[pve-container.git] / src / PVE / API2 / LXC / Config.pm

package PVE::API2::LXC::Config;

use strict;
use warnings;

use PVE::SafeSyslog;
use PVE::Tools qw(extract_param run_command);
use PVE::Exception qw(raise raise_param_exc);
use PVE::INotify;
use PVE::Cluster qw(cfs_read_file);
use PVE::AccessControl;
use PVE::Firewall;
use PVE::Storage;
use PVE::RESTHandler;
use PVE::RPCEnvironment;
use PVE::LXC;
use PVE::LXC::Create;
use PVE::HA::Config;
use PVE::JSONSchema qw(get_standard_option);
use base qw(PVE::RESTHandler);

use Data::Dumper; # fixme: remove

__PACKAGE__->register_method({
    name => 'vm_config',
    path => '',
    method => 'GET',
    proxyto => 'node',
    description => "Get container configuration.",
    permissions => {
	check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
    },
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
	},
    },
    returns => {
	type => "object",
	properties => {
	    digest => {
		type => 'string',
		description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
	    }
	},
    },
    code => sub {
	my ($param) = @_;

	my $conf = PVE::LXC::load_config($param->{vmid});

	delete $conf->{snapshots};
	delete $conf->{lxc};

	return $conf;
    }});

my $vm_config_perm_list = [
	    'VM.Config.Disk',
	    'VM.Config.CPU',
	    'VM.Config.Memory',
	    'VM.Config.Network',
	    'VM.Config.Options',
    ];

__PACKAGE__->register_method({
    name => 'update_vm',
    path => '',
    method => 'PUT',
    protected => 1,
    proxyto => 'node',
    description => "Set container options.",
    permissions => {
	check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
    },
    parameters => {
    	additionalProperties => 0,
	properties => PVE::LXC::json_config_properties(
	    {
		node => get_standard_option('pve-node'),
		vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
		delete => {
		    type => 'string', format => 'pve-configid-list',
		    description => "A list of settings you want to delete.",
		    optional => 1,
		},
		digest => {
		    type => 'string',
		    description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
		    maxLength => 40,
		    optional => 1,
		}
	    }),
    },
    returns => { type => 'null'},
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $authuser = $rpcenv->get_user();

	my $node = extract_param($param, 'node');

	my $vmid = extract_param($param, 'vmid');

	my $digest = extract_param($param, 'digest');

	die "no options specified\n" if !scalar(keys %$param);

	my $delete_str = extract_param($param, 'delete');
	my @delete = PVE::Tools::split_list($delete_str);

	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);

	foreach my $opt (@delete) {
	    raise_param_exc({ delete => "you can't use '-$opt' and " .
				  "-delete $opt' at the same time" })
		if defined($param->{$opt});

	    if (!PVE::LXC::option_exists($opt)) {
		raise_param_exc({ delete => "unknown option '$opt'" });
	    }
	}

	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);

	my $storage_cfg = cfs_read_file("storage.cfg");

	my $code = sub {

	    my $conf = PVE::LXC::load_config($vmid);
	    PVE::LXC::check_lock($conf);

	    PVE::Tools::assert_if_modified($digest, $conf->{digest});

	    my $running = PVE::LXC::check_running($vmid);

	    PVE::LXC::update_pct_config($vmid, $conf, $running, $param, \@delete);

	    PVE::LXC::write_config($vmid, $conf);
	    PVE::LXC::update_lxc_config($storage_cfg, $vmid, $conf);
	};

	PVE::LXC::lock_container($vmid, undef, $code);

	return undef;
    }});

my $query_loopdev = sub {
    my ($path) = @_;
    my $found;
    my $parser = sub {
	my $line = shift;
	if ($line =~ m@^(/dev/loop\d+):@) {
	    $found = $1;
	}
    };
    my $cmd = ['losetup', '--associated', $path];
    PVE::Tools::run_command($cmd, outfunc => $parser);
    return $found;
};

