]> git.proxmox.com Git - pve-storage.git/blob - PVE/Storage/PBSPlugin.pm
projects / pve-storage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add prune_backups to storage API
[pve-storage.git] / PVE / Storage / PBSPlugin.pm
1 package PVE::Storage::PBSPlugin;
2
3 # Plugin to access Proxmox Backup Server
4
5 use strict;
6 use warnings;
7 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
8 use HTTP::Request;
9 use IO::File;
10 use JSON;
11 use LWP::UserAgent;
12 use POSIX qw(strftime ENOENT);
13
14 use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach);
15 use PVE::Storage::Plugin;
16 use PVE::JSONSchema qw(get_standard_option);
17
18 use base qw(PVE::Storage::Plugin);
19
20 # Configuration
21
22 sub type {
23 return 'pbs';
24 }
25
26 sub plugindata {
27 return {
28 content => [ {backup => 1, none => 1}, { backup => 1 }],
29 };
30 }
31
32 sub properties {
33 return {
34 datastore => {
35 description => "Proxmox backup server datastore name.",
36 type => 'string',
37 },
38 # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
39 fingerprint => get_standard_option('fingerprint-sha256'),
40 'encryption-key' => {
41 description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
42 type => 'string',
43 },
44 };
45 }
46
47 sub options {
48 return {
49 server => { fixed => 1 },
50 datastore => { fixed => 1 },
51 nodes => { optional => 1},
52 disable => { optional => 1},
53 content => { optional => 1},
54 username => { optional => 1 },
55 password => { optional => 1 },
56 'encryption-key' => { optional => 1 },
57 maxfiles => { optional => 1 },
58 'prune-backups' => { optional => 1 },
59 fingerprint => { optional => 1 },
60 };
61 }
62
63 # Helpers
64
65 sub pbs_password_file_name {
66 my ($scfg, $storeid) = @_;
67
68 return "/etc/pve/priv/storage/${storeid}.pw";
69 }
70
71 sub pbs_set_password {
72 my ($scfg, $storeid, $password) = @_;
73
74 my $pwfile = pbs_password_file_name($scfg, $storeid);
75 mkdir "/etc/pve/priv/storage";
76
77 PVE::Tools::file_set_contents($pwfile, "$password\n");
78 }
79
80 sub pbs_delete_password {
81 my ($scfg, $storeid) = @_;
82
83 my $pwfile = pbs_password_file_name($scfg, $storeid);
84
85 unlink $pwfile;
86 }
87
88 sub pbs_get_password {
89 my ($scfg, $storeid) = @_;
90
91 my $pwfile = pbs_password_file_name($scfg, $storeid);
92
93 return PVE::Tools::file_read_firstline($pwfile);
94 }
95
96 sub pbs_encryption_key_file_name {
97 my ($scfg, $storeid) = @_;
98
99 return "/etc/pve/priv/storage/${storeid}.enc";
100 }
101
102 sub pbs_set_encryption_key {
103 my ($scfg, $storeid, $key) = @_;
104
105 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
106 mkdir "/etc/pve/priv/storage";
107
108 PVE::Tools::file_set_contents($pwfile, "$key\n");
109 }
110
111 sub pbs_delete_encryption_key {
112 my ($scfg, $storeid) = @_;
113
114 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
115
116 unlink $pwfile;
117 }
118
119 sub pbs_get_encryption_key {
120 my ($scfg, $storeid) = @_;
121
122 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
123
124 return PVE::Tools::file_get_contents($pwfile);
125 }
126
127 # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
128 sub pbs_open_encryption_key {
129 my ($scfg, $storeid) = @_;
130
131 my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid);
132
133 my $keyfd;
134 if (!open($keyfd, '<', $encryption_key_file)) {
135 return undef if $! == ENOENT;
136 die "failed to open encryption key: $encryption_key_file: $!\n";
137 }
138
139 return $keyfd;
140 }
141
142 sub print_volid {
143 my ($storeid, $btype, $bid, $btime) = @_;
144
145 my $time_str = strftime("%FT%TZ", gmtime($btime));
146 my $volname = "backup/${btype}/${bid}/${time_str}";
147
148 return "${storeid}:${volname}";
149 }
150
151 my $USE_CRYPT_PARAMS = {
152 backup => 1,
153 restore => 1,
154 'upload-log' => 1,
155 };
156
157 my sub do_raw_client_cmd {
