public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Fiona Ebner <f.ebner@proxmox.com>
To: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>,
	"Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [RFC container v2 22/25] backup: implement backup for external providers
Date: Mon, 16 Sep 2024 13:40:34 +0200	[thread overview]
Message-ID: <577e9eea-9739-4841-ad4a-ee2e18962dac@proxmox.com> (raw)
In-Reply-To: <1443353831.29500.1726208391851@webmail.proxmox.com>

Am 13.09.24 um 08:19 schrieb Fabian Grünbichler:
>> Fiona Ebner <f.ebner@proxmox.com> hat am 12.09.2024 15:38 CEST geschrieben:
>>  
>> Am 12.09.24 um 14:43 schrieb Fabian Grünbichler:
>>> On August 13, 2024 3:28 pm, Fiona Ebner wrote:
>>>> +	$info->{'firewall-config'} = $firewall_file if -e $firewall_file;
>>>> +	$info->{'bandwidth-limit'} = $opts->{bwlimit} * 1024 if $opts->{bwlimit};
>>>> +	$backup_provider->backup_container($vmid, $config_file, $id_map, $findexcl, $info);
>>>
>>> it might be easier to hide the idmapping from the backup provider? e.g.,
>>> hand it a idmapped bindmount or something like that?
>>>
>>
>> Yes, that would be nicer. But could that potentially lead to permission
>> issues? A mid/long term plan is to have the backup provider code run
>> with lower privileges. I suppose to later implement that, the subroutine
>> for the provider could run within a matching user namespace too?
> 
> yeah, I think there are a few options here
> - run the provider as root-in-user-ns, give it access to the mapped FS (this is how we do regular backups, but requires some glue code/forking)

Gave this a try. Issue is that the backup provider also needs access to
the backup target/etc. Can network access also be an issue (I guess it
is not for PBS)?

E.g. directory example plugin fails with
> ERROR: Backup of VM 112 failed - unable to open file '/mnt/pve/sparschwein/112/lxc-1726484790/guest.conf.tmp.125275' - Permission denied
and Borg plugin fails with
> ERROR: Backup of VM 112 failed - mkdir /run/pve-storage-borg-plugin: Permission denied at /usr/share/perl5/PVE/BackupProvider/Plugin/Borg.pm line 41
or after switching to /tmp with
> ERROR: Backup of VM 112 failed - file '/etc/pve/priv/storage/borg.pw' exists but open for reading failed - Permission denied

Less coupling with the associated storage plugin or a special kind of
"unprivileged" storage plugin would help. In PBS we do the
storage-plugin-related stuff first with root privileges and only run the
final pbs-client command in user namespace. Maybe we need something like
that here too, a preparatory method run as root that prepares for the
unprivileged backup operation? But that makes life more complicated for
provider implementers (and also us).

> - run the provider as root-on-host, give it access to a reverse-mapped FS somehow (well, it would be nicer to run the backup code in the userns instead of as root)

I'd try and go with this option for now if that is okay.

> - run the provider as root-on-host, give it access to the mapped FS and let it handle the (un)mapping itself (if they are not familiar with namespaces, this might go wrong)
> 
> so if we find a generic way to do the first variant, we are both closer to how we do backups, and err on the side of caution w.r.t. context of execution.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

  reply	other threads:[~2024-09-16 11:40 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-13 13:28 [pve-devel] [RFC qemu/storage/qemu-server/container/manager v2 00/25] backup provider API Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu v2 01/25] block/reqlist: allow adding overlapping requests Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu v2 02/25] PVE backup: fixup error handling for fleecing Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu v2 03/25] PVE backup: factor out setting up snapshot access " Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu v2 04/25] PVE backup: save device name in device info structure Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu v2 05/25] PVE backup: include device name in error when setting up snapshot access fails Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu v2 06/25] PVE backup: add target ID in backup state Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu v2 07/25] PVE backup: get device info: allow caller to specify filter for which devices use fleecing Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu v2 08/25] PVE backup: implement backup access setup and teardown API for external providers Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu v2 09/25] PVE backup: implement bitmap support for external backup access Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC storage v2 10/25] plugin: introduce new_backup_provider() method Fiona Ebner
2024-09-12 12:43   ` Fabian Grünbichler
2024-09-12 13:21     ` Fiona Ebner
2024-09-13  6:13       ` Fabian Grünbichler
2024-08-13 13:28 ` [pve-devel] [RFC storage v2 11/25] extract backup config: delegate to backup provider if there is one Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [POC storage v2 12/25] add backup provider example Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [POC storage v2 13/25] Borg plugin Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu-server v2 14/25] move nbd_stop helper to QMPHelpers module Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu-server v2 15/25] backup: move cleanup of fleecing images to cleanup method Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu-server v2 16/25] backup: cleanup: check if VM is running before issuing QMP commands Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu-server v2 17/25] backup: keep track of block-node size instead of volume size Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu-server v2 18/25] backup: allow adding fleecing images also for EFI and TPM Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu-server v2 19/25] backup: implement backup for external providers Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [PATCH qemu-server v2 20/25] restore: die early when there is no size for a device Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC qemu-server v2 21/25] backup: implement restore for external providers Fiona Ebner
2024-09-12 12:44   ` Fabian Grünbichler
2024-09-12 13:32     ` Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC container v2 22/25] backup: implement backup " Fiona Ebner
2024-09-12 12:43   ` Fabian Grünbichler
2024-09-12 13:38     ` Fiona Ebner
2024-09-13  6:19       ` Fabian Grünbichler
2024-09-16 11:40         ` Fiona Ebner [this message]
2024-08-13 13:28 ` [pve-devel] [RFC container v2 23/25] backup: implement restore " Fiona Ebner
2024-09-12 12:43   ` Fabian Grünbichler
2024-09-12 13:56     ` Fiona Ebner
2024-09-12 14:08       ` Fiona Ebner
2024-09-13  6:35         ` Fabian Grünbichler
2024-09-13 13:05           ` Fiona Ebner
2024-09-19  9:44             ` Fabian Grünbichler
2024-09-13  6:34       ` Fabian Grünbichler
2024-08-13 13:28 ` [pve-devel] [PATCH manager v2 24/25] ui: backup: also check for backup subtype to classify archive Fiona Ebner
2024-08-13 13:28 ` [pve-devel] [RFC manager v2 25/25] backup: implement backup for external providers Fiona Ebner
2024-09-12 12:43 ` [pve-devel] [RFC qemu/storage/qemu-server/container/manager v2 00/25] backup provider API Fabian Grünbichler
2024-09-12 15:31   ` Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=577e9eea-9739-4841-ad4a-ee2e18962dac@proxmox.com \
    --to=f.ebner@proxmox.com \
    --cc=f.gruenbichler@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal