]>
Commit | Line | Data |
---|---|---|
aff192e6 DM |
1 | package PVE::API2::Nodes::Nodeinfo; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
b92400b6 | 5 | use POSIX qw(LONG_MAX); |
aff192e6 DM |
6 | use Filesys::Df; |
7 | use Time::Local qw(timegm_nocheck); | |
40993593 | 8 | use HTTP::Status qw(:constants); |
aff192e6 DM |
9 | use PVE::pvecfg; |
10 | use PVE::Tools; | |
b289829f | 11 | use PVE::API2Tools; |
aff192e6 DM |
12 | use PVE::ProcFSTools; |
13 | use PVE::SafeSyslog; | |
c9164975 | 14 | use PVE::Cluster qw(cfs_read_file); |
aff192e6 | 15 | use PVE::INotify; |
05b252dc | 16 | use PVE::Exception qw(raise raise_perm_exc raise_param_exc); |
aff192e6 DM |
17 | use PVE::RESTHandler; |
18 | use PVE::RPCEnvironment; | |
19 | use PVE::JSONSchema qw(get_standard_option); | |
20 | use PVE::AccessControl; | |
c9164975 | 21 | use PVE::Storage; |
4a07fced | 22 | use PVE::Firewall; |
989b7743 | 23 | use PVE::LXC; |
c9164975 | 24 | use PVE::APLInfo; |
34ada77a | 25 | use PVE::Report; |
10a9a736 | 26 | use PVE::HA::Env::PVE2; |
7e5cb2f0 | 27 | use PVE::HA::Config; |
7141ae25 | 28 | use PVE::QemuConfig; |
b92400b6 | 29 | use PVE::QemuServer; |
21ace8d3 | 30 | use PVE::API2::Subscription; |
aff192e6 DM |
31 | use PVE::API2::Services; |
32 | use PVE::API2::Network; | |
33 | use PVE::API2::Tasks; | |
ab322f5f | 34 | use PVE::API2::Scan; |
aff192e6 DM |
35 | use PVE::API2::Storage::Status; |
36 | use PVE::API2::Qemu; | |
989b7743 | 37 | use PVE::API2::LXC; |
b38516eb | 38 | use PVE::API2::LXC::Status; |
bf58f8dd | 39 | use PVE::API2::VZDump; |
21299915 | 40 | use PVE::API2::APT; |
38db610a | 41 | use PVE::API2::Ceph; |
4a07fced | 42 | use PVE::API2::Firewall::Host; |
892821fd | 43 | use PVE::API2::Replication; |
036475f8 | 44 | use PVE::API2::Certificates; |
c4f78bb7 | 45 | use PVE::API2::NodeConfig; |
523d5f48 | 46 | use PVE::API2::Hardware; |
3b81e495 FG |
47 | use Digest::MD5; |
48 | use Digest::SHA; | |
e781363f | 49 | use PVE::API2::Disks; |
aff192e6 | 50 | use JSON; |
b3d84542 | 51 | use Socket; |
aff192e6 DM |
52 | |
53 | use base qw(PVE::RESTHandler); | |
54 | ||
55 | __PACKAGE__->register_method ({ | |
f9d26e09 | 56 | subclass => "PVE::API2::Qemu", |
aff192e6 DM |
57 | path => 'qemu', |
58 | }); | |
59 | ||
989b7743 | 60 | __PACKAGE__->register_method ({ |
f9d26e09 | 61 | subclass => "PVE::API2::LXC", |
989b7743 DM |
62 | path => 'lxc', |
63 | }); | |
64 | ||
38db610a | 65 | __PACKAGE__->register_method ({ |
f9d26e09 | 66 | subclass => "PVE::API2::Ceph", |
38db610a DM |
67 | path => 'ceph', |
68 | }); | |
69 | ||
bf58f8dd | 70 | __PACKAGE__->register_method ({ |
f9d26e09 | 71 | subclass => "PVE::API2::VZDump", |
bf58f8dd DM |
72 | path => 'vzdump', |
73 | }); | |
74 | ||
aff192e6 | 75 | __PACKAGE__->register_method ({ |
f9d26e09 | 76 | subclass => "PVE::API2::Services", |
aff192e6 DM |
77 | path => 'services', |
78 | }); | |
79 | ||
21ace8d3 | 80 | __PACKAGE__->register_method ({ |
f9d26e09 | 81 | subclass => "PVE::API2::Subscription", |
21ace8d3 DM |
82 | path => 'subscription', |
83 | }); | |
84 | ||
aff192e6 | 85 | __PACKAGE__->register_method ({ |
f9d26e09 | 86 | subclass => "PVE::API2::Network", |
aff192e6 DM |
87 | path => 'network', |
88 | }); | |
89 | ||
90 | __PACKAGE__->register_method ({ | |
f9d26e09 | 91 | subclass => "PVE::API2::Tasks", |
aff192e6 DM |
92 | path => 'tasks', |
93 | }); | |
94 | ||
95 | __PACKAGE__->register_method ({ | |
ab322f5f | 96 | subclass => "PVE::API2::Scan", |
aff192e6 DM |
97 | path => 'scan', |
98 | }); | |
99 | ||
523d5f48 TL |
100 | __PACKAGE__->register_method ({ |
101 | subclass => "PVE::API2::Hardware", | |
102 | path => 'hardware', | |
103 | }); | |
104 | ||
105 | ||
aff192e6 | 106 | __PACKAGE__->register_method ({ |
f9d26e09 | 107 | subclass => "PVE::API2::Storage::Status", |
aff192e6 DM |
108 | path => 'storage', |
109 | }); | |
110 | ||
e781363f DC |
111 | __PACKAGE__->register_method ({ |
112 | subclass => "PVE::API2::Disks", | |
113 | path => 'disks', | |
114 | }); | |
115 | ||
21299915 | 116 | __PACKAGE__->register_method ({ |
f9d26e09 | 117 | subclass => "PVE::API2::APT", |
21299915 DM |
118 | path => 'apt', |
119 | }); | |
120 | ||
4a07fced | 121 | __PACKAGE__->register_method ({ |
f9d26e09 | 122 | subclass => "PVE::API2::Firewall::Host", |
4a07fced DM |
123 | path => 'firewall', |
124 | }); | |
125 | ||
892821fd DM |
126 | __PACKAGE__->register_method ({ |
127 | subclass => "PVE::API2::Replication", | |
128 | path => 'replication', | |
129 | }); | |
130 | ||
036475f8 FG |
131 | __PACKAGE__->register_method ({ |
132 | subclass => "PVE::API2::Certificates", | |
133 | path => 'certificates', | |
134 | }); | |
135 | ||
136 | ||
c4f78bb7 FG |
137 | __PACKAGE__->register_method ({ |
138 | subclass => "PVE::API2::NodeConfig", | |
139 | path => 'config', | |
140 | }); | |
141 | ||
aff192e6 | 142 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
143 | name => 'index', |
144 | path => '', | |
aff192e6 DM |
145 | method => 'GET', |
146 | permissions => { user => 'all' }, | |
147 | description => "Node index.", | |
148 | parameters => { | |
149 | additionalProperties => 0, | |
150 | properties => { | |
151 | node => get_standard_option('pve-node'), | |
152 | }, | |
153 | }, | |
154 | returns => { | |
155 | type => 'array', | |
156 | items => { | |
157 | type => "object", | |
158 | properties => {}, | |
159 | }, | |
160 | links => [ { rel => 'child', href => "{name}" } ], | |
161 | }, | |
162 | code => sub { | |
163 | my ($param) = @_; | |
f9d26e09 | 164 | |
aff192e6 | 165 | my $result = [ |
38db610a | 166 | { name => 'ceph' }, |
e781363f | 167 | { name => 'disks' }, |
21299915 | 168 | { name => 'apt' }, |
8747a9ec | 169 | { name => 'version' }, |
aff192e6 | 170 | { name => 'syslog' }, |
952280b4 | 171 | { name => 'journal' }, |
aff192e6 | 172 | { name => 'status' }, |
b3d84542 | 173 | { name => 'wakeonlan' }, |
21ace8d3 | 174 | { name => 'subscription' }, |
34ada77a | 175 | { name => 'report' }, |
aff192e6 DM |
176 | { name => 'tasks' }, |
177 | { name => 'rrd' }, # fixme: remove? | |
178 | { name => 'rrddata' },# fixme: remove? | |
892821fd | 179 | { name => 'replication' }, |
aff192e6 | 180 | { name => 'vncshell' }, |
4b168c27 | 181 | { name => 'termproxy' }, |
2d802f8c | 182 | { name => 'spiceshell' }, |
aff192e6 DM |
183 | { name => 'time' }, |
184 | { name => 'dns' }, | |
185 | { name => 'services' }, | |
186 | { name => 'scan' }, | |
187 | { name => 'storage' }, | |
aff192e6 | 188 | { name => 'qemu' }, |
989b7743 | 189 | { name => 'lxc' }, |
bf58f8dd | 190 | { name => 'vzdump' }, |
aff192e6 | 191 | { name => 'network' }, |
c9164975 | 192 | { name => 'aplinfo' }, |
b92400b6 DM |
193 | { name => 'startall' }, |
194 | { name => 'stopall' }, | |
0455911d | 195 | { name => 'netstat' }, |
4a07fced | 196 | { name => 'firewall' }, |
036475f8 | 197 | { name => 'certificates' }, |
c4f78bb7 | 198 | { name => 'config' }, |
820d0458 | 199 | { name => 'hosts' }, |
952280b4 | 200 | ]; |
aff192e6 DM |
201 | |
202 | return $result; | |
203 | }}); | |
204 | ||
8747a9ec | 205 | __PACKAGE__->register_method ({ |
f9d26e09 | 206 | name => 'version', |
8747a9ec DM |
207 | path => 'version', |
208 | method => 'GET', | |
209 | proxyto => 'node', | |
210 | permissions => { user => 'all' }, | |
211 | description => "API version details", | |
212 | parameters => { | |
213 | additionalProperties => 0, | |
214 | properties => { | |
215 | node => get_standard_option('pve-node'), | |
216 | }, | |
217 | }, | |
218 | returns => { | |
219 | type => "object", | |
220 | properties => { | |
221 | version => { type => 'string' }, | |
222 | release => { type => 'string' }, | |
223 | repoid => { type => 'string' }, | |
224 | }, | |
225 | }, | |
226 | code => sub { | |
227 | my ($resp, $param) = @_; | |
f9d26e09 | 228 | |
8747a9ec DM |
229 | return PVE::pvecfg::version_info(); |
230 | }}); | |
231 | ||
aff192e6 | 232 | __PACKAGE__->register_method({ |
f9d26e09 TL |
233 | name => 'status', |
234 | path => 'status', | |
aff192e6 DM |
235 | method => 'GET', |
236 | permissions => { | |
7d020b42 | 237 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
238 | }, |
239 | description => "Read node status", | |
240 | proxyto => 'node', | |
241 | parameters => { | |
242 | additionalProperties => 0, | |
243 | properties => { | |
244 | node => get_standard_option('pve-node'), | |
245 | }, | |
246 | }, | |
247 | returns => { | |
248 | type => "object", | |
249 | properties => { | |
250 | ||
251 | }, | |
252 | }, | |
253 | code => sub { | |
254 | my ($param) = @_; | |
255 | ||
256 | my $res = { | |
257 | uptime => 0, | |
258 | idle => 0, | |
259 | }; | |
260 | ||
261 | my ($uptime, $idle) = PVE::ProcFSTools::read_proc_uptime(); | |
262 | $res->{uptime} = $uptime; | |
f9d26e09 | 263 | |
aff192e6 DM |
264 | my ($avg1, $avg5, $avg15) = PVE::ProcFSTools::read_loadavg(); |
265 | $res->{loadavg} = [ $avg1, $avg5, $avg15]; | |
f9d26e09 | 266 | |
aff192e6 DM |
267 | my ($sysname, $nodename, $release, $version, $machine) = POSIX::uname(); |
268 | ||
269 | $res->{kversion} = "$sysname $release $version"; | |
270 | ||
271 | $res->{cpuinfo} = PVE::ProcFSTools::read_cpuinfo(); | |
272 | ||
273 | my $stat = PVE::ProcFSTools::read_proc_stat(); | |
274 | $res->{cpu} = $stat->{cpu}; | |
275 | $res->{wait} = $stat->{wait}; | |
276 | ||
277 | my $meminfo = PVE::ProcFSTools::read_meminfo(); | |
278 | $res->{memory} = { | |
279 | free => $meminfo->{memfree}, | |
280 | total => $meminfo->{memtotal}, | |
281 | used => $meminfo->{memused}, | |
282 | }; | |
f9d26e09 | 283 | |
20539e0c DM |
284 | $res->{ksm} = { |
285 | shared => $meminfo->{memshared}, | |
286 | }; | |
287 | ||
aff192e6 DM |
288 | $res->{swap} = { |
289 | free => $meminfo->{swapfree}, | |
290 | total => $meminfo->{swaptotal}, | |
291 | used => $meminfo->{swapused}, | |
292 | }; | |
293 | ||
294 | $res->{pveversion} = PVE::pvecfg::package() . "/" . | |
8747a9ec | 295 | PVE::pvecfg::version_text(); |
aff192e6 DM |
296 | |
297 | my $dinfo = df('/', 1); # output is bytes | |
298 | ||
299 | $res->{rootfs} = { | |
300 | total => $dinfo->{blocks}, | |
301 | avail => $dinfo->{bavail}, | |
302 | used => $dinfo->{used}, | |
3d0fcc46 | 303 | free => $dinfo->{blocks} - $dinfo->{used}, |
aff192e6 DM |
304 | }; |
305 | ||
306 | return $res; | |
307 | }}); | |
308 | ||
0455911d SP |
309 | __PACKAGE__->register_method({ |
310 | name => 'netstat', | |
311 | path => 'netstat', | |
312 | method => 'GET', | |
313 | permissions => { | |
314 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
315 | }, | |
316 | description => "Read tap/vm network device interface counters", | |
317 | proxyto => 'node', | |
318 | parameters => { | |
319 | additionalProperties => 0, | |
320 | properties => { | |
321 | node => get_standard_option('pve-node'), | |
322 | }, | |
323 | }, | |
324 | returns => { | |
325 | type => "array", | |
326 | items => { | |
327 | type => "object", | |
328 | properties => {}, | |
329 | }, | |
330 | }, | |
331 | code => sub { | |
332 | my ($param) = @_; | |
333 | ||
334 | my $res = [ ]; | |
335 | ||
336 | my $netdev = PVE::ProcFSTools::read_proc_net_dev(); | |
337 | foreach my $dev (keys %$netdev) { | |
675946f2 | 338 | next if $dev !~ m/^(?:tap|veth)([1-9]\d*)i(\d+)$/; |
0455911d SP |
339 | my $vmid = $1; |
340 | my $netid = $2; | |
341 | ||
342 | push( | |
343 | @$res, | |
344 | { | |
345 | vmid => $vmid, | |
346 | dev => "net$netid", | |
347 | in => $netdev->{$dev}->{transmit}, | |
348 | out => $netdev->{$dev}->{receive}, | |
349 | } | |
350 | ); | |
351 | } | |
352 | ||
353 | return $res; | |
354 | }}); | |
355 | ||
87c3e931 SP |
356 | __PACKAGE__->register_method({ |
357 | name => 'execute', | |
358 | path => 'execute', | |
40993593 | 359 | method => 'POST', |
87c3e931 SP |
360 | permissions => { |
361 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
362 | }, | |
40993593 | 363 | description => "Execute multiple commands in order.", |
87c3e931 | 364 | proxyto => 'node', |
40993593 | 365 | protected => 1, # avoid problems with proxy code |
87c3e931 SP |
366 | parameters => { |
367 | additionalProperties => 0, | |
368 | properties => { | |
369 | node => get_standard_option('pve-node'), | |
40993593 DM |
370 | commands => { |
371 | description => "JSON encoded array of commands.", | |
372 | type => "string", | |
373 | } | |
87c3e931 SP |
374 | }, |
375 | }, | |
376 | returns => { | |
377 | type => 'array', | |
378 | properties => { | |
379 | ||
380 | }, | |
381 | }, | |
382 | code => sub { | |
383 | my ($param) = @_; | |
384 | my $res = []; | |
385 | ||
40993593 DM |
386 | my $rpcenv = PVE::RPCEnvironment::get(); |
387 | my $user = $rpcenv->get_user(); | |
388 | ||
389 | my $commands = eval { decode_json($param->{commands}); }; | |
390 | ||
87c3e931 SP |
391 | die "commands param did not contain valid JSON: $@" if $@; |
392 | die "commands is not an array" if ref($commands) ne "ARRAY"; | |
393 | ||
394 | foreach my $cmd (@$commands) { | |
87c3e931 | 395 | eval { |
40993593 | 396 | die "$cmd is not a valid command" if (ref($cmd) ne "HASH" || !$cmd->{path} || !$cmd->{method}); |
f9d26e09 | 397 | |
40993593 DM |
398 | $cmd->{args} //= {}; |
399 | ||
400 | my $path = "nodes/$param->{node}/$cmd->{path}"; | |
f9d26e09 | 401 | |
40993593 DM |
402 | my $uri_param = {}; |
403 | my ($handler, $info) = PVE::API2->find_handler($cmd->{method}, $path, $uri_param); | |
404 | if (!$handler || !$info) { | |
405 | die "no handler for '$path'\n"; | |
406 | } | |
407 | ||
408 | foreach my $p (keys %{$cmd->{args}}) { | |
409 | raise_param_exc({ $p => "duplicate parameter" }) if defined($uri_param->{$p}); | |
410 | $uri_param->{$p} = $cmd->{args}->{$p}; | |
411 | } | |
412 | ||
413 | # check access permissions | |
414 | $rpcenv->check_api2_permissions($info->{permissions}, $user, $uri_param); | |
415 | ||
416 | push @$res, { | |
417 | status => HTTP_OK, | |
a51ceeb7 | 418 | data => $handler->handle($info, $uri_param), |
40993593 | 419 | }; |
87c3e931 | 420 | }; |
40993593 DM |
421 | if (my $err = $@) { |
422 | my $resp = { status => HTTP_INTERNAL_SERVER_ERROR }; | |
423 | if (ref($err) eq "PVE::Exception") { | |
424 | $resp->{status} = $err->{code} if $err->{code}; | |
425 | $resp->{errors} = $err->{errors} if $err->{errors}; | |
426 | $resp->{message} = $err->{msg}; | |
427 | } else { | |
428 | $resp->{message} = $err; | |
429 | } | |
430 | push @$res, $resp; | |
431 | } | |
87c3e931 SP |
432 | } |
433 | ||
434 | return $res; | |
435 | }}); | |
436 | ||
437 | ||
aff192e6 | 438 | __PACKAGE__->register_method({ |
f9d26e09 TL |
439 | name => 'node_cmd', |
440 | path => 'status', | |
aff192e6 DM |
441 | method => 'POST', |
442 | permissions => { | |
7d020b42 | 443 | check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]], |
aff192e6 DM |
444 | }, |
445 | protected => 1, | |
446 | description => "Reboot or shutdown a node.", | |
447 | proxyto => 'node', | |
448 | parameters => { | |
449 | additionalProperties => 0, | |
450 | properties => { | |
451 | node => get_standard_option('pve-node'), | |
452 | command => { | |
453 | description => "Specify the command.", | |
454 | type => 'string', | |
455 | enum => [qw(reboot shutdown)], | |
456 | }, | |
457 | }, | |
458 | }, | |
459 | returns => { type => "null" }, | |
460 | code => sub { | |
461 | my ($param) = @_; | |
462 | ||
463 | if ($param->{command} eq 'reboot') { | |
464 | system ("(sleep 2;/sbin/reboot)&"); | |
465 | } elsif ($param->{command} eq 'shutdown') { | |
466 | system ("(sleep 2;/sbin/poweroff)&"); | |
467 | } | |
468 | ||
469 | return undef; | |
470 | }}); | |
471 | ||
b3d84542 CE |
472 | __PACKAGE__->register_method({ |
473 | name => 'wakeonlan', | |
474 | path => 'wakeonlan', | |
475 | method => 'POST', | |
476 | permissions => { | |
477 | check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]], | |
478 | }, | |
479 | protected => 1, | |
480 | description => "Try to wake a node via 'wake on LAN' network packet.", | |
481 | parameters => { | |
482 | additionalProperties => 0, | |
483 | properties => { | |
484 | node => get_standard_option('pve-node', { | |
485 | description => 'target node for wake on LAN packet', | |
5aa7b909 CE |
486 | completion => sub { |
487 | my $members = PVE::Cluster::get_members(); | |
488 | return [ grep { !$members->{$_}->{online} } keys %$members ]; | |
489 | } | |
b3d84542 CE |
490 | }), |
491 | }, | |
492 | }, | |
0f615ea9 CE |
493 | returns => { |
494 | type => 'string', | |
495 | format => 'mac-addr', | |
ec178804 | 496 | description => 'MAC address used to assemble the WoL magic packet.', |
0f615ea9 | 497 | }, |
b3d84542 CE |
498 | code => sub { |
499 | my ($param) = @_; | |
500 | ||
82436996 TL |
501 | my $node = $param->{node}; |
502 | ||
503 | die "'$node' is local node, cannot wake my self!\n" | |
504 | if $node eq 'localhost' || $node eq PVE::INotify::nodename(); | |
505 | ||
506 | PVE::Cluster::check_node_exists($node); | |
507 | ||
508 | my $config = PVE::NodeConfig::load_config($node); | |
b3d84542 CE |
509 | my $mac_addr = $config->{wakeonlan}; |
510 | if (!defined($mac_addr)) { | |
82436996 | 511 | die "No wake on LAN MAC address defined for '$node'!\n"; |
b3d84542 CE |
512 | } |
513 | ||
514 | $mac_addr =~ s/://g; | |
515 | my $packet = chr(0xff) x 6 . pack('H*', $mac_addr) x 16; | |
516 | ||
517 | my $addr = gethostbyname('255.255.255.255'); | |
518 | my $port = getservbyname('discard', 'udp'); | |
519 | my $to = Socket::pack_sockaddr_in($port, $addr); | |
82436996 | 520 | |
b3d84542 CE |
521 | socket(my $sock, Socket::AF_INET, Socket::SOCK_DGRAM, Socket::IPPROTO_UDP) |
522 | || die "Unable to open socket: $!\n"; | |
523 | setsockopt($sock, Socket::SOL_SOCKET, Socket::SO_BROADCAST, 1) | |
524 | || die "Unable to set socket option: $!\n"; | |
525 | ||
526 | send($sock, $packet, 0, $to) | |
527 | || die "Unable to send packet: $!\n"; | |
528 | ||
529 | close($sock); | |
530 | ||
0f615ea9 | 531 | return $config->{wakeonlan}; |
b3d84542 | 532 | }}); |
aff192e6 DM |
533 | |
534 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
535 | name => 'rrd', |
536 | path => 'rrd', | |
aff192e6 DM |
537 | method => 'GET', |
538 | protected => 1, # fixme: can we avoid that? | |
539 | permissions => { | |
7d020b42 | 540 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
541 | }, |
542 | description => "Read node RRD statistics (returns PNG)", | |
543 | parameters => { | |
544 | additionalProperties => 0, | |
545 | properties => { | |
546 | node => get_standard_option('pve-node'), | |
547 | timeframe => { | |
548 | description => "Specify the time frame you are interested in.", | |
549 | type => 'string', | |
550 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
551 | }, | |
552 | ds => { | |
553 | description => "The list of datasources you want to display.", | |
554 | type => 'string', format => 'pve-configid-list', | |
555 | }, | |
556 | cf => { | |
557 | description => "The RRD consolidation function", | |
558 | type => 'string', | |
559 | enum => [ 'AVERAGE', 'MAX' ], | |
560 | optional => 1, | |
561 | }, | |
562 | }, | |
563 | }, | |
