]>
Commit | Line | Data |
---|---|---|
f76a2828 DM |
1 | package PVE::API2::LXC; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::SafeSyslog; | |
7 | use PVE::Tools qw(extract_param run_command); | |
0620edda | 8 | use PVE::Exception qw(raise raise_param_exc raise_perm_exc); |
f76a2828 | 9 | use PVE::INotify; |
9c2d4ce9 | 10 | use PVE::Cluster qw(cfs_read_file); |
d949527f | 11 | use PVE::RRD; |
8b076579 | 12 | use PVE::DataCenterConfig; |
f76a2828 | 13 | use PVE::AccessControl; |
2f9b5ead | 14 | use PVE::Firewall; |
f76a2828 DM |
15 | use PVE::Storage; |
16 | use PVE::RESTHandler; | |
17 | use PVE::RPCEnvironment; | |
c5a8e04f | 18 | use PVE::ReplicationConfig; |
f76a2828 | 19 | use PVE::LXC; |
7af97ad5 | 20 | use PVE::LXC::Create; |
6f42807e | 21 | use PVE::LXC::Migrate; |
56462053 | 22 | use PVE::GuestHelpers; |
c5a09704 | 23 | use PVE::VZDump::Plugin; |
52389a07 DM |
24 | use PVE::API2::LXC::Config; |
25 | use PVE::API2::LXC::Status; | |
26 | use PVE::API2::LXC::Snapshot; | |
f76a2828 DM |
27 | use PVE::JSONSchema qw(get_standard_option); |
28 | use base qw(PVE::RESTHandler); | |
29 | ||
6c2e9377 WB |
30 | BEGIN { |
31 | if (!$ENV{PVE_GENERATING_DOCS}) { | |
32 | require PVE::HA::Env::PVE2; | |
33 | import PVE::HA::Env::PVE2; | |
34 | require PVE::HA::Config; | |
35 | import PVE::HA::Config; | |
36 | } | |
37 | } | |
f76a2828 | 38 | |
e90ddc4c FG |
39 | my $check_storage_access_migrate = sub { |
40 | my ($rpcenv, $authuser, $storecfg, $storage, $node) = @_; | |
41 | ||
42 | PVE::Storage::storage_check_enabled($storecfg, $storage, $node); | |
43 | ||
44 | $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']); | |
45 | ||
46 | my $scfg = PVE::Storage::storage_config($storecfg, $storage); | |
47 | die "storage '$storage' does not support CT rootdirs\n" | |
48 | if !$scfg->{content}->{rootdir}; | |
49 | }; | |
50 | ||
52389a07 DM |
51 | __PACKAGE__->register_method ({ |
52 | subclass => "PVE::API2::LXC::Config", | |
fa91e46f | 53 | path => '{vmid}/config', |
52389a07 | 54 | }); |
f76a2828 | 55 | |
52389a07 DM |
56 | __PACKAGE__->register_method ({ |
57 | subclass => "PVE::API2::LXC::Status", | |
58 | path => '{vmid}/status', | |
59 | }); | |
f76a2828 | 60 | |
52389a07 DM |
61 | __PACKAGE__->register_method ({ |
62 | subclass => "PVE::API2::LXC::Snapshot", | |
63 | path => '{vmid}/snapshot', | |
64 | }); | |
f76a2828 | 65 | |
52389a07 DM |
66 | __PACKAGE__->register_method ({ |
67 | subclass => "PVE::API2::Firewall::CT", | |
68 | path => '{vmid}/firewall', | |
69 | }); | |
1e6c8d5b | 70 | |
f76a2828 | 71 | __PACKAGE__->register_method({ |
5c752bbf DM |
72 | name => 'vmlist', |
73 | path => '', | |
f76a2828 DM |
74 | method => 'GET', |
75 | description => "LXC container index (per node).", | |
76 | permissions => { | |
77 | description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.", | |
78 | user => 'all', | |
79 | }, | |
80 | proxyto => 'node', | |
81 | protected => 1, # /proc files are only readable by root | |
82 | parameters => { | |
83 | additionalProperties => 0, | |
84 | properties => { | |
85 | node => get_standard_option('pve-node'), | |
86 | }, | |
87 | }, | |
88 | returns => { | |
89 | type => 'array', | |
90 | items => { | |
91 | type => "object", | |
8233d33d | 92 | properties => $PVE::LXC::vmstatus_return_properties, |
f76a2828 DM |
93 | }, |
94 | links => [ { rel => 'child', href => "{vmid}" } ], | |
95 | }, | |
96 | code => sub { | |
97 | my ($param) = @_; | |
98 | ||
99 | my $rpcenv = PVE::RPCEnvironment::get(); | |
100 | my $authuser = $rpcenv->get_user(); | |
101 | ||
102 | my $vmstatus = PVE::LXC::vmstatus(); | |
103 | ||
104 | my $res = []; | |
105 | foreach my $vmid (keys %$vmstatus) { | |
106 | next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1); | |
107 | ||
108 | my $data = $vmstatus->{$vmid}; | |
f76a2828 DM |
109 | push @$res, $data; |
110 | } | |
111 | ||
112 | return $res; | |
5c752bbf | 113 | |
f76a2828 DM |
114 | }}); |
115 | ||
9c2d4ce9 | 116 | __PACKAGE__->register_method({ |
5c752bbf DM |
117 | name => 'create_vm', |
118 | path => '', | |
9c2d4ce9 DM |
119 | method => 'POST', |
120 | description => "Create or restore a container.", | |
121 | permissions => { | |
122 | user => 'all', # check inside | |
123 | description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " . | |
124 | "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " . | |
125 | "You also need 'Datastore.AllocateSpace' permissions on the storage.", | |
126 | }, | |
127 | protected => 1, | |
128 | proxyto => 'node', | |
129 | parameters => { | |
130 | additionalProperties => 0, | |
1b4cf758 | 131 | properties => PVE::LXC::Config->json_config_properties({ |
9c2d4ce9 | 132 | node => get_standard_option('pve-node'), |
781e26b2 | 133 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }), |
9c2d4ce9 DM |
134 | ostemplate => { |
135 | description => "The OS template or backup file.", | |
5c752bbf | 136 | type => 'string', |
9c2d4ce9 | 137 | maxLength => 255, |
68e8f3c5 | 138 | completion => \&PVE::LXC::complete_os_templates, |
9c2d4ce9 | 139 | }, |
5c752bbf DM |
140 | password => { |
141 | optional => 1, | |
9c2d4ce9 DM |
142 | type => 'string', |
143 | description => "Sets root password inside container.", | |
168d6b07 | 144 | minLength => 5, |
9c2d4ce9 DM |
145 | }, |
146 | storage => get_standard_option('pve-storage-id', { | |
eb35f9c0 | 147 | description => "Default Storage.", |
9c2d4ce9 DM |
148 | default => 'local', |
149 | optional => 1, | |
c5362cda | 150 | completion => \&PVE::Storage::complete_storage_enabled, |
9c2d4ce9 DM |
151 | }), |
152 | force => { | |
5c752bbf | 153 | optional => 1, |
9c2d4ce9 DM |
154 | type => 'boolean', |
155 | description => "Allow to overwrite existing container.", | |
156 | }, | |
157 | restore => { | |
5c752bbf | 158 | optional => 1, |
9c2d4ce9 DM |
159 | type => 'boolean', |
160 | description => "Mark this as restore task.", | |
161 | }, | |
43912111 CE |
162 | unique => { |
163 | optional => 1, | |
164 | type => 'boolean', | |
165 | description => "Assign a unique random ethernet address.", | |
166 | requires => 'restore', | |
167 | }, | |
5c752bbf | 168 | pool => { |
9c2d4ce9 DM |
169 | optional => 1, |
170 | type => 'string', format => 'pve-poolid', | |
171 | description => "Add the VM to the specified pool.", | |
172 | }, | |
7c78b6cc WB |
173 | 'ignore-unpack-errors' => { |
174 | optional => 1, | |
175 | type => 'boolean', | |
176 | description => "Ignore errors when extracting the template.", | |
177 | }, | |
34ddbf08 FG |
178 | 'ssh-public-keys' => { |
179 | optional => 1, | |
180 | type => 'string', | |
181 | description => "Setup public SSH keys (one key per line, " . | |
182 | "OpenSSH format).", | |
183 | }, | |
f9b4407e | 184 | bwlimit => { |
8ead60ef | 185 | description => "Override I/O bandwidth limit (in KiB/s).", |
f9b4407e WB |
186 | optional => 1, |
187 | type => 'number', | |
188 | minimum => '0', | |
41e9b65c | 189 | default => 'restore limit from datacenter or storage config', |
f9b4407e | 190 | }, |
9d0225fb TL |
191 | start => { |
192 | optional => 1, | |
193 | type => 'boolean', | |
194 | default => 0, | |
195 | description => "Start the CT after its creation finished successfully.", | |
196 | }, | |
9c2d4ce9 DM |
197 | }), |
198 | }, | |
5c752bbf | 199 | returns => { |
9c2d4ce9 DM |
200 | type => 'string', |
201 | }, | |
202 | code => sub { | |
203 | my ($param) = @_; | |
204 | ||
61783321 TL |
205 | PVE::Cluster::check_cfs_quorum(); |
206 | ||
9c2d4ce9 | 207 | my $rpcenv = PVE::RPCEnvironment::get(); |
9c2d4ce9 DM |
208 | my $authuser = $rpcenv->get_user(); |
209 | ||
210 | my $node = extract_param($param, 'node'); | |
9c2d4ce9 | 211 | my $vmid = extract_param($param, 'vmid'); |
7c78b6cc | 212 | my $ignore_unpack_errors = extract_param($param, 'ignore-unpack-errors'); |
f9b4407e | 213 | my $bwlimit = extract_param($param, 'bwlimit'); |
9d0225fb TL |
214 | my $start_after_create = extract_param($param, 'start'); |
215 | ||
67afe46e | 216 | my $basecfg_fn = PVE::LXC::Config->config_file($vmid); |
9c2d4ce9 DM |
217 | my $same_container_exists = -f $basecfg_fn; |
218 | ||
425b62cb WB |
219 | # 'unprivileged' is read-only, so we can't pass it to update_pct_config |
220 | my $unprivileged = extract_param($param, 'unprivileged'); | |
9c2d4ce9 | 221 | my $restore = extract_param($param, 'restore'); |
43912111 | 222 | my $unique = extract_param($param, 'unique'); |
9c2d4ce9 | 223 | |
39170644 FG |
224 | # used to skip firewall config restore if user lacks permission |
225 | my $skip_fw_config_restore = 0; | |
226 | ||
148d1cb4 DM |
227 | if ($restore) { |
228 | # fixme: limit allowed parameters | |
148d1cb4 | 229 | } |
351bc0c4 | 230 | |
9c2d4ce9 DM |
231 | my $force = extract_param($param, 'force'); |
232 | ||
233 | if (!($same_container_exists && $restore && $force)) { | |
234 | PVE::Cluster::check_vmid_unused($vmid); | |
e22af68f | 235 | } else { |
61783321 | 236 | die "can't overwrite running container\n" if PVE::LXC::check_running($vmid); |
67afe46e FG |
237 | my $conf = PVE::LXC::Config->load_config($vmid); |
238 | PVE::LXC::Config->check_protection($conf, "unable to restore CT $vmid"); | |
9c2d4ce9 | 239 | } |
5c752bbf | 240 | |
9c2d4ce9 | 241 | my $password = extract_param($param, 'password'); |
34ddbf08 | 242 | my $ssh_keys = extract_param($param, 'ssh-public-keys'); |
2130286f | 243 | PVE::Tools::validate_ssh_public_keys($ssh_keys) if defined($ssh_keys); |
34ddbf08 | 244 | |
27916659 | 245 | my $pool = extract_param($param, 'pool'); |
f4b4443d | 246 | $rpcenv->check_pool_exist($pool) if defined($pool); |
9c2d4ce9 DM |
247 | |
248 | if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) { | |
249 | # OK | |
250 | } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) { | |
251 | # OK | |
252 | } elsif ($restore && $force && $same_container_exists && | |
253 | $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) { | |
254 | # OK: user has VM.Backup permissions, and want to restore an existing VM | |
39170644 FG |
255 | |
256 | # we don't want to restore a container-provided FW conf in this case | |
257 | # since the user is lacking permission to configure the container's FW | |
258 | $skip_fw_config_restore = 1; | |
b9623ef8 DC |
259 | |
260 | # error out if a user tries to change from unprivileged to privileged | |
261 | # explicit change is checked here, implicit is checked down below or happening in root-only paths | |
262 | my $conf = PVE::LXC::Config->load_config($vmid); | |
263 | if ($conf->{unprivileged} && defined($unprivileged) && !$unprivileged) { | |
264 | raise_perm_exc("cannot change from unprivileged to privileged without VM.Allocate"); | |
265 | } | |
9c2d4ce9 DM |
266 | } else { |
267 | raise_perm_exc(); | |
268 | } | |
269 | ||
9eb69152 | 270 | my $ostemplate = extract_param($param, 'ostemplate'); |
bb6afcb0 DM |
271 | my $storage = extract_param($param, 'storage') // 'local'; |
272 | ||
de41bced | 273 | PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, undef, $param, [], $unprivileged); |
9eb69152 | 274 | |
bb6afcb0 | 275 | my $storage_cfg = cfs_read_file("storage.cfg"); |
9c2d4ce9 | 276 | |
9c2d4ce9 | 277 | my $archive; |
9c2d4ce9 | 278 | if ($ostemplate eq '-') { |
351bc0c4 TM |
279 | die "pipe requires cli environment\n" |
280 | if $rpcenv->{type} ne 'cli'; | |
281 | die "pipe can only be used with restore tasks\n" | |
148d1cb4 DM |
282 | if !$restore; |
283 | $archive = '-'; | |
b51a98d4 | 284 | die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs}); |
9c2d4ce9 | 285 | } else { |