__PACKAGE__->register_method({
    name => 'resize_vm',
    path => '{vmid}/resize',
    method => 'PUT',
    protected => 1,
    proxyto => 'node',
    description => "Resize a container mountpoint.",
    permissions => {
	check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
    },
    parameters => {
	additionalProperties => 0,
	properties => PVE::LXC::json_config_properties(
	    {
		node => get_standard_option('pve-node'),
		vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
		disk => {
		    type => 'string',
		    description => "The disk you want to resize.",
		    enum => [PVE::LXC::mountpoint_names()],
		},
		size => {
		    type => 'string',
		    pattern => '\+?\d+(\.\d+)?[KMGT]?',
		    description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
		},
		digest => {
		    type => 'string',
		    description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
		    maxLength => 40,
		    optional => 1,
		}
	    }),
    },
    returns => { type => 'null'},
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $authuser = $rpcenv->get_user();

	my $node = extract_param($param, 'node');

	my $vmid = extract_param($param, 'vmid');

	my $digest = extract_param($param, 'digest');

	my $sizestr = extract_param($param, 'size');
	my $ext = ($sizestr =~ s/^\+//);
	my $newsize = PVE::JSONSchema::parse_size($sizestr);
	die "invalid size string" if !defined($newsize);

	die "no options specified\n" if !scalar(keys %$param);

	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);

	my $storage_cfg = cfs_read_file("storage.cfg");

	my $code = sub {

	    my $conf = PVE::LXC::load_config($vmid);
	    PVE::LXC::check_lock($conf);

	    PVE::Tools::assert_if_modified($digest, $conf->{digest});

	    my $running = PVE::LXC::check_running($vmid);

	    my $disk = $param->{disk};
	    my $mp = PVE::LXC::parse_ct_mountpoint($conf->{$disk});
	    my $volid = $mp->{volume};

	    my (undef, undef, $owner, undef, undef, undef, $format) =
		PVE::Storage::parse_volname($storage_cfg, $volid);

	    die "can't resize mountpoint owned by another container ($owner)"
		if $vmid != $owner;

	    die "can't resize volume: $disk if snapshot exists\n" 
		if %{$conf->{snapshots}} && $format eq 'qcow2';

	    my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);

	    $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);

	    my $size = PVE::Storage::volume_size_info($storage_cfg, $volid, 5);
	    $newsize += $size if $ext;
	    $newsize = int($newsize);

	    die "unable to skrink disk size\n" if $newsize < $size;

	    return if $size == $newsize;

	    PVE::Cluster::log_msg('info', $authuser, "update CT $vmid: resize --disk $disk --size $sizestr");

	    # FIXME: volume_resize doesn't do anything if $running=1?
	    PVE::Storage::volume_resize($storage_cfg, $volid, $newsize, 0);

	    $mp->{size} = $newsize/1024; # kB
	    $conf->{$disk} = PVE::LXC::print_ct_mountpoint($mp, $disk eq 'rootfs');

	    PVE::LXC::write_config($vmid, $conf);

	    if ($format eq 'raw') {
		my $path = PVE::Storage::path($storage_cfg, $volid, undef);
		if ($running) {
		    $path = &$query_loopdev($path);
		    die "internal error: CT running but mountpoint not attached to a loop device"
			if !$path; # fixme: zvols and other storages?
		    PVE::Tools::run_command(['losetup', '--set-capacity', $path]);

		    # In order for resize2fs to know that we need online-resizing a mountpoint needs
		    # to be visible to it in its namespace.
		    # To not interfere with the rest of the system we unshare the current mount namespace,
		    # mount over /tmp and then run resize2fs.

		    # interestingly we don't need to e2fsck on mounted systems...
		    my $quoted = PVE::Tools::shellquote($path);
		    my $cmd = "mount --make-rprivate / && mount $quoted /tmp && resize2fs $quoted";
		    PVE::Tools::run_command(['unshare', '-m', '--', 'sh', '-c', $cmd]);
		} else {
		    PVE::Tools::run_command(['e2fsck', '-f', '-y', $path]);
		    PVE::Tools::run_command(['resize2fs', $path]);
		}
	    }
	};

	PVE::LXC::lock_container($vmid, undef, $code);

	return undef;
    }});

