]> git.proxmox.com Git - pve-storage.git/blob - PVE/Storage/PBSPlugin.pm
projects / pve-storage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix #4189: pbs: bump list_volumes timeout to 2mins
[pve-storage.git] / PVE / Storage / PBSPlugin.pm
1 package PVE::Storage::PBSPlugin;
2
3 # Plugin to access Proxmox Backup Server
4
5 use strict;
6 use warnings;
7
8 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
9 use IO::File;
10 use JSON;
11 use MIME::Base64 qw(decode_base64);
12 use POSIX qw(mktime strftime ENOENT);
13 use POSIX::strptime;
14
15 use PVE::APIClient::LWP;
16 use PVE::JSONSchema qw(get_standard_option);
17 use PVE::Network;
18 use PVE::PBSClient;
19 use PVE::Storage::Plugin;
20 use PVE::Tools qw(run_command file_read_firstline trim dir_glob_regex dir_glob_foreach $IPV6RE);
21
22 use base qw(PVE::Storage::Plugin);
23
24 # Configuration
25
26 sub type {
27 return 'pbs';
28 }
29
30 sub plugindata {
31 return {
32 content => [ {backup => 1, none => 1}, { backup => 1 }],
33 };
34 }
35
36 sub properties {
37 return {
38 datastore => {
39 description => "Proxmox Backup Server datastore name.",
40 type => 'string',
41 },
42 # openssl s_client -connect <host>:8007 2>&1 |openssl x509 -fingerprint -sha256
43 fingerprint => get_standard_option('fingerprint-sha256'),
44 'encryption-key' => {
45 description => "Encryption key. Use 'autogen' to generate one automatically without passphrase.",
46 type => 'string',
47 },
48 'master-pubkey' => {
49 description => "Base64-encoded, PEM-formatted public RSA key. Used to encrypt a copy of the encryption-key which will be added to each encrypted backup.",
50 type => 'string',
51 },
52 port => {
53 description => "For non default port.",
54 type => 'integer',
55 minimum => 1,
56 maximum => 65535,
57 default => 8007,
58 },
59 };
60 }
61
62 sub options {
63 return {
64 server => { fixed => 1 },
65 datastore => { fixed => 1 },
66 namespace => { optional => 1 },
67 port => { optional => 1 },
68 nodes => { optional => 1},
69 disable => { optional => 1},
70 content => { optional => 1},
71 username => { optional => 1 },
72 password => { optional => 1 },
73 'encryption-key' => { optional => 1 },
74 'master-pubkey' => { optional => 1 },
75 maxfiles => { optional => 1 },
76 'prune-backups' => { optional => 1 },
77 'max-protected-backups' => { optional => 1 },
78 fingerprint => { optional => 1 },
79 };
80 }
81
82 # Helpers
83
84 sub pbs_password_file_name {
85 my ($scfg, $storeid) = @_;
86
87 return "/etc/pve/priv/storage/${storeid}.pw";
88 }
89
90 sub pbs_set_password {
91 my ($scfg, $storeid, $password) = @_;
92
93 my $pwfile = pbs_password_file_name($scfg, $storeid);
94 mkdir "/etc/pve/priv/storage";
95
96 PVE::Tools::file_set_contents($pwfile, "$password\n");
97 }
98
99 sub pbs_delete_password {
100 my ($scfg, $storeid) = @_;
101
102 my $pwfile = pbs_password_file_name($scfg, $storeid);
103
104 unlink $pwfile;
105 }
106
107 sub pbs_get_password {
108 my ($scfg, $storeid) = @_;
109
110 my $pwfile = pbs_password_file_name($scfg, $storeid);
111
112 return PVE::Tools::file_read_firstline($pwfile);
113 }
114
115 sub pbs_encryption_key_file_name {
116 my ($scfg, $storeid) = @_;
117
118 return "/etc/pve/priv/storage/${storeid}.enc";
119 }
120
121 sub pbs_set_encryption_key {
122 my ($scfg, $storeid, $key) = @_;
123
124 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
125 mkdir "/etc/pve/priv/storage";
126
127 PVE::Tools::file_set_contents($pwfile, "$key\n");
128 }
129
130 sub pbs_delete_encryption_key {
131 my ($scfg, $storeid) = @_;
132
133 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
134
135 if (!unlink $pwfile) {
136 return if $! == ENOENT;
137 die "failed to delete encryption key! $!\n";
138 }
139 delete $scfg->{'encryption-key'};
140 }
141
142 sub pbs_get_encryption_key {
143 my ($scfg, $storeid) = @_;
144
145 my $pwfile = pbs_encryption_key_file_name($scfg, $storeid);
146
147 return PVE::Tools::file_get_contents($pwfile);
148 }
149
150 # Returns a file handle if there is an encryption key, or `undef` if there is not. Dies on error.
