]> git.proxmox.com Git - qemu-server.git/blame - PVE/API2/Qemu.pm
projects / qemu-server.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 5.0-1
[qemu-server.git] / PVE / API2 / Qemu.pm
CommitLineData
1e3baf05
DM		 1package PVE::API2::Qemu;
2
3use strict;
4use warnings;
5b9d692a 5use Cwd 'abs_path';
451b2b81 6use Net::SSLeay;
47314bf5 7use UUID;
655d7462
WB		 8use POSIX;
9use IO::Socket::IP;
1e3baf05 10
502d18a2 11use PVE::Cluster qw (cfs_read_file cfs_write_file);;
1e3baf05
DM		 12use PVE::SafeSyslog;
13use PVE::Tools qw(extract_param);
f9bfceef 14use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
1e3baf05
DM		 15use PVE::Storage;
16use PVE::JSONSchema qw(get_standard_option);
17use PVE::RESTHandler;
ffda963f 18use PVE::QemuConfig;
1e3baf05 19use PVE::QemuServer;
3ea94c60 20use PVE::QemuMigrate;
1e3baf05
DM		 21use PVE::RPCEnvironment;
22use PVE::AccessControl;
23use PVE::INotify;
de8f60b2 24use PVE::Network;
e9abcde6 25use PVE::Firewall;
228a998b 26use PVE::API2::Firewall::VM;
9f11fc5f
WB		 27
28BEGIN {
29 if (!$ENV{PVE_GENERATING_DOCS}) {
30 require PVE::HA::Env::PVE2;
31 import PVE::HA::Env::PVE2;
32 require PVE::HA::Config;
33 import PVE::HA::Config;
34 }
35}
1e3baf05
DM		 36
37use Data::Dumper; # fixme: remove
38
39use base qw(PVE::RESTHandler);
40
41my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
42
43my $resolve_cdrom_alias = sub {
44 my $param = shift;
45
46 if (my $value = $param->{cdrom}) {
47 $value .= ",media=cdrom" if $value !~ m/media=/;
48 $param->{ide2} = $value;
49 delete $param->{cdrom};
50 }
51};
52
ae57f6b3 53my $check_storage_access = sub {
fcbb753e 54 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
a0d1b1a2 55
ae57f6b3
DM		 56 PVE::QemuServer::foreach_drive($settings, sub {
57 my ($ds, $drive) = @_;
a0d1b1a2 58
ae57f6b3 59 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
a0d1b1a2 60
ae57f6b3 61 my $volid = $drive->{file};
a0d1b1a2 62
09d0ee64
DM		 63 if (!$volid || $volid eq 'none') {
64 # nothing to check
f5782fd0
DM		 65 } elsif ($isCDROM && ($volid eq 'cdrom')) {
66 $rpcenv->check($authuser, "/", ['Sys.Console']);
09d0ee64 67 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
a0d1b1a2
DM		 68 my ($storeid, $size) = ($2 || $default_storage, $3);
69 die "no storage ID specified (and no default storage)\n" if !$storeid;
fcbb753e 70 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
a0d1b1a2 71 } else {
9bb3acf1 72 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
a0d1b1a2
DM		 73 }
74 });
ae57f6b3 75};
a0d1b1a2 76
9418baad 77my $check_storage_access_clone = sub {
81f043eb 78 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
6116f729 79
55173c6b
DM		 80 my $sharedvm = 1;
81
6116f729
DM		 82 PVE::QemuServer::foreach_drive($conf, sub {
83 my ($ds, $drive) = @_;
84
85 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
86
87 my $volid = $drive->{file};
88
89 return if !$volid || $volid eq 'none';
90
91 if ($isCDROM) {
92 if ($volid eq 'cdrom') {
93 $rpcenv->check($authuser, "/", ['Sys.Console']);
94 } else {
75466c4f 95 # we simply allow access
55173c6b
DM		 96 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
97 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
98 $sharedvm = 0 if !$scfg->{shared};
99
6116f729
DM		 100 }
101 } else {
55173c6b
DM		 102 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
103 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
104 $sharedvm = 0 if !$scfg->{shared};
105
81f043eb 106 $sid = $storage if $storage;
6116f729
DM		 107 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
108 }
109 });
55173c6b
DM		 110
111 return $sharedvm;
6116f729
DM		 112};
113
ae57f6b3
DM		 114# Note: $pool is only needed when creating a VM, because pool permissions
115# are automatically inherited if VM already exists inside a pool.
116my $create_disks = sub {
117 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
a0d1b1a2
DM		 118
119 my $vollist = [];
a0d1b1a2 120
ae57f6b3
DM		 121 my $res = {};
122 PVE::QemuServer::foreach_drive($settings, sub {
123 my ($ds, $disk) = @_;
124
125 my $volid = $disk->{file};
126
f5782fd0 127 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
628e9a2b
AD		 128 delete $disk->{size};
129 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
09d0ee64 130 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
ae57f6b3
DM		 131 my ($storeid, $size) = ($2 || $default_storage, $3);
132 die "no storage ID specified (and no default storage)\n" if !$storeid;
133 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
134 my $fmt = $disk->{format} || $defformat;
1a35631a
DC		 135
136 my $volid;
137 if ($ds eq 'efidisk0') {
138 # handle efidisk
139 my $ovmfvars = '/usr/share/kvm/OVMF_VARS-pure-efi.fd';
140 die "uefi vars image not found\n" if ! -f $ovmfvars;
141 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
142 $fmt, undef, 128);
143 $disk->{file} = $volid;
144 $disk->{size} = 128*1024;
145 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
146 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
147 my $qemufmt = PVE::QemuServer::qemu_img_format($scfg, $volname);
148 my $path = PVE::Storage::path($storecfg, $volid);
02daf96a 149 my $efidiskcmd = ['/usr/bin/qemu-img', 'convert', '-n', '-f', 'raw', '-O', $qemufmt];
1a35631a
DC		 150 push @$efidiskcmd, $ovmfvars;
151 push @$efidiskcmd, $path;
02daf96a
DC		 152
153 PVE::Storage::activate_volumes($storecfg, [$volid]);
154
1a35631a
DC		 155 eval { PVE::Tools::run_command($efidiskcmd); };
156 my $err = $@;
157 die "Copying of EFI Vars image failed: $err" if $err;
158 } else {
159 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
160 $fmt, undef, $size*1024*1024);
161 $disk->{file} = $volid;
162 $disk->{size} = $size*1024*1024*1024;
163 }
a0d1b1a2 164 push @$vollist, $volid;
ae57f6b3
DM		 165 delete $disk->{format}; # no longer needed
166 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
167 } else {
eabe0da0 168
9bb3acf1 169 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
75466c4f 170
7043d946 171 my $volid_is_new = 1;
35cb731c 172
7043d946
DM		 173 if ($conf->{$ds}) {
174 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
175 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
eabe0da0 176 }
75466c4f 177
d52b8b77 178 if ($volid_is_new) {
09a89895 179
7043d946
DM		 180 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
181
09a89895 182 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
d52b8b77
DM		 183
184 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
185
186 die "volume $volid does not exists\n" if !$size;
187
188 $disk->{size} = $size;
09a89895 189 }
24afaca0 190
24afaca0 191 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
a0d1b1a2 192 }
ae57f6b3 193 });
a0d1b1a2
DM		 194
195 # free allocated images on error
196 if (my $err = $@) {
197 syslog('err', "VM $vmid creating disks failed");
198 foreach my $volid (@$vollist) {
199 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
200 warn $@ if $@;
201 }
202 die $err;
203 }
204
205 # modify vm config if everything went well
ae57f6b3
DM		 206 foreach my $ds (keys %$res) {
207 $conf->{$ds} = $res->{$ds};
a0d1b1a2
DM		 208 }
209
210 return $vollist;
211};
212
58cb690b
DC		 213my $cpuoptions = {
214 'cores' => 1,
215 'cpu' => 1,
216 'cpulimit' => 1,
217 'cpuunits' => 1,
218 'numa' => 1,
219 'smp' => 1,
220 'sockets' => 1,
84b31f48 221 'vcpus' => 1,
58cb690b
DC		 222};
223
224my $memoryoptions = {
225 'memory' => 1,
226 'balloon' => 1,
227 'shares' => 1,
228};
229
230my $hwtypeoptions = {
231 'acpi' => 1,
232 'hotplug' => 1,
233 'kvm' => 1,
234 'machine' => 1,
235 'scsihw' => 1,
236 'smbios1' => 1,
237 'tablet' => 1,
238 'vga' => 1,
239 'watchdog' => 1,
240};
241
6bcacc21 242my $generaloptions = {
58cb690b
DC		 243 'agent' => 1,
244 'autostart' => 1,
245 'bios' => 1,
246 'description' => 1,
247 'keyboard' => 1,
248 'localtime' => 1,
249 'migrate_downtime' => 1,
250 'migrate_speed' => 1,
251 'name' => 1,
252 'onboot' => 1,
253 'ostype' => 1,
254 'protection' => 1,
255 'reboot' => 1,
256 'startdate' => 1,
257 'startup' => 1,
258 'tdf' => 1,
259 'template' => 1,
260};
261
262my $vmpoweroptions = {
263 'freeze' => 1,
264};
265
266my $diskoptions = {
267 'boot' => 1,
268 'bootdisk' => 1,
269};
270
a0d1b1a2 271my $check_vm_modify_config_perm = sub {
ae57f6b3 272 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
a0d1b1a2 273
6e5c4da7 274 return 1 if $authuser eq 'root@pam';
a0d1b1a2 275
ae57f6b3 276 foreach my $opt (@$key_list) {
a0d1b1a2 277 # disk checks need to be done somewhere else
74479ee9 278 next if PVE::QemuServer::is_valid_drivename($opt);
58cb690b 279 next if $opt eq 'cdrom';
63d269d7 280 next if $opt =~ m/^unused\d+$/;
a0d1b1a2 281
6bcacc21 282 if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
a0d1b1a2 283 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
58cb690b 284 } elsif ($memoryoptions->{$opt}) {
a0d1b1a2 285 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
58cb690b 286 } elsif ($hwtypeoptions->{$opt}) {
a0d1b1a2 287 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
6bcacc21 288 } elsif ($generaloptions->{$opt}) {
58cb690b
DC		 289 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
290 # special case for startup since it changes host behaviour
291 if ($opt eq 'startup') {
292 $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
293 }
294 } elsif ($vmpoweroptions->{$opt}) {
295 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
296 } elsif ($diskoptions->{$opt}) {
297 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
a0d1b1a2
DM		 298 } elsif ($opt =~ m/^net\d+$/) {
299 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
300 } else {
58cb690b
DC		 301 # catches usb\d+, hostpci\d+, args, lock, etc.
302 # new options will be checked here
303 die "only root can set '$opt' config\n";
a0d1b1a2
DM		 304 }
305 }
306
307 return 1;
308};
309
1e3baf05 310__PACKAGE__->register_method({
afdb31d5
DM		 311 name => 'vmlist',
312 path => '',
1e3baf05
DM		 313 method => 'GET',
314 description => "Virtual machine index (per node).",
a0d1b1a2
DM		 315 permissions => {
316 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
317 user => 'all',
318 },
1e3baf05
DM		 319 proxyto => 'node',
320 protected => 1, # qemu pid files are only readable by root
321 parameters => {
322 additionalProperties => 0,
323 properties => {
324 node => get_standard_option('pve-node'),
12612b09
WB		 325 full => {
326 type => 'boolean',
327 optional => 1,
328 description => "Determine the full status of active VMs.",
329 },
1e3baf05
DM		 330 },
331 },
332 returns => {
333 type => 'array',
334 items => {
335 type => "object",
336 properties => {},
337 },
338 links => [ { rel => 'child', href => "{vmid}" } ],
339 },
340 code => sub {
341 my ($param) = @_;
342
a0d1b1a2
DM		 343 my $rpcenv = PVE::RPCEnvironment::get();
344 my $authuser = $rpcenv->get_user();
345
12612b09 346 my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
1e3baf05 347
a0d1b1a2
DM		 348 my $res = [];
349 foreach my $vmid (keys %$vmstatus) {
350 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
351
352 my $data = $vmstatus->{$vmid};
184955dc 353 $data->{vmid} = int($vmid);
a0d1b1a2
DM		 354 push @$res, $data;
355 }
1e3baf05 356
a0d1b1a2 357 return $res;
1e3baf05
DM		 358 }});
359
d703d4c0 360
d703d4c0 361
1e3baf05 362__PACKAGE__->register_method({
afdb31d5
DM		 363 name => 'create_vm',
364 path => '',
1e3baf05 365 method => 'POST',
3e16d5fc 366 description => "Create or restore a virtual machine.",
a0d1b1a2 367 permissions => {
f9bfceef
DM		 368 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
369 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
370 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
371 user => 'all', # check inside
a0d1b1a2 372 },
1e3baf05
DM		 373 protected => 1,
374 proxyto => 'node',
375 parameters => {
376 additionalProperties => 0,
377 properties => PVE::QemuServer::json_config_properties(
378 {
379 node => get_standard_option('pve-node'),
65e866e5 380 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
3e16d5fc
DM		 381 archive => {
382 description => "The backup file.",
383 type => 'string',
384 optional => 1,
385 maxLength => 255,
65e866e5 386 completion => \&PVE::QemuServer::complete_backup_archives,
3e16d5fc
DM		 387 },
388 storage => get_standard_option('pve-storage-id', {
389 description => "Default storage.",
390 optional => 1,
335af808 391 completion => \&PVE::QemuServer::complete_storage,
3e16d5fc
DM		 392 }),
393 force => {
afdb31d5 394 optional => 1,
3e16d5fc
DM		 395 type => 'boolean',
396 description => "Allow to overwrite existing VM.",
51586c3a
DM		 397 requires => 'archive',
398 },
399 unique => {
afdb31d5 400 optional => 1,
51586c3a
DM		 401 type => 'boolean',
402 description => "Assign a unique random ethernet address.",
403 requires => 'archive',
3e16d5fc 404 },
75466c4f 405 pool => {
a0d1b1a2
DM		 406 optional => 1,
407 type => 'string', format => 'pve-poolid',
408 description => "Add the VM to the specified pool.",
409 },
1e3baf05
DM		 410 }),
411 },
afdb31d5 412 returns => {
5fdbe4f0
DM		 413 type => 'string',
414 },
1e3baf05
DM		 415 code => sub {
416 my ($param) = @_;
417
5fdbe4f0
DM		 418 my $rpcenv = PVE::RPCEnvironment::get();
419
a0d1b1a2 420 my $authuser = $rpcenv->get_user();
5fdbe4f0 421
1e3baf05
DM		 422 my $node = extract_param($param, 'node');
423
1e3baf05
DM		 424 my $vmid = extract_param($param, 'vmid');
425
3e16d5fc
DM		 426 my $archive = extract_param($param, 'archive');
427
428 my $storage = extract_param($param, 'storage');
429
51586c3a
DM		 430 my $force = extract_param($param, 'force');
431
432 my $unique = extract_param($param, 'unique');
75466c4f 433
a0d1b1a2 434 my $pool = extract_param($param, 'pool');
51586c3a 435
