From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH container v6 31/37] backup: implement restore for external providers
Date: Mon, 31 Mar 2025 15:20:14 +0200 [thread overview]
Message-ID: <20250331132020.105324-32-f.ebner@proxmox.com> (raw)
In-Reply-To: <20250331132020.105324-1-f.ebner@proxmox.com>
First, the provider is asked about what restore mechanism to use.
Currently, 'directory' and 'tar' are possible. The 'directory'
mechanism is for restoring from a directory containing the container's
full filesystem structure, which is restored by piping from a
privileged tar cf - to tar xf - in the associated user namespace. The
'tar' mechanism is for restoring a (potentially compressed) tar file
containing the container's full filesystem structure.
The new functions are copied and adapted from the existing ones for
PBS or tar and it might be worth to factor out the common parts.
Restore of containers as privileged are prohibited, because the
archives from an external provider are considered less trusted than
from Proxmox VE storages. If ever allowing that in the future, at
least it would be worth extracting the tar archive in a restricted
context (e.g. user namespace with ID mapped mount or seccomp).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
Changes in v6:
* Adapt to renamed archive_get_*_config() methods.
src/PVE/LXC/Create.pm | 149 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 149 insertions(+)
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index 8c8cb9a..c3c7640 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -7,6 +7,7 @@ use File::Path;
use Fcntl;
use PVE::RPCEnvironment;
+use PVE::RESTEnvironment qw(log_warn);
use PVE::Storage::PBSPlugin;
use PVE::Storage::Plugin;
use PVE::Storage;
@@ -26,6 +27,24 @@ sub restore_archive {
if ($scfg->{type} eq 'pbs') {
return restore_proxmox_backup_archive($storage_cfg, $archive, $rootdir, $conf, $no_unpack_error, $bwlimit);
}
+ if (PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider')) {
+ my $log_function = sub {
+ my ($log_level, $message) = @_;
+ my $prefix = $log_level eq 'err' ? 'ERROR' : uc($log_level);
+ print "$prefix: $message\n";
+ };
+ my $backup_provider =
+ PVE::Storage::new_backup_provider($storage_cfg, $storeid, $log_function);
+ return restore_external_archive(
+ $backup_provider,
+ $storeid,
+ $volname,
+ $rootdir,
+ $conf,
+ $no_unpack_error,
+ $bwlimit,
+ );
+ }
}
$archive = PVE::Storage::abs_filesystem_path($storage_cfg, $archive) if $archive ne '-';
@@ -127,6 +146,62 @@ sub restore_tar_archive {
die $err if $err && !$no_unpack_error;
}
+sub restore_external_archive {
+ my ($backup_provider, $storeid, $volname, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_;
+
+ die "refusing to restore privileged container backup from external source\n"
+ if !$conf->{unprivileged};
+
+ my ($mechanism, $vmtype) = $backup_provider->restore_get_mechanism($volname, $storeid);
+ die "cannot restore non-LXC guest of type '$vmtype'\n" if $vmtype ne 'lxc';
+
+ my $info = $backup_provider->restore_container_init($volname, $storeid, {});
+ eval {
+ if ($mechanism eq 'tar') {
+ my $tar_path = $info->{'tar-path'}
+ or die "did not get path to tar file from backup provider\n";
+ die "not a regular file '$tar_path'" if !-f $tar_path;
+ restore_tar_archive($tar_path, $rootdir, $conf, $no_unpack_error, $bwlimit);
+ } elsif ($mechanism eq 'directory') {
+ my $directory = $info->{'archive-directory'}
+ or die "did not get path to archive directory from backup provider\n";
+ die "not a directory '$directory'" if !-d $directory;
+
+ my $create_cmd = [
+ 'tar',
+ 'cpf',
+ '-',
+ @PVE::Storage::Plugin::COMMON_TAR_FLAGS,
+ "--directory=$directory",
+ '.',
+ ];
+
+ my $extract_cmd = restore_tar_archive_command($conf, undef, $rootdir, $bwlimit);
+
+ my $cmd;
+ # if there is a bandwidth limit, the command is already a nested array reference
+ if (ref($extract_cmd) eq 'ARRAY' && ref($extract_cmd->[0]) eq 'ARRAY') {
+ $cmd = [$create_cmd, $extract_cmd->@*];
+ } else {
+ $cmd = [$create_cmd, $extract_cmd];
+ }
+
+ eval { PVE::Tools::run_command($cmd); };
+ die $@ if $@ && !$no_unpack_error;
+ } else {
+ die "mechanism '$mechanism' requested by backup provider is not supported for LXCs\n";
+ }
+ };
+ my $err = $@;
