From: Dominik Csapak <d.csapak@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>,
Hannes Laimer <h.laimer@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup 4/5] jobs/api2: add checks for maintenance
Date: Fri, 1 Oct 2021 10:28:30 +0200 [thread overview]
Message-ID: <041bd568-2ef0-68a5-eb99-1548a8b1fab4@proxmox.com> (raw)
In-Reply-To: <20210928100548.4873-5-h.laimer@proxmox.com>
On 9/28/21 12:05, Hannes Laimer wrote:
> ---
> src/api2/admin/datastore.rs | 48 +++++++++++++++++++++++++++++++++----
> src/api2/pull.rs | 5 +++-
> src/server/gc_job.rs | 5 ++--
> src/server/prune_job.rs | 4 +++-
> src/server/verify_job.rs | 5 ++--
> 5 files changed, 56 insertions(+), 11 deletions(-)
>
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index 7e9a0ee0..f5ed6603 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -29,7 +29,7 @@ use pxar::EntryKind;
> use pbs_api_types::{ Authid, BackupContent, Counts, CryptMode,
> DataStoreListItem, GarbageCollectionStatus, GroupListItem,
> SnapshotListItem, SnapshotVerifyState, PruneOptions,
> - DataStoreStatus, RRDMode, RRDTimeFrameResolution,
> + DataStoreStatus, RRDMode, RRDTimeFrameResolution, MaintenanceType,
> BACKUP_ARCHIVE_NAME_SCHEMA, BACKUP_ID_SCHEMA, BACKUP_TIME_SCHEMA,
> BACKUP_TYPE_SCHEMA, DATASTORE_SCHEMA,
> IGNORE_VERIFIED_BACKUPS_SCHEMA, UPID_SCHEMA,
> @@ -83,6 +83,7 @@ fn check_priv_or_backup_owner(
> auth_id: &Authid,
> required_privs: u64,
> ) -> Result<(), Error> {
> + store.check_maintenance(MaintenanceType::Offline)?;
> let user_info = CachedUserInfo::new()?;
> let privs = user_info.lookup_privs(&auth_id, &["datastore", store.name()]);
>
> @@ -97,7 +98,7 @@ fn read_backup_index(
> store: &DataStore,
> backup_dir: &BackupDir,
> ) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
> -
> + store.check_maintenance(MaintenanceType::Offline)?;
> let (manifest, index_size) = store.load_manifest(backup_dir)?;
>
> let mut result = Vec::new();
> @@ -125,7 +126,7 @@ fn get_all_snapshot_files(
> store: &DataStore,
> info: &BackupInfo,
> ) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
> -
> + store.check_maintenance(MaintenanceType::Offline)?;
> let (manifest, mut files) = read_backup_index(&store, &info.backup_dir)?;
>
> let file_set = files.iter().fold(HashSet::new(), |mut acc, item| {
> @@ -172,6 +173,9 @@ pub fn list_groups(
> let user_privs = user_info.lookup_privs(&auth_id, &["datastore", &store]);
>
> let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
>
> let backup_groups = BackupInfo::list_backup_groups(&datastore.base_path())?;
> @@ -267,9 +271,11 @@ pub fn delete_group(
> ) -> Result<Value, Error> {
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
>
> let group = BackupGroup::new(backup_type, backup_id);
> - let datastore = DataStore::lookup_datastore(&store)?;
>
> check_priv_or_backup_owner(&datastore, &group, &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> @@ -316,6 +322,8 @@ pub fn list_snapshot_files(
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> check_priv_or_backup_owner(&datastore, snapshot.group(), &auth_id, PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ)?;
> @@ -362,9 +370,12 @@ pub fn delete_snapshot(
> ) -> Result<Value, Error> {
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> +
> + let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
>
> let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
> - let datastore = DataStore::lookup_datastore(&store)?;
>
> check_priv_or_backup_owner(&datastore, snapshot.group(), &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> @@ -415,6 +426,8 @@ pub fn list_snapshots (
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let base_path = datastore.base_path();
>
> let groups = match (backup_type, backup_id) {
> @@ -686,6 +699,9 @@ pub fn verify(
> rpcenv: &mut dyn RpcEnvironment,
> ) -> Result<Value, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
> +
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let ignore_verified = ignore_verified.unwrap_or(true);
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> @@ -832,6 +848,8 @@ pub fn prune(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> check_priv_or_backup_owner(&datastore, &group, &auth_id, PRIV_DATASTORE_MODIFY)?;
>
> let worker_id = format!("{}:{}/{}", store, &backup_type, &backup_id);
> @@ -1035,6 +1053,8 @@ pub fn garbage_collection_status(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
i was confused here at first, why garbage collect why garbage collect
needs only read access, then noticed it's the status. but the status
is not really a 'read' operation on the datastore? its more like
the config or a task log since it only shows the status of the last gc
> let status = datastore.last_gc_status();
>
> Ok(status)
> @@ -1111,6 +1131,8 @@ pub fn download_file(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let file_name = required_string_param(¶m, "file-name")?.to_owned();
> @@ -1181,6 +1203,8 @@ pub fn download_file_decoded(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let file_name = required_string_param(¶m, "file-name")?.to_owned();
> @@ -1372,6 +1396,8 @@ pub fn catalog(
> ) -> Result<Vec<ArchiveEntry>, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
> @@ -1442,6 +1468,8 @@ pub fn pxar_file_download(
> let store = required_string_param(¶m, "store")?;
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>
> let filepath = required_string_param(¶m, "filepath")?.to_owned();
> @@ -1597,6 +1625,8 @@ pub fn get_group_notes(
> ) -> Result<String, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> @@ -1639,6 +1669,8 @@ pub fn set_group_notes(
> ) -> Result<(), Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> @@ -1681,6 +1713,8 @@ pub fn get_notes(
> ) -> Result<String, Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::Offline)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> @@ -1732,6 +1766,8 @@ pub fn set_notes(
> ) -> Result<(), Error> {
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
>
> @@ -1777,6 +1813,8 @@ pub fn set_backup_owner(
>
> let datastore = DataStore::lookup_datastore(&store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let backup_group = BackupGroup::new(backup_type, backup_id);
>
> let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
> diff --git a/src/api2/pull.rs b/src/api2/pull.rs
> index ea8faab8..b1669288 100644
> --- a/src/api2/pull.rs
> +++ b/src/api2/pull.rs
> @@ -9,7 +9,7 @@ use proxmox::api::{ApiMethod, Router, RpcEnvironment, Permission};
>
> use pbs_client::{HttpClient, BackupRepository};
> use pbs_api_types::{
> - Remote, Authid, SyncJobConfig,
> + Remote, Authid, SyncJobConfig, MaintenanceType,
> DATASTORE_SCHEMA, REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA,
> PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ,
> };
> @@ -71,6 +71,9 @@ pub fn do_sync_job(
> to_stdout: bool,
> ) -> Result<String, Error> {
>
> + let datastore = DataStore::lookup_datastore(&sync_job.store)?;
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let job_id = format!("{}:{}:{}:{}",
> sync_job.remote,
> sync_job.remote_store,
> diff --git a/src/server/gc_job.rs b/src/server/gc_job.rs
> index 794fe146..be04b635 100644
> --- a/src/server/gc_job.rs
> +++ b/src/server/gc_job.rs
> @@ -1,7 +1,7 @@
> use std::sync::Arc;
> use anyhow::Error;
>
> -use pbs_api_types::Authid;
> +use pbs_api_types::{Authid, MaintenanceType};
> use pbs_tools::task_log;
> use pbs_datastore::DataStore;
> use proxmox_rest_server::WorkerTask;
> @@ -16,7 +16,8 @@ pub fn do_garbage_collection_job(
> schedule: Option<String>,
> to_stdout: bool,
> ) -> Result<String, Error> {
> -
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> let store = datastore.name().to_string();
>
> let (email, notify) = crate::server::lookup_datastore_notify_settings(&store);
> diff --git a/src/server/prune_job.rs b/src/server/prune_job.rs
> index fc6443e9..84131634 100644
> --- a/src/server/prune_job.rs
> +++ b/src/server/prune_job.rs
> @@ -5,7 +5,7 @@ use anyhow::Error;
> use pbs_datastore::backup_info::BackupInfo;
> use pbs_datastore::prune::compute_prune_info;
> use pbs_datastore::DataStore;
> -use pbs_api_types::{Authid, PRIV_DATASTORE_MODIFY, PruneOptions};
> +use pbs_api_types::{Authid, MaintenanceType, PRIV_DATASTORE_MODIFY, PruneOptions};
> use pbs_config::CachedUserInfo;
> use pbs_tools::{task_log, task_warn};
> use proxmox_rest_server::WorkerTask;
> @@ -20,6 +20,8 @@ pub fn prune_datastore(
> datastore: Arc<DataStore>,
> dry_run: bool,
> ) -> Result<(), Error> {
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
> task_log!(worker, "Starting datastore prune on store \"{}\"", store);
>
> if dry_run {
> diff --git a/src/server/verify_job.rs b/src/server/verify_job.rs
> index 6aba97c9..3b2b1472 100644
> --- a/src/server/verify_job.rs
> +++ b/src/server/verify_job.rs
> @@ -1,7 +1,7 @@
> use anyhow::{format_err, Error};
>
> use pbs_tools::task_log;
> -use pbs_api_types::{Authid, VerificationJobConfig};
> +use pbs_api_types::{Authid, VerificationJobConfig, MaintenanceType};
> use proxmox_rest_server::WorkerTask;
> use pbs_datastore::DataStore;
>
> @@ -21,9 +21,10 @@ pub fn do_verification_job(
> schedule: Option<String>,
> to_stdout: bool,
> ) -> Result<String, Error> {
> -
> let datastore = DataStore::lookup_datastore(&verification_job.store)?;
>
> + datastore.check_maintenance(MaintenanceType::ReadOnly)?;
> +
why does a verification write access? because of the verify status in
the manifest?
imho that reason would be good to have in a comment
> let outdated_after = verification_job.outdated_after;
> let ignore_verified_snapshots = verification_job.ignore_verified.unwrap_or(true);
>
>
next prev parent reply other threads:[~2021-10-01 8:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-28 10:05 [pbs-devel] [PATCH proxmox-backup 0/5] maintenance mode for datastore Hannes Laimer
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 1/5] pbs-api-types: add maintenance type and msg to ds config Hannes Laimer
2021-10-01 8:23 ` Dominik Csapak
2021-10-01 12:00 ` Wolfgang Bumiller
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 2/5] pbs-datastore: add check_maintenence function Hannes Laimer
2021-10-01 12:06 ` Wolfgang Bumiller
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 3/5] api2: make maintenance type and msg updatable/deletable Hannes Laimer
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 4/5] jobs/api2: add checks for maintenance Hannes Laimer
2021-10-01 8:28 ` Dominik Csapak [this message]
2021-09-28 10:05 ` [pbs-devel] [PATCH proxmox-backup 5/5] ui: add maintenance to datastore options Hannes Laimer
2021-10-01 8:36 ` Dominik Csapak
2021-10-01 8:18 ` [pbs-devel] [PATCH proxmox-backup 0/5] maintenance mode for datastore Dominik Csapak
2021-10-01 9:36 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=041bd568-2ef0-68a5-eb99-1548a8b1fab4@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=h.laimer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox