[pve-storage.git] / PVE / API2 / Storage / Config.pm

package PVE::API2::Storage::Config;

use strict;
use warnings;

use PVE::SafeSyslog;
use PVE::Tools qw(extract_param);
use PVE::Cluster qw(cfs_read_file cfs_write_file);
use PVE::Storage;
use PVE::Storage::Plugin;
use PVE::Storage::LVMPlugin;
use PVE::Storage::CIFSPlugin;
use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;

use PVE::RESTHandler;

use base qw(PVE::RESTHandler);

my @ctypes = qw(images vztmpl iso backup);

my $storage_type_enum = PVE::Storage::Plugin->lookup_types();

my $api_storage_config = sub {
    my ($cfg, $storeid) = @_;

    my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
    $scfg->{storage} = $storeid;
    $scfg->{digest} = $cfg->{digest};
    $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});

    if ($scfg->{nodes}) {
	$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
    }

    return $scfg;
};

__PACKAGE__->register_method ({
    name => 'index', 
    path => '',
    method => 'GET',
    description => "Storage index.",
    permissions => { 
	description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
	user => 'all',
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    type => { 
		description => "Only list storage of specific type",
		type => 'string', 
		enum => $storage_type_enum,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { storage => { type => 'string'} },
	},
	links => [ { rel => 'child', href => "{storage}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $cfg = PVE::Storage::config();

	my @sids = PVE::Storage::storage_ids($cfg);

	my $res = [];
	foreach my $storeid (@sids) {
	    my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
	    next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);

	    my $scfg = &$api_storage_config($cfg, $storeid);
	    next if $param->{type} && $param->{type} ne $scfg->{type};
	    push @$res, $scfg;
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'read', 
    path => '{storage}',
    method => 'GET',
    description => "Read storage configuration.",
    permissions => { 
	check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    storage => get_standard_option('pve-storage-id'),
	},
    },
    returns => { type => 'object' },
    code => sub {
	my ($param) = @_;

	my $cfg = PVE::Storage::config();

	return &$api_storage_config($cfg, $param->{storage});
    }});

__PACKAGE__->register_method ({
    name => 'create',
    protected => 1,
    path => '', 
    method => 'POST',
    description => "Create a new storage.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => PVE::Storage::Plugin->createSchema(),
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $type = extract_param($param, 'type');
	my $storeid = extract_param($param, 'storage');

	# revent an empty nodelist.
	# fix me in section config create never need an empty entity.
	delete $param->{nodes} if !$param->{nodes};

	my $password;
	# always extract pw, else it gets written to the www-data readable scfg
	if (my $tmp_pw = extract_param($param, 'password')) {
	    if ($type eq 'cifs' && $param->{username}) {
		$password = $tmp_pw;
	    } else {
		warn "ignore password parameter\n";
	    }
	}

	if ($param->{portal}) {
	    $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
	}

	my $plugin = PVE::Storage::Plugin->lookup($type);
	my $opts = $plugin->check_config($storeid, $param, 1, 1);

        PVE::Storage::lock_storage_config(
	    sub {

		my $cfg = PVE::Storage::config();

		if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
		    die "storage ID '$storeid' already defined\n";
		}

		$cfg->{ids}->{$storeid} = $opts;

		my $cred_file = undef;

		if ($type eq 'lvm' && $opts->{base}) {

		    my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});

		    my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
		    die "base storage ID '$baseid' does not exist\n" if !$basecfg;
       
		    # we only support iscsi for now
		    if (!($basecfg->{type} eq 'iscsi')) {
			die "unsupported base type '$basecfg->{type}'";
		    }

		    my $path = PVE::Storage::path($cfg, $opts->{base});

		    PVE::Storage::activate_storage($cfg, $baseid);

		    PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
		} elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
		    my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
		    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";

		    die "ceph authx keyring file for storage '$storeid' already exists!\n"
			if -e $ceph_storage_keyring;

		    eval {
			mkdir '/etc/pve/priv/ceph';
			PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
		    };
		    if (my $err = $@) {
			unlink $ceph_storage_keyring;
			die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
		    }
		} elsif ($type eq 'cifs' && defined($password)) {
		    # create a password file in /etc/pve/priv,
		    # this file is used as a cert_file at mount time.
		    $cred_file = PVE::Storage::CIFSPlugin::cifs_set_credentials($password, $storeid);
		}

		eval {
		    # try to activate if enabled on local node,
		    # we only do this to detect errors/problems sooner
		    if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
			PVE::Storage::activate_storage($cfg, $storeid);
		    }
		};
		if(my $err = $@) {
		    unlink $cred_file if defined($cred_file);
		    die $err;
		}

		PVE::Storage::write_config($cfg);
	    