158 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
159
160 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
161
162 my $client_exe = '/usr/bin/proxmox-backup-client';
163 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
164 if ! -x $client_exe;
165
166 my $server = $scfg->{server};
167 my $datastore = $scfg->{datastore};
168 my $username = $scfg->{username} // 'root@pam';
169
170 my $userns_cmd = delete $opts{userns_cmd};
171
172 my $cmd = [];
173
174 push @$cmd, @$userns_cmd if defined($userns_cmd);
175
176 push @$cmd, $client_exe, $client_cmd;
177
178 # This must live in the top scope to not get closed before the `run_command`
179 my $keyfd;
180 if ($use_crypto) {
181 if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
182 my $flags = fcntl($keyfd, F_GETFD, 0)
183 // die "failed to get file descriptor flags: $!\n";
184 fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
185 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
186 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
187 } else {
188 push @$cmd, '--crypt-mode=none';
189 }
190 }
191
192 push @$cmd, @$param if defined($param);
193
194 push @$cmd, "--repository", "$username\@$server:$datastore";
195
196 local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
197
198 local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
199
200 # no ascii-art on task logs
201 local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
202 local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
203
204 if (my $logfunc = $opts{logfunc}) {
205 $logfunc->("run: " . join(' ', @$cmd));
206 }
207
208 run_command($cmd, %opts);
209 }
210
211 # FIXME: External perl code should NOT have access to this.
212 #
213 # There should be separate functions to
214 # - make backups
215 # - restore backups
216 # - restore files
217 # with a sane API
218 sub run_raw_client_cmd {
219 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
220 return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
221 }
222
223 sub run_client_cmd {
224 my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_;
225
226 my $json_str = '';
227 my $outfunc = sub { $json_str .= "$_[0]\n" };
228
229 $param = [] if !defined($param);
230 $param = [ $param ] if !ref($param);
231
232 $param = [@$param, '--output-format=json'] if !$no_output;
233
234 do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
235 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
236
237 return undef if $no_output;
238
239 my $res = decode_json($json_str);
240
241 return $res;
242 }
243
244 # Storage implementation
245
246 sub extract_vzdump_config {
247 my ($class, $scfg, $volname, $storeid) = @_;
248
249 my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname);
250
251 my $config = '';
252 my $outfunc = sub { $config .= "$_[0]\n" };
253
254 my $config_name;
255 if ($format eq 'pbs-vm') {
256 $config_name = 'qemu-server.conf';
257 } elsif ($format eq 'pbs-ct') {
258 $config_name = 'pct.conf';
259 } else {
260 die "unable to extract configuration for backup format '$format'\n";
261 }
262
263 do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
264 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
265
266 return $config;
267 }
268
269 sub prune_backups {
270 my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
271
272 $logfunc //= sub { print "$_[1]\n" };
273
274 my $backups = $class->list_volumes($storeid, $scfg, $vmid, ['backup']);
275
276 $type = 'vm' if defined($type) && $type eq 'qemu';
277 $type = 'ct' if defined($type) && $type eq 'lxc';
278
279 my $backup_groups = {};
280 foreach my $backup (@{$backups}) {
281 (my $backup_type = $backup->{format}) =~ s/^pbs-//;
282
283 next if defined($type) && $backup_type ne $type;
284
285 my $backup_group = "$backup_type/$backup->{vmid}";
286 $backup_groups->{$backup_group} = 1;
287 }
288
289 my @param;
290 foreach my $opt (keys %{$keep}) {
