]> git.proxmox.com Git - pve-storage.git/blob - PVE/Storage/PBSPlugin.pm
projects / pve-storage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
storage plugins: en/decode volume notes as UTF-8
[pve-storage.git] / PVE / Storage / PBSPlugin.pm
1 package PVE::Storage::PBSPlugin;
2
3 # Plugin to access Proxmox Backup Server
4
5 use strict;
6 use warnings;
7
8 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
9 use IO::File;
10 use JSON;
11 use MIME::Base64 qw(decode_base64);
12 use POSIX qw(mktime strftime ENOENT);
13 use POSIX::strptime;
14
15 use PVE::APIClient::LWP;
16 use PVE::JSONSchema qw(get_standard_option);
17 use PVE::Network;
18 use PVE::PBSClient;
19 use PVE::Storage::Plugin;
20 use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach $IPV6RE);
21
22 use base qw(PVE::Storage::Plugin);
23
24 # Configuration
25
26 sub type {
27 return 'pbs';
28 }
29
30 sub plugindata {
31 return {
32 content => [ {backup => 1, none => 1}, { backup => 1 }],
33 };
34 }
35
36 sub properties {
37 return {
38 datastore => {
39 description => "Proxmox Backup Server datastore name.",
40 type => 'string',
41 },
42 # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
43 fingerprint => get_standard_option('fingerprint-sha256'),
44 'encryption-key' => {
45 description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
46 type => 'string',
47 },
48 'master-pubkey' => {
49 description => "Base64-encoded, PEM-formatted public RSA key. Used to encrypt a copy of the encryption-key which will be added to each encrypted backup.",
50 type => 'string',
51 },
52 port => {
53 description => "For non default port.",
54 type => 'integer',
55 minimum => 1,
56 maximum => 65535,
57 default => 8007,
58 },
59 };
60 }
61
62 sub options {
63 return {
64 server => { fixed => 1 },
65 datastore => { fixed => 1 },
66 port => { optional => 1 },
67 nodes => { optional => 1},
68 disable => { optional => 1},
69 content => { optional => 1},
70 username => { optional => 1 },
71 password => { optional => 1 },
72 'encryption-key' => { optional => 1 },
73 'master-pubkey' => { optional => 1 },
74 maxfiles => { optional => 1 },
75 'prune-backups' => { optional => 1 },
76 'max-protected-backups' => { optional => 1 },
77 fingerprint => { optional => 1 },
78 };
79 }
80
81 # Helpers
82
83 sub pbs_password_file_name {
84 my ($scfg, $storeid) = @_;
85
86 return "/etc/pve/priv/storage/${storeid}.pw";
87 }
88
89 sub pbs_set_password {
90 my ($scfg, $storeid, $password) = @_;
91
92 my $pwfile = pbs_password_file_name($scfg, $storeid);
93 mkdir "/etc/pve/priv/storage";
94
95 PVE::Tools::file_set_contents($pwfile, "$password\n");
96 }
97
98 sub pbs_delete_password {
99 my ($scfg, $storeid) = @_;
100
101 my $pwfile = pbs_password_file_name($scfg, $storeid);
102
103 unlink $pwfile;
104 }
105
106 sub pbs_get_password {
107 my ($scfg, $storeid) = @_;
108
109 my $pwfile = pbs_password_file_name($scfg, $storeid);
110
111 return PVE::Tools::file_read_firstline($pwfile);
112 }
113
114 sub pbs_encryption_key_file_name {
115 my ($scfg, $storeid) = @_;
116
117 return "/etc/pve/priv/storage/${storeid}.enc";
118 }
119
120 sub pbs_set_encryption_key {
121 my ($scfg, $storeid, $key) = @_;
122
123 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
124 mkdir "/etc/pve/priv/storage";
125
126 PVE::Tools::file_set_contents($pwfile, "$key\n");
127 }
128
129 sub pbs_delete_encryption_key {
130 my ($scfg, $storeid) = @_;
131
132 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
133
134 if (!unlink $pwfile) {
135 return if $! == ENOENT;
136 die "failed to delete encryption key! $!\n";
137 }
138 delete $scfg->{'encryption-key'};
139 }
140
141 sub pbs_get_encryption_key {
142 my ($scfg, $storeid) = @_;
143
144 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
145
146 return PVE::Tools::file_get_contents($pwfile);
147 }
148
149 # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
150 sub pbs_open_encryption_key {
151 my ($scfg, $storeid) = @_;
152
153 my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid);
154
155 my $keyfd;
156 if (!open($keyfd, '<', $encryption_key_file)) {
157 return undef if $! == ENOENT;
158 die "failed to open encryption key: $encryption_key_file: $!\n";
159 }
160
161 return $keyfd;
162 }
163
164 sub pbs_master_pubkey_file_name {
165 my ($scfg, $storeid) = @_;
166
167 return "/etc/pve/priv/storage/${storeid}.master.pem";
168 }
169
170 sub pbs_set_master_pubkey {
171 my ($scfg, $storeid, $key) = @_;
172
173 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
174 mkdir "/etc/pve/priv/storage";
175
176 PVE::Tools::file_set_contents($pwfile, "$key\n");
177 }
178
179 sub pbs_delete_master_pubkey {
180 my ($scfg, $storeid) = @_;
181
182 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
183
184 if (!unlink $pwfile) {
185 return if $! == ENOENT;
186 die "failed to delete master public key! $!\n";
187 }
188 delete $scfg->{'master-pubkey'};
189 }
190
191 sub pbs_get_master_pubkey {
192 my ($scfg, $storeid) = @_;
193
194 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
195
196 return PVE::Tools::file_get_contents($pwfile);
197 }
198
199 # Returns a file handle if there is a master key, or `undef` if there is not. Dies on error.
200 sub pbs_open_master_pubkey {
201 my ($scfg, $storeid) = @_;
202
203 my $master_pubkey_file = pbs_master_pubkey_file_name($scfg, $storeid);
204
205 my $keyfd;
206 if (!open($keyfd, '<', $master_pubkey_file)) {
207 return undef if $! == ENOENT;
208 die "failed to open master public key: $master_pubkey_file: $!\n";
209 }
210
211 return $keyfd;
212 }
213
214 sub print_volid {
215 my ($storeid, $btype, $bid, $btime) = @_;
216
217 my $time_str = strftime("%FT%TZ", gmtime($btime));
218 my $volname = "backup/${btype}/${bid}/${time_str}";
219
220 return "${storeid}:${volname}";
221 }
222
223 # essentially the inverse of print_volid
224 sub api_param_from_volname {
225 my ($class, $volname) = @_;
226
227 my $name = ($class->parse_volname($volname))[1];
228
229 my ($btype, $bid, $timestr) = split('/', $name);
230
231 my @tm = (POSIX::strptime($timestr, "%FT%TZ"));
232 # expect sec, min, hour, mday, mon, year
233 die "error parsing time from '$volname'" if grep { !defined($_) } @tm[0..5];
234
235 my $btime;
236 {
237 local $ENV{TZ} = 'UTC'; # $timestr is UTC
238
239 # Fill in isdst to avoid undef warning. No daylight saving time for UTC.