151 sub pbs_open_encryption_key {
152 my ($scfg, $storeid) = @_;
153
154 my $encryption_key_file = pbs_encryption_key_file_name($scfg, $storeid);
155
156 my $keyfd;
157 if (!open($keyfd, '<', $encryption_key_file)) {
158 if ($! == ENOENT) {
159 my $encryption_fp = $scfg->{'encryption-key'};
160 die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
161 if $encryption_fp;
162 return undef;
163 }
164 die "failed to open encryption key: $encryption_key_file: $!\n";
165 }
166
167 return $keyfd;
168 }
169
170 sub pbs_master_pubkey_file_name {
171 my ($scfg, $storeid) = @_;
172
173 return "/etc/pve/priv/storage/${storeid}.master.pem";
174 }
175
176 sub pbs_set_master_pubkey {
177 my ($scfg, $storeid, $key) = @_;
178
179 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
180 mkdir "/etc/pve/priv/storage";
181
182 PVE::Tools::file_set_contents($pwfile, "$key\n");
183 }
184
185 sub pbs_delete_master_pubkey {
186 my ($scfg, $storeid) = @_;
187
188 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
189
190 if (!unlink $pwfile) {
191 return if $! == ENOENT;
192 die "failed to delete master public key! $!\n";
193 }
194 delete $scfg->{'master-pubkey'};
195 }
196
197 sub pbs_get_master_pubkey {
198 my ($scfg, $storeid) = @_;
199
200 my $pwfile = pbs_master_pubkey_file_name($scfg, $storeid);
201
202 return PVE::Tools::file_get_contents($pwfile);
203 }
204
205 # Returns a file handle if there is a master key, or `undef` if there is not. Dies on error.
206 sub pbs_open_master_pubkey {
207 my ($scfg, $storeid) = @_;
208
209 my $master_pubkey_file = pbs_master_pubkey_file_name($scfg, $storeid);
210
211 my $keyfd;
212 if (!open($keyfd, '<', $master_pubkey_file)) {
213 if ($! == ENOENT) {
214 die "master public key configured but no key file found!\n"
215 if $scfg->{'master-pubkey'};
216 return undef;
217 }
218 die "failed to open master public key: $master_pubkey_file: $!\n";
219 }
220
221 return $keyfd;
222 }
223
224 sub print_volid {
225 my ($storeid, $btype, $bid, $btime) = @_;
226
227 my $time_str = strftime("%FT%TZ", gmtime($btime));
228 my $volname = "backup/${btype}/${bid}/${time_str}";
229
230 return "${storeid}:${volname}";
231 }
232
233 my sub ns : prototype($$) {
234 my ($scfg, $name) = @_;
235 my $ns = $scfg->{namespace};
236 return defined($ns) ? ($name, $ns) : ();
237 }
238
239 # essentially the inverse of print_volid
240 my sub api_param_from_volname : prototype($$$) {
241 my ($class, $scfg, $volname) = @_;
242
243 my $name = ($class->parse_volname($volname))[1];
244
245 my ($btype, $bid, $timestr) = split('/', $name);
246
247 my @tm = (POSIX::strptime($timestr, "%FT%TZ"));
248 # expect sec, min, hour, mday, mon, year
249 die "error parsing time from '$volname'" if grep { !defined($_) } @tm[0..5];
250
251 my $btime;
252 {
253 local $ENV{TZ} = 'UTC'; # $timestr is UTC
254
255 # Fill in isdst to avoid undef warning. No daylight saving time for UTC.
256 $tm[8] //= 0;
257
258 my $since_epoch = mktime(@tm) or die "error converting time from '$volname'\n";
259 $btime = int($since_epoch);
260 }
261
262 return {
263 (ns($scfg, 'ns')),
264 'backup-type' => $btype,
265 'backup-id' => $bid,
266 'backup-time' => $btime,
267 };
268 }
269
270 my $USE_CRYPT_PARAMS = {
271 backup => 1,
272 restore => 1,
273 'upload-log' => 1,
274 };
275
276 my $USE_MASTER_KEY = {
277 backup => 1,
278 };
279
280 my sub do_raw_client_cmd {
281 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
282
283 my $use_crypto = $USE_CRYPT_PARAMS->{$client_cmd};
284 my $use_master = $USE_MASTER_KEY->{$client_cmd};
285
286 my $client_exe = '/usr/bin/proxmox-backup-client';
287 die "executable not found '$client_exe'! Proxmox backup client not installed?\n"
288 if ! -x $client_exe;
289
290 my $repo = PVE::PBSClient::get_repository($scfg);
291
292 my $userns_cmd = delete $opts{userns_cmd};
293
294 my $cmd = [];
295
296 push @$cmd, @$userns_cmd if defined($userns_cmd);
297
298 push @$cmd, $client_exe, $client_cmd;
299
300 # This must live in the top scope to not get closed before the `run_command`
301 my ($keyfd, $master_fd);
302 if ($use_crypto) {
303 if (defined($keyfd = pbs_open_encryption_key($scfg, $storeid))) {
304 my $flags = fcntl($keyfd, F_GETFD, 0)
305 // die "failed to get file descriptor flags: $!\n";
306 fcntl($keyfd, F_SETFD, $flags & ~FD_CLOEXEC)
307 or die "failed to remove FD_CLOEXEC from encryption key file descriptor\n";
308 push @$cmd, '--crypt-mode=encrypt', '--keyfd='.fileno($keyfd);
309 if ($use_master && defined($master_fd = pbs_open_master_pubkey($scfg, $storeid))) {
310 my $flags = fcntl($master_fd, F_GETFD, 0)
311 // die "failed to get file descriptor flags: $!\n";
312 fcntl($master_fd, F_SETFD, $flags & ~FD_CLOEXEC)
313 or die "failed to remove FD_CLOEXEC from master public key file descriptor\n";
314 push @$cmd, '--master-pubkey-fd='.fileno($master_fd);
315 }
316 } else {
317 push @$cmd, '--crypt-mode=none';
318 }
319 }
320
321 push @$cmd, @$param if defined($param);
322
323 push @$cmd, "--repository", $repo;
324 if ($client_cmd ne 'status' && defined(my $ns = $scfg->{namespace})) {
325 push @$cmd, '--ns', $ns;
326 }
327
328 local $ENV{PBS_PASSWORD} = pbs_get_password($scfg, $storeid);
329
330 local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
331
332 # no ascii-art on task logs
333 local $ENV{PROXMOX_OUTPUT_NO_BORDER} = 1;
334 local $ENV{PROXMOX_OUTPUT_NO_HEADER} = 1;
335
336 if (my $logfunc = $opts{logfunc}) {
337 $logfunc->("run: " . join(' ', @$cmd));
338 }
339
340 run_command($cmd, %opts);
341 }
342
343 # FIXME: External perl code should NOT have access to this.
344 #
345 # There should be separate functions to
346 # - make backups
347 # - restore backups
348 # - restore files
349 # with a sane API
350 sub run_raw_client_cmd {
351 my ($scfg, $storeid, $client_cmd, $param, %opts) = @_;
352 return do_raw_client_cmd($scfg, $storeid, $client_cmd, $param, %opts);
353 }
354
355 sub run_client_cmd {
356 my ($scfg, $storeid, $client_cmd, $param, $no_output) = @_;
357
358 my $json_str = '';
359 my $outfunc = sub { $json_str .= "$_[0]\n" };
360
361 $param = [] if !defined($param);
362 $param = [ $param ] if !ref($param);
363
364 $param = [@$param, '--output-format=json'] if !$no_output;
365
366 do_raw_client_cmd($scfg, $storeid, $client_cmd, $param,
367 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
368
369 return undef if $no_output;
370
371 my $res = decode_json($json_str);
372
373 return $res;
374 }
375
376 # Storage implementation
377
378 sub extract_vzdump_config {
379 my ($class, $scfg, $volname, $storeid) = @_;
380
381 my ($vtype, $name, $vmid, undef, undef, undef, $format) = $class->parse_volname($volname);
382
383 my $config = '';
384 my $outfunc = sub { $config .= "$_[0]\n" };
385
386 my $config_name;
387 if ($format eq 'pbs-vm') {
388 $config_name = 'qemu-server.conf';
389 } elsif ($format eq 'pbs-ct') {
390 $config_name = 'pct.conf';
391 } else {
392 die "unable to extract configuration for backup format '$format'\n";
393 }
394
395 do_raw_client_cmd($scfg, $storeid, 'restore', [ $name, $config_name, '-' ],
396 outfunc => $outfunc, errmsg => 'proxmox-backup-client failed');
397
398 return $config;
399 }
400
401 sub prune_backups {
402 my ($class, $scfg, $storeid, $keep, $vmid, $type, $dryrun, $logfunc) = @_;
403
404 $logfunc //= sub { print "$_[1]\n" };
405
406 my $backups = $class->list_volumes($storeid, $scfg, $vmid, ['backup']);
407
408 $type = 'vm' if defined($type) && $type eq 'qemu';
409 $type = 'ct' if defined($type) && $type eq 'lxc';
410
411 my $backup_groups = {};
412 foreach my $backup (@{$backups}) {
413 (my $backup_type = $backup->{format}) =~ s/^pbs-//;
414
415 next if defined($type) && $backup_type ne $type;
416
417 my $backup_group = "$backup_type/$backup->{vmid}";
418 $backup_groups->{$backup_group} = 1;
419 }
420
421 my @param;
422
423 my $keep_all = delete $keep->{'keep-all'};
424
425 if (!$keep_all) {
426 foreach my $opt (keys %{$keep}) {
427 next if $keep->{$opt} == 0;
428 push @param, "--$opt";
429 push @param, "$keep->{$opt}";
430 }
431 } else { # no need to pass anything to PBS
432 $keep = { 'keep-all' => 1 };
433 }
434
435 push @param, '--dry-run' if $dryrun;
436
437 my $prune_list = [];
438 my $failed;
439
440 foreach my $backup_group (keys %{$backup_groups}) {
441 $logfunc->('info', "running 'proxmox-backup-client prune' for '$backup_group'")
442 if !$dryrun;
443 eval {
444 my $res = run_client_cmd($scfg, $storeid, 'prune', [ $backup_group, @param ]);
445
446 foreach my $backup (@{$res}) {
447 die "result from proxmox-backup-client is not as expected\n"
448 if !defined($backup->{'backup-time'})
449 || !defined($backup->{'backup-type'})
450 || !defined($backup->{'backup-id'})
451 || !defined($backup->{'keep'});
452
453 my $ctime = $backup->{'backup-time'};
454 my $type = $backup->{'backup-type'};
455 my $vmid = $backup->{'backup-id'};
456 my $volid = print_volid($storeid, $type, $vmid, $ctime);
457
458 my $mark = $backup->{keep} ? 'keep' : 'remove';
459 $mark = 'protected' if $backup->{protected};
460
461 push @{$prune_list}, {
462 ctime => $ctime,
463 mark => $mark,
464 type => $type eq 'vm' ? 'qemu' : 'lxc',
465 vmid => $vmid,
466 volid => $volid,
467 };
468 }
469 };
470 if (my $err = $@) {
471 $logfunc->('err', "prune '$backup_group': $err\n");
472 $failed = 1;
473 }
474 }
475 die "error pruning backups - check log\n" if $failed;
476
477 return $prune_list;
478 }
479
480 my $autogen_encryption_key = sub {
481 my ($scfg, $storeid) = @_;
482 my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
483 if (-f $encfile) {
484 rename $encfile, "$encfile.old";
485 }
486 my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
487 run_command($cmd, errmsg => 'failed to create encryption key');
488 return PVE::Tools::file_get_contents($encfile);
489 };
490
491 sub on_add_hook {
492 my ($class, $storeid, $scfg, %param) = @_;
493
494 my $res = {};
495
496 if (defined(my $password = $param{password})) {
497 pbs_set_password($scfg, $storeid, $password);
498 } else {
499 pbs_delete_password($scfg, $storeid);
500 }
501
502 if (defined(my $encryption_key = $param{'encryption-key'})) {
503 my $decoded_key;
504 if ($encryption_key eq 'autogen') {
505 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
506 $decoded_key = decode_json($res->{'encryption-key'});
507 } else {
508 $decoded_key = eval { decode_json($encryption_key) };
509 if ($@ || !exists($decoded_key->{data})) {
510 die "Value does not seems like a valid, JSON formatted encryption key!\n";
511 }
512 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
513 $res->{'encryption-key'} = $encryption_key;
514 }
515 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
516 } else {
517 pbs_delete_encryption_key($scfg, $storeid);
518 }
519
520 if (defined(my $master_key = delete $param{'master-pubkey'})) {
521 die "'master-pubkey' can only be used together with 'encryption-key'\n"
522 if !defined($scfg->{'encryption-key'});
523
524 my $decoded = decode_base64($master_key);
525 pbs_set_master_pubkey($scfg, $storeid, $decoded);
526 $scfg->{'master-pubkey'} = 1;
527 } else {
528 pbs_delete_master_pubkey($scfg, $storeid);
529 }
530
531 return $res;
532 }
533
534 sub on_update_hook {
535 my ($class, $storeid, $scfg, %param) = @_;
536
537 my $res = {};
538
539 if (exists($param{password})) {
540 if (defined($param{password})) {
541 pbs_set_password($scfg, $storeid, $param{password});
542 } else {
543 pbs_delete_password($scfg, $storeid);
544 }
545 }
546
547 if (exists($param{'encryption-key'})) {
548 if (defined(my $encryption_key = delete($param{'encryption-key'}))) {
549 my $decoded_key;
550 if ($encryption_key eq 'autogen') {
551 $res->{'encryption-key'} = $autogen_encryption_key->($scfg, $storeid);
552 $decoded_key = decode_json($res->{'encryption-key'});
553 } else {
554 $decoded_key = eval { decode_json($encryption_key) };
555 if ($@ || !exists($decoded_key->{data})) {
556 die "Value does not seems like a valid, JSON formatted encryption key!\n";
557 }
558 pbs_set_encryption_key($scfg, $storeid, $encryption_key);
559 $res->{'encryption-key'} = $encryption_key;
560 }
561 $scfg->{'encryption-key'} = $decoded_key->{fingerprint} || 1;
562 } else {
563 pbs_delete_encryption_key($scfg, $storeid);
564 delete $scfg->{'encryption-key'};
565 }
566 }
567
568 if (exists($param{'master-pubkey'})) {
569 if (defined(my $master_key = delete($param{'master-pubkey'}))) {
570 my $decoded = decode_base64($master_key);
571
572 pbs_set_master_pubkey($scfg, $storeid, $decoded);
573 $scfg->{'master-pubkey'} = 1;
574 } else {
575 pbs_delete_master_pubkey($scfg, $storeid);
576 }
577 }
578
579 return $res;
580 }
581
582 sub on_delete_hook {
583 my ($class, $storeid, $scfg) = @_;
584
585 pbs_delete_password($scfg, $storeid);
586 pbs_delete_encryption_key($scfg, $storeid);
587 pbs_delete_master_pubkey($scfg, $storeid);
588
589 return;
590 }
591
592 sub parse_volname {
593 my ($class, $volname) = @_;
594
595 if ($volname =~ m!^backup/([^\s_]+)/([^\s_]+)/([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z)$!) {
596 my $btype = $1;
597 my $bid = $2;
598 my $btime = $3;
599 my $format = "pbs-$btype";
600
601 my $name = "$btype/$bid/$btime";
602
603 if ($bid =~ m/^\d+$/) {
604 return ('backup', $name, $bid, undef, undef, undef, $format);
605 } else {
606 return ('backup', $name, undef, undef, undef, undef, $format);
607 }
608 }
609
610 die "unable to parse PBS volume name '$volname'\n";
611 }
612
613 sub path {
614 my ($class, $scfg, $volname, $storeid, $snapname) = @_;
615
616 die "volume snapshot is not possible on pbs storage"
617 if defined($snapname);
618
619 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
620
621 my $repo = PVE::PBSClient::get_repository($scfg);
622
623 # artificial url - we currently do not use that anywhere
624 my $path = "pbs://$repo/$name";
625 if (defined(my $ns = $scfg->{namespace})) {
626 $ns =~ s|/|%2f|g; # other characters to escape aren't allowed in the namespace schema
627 $path .= "?ns=$ns";
628 }
629
630 return ($path, $vmid, $vtype);
631 }
632
633 sub create_base {
634 my ($class, $storeid, $scfg, $volname) = @_;
635
636 die "can't create base images in pbs storage\n";
637 }
638
639 sub clone_image {
640 my ($class, $scfg, $storeid, $volname, $vmid, $snap) = @_;
641
642 die "can't clone images in pbs storage\n";
643 }
644
645 sub alloc_image {
646 my ($class, $storeid, $scfg, $vmid, $fmt, $name, $size) = @_;
647
648 die "can't allocate space in pbs storage\n";
649 }
650
651 sub free_image {
652 my ($class, $storeid, $scfg, $volname, $isBase) = @_;
653
654 my ($vtype, $name, $vmid) = $class->parse_volname($volname);
655
656 run_client_cmd($scfg, $storeid, "forget", [ $name ], 1);
657
658 return;
659 }
660
661
662 sub list_images {
663 my ($class, $storeid, $scfg, $vmid, $vollist, $cache) = @_;
664
665 my $res = [];
666
667 return $res;
668 }
669
670 my sub snapshot_files_encrypted {
671 my ($files) = @_;
672 return 0 if !$files;
673
674 my $any;
675 my $all = 1;
676 for my $file (@$files) {
677 my $fn = $file->{filename};
678 next if $fn eq 'client.log.blob' || $fn eq 'index.json.blob';
679
680 my $crypt = $file->{'crypt-mode'};
681
682 $all = 0 if !$crypt || $crypt ne 'encrypt';
683 $any ||= defined($crypt) && $crypt eq 'encrypt';
684 }
685 return $any && $all;
686 }
687
688 # TODO: use a client with native rust/proxmox-backup bindings to profit from
689 # API schema checks and types
690 my sub pbs_api_connect {
691 my ($scfg, $password, $timeout) = @_;
692
693 my $params = {};
694
695 my $user = $scfg->{username} // 'root@pam';
696
697 if (my $tokenid = PVE::AccessControl::pve_verify_tokenid($user, 1)) {
698 $params->{apitoken} = "PBSAPIToken=${tokenid}:${password}";
699 } else {
700 $params->{password} = $password;
701 $params->{username} = $user;
702 }
703
704 if (my $fp = $scfg->{fingerprint}) {
705 $params->{cached_fingerprints}->{uc($fp)} = 1;
706 }
707
708 my $conn = PVE::APIClient::LWP->new(
709 %$params,
710 host => $scfg->{server},
711 port => $scfg->{port} // 8007,
712 timeout => ($timeout // 7), # cope with a 401 (3s api delay) and high latency
713 cookie_name => 'PBSAuthCookie',
714 );
715
716 return $conn;
717 }
718
719 sub list_volumes {
720 my ($class, $storeid, $scfg, $vmid, $content_types) = @_;
721
722 my $res = [];
723
724 return $res if !grep { $_ eq 'backup' } @$content_types;
725
726 my $password = pbs_get_password($scfg, $storeid);
727 my $conn = pbs_api_connect($scfg, $password, 120);
728 my $datastore = $scfg->{datastore};
729
730 my $param = {};
731 $param->{'backup-id'} = "$vmid" if defined($vmid);
732 $param->{'ns'} = "$scfg->{namespace}" if defined($scfg->{namespace});
733 my $data = eval { $conn->get("/api2/json/admin/datastore/$datastore/snapshots", $param); };
734 die "error listing snapshots - $@" if $@;
735
736 foreach my $item (@$data) {
737 my $btype = $item->{"backup-type"};
738 my $bid = $item->{"backup-id"};
739 my $epoch = $item->{"backup-time"};
740 my $size = $item->{size} // 1;
741
742 next if !($btype eq 'vm' || $btype eq 'ct');
743 next if $bid !~ m/^\d+$/;
744 next if defined($vmid) && $bid ne $vmid;
745
746 my $volid = print_volid($storeid, $btype, $bid, $epoch);
747
748 my $info = {
749 volid => $volid,
750 format => "pbs-$btype",
751 size => $size,
752 content => 'backup',
753 vmid => int($bid),
754 ctime => $epoch,
755 subtype => $btype eq 'vm' ? 'qemu' : 'lxc', # convert to PVE backup type
756 };
757
758 $info->{verification} = $item->{verification} if defined($item->{verification});
759 $info->{notes} = $item->{comment} if defined($item->{comment});
760 $info->{protected} = 1 if $item->{protected};
761 if (defined($item->{fingerprint})) {
762 $info->{encrypted} = $item->{fingerprint};
763 } elsif (snapshot_files_encrypted($item->{files})) {
764 $info->{encrypted} = '1';
765 }
766
767 push @$res, $info;
768 }
769
770 return $res;
771 }
772
773 sub status {
774 my ($class, $storeid, $scfg, $cache) = @_;
775
776 my $total = 0;
777 my $free = 0;
778 my $used = 0;
779 my $active = 0;
780
781 eval {
782 my $res = run_client_cmd($scfg, $storeid, "status");
783
784 $active = 1;
785 $total = $res->{total};
786 $used = $res->{used};
787 $free = $res->{avail};
788 };
789 if (my $err = $@) {
790 warn $err;
791 }
792
793 return ($total, $free, $used, $active);
794 }
795
796 # can also be used for not (yet) added storages, pass $scfg with
797 # {
798 # server
799 # user
800 # port (optional default to 8007)
801 # fingerprint (optional for trusted certs)
802 # }
803 sub scan_datastores {
804 my ($scfg, $password) = @_;
805
806 my $conn = pbs_api_connect($scfg, $password);
807
808 my $response = eval { $conn->get('/api2/json/admin/datastore', {}) };
809 die "error fetching datastores - $@" if $@;
810
811 return $response;
812 }
813
814 sub activate_storage {
815 my ($class, $storeid, $scfg, $cache) = @_;
816
817 my $password = pbs_get_password($scfg, $storeid);
818
819 my $datastores = eval { scan_datastores($scfg, $password) };
820 die "$storeid: $@" if $@;
821
822 my $datastore = $scfg->{datastore};
823
824 for my $ds (@$datastores) {
825 if ($ds->{store} eq $datastore) {
826 return 1;
827 }
828 }
829
830 die "$storeid: Cannot find datastore '$datastore', check permissions and existence!\n";
831 }
832
833 sub deactivate_storage {
834 my ($class, $storeid, $scfg, $cache) = @_;
835 return 1;
836 }
837
838 sub activate_volume {
839 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
840
841 die "volume snapshot is not possible on pbs device" if $snapname;
842
843 return 1;
844 }
845
846 sub deactivate_volume {
847 my ($class, $storeid, $scfg, $volname, $snapname, $cache) = @_;
848
849 die "volume snapshot is not possible on pbs device" if $snapname;
850
851 return 1;
852 }
853
854 # FIXME remove on the next APIAGE reset.
