[pve-storage.git] / PVE / API2 / Storage / Config.pm

package PVE::API2::Storage::Config;

use strict;
use warnings;

use PVE::SafeSyslog;
use PVE::Tools qw(extract_param);
use PVE::Cluster qw(cfs_read_file cfs_write_file);
use PVE::Storage;
use PVE::Storage::Plugin;
use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RPCEnvironment;

use PVE::RESTHandler;

use base qw(PVE::RESTHandler);

my @ctypes = qw(images vztmpl iso backup);

my $storage_type_enum = PVE::Storage::Plugin->lookup_types();

my $api_storage_config = sub {
    my ($cfg, $storeid) = @_;

    my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
    $scfg->{storage} = $storeid;
    $scfg->{digest} = $cfg->{digest};
    $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});

    if ($scfg->{nodes}) {
	$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
    }

    return $scfg;
};

my $set_cifs_credentials = sub {
    my ($password, $storeid) = @_;

    my $cred_path = '/etc/pve/priv/';

    my $cred_file = $cred_path.$storeid.".cred";

    PVE::Tools::file_set_contents($cred_file, "password=$password\n");

    return $cred_file;
};

__PACKAGE__->register_method ({
    name => 'index', 
    path => '',
    method => 'GET',
    description => "Storage index.",
    permissions => { 
	description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
	user => 'all',
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    type => { 
		description => "Only list storage of specific type",
		type => 'string', 
		enum => $storage_type_enum,
		optional => 1,
	    },
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { storage => { type => 'string'} },
	},
	links => [ { rel => 'child', href => "{storage}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();
	my $authuser = $rpcenv->get_user();

	my $cfg = PVE::Storage::config();

	my @sids = PVE::Storage::storage_ids($cfg);

	my $res = [];
	foreach my $storeid (@sids) {
	    my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
	    next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);

	    my $scfg = &$api_storage_config($cfg, $storeid);
	    next if $param->{type} && $param->{type} ne $scfg->{type};
	    push @$res, $scfg;
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'read', 
    path => '{storage}',
    method => 'GET',
    description => "Read storage configuration.",
    permissions => { 
	check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    storage => get_standard_option('pve-storage-id'),
	},
    },
    returns => {},
    code => sub {
	my ($param) = @_;

	my $cfg = PVE::Storage::config();

	return &$api_storage_config($cfg, $param->{storage});
    }});

__PACKAGE__->register_method ({
    name => 'create',
    protected => 1,
    path => '', 
    method => 'POST',
    description => "Create a new storage.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => PVE::Storage::Plugin->createSchema(),
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $type = extract_param($param, 'type');
	my $storeid = extract_param($param, 'storage');

	if ($param->{portal}) {
	    $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
	}

	my $plugin = PVE::Storage::Plugin->lookup($type);
	my $opts = $plugin->check_config($storeid, $param, 1, 1);

        PVE::Storage::lock_storage_config(
	    sub {

		my $cfg = PVE::Storage::config();

		if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
		    die "storage ID '$storeid' already defined\n";
		}

		$cfg->{ids}->{$storeid} = $opts;

		if ($type eq 'lvm' && $opts->{base}) {

		    my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});

		    my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
		    die "base storage ID '$baseid' does not exist\n" if !$basecfg;
       
		    # we only support iscsi for now
		    if (!($basecfg->{type} eq 'iscsi')) {
			die "unsupported base type '$basecfg->{type}'";
		    }

		    my $path = PVE::Storage::path($cfg, $opts->{base});

		    PVE::Storage::activate_storage($cfg, $baseid);

		    PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
		} elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
		    my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
		    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";

		    die "ceph authx keyring file for storage '$storeid' already exists!\n"
			if -e $ceph_storage_keyring;

		    eval {
			mkdir '/etc/pve/priv/ceph';
			PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
		    };
		    if (my $err = $@) {
			unlink $ceph_storage_keyring;
			die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
		    }
		}

		# try to activate if enabled on local node,
		# we only do this to detect errors/problems sooner
		if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
		    PVE::Storage::activate_storage($cfg, $storeid);
		}

		PVE::Storage::write_config($cfg);
	    