240 $tm[8] //= 0;
241
242 my $since_epoch = mktime(@tm) or die "error converting time from '$volname'\n";
243 $btime = int($since_epoch);
244 }
245
246 return {
247 'backup-type' => $btype,
248 'backup-id' => $bid,
249 'backup-time' => $btime,
250 };
251 }
252
253 my $USE_CRYPT_PARAMS = {
254 backup => 1,
255 restore => 1,
256 'upload-log' => 1,
257 };
258
259 my $USE_MASTER_KEY = {
260 backup => 1,
261 };
262
263 my sub do_raw_client_cmd {
264 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
265
266 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
267 my $use_master = $USE_MASTER_KEY->{$client_cmd};
268
269 my $client_exe = '/usr/bin/proxmox-backup-client';
270 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
271 if ! -x $client_exe;
272
273 my $repo = PVE::PBSClient::get_repository($scfg);
274
275 my $userns_cmd = delete $opts{userns_cmd};
276
277 my $cmd = [];
278
279 push @$cmd, @$userns_cmd if defined($userns_cmd);
280
281 push @$cmd, $client_exe, $client_cmd;
282
283 # This must live in the top scope to not get closed before the `run_command`
284 my ($keyfd, $master_fd);
285 if ($use_crypto) {
286 if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
287 my $flags = fcntl($keyfd, F_GETFD, 0)
288 // die "failed to get file descriptor flags: $!\n";
289 fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
290 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
291 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
292 if ($use_master && defined($master_fd = pbs_open_master_pubkey($scfg, $storeid))) {
293 my $flags = fcntl($master_fd, F_GETFD, 0)
294 // die "failed to get file descriptor flags: $!\n";
295 fcntl($master_fd, F_SETFD, $flags & ~FD_CLOEXEC)
296 or die "failed to remove FD_CLOEXEC from master public key file descriptor\n";
297 push @$cmd, '--master-pubkey-fd='.fileno($master_fd);
298 }
299 } else {
300 push @$cmd, '--crypt-mode=none';
301 }
302 }
303
304 push @$cmd, @$param if defined($param);
305
306 push @$cmd, "--repository", $repo;
307
308 local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
309
310 local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
311
312 # no ascii-art on task logs
313 local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
314 local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
315
316 if (my $logfunc = $opts{logfunc}) {
317 $logfunc->("run: " . join(' ', @$cmd));
318 }
319
320 run_command($cmd, %opts);
321 }
322
323 # FIXME: External perl code should NOT have access to this.
324 #
325 # There should be separate functions to
326 # - make backups
327 # - restore backups
328 # - restore files
329 # with a sane API
330 sub run_raw_client_cmd {
331 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
332 return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
333 }
334
335 sub run_client_cmd {
336 my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_;
337
338 my $json_str = '';
339 my $outfunc = sub { $json_str .= "$_[0]\n" };
340
341 $param = [] if !defined($param);
342 $param = [ $param ] if !ref($param);
343
344 $param = [@$param, '--output-format=json'] if !$no_output;
345
346 do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
347 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
348
349 return undef if $no_output;
350
351 my $res = decode_json($json_str);
352
353 return $res;
354 }
355
356 # Storage implementation
357
358 sub extract_vzdump_config {
359 my ($class, $scfg, $volname, $storeid) = @_;
360
361 my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname);
362
363 my $config = '';
364 my $outfunc = sub { $config .= "$_[0]\n" };
365
366 my $config_name;
367 if ($format eq 'pbs-vm') {
368 $config_name = 'qemu-server.conf';
369 } elsif ($format eq 'pbs-ct') {
370 $config_name = 'pct.conf';
371 } else {
372 die "unable to extract configuration for backup format '$format'\n";
373 }
374
375 do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