ffda963f 436 my $filename = PVE::QemuConfig->config_file($vmid);
afdb31d5
DM		 437
438 my $storecfg = PVE::Storage::config();
1e3baf05 439
3e16d5fc 440 PVE::Cluster::check_cfs_quorum();
1e3baf05 441
a0d1b1a2
DM		 442 if (defined($pool)) {
443 $rpcenv->check_pool_exist($pool);
75466c4f 444 }
a0d1b1a2 445
fcbb753e 446 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
a0d1b1a2
DM		 447 if defined($storage);
448
f9bfceef
DM		 449 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
450 # OK
451 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
452 # OK
453 } elsif ($archive && $force && (-f $filename) &&
454 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
455 # OK: user has VM.Backup permissions, and want to restore an existing VM
456 } else {
457 raise_perm_exc();
458 }
459
afdb31d5 460 if (!$archive) {
3e16d5fc 461 &$resolve_cdrom_alias($param);
1e3baf05 462
fcbb753e 463 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
ae57f6b3
DM		 464
465 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
466
3e16d5fc 467 foreach my $opt (keys %$param) {
74479ee9 468 if (PVE::QemuServer::is_valid_drivename($opt)) {
3e16d5fc
DM		 469 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
470 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
afdb31d5 471
3e16d5fc
DM		 472 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
473 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
474 }
1e3baf05 475 }
3e16d5fc
DM		 476
477 PVE::QemuServer::add_random_macs($param);
51586c3a
DM		 478 } else {
479 my $keystr = join(' ', keys %$param);
bc4dcb99
DM		 480 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
481
5b9d692a 482 if ($archive eq '-') {
afdb31d5 483 die "pipe requires cli environment\n"
d7810bc1 484 if $rpcenv->{type} ne 'cli';
5b9d692a 485 } else {
9bb3acf1 486 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive);
c9928b3d 487 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
971f27c4 488 }
1e3baf05
DM		 489 }
490
3e16d5fc 491 my $restorefn = sub {
4d8d55f1 492 my $vmlist = PVE::Cluster::get_vmlist();
4d8d55f1 493 if ($vmlist->{ids}->{$vmid}) {
0152058a
DM		 494 my $current_node = $vmlist->{ids}->{$vmid}->{node};
495 if ($current_node eq $node) {
ffda963f 496 my $conf = PVE::QemuConfig->load_config($vmid);
3e16d5fc 497
ffda963f 498 PVE::QemuConfig->check_protection($conf, "unable to restore VM $vmid");
3e16d5fc 499
4d8d55f1
AG		 500 die "unable to restore vm $vmid - config file already exists\n"
501 if !$force;
502
503 die "unable to restore vm $vmid - vm is running\n"
504 if PVE::QemuServer::check_running($vmid);
3a07a8a9
FG		 505
506 die "unable to restore vm $vmid - vm is a template\n"
507 if PVE::QemuConfig->is_template($conf);
508
4d8d55f1 509 } else {
0152058a 510 die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n";
4d8d55f1 511 }
3e16d5fc
DM		 512 }
513
514 my $realcmd = sub {
a0d1b1a2 515 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
51586c3a 516 storage => $storage,
a0d1b1a2 517 pool => $pool,
51586c3a 518 unique => $unique });
502d18a2 519
be517049 520 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
3e16d5fc
DM		 521 };
522
a0d1b1a2 523 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
3e16d5fc 524 };
1e3baf05 525
1e3baf05
DM		 526 my $createfn = sub {
527
191435c6 528 # test after locking
5f20325f 529 PVE::Cluster::check_vmid_unused($vmid);
1e3baf05 530
5fdbe4f0 531 my $realcmd = sub {
1e3baf05 532
5fdbe4f0 533 my $vollist = [];
1e3baf05 534
1858638f
DM		 535 my $conf = $param;
536
5fdbe4f0 537 eval {
ae57f6b3 538
1858638f 539 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
1e3baf05 540
5fdbe4f0 541 # try to be smart about bootdisk
74479ee9 542 my @disks = PVE::QemuServer::valid_drive_names();
5fdbe4f0
DM		 543 my $firstdisk;
544 foreach my $ds (reverse @disks) {
1858638f
DM		 545 next if !$conf->{$ds};
546 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
5fdbe4f0
DM		 547 next if PVE::QemuServer::drive_is_cdrom($disk);
548 $firstdisk = $ds;
549 }
1e3baf05 550
1858638f
DM		 551 if (!$conf->{bootdisk} && $firstdisk) {
552 $conf->{bootdisk} = $firstdisk;
5fdbe4f0 553 }
1e3baf05 554
47314bf5
DM		 555 # auto generate uuid if user did not specify smbios1 option
556 if (!$conf->{smbios1}) {
557 my ($uuid, $uuid_str);
558 UUID::generate($uuid);
559 UUID::unparse($uuid, $uuid_str);
560 $conf->{smbios1} = "uuid=$uuid_str";
561 }
562
ffda963f 563 PVE::QemuConfig->write_config($vmid, $conf);
ae9ca91d 564
5fdbe4f0
DM		 565 };
566 my $err = $@;
1e3baf05 567
5fdbe4f0
DM		 568 if ($err) {
569 foreach my $volid (@$vollist) {
570 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
571 warn $@ if $@;
572 }
573 die "create failed - $err";
574 }
502d18a2 575
be517049 576 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
5fdbe4f0
DM		 577 };
578
a0d1b1a2 579 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
5fdbe4f0
DM		 580 };
581
ffda963f 582 return PVE::QemuConfig->lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
1e3baf05
DM		 583 }});
584
585__PACKAGE__->register_method({
586 name => 'vmdiridx',
afdb31d5 587 path => '{vmid}',
1e3baf05
DM		 588 method => 'GET',
589 proxyto => 'node',
590 description => "Directory index",
a0d1b1a2
DM		 591 permissions => {
592 user => 'all',
593 },
1e3baf05
DM		 594 parameters => {
595 additionalProperties => 0,
596 properties => {
597 node => get_standard_option('pve-node'),
598 vmid => get_standard_option('pve-vmid'),
599 },
600 },
601 returns => {
602 type => 'array',
603 items => {
604 type => "object",
605 properties => {
606 subdir => { type => 'string' },
607 },
608 },
609 links => [ { rel => 'child', href => "{subdir}" } ],
610 },
611 code => sub {
612 my ($param) = @_;
613
614 my $res = [
615 { subdir => 'config' },
df2a2dbb 616 { subdir => 'pending' },
1e3baf05
DM		 617 { subdir => 'status' },
618 { subdir => 'unlink' },
619 { subdir => 'vncproxy' },
3ea94c60 620 { subdir => 'migrate' },
2f48a4f5 621 { subdir => 'resize' },
586bfa78 622 { subdir => 'move' },
1e3baf05
DM		 623 { subdir => 'rrd' },
624 { subdir => 'rrddata' },
91c94f0a 625 { subdir => 'monitor' },
d1a47427 626 { subdir => 'agent' },
7e7d7b61 627 { subdir => 'snapshot' },
288eeea8 628 { subdir => 'spiceproxy' },
7aa608d6 629 { subdir => 'sendkey' },
228a998b 630 { subdir => 'firewall' },
1e3baf05 631 ];
afdb31d5 632
1e3baf05
DM		 633 return $res;
634 }});
635
228a998b 636__PACKAGE__->register_method ({
f34ebd52 637 subclass => "PVE::API2::Firewall::VM",
228a998b
DM		 638 path => '{vmid}/firewall',
639});
640
1e3baf05 641__PACKAGE__->register_method({
afdb31d5
DM		 642 name => 'rrd',
643 path => '{vmid}/rrd',
1e3baf05
DM		 644 method => 'GET',
645 protected => 1, # fixme: can we avoid that?
646 permissions => {
378b359e 647 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1e3baf05
DM		 648 },
649 description => "Read VM RRD statistics (returns PNG)",
650 parameters => {
651 additionalProperties => 0,
652 properties => {
653 node => get_standard_option('pve-node'),
654 vmid => get_standard_option('pve-vmid'),
655 timeframe => {
656 description => "Specify the time frame you are interested in.",
657 type => 'string',
658 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
659 },
660 ds => {
661 description => "The list of datasources you want to display.",
662 type => 'string', format => 'pve-configid-list',
663 },
664 cf => {
665 description => "The RRD consolidation function",
666 type => 'string',
667 enum => [ 'AVERAGE', 'MAX' ],
668 optional => 1,
669 },
670 },
671 },
672 returns => {
673 type => "object",
674 properties => {
675 filename => { type => 'string' },
676 },
677 },
678 code => sub {
679 my ($param) = @_;
680
681 return PVE::Cluster::create_rrd_graph(
afdb31d5 682 "pve2-vm/$param->{vmid}", $param->{timeframe},
1e3baf05 683 $param->{ds}, $param->{cf});
afdb31d5 684
1e3baf05
DM		 685 }});
686
687__PACKAGE__->register_method({
afdb31d5
DM		 688 name => 'rrddata',
689 path => '{vmid}/rrddata',
1e3baf05
DM		 690 method => 'GET',
691 protected => 1, # fixme: can we avoid that?
692 permissions => {
378b359e 693 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1e3baf05
DM		 694 },
695 description => "Read VM RRD statistics",
696 parameters => {
697 additionalProperties => 0,
698 properties => {
699 node => get_standard_option('pve-node'),
700 vmid => get_standard_option('pve-vmid'),
701 timeframe => {
702 description => "Specify the time frame you are interested in.",
703 type => 'string',
704 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
705 },
706 cf => {
707 description => "The RRD consolidation function",
708 type => 'string',
709 enum => [ 'AVERAGE', 'MAX' ],
710 optional => 1,
711 },
712 },
713 },
714 returns => {
715 type => "array",
716 items => {
717 type => "object",
718 properties => {},
719 },
720 },
721 code => sub {
722 my ($param) = @_;
723
724 return PVE::Cluster::create_rrd_data(
725 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
726 }});
727
728
729__PACKAGE__->register_method({
afdb31d5
DM		 730 name => 'vm_config',
731 path => '{vmid}/config',
1e3baf05
DM		 732 method => 'GET',
733 proxyto => 'node',
1e7f2726 734 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
a0d1b1a2
DM		 735 permissions => {
736 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
737 },
1e3baf05
DM		 738 parameters => {
739 additionalProperties => 0,
740 properties => {
741 node => get_standard_option('pve-node'),
335af808 742 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
6d89b548
DM		 743 current => {
744 description => "Get current values (instead of pending values).",
745 optional => 1,
746 default => 0,
747 type => 'boolean',
748 },
1e3baf05
DM		 749 },
750 },
afdb31d5 751 returns => {
1e3baf05 752 type => "object",
554ac7e7
DM		 753 properties => {
754 digest => {
755 type => 'string',
756 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
757 }
758 },
1e3baf05
DM		 759 },
760 code => sub {
761 my ($param) = @_;
762
ffda963f 763 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1e3baf05 764
22c377f0 765 delete $conf->{snapshots};
6d89b548
DM		 766
767 if (!$param->{current}) {
025e1d90 768 foreach my $opt (keys %{$conf->{pending}}) {
6d89b548
DM		 769 next if $opt eq 'delete';
770 my $value = $conf->{pending}->{$opt};
771 next if ref($value); # just to be sure
772 $conf->{$opt} = $value;
773 }
1bc483f6
WB		 774 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
775 foreach my $opt (keys %$pending_delete_hash) {
6d89b548
DM		 776 delete $conf->{$opt} if $conf->{$opt};
777 }
778 }
779
1e7f2726 780 delete $conf->{pending};
22c377f0 781
1e3baf05
DM		 782 return $conf;
783 }});
784
1e7f2726
DM		 785__PACKAGE__->register_method({
786 name => 'vm_pending',
787 path => '{vmid}/pending',
788 method => 'GET',
789 proxyto => 'node',
790 description => "Get virtual machine configuration, including pending changes.",
791 permissions => {
792 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
793 },
794 parameters => {
795 additionalProperties => 0,
796 properties => {
797 node => get_standard_option('pve-node'),
335af808 798 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1e7f2726
DM		 799 },
800 },
801 returns => {
802 type => "array",
803 items => {
804 type => "object",
805 properties => {
806 key => {
807 description => "Configuration option name.",
808 type => 'string',
809 },
810 value => {
811 description => "Current value.",
812 type => 'string',
813 optional => 1,
814 },
815 pending => {
816 description => "Pending value.",
817 type => 'string',
818 optional => 1,
819 },
820 delete => {
1bc483f6
WB		 821 description => "Indicates a pending delete request if present and not 0. " .
822 "The value 2 indicates a force-delete request.",
823 type => 'integer',
824 minimum => 0,
825 maximum => 2,
1e7f2726
DM		 826 optional => 1,
827 },
828 },
829 },
830 },
831 code => sub {
832 my ($param) = @_;
833
ffda963f 834 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1e7f2726 835
1bc483f6 836 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
1e7f2726
DM		 837
838 my $res = [];
839
025e1d90 840 foreach my $opt (keys %$conf) {
1e7f2726
DM		 841 next if ref($conf->{$opt});
842 my $item = { key => $opt };
843 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
844 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
1bc483f6 845 $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
1e7f2726
DM		 846 push @$res, $item;
847 }
848
025e1d90 849 foreach my $opt (keys %{$conf->{pending}}) {
1e7f2726
DM		 850 next if $opt eq 'delete';
851 next if ref($conf->{pending}->{$opt}); # just to be sure
0e54e1c8 852 next if defined($conf->{$opt});
1e7f2726
DM		 853 my $item = { key => $opt };
854 $item->{pending} = $conf->{pending}->{$opt};
855 push @$res, $item;
856 }
857
1bc483f6 858 while (my ($opt, $force) = each %$pending_delete_hash) {
1e7f2726
DM		 859 next if $conf->{pending}->{$opt}; # just to be sure
860 next if $conf->{$opt};
1bc483f6 861 my $item = { key => $opt, delete => ($force ? 2 : 1)};
1e7f2726
DM		 862 push @$res, $item;
863 }
864
865 return $res;
866 }});
867
5555edea
DM		 868# POST/PUT {vmid}/config implementation
869#
870# The original API used PUT (idempotent) an we assumed that all operations
871# are fast. But it turned out that almost any configuration change can
872# involve hot-plug actions, or disk alloc/free. Such actions can take long
873# time to complete and have side effects (not idempotent).
874#
7043d946 875# The new implementation uses POST and forks a worker process. We added
5555edea 876# a new option 'background_delay'. If specified we wait up to
7043d946 877# 'background_delay' second for the worker task to complete. It returns null
5555edea 878# if the task is finished within that time, else we return the UPID.