	    }, "create storage failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'update',
    protected => 1,
    path => '{storage}',
    method => 'PUT',
    description => "Update storage configuration.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => PVE::Storage::Plugin->updateSchema(),
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $storeid = extract_param($param, 'storage');
	my $digest = extract_param($param, 'digest');

        PVE::Storage::lock_storage_config(
	 sub {

	    my $cfg = PVE::Storage::config();

	    PVE::SectionConfig::assert_if_modified($cfg, $digest);

	    my $scfg = PVE::Storage::storage_config($cfg, $storeid);

	    my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
	    my $opts = $plugin->check_config($storeid, $param, 0, 1);

	    foreach my $k (%$opts) {
		$scfg->{$k} = $opts->{$k};
	    }

	    PVE::Storage::write_config($cfg);

	    }, "update storage failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'delete',
    protected => 1,
    path => '{storage}', # /storage/config/{storage}
    method => 'DELETE',
    description => "Delete storage configuration.",
    permissions => { 
	check => ['perm', '/storage', ['Datastore.Allocate']],
    },
    parameters => {
    	additionalProperties => 0,
	properties => { 
	    storage => get_standard_option('pve-storage-id', {
                completion => \&PVE::Storage::complete_storage,
            }),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $storeid = extract_param($param, 'storage');

        PVE::Storage::lock_storage_config(
	    sub {

		my $cfg = PVE::Storage::config();

		my $scfg = PVE::Storage::storage_config($cfg, $storeid);

		die "can't remove storage - storage is used as base of another storage\n"
		    if PVE::Storage::storage_is_used($cfg, $storeid);

		if ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
		    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
		    if (-f $ceph_storage_keyring) {
			unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
		    }
		}

		delete $cfg->{ids}->{$storeid};

		PVE::Storage::write_config($cfg);

	    }, "delete storage failed");

	PVE::AccessControl::remove_storage_access($storeid);

	return undef;
    }});

