2018-06-22 19:07:23 +00:00
|
|
|
/*
|
2022-01-15 00:24:59 +00:00
|
|
|
Copyright The Velero Contributors.
|
2018-06-22 19:07:23 +00:00
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2018-02-28 01:35:35 +00:00
|
|
|
package restic
|
|
|
|
|
|
|
|
|
|
import (
|
2019-09-10 18:28:19 +00:00
|
|
|
"bytes"
|
2018-02-28 01:35:35 +00:00
|
|
|
"encoding/json"
|
2019-09-10 18:28:19 +00:00
|
|
|
"fmt"
|
2022-08-30 07:52:11 +00:00
|
|
|
"strings"
|
2019-09-10 18:28:19 +00:00
|
|
|
"time"
|
2018-02-28 01:35:35 +00:00
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
2022-08-30 07:52:11 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2018-06-18 20:48:02 +00:00
|
|
|
|
2022-08-30 07:52:11 +00:00
|
|
|
"github.com/vmware-tanzu/velero/pkg/uploader"
|
2019-09-30 21:26:56 +00:00
|
|
|
"github.com/vmware-tanzu/velero/pkg/util/exec"
|
|
|
|
|
"github.com/vmware-tanzu/velero/pkg/util/filesystem"
|
2018-02-28 01:35:35 +00:00
|
|
|
)
|
|
|
|
|
|
2019-09-10 21:50:57 +00:00
|
|
|
const restoreProgressCheckInterval = 10 * time.Second
|
2019-09-10 18:28:19 +00:00
|
|
|
const backupProgressCheckInterval = 10 * time.Second
|
|
|
|
|
|
2019-09-10 21:50:57 +00:00
|
|
|
var fileSystem = filesystem.NewFileSystem()
|
|
|
|
|
|
2019-09-10 18:28:19 +00:00
|
|
|
type backupStatusLine struct {
|
|
|
|
|
MessageType string `json:"message_type"`
|
|
|
|
|
// seen in status lines
|
|
|
|
|
TotalBytes int64 `json:"total_bytes"`
|
|
|
|
|
BytesDone int64 `json:"bytes_done"`
|
|
|
|
|
// seen in summary line at the end
|
|
|
|
|
TotalBytesProcessed int64 `json:"total_bytes_processed"`
|
|
|
|
|
}
|
|
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
// GetSnapshotID runs provided 'restic snapshots' command to get the ID of a snapshot
|
|
|
|
|
// and an error if a unique snapshot cannot be identified.
|
|
|
|
|
func GetSnapshotID(snapshotIdCmd *Command) (string, error) {
|
|
|
|
|
stdout, stderr, err := exec.RunCommand(snapshotIdCmd.Cmd())
|
2018-02-28 01:35:35 +00:00
|
|
|
if err != nil {
|
2018-06-18 20:48:02 +00:00
|
|
|
return "", errors.Wrapf(err, "error running command, stderr=%s", stderr)
|
2018-02-28 01:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type snapshotID struct {
|
|
|
|
|
ShortID string `json:"short_id"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var snapshots []snapshotID
|
2018-06-18 20:48:02 +00:00
|
|
|
if err := json.Unmarshal([]byte(stdout), &snapshots); err != nil {
|
2018-02-28 01:35:35 +00:00
|
|
|
return "", errors.Wrap(err, "error unmarshalling restic snapshots result")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(snapshots) != 1 {
|
2022-06-13 03:29:57 +00:00
|
|
|
return "", errors.Errorf("expected one matching snapshot by command: %s, got %d", snapshotIdCmd.String(), len(snapshots))
|
2018-02-28 01:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return snapshots[0].ShortID, nil
|
|
|
|
|
}
|
2019-09-10 18:28:19 +00:00
|
|
|
|
2022-08-30 07:52:11 +00:00
|
|
|
// RunBackup runs a `restic backup` command and watches the output to provide
|
|
|
|
|
// progress updates to the caller.
|
|
|
|
|
func RunBackup(backupCmd *Command, log logrus.FieldLogger, updater uploader.ProgressUpdater) (string, string, error) {
|
|
|
|
|
// buffers for copying command stdout/err output into
|
|
|
|
|
stdoutBuf := new(bytes.Buffer)
|
|
|
|
|
stderrBuf := new(bytes.Buffer)
|
|
|
|
|
|
|
|
|
|
// create a channel to signal when to end the goroutine scanning for progress
|
|
|
|
|
// updates
|
|
|
|
|
quit := make(chan struct{})
|
|
|
|
|
|
|
|
|
|
cmd := backupCmd.Cmd()
|
|
|
|
|
cmd.Stdout = stdoutBuf
|
|
|
|
|
cmd.Stderr = stderrBuf
|
|
|
|
|
|
|
|
|
|
err := cmd.Start()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return stdoutBuf.String(), stderrBuf.String(), err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
|
ticker := time.NewTicker(backupProgressCheckInterval)
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case <-ticker.C:
|
|
|
|
|
lastLine := getLastLine(stdoutBuf.Bytes())
|
|
|
|
|
if len(lastLine) > 0 {
|
|
|
|
|
stat, err := decodeBackupStatusLine(lastLine)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.WithError(err).Errorf("error getting restic backup progress")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// if the line contains a non-empty bytes_done field, we can update the
|
|
|
|
|
// caller with the progress
|
|
|
|
|
if stat.BytesDone != 0 {
|
|
|
|
|
updater.UpdateProgress(&uploader.UploaderProgress{
|
2022-11-02 06:37:41 +00:00
|
|
|
TotalBytes: stat.TotalBytes,
|
|
|
|
|
BytesDone: stat.BytesDone,
|
2022-08-30 07:52:11 +00:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
case <-quit:
|
|
|
|
|
ticker.Stop()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
err = cmd.Wait()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return stdoutBuf.String(), stderrBuf.String(), err
|
|
|
|
|
}
|
|
|
|
|
quit <- struct{}{}
|
|
|
|
|
|
|
|
|
|
summary, err := getSummaryLine(stdoutBuf.Bytes())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return stdoutBuf.String(), stderrBuf.String(), err
|
|
|
|
|
}
|
|
|
|
|
stat, err := decodeBackupStatusLine(summary)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return stdoutBuf.String(), stderrBuf.String(), err
|
|
|
|
|
}
|
|
|
|
|
if stat.MessageType != "summary" {
|
|
|
|
|
return stdoutBuf.String(), stderrBuf.String(), errors.WithStack(fmt.Errorf("error getting restic backup summary: %s", string(summary)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// update progress to 100%
|
|
|
|
|
updater.UpdateProgress(&uploader.UploaderProgress{
|
|
|
|
|
TotalBytes: stat.TotalBytesProcessed,
|
|
|
|
|
BytesDone: stat.TotalBytesProcessed,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return string(summary), stderrBuf.String(), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func decodeBackupStatusLine(lastLine []byte) (backupStatusLine, error) {
|
2019-09-10 18:28:19 +00:00
|
|
|
var stat backupStatusLine
|
|
|
|
|
if err := json.Unmarshal(lastLine, &stat); err != nil {
|
|
|
|
|
return stat, errors.Wrapf(err, "unable to decode backup JSON line: %s", string(lastLine))
|
|
|
|
|
}
|
|
|
|
|
return stat, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-30 07:52:11 +00:00
|
|
|
// getLastLine returns the last line of a byte array. The string is assumed to
|
2019-09-10 18:28:19 +00:00
|
|
|
// have a newline at the end of it, so this returns the substring between the
|
|
|
|
|
// last two newlines.
|
2022-08-30 07:52:11 +00:00
|
|
|
func getLastLine(b []byte) []byte {
|
2020-02-03 19:49:23 +00:00
|
|
|
if b == nil || len(b) == 0 {
|
|
|
|
|
return []byte("")
|
|
|
|
|
}
|
2019-09-10 18:28:19 +00:00
|
|
|
// subslice the byte array to ignore the newline at the end of the string
|
|
|
|
|
lastNewLineIdx := bytes.LastIndex(b[:len(b)-1], []byte("\n"))
|
|
|
|
|
return b[lastNewLineIdx+1 : len(b)-1]
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-30 07:52:11 +00:00
|
|
|
// getSummaryLine looks for the summary JSON line
|
2019-09-10 18:28:19 +00:00
|
|
|
// (`{"message_type:"summary",...`) in the restic backup command output. Due to
|
|
|
|
|
// an issue in Restic, this might not always be the last line
|
|
|
|
|
// (https://github.com/restic/restic/issues/2389). It returns an error if it
|
|
|
|
|
// can't be found.
|
2022-08-30 07:52:11 +00:00
|
|
|
func getSummaryLine(b []byte) ([]byte, error) {
|
2019-09-10 18:28:19 +00:00
|
|
|
summaryLineIdx := bytes.LastIndex(b, []byte(`{"message_type":"summary"`))
|
|
|
|
|
if summaryLineIdx < 0 {
|
|
|
|
|
return nil, errors.New("unable to find summary in restic backup command output")
|
|
|
|
|
}
|
|
|
|
|
// find the end of the summary line
|
|
|
|
|
newLineIdx := bytes.Index(b[summaryLineIdx:], []byte("\n"))
|
|
|
|
|
if newLineIdx < 0 {
|
|
|
|
|
return nil, errors.New("unable to get summary line from restic backup command output")
|
|
|
|
|
}
|
|
|
|
|
return b[summaryLineIdx : summaryLineIdx+newLineIdx], nil
|
|
|
|
|
}
|
2019-09-10 21:50:57 +00:00
|
|
|
|
2022-08-30 07:52:11 +00:00
|
|
|
// RunRestore runs a `restic restore` command and monitors the volume size to
|
|
|
|
|
// provide progress updates to the caller.
|
|
|
|
|
func RunRestore(restoreCmd *Command, log logrus.FieldLogger, updater uploader.ProgressUpdater) (string, string, error) {
|
|
|
|
|
insecureTLSFlag := ""
|
|
|
|
|
|
|
|
|
|
for _, extraFlag := range restoreCmd.ExtraFlags {
|
|
|
|
|
if strings.Contains(extraFlag, resticInsecureTLSFlag) {
|
|
|
|
|
insecureTLSFlag = extraFlag
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
snapshotSize, err := getSnapshotSize(restoreCmd.RepoIdentifier, restoreCmd.PasswordFile, restoreCmd.CACertFile, restoreCmd.Args[0], restoreCmd.Env, insecureTLSFlag)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", "", errors.Wrap(err, "error getting snapshot size")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updater.UpdateProgress(&uploader.UploaderProgress{
|
|
|
|
|
TotalBytes: snapshotSize,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// create a channel to signal when to end the goroutine scanning for progress
|
|
|
|
|
// updates
|
|
|
|
|
quit := make(chan struct{})
|
|
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
|
ticker := time.NewTicker(restoreProgressCheckInterval)
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case <-ticker.C:
|
|
|
|
|
volumeSize, err := getVolumeSize(restoreCmd.Dir)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.WithError(err).Errorf("error getting restic restore progress")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if volumeSize != 0 {
|
|
|
|
|
updater.UpdateProgress(&uploader.UploaderProgress{
|
|
|
|
|
TotalBytes: snapshotSize,
|
|
|
|
|
BytesDone: volumeSize,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
case <-quit:
|
|
|
|
|
ticker.Stop()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
stdout, stderr, err := exec.RunCommand(restoreCmd.Cmd())
|
|
|
|
|
quit <- struct{}{}
|
|
|
|
|
|
|
|
|
|
// update progress to 100%
|
|
|
|
|
updater.UpdateProgress(&uploader.UploaderProgress{
|
|
|
|
|
TotalBytes: snapshotSize,
|
|
|
|
|
BytesDone: snapshotSize,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return stdout, stderr, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getSnapshotSize(repoIdentifier, passwordFile, caCertFile, snapshotID string, env []string, insecureTLS string) (int64, error) {
|
2019-09-10 21:50:57 +00:00
|
|
|
cmd := StatsCommand(repoIdentifier, passwordFile, snapshotID)
|
2019-10-29 14:42:12 +00:00
|
|
|
cmd.Env = env
|
2020-05-26 16:16:03 +00:00
|
|
|
cmd.CACertFile = caCertFile
|
2019-09-10 21:50:57 +00:00
|
|
|
|
2022-04-11 12:49:20 +00:00
|
|
|
if len(insecureTLS) > 0 {
|
|
|
|
|
cmd.ExtraFlags = append(cmd.ExtraFlags, insecureTLS)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-10 21:50:57 +00:00
|
|
|
stdout, stderr, err := exec.RunCommand(cmd.Cmd())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, errors.Wrapf(err, "error running command, stderr=%s", stderr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var snapshotStats struct {
|
|
|
|
|
TotalSize int64 `json:"total_size"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := json.Unmarshal([]byte(stdout), &snapshotStats); err != nil {
|
2022-04-11 12:49:20 +00:00
|
|
|
return 0, errors.Wrapf(err, "error unmarshalling restic stats result, stdout=%s", stdout)
|
2019-09-10 21:50:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return snapshotStats.TotalSize, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-30 07:52:11 +00:00
|
|
|
func getVolumeSize(path string) (int64, error) {
|
2019-09-10 21:50:57 +00:00
|
|
|
var size int64
|
|
|
|
|
|
|
|
|
|
files, err := fileSystem.ReadDir(path)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, errors.Wrapf(err, "error reading directory %s", path)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, file := range files {
|
|
|
|
|
if file.IsDir() {
|
2022-08-30 07:52:11 +00:00
|
|
|
s, err := getVolumeSize(fmt.Sprintf("%s/%s", path, file.Name()))
|
2019-09-10 21:50:57 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
size += s
|
|
|
|
|
} else {
|
|
|
|
|
size += file.Size()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return size, nil
|
|
|
|
|
}
|