7043d946 879
5555edea
DM		 880my $update_vm_api = sub {
881 my ($param, $sync) = @_;
a0d1b1a2 882
5555edea 883 my $rpcenv = PVE::RPCEnvironment::get();
1e3baf05 884
5555edea 885 my $authuser = $rpcenv->get_user();
1e3baf05 886
5555edea 887 my $node = extract_param($param, 'node');
1e3baf05 888
5555edea 889 my $vmid = extract_param($param, 'vmid');
1e3baf05 890
5555edea 891 my $digest = extract_param($param, 'digest');
1e3baf05 892
5555edea 893 my $background_delay = extract_param($param, 'background_delay');
1e3baf05 894
5555edea
DM		 895 my @paramarr = (); # used for log message
896 foreach my $key (keys %$param) {
c13e17d0 897 push @paramarr, "-$key", $param->{$key};
5555edea 898 }
0532bc63 899
5555edea
DM		 900 my $skiplock = extract_param($param, 'skiplock');
901 raise_param_exc({ skiplock => "Only root may use this option." })
902 if $skiplock && $authuser ne 'root@pam';
1e3baf05 903
5555edea 904 my $delete_str = extract_param($param, 'delete');
0532bc63 905
d3df8cf3
DM		 906 my $revert_str = extract_param($param, 'revert');
907
5555edea 908 my $force = extract_param($param, 'force');
1e68cb19 909
d3df8cf3 910 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
7bfdeb5f 911
5555edea 912 my $storecfg = PVE::Storage::config();
1e68cb19 913
5555edea 914 my $defaults = PVE::QemuServer::load_defaults();
1e68cb19 915
5555edea 916 &$resolve_cdrom_alias($param);
0532bc63 917
5555edea 918 # now try to verify all parameters
ae57f6b3 919
d3df8cf3
DM		 920 my $revert = {};
921 foreach my $opt (PVE::Tools::split_list($revert_str)) {
922 if (!PVE::QemuServer::option_exists($opt)) {
923 raise_param_exc({ revert => "unknown option '$opt'" });
924 }
925
926 raise_param_exc({ delete => "you can't use '-$opt' and " .
927 "-revert $opt' at the same time" })
928 if defined($param->{$opt});
929
930 $revert->{$opt} = 1;
931 }
932
5555edea
DM		 933 my @delete = ();
934 foreach my $opt (PVE::Tools::split_list($delete_str)) {
935 $opt = 'ide2' if $opt eq 'cdrom';
d3df8cf3 936
5555edea
DM		 937 raise_param_exc({ delete => "you can't use '-$opt' and " .
938 "-delete $opt' at the same time" })
939 if defined($param->{$opt});
7043d946 940
d3df8cf3
DM		 941 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
942 "-revert $opt' at the same time" })
943 if $revert->{$opt};
944
5555edea
DM		 945 if (!PVE::QemuServer::option_exists($opt)) {
946 raise_param_exc({ delete => "unknown option '$opt'" });
0532bc63 947 }
1e3baf05 948
5555edea
DM		 949 push @delete, $opt;
950 }
951
952 foreach my $opt (keys %$param) {
74479ee9 953 if (PVE::QemuServer::is_valid_drivename($opt)) {
5555edea
DM		 954 # cleanup drive path
955 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
f9091201 956 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
5555edea
DM		 957 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
958 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
959 } elsif ($opt =~ m/^net(\d+)$/) {
960 # add macaddr
961 my $net = PVE::QemuServer::parse_net($param->{$opt});
962 $param->{$opt} = PVE::QemuServer::print_net($net);
1e68cb19 963 }
5555edea 964 }
1e3baf05 965
5555edea 966 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
ae57f6b3 967
5555edea 968 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
ae57f6b3 969
5555edea 970 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
1e3baf05 971
5555edea 972 my $updatefn = sub {
1e3baf05 973
ffda963f 974 my $conf = PVE::QemuConfig->load_config($vmid);
1e3baf05 975
5555edea
DM		 976 die "checksum missmatch (file change by other user?)\n"
977 if $digest && $digest ne $conf->{digest};
978
ffda963f 979 PVE::QemuConfig->check_lock($conf) if !$skiplock;
7043d946 980
d3df8cf3
DM		 981 foreach my $opt (keys %$revert) {
982 if (defined($conf->{$opt})) {
983 $param->{$opt} = $conf->{$opt};
984 } elsif (defined($conf->{pending}->{$opt})) {
985 push @delete, $opt;
986 }
987 }
988
5555edea 989 if ($param->{memory} || defined($param->{balloon})) {
6ca8b698
DM		 990 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
991 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
7043d946 992
5555edea
DM		 993 die "balloon value too large (must be smaller than assigned memory)\n"
994 if $balloon && $balloon > $maxmem;
995 }
1e3baf05 996
5555edea 997 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
1e3baf05 998
5555edea 999 my $worker = sub {
7bfdeb5f 1000
5555edea 1001 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
c2a64aa7 1002
202d1f45
DM		 1003 # write updates to pending section
1004
3a11fadb
DM		 1005 my $modified = {}; # record what $option we modify
1006
202d1f45 1007 foreach my $opt (@delete) {
3a11fadb 1008 $modified->{$opt} = 1;
ffda963f 1009 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
202d1f45 1010 if ($opt =~ m/^unused/) {
202d1f45 1011 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
ffda963f 1012 PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
4d8d55f1 1013 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
3dc38fbb
WB		 1014 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
1015 delete $conf->{$opt};
ffda963f 1016 PVE::QemuConfig->write_config($vmid, $conf);
202d1f45 1017 }
74479ee9 1018 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
ffda963f 1019 PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
202d1f45 1020 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
055d554d 1021 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
202d1f45 1022 if defined($conf->{pending}->{$opt});
3dc38fbb 1023 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
ffda963f 1024 PVE::QemuConfig->write_config($vmid, $conf);
202d1f45 1025 } else {
3dc38fbb 1026 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
ffda963f 1027 PVE::QemuConfig->write_config($vmid, $conf);
202d1f45 1028 }
5d39a182 1029 }
1e3baf05 1030
202d1f45 1031 foreach my $opt (keys %$param) { # add/change
3a11fadb 1032 $modified->{$opt} = 1;
ffda963f 1033 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
202d1f45
DM		 1034 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1035
74479ee9 1036 if (PVE::QemuServer::is_valid_drivename($opt)) {
202d1f45
DM		 1037 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1038 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1039 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1040 } else {
1041 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1042 }
055d554d 1043 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
202d1f45
DM		 1044 if defined($conf->{pending}->{$opt});
1045
1046 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1047 } else {
1048 $conf->{pending}->{$opt} = $param->{$opt};
1049 }
055d554d 1050 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
ffda963f 1051 PVE::QemuConfig->write_config($vmid, $conf);
202d1f45
DM		 1052 }
1053
1054 # remove pending changes when nothing changed
ffda963f 1055 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
c750e90a 1056 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
ffda963f 1057 PVE::QemuConfig->write_config($vmid, $conf) if $changes;
202d1f45
DM		 1058
1059 return if !scalar(keys %{$conf->{pending}});
1060
7bfdeb5f 1061 my $running = PVE::QemuServer::check_running($vmid);
39001640
DM		 1062
1063 # apply pending changes
1064
ffda963f 1065 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
39001640 1066
3a11fadb
DM		 1067 if ($running) {
1068 my $errors = {};
1069 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1070 raise_param_exc($errors) if scalar(keys %$errors);
1071 } else {
1072 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
1073 }
1e68cb19 1074
915d3481 1075 return;
5d39a182
DM		 1076 };
1077
5555edea
DM		 1078 if ($sync) {
1079 &$worker();
1080 return undef;
1081 } else {
1082 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
fcdb0117 1083
5555edea
DM		 1084 if ($background_delay) {
1085
1086 # Note: It would be better to do that in the Event based HTTPServer
7043d946 1087 # to avoid blocking call to sleep.
5555edea
DM		 1088
1089 my $end_time = time() + $background_delay;
1090
1091 my $task = PVE::Tools::upid_decode($upid);
1092
1093 my $running = 1;
1094 while (time() < $end_time) {
1095 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1096 last if !$running;
1097 sleep(1); # this gets interrupted when child process ends
1098 }
1099
1100 if (!$running) {
1101 my $status = PVE::Tools::upid_read_status($upid);
1102 return undef if $status eq 'OK';
1103 die $status;
1104 }
7043d946 1105 }
5555edea
DM		 1106
1107 return $upid;
1108 }
1109 };
1110
ffda963f 1111 return PVE::QemuConfig->lock_config($vmid, $updatefn);
5555edea
DM		 1112};
1113
1114my $vm_config_perm_list = [
1115 'VM.Config.Disk',
1116 'VM.Config.CDROM',
1117 'VM.Config.CPU',
1118 'VM.Config.Memory',
1119 'VM.Config.Network',
1120 'VM.Config.HWType',
1121 'VM.Config.Options',
1122 ];
1123
1124__PACKAGE__->register_method({
1125 name => 'update_vm_async',
1126 path => '{vmid}/config',
1127 method => 'POST',
1128 protected => 1,
1129 proxyto => 'node',
1130 description => "Set virtual machine options (asynchrounous API).",
1131 permissions => {
1132 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1133 },
1134 parameters => {
1135 additionalProperties => 0,
1136 properties => PVE::QemuServer::json_config_properties(
1137 {
1138 node => get_standard_option('pve-node'),
1139 vmid => get_standard_option('pve-vmid'),
1140 skiplock => get_standard_option('skiplock'),
1141 delete => {
1142 type => 'string', format => 'pve-configid-list',
1143 description => "A list of settings you want to delete.",
1144 optional => 1,
1145 },
4c8365fa
DM		 1146 revert => {
1147 type => 'string', format => 'pve-configid-list',
1148 description => "Revert a pending change.",
1149 optional => 1,
1150 },
5555edea
DM		 1151 force => {
1152 type => 'boolean',
1153 description => $opt_force_description,
1154 optional => 1,
1155 requires => 'delete',
1156 },
1157 digest => {
1158 type => 'string',
1159 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1160 maxLength => 40,
1161 optional => 1,
1162 },
1163 background_delay => {
1164 type => 'integer',
1165 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1166 minimum => 1,
1167 maximum => 30,
1168 optional => 1,
1169 },
1170 }),
1171 },
1172 returns => {
1173 type => 'string',
1174 optional => 1,
1175 },
1176 code => $update_vm_api,
1177});
1178
1179__PACKAGE__->register_method({
1180 name => 'update_vm',
1181 path => '{vmid}/config',
1182 method => 'PUT',
1183 protected => 1,
1184 proxyto => 'node',
1185 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1186 permissions => {
1187 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1188 },
1189 parameters => {
1190 additionalProperties => 0,
1191 properties => PVE::QemuServer::json_config_properties(
1192 {
1193 node => get_standard_option('pve-node'),
335af808 1194 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
5555edea
DM		 1195 skiplock => get_standard_option('skiplock'),
1196 delete => {
1197 type => 'string', format => 'pve-configid-list',
1198 description => "A list of settings you want to delete.",
1199 optional => 1,
1200 },
4c8365fa
DM		 1201 revert => {
1202 type => 'string', format => 'pve-configid-list',
1203 description => "Revert a pending change.",
1204 optional => 1,
1205 },
5555edea
DM		 1206 force => {
1207 type => 'boolean',
1208 description => $opt_force_description,
1209 optional => 1,
1210 requires => 'delete',
1211 },
1212 digest => {
1213 type => 'string',
1214 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1215 maxLength => 40,
1216 optional => 1,
1217 },
1218 }),
1219 },
1220 returns => { type => 'null' },
1221 code => sub {
1222 my ($param) = @_;
1223 &$update_vm_api($param, 1);
1e3baf05 1224 return undef;
5555edea
DM		 1225 }
1226});
1e3baf05
DM		 1227
1228
1229__PACKAGE__->register_method({
afdb31d5
DM		 1230 name => 'destroy_vm',
1231 path => '{vmid}',
1e3baf05
DM		 1232 method => 'DELETE',
1233 protected => 1,
1234 proxyto => 'node',
1235 description => "Destroy the vm (also delete all used/owned volumes).",
a0d1b1a2
DM		 1236 permissions => {
1237 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1238 },
1e3baf05
DM		 1239 parameters => {
1240 additionalProperties => 0,
1241 properties => {
1242 node => get_standard_option('pve-node'),
335af808 1243 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3ea94c60 1244 skiplock => get_standard_option('skiplock'),
1e3baf05
DM		 1245 },
1246 },
afdb31d5 1247 returns => {
5fdbe4f0
DM		 1248 type => 'string',
1249 },
1e3baf05
DM		 1250 code => sub {
1251 my ($param) = @_;
1252
1253 my $rpcenv = PVE::RPCEnvironment::get();
1254
a0d1b1a2 1255 my $authuser = $rpcenv->get_user();
1e3baf05
DM		 1256
1257 my $vmid = $param->{vmid};
1258
1259 my $skiplock = $param->{skiplock};
afdb31d5 1260 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 1261 if $skiplock && $authuser ne 'root@pam';
1e3baf05 1262
5fdbe4f0 1263 # test if VM exists
ffda963f 1264 my $conf = PVE::QemuConfig->load_config($vmid);
5fdbe4f0 1265
afdb31d5 1266 my $storecfg = PVE::Storage::config();
1e3baf05 1267
ffda963f 1268 PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
cb0e4540 1269
952e3ac3
DM		 1270 die "unable to remove VM $vmid - used in HA resources\n"
1271 if PVE::HA::Config::vm_is_ha_managed($vmid);
e9f2f8e5 1272
db593da2
DM		 1273 # early tests (repeat after locking)
1274 die "VM $vmid is running - destroy failed\n"
1275 if PVE::QemuServer::check_running($vmid);
1276
5fdbe4f0 1277 my $realcmd = sub {
ff1a2432
DM		 1278 my $upid = shift;
1279
1280 syslog('info', "destroy VM $vmid: $upid\n");
1281
5fdbe4f0 1282 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
502d18a2 1283
37f43805 1284 PVE::AccessControl::remove_vm_access($vmid);
e9abcde6
AG		 1285
1286 PVE::Firewall::remove_vmfw_conf($vmid);
5fdbe4f0 1287 };
1e3baf05 1288
a0d1b1a2 1289 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1e3baf05
DM		 1290 }});
1291
1292__PACKAGE__->register_method({
afdb31d5
DM		 1293 name => 'unlink',
1294 path => '{vmid}/unlink',
1e3baf05
DM		 1295 method => 'PUT',
1296 protected => 1,
1297 proxyto => 'node',
1298 description => "Unlink/delete disk images.",
a0d1b1a2
DM		 1299 permissions => {
1300 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1301 },
1e3baf05
DM		 1302 parameters => {
1303 additionalProperties => 0,
1304 properties => {
1305 node => get_standard_option('pve-node'),
335af808 1306 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1e3baf05
DM		 1307 idlist => {
1308 type => 'string', format => 'pve-configid-list',
1309 description => "A list of disk IDs you want to delete.",
1310 },
1311 force => {
1312 type => 'boolean',
1313 description => $opt_force_description,
1314 optional => 1,
1315 },
1316 },
1317 },
1318 returns => { type => 'null'},
1319 code => sub {
1320 my ($param) = @_;
1321
1322 $param->{delete} = extract_param($param, 'idlist');
1323
1324 __PACKAGE__->update_vm($param);
1325
1326 return undef;
1327 }});
1328
1329my $sslcert;
1330
1331__PACKAGE__->register_method({
afdb31d5
DM		 1332 name => 'vncproxy',
1333 path => '{vmid}/vncproxy',
1e3baf05
DM		 1334 method => 'POST',
1335 protected => 1,
1336 permissions => {
378b359e 1337 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1e3baf05
DM		 1338 },
1339 description => "Creates a TCP VNC proxy connections.",
1340 parameters => {
1341 additionalProperties => 0,
1342 properties => {
1343 node => get_standard_option('pve-node'),
1344 vmid => get_standard_option('pve-vmid'),
b4d5c000
SP		 1345 websocket => {
1346 optional => 1,
1347 type => 'boolean',
1348 description => "starts websockify instead of vncproxy",
1349 },
1e3baf05
DM		 1350 },
1351 },
afdb31d5 1352 returns => {
1e3baf05
DM		 1353 additionalProperties => 0,
1354 properties => {
1355 user => { type => 'string' },
1356 ticket => { type => 'string' },
1357 cert => { type => 'string' },
1358 port => { type => 'integer' },
1359 upid => { type => 'string' },
1360 },
1361 },
1362 code => sub {
1363 my ($param) = @_;
1364
1365 my $rpcenv = PVE::RPCEnvironment::get();
1366
a0d1b1a2 1367 my $authuser = $rpcenv->get_user();
1e3baf05
DM		 1368
1369 my $vmid = $param->{vmid};
1370 my $node = $param->{node};
983d4582 1371 my $websocket = $param->{websocket};
1e3baf05 1372
ffda963f 1373 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
ef5e2be2 1374
b6f39da2
DM		 1375 my $authpath = "/vms/$vmid";
1376
a0d1b1a2 1377 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
b6f39da2 1378
1e3baf05
DM		 1379 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1380 if !$sslcert;
1381
af0eba7e 1382 my ($remip, $family);
ef5e2be2 1383 my $remcmd = [];
afdb31d5 1384
4f1be36c 1385 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
af0eba7e 1386 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
b4d5c000 1387 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
ef5e2be2 1388 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
af0eba7e
WB		 1389 } else {
1390 $family = PVE::Tools::get_host_address_family($node);
1e3baf05
DM		 1391 }
1392
af0eba7e
WB		 1393 my $port = PVE::Tools::next_vnc_port($family);
1394
afdb31d5 1395 my $timeout = 10;
1e3baf05
DM		 1396
1397 my $realcmd = sub {
1398 my $upid = shift;
1399
1400 syslog('info', "starting vnc proxy $upid\n");
1401
ef5e2be2 1402 my $cmd;
1e3baf05 1403
2dc23d72 1404 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
ef5e2be2 1405
983d4582 1406 die "Websocket mode is not supported in vga serial mode!" if $websocket;
b4d5c000 1407
ef5e2be2
DM		 1408 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1409 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1410 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
fa8ea931 1411 '-timeout', $timeout, '-authpath', $authpath,
ef5e2be2 1412 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
655d7462 1413 PVE::Tools::run_command($cmd);
ef5e2be2 1414 } else {
1e3baf05 1415
3e7567e0
DM		 1416 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1417
655d7462
WB		 1418 $cmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1419
1420 my $sock = IO::Socket::IP->new(
1421 Listen => 1,
1422 LocalPort => $port,
1423 Proto => 'tcp',
1424 GetAddrInfoFlags => 0,
1425 ) or die "failed to create socket: $!\n";
1426 # Inside the worker we shouldn't have any previous alarms
1427 # running anyway...:
1428 alarm(0);
1429 local $SIG{ALRM} = sub { die "connection timed out\n" };
1430 alarm $timeout;
1431 accept(my $cli, $sock) or die "connection failed: $!\n";
1432 close($sock);
1433 if (PVE::Tools::run_command($cmd,
1434 output => '>&'.fileno($cli),
1435 input => '<&'.fileno($cli),
1436 noerr => 1) != 0)
1437 {
1438 die "Failed to run vncproxy.\n";
1439 }
ef5e2be2 1440 }
1e3baf05 1441
1e3baf05
DM		 1442 return;
1443 };
1444
a0d1b1a2 1445 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1e3baf05 1446
3da85107
DM		 1447 PVE::Tools::wait_for_vnc_port($port);
1448
1e3baf05 1449 return {
a0d1b1a2 1450 user => $authuser,
1e3baf05 1451 ticket => $ticket,
afdb31d5
DM		 1452 port => $port,
1453 upid => $upid,
1454 cert => $sslcert,
1e3baf05
DM		 1455 };
1456 }});
1457
3e7567e0
DM		 1458__PACKAGE__->register_method({
1459 name => 'vncwebsocket',
1460 path => '{vmid}/vncwebsocket',
1461 method => 'GET',
3e7567e0 1462 permissions => {
c422ce93 1463 description => "You also need to pass a valid ticket (vncticket).",
3e7567e0
DM		 1464 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1465 },
4d00f52f 1466 description => "Opens a weksocket for VNC traffic.",
3e7567e0
DM		 1467 parameters => {
1468 additionalProperties => 0,
1469 properties => {
1470 node => get_standard_option('pve-node'),
1471 vmid => get_standard_option('pve-vmid'),
c422ce93
DM		 1472 vncticket => {
1473 description => "Ticket from previous call to vncproxy.",
1474 type => 'string',
1475 maxLength => 512,
1476 },
3e7567e0
DM		 1477 port => {
1478 description => "Port number returned by previous vncproxy call.",
1479 type => 'integer',
1480 minimum => 5900,
1481 maximum => 5999,
1482 },
1483 },
1484 },
1485 returns => {
1486 type => "object",
1487 properties => {
1488 port => { type => 'string' },
1489 },
1490 },
1491 code => sub {
1492 my ($param) = @_;
1493
1494 my $rpcenv = PVE::RPCEnvironment::get();
1495
1496 my $authuser = $rpcenv->get_user();
1497
1498 my $vmid = $param->{vmid};
1499 my $node = $param->{node};
1500
c422ce93
DM		 1501 my $authpath = "/vms/$vmid";
1502
1503 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1504
ffda963f 1505 my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
3e7567e0
DM		 1506
1507 # Note: VNC ports are acessible from outside, so we do not gain any
1508 # security if we verify that $param->{port} belongs to VM $vmid. This
1509 # check is done by verifying the VNC ticket (inside VNC protocol).
1510
1511 my $port = $param->{port};
f34ebd52 1512
3e7567e0
DM		 1513 return { port => $port };
1514 }});
1515
288eeea8
DM		 1516__PACKAGE__->register_method({
1517 name => 'spiceproxy',
1518 path => '{vmid}/spiceproxy',
78252ce7 1519 method => 'POST',
288eeea8 1520 protected => 1,
78252ce7 1521 proxyto => 'node',
288eeea8
DM		 1522 permissions => {
1523 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1524 },
1525 description => "Returns a SPICE configuration to connect to the VM.",
1526 parameters => {
1527 additionalProperties => 0,
1528 properties => {
1529 node => get_standard_option('pve-node'),
1530 vmid => get_standard_option('pve-vmid'),
dd25eecf 1531 proxy => get_standard_option('spice-proxy', { optional => 1 }),
288eeea8
DM		 1532 },
1533 },
dd25eecf 1534 returns => get_standard_option('remote-viewer-config'),
288eeea8
DM		 1535 code => sub {
1536 my ($param) = @_;
1537
1538 my $rpcenv = PVE::RPCEnvironment::get();
1539
1540 my $authuser = $rpcenv->get_user();
1541
1542 my $vmid = $param->{vmid};
1543 my $node = $param->{node};
fb6c7260 1544 my $proxy = $param->{proxy};
288eeea8 1545
ffda963f 1546 my $conf = PVE::QemuConfig->load_config($vmid, $node);
7f9e28e4
TL		 1547 my $title = "VM $vmid";
1548 $title .= " - ". $conf->{name} if $conf->{name};
288eeea8 1549
943340a6 1550 my $port = PVE::QemuServer::spice_port($vmid);
dd25eecf 1551
f34ebd52 1552 my ($ticket, undef, $remote_viewer_config) =
dd25eecf 1553 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
f34ebd52 1554
288eeea8
DM		 1555 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1556 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
f34ebd52 1557
dd25eecf 1558 return $remote_viewer_config;
288eeea8
DM		 1559 }});
1560
5fdbe4f0
DM		 1561__PACKAGE__->register_method({
1562 name => 'vmcmdidx',
afdb31d5 1563 path => '{vmid}/status',
5fdbe4f0
DM		 1564 method => 'GET',
1565 proxyto => 'node',
1566 description => "Directory index",
a0d1b1a2
DM		 1567 permissions => {
1568 user => 'all',
1569 },
5fdbe4f0
DM		 1570 parameters => {
1571 additionalProperties => 0,
1572 properties => {
1573 node => get_standard_option('pve-node'),
1574 vmid => get_standard_option('pve-vmid'),
1575 },
1576 },
1577 returns => {
1578 type => 'array',
1579 items => {
1580 type => "object",
1581 properties => {
1582 subdir => { type => 'string' },
1583 },
1584 },
1585 links => [ { rel => 'child', href => "{subdir}" } ],
1586 },
1587 code => sub {
1588 my ($param) = @_;
1589
1590 # test if VM exists
ffda963f 1591 my $conf = PVE::QemuConfig->load_config($param->{vmid});
5fdbe4f0
DM		 1592
1593 my $res = [
1594 { subdir => 'current' },
1595 { subdir => 'start' },
1596 { subdir => 'stop' },
1597 ];
afdb31d5 1598
5fdbe4f0
DM		 1599 return $res;
1600 }});
1601
1e3baf05 1602__PACKAGE__->register_method({
afdb31d5 1603 name => 'vm_status',
5fdbe4f0 1604 path => '{vmid}/status/current',
1e3baf05
DM		 1605 method => 'GET',
1606 proxyto => 'node',
1607 protected => 1, # qemu pid files are only readable by root
1608 description => "Get virtual machine status.",
a0d1b1a2
DM		 1609 permissions => {
1610 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1611 },
1e3baf05
DM		 1612 parameters => {
1613 additionalProperties => 0,
1614 properties => {
1615 node => get_standard_option('pve-node'),
1616 vmid => get_standard_option('pve-vmid'),
1617 },
1618 },
1619 returns => { type => 'object' },
1620 code => sub {
1621 my ($param) = @_;
1622
1623 # test if VM exists
ffda963f 1624 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1e3baf05 1625
03a33f30 1626 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
8610701a 1627 my $status = $vmstatus->{$param->{vmid}};
1e3baf05 1628
4d2a734e 1629 $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
8610701a 1630
86b8228b 1631 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
46246f04 1632
8610701a 1633 return $status;
1e3baf05
DM		 1634 }});
1635
1636__PACKAGE__->register_method({
afdb31d5 1637 name => 'vm_start',
5fdbe4f0
DM		 1638 path => '{vmid}/status/start',
1639 method => 'POST',
1e3baf05
DM		 1640 protected => 1,
1641 proxyto => 'node',
5fdbe4f0 1642 description => "Start virtual machine.",
a0d1b1a2
DM		 1643 permissions => {
1644 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1645 },
1e3baf05
DM		 1646 parameters => {
1647 additionalProperties => 0,
1648 properties => {
1649 node => get_standard_option('pve-node'),
ab5904f7
TL		 1650 vmid => get_standard_option('pve-vmid',
1651 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3ea94c60
DM		 1652 skiplock => get_standard_option('skiplock'),
1653 stateuri => get_standard_option('pve-qm-stateuri'),
7e8dcf2c 1654 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
2de2d6f7
TL		 1655 migration_type => {
1656 type => 'string',
1657 enum => ['secure', 'insecure'],
1658 description => "Migration traffic is encrypted using an SSH " .
1659 "tunnel by default. On secure, completely private networks " .
1660 "this can be disabled to increase performance.",
1661 optional => 1,
1662 },
1663 migration_network => {
29ddbe70 1664 type => 'string', format => 'CIDR',
2de2d6f7
TL		 1665 description => "CIDR of the (sub) network that is used for migration.",
1666 optional => 1,
1667 },
952958bc 1668 machine => get_standard_option('pve-qm-machine'),
2189246c 1669 targetstorage => {
bd2d5fe6 1670 description => "Target storage for the migration. (Can be '1' to use the same storage id as on the source node.)",
2189246c
AD		 1671 type => 'string',
1672 optional => 1
1673 }
1e3baf05
DM		 1674 },
1675 },
afdb31d5 1676 returns => {
5fdbe4f0
DM		 1677 type => 'string',
1678 },
1e3baf05
DM		 1679 code => sub {
1680 my ($param) = @_;
1681
1682 my $rpcenv = PVE::RPCEnvironment::get();
1683
a0d1b1a2 1684 my $authuser = $rpcenv->get_user();
1e3baf05
DM		 1685
1686 my $node = extract_param($param, 'node');
1687
1e3baf05
DM		 1688 my $vmid = extract_param($param, 'vmid');
1689
952958bc
DM		 1690 my $machine = extract_param($param, 'machine');
1691
3ea94c60 1692 my $stateuri = extract_param($param, 'stateuri');
afdb31d5 1693 raise_param_exc({ stateuri => "Only root may use this option." })
a0d1b1a2 1694 if $stateuri && $authuser ne 'root@pam';
3ea94c60 1695
1e3baf05 1696 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 1697 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 1698 if $skiplock && $authuser ne 'root@pam';
1e3baf05 1699
7e8dcf2c
AD		 1700 my $migratedfrom = extract_param($param, 'migratedfrom');
1701 raise_param_exc({ migratedfrom => "Only root may use this option." })
1702 if $migratedfrom && $authuser ne 'root@pam';
1703
2de2d6f7
TL		 1704 my $migration_type = extract_param($param, 'migration_type');
1705 raise_param_exc({ migration_type => "Only root may use this option." })
1706 if $migration_type && $authuser ne 'root@pam';
1707
1708 my $migration_network = extract_param($param, 'migration_network');
1709 raise_param_exc({ migration_network => "Only root may use this option." })
1710 if $migration_network && $authuser ne 'root@pam';
1711
2189246c
AD		 1712 my $targetstorage = extract_param($param, 'targetstorage');
1713 raise_param_exc({ targetstorage => "Only root may use this option." })
1714 if $targetstorage && $authuser ne 'root@pam';
1715
1716 raise_param_exc({ targetstorage => "targetstorage can only by used with migratedfrom." })
1717 if $targetstorage && !$migratedfrom;
1718
7c14dcae
DM		 1719 # read spice ticket from STDIN
1720 my $spice_ticket;
1721 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
a64d6146 1722 if (defined(my $line = <>)) {
760fb3c8
DM		 1723 chomp $line;
1724 $spice_ticket = $line;
1725 }
7c14dcae
DM		 1726 }
1727
98cbd0f4
WB		 1728 PVE::Cluster::check_cfs_quorum();
1729
afdb31d5 1730 my $storecfg = PVE::Storage::config();
5fdbe4f0 1731
2003f0f8 1732 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
cce37749 1733 $rpcenv->{type} ne 'ha') {
5fdbe4f0 1734
88fc87b4
DM		 1735 my $hacmd = sub {
1736 my $upid = shift;
5fdbe4f0 1737
c44291cd 1738 my $service = "vm:$vmid";
5fdbe4f0 1739
2a7e2b82 1740 my $cmd = ['ha-manager', 'set', $service, '--state', 'started'];
88fc87b4
DM		 1741
1742 print "Executing HA start for VM $vmid\n";
1743
1744 PVE::Tools::run_command($cmd);
1745
1746 return;
1747 };
1748
1749 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1750
1751 } else {
1752
1753 my $realcmd = sub {
1754 my $upid = shift;
1755
1756 syslog('info', "start VM $vmid: $upid\n");
1757
fa8ea931 1758 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
2189246c 1759 $machine, $spice_ticket, $migration_network, $migration_type, $targetstorage);
88fc87b4
DM		 1760
1761 return;
1762 };
5fdbe4f0 1763
88fc87b4
DM		 1764 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1765 }
5fdbe4f0
DM		 1766 }});
1767
1768__PACKAGE__->register_method({
afdb31d5 1769 name => 'vm_stop',
5fdbe4f0
DM		 1770 path => '{vmid}/status/stop',
1771 method => 'POST',
1772 protected => 1,
1773 proxyto => 'node',
346130b2 1774 description => "Stop virtual machine. The qemu process will exit immediately. This" .