1;
Commit	Line	Data
b6cf0a66 DM	1	package PVE::API2::Storage::Config;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::SafeSyslog;
1dc01b9f	7	use PVE::Tools qw(extract_param);
b6cf0a66 DM	8	use PVE::Cluster qw(cfs_read_file cfs_write_file);
b6cf0a66 DM	9	use PVE::Storage;
1dc01b9f	10	use PVE::Storage::Plugin;
b6cf0a66 DM	11	use HTTP::Status qw(:constants);
	12	use Storable qw(dclone);
	13	use PVE::JSONSchema qw(get_standard_option);
5f642f73	14	use PVE::RPCEnvironment;
b6cf0a66 DM	15
	16	use PVE::RESTHandler;
	17
	18	use base qw(PVE::RESTHandler);
	19
	20	my @ctypes = qw(images vztmpl iso backup);
	21
1dc01b9f	22	my $storage_type_enum = PVE::Storage::Plugin->lookup_types();
b6cf0a66 DM	23
	24	my $api_storage_config = sub {
	25	my ($cfg, $storeid) = @_;
	26
1dc01b9f	27	my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
b6cf0a66	28	$scfg->{storage} = $storeid;
b6cf0a66	29	$scfg->{digest} = $cfg->{digest};
1dc01b9f	30	$scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});
b6cf0a66 DM	31
b6cf0a66 DM	32	if ($scfg->{nodes}) {
1dc01b9f	33	$scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
b6cf0a66 DM	34	}
	35
	36	return $scfg;
	37	};
	38
f79a699c WL	39	my $set_cifs_credentials = sub {
	40	my ($password, $storeid) = @_;
	41
	42	my $cred_path = '/etc/pve/priv/';
	43
	44	my $cred_file = $cred_path.$storeid.".cred";
	45
	46	PVE::Tools::file_set_contents($cred_file, "password=$password\n");
	47
	48	return $cred_file;
	49	};
	50
b6cf0a66 DM	51	__PACKAGE__->register_method ({
	52	name => 'index',
	53	path => '',
	54	method => 'GET',
	55	description => "Storage index.",
5f642f73 DM	56	permissions => {
	57	description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
	58	user => 'all',
	59	},
b6cf0a66 DM	60	parameters => {
	61	additionalProperties => 0,
	62	properties => {
	63	type => {
	64	description => "Only list storage of specific type",
	65	type => 'string',
	66	enum => $storage_type_enum,
	67	optional => 1,
	68	},
b6cf0a66 DM	69	},
	70	},
	71	returns => {
	72	type => 'array',
	73	items => {
	74	type => "object",
	75	properties => { storage => { type => 'string'} },
	76	},
	77	links => [ { rel => 'child', href => "{storage}" } ],
	78	},
	79	code => sub {
	80	my ($param) = @_;
	81
5f642f73 DM	82	my $rpcenv = PVE::RPCEnvironment::get();
	83	my $authuser = $rpcenv->get_user();
	84
83d7192f	85	my $cfg = PVE::Storage::config();
b6cf0a66	86
5f642f73	87	my @sids = PVE::Storage::storage_ids($cfg);
b6cf0a66 DM	88
	89	my $res = [];
	90	foreach my $storeid (@sids) {
5f642f73 DM	91	my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
	92	next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);
	93
b6cf0a66 DM	94	my $scfg = &$api_storage_config($cfg, $storeid);
	95	next if $param->{type} && $param->{type} ne $scfg->{type};
	96	push @$res, $scfg;
	97	}
	98
	99	return $res;
	100	}});
	101
	102	__PACKAGE__->register_method ({
	103	name => 'read',
	104	path => '{storage}',
	105	method => 'GET',
	106	description => "Read storage configuration.",
5f642f73 DM	107	permissions => {
	108	check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
	109	},
b6cf0a66 DM	110	parameters => {
	111	additionalProperties => 0,
	112	properties => {
	113	storage => get_standard_option('pve-storage-id'),
	114	},
	115	},
	116	returns => {},
	117	code => sub {
	118	my ($param) = @_;
	119
83d7192f	120	my $cfg = PVE::Storage::config();
b6cf0a66 DM	121
	122	return &$api_storage_config($cfg, $param->{storage});
	123	}});
	124
	125	__PACKAGE__->register_method ({
	126	name => 'create',
	127	protected => 1,
	128	path => '',
	129	method => 'POST',
	130	description => "Create a new storage.",
5f642f73 DM	131	permissions => {
	132	check => ['perm', '/storage', ['Datastore.Allocate']],
	133	},
1dc01b9f	134	parameters => PVE::Storage::Plugin->createSchema(),
b6cf0a66 DM	135	returns => { type => 'null' },
	136	code => sub {
	137	my ($param) = @_;
	138
1dc01b9f DM	139	my $type = extract_param($param, 'type');
1dc01b9f DM	140	my $storeid = extract_param($param, 'storage');
b6cf0a66 DM	141
	142	if ($param->{portal}) {
	143	$param->{portal} = PVE::Storage::resolv_portal($param->{portal});
	144	}
	145
1dc01b9f DM	146	my $plugin = PVE::Storage::Plugin->lookup($type);
1dc01b9f DM	147	my $opts = $plugin->check_config($storeid, $param, 1, 1);
b6cf0a66 DM	148
	149	PVE::Storage::lock_storage_config(
	150	sub {
	151
83d7192f	152	my $cfg = PVE::Storage::config();
b6cf0a66	153
1dc01b9f	154	if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
b6cf0a66 DM	155	die "storage ID '$storeid' already defined\n";