376 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
377
378 return $config;
379 }
380
381 sub prune_backups {
382 my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
383
384 $logfunc //= sub { print "$_[1]\n" };
385
386 my $backups = $class->list_volumes($storeid, $scfg, $vmid, ['backup']);
387
388 $type = 'vm' if defined($type) && $type eq 'qemu';
389 $type = 'ct' if defined($type) && $type eq 'lxc';
390
391 my $backup_groups = {};
392 foreach my $backup (@{$backups}) {
393 (my $backup_type = $backup->{format}) =~ s/^pbs-//;
394
395 next if defined($type) && $backup_type ne $type;
396
397 my $backup_group = "$backup_type/$backup->{vmid}";
398 $backup_groups->{$backup_group} = 1;
399 }
400
401 my @param;
402
403 my $keep_all = delete $keep->{'keep-all'};
404
405 if (!$keep_all) {
406 foreach my $opt (keys %{$keep}) {
407 next if $keep->{$opt} == 0;
408 push @param, "--$opt";
409 push @param, "$keep->{$opt}";
410 }
411 } else { # no need to pass anything to PBS
412 $keep = { 'keep-all' => 1 };
413 }
414
415 push @param, '--dry-run' if $dryrun;
416
417 my $prune_list = [];
418 my $failed;
419
420 foreach my $backup_group (keys %{$backup_groups}) {
421 $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
422 if !$dryrun;
423 eval {
424 my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
425
426 foreach my $backup (@{$res}) {
427 die "result from proxmox-backup-client is not as expected\n"
428 if !defined($backup->{'backup-time'})
429 || !defined($backup->{'backup-type'})
430 || !defined($backup->{'backup-id'})
431 || !defined($backup->{'keep'});
432
433 my $ctime = $backup->{'backup-time'};
434 my $type = $backup->{'backup-type'};
435 my $vmid = $backup->{'backup-id'};
436 my $volid = print_volid($storeid, $type, $vmid, $ctime);
437
438 my $mark = $backup->{keep} ? 'keep' : 'remove';
439 $mark = 'protected' if $backup->{protected};
440
441 push @{$prune_list}, {
442 ctime => $ctime,
443 mark => $mark,
444 type => $type eq 'vm' ? 'qemu' : 'lxc',
445 vmid => $vmid,
446 volid => $volid,
447 };
448 }
449 };
450 if (my $err = $@) {
451 $logfunc->('err', "prune '$backup_group': $err\n");
452 $failed = 1;
453 }
454 }
455 die "error pruning backups - check log\n" if $failed;
456
457 return $prune_list;
458 }
459
460 my $autogen_encryption_key = sub {
461 my ($scfg, $storeid) = @_;
462 my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
463 if (-f $encfile) {
464 rename $encfile, "$encfile.old";
465 }
466 my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
467 run_command($cmd, errmsg => 'failed to create encryption key');
468 return PVE::Tools::file_get_contents($encfile);
469 };
470
471 sub on_add_hook {
472 my ($class, $storeid, $scfg, %param) = @_;
473
474 my $res = {};
475
476 if (defined(my $password = $param{password})) {
477 pbs_set_password($scfg, $storeid, $password);
478 } else {
479 pbs_delete_password($scfg, $storeid);
480 }
481
482 if (defined(my $encryption_key = $param{'encryption-key'})) {
483 my $decoded_key;
484 if ($encryption_key eq 'autogen') {
485 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
486 $decoded_key = decode_json($res->{'encryption-key'});
487 } else {
488 $decoded_key = eval { decode_json($encryption_key) };
489 if ($@ || !exists($decoded_key->{data})) {
490 die "Value does not seems like a valid, JSON formatted encryption key!\n";
491 }
492 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
493 $res->{'encryption-key'} = $encryption_key;
494 }
495 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
496 } else {
497 pbs_delete_encryption_key($scfg, $storeid);
498 }
499
500 if (defined(my $master_key = delete $param{'master-pubkey'})) {
501 die "'master-pubkey' can only be used together with 'encryption-key'\n"
502 if !defined($scfg->{'encryption-key'});
503
504 my $decoded = decode_base64($master_key);
505 pbs_set_master_pubkey($scfg, $storeid, $decoded);
506 $scfg->{'master-pubkey'} = 1;
507 } else {
508 pbs_delete_master_pubkey($scfg, $storeid);
