[pbs-devel] [PATCH proxmox-backup 4/5] jobs/api2: add checks for maintenance
Dominik Csapak
d.csapak at proxmox.com
Fri Oct 1 10:28:30 CEST 2021
On 9/28/21 12:05, Hannes Laimer wrote:
> ---
> src/api2/admin/datastore.rs | 48 +++++++++++++++++++++++++++++++++----
> src/api2/pull.rs | 5 +++-
> src/server/gc_job.rs | 5 ++--
> src/server/prune_job.rs | 4 +++-
> src/server/verify_job.rs | 5 ++--
> 5 files changed, 56 insertions(+), 11 deletions(-)
>
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index 7e9a0ee0..f5ed6603 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -29,7 +29,7 @@ use pxar::EntryKind;
> use pbs_api_types::{ Authid, BackupContent, Counts, CryptMode,
> DataStoreListItem, GarbageCollectionStatus, GroupListItem,
> SnapshotListItem, SnapshotVerifyState, PruneOptions,
> - DataStoreStatus, RRDMode, RRDTimeFrameResolution,
> + DataStoreStatus, RRDMode, RRDTimeFrameResolution, MaintenanceType,
> BACKUP_ARCHIVE_NAME_SCHEMA, BACKUP_ID_SCHEMA, BACKUP_TIME_SCHEMA,
> BACKUP_TYPE_SCHEMA, DATASTORE_SCHEMA,
> IGNORE_VERIFIED_BACKUPS_SCHEMA, UPID_SCHEMA,
> @@ -83,6 +83,7 @@ fn check_priv_or_backup_owner(
> auth_id: &Authid,
> required_privs: u64,
> ) -> Result<(), Error> {
> + store.check_maintenance(MaintenanceType::Offline)?;
> let user_info = CachedUserInfo::new()?;
> let privs = user_info.lookup_privs(&auth_id, &["datastore", store.name()]);
>
> @@ -97,7 +98,7 @@ fn read_backup_index(
> store: &DataStore,
> backup_dir: &BackupDir,
> ) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
> -
> + store.check_maintenance(MaintenanceType::Offline)?;
> let (manifest, index_size) = store.load_manifest(backup_dir)?;
>
> let mut result = Vec::new();
> @@ -125,7 +126,7 @@ fn get_all_snapshot_files(
> store: &DataStore,
> info: &BackupInfo,
> ) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
> -
> + store.check_maintenance(MaintenanceType::Offline)?;
> let (manifest, mut files) = read_backup_index(&store, &info.backup_dir)?;
>
> let file_set = files.iter().fold(HashSet::new(), |mut acc, item| {
> @@ -172,6 +173,9 @@ pub fn list_groups(
> let user_privs = user_info.lookup_privs(&auth_id, &["datastore", &store]);
>
> let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
>
> let backup_groups = BackupInfo::list_backup_groups(&datastore.base_path())?;
> @@ -267,9 +271,11 @@ pub fn delete_group(
> ) -> Result<Value, Error> {
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
>
> let group = BackupGroup::new(backup_type, backup_id);
> - let datastore = DataStore::lookup_datastore(&store)?;
>
> check_priv_or_backup_owner(&datastore, &group, &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> @@ -316,6 +322,8 @@ pub fn list_snapshot_files(
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> check_priv_or_backup_owner(&datastore, snapshot.group(), &auth_id, PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ)?;
> @@ -362,9 +370,12 @@ pub fn delete_snapshot(
> ) -> Result<Value, Error> {
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> +
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
>
> let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
> - let datastore = DataStore::lookup_datastore(&store)?;
>
> check_priv_or_backup_owner(&datastore, snapshot.group(), &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> @@ -415,6 +426,8 @@ pub fn list_snapshots (
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let base_path = datastore.base_path();
>
> let groups = match (backup_type, backup_id) {
> @@ -686,6 +699,9 @@ pub fn verify(
> rpcenv: &mut dyn RpcEnvironment,
> ) -> Result<Value, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let ignore_verified = ignore_verified.unwrap_or(true);
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> @@ -832,6 +848,8 @@ pub fn prune(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> check_priv_or_backup_owner(&datastore, &group, &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> let worker_id = format!("{}:{}/{}", store, &backup_type, &backup_id);
> @@ -1035,6 +1053,8 @@ pub fn garbage_collection_status(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
i was confused here at first, why garbage collect why garbage collect
needs only read access, then noticed it's the status. but the status
is not really a 'read' operation on the datastore? its more like
the config or a task log since it only shows the status of the last gc
> let status = datastore.last_gc_status();
>
> Ok(status)
