[pve-storage.git] / PVE / API2 / Storage / Config.pm

package PVE::API2::Storage::Config;

use strict;
use warnings;

use PVE::SafeSyslog;
use PVE::Tools qw(extract_param);
use PVE::Cluster qw(cfs_read_file cfs_write_file);
use PVE::Storage;
use PVE::Storage::Plugin;
use PVE::Storage::LVMPlugin;
use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;

use PVE::RESTHandler;

use base qw(PVE::RESTHandler);

my @ctypes = qw(images vztmpl iso backup);

my $storage_type_enum = PVE::Storage::Plugin->lookup_types();

my $api_storage_config = sub {
    my ($cfg, $storeid) = @_;

    my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
    $scfg->{storage} = $storeid;
    $scfg->{digest} = $cfg->{digest};
    $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});

    if ($scfg->{nodes}) {
	$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
    }

    return $scfg;
};

my $cifs_cred_file_name = sub {
    my ($storeid) = @_;

    return "/etc/pve/priv/${storeid}.cred";
};

my $set_cifs_credentials = sub {
    my ($password, $storeid) = @_;

    my $cred_file = $cifs_cred_file_name->($storeid);

    PVE::Tools::file_set_contents($cred_file, "password=$password\n");

    return $cred_file;
};

__PACKAGE__->register_method ({
    name => 'index', 
    path => '',
    method => 'GET',
    description => "Storage index.",
    permissions => { 
	description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
	user => 'all',
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    type => { 
		description => "Only list storage of specific type",
		type => 'string', 
		enum => $storage_type_enum,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { storage => { type => 'string'} },
	},
	links => [ { rel => 'child', href => "{storage}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $cfg = PVE::Storage::config();

	my @sids = PVE::Storage::storage_ids($cfg);

	my $res = [];
	foreach my $storeid (@sids) {
	    my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
	    next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);

	    my $scfg = &$api_storage_config($cfg, $storeid);
	    next if $param->{type} && $param->{type} ne $scfg->{type};
	    push @$res, $scfg;
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'read', 
    path => '{storage}',
    method => 'GET',
    description => "Read storage configuration.",
    permissions => { 
	check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    storage => get_standard_option('pve-storage-id'),
	},
    },
    returns => {},
    code => sub {
	my ($param) = @_;

	my $cfg = PVE::Storage::config();

	return &$api_storage_config($cfg, $param->{storage});
    }});

__PACKAGE__->register_method ({
    name => 'create',
    protected => 1,
    path => '', 
    method => 'POST',
    description => "Create a new storage.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => PVE::Storage::Plugin->createSchema(),
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $type = extract_param($param, 'type');
	my $storeid = extract_param($param, 'storage');

	# revent an empty nodelist.
	# fix me in section config create never need an empty entity.
	delete $param->{nodes} if !$param->{nodes};

	my $password = extract_param($param, 'password')
	    if $type eq 'cifs' && $param->{username};

	if ($param->{portal}) {
	    $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
	}

	my $plugin = PVE::Storage::Plugin->lookup($type);
	my $opts = $plugin->check_config($storeid, $param, 1, 1);

        PVE::Storage::lock_storage_config(
	    sub {

		my $cfg = PVE::Storage::config();

		if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
		    die "storage ID '$storeid' already defined\n";
		}

		$cfg->{ids}->{$storeid} = $opts;

		if ($type eq 'lvm' && $opts->{base}) {

		    my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});

		    my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
		    die "base storage ID '$baseid' does not exist\n" if !$basecfg;
       
		    # we only support iscsi for now
		    if (!($basecfg->{type} eq 'iscsi')) {
			die "unsupported base type '$basecfg->{type}'";
		    }

		    my $path = PVE::Storage::path($cfg, $opts->{base});

		    PVE::Storage::activate_storage($cfg, $baseid);

		    PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
		} elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
		    my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
		    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";

		    die "ceph authx keyring file for storage '$storeid' already exists!\n"
			if -e $ceph_storage_keyring;

		    eval {
			mkdir '/etc/pve/priv/ceph';
			PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
		    };
		    if (my $err = $@) {
			unlink $ceph_storage_keyring;
			die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
		    }
		}
		# create a password file in /etc/pve/priv,
		# this file is used as a cert_file at mount time.
		my $cred_file = &$set_cifs_credentials($password, $storeid)
		    if defined($password);

		eval {
		    # try to activate if enabled on local node,
		    # we only do this to detect errors/problems sooner
		    if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
			PVE::Storage::activate_storage($cfg, $storeid);
		    }
		};
		if(my $err = $@) {
		    unlink $cred_file if defined($cred_file);
		    die $err;
		}