	156	}
	157
	158	$cfg->{ids}->{$storeid} = $opts;
	159
	160	if ($type eq 'lvm' && $opts->{base}) {
	161
1dc01b9f	162	my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});
b6cf0a66 DM	163
	164	my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
	165	die "base storage ID '$baseid' does not exist\n" if !$basecfg;
	166
	167	# we only support iscsi for now
	168	if (!($basecfg->{type} eq 'iscsi')) {
	169	die "unsupported base type '$basecfg->{type}'";
	170	}
	171
1dc01b9f	172	my $path = PVE::Storage::path($cfg, $opts->{base});
b6cf0a66 DM	173
	174	PVE::Storage::activate_storage($cfg, $baseid);
	175
1dc01b9f	176	PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
5a39d0a1 FG	177	} elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
	178	my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
	179	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
	180
	181	die "ceph authx keyring file for storage '$storeid' already exists!\n"
	182	if -e $ceph_storage_keyring;
	183
	184	eval {
8143f490	185	mkdir '/etc/pve/priv/ceph';
5a39d0a1 FG	186	PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
	187	};
	188	if (my $err = $@) {
	189	unlink $ceph_storage_keyring;
	190	die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
	191	}
b6cf0a66 DM	192	}
	193
	194	# try to activate if enabled on local node,
	195	# we only do this to detect errors/problems sooner
	196	if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
	197	PVE::Storage::activate_storage($cfg, $storeid);
	198	}
	199
83d7192f	200	PVE::Storage::write_config($cfg);
b6cf0a66 DM	201
	202	}, "create storage failed");
	203
1dc01b9f	204	return undef;
b6cf0a66 DM	205	}});
	206
	207	__PACKAGE__->register_method ({
	208	name => 'update',
	209	protected => 1,
	210	path => '{storage}',
	211	method => 'PUT',
	212	description => "Update storage configuration.",
5f642f73 DM	213	permissions => {
	214	check => ['perm', '/storage', ['Datastore.Allocate']],
	215	},
1dc01b9f	216	parameters => PVE::Storage::Plugin->updateSchema(),
b6cf0a66 DM	217	returns => { type => 'null' },
	218	code => sub {
	219	my ($param) = @_;
	220
1dc01b9f DM	221	my $storeid = extract_param($param, 'storage');
1dc01b9f DM	222	my $digest = extract_param($param, 'digest');
b6cf0a66 DM	223
	224	PVE::Storage::lock_storage_config(
	225	sub {
	226
83d7192f	227	my $cfg = PVE::Storage::config();
b6cf0a66	228
1dc01b9f	229	PVE::SectionConfig::assert_if_modified($cfg, $digest);
b6cf0a66	230
1dc01b9f	231	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
b6cf0a66	232
1dc01b9f DM	233	my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
1dc01b9f DM	234	my $opts = $plugin->check_config($storeid, $param, 0, 1);
b6cf0a66 DM	235
	236	foreach my $k (%$opts) {
	237	$scfg->{$k} = $opts->{$k};
	238	}
	239
83d7192f	240	PVE::Storage::write_config($cfg);
b6cf0a66 DM	241
	242	}, "update storage failed");
	243
	244	return undef;
	245	}});
	246
	247	__PACKAGE__->register_method ({
	248	name => 'delete',
	249	protected => 1,
	250	path => '{storage}', # /storage/config/{storage}
	251	method => 'DELETE',
	252	description => "Delete storage configuration.",
5f642f73 DM	253	permissions => {
	254	check => ['perm', '/storage', ['Datastore.Allocate']],
	255	},
b6cf0a66 DM	256	parameters => {
	257	additionalProperties => 0,
	258	properties => {
f3bd890d DM	259	storage => get_standard_option('pve-storage-id', {
	260	completion => \&PVE::Storage::complete_storage,
	261	}),
b6cf0a66 DM	262	},
	263	},
	264	returns => { type => 'null' },
	265	code => sub {
	266	my ($param) = @_;
	267
1dc01b9f DM	268	my $storeid = extract_param($param, 'storage');
1dc01b9f DM	269
b6cf0a66 DM	270	PVE::Storage::lock_storage_config(
	271	sub {
	272
83d7192f	273	my $cfg = PVE::Storage::config();
b6cf0a66	274
5a39d0a1	275	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
402df80b	276
b6cf0a66	277	die "can't remove storage - storage is used as base of another storage\n"
1dc01b9f	278	if PVE::Storage::storage_is_used($cfg, $storeid);
b6cf0a66	279
5a39d0a1 FG	280	if ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
	281	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
	282	if (-f $ceph_storage_keyring) {
	283	unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
	284	}
	285	}
	286
1dc01b9f	287	delete $cfg->{ids}->{$storeid};
b6cf0a66	288
83d7192f	289	PVE::Storage::write_config($cfg);
b6cf0a66 DM	290
b6cf0a66 DM	291	}, "delete storage failed");
2a2cf20a AG	292
	293	PVE::AccessControl::remove_storage_access($storeid);
	294
b6cf0a66 DM	295	return undef;
	296	}});
	297
	298	1;