proxmox-backup/src/bin/proxmox-backup-proxy.rs

use std::sync::Arc;

use anyhow::{bail, format_err, Error};
use futures::*;
use hyper;
use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};

use proxmox::try_block;
use proxmox::api::RpcEnvironmentType;

use proxmox_backup::configdir;
use proxmox_backup::buildcfg;
use proxmox_backup::server;
use proxmox_backup::tools::daemon;
use proxmox_backup::server::{ApiConfig, rest::*};
use proxmox_backup::auth_helpers::*;

fn main() {
    if let Err(err) = proxmox_backup::tools::runtime::main(run()) {
        eprintln!("Error: {}", err);
        std::process::exit(-1);
    }
}

async fn run() -> Result<(), Error> {
    if let Err(err) = syslog::init(
        syslog::Facility::LOG_DAEMON,
        log::LevelFilter::Info,
        Some("proxmox-backup-proxy")) {
        bail!("unable to inititialize syslog - {}", err);
    }

    let _ = public_auth_key(); // load with lazy_static
    let _ = csrf_secret(); // load with lazy_static

    let mut config = ApiConfig::new(
        buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC)?;

    // add default dirs which includes jquery and bootstrap
    // my $base = '/usr/share/libpve-http-server-perl';
    // add_dirs($self->{dirs}, '/css/' => "$base/css/");
    // add_dirs($self->{dirs}, '/js/' => "$base/js/");
    // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
    config.add_alias("novnc", "/usr/share/novnc-pve");
    config.add_alias("extjs", "/usr/share/javascript/extjs");
    config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
    config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
    config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
    config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");
    config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");

    let rest_server = RestServer::new(config);

    //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
    let key_path = configdir!("/proxy.key");
    let cert_path = configdir!("/proxy.pem");

    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
    acceptor.set_private_key_file(key_path, SslFiletype::PEM)
        .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
    acceptor.set_certificate_chain_file(cert_path)
        .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
    acceptor.check_private_key().unwrap();

    let acceptor = Arc::new(acceptor.build());

    let server = daemon::create_daemon(
        ([0,0,0,0,0,0,0,0], 8007).into(),
        |listener, ready| {
            let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
                .map_err(Error::from)
                .try_filter_map(move |(sock, _addr)| {
                    let acceptor = Arc::clone(&acceptor);
                    async move {
                        sock.set_nodelay(true).unwrap();
                        sock.set_send_buffer_size(1024*1024).unwrap();
                        sock.set_recv_buffer_size(1024*1024).unwrap();
                        Ok(tokio_openssl::accept(&acceptor, sock)
                            .await
                            .ok() // handshake errors aren't be fatal, so return None to filter
                        )
                    }
                });
            let connections = proxmox_backup::tools::async_io::HyperAccept(connections);

            Ok(ready
                .and_then(|_| hyper::Server::builder(connections)
                    .serve(rest_server)
                    .with_graceful_shutdown(server::shutdown_future())
                    .map_err(Error::from)
                )
                .map_err(|err| eprintln!("server error: {}", err))
                .map(|_| ())
            )
        },
    );

    daemon::systemd_notify(daemon::SystemdNotify::Ready)?;

    let init_result: Result<(), Error> = try_block!({
        server::create_task_control_socket()?;
        server::server_state_init()?;
        Ok(())
    });

    if let Err(err) = init_result {
        bail!("unable to start daemon - {}", err);
    }

    start_task_scheduler();

    server.await?;
    log::info!("server shutting down, waiting for active workers to complete");
    proxmox_backup::server::last_worker_future().await?;
    log::info!("done - exit server");

    Ok(())
}

fn start_task_scheduler() {
    let abort_future = server::shutdown_future();
    let future = Box::pin(run_task_scheduler());
    let task = futures::future::select(future, abort_future);
    tokio::spawn(task.map(|_| ()));
}

use std::time:: {Instant, Duration, SystemTime, UNIX_EPOCH};

fn next_minute() -> Result<Instant, Error> {
    let epoch_now = SystemTime::now().duration_since(UNIX_EPOCH)?;
    let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);
    Ok(Instant::now() + epoch_next - epoch_now)
}

async fn run_task_scheduler() {

    let mut count: usize = 0;

    loop {
        count += 1;

        let delay_target = match next_minute() {  // try to run very minute
            Ok(d) => d,
            Err(err) => {
                eprintln!("task scheduler: compute next minute failed - {}", err);
                tokio::time::delay_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;
                continue;
            }
        };

        if count > 2 { // wait 1..2 minutes before starting
            match schedule_tasks().catch_unwind().await {
                Err(panic) => {
                    match panic.downcast::<&str>() {
                        Ok(msg) => {
                            eprintln!("task scheduler panic: {}", msg);
                        }
                        Err(_) => {
                            eprintln!("task scheduler panic - unknown type");
                        }
                    }
                }
                Ok(Err(err)) => {
                    eprintln!("task scheduler failed - {:?}", err);
                }
                Ok(Ok(_)) => {}
            }
        }

        tokio::time::delay_until(tokio::time::Instant::from_std(delay_target)).await;
    }
}

async fn schedule_tasks() -> Result<(), Error> {

    schedule_datastore_garbage_collection().await;

    Ok(())
}

fn lookup_last_worker_start(worker_type: &str, worker_id: &str) -> Result<i64, Error> {

    let list = proxmox_backup::server::read_task_list()?;

    for entry in list {
        if entry.upid.worker_type == worker_type {
            if let Some(id) = entry.upid.worker_id {
                if id == worker_id {
                    return Ok(entry.upid.starttime);
                }
            }
        }
    }

    Ok(0)
}


async fn schedule_datastore_garbage_collection() {

    use proxmox_backup::backup::DataStore;
    use proxmox_backup::server::{UPID, WorkerTask};
    use proxmox_backup::tools::systemd::time::{
        parse_calendar_event, compute_next_event};

    let config = match proxmox_backup::config::datastore::config() {
        Err(err) => {
            eprintln!("unable to read datastore config - {}", err);
            return;
        }
        Ok((config, _digest)) => config,
    };

    for (store, (_, store_config)) in config.sections {
        let datastore = match DataStore::lookup_datastore(&store) {
            Ok(datastore) => datastore,
            Err(err) => {
                eprintln!("lookup_datastore failed - {}", err);
                continue;
            }
        };

        let store_config: proxmox_backup::config::datastore::DataStoreConfig = match serde_json::from_value(store_config) {
            Ok(c) => c,
            Err(err) => {
                eprintln!("datastore config from_value failed - {}", err);
                continue;
            }
        };

        let event_str = match store_config.gc_schedule {
            Some(event_str) => event_str,
            None => continue,
        };

        let event = match parse_calendar_event(&event_str) {
            Ok(event) => event,
            Err(err) => {
                eprintln!("unable to parse schedule '{}' - {}", event_str, err);
                continue;
            }
        };

        if datastore.garbage_collection_running() { continue; }

        let worker_type = "garbage_collection";

        let stat = datastore.last_gc_status();
        let last = if let Some(upid_str) = stat.upid {
            match upid_str.parse::<UPID>() {
                Ok(upid) => upid.starttime,
                Err(err) => {
                    eprintln!("unable to parse upid '{}' - {}", upid_str, err);
                    continue;
                }
            }
        } else {
            match lookup_last_worker_start(worker_type, &store) {
                Ok(t) => t,
                Err(err) => {
                    eprintln!("lookup_last_job_start failed: {}", err);
                    continue;
                }
            }
        };

        let next = match compute_next_event(&event, last, false) {
            Ok(next) => next,
            Err(err) => {
                eprintln!("compute_next_event for '{}' failed - {}", event_str, err);
                continue;
            }
        };
        let now = match SystemTime::now().duration_since(UNIX_EPOCH) {
            Ok(epoch_now) => epoch_now.as_secs() as i64,
            Err(err) => {
                eprintln!("query system time failed - {}", err);
                continue;
            }
        };
        if next > now  { continue; }

        let store2 = store.clone();

        if let Err(err) = WorkerTask::new_thread(
            worker_type,
            Some(store.clone()),
            "root@pam",
            false,
            move |worker| {
                worker.log(format!("starting garbage collection on store {}", store));
                worker.log(format!("task triggered by schedule '{}'", event_str));
                datastore.garbage_collection(&worker)
            }
        ) {
            eprintln!("unable to start garbage collection on store {} - {}", store2, err);
        }
    }
}
api/compat: drop more compat imports from api_schema.rs Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-11-21 13:36:28 +00:00			`use std::sync::Arc;`

switch from failure to anyhow Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-04-17 12:11:25 +00:00			`use anyhow::{bail, format_err, Error};`
api/compat: drop more compat imports from api_schema.rs Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-11-21 13:36:28 +00:00			`use futures::*;`
			`use hyper;`
			`use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};`

bump proxmox crate to 0.1.7 The -sys, -tools and -api crate have now been merged into the proxmx crate directly. Only macro crates are separate (but still reexported by the proxmox crate in their designated locations). When we need to depend on "parts" of the crate later on we'll just have to use features. The reason is mostly that these modules had inter-dependencies which really make them not independent enough to be their own crates. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-01-21 11:28:01 +00:00			`use proxmox::try_block;`
api/compat: drop more compat imports from api_schema.rs Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-11-21 13:36:28 +00:00			`use proxmox::api::RpcEnvironmentType;`

add reload support to proxy Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-11 08:38:35 +00:00			`use proxmox_backup::configdir;`
avoid injecting ENV vars from Makefile So that we can run "cargo build" without setting vars manually. 2019-09-09 08:51:08 +00:00			`use proxmox_backup::buildcfg;`
src/tools/daemon.rs: use new ServerState handler 2019-04-08 12:00:23 +00:00			`use proxmox_backup::server;`
daemon: simplify daemon creation Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-18 13:13:44 +00:00			`use proxmox_backup::tools::daemon;`
move src/api_schema/config.rs -> src/server/config.rs 2019-11-22 08:23:03 +00:00			`use proxmox_backup::server::{ApiConfig, rest::*};`
load auth keys on startup 2019-01-29 16:21:58 +00:00			`use proxmox_backup::auth_helpers::*;`
src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00
introduce new runtime tokio helpers Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-01-20 11:52:22 +00:00			`fn main() {`
			`if let Err(err) = proxmox_backup::tools::runtime::main(run()) {`
bin/proxmox-backup-proxy.rs: improve error handling 2019-02-11 13:43:26 +00:00			`eprintln!("Error: {}", err);`
			`std::process::exit(-1);`
			`}`
			`}`

src/bin/proxmox-backup-proxy.rs: switch to async Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-08-29 07:45:34 +00:00			`async fn run() -> Result<(), Error> {`
src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00			`if let Err(err) = syslog::init(`
			`syslog::Facility::LOG_DAEMON,`
			`log::LevelFilter::Info,`
			`Some("proxmox-backup-proxy")) {`
bin/proxmox-backup-proxy.rs: improve error handling 2019-02-11 13:43:26 +00:00			`bail!("unable to inititialize syslog - {}", err);`
src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00			`}`

load auth keys on startup 2019-01-29 16:21:58 +00:00			`let _ = public_auth_key(); // load with lazy_static`
			`let _ = csrf_secret(); // load with lazy_static`

src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00			`let mut config = ApiConfig::new(`
change index to templates using handlebars using a handlebars instance in ApiConfig, to cache the templates as long as possible, this is currently ok, as the index template can only change when the whole package changes if we split this in the future, we have to trigger a reload of the daemon on gui package upgrade (so that the template gets reloaded) Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-04-29 09:59:31 +00:00			`buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC)?;`
src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00
			`// add default dirs which includes jquery and bootstrap`
			`// my $base = '/usr/share/libpve-http-server-perl';`
			`// add_dirs($self->{dirs}, '/css/' => "$base/css/");`
			`// add_dirs($self->{dirs}, '/js/' => "$base/js/");`
			`// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");`
			`config.add_alias("novnc", "/usr/share/novnc-pve");`
			`config.add_alias("extjs", "/usr/share/javascript/extjs");`
			`config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");`
			`config.add_alias("xtermjs", "/usr/share/pve-xtermjs");`
			`config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");`
add CSS file for PBS ExtJS6 basic ui some fitting rules copied over from PVE's ext6-pve.css file. simply place it in the css subfolder where the proxmox-backup-gui.js file is hosted and add a "css/" alias for that directory, the formatter gets use the right content type with that. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2019-12-16 17:16:05 +00:00			`config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");`
ui: add "Documentation" button to main view Similar to PVE and PMG, for quick access when one has the basic webinterface open anyway. Should move to the "proxmoxHelpButton" once we have an onlineHelp mapping to the docs. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2019-12-16 17:16:06 +00:00			`config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");`
src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00
			`let rest_server = RestServer::new(config);`

use hyper/tokio-openssl instead of hyper/tokio-tls This exposes the complete SSL setup. And download is much faster now (600MB/s instead of 130MB/s)! 2019-07-02 11:33:58 +00:00			`//openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes`
			`let key_path = configdir!("/proxy.key");`
			`let cert_path = configdir!("/proxy.pem");`

			`let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();`
			`acceptor.set_private_key_file(key_path, SslFiletype::PEM)`
			`.map_err(\|err\| format_err!("unable to read proxy key {} - {}", key_path, err))?;`
			`acceptor.set_certificate_chain_file(cert_path)`
			`.map_err(\|err\| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;`
			`acceptor.check_private_key().unwrap();`

			`let acceptor = Arc::new(acceptor.build());`
proxy: use TLS via tokio-tls Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-02-04 13:56:07 +00:00
daemon: simplify daemon creation Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-18 13:13:44 +00:00			`let server = daemon::create_daemon(`
			`([0,0,0,0,0,0,0,0], 8007).into(),`
update to tokio 0.2.0-alpha.4 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-09-02 13:16:21 +00:00			`\|listener, ready\| {`
update a chunk of stuff to the hyper release Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-12-12 14:27:07 +00:00			`let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)`
daemon: simplify daemon creation Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-18 13:13:44 +00:00			`.map_err(Error::from)`
update a chunk of stuff to the hyper release Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-12-12 14:27:07 +00:00			`.try_filter_map(move \|(sock, _addr)\| {`
src/bin/proxmox-backup-proxy.rs: switch to async Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-08-29 07:45:34 +00:00			`let acceptor = Arc::clone(&acceptor);`
			`async move {`
			`sock.set_nodelay(true).unwrap();`
			`sock.set_send_buffer_size(1024*1024).unwrap();`
			`sock.set_recv_buffer_size(1024*1024).unwrap();`
			`Ok(tokio_openssl::accept(&acceptor, sock)`
			`.await`
			`.ok() // handshake errors aren't be fatal, so return None to filter`
			`)`
daemon: simplify daemon creation Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-18 13:13:44 +00:00			`}`
			`});`
update a chunk of stuff to the hyper release Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-12-12 14:27:07 +00:00			`let connections = proxmox_backup::tools::async_io::HyperAccept(connections);`
update to tokio 0.2.0-alpha.4 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-09-02 13:16:21 +00:00
			`Ok(ready`
			`.and_then(\|_\| hyper::Server::builder(connections)`
			`.serve(rest_server)`
			`.with_graceful_shutdown(server::shutdown_future())`
			`.map_err(Error::from)`
			`)`
			`.map_err(\|err\| eprintln!("server error: {}", err))`
			`.map(\|_\| ())`
daemon: simplify daemon creation Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-18 13:13:44 +00:00			`)`
add reload support to proxy Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-11 08:38:35 +00:00			`},`
update to tokio 0.2.0-alpha.4 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-09-02 13:16:21 +00:00			`);`
add reload support to proxy Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-03-11 08:38:35 +00:00
use service Type=notify Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-04-25 08:38:26 +00:00			`daemon::systemd_notify(daemon::SystemdNotify::Ready)?;`

src/bin/proxmox-backup-proxy.rs: switch to async Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-08-29 07:45:34 +00:00			`let init_result: Result<(), Error> = try_block!({`
			`server::create_task_control_socket()?;`
			`server::server_state_init()?;`
			`Ok(())`
			`});`
src/server/worker_task.rs: implement task control socket 2019-04-09 10:15:06 +00:00
src/bin/proxmox-backup-proxy.rs: switch to async Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-08-29 07:45:34 +00:00			`if let Err(err) = init_result {`
			`bail!("unable to start daemon - {}", err);`
			`}`
src/tools/daemon.rs: use new ServerState handler 2019-04-08 12:00:23 +00:00
src/bin/proxmox-backup-proxy.rs: add simple task scheduler for garbage collection 2020-05-20 06:59:45 +00:00			`start_task_scheduler();`

update to tokio 0.2.0-alpha.4 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-09-02 13:16:21 +00:00			`server.await?;`
proxy/api: await running workers before shutdown Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-12-27 11:50:27 +00:00			`log::info!("server shutting down, waiting for active workers to complete");`
			`proxmox_backup::server::last_worker_future().await?;`
src/bin/proxmox-backup-proxy.rs: switch to async Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2019-08-29 07:45:34 +00:00			`log::info!("done - exit server");`
src/tools/daemon.rs: use new ServerState handler 2019-04-08 12:00:23 +00:00
bin/proxmox-backup-proxy.rs: improve error handling 2019-02-11 13:43:26 +00:00			`Ok(())`
src/bin/proxmox-backup-proxy.rs: implement unpriviledged server We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82. 2019-01-28 12:17:03 +00:00			`}`
src/bin/proxmox-backup-proxy.rs: add simple task scheduler for garbage collection 2020-05-20 06:59:45 +00:00
			`fn start_task_scheduler() {`
			`let abort_future = server::shutdown_future();`
			`let future = Box::pin(run_task_scheduler());`
			`let task = futures::future::select(future, abort_future);`
			`tokio::spawn(task.map(\|_\| ()));`
			`}`

			`use std::time:: {Instant, Duration, SystemTime, UNIX_EPOCH};`

			`fn next_minute() -> Result<Instant, Error> {`
			`let epoch_now = SystemTime::now().duration_since(UNIX_EPOCH)?;`
			`let epoch_next = Duration::from_secs((epoch_now.as_secs()/60 + 1)*60);`
			`Ok(Instant::now() + epoch_next - epoch_now)`
			`}`

			`async fn run_task_scheduler() {`

			`let mut count: usize = 0;`

			`loop {`
			`count += 1;`

			`let delay_target = match next_minute() { // try to run very minute`
			`Ok(d) => d,`
			`Err(err) => {`
			`eprintln!("task scheduler: compute next minute failed - {}", err);`
			`tokio::time::delay_until(tokio::time::Instant::from_std(Instant::now() + Duration::from_secs(60))).await;`
			`continue;`
			`}`
			`};`

			`if count > 2 { // wait 1..2 minutes before starting`
			`match schedule_tasks().catch_unwind().await {`
			`Err(panic) => {`
			`match panic.downcast::<&str>() {`
			`Ok(msg) => {`
			`eprintln!("task scheduler panic: {}", msg);`
			`}`
			`Err(_) => {`
			`eprintln!("task scheduler panic - unknown type");`
			`}`
			`}`
			`}`
			`Ok(Err(err)) => {`
			`eprintln!("task scheduler failed - {:?}", err);`
			`}`
			`Ok(Ok(_)) => {}`
			`}`
			`}`

			`tokio::time::delay_until(tokio::time::Instant::from_std(delay_target)).await;`
			`}`
			`}`