1;
Commit	Line	Data
52389a07 DM	1	package PVE::API2::LXC::Config;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::SafeSyslog;
	7	use PVE::Tools qw(extract_param run_command);
	8	use PVE::Exception qw(raise raise_param_exc);
	9	use PVE::INotify;
	10	use PVE::Cluster qw(cfs_read_file);
	11	use PVE::AccessControl;
	12	use PVE::Firewall;
	13	use PVE::Storage;
	14	use PVE::RESTHandler;
	15	use PVE::RPCEnvironment;
	16	use PVE::LXC;
	17	use PVE::LXC::Create;
	18	use PVE::HA::Config;
	19	use PVE::JSONSchema qw(get_standard_option);
	20	use base qw(PVE::RESTHandler);
	21
	22	use Data::Dumper; # fixme: remove
	23
	24	__PACKAGE__->register_method({
	25	name => 'vm_config',
	26	path => '',
	27	method => 'GET',
	28	proxyto => 'node',
	29	description => "Get container configuration.",
	30	permissions => {
	31	check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
	32	},
	33	parameters => {
	34	additionalProperties => 0,
	35	properties => {
	36	node => get_standard_option('pve-node'),
68e8f3c5	37	vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
52389a07 DM	38	},
	39	},
	40	returns => {
	41	type => "object",
	42	properties => {
	43	digest => {
	44	type => 'string',
	45	description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
	46	}
	47	},
	48	},
	49	code => sub {
	50	my ($param) = @_;
	51
	52	my $conf = PVE::LXC::load_config($param->{vmid});
	53
	54	delete $conf->{snapshots};
	55	delete $conf->{lxc};
	56
	57	return $conf;
	58	}});
	59
	60	my $vm_config_perm_list = [
	61	'VM.Config.Disk',
	62	'VM.Config.CPU',
	63	'VM.Config.Memory',
	64	'VM.Config.Network',
	65	'VM.Config.Options',
	66	];
	67
	68	__PACKAGE__->register_method({
	69	name => 'update_vm',
	70	path => '',
	71	method => 'PUT',
	72	protected => 1,
	73	proxyto => 'node',
	74	description => "Set container options.",
	75	permissions => {
	76	check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
	77	},
	78	parameters => {
	79	additionalProperties => 0,
	80	properties => PVE::LXC::json_config_properties(
	81	{
	82	node => get_standard_option('pve-node'),
68e8f3c5	83	vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
52389a07 DM	84	delete => {
	85	type => 'string', format => 'pve-configid-list',
	86	description => "A list of settings you want to delete.",
	87	optional => 1,
	88	},
	89	digest => {
	90	type => 'string',
	91	description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
	92	maxLength => 40,
	93	optional => 1,
	94	}
	95	}),
	96	},
	97	returns => { type => 'null'},
	98	code => sub {
	99	my ($param) = @_;
	100
	101	my $rpcenv = PVE::RPCEnvironment::get();
	102
	103	my $authuser = $rpcenv->get_user();
	104
	105	my $node = extract_param($param, 'node');
	106
	107	my $vmid = extract_param($param, 'vmid');
	108
	109	my $digest = extract_param($param, 'digest');
	110
	111	die "no options specified\n" if !scalar(keys %$param);
	112
	113	my $delete_str = extract_param($param, 'delete');
	114	my @delete = PVE::Tools::split_list($delete_str);
	115
	116	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
	117
	118	foreach my $opt (@delete) {
	119	raise_param_exc({ delete => "you can't use '-$opt' and " .
	120	"-delete $opt' at the same time" })
	121	if defined($param->{$opt});
	122
	123	if (!PVE::LXC::option_exists($opt)) {
	124	raise_param_exc({ delete => "unknown option '$opt'" });
	125	}
	126	}
	127
	128	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
	129
	130	my $storage_cfg = cfs_read_file("storage.cfg");
	131
	132	my $code = sub {
	133
	134	my $conf = PVE::LXC::load_config($vmid);
	135	PVE::LXC::check_lock($conf);
	136
	137	PVE::Tools::assert_if_modified($digest, $conf->{digest});
	138
	139	my $running = PVE::LXC::check_running($vmid);
	140
	141	PVE::LXC::update_pct_config($vmid, $conf, $running, $param, \@delete);
	142
	143	PVE::LXC::write_config($vmid, $conf);
	144	PVE::LXC::update_lxc_config($storage_cfg, $vmid, $conf);
	145	};
	146
	147	PVE::LXC::lock_container($vmid, undef, $code);
148
149	return undef;
150	}});
151
40626217 WB	152	my $query_loopdev = sub {
	153	my ($path) = @_;
	154	my $found;
	155	my $parser = sub {
	156	my $line = shift;
	157	if ($line =~ m@^(/dev/loop\d+):@) {
	158	$found = $1;
	159	}
	160	};
	161	my $cmd = ['losetup', '--associated', $path];
	162	PVE::Tools::run_command($cmd, outfunc => $parser);
	163	return $found;
	164	};
	165
	166	__PACKAGE__->register_method({
	167	name => 'resize_vm',
	168	path => '{vmid}/resize',
	169	method => 'PUT',
	170	protected => 1,
	171	proxyto => 'node',
	172	description => "Resize a container mountpoint.",
	173	permissions => {
	174	check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
	175	},
	176	parameters => {
	177	additionalProperties => 0,
	178	properties => PVE::LXC::json_config_properties(
	179	{
	180	node => get_standard_option('pve-node'),
bd491d60	181	vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
40626217 WB	182	disk => {
	183	type => 'string',
	184	description => "The disk you want to resize.",
	185	enum => [PVE::LXC::mountpoint_names()],
	186	},
	187	size => {
	188	type => 'string',
	189	pattern => '\+?\d+(\.\d+)?[KMGT]?',
	190	description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
	191	},
	192	digest => {
	193	type => 'string',
	194	description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
	195	maxLength => 40,
	196	optional => 1,
	197	}
	198	}),
	199	},
	200	returns => { type => 'null'},
	201	code => sub {
	202	my ($param) = @_;
	203
	204	my $rpcenv = PVE::RPCEnvironment::get();
	205
	206	my $authuser = $rpcenv->get_user();
	207
	208	my $node = extract_param($param, 'node');
	209
	210	my $vmid = extract_param($param, 'vmid');
	211
	212	my $digest = extract_param($param, 'digest');
	213
	214	my $sizestr = extract_param($param, 'size');
ff6bba6c WB	215	my $ext = ($sizestr =~ s/^\+//);
	216	my $newsize = PVE::JSONSchema::parse_size($sizestr);
	217	die "invalid size string" if !defined($newsize);
40626217 WB	218
	219	die "no options specified\n" if !scalar(keys %$param);
	220
	221	PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
	222
	223	my $storage_cfg = cfs_read_file("storage.cfg");
	224
	225	my $code = sub {
	226
	227	my $conf = PVE::LXC::load_config($vmid);
	228	PVE::LXC::check_lock($conf);
	229
	230	PVE::Tools::assert_if_modified($digest, $conf->{digest});
	231
	232	my $running = PVE::LXC::check_running($vmid);
	233
	234	my $disk = $param->{disk};
	235	my $mp = PVE::LXC::parse_ct_mountpoint($conf->{$disk});
	236	my $volid = $mp->{volume};
	237
	238	my (undef, undef, $owner, undef, undef, undef, $format) =
	239	PVE::Storage::parse_volname($storage_cfg, $volid);
	240
	241	die "can't resize mountpoint owned by another container ($owner)"
	242	if $vmid != $owner;
	243
	244	die "can't resize volume: $disk if snapshot exists\n"
	245	if %{$conf->{snapshots}} && $format eq 'qcow2';
	246
	247	my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
	248
	249	$rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
	250
	251	my $size = PVE::Storage::volume_size_info($storage_cfg, $volid, 5);
40626217 WB	252	$newsize += $size if $ext;
	253	$newsize = int($newsize);
	254
	255	die "unable to skrink disk size\n" if $newsize < $size;
	256
	257	return if $size == $newsize;
	258
	259	PVE::Cluster::log_msg('info', $authuser, "update CT $vmid: resize --disk $disk --size $sizestr");
	260
	261	# FIXME: volume_resize doesn't do anything if $running=1?
	262	PVE::Storage::volume_resize($storage_cfg, $volid, $newsize, 0);
	263
	264	$mp->{size} = $newsize/1024; # kB
	265	$conf->{$disk} = PVE::LXC::print_ct_mountpoint($mp, $disk eq 'rootfs');
	266
	267	PVE::LXC::write_config($vmid, $conf);
	268
	269	if ($format eq 'raw') {
	270	my $path = PVE::Storage::path($storage_cfg, $volid, undef);
	271	if ($running) {
40626217 WB	272	$path = &$query_loopdev($path);
	273	die "internal error: CT running but mountpoint not attached to a loop device"
	274	if !$path; # fixme: zvols and other storages?
	275	PVE::Tools::run_command(['losetup', '--set-capacity', $path]);
	276
	277	# In order for resize2fs to know that we need online-resizing a mountpoint needs
	278	# to be visible to it in its namespace.
	279	# To not interfere with the rest of the system we unshare the current mount namespace,
	280	# mount over /tmp and then run resize2fs.
	281
	282	# interestingly we don't need to e2fsck on mounted systems...
	283	my $quoted = PVE::Tools::shellquote($path);
	284	my $cmd = "mount --make-rprivate / && mount $quoted /tmp && resize2fs $quoted";
	285	PVE::Tools::run_command(['unshare', '-m', '--', 'sh', '-c', $cmd]);
	286	} else {
	287	PVE::Tools::run_command(['e2fsck', '-f', '-y', $path]);
	288	PVE::Tools::run_command(['resize2fs', $path]);
	289	}
	290	}
	291	};
	292
	293	PVE::LXC::lock_container($vmid, undef, $code);
	294
	295	return undef;
	296	}});
	297
52389a07	298	1;