509 }
510
511 return $res;
512 }
513
514 sub on_update_hook {
515 my ($class, $storeid, $scfg, %param) = @_;
516
517 my $res = {};
518
519 if (exists($param{password})) {
520 if (defined($param{password})) {
521 pbs_set_password($scfg, $storeid, $param{password});
522 } else {
523 pbs_delete_password($scfg, $storeid);
524 }
525 }
526
527 if (exists($param{'encryption-key'})) {
528 if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
529 my $decoded_key;
530 if ($encryption_key eq 'autogen') {
531 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
532 $decoded_key = decode_json($res->{'encryption-key'});
533 } else {
534 $decoded_key = eval { decode_json($encryption_key) };
535 if ($@ || !exists($decoded_key->{data})) {
536 die "Value does not seems like a valid, JSON formatted encryption key!\n";
537 }
538 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
539 $res->{'encryption-key'} = $encryption_key;
540 }
541 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
542 } else {
543 pbs_delete_encryption_key($scfg, $storeid);
544 delete $scfg->{'encryption-key'};
545 }
546 }
547
548 if (exists($param{'master-pubkey'})) {
549 if (defined(my $master_key = delete($param{'master-pubkey'}))) {
550 my $decoded = decode_base64($master_key);
551
552 pbs_set_master_pubkey($scfg, $storeid, $decoded);
553 $scfg->{'master-pubkey'} = 1;
554 } else {
555 pbs_delete_master_pubkey($scfg, $storeid);
556 }
557 }
558
559 return $res;
560 }
561
562 sub on_delete_hook {
563 my ($class, $storeid, $scfg) = @_;
564
565 pbs_delete_password($scfg, $storeid);
566 pbs_delete_encryption_key($scfg, $storeid);
567 pbs_delete_master_pubkey($scfg, $storeid);
568
569 return;
570 }
571
572 sub parse_volname {
573 my ($class, $volname) = @_;
574
575 if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) {
576 my $btype = $1;
577 my $bid = $2;
578 my $btime = $3;
579 my $format = "pbs-$btype";
580
581 my $name = "$btype/$bid/$btime";
582
583 if ($bid =~ m/^\d+$/) {
584 return ('backup', $name, $bid, undef, undef, undef, $format);
585 } else {
586 return ('backup', $name, undef, undef, undef, undef, $format);
587 }
588 }
589
590 die "unable to parse PBS volume name '$volname'\n";
591 }
592
593 sub path {
594 my ($class, $scfg, $volname, $storeid, $snapname) = @_;
595
596 die "volume snapshot is not possible on pbs storage"
597 if defined($snapname);
598
599 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
600
601 my $repo = PVE::PBSClient::get_repository($scfg);
602
603 # artificial url - we currently do not use that anywhere
604 my $path = "pbs://$repo/$name";
605
606 return ($path, $vmid, $vtype);
607 }
608
609 sub create_base {
610 my ($class, $storeid, $scfg, $volname) = @_;
611
612 die "can't create base images in pbs storage\n";
613 }
614
615 sub clone_image {
616 my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_;
617
618 die "can't clone images in pbs storage\n";
619 }
620
621 sub alloc_image {
622 my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_;
623
624 die "can't allocate space in pbs storage\n";
625 }
626
627 sub free_image {
628 my ($class, $storeid, $scfg, $volname, $isBase) = @_;
629
630 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
631
632 run_client_cmd($scfg, $storeid, "forget", [ $name ], 1);
633
634 return;
635 }
636
637
638 sub list_images {
639 my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_;
640
641 my $res = [];
642
643 return $res;
644 }
645
646 my sub snapshot_files_encrypted {
647 my ($files) = @_;
648 return 0 if !$files;
649
650 my $any;
651 my $all = 1;
652 for my $file (@$files) {
653 my $fn = $file->{filename};
654 next if $fn eq 'client.log.blob' || $fn eq 'index.json.blob';
655
656 my $crypt = $file->{'crypt-mode'};
657
658 $all = 0 if !$crypt || $crypt ne 'encrypt';
659 $any ||= defined($crypt) && $crypt eq 'encrypt';
660 }
661 return $any && $all;
662 }
663
664 sub list_volumes {
665 my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