564 | returns => { | |
565 | type => "object", | |
566 | properties => { | |
567 | filename => { type => 'string' }, | |
568 | }, | |
569 | }, | |
570 | code => sub { | |
571 | my ($param) = @_; | |
572 | ||
573 | return PVE::Cluster::create_rrd_graph( | |
f9d26e09 | 574 | "pve2-node/$param->{node}", $param->{timeframe}, |
aff192e6 DM |
575 | $param->{ds}, $param->{cf}); |
576 | ||
577 | }}); | |
578 | ||
579 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
580 | name => 'rrddata', |
581 | path => 'rrddata', | |
aff192e6 DM |
582 | method => 'GET', |
583 | protected => 1, # fixme: can we avoid that? | |
584 | permissions => { | |
7d020b42 | 585 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
586 | }, |
587 | description => "Read node RRD statistics", | |
588 | parameters => { | |
589 | additionalProperties => 0, | |
590 | properties => { | |
591 | node => get_standard_option('pve-node'), | |
592 | timeframe => { | |
593 | description => "Specify the time frame you are interested in.", | |
594 | type => 'string', | |
595 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
596 | }, | |
597 | cf => { | |
598 | description => "The RRD consolidation function", | |
599 | type => 'string', | |
600 | enum => [ 'AVERAGE', 'MAX' ], | |
601 | optional => 1, | |
602 | }, | |
603 | }, | |
604 | }, | |
605 | returns => { | |
606 | type => "array", | |
607 | items => { | |
608 | type => "object", | |
609 | properties => {}, | |
610 | }, | |
611 | }, | |
612 | code => sub { | |
613 | my ($param) = @_; | |
614 | ||
615 | return PVE::Cluster::create_rrd_data( | |
616 | "pve2-node/$param->{node}", $param->{timeframe}, $param->{cf}); | |
617 | }}); | |
618 | ||
619 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
620 | name => 'syslog', |
621 | path => 'syslog', | |
aff192e6 DM |
622 | method => 'GET', |
623 | description => "Read system log", | |
624 | proxyto => 'node', | |
625 | permissions => { | |
7d020b42 | 626 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], |
aff192e6 DM |
627 | }, |
628 | protected => 1, | |
629 | parameters => { | |
630 | additionalProperties => 0, | |
631 | properties => { | |
632 | node => get_standard_option('pve-node'), | |
633 | start => { | |
634 | type => 'integer', | |
635 | minimum => 0, | |
636 | optional => 1, | |
637 | }, | |
638 | limit => { | |
639 | type => 'integer', | |
640 | minimum => 0, | |
641 | optional => 1, | |
642 | }, | |
01b753b6 TL |
643 | since => { |
644 | type=> 'string', | |
645 | pattern => '^\d{4}-\d{2}-\d{2}( \d{2}:\d{2}(:\d{2})?)?$', | |
646 | description => "Display all log since this date-time string.", | |
647 | optional => 1, | |
648 | }, | |
649 | until => { | |
650 | type=> 'string', | |
651 | pattern => '^\d{4}-\d{2}-\d{2}( \d{2}:\d{2}(:\d{2})?)?$', | |
652 | description => "Display all log until this date-time string.", | |
653 | optional => 1, | |
654 | }, | |
34142272 DC |
655 | service => { |
656 | description => "Service ID", | |
657 | type => 'string', | |
658 | maxLength => 128, | |
659 | optional => 1, | |
660 | }, | |
aff192e6 DM |
661 | }, |
662 | }, | |
663 | returns => { | |
664 | type => 'array', | |
f9d26e09 | 665 | items => { |
aff192e6 DM |
666 | type => "object", |
667 | properties => { | |
668 | n => { | |
669 | description=> "Line number", | |
670 | type=> 'integer', | |
671 | }, | |
672 | t => { | |
673 | description=> "Line text", | |
674 | type => 'string', | |
675 | } | |
676 | } | |
677 | } | |
678 | }, | |
679 | code => sub { | |
680 | my ($param) = @_; | |
681 | ||
aff192e6 DM |
682 | my $rpcenv = PVE::RPCEnvironment::get(); |
683 | my $user = $rpcenv->get_user(); | |
684 | my $node = $param->{node}; | |
34142272 DC |
685 | my $service; |
686 | ||
687 | if ($param->{service}) { | |
688 | my $service_aliases = { | |
689 | 'postfix' => 'postfix@-', | |
690 | }; | |
691 | ||
692 | $service = $service_aliases->{$param->{service}} // $param->{service}; | |
693 | } | |
aff192e6 | 694 | |
01b753b6 | 695 | my ($count, $lines) = PVE::Tools::dump_journal($param->{start}, $param->{limit}, |
34142272 | 696 | $param->{since}, $param->{until}, $service); |
ff9c330c DM |
697 | |
698 | $rpcenv->set_result_attrib('total', $count); | |
01b753b6 TL |
699 | |
700 | return $lines; | |
ff9c330c DM |
701 | }}); |
702 | ||
1d397a83 DC |
703 | __PACKAGE__->register_method({ |
704 | name => 'journal', | |
705 | path => 'journal', | |
706 | method => 'GET', | |
707 | description => "Read Journal", | |
708 | proxyto => 'node', | |
709 | permissions => { | |
710 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], | |
711 | }, | |
712 | protected => 1, | |
713 | parameters => { | |
714 | additionalProperties => 0, | |
715 | properties => { | |
716 | node => get_standard_option('pve-node'), | |
717 | since => { | |
718 | type=> 'number', | |
f9b08743 | 719 | description => "Display all log since this UNIX epoch. Conflicts with 'startcursor'.", |
1d397a83 DC |
720 | optional => 1, |
721 | }, | |
722 | until => { | |
723 | type=> 'number', | |
f9b08743 | 724 | description => "Display all log until this UNIX epoch. Conflicts with 'endcursor'.", |
1d397a83 DC |
725 | optional => 1, |
726 | }, | |
727 | lastentries => { | |
f9b08743 | 728 | description => "Limit to the last X lines. Conflicts with any cursor or time range parameters.", |
1d397a83 DC |
729 | type => 'integer', |
730 | optional => 1, | |
731 | }, | |
732 | startcursor => { | |
f9b08743 | 733 | description => "Start after the given Cursor. Conflicts with 'since'", |
1d397a83 DC |
734 | type => 'string', |
735 | optional => 1, | |
736 | }, | |
737 | endcursor => { | |
f9b08743 | 738 | description => "End before the given Cursor. Conflicts with 'until'", |
1d397a83 DC |
739 | type => 'string', |
740 | optional => 1, | |
741 | }, | |
742 | }, | |
743 | }, | |
744 | returns => { | |
745 | type => 'array', | |
746 | items => { | |
747 | type => "string", | |
748 | } | |
749 | }, | |
750 | code => sub { | |
751 | my ($param) = @_; | |
752 | ||
753 | my $rpcenv = PVE::RPCEnvironment::get(); | |
754 | my $user = $rpcenv->get_user(); | |
755 | ||
f9b08743 TL |
756 | my $cmd = ["/usr/bin/mini-journalreader"]; |
757 | ||
758 | my $add_to_cmd = sub { | |
759 | my ($opt, $p, @conflicts) = @_; | |
760 | return if !defined($param->{$p}); | |
761 | ||
762 | for my $c (@conflicts) { | |
763 | die "parameters '$p' and '$c' conflict with each other!\n" | |
764 | if defined($param->{$c}); | |
765 | } | |
1d397a83 | 766 | |
f9b08743 | 767 | push @$cmd, $opt, $param->{$p}; |
1d397a83 DC |
768 | }; |
769 | ||
f9b08743 TL |
770 | $add_to_cmd->('-b', 'since', 'startcursor', 'lastentries'); |
771 | $add_to_cmd->('-e', 'until', 'endcursor', 'lastentries'); | |
772 | $add_to_cmd->('-f', 'startcursor', 'lastentries'); | |
773 | $add_to_cmd->('-t', 'endcursor', 'lastentries'); | |
774 | $add_to_cmd->('-n', 'lastentries'); | |
775 | ||
776 | my $lines = []; | |
777 | my $parser = sub { push @$lines, shift }; | |
1d397a83 DC |
778 | |
779 | PVE::Tools::run_command($cmd, outfunc => $parser); | |
780 | ||
781 | return $lines; | |
782 | }}); | |
783 | ||
aff192e6 DM |
784 | my $sslcert; |
785 | ||
dab7a849 | 786 | my $shell_cmd_map = { |
d03d7e1e TM |
787 | 'login' => [ '/bin/login', '-f', 'root' ], |
788 | 'upgrade' => [ '/usr/bin/pveupgrade', '--shell' ], | |
c3b04731 | 789 | 'ceph_install' => [ '/usr/bin/pveceph', 'install' ], |
d03d7e1e TM |
790 | }; |
791 | ||
792 | sub get_shell_command { | |
793 | my ($user, $shellcmd) = @_; | |
794 | ||
795 | if ($user eq 'root@pam') { | |
fc1da3b0 | 796 | if (defined($shellcmd) && exists($shell_cmd_map->{$shellcmd})) { |
dab7a849 | 797 | return $shell_cmd_map->{$shellcmd}; |
d03d7e1e TM |
798 | } else { |
799 | return [ '/bin/login', '-f', 'root' ]; | |
800 | } | |
801 | } else { | |
802 | return [ '/bin/login' ]; | |
803 | } | |
804 | } | |
805 | ||
aff192e6 | 806 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
807 | name => 'vncshell', |
808 | path => 'vncshell', | |
aff192e6 DM |
809 | method => 'POST', |
810 | protected => 1, | |
811 | permissions => { | |
d0289a19 | 812 | description => "Restricted to users on realm 'pam'", |
7d020b42 | 813 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], |
aff192e6 DM |
814 | }, |
815 | description => "Creates a VNC Shell proxy.", | |
816 | parameters => { | |
817 | additionalProperties => 0, | |
818 | properties => { | |
819 | node => get_standard_option('pve-node'), | |
3a76893d DM |
820 | upgrade => { |
821 | type => 'boolean', | |
2d39fd70 | 822 | description => "Deprecated, use the 'cmd' property instead! Run 'apt-get dist-upgrade' instead of normal shell.", |
3a76893d DM |
823 | optional => 1, |
824 | default => 0, | |
825 | }, | |
d03d7e1e TM |
826 | cmd => { |
827 | type => 'string', | |
828 | description => "Run specific command or default to login.", | |
dab7a849 | 829 | enum => [keys %$shell_cmd_map], |
d03d7e1e TM |
830 | optional => 1, |
831 | default => 'login', | |
832 | }, | |
8dfca17e DM |
833 | websocket => { |
834 | optional => 1, | |
835 | type => 'boolean', | |
836 | description => "use websocket instead of standard vnc.", | |
837 | }, | |
b8ac8b0c DC |
838 | width => { |
839 | optional => 1, | |
840 | description => "sets the width of the console in pixels.", | |
841 | type => 'integer', | |
842 | minimum => 16, | |
843 | maximum => 4096, | |
844 | }, | |
845 | height => { | |
846 | optional => 1, | |
847 | description => "sets the height of the console in pixels.", | |
848 | type => 'integer', | |
849 | minimum => 16, | |
850 | maximum => 2160, | |
851 | }, | |
aff192e6 DM |
852 | }, |
853 | }, | |
f9d26e09 | 854 | returns => { |
aff192e6 DM |
855 | additionalProperties => 0, |
856 | properties => { | |
857 | user => { type => 'string' }, | |
858 | ticket => { type => 'string' }, | |
859 | cert => { type => 'string' }, | |
860 | port => { type => 'integer' }, | |
861 | upid => { type => 'string' }, | |
862 | }, | |
863 | }, | |
864 | code => sub { | |
865 | my ($param) = @_; | |
866 | ||
867 | my $rpcenv = PVE::RPCEnvironment::get(); | |
868 | ||
d553e535 | 869 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user()); |
d0289a19 | 870 | |
f9d26e09 | 871 | raise_perm_exc("realm != pam") if $realm ne 'pam'; |
aff192e6 | 872 | |
3a76893d DM |
873 | raise_perm_exc('user != root@pam') if $param->{upgrade} && $user ne 'root@pam'; |
874 | ||
aff192e6 DM |
875 | my $node = $param->{node}; |
876 | ||
57ebda08 DM |
877 | my $authpath = "/nodes/$node"; |
878 | ||
879 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath); | |
880 | ||
aff192e6 DM |
881 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) |
882 | if !$sslcert; | |
883 | ||
eb6d7497 | 884 | my ($remip, $family); |
b179a622 | 885 | |
aff192e6 | 886 | if ($node ne PVE::INotify::nodename()) { |
eb6d7497 WB |
887 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
888 | } else { | |
889 | $family = PVE::Tools::get_host_address_family($node); | |
aff192e6 DM |
890 | } |
891 | ||
eb6d7497 WB |
892 | my $port = PVE::Tools::next_vnc_port($family); |
893 | ||
aff192e6 DM |
894 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
895 | # so we select the fastest chipher here (or 'none'?) | |
f9d26e09 | 896 | my $remcmd = $remip ? |
cb1b1712 | 897 | ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : []; |
d4a25f0b | 898 | |
2d39fd70 | 899 | # FIXME: remove with 6.0 |
d03d7e1e TM |
900 | if ($param->{upgrade}) { |
901 | $param->{cmd} = 'upgrade'; | |
3a76893d | 902 | } |
d03d7e1e | 903 | my $shcmd = get_shell_command($user, $param->{cmd}); |
aff192e6 | 904 | |
f9d26e09 | 905 | my $timeout = 10; |
aff192e6 | 906 | |
6d394492 | 907 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, |
f9d26e09 | 908 | '-timeout', $timeout, '-authpath', $authpath, |
8dfca17e DM |
909 | '-perm', 'Sys.Console']; |
910 | ||
b8ac8b0c DC |
911 | if ($param->{width}) { |
912 | push @$cmd, '-width', $param->{width}; | |
913 | } | |
914 | ||
915 | if ($param->{height}) { | |
916 | push @$cmd, '-height', $param->{height}; | |
917 | } | |
918 | ||
8dfca17e | 919 | if ($param->{websocket}) { |
f9d26e09 | 920 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
8dfca17e DM |
921 | push @$cmd, '-notls', '-listen', 'localhost'; |
922 | } | |
923 | ||
924 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
aff192e6 DM |
925 | |
926 | my $realcmd = sub { | |
927 | my $upid = shift; | |
928 | ||
929 | syslog ('info', "starting vnc proxy $upid\n"); | |
930 | ||
6d394492 | 931 | my $cmdstr = join (' ', @$cmd); |
aff192e6 DM |
932 | syslog ('info', "launch command: $cmdstr"); |
933 | ||
f9d26e09 | 934 | eval { |
6d394492 | 935 | foreach my $k (keys %ENV) { |
8dfca17e | 936 | next if $k eq 'PVE_VNC_TICKET'; |
b0d4b407 | 937 | next if $k eq 'PATH' || $k eq 'TERM' || $k eq 'USER' || $k eq 'HOME' || $k eq 'LANG' || $k eq 'LANGUAGE'; |
6d394492 DM |
938 | delete $ENV{$k}; |
939 | } | |
940 | $ENV{PWD} = '/'; | |
941 | ||
b0d4b407 | 942 | PVE::Tools::run_command($cmd, errmsg => "vncterm failed", keeplocale => 1); |
6d394492 DM |
943 | }; |
944 | if (my $err = $@) { | |
945 | syslog ('err', $err); | |
aff192e6 DM |
946 | } |
947 | ||
948 | return; | |
949 | }; | |
950 | ||
951 | my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd); | |
f9d26e09 | 952 | |
6806a0f8 | 953 | PVE::Tools::wait_for_vnc_port($port); |
aff192e6 DM |
954 | |
955 | return { | |
956 | user => $user, | |
957 | ticket => $ticket, | |
f9d26e09 TL |
958 | port => $port, |
959 | upid => $upid, | |
960 | cert => $sslcert, | |
aff192e6 DM |
961 | }; |
962 | }}); | |
963 | ||
4b168c27 DC |
964 | __PACKAGE__->register_method ({ |
965 | name => 'termproxy', | |
966 | path => 'termproxy', | |
967 | method => 'POST', | |
968 | protected => 1, | |
969 | permissions => { | |
970 | description => "Restricted to users on realm 'pam'", | |
971 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], | |
972 | }, | |
973 | description => "Creates a VNC Shell proxy.", | |
974 | parameters => { | |
975 | additionalProperties => 0, | |
976 | properties => { | |
977 | node => get_standard_option('pve-node'), | |
978 | upgrade => { | |
979 | type => 'boolean', | |
2d39fd70 | 980 | description => "Deprecated, use the 'cmd' property instead! Run 'apt-get dist-upgrade' instead of normal shell.", |
4b168c27 DC |
981 | optional => 1, |
982 | default => 0, | |
983 | }, | |
d03d7e1e TM |
984 | cmd => { |
985 | type => 'string', | |
986 | description => "Run specific command or default to login.", | |
dab7a849 | 987 | enum => [keys %$shell_cmd_map], |
d03d7e1e TM |
988 | optional => 1, |
989 | default => 'login', | |
990 | }, | |
4b168c27 DC |
991 | }, |
992 | }, | |
993 | returns => { | |
994 | additionalProperties => 0, | |
995 | properties => { | |
996 | user => { type => 'string' }, | |
997 | ticket => { type => 'string' }, | |
998 | port => { type => 'integer' }, | |
999 | upid => { type => 'string' }, | |
1000 | }, | |
1001 | }, | |
1002 | code => sub { | |
1003 | my ($param) = @_; | |
1004 | ||
1005 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1006 | ||
1007 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user()); | |
1008 | ||
1009 | raise_perm_exc("realm != pam") if $realm ne 'pam'; | |
1010 | ||
1011 | my $node = $param->{node}; | |
1012 | ||
1013 | my $authpath = "/nodes/$node"; | |
1014 | ||
1015 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath); | |
1016 | ||
1017 | my ($remip, $family); | |
1018 | ||
1019 | if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) { | |
1020 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); | |
1021 | } else { | |
1022 | $family = PVE::Tools::get_host_address_family($node); | |
1023 | } | |
1024 | ||
1025 | my $port = PVE::Tools::next_vnc_port($family); | |
1026 | ||
1027 | my $remcmd = $remip ? | |
1028 | ['/usr/bin/ssh', '-e', 'none', '-t', $remip , '--'] : []; | |
2d39fd70 | 1029 | # FIXME: remove with 6.0 |
d03d7e1e TM |
1030 | if ($param->{upgrade}) { |
1031 | $param->{cmd} = 'upgrade'; | |
4b168c27 | 1032 | } |
d03d7e1e | 1033 | my $shcmd = get_shell_command($user, $param->{cmd}); |
4b168c27 DC |
1034 | |
1035 | my $realcmd = sub { | |
1036 | my $upid = shift; | |
1037 | ||
1038 | syslog ('info', "starting termproxy $upid\n"); | |
1039 | ||
1040 | my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath, | |
1041 | '--perm', 'Sys.Console', '--']; | |
d03d7e1e | 1042 | push @$cmd, @$remcmd, @$shcmd; |
4b168c27 DC |
1043 | |
1044 | PVE::Tools::run_command($cmd); | |
1045 | }; | |
1046 | ||
1047 | my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd); | |
1048 | ||
1049 | PVE::Tools::wait_for_vnc_port($port); | |
1050 | ||
1051 | return { | |
1052 | user => $user, | |
1053 | ticket => $ticket, | |
1054 | port => $port, | |
1055 | upid => $upid, | |
1056 | }; | |
1057 | }}); | |
1058 | ||
8dfca17e DM |
1059 | __PACKAGE__->register_method({ |
1060 | name => 'vncwebsocket', | |
1061 | path => 'vncwebsocket', | |
1062 | method => 'GET', | |
f9d26e09 | 1063 | permissions => { |
8dfca17e DM |
1064 | description => "Restricted to users on realm 'pam'. You also need to pass a valid ticket (vncticket).", |
1065 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], | |
1066 | }, | |
1067 | description => "Opens a weksocket for VNC traffic.", | |
1068 | parameters => { | |
1069 | additionalProperties => 0, | |
1070 | properties => { | |
1071 | node => get_standard_option('pve-node'), | |
1072 | vncticket => { | |
1073 | description => "Ticket from previous call to vncproxy.", | |
1074 | type => 'string', | |
1075 | maxLength => 512, | |
1076 | }, | |
1077 | port => { | |
1078 | description => "Port number returned by previous vncproxy call.", | |
1079 | type => 'integer', | |
1080 | minimum => 5900, | |
1081 | maximum => 5999, | |
1082 | }, | |
1083 | }, | |
1084 | }, | |
1085 | returns => { | |
1086 | type => "object", | |
1087 | properties => { | |
1088 | port => { type => 'string' }, | |
1089 | }, | |
1090 | }, | |
1091 | code => sub { | |
1092 | my ($param) = @_; | |
1093 | ||
1094 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1095 | ||
1096 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user()); | |
1097 | ||
f9d26e09 | 1098 | raise_perm_exc("realm != pam") if $realm ne 'pam'; |
8dfca17e DM |
1099 | |
1100 | my $authpath = "/nodes/$param->{node}"; | |
1101 | ||
1102 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $user, $authpath); | |
1103 | ||
1104 | my $port = $param->{port}; | |
f9d26e09 | 1105 | |
8dfca17e DM |
1106 | return { port => $port }; |
1107 | }}); | |
1108 | ||
2d802f8c | 1109 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
1110 | name => 'spiceshell', |
1111 | path => 'spiceshell', | |
2d802f8c DM |
1112 | method => 'POST', |
1113 | protected => 1, | |
1114 | proxyto => 'node', | |
1115 | permissions => { | |
1116 | description => "Restricted to users on realm 'pam'", | |
1117 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], | |
1118 | }, | |
7774df78 | 1119 | description => "Creates a SPICE shell.", |
2d802f8c DM |
1120 | parameters => { |
1121 | additionalProperties => 0, | |
1122 | properties => { | |
1123 | node => get_standard_option('pve-node'), | |
7774df78 | 1124 | proxy => get_standard_option('spice-proxy', { optional => 1 }), |
2d802f8c DM |
1125 | upgrade => { |
1126 | type => 'boolean', | |
2d39fd70 | 1127 | description => "Deprecated, use the 'cmd' property instead! Run 'apt-get dist-upgrade' instead of normal shell.", |
2d802f8c DM |
1128 | optional => 1, |
1129 | default => 0, | |
1130 | }, | |
d03d7e1e TM |
1131 | cmd => { |
1132 | type => 'string', | |
1133 | description => "Run specific command or default to login.", | |
dab7a849 | 1134 | enum => [keys %$shell_cmd_map], |
d03d7e1e TM |
1135 | optional => 1, |
1136 | default => 'login', | |
1137 | }, | |
2d802f8c DM |
1138 | }, |
1139 | }, | |
7774df78 | 1140 | returns => get_standard_option('remote-viewer-config'), |
2d802f8c DM |
1141 | code => sub { |
1142 | my ($param) = @_; | |
1143 | ||
1144 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1145 | my $authuser = $rpcenv->get_user(); | |
1146 | ||
1147 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($authuser); | |
1148 | ||
f9d26e09 | 1149 | raise_perm_exc("realm != pam") if $realm ne 'pam'; |
2d802f8c DM |
1150 | |
1151 | raise_perm_exc('user != root@pam') if $param->{upgrade} && $user ne 'root@pam'; | |
1152 | ||
1153 | my $node = $param->{node}; | |
1154 | my $proxy = $param->{proxy}; | |
2d802f8c DM |
1155 | |
1156 | my $authpath = "/nodes/$node"; | |
b289829f | 1157 | my $permissions = 'Sys.Console'; |
2d39fd70 | 1158 | # FIXME: remove with 6.0 |
d03d7e1e TM |
1159 | if ($param->{upgrade}) { |
1160 | $param->{cmd} = 'upgrade'; | |
2d802f8c | 1161 | } |
d03d7e1e | 1162 | my $shcmd = get_shell_command($user, $param->{cmd}); |
2d802f8c | 1163 | |
b289829f | 1164 | my $title = "Shell on '$node'"; |
2d802f8c | 1165 | |
b289829f | 1166 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, 0, $node, $proxy, $title, $shcmd); |
2d802f8c DM |
1167 | }}); |
1168 | ||
aff192e6 | 1169 | __PACKAGE__->register_method({ |
f9d26e09 TL |
1170 | name => 'dns', |
1171 | path => 'dns', | |
aff192e6 DM |
1172 | method => 'GET', |
1173 | permissions => { | |
7d020b42 | 1174 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
1175 | }, |
1176 | description => "Read DNS settings.", | |
1177 | proxyto => 'node', | |
1178 | parameters => { | |
1179 | additionalProperties => 0, | |
1180 | properties => { | |
1181 | node => get_standard_option('pve-node'), | |
1182 | }, | |
1183 | }, | |
1184 | returns => { | |
1185 | type => "object", | |
1186 | additionalProperties => 0, | |
1187 | properties => { | |
1188 | search => { | |
1189 | description => "Search domain for host-name lookup.", | |
1190 | type => 'string', | |
1191 | optional => 1, | |
1192 | }, | |
1193 | dns1 => { | |
1194 | description => 'First name server IP address.', | |
1195 | type => 'string', | |
1196 | optional => 1, | |
f9d26e09 | 1197 | }, |
aff192e6 DM |
1198 | dns2 => { |
1199 | description => 'Second name server IP address.', | |
1200 | type => 'string', | |
1201 | optional => 1, | |
f9d26e09 | 1202 | }, |
aff192e6 DM |
1203 | dns3 => { |
1204 | description => 'Third name server IP address.', | |
1205 | type => 'string', | |
1206 | optional => 1, | |
f9d26e09 | 1207 | }, |
aff192e6 DM |
1208 | }, |
1209 | }, | |
1210 | code => sub { | |
1211 | my ($param) = @_; | |
1212 | ||
1213 | my $res = PVE::INotify::read_file('resolvconf'); | |
1214 | ||
1215 | return $res; | |
1216 | }}); | |
1217 | ||
1218 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
1219 | name => 'update_dns', |
1220 | path => 'dns', | |
aff192e6 DM |
1221 | method => 'PUT', |
1222 | description => "Write DNS settings.", | |
d0289a19 DM |
1223 | permissions => { |
1224 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
1225 | }, | |
aff192e6 DM |
1226 | proxyto => 'node', |
1227 | protected => 1, | |
1228 | parameters => { | |
1229 | additionalProperties => 0, | |
1230 | properties => { | |
1231 | node => get_standard_option('pve-node'), | |
1232 | search => { | |
1233 | description => "Search domain for host-name lookup.", | |
1234 | type => 'string', | |
1235 | }, | |
1236 | dns1 => { | |
1237 | description => 'First name server IP address.', | |
7a9486a7 | 1238 | type => 'string', format => 'ip', |
aff192e6 | 1239 | optional => 1, |
f9d26e09 | 1240 | }, |
aff192e6 DM |
1241 | dns2 => { |
1242 | description => 'Second name server IP address.', | |
7a9486a7 | 1243 | type => 'string', format => 'ip', |
aff192e6 | 1244 | optional => 1, |
f9d26e09 | 1245 | }, |
aff192e6 DM |
1246 | dns3 => { |
1247 | description => 'Third name server IP address.', | |
7a9486a7 | 1248 | type => 'string', format => 'ip', |
aff192e6 | 1249 | optional => 1, |
f9d26e09 | 1250 | }, |
aff192e6 DM |
1251 | }, |
1252 | }, | |
1253 | returns => { type => "null" }, | |
1254 | code => sub { | |
1255 | my ($param) = @_; | |
1256 | ||
1257 | PVE::INotify::update_file('resolvconf', $param); | |
1258 | ||
1259 | return undef; | |
1260 | }}); | |
1261 | ||
1262 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
1263 | name => 'time', |
1264 | path => 'time', | |
aff192e6 DM |
1265 | method => 'GET', |
1266 | permissions => { | |
7d020b42 DM |
1267 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
1268 | }, | |
aff192e6 DM |
1269 | description => "Read server time and time zone settings.", |
1270 | proxyto => 'node', | |
1271 | parameters => { | |
1272 | additionalProperties => 0, | |
1273 | properties => { | |
1274 | node => get_standard_option('pve-node'), | |
1275 | }, | |
1276 | }, | |
1277 | returns => { | |
1278 | type => "object", | |
1279 | additionalProperties => 0, | |
1280 | properties => { | |
1281 | timezone => { | |
1282 | description => "Time zone", | |
1283 | type => 'string', | |
1284 | }, | |
1285 | time => { | |
1286 | description => "Seconds since 1970-01-01 00:00:00 UTC.", | |
1287 | type => 'integer', | |
1288 | minimum => 1297163644, | |
bed5fdfc | 1289 | renderer => 'timestamp', |
aff192e6 DM |
1290 | }, |
1291 | localtime => { | |
1292 | description => "Seconds since 1970-01-01 00:00:00 (local time)", | |
1293 | type => 'integer', | |
1294 | minimum => 1297163644, | |
bed5fdfc | 1295 | renderer => 'timestamp_gmt', |
aff192e6 DM |
1296 | }, |
1297 | }, | |
1298 | }, | |
1299 | code => sub { | |
1300 | my ($param) = @_; | |
1301 | ||
1302 | my $ctime = time(); | |
1303 | my $ltime = timegm_nocheck(localtime($ctime)); | |
1304 | my $res = { | |
1305 | timezone => PVE::INotify::read_file('timezone'), | |
bed5fdfc | 1306 | time => $ctime, |
aff192e6 DM |
1307 | localtime => $ltime, |
1308 | }; | |
1309 | ||
1310 | return $res; | |
1311 | }}); | |
1312 | ||
1313 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
1314 | name => 'set_timezone', |
1315 | path => 'time', | |
aff192e6 DM |
1316 | method => 'PUT', |
1317 | description => "Set time zone.", | |
d0289a19 DM |
1318 | permissions => { |
1319 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
1320 | }, | |
aff192e6 DM |
1321 | proxyto => 'node', |
1322 | protected => 1, | |
1323 | parameters => { | |
1324 | additionalProperties => 0, | |
1325 | properties => { | |
1326 | node => get_standard_option('pve-node'), | |
1327 | timezone => { | |
1328 | description => "Time zone. The file '/usr/share/zoneinfo/zone.tab' contains the list of valid names.", | |
1329 | type => 'string', | |
1330 | }, | |
1331 | }, | |
1332 | }, | |
1333 | returns => { type => "null" }, | |
1334 | code => sub { | |
1335 | my ($param) = @_; | |
1336 | ||
1337 | PVE::INotify::write_file('timezone', $param->{timezone}); | |
1338 | ||
1339 | return undef; | |
1340 | }}); | |
1341 | ||
c9164975 | 1342 | __PACKAGE__->register_method({ |
f9d26e09 TL |
1343 | name => 'aplinfo', |
1344 | path => 'aplinfo', | |
c9164975 DM |
1345 | method => 'GET', |
1346 | permissions => { | |
1347 | user => 'all', | |
1348 | }, | |
1349 | description => "Get list of appliances.", | |
1350 | proxyto => 'node', | |
1351 | parameters => { | |
1352 | additionalProperties => 0, | |
1353 | properties => { | |
1354 | node => get_standard_option('pve-node'), | |
1355 | }, | |
1356 | }, | |
1357 | returns => { | |
1358 | type => 'array', | |
1359 | items => { | |
1360 | type => "object", | |
1361 | properties => {}, | |
1362 | }, | |
1363 | }, | |
1364 | code => sub { | |
1365 | my ($param) = @_; | |
1366 | ||
1367 | my $res = []; | |
1368 | ||
1369 | my $list = PVE::APLInfo::load_data(); | |
1370 | ||
1371 | foreach my $template (keys %{$list->{all}}) { | |
1372 | my $pd = $list->{all}->{$template}; | |
1373 | next if $pd->{'package'} eq 'pve-web-news'; | |
1374 | push @$res, $pd; | |
1375 | } | |
1376 | ||
1377 | return $res; | |
1378 | }}); | |
1379 | ||
0532bd28 | 1380 | __PACKAGE__->register_method({ |
f9d26e09 TL |
1381 | name => 'apl_download', |
1382 | path => 'aplinfo', | |
0532bd28 DM |
1383 | method => 'POST', |
1384 | permissions => { | |
1385 | check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']], | |
1386 | }, | |
1387 | description => "Download appliance templates.", | |
1388 | proxyto => 'node', | |
1389 | protected => 1, | |
1390 | parameters => { | |
1391 | additionalProperties => 0, | |
1392 | properties => { | |
1393 | node => get_standard_option('pve-node'), | |
82282acf | 1394 | storage => get_standard_option('pve-storage-id', { |
62180d0f | 1395 | description => "The storage where the template will be stored", |
82282acf WL |
1396 | completion => \&PVE::Storage::complete_storage_enabled, |
1397 | }), | |
1398 | template => { type => 'string', | |
