]>
Commit | Line | Data |
---|---|---|
b6cf0a66 DM |
1 | package PVE::API2::Storage::Config; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::SafeSyslog; | |
1dc01b9f | 7 | use PVE::Tools qw(extract_param); |
b6cf0a66 DM |
8 | use PVE::Cluster qw(cfs_read_file cfs_write_file); |
9 | use PVE::Storage; | |
1dc01b9f | 10 | use PVE::Storage::Plugin; |
304344ce | 11 | use PVE::Storage::LVMPlugin; |
b6cf0a66 DM |
12 | use HTTP::Status qw(:constants); |
13 | use Storable qw(dclone); | |
14 | use PVE::JSONSchema qw(get_standard_option); | |
5f642f73 | 15 | use PVE::RPCEnvironment; |
b6cf0a66 DM |
16 | |
17 | use PVE::RESTHandler; | |
18 | ||
19 | use base qw(PVE::RESTHandler); | |
20 | ||
21 | my @ctypes = qw(images vztmpl iso backup); | |
22 | ||
1dc01b9f | 23 | my $storage_type_enum = PVE::Storage::Plugin->lookup_types(); |
b6cf0a66 DM |
24 | |
25 | my $api_storage_config = sub { | |
26 | my ($cfg, $storeid) = @_; | |
27 | ||
1dc01b9f | 28 | my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid)); |
b6cf0a66 | 29 | $scfg->{storage} = $storeid; |
b6cf0a66 | 30 | $scfg->{digest} = $cfg->{digest}; |
1dc01b9f | 31 | $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content}); |
b6cf0a66 DM |
32 | |
33 | if ($scfg->{nodes}) { | |
1dc01b9f | 34 | $scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes}); |
b6cf0a66 DM |
35 | } |
36 | ||
37 | return $scfg; | |
38 | }; | |
39 | ||
fa1b42dd DM |
40 | my $cifs_cred_file_name = sub { |
41 | my ($storeid) = @_; | |
42 | ||
43 | return "/etc/pve/priv/${storeid}.cred"; | |
44 | }; | |
45 | ||
f79a699c WL |
46 | my $set_cifs_credentials = sub { |
47 | my ($password, $storeid) = @_; | |
48 | ||
fa1b42dd | 49 | my $cred_file = $cifs_cred_file_name->($storeid); |
f79a699c WL |
50 | |
51 | PVE::Tools::file_set_contents($cred_file, "password=$password\n"); | |
52 | ||
53 | return $cred_file; | |
54 | }; | |
55 | ||
b6cf0a66 DM |
56 | __PACKAGE__->register_method ({ |
57 | name => 'index', | |
58 | path => '', | |
59 | method => 'GET', | |
60 | description => "Storage index.", | |
5f642f73 DM |
61 | permissions => { |
62 | description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'", | |
63 | user => 'all', | |
64 | }, | |
b6cf0a66 DM |
65 | parameters => { |
66 | additionalProperties => 0, | |
67 | properties => { | |
68 | type => { | |
69 | description => "Only list storage of specific type", | |
70 | type => 'string', | |
71 | enum => $storage_type_enum, | |
72 | optional => 1, | |
73 | }, | |
b6cf0a66 DM |
74 | }, |
75 | }, | |
76 | returns => { | |
77 | type => 'array', | |
78 | items => { | |
79 | type => "object", | |
80 | properties => { storage => { type => 'string'} }, | |
81 | }, | |
82 | links => [ { rel => 'child', href => "{storage}" } ], | |
83 | }, | |
84 | code => sub { | |
85 | my ($param) = @_; | |
86 | ||
5f642f73 DM |
87 | my $rpcenv = PVE::RPCEnvironment::get(); |
88 | my $authuser = $rpcenv->get_user(); | |
89 | ||
83d7192f | 90 | my $cfg = PVE::Storage::config(); |
b6cf0a66 | 91 | |
5f642f73 | 92 | my @sids = PVE::Storage::storage_ids($cfg); |
b6cf0a66 DM |
93 | |
94 | my $res = []; | |
95 | foreach my $storeid (@sids) { | |
5f642f73 DM |
96 | my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ]; |
97 | next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1); | |
98 | ||
b6cf0a66 DM |
99 | my $scfg = &$api_storage_config($cfg, $storeid); |
100 | next if $param->{type} && $param->{type} ne $scfg->{type}; | |
101 | push @$res, $scfg; | |
102 | } | |
103 | ||
104 | return $res; | |
105 | }}); | |
106 | ||
107 | __PACKAGE__->register_method ({ | |
108 | name => 'read', | |
109 | path => '{storage}', | |
110 | method => 'GET', | |
111 | description => "Read storage configuration.", | |
5f642f73 DM |
112 | permissions => { |
113 | check => ['perm', '/storage/{storage}', ['Datastore.Allocate']], | |
114 | }, | |
b6cf0a66 DM |
115 | parameters => { |
116 | additionalProperties => 0, | |
117 | properties => { | |
118 | storage => get_standard_option('pve-storage-id'), | |
119 | }, | |
120 | }, | |
121 | returns => {}, | |
122 | code => sub { | |
123 | my ($param) = @_; | |
124 | ||
83d7192f | 125 | my $cfg = PVE::Storage::config(); |
b6cf0a66 DM |
126 | |
127 | return &$api_storage_config($cfg, $param->{storage}); | |
128 | }}); | |
129 | ||
130 | __PACKAGE__->register_method ({ | |
131 | name => 'create', | |
132 | protected => 1, | |
133 | path => '', | |
134 | method => 'POST', | |
135 | description => "Create a new storage.", | |
5f642f73 DM |
136 | permissions => { |
137 | check => ['perm', '/storage', ['Datastore.Allocate']], | |
138 | }, | |
1dc01b9f | 139 | parameters => PVE::Storage::Plugin->createSchema(), |
b6cf0a66 DM |
140 | returns => { type => 'null' }, |
141 | code => sub { | |
142 | my ($param) = @_; | |
143 | ||
1dc01b9f DM |
144 | my $type = extract_param($param, 'type'); |
145 | my $storeid = extract_param($param, 'storage'); | |
b6cf0a66 | 146 | |
a4a9405d WL |
147 | # revent an empty nodelist. |
148 | # fix me in section config create never need an empty entity. | |
149 | delete $param->{nodes} if !$param->{nodes}; | |
150 | ||
151 | my $password = extract_param($param, 'password') | |
152 | if $type eq 'cifs' && $param->{username}; | |
153 | ||
b6cf0a66 DM |
154 | if ($param->{portal}) { |
155 | $param->{portal} = PVE::Storage::resolv_portal($param->{portal}); | |
156 | } | |
157 | ||
1dc01b9f DM |
158 | my $plugin = PVE::Storage::Plugin->lookup($type); |
159 | my $opts = $plugin->check_config($storeid, $param, 1, 1); | |
b6cf0a66 DM |
160 | |
161 | PVE::Storage::lock_storage_config( | |
162 | sub { | |
163 | ||
83d7192f | 164 | my $cfg = PVE::Storage::config(); |
b6cf0a66 | 165 | |
1dc01b9f | 166 | if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) { |
b6cf0a66 DM |
167 | die "storage ID '$storeid' already defined\n"; |
168 | } | |
169 | ||
170 | $cfg->{ids}->{$storeid} = $opts; | |
171 | ||
172 | if ($type eq 'lvm' && $opts->{base}) { | |
173 | ||
1dc01b9f | 174 | my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base}); |
b6cf0a66 DM |
175 | |
176 | my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1); | |
177 | die "base storage ID '$baseid' does not exist\n" if !$basecfg; | |
178 | ||
179 | # we only support iscsi for now | |
180 | if (!($basecfg->{type} eq 'iscsi')) { | |
181 | die "unsupported base type '$basecfg->{type}'"; | |
182 | } | |
183 | ||
1dc01b9f | 184 | my $path = PVE::Storage::path($cfg, $opts->{base}); |
b6cf0a66 DM |
185 | |
186 | PVE::Storage::activate_storage($cfg, $baseid); | |
187 | ||
1dc01b9f | 188 | PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared}); |
5a39d0a1 FG |
189 | } elsif ($type eq 'rbd' && !defined($opts->{monhost})) { |
190 | my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring'; | |
191 | my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring"; | |
192 | ||
193 | die "ceph authx keyring file for storage '$storeid' already exists!\n" | |
194 | if -e $ceph_storage_keyring; | |
195 | ||
196 | eval { | |
8143f490 | 197 | mkdir '/etc/pve/priv/ceph'; |
5a39d0a1 FG |
198 | PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring); |
199 | }; | |
200 | if (my $err = $@) { | |
201 | unlink $ceph_storage_keyring; | |
202 | die "failed to copy ceph authx keyring for storage '$storeid': $err\n"; | |
203 | } | |
b6cf0a66 | 204 | } |
a4a9405d WL |
205 | # create a password file in /etc/pve/priv, |
206 | # this file is used as a cert_file at mount time. | |
207 | my $cred_file = &$set_cifs_credentials($password, $storeid) | |
208 | if defined($password); | |
209 | ||
210 | eval { | |
211 | # try to activate if enabled on local node, | |
212 | # we only do this to detect errors/problems sooner | |
213 | if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) { | |
214 | PVE::Storage::activate_storage($cfg, $storeid); | |
215 | } | |
216 | }; | |
217 | if(my $err = $@) { | |
218 | unlink $cred_file if defined($cred_file); | |
219 | die $err; | |
b6cf0a66 DM |
220 | } |
221 | ||
83d7192f | 222 | PVE::Storage::write_config($cfg); |
b6cf0a66 DM |
223 | |
224 | }, "create storage failed"); | |
225 | ||
1dc01b9f | 226 | return undef; |
b6cf0a66 DM |
227 | }}); |
228 | ||
229 | __PACKAGE__->register_method ({ | |
230 | name => 'update', | |
231 | protected => 1, | |
232 | path => '{storage}', | |
233 | method => 'PUT', | |
234 | description => "Update storage configuration.", | |
5f642f73 DM |
235 | permissions => { |
236 | check => ['perm', '/storage', ['Datastore.Allocate']], | |
237 | }, | |
1dc01b9f | 238 | parameters => PVE::Storage::Plugin->updateSchema(), |
b6cf0a66 DM |
239 | returns => { type => 'null' }, |
240 | code => sub { | |
241 | my ($param) = @_; | |
242 | ||
1dc01b9f DM |
243 | my $storeid = extract_param($param, 'storage'); |
244 | my $digest = extract_param($param, 'digest'); | |
b6cf0a66 DM |
245 | |
246 | PVE::Storage::lock_storage_config( | |
247 | sub { | |
248 | ||
83d7192f | 249 | my $cfg = PVE::Storage::config(); |
b6cf0a66 | 250 | |
1dc01b9f | 251 | PVE::SectionConfig::assert_if_modified($cfg, $digest); |
b6cf0a66 | 252 | |
1dc01b9f | 253 | my $scfg = PVE::Storage::storage_config($cfg, $storeid); |
b6cf0a66 | 254 | |
1dc01b9f DM |
255 | my $plugin = PVE::Storage::Plugin->lookup($scfg->{type}); |
256 | my $opts = $plugin->check_config($storeid, $param, 0, 1); | |
b6cf0a66 DM |
257 | |
258 | foreach my $k (%$opts) { | |
259 | $scfg->{$k} = $opts->{$k}; | |
260 | } | |
261 | ||
83d7192f | 262 | PVE::Storage::write_config($cfg); |
b6cf0a66 DM |
263 | |
264 | }, "update storage failed"); | |
265 | ||
266 | return undef; | |
267 | }}); | |
268 | ||
269 | __PACKAGE__->register_method ({ | |
270 | name => 'delete', | |
271 | protected => 1, | |
272 | path => '{storage}', # /storage/config/{storage} | |
273 | method => 'DELETE', | |
274 | description => "Delete storage configuration.", | |
5f642f73 DM |
275 | permissions => { |
276 | check => ['perm', '/storage', ['Datastore.Allocate']], | |
277 | }, | |
b6cf0a66 DM |
278 | parameters => { |
279 | additionalProperties => 0, | |
280 | properties => { | |
f3bd890d DM |
281 | storage => get_standard_option('pve-storage-id', { |
282 | completion => \&PVE::Storage::complete_storage, | |
283 | }), | |
b6cf0a66 DM |
284 | }, |
285 | }, | |
286 | returns => { type => 'null' }, | |
287 | code => sub { | |
288 | my ($param) = @_; | |
289 | ||
1dc01b9f DM |
290 | my $storeid = extract_param($param, 'storage'); |
291 | ||
b6cf0a66 DM |
292 | PVE::Storage::lock_storage_config( |
293 | sub { | |
294 | ||
83d7192f | 295 | my $cfg = PVE::Storage::config(); |
b6cf0a66 | 296 | |
5a39d0a1 | 297 | my $scfg = PVE::Storage::storage_config($cfg, $storeid); |
402df80b | 298 | |
b6cf0a66 | 299 | die "can't remove storage - storage is used as base of another storage\n" |
1dc01b9f | 300 | if PVE::Storage::storage_is_used($cfg, $storeid); |
b6cf0a66 | 301 | |
fa1b42dd DM |
302 | if ($scfg->{type} eq 'cifs') { |
303 | my $cred_file = $cifs_cred_file_name->($storeid); | |
304 | if (-f $cred_file) { | |
305 | unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n"; | |
306 | } | |
307 | } elsif ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) { | |
5a39d0a1 FG |
308 | my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring"; |
309 | if (-f $ceph_storage_keyring) { | |
310 | unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n"; | |
311 | } | |
312 | } | |
313 | ||
1dc01b9f | 314 | delete $cfg->{ids}->{$storeid}; |
b6cf0a66 | 315 | |
83d7192f | 316 | PVE::Storage::write_config($cfg); |
b6cf0a66 DM |
317 | |
318 | }, "delete storage failed"); | |
2a2cf20a AG |
319 | |
320 | PVE::AccessControl::remove_storage_access($storeid); | |
321 | ||
b6cf0a66 DM |
322 | return undef; |
323 | }}); | |
324 | ||
325 | 1; |