f26c66e0 | 286 | PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, $vmid, $ostemplate); |
99a0bcb0 | 287 | $archive = $ostemplate; |
9c2d4ce9 DM |
288 | } |
289 | ||
f9b4407e | 290 | my %used_storages; |
bb6afcb0 DM |
291 | my $check_and_activate_storage = sub { |
292 | my ($sid) = @_; | |
293 | ||
a1c27f86 | 294 | my $scfg = PVE::Storage::storage_check_enabled($storage_cfg, $sid, $node); |
bb6afcb0 DM |
295 | |
296 | raise_param_exc({ storage => "storage '$sid' does not support container directories"}) | |
297 | if !$scfg->{content}->{rootdir}; | |
298 | ||
299 | $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']); | |
300 | ||
301 | PVE::Storage::activate_storage($storage_cfg, $sid); | |
f9b4407e | 302 | $used_storages{$sid} = 1; |
bb6afcb0 DM |
303 | }; |
304 | ||
9c2d4ce9 | 305 | my $conf = {}; |
5b4657d0 | 306 | |
99132ce0 WB |
307 | my $is_root = $authuser eq 'root@pam'; |
308 | ||
b51a98d4 | 309 | my $no_disk_param = {}; |
db18c1e4 FG |
310 | my $mp_param = {}; |
311 | my $storage_only_mode = 1; | |
b51a98d4 | 312 | foreach my $opt (keys %$param) { |
78ccc99b DM |
313 | my $value = $param->{$opt}; |
314 | if ($opt eq 'rootfs' || $opt =~ m/^mp\d+$/) { | |
315 | # allow to use simple numbers (add default storage in that case) | |
db18c1e4 FG |
316 | if ($value =~ m/^\d+(\.\d+)?$/) { |
317 | $mp_param->{$opt} = "$storage:$value"; | |
318 | } else { | |
319 | $mp_param->{$opt} = $value; | |
320 | } | |
321 | $storage_only_mode = 0; | |
a9dd8015 FG |
322 | } elsif ($opt =~ m/^unused\d+$/) { |
323 | warn "ignoring '$opt', cannot create/restore with unused volume\n"; | |
324 | delete $param->{$opt}; | |
78ccc99b DM |
325 | } else { |
326 | $no_disk_param->{$opt} = $value; | |
327 | } | |
b51a98d4 | 328 | } |
bb6afcb0 | 329 | |
235dbdf3 | 330 | die "mount points configured, but 'rootfs' not set - aborting\n" |
db18c1e4 FG |
331 | if !$storage_only_mode && !defined($mp_param->{rootfs}); |
332 | ||
bb6afcb0 | 333 | # check storage access, activate storage |
db18c1e4 | 334 | my $delayed_mp_param = {}; |
015740e6 | 335 | PVE::LXC::Config->foreach_volume($mp_param, sub { |
bb6afcb0 DM |
336 | my ($ms, $mountpoint) = @_; |
337 | ||
338 | my $volid = $mountpoint->{volume}; | |
339 | my $mp = $mountpoint->{mp}; | |
340 | ||
e2007ac2 DM |
341 | if ($mountpoint->{type} ne 'volume') { # bind or device |
342 | die "Only root can pass arbitrary filesystem paths.\n" | |
99132ce0 | 343 | if !$is_root; |
e2007ac2 DM |
344 | } else { |
345 | my ($sid, $volname) = PVE::Storage::parse_volume_id($volid); | |
346 | &$check_and_activate_storage($sid); | |
347 | } | |
bb6afcb0 DM |
348 | }); |
349 | ||
350 | # check/activate default storage | |
db18c1e4 | 351 | &$check_and_activate_storage($storage) if !defined($mp_param->{rootfs}); |
bb6afcb0 | 352 | |
1b4cf758 | 353 | PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param); |
9c2d4ce9 | 354 | |
425b62cb WB |
355 | $conf->{unprivileged} = 1 if $unprivileged; |
356 | ||
61783321 | 357 | my $emsg = $restore ? "unable to restore CT $vmid -" : "unable to create CT $vmid -"; |
bccaa371 | 358 | |
61783321 TL |
359 | eval { PVE::LXC::Config->create_and_lock_config($vmid, $force) }; |
360 | die "$emsg $@" if $@; | |
bccaa371 | 361 | |
b9623ef8 DC |
362 | my $remove_lock = 1; |
363 | ||
61783321 TL |
364 | my $code = sub { |
365 | my $old_conf = PVE::LXC::Config->load_config($vmid); | |
a2d3e5c3 | 366 | my $was_template; |
bccaa371 | 367 | |
27916659 | 368 | eval { |
5a7a51d0 WB |
369 | my $orig_mp_param; # only used if $restore |
370 | if ($restore) { | |
61783321 | 371 | die "can't overwrite running container\n" if PVE::LXC::check_running($vmid); |
32e56bed | 372 | if ($archive ne '-') { |
a48e5562 | 373 | my $orig_conf; |
bc871ffb | 374 | print "recovering backed-up configuration from '$archive'\n"; |
12aec1d2 | 375 | ($orig_conf, $orig_mp_param) = PVE::LXC::Create::recover_config($storage_cfg, $archive, $vmid); |
6597f369 | 376 | |
a2d3e5c3 | 377 | $was_template = delete $orig_conf->{template}; |
6597f369 | 378 | |
a67908f1 | 379 | # When we're root call 'restore_configuration' with restricted=0, |
5a7a51d0 WB |
380 | # causing it to restore the raw lxc entries, among which there may be |
381 | # 'lxc.idmap' entries. We need to make sure that the extracted contents | |
382 | # of the container match up with the restored configuration afterwards: | |
32e56bed | 383 | $conf->{lxc} = $orig_conf->{lxc} if $is_root; |
8ffdc116 OB |
384 | |
385 | $conf->{unprivileged} = $orig_conf->{unprivileged} | |
386 | if !defined($unprivileged) && defined($orig_conf->{unprivileged}); | |
b9623ef8 DC |
387 | |
388 | # implicit privileged change is checked here | |
389 | if ($old_conf->{unprivileged} && !$conf->{unprivileged}) { | |
390 | $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Allocate']); | |
391 | } | |
5a7a51d0 | 392 | } |
f360d7f1 | 393 | } |
db18c1e4 | 394 | if ($storage_only_mode) { |
b51a98d4 | 395 | if ($restore) { |
a48e5562 | 396 | if (!defined($orig_mp_param)) { |
bc871ffb | 397 | print "recovering backed-up configuration from '$archive'\n"; |
12aec1d2 | 398 | (undef, $orig_mp_param) = PVE::LXC::Create::recover_config($storage_cfg, $archive, $vmid); |
a5246958 | 399 | } |
f360d7f1 | 400 | $mp_param = $orig_mp_param; |
db18c1e4 FG |
401 | die "rootfs configuration could not be recovered, please check and specify manually!\n" |
402 | if !defined($mp_param->{rootfs}); | |
015740e6 | 403 | PVE::LXC::Config->foreach_volume($mp_param, sub { |
db18c1e4 FG |
404 | my ($ms, $mountpoint) = @_; |
405 | my $type = $mountpoint->{type}; | |
406 | if ($type eq 'volume') { | |
407 | die "unable to detect disk size - please specify $ms (size)\n" | |
408 | if !defined($mountpoint->{size}); | |
409 | my $disksize = $mountpoint->{size} / (1024 * 1024 * 1024); # create_disks expects GB as unit size | |
410 | delete $mountpoint->{size}; | |
411 | $mountpoint->{volume} = "$storage:$disksize"; | |
412 | $mp_param->{$ms} = PVE::LXC::Config->print_ct_mountpoint($mountpoint, $ms eq 'rootfs'); | |
413 | } else { | |
15e4d443 | 414 | my $type = $mountpoint->{type}; |
7e0e7f38 FG |
415 | die "restoring rootfs to $type mount is only possible by specifying -rootfs manually!\n" |
416 | if ($ms eq 'rootfs'); | |
20f9339d | 417 | die "restoring '$ms' to $type mount is only possible for root\n" |
99132ce0 | 418 | if !$is_root; |
7e0e7f38 | 419 | |
15e4d443 FG |
420 | if ($mountpoint->{backup}) { |
421 | warn "WARNING - unsupported configuration!\n"; | |
235dbdf3 FG |
422 | warn "backup was enabled for $type mount point $ms ('$mountpoint->{mp}')\n"; |
423 | warn "mount point configuration will be restored after archive extraction!\n"; | |
15e4d443 FG |
424 | warn "contained files will be restored to wrong directory!\n"; |
425 | } | |
136040f4 | 426 | delete $mp_param->{$ms}; # actually delay bind/dev mps |
db18c1e4 FG |
427 | $delayed_mp_param->{$ms} = PVE::LXC::Config->print_ct_mountpoint($mountpoint, $ms eq 'rootfs'); |
428 | } | |
429 | }); | |
b51a98d4 | 430 | } else { |
db18c1e4 | 431 | $mp_param->{rootfs} = "$storage:4"; # defaults to 4GB |
b51a98d4 DM |
432 | } |
433 | } | |
b9623ef8 DC |
434 | }; |
435 | die "$emsg $@" if $@; | |
436 | ||
437 | # up until here we did not modify the container, besides the lock | |
438 | $remove_lock = 0; | |
b51a98d4 | 439 | |
b9623ef8 DC |
440 | my $vollist = []; |
441 | eval { | |
db18c1e4 FG |
442 | $vollist = PVE::LXC::create_disks($storage_cfg, $vmid, $mp_param, $conf); |
443 | ||
61783321 TL |
444 | # we always have the 'create' lock so check for more than 1 entry |
445 | if (scalar(keys %$old_conf) > 1) { | |
51665c2d | 446 | # destroy old container volumes |
61783321 | 447 | PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $old_conf, { lock => 'create' }); |
51665c2d | 448 | } |
51665c2d FG |
449 | |
450 | eval { | |
451 | my $rootdir = PVE::LXC::mount_all($vmid, $storage_cfg, $conf, 1); | |
f9b4407e | 452 | $bwlimit = PVE::Storage::get_bandwidth_limit('restore', [keys %used_storages], $bwlimit); |
bc871ffb FG |
453 | print "restoring '$archive' now..\n" |
454 | if $restore && $archive ne '-'; | |
99a0bcb0 | 455 | PVE::LXC::Create::restore_archive($storage_cfg, $archive, $rootdir, $conf, $ignore_unpack_errors, $bwlimit); |
51665c2d FG |
456 | |
457 | if ($restore) { | |
bc871ffb | 458 | print "merging backed-up and given configuration..\n"; |
99a0bcb0 | 459 | PVE::LXC::Create::restore_configuration($vmid, $storage_cfg, $archive, $rootdir, $conf, !$is_root, $unique, $skip_fw_config_restore); |
4b4bbe55 OB |
460 | my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); |
461 | $lxc_setup->template_fixup($conf); | |
51665c2d FG |
462 | } else { |
463 | my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS | |
464 | PVE::LXC::Config->write_config($vmid, $conf); # safe config (after OS detection) | |
465 | $lxc_setup->post_create_hook($password, $ssh_keys); | |
466 | } | |
467 | }; | |
468 | my $err = $@; | |
469 | PVE::LXC::umount_all($vmid, $storage_cfg, $conf, $err ? 1 : 0); | |
470 | PVE::Storage::deactivate_volumes($storage_cfg, PVE::LXC::Config->get_vm_volumes($conf)); | |
471 | die $err if $err; | |
27916659 DM |
472 | # set some defaults |
473 | $conf->{hostname} ||= "CT$vmid"; | |
474 | $conf->{memory} ||= 512; | |
475 | $conf->{swap} //= 512; | |
db18c1e4 FG |
476 | foreach my $mp (keys %$delayed_mp_param) { |
477 | $conf->{$mp} = $delayed_mp_param->{$mp}; | |
478 | } | |
a2d3e5c3 CE |
479 | # If the template flag was set, we try to convert again to template after restore |
480 | if ($was_template) { | |
481 | print STDERR "Convert restored container to template...\n"; | |
4c64d0db FE |
482 | PVE::LXC::template_create($vmid, $conf); |
483 | $conf->{template} = 1; | |
a2d3e5c3 | 484 | } |
67afe46e | 485 | PVE::LXC::Config->write_config($vmid, $conf); |
27916659 DM |
486 | }; |
487 | if (my $err = $@) { | |
6c871c36 | 488 | PVE::LXC::destroy_disks($storage_cfg, $vollist); |
4eeb9af1 | 489 | eval { PVE::LXC::Config->destroy_config($vmid) }; |
d7d48be6 | 490 | warn $@ if $@; |
61783321 | 491 | die "$emsg $err"; |
6d098bf4 | 492 | } |
87273b2b | 493 | PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool; |
9d0225fb TL |
494 | |
495 | PVE::API2::LXC::Status->vm_start({ vmid => $vmid, node => $node }) | |
496 | if $start_after_create; | |
9c2d4ce9 | 497 | }; |
5c752bbf | 498 | |
8a6fc617 | 499 | my $workername = $restore ? 'vzrestore' : 'vzcreate'; |
b9623ef8 DC |
500 | my $realcmd = sub { |
501 | eval { | |
502 | PVE::LXC::Config->lock_config($vmid, $code); | |
503 | }; | |
504 | if (my $err = $@) { | |
505 | # if we aborted before changing the container, we must remove the create lock | |
506 | if ($remove_lock) { | |
507 | PVE::LXC::Config->remove_lock($vmid, 'create'); | |
508 | } | |
509 | die $err; | |
510 | } | |
511 | }; | |
9c2d4ce9 | 512 | |
8a6fc617 | 513 | return $rpcenv->fork_worker($workername, $vmid, $authuser, $realcmd); |
9c2d4ce9 DM |
514 | }}); |
515 | ||
f76a2828 DM |
516 | __PACKAGE__->register_method({ |
517 | name => 'vmdiridx', | |
5c752bbf | 518 | path => '{vmid}', |
f76a2828 DM |
519 | method => 'GET', |
520 | proxyto => 'node', | |
521 | description => "Directory index", | |
522 | permissions => { | |
523 | user => 'all', | |
524 | }, | |
525 | parameters => { | |
526 | additionalProperties => 0, | |
527 | properties => { | |
528 | node => get_standard_option('pve-node'), | |
529 | vmid => get_standard_option('pve-vmid'), | |
530 | }, | |
531 | }, | |
532 | returns => { | |
533 | type => 'array', | |
534 | items => { | |
535 | type => "object", | |
536 | properties => { | |
537 | subdir => { type => 'string' }, | |
538 | }, | |
539 | }, | |
540 | links => [ { rel => 'child', href => "{subdir}" } ], | |
541 | }, | |
542 | code => sub { | |
543 | my ($param) = @_; | |
544 | ||
545 | # test if VM exists | |
67afe46e | 546 | my $conf = PVE::LXC::Config->load_config($param->{vmid}); |
f76a2828 DM |
547 | |
548 | my $res = [ | |
549 | { subdir => 'config' }, | |
37c2dba8 | 550 | { subdir => 'pending' }, |
fff3a342 DM |
551 | { subdir => 'status' }, |
552 | { subdir => 'vncproxy' }, | |
a0226a00 | 553 | { subdir => 'termproxy' }, |
fff3a342 DM |
554 | { subdir => 'vncwebsocket' }, |
555 | { subdir => 'spiceproxy' }, | |
556 | { subdir => 'migrate' }, | |
c4a33727 | 557 | { subdir => 'clone' }, |
f76a2828 DM |
558 | # { subdir => 'initlog' }, |
559 | { subdir => 'rrd' }, | |
560 | { subdir => 'rrddata' }, | |
561 | { subdir => 'firewall' }, | |
cc5392c8 | 562 | { subdir => 'snapshot' }, |
985b18ed | 563 | { subdir => 'resize' }, |
f76a2828 | 564 | ]; |
5c752bbf | 565 | |
f76a2828 DM |
566 | return $res; |
567 | }}); | |
568 | ||
c4a33727 | 569 | |
f76a2828 | 570 | __PACKAGE__->register_method({ |
5c752bbf DM |
571 | name => 'rrd', |
572 | path => '{vmid}/rrd', | |
f76a2828 DM |
573 | method => 'GET', |
574 | protected => 1, # fixme: can we avoid that? | |
575 | permissions => { | |
576 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
577 | }, | |
578 | description => "Read VM RRD statistics (returns PNG)", | |
579 | parameters => { | |
580 | additionalProperties => 0, | |
581 | properties => { | |
582 | node => get_standard_option('pve-node'), | |
583 | vmid => get_standard_option('pve-vmid'), | |
584 | timeframe => { | |
585 | description => "Specify the time frame you are interested in.", | |
586 | type => 'string', | |
587 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
588 | }, | |
589 | ds => { | |
590 | description => "The list of datasources you want to display.", | |
591 | type => 'string', format => 'pve-configid-list', | |
592 | }, | |
593 | cf => { | |
594 | description => "The RRD consolidation function", | |
595 | type => 'string', | |
596 | enum => [ 'AVERAGE', 'MAX' ], | |
597 | optional => 1, | |
598 | }, | |
599 | }, | |
600 | }, | |
601 | returns => { | |
602 | type => "object", | |
603 | properties => { | |
604 | filename => { type => 'string' }, | |
605 | }, | |
606 | }, | |
607 | code => sub { | |
608 | my ($param) = @_; | |
609 | ||
d949527f | 610 | return PVE::RRD::create_rrd_graph( |
5c752bbf | 611 | "pve2-vm/$param->{vmid}", $param->{timeframe}, |
f76a2828 | 612 | $param->{ds}, $param->{cf}); |
5c752bbf | 613 | |
f76a2828 DM |
614 | }}); |
615 | ||
616 | __PACKAGE__->register_method({ | |
5c752bbf DM |
617 | name => 'rrddata', |
618 | path => '{vmid}/rrddata', | |
f76a2828 DM |
619 | method => 'GET', |
620 | protected => 1, # fixme: can we avoid that? | |
621 | permissions => { | |
622 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
623 | }, | |
624 | description => "Read VM RRD statistics", | |
625 | parameters => { | |
626 | additionalProperties => 0, | |
627 | properties => { | |
628 | node => get_standard_option('pve-node'), | |
629 | vmid => get_standard_option('pve-vmid'), | |
630 | timeframe => { | |
631 | description => "Specify the time frame you are interested in.", | |
632 | type => 'string', | |
633 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
634 | }, | |
635 | cf => { | |
636 | description => "The RRD consolidation function", | |
637 | type => 'string', | |
638 | enum => [ 'AVERAGE', 'MAX' ], | |
639 | optional => 1, | |
640 | }, | |
641 | }, | |
642 | }, | |
643 | returns => { | |
644 | type => "array", | |
645 | items => { | |
646 | type => "object", | |
647 | properties => {}, | |
648 | }, | |
649 | }, | |
650 | code => sub { | |
651 | my ($param) = @_; | |
652 | ||
d949527f | 653 | return PVE::RRD::create_rrd_data( |
f76a2828 DM |
654 | "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf}); |
655 | }}); | |
656 | ||
f76a2828 | 657 | __PACKAGE__->register_method({ |
5c752bbf DM |
658 | name => 'destroy_vm', |
659 | path => '{vmid}', | |
f76a2828 DM |
660 | method => 'DELETE', |
661 | protected => 1, | |
662 | proxyto => 'node', | |
663 | description => "Destroy the container (also delete all uses files).", | |
664 | permissions => { | |
665 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
666 | }, | |
667 | parameters => { | |
668 | additionalProperties => 0, | |
669 | properties => { | |
670 | node => get_standard_option('pve-node'), | |
68e8f3c5 | 671 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), |
d51b84ff TL |
672 | force => { |
673 | type => 'boolean', | |
674 | description => "Force destroy, even if running.", | |
675 | default => 0, | |
676 | optional => 1, | |
677 | }, | |
c5a09704 CE |
678 | purge => { |
679 | type => 'boolean', | |
796e8eee TL |
680 | description => "Remove container from all related configurations." |
681 | ." For example, backup jobs, replication jobs or HA." | |
682 | ." Related ACLs and Firewall entries will *always* be removed.", | |
683 | default => 0, | |
c5a09704 CE |
684 | optional => 1, |
685 | }, | |
3b1c0970 TL |
686 | 'destroy-unreferenced-disks' => { |
687 | type => 'boolean', | |
688 | description => "If set, destroy additionally all disks with the VMID from all" | |
689 | ." enabled storages which are not referenced in the config.", | |
690 | optional => 1, | |
691 | }, | |
f76a2828 DM |
692 | }, |
693 | }, | |
5c752bbf | 694 | returns => { |
f76a2828 DM |
695 | type => 'string', |
696 | }, | |
697 | code => sub { | |
698 | my ($param) = @_; | |
699 | ||
700 | my $rpcenv = PVE::RPCEnvironment::get(); | |
f76a2828 | 701 | my $authuser = $rpcenv->get_user(); |
f76a2828 DM |
702 | my $vmid = $param->{vmid}; |
703 | ||
704 | # test if container exists | |
0512c360 | 705 | |
67afe46e | 706 | my $conf = PVE::LXC::Config->load_config($vmid); |
0512c360 FG |
707 | my $early_checks = sub { |
708 | my ($conf) = @_; | |
709 | PVE::LXC::Config->check_protection($conf, "can't remove CT $vmid"); | |
710 | PVE::LXC::Config->check_lock($conf); | |
7e806596 | 711 | |
0512c360 | 712 | my $ha_managed = PVE::HA::Config::service_is_configured("ct:$vmid"); |
b6e0b774 | 713 | |
0512c360 FG |
714 | if (!$param->{purge}) { |
715 | die "unable to remove CT $vmid - used in HA resources and purge parameter not set.\n" | |
716 | if $ha_managed; | |
3207b81a | 717 | |
0512c360 FG |
718 | # do not allow destroy if there are replication jobs without purge |
719 | my $repl_conf = PVE::ReplicationConfig->new(); | |
720 | $repl_conf->check_for_existing_jobs($vmid); | |
721 | } | |
722 | ||
723 | return $ha_managed; | |
724 | }; | |
725 | ||
726 | $early_checks->($conf); | |
c5a8e04f | 727 | |
d607c17d | 728 | my $running_error_msg = "unable to destroy CT $vmid - container is running\n"; |
d51b84ff | 729 | die $running_error_msg if !$param->{force} && PVE::LXC::check_running($vmid); # check early |
d607c17d | 730 | |
611fe3aa | 731 | my $code = sub { |
673cf209 | 732 | # reload config after lock |
67afe46e | 733 | $conf = PVE::LXC::Config->load_config($vmid); |
0512c360 | 734 | my $ha_managed = $early_checks->($conf); |
673cf209 | 735 | |
d51b84ff TL |
736 | if (PVE::LXC::check_running($vmid)) { |
737 | die $running_error_msg if !$param->{force}; | |
738 | warn "forced to stop CT $vmid before destroying!\n"; | |
739 | if (!$ha_managed) { | |
740 | PVE::LXC::vm_stop($vmid, 1); | |
741 | } else { | |
742 | run_command(['ha-manager', 'crm-command', 'stop', "ct:$vmid", '120']); | |
743 | } | |
744 | } | |
d607c17d | 745 | |
0512c360 | 746 | my $storage_cfg = cfs_read_file("storage.cfg"); |
3b1c0970 TL |
747 | PVE::LXC::destroy_lxc_container( |
748 | $storage_cfg, | |
749 | $vmid, | |
750 | $conf, | |
751 | { lock => 'destroyed' }, | |
752 | $param->{'destroy-unreferenced-disks'}, | |
753 | ); | |
7fc1d9eb | 754 | |
be5fc936 | 755 | PVE::AccessControl::remove_vm_access($vmid); |
2f9b5ead | 756 | PVE::Firewall::remove_vmfw_conf($vmid); |
c5a09704 | 757 | if ($param->{purge}) { |
3207b81a | 758 | print "purging CT $vmid from related configurations..\n"; |
c5a09704 CE |
759 | PVE::ReplicationConfig::remove_vmid_jobs($vmid); |
760 | PVE::VZDump::Plugin::remove_vmid_from_backup_jobs($vmid); | |
3207b81a TL |
761 | |
762 | if ($ha_managed) { | |
763 | PVE::HA::Config::delete_service_from_config("ct:$vmid"); | |
764 | print "NOTE: removed CT $vmid from HA resource configuration.\n"; | |
765 | } | |
c5a09704 | 766 | } |
7fc1d9eb TL |
767 | |
768 | # only now remove the zombie config, else we can have reuse race | |
769 | PVE::LXC::Config->destroy_config($vmid); | |
f76a2828 DM |
770 | }; |
771 | ||
67afe46e | 772 | my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); }; |
351bc0c4 | 773 | |
f76a2828 DM |
774 | return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd); |
775 | }}); | |
776 | ||
fff3a342 DM |
777 | my $sslcert; |
778 | ||
779 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
780 | name => 'vncproxy', |
781 | path => '{vmid}/vncproxy', | |
fff3a342 DM |
782 | method => 'POST', |
783 | protected => 1, | |
784 | permissions => { | |
785 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
786 | }, | |
787 | description => "Creates a TCP VNC proxy connections.", | |
788 | parameters => { | |
789 | additionalProperties => 0, | |
790 | properties => { | |
791 | node => get_standard_option('pve-node'), | |
792 | vmid => get_standard_option('pve-vmid'), | |
793 | websocket => { | |
794 | optional => 1, | |
795 | type => 'boolean', | |
796 | description => "use websocket instead of standard VNC.", | |
797 | }, | |
bd0f4d6d DC |
798 | width => { |
799 | optional => 1, | |
800 | description => "sets the width of the console in pixels.", | |
801 | type => 'integer', | |
802 | minimum => 16, | |
803 | maximum => 4096, | |
804 | }, | |
805 | height => { | |
806 | optional => 1, | |
807 | description => "sets the height of the console in pixels.", | |
808 | type => 'integer', | |
809 | minimum => 16, | |
810 | maximum => 2160, | |
811 | }, | |
fff3a342 DM |
812 | }, |
813 | }, | |
5b4657d0 | 814 | returns => { |
fff3a342 DM |
815 | additionalProperties => 0, |
816 | properties => { | |
817 | user => { type => 'string' }, | |
818 | ticket => { type => 'string' }, | |
819 | cert => { type => 'string' }, | |
820 | port => { type => 'integer' }, | |
821 | upid => { type => 'string' }, | |
822 | }, | |
823 | }, | |
824 | code => sub { | |
825 | my ($param) = @_; | |
826 | ||
827 | my $rpcenv = PVE::RPCEnvironment::get(); | |
828 | ||
829 | my $authuser = $rpcenv->get_user(); | |
830 | ||
831 | my $vmid = $param->{vmid}; | |
832 | my $node = $param->{node}; | |
833 | ||
834 | my $authpath = "/vms/$vmid"; | |
835 | ||
836 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath); | |
837 | ||
838 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) | |
839 | if !$sslcert; | |
840 | ||
ec2c57eb | 841 | my ($remip, $family); |
5b4657d0 | 842 | |
fff3a342 | 843 | if ($node ne PVE::INotify::nodename()) { |
85ae6211 | 844 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
ec2c57eb WB |
845 | } else { |
846 | $family = PVE::Tools::get_host_address_family($node); | |
fff3a342 DM |
847 | } |
848 | ||
ec2c57eb WB |
849 | my $port = PVE::Tools::next_vnc_port($family); |
850 | ||
fff3a342 DM |
851 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
852 | # so we select the fastest chipher here (or 'none'?) | |
5b4657d0 | 853 | my $remcmd = $remip ? |
806eae70 | 854 | ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : []; |
fff3a342 | 855 | |
67afe46e | 856 | my $conf = PVE::LXC::Config->load_config($vmid, $node); |
65213b67 | 857 | my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1); |
aca816ad | 858 | |
5b4657d0 DM |
859 | my $shcmd = [ '/usr/bin/dtach', '-A', |
860 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 861 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
862 | |
863 | my $realcmd = sub { | |
864 | my $upid = shift; | |
865 | ||
5b4657d0 | 866 | syslog ('info', "starting lxc vnc proxy $upid\n"); |
fff3a342 | 867 | |
5b4657d0 | 868 | my $timeout = 10; |
fff3a342 DM |
869 | |
870 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, | |
5b4657d0 | 871 | '-timeout', $timeout, '-authpath', $authpath, |
fff3a342 DM |
872 | '-perm', 'VM.Console']; |
873 | ||
bd0f4d6d DC |
874 | if ($param->{width}) { |
875 | push @$cmd, '-width', $param->{width}; | |
876 | } | |
877 | ||
878 | if ($param->{height}) { | |
879 | push @$cmd, '-height', $param->{height}; | |
880 | } | |
881 | ||
fff3a342 | 882 | if ($param->{websocket}) { |
5b4657d0 | 883 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
fff3a342 DM |
884 | push @$cmd, '-notls', '-listen', 'localhost'; |
885 | } | |
886 | ||
887 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
888 | ||
37634d3d | 889 | run_command($cmd, keeplocale => 1); |
fff3a342 DM |
890 | |
891 | return; | |
892 | }; | |
893 | ||
894 | my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); | |
895 | ||
896 | PVE::Tools::wait_for_vnc_port($port); | |
897 | ||
898 | return { | |
899 | user => $authuser, | |
900 | ticket => $ticket, | |
5b4657d0 DM |
901 | port => $port, |
902 | upid => $upid, | |
903 | cert => $sslcert, | |
fff3a342 DM |
904 | }; |
905 | }}); | |
906 | ||
a0226a00 DC |
907 | __PACKAGE__->register_method ({ |
908 | name => 'termproxy', | |
909 | path => '{vmid}/termproxy', | |
910 | method => 'POST', | |
911 | protected => 1, | |
912 | permissions => { | |
913 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
914 | }, | |
915 | description => "Creates a TCP proxy connection.", | |
916 | parameters => { | |
917 | additionalProperties => 0, | |
918 | properties => { | |
919 | node => get_standard_option('pve-node'), | |
920 | vmid => get_standard_option('pve-vmid'), | |
921 | }, | |
922 | }, | |
923 | returns => { | |
924 | additionalProperties => 0, | |
925 | properties => { | |
926 | user => { type => 'string' }, | |
927 | ticket => { type => 'string' }, | |
928 | port => { type => 'integer' }, | |
929 | upid => { type => 'string' }, | |
930 | }, | |
931 | }, | |
932 | code => sub { | |
933 | my ($param) = @_; | |
934 | ||
935 | my $rpcenv = PVE::RPCEnvironment::get(); | |
936 | ||
937 | my $authuser = $rpcenv->get_user(); | |
938 | ||
939 | my $vmid = $param->{vmid}; | |
940 | my $node = $param->{node}; | |
941 | ||
942 | my $authpath = "/vms/$vmid"; | |
943 | ||
944 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath); | |
945 | ||
946 | my ($remip, $family); | |
947 | ||
948 | if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) { | |
949 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); | |
950 | } else { | |
951 | $family = PVE::Tools::get_host_address_family($node); | |
952 | } | |
953 | ||
954 | my $port = PVE::Tools::next_vnc_port($family); | |
955 | ||
956 | my $remcmd = $remip ? | |
957 | ['/usr/bin/ssh', '-e', 'none', '-t', $remip, '--'] : []; | |
958 | ||
959 | my $conf = PVE::LXC::Config->load_config($vmid, $node); | |
65213b67 | 960 | my $concmd = PVE::LXC::get_console_command($vmid, $conf, -1); |
a0226a00 DC |
961 | |
962 | my $shcmd = [ '/usr/bin/dtach', '-A', | |
963 | "/var/run/dtach/vzctlconsole$vmid", | |
964 | '-r', 'winch', '-z', @$concmd]; | |
965 | ||
966 | my $realcmd = sub { | |
967 | my $upid = shift; | |
968 | ||
969 | syslog ('info', "starting lxc termproxy $upid\n"); | |
970 | ||
971 | my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath, | |
972 | '--perm', 'VM.Console', '--']; | |
973 | push @$cmd, @$remcmd, @$shcmd; | |
974 | ||
975 | PVE::Tools::run_command($cmd); | |
976 | }; | |
977 | ||
978 | my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1); | |
979 | ||
980 | PVE::Tools::wait_for_vnc_port($port); | |
981 | ||
982 | return { | |
983 | user => $authuser, | |
984 | ticket => $ticket, | |
985 | port => $port, | |
986 | upid => $upid, | |
987 | }; | |
988 | }}); | |
989 | ||
fff3a342 DM |
990 | __PACKAGE__->register_method({ |
991 | name => 'vncwebsocket', | |
992 | path => '{vmid}/vncwebsocket', | |
993 | method => 'GET', | |
5b4657d0 | 994 | permissions => { |
fff3a342 DM |
995 | description => "You also need to pass a valid ticket (vncticket).", |
996 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
997 | }, | |
998 | description => "Opens a weksocket for VNC traffic.", | |
999 | parameters => { | |
1000 | additionalProperties => 0, | |
1001 | properties => { | |
1002 | node => get_standard_option('pve-node'), | |
1003 | vmid => get_standard_option('pve-vmid'), | |
1004 | vncticket => { | |
1005 | description => "Ticket from previous call to vncproxy.", | |
1006 | type => 'string', | |
1007 | maxLength => 512, | |
1008 | }, | |
1009 | port => { | |
1010 | description => "Port number returned by previous vncproxy call.", | |
1011 | type => 'integer', | |
1012 | minimum => 5900, | |
1013 | maximum => 5999, | |
1014 | }, | |
1015 | }, | |
1016 | }, | |
1017 | returns => { | |
1018 | type => "object", | |
1019 | properties => { | |
1020 | port => { type => 'string' }, | |
1021 | }, | |
1022 | }, | |
1023 | code => sub { | |
1024 | my ($param) = @_; | |
1025 | ||
1026 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1027 | ||
1028 | my $authuser = $rpcenv->get_user(); | |
1029 | ||
1030 | my $authpath = "/vms/$param->{vmid}"; | |
1031 | ||
1032 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath); | |
1033 | ||
1034 | my $port = $param->{port}; | |
5b4657d0 | 1035 | |
fff3a342 DM |
1036 | return { port => $port }; |
1037 | }}); | |
1038 | ||
1039 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
1040 | name => 'spiceproxy', |
1041 | path => '{vmid}/spiceproxy', | |
fff3a342 DM |
1042 | method => 'POST', |
1043 | protected => 1, | |
1044 | proxyto => 'node', | |
1045 | permissions => { | |
1046 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
1047 | }, | |
1048 | description => "Returns a SPICE configuration to connect to the CT.", | |
1049 | parameters => { | |
1050 | additionalProperties => 0, | |
1051 | properties => { | |
1052 | node => get_standard_option('pve-node'), | |
1053 | vmid => get_standard_option('pve-vmid'), | |
1054 | proxy => get_standard_option('spice-proxy', { optional => 1 }), | |
1055 | }, | |
1056 | }, | |
1057 | returns => get_standard_option('remote-viewer-config'), | |
1058 | code => sub { | |
1059 | my ($param) = @_; | |
1060 | ||
1061 | my $vmid = $param->{vmid}; | |
1062 | my $node = $param->{node}; | |
1063 | my $proxy = $param->{proxy}; | |
1064 | ||
1065 | my $authpath = "/vms/$vmid"; | |
1066 | my $permissions = 'VM.Console'; | |
1067 | ||
67afe46e | 1068 | my $conf = PVE::LXC::Config->load_config($vmid); |
da4db334 TL |
1069 | |
1070 | die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid); | |
1071 | ||
aca816ad DM |
1072 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); |
1073 | ||
5b4657d0 DM |
1074 | my $shcmd = ['/usr/bin/dtach', '-A', |
1075 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 1076 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
1077 | |
1078 | my $title = "CT $vmid"; | |
1079 | ||
1080 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd); | |
1081 | }}); | |
5c752bbf | 1082 | |
5c752bbf DM |
1083 | |
1084 | __PACKAGE__->register_method({ | |
52389a07 DM |
1085 | name => 'migrate_vm', |
1086 | path => '{vmid}/migrate', | |
5c752bbf DM |
1087 | method => 'POST', |
1088 | protected => 1, | |
1089 | proxyto => 'node', | |
52389a07 | 1090 | description => "Migrate the container to another node. Creates a new migration task.", |
5c752bbf | 1091 | permissions => { |
52389a07 | 1092 | check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]], |
5c752bbf DM |
1093 | }, |
1094 | parameters => { | |
1095 | additionalProperties => 0, | |
1096 | properties => { | |
1097 | node => get_standard_option('pve-node'), | |
68e8f3c5 DM |
1098 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), |
1099 | target => get_standard_option('pve-node', { | |
1100 | description => "Target node.", | |
39bb88df | 1101 | completion => \&PVE::Cluster::complete_migration_target, |
68e8f3c5 | 1102 | }), |
e90ddc4c | 1103 | 'target-storage' => get_standard_option('pve-targetstorage'), |
52389a07 DM |
1104 | online => { |
1105 | type => 'boolean', | |
1106 | description => "Use online/live migration.", | |
1107 | optional => 1, | |
1108 | }, | |
00d8cdc0 DC |
1109 | restart => { |
1110 | type => 'boolean', | |
1111 | description => "Use restart migration", | |
1112 | optional => 1, | |
1113 | }, | |
1114 | timeout => { | |
1115 | type => 'integer', | |
1116 | description => "Timeout in seconds for shutdown for restart migration", | |
1117 | optional => 1, | |
1118 | default => 180, | |
1119 | }, | |
8ead60ef SI |
1120 | bwlimit => { |
1121 | description => "Override I/O bandwidth limit (in KiB/s).", | |
1122 | optional => 1, | |
1123 | type => 'number', | |
1124 | minimum => '0', | |
41e9b65c | 1125 | default => 'migrate limit from datacenter or storage config', |
8ead60ef | 1126 | }, |
5c752bbf DM |
1127 | }, |
1128 | }, | |
1129 | returns => { | |
1130 | type => 'string', | |
52389a07 | 1131 | description => "the task ID.", |
5c752bbf DM |
1132 | }, |
1133 | code => sub { | |
1134 | my ($param) = @_; | |
1135 | ||
1136 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1137 | ||
1138 | my $authuser = $rpcenv->get_user(); | |
1139 | ||
52389a07 | 1140 | my $target = extract_param($param, 'target'); |
bb1ac2de | 1141 | |
52389a07 DM |
1142 | my $localnode = PVE::INotify::nodename(); |
1143 | raise_param_exc({ target => "target is local node."}) if $target eq $localnode; | |
bb1ac2de | 1144 | |
52389a07 | 1145 | PVE::Cluster::check_cfs_quorum(); |
5c752bbf | 1146 | |
52389a07 | 1147 | PVE::Cluster::check_node_exists($target); |
27916659 | 1148 | |
52389a07 | 1149 | my $targetip = PVE::Cluster::remote_node_ip($target); |
5c752bbf | 1150 | |
52389a07 | 1151 | my $vmid = extract_param($param, 'vmid'); |
5c752bbf | 1152 | |
52389a07 | 1153 | # test if VM exists |
67afe46e | 1154 | PVE::LXC::Config->load_config($vmid); |
5c752bbf | 1155 | |
52389a07 DM |
1156 | # try to detect errors early |
1157 | if (PVE::LXC::check_running($vmid)) { | |
00d8cdc0 DC |
1158 | die "can't migrate running container without --online or --restart\n" |
1159 | if !$param->{online} && !$param->{restart}; | |
5c752bbf | 1160 | } |
5c752bbf | 1161 | |
e90ddc4c FG |
1162 | if (my $targetstorage = delete $param->{'target-storage'}) { |
1163 | my $storecfg = PVE::Storage::config(); | |
1164 | my $storagemap = eval { PVE::JSONSchema::parse_idmap($targetstorage, 'pve-storage-id') }; | |
1165 | raise_param_exc({ targetstorage => "failed to parse storage map: $@" }) | |
1166 | if $@; | |
1167 | ||
1168 | $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']) | |
1169 | if !defined($storagemap->{identity}); | |
1170 | ||
1171 | foreach my $target_sid (values %{$storagemap->{entries}}) { | |
1172 | $check_storage_access_migrate->($rpcenv, $authuser, $storecfg, $target_sid, $target); | |
1173 | } | |
1174 | ||
1175 | $check_storage_access_migrate->($rpcenv, $authuser, $storecfg, $storagemap->{default}, $target) | |
1176 | if $storagemap->{default}; | |
1177 | ||
1178 | $param->{storagemap} = $storagemap; | |
1179 | } | |
1180 | ||
5c752bbf DM |
1181 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { |
1182 | ||
1183 | my $hacmd = sub { | |
1184 | my $upid = shift; | |
1185 | ||
1186 | my $service = "ct:$vmid"; | |
1187 | ||
52389a07 | 1188 | my $cmd = ['ha-manager', 'migrate', $service, $target]; |
5c752bbf | 1189 | |
545dd4e1 | 1190 | print "Requesting HA migration for CT $vmid to node $target\n"; |
5c752bbf DM |
1191 | |
1192 | PVE::Tools::run_command($cmd); | |
1193 | ||
1194 | return; | |
1195 | }; | |
1196 | ||
52389a07 | 1197 | return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd); |
5c752bbf DM |
1198 | |
1199 | } else { | |
1200 | ||
22557519 DM |
1201 | my $realcmd = sub { |
1202 | PVE::LXC::Migrate->migrate($target, $targetip, $vmid, $param); | |
1203 | }; | |
56462053 | 1204 | |
22557519 DM |
1205 | my $worker = sub { |
1206 | return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd); | |
5c752bbf DM |
1207 | }; |
1208 | ||
22557519 | 1209 | return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $worker); |
5c752bbf DM |
1210 | } |
1211 | }}); | |
1212 | ||
cc5392c8 WL |
1213 | __PACKAGE__->register_method({ |
1214 | name => 'vm_feature', | |
1215 | path => '{vmid}/feature', | |
1216 | method => 'GET', | |
1217 | proxyto => 'node', | |
1218 | protected => 1, | |
1219 | description => "Check if feature for virtual machine is available.", | |
1220 | permissions => { | |
1221 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
1222 | }, | |
1223 | parameters => { | |
1224 | additionalProperties => 0, | |
1225 | properties => { | |
1226 | node => get_standard_option('pve-node'), | |
1227 | vmid => get_standard_option('pve-vmid'), | |
1228 | feature => { | |
1229 | description => "Feature to check.", | |
1230 | type => 'string', | |
d53e5c58 | 1231 | enum => [ 'snapshot', 'clone', 'copy' ], |
cc5392c8 | 1232 | }, |
5ec3949c | 1233 | snapname => get_standard_option('pve-snapshot-name', { |
cc5392c8 WL |
1234 | optional => 1, |
1235 | }), | |
1236 | }, | |
1237 | }, | |
1238 | returns => { | |
1239 | type => "object", | |
1240 | properties => { | |
1241 | hasFeature => { type => 'boolean' }, | |
1242 | #nodes => { | |
1243 | #type => 'array', | |
1244 | #items => { type => 'string' }, | |
1245 | #} | |
1246 | }, | |
1247 | }, | |
1248 | code => sub { | |
1249 | my ($param) = @_; | |
1250 | ||
1251 | my $node = extract_param($param, 'node'); | |
1252 | ||
1253 | my $vmid = extract_param($param, 'vmid'); | |
1254 | ||
1255 | my $snapname = extract_param($param, 'snapname'); | |
1256 | ||
1257 | my $feature = extract_param($param, 'feature'); | |
1258 | ||
67afe46e | 1259 | my $conf = PVE::LXC::Config->load_config($vmid); |
cc5392c8 WL |
1260 | |
1261 | if($snapname){ | |
1262 | my $snap = $conf->{snapshots}->{$snapname}; | |
1263 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
1264 | $conf = $snap; | |
1265 | } | |
ef241384 | 1266 | my $storage_cfg = PVE::Storage::config(); |
cc5392c8 | 1267 | #Maybe include later |
ef241384 | 1268 | #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg); |
4518000b | 1269 | my $hasFeature = PVE::LXC::Config->has_feature($feature, $conf, $storage_cfg, $snapname); |
cc5392c8 WL |
1270 | |
1271 | return { | |
1272 | hasFeature => $hasFeature, | |
1273 | #nodes => [ keys %$nodelist ], | |
1274 | }; | |
1275 | }}); | |
bb1ac2de DM |
1276 | |
1277 | __PACKAGE__->register_method({ | |
1278 | name => 'template', | |
1279 | path => '{vmid}/template', | |
1280 | method => 'POST', | |
1281 | protected => 1, | |
1282 | proxyto => 'node', | |
1283 | description => "Create a Template.", | |
1284 | permissions => { | |
1285 | description => "You need 'VM.Allocate' permissions on /vms/{vmid}", | |
1286 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
1287 | }, | |
1288 | parameters => { | |
1289 | additionalProperties => 0, | |
1290 | properties => { | |
1291 | node => get_standard_option('pve-node'), | |
68e8f3c5 | 1292 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), |
bb1ac2de DM |
1293 | }, |
1294 | }, | |
1295 | returns => { type => 'null'}, | |
1296 | code => sub { | |
1297 | my ($param) = @_; | |
1298 | ||
1299 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1300 | ||
1301 | my $authuser = $rpcenv->get_user(); | |
1302 | ||
1303 | my $node = extract_param($param, 'node'); | |
1304 | ||
1305 | my $vmid = extract_param($param, 'vmid'); | |
1306 | ||
1307 | my $updatefn = sub { | |
1308 | ||
67afe46e FG |
1309 | my $conf = PVE::LXC::Config->load_config($vmid); |
1310 | PVE::LXC::Config->check_lock($conf); | |
bb1ac2de DM |
1311 | |
1312 | die "unable to create template, because CT contains snapshots\n" | |
1313 | if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}}); | |
1314 | ||
1315 | die "you can't convert a template to a template\n" | |
67afe46e | 1316 | if PVE::LXC::Config->is_template($conf); |
bb1ac2de DM |
1317 | |
1318 | die "you can't convert a CT to template if the CT is running\n" | |
1319 | if PVE::LXC::check_running($vmid); | |
1320 | ||
1321 | my $realcmd = sub { | |
1322 | PVE::LXC::template_create($vmid, $conf); | |
bb1ac2de | 1323 | |
c2182c49 | 1324 | $conf->{template} = 1; |
bb1ac2de | 1325 | |
c2182c49 WL |
1326 | PVE::LXC::Config->write_config($vmid, $conf); |
1327 | # and remove lxc config | |
1328 | PVE::LXC::update_lxc_config($vmid, $conf); | |
1329 | }; | |
bb1ac2de DM |
1330 | |
1331 | return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd); | |
1332 | }; | |
1333 | ||
67afe46e | 1334 | PVE::LXC::Config->lock_config($vmid, $updatefn); |
bb1ac2de DM |
1335 | |
1336 | return undef; | |
1337 | }}); | |
1338 | ||
c4a33727 DM |
1339 | __PACKAGE__->register_method({ |
1340 | name => 'clone_vm', | |
1341 | path => '{vmid}/clone', | |
1342 | method => 'POST', | |
1343 | protected => 1, | |
1344 | proxyto => 'node', | |
1345 | description => "Create a container clone/copy", | |
1346 | permissions => { | |
1347 | description => "You need 'VM.Clone' permissions on /vms/{vmid}, " . | |
1348 | "and 'VM.Allocate' permissions " . | |
1349 | "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " . | |
1350 | "'Datastore.AllocateSpace' on any used storage.", | |
1351 | check => | |
1352 | [ 'and', | |
1353 | ['perm', '/vms/{vmid}', [ 'VM.Clone' ]], | |
1354 | [ 'or', | |
1355 | [ 'perm', '/vms/{newid}', ['VM.Allocate']], | |
1356 | [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'], | |
1357 | ], | |
1358 | ] | |
1359 | }, | |
1360 | parameters => { | |
1361 | additionalProperties => 0, | |
1362 | properties => { | |
1363 | node => get_standard_option('pve-node'), | |
1364 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
1365 | newid => get_standard_option('pve-vmid', { | |
1366 | completion => \&PVE::Cluster::complete_next_vmid, | |
1367 | description => 'VMID for the clone.' }), | |
1368 | hostname => { | |
1369 | optional => 1, | |
1370 | type => 'string', format => 'dns-name', | |
1371 | description => "Set a hostname for the new CT.", | |
1372 | }, | |
1373 | description => { | |
1374 | optional => 1, | |
1375 | type => 'string', | |
1376 | description => "Description for the new CT.", | |
1377 | }, | |
1378 | pool => { | |
1379 | optional => 1, | |
1380 | type => 'string', format => 'pve-poolid', | |
1381 | description => "Add the new CT to the specified pool.", | |
1382 | }, | |
5ec3949c | 1383 | snapname => get_standard_option('pve-snapshot-name', { |
c4a33727 DM |
1384 | optional => 1, |
1385 | }), | |
1386 | storage => get_standard_option('pve-storage-id', { | |
1387 | description => "Target storage for full clone.", | |
c4a33727 DM |
1388 | optional => 1, |
1389 | }), | |
1390 | full => { | |
1391 | optional => 1, | |
1392 | type => 'boolean', | |
c4b4cb83 | 1393 | description => "Create a full copy of all disks. This is always done when " . |
c4a33727 | 1394 | "you clone a normal CT. For CT templates, we try to create a linked clone by default.", |
c4a33727 | 1395 | }, |
411ae12c DM |
1396 | target => get_standard_option('pve-node', { |
1397 | description => "Target node. Only allowed if the original VM is on shared storage.", | |
1398 | optional => 1, | |
1399 | }), | |
8ead60ef SI |
1400 | bwlimit => { |
1401 | description => "Override I/O bandwidth limit (in KiB/s).", | |
1402 | optional => 1, | |
1403 | type => 'number', | |
1404 | minimum => '0', | |
41e9b65c | 1405 | default => 'clone limit from datacenter or storage config', |
8ead60ef | 1406 | }, |
c4a33727 DM |
1407 | }, |
1408 | }, | |
1409 | returns => { | |
1410 | type => 'string', | |
1411 | }, | |
1412 | code => sub { | |
1413 | my ($param) = @_; | |
1414 | ||
1415 | my $rpcenv = PVE::RPCEnvironment::get(); | |
59b0ce55 | 1416 | my $authuser = $rpcenv->get_user(); |
c4a33727 DM |
1417 | |
1418 | my $node = extract_param($param, 'node'); | |
c4a33727 | 1419 | my $vmid = extract_param($param, 'vmid'); |
c4a33727 | 1420 | my $newid = extract_param($param, 'newid'); |
c4a33727 | 1421 | my $pool = extract_param($param, 'pool'); |
c4a33727 DM |
1422 | if (defined($pool)) { |
1423 | $rpcenv->check_pool_exist($pool); | |
1424 | } | |
c4a33727 | 1425 | my $snapname = extract_param($param, 'snapname'); |
c4a33727 | 1426 | my $storage = extract_param($param, 'storage'); |
411ae12c | 1427 | my $target = extract_param($param, 'target'); |
c4a33727 DM |
1428 | my $localnode = PVE::INotify::nodename(); |
1429 | ||
59b0ce55 | 1430 | undef $target if $target && ($target eq $localnode || $target eq 'localhost'); |
411ae12c DM |
1431 | |
1432 | PVE::Cluster::check_node_exists($target) if $target; | |
1433 | ||
c4a33727 DM |
1434 | my $storecfg = PVE::Storage::config(); |
1435 | ||
1436 | if ($storage) { | |
1437 | # check if storage is enabled on local node | |
1438 | PVE::Storage::storage_check_enabled($storecfg, $storage); | |
411ae12c DM |
1439 | if ($target) { |
1440 | # check if storage is available on target node | |
a1c27f86 | 1441 | PVE::Storage::storage_check_enabled($storecfg, $storage, $target); |
411ae12c DM |
1442 | # clone only works if target storage is shared |
1443 | my $scfg = PVE::Storage::storage_config($storecfg, $storage); | |
1444 | die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared}; | |
1445 | } | |
c4a33727 DM |
1446 | } |
1447 | ||
1448 | PVE::Cluster::check_cfs_quorum(); | |
1449 | ||
db01d674 WB |
1450 | my $newconf = {}; |
1451 | my $mountpoints = {}; | |
1452 | my $fullclone = {}; | |
1453 | my $vollist = []; | |
411ae12c | 1454 | my $running; |
c4a33727 | 1455 | |
7b290bf3 | 1456 | PVE::LXC::Config->create_and_lock_config($newid, 0); |
5eacc654 | 1457 | PVE::Firewall::clone_vmfw_conf($vmid, $newid); |
7b290bf3 | 1458 | |
b062187a FG |
1459 | my $lock_and_reload = sub { |
1460 | my ($vmid, $code) = @_; | |
1461 | return PVE::LXC::Config->lock_config($vmid, sub { | |
1462 | my $conf = PVE::LXC::Config->load_config($vmid); | |
1463 | die "Lost 'create' config lock, aborting.\n" | |
1464 | if !PVE::LXC::Config->has_lock($conf, 'create'); | |
1465 | ||
1466 | return $code->($conf); | |
1467 | }); | |
1468 | }; | |
e7d553c7 | 1469 | |
cc1ffe7e | 1470 | my $src_conf = PVE::LXC::Config->set_lock($vmid, 'disk'); |
411ae12c | 1471 | |
cc1ffe7e | 1472 | $running = PVE::LXC::check_running($vmid) || 0; |
e7d553c7 | 1473 | |
cc1ffe7e FG |
1474 | my $full = extract_param($param, 'full'); |
1475 | if (!defined($full)) { | |
1476 | $full = !PVE::LXC::Config->is_template($src_conf); | |
1477 | } | |
c4a33727 | 1478 | |
cc1ffe7e | 1479 | eval { |
5da8f412 FG |
1480 | die "parameter 'storage' not allowed for linked clones\n" |
1481 | if defined($storage) && !$full; | |
1482 | ||
cc1ffe7e FG |
1483 | die "snapshot '$snapname' does not exist\n" |
1484 | if $snapname && !defined($src_conf->{snapshots}->{$snapname}); | |
c4a33727 | 1485 | |
cc1ffe7e | 1486 | my $src_conf = $snapname ? $src_conf->{snapshots}->{$snapname} : $src_conf; |
c4a33727 | 1487 | |
cc1ffe7e FG |
1488 | my $sharedvm = 1; |
1489 | for my $opt (sort keys %$src_conf) { | |
1490 | next if $opt =~ m/^unused\d+$/; | |
c4a33727 | 1491 | |
cc1ffe7e | 1492 | my $value = $src_conf->{$opt}; |
c4a33727 | 1493 | |
cc1ffe7e FG |
1494 | if (($opt eq 'rootfs') || ($opt =~ m/^mp\d+$/)) { |
1495 | my $mp = PVE::LXC::Config->parse_volume($opt, $value); | |
09687674 | 1496 | |
cc1ffe7e FG |
1497 | if ($mp->{type} eq 'volume') { |
1498 | my $volid = $mp->{volume}; | |
09687674 | 1499 | |
cc1ffe7e FG |
1500 | my ($sid, $volname) = PVE::Storage::parse_volume_id($volid); |
1501 | $sid = $storage if defined($storage); | |
1502 | my $scfg = PVE::Storage::storage_config($storecfg, $sid); | |
1503 | if (!$scfg->{shared}) { | |
1504 | $sharedvm = 0; | |
1505 | warn "found non-shared volume: $volid\n" if $target; | |
1506 | } | |
c4a33727 | 1507 | |
cc1ffe7e | 1508 | $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']); |
c4a33727 | 1509 | |
cc1ffe7e FG |
1510 | if ($full) { |
1511 | die "Cannot do full clones on a running container without snapshots\n" | |
1512 | if $running && !defined($snapname); | |
1513 | $fullclone->{$opt} = 1; | |
c4a33727 | 1514 | } else { |
cc1ffe7e FG |
1515 | # not full means clone instead of copy |
1516 | die "Linked clone feature for '$volid' is not available\n" | |
1517 | if !PVE::Storage::volume_has_feature($storecfg, 'clone', $volid, $snapname, $running, {'valid_target_formats' => ['raw', 'subvol']}); | |
c4a33727 | 1518 | } |
cc1ffe7e FG |
1519 | |
1520 | $mountpoints->{$opt} = $mp; | |
1521 | push @$vollist, $volid; | |
1522 | ||
c4a33727 | 1523 | } else { |
cc1ffe7e FG |
1524 | # TODO: allow bind mounts? |
1525 | die "unable to clone mountpoint '$opt' (type $mp->{type})\n"; | |
c4a33727 | 1526 | } |
cc1ffe7e FG |
1527 | } elsif ($opt =~ m/^net(\d+)$/) { |
1528 | # always change MAC! address | |
1529 | my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
1530 | my $net = PVE::LXC::Config->parse_lxc_network($value); | |
1531 | $net->{hwaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix}); | |
1532 | $newconf->{$opt} = PVE::LXC::Config->print_lxc_network($net); | |
1533 | } else { | |
1534 | # copy everything else | |
1535 | $newconf->{$opt} = $value; | |
db01d674 | 1536 | } |
cc1ffe7e FG |
1537 | } |
1538 | die "can't clone CT to node '$target' (CT uses local storage)\n" | |
1539 | if $target && !$sharedvm; | |
c4a33727 | 1540 | |
cc1ffe7e FG |
1541 | # Replace the 'disk' lock with a 'create' lock. |
1542 | $newconf->{lock} = 'create'; | |
db01d674 | 1543 | |
04a34c56 | 1544 | # delete all snapshot related config options |
a0167a5c | 1545 | delete $newconf->@{qw(snapshots parent snaptime snapstate)}; |
04a34c56 | 1546 | |
cc1ffe7e FG |
1547 | delete $newconf->{pending}; |
1548 | delete $newconf->{template}; | |
c4a33727 | 1549 | |
a0167a5c TL |
1550 | $newconf->{hostname} = $param->{hostname} if $param->{hostname}; |
1551 | $newconf->{description} = $param->{description} if $param->{description}; | |
c4a33727 | 1552 | |
b062187a | 1553 | $lock_and_reload->($newid, sub { |
cc1ffe7e FG |
1554 | PVE::LXC::Config->write_config($newid, $newconf); |
1555 | }); | |
1556 | }; | |
1557 | if (my $err = $@) { | |
1558 | eval { PVE::LXC::Config->remove_lock($vmid, 'disk') }; | |
1559 | warn "Failed to remove source CT config lock - $@\n" if $@; | |
1560 | ||
1561 | eval { | |
b062187a | 1562 | $lock_and_reload->($newid, sub { |
cc1ffe7e | 1563 | PVE::LXC::Config->destroy_config($newid); |
5eacc654 | 1564 | PVE::Firewall::remove_vmfw_conf($newid); |
7b290bf3 | 1565 | }); |
db01d674 | 1566 | }; |
cc1ffe7e | 1567 | warn "Failed to remove target CT config - $@\n" if $@; |
52d287d9 | 1568 | |
cc1ffe7e FG |
1569 | die $err; |
1570 | } | |
c4a33727 | 1571 | |
db01d674 WB |
1572 | my $update_conf = sub { |
1573 | my ($key, $value) = @_; | |
b062187a FG |
1574 | return $lock_and_reload->($newid, sub { |
1575 | my $conf = shift; | |
db01d674 WB |
1576 | $conf->{$key} = $value; |
1577 | PVE::LXC::Config->write_config($newid, $conf); | |
1578 | }); | |
1579 | }; | |
c4a33727 | 1580 | |
db01d674 WB |
1581 | my $realcmd = sub { |
1582 | my ($upid) = @_; | |
c4a33727 | 1583 | |
db01d674 | 1584 | my $newvollist = []; |
c4a33727 | 1585 | |
411ae12c DM |
1586 | my $verify_running = PVE::LXC::check_running($vmid) || 0; |
1587 | die "unexpected state change\n" if $verify_running != $running; | |
1588 | ||
db01d674 WB |
1589 | eval { |
1590 | local $SIG{INT} = | |
1591 | local $SIG{TERM} = | |
1592 | local $SIG{QUIT} = | |
1593 | local $SIG{HUP} = sub { die "interrupted by signal\n"; }; | |
c4a33727 | 1594 | |
db01d674 | 1595 | PVE::Storage::activate_volumes($storecfg, $vollist, $snapname); |
8ead60ef | 1596 | my $bwlimit = extract_param($param, 'bwlimit'); |
c4a33727 | 1597 | |
db01d674 WB |
1598 | foreach my $opt (keys %$mountpoints) { |
1599 | my $mp = $mountpoints->{$opt}; | |
1600 | my $volid = $mp->{volume}; | |
c4a33727 | 1601 | |
db01d674 WB |
1602 | my $newvolid; |
1603 | if ($fullclone->{$opt}) { | |
1604 | print "create full clone of mountpoint $opt ($volid)\n"; | |
8ead60ef SI |
1605 | my $source_storage = PVE::Storage::parse_volume_id($volid); |
1606 | my $target_storage = $storage // $source_storage; | |
1607 | my $clonelimit = PVE::Storage::get_bandwidth_limit('clone', [$source_storage, $target_storage], $bwlimit); | |
1608 | $newvolid = PVE::LXC::copy_volume($mp, $newid, $target_storage, $storecfg, $newconf, $snapname, $clonelimit); | |
db01d674 WB |
1609 | } else { |
1610 | print "create linked clone of mount point $opt ($volid)\n"; | |
1611 | $newvolid = PVE::Storage::vdisk_clone($storecfg, $volid, $newid, $snapname); | |
c4a33727 DM |
1612 | } |
1613 | ||
db01d674 WB |
1614 | push @$newvollist, $newvolid; |
1615 | $mp->{volume} = $newvolid; | |
c4a33727 | 1616 | |
db01d674 | 1617 | $update_conf->($opt, PVE::LXC::Config->print_ct_mountpoint($mp, $opt eq 'rootfs')); |
c4a33727 DM |
1618 | } |
1619 | ||
db01d674 | 1620 | PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool; |
8e08cd17 | 1621 | |
b062187a FG |
1622 | $lock_and_reload->($newid, sub { |
1623 | my $conf = shift; | |
1624 | my $rootdir = PVE::LXC::mount_all($newid, $storecfg, $conf, 1); | |
1625 | eval { | |
1626 | my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); | |
1627 | $lxc_setup->post_clone_hook($conf); | |
1628 | }; | |
1629 | my $err = $@; | |
1630 | eval { PVE::LXC::umount_all($newid, $storecfg, $conf, 1); }; | |
1631 | if ($err) { | |
1632 | warn "$@\n" if $@; | |
1633 | die $err; | |
1634 | } else { | |
1635 | die $@ if $@; | |
7b290bf3 OB |
1636 | } |
1637 | }); | |
c4a33727 | 1638 | }; |
db01d674 | 1639 | my $err = $@; |
db01d674 WB |
1640 | # Unlock the source config in any case: |
1641 | eval { PVE::LXC::Config->remove_lock($vmid, 'disk') }; | |
1642 | warn $@ if $@; | |
c4a33727 | 1643 | |
db01d674 WB |
1644 | if ($err) { |
1645 | # Now cleanup the config & disks: | |
db01d674 WB |
1646 | sleep 1; # some storages like rbd need to wait before release volume - really? |
1647 | ||
1648 | foreach my $volid (@$newvollist) { | |
1649 | eval { PVE::Storage::vdisk_free($storecfg, $volid); }; | |
1650 | warn $@ if $@; | |
1651 | } | |
52d287d9 FG |
1652 | |
1653 | eval { | |
b062187a | 1654 | $lock_and_reload->($newid, sub { |
52d287d9 | 1655 | PVE::LXC::Config->destroy_config($newid); |
5eacc654 | 1656 | PVE::Firewall::remove_vmfw_conf($newid); |
52d287d9 FG |
1657 | }); |
1658 | }; | |
1659 | warn "Failed to remove target CT config - $@\n" if $@; | |
1660 | ||
db01d674 WB |
1661 | die "clone failed: $err"; |
1662 | } | |
1663 | ||
b062187a FG |
1664 | $lock_and_reload->($newid, sub { |
1665 | PVE::LXC::Config->remove_lock($newid, 'create'); | |
1666 | ||
1667 | if ($target) { | |
1668 | # always deactivate volumes - avoid lvm LVs to be active on several nodes | |
1669 | PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running; | |
1670 | PVE::Storage::deactivate_volumes($storecfg, $newvollist); | |
1671 | ||
1672 | PVE::LXC::Config->move_config_to_node($newid, $target); | |
1673 | } | |
1674 | }); | |
1675 | ||
db01d674 | 1676 | return; |
c4a33727 DM |
1677 | }; |
1678 | ||
db01d674 | 1679 | return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd); |
c4a33727 DM |
1680 | }}); |
1681 | ||
1682 | ||
985b18ed WL |
1683 | __PACKAGE__->register_method({ |
1684 | name => 'resize_vm', | |
1685 | path => '{vmid}/resize', | |
1686 | method => 'PUT', | |
1687 | protected => 1, | |
1688 | proxyto => 'node', | |
235dbdf3 | 1689 | description => "Resize a container mount point.", |
985b18ed WL |
1690 | permissions => { |
1691 | check => ['perm', '/vms/{vmid}', ['VM.Config.Disk'], any => 1], | |
1692 | }, | |
1693 | parameters => { | |
1694 | additionalProperties => 0, | |
b8c5a95f WB |
1695 | properties => { |
1696 | node => get_standard_option('pve-node'), | |
1697 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
1698 | disk => { | |
1699 | type => 'string', | |
1700 | description => "The disk you want to resize.", | |
5e5d76cf | 1701 | enum => [PVE::LXC::Config->valid_volume_keys()], |
b8c5a95f WB |
1702 | }, |
1703 | size => { | |
1704 | type => 'string', | |
1705 | pattern => '\+?\d+(\.\d+)?[KMGT]?', | |
1706 | description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.", | |
1707 | }, | |
1708 | digest => { | |
1709 | type => 'string', | |
1710 | description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.', | |
1711 | maxLength => 40, | |
1712 | optional => 1, | |
1713 | } | |
1714 | }, | |
985b18ed | 1715 | }, |
9f3f7963 WL |
1716 | returns => { |
1717 | type => 'string', | |
1718 | description => "the task ID.", | |
1719 | }, | |
985b18ed WL |
1720 | code => sub { |
1721 | my ($param) = @_; | |
1722 | ||
1723 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1724 | ||
1725 | my $authuser = $rpcenv->get_user(); | |
1726 | ||
1727 | my $node = extract_param($param, 'node'); | |
1728 | ||
1729 | my $vmid = extract_param($param, 'vmid'); | |
1730 | ||
1731 | my $digest = extract_param($param, 'digest'); | |
1732 | ||
1733 | my $sizestr = extract_param($param, 'size'); | |
1734 | my $ext = ($sizestr =~ s/^\+//); | |
1735 | my $newsize = PVE::JSONSchema::parse_size($sizestr); | |
1736 | die "invalid size string" if !defined($newsize); | |
1737 | ||
1738 | die "no options specified\n" if !scalar(keys %$param); | |
1739 | ||
985b18ed WL |
1740 | my $storage_cfg = cfs_read_file("storage.cfg"); |
1741 | ||
985b18ed WL |
1742 | my $code = sub { |
1743 | ||
67afe46e FG |
1744 | my $conf = PVE::LXC::Config->load_config($vmid); |
1745 | PVE::LXC::Config->check_lock($conf); | |
985b18ed | 1746 | |
de41bced DC |
1747 | PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, $conf, $param, [], $conf->{unprivileged}); |
1748 | ||
985b18ed WL |
1749 | PVE::Tools::assert_if_modified($digest, $conf->{digest}); |
1750 | ||
1751 | my $running = PVE::LXC::check_running($vmid); | |
1752 | ||
1753 | my $disk = $param->{disk}; | |
e4034859 | 1754 | my $mp = PVE::LXC::Config->parse_volume($disk, $conf->{$disk}); |
44a9face | 1755 | |
985b18ed WL |
1756 | my $volid = $mp->{volume}; |
1757 | ||
1758 | my (undef, undef, $owner, undef, undef, undef, $format) = | |
1759 | PVE::Storage::parse_volname($storage_cfg, $volid); | |
1760 | ||
235dbdf3 | 1761 | die "can't resize mount point owned by another container ($owner)" |
985b18ed WL |
1762 | if $vmid != $owner; |
1763 | ||
1764 | die "can't resize volume: $disk if snapshot exists\n" | |
1765 | if %{$conf->{snapshots}} && $format eq 'qcow2'; | |
1766 | ||
1767 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid); | |
1768 | ||
1769 | $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']); | |
1770 | ||
4e1e1791 WB |
1771 | PVE::Storage::activate_volumes($storage_cfg, [$volid]); |
1772 | ||
985b18ed | 1773 | my $size = PVE::Storage::volume_size_info($storage_cfg, $volid, 5); |
2e8bcfef | 1774 | |
16f6c7c6 | 1775 | die "Could not determine current size of volume '$volid'\n" if !defined($size); |
2e8bcfef | 1776 | |
985b18ed WL |
1777 | $newsize += $size if $ext; |
1778 | $newsize = int($newsize); | |
1779 | ||
1780 | die "unable to shrink disk size\n" if $newsize < $size; | |
1781 | ||
5c36822a | 1782 | die "disk is already at specified size\n" if $size == $newsize; |
985b18ed WL |
1783 | |
1784 | PVE::Cluster::log_msg('info', $authuser, "update CT $vmid: resize --disk $disk --size $sizestr"); | |
9f3f7963 | 1785 | my $realcmd = sub { |
e72c8b0e DM |
1786 | # Note: PVE::Storage::volume_resize doesn't do anything if $running=1, so |
1787 | # we pass 0 here (parameter only makes sense for qemu) | |
9f3f7963 WL |
1788 | PVE::Storage::volume_resize($storage_cfg, $volid, $newsize, 0); |
1789 | ||
1790 | $mp->{size} = $newsize; | |
1b4cf758 | 1791 | $conf->{$disk} = PVE::LXC::Config->print_ct_mountpoint($mp, $disk eq 'rootfs'); |
9f3f7963 | 1792 | |
67afe46e | 1793 | PVE::LXC::Config->write_config($vmid, $conf); |
9f3f7963 WL |
1794 | |
1795 | if ($format eq 'raw') { | |
46e62d2d TL |
1796 | # we need to ensure that the volume is mapped, if not needed this is a NOP |
1797 | my $path = PVE::Storage::map_volume($storage_cfg, $volid); | |
1798 | $path = PVE::Storage::path($storage_cfg, $volid) if !defined($path); | |
9f3f7963 | 1799 | if ($running) { |
2a993004 WL |
1800 | |
1801 | $mp->{mp} = '/'; | |
1802 | my $use_loopdev = (PVE::LXC::mountpoint_mount_path($mp, $storage_cfg))[1]; | |
21f292ff | 1803 | $path = PVE::LXC::query_loopdev($path) if $use_loopdev; |
235dbdf3 | 1804 | die "internal error: CT running but mount point not attached to a loop device" |
2a993004 WL |
1805 | if !$path; |
1806 | PVE::Tools::run_command(['losetup', '--set-capacity', $path]) if $use_loopdev; | |
9f3f7963 WL |
1807 | |
1808 | # In order for resize2fs to know that we need online-resizing a mountpoint needs | |
1809 | # to be visible to it in its namespace. | |
1810 | # To not interfere with the rest of the system we unshare the current mount namespace, | |
1811 | # mount over /tmp and then run resize2fs. | |
1812 | ||
1813 | # interestingly we don't need to e2fsck on mounted systems... | |
1814 | my $quoted = PVE::Tools::shellquote($path); | |
1815 | my $cmd = "mount --make-rprivate / && mount $quoted /tmp && resize2fs $quoted"; | |
ce9e6458 WB |
1816 | eval { |
1817 | PVE::Tools::run_command(['unshare', '-m', '--', 'sh', '-c', $cmd]); | |
1818 | }; | |
1819 | warn "Failed to update the container's filesystem: $@\n" if $@; | |
9f3f7963 | 1820 | } else { |
ce9e6458 WB |
1821 | eval { |
1822 | PVE::Tools::run_command(['e2fsck', '-f', '-y', $path]); | |
1823 | PVE::Tools::run_command(['resize2fs', $path]); | |
1824 | }; | |
1825 | warn "Failed to update the container's filesystem: $@\n" if $@; | |
80440faa | 1826 | |
46ea6368 TL |
1827 | # always un-map if not running, this is a NOP if not needed |
1828 | PVE::Storage::unmap_volume($storage_cfg, $volid); | |
9f3f7963 | 1829 | } |
985b18ed | 1830 | } |
9f3f7963 | 1831 | }; |
985b18ed | 1832 | |
9f3f7963 WL |
1833 | return $rpcenv->fork_worker('resize', $vmid, $authuser, $realcmd); |
1834 | }; | |
985b18ed | 1835 | |
67afe46e | 1836 | return PVE::LXC::Config->lock_config($vmid, $code);; |
985b18ed WL |
1837 | }}); |
1838 | ||
3c0f6806 WB |
1839 | __PACKAGE__->register_method({ |
1840 | name => 'move_volume', | |
1841 | path => '{vmid}/move_volume', | |
1842 | method => 'POST', | |
1843 | protected => 1, | |
1844 | proxyto => 'node', | |
a337a832 | 1845 | description => "Move a rootfs-/mp-volume to a different storage or to a different container.", |
3c0f6806 WB |
1846 | permissions => { |
1847 | description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " . | |
a337a832 AL |
1848 | "and 'Datastore.AllocateSpace' permissions on the storage. To move ". |
1849 | "a volume to another container, you need the permissions on the ". | |
1850 | "target container as well.", | |
d568e8db | 1851 | check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]], |
3c0f6806 WB |
1852 | }, |
1853 | parameters => { | |
1854 | additionalProperties => 0, | |
1855 | properties => { | |
1856 | node => get_standard_option('pve-node'), | |
1857 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
a337a832 AL |
1858 | 'target-vmid' => get_standard_option('pve-vmid', { |
1859 | completion => \&PVE::LXC::complete_ctid, | |
1860 | optional => 1, | |
1861 | }), | |
3c0f6806 WB |
1862 | volume => { |
1863 | type => 'string', | |
a337a832 AL |
1864 | #TODO: check how to handle unused mount points as the mp parameter is not configured |
1865 | enum => [ PVE::LXC::Config->valid_volume_keys_with_unused() ], | |
3c0f6806 WB |
1866 | description => "Volume which will be moved.", |
1867 | }, | |
1868 | storage => get_standard_option('pve-storage-id', { | |
1869 | description => "Target Storage.", | |
1870 | completion => \&PVE::Storage::complete_storage_enabled, | |
a337a832 | 1871 | optional => 1, |
3c0f6806 WB |
1872 | }), |
1873 | delete => { | |
1874 | type => 'boolean', | |
d2f08c5a AL |
1875 | description => "Delete the original volume after successful copy. By default the " . |
1876 | "original is kept as an unused volume entry.", | |
3c0f6806 WB |
1877 | optional => 1, |
1878 | default => 0, | |
1879 | }, | |
1880 | digest => { | |
1881 | type => 'string', | |
d2f08c5a AL |
1882 | description => 'Prevent changes if current configuration file has different SHA1 " . |
1883 | "digest. This can be used to prevent concurrent modifications.', | |
3c0f6806 WB |
1884 | maxLength => 40, |
1885 | optional => 1, | |
8ead60ef SI |
1886 | }, |
1887 | bwlimit => { | |
1888 | description => "Override I/O bandwidth limit (in KiB/s).", | |
1889 | optional => 1, | |
1890 | type => 'number', | |
1891 | minimum => '0', | |
41e9b65c | 1892 | default => 'clone limit from datacenter or storage config', |
8ead60ef | 1893 | }, |
a337a832 AL |
1894 | 'target-volume' => { |
1895 | type => 'string', | |
1896 | description => "The config key the volume will be moved to. Default is the " . | |
1897 | "source volume key.", | |
1898 | enum => [PVE::LXC::Config->valid_volume_keys_with_unused()], | |
1899 | optional => 1, | |
1900 | }, | |
1901 | 'target-digest' => { | |
1902 | type => 'string', | |
1903 | description => 'Prevent changes if current configuration file of the target " . | |
1904 | "container has a different SHA1 digest. This can be used to prevent " . | |
1905 | "concurrent modifications.', | |
1906 | maxLength => 40, | |
1907 | optional => 1, | |
1908 | }, | |
3c0f6806 WB |
1909 | }, |
1910 | }, | |
1911 | returns => { | |
1912 | type => 'string', | |
1913 | }, | |
1914 | code => sub { | |
1915 | my ($param) = @_; | |
1916 | ||
1917 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1918 | ||
1919 | my $authuser = $rpcenv->get_user(); | |
1920 | ||
1921 | my $vmid = extract_param($param, 'vmid'); | |
1922 | ||
a337a832 AL |
1923 | my $target_vmid = extract_param($param, 'target-vmid'); |
1924 | ||
3c0f6806 WB |
1925 | my $storage = extract_param($param, 'storage'); |
1926 | ||
1927 | my $mpkey = extract_param($param, 'volume'); | |
1928 | ||
a337a832 AL |
1929 | my $target_mpkey = extract_param($param, 'target-volume') // $mpkey; |
1930 | ||
1931 | my $digest = extract_param($param, 'digest'); | |
1932 | ||
1933 | my $target_digest = extract_param($param, 'target-digest'); | |
1934 | ||
3c0f6806 WB |
1935 | my $lockname = 'disk'; |
1936 | ||
1937 | my ($mpdata, $old_volid); | |
1938 | ||
a337a832 AL |
1939 | die "either set storage or target-vmid, but not both\n" |
1940 | if $storage && $target_vmid; | |
3c0f6806 | 1941 | |
a337a832 | 1942 | my $storecfg = PVE::Storage::config(); |
3c0f6806 | 1943 | |
a337a832 AL |
1944 | my $move_to_storage_checks = sub { |
1945 | PVE::LXC::Config->lock_config($vmid, sub { | |
1946 | my $conf = PVE::LXC::Config->load_config($vmid); | |
1947 | PVE::LXC::Config->check_lock($conf); | |
3c0f6806 | 1948 | |
a337a832 AL |
1949 | die "cannot move volumes of a running container\n" |
1950 | if PVE::LXC::check_running($vmid); | |
3c0f6806 | 1951 | |
a337a832 AL |
1952 | if ($mpkey =~ m/^unused\d+$/) { |
1953 | die "cannot move volume '$mpkey', only configured volumes can be moved to ". | |
1954 | "another storage\n"; | |
1955 | } | |
3c0f6806 | 1956 | |
a337a832 AL |
1957 | $mpdata = PVE::LXC::Config->parse_volume($mpkey, $conf->{$mpkey}); |
1958 | $old_volid = $mpdata->{volume}; | |
3c0f6806 | 1959 | |
a337a832 AL |
1960 | die "you can't move a volume with snapshots and delete the source\n" |
1961 | if $param->{delete} && PVE::LXC::Config->is_volume_in_use_by_snapshots($conf, $old_volid); | |
1962 | ||
1963 | PVE::Tools::assert_if_modified($digest, $conf->{digest}); | |
1964 | ||
1965 | PVE::LXC::Config->set_lock($vmid, $lockname); | |
1966 | }); | |
1967 | }; | |
1968 | ||
1969 | my $storage_realcmd = sub { | |
3c0f6806 | 1970 | eval { |
d2f08c5a AL |
1971 | PVE::Cluster::log_msg( |
1972 | 'info', | |
1973 | $authuser, | |
1974 | "move volume CT $vmid: move --volume $mpkey --storage $storage" | |
1975 | ); | |
3c0f6806 WB |
1976 | |
1977 | my $conf = PVE::LXC::Config->load_config($vmid); | |
1978 | my $storage_cfg = PVE::Storage::config(); | |
1979 | ||
1980 | my $new_volid; | |
1981 | ||
1982 | eval { | |
1983 | PVE::Storage::activate_volumes($storage_cfg, [ $old_volid ]); | |
8ead60ef SI |
1984 | my $bwlimit = extract_param($param, 'bwlimit'); |
1985 | my $source_storage = PVE::Storage::parse_volume_id($old_volid); | |
d2f08c5a AL |
1986 | my $movelimit = PVE::Storage::get_bandwidth_limit( |
1987 | 'move', | |
1988 | [$source_storage, $storage], | |
1989 | $bwlimit | |
1990 | ); | |
1991 | $new_volid = PVE::LXC::copy_volume( | |
1992 | $mpdata, | |
1993 | $vmid, | |
1994 | $storage, | |
1995 | $storage_cfg, | |
1996 | $conf, | |
1997 | undef, | |
1998 | $movelimit | |
1999 | ); | |
3bfbd900 FE |
2000 | if (PVE::LXC::Config->is_template($conf)) { |
2001 | PVE::Storage::activate_volumes($storage_cfg, [ $new_volid ]); | |
2002 | my $template_volid = PVE::Storage::vdisk_create_base($storage_cfg, $new_volid); | |
2003 | $mpdata->{volume} = $template_volid; | |
2004 | } else { | |
2005 | $mpdata->{volume} = $new_volid; | |
2006 | } | |
3c0f6806 WB |
2007 | |
2008 | PVE::LXC::Config->lock_config($vmid, sub { | |
2009 | my $digest = $conf->{digest}; | |
2010 | $conf = PVE::LXC::Config->load_config($vmid); | |
2011 | PVE::Tools::assert_if_modified($digest, $conf->{digest}); | |
2012 | ||
d2f08c5a AL |
2013 | $conf->{$mpkey} = PVE::LXC::Config->print_ct_mountpoint( |
2014 | $mpdata, | |
2015 | $mpkey eq 'rootfs' | |
2016 | ); | |
3c0f6806 WB |
2017 | |
2018 | PVE::LXC::Config->add_unused_volume($conf, $old_volid) if !$param->{delete}; | |
2019 | ||
