From: Dominik Csapak <d.csapak@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>,
Hannes Laimer <h.laimer@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 4/5] jobs/api2: add checks for maintenance
Date: Fri, 1 Oct 2021 10:28:30 +0200 [thread overview]
Message-ID: <041bd568-2ef0-68a5-eb99-1548a8b1fab4@proxmox.com> (raw)
In-Reply-To: <20210928100548.4873-5-h.laimer@proxmox.com>
On 9/28/21 12:05, Hannes Laimer wrote:
> ---
> src/api2/admin/datastore.rs | 48 +++++++++++++++++++++++++++++++++----
> src/api2/pull.rs | 5 +++-
> src/server/gc_job.rs | 5 ++--
> src/server/prune_job.rs | 4 +++-
> src/server/verify_job.rs | 5 ++--
> 5 files changed, 56 insertions(+), 11 deletions(-)
>
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index 7e9a0ee0..f5ed6603 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -29,7 +29,7 @@ use pxar::EntryKind;
> use pbs_api_types::{ Authid, BackupContent, Counts, CryptMode,
> DataStoreListItem, GarbageCollectionStatus, GroupListItem,
> SnapshotListItem, SnapshotVerifyState, PruneOptions,
> - DataStoreStatus, RRDMode, RRDTimeFrameResolution,
> + DataStoreStatus, RRDMode, RRDTimeFrameResolution, MaintenanceType,
> BACKUP_ARCHIVE_NAME_SCHEMA, BACKUP_ID_SCHEMA, BACKUP_TIME_SCHEMA,
> BACKUP_TYPE_SCHEMA, DATASTORE_SCHEMA,
> IGNORE_VERIFIED_BACKUPS_SCHEMA, UPID_SCHEMA,
> @@ -83,6 +83,7 @@ fn check_priv_or_backup_owner(
> auth_id: &Authid,
> required_privs: u64,
> ) -> Result<(), Error> {
> + store.check_maintenance(MaintenanceType::Offline)?;
> let user_info = CachedUserInfo::new()?;
> let privs = user_info.lookup_privs(&auth_id, &["datastore", store.name()]);
>
> @@ -97,7 +98,7 @@ fn read_backup_index(
> store: &DataStore,
> backup_dir: &BackupDir,
> ) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
> -
> + store.check_maintenance(MaintenanceType::Offline)?;
> let (manifest, index_size) = store.load_manifest(backup_dir)?;
>
> let mut result = Vec::new();
> @@ -125,7 +126,7 @@ fn get_all_snapshot_files(
> store: &DataStore,
> info: &BackupInfo,
> ) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
> -
> + store.check_maintenance(MaintenanceType::Offline)?;
> let (manifest, mut files) = read_backup_index(&store, &info.backup_dir)?;
>
> let file_set = files.iter().fold(HashSet::new(), |mut acc, item| {
> @@ -172,6 +173,9 @@ pub fn list_groups(
> let user_privs = user_info.lookup_privs(&auth_id, &["datastore", &store]);
>
> let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
>
> let backup_groups = BackupInfo::list_backup_groups(&datastore.base_path())?;
> @@ -267,9 +271,11 @@ pub fn delete_group(
> ) -> Result<Value, Error> {
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
>
> let group = BackupGroup::new(backup_type, backup_id);
> - let datastore = DataStore::lookup_datastore(&store)?;
>
> check_priv_or_backup_owner(&datastore, &group, &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> @@ -316,6 +322,8 @@ pub fn list_snapshot_files(
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> check_priv_or_backup_owner(&datastore, snapshot.group(), &auth_id, PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ)?;
> @@ -362,9 +370,12 @@ pub fn delete_snapshot(
> ) -> Result<Value, Error> {
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> +
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
>
> let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
> - let datastore = DataStore::lookup_datastore(&store)?;
>
> check_priv_or_backup_owner(&datastore, snapshot.group(), &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> @@ -415,6 +426,8 @@ pub fn list_snapshots (
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let base_path = datastore.base_path();
>
> let groups = match (backup_type, backup_id) {
> @@ -686,6 +699,9 @@ pub fn verify(
> rpcenv: &mut dyn RpcEnvironment,
> ) -> Result<Value, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let ignore_verified = ignore_verified.unwrap_or(true);
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> @@ -832,6 +848,8 @@ pub fn prune(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> check_priv_or_backup_owner(&datastore, &group, &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> let worker_id = format!("{}:{}/{}", store, &backup_type, &backup_id);
> @@ -1035,6 +1053,8 @@ pub fn garbage_collection_status(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
i was confused here at first, why garbage collect why garbage collect
needs only read access, then noticed it's the status. but the status
is not really a 'read' operation on the datastore? its more like
the config or a task log since it only shows the status of the last gc
> let status = datastore.last_gc_status();
>
> Ok(status)
> @@ -1111,6 +1131,8 @@ pub fn download_file(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let file_name = required_string_param(¶m, "file-name")?.to_owned();
> @@ -1181,6 +1203,8 @@ pub fn download_file_decoded(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let file_name = required_string_param(¶m, "file-name")?.to_owned();
> @@ -1372,6 +1396,8 @@ pub fn catalog(
> ) -> Result<Vec<ArchiveEntry>, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
> @@ -1442,6 +1468,8 @@ pub fn pxar_file_download(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let filepath = required_string_param(¶m, "filepath")?.to_owned();
> @@ -1597,6 +1625,8 @@ pub fn get_group_notes(
> ) -> Result<String, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> @@ -1639,6 +1669,8 @@ pub fn set_group_notes(
> ) -> Result<(), Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> @@ -1681,6 +1713,8 @@ pub fn get_notes(
> ) -> Result<String, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> @@ -1732,6 +1766,8 @@ pub fn set_notes(
> ) -> Result<(), Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> @@ -1777,6 +1813,8 @@ pub fn set_backup_owner(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> diff --git a/src/api2/pull.rs b/src/api2/pull.rs
> index ea8faab8..b1669288 100644
> --- a/src/api2/pull.rs
> +++ b/src/api2/pull.rs
> @@ -9,7 +9,7 @@ use proxmox::api::{ApiMethod, Router, RpcEnvironment, Permission};
>
> use pbs_client::{HttpClient, BackupRepository};
> use pbs_api_types::{
> - Remote, Authid, SyncJobConfig,
> + Remote, Authid, SyncJobConfig, MaintenanceType,
> DATASTORE_SCHEMA, REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA,
> PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ,
> };
> @@ -71,6 +71,9 @@ pub fn do_sync_job(
> to_stdout: bool,
> ) -> Result<String, Error> {
>
> + let datastore = DataStore::lookup_datastore(&sync_job.store)?;
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let job_id = format!("{}:{}:{}:{}",
> sync_job.remote,
> sync_job.remote_store,
> diff --git a/src/server/gc_job.rs b/src/server/gc_job.rs
> index 794fe146..be04b635 100644
> --- a/src/server/gc_job.rs
> +++ b/src/server/gc_job.rs
> @@ -1,7 +1,7 @@
> use std::sync::Arc;
> use anyhow::Error;
>
> -use pbs_api_types::Authid;
> +use pbs_api_types::{Authid, MaintenanceType};
> use pbs_tools::task_log;
> use pbs_datastore::DataStore;
> use proxmox_rest_server::WorkerTask;
> @@ -16,7 +16,8 @@ pub fn do_garbage_collection_job(
> schedule: Option<String>,
> to_stdout: bool,
> ) -> Result<String, Error> {
> -
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let store = datastore.name().to_string();
>
> let (email, notify) = crate::server::lookup_datastore_notify_settings(&store);
> diff --git a/src/server/prune_job.rs b/src/server/prune_job.rs
> index fc6443e9..84131634 100644
> --- a/src/server/prune_job.rs
> +++ b/src/server/prune_job.rs
> @@ -5,7 +5,7 @@ use anyhow::Error;
> use pbs_datastore::backup_info::BackupInfo;
> use pbs_datastore::prune::compute_prune_info;
> use pbs_datastore::DataStore;
> -use pbs_api_types::{Authid, PRIV_DATASTORE_MODIFY, PruneOptions};
> +use pbs_api_types::{Authid, MaintenanceType, PRIV_DATASTORE_MODIFY, PruneOptions};
> use pbs_config::CachedUserInfo;
> use pbs_tools::{task_log, task_warn};
> use proxmox_rest_server::WorkerTask;
> @@ -20,6 +20,8 @@ pub fn prune_datastore(
> datastore: Arc<DataStore>,
> dry_run: bool,
> ) -> Result<(), Error> {
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> task_log!(worker, "Starting datastore prune on store \"{}\"", store);
>
> if dry_run {
> diff --git a/src/server/verify_job.rs b/src/server/verify_job.rs
> index 6aba97c9..3b2b1472 100644
> --- a/src/server/verify_job.rs
> +++ b/src/server/verify_job.rs
> @@ -1,7 +1,7 @@
> use anyhow::{format_err, Error};
>
> use pbs_tools::task_log;
> -use pbs_api_types::{Authid, VerificationJobConfig};
> +use pbs_api_types::{Authid, VerificationJobConfig, MaintenanceType};
> use proxmox_rest_server::WorkerTask;
> use pbs_datastore::DataStore;
>
> @@ -21,9 +21,10 @@ pub fn do_verification_job(
> schedule: Option<String>,
> to_stdout: bool,
> ) -> Result<String, Error> {
> -
> let datastore = DataStore::lookup_datastore(&verification_job.store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
why does a verification write access? because of the verify status in
the manifest?
imho that reason would be good to have in a comment
> let outdated_after = verification_job.outdated_after;
> let ignore_verified_snapshots = verification_job.ignore_verified.unwrap_or(true);
>
>
next prev parent reply other threads:[~2021-10-01 8:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-28 10:05 [pbs-devel] [PATCH proxmox-backup 0/5] maintenance mode for datastore Hannes Laimer
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 1/5] pbs-api-types: add maintenance type and msg to ds config Hannes Laimer
2021-10-01 8:23 ` Dominik Csapak
2021-10-01 12:00 ` Wolfgang Bumiller
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 2/5] pbs-datastore: add check_maintenence function Hannes Laimer
2021-10-01 12:06 ` Wolfgang Bumiller
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 3/5] api2: make maintenance type and msg updatable/deletable Hannes Laimer
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 4/5] jobs/api2: add checks for maintenance Hannes Laimer
2021-10-01 8:28 ` Dominik Csapak [this message]
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 5/5] ui: add maintenance to datastore options Hannes Laimer
2021-10-01 8:36 ` Dominik Csapak
2021-10-01 8:18 ` [pbs-devel] [PATCH proxmox-backup 0/5] maintenance mode for datastore Dominik Csapak
2021-10-01 9:36 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=041bd568-2ef0-68a5-eb99-1548a8b1fab4@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=h.laimer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.