proxmox-mirrors/proxmox-backup
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-backup synced 2025-07-12 08:17:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix #5439: allow to reuse existing datastore

Browse Source 
Disallow creating datastores in non-empty directories. Allow adding
existing datastores via a 'reuse-datastore' checkmark. This only checks
if all the necessary directories (.chunks + subdirectories and .lock)
exist and have the correct permissions. Note that the reuse-datastore
path does not open the datastore, so that we don't drop the
ProcessLocker of an existing datastore.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
This commit is contained in:
Gabriel Goller 2024-08-29 14:58:43 +02:00 committed by Thomas Lamprecht
parent 27811f3f8f
commit 6e101ff757
4 changed files with 105 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
pbs-datastore/src/chunk_store.rs
View File

@ -156,6 +156,22 @@ impl ChunkStore {
lockfile_path lockfile_path
} }
/// Check if the chunkstore path is absolute and that we can
/// access it. Returns the absolute '.chunks' path on success.
fn chunk_dir_accessible(base: &Path) -> Result<PathBuf, Error> {
if !base.is_absolute() {
bail!("expected absolute path - got {:?}", base);
}
let chunk_dir = Self::chunk_dir(base);
if let Err(err) = std::fs::metadata(&chunk_dir) {
bail!("unable to open chunk store at {chunk_dir:?} - {err}");
}
Ok(chunk_dir)
}
/// Opens the chunk store with a new process locker. /// Opens the chunk store with a new process locker.
/// ///
/// Note that this must be used with care, as it's dangerous to create two instances on the /// Note that this must be used with care, as it's dangerous to create two instances on the
@ -168,15 +184,7 @@ impl ChunkStore {
) -> Result<Self, Error> { ) -> Result<Self, Error> {
let base: PathBuf = base.into(); let base: PathBuf = base.into();
if !base.is_absolute() { let chunk_dir = ChunkStore::chunk_dir_accessible(&base)?;
bail!("expected absolute path - got {:?}", base);
}
let chunk_dir = Self::chunk_dir(&base);
if let Err(err) = std::fs::metadata(&chunk_dir) {
bail!("unable to open chunk store '{name}' at {chunk_dir:?} - {err}");
}
let lockfile_path = Self::lockfile_path(&base); let lockfile_path = Self::lockfile_path(&base);
@ -561,6 +569,53 @@ impl ChunkStore {
// unwrap: only `None` in unit tests // unwrap: only `None` in unit tests
ProcessLocker::try_exclusive_lock(self.locker.clone().unwrap()) ProcessLocker::try_exclusive_lock(self.locker.clone().unwrap())
} }
/// Checks permissions and owner of passed path.
fn check_permissions<T: AsRef<Path>>(path: T, file_mode: u32) -> Result<(), Error> {
match nix::sys::stat::stat(path.as_ref()) {
Ok(stat) => {
if stat.st_uid != u32::from(pbs_config::backup_user()?.uid)
|| stat.st_gid != u32::from(pbs_config::backup_group()?.gid)
|| stat.st_mode != file_mode
{
bail!(
"unable to open existing chunk store path {:?} - permissions or owner not correct",
path.as_ref(),
);
}
}
Err(err) => {
bail!(
"unable to open existing chunk store path {:?} - {err}",
path.as_ref(),
);
}
}
Ok(())
}
/// Verify vital files in datastore. Checks the owner and permissions of: the chunkstore, it's
/// subdirectories and the lock file.
pub fn verify_chunkstore<T: AsRef<Path>>(path: T) -> Result<(), Error> {
// Check datastore root path perm/owner
ChunkStore::check_permissions(path.as_ref(), 0o700)?;
let chunk_dir = Self::chunk_dir(path.as_ref());
// Check datastore .chunks path perm/owner
ChunkStore::check_permissions(&chunk_dir, 0o700)?;
// Check all .chunks subdirectories
for i in 0..64 * 1024 {
let mut l1path = chunk_dir.clone();
l1path.push(format!("{:04x}", i));
ChunkStore::check_permissions(&l1path, 0o700)?;
}
// Check .lock file
let lockfile_path = Self::lockfile_path(path.as_ref());
ChunkStore::check_permissions(lockfile_path, 0o600)?;
Ok(())
}
} }
#[test] #[test]

45
src/api2/config/datastore.rs
View File

@ -1,7 +1,7 @@
use std::path::PathBuf; use std::path::PathBuf;
use ::serde::{Deserialize, Serialize}; use ::serde::{Deserialize, Serialize};
use anyhow::Error; use anyhow::{bail, Error};
use hex::FromHex; use hex::FromHex;
use serde_json::Value; use serde_json::Value;
use tracing::warn; use tracing::warn;
@ -70,21 +70,39 @@ pub(crate) fn do_create_datastore(
_lock: BackupLockGuard, _lock: BackupLockGuard,
mut config: SectionConfigData, mut config: SectionConfigData,
datastore: DataStoreConfig, datastore: DataStoreConfig,
reuse_datastore: bool,
) -> Result<(), Error> { ) -> Result<(), Error> {
let path: PathBuf = datastore.path.clone().into(); let path: PathBuf = datastore.path.clone().into();
if path.parent().is_none() {
bail!("cannot create datastore in root path");
}
let tuning: DatastoreTuning = serde_json::from_value( let tuning: DatastoreTuning = serde_json::from_value(
DatastoreTuning::API_SCHEMA DatastoreTuning::API_SCHEMA
.parse_property_string(datastore.tuning.as_deref().unwrap_or(""))?, .parse_property_string(datastore.tuning.as_deref().unwrap_or(""))?,
)?; )?;
let backup_user = pbs_config::backup_user()?;
let _store = ChunkStore::create( if reuse_datastore {
&datastore.name, ChunkStore::verify_chunkstore(&path)?;
path, } else {
backup_user.uid, if let Ok(dir) = std::fs::read_dir(&path) {
backup_user.gid, for file in dir {
tuning.sync_level.unwrap_or_default(), let name = file?.file_name();
)?; if !name.to_str().map_or(false, |name| name.starts_with('.')) {
bail!("datastore path is not empty");
}
}
}
let backup_user = pbs_config::backup_user()?;
let _store = ChunkStore::create(
&datastore.name,
path,
backup_user.uid,
backup_user.gid,
tuning.sync_level.unwrap_or_default(),
)?;
}
config.set_data(&datastore.name, "datastore", &datastore)?; config.set_data(&datastore.name, "datastore", &datastore)?;
@ -101,6 +119,12 @@ pub(crate) fn do_create_datastore(
type: DataStoreConfig, type: DataStoreConfig,
flatten: true, flatten: true,
}, },
"reuse-datastore": {
type: Boolean,
optional: true,
default: false,
description: "Re-use existing datastore directory."
}
}, },
}, },
access: { access: {
@ -110,6 +134,7 @@ pub(crate) fn do_create_datastore(
/// Create new datastore config. /// Create new datastore config.
pub fn create_datastore( pub fn create_datastore(
config: DataStoreConfig, config: DataStoreConfig,
reuse_datastore: bool,
rpcenv: &mut dyn RpcEnvironment, rpcenv: &mut dyn RpcEnvironment,
) -> Result<String, Error> { ) -> Result<String, Error> {
let lock = pbs_config::datastore::lock_config()?; let lock = pbs_config::datastore::lock_config()?;
@ -154,7 +179,7 @@ pub fn create_datastore(
auth_id.to_string(), auth_id.to_string(),
to_stdout, to_stdout,
move |_worker| { move |_worker| {
do_create_datastore(lock, section_config, config)?; do_create_datastore(lock, section_config, config, reuse_datastore)?;
if let Some(prune_job_config) = prune_job_config { if let Some(prune_job_config) = prune_job_config {
do_create_prune_job(prune_job_config) do_create_prune_job(prune_job_config)

4
src/api2/node/disks/directory.rs
View File

@ -214,7 +214,9 @@ pub fn create_datastore_disk(
bail!("datastore '{}' already exists.", datastore.name); bail!("datastore '{}' already exists.", datastore.name);
} }
crate::api2::config::datastore::do_create_datastore(lock, config, datastore)?; crate::api2::config::datastore::do_create_datastore(
lock, config, datastore, false,
)?;
} }
Ok(()) Ok(())

4
src/api2/node/disks/zfs.rs
View File

@ -313,7 +313,9 @@ pub fn create_zpool(
bail!("datastore '{}' already exists.", datastore.name); bail!("datastore '{}' already exists.", datastore.name);
} }
crate::api2::config::datastore::do_create_datastore(lock, config, datastore)?; crate::api2::config::datastore::do_create_datastore(
lock, config, datastore, false,
)?;
} }
Ok(()) Ok(())