2020 | PVE::LXC::Config->write_config($vmid, $conf); | |
2021 | }); | |
2022 | ||
2023 | eval { | |
2024 | # try to deactivate volumes - avoid lvm LVs to be active on several nodes | |
2025 | PVE::Storage::deactivate_volumes($storage_cfg, [ $new_volid ]) | |
2026 | }; | |
2027 | warn $@ if $@; | |
2028 | }; | |
2029 | if (my $err = $@) { | |
2030 | eval { | |
2031 | PVE::Storage::vdisk_free($storage_cfg, $new_volid) | |
2032 | if defined($new_volid); | |
2033 | }; | |
2034 | warn $@ if $@; | |
2035 | die $err; | |
2036 | } | |
2037 | ||
2038 | if ($param->{delete}) { | |
2039 | eval { | |
2040 | PVE::Storage::deactivate_volumes($storage_cfg, [ $old_volid ]); | |
2041 | PVE::Storage::vdisk_free($storage_cfg, $old_volid); | |
2042 | }; | |
9abb0f8a FE |
2043 | if (my $err = $@) { |
2044 | warn $err; | |
2045 | PVE::LXC::Config->lock_config($vmid, sub { | |
2046 | my $conf = PVE::LXC::Config->load_config($vmid); | |
2047 | PVE::LXC::Config->add_unused_volume($conf, $old_volid); | |
2048 | PVE::LXC::Config->write_config($vmid, $conf); | |
2049 | }); | |
2050 | } | |
3c0f6806 WB |
2051 | } |
2052 | }; | |
2053 | my $err = $@; | |
2054 | eval { PVE::LXC::Config->remove_lock($vmid, $lockname) }; | |
2055 | warn $@ if $@; | |
2056 | die $err if $err; | |
2057 | }; | |
a337a832 AL |
2058 | |
2059 | my $load_and_check_reassign_configs = sub { | |
2060 | my $vmlist = PVE::Cluster::get_vmlist()->{ids}; | |
2061 | ||
2062 | die "Cannot move to/from 'rootfs'\n" if $mpkey eq "rootfs" || $target_mpkey eq "rootfs"; | |
2063 | ||
2064 | if ($mpkey =~ m/^unused\d+$/ && $target_mpkey !~ m/^unused\d+$/) { | |
2065 | die "Moving an unused volume to a used one is not possible\n"; | |
2066 | } | |
2067 | die "could not find CT ${vmid}\n" if !exists($vmlist->{$vmid}); | |
27e28f79 | 2068 | die "could not find CT ${target_vmid}\n" if !exists($vmlist->{$target_vmid}); |
a337a832 | 2069 | |
27e28f79 FG |
2070 | my $source_node = $vmlist->{$vmid}->{node}; |
2071 | my $target_node = $vmlist->{$target_vmid}->{node}; | |
2072 | ||
2073 | die "Both containers need to be on the same node ($source_node != $target_node)\n" | |
2074 | if $source_node ne $target_node; | |
a337a832 AL |
2075 | |
2076 | my $source_conf = PVE::LXC::Config->load_config($vmid); | |
2077 | PVE::LXC::Config->check_lock($source_conf); | |
2078 | my $target_conf = PVE::LXC::Config->load_config($target_vmid); | |
2079 | PVE::LXC::Config->check_lock($target_conf); | |
2080 | ||
27e28f79 | 2081 | die "Can't move volumes from or to template CT\n" |
a337a832 AL |
2082 | if ($source_conf->{template} || $target_conf->{template}); |
2083 | ||
2084 | if ($digest) { | |
2085 | eval { PVE::Tools::assert_if_modified($digest, $source_conf->{digest}) }; | |
2086 | die "Container ${vmid}: $@" if $@; | |
2087 | } | |
2088 | ||
2089 | if ($target_digest) { | |
2090 | eval { PVE::Tools::assert_if_modified($target_digest, $target_conf->{digest}) }; | |
2091 | die "Container ${target_vmid}: $@" if $@; | |
2092 | } | |
2093 | ||
2094 | die "volume '${mpkey}' for container '$vmid' does not exist\n" | |
2095 | if !defined($source_conf->{$mpkey}); | |
2096 | ||
2097 | die "Target volume key '${target_mpkey}' is already in use for container '$target_vmid'\n" | |
2098 | if exists $target_conf->{$target_mpkey}; | |
2099 | ||
2100 | my $drive = PVE::LXC::Config->parse_volume( | |
2101 | $mpkey, | |
2102 | $source_conf->{$mpkey}, | |
2103 | ); | |
2104 | ||
27e28f79 | 2105 | my $source_volid = $drive->{volume}; |
a337a832 AL |
2106 | |
2107 | die "Volume '${mpkey}' has no associated image\n" | |
2108 | if !$source_volid; | |
2109 | die "Cannot move volume used by a snapshot to another container\n" | |
2110 | if PVE::LXC::Config->is_volume_in_use_by_snapshots($source_conf, $source_volid); | |
2111 | die "Storage does not support moving of this disk to another container\n" | |
2112 | if !PVE::Storage::volume_has_feature($storecfg, 'rename', $source_volid); | |
27e28f79 | 2113 | die "Cannot move a bindmount or device mount to another container\n" |
a337a832 | 2114 | if $drive->{type} ne "volume"; |
27e28f79 | 2115 | die "Cannot move volume to another container while the source is running - detach first\n" |
a337a832 AL |
2116 | if PVE::LXC::check_running($vmid) && $mpkey !~ m/^unused\d+$/; |
2117 | ||
2118 | my $repl_conf = PVE::ReplicationConfig->new(); | |
27e28f79 FG |
2119 | if ($repl_conf->check_for_existing_jobs($target_vmid, 1)) { |
2120 | my ($storeid, undef) = PVE::Storage::parse_volume_id($source_volid); | |
2121 | my $format = (PVE::Storage::parse_volname($storecfg, $source_volid))[6]; | |
2122 | ||
2123 | die "Cannot move volume on storage '$storeid' to a replicated container - missing replication support\n" | |
2124 | if !PVE::Storage::storage_can_replicate($storecfg, $storeid, $format); | |
a337a832 | 2125 | } |
27e28f79 FG |
2126 | |
2127 | return ($source_conf, $target_conf, $drive); | |
3c0f6806 | 2128 | }; |
a337a832 AL |
2129 | |
2130 | my $logfunc = sub { | |
2131 | my ($msg) = @_; | |
2132 | print STDERR "$msg\n"; | |
2133 | }; | |
2134 | ||
2135 | my $volume_reassignfn = sub { | |
2136 | return PVE::LXC::Config->lock_config($vmid, sub { | |
2137 | return PVE::LXC::Config->lock_config($target_vmid, sub { | |
27e28f79 FG |
2138 | my ($source_conf, $target_conf, $drive) = &$load_and_check_reassign_configs(); |
2139 | my $source_volid = $drive->{volume}; | |
a337a832 AL |
2140 | |
2141 | my $target_unused = $target_mpkey =~ m/^unused\d+$/; | |
2142 | ||
a337a832 | 2143 | print "moving volume '$mpkey' from container '$vmid' to '$target_vmid'\n"; |
27e28f79 | 2144 | |
a337a832 AL |
2145 | my ($storage, $source_volname) = PVE::Storage::parse_volume_id($source_volid); |
2146 | ||
2147 | my $fmt = (PVE::Storage::parse_volname($storecfg, $source_volid))[6]; | |
2148 | ||
2149 | my $new_volid = PVE::Storage::rename_volume( | |
2150 | $storecfg, | |
2151 | $source_volid, | |
2152 | $target_vmid, | |
2153 | ); | |
2154 | ||
27e28f79 | 2155 | $drive->{volume} = $new_volid; |
a337a832 AL |
2156 | |
2157 | delete $source_conf->{$mpkey}; | |
2158 | print "removing volume '${mpkey}' from container '${vmid}' config\n"; | |
2159 | PVE::LXC::Config->write_config($vmid, $source_conf); | |
2160 | ||
2161 | my $drive_string; | |
2162 | ||
2163 | if ($target_unused) { | |
2164 | $drive_string = $new_volid; | |
2165 | } else { | |
27e28f79 | 2166 | $drive_string = PVE::LXC::Config->print_volume($target_mpkey, $drive); |
a337a832 AL |
2167 | } |
2168 | ||
2169 | if ($target_unused) { | |
2170 | $target_conf->{$target_mpkey} = $drive_string; | |
2171 | } else { | |
2172 | my $running = PVE::LXC::check_running($target_vmid); | |
2173 | my $param = { $target_mpkey => $drive_string }; | |
2174 | my $errors = PVE::LXC::Config->update_pct_config( | |
2175 | $target_vmid, | |
2176 | $target_conf, | |
2177 | $running, | |
2178 | $param | |
2179 | ); | |
2180 | ||
2181 | foreach my $key (keys %$errors) { | |
2182 | $rpcenv->warn($errors->{$key}); | |
2183 | } | |
2184 | } | |
2185 | ||
2186 | PVE::LXC::Config->write_config($target_vmid, $target_conf); | |
2187 | $target_conf = PVE::LXC::Config->load_config($target_vmid); | |
2188 | ||
2189 | PVE::LXC::update_lxc_config($target_vmid, $target_conf) if !$target_unused; | |
2190 | print "target container '$target_vmid' updated with '$target_mpkey'\n"; | |
2191 | ||
2192 | # remove possible replication snapshots | |
2193 | if (PVE::Storage::volume_has_feature($storecfg,'replicate', $source_volid)) { | |
2194 | eval { | |
2195 | PVE::Replication::prepare( | |
2196 | $storecfg, | |
2197 | [$new_volid], | |
2198 | undef, | |
2199 | 1, | |
2200 | undef, | |
2201 | $logfunc, | |
2202 | ) | |
2203 | }; | |
2204 | if (my $err = $@) { | |
2205 | $rpcenv->warn("Failed to remove replication snapshots on volume ". | |
2206 | "'${target_mpkey}'. Manual cleanup could be necessary. " . | |
2207 | "Error: ${err}\n"); | |
2208 | } | |
2209 | } | |
2210 | }); | |
2211 | }); | |
2212 | }; | |
2213 | ||
27e28f79 FG |
2214 | if ($target_vmid && $storage) { |
2215 | my $msg = "either set 'storage' or 'target-vmid', but not both"; | |
2216 | raise_param_exc({ 'target-vmid' => $msg, 'storage' => $msg }); | |
2217 | } elsif ($target_vmid) { | |
a337a832 AL |
2218 | $rpcenv->check_vm_perm($authuser, $target_vmid, undef, ['VM.Config.Disk']) |
2219 | if $authuser ne 'root@pam'; | |
2220 | ||
27e28f79 FG |
2221 | if ($vmid eq $target_vmid) { |
2222 | my $msg = "must be different than source VMID to move disk to another container"; | |
2223 | raise_param_exc({ 'target-vmid' => $msg }); | |
2224 | } | |
a337a832 | 2225 | |
d568e8db FG |
2226 | my (undef, undef, $drive) = &$load_and_check_reassign_configs(); |
2227 | my $storeid = PVE::Storage::parse_volume_id($drive->{volume}); | |
2228 | $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']); | |
a337a832 AL |
2229 | return $rpcenv->fork_worker( |
2230 | 'move_volume', | |
2231 | "${vmid}-${mpkey}>${target_vmid}-${target_mpkey}", | |
2232 | $authuser, | |
2233 | $volume_reassignfn | |
2234 | ); | |
2235 | } elsif ($storage) { | |
d568e8db | 2236 | $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']); |
a337a832 AL |
2237 | &$move_to_storage_checks(); |
2238 | my $task = eval { | |
2239 | $rpcenv->fork_worker('move_volume', $vmid, $authuser, $storage_realcmd); | |
2240 | }; | |
2241 | if (my $err = $@) { | |
2242 | eval { PVE::LXC::Config->remove_lock($vmid, $lockname) }; | |
2243 | warn $@ if $@; | |
2244 | die $err; | |
2245 | } | |
2246 | return $task; | |
2247 | } else { | |
27e28f79 FG |
2248 | my $msg = "both 'storage' and 'target-vmid' missing, either needs to be set"; |
2249 | raise_param_exc({ 'target-vmid' => $msg, 'storage' => $msg }); | |
3c0f6806 | 2250 | } |
3c0f6806 WB |
2251 | }}); |
2252 | ||
37c2dba8 OB |
2253 | __PACKAGE__->register_method({ |
2254 | name => 'vm_pending', | |
2255 | path => '{vmid}/pending', | |
2256 | method => 'GET', | |
2257 | proxyto => 'node', | |
2258 | description => 'Get container configuration, including pending changes.', | |
2259 | permissions => { | |
2260 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
2261 | }, | |
2262 | parameters => { | |
2263 | additionalProperties => 0, | |
2264 | properties => { | |
2265 | node => get_standard_option('pve-node'), | |
2266 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
2267 | }, | |
2268 | }, | |
2269 | returns => { | |
2270 | type => "array", | |
2271 | items => { | |
2272 | type => "object", | |
2273 | properties => { | |
2274 | key => { | |
2275 | description => 'Configuration option name.', | |
2276 | type => 'string', | |
2277 | }, | |
2278 | value => { | |
2279 | description => 'Current value.', | |
2280 | type => 'string', | |
2281 | optional => 1, | |
2282 | }, | |
2283 | pending => { | |
2284 | description => 'Pending value.', | |
2285 | type => 'string', | |
2286 | optional => 1, | |
2287 | }, | |
2288 | delete => { | |
2289 | description => "Indicates a pending delete request if present and not 0.", | |
2290 | type => 'integer', | |
2291 | minimum => 0, | |
2292 | maximum => 2, | |
2293 | optional => 1, | |
2294 | }, | |
2295 | }, | |
2296 | }, | |
2297 | }, | |
2298 | code => sub { | |
2299 | my ($param) = @_; | |
2300 | ||
2301 | my $conf = PVE::LXC::Config->load_config($param->{vmid}); | |
2302 | ||
2303 | my $pending_delete_hash = PVE::LXC::Config->parse_pending_delete($conf->{pending}->{delete}); | |
2304 | ||
f622e7dc | 2305 | return PVE::GuestHelpers::config_with_pending_array($conf, $pending_delete_hash); |
37c2dba8 OB |
2306 | }}); |
2307 | ||
f76a2828 | 2308 | 1; |