> @@ -1111,6 +1131,8 @@ pub fn download_file(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let file_name = required_string_param(¶m, "file-name")?.to_owned();
> @@ -1181,6 +1203,8 @@ pub fn download_file_decoded(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let file_name = required_string_param(¶m, "file-name")?.to_owned();
> @@ -1372,6 +1396,8 @@ pub fn catalog(
> ) -> Result<Vec<ArchiveEntry>, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
> @@ -1442,6 +1468,8 @@ pub fn pxar_file_download(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let filepath = required_string_param(¶m, "filepath")?.to_owned();
> @@ -1597,6 +1625,8 @@ pub fn get_group_notes(
> ) -> Result<String, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> @@ -1639,6 +1669,8 @@ pub fn set_group_notes(
> ) -> Result<(), Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> @@ -1681,6 +1713,8 @@ pub fn get_notes(
> ) -> Result<String, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> @@ -1732,6 +1766,8 @@ pub fn set_notes(
> ) -> Result<(), Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> @@ -1777,6 +1813,8 @@ pub fn set_backup_owner(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> diff --git a/src/api2/pull.rs b/src/api2/pull.rs
> index ea8faab8..b1669288 100644
> --- a/src/api2/pull.rs
> +++ b/src/api2/pull.rs
> @@ -9,7 +9,7 @@ use proxmox::api::{ApiMethod, Router, RpcEnvironment, Permission};
>
> use pbs_client::{HttpClient, BackupRepository};
> use pbs_api_types::{
> - Remote, Authid, SyncJobConfig,
> + Remote, Authid, SyncJobConfig, MaintenanceType,
> DATASTORE_SCHEMA, REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA,
> PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ,
> };
> @@ -71,6 +71,9 @@ pub fn do_sync_job(
> to_stdout: bool,
> ) -> Result<String, Error> {
>
> + let datastore = DataStore::lookup_datastore(&sync_job.store)?;
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let job_id = format!("{}:{}:{}:{}",
> sync_job.remote,
> sync_job.remote_store,
> diff --git a/src/server/gc_job.rs b/src/server/gc_job.rs
> index 794fe146..be04b635 100644
> --- a/src/server/gc_job.rs
> +++ b/src/server/gc_job.rs
> @@ -1,7 +1,7 @@
> use std::sync::Arc;
> use anyhow::Error;
>
> -use pbs_api_types::Authid;
> +use pbs_api_types::{Authid, MaintenanceType};
> use pbs_tools::task_log;
> use pbs_datastore::DataStore;
> use proxmox_rest_server::WorkerTask;
> @@ -16,7 +16,8 @@ pub fn do_garbage_collection_job(
> schedule: Option<String>,
> to_stdout: bool,
> ) -> Result<String, Error> {
> -
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let store = datastore.name().to_string();
>
> let (email, notify) = crate::server::lookup_datastore_notify_settings(&store);
> diff --git a/src/server/prune_job.rs b/src/server/prune_job.rs
> index fc6443e9..84131634 100644
> --- a/src/server/prune_job.rs
> +++ b/src/server/prune_job.rs
> @@ -5,7 +5,7 @@ use anyhow::Error;
> use pbs_datastore::backup_info::BackupInfo;
> use pbs_datastore::prune::compute_prune_info;
> use pbs_datastore::DataStore;
> -use pbs_api_types::{Authid, PRIV_DATASTORE_MODIFY, PruneOptions};
> +use pbs_api_types::{Authid, MaintenanceType, PRIV_DATASTORE_MODIFY, PruneOptions};
> use pbs_config::CachedUserInfo;
> use pbs_tools::{task_log, task_warn};
> use proxmox_rest_server::WorkerTask;
> @@ -20,6 +20,8 @@ pub fn prune_datastore(
> datastore: Arc<DataStore>,
> dry_run: bool,
> ) -> Result<(), Error> {
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> task_log!(worker, "Starting datastore prune on store \"{}\"", store);
>
> if dry_run {
> diff --git a/src/server/verify_job.rs b/src/server/verify_job.rs
> index 6aba97c9..3b2b1472 100644
> --- a/src/server/verify_job.rs
> +++ b/src/server/verify_job.rs
> @@ -1,7 +1,7 @@
> use anyhow::{format_err, Error};
>
> use pbs_tools::task_log;
> -use pbs_api_types::{Authid, VerificationJobConfig};
> +use pbs_api_types::{Authid, VerificationJobConfig, MaintenanceType};
> use proxmox_rest_server::WorkerTask;
> use pbs_datastore::DataStore;
>
> @@ -21,9 +21,10 @@ pub fn do_verification_job(
> schedule: Option<String>,
> to_stdout: bool,
> ) -> Result<String, Error> {
> -
> let datastore = DataStore::lookup_datastore(&verification_job.store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
why does a verification write access? because of the verify status in
the manifest?
imho that reason would be good to have in a comment
> let outdated_after = verification_job.outdated_after;
> let ignore_verified_snapshots = verification_job.ignore_verified.unwrap_or(true);
>
>
More information about the pbs-devel
mailing list