855 # Deprecated, use get_volume_attribute instead.
856 sub get_volume_notes {
857 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
858
859 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
860
861 my $data = run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "show", $name ]);
862
863 return $data->{notes};
864 }
865
866 # FIXME remove on the next APIAGE reset.
867 # Deprecated, use update_volume_attribute instead.
868 sub update_volume_notes {
869 my ($class, $scfg, $storeid, $volname, $notes, $timeout) = @_;
870
871 my (undef, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
872
873 run_client_cmd($scfg, $storeid, "snapshot", [ "notes", "update", $name, $notes ], 1);
874
875 return undef;
876 }
877
878 sub get_volume_attribute {
879 my ($class, $scfg, $storeid, $volname, $attribute) = @_;
880
881 if ($attribute eq 'notes') {
882 return $class->get_volume_notes($scfg, $storeid, $volname);
883 }
884
885 if ($attribute eq 'protected') {
886 my $param = api_param_from_volname($class, $scfg, $volname);
887
888 my $password = pbs_get_password($scfg, $storeid);
889 my $conn = pbs_api_connect($scfg, $password);
890 my $datastore = $scfg->{datastore};
891
892 my $res = eval { $conn->get("/api2/json/admin/datastore/$datastore/$attribute", $param); };
893 if (my $err = $@) {
894 return if $err->{code} == 404; # not supported
895 die $err;
896 }
897 return $res;
898 }
899
900 return;
901 }
902
903 sub update_volume_attribute {
904 my ($class, $scfg, $storeid, $volname, $attribute, $value) = @_;
905
906 if ($attribute eq 'notes') {
907 return $class->update_volume_notes($scfg, $storeid, $volname, $value);
908 }
909
910 if ($attribute eq 'protected') {
911 my $param = api_param_from_volname($class, $scfg, $volname);
912 $param->{$attribute} = $value;
913
914 my $password = pbs_get_password($scfg, $storeid);
915 my $conn = pbs_api_connect($scfg, $password);
916 my $datastore = $scfg->{datastore};
917
918 eval { $conn->put("/api2/json/admin/datastore/$datastore/$attribute", $param); };
919 if (my $err = $@) {
920 die "Server is not recent enough to support feature '$attribute'\n"
921 if $err->{code} == 404;
922 die $err;
923 }
924 return;
925 }
926
927 die "attribute '$attribute' is not supported for storage type '$scfg->{type}'\n";
928 }
929
930 sub volume_size_info {
931 my ($class, $scfg, $storeid, $volname, $timeout) = @_;
932
933 my ($vtype, $name, undef, undef, undef, undef, $format) = $class->parse_volname($volname);
934
935 my $data = run_client_cmd($scfg, $storeid, "files", [ $name ]);
936
937 my $size = 0;
938 foreach my $info (@$data) {
939 if ($info->{size} && $info->{size} =~ /^(\d+)$/) { # untaints
940 $size += $1;
941 }
942 }
943
944 my $used = $size;
945
946 return wantarray ? ($size, $format, $used, undef) : $size;
947 }
948
949 sub volume_resize {
950 my ($class, $scfg, $storeid, $volname, $size, $running) = @_;
951 die "volume resize is not possible on pbs device";
952 }
953
954 sub volume_snapshot {
955 my ($class, $scfg, $storeid, $volname, $snap) = @_;
956 die "volume snapshot is not possible on pbs device";
957 }
958
959 sub volume_snapshot_rollback {
960 my ($class, $scfg, $storeid, $volname, $snap) = @_;
961 die "volume snapshot rollback is not possible on pbs device";
962 }
963
964 sub volume_snapshot_delete {
965 my ($class, $scfg, $storeid, $volname, $snap) = @_;
966 die "volume snapshot delete is not possible on pbs device";
967 }
968
969 sub volume_has_feature {
970 my ($class, $scfg, $feature, $storeid, $volname, $snapname, $running) = @_;
971
972 return undef;
973 }
974
975 1;
Storage library