d6c747ff 1775 "is akin to pulling the power plug of a running computer and may damage the VM data",
a0d1b1a2
DM		 1776 permissions => {
1777 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1778 },
5fdbe4f0
DM		 1779 parameters => {
1780 additionalProperties => 0,
1781 properties => {
1782 node => get_standard_option('pve-node'),
ab5904f7
TL		 1783 vmid => get_standard_option('pve-vmid',
1784 { completion => \&PVE::QemuServer::complete_vmid_running }),
5fdbe4f0 1785 skiplock => get_standard_option('skiplock'),
debe8882 1786 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
c6bb9502
DM		 1787 timeout => {
1788 description => "Wait maximal timeout seconds.",
1789 type => 'integer',
1790 minimum => 0,
1791 optional => 1,
254575e9
DM		 1792 },
1793 keepActive => {
94a17e1d 1794 description => "Do not deactivate storage volumes.",
254575e9
DM		 1795 type => 'boolean',
1796 optional => 1,
1797 default => 0,
c6bb9502 1798 }
5fdbe4f0
DM		 1799 },
1800 },
afdb31d5 1801 returns => {
5fdbe4f0
DM		 1802 type => 'string',
1803 },
1804 code => sub {
1805 my ($param) = @_;
1806
1807 my $rpcenv = PVE::RPCEnvironment::get();
1808
a0d1b1a2 1809 my $authuser = $rpcenv->get_user();
5fdbe4f0
DM		 1810
1811 my $node = extract_param($param, 'node');
1812
1813 my $vmid = extract_param($param, 'vmid');
1814
1815 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 1816 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 1817 if $skiplock && $authuser ne 'root@pam';
5fdbe4f0 1818
254575e9 1819 my $keepActive = extract_param($param, 'keepActive');
afdb31d5 1820 raise_param_exc({ keepActive => "Only root may use this option." })
a0d1b1a2 1821 if $keepActive && $authuser ne 'root@pam';
254575e9 1822
af30308f
DM		 1823 my $migratedfrom = extract_param($param, 'migratedfrom');
1824 raise_param_exc({ migratedfrom => "Only root may use this option." })
1825 if $migratedfrom && $authuser ne 'root@pam';
1826
1827
ff1a2432
DM		 1828 my $storecfg = PVE::Storage::config();
1829
2003f0f8 1830 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
5fdbe4f0 1831
88fc87b4
DM		 1832 my $hacmd = sub {
1833 my $upid = shift;
5fdbe4f0 1834
c44291cd 1835 my $service = "vm:$vmid";
c6bb9502 1836
e0feef86 1837 my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
88fc87b4
DM		 1838
1839 print "Executing HA stop for VM $vmid\n";
1840
1841 PVE::Tools::run_command($cmd);
5fdbe4f0 1842
88fc87b4
DM		 1843 return;
1844 };
1845
1846 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1847
1848 } else {
1849 my $realcmd = sub {
1850 my $upid = shift;
1851
1852 syslog('info', "stop VM $vmid: $upid\n");
1853
1854 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
af30308f 1855 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
88fc87b4
DM		 1856
1857 return;
1858 };
1859
1860 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1861 }
5fdbe4f0
DM		 1862 }});
1863
1864__PACKAGE__->register_method({
afdb31d5 1865 name => 'vm_reset',
5fdbe4f0
DM		 1866 path => '{vmid}/status/reset',
1867 method => 'POST',
1868 protected => 1,
1869 proxyto => 'node',
1870 description => "Reset virtual machine.",
a0d1b1a2
DM		 1871 permissions => {
1872 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1873 },
5fdbe4f0
DM		 1874 parameters => {
1875 additionalProperties => 0,
1876 properties => {
1877 node => get_standard_option('pve-node'),
ab5904f7
TL		 1878 vmid => get_standard_option('pve-vmid',
1879 { completion => \&PVE::QemuServer::complete_vmid_running }),
5fdbe4f0
DM		 1880 skiplock => get_standard_option('skiplock'),
1881 },
1882 },
afdb31d5 1883 returns => {
5fdbe4f0
DM		 1884 type => 'string',
1885 },
1886 code => sub {
1887 my ($param) = @_;
1888
1889 my $rpcenv = PVE::RPCEnvironment::get();
1890
a0d1b1a2 1891 my $authuser = $rpcenv->get_user();
5fdbe4f0
DM		 1892
1893 my $node = extract_param($param, 'node');
1894
1895 my $vmid = extract_param($param, 'vmid');
1896
1897 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 1898 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 1899 if $skiplock && $authuser ne 'root@pam';
5fdbe4f0 1900
ff1a2432
DM		 1901 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1902
5fdbe4f0
DM		 1903 my $realcmd = sub {
1904 my $upid = shift;
1905
1e3baf05 1906 PVE::QemuServer::vm_reset($vmid, $skiplock);
5fdbe4f0
DM		 1907
1908 return;
1909 };
1910
a0d1b1a2 1911 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
5fdbe4f0
DM		 1912 }});
1913
1914__PACKAGE__->register_method({
afdb31d5 1915 name => 'vm_shutdown',
5fdbe4f0
DM		 1916 path => '{vmid}/status/shutdown',
1917 method => 'POST',
1918 protected => 1,
1919 proxyto => 'node',
d6c747ff
EK		 1920 description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
1921 "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
a0d1b1a2
DM		 1922 permissions => {
1923 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1924 },
5fdbe4f0
DM		 1925 parameters => {
1926 additionalProperties => 0,
1927 properties => {
1928 node => get_standard_option('pve-node'),
ab5904f7
TL		 1929 vmid => get_standard_option('pve-vmid',
1930 { completion => \&PVE::QemuServer::complete_vmid_running }),
5fdbe4f0 1931 skiplock => get_standard_option('skiplock'),
c6bb9502
DM		 1932 timeout => {
1933 description => "Wait maximal timeout seconds.",
1934 type => 'integer',
1935 minimum => 0,
1936 optional => 1,
9269013a
DM		 1937 },
1938 forceStop => {
1939 description => "Make sure the VM stops.",
1940 type => 'boolean',
1941 optional => 1,
1942 default => 0,
254575e9
DM		 1943 },
1944 keepActive => {
94a17e1d 1945 description => "Do not deactivate storage volumes.",
254575e9
DM		 1946 type => 'boolean',
1947 optional => 1,
1948 default => 0,
c6bb9502 1949 }
5fdbe4f0
DM		 1950 },
1951 },
afdb31d5 1952 returns => {
5fdbe4f0
DM		 1953 type => 'string',
1954 },
1955 code => sub {
1956 my ($param) = @_;
1957
1958 my $rpcenv = PVE::RPCEnvironment::get();
1959
a0d1b1a2 1960 my $authuser = $rpcenv->get_user();
5fdbe4f0
DM		 1961
1962 my $node = extract_param($param, 'node');
1963
1964 my $vmid = extract_param($param, 'vmid');
1965
1966 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 1967 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 1968 if $skiplock && $authuser ne 'root@pam';
5fdbe4f0 1969
254575e9 1970 my $keepActive = extract_param($param, 'keepActive');
afdb31d5 1971 raise_param_exc({ keepActive => "Only root may use this option." })
a0d1b1a2 1972 if $keepActive && $authuser ne 'root@pam';
254575e9 1973
02d07cf5
DM		 1974 my $storecfg = PVE::Storage::config();
1975
89897367
DC		 1976 my $shutdown = 1;
1977
1978 # if vm is paused, do not shutdown (but stop if forceStop = 1)
1979 # otherwise, we will infer a shutdown command, but run into the timeout,
1980 # then when the vm is resumed, it will instantly shutdown
1981 #
1982 # checking the qmp status here to get feedback to the gui/cli/api
1983 # and the status query should not take too long
1984 my $qmpstatus;
1985 eval {
1986 $qmpstatus = PVE::QemuServer::vm_qmp_command($vmid, { execute => "query-status" }, 0);
1987 };
1988 my $err = $@ if $@;
1989
1990 if (!$err && $qmpstatus->{status} eq "paused") {
1991 if ($param->{forceStop}) {
1992 warn "VM is paused - stop instead of shutdown\n";
1993 $shutdown = 0;
1994 } else {
1995 die "VM is paused - cannot shutdown\n";
1996 }
1997 }
1998
ae849692
DM		 1999 if (PVE::HA::Config::vm_is_ha_managed($vmid) &&
2000 ($rpcenv->{type} ne 'ha')) {
5fdbe4f0 2001
ae849692
DM		 2002 my $hacmd = sub {
2003 my $upid = shift;
5fdbe4f0 2004
ae849692 2005 my $service = "vm:$vmid";
c6bb9502 2006
ae849692
DM		 2007 my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
2008
2009 print "Executing HA stop for VM $vmid\n";
2010
2011 PVE::Tools::run_command($cmd);
2012
2013 return;
2014 };
2015
2016 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
2017
2018 } else {
2019
2020 my $realcmd = sub {
2021 my $upid = shift;
2022
2023 syslog('info', "shutdown VM $vmid: $upid\n");
5fdbe4f0 2024
ae849692
DM		 2025 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
2026 $shutdown, $param->{forceStop}, $keepActive);
2027
2028 return;
2029 };
2030
2031 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
2032 }
5fdbe4f0
DM		 2033 }});
2034
2035__PACKAGE__->register_method({
afdb31d5 2036 name => 'vm_suspend',
5fdbe4f0
DM		 2037 path => '{vmid}/status/suspend',
2038 method => 'POST',
2039 protected => 1,
2040 proxyto => 'node',
2041 description => "Suspend virtual machine.",
a0d1b1a2
DM		 2042 permissions => {
2043 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2044 },
5fdbe4f0
DM		 2045 parameters => {
2046 additionalProperties => 0,
2047 properties => {
2048 node => get_standard_option('pve-node'),
ab5904f7
TL		 2049 vmid => get_standard_option('pve-vmid',
2050 { completion => \&PVE::QemuServer::complete_vmid_running }),
5fdbe4f0
DM		 2051 skiplock => get_standard_option('skiplock'),
2052 },
2053 },
afdb31d5 2054 returns => {
5fdbe4f0
DM		 2055 type => 'string',
2056 },
2057 code => sub {
2058 my ($param) = @_;
2059
2060 my $rpcenv = PVE::RPCEnvironment::get();
2061
a0d1b1a2 2062 my $authuser = $rpcenv->get_user();
5fdbe4f0
DM		 2063
2064 my $node = extract_param($param, 'node');
2065
2066 my $vmid = extract_param($param, 'vmid');
2067
2068 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 2069 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 2070 if $skiplock && $authuser ne 'root@pam';
5fdbe4f0 2071
ff1a2432
DM		 2072 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2073
5fdbe4f0
DM		 2074 my $realcmd = sub {
2075 my $upid = shift;
2076
2077 syslog('info', "suspend VM $vmid: $upid\n");
2078
1e3baf05 2079 PVE::QemuServer::vm_suspend($vmid, $skiplock);
5fdbe4f0
DM		 2080
2081 return;
2082 };
2083
a0d1b1a2 2084 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
5fdbe4f0
DM		 2085 }});
2086
2087__PACKAGE__->register_method({
afdb31d5 2088 name => 'vm_resume',
5fdbe4f0
DM		 2089 path => '{vmid}/status/resume',
2090 method => 'POST',
2091 protected => 1,
2092 proxyto => 'node',
2093 description => "Resume virtual machine.",
a0d1b1a2
DM		 2094 permissions => {
2095 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2096 },
5fdbe4f0
DM		 2097 parameters => {
2098 additionalProperties => 0,
2099 properties => {
2100 node => get_standard_option('pve-node'),
ab5904f7
TL		 2101 vmid => get_standard_option('pve-vmid',
2102 { completion => \&PVE::QemuServer::complete_vmid_running }),
5fdbe4f0 2103 skiplock => get_standard_option('skiplock'),
289e0b85
AD		 2104 nocheck => { type => 'boolean', optional => 1 },
2105
5fdbe4f0
DM		 2106 },
2107 },
afdb31d5 2108 returns => {
5fdbe4f0
DM		 2109 type => 'string',
2110 },
2111 code => sub {
2112 my ($param) = @_;
2113
2114 my $rpcenv = PVE::RPCEnvironment::get();
2115
a0d1b1a2 2116 my $authuser = $rpcenv->get_user();
5fdbe4f0
DM		 2117
2118 my $node = extract_param($param, 'node');
2119
2120 my $vmid = extract_param($param, 'vmid');
2121
2122 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 2123 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 2124 if $skiplock && $authuser ne 'root@pam';
5fdbe4f0 2125
289e0b85
AD		 2126 my $nocheck = extract_param($param, 'nocheck');
2127
2128 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid, $nocheck);
ff1a2432 2129
5fdbe4f0
DM		 2130 my $realcmd = sub {
2131 my $upid = shift;
2132
2133 syslog('info', "resume VM $vmid: $upid\n");
2134
289e0b85 2135 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
1e3baf05 2136
5fdbe4f0
DM		 2137 return;
2138 };
2139
a0d1b1a2 2140 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
5fdbe4f0
DM		 2141 }});
2142
2143__PACKAGE__->register_method({
afdb31d5 2144 name => 'vm_sendkey',
5fdbe4f0
DM		 2145 path => '{vmid}/sendkey',
2146 method => 'PUT',
2147 protected => 1,
2148 proxyto => 'node',
2149 description => "Send key event to virtual machine.",
a0d1b1a2
DM		 2150 permissions => {
2151 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2152 },
5fdbe4f0
DM		 2153 parameters => {
2154 additionalProperties => 0,
2155 properties => {
2156 node => get_standard_option('pve-node'),
ab5904f7
TL		 2157 vmid => get_standard_option('pve-vmid',
2158 { completion => \&PVE::QemuServer::complete_vmid_running }),
5fdbe4f0
DM		 2159 skiplock => get_standard_option('skiplock'),
2160 key => {
2161 description => "The key (qemu monitor encoding).",
2162 type => 'string'
2163 }
2164 },
2165 },
2166 returns => { type => 'null'},
2167 code => sub {
2168 my ($param) = @_;
2169
2170 my $rpcenv = PVE::RPCEnvironment::get();
2171
a0d1b1a2 2172 my $authuser = $rpcenv->get_user();
5fdbe4f0
DM		 2173
2174 my $node = extract_param($param, 'node');
2175
2176 my $vmid = extract_param($param, 'vmid');
2177
2178 my $skiplock = extract_param($param, 'skiplock');
afdb31d5 2179 raise_param_exc({ skiplock => "Only root may use this option." })
a0d1b1a2 2180 if $skiplock && $authuser ne 'root@pam';
5fdbe4f0
DM		 2181
2182 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2183
2184 return;
1e3baf05
DM		 2185 }});
2186
1ac0d2ee
AD		 2187__PACKAGE__->register_method({
2188 name => 'vm_feature',
2189 path => '{vmid}/feature',
2190 method => 'GET',
2191 proxyto => 'node',
75466c4f 2192 protected => 1,
1ac0d2ee
AD		 2193 description => "Check if feature for virtual machine is available.",
2194 permissions => {
2195 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2196 },
2197 parameters => {
2198 additionalProperties => 0,
2199 properties => {
2200 node => get_standard_option('pve-node'),
2201 vmid => get_standard_option('pve-vmid'),
2202 feature => {
2203 description => "Feature to check.",
2204 type => 'string',
7758ce86 2205 enum => [ 'snapshot', 'clone', 'copy' ],
1ac0d2ee
AD		 2206 },
2207 snapname => get_standard_option('pve-snapshot-name', {
2208 optional => 1,
2209 }),
2210 },
1ac0d2ee
AD		 2211 },
2212 returns => {
719893a9
DM		 2213 type => "object",
2214 properties => {
2215 hasFeature => { type => 'boolean' },
7043d946 2216 nodes => {
719893a9
DM		 2217 type => 'array',
2218 items => { type => 'string' },
2219 }
2220 },
1ac0d2ee
AD		 2221 },
2222 code => sub {
2223 my ($param) = @_;
2224
2225 my $node = extract_param($param, 'node');
2226
2227 my $vmid = extract_param($param, 'vmid');
2228
2229 my $snapname = extract_param($param, 'snapname');
2230
2231 my $feature = extract_param($param, 'feature');
2232
2233 my $running = PVE::QemuServer::check_running($vmid);
2234
ffda963f 2235 my $conf = PVE::QemuConfig->load_config($vmid);
1ac0d2ee
AD		 2236
2237 if($snapname){
