From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 29D611FF137 for ; Tue, 14 Apr 2026 16:23:11 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 527B31B407; Tue, 14 Apr 2026 16:24:00 +0200 (CEST) Message-ID: <2eb14fcc-82c2-4541-835d-0fefbf58467a@proxmox.com> Date: Tue, 14 Apr 2026 16:23:52 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH proxmox-backup 3/7] api: add /nodes/localhost/instance-id To: Lukas Wagner , pbs-devel@lists.proxmox.com, pve-devel@lists.proxmox.com References: <20260413121057.371772-1-l.wagner@proxmox.com> <20260413121057.371772-4-l.wagner@proxmox.com> Content-Language: en-US, de-DE From: Christian Ebner In-Reply-To: <20260413121057.371772-4-l.wagner@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776176556971 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.019 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [freedesktop.org,mod.rs] Message-ID-Hash: VNUHNEGFA5ULQZLC23DCUOQ4WU7CC23I X-Message-ID-Hash: VNUHNEGFA5ULQZLC23DCUOQ4WU7CC23I X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/13/26 2:11 PM, Lukas Wagner wrote: > This one returns a unique ID that can be used to uniquely identify a PBS > node. This will be used by PDM to match PBS storages in a PVE cluster to > PBS remotes in PDM, mainly for associating backup jobs with the > appropriate PBS remote. Later we can also use this to match PBS sync > jobs to their matching PBS remotes in PDM. > > The instance ID is derived from /etc/machine-id as recommended by > systemd [1] by using proxmox_systemd::sd_id128::get_app_specific_id. > > [1] https://www.freedesktop.org/software/systemd/man/latest/sd_id128_get_machine_app_specific.html > > Signed-off-by: Lukas Wagner > --- > src/api2/node/mod.rs | 41 ++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 40 insertions(+), 1 deletion(-) > > diff --git a/src/api2/node/mod.rs b/src/api2/node/mod.rs > index 42e1dbaa2..93770c4f5 100644 > --- a/src/api2/node/mod.rs > +++ b/src/api2/node/mod.rs > @@ -25,7 +25,7 @@ use proxmox_schema::*; > use proxmox_sortable_macro::sortable; > use proxmox_sys::fd::fd_change_cloexec; > > -use pbs_api_types::{NodeShellTicket, NODE_SCHEMA, PRIV_SYS_CONSOLE}; > +use pbs_api_types::{InstanceId, NodeShellTicket, NODE_SCHEMA, PRIV_SYS_CONSOLE}; > use tracing::{info, warn}; > > use crate::auth::{private_auth_keyring, public_auth_keyring}; > @@ -291,12 +291,51 @@ fn list_nodes() -> Result { > Ok(json!([ { "node": proxmox_sys::nodename().to_string() } ])) > } > > +/// Static key used for deriving a unique instance id from `/etc/machine-id` using > +/// [`proxmox_systemd::sd_id128::get_app_specific_id`]. > +/// > +/// This key was generated `systemd-id128 new`. nit: ... generated by `systemd-id128 new` > +/// > +const INSTANCE_ID_KEY: [u8; 16] = 0xe5415d9999c146399b8bdae1260e19d2_u128.to_le_bytes(); > + > +#[api( > + protected: false, nit: no need to set this explicitly. > + input: { > + properties: { > + node: { > + schema: NODE_SCHEMA, > + optional: true, > + }, > + } > + }, > + returns: { > + type: InstanceId, > + }, > + access: { > + permission: &Permission::Anybody, > + } > +)] > +/// Returns a unique ID for this PBS node. The ID is derived from `/etc/machine-id`. > +pub fn get_instance_id() -> Result { > + let machine_id_derived_app_id = > + proxmox_systemd::sd_id128::get_app_specific_id(INSTANCE_ID_KEY)?; > + let machine_id_derived_app_id = hex::encode(machine_id_derived_app_id); > + > + Ok(InstanceId { > + instance_id: machine_id_derived_app_id, nit: Could make sense to derive `From` for this on the `InstanceId` itself? But do not want to pollute the api-types with dependencies on proxmox-systemd, so this would only cover the plain id to string conversion... so not sure if worth it. > + }) > +} > + > pub const SUBDIRS: SubdirMap = &[ > ("apt", &apt::ROUTER), > ("certificates", &certificates::ROUTER), > ("config", &config::ROUTER), > ("disks", &disks::ROUTER), > ("dns", &dns::ROUTER), > + ( > + "instance-id", > + &Router::new().get(&API_METHOD_GET_INSTANCE_ID), > + ), > ("journal", &journal::ROUTER), > ("network", &network::ROUTER), > ("report", &report::ROUTER),