666
667 my $res = [];
668
669 return $res if !grep { $_ eq 'backup' } @$content_types;
670
671 my $data = run_client_cmd($scfg, $storeid, "snapshots");
672
673 foreach my $item (@$data) {
674 my $btype = $item->{"backup-type"};
675 my $bid = $item->{"backup-id"};
676 my $epoch = $item->{"backup-time"};
677 my $size = $item->{size} // 1;
678
679 next if !($btype eq 'vm' || $btype eq 'ct');
680 next if $bid !~ m/^\d+$/;
681 next if defined($vmid) && $bid ne $vmid;
682
683 my $volid = print_volid($storeid, $btype, $bid, $epoch);
684
685 my $info = {
686 volid => $volid,
687 format => "pbs-$btype",
688 size => $size,
689 content => 'backup',
690 vmid => int($bid),
691 ctime => $epoch,
692 subtype => $btype eq 'vm' ? 'qemu' : 'lxc', # convert to PVE backup type
693 };
694
695 $info->{verification} = $item->{verification} if defined($item->{verification});
696 $info->{notes} = $item->{comment} if defined($item->{comment});
697 $info->{protected} = 1 if $item->{protected};
698 if (defined($item->{fingerprint})) {
699 $info->{encrypted} = $item->{fingerprint};
700 } elsif (snapshot_files_encrypted($item->{files})) {
701 $info->{encrypted} = '1';
702 }
703
704 push @$res, $info;
705 }
706
707 return $res;
708 }
709
710 sub status {
711 my ($class, $storeid, $scfg, $cache) = @_;
712
713 my $total = 0;
714 my $free = 0;
715 my $used = 0;
716 my $active = 0;
717
718 eval {
719 my $res = run_client_cmd($scfg, $storeid, "status");
720
721 $active = 1;
722 $total = $res->{total};
723 $used = $res->{used};
724 $free = $res->{avail};
725 };
726 if (my $err = $@) {
727 warn $err;
728 }
729
730 return ($total, $free, $used, $active);
731 }
732
733 # TODO: use a client with native rust/proxmox-backup bindings to profit from
734 # API schema checks and types
735 my sub pbs_api_connect {
736 my ($scfg, $password) = @_;
737
738 my $params = {};
739
740 my $user = $scfg->{username} // 'root@pam';
741
742 if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
743 $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
744 } else {
745 $params->{password} = $password;
746 $params->{username} = $user;
747 }
748
749 if (my $fp = $scfg->{fingerprint}) {
750 $params->{cached_fingerprints}->{uc($fp)} = 1;
751 }
752
753 my $conn = PVE::APIClient::LWP->new(
754 %$params,
755 host => $scfg->{server},
756 port => $scfg->{port} // 8007,
757 timeout => 7, # cope with a 401 (3s api delay) and high latency
758 cookie_name => 'PBSAuthCookie',
759 );
760
761 return $conn;
762 }
763
764 # can also be used for not (yet) added storages, pass $scfg with
765 # {
766 # server
767 # user
768 # port (optional default to 8007)
769 # fingerprint (optional for trusted certs)
770 # }
771 sub scan_datastores {
772 my ($scfg, $password) = @_;
773
774 my $conn = pbs_api_connect($scfg, $password);
775
776 my $response = eval { $conn->get('/api2/json/admin/datastore', {}) };
777 die "error fetching datastores - $@" if $@;
778
779 return $response;
780 }
781
782 sub activate_storage {
783 my ($class, $storeid, $scfg, $cache) = @_;
784
785 my $password = pbs_get_password($scfg, $storeid);
786
787 my $datastores = eval { scan_datastores($scfg, $password) };
788 die "$storeid: $@" if $@;
789
790 my $datastore = $scfg->{datastore};
791
792 for my $ds (@$datastores) {
793 if ($ds->{store} eq $datastore) {
794 return 1;
795 }
796 }
797
798 die "$storeid: Cannot find datastore '$datastore', check permissions and existence!\n";
799 }
800
801 sub deactivate_storage {
802 my ($class, $storeid, $scfg, $cache) = @_;
803 return 1;
804 }
805
806 sub activate_volume {
807 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
808
809 die "volume snapshot is not possible on pbs device" if $snapname;
810
811 return 1;
812 }
813
814 sub deactivate_volume {
815 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
816
817 die "volume snapshot is not possible on pbs device" if $snapname;
818
819 return 1;
820 }
821
822 # FIXME remove on the next APIAGE reset.