		PVE::Storage::write_config($cfg);
	    
	    }, "create storage failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'update',
    protected => 1,
    path => '{storage}',
    method => 'PUT',
    description => "Update storage configuration.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => PVE::Storage::Plugin->updateSchema(),
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $storeid = extract_param($param, 'storage');
	my $digest = extract_param($param, 'digest');

        PVE::Storage::lock_storage_config(
	 sub {

	    my $cfg = PVE::Storage::config();

	    PVE::SectionConfig::assert_if_modified($cfg, $digest);

	    my $scfg = PVE::Storage::storage_config($cfg, $storeid);

	    my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
	    my $opts = $plugin->check_config($storeid, $param, 0, 1);

	    foreach my $k (%$opts) {
		$scfg->{$k} = $opts->{$k};
	    }

	    PVE::Storage::write_config($cfg);

	    }, "update storage failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'delete',
    protected => 1,
    path => '{storage}', # /storage/config/{storage}
    method => 'DELETE',
    description => "Delete storage configuration.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => {
    	additionalProperties => 0,
	properties => { 
	    storage => get_standard_option('pve-storage-id', {
                completion => \&PVE::Storage::complete_storage,
            }),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $storeid = extract_param($param, 'storage');

        PVE::Storage::lock_storage_config(
	    sub {

		my $cfg = PVE::Storage::config();

		my $scfg = PVE::Storage::storage_config($cfg, $storeid);

		die "can't remove storage - storage is used as base of another storage\n"
		    if PVE::Storage::storage_is_used($cfg, $storeid);

		if ($scfg->{type} eq 'cifs')  {
		    my $cred_file = $cifs_cred_file_name->($storeid);
		    if (-f $cred_file) {
			unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
		    }
		} elsif ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
		    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
		    if (-f $ceph_storage_keyring) {
			unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
		    }
		}

		delete $cfg->{ids}->{$storeid};

		PVE::Storage::write_config($cfg);

	    }, "delete storage failed");

	PVE::AccessControl::remove_storage_access($storeid);

	return undef;
    }});

1;
Commit	Line	Data
b6cf0a66 DM	1	package PVE::API2::Storage::Config;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::SafeSyslog;
1dc01b9f	7	use PVE::Tools qw(extract_param);
b6cf0a66 DM	8	use PVE::Cluster qw(cfs_read_file cfs_write_file);
b6cf0a66 DM	9	use PVE::Storage;
1dc01b9f	10	use PVE::Storage::Plugin;
304344ce	11	use PVE::Storage::LVMPlugin;
b6cf0a66 DM	12	use HTTP::Status qw(:constants);
	13	use Storable qw(dclone);
	14	use PVE::JSONSchema qw(get_standard_option);
5f642f73	15	use PVE::RPCEnvironment;
b6cf0a66 DM	16
	17	use PVE::RESTHandler;
	18
	19	use base qw(PVE::RESTHandler);
	20
	21	my @ctypes = qw(images vztmpl iso backup);
	22
1dc01b9f	23	my $storage_type_enum = PVE::Storage::Plugin->lookup_types();
b6cf0a66 DM	24
	25	my $api_storage_config = sub {
	26	my ($cfg, $storeid) = @_;
	27
1dc01b9f	28	my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
b6cf0a66	29	$scfg->{storage} = $storeid;
b6cf0a66	30	$scfg->{digest} = $cfg->{digest};
1dc01b9f	31	$scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});
b6cf0a66 DM	32
b6cf0a66 DM	33	if ($scfg->{nodes}) {
1dc01b9f	34	$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
b6cf0a66 DM	35	}
	36
	37	return $scfg;
	38	};
	39
fa1b42dd DM	40	my $cifs_cred_file_name = sub {
	41	my ($storeid) = @_;
	42
	43	return "/etc/pve/priv/${storeid}.cred";
	44	};
	45
f79a699c WL	46	my $set_cifs_credentials = sub {
	47	my ($password, $storeid) = @_;
	48
fa1b42dd	49	my $cred_file = $cifs_cred_file_name->($storeid);
f79a699c WL	50
	51	PVE::Tools::file_set_contents($cred_file, "password=$password\n");
	52
	53	return $cred_file;
	54	};
	55
b6cf0a66 DM	56	__PACKAGE__->register_method ({
	57	name => 'index',
	58	path => '',
	59	method => 'GET',
	60	description => "Storage index.",
5f642f73 DM	61	permissions => {
	62	description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
	63	user => 'all',
	64	},
b6cf0a66 DM	65	parameters => {
	66	additionalProperties => 0,
	67	properties => {
	68	type => {
	69	description => "Only list storage of specific type",
	70	type => 'string',
	71	enum => $storage_type_enum,
	72	optional => 1,
	73	},
b6cf0a66 DM	74	},
	75	},
	76	returns => {
	77	type => 'array',
	78	items => {
	79	type => "object",
	80	properties => { storage => { type => 'string'} },
	81	},
	82	links => [ { rel => 'child', href => "{storage}" } ],
	83	},
	84	code => sub {
	85	my ($param) = @_;
	86
5f642f73 DM	87	my $rpcenv = PVE::RPCEnvironment::get();
	88	my $authuser = $rpcenv->get_user();
	89
83d7192f	90	my $cfg = PVE::Storage::config();
b6cf0a66	91
5f642f73	92	my @sids = PVE::Storage::storage_ids($cfg);
b6cf0a66 DM	93
	94	my $res = [];
	95	foreach my $storeid (@sids) {
5f642f73 DM	96	my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
	97	next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);
	98
b6cf0a66 DM	99	my $scfg = &$api_storage_config($cfg, $storeid);
	100	next if $param->{type} && $param->{type} ne $scfg->{type};
	101	push @$res, $scfg;
	102	}
	103
	104	return $res;
	105	}});
	106
	107	__PACKAGE__->register_method ({
	108	name => 'read',
	109	path => '{storage}',
	110	method => 'GET',
	111	description => "Read storage configuration.",
5f642f73 DM	112	permissions => {
	113	check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
	114	},
b6cf0a66 DM	115	parameters => {
	116	additionalProperties => 0,
	117	properties => {
	118	storage => get_standard_option('pve-storage-id'),
	119	},
	120	},
	121	returns => {},
	122	code => sub {
	123	my ($param) = @_;
	124
83d7192f	125	my $cfg = PVE::Storage::config();
b6cf0a66 DM	126
	127	return &$api_storage_config($cfg, $param->{storage});
	128	}});
	129
	130	__PACKAGE__->register_method ({
	131	name => 'create',
	132	protected => 1,
	133	path => '',
	134	method => 'POST',
	135	description => "Create a new storage.",
5f642f73 DM	136	permissions => {
	137	check => ['perm', '/storage', ['Datastore.Allocate']],
	138	},
1dc01b9f	139	parameters => PVE::Storage::Plugin->createSchema(),
b6cf0a66 DM	140	returns => { type => 'null' },
	141	code => sub {
	142	my ($param) = @_;
	143
1dc01b9f DM	144	my $type = extract_param($param, 'type');
1dc01b9f DM	145	my $storeid = extract_param($param, 'storage');
b6cf0a66	146
a4a9405d WL	147	# revent an empty nodelist.
	148	# fix me in section config create never need an empty entity.
	149	delete $param->{nodes} if !$param->{nodes};
	150
	151	my $password = extract_param($param, 'password')
	152	if $type eq 'cifs' && $param->{username};
	153
b6cf0a66 DM	154	if ($param->{portal}) {
	155	$param->{portal} = PVE::Storage::resolv_portal($param->{portal});
	156	}
	157
1dc01b9f DM	158	my $plugin = PVE::Storage::Plugin->lookup($type);
1dc01b9f DM	159	my $opts = $plugin->check_config($storeid, $param, 1, 1);
b6cf0a66 DM	160
	161	PVE::Storage::lock_storage_config(
	162	sub {
	163
83d7192f	164	my $cfg = PVE::Storage::config();
b6cf0a66	165
1dc01b9f	166	if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
b6cf0a66 DM	167	die "storage ID '$storeid' already defined\n";
	168	}
	169
	170	$cfg->{ids}->{$storeid} = $opts;