291 push @param, "--$opt";
292 push @param, "$keep->{$opt}";
293 }
294
295 push @param, '--dry-run' if $dryrun;
296
297 my $prune_list = [];
298 my $failed;
299
300 foreach my $backup_group (keys %{$backup_groups}) {
301 $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
302 if !$dryrun;
303 eval {
304 my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
305
306 foreach my $backup (@{$res}) {
307 die "result from proxmox-backup-client is not as expected\n"
308 if !defined($backup->{'backup-time'})
309 || !defined($backup->{'backup-type'})
310 || !defined($backup->{'backup-id'})
311 || !defined($backup->{'keep'});
312
313 my $ctime = $backup->{'backup-time'};
314 my $type = $backup->{'backup-type'};
315 my $vmid = $backup->{'backup-id'};
316 my $volid = print_volid($storeid, $type, $vmid, $ctime);
317
318 push @{$prune_list}, {
319 ctime => $ctime,
320 mark => $backup->{keep} ? 'keep' : 'remove',
321 type => $type eq 'vm' ? 'qemu' : 'lxc',
322 vmid => $vmid,
323 volid => $volid,
324 };
325 }
326 };
327 if (my $err = $@) {
328 $logfunc->('err', "prune '$backup_group': $err\n");
329 $failed = 1;
330 }
331 }
332 die "error pruning backups - check log\n" if $failed;
333
334 return $prune_list;
335 }
336
337 my $autogen_encryption_key = sub {
338 my ($scfg, $storeid) = @_;
339 my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
340 run_command(['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile]);
341 };
342
343 sub on_add_hook {
344 my ($class, $storeid, $scfg, %param) = @_;
345
346 if (defined(my $password = $param{password})) {
347 pbs_set_password($scfg, $storeid, $password);
348 } else {
349 pbs_delete_password($scfg, $storeid);
350 }
351
352 if (defined(my $encryption_key = $param{'encryption-key'})) {
353 if ($encryption_key eq 'autogen') {
354 $autogen_encryption_key->($scfg, $storeid);
355 } else {
356 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
357 }
358 } else {
359 pbs_delete_encryption_key($scfg, $storeid);
360 }
361 }
362
363 sub on_update_hook {
364 my ($class, $storeid, $scfg, %param) = @_;
365
366 if (exists($param{password})) {
367 if (defined($param{password})) {
368 pbs_set_password($scfg, $storeid, $param{password});
369 } else {
370 pbs_delete_password($scfg, $storeid);
371 }
372 }
373
374 if (exists($param{'encryption-key'})) {
375 if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
376 if ($encryption_key eq 'autogen') {
377 $autogen_encryption_key->($scfg, $storeid);
378 } else {
379 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
380 }
381 } else {
382 pbs_delete_encryption_key($scfg, $storeid);
383 }
384 }
385 }
386
387 sub on_delete_hook {
388 my ($class, $storeid, $scfg) = @_;
389
390 pbs_delete_password($scfg, $storeid);
391 pbs_delete_encryption_key($scfg, $storeid);
392 }
393
394 sub parse_volname {
395 my ($class, $volname) = @_;
396
397 if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) {
398 my $btype = $1;
399 my $bid = $2;
400 my $btime = $3;
401 my $format = "pbs-$btype";
402
403 my $name = "$btype/$bid/$btime";
404
405 if ($bid =~ m/^\d+$/) {
406 return ('backup', $name, $bid, undef, undef, undef, $format);
407 } else {
408 return ('backup', $name, undef, undef, undef, undef, $format);
409 }
410 }
411
412 die "unable to parse PBS volume name '$volname'\n";
413 }
414
415 sub path {
416 my ($class, $scfg, $volname, $storeid, $snapname) = @_;
417
418 die "volume snapshot is not possible on pbs storage"
419 if defined($snapname);
420
421 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
422
423 my $server = $scfg->{server};
424 my $datastore = $scfg->{datastore};
425 my $username = $scfg->{username} // 'root@pam';
426
427 # artifical url - we currently do not use that anywhere
428 my $path = "pbs://$username\@$server:$datastore/$name";
429
430 return ($path, $vmid, $vtype);
431 }
432
433 sub create_base {