1399 | description => "The template wich will downloaded", | |
1400 | maxLength => 255, | |
1401 | completion => \&complete_templet_repo, | |
1402 | }, | |
0532bd28 DM |
1403 | }, |
1404 | }, | |
1405 | returns => { type => "string" }, | |
1406 | code => sub { | |
1407 | my ($param) = @_; | |
1408 | ||
1409 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1410 | ||
1411 | my $user = $rpcenv->get_user(); | |
1412 | ||
1413 | my $node = $param->{node}; | |
1414 | ||
1415 | my $list = PVE::APLInfo::load_data(); | |
1416 | ||
1417 | my $template = $param->{template}; | |
1418 | my $pd = $list->{all}->{$template}; | |
1419 | ||
1420 | raise_param_exc({ template => "no such template"}) if !$pd; | |
1421 | ||
bbcfdc08 | 1422 | my $cfg = PVE::Storage::config(); |
0532bd28 DM |
1423 | my $scfg = PVE::Storage::storage_check_enabled($cfg, $param->{storage}, $node); |
1424 | ||
761a2b31 DM |
1425 | die "unknown template type '$pd->{type}'\n" |
1426 | if !($pd->{type} eq 'openvz' || $pd->{type} eq 'lxc'); | |
0532bd28 | 1427 | |
f9d26e09 | 1428 | die "storage '$param->{storage}' does not support templates\n" |
0532bd28 DM |
1429 | if !$scfg->{content}->{vztmpl}; |
1430 | ||
1431 | my $src = $pd->{location}; | |
1432 | my $tmpldir = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage}); | |
1433 | my $dest = "$tmpldir/$template"; | |
1434 | my $tmpdest = "$tmpldir/${template}.tmp.$$"; | |
1435 | ||
1436 | my $worker = sub { | |
1437 | my $upid = shift; | |
f9d26e09 | 1438 | |
0532bd28 DM |
1439 | print "starting template download from: $src\n"; |
1440 | print "target file: $dest\n"; | |
1441 | ||
3b81e495 FG |
1442 | my $check_hash = sub { |
1443 | my ($template_info, $filename, $noerr) = @_; | |
1444 | ||
1445 | my $digest; | |
1446 | my $expected; | |
1447 | ||
1448 | eval { | |
79be6db3 FG |
1449 | open(my $fh, '<', $filename) or die "Can't open '$filename': $!"; |
1450 | binmode($fh); | |
95f99e8c FG |
1451 | if (defined($template_info->{sha512sum})) { |
1452 | $expected = $template_info->{sha512sum}; | |
79be6db3 | 1453 | $digest = Digest::SHA->new(512)->addfile($fh)->hexdigest; |
95f99e8c | 1454 | } elsif (defined($template_info->{md5sum})) { |
3b81e495 | 1455 | #fallback to MD5 |
95f99e8c | 1456 | $expected = $template_info->{md5sum}; |
3b81e495 | 1457 | $digest = Digest::MD5->new->addfile($fh)->hexdigest; |
3b81e495 FG |
1458 | } else { |
1459 | die "no expected checksum defined"; | |
1460 | } | |
79be6db3 | 1461 | close($fh); |
3b81e495 FG |
1462 | }; |
1463 | ||
1464 | die "checking hash failed - $@\n" if $@ && !$noerr; | |
0532bd28 | 1465 | |
3b81e495 FG |
1466 | return ($digest, $digest ? lc($digest) eq lc($expected) : 0); |
1467 | }; | |
1468 | ||
1469 | eval { | |
0532bd28 | 1470 | if (-f $dest) { |
3b81e495 | 1471 | my ($hash, $correct) = &$check_hash($pd, $dest, 1); |
0532bd28 | 1472 | |
3b81e495 FG |
1473 | if ($hash && $correct) { |
1474 | print "file already exists $hash - no need to download\n"; | |
0532bd28 DM |
1475 | return; |
1476 | } | |
1477 | } | |
1478 | ||
1479 | local %ENV; | |
1480 | my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
1481 | if ($dccfg->{http_proxy}) { | |
1482 | $ENV{http_proxy} = $dccfg->{http_proxy}; | |
1483 | } | |
1484 | ||
1485 | my @cmd = ('/usr/bin/wget', '--progress=dot:mega', '-O', $tmpdest, $src); | |
1486 | if (system (@cmd) != 0) { | |
1487 | die "download failed - $!\n"; | |
1488 | } | |
1489 | ||
3b81e495 FG |
1490 | my ($hash, $correct) = &$check_hash($pd, $tmpdest); |
1491 | ||
1492 | die "could not calculate checksum\n" if !$hash; | |
f9d26e09 | 1493 | |
3b81e495 FG |
1494 | if (!$correct) { |
1495 | my $expected = $pd->{sha512sum} // $pd->{md5sum}; | |
1496 | die "wrong checksum: $hash != $expected\n"; | |
0532bd28 DM |
1497 | } |
1498 | ||
c351eda9 | 1499 | if (!rename($tmpdest, $dest)) { |
0532bd28 DM |
1500 | die "unable to save file - $!\n"; |
1501 | } | |
1502 | }; | |
1503 | my $err = $@; | |
1504 | ||
1505 | unlink $tmpdest; | |
1506 | ||
1507 | if ($err) { | |
1508 | print "\n"; | |
1509 | die $err if $err; | |
1510 | } | |
1511 | ||
1512 | print "download finished\n"; | |
1513 | }; | |
1514 | ||
1515 | return $rpcenv->fork_worker('download', undef, $user, $worker); | |
1516 | }}); | |
1517 | ||
34ada77a EK |
1518 | __PACKAGE__->register_method({ |
1519 | name => 'report', | |
1520 | path => 'report', | |
1521 | method => 'GET', | |
1522 | permissions => { | |
1523 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
1524 | }, | |
6bbdf981 | 1525 | protected => 1, |
34ada77a EK |
1526 | description => "Gather various systems information about a node", |
1527 | proxyto => 'node', | |
1528 | parameters => { | |
1529 | additionalProperties => 0, | |
1530 | properties => { | |
1531 | node => get_standard_option('pve-node'), | |
1532 | }, | |
1533 | }, | |
1534 | returns => { | |
cdb5a209 | 1535 | type => 'string', |
34ada77a EK |
1536 | }, |
1537 | code => sub { | |
cdb5a209 | 1538 | return PVE::Report::generate(); |
34ada77a | 1539 | }}); |
0532bd28 | 1540 | |
b72cdbb7 TL |
1541 | # returns a list of VMIDs, those can be filtered by |
1542 | # * current parent node | |
1543 | # * vmid whitelist | |
1544 | # * guest is a template (default: skip) | |
1545 | # * guest is HA manged (default: skip) | |
1546 | my $get_filtered_vmlist = sub { | |
1547 | my ($nodename, $vmfilter, $templates, $ha_managed) = @_; | |
b92400b6 | 1548 | |
b92400b6 DM |
1549 | my $vmlist = PVE::Cluster::get_vmlist(); |
1550 | ||
b72cdbb7 | 1551 | my $vms_allowed = {}; |
2a498506 | 1552 | if (defined($vmfilter)) { |
2a498506 | 1553 | foreach my $vmid (PVE::Tools::split_list($vmfilter)) { |
b72cdbb7 | 1554 | $vms_allowed->{$vmid} = 1; |
2a498506 DC |
1555 | } |
1556 | } | |
1557 | ||
b72cdbb7 | 1558 | my $res = {}; |
b92400b6 | 1559 | foreach my $vmid (keys %{$vmlist->{ids}}) { |
b72cdbb7 | 1560 | next if %$vms_allowed && !$vms_allowed->{$vmid}; |
b92400b6 | 1561 | |
b72cdbb7 TL |
1562 | my $d = $vmlist->{ids}->{$vmid}; |
1563 | next if $nodename && $d->{node} ne $nodename; | |
b92400b6 | 1564 | |
b72cdbb7 TL |
1565 | eval { |
1566 | my $class; | |
2c27e4b7 | 1567 | if ($d->{type} eq 'lxc') { |
b72cdbb7 | 1568 | $class = 'PVE::LXC::Config'; |
2c27e4b7 | 1569 | } elsif ($d->{type} eq 'qemu') { |
b72cdbb7 | 1570 | $class = 'PVE::QemuConfig'; |
b92400b6 DM |
1571 | } else { |
1572 | die "unknown VM type '$d->{type}'\n"; | |
1573 | } | |
1574 | ||
b72cdbb7 TL |
1575 | my $conf = $class->load_config($vmid); |
1576 | return if !$templates && $class->is_template($conf); | |
1577 | return if !$ha_managed && PVE::HA::Config::vm_is_ha_managed($vmid); | |
04b2004b | 1578 | |
b2bb6d77 | 1579 | $res->{$vmid}->{conf} = $conf; |
b72cdbb7 | 1580 | $res->{$vmid}->{type} = $d->{type}; |
1c8dc310 | 1581 | $res->{$vmid}->{class} = $class; |
b92400b6 DM |
1582 | }; |
1583 | warn $@ if $@; | |
1584 | } | |
1585 | ||
b72cdbb7 TL |
1586 | return $res; |
1587 | }; | |
1588 | ||
1589 | # return all VMs which should get started/stopped on power up/down | |
1590 | my $get_start_stop_list = sub { | |
1591 | my ($nodename, $autostart, $vmfilter) = @_; | |
1592 | ||
ae9d10ca TL |
1593 | # do not skip HA vms on force or if a specific VMID set is wanted |
1594 | my $include_ha_managed = defined($vmfilter) ? 1 : 0; | |
1595 | ||
1596 | my $vmlist = &$get_filtered_vmlist($nodename, $vmfilter, undef, $include_ha_managed); | |
b72cdbb7 TL |
1597 | |
1598 | my $resList = {}; | |
1599 | foreach my $vmid (keys %$vmlist) { | |
b2bb6d77 | 1600 | my $conf = $vmlist->{$vmid}->{conf}; |
b72cdbb7 TL |
1601 | |
1602 | next if $autostart && !$conf->{onboot}; | |
1603 | ||
1604 | my $startup = {}; | |
1605 | if ($conf->{startup}) { | |
1606 | $startup = PVE::JSONSchema::pve_parse_startup_order($conf->{startup}); | |
1607 | } | |
1608 | ||
1609 | $startup->{order} = LONG_MAX if !defined($startup->{order}); | |
1610 | ||
1611 | $resList->{$startup->{order}}->{$vmid} = $startup; | |
23b54109 | 1612 | $resList->{$startup->{order}}->{$vmid}->{type} = $vmlist->{$vmid}->{type}; |
b72cdbb7 TL |
1613 | } |
1614 | ||
b92400b6 DM |
1615 | return $resList; |
1616 | }; | |
1617 | ||
1c8dc310 TL |
1618 | my $remove_locks_on_startup = sub { |
1619 | my ($nodename) = @_; | |
1620 | ||
1621 | my $vmlist = &$get_filtered_vmlist($nodename, undef, undef, 1); | |
1622 | ||
1623 | foreach my $vmid (keys %$vmlist) { | |
1624 | my $conf = $vmlist->{$vmid}->{conf}; | |
23b54109 | 1625 | my $class = $vmlist->{$vmid}->{class}; |
1c8dc310 TL |
1626 | |
1627 | eval { | |
1628 | if ($class->has_lock($conf, 'backup')) { | |
1629 | $class->remove_lock($vmid, 'backup'); | |
1630 | my $msg = "removed left over backup lock from '$vmid'!"; | |
1631 | warn "$msg\n"; # prints to task log | |
1632 | syslog('warning', $msg); | |
1633 | } | |
1634 | }; warn $@ if $@; | |
1635 | } | |
1636 | }; | |
1637 | ||
b92400b6 | 1638 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
1639 | name => 'startall', |
1640 | path => 'startall', | |
b92400b6 DM |
1641 | method => 'POST', |
1642 | protected => 1, | |
17e3b3b2 CS |
1643 | permissions => { |
1644 | check => ['perm', '/', [ 'VM.PowerMgmt' ]], | |
1645 | }, | |
9c8a09a7 | 1646 | proxyto => 'node', |
b92400b6 DM |
1647 | description => "Start all VMs and containers (when onboot=1).", |
1648 | parameters => { | |
1649 | additionalProperties => 0, | |
1650 | properties => { | |
1651 | node => get_standard_option('pve-node'), | |
c09c7160 AD |
1652 | force => { |
1653 | optional => 1, | |
1654 | type => 'boolean', | |
1655 | description => "force if onboot=0.", | |
1656 | }, | |
2a498506 DC |
1657 | vms => { |
1658 | description => "Only consider Guests with these IDs.", | |
1659 | type => 'string', format => 'pve-vmid-list', | |
1660 | optional => 1, | |
1661 | }, | |
b92400b6 DM |
1662 | }, |
1663 | }, | |
1664 | returns => { | |
1665 | type => 'string', | |
1666 | }, | |
1667 | code => sub { | |
1668 | my ($param) = @_; | |
1669 | ||
1670 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1671 | my $authuser = $rpcenv->get_user(); | |
1672 | ||
1673 | my $nodename = $param->{node}; | |
1674 | $nodename = PVE::INotify::nodename() if $nodename eq 'localhost'; | |
1675 | ||
c09c7160 AD |
1676 | my $force = $param->{force}; |
1677 | ||
b92400b6 DM |
1678 | my $code = sub { |
1679 | ||
1680 | $rpcenv->{type} = 'priv'; # to start tasks in background | |
1681 | ||
3947d0a0 DM |
1682 | if (!PVE::Cluster::check_cfs_quorum(1)) { |
1683 | print "waiting for quorum ...\n"; | |
1684 | do { | |
1685 | sleep(1); | |
1686 | } while (!PVE::Cluster::check_cfs_quorum(1)); | |
1687 | print "got quorum\n"; | |
b92400b6 | 1688 | } |
1c8dc310 TL |
1689 | |
1690 | eval { # remove backup locks, but avoid running into a scheduled backup job | |
1691 | PVE::Tools::lock_file('/var/run/vzdump.lock', 10, $remove_locks_on_startup, $nodename); | |
1692 | }; warn $@ if $@; | |
1693 | ||
c09c7160 | 1694 | my $autostart = $force ? undef : 1; |
2a498506 | 1695 | my $startList = &$get_start_stop_list($nodename, $autostart, $param->{vms}); |
3f12bcfb DM |
1696 | |
1697 | # Note: use numeric sorting with <=> | |
5eec2b04 | 1698 | foreach my $order (sort {$a <=> $b} keys %$startList) { |
b92400b6 DM |
1699 | my $vmlist = $startList->{$order}; |
1700 | ||
3f12bcfb | 1701 | foreach my $vmid (sort {$a <=> $b} keys %$vmlist) { |
b92400b6 DM |
1702 | my $d = $vmlist->{$vmid}; |
1703 | ||
1704 | PVE::Cluster::check_cfs_quorum(); # abort when we loose quorum | |
b72cdbb7 | 1705 | |
b92400b6 DM |
1706 | eval { |
1707 | my $default_delay = 0; | |
1708 | my $upid; | |
c6bb5891 | 1709 | my $typeText = ''; |
b92400b6 | 1710 | |
2c27e4b7 | 1711 | if ($d->{type} eq 'lxc') { |
c6bb5891 | 1712 | $typeText = 'CT'; |
2c27e4b7 DM |
1713 | return if PVE::LXC::check_running($vmid); |
1714 | print STDERR "Starting CT $vmid\n"; | |
1b5e56f2 | 1715 | $upid = PVE::API2::LXC::Status->vm_start({node => $nodename, vmid => $vmid }); |
2c27e4b7 | 1716 | } elsif ($d->{type} eq 'qemu') { |
c6bb5891 | 1717 | $typeText = 'VM'; |
d6c49392 | 1718 | $default_delay = 3; # to reduce load |
b92400b6 DM |
1719 | return if PVE::QemuServer::check_running($vmid, 1); |
1720 | print STDERR "Starting VM $vmid\n"; | |
1721 | $upid = PVE::API2::Qemu->vm_start({node => $nodename, vmid => $vmid }); | |
1722 | } else { | |
1723 | die "unknown VM type '$d->{type}'\n"; | |
1724 | } | |
1725 | ||
1726 | my $res = PVE::Tools::upid_decode($upid); | |
1727 | while (PVE::ProcFSTools::check_process_running($res->{pid})) { | |
1728 | sleep(1); | |
1729 | } | |
1730 | ||
1731 | my $status = PVE::Tools::upid_read_status($upid); | |
1732 | if ($status eq 'OK') { | |
1733 | # use default delay to reduce load | |
1734 | my $delay = defined($d->{up}) ? int($d->{up}) : $default_delay; | |
1735 | if ($delay > 0) { | |
1736 | print STDERR "Waiting for $delay seconds (startup delay)\n" if $d->{up}; | |
1737 | for (my $i = 0; $i < $delay; $i++) { | |
1738 | sleep(1); | |
1739 | } | |
1740 | } | |
1741 | } else { | |
c6bb5891 | 1742 | print STDERR "Starting $typeText $vmid failed: $status\n"; |
b92400b6 DM |
1743 | } |
1744 | }; | |
1745 | warn $@ if $@; | |
1746 | } | |
1747 | } | |
1748 | return; | |
1749 | }; | |
1750 | ||
1751 | return $rpcenv->fork_worker('startall', undef, $authuser, $code); | |
1752 | }}); | |
1753 | ||
1754 | my $create_stop_worker = sub { | |
1755 | my ($nodename, $type, $vmid, $down_timeout) = @_; | |
1756 | ||
1757 | my $upid; | |
2c27e4b7 DM |
1758 | if ($type eq 'lxc') { |
1759 | return if !PVE::LXC::check_running($vmid); | |
1760 | my $timeout = defined($down_timeout) ? int($down_timeout) : 60; | |
1761 | print STDERR "Stopping CT $vmid (timeout = $timeout seconds)\n"; | |
1b5e56f2 | 1762 | $upid = PVE::API2::LXC::Status->vm_shutdown({node => $nodename, vmid => $vmid, |
2c27e4b7 DM |
1763 | timeout => $timeout, forceStop => 1 }); |
1764 | } elsif ($type eq 'qemu') { | |
b92400b6 DM |
1765 | return if !PVE::QemuServer::check_running($vmid, 1); |
1766 | my $timeout = defined($down_timeout) ? int($down_timeout) : 60*3; | |
88ba9a1d | 1767 | print STDERR "Stopping VM $vmid (timeout = $timeout seconds)\n"; |
f9d26e09 | 1768 | $upid = PVE::API2::Qemu->vm_shutdown({node => $nodename, vmid => $vmid, |
b92400b6 DM |
1769 | timeout => $timeout, forceStop => 1 }); |
1770 | } else { | |
1771 | die "unknown VM type '$type'\n"; | |
1772 | } | |
1773 | ||
37bec895 | 1774 | return $upid; |
b92400b6 DM |
1775 | }; |
1776 | ||
1777 | __PACKAGE__->register_method ({ | |
f9d26e09 TL |
1778 | name => 'stopall', |
1779 | path => 'stopall', | |
b92400b6 DM |
1780 | method => 'POST', |
1781 | protected => 1, | |
17e3b3b2 CS |
1782 | permissions => { |
1783 | check => ['perm', '/', [ 'VM.PowerMgmt' ]], | |
1784 | }, | |
9c8a09a7 | 1785 | proxyto => 'node', |
b92400b6 DM |
1786 | description => "Stop all VMs and Containers.", |
1787 | parameters => { | |
1788 | additionalProperties => 0, | |
1789 | properties => { | |
1790 | node => get_standard_option('pve-node'), | |
2a498506 DC |
1791 | vms => { |
1792 | description => "Only consider Guests with these IDs.", | |
1793 | type => 'string', format => 'pve-vmid-list', | |
1794 | optional => 1, | |
1795 | }, | |
b92400b6 DM |
1796 | }, |
1797 | }, | |
1798 | returns => { | |
1799 | type => 'string', | |
1800 | }, | |
1801 | code => sub { | |
1802 | my ($param) = @_; | |
1803 | ||
1804 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1805 | my $authuser = $rpcenv->get_user(); | |
1806 | ||
1807 | my $nodename = $param->{node}; | |
1808 | $nodename = PVE::INotify::nodename() if $nodename eq 'localhost'; | |
1809 | ||
1810 | my $code = sub { | |
1811 | ||
1812 | $rpcenv->{type} = 'priv'; # to start tasks in background | |
1813 | ||
2a498506 | 1814 | my $stopList = &$get_start_stop_list($nodename, undef, $param->{vms}); |
b92400b6 DM |
1815 | |
1816 | my $cpuinfo = PVE::ProcFSTools::read_cpuinfo(); | |
89ceb802 TL |
1817 | my $datacenterconfig = cfs_read_file('datacenter.cfg'); |
1818 | # if not set by user spawn max cpu count number of workers | |
1819 | my $maxWorkers = $datacenterconfig->{max_workers} || $cpuinfo->{cpus}; | |
b92400b6 DM |
1820 | |
1821 | foreach my $order (sort {$b <=> $a} keys %$stopList) { | |
1822 | my $vmlist = $stopList->{$order}; | |
1823 | my $workers = {}; | |
37bec895 DM |
1824 | |
1825 | my $finish_worker = sub { | |
1826 | my $pid = shift; | |
1827 | my $d = $workers->{$pid}; | |
1828 | return if !$d; | |
1829 | delete $workers->{$pid}; | |
1830 | ||
1831 | syslog('info', "end task $d->{upid}"); | |
1832 | }; | |
1833 | ||
b92400b6 DM |
1834 | foreach my $vmid (sort {$b <=> $a} keys %$vmlist) { |
1835 | my $d = $vmlist->{$vmid}; | |
37bec895 DM |
1836 | my $upid; |
1837 | eval { $upid = &$create_stop_worker($nodename, $d->{type}, $vmid, $d->{down}); }; | |
b92400b6 | 1838 | warn $@ if $@; |
37bec895 DM |
1839 | next if !$upid; |
1840 | ||
1841 | my $res = PVE::Tools::upid_decode($upid, 1); | |
1842 | next if !$res; | |
1843 | ||
1844 | my $pid = $res->{pid}; | |
1845 | ||
1846 | $workers->{$pid} = { type => $d->{type}, upid => $upid, vmid => $vmid }; | |
b92400b6 DM |
1847 | while (scalar(keys %$workers) >= $maxWorkers) { |
1848 | foreach my $p (keys %$workers) { | |
1849 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
37bec895 | 1850 | &$finish_worker($p); |
b92400b6 DM |
1851 | } |
1852 | } | |
1853 | sleep(1); | |
1854 | } | |
1855 | } | |
1856 | while (scalar(keys %$workers)) { | |
1857 | foreach my $p (keys %$workers) { | |
1858 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
37bec895 | 1859 | &$finish_worker($p); |
b92400b6 DM |
1860 | } |
1861 | } | |
1862 | sleep(1); | |
1863 | } | |
1864 | } | |
37bec895 DM |
1865 | |
1866 | syslog('info', "all VMs and CTs stopped"); | |
1867 | ||
b92400b6 DM |
1868 | return; |
1869 | }; | |
1870 | ||
1871 | return $rpcenv->fork_worker('stopall', undef, $authuser, $code); | |
b92400b6 DM |
1872 | }}); |
1873 | ||
9c8a09a7 AD |
1874 | my $create_migrate_worker = sub { |
1875 | my ($nodename, $type, $vmid, $target) = @_; | |
1876 | ||
1877 | my $upid; | |
2c27e4b7 DM |
1878 | if ($type eq 'lxc') { |
1879 | my $online = PVE::LXC::check_running($vmid) ? 1 : 0; | |
1880 | print STDERR "Migrating CT $vmid\n"; | |
1881 | $upid = PVE::API2::LXC->migrate_vm({node => $nodename, vmid => $vmid, target => $target, | |
e5045607 | 1882 | restart => $online }); |
2c27e4b7 | 1883 | } elsif ($type eq 'qemu') { |
9c8a09a7 AD |
1884 | my $online = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0; |
1885 | print STDERR "Migrating VM $vmid\n"; | |
1886 | $upid = PVE::API2::Qemu->migrate_vm({node => $nodename, vmid => $vmid, target => $target, | |
2c27e4b7 | 1887 | online => $online }); |
9c8a09a7 AD |
1888 | } else { |
1889 | die "unknown VM type '$type'\n"; | |
1890 | } | |
1891 | ||
1892 | my $res = PVE::Tools::upid_decode($upid); | |
1893 | ||
1894 | return $res->{pid}; | |
1895 | }; | |
1896 | ||
1897 | __PACKAGE__->register_method ({ | |
1898 | name => 'migrateall', | |
1899 | path => 'migrateall', | |
1900 | method => 'POST', | |
1901 | proxyto => 'node', | |