2238 my $snap = $conf->{snapshots}->{$snapname};
2239 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2240 $conf = $snap;
2241 }
2242 my $storecfg = PVE::Storage::config();
2243
719893a9 2244 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
b2c9558d 2245 my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
7043d946 2246
719893a9
DM		 2247 return {
2248 hasFeature => $hasFeature,
2249 nodes => [ keys %$nodelist ],
7043d946 2250 };
1ac0d2ee
AD		 2251 }});
2252
6116f729 2253__PACKAGE__->register_method({
9418baad
DM		 2254 name => 'clone_vm',
2255 path => '{vmid}/clone',
6116f729
DM		 2256 method => 'POST',
2257 protected => 1,
2258 proxyto => 'node',
37329185 2259 description => "Create a copy of virtual machine/template.",
6116f729 2260 permissions => {
9418baad 2261 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
6116f729
DM		 2262 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2263 "'Datastore.AllocateSpace' on any used storage.",
75466c4f
DM		 2264 check =>
2265 [ 'and',
9418baad 2266 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
75466c4f 2267 [ 'or',
6116f729
DM		 2268 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2269 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2270 ],
2271 ]
2272 },
2273 parameters => {
2274 additionalProperties => 0,
2275 properties => {
6116f729 2276 node => get_standard_option('pve-node'),
335af808 2277 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
9418baad 2278 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
a60ab1a6
DM		 2279 name => {
2280 optional => 1,
2281 type => 'string', format => 'dns-name',
2282 description => "Set a name for the new VM.",
2283 },
2284 description => {
2285 optional => 1,
2286 type => 'string',
2287 description => "Description for the new VM.",
2288 },
75466c4f 2289 pool => {
6116f729
DM		 2290 optional => 1,
2291 type => 'string', format => 'pve-poolid',
2292 description => "Add the new VM to the specified pool.",
2293 },
9076d880 2294 snapname => get_standard_option('pve-snapshot-name', {
9076d880
DM		 2295 optional => 1,
2296 }),
81f043eb 2297 storage => get_standard_option('pve-storage-id', {
9418baad 2298 description => "Target storage for full clone.",
4e4f83fe 2299 requires => 'full',
81f043eb
AD		 2300 optional => 1,
2301 }),
55173c6b 2302 'format' => {
42a19c87
AD		 2303 description => "Target format for file storage.",
2304 requires => 'full',
2305 type => 'string',
2306 optional => 1,
55173c6b 2307 enum => [ 'raw', 'qcow2', 'vmdk'],
42a19c87 2308 },
6116f729
DM		 2309 full => {
2310 optional => 1,
55173c6b
DM		 2311 type => 'boolean',
2312 description => "Create a full copy of all disk. This is always done when " .
9418baad 2313 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
6116f729
DM		 2314 default => 0,
2315 },
75466c4f 2316 target => get_standard_option('pve-node', {
55173c6b
DM		 2317 description => "Target node. Only allowed if the original VM is on shared storage.",
2318 optional => 1,
2319 }),
2320 },
6116f729
DM		 2321 },
2322 returns => {
2323 type => 'string',
2324 },
2325 code => sub {
2326 my ($param) = @_;
2327
2328 my $rpcenv = PVE::RPCEnvironment::get();
2329
55173c6b 2330 my $authuser = $rpcenv->get_user();
6116f729
DM		 2331
2332 my $node = extract_param($param, 'node');
2333
2334 my $vmid = extract_param($param, 'vmid');
2335
2336 my $newid = extract_param($param, 'newid');
2337
6116f729
DM		 2338 my $pool = extract_param($param, 'pool');
2339
2340 if (defined($pool)) {
2341 $rpcenv->check_pool_exist($pool);
2342 }
2343
55173c6b 2344 my $snapname = extract_param($param, 'snapname');
9076d880 2345
81f043eb
AD		 2346 my $storage = extract_param($param, 'storage');
2347
42a19c87
AD		 2348 my $format = extract_param($param, 'format');
2349
55173c6b
DM		 2350 my $target = extract_param($param, 'target');
2351
2352 my $localnode = PVE::INotify::nodename();
2353
751cc556 2354 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
55173c6b
DM		 2355
2356 PVE::Cluster::check_node_exists($target) if $target;
2357
6116f729
DM		 2358 my $storecfg = PVE::Storage::config();
2359
4a5a2590
DM		 2360 if ($storage) {
2361 # check if storage is enabled on local node
2362 PVE::Storage::storage_check_enabled($storecfg, $storage);
2363 if ($target) {
2364 # check if storage is available on target node
2365 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2366 # clone only works if target storage is shared
2367 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2368 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2369 }
2370 }
2371
55173c6b 2372 PVE::Cluster::check_cfs_quorum();
6116f729 2373
4e4f83fe
DM		 2374 my $running = PVE::QemuServer::check_running($vmid) || 0;
2375
4e4f83fe
DM		 2376 # exclusive lock if VM is running - else shared lock is enough;
2377 my $shared_lock = $running ? 0 : 1;
2378
9418baad 2379 my $clonefn = sub {
6116f729 2380
829967a9
DM		 2381 # do all tests after lock
2382 # we also try to do all tests before we fork the worker
2383
ffda963f 2384 my $conf = PVE::QemuConfig->load_config($vmid);
6116f729 2385
ffda963f 2386 PVE::QemuConfig->check_lock($conf);
6116f729 2387
4e4f83fe 2388 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
6116f729 2389
4e4f83fe 2390 die "unexpected state change\n" if $verify_running != $running;
6116f729 2391
75466c4f
DM		 2392 die "snapshot '$snapname' does not exist\n"
2393 if $snapname && !defined( $conf->{snapshots}->{$snapname});
6116f729 2394
75466c4f 2395 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
9076d880 2396
9418baad 2397 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
6116f729 2398
9418baad 2399 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
75466c4f 2400
ffda963f 2401 my $conffile = PVE::QemuConfig->config_file($newid);
6116f729
DM		 2402
2403 die "unable to create VM $newid: config file already exists\n"
2404 if -f $conffile;
2405
9418baad 2406 my $newconf = { lock => 'clone' };
829967a9 2407 my $drives = {};
34456bf0 2408 my $fullclone = {};
829967a9
DM		 2409 my $vollist = [];
2410
2411 foreach my $opt (keys %$oldconf) {
2412 my $value = $oldconf->{$opt};
2413
2414 # do not copy snapshot related info
2415 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2416 $opt eq 'vmstate' || $opt eq 'snapstate';
2417
a78ea5df
WL		 2418 # no need to copy unused images, because VMID(owner) changes anyways
2419 next if $opt =~ m/^unused\d+$/;
2420
829967a9
DM		 2421 # always change MAC! address
2422 if ($opt =~ m/^net(\d+)$/) {
2423 my $net = PVE::QemuServer::parse_net($value);
b5b99790
WB		 2424 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
2425 $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
829967a9 2426 $newconf->{$opt} = PVE::QemuServer::print_net($net);
74479ee9 2427 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
1f1412d1
DM		 2428 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2429 die "unable to parse drive options for '$opt'\n" if !$drive;
829967a9
DM		 2430 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2431 $newconf->{$opt} = $value; # simply copy configuration
2432 } else {
64ff6fe4 2433 if ($param->{full}) {
2dd53043 2434 die "Full clone feature is not available"
dba198b0 2435 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
34456bf0 2436 $fullclone->{$opt} = 1;
64ff6fe4
SP		 2437 } else {
2438 # not full means clone instead of copy
2439 die "Linked clone feature is not available"
2440 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
dba198b0 2441 }
829967a9
DM		 2442 $drives->{$opt} = $drive;
2443 push @$vollist, $drive->{file};
2444 }
2445 } else {
2446 # copy everything else
2447 $newconf->{$opt} = $value;
2448 }
2449 }
2450
cd11416f
DM		 2451 # auto generate a new uuid
2452 my ($uuid, $uuid_str);
2453 UUID::generate($uuid);
2454 UUID::unparse($uuid, $uuid_str);
2455 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
f34ebd52 2456 $smbios1->{uuid} = $uuid_str;
cd11416f
DM		 2457 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2458
829967a9
DM		 2459 delete $newconf->{template};
2460
2461 if ($param->{name}) {
2462 $newconf->{name} = $param->{name};
2463 } else {
c55fee03
DM		 2464 if ($oldconf->{name}) {
2465 $newconf->{name} = "Copy-of-$oldconf->{name}";
2466 } else {
2467 $newconf->{name} = "Copy-of-VM-$vmid";
2468 }
829967a9 2469 }
2dd53043 2470
829967a9
DM		 2471 if ($param->{description}) {
2472 $newconf->{description} = $param->{description};
2473 }
2474
6116f729 2475 # create empty/temp config - this fails if VM already exists on other node
9418baad 2476 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
6116f729
DM		 2477
2478 my $realcmd = sub {
2479 my $upid = shift;
2480
b83e0181 2481 my $newvollist = [];
c6fdd002 2482 my $jobs = {};
6116f729 2483
b83e0181 2484 eval {
829967a9 2485 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
75466c4f 2486
eb15b9f0 2487 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
6116f729 2488
c6fdd002
AD		 2489 my $total_jobs = scalar(keys %{$drives});
2490 my $i = 1;
c6fdd002 2491
829967a9
DM		 2492 foreach my $opt (keys %$drives) {
2493 my $drive = $drives->{$opt};
3b4cf0f0 2494 my $skipcomplete = ($total_jobs != $i); # finish after last drive
2dd53043 2495
152fe752 2496 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
3b4cf0f0
WB		 2497 $newid, $storage, $format, $fullclone->{$opt}, $newvollist,
2498 $jobs, $skipcomplete, $oldconf->{agent});
00b095ca 2499
152fe752 2500 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2dd53043 2501
ffda963f 2502 PVE::QemuConfig->write_config($newid, $newconf);
c6fdd002 2503 $i++;
829967a9 2504 }
b83e0181
DM		 2505
2506 delete $newconf->{lock};
ffda963f 2507 PVE::QemuConfig->write_config($newid, $newconf);
55173c6b
DM		 2508
2509 if ($target) {
baca276d 2510 # always deactivate volumes - avoid lvm LVs to be active on several nodes
51eefb7e 2511 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
32acc380 2512 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
baca276d 2513
ffda963f 2514 my $newconffile = PVE::QemuConfig->config_file($newid, $target);
55173c6b
DM		 2515 die "Failed to move config to node '$target' - rename failed: $!\n"
2516 if !rename($conffile, $newconffile);
2517 }
d703d4c0 2518
be517049 2519 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
6116f729 2520 };
75466c4f 2521 if (my $err = $@) {
6116f729
DM		 2522 unlink $conffile;
2523
c6fdd002
AD		 2524 eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $jobs) };
2525
b83e0181
DM		 2526 sleep 1; # some storage like rbd need to wait before release volume - really?
2527
2528 foreach my $volid (@$newvollist) {
2529 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2530 warn $@ if $@;
2531 }
9418baad 2532 die "clone failed: $err";
6116f729
DM		 2533 }
2534
2535 return;
2536 };
2537
457010cc
AG		 2538 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2539
9418baad 2540 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
6116f729
DM		 2541 };
2542
ffda963f 2543 return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub {
6116f729 2544 # Aquire exclusive lock lock for $newid
ffda963f 2545 return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
6116f729
DM		 2546 });
2547
2548 }});
2549
586bfa78 2550__PACKAGE__->register_method({
43bc02a9
DM		 2551 name => 'move_vm_disk',
2552 path => '{vmid}/move_disk',
e2cd75fa 2553 method => 'POST',
586bfa78
AD		 2554 protected => 1,
2555 proxyto => 'node',
2556 description => "Move volume to different storage.",
2557 permissions => {
c07a9e3d
DM		 2558 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, and 'Datastore.AllocateSpace' permissions on the storage.",
2559 check => [ 'and',
2560 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2561 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2562 ],
586bfa78
AD		 2563 },
2564 parameters => {
2565 additionalProperties => 0,
c07a9e3d 2566 properties => {
586bfa78 2567 node => get_standard_option('pve-node'),
335af808 2568 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
586bfa78
AD		 2569 disk => {
2570 type => 'string',
2571 description => "The disk you want to move.",
74479ee9 2572 enum => [ PVE::QemuServer::valid_drive_names() ],
586bfa78 2573 },
335af808
DM		 2574 storage => get_standard_option('pve-storage-id', {
2575 description => "Target storage.",
2576 completion => \&PVE::QemuServer::complete_storage,
2577 }),
635c3c44 2578 'format' => {
586bfa78
AD		 2579 type => 'string',
2580 description => "Target Format.",
2581 enum => [ 'raw', 'qcow2', 'vmdk' ],
2582 optional => 1,
2583 },
70d45e33
DM		 2584 delete => {
2585 type => 'boolean',
2586 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2587 optional => 1,
2588 default => 0,
2589 },
586bfa78
AD		 2590 digest => {
2591 type => 'string',
2592 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2593 maxLength => 40,
2594 optional => 1,
2595 },
2596 },
2597 },
e2cd75fa
DM		 2598 returns => {
2599 type => 'string',
2600 description => "the task ID.",
2601 },
586bfa78
AD		 2602 code => sub {
2603 my ($param) = @_;
2604
2605 my $rpcenv = PVE::RPCEnvironment::get();
2606
2607 my $authuser = $rpcenv->get_user();
2608
2609 my $node = extract_param($param, 'node');
2610
2611 my $vmid = extract_param($param, 'vmid');
2612
2613 my $digest = extract_param($param, 'digest');
2614
2615 my $disk = extract_param($param, 'disk');
2616
2617 my $storeid = extract_param($param, 'storage');
2618
2619 my $format = extract_param($param, 'format');
2620
586bfa78
AD		 2621 my $storecfg = PVE::Storage::config();
2622
2623 my $updatefn = sub {
2624
ffda963f 2625 my $conf = PVE::QemuConfig->load_config($vmid);
586bfa78 2626
dcce9b46
FG		 2627 PVE::QemuConfig->check_lock($conf);
2628
586bfa78
AD		 2629 die "checksum missmatch (file change by other user?)\n"
2630 if $digest && $digest ne $conf->{digest};
586bfa78
AD		 2631
2632 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2633
2634 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2635
70d45e33 2636 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
586bfa78
AD		 2637
2638 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2639
e2cd75fa 2640 my $oldfmt;
70d45e33 2641 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
586bfa78
AD		 2642 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2643 $oldfmt = $1;
2644 }
2645
7043d946 2646 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
e2cd75fa 2647 (!$format || !$oldfmt || $oldfmt eq $format);
586bfa78 2648
9dbf9b54
FG		 2649 # this only checks snapshots because $disk is passed!