434 my ($class, $storeid, $scfg, $volname) = @_;
435
436 die "can't create base images in pbs storage\n";
437 }
438
439 sub clone_image {
440 my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_;
441
442 die "can't clone images in pbs storage\n";
443 }
444
445 sub alloc_image {
446 my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_;
447
448 die "can't allocate space in pbs storage\n";
449 }
450
451 sub free_image {
452 my ($class, $storeid, $scfg, $volname, $isBase) = @_;
453
454 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
455
456 run_client_cmd($scfg, $storeid, "forget", [ $name ], 1);
457 }
458
459
460 sub list_images {
461 my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_;
462
463 my $res = [];
464
465 return $res;
466 }
467
468 sub list_volumes {
469 my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
470
471 my $res = [];
472
473 return $res if !grep { $_ eq 'backup' } @$content_types;
474
475 my $data = run_client_cmd($scfg, $storeid, "snapshots");
476
477 foreach my $item (@$data) {
478 my $btype = $item->{"backup-type"};
479 my $bid = $item->{"backup-id"};
480 my $epoch = $item->{"backup-time"};
481 my $size = $item->{size} // 1;
482
483 next if !($btype eq 'vm' || $btype eq 'ct');
484 next if $bid !~ m/^\d+$/;
485 next if defined($vmid) && $bid ne $vmid;
486
487 my $volid = print_volid($storeid, $btype, $bid, $epoch);
488
489 my $info = {
490 volid => $volid,
491 format => "pbs-$btype",
492 size => $size,
493 content => 'backup',
494 vmid => int($bid),
495 ctime => $epoch,
496 };
497
498 push @$res, $info;
499 }
500
501 return $res;
502 }
503
504 sub status {
505 my ($class, $storeid, $scfg, $cache) = @_;
506
507 my $total = 0;
508 my $free = 0;
509 my $used = 0;
510 my $active = 0;
511
512 eval {
513 my $res = run_client_cmd($scfg, $storeid, "status");
514
515 $active = 1;
516 $total = $res->{total};
517 $used = $res->{used};
518 $free = $res->{avail};
519 };
520 if (my $err = $@) {
521 warn $err;
522 }
523
524 return ($total, $free, $used, $active);
525 }
526
527 sub activate_storage {
528 my ($class, $storeid, $scfg, $cache) = @_;
529
530 run_client_cmd($scfg, $storeid, "status");
531
532 return 1;
533 }
534
535 sub deactivate_storage {
536 my ($class, $storeid, $scfg, $cache) = @_;
537 return 1;
538 }
539
540 sub activate_volume {
541 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
542
543 die "volume snapshot is not possible on pbs device" if $snapname;
544
545 return 1;
546 }
547
548 sub deactivate_volume {
549 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
550
551 die "volume snapshot is not possible on pbs device" if $snapname;
552
553 return 1;
554 }
555
556 sub volume_size_info {
557 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
558
559 my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
560
561 my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]);
562
563 my $size = 0;
564 foreach my $info (@$data) {
565 $size += $info->{size} if $info->{size};
566 }
567
568 my $used = $size;
569
570 return wantarray ? ($size, $format, $used, undef) : $size;
571 }
572
573 sub volume_resize {
574 my ($class, $scfg, $storeid, $volname, $size, $running) = @_;
575 die "volume resize is not possible on pbs device";
576 }
577
578 sub volume_snapshot {
579 my ($class, $scfg, $storeid, $volname, $snap) = @_;
580 die "volume snapshot is not possible on pbs device";
581 }
582
583 sub volume_snapshot_rollback {
584 my ($class, $scfg, $storeid, $volname, $snap) = @_;
585 die "volume snapshot rollback is not possible on pbs device";
586 }
587
588 sub volume_snapshot_delete {
589 my ($class, $scfg, $storeid, $volname, $snap) = @_;
590 die "volume snapshot delete is not possible on pbs device";
591 }
592
593 sub volume_has_feature {
594 my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_;
595
596 return undef;
597 }
598
599 1;
Storage library