1902 | protected => 1, | |
17e3b3b2 CS |
1903 | permissions => { |
1904 | check => ['perm', '/', [ 'VM.Migrate' ]], | |
1905 | }, | |
9c8a09a7 AD |
1906 | description => "Migrate all VMs and Containers.", |
1907 | parameters => { | |
1908 | additionalProperties => 0, | |
1909 | properties => { | |
1910 | node => get_standard_option('pve-node'), | |
1911 | target => get_standard_option('pve-node', { description => "Target node." }), | |
1912 | maxworkers => { | |
89ceb802 TL |
1913 | description => "Maximal number of parallel migration job." . |
1914 | " If not set use 'max_workers' from datacenter.cfg," . | |
1915 | " one of both must be set!", | |
1916 | optional => 1, | |
9c8a09a7 AD |
1917 | type => 'integer', |
1918 | minimum => 1 | |
1919 | }, | |
2a498506 DC |
1920 | vms => { |
1921 | description => "Only consider Guests with these IDs.", | |
1922 | type => 'string', format => 'pve-vmid-list', | |
1923 | optional => 1, | |
1924 | }, | |
9c8a09a7 AD |
1925 | }, |
1926 | }, | |
1927 | returns => { | |
1928 | type => 'string', | |
1929 | }, | |
1930 | code => sub { | |
1931 | my ($param) = @_; | |
1932 | ||
1933 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1934 | my $authuser = $rpcenv->get_user(); | |
1935 | ||
1936 | my $nodename = $param->{node}; | |
1937 | $nodename = PVE::INotify::nodename() if $nodename eq 'localhost'; | |
1938 | ||
73981e39 DC |
1939 | my $target = $param->{target}; |
1940 | raise_param_exc({ target => "target is local node."}) if $target eq $nodename; | |
1941 | ||
1942 | PVE::Cluster::check_cfs_quorum(); | |
1943 | ||
1944 | PVE::Cluster::check_node_exists($target); | |
89ceb802 TL |
1945 | |
1946 | my $datacenterconfig = cfs_read_file('datacenter.cfg'); | |
1947 | # prefer parameter over datacenter cfg settings | |
1948 | my $maxWorkers = $param->{maxworkers} || $datacenterconfig->{max_workers} || | |
1949 | die "either 'maxworkers' parameter or max_workers in datacenter.cfg must be set!\n"; | |
9c8a09a7 AD |
1950 | |
1951 | my $code = sub { | |
9c8a09a7 AD |
1952 | $rpcenv->{type} = 'priv'; # to start tasks in background |
1953 | ||
f5c1dde5 | 1954 | my $vmlist = &$get_filtered_vmlist($nodename, $param->{vms}, 1, 1); |
9c8a09a7 | 1955 | |
f5c1dde5 TL |
1956 | my $workers = {}; |
1957 | foreach my $vmid (sort keys %$vmlist) { | |
1958 | my $d = $vmlist->{$vmid}; | |
1959 | my $pid; | |
1960 | eval { $pid = &$create_migrate_worker($nodename, $d->{type}, $vmid, $target); }; | |
1961 | warn $@ if $@; | |
1962 | next if !$pid; | |
9c8a09a7 | 1963 | |
f5c1dde5 TL |
1964 | $workers->{$pid} = 1; |
1965 | while (scalar(keys %$workers) >= $maxWorkers) { | |
9c8a09a7 AD |
1966 | foreach my $p (keys %$workers) { |
1967 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
1968 | delete $workers->{$p}; | |
1969 | } | |
1970 | } | |
1971 | sleep(1); | |
1972 | } | |
1973 | } | |
f5c1dde5 TL |
1974 | while (scalar(keys %$workers)) { |
1975 | foreach my $p (keys %$workers) { | |
1976 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
1977 | delete $workers->{$p}; | |
1978 | } | |
1979 | } | |
1980 | sleep(1); | |
1981 | } | |
9c8a09a7 AD |
1982 | return; |
1983 | }; | |
1984 | ||
1985 | return $rpcenv->fork_worker('migrateall', undef, $authuser, $code); | |
1986 | ||
1987 | }}); | |
1988 | ||
820d0458 DC |
1989 | __PACKAGE__->register_method ({ |
1990 | name => 'get_etc_hosts', | |
1991 | path => 'hosts', | |
1992 | method => 'GET', | |
1993 | proxyto => 'node', | |
1994 | protected => 1, | |
1995 | permissions => { | |
1996 | check => ['perm', '/', [ 'Sys.Audit' ]], | |
1997 | }, | |
1998 | description => "Get the content of /etc/hosts.", | |
1999 | parameters => { | |
2000 | additionalProperties => 0, | |
2001 | properties => { | |
2002 | node => get_standard_option('pve-node'), | |
2003 | }, | |
2004 | }, | |
2005 | returns => { | |
2006 | type => 'object', | |
2007 | properties => { | |
2008 | digest => get_standard_option('pve-config-digest'), | |
2009 | data => { | |
2010 | type => 'string', | |
2011 | description => 'The content of /etc/hosts.' | |
2012 | }, | |
2013 | }, | |
2014 | }, | |
2015 | code => sub { | |
2016 | my ($param) = @_; | |
2017 | ||
2018 | return PVE::INotify::read_file('etchosts'); | |
2019 | ||
2020 | }}); | |
2021 | ||
2022 | __PACKAGE__->register_method ({ | |
2023 | name => 'write_etc_hosts', | |
2024 | path => 'hosts', | |
2025 | method => 'POST', | |
2026 | proxyto => 'node', | |
2027 | protected => 1, | |
2028 | permissions => { | |
2029 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
2030 | }, | |
2031 | description => "Write /etc/hosts.", | |
2032 | parameters => { | |
2033 | additionalProperties => 0, | |
2034 | properties => { | |
2035 | node => get_standard_option('pve-node'), | |
2036 | digest => get_standard_option('pve-config-digest'), | |
2037 | data => { | |
2038 | type => 'string', | |
2039 | description => 'The target content of /etc/hosts.' | |
2040 | }, | |
2041 | }, | |
2042 | }, | |
2043 | returns => { | |
2044 | type => 'null', | |
2045 | }, | |
2046 | code => sub { | |
2047 | my ($param) = @_; | |
2048 | ||
2049 | PVE::Tools::lock_file('/var/lock/pve-etchosts.lck', undef, sub{ | |
2050 | if ($param->{digest}) { | |
2051 | my $hosts = PVE::INotify::read_file('etchosts'); | |
2052 | PVE::Tools::assert_if_modified($hosts->{digest}, $param->{digest}); | |
2053 | } | |
2054 | PVE::INotify::write_file('etchosts', $param->{data}); | |
2055 | }); | |
2056 | die $@ if $@; | |
2057 | ||
2058 | return undef; | |
2059 | }}); | |
2060 | ||
82282acf WL |
2061 | # bash completion helper |
2062 | ||
2063 | sub complete_templet_repo { | |
2064 | my ($cmdname, $pname, $cvalue) = @_; | |
2065 | ||
2066 | my $repo = PVE::APLInfo::load_data(); | |
2067 | my $res = []; | |
2068 | foreach my $templ (keys %{$repo->{all}}) { | |
2069 | next if $templ !~ m/^$cvalue/; | |
2070 | push @$res, $templ; | |
2071 | } | |
2072 | ||
2073 | return $res; | |
2074 | } | |
2075 | ||
aff192e6 DM |
2076 | package PVE::API2::Nodes; |
2077 | ||
2078 | use strict; | |
2079 | use warnings; | |
2080 | ||
2081 | use PVE::SafeSyslog; | |
2082 | use PVE::Cluster; | |
2083 | use PVE::RESTHandler; | |
2084 | use PVE::RPCEnvironment; | |
b193e4ac | 2085 | use PVE::API2Tools; |
f57cbe5d | 2086 | use PVE::JSONSchema qw(get_standard_option); |
aff192e6 DM |
2087 | |
2088 | use base qw(PVE::RESTHandler); | |
2089 | ||
2090 | __PACKAGE__->register_method ({ | |
f9d26e09 | 2091 | subclass => "PVE::API2::Nodes::Nodeinfo", |
aff192e6 DM |
2092 | path => '{node}', |
2093 | }); | |
2094 | ||
2095 | __PACKAGE__->register_method ({ | |
f9d26e09 TL |
2096 | name => 'index', |
2097 | path => '', | |
aff192e6 DM |
2098 | method => 'GET', |
2099 | permissions => { user => 'all' }, | |
2100 | description => "Cluster node index.", | |
2101 | parameters => { | |
2102 | additionalProperties => 0, | |
2103 | properties => {}, | |
2104 | }, | |
2105 | returns => { | |
2106 | type => 'array', | |
2107 | items => { | |
2108 | type => "object", | |
f57cbe5d DM |
2109 | properties => { |
2110 | node => get_standard_option('pve-node'), | |
2111 | status => { | |
2112 | description => "Node status.", | |
2113 | type => 'string', | |
2114 | enum => ['unknown', 'online', 'offline'], | |
2115 | }, | |
2116 | cpu => { | |
2117 | description => "CPU utilization.", | |
2118 | type => 'number', | |
2119 | optional => 1, | |
2120 | renderer => 'fraction_as_percentage', | |
2121 | }, | |
2122 | maxcpu => { | |
2123 | description => "Number of available CPUs.", | |
2124 | type => 'integer', | |
2125 | optional => 1, | |
2126 | }, | |
2127 | mem => { | |
2128 | description => "Used memory in bytes.", | |
2129 | type => 'string', | |
2130 | optional => 1, | |
2131 | renderer => 'bytes', | |
2132 | }, | |
2133 | maxmem => { | |
2134 | description => "Number of available memory in bytes.", | |
2135 | type => 'integer', | |
2136 | optional => 1, | |
2137 | renderer => 'bytes', | |
2138 | }, | |
2139 | level => { | |
2140 | description => "Support level.", | |
2141 | type => 'string', | |
2142 | optional => 1, | |
2143 | }, | |
2144 | uptime => { | |
2145 | description => "Node uptime in seconds.", | |
2146 | type => 'integer', | |
2147 | optional => 1, | |
2148 | renderer => 'duration', | |
2149 | }, | |
2150 | ssl_fingerprint => { | |
2151 | description => "The SSL fingerprint for the node certificate.", | |
2152 | type => 'string', | |
2153 | optional => 1, | |
2154 | }, | |
2155 | }, | |
aff192e6 | 2156 | }, |
b193e4ac | 2157 | links => [ { rel => 'child', href => "{node}" } ], |
aff192e6 DM |
2158 | }, |
2159 | code => sub { | |
2160 | my ($param) = @_; | |
f9d26e09 | 2161 | |
57d56896 TL |
2162 | my $rpcenv = PVE::RPCEnvironment::get(); |
2163 | my $authuser = $rpcenv->get_user(); | |
2164 | ||
aff192e6 DM |
2165 | my $clinfo = PVE::Cluster::get_clinfo(); |
2166 | my $res = []; | |
2167 | ||
b193e4ac DM |
2168 | my $nodelist = PVE::Cluster::get_nodelist(); |
2169 | my $members = PVE::Cluster::get_members(); | |
aff192e6 DM |
2170 | my $rrd = PVE::Cluster::rrd_dump(); |
2171 | ||
b193e4ac | 2172 | foreach my $node (@$nodelist) { |
57d56896 TL |
2173 | my $can_audit = $rpcenv->check($authuser, "/nodes/$node", [ 'Sys.Audit' ], 1); |
2174 | my $entry = PVE::API2Tools::extract_node_stats($node, $members, $rrd, !$can_audit); | |
16efab9e | 2175 | $entry->{ssl_fingerprint} = PVE::Cluster::get_node_fingerprint($node); |
aff192e6 DM |
2176 | push @$res, $entry; |
2177 | } | |
2178 | ||
2179 | return $res; | |
2180 | }}); | |
2181 | ||
2182 | 1; |