741
742 if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
ab90c3b1 743 $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
2f9eb6dc
TL		 744 } else {
745 $params->{password} = $password;
746 $params->{username} = $user;
747 }
748
749 if (my $fp = $scfg->{fingerprint}) {
750 $params->{cached_fingerprints}->{uc($fp)} = 1;
751 }
752
753 my $conn = PVE::APIClient::LWP->new(
754 %$params,
755 host => $scfg->{server},
756 port => $scfg->{port} // 8007,
757 timeout => 7, # cope with a 401 (3s api delay) and high latency
758 cookie_name => 'PBSAuthCookie',
759 );
760
761 return $conn;
762}
763
8b62ac6a
TL		 764# can also be used for not (yet) added storages, pass $scfg with
765# {
766# server
767# user
768# port (optional default to 8007)
769# fingerprint (optional for trusted certs)
770# }
771sub scan_datastores {
772 my ($scfg, $password) = @_;
773
774 my $conn = pbs_api_connect($scfg, $password);
775
776 my $response = eval { $conn->get('/api2/json/admin/datastore', {}) };
777 die "error fetching datastores - $@" if $@;
778
779 return $response;
780}
781
271fe394
DM		 782sub activate_storage {
783 my ($class, $storeid, $scfg, $cache) = @_;
bb0a0f96 784
2cd10f58 785 my $password = pbs_get_password($scfg, $storeid);
bb0a0f96 786
2cd10f58
TL		 787 my $datastores = eval { scan_datastores($scfg, $password) };
788 die "$storeid: $@" if $@;
789
790 my $datastore = $scfg->{datastore};
791
792 for my $ds (@$datastores) {
793 if ($ds->{store} eq $datastore) {
794 return 1;
795 }
796 }
797
ffc31266 798 die "$storeid: Cannot find datastore '$datastore', check permissions and existence!\n";
271fe394
DM		 799}
800
801sub deactivate_storage {
802 my ($class, $storeid, $scfg, $cache) = @_;
803 return 1;
804}
805
806sub activate_volume {
807 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
808
809 die "volume snapshot is not possible on pbs device" if $snapname;
810
811 return 1;
812}
813
814sub deactivate_volume {
815 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
816
817 die "volume snapshot is not possible on pbs device" if $snapname;
818
819 return 1;
820}
821
f1de8281
FE		 822# FIXME remove on the next APIAGE reset.
823# Deprecated, use get_volume_attribute instead.
45e93e6d
DC		 824sub get_volume_notes {
825 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
826
827 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
828
829 my $data = run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "show", $name ]);
830
831 return $data->{notes};
832}
833
f1de8281
FE		 834# FIXME remove on the next APIAGE reset.
835# Deprecated, use update_volume_attribute instead.
45e93e6d
DC		 836sub update_volume_notes {
837 my ($class, $scfg, $storeid, $volname, $notes, $timeout) = @_;
838
839 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
840
841 run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "update", $name, $notes ], 1);
842
843 return undef;
844}
845
f1de8281
FE		 846sub get_volume_attribute {
847 my ($class, $scfg, $storeid, $volname, $attribute) = @_;
848
849 if ($attribute eq 'notes') {
850 return $class->get_volume_notes($scfg, $storeid, $volname);
851 }
852
bfba9626
FE		 853 if ($attribute eq 'protected') {
854 my $param = $class->api_param_from_volname($volname);
855
856 my $password = pbs_get_password($scfg, $storeid);
857 my $conn = pbs_api_connect($scfg, $password);
858 my $datastore = $scfg->{datastore};
859
860 my $res = eval { $conn->get("/api2/json/admin/datastore/$datastore/$attribute", $param); };
861 if (my $err = $@) {
862 return if $err->{code} == 404; # not supported
863 die $err;
864 }
865 return $res;
866 }
867
f1de8281
FE		 868 return;
869}
870
871sub update_volume_attribute {
872 my ($class, $scfg, $storeid, $volname, $attribute, $value) = @_;
873
874 if ($attribute eq 'notes') {
875 return $class->update_volume_notes($scfg, $storeid, $volname, $value);
876 }
877
bfba9626
FE		 878 if ($attribute eq 'protected') {
879 my $param = $class->api_param_from_volname($volname);
880 $param->{$attribute} = $value;
881
882 my $password = pbs_get_password($scfg, $storeid);
883 my $conn = pbs_api_connect($scfg, $password);
884 my $datastore = $scfg->{datastore};
885
904f06a8
FE		 886 eval { $conn->put("/api2/json/admin/datastore/$datastore/$attribute", $param); };
887 if (my $err = $@) {
888 die "Server is not recent enough to support feature '$attribute'\n"
889 if $err->{code} == 404;
890 die $err;
891 }
bfba9626
FE		 892 return;
893 }
894
f1de8281
FE		 895 die "attribute '$attribute' is not supported for storage type '$scfg->{type}'\n";
896}
897
271fe394
DM		 898sub volume_size_info {
899 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
900
901 my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
902
903 my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]);
904
905 my $size = 0;
906 foreach my $info (@$data) {
d4e00f2b 907 if ($info->{size} && $info->{size} =~ /^(\d+)$/) { # untaints
ac598d85
SI		 908 $size += $1;
909 }
271fe394
DM		 910 }
911
912 my $used = $size;
913
914 return wantarray ? ($size, $format, $used, undef) : $size;
915}
916
917sub volume_resize {
918 my ($class, $scfg, $storeid, $volname, $size, $running) = @_;
919 die "volume resize is not possible on pbs device";
920}
921
922sub volume_snapshot {
923 my ($class, $scfg, $storeid, $volname, $snap) = @_;
924 die "volume snapshot is not possible on pbs device";
925}
926
927sub volume_snapshot_rollback {
928 my ($class, $scfg, $storeid, $volname, $snap) = @_;
929 die "volume snapshot rollback is not possible on pbs device";
930}
931
932sub volume_snapshot_delete {
933 my ($class, $scfg, $storeid, $volname, $snap) = @_;
934 die "volume snapshot delete is not possible on pbs device";
935}
936
937sub volume_has_feature {
938 my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_;
939
940 return undef;
941}
942
9431;
Storage library