	    }, "create storage failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'update',
    protected => 1,
    path => '{storage}',
    method => 'PUT',
    description => "Update storage configuration.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => PVE::Storage::Plugin->updateSchema(),
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $storeid = extract_param($param, 'storage');
	my $digest = extract_param($param, 'digest');

        PVE::Storage::lock_storage_config(
	 sub {

	    my $cfg = PVE::Storage::config();

	    PVE::SectionConfig::assert_if_modified($cfg, $digest);

	    my $scfg = PVE::Storage::storage_config($cfg, $storeid);

	    my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
	    my $opts = $plugin->check_config($storeid, $param, 0, 1);

	    foreach my $k (%$opts) {
		$scfg->{$k} = $opts->{$k};
	    }

	    PVE::Storage::write_config($cfg);

	    }, "update storage failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'delete',
    protected => 1,
    path => '{storage}', # /storage/config/{storage}
    method => 'DELETE',
    description => "Delete storage configuration.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => {
    	additionalProperties => 0,
	properties => { 
	    storage => get_standard_option('pve-storage-id', {
                completion => \&PVE::Storage::complete_storage,
            }),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $storeid = extract_param($param, 'storage');

        PVE::Storage::lock_storage_config(
	    sub {

		my $cfg = PVE::Storage::config();

		my $scfg = PVE::Storage::storage_config($cfg, $storeid);

		die "can't remove storage - storage is used as base of another storage\n"
		    if PVE::Storage::storage_is_used($cfg, $storeid);

		if ($scfg->{type} eq 'cifs')  {
		    my $cred_file = PVE::Storage::CIFSPlugin::cifs_cred_file_name($storeid);
		    if (-f $cred_file) {
			unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
		    }
		} elsif ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
		    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
		    if (-f $ceph_storage_keyring) {
			unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
		    }
		}

		delete $cfg->{ids}->{$storeid};

		PVE::Storage::write_config($cfg);

	    }, "delete storage failed");

	PVE::AccessControl::remove_storage_access($storeid);

	return undef;
    }});

1;
Commit	Line	Data
b6cf0a66 DM	1	package PVE::API2::Storage::Config;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::SafeSyslog;
1dc01b9f	7	use PVE::Tools qw(extract_param);
b6cf0a66 DM	8	use PVE::Cluster qw(cfs_read_file cfs_write_file);
b6cf0a66 DM	9	use PVE::Storage;
1dc01b9f	10	use PVE::Storage::Plugin;
304344ce	11	use PVE::Storage::LVMPlugin;
a9db2ca8	12	use PVE::Storage::CIFSPlugin;
b6cf0a66 DM	13	use HTTP::Status qw(:constants);
	14	use Storable qw(dclone);
	15	use PVE::JSONSchema qw(get_standard_option);
5f642f73	16	use PVE::RPCEnvironment;
b6cf0a66 DM	17
	18	use PVE::RESTHandler;
	19
	20	use base qw(PVE::RESTHandler);
	21
	22	my @ctypes = qw(images vztmpl iso backup);
	23
1dc01b9f	24	my $storage_type_enum = PVE::Storage::Plugin->lookup_types();
b6cf0a66 DM	25
	26	my $api_storage_config = sub {
	27	my ($cfg, $storeid) = @_;
	28
1dc01b9f	29	my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
b6cf0a66	30	$scfg->{storage} = $storeid;
b6cf0a66	31	$scfg->{digest} = $cfg->{digest};
1dc01b9f	32	$scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});
b6cf0a66 DM	33
b6cf0a66 DM	34	if ($scfg->{nodes}) {
1dc01b9f	35	$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
b6cf0a66 DM	36	}
	37
	38	return $scfg;
	39	};
	40
	41	__PACKAGE__->register_method ({
	42	name => 'index',
	43	path => '',
	44	method => 'GET',
	45	description => "Storage index.",
5f642f73 DM	46	permissions => {
	47	description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
	48	user => 'all',
	49	},
b6cf0a66 DM	50	parameters => {
	51	additionalProperties => 0,
	52	properties => {
	53	type => {
	54	description => "Only list storage of specific type",
	55	type => 'string',
	56	enum => $storage_type_enum,
	57	optional => 1,
	58	},
b6cf0a66 DM	59	},
	60	},
	61	returns => {
	62	type => 'array',
	63	items => {
	64	type => "object",
	65	properties => { storage => { type => 'string'} },
	66	},
	67	links => [ { rel => 'child', href => "{storage}" } ],
	68	},
	69	code => sub {
	70	my ($param) = @_;
	71
5f642f73 DM	72	my $rpcenv = PVE::RPCEnvironment::get();
	73	my $authuser = $rpcenv->get_user();
	74
83d7192f	75	my $cfg = PVE::Storage::config();
b6cf0a66	76
5f642f73	77	my @sids = PVE::Storage::storage_ids($cfg);
b6cf0a66 DM	78
	79	my $res = [];
	80	foreach my $storeid (@sids) {
5f642f73 DM	81	my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
	82	next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);
	83
b6cf0a66 DM	84	my $scfg = &$api_storage_config($cfg, $storeid);
	85	next if $param->{type} && $param->{type} ne $scfg->{type};
	86	push @$res, $scfg;
	87	}
	88
	89	return $res;
	90	}});
	91
	92	__PACKAGE__->register_method ({
	93	name => 'read',
	94	path => '{storage}',
	95	method => 'GET',
	96	description => "Read storage configuration.",
5f642f73 DM	97	permissions => {
	98	check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
	99	},
b6cf0a66 DM	100	parameters => {
	101	additionalProperties => 0,
	102	properties => {
	103	storage => get_standard_option('pve-storage-id'),
	104	},
	105	},
8b3d5c1f	106	returns => { type => 'object' },
b6cf0a66 DM	107	code => sub {
	108	my ($param) = @_;
	109
83d7192f	110	my $cfg = PVE::Storage::config();
b6cf0a66 DM	111
	112	return &$api_storage_config($cfg, $param->{storage});
	113	}});
	114
	115	__PACKAGE__->register_method ({
	116	name => 'create',
	117	protected => 1,
	118	path => '',
	119	method => 'POST',
	120	description => "Create a new storage.",
5f642f73 DM	121	permissions => {
	122	check => ['perm', '/storage', ['Datastore.Allocate']],
	123	},
1dc01b9f	124	parameters => PVE::Storage::Plugin->createSchema(),
b6cf0a66 DM	125	returns => { type => 'null' },
	126	code => sub {
	127	my ($param) = @_;
	128
1dc01b9f DM	129	my $type = extract_param($param, 'type');
1dc01b9f DM	130	my $storeid = extract_param($param, 'storage');
b6cf0a66	131
a4a9405d WL	132	# revent an empty nodelist.
	133	# fix me in section config create never need an empty entity.
	134	delete $param->{nodes} if !$param->{nodes};
	135
d7b70762 TL	136	my $password;
	137	# always extract pw, else it gets written to the www-data readable scfg
	138	if (my $tmp_pw = extract_param($param, 'password')) {
	139	if ($type eq 'cifs' && $param->{username}) {
	140	$password = $tmp_pw;
	141	} else {
	142	warn "ignore password parameter\n";
	143	}
	144	}
a4a9405d	145
b6cf0a66 DM	146	if ($param->{portal}) {
	147	$param->{portal} = PVE::Storage::resolv_portal($param->{portal});
	148	}
	149
1dc01b9f DM	150	my $plugin = PVE::Storage::Plugin->lookup($type);
1dc01b9f DM	151	my $opts = $plugin->check_config($storeid, $param, 1, 1);
b6cf0a66 DM	152
	153	PVE::Storage::lock_storage_config(
	154	sub {
	155
83d7192f	156	my $cfg = PVE::Storage::config();
b6cf0a66	157
1dc01b9f	158	if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
b6cf0a66 DM	159	die "storage ID '$storeid' already defined\n";
	160	}
	161
	162	$cfg->{ids}->{$storeid} = $opts;
	163
2d4404fc TL	164	my $cred_file = undef;
2d4404fc TL	165
b6cf0a66 DM	166	if ($type eq 'lvm' && $opts->{base}) {
b6cf0a66 DM	167