			`async fn schedule_tasks() -> Result<(), Error> {`

			`schedule_datastore_garbage_collection().await;`

			`Ok(())`
			`}`

			`fn lookup_last_worker_start(worker_type: &str, worker_id: &str) -> Result<i64, Error> {`

			`let list = proxmox_backup::server::read_task_list()?;`

			`for entry in list {`
			`if entry.upid.worker_type == worker_type {`
			`if let Some(id) = entry.upid.worker_id {`
			`if id == worker_id {`
			`return Ok(entry.upid.starttime);`
			`}`
			`}`
			`}`
			`}`

			`Ok(0)`
			`}`


			`async fn schedule_datastore_garbage_collection() {`

			`use proxmox_backup::backup::DataStore;`
			`use proxmox_backup::server::{UPID, WorkerTask};`
			`use proxmox_backup::tools::systemd::time::{`
			`parse_calendar_event, compute_next_event};`

			`let config = match proxmox_backup::config::datastore::config() {`
			`Err(err) => {`
			`eprintln!("unable to read datastore config - {}", err);`
			`return;`
			`}`
			`Ok((config, _digest)) => config,`
			`};`

			`for (store, (_, store_config)) in config.sections {`
			`let datastore = match DataStore::lookup_datastore(&store) {`
			`Ok(datastore) => datastore,`
			`Err(err) => {`
			`eprintln!("lookup_datastore failed - {}", err);`
			`continue;`
			`}`
			`};`

			`let store_config: proxmox_backup::config::datastore::DataStoreConfig = match serde_json::from_value(store_config) {`
			`Ok(c) => c,`
			`Err(err) => {`
			`eprintln!("datastore config from_value failed - {}", err);`
			`continue;`
			`}`
			`};`

			`let event_str = match store_config.gc_schedule {`
			`Some(event_str) => event_str,`
			`None => continue,`
			`};`

			`let event = match parse_calendar_event(&event_str) {`
			`Ok(event) => event,`
			`Err(err) => {`
			`eprintln!("unable to parse schedule '{}' - {}", event_str, err);`
			`continue;`
			`}`
			`};`

			`if datastore.garbage_collection_running() { continue; }`

			`let worker_type = "garbage_collection";`

			`let stat = datastore.last_gc_status();`
			`let last = if let Some(upid_str) = stat.upid {`
			`match upid_str.parse::<UPID>() {`
			`Ok(upid) => upid.starttime,`
			`Err(err) => {`
			`eprintln!("unable to parse upid '{}' - {}", upid_str, err);`
			`continue;`
			`}`
			`}`
			`} else {`
			`match lookup_last_worker_start(worker_type, &store) {`
			`Ok(t) => t,`
			`Err(err) => {`
			`eprintln!("lookup_last_job_start failed: {}", err);`
			`continue;`
			`}`
			`}`
			`};`

			`let next = match compute_next_event(&event, last, false) {`
			`Ok(next) => next,`
			`Err(err) => {`
			`eprintln!("compute_next_event for '{}' failed - {}", event_str, err);`
			`continue;`
			`}`
			`};`
			`let now = match SystemTime::now().duration_since(UNIX_EPOCH) {`
			`Ok(epoch_now) => epoch_now.as_secs() as i64,`
			`Err(err) => {`
			`eprintln!("query system time failed - {}", err);`
			`continue;`
			`}`
			`};`
			`if next > now { continue; }`

			`let store2 = store.clone();`

			`if let Err(err) = WorkerTask::new_thread(`
			`worker_type,`
			`Some(store.clone()),`
			`"root@pam",`
			`false,`
			`move \|worker\| {`
			`worker.log(format!("starting garbage collection on store {}", store));`
			`worker.log(format!("task triggered by schedule '{}'", event_str));`
			`datastore.garbage_collection(&worker)`
			`}`
			`) {`
			`eprintln!("unable to start garbage collection on store {} - {}", store2, err);`
			`}`
			`}`
			`}`