2650 my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid);
2651 die "you can't move a disk with snapshots and delete the source\n"
2652 if $snapshotted && $param->{delete};
2653
586bfa78
AD		 2654 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2655
2656 my $running = PVE::QemuServer::check_running($vmid);
e2cd75fa
DM		 2657
2658 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2659
586bfa78
AD		 2660 my $realcmd = sub {
2661
2662 my $newvollist = [];
2663
2664 eval {
2665 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2666
9dbf9b54
FG		 2667 warn "moving disk with snapshots, snapshots will not be moved!\n"
2668 if $snapshotted;
2669
e2cd75fa
DM		 2670 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2671 $vmid, $storeid, $format, 1, $newvollist);
2672
2673 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2674
8793d495 2675 PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
7043d946 2676
fbd7dcce
FG		 2677 # convert moved disk to base if part of template
2678 PVE::QemuServer::template_create($vmid, $conf, $disk)
2679 if PVE::QemuConfig->is_template($conf);
2680
ffda963f 2681 PVE::QemuConfig->write_config($vmid, $conf);
73272365 2682
f34ebd52 2683 eval {
73272365 2684 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
f34ebd52 2685 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
73272365
DM		 2686 if !$running;
2687 };
2688 warn $@ if $@;
586bfa78
AD		 2689 };
2690 if (my $err = $@) {
2691
2692 foreach my $volid (@$newvollist) {
2693 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2694 warn $@ if $@;
2695 }
2696 die "storage migration failed: $err";
2697 }
70d45e33
DM		 2698
2699 if ($param->{delete}) {
a3d0bafb
FG		 2700 eval {
2701 PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
2702 PVE::Storage::vdisk_free($storecfg, $old_volid);
2703 };
2704 warn $@ if $@;
70d45e33 2705 }
586bfa78
AD		 2706 };
2707
2708 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2709 };
e2cd75fa 2710
ffda963f 2711 return PVE::QemuConfig->lock_config($vmid, $updatefn);
586bfa78
AD		 2712 }});
2713
3ea94c60 2714__PACKAGE__->register_method({
afdb31d5 2715 name => 'migrate_vm',
3ea94c60
DM		 2716 path => '{vmid}/migrate',
2717 method => 'POST',
2718 protected => 1,
2719 proxyto => 'node',
2720 description => "Migrate virtual machine. Creates a new migration task.",
a0d1b1a2
DM		 2721 permissions => {
2722 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2723 },
3ea94c60
DM		 2724 parameters => {
2725 additionalProperties => 0,
2726 properties => {
2727 node => get_standard_option('pve-node'),
335af808
DM		 2728 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2729 target => get_standard_option('pve-node', {
2730 description => "Target node.",
2731 completion => \&PVE::Cluster::complete_migration_target,
2732 }),
3ea94c60
DM		 2733 online => {
2734 type => 'boolean',
2735 description => "Use online/live migration.",
2736 optional => 1,
2737 },
2738 force => {
2739 type => 'boolean',
2740 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2741 optional => 1,
2742 },
2de2d6f7
TL		 2743 migration_type => {
2744 type => 'string',
2745 enum => ['secure', 'insecure'],
c07a9e3d 2746 description => "Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.",
2de2d6f7
TL		 2747 optional => 1,
2748 },
2749 migration_network => {
c07a9e3d 2750 type => 'string', format => 'CIDR',
2de2d6f7
TL		 2751 description => "CIDR of the (sub) network that is used for migration.",
2752 optional => 1,
2753 },
56af7146
AD		 2754 "with-local-disks" => {
2755 type => 'boolean',
2756 description => "Enable live storage migration for local disk",
b74cad8a 2757 optional => 1,
56af7146
AD		 2758 },
2759 targetstorage => get_standard_option('pve-storage-id', {
2760 description => "Default target storage.",
2761 optional => 1,
2762 completion => \&PVE::QemuServer::complete_storage,
2763 }),
3ea94c60
DM		 2764 },
2765 },
afdb31d5 2766 returns => {
3ea94c60
DM		 2767 type => 'string',
2768 description => "the task ID.",
2769 },
2770 code => sub {
2771 my ($param) = @_;
2772
2773 my $rpcenv = PVE::RPCEnvironment::get();
2774
a0d1b1a2 2775 my $authuser = $rpcenv->get_user();
3ea94c60
DM		 2776
2777 my $target = extract_param($param, 'target');
2778
2779 my $localnode = PVE::INotify::nodename();
2780 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2781
2782 PVE::Cluster::check_cfs_quorum();
2783
2784 PVE::Cluster::check_node_exists($target);
2785
2786 my $targetip = PVE::Cluster::remote_node_ip($target);
2787
2788 my $vmid = extract_param($param, 'vmid');
2789
bd2d5fe6 2790 raise_param_exc({ targetstorage => "Live storage migration can only be done online." })
b74cad8a
AD		 2791 if !$param->{online} && $param->{targetstorage};
2792
afdb31d5 2793 raise_param_exc({ force => "Only root may use this option." })
a0d1b1a2 2794 if $param->{force} && $authuser ne 'root@pam';
3ea94c60 2795
2de2d6f7
TL		 2796 raise_param_exc({ migration_type => "Only root may use this option." })
2797 if $param->{migration_type} && $authuser ne 'root@pam';
2798
2799 # allow root only until better network permissions are available
2800 raise_param_exc({ migration_network => "Only root may use this option." })
2801 if $param->{migration_network} && $authuser ne 'root@pam';
2802
3ea94c60 2803 # test if VM exists
ffda963f 2804 my $conf = PVE::QemuConfig->load_config($vmid);
3ea94c60
DM		 2805
2806 # try to detect errors early
a5ed42d3 2807
ffda963f 2808 PVE::QemuConfig->check_lock($conf);
a5ed42d3 2809
3ea94c60 2810 if (PVE::QemuServer::check_running($vmid)) {
afdb31d5 2811 die "cant migrate running VM without --online\n"
3ea94c60
DM		 2812 if !$param->{online};
2813 }
2814
47152e2e 2815 my $storecfg = PVE::Storage::config();
22d646a7 2816 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
47152e2e 2817
2003f0f8 2818 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
3ea94c60 2819
88fc87b4
DM		 2820 my $hacmd = sub {
2821 my $upid = shift;
3ea94c60 2822
c44291cd 2823 my $service = "vm:$vmid";
88fc87b4 2824
2003f0f8 2825 my $cmd = ['ha-manager', 'migrate', $service, $target];
88fc87b4
DM		 2826
2827 print "Executing HA migrate for VM $vmid to node $target\n";
2828
2829 PVE::Tools::run_command($cmd);
2830
2831 return;
2832 };
2833
2834 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2835
2836 } else {
2837
2838 my $realcmd = sub {
2839 my $upid = shift;
2840
2841 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2842 };
2843
2844 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2845 }
3ea94c60 2846
3ea94c60 2847 }});
1e3baf05 2848
91c94f0a 2849__PACKAGE__->register_method({
afdb31d5
DM		 2850 name => 'monitor',
2851 path => '{vmid}/monitor',
91c94f0a
DM		 2852 method => 'POST',
2853 protected => 1,
2854 proxyto => 'node',
2855 description => "Execute Qemu monitor commands.",
a0d1b1a2 2856 permissions => {
a8f2f427 2857 description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')",
c07a9e3d 2858 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
a0d1b1a2 2859 },
91c94f0a
DM		 2860 parameters => {
2861 additionalProperties => 0,
2862 properties => {
2863 node => get_standard_option('pve-node'),
2864 vmid => get_standard_option('pve-vmid'),
2865 command => {
2866 type => 'string',
2867 description => "The monitor command.",
2868 }
2869 },
2870 },
2871 returns => { type => 'string'},
2872 code => sub {
2873 my ($param) = @_;
2874
a8f2f427
FG		 2875 my $rpcenv = PVE::RPCEnvironment::get();
2876 my $authuser = $rpcenv->get_user();
2877
2878 my $is_ro = sub {
2879 my $command = shift;
2880 return $command =~ m/^\s*info(\s+|$)/
2881 || $command =~ m/^\s*help\s*$/;
2882 };
2883
2884 $rpcenv->check_full($authuser, "/", ['Sys.Modify'])
2885 if !&$is_ro($param->{command});
2886
91c94f0a
DM		 2887 my $vmid = $param->{vmid};
2888
ffda963f 2889 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
91c94f0a
DM		 2890
2891 my $res = '';
2892 eval {
7b7c6d1b 2893 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
91c94f0a
DM		 2894 };
2895 $res = "ERROR: $@" if $@;
2896
2897 return $res;
2898 }});
2899
a5d5341c 2900my $guest_agent_commands = [
249d8fed
DM		 2901 'ping',
2902 'get-time',
2903 'info',
2904 'fsfreeze-status',
2905 'fsfreeze-freeze',
2906 'fsfreeze-thaw',
2907 'fstrim',
2908 'network-get-interfaces',
2909 'get-vcpus',
2910 'get-fsinfo',
2911 'get-memory-blocks',
2912 'get-memory-block-info',
2913 'suspend-hybrid',
2914 'suspend-ram',
2915 'suspend-disk',
2916 'shutdown',
a5d5341c
DM		 2917 ];
2918
d1a47427
WL		 2919__PACKAGE__->register_method({
2920 name => 'agent',
2921 path => '{vmid}/agent',
2922 method => 'POST',
2923 protected => 1,
2924 proxyto => 'node',
2925 description => "Execute Qemu Guest Agent commands.",
2926 permissions => {
2927 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2928 },
2929 parameters => {
2930 additionalProperties => 0,
2931 properties => {
2932 node => get_standard_option('pve-node'),
f38c5e27
DM		 2933 vmid => get_standard_option('pve-vmid', {
2934 completion => \&PVE::QemuServer::complete_vmid_running }),
d1a47427
WL		 2935 command => {
2936 type => 'string',
2937 description => "The QGA command.",
a5d5341c 2938 enum => $guest_agent_commands,
c07a9e3d 2939 },
d1a47427
WL		 2940 },
2941 },
57bdd459
DM		 2942 returns => {
2943 type => 'object',
2944 description => "Returns an object with a single `result` property. The type of that
2945property depends on the executed command.",
2946 },
d1a47427
WL		 2947 code => sub {
2948 my ($param) = @_;
2949
2950 my $vmid = $param->{vmid};
2951
2952 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
2953
d1a47427
WL		 2954 die "No Qemu Guest Agent\n" if !defined($conf->{agent});
2955 die "VM $vmid is not running\n" if !PVE::QemuServer::check_running($vmid);
2956
249d8fed
DM		 2957 my $cmd = $param->{command};
2958
2959 my $res = PVE::QemuServer::vm_mon_cmd($vmid, "guest-$cmd");
d1a47427 2960
57bdd459 2961 return { result => $res };
d1a47427
WL		 2962 }});
2963
0d02881c
AD		 2964__PACKAGE__->register_method({
2965 name => 'resize_vm',
614e3941 2966 path => '{vmid}/resize',
0d02881c
AD		 2967 method => 'PUT',
2968 protected => 1,
2969 proxyto => 'node',
2f48a4f5 2970 description => "Extend volume size.",
0d02881c 2971 permissions => {
3b2773f6 2972 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
0d02881c
AD		 2973 },
2974 parameters => {
2975 additionalProperties => 0,
2f48a4f5
DM		 2976 properties => {
2977 node => get_standard_option('pve-node'),
335af808 2978 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2f48a4f5
DM		 2979 skiplock => get_standard_option('skiplock'),
2980 disk => {
2981 type => 'string',
2982 description => "The disk you want to resize.",
74479ee9 2983 enum => [PVE::QemuServer::valid_drive_names()],
2f48a4f5
DM		 2984 },
2985 size => {
2986 type => 'string',
f91b2e45 2987 pattern => '\+?\d+(\.\d+)?[KMGT]?',
e248477e 2988 description => "The new size. With the `+` sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2f48a4f5
DM		 2989 },
2990 digest => {
2991 type => 'string',
2992 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2993 maxLength => 40,
2994 optional => 1,
2995 },
2996 },
0d02881c
AD		 2997 },
2998 returns => { type => 'null'},
2999 code => sub {
3000 my ($param) = @_;
3001
3002 my $rpcenv = PVE::RPCEnvironment::get();
3003
3004 my $authuser = $rpcenv->get_user();
3005
3006 my $node = extract_param($param, 'node');
3007
3008 my $vmid = extract_param($param, 'vmid');
3009
3010 my $digest = extract_param($param, 'digest');
3011
2f48a4f5 3012 my $disk = extract_param($param, 'disk');
75466c4f 3013
2f48a4f5 3014 my $sizestr = extract_param($param, 'size');
0d02881c 3015
f91b2e45 3016 my $skiplock = extract_param($param, 'skiplock');
0d02881c
AD		 3017 raise_param_exc({ skiplock => "Only root may use this option." })
3018 if $skiplock && $authuser ne 'root@pam';
3019
0d02881c
AD		 3020 my $storecfg = PVE::Storage::config();
3021
0d02881c
AD		 3022 my $updatefn = sub {
3023
ffda963f 3024 my $conf = PVE::QemuConfig->load_config($vmid);
0d02881c
AD		 3025
3026 die "checksum missmatch (file change by other user?)\n"
3027 if $digest && $digest ne $conf->{digest};
ffda963f 3028 PVE::QemuConfig->check_lock($conf) if !$skiplock;
0d02881c 3029
f91b2e45
DM		 3030 die "disk '$disk' does not exist\n" if !$conf->{$disk};
3031
3032 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
3033
d662790a
WL		 3034 my (undef, undef, undef, undef, undef, undef, $format) =
3035 PVE::Storage::parse_volname($storecfg, $drive->{file});
3036
3037 die "can't resize volume: $disk if snapshot exists\n"
3038 if %{$conf->{snapshots}} && $format eq 'qcow2';
3039
f91b2e45
DM		 3040 my $volid = $drive->{file};
3041
3042 die "disk '$disk' has no associated volume\n" if !$volid;
3043
3044 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
3045
3046 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
3047
3048 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
3049
b572a606 3050 PVE::Storage::activate_volumes($storecfg, [$volid]);
f91b2e45
DM		 3051 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
3052
3053 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
3054 my ($ext, $newsize, $unit) = ($1, $2, $4);
3055 if ($unit) {
3056 if ($unit eq 'K') {