823 # Deprecated, use get_volume_attribute instead.
824 sub get_volume_notes {
825 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
826
827 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
828
829 my $data = run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "show", $name ]);
830
831 return $data->{notes};
832 }
833
834 # FIXME remove on the next APIAGE reset.
835 # Deprecated, use update_volume_attribute instead.
836 sub update_volume_notes {
837 my ($class, $scfg, $storeid, $volname, $notes, $timeout) = @_;
838
839 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
840
841 run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "update", $name, $notes ], 1);
842
843 return undef;
844 }
845
846 sub get_volume_attribute {
847 my ($class, $scfg, $storeid, $volname, $attribute) = @_;
848
849 if ($attribute eq 'notes') {
850 return $class->get_volume_notes($scfg, $storeid, $volname);
851 }
852
853 if ($attribute eq 'protected') {
854 my $param = $class->api_param_from_volname($volname);
855
856 my $password = pbs_get_password($scfg, $storeid);
857 my $conn = pbs_api_connect($scfg, $password);
858 my $datastore = $scfg->{datastore};
859
860 my $res = eval { $conn->get("/api2/json/admin/datastore/$datastore/$attribute", $param); };
861 if (my $err = $@) {
862 return if $err->{code} == 404; # not supported
863 die $err;
864 }
865 return $res;
866 }
867
868 return;
869 }
870
871 sub update_volume_attribute {
872 my ($class, $scfg, $storeid, $volname, $attribute, $value) = @_;
873
874 if ($attribute eq 'notes') {
875 return $class->update_volume_notes($scfg, $storeid, $volname, $value);
876 }
877
878 if ($attribute eq 'protected') {
879 my $param = $class->api_param_from_volname($volname);
880 $param->{$attribute} = $value;
881
882 my $password = pbs_get_password($scfg, $storeid);
883 my $conn = pbs_api_connect($scfg, $password);
884 my $datastore = $scfg->{datastore};
885
886 eval { $conn->put("/api2/json/admin/datastore/$datastore/$attribute", $param); };
887 if (my $err = $@) {
888 die "Server is not recent enough to support feature '$attribute'\n"
889 if $err->{code} == 404;
890 die $err;
891 }
892 return;
893 }
894
895 die "attribute '$attribute' is not supported for storage type '$scfg->{type}'\n";
896 }
897
898 sub volume_size_info {
899 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
900
901 my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
902
903 my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]);
904
905 my $size = 0;
906 foreach my $info (@$data) {
907 if ($info->{size} && $info->{size} =~ /^(\d+)$/) { # untaints
908 $size += $1;
909 }
910 }
911
912 my $used = $size;
913
914 return wantarray ? ($size, $format, $used, undef) : $size;
915 }
916
917 sub volume_resize {
918 my ($class, $scfg, $storeid, $volname, $size, $running) = @_;
919 die "volume resize is not possible on pbs device";
920 }
921
922 sub volume_snapshot {
923 my ($class, $scfg, $storeid, $volname, $snap) = @_;
924 die "volume snapshot is not possible on pbs device";
925 }
926
927 sub volume_snapshot_rollback {
928 my ($class, $scfg, $storeid, $volname, $snap) = @_;
929 die "volume snapshot rollback is not possible on pbs device";
930 }
931
932 sub volume_snapshot_delete {
933 my ($class, $scfg, $storeid, $volname, $snap) = @_;
934 die "volume snapshot delete is not possible on pbs device";
935 }
936
937 sub volume_has_feature {
938 my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_;
939
940 return undef;
941 }
942
943 1;
Storage library