+ eval { $backup_provider->restore_container_cleanup($volname, $storeid, {}); };
+ if (my $cleanup_err = $@) {
+ die $cleanup_err if !$err;
+ warn $cleanup_err;
+ }
+ die $err if $err;
+
+}
+
sub recover_config {
my ($storage_cfg, $volid, $vmid) = @_;
@@ -135,6 +210,8 @@ sub recover_config {
my $scfg = PVE::Storage::storage_check_enabled($storage_cfg, $storeid);
if ($scfg->{type} eq 'pbs') {
return recover_config_from_proxmox_backup($storage_cfg, $volid, $vmid);
+ } elsif (PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider')) {
+ return recover_config_from_external_backup($storage_cfg, $volid, $vmid);
}
}
@@ -209,6 +286,26 @@ sub recover_config_from_tar {
return wantarray ? ($conf, $mp_param) : $conf;
}
+sub recover_config_from_external_backup {
+ my ($storage_cfg, $volid, $vmid) = @_;
+
+ $vmid //= 0;
+
+ my $raw = PVE::Storage::extract_vzdump_config($storage_cfg, $volid);
+
+ my $conf = PVE::LXC::Config::parse_pct_config("/lxc/${vmid}.conf" , $raw);
+
+ delete $conf->{snapshots};
+
+ my $mp_param = {};
+ PVE::LXC::Config->foreach_volume($conf, sub {
+ my ($ms, $mountpoint) = @_;
+ $mp_param->{$ms} = $conf->{$ms};
+ });
+
+ return wantarray ? ($conf, $mp_param) : $conf;
+}
+
sub restore_configuration {
my ($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_;
@@ -218,6 +315,26 @@ sub restore_configuration {
if ($scfg->{type} eq 'pbs') {
return restore_configuration_from_proxmox_backup($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw);
}
+ if (PVE::Storage::storage_has_feature($storage_cfg, $storeid, 'backup-provider')) {
+ my $log_function = sub {
+ my ($log_level, $message) = @_;
+ my $prefix = $log_level eq 'err' ? 'ERROR' : uc($log_level);
+ print "$prefix: $message\n";
+ };
+ my $backup_provider =
+ PVE::Storage::new_backup_provider($storage_cfg, $storeid, $log_function);
+ return restore_configuration_from_external_backup(
+ $backup_provider,
+ $vmid,
+ $storage_cfg,
+ $archive,
+ $rootdir,
+ $conf,
+ $restricted,
+ $unique,
+ $skip_fw,
+ );
+ }
}
restore_configuration_from_etc_vzdump($vmid, $rootdir, $conf, $restricted, $unique, $skip_fw);
}
@@ -258,6 +375,38 @@ sub restore_configuration_from_proxmox_backup {
}
}
+sub restore_configuration_from_external_backup {
+ my ($backup_provider, $vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_;
+
+ my ($storeid, $volname) = PVE::Storage::parse_volume_id($archive);
+ my $scfg = PVE::Storage::storage_config($storage_cfg, $storeid);
+
+ my ($vtype, $name, undef, undef, undef, undef, $format) =
+ PVE::Storage::parse_volname($storage_cfg, $archive);
+
+ my $oldconf = recover_config_from_external_backup($storage_cfg, $archive, $vmid);
+
+ sanitize_and_merge_config($conf, $oldconf, $restricted, $unique);
+
+ my $firewall_config =
+ $backup_provider->archive_get_firewall_config($volname, $storeid);
+
+ if ($firewall_config) {
+ my $pve_firewall_dir = '/etc/pve/firewall';
+ my $pct_fwcfg_target = "${pve_firewall_dir}/${vmid}.fw";
+ if ($skip_fw) {
+ warn "ignoring firewall config from backup archive, lacking API permission to modify firewall.\n";
+ warn "old firewall configuration in '$pct_fwcfg_target' left in place!\n"
+ if -e $pct_fwcfg_target;
+ } else {
+ mkdir $pve_firewall_dir; # make sure the directory exists
+ PVE::Tools::file_set_contents($pct_fwcfg_target, $firewall_config);
+ }
+ }
+
+ return;
+}
+
sub sanitize_and_merge_config {
my ($conf, $oldconf, $restricted, $unique) = @_;
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-03-31 13:29 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-31 13:19 [pve-devel] [PATCH-SERIES qemu/common/storage/qemu-server/container/manager v6 00/37] backup provider API Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 01/37] PVE backup: clean up directly in setup_snapshot_access() when it fails Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 02/37] PVE backup: factor out helper to clear backup state's bitmap list Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 03/37] PVE backup: factor out helper to initialize backup state stat struct Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 04/37] PVE backup: add target ID in backup state Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 05/37] PVE backup: get device info: allow caller to specify filter for which devices use fleecing Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 06/37] PVE backup: implement backup access setup and teardown API for external providers Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 07/37] PVE backup: implement bitmap support for external backup access Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH qemu v6 08/37] PVE backup: backup-access api: indicate situation where a bitmap was recreated Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH common v6 09/37] syscall: expose fallocate syscall Fiona Ebner