3057 $newsize = $newsize * 1024;
3058 } elsif ($unit eq 'M') {
3059 $newsize = $newsize * 1024 * 1024;
3060 } elsif ($unit eq 'G') {
3061 $newsize = $newsize * 1024 * 1024 * 1024;
3062 } elsif ($unit eq 'T') {
3063 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
3064 }
3065 }
3066 $newsize += $size if $ext;
3067 $newsize = int($newsize);
3068
9a478b17 3069 die "shrinking disks is not supported\n" if $newsize < $size;
f91b2e45
DM		 3070
3071 return if $size == $newsize;
3072
2f48a4f5 3073 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
0d02881c 3074
f91b2e45 3075 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
75466c4f 3076
f91b2e45
DM		 3077 $drive->{size} = $newsize;
3078 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
3079
ffda963f 3080 PVE::QemuConfig->write_config($vmid, $conf);
f91b2e45 3081 };
0d02881c 3082
ffda963f 3083 PVE::QemuConfig->lock_config($vmid, $updatefn);
0d02881c
AD		 3084 return undef;
3085 }});
3086
9dbd1ee4 3087__PACKAGE__->register_method({
7e7d7b61 3088 name => 'snapshot_list',
9dbd1ee4 3089 path => '{vmid}/snapshot',
7e7d7b61
DM		 3090 method => 'GET',
3091 description => "List all snapshots.",
3092 permissions => {
3093 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
3094 },
3095 proxyto => 'node',
3096 protected => 1, # qemu pid files are only readable by root
3097 parameters => {
3098 additionalProperties => 0,
3099 properties => {
e261de40 3100 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
7e7d7b61
DM		 3101 node => get_standard_option('pve-node'),
3102 },
3103 },
3104 returns => {
3105 type => 'array',
3106 items => {
3107 type => "object",
3108 properties => {},
3109 },
3110 links => [ { rel => 'child', href => "{name}" } ],
3111 },
3112 code => sub {
3113 my ($param) = @_;
3114
6aa4651b
DM		 3115 my $vmid = $param->{vmid};
3116
ffda963f 3117 my $conf = PVE::QemuConfig->load_config($vmid);
7e7d7b61
DM		 3118 my $snaphash = $conf->{snapshots} || {};
3119
3120 my $res = [];
3121
3122 foreach my $name (keys %$snaphash) {
0ea6bc69 3123 my $d = $snaphash->{$name};
75466c4f
DM		 3124 my $item = {
3125 name => $name,
3126 snaptime => $d->{snaptime} || 0,
6aa4651b 3127 vmstate => $d->{vmstate} ? 1 : 0,
982c7f12
DM		 3128 description => $d->{description} || '',
3129 };
0ea6bc69 3130 $item->{parent} = $d->{parent} if $d->{parent};
3ee28e38 3131 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
0ea6bc69
DM		 3132 push @$res, $item;
3133 }
3134
6aa4651b
DM		 3135 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
3136 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
d1914468
DM		 3137 $current->{parent} = $conf->{parent} if $conf->{parent};
3138
3139 push @$res, $current;
7e7d7b61
DM		 3140
3141 return $res;
3142 }});
3143
3144__PACKAGE__->register_method({
3145 name => 'snapshot',
3146 path => '{vmid}/snapshot',
3147 method => 'POST',
9dbd1ee4
AD		 3148 protected => 1,
3149 proxyto => 'node',
3150 description => "Snapshot a VM.",
3151 permissions => {
f1baf1df 3152 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
9dbd1ee4
AD		 3153 },
3154 parameters => {
3155 additionalProperties => 0,
3156 properties => {
3157 node => get_standard_option('pve-node'),
335af808 3158 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
8abd398b 3159 snapname => get_standard_option('pve-snapshot-name'),
9dbd1ee4
AD		 3160 vmstate => {
3161 optional => 1,
3162 type => 'boolean',
3163 description => "Save the vmstate",
3164 },
782f4f75
DM		 3165 description => {
3166 optional => 1,
3167 type => 'string',
3168 description => "A textual description or comment.",
3169 },
9dbd1ee4
AD		 3170 },
3171 },
7e7d7b61
DM		 3172 returns => {
3173 type => 'string',
3174 description => "the task ID.",
3175 },
9dbd1ee4
AD		 3176 code => sub {
3177 my ($param) = @_;
3178
3179 my $rpcenv = PVE::RPCEnvironment::get();
3180
3181 my $authuser = $rpcenv->get_user();
3182
3183 my $node = extract_param($param, 'node');
3184
3185 my $vmid = extract_param($param, 'vmid');
3186
9dbd1ee4
AD		 3187 my $snapname = extract_param($param, 'snapname');
3188
d1914468
DM		 3189 die "unable to use snapshot name 'current' (reserved name)\n"
3190 if $snapname eq 'current';
3191
7e7d7b61 3192 my $realcmd = sub {
22c377f0 3193 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
b2c9558d 3194 PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
af9110dd 3195 $param->{description});
7e7d7b61
DM		 3196 };
3197
3198 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
3199 }});
3200
154ccdcd
DM		 3201__PACKAGE__->register_method({
3202 name => 'snapshot_cmd_idx',
3203 path => '{vmid}/snapshot/{snapname}',
3204 description => '',
3205 method => 'GET',
3206 permissions => {
3207 user => 'all',
3208 },
3209 parameters => {
3210 additionalProperties => 0,
3211 properties => {
3212 vmid => get_standard_option('pve-vmid'),
3213 node => get_standard_option('pve-node'),
8abd398b 3214 snapname => get_standard_option('pve-snapshot-name'),
154ccdcd
DM		 3215 },
3216 },
3217 returns => {
3218 type => 'array',
3219 items => {
3220 type => "object",
3221 properties => {},
3222 },
3223 links => [ { rel => 'child', href => "{cmd}" } ],
3224 },
3225 code => sub {
3226 my ($param) = @_;
3227
3228 my $res = [];
3229
3230 push @$res, { cmd => 'rollback' };
d788cea6 3231 push @$res, { cmd => 'config' };
154ccdcd
DM		 3232
3233 return $res;
3234 }});
3235
d788cea6
DM		 3236__PACKAGE__->register_method({
3237 name => 'update_snapshot_config',
3238 path => '{vmid}/snapshot/{snapname}/config',
3239 method => 'PUT',
3240 protected => 1,
3241 proxyto => 'node',
3242 description => "Update snapshot metadata.",
3243 permissions => {
3244 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3245 },
3246 parameters => {
3247 additionalProperties => 0,
3248 properties => {
3249 node => get_standard_option('pve-node'),
3250 vmid => get_standard_option('pve-vmid'),
3251 snapname => get_standard_option('pve-snapshot-name'),
3252 description => {
3253 optional => 1,
3254 type => 'string',
3255 description => "A textual description or comment.",
3256 },
3257 },
3258 },
3259 returns => { type => 'null' },
3260 code => sub {
3261 my ($param) = @_;
3262
3263 my $rpcenv = PVE::RPCEnvironment::get();
3264
3265 my $authuser = $rpcenv->get_user();
3266
3267 my $vmid = extract_param($param, 'vmid');
3268
3269 my $snapname = extract_param($param, 'snapname');
3270
3271 return undef if !defined($param->{description});
3272
3273 my $updatefn = sub {
3274
ffda963f 3275 my $conf = PVE::QemuConfig->load_config($vmid);
d788cea6 3276
ffda963f 3277 PVE::QemuConfig->check_lock($conf);
d788cea6
DM		 3278
3279 my $snap = $conf->{snapshots}->{$snapname};
3280
75466c4f
DM		 3281 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3282
d788cea6
DM		 3283 $snap->{description} = $param->{description} if defined($param->{description});
3284
ffda963f 3285 PVE::QemuConfig->write_config($vmid, $conf);
d788cea6
DM		 3286 };
3287
ffda963f 3288 PVE::QemuConfig->lock_config($vmid, $updatefn);
d788cea6
DM		 3289
3290 return undef;
3291 }});
3292
3293__PACKAGE__->register_method({
3294 name => 'get_snapshot_config',
3295 path => '{vmid}/snapshot/{snapname}/config',
3296 method => 'GET',
3297 proxyto => 'node',
3298 description => "Get snapshot configuration",
3299 permissions => {
3300 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3301 },
3302 parameters => {
3303 additionalProperties => 0,
3304 properties => {
3305 node => get_standard_option('pve-node'),
3306 vmid => get_standard_option('pve-vmid'),
3307 snapname => get_standard_option('pve-snapshot-name'),
3308 },
3309 },
3310 returns => { type => "object" },
3311 code => sub {
3312 my ($param) = @_;
3313
3314 my $rpcenv = PVE::RPCEnvironment::get();
3315
3316 my $authuser = $rpcenv->get_user();
3317
3318 my $vmid = extract_param($param, 'vmid');
3319
3320 my $snapname = extract_param($param, 'snapname');
3321
ffda963f 3322 my $conf = PVE::QemuConfig->load_config($vmid);
d788cea6
DM		 3323
3324 my $snap = $conf->{snapshots}->{$snapname};
3325
75466c4f
DM		 3326 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3327
d788cea6
DM		 3328 return $snap;
3329 }});
3330
7e7d7b61
DM		 3331__PACKAGE__->register_method({
3332 name => 'rollback',
154ccdcd 3333 path => '{vmid}/snapshot/{snapname}/rollback',
7e7d7b61
DM		 3334 method => 'POST',
3335 protected => 1,
3336 proxyto => 'node',
3337 description => "Rollback VM state to specified snapshot.",
3338 permissions => {
f1baf1df 3339 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
7e7d7b61
DM		 3340 },
3341 parameters => {
3342 additionalProperties => 0,
3343 properties => {
3344 node => get_standard_option('pve-node'),
335af808 3345 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
8abd398b 3346 snapname => get_standard_option('pve-snapshot-name'),
7e7d7b61
DM		 3347 },
3348 },
3349 returns => {
3350 type => 'string',
3351 description => "the task ID.",
3352 },
3353 code => sub {
3354 my ($param) = @_;
3355
3356 my $rpcenv = PVE::RPCEnvironment::get();
3357
3358 my $authuser = $rpcenv->get_user();
3359
3360 my $node = extract_param($param, 'node');
3361
3362 my $vmid = extract_param($param, 'vmid');
3363
3364 my $snapname = extract_param($param, 'snapname');
3365
7e7d7b61 3366 my $realcmd = sub {
22c377f0 3367 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
b2c9558d 3368 PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
7e7d7b61
DM		 3369 };
3370
3371 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3372 }});
3373
3374__PACKAGE__->register_method({
3375 name => 'delsnapshot',
3376 path => '{vmid}/snapshot/{snapname}',
3377 method => 'DELETE',
3378 protected => 1,
3379 proxyto => 'node',
3380 description => "Delete a VM snapshot.",
3381 permissions => {
f1baf1df 3382 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
7e7d7b61
DM		 3383 },
3384 parameters => {
3385 additionalProperties => 0,
3386 properties => {
3387 node => get_standard_option('pve-node'),
335af808 3388 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
8abd398b 3389 snapname => get_standard_option('pve-snapshot-name'),
3ee28e38
DM		 3390 force => {
3391 optional => 1,
3392 type => 'boolean',
3393 description => "For removal from config file, even if removing disk snapshots fails.",
3394 },
7e7d7b61
DM		 3395 },
3396 },
3397 returns => {
3398 type => 'string',
3399 description => "the task ID.",
3400 },
3401 code => sub {
3402 my ($param) = @_;
3403
3404 my $rpcenv = PVE::RPCEnvironment::get();
3405
3406 my $authuser = $rpcenv->get_user();
3407
3408 my $node = extract_param($param, 'node');
3409
3410 my $vmid = extract_param($param, 'vmid');
3411
3412 my $snapname = extract_param($param, 'snapname');
3413
7e7d7b61 3414 my $realcmd = sub {
22c377f0 3415 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
b2c9558d 3416 PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
7e7d7b61 3417 };
9dbd1ee4 3418
7b2257a8 3419 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
9dbd1ee4
AD		 3420 }});
3421
04a69bb4
AD		 3422__PACKAGE__->register_method({
3423 name => 'template',
3424 path => '{vmid}/template',
3425 method => 'POST',
3426 protected => 1,
3427 proxyto => 'node',
3428 description => "Create a Template.",
b02691d8 3429 permissions => {
7af0a6c8
DM		 3430 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3431 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
b02691d8 3432 },
04a69bb4
AD		 3433 parameters => {
3434 additionalProperties => 0,
3435 properties => {
3436 node => get_standard_option('pve-node'),
335af808 3437 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
04a69bb4
AD		 3438 disk => {
3439 optional => 1,
3440 type => 'string',
3441 description => "If you want to convert only 1 disk to base image.",
74479ee9 3442 enum => [PVE::QemuServer::valid_drive_names()],
04a69bb4
AD		 3443 },
3444
3445 },
3446 },
3447 returns => { type => 'null'},
3448 code => sub {
3449 my ($param) = @_;
3450
3451 my $rpcenv = PVE::RPCEnvironment::get();
3452
3453 my $authuser = $rpcenv->get_user();
3454
3455 my $node = extract_param($param, 'node');
3456
3457 my $vmid = extract_param($param, 'vmid');
3458
3459 my $disk = extract_param($param, 'disk');
3460
3461 my $updatefn = sub {
3462
ffda963f 3463 my $conf = PVE::QemuConfig->load_config($vmid);
04a69bb4 3464
ffda963f 3465 PVE::QemuConfig->check_lock($conf);
04a69bb4 3466
75466c4f 3467 die "unable to create template, because VM contains snapshots\n"
b91c2aae 3468 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
0402a80b 3469
75466c4f 3470 die "you can't convert a template to a template\n"
ffda963f 3471 if PVE::QemuConfig->is_template($conf) && !$disk;
0402a80b 3472
75466c4f 3473 die "you can't convert a VM to template if VM is running\n"
218cab9a 3474 if PVE::QemuServer::check_running($vmid);
35c5fdef 3475
04a69bb4
AD		 3476 my $realcmd = sub {
3477 PVE::QemuServer::template_create($vmid, $conf, $disk);
3478 };
04a69bb4 3479
75e7e997 3480 $conf->{template} = 1;
ffda963f 3481 PVE::QemuConfig->write_config($vmid, $conf);
75e7e997
DM		 3482
3483 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
04a69bb4
AD		 3484 };
3485
ffda963f 3486 PVE::QemuConfig->lock_config($vmid, $updatefn);
04a69bb4
AD		 3487 return undef;
3488 }});
3489
1e3baf05 34901;
Virtual Machine Manager