	171
	172	if ($type eq 'lvm' && $opts->{base}) {
	173
1dc01b9f	174	my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});
b6cf0a66 DM	175
	176	my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
	177	die "base storage ID '$baseid' does not exist\n" if !$basecfg;
	178
	179	# we only support iscsi for now
	180	if (!($basecfg->{type} eq 'iscsi')) {
	181	die "unsupported base type '$basecfg->{type}'";
	182	}
	183
1dc01b9f	184	my $path = PVE::Storage::path($cfg, $opts->{base});
b6cf0a66 DM	185
	186	PVE::Storage::activate_storage($cfg, $baseid);
	187
1dc01b9f	188	PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
5a39d0a1 FG	189	} elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
	190	my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
	191	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
	192
	193	die "ceph authx keyring file for storage '$storeid' already exists!\n"
	194	if -e $ceph_storage_keyring;
	195
	196	eval {
8143f490	197	mkdir '/etc/pve/priv/ceph';
5a39d0a1 FG	198	PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
	199	};
	200	if (my $err = $@) {
	201	unlink $ceph_storage_keyring;
	202	die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
	203	}
b6cf0a66	204	}
a4a9405d WL	205	# create a password file in /etc/pve/priv,
	206	# this file is used as a cert_file at mount time.
	207	my $cred_file = &$set_cifs_credentials($password, $storeid)
	208	if defined($password);
	209
	210	eval {
	211	# try to activate if enabled on local node,
	212	# we only do this to detect errors/problems sooner
	213	if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
	214	PVE::Storage::activate_storage($cfg, $storeid);
	215	}
	216	};
	217	if(my $err = $@) {
	218	unlink $cred_file if defined($cred_file);
	219	die $err;
b6cf0a66 DM	220	}
b6cf0a66 DM	221
83d7192f	222	PVE::Storage::write_config($cfg);
b6cf0a66 DM	223
	224	}, "create storage failed");
	225
1dc01b9f	226	return undef;
b6cf0a66 DM	227	}});
	228
	229	__PACKAGE__->register_method ({
	230	name => 'update',
	231	protected => 1,
	232	path => '{storage}',
	233	method => 'PUT',
	234	description => "Update storage configuration.",
5f642f73 DM	235	permissions => {
	236	check => ['perm', '/storage', ['Datastore.Allocate']],
	237	},
1dc01b9f	238	parameters => PVE::Storage::Plugin->updateSchema(),
b6cf0a66 DM	239	returns => { type => 'null' },
	240	code => sub {
	241	my ($param) = @_;
	242
1dc01b9f DM	243	my $storeid = extract_param($param, 'storage');
1dc01b9f DM	244	my $digest = extract_param($param, 'digest');
b6cf0a66 DM	245
	246	PVE::Storage::lock_storage_config(
	247	sub {
	248
83d7192f	249	my $cfg = PVE::Storage::config();
b6cf0a66	250
1dc01b9f	251	PVE::SectionConfig::assert_if_modified($cfg, $digest);
b6cf0a66	252
1dc01b9f	253	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
b6cf0a66	254
1dc01b9f DM	255	my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
1dc01b9f DM	256	my $opts = $plugin->check_config($storeid, $param, 0, 1);
b6cf0a66 DM	257
	258	foreach my $k (%$opts) {
	259	$scfg->{$k} = $opts->{$k};
	260	}
	261
83d7192f	262	PVE::Storage::write_config($cfg);
b6cf0a66 DM	263
	264	}, "update storage failed");
	265
	266	return undef;
	267	}});
	268
	269	__PACKAGE__->register_method ({
	270	name => 'delete',
	271	protected => 1,
	272	path => '{storage}', # /storage/config/{storage}
	273	method => 'DELETE',
	274	description => "Delete storage configuration.",
5f642f73 DM	275	permissions => {
	276	check => ['perm', '/storage', ['Datastore.Allocate']],
	277	},
b6cf0a66 DM	278	parameters => {
	279	additionalProperties => 0,
	280	properties => {
f3bd890d DM	281	storage => get_standard_option('pve-storage-id', {
	282	completion => \&PVE::Storage::complete_storage,
	283	}),
b6cf0a66 DM	284	},
	285	},
	286	returns => { type => 'null' },
	287	code => sub {
	288	my ($param) = @_;
	289
1dc01b9f DM	290	my $storeid = extract_param($param, 'storage');
1dc01b9f DM	291
b6cf0a66 DM	292	PVE::Storage::lock_storage_config(
	293	sub {
	294
83d7192f	295	my $cfg = PVE::Storage::config();
b6cf0a66	296
5a39d0a1	297	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
402df80b	298
b6cf0a66	299	die "can't remove storage - storage is used as base of another storage\n"
1dc01b9f	300	if PVE::Storage::storage_is_used($cfg, $storeid);
b6cf0a66	301
fa1b42dd DM	302	if ($scfg->{type} eq 'cifs') {
	303	my $cred_file = $cifs_cred_file_name->($storeid);
	304	if (-f $cred_file) {
	305	unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
	306	}
	307	} elsif ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
5a39d0a1 FG	308	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
	309	if (-f $ceph_storage_keyring) {
	310	unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
	311	}
	312	}
	313
1dc01b9f	314	delete $cfg->{ids}->{$storeid};
b6cf0a66	315
83d7192f	316	PVE::Storage::write_config($cfg);
b6cf0a66 DM	317
b6cf0a66 DM	318	}, "delete storage failed");
2a2cf20a AG	319
	320	PVE::AccessControl::remove_storage_access($storeid);
	321
b6cf0a66 DM	322	return undef;
	323	}});
	324
	325	1;