2025-03-31 14:34 ` [pve-devel] applied: " Thomas Lamprecht
2025-03-31 13:19 ` [pve-devel] [PATCH storage v6 10/37] add storage_has_feature() helper function Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH storage v6 11/37] common: add deallocate " Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH storage v6 12/37] plugin: introduce new_backup_provider() method Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH storage v6 13/37] config api/plugins: let plugins define sensitive properties themselves Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH storage v6 14/37] plugin api: bump api version and age Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [PATCH storage v6 15/37] extract backup config: delegate to backup provider for storages that support it Fiona Ebner
2025-03-31 13:19 ` [pve-devel] [POC storage v6 16/37] add backup provider example Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [POC storage v6 17/37] Borg example plugin Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 18/37] backup: keep track of block-node size for fleecing Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 19/37] backup: fleecing: use exact size when allocating non-raw fleecing images Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 20/37] backup: allow adding fleecing images also for EFI and TPM Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 21/37] backup: implement backup for external providers Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 22/37] test: qemu img convert: add test cases for snapshots Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 23/37] image convert: collect options in hash argument Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 24/37] image convert: allow caller to specify the format of the source path Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 25/37] backup: implement restore for external providers Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 26/37] backup: future-proof checks for QEMU feature support Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 27/37] backup: support 'missing-recreated' bitmap action Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH qemu-server v6 28/37] backup: bitmap action to human: lie about TPM state Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH container v6 29/37] add LXC::Namespaces module Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH container v6 30/37] backup: implement backup for external providers Fiona Ebner
2025-03-31 13:20 ` Fiona Ebner [this message]
2025-03-31 13:20 ` [pve-devel] [PATCH container v6 32/37] external restore: don't use 'one-file-system' tar flag when restoring from a directory Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH container v6 33/37] create: factor out compression option helper Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH container v6 34/37] restore tar archive: check potentially untrusted archive Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH container v6 35/37] api: add early check against restoring privileged container from external source Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH manager v6 36/37] ui: backup: also check for backup subtype to classify archive Fiona Ebner
2025-03-31 13:20 ` [pve-devel] [PATCH manager v6 37/37] backup: implement backup for external providers Fiona Ebner
2025-04-01 8:15 ` [pve-devel] [PATCH-SERIES qemu/common/storage/qemu-server/container/manager v6 00/37] backup provider API Fiona Ebner
2025-04-01 8:26 ` [pve-devel] [FOLLOWUP storage] backup provider: base: document limitation of backup_container() method Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250331132020.105324-32-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal