makes it a bit more readable as there's less "noise" in the read_label
function and as the separate new fn allows us to nicely use ? to early
return as it has an option in the return signature avoiding 5 lines of
code while not really getting more terse.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit a7a42de63b)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Since commit 1343dcaf we automatically try to load the key into the
drive after reading the media-set label, this cannot work for the case
where we actually restore the key from the tape itself.
To address this special case while preserving the automatic key
loading, everything except the setup of the key has been separated
from the 'read_label' method into a new function named
'read_label_without_loading_key'. Consequently, the 'restore-key' API
endpoint can be switched to utilize this new method, thereby avoiding
the issue.
Fixes: 1343dcaf ("tape: move 'set_encryption' calls to the TapeDriver")
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: reword and shorten commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit a33d795741)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
let them manage it completely themselves, as we cannot really say if a
code-block fits for the whole output, like it was the case for the
function that returned a limited output of a 'top' process status
command.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit c597473080)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 460c3d1619)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 5736fa917c)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 164f96a5a6)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 122179414c)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit c55884d1a7)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 3b5cb8fd33)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Command is copied over from Proxmox VE
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 49d465c72a)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
note, we do not filter by *.list or *.source, so one might get also
files that apt won't read, like .dpkg-dist files, but also those with
typos, and thus possibly helpful when debugging things.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 2f7b3e2ecc)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 0b9614d5a4)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit eb32373e3c)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
allows one to render this via any of the thousands markdown viewers to
get a better formatting.
We can switch our web ui widget to (optionally) render this as html
when a user is viewing it from the UI too.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 20875de2ec)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 11c4632bcf)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 84fb190ee2)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
in preparation of making it not public anymore
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 645f81339f)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
by introducing an 'assert_encryption_mode' that checks the desired
state, and bails out if it's different, called directly where we
previously set the encryption mode (which is now done automatically)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: add drive_ prefix and fleece in comment ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 3579d724a3)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
namely everytime we know what the key for the tape has to be:
* after we write the MediaSetLabel
* after reading the MediaSetLabel
When handling data on tape, we always have to have the MediaSetLabel, so
we should always trigger one of these. Because of that, we should not be
able to forget to set the encryption mode.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 1343dcaf01)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
For security, we want to automatically unload the encryption key from
the drive when we're done, so there was a Drop handler for SgTape that
handles that. Sadly, our tool we use to set it in the first place, also
invoked the Drop handler, thus unloading the keys again immediately
To fix that, move the Drop handler one logical level higher to the
LtoTapeHandle, which is not used by the 'sg-tape-cmd'.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 1dc0df339b)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
since sg-tape-cmd is only necessary if we want to load the key, we don't
have to call it when we don't have one.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 8ee5a5d302)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
instead of LtoTapeHandle. This way, we can simply always call the binary
from LtoTapeHandle, and don't have to concern ourselves with the sg_tape
calling.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit f1467d23f3)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
makes the boundary a bit clearer, introduce 'load_key' to load a single
key from the key config
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 4d17ed496a)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Prepares for the use in sg-tape-cmd, since we want to use the SgTape
directly instead of LtoTapeHandle.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit b5f8626706)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
rename the inner 'set_encryption' in sg_tape to drive_set_encryption,
so that it's a bit clearer where it comes from.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit 8cc8aa510f)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
ported over from pve-manager:
'pve7to8: check for proper grub meta-package for bootmode'
`67c655b9333714f31d5115de80961a2abc4b6506`
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
ported over from pve-manager: 'pve7to8: Add check for dkms modules'
`0329876ccf1d78b848897718bb0c2337c6a55fbb`
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
as the current table format isn't really a recommended way to encode
tables for reStructuredText, and breaks various editor integrations
(and possibly parsing in the future).
From the two supported options, i.e., csv-table and list-table, the
first one seems to be easier to maintain in the long-run, so go for
that.
https://docutils.sourceforge.io/docs/ref/rst/directives.html#csv-table-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 31b121f4b3)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 4650abb46e)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Adapted from Proxmox VE's FAQ
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 5d4f981308)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit c2fa67b417)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
previously, the snapshot grid returned one of three possible types of
values:
* a list of snapshots
* a list of datastores (if only whole datastores were selected)
* the string 'all' (when all snapshots were selected)
this led to some confusing and wrong code, especially the part:
```
if (source === 'all') {
source = values.store;
}
```
which basically set the selected *target* store as a source. (meaning
it tried restoring a datastore with the selected target name,
regardless if it existed or not)
This fell through in testing, since we most often only restored to the
same datastore anyway were the target and source name were the same.
Rework the return value to return the empty array in case all
snapshots are selected, since selecting none is not a valid anyway.
This means we always get an array back, which makes the code a bit
cleaner overall.
At the same time, we now differentiate correctly the 'all selected'
case, by setting the selected target as a default target.
So instead of previously having `target=target` as datastore
parameter, we now have `target` which is the correct behavior when we
want to restore the whole media set anyway.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
(cherry picked from commit 3429304733)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
some of the variable names did not really tell the full story, so
extend them a bit. This makes the intention much clearer.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
(cherry picked from commit 4206d6fadb)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
by counting the returned tapes and compare it to the sequence number.
If the tape count is lower than the highest sequence number plus one,
there must be a tape missing.
Mark it in the text and add the proxmox-warning-row class.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
(cherry picked from commit be79c2bb6e)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Use the job start-time as end-time when it's stuck in the
`JobState::Starting` state, no active working is running and the task
log of the last run doesn't exists.
A user experienced a power loss, which left a GC job in the `Started`
state, but the task log did not exist. This breaks the schedule and no
following GC runs. Now, the error is simply ignored and a new gc job
is started on the next occurrence.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
(cherry picked from commit 48fbce07df)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the ui shows the default 'root' namespace as target, but this only
worked when no namespace was selected. as soon as one source datastore
had a target namespace selected, the others datastores would be
skipped as there was no namespace mapping for them. To fix that, we
simply send a default namespace mapping for each source datastore
without a target (no target means 'root')
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
(cherry picked from commit 344db2d6f6)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
We throw an error if the value for total is zero.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
(cherry picked from commit dae0b67f1f)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
When a snapshot gets deleted (forgotten), the proxmox backup client
currently returns returns
"Result: {
"data": null
}"
This feedback may confuse users therefore this patch removes the output.
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
This commit adds the missing "Connection: upgrade" HTTP header [1]
when requesting an upgrade to HTTP 2.
Doing so is mandated in the HTTP Semantics RFC [2], and without this,
(reverse) proxies that strictly follow the standard could potentially
break.
[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade
[2]: RFC 9110, 7.8. Upgrade: “[...] sender of Upgrade MUST also send
an "Upgrade" connection option in the Connection header [...]”
Reported-By: McTwist <rajb89@hotmail.com>
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
[ TL: added RFC reference and use case to commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
When executing `proxmox-backup-client backup ...
--exclude "test/test.txt"` it still executed stat() on "test.txt",
which won't work when the current user doesn't have access to the
file or the parent folder. Now we check if the file is excluded,
and if it is not, then we execute stat().
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
When walking through a datastore on a GC run, it can
happen that the snapshot is deleted, and then walked over.
For example:
- read dir entry for group
- walk entries (snapshots)
- snapshot X is removed/pruned
- walking reaches snapshot X, but ENOENT
Previously we bailed here, now we just ignore it.
Backups that are just created (and a atomic rename from
tmpdir happens, which might triggers a ENOENT error) are
not a problem here, the GC handles them separately.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
(cherry picked from commit 9d1ba51de7)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
