From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id B01FA1FF140
	for <inbox@lore.proxmox.com>; Fri, 24 Apr 2026 10:31:16 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 8823FE258;
	Fri, 24 Apr 2026 10:30:15 +0200 (CEST)
From: Lukas Wagner <l.wagner@proxmox.com>
To: pbs-devel@lists.proxmox.com,
	pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v2 3/9] api: add /nodes/localhost/identity
Date: Fri, 24 Apr 2026 10:29:37 +0200
Message-ID: <20260424082943.89614-4-l.wagner@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260424082943.89614-1-l.wagner@proxmox.com>
References: <20260424082943.89614-1-l.wagner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1777019297534
X-SPAM-LEVEL: Spam detection results:  0
	AWL                     0.004 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: KEI5BMOR7FRLGYTEWWUYZWVQT34XNPWD
X-Message-ID-Hash: KEI5BMOR7FRLGYTEWWUYZWVQT34XNPWD
X-MailFrom: l.wagner@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

This one returns a unique ID that can be used to uniquely identify a PBS
node. This will be used by PDM to match PBS storages in a PVE cluster to
PBS remotes in PDM, mainly for associating backup jobs with the
appropriate PBS remote. Later we can also use this to match PBS sync
jobs to their matching PBS remotes in PDM.

The instance ID is derived from /etc/machine-id as recommended by
systemd [1] by using proxmox_systemd::sd_id128::get_app_specific_id.

[1] https://www.freedesktop.org/software/systemd/man/latest/sd_id128_get_machine_app_specific.html

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
 src/api2/node/mod.rs | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/src/api2/node/mod.rs b/src/api2/node/mod.rs
index 42e1dbaa2..3d48629e1 100644
--- a/src/api2/node/mod.rs
+++ b/src/api2/node/mod.rs
@@ -25,7 +25,7 @@ use proxmox_schema::*;
 use proxmox_sortable_macro::sortable;
 use proxmox_sys::fd::fd_change_cloexec;
 
-use pbs_api_types::{NodeShellTicket, NODE_SCHEMA, PRIV_SYS_CONSOLE};
+use pbs_api_types::{NodeShellTicket, ServerIdentity, NODE_SCHEMA, PRIV_SYS_CONSOLE};
 use tracing::{info, warn};
 
 use crate::auth::{private_auth_keyring, public_auth_keyring};
@@ -291,12 +291,46 @@ fn list_nodes() -> Result<Value, Error> {
     Ok(json!([ { "node": proxmox_sys::nodename().to_string() } ]))
 }
 
-pub const SUBDIRS: SubdirMap = &[
+///  Static key used for deriving a unique instance id from `/etc/machine-id` using
+///  [`proxmox_systemd::sd_id128::get_app_specific_id`].
+///
+///  This key was generated by `systemd-id128 new`.
+///
+const INSTANCE_ID_KEY: [u8; 16] = 0xe5415d9999c146399b8bdae1260e19d2_u128.to_le_bytes();
+
+#[api(
+    input: {
+        properties: {
+            node: {
+                schema: NODE_SCHEMA,
+                optional: true,
+            },
+        }
+    },
+    returns: {
+        type: ServerIdentity,
+    },
+    access: {
+        permission: &Permission::Anybody,
+    }
+)]
+/// Returns a unique server identity. The ID is derived from `/etc/machine-id`.
+pub fn get_identity() -> Result<ServerIdentity, Error> {
+    let machine_id_derived_app_id =
+        proxmox_systemd::sd_id128::get_app_specific_id(INSTANCE_ID_KEY)?;
+    let pbs_instance_id = hex::encode(machine_id_derived_app_id);
+
+    Ok(ServerIdentity { pbs_instance_id })
+}
+
+#[sortable]
+pub const SUBDIRS: SubdirMap = &sorted!([
     ("apt", &apt::ROUTER),
     ("certificates", &certificates::ROUTER),
     ("config", &config::ROUTER),
     ("disks", &disks::ROUTER),
     ("dns", &dns::ROUTER),
+    ("identity", &Router::new().get(&API_METHOD_GET_IDENTITY)),
     ("journal", &journal::ROUTER),
     ("network", &network::ROUTER),
     ("report", &report::ROUTER),
@@ -312,7 +346,7 @@ pub const SUBDIRS: SubdirMap = &[
         "vncwebsocket",
         &Router::new().upgrade(&API_METHOD_WEBSOCKET),
     ),
-];
+]);
 
 pub const ITEM_ROUTER: Router = Router::new()
     .get(&list_subdirs_api_method!(SUBDIRS))
-- 
2.47.3