1dc01b9f	168	my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});
b6cf0a66 DM	169
	170	my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
	171	die "base storage ID '$baseid' does not exist\n" if !$basecfg;
	172
	173	# we only support iscsi for now
	174	if (!($basecfg->{type} eq 'iscsi')) {
	175	die "unsupported base type '$basecfg->{type}'";
	176	}
	177
1dc01b9f	178	my $path = PVE::Storage::path($cfg, $opts->{base});
b6cf0a66 DM	179
	180	PVE::Storage::activate_storage($cfg, $baseid);
	181
1dc01b9f	182	PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
5a39d0a1 FG	183	} elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
	184	my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
	185	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
	186
	187	die "ceph authx keyring file for storage '$storeid' already exists!\n"
	188	if -e $ceph_storage_keyring;
	189
	190	eval {
8143f490	191	mkdir '/etc/pve/priv/ceph';
5a39d0a1 FG	192	PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
	193	};
	194	if (my $err = $@) {
	195	unlink $ceph_storage_keyring;
	196	die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
	197	}
2d4404fc TL	198	} elsif ($type eq 'cifs' && defined($password)) {
	199	# create a password file in /etc/pve/priv,
	200	# this file is used as a cert_file at mount time.
	201	$cred_file = PVE::Storage::CIFSPlugin::cifs_set_credentials($password, $storeid);
b6cf0a66	202	}
a4a9405d WL	203
	204	eval {
	205	# try to activate if enabled on local node,
	206	# we only do this to detect errors/problems sooner
	207	if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
	208	PVE::Storage::activate_storage($cfg, $storeid);
	209	}
	210	};
	211	if(my $err = $@) {
	212	unlink $cred_file if defined($cred_file);
	213	die $err;
b6cf0a66 DM	214	}
b6cf0a66 DM	215
83d7192f	216	PVE::Storage::write_config($cfg);
b6cf0a66 DM	217
	218	}, "create storage failed");
	219
1dc01b9f	220	return undef;
b6cf0a66 DM	221	}});
	222
	223	__PACKAGE__->register_method ({
	224	name => 'update',
	225	protected => 1,
	226	path => '{storage}',
	227	method => 'PUT',
	228	description => "Update storage configuration.",
5f642f73 DM	229	permissions => {
	230	check => ['perm', '/storage', ['Datastore.Allocate']],
	231	},
1dc01b9f	232	parameters => PVE::Storage::Plugin->updateSchema(),
b6cf0a66 DM	233	returns => { type => 'null' },
	234	code => sub {
	235	my ($param) = @_;
	236
1dc01b9f DM	237	my $storeid = extract_param($param, 'storage');
1dc01b9f DM	238	my $digest = extract_param($param, 'digest');
b6cf0a66 DM	239
	240	PVE::Storage::lock_storage_config(
	241	sub {
	242
83d7192f	243	my $cfg = PVE::Storage::config();
b6cf0a66	244
1dc01b9f	245	PVE::SectionConfig::assert_if_modified($cfg, $digest);
b6cf0a66	246
1dc01b9f	247	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
b6cf0a66	248
1dc01b9f DM	249	my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
1dc01b9f DM	250	my $opts = $plugin->check_config($storeid, $param, 0, 1);
b6cf0a66 DM	251
	252	foreach my $k (%$opts) {
	253	$scfg->{$k} = $opts->{$k};
	254	}
	255
83d7192f	256	PVE::Storage::write_config($cfg);
b6cf0a66 DM	257
	258	}, "update storage failed");
	259
	260	return undef;
	261	}});
	262
	263	__PACKAGE__->register_method ({
	264	name => 'delete',
	265	protected => 1,
	266	path => '{storage}', # /storage/config/{storage}
	267	method => 'DELETE',
	268	description => "Delete storage configuration.",
5f642f73 DM	269	permissions => {
	270	check => ['perm', '/storage', ['Datastore.Allocate']],
	271	},
b6cf0a66 DM	272	parameters => {
	273	additionalProperties => 0,
	274	properties => {
f3bd890d DM	275	storage => get_standard_option('pve-storage-id', {
	276	completion => \&PVE::Storage::complete_storage,
	277	}),
b6cf0a66 DM	278	},
	279	},
	280	returns => { type => 'null' },
	281	code => sub {
	282	my ($param) = @_;
	283
1dc01b9f DM	284	my $storeid = extract_param($param, 'storage');
1dc01b9f DM	285
b6cf0a66 DM	286	PVE::Storage::lock_storage_config(
	287	sub {
	288
83d7192f	289	my $cfg = PVE::Storage::config();
b6cf0a66	290
5a39d0a1	291	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
402df80b	292
b6cf0a66	293	die "can't remove storage - storage is used as base of another storage\n"
1dc01b9f	294	if PVE::Storage::storage_is_used($cfg, $storeid);
b6cf0a66	295
fa1b42dd	296	if ($scfg->{type} eq 'cifs') {
566639d5	297	my $cred_file = PVE::Storage::CIFSPlugin::cifs_cred_file_name($storeid);
fa1b42dd DM	298	if (-f $cred_file) {
	299	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
	300	}
	301	} elsif ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
5a39d0a1 FG	302	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
	303	if (-f $ceph_storage_keyring) {
	304	unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
	305	}
	306	}
	307
1dc01b9f	308	delete $cfg->{ids}->{$storeid};
b6cf0a66	309
83d7192f	310	PVE::Storage::write_config($cfg);
b6cf0a66 DM	311
b6cf0a66 DM	312	}, "delete storage failed");
2a2cf20a AG	313
	314	PVE::AccessControl::remove_storage_access($storeid);
	315
b6cf0a66 DM	316	return undef;
	317	}});
	318
	319	1;