From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [RFC container v3 28/34] backup: implement restore for external providers
Date: Tue, 12 Nov 2024 17:27:29 +0100 [thread overview]
Message-ID: <1731428381.as58eaw8ld.astroid@yuna.none> (raw)
In-Reply-To: <20241107165146.125935-29-f.ebner@proxmox.com>
On November 7, 2024 5:51 pm, Fiona Ebner wrote:
> First, the provider is asked about what restore mechanism to use.
> Currently, 'directory' and 'tar' are possible, for restoring either
> from a directory containing the full filesystem structure (for which
> rsync is used) or a potentially compressed tar file containing the
> same.
nit: this is outdated, directory uses tar as transport/restore mechanism
as well now :)
>
> The new functions are copied and adapted from the existing ones for
> PBS or tar and it might be worth to factor out the common parts.
>
> Restore of containers as privileged are prohibited, because the
> archives from an external provider are considered less trusted than
> from Proxmox VE storages. If ever allowing that in the future, at
> least it would be worth extracting the tar archive in a restricted
> context (e.g. user namespace with ID mapped mount or seccomp).
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
>
> Changes in v3:
> * Use user namespace when restoring directory (and use tar instead of
> rsync, because it is easier to split in privileged and unprivileged
> half)
>
> src/PVE/LXC/Create.pm | 141 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 141 insertions(+)
>
> diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
> index 8c8cb9a..8657ac1 100644
> --- a/src/PVE/LXC/Create.pm
> +++ b/src/PVE/LXC/Create.pm
> @@ -7,6 +7,7 @@ use File::Path;
> use Fcntl;
>
> use PVE::RPCEnvironment;
> +use PVE::RESTEnvironment qw(log_warn);
> use PVE::Storage::PBSPlugin;
> use PVE::Storage::Plugin;
> use PVE::Storage;
> @@ -26,6 +27,24 @@ sub restore_archive {
> if ($scfg->{type} eq 'pbs') {
> return restore_proxmox_backup_archive($storage_cfg, $archive, $rootdir, $conf, $no_unpack_error, $bwlimit);
> }
> + if (PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider')) {
> + my $log_function = sub {
> + my ($log_level, $message) = @_;
> + my $prefix = $log_level eq 'err' ? 'ERROR' : uc($log_level);
> + print "$prefix: $message\n";
> + };
> + my $backup_provider =
> + PVE::Storage::new_backup_provider($storage_cfg, $storeid, $log_function);
> + return restore_external_archive(
> + $backup_provider,
> + $storeid,
> + $volname,
> + $rootdir,
> + $conf,
> + $no_unpack_error,
> + $bwlimit,
> + );
> + }
> }
>
> $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $archive) if $archive ne '-';
> @@ -127,6 +146,54 @@ sub restore_tar_archive {
> die $err if $err && !$no_unpack_error;
> }
>
> +sub restore_external_archive {
> + my ($backup_provider, $storeid, $volname, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_;
> +
> + die "refusing to restore privileged container backup from external source\n"
> + if !$conf->{unprivileged};
> +
> + my ($mechanism, $vmtype) = $backup_provider->restore_get_mechanism($volname, $storeid);
> + die "cannot restore non-LXC guest of type '$vmtype'\n" if $vmtype ne 'lxc';
> +
> + my $info = $backup_provider->restore_container_init($volname, $storeid, {});
> + eval {
> + if ($mechanism eq 'tar') {
> + my $tar_path = $info->{'tar-path'}
> + or die "did not get path to tar file from backup provider\n";
> + die "not a regular file '$tar_path'" if !-f $tar_path;
> + restore_tar_archive($tar_path, $rootdir, $conf, $no_unpack_error, $bwlimit);
> + } elsif ($mechanism eq 'directory') {
> + my $directory = $info->{'archive-directory'}
> + or die "did not get path to archive directory from backup provider\n";
> + die "not a directory '$directory'" if !-d $directory;
> +
> + my $create_cmd = [
> + 'tar',
> + 'cpf',
> + '-',
> + @PVE::Storage::Plugin::COMMON_TAR_FLAGS,
> + "--directory=$directory",
> + '.',
> + ];
> +
> + my $extract_cmd = restore_tar_archive_command($conf, undef, $rootdir, $bwlimit);
> +
> + eval { PVE::Tools::run_command([$create_cmd, $extract_cmd]); };
> + die $@ if $@ && !$no_unpack_error;
> + } else {
> + die "mechanism '$mechanism' requested by backup provider is not supported for LXCs\n";
> + }
> + };
> + my $err = $@;
> + eval { $backup_provider->restore_container_cleanup($volname, $storeid, {}); };
> + if (my $cleanup_err = $@) {
> + die $cleanup_err if !$err;
> + warn $cleanup_err;
> + }
> + die $err if $err;
> +
> +}
> +
> sub recover_config {
> my ($storage_cfg, $volid, $vmid) = @_;
>
> @@ -135,6 +202,8 @@ sub recover_config {
> my $scfg = PVE::Storage::storage_check_enabled($storage_cfg, $storeid);
> if ($scfg->{type} eq 'pbs') {
> return recover_config_from_proxmox_backup($storage_cfg, $volid, $vmid);
> + } elsif (PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider')) {
> + return recover_config_from_external_backup($storage_cfg, $volid, $vmid);
> }
> }
>
> @@ -209,6 +278,26 @@ sub recover_config_from_tar {
> return wantarray ? ($conf, $mp_param) : $conf;
> }
>
> +sub recover_config_from_external_backup {
> + my ($storage_cfg, $volid, $vmid) = @_;
> +
> + $vmid //= 0;
> +
> + my $raw = PVE::Storage::extract_vzdump_config($storage_cfg, $volid);
> +
> + my $conf = PVE::LXC::Config::parse_pct_config("/lxc/${vmid}.conf" , $raw);
> +
> + delete $conf->{snapshots};
> +
> + my $mp_param = {};
> + PVE::LXC::Config->foreach_volume($conf, sub {
> + my ($ms, $mountpoint) = @_;
> + $mp_param->{$ms} = $conf->{$ms};
> + });
> +
> + return wantarray ? ($conf, $mp_param) : $conf;
> +}
> +
> sub restore_configuration {
> my ($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_;
>
> @@ -218,6 +307,26 @@ sub restore_configuration {
> if ($scfg->{type} eq 'pbs') {
> return restore_configuration_from_proxmox_backup($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw);
> }
> + if (PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider')) {
> + my $log_function = sub {
> + my ($log_level, $message) = @_;
> + my $prefix = $log_level eq 'err' ? 'ERROR' : uc($log_level);
> + print "$prefix: $message\n";
> + };
> + my $backup_provider =
> + PVE::Storage::new_backup_provider($storage_cfg, $storeid, $log_function);
> + return restore_configuration_from_external_backup(
> + $backup_provider,
> + $vmid,
> + $storage_cfg,
> + $archive,
> + $rootdir,
> + $conf,
> + $restricted,
> + $unique,
> + $skip_fw,
> + );
> + }
> }
> restore_configuration_from_etc_vzdump($vmid, $rootdir, $conf, $restricted, $unique, $skip_fw);
> }
> @@ -258,6 +367,38 @@ sub restore_configuration_from_proxmox_backup {
> }
> }
>
> +sub restore_configuration_from_external_backup {
> + my ($backup_provider, $vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_;
> +
> + my ($storeid, $volname) = PVE::Storage::parse_volume_id($archive);
> + my $scfg = PVE::Storage::storage_config($storage_cfg, $storeid);
> +
> + my ($vtype, $name, undef, undef, undef, undef, $format) =
> + PVE::Storage::parse_volname($storage_cfg, $archive);
> +
> + my $oldconf = recover_config_from_external_backup($storage_cfg, $archive, $vmid);
> +
> + sanitize_and_merge_config($conf, $oldconf, $restricted, $unique);
> +
> + my $firewall_config =
> + $backup_provider->restore_get_firewall_config($volname, $storeid);
> +
> + if ($firewall_config) {
> + my $pve_firewall_dir = '/etc/pve/firewall';
> + my $pct_fwcfg_target = "${pve_firewall_dir}/${vmid}.fw";
> + if ($skip_fw) {
> + warn "ignoring firewall config from backup archive, lacking API permission to modify firewall.\n";
> + warn "old firewall configuration in '$pct_fwcfg_target' left in place!\n"
> + if -e $pct_fwcfg_target;
> + } else {
> + mkdir $pve_firewall_dir; # make sure the directory exists
> + PVE::Tools::file_set_contents($pct_fwcfg_target, $firewall_config);
> + }
> + }
> +
> + return;
> +}
> +
> sub sanitize_and_merge_config {
> my ($conf, $oldconf, $restricted, $unique) = @_;
>
> --
> 2.39.5
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-11-12 16:27 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 16:51 [pve-devel] [RFC qemu/common/storage/qemu-server/container/manager v3 00/34] backup provider API Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH qemu v3 01/34] block/reqlist: allow adding overlapping requests Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH qemu v3 02/34] PVE backup: fixup error handling for fleecing Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH qemu v3 03/34] PVE backup: factor out setting up snapshot access " Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH qemu v3 04/34] PVE backup: save device name in device info structure Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH qemu v3 05/34] PVE backup: include device name in error when setting up snapshot access fails Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC qemu v3 06/34] PVE backup: add target ID in backup state Fiona Ebner
2024-11-12 16:46 ` Fabian Grünbichler
2024-11-13 9:22 ` Fiona Ebner
2024-11-13 9:33 ` Fiona Ebner
2024-11-13 11:16 ` Fabian Grünbichler
2024-11-13 11:40 ` Fiona Ebner
2024-11-13 12:03 ` Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [RFC qemu v3 07/34] PVE backup: get device info: allow caller to specify filter for which devices use fleecing Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC qemu v3 08/34] PVE backup: implement backup access setup and teardown API for external providers Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC qemu v3 09/34] PVE backup: implement bitmap support for external backup access Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC common v3 10/34] env: add module with helpers to run a Perl subroutine in a user namespace Fiona Ebner
2024-11-11 18:33 ` Thomas Lamprecht
2024-11-12 10:19 ` Fiona Ebner
2024-11-12 14:20 ` Fabian Grünbichler
2024-11-13 10:08 ` Fiona Ebner
2024-11-13 11:15 ` Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [RFC storage v3 11/34] add storage_has_feature() helper function Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC storage v3 12/34] plugin: introduce new_backup_provider() method Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC storage v3 13/34] extract backup config: delegate to backup provider for storages that support it Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [POC storage v3 14/34] add backup provider example Fiona Ebner
2024-11-13 10:52 ` Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [POC storage v3 15/34] WIP Borg plugin Fiona Ebner
2024-11-13 10:52 ` Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [PATCH qemu-server v3 16/34] move nbd_stop helper to QMPHelpers module Fiona Ebner
2024-11-11 13:55 ` [pve-devel] applied: " Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [PATCH qemu-server v3 17/34] backup: move cleanup of fleecing images to cleanup method Fiona Ebner
2024-11-12 9:26 ` [pve-devel] applied: " Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [PATCH qemu-server v3 18/34] backup: cleanup: check if VM is running before issuing QMP commands Fiona Ebner
2024-11-12 9:26 ` [pve-devel] applied: " Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [PATCH qemu-server v3 19/34] backup: keep track of block-node size for fleecing Fiona Ebner
2024-11-11 14:22 ` Fabian Grünbichler
2024-11-12 9:50 ` Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC qemu-server v3 20/34] backup: allow adding fleecing images also for EFI and TPM Fiona Ebner
2024-11-12 9:26 ` Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [RFC qemu-server v3 21/34] backup: implement backup for external providers Fiona Ebner
2024-11-12 12:27 ` Fabian Grünbichler
2024-11-12 14:35 ` Fiona Ebner
2024-11-12 15:17 ` Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [PATCH qemu-server v3 22/34] restore: die early when there is no size for a device Fiona Ebner
2024-11-12 9:28 ` [pve-devel] applied: " Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [RFC qemu-server v3 23/34] backup: implement restore for external providers Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC qemu-server v3 24/34] backup restore: external: hardening check for untrusted source image Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH container v3 25/34] create: add missing include of PVE::Storage::Plugin Fiona Ebner
2024-11-12 15:22 ` [pve-devel] applied: " Fabian Grünbichler
2024-11-07 16:51 ` [pve-devel] [RFC container v3 26/34] backup: implement backup for external providers Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC container v3 27/34] create: factor out tar restore command helper Fiona Ebner
2024-11-12 16:28 ` Fabian Grünbichler
2024-11-12 17:08 ` [pve-devel] applied: " Thomas Lamprecht
2024-11-07 16:51 ` [pve-devel] [RFC container v3 28/34] backup: implement restore for external providers Fiona Ebner
2024-11-12 16:27 ` Fabian Grünbichler [this message]
2024-11-07 16:51 ` [pve-devel] [RFC container v3 29/34] external restore: don't use 'one-file-system' tar flag when restoring from a directory Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC container v3 30/34] create: factor out compression option helper Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC container v3 31/34] restore tar archive: check potentially untrusted archive Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC container v3 32/34] api: add early check against restoring privileged container from external source Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [PATCH manager v3 33/34] ui: backup: also check for backup subtype to classify archive Fiona Ebner
2024-11-07 16:51 ` [pve-devel] [RFC manager v3 34/34] backup: implement backup for external providers Fiona Ebner
2024-11-12 15:50 ` [pve-devel] partially-applied: [RFC qemu/common/storage/qemu-server/container/manager v3 00/34] backup provider API Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1731428381.as58eaw8ld.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox