]>
Commit | Line | Data |
---|---|---|
f76a2828 DM |
1 | package PVE::API2::LXC; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::SafeSyslog; | |
7 | use PVE::Tools qw(extract_param run_command); | |
8 | use PVE::Exception qw(raise raise_param_exc); | |
9 | use PVE::INotify; | |
9c2d4ce9 | 10 | use PVE::Cluster qw(cfs_read_file); |
f76a2828 | 11 | use PVE::AccessControl; |
2f9b5ead | 12 | use PVE::Firewall; |
f76a2828 DM |
13 | use PVE::Storage; |
14 | use PVE::RESTHandler; | |
15 | use PVE::RPCEnvironment; | |
16 | use PVE::LXC; | |
7af97ad5 | 17 | use PVE::LXC::Create; |
6f42807e | 18 | use PVE::LXC::Migrate; |
52389a07 DM |
19 | use PVE::API2::LXC::Config; |
20 | use PVE::API2::LXC::Status; | |
21 | use PVE::API2::LXC::Snapshot; | |
5c752bbf | 22 | use PVE::HA::Config; |
f76a2828 DM |
23 | use PVE::JSONSchema qw(get_standard_option); |
24 | use base qw(PVE::RESTHandler); | |
25 | ||
26 | use Data::Dumper; # fixme: remove | |
27 | ||
52389a07 DM |
28 | __PACKAGE__->register_method ({ |
29 | subclass => "PVE::API2::LXC::Config", | |
30 | path => '{vmid}/config', | |
31 | }); | |
f76a2828 | 32 | |
52389a07 DM |
33 | __PACKAGE__->register_method ({ |
34 | subclass => "PVE::API2::LXC::Status", | |
35 | path => '{vmid}/status', | |
36 | }); | |
f76a2828 | 37 | |
52389a07 DM |
38 | __PACKAGE__->register_method ({ |
39 | subclass => "PVE::API2::LXC::Snapshot", | |
40 | path => '{vmid}/snapshot', | |
41 | }); | |
f76a2828 | 42 | |
52389a07 DM |
43 | __PACKAGE__->register_method ({ |
44 | subclass => "PVE::API2::Firewall::CT", | |
45 | path => '{vmid}/firewall', | |
46 | }); | |
1e6c8d5b DM |
47 | |
48 | my $destroy_disks = sub { | |
49 | my ($storecfg, $vollist) = @_; | |
50 | ||
51 | foreach my $volid (@$vollist) { | |
52 | eval { PVE::Storage::vdisk_free($storecfg, $volid); }; | |
53 | warn $@ if $@; | |
54 | } | |
55 | }; | |
f48feff4 WB |
56 | |
57 | sub mkfs { | |
58 | my ($dev) = @_; | |
96e02f12 DM |
59 | |
60 | PVE::Tools::run_command(['mkfs.ext4', '-O', 'mmp', $dev]); | |
f48feff4 WB |
61 | } |
62 | ||
63 | sub format_disk { | |
64 | my ($storage_cfg, $volid) = @_; | |
65 | ||
96e02f12 | 66 | if ($volid =~ m!^/dev/.+!) { |
5ba1c3a9 DM |
67 | mkfs($volid); |
68 | return; | |
f48feff4 WB |
69 | } |
70 | ||
71 | my ($storage, $volname) = PVE::Storage::parse_volume_id($volid, 1); | |
72 | ||
5ba1c3a9 | 73 | die "cannot format volume '$volid' with no storage\n" if !$storage; |
f48feff4 | 74 | |
96e02f12 | 75 | my $path = PVE::Storage::path($storage_cfg, $volid); |
f48feff4 WB |
76 | |
77 | my ($vtype, undef, undef, undef, undef, $isBase, $format) = | |
78 | PVE::Storage::parse_volname($storage_cfg, $volid); | |
79 | ||
5ba1c3a9 DM |
80 | die "cannot format volume '$volid' (format == $format)\n" |
81 | if $format ne 'raw'; | |
82 | ||
83 | mkfs($path); | |
f48feff4 | 84 | } |
52389a07 | 85 | |
4fee75fd | 86 | sub create_disks { |
78ccc99b | 87 | my ($storecfg, $vmid, $settings, $conf) = @_; |
27916659 | 88 | |
eb35f9c0 | 89 | my $vollist = []; |
27916659 | 90 | |
1e6c8d5b DM |
91 | eval { |
92 | PVE::LXC::foreach_mountpoint($settings, sub { | |
93 | my ($ms, $mountpoint) = @_; | |
27916659 | 94 | |
1e6c8d5b DM |
95 | my $volid = $mountpoint->{volume}; |
96 | my $mp = $mountpoint->{mp}; | |
27916659 | 97 | |
1e6c8d5b | 98 | my ($storage, $volname) = PVE::Storage::parse_volume_id($volid, 1); |
27916659 | 99 | |
1e6c8d5b | 100 | return if !$storage; |
27916659 | 101 | |
78ccc99b DM |
102 | if ($volid =~ m/^([^:\s]+):(\d+(\.\d+)?)$/) { |
103 | my ($storeid, $size) = ($1, $2); | |
644f2f8f | 104 | |
1e6c8d5b | 105 | $size = int($size*1024) * 1024; |
63f2ddfb | 106 | |
eb35f9c0 AD |
107 | my $scfg = PVE::Storage::storage_config($storecfg, $storage); |
108 | # fixme: use better naming ct-$vmid-disk-X.raw? | |
63f2ddfb | 109 | |
eb35f9c0 AD |
110 | if ($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs') { |
111 | if ($size > 0) { | |
112 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', | |
113 | undef, $size); | |
f48feff4 | 114 | format_disk($storecfg, $volid); |
eb35f9c0 AD |
115 | } else { |
116 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'subvol', | |
117 | undef, 0); | |
118 | } | |
119 | } elsif ($scfg->{type} eq 'zfspool') { | |
63f2ddfb | 120 | |
eb35f9c0 AD |
121 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'subvol', |
122 | undef, $size); | |
123 | } elsif ($scfg->{type} eq 'drbd') { | |
124 | ||
125 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', undef, $size); | |
f48feff4 | 126 | format_disk($storecfg, $volid); |
eb35f9c0 AD |
127 | |
128 | } elsif ($scfg->{type} eq 'rbd') { | |
129 | ||
130 | die "krbd option must be enabled on storage type '$scfg->{type}'\n" if !$scfg->{krbd}; | |
131 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', undef, $size); | |
f48feff4 | 132 | format_disk($storecfg, $volid); |
eb35f9c0 AD |
133 | } else { |
134 | die "unable to create containers on storage type '$scfg->{type}'\n"; | |
135 | } | |
1e6c8d5b DM |
136 | push @$vollist, $volid; |
137 | $conf->{$ms} = PVE::LXC::print_ct_mountpoint({volume => $volid, size => $size, mp => $mp }); | |
138 | } else { | |
139 | # use specified/existing volid | |
140 | } | |
141 | }); | |
142 | }; | |
eb35f9c0 | 143 | # free allocated images on error |
27916659 | 144 | if (my $err = $@) { |
eb35f9c0 | 145 | syslog('err', "VM $vmid creating disks failed"); |
1e6c8d5b | 146 | &$destroy_disks($storecfg, $vollist); |
eb35f9c0 | 147 | die $err; |
27916659 | 148 | } |
eb35f9c0 | 149 | return $vollist; |
4fee75fd | 150 | } |
27916659 | 151 | |
f76a2828 | 152 | __PACKAGE__->register_method({ |
5c752bbf DM |
153 | name => 'vmlist', |
154 | path => '', | |
f76a2828 DM |
155 | method => 'GET', |
156 | description => "LXC container index (per node).", | |
157 | permissions => { | |
158 | description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.", | |
159 | user => 'all', | |
160 | }, | |
161 | proxyto => 'node', | |
162 | protected => 1, # /proc files are only readable by root | |
163 | parameters => { | |
164 | additionalProperties => 0, | |
165 | properties => { | |
166 | node => get_standard_option('pve-node'), | |
167 | }, | |
168 | }, | |
169 | returns => { | |
170 | type => 'array', | |
171 | items => { | |
172 | type => "object", | |
173 | properties => {}, | |
174 | }, | |
175 | links => [ { rel => 'child', href => "{vmid}" } ], | |
176 | }, | |
177 | code => sub { | |
178 | my ($param) = @_; | |
179 | ||
180 | my $rpcenv = PVE::RPCEnvironment::get(); | |
181 | my $authuser = $rpcenv->get_user(); | |
182 | ||
183 | my $vmstatus = PVE::LXC::vmstatus(); | |
184 | ||
185 | my $res = []; | |
186 | foreach my $vmid (keys %$vmstatus) { | |
187 | next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1); | |
188 | ||
189 | my $data = $vmstatus->{$vmid}; | |
190 | $data->{vmid} = $vmid; | |
191 | push @$res, $data; | |
192 | } | |
193 | ||
194 | return $res; | |
5c752bbf | 195 | |
f76a2828 DM |
196 | }}); |
197 | ||
9c2d4ce9 | 198 | __PACKAGE__->register_method({ |
5c752bbf DM |
199 | name => 'create_vm', |
200 | path => '', | |
9c2d4ce9 DM |
201 | method => 'POST', |
202 | description => "Create or restore a container.", | |
203 | permissions => { | |
204 | user => 'all', # check inside | |
205 | description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " . | |
206 | "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " . | |
207 | "You also need 'Datastore.AllocateSpace' permissions on the storage.", | |
208 | }, | |
209 | protected => 1, | |
210 | proxyto => 'node', | |
211 | parameters => { | |
212 | additionalProperties => 0, | |
eb35f9c0 | 213 | properties => PVE::LXC::json_config_properties({ |
9c2d4ce9 | 214 | node => get_standard_option('pve-node'), |
781e26b2 | 215 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }), |
9c2d4ce9 DM |
216 | ostemplate => { |
217 | description => "The OS template or backup file.", | |
5c752bbf | 218 | type => 'string', |
9c2d4ce9 | 219 | maxLength => 255, |
68e8f3c5 | 220 | completion => \&PVE::LXC::complete_os_templates, |
9c2d4ce9 | 221 | }, |
5c752bbf DM |
222 | password => { |
223 | optional => 1, | |
9c2d4ce9 DM |
224 | type => 'string', |
225 | description => "Sets root password inside container.", | |
168d6b07 | 226 | minLength => 5, |
9c2d4ce9 DM |
227 | }, |
228 | storage => get_standard_option('pve-storage-id', { | |
eb35f9c0 | 229 | description => "Default Storage.", |
9c2d4ce9 DM |
230 | default => 'local', |
231 | optional => 1, | |
232 | }), | |
233 | force => { | |
5c752bbf | 234 | optional => 1, |
9c2d4ce9 DM |
235 | type => 'boolean', |
236 | description => "Allow to overwrite existing container.", | |
237 | }, | |
238 | restore => { | |
5c752bbf | 239 | optional => 1, |
9c2d4ce9 DM |
240 | type => 'boolean', |
241 | description => "Mark this as restore task.", | |
242 | }, | |
5c752bbf | 243 | pool => { |
9c2d4ce9 DM |
244 | optional => 1, |
245 | type => 'string', format => 'pve-poolid', | |
246 | description => "Add the VM to the specified pool.", | |
247 | }, | |
248 | }), | |
249 | }, | |
5c752bbf | 250 | returns => { |
9c2d4ce9 DM |
251 | type => 'string', |
252 | }, | |
253 | code => sub { | |
254 | my ($param) = @_; | |
255 | ||
256 | my $rpcenv = PVE::RPCEnvironment::get(); | |
257 | ||
258 | my $authuser = $rpcenv->get_user(); | |
259 | ||
260 | my $node = extract_param($param, 'node'); | |
261 | ||
262 | my $vmid = extract_param($param, 'vmid'); | |
263 | ||
264 | my $basecfg_fn = PVE::LXC::config_file($vmid); | |
265 | ||
266 | my $same_container_exists = -f $basecfg_fn; | |
267 | ||
268 | my $restore = extract_param($param, 'restore'); | |
269 | ||
148d1cb4 DM |
270 | if ($restore) { |
271 | # fixme: limit allowed parameters | |
272 | ||
273 | } | |
274 | ||
9c2d4ce9 DM |
275 | my $force = extract_param($param, 'force'); |
276 | ||
277 | if (!($same_container_exists && $restore && $force)) { | |
278 | PVE::Cluster::check_vmid_unused($vmid); | |
279 | } | |
5c752bbf | 280 | |
9c2d4ce9 DM |
281 | my $password = extract_param($param, 'password'); |
282 | ||
27916659 DM |
283 | my $storage = extract_param($param, 'storage') // 'local'; |
284 | ||
9c2d4ce9 DM |
285 | my $storage_cfg = cfs_read_file("storage.cfg"); |
286 | ||
287 | my $scfg = PVE::Storage::storage_check_node($storage_cfg, $storage, $node); | |
288 | ||
289 | raise_param_exc({ storage => "storage '$storage' does not support container root directories"}) | |
644f2f8f | 290 | if !($scfg->{content}->{images} || $scfg->{content}->{rootdir}); |
9c2d4ce9 | 291 | |
27916659 DM |
292 | my $pool = extract_param($param, 'pool'); |
293 | ||
9c2d4ce9 DM |
294 | if (defined($pool)) { |
295 | $rpcenv->check_pool_exist($pool); | |
296 | $rpcenv->check_perm_modify($authuser, "/pool/$pool"); | |
5c752bbf | 297 | } |
9c2d4ce9 | 298 | |
27916659 DM |
299 | $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']); |
300 | ||
9c2d4ce9 DM |
301 | if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) { |
302 | # OK | |
303 | } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) { | |
304 | # OK | |
305 | } elsif ($restore && $force && $same_container_exists && | |
306 | $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) { | |
307 | # OK: user has VM.Backup permissions, and want to restore an existing VM | |
308 | } else { | |
309 | raise_perm_exc(); | |
310 | } | |
311 | ||
52389a07 | 312 | PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]); |
9c2d4ce9 DM |
313 | |
314 | PVE::Storage::activate_storage($storage_cfg, $storage); | |
315 | ||
316 | my $ostemplate = extract_param($param, 'ostemplate'); | |
5c752bbf | 317 | |
9c2d4ce9 DM |
318 | my $archive; |
319 | ||
320 | if ($ostemplate eq '-') { | |
148d1cb4 DM |
321 | die "pipe requires cli environment\n" |
322 | if $rpcenv->{type} ne 'cli'; | |
323 | die "pipe can only be used with restore tasks\n" | |
324 | if !$restore; | |
325 | $archive = '-'; | |
b51a98d4 | 326 | die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs}); |
9c2d4ce9 DM |
327 | } else { |
328 | $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate); | |
329 | $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate); | |
330 | } | |
331 | ||
9c2d4ce9 | 332 | my $conf = {}; |
5b4657d0 | 333 | |
b51a98d4 DM |
334 | my $no_disk_param = {}; |
335 | foreach my $opt (keys %$param) { | |
78ccc99b DM |
336 | my $value = $param->{$opt}; |
337 | if ($opt eq 'rootfs' || $opt =~ m/^mp\d+$/) { | |
338 | # allow to use simple numbers (add default storage in that case) | |
339 | $param->{$opt} = "$storage:$value" if $value =~ m/^\d+(\.\d+)?$/; | |
340 | } else { | |
341 | $no_disk_param->{$opt} = $value; | |
342 | } | |
b51a98d4 DM |
343 | } |
344 | PVE::LXC::update_pct_config($vmid, $conf, 0, $no_disk_param); | |
9c2d4ce9 | 345 | |
148d1cb4 DM |
346 | my $check_vmid_usage = sub { |
347 | if ($force) { | |
5c45496e | 348 | die "can't overwrite running container\n" |
148d1cb4 DM |
349 | if PVE::LXC::check_running($vmid); |
350 | } else { | |
351 | PVE::Cluster::check_vmid_unused($vmid); | |
352 | } | |
353 | }; | |
f507c3a7 | 354 | |
5b4657d0 | 355 | my $code = sub { |
148d1cb4 | 356 | &$check_vmid_usage(); # final check after locking |
87273b2b | 357 | |
148d1cb4 | 358 | PVE::Cluster::check_cfs_quorum(); |
eb35f9c0 | 359 | my $vollist = []; |
27916659 DM |
360 | |
361 | eval { | |
b51a98d4 DM |
362 | if (!defined($param->{rootfs})) { |
363 | if ($restore) { | |
364 | my (undef, $disksize) = PVE::LXC::Create::recover_config($archive); | |
9033ff8b | 365 | $disksize /= 1024 * 1024; # create_disks expects GB as unit size |
b51a98d4 DM |
366 | die "unable to detect disk size - please specify rootfs (size)\n" |
367 | if !$disksize; | |
78ccc99b | 368 | $param->{rootfs} = "$storage:$disksize"; |
b51a98d4 | 369 | } else { |
78ccc99b | 370 | $param->{rootfs} = "$storage:4"; # defaults to 4GB |
b51a98d4 DM |
371 | } |
372 | } | |
373 | ||
4fee75fd | 374 | $vollist = create_disks($storage_cfg, $vmid, $param, $conf); |
eb35f9c0 AD |
375 | |
376 | PVE::LXC::Create::create_rootfs($storage_cfg, $vmid, $conf, $archive, $password, $restore); | |
27916659 DM |
377 | # set some defaults |
378 | $conf->{hostname} ||= "CT$vmid"; | |
379 | $conf->{memory} ||= 512; | |
380 | $conf->{swap} //= 512; | |
27916659 DM |
381 | PVE::LXC::create_config($vmid, $conf); |
382 | }; | |
383 | if (my $err = $@) { | |
1e6c8d5b | 384 | &$destroy_disks($storage_cfg, $vollist); |
27916659 DM |
385 | PVE::LXC::destroy_config($vmid); |
386 | die $err; | |
6d098bf4 | 387 | } |
87273b2b | 388 | PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool; |
9c2d4ce9 | 389 | }; |
5c752bbf | 390 | |
9c2d4ce9 DM |
391 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
392 | ||
148d1cb4 DM |
393 | &$check_vmid_usage(); # first check before locking |
394 | ||
395 | return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate', | |
9c2d4ce9 | 396 | $vmid, $authuser, $realcmd); |
5c752bbf | 397 | |
9c2d4ce9 DM |
398 | }}); |
399 | ||
f76a2828 DM |
400 | __PACKAGE__->register_method({ |
401 | name => 'vmdiridx', | |
5c752bbf | 402 | path => '{vmid}', |
f76a2828 DM |
403 | method => 'GET', |
404 | proxyto => 'node', | |
405 | description => "Directory index", | |
406 | permissions => { | |
407 | user => 'all', | |
408 | }, | |
409 | parameters => { | |
410 | additionalProperties => 0, | |
411 | properties => { | |
412 | node => get_standard_option('pve-node'), | |
413 | vmid => get_standard_option('pve-vmid'), | |
414 | }, | |
415 | }, | |
416 | returns => { | |
417 | type => 'array', | |
418 | items => { | |
419 | type => "object", | |
420 | properties => { | |
421 | subdir => { type => 'string' }, | |
422 | }, | |
423 | }, | |
424 | links => [ { rel => 'child', href => "{subdir}" } ], | |
425 | }, | |
426 | code => sub { | |
427 | my ($param) = @_; | |
428 | ||
429 | # test if VM exists | |
e901d418 | 430 | my $conf = PVE::LXC::load_config($param->{vmid}); |
f76a2828 DM |
431 | |
432 | my $res = [ | |
433 | { subdir => 'config' }, | |
fff3a342 DM |
434 | { subdir => 'status' }, |
435 | { subdir => 'vncproxy' }, | |
436 | { subdir => 'vncwebsocket' }, | |
437 | { subdir => 'spiceproxy' }, | |
438 | { subdir => 'migrate' }, | |
f76a2828 DM |
439 | # { subdir => 'initlog' }, |
440 | { subdir => 'rrd' }, | |
441 | { subdir => 'rrddata' }, | |
442 | { subdir => 'firewall' }, | |
cc5392c8 | 443 | { subdir => 'snapshot' }, |
f76a2828 | 444 | ]; |
5c752bbf | 445 | |
f76a2828 DM |
446 | return $res; |
447 | }}); | |
448 | ||
449 | __PACKAGE__->register_method({ | |
5c752bbf DM |
450 | name => 'rrd', |
451 | path => '{vmid}/rrd', | |
f76a2828 DM |
452 | method => 'GET', |
453 | protected => 1, # fixme: can we avoid that? | |
454 | permissions => { | |
455 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
456 | }, | |
457 | description => "Read VM RRD statistics (returns PNG)", | |
458 | parameters => { | |
459 | additionalProperties => 0, | |
460 | properties => { | |
461 | node => get_standard_option('pve-node'), | |
462 | vmid => get_standard_option('pve-vmid'), | |
463 | timeframe => { | |
464 | description => "Specify the time frame you are interested in.", | |
465 | type => 'string', | |
466 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
467 | }, | |
468 | ds => { | |
469 | description => "The list of datasources you want to display.", | |
470 | type => 'string', format => 'pve-configid-list', | |
471 | }, | |
472 | cf => { | |
473 | description => "The RRD consolidation function", | |
474 | type => 'string', | |
475 | enum => [ 'AVERAGE', 'MAX' ], | |
476 | optional => 1, | |
477 | }, | |
478 | }, | |
479 | }, | |
480 | returns => { | |
481 | type => "object", | |
482 | properties => { | |
483 | filename => { type => 'string' }, | |
484 | }, | |
485 | }, | |
486 | code => sub { | |
487 | my ($param) = @_; | |
488 | ||
489 | return PVE::Cluster::create_rrd_graph( | |
5c752bbf | 490 | "pve2-vm/$param->{vmid}", $param->{timeframe}, |
f76a2828 | 491 | $param->{ds}, $param->{cf}); |
5c752bbf | 492 | |
f76a2828 DM |
493 | }}); |
494 | ||
495 | __PACKAGE__->register_method({ | |
5c752bbf DM |
496 | name => 'rrddata', |
497 | path => '{vmid}/rrddata', | |
f76a2828 DM |
498 | method => 'GET', |
499 | protected => 1, # fixme: can we avoid that? | |
500 | permissions => { | |
501 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
502 | }, | |
503 | description => "Read VM RRD statistics", | |
504 | parameters => { | |
505 | additionalProperties => 0, | |
506 | properties => { | |
507 | node => get_standard_option('pve-node'), | |
508 | vmid => get_standard_option('pve-vmid'), | |
509 | timeframe => { | |
510 | description => "Specify the time frame you are interested in.", | |
511 | type => 'string', | |
512 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
513 | }, | |
514 | cf => { | |
515 | description => "The RRD consolidation function", | |
516 | type => 'string', | |
517 | enum => [ 'AVERAGE', 'MAX' ], | |
518 | optional => 1, | |
519 | }, | |
520 | }, | |
521 | }, | |
522 | returns => { | |
523 | type => "array", | |
524 | items => { | |
525 | type => "object", | |
526 | properties => {}, | |
527 | }, | |
528 | }, | |
529 | code => sub { | |
530 | my ($param) = @_; | |
531 | ||
532 | return PVE::Cluster::create_rrd_data( | |
533 | "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf}); | |
534 | }}); | |
535 | ||
f76a2828 | 536 | __PACKAGE__->register_method({ |
5c752bbf DM |
537 | name => 'destroy_vm', |
538 | path => '{vmid}', | |
f76a2828 DM |
539 | method => 'DELETE', |
540 | protected => 1, | |
541 | proxyto => 'node', | |
542 | description => "Destroy the container (also delete all uses files).", | |
543 | permissions => { | |
544 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
545 | }, | |
546 | parameters => { | |
547 | additionalProperties => 0, | |
548 | properties => { | |
549 | node => get_standard_option('pve-node'), | |
68e8f3c5 | 550 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), |
f76a2828 DM |
551 | }, |
552 | }, | |
5c752bbf | 553 | returns => { |
f76a2828 DM |
554 | type => 'string', |
555 | }, | |
556 | code => sub { | |
557 | my ($param) = @_; | |
558 | ||
559 | my $rpcenv = PVE::RPCEnvironment::get(); | |
560 | ||
561 | my $authuser = $rpcenv->get_user(); | |
562 | ||
563 | my $vmid = $param->{vmid}; | |
564 | ||
565 | # test if container exists | |
673cf209 | 566 | my $conf = PVE::LXC::load_config($vmid); |
f76a2828 | 567 | |
611fe3aa DM |
568 | my $storage_cfg = cfs_read_file("storage.cfg"); |
569 | ||
9d87e069 | 570 | die "unable to remove CT $vmid - used in HA resources\n" |
b6e0b774 AG |
571 | if PVE::HA::Config::vm_is_ha_managed($vmid); |
572 | ||
611fe3aa | 573 | my $code = sub { |
673cf209 DM |
574 | # reload config after lock |
575 | $conf = PVE::LXC::load_config($vmid); | |
576 | PVE::LXC::check_lock($conf); | |
577 | ||
27916659 | 578 | PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf); |
be5fc936 | 579 | PVE::AccessControl::remove_vm_access($vmid); |
2f9b5ead | 580 | PVE::Firewall::remove_vmfw_conf($vmid); |
f76a2828 DM |
581 | }; |
582 | ||
611fe3aa DM |
583 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
584 | ||
f76a2828 DM |
585 | return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd); |
586 | }}); | |
587 | ||
fff3a342 DM |
588 | my $sslcert; |
589 | ||
590 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
591 | name => 'vncproxy', |
592 | path => '{vmid}/vncproxy', | |
fff3a342 DM |
593 | method => 'POST', |
594 | protected => 1, | |
595 | permissions => { | |
596 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
597 | }, | |
598 | description => "Creates a TCP VNC proxy connections.", | |
599 | parameters => { | |
600 | additionalProperties => 0, | |
601 | properties => { | |
602 | node => get_standard_option('pve-node'), | |
603 | vmid => get_standard_option('pve-vmid'), | |
604 | websocket => { | |
605 | optional => 1, | |
606 | type => 'boolean', | |
607 | description => "use websocket instead of standard VNC.", | |
608 | }, | |
609 | }, | |
610 | }, | |
5b4657d0 | 611 | returns => { |
fff3a342 DM |
612 | additionalProperties => 0, |
613 | properties => { | |
614 | user => { type => 'string' }, | |
615 | ticket => { type => 'string' }, | |
616 | cert => { type => 'string' }, | |
617 | port => { type => 'integer' }, | |
618 | upid => { type => 'string' }, | |
619 | }, | |
620 | }, | |
621 | code => sub { | |
622 | my ($param) = @_; | |
623 | ||
624 | my $rpcenv = PVE::RPCEnvironment::get(); | |
625 | ||
626 | my $authuser = $rpcenv->get_user(); | |
627 | ||
628 | my $vmid = $param->{vmid}; | |
629 | my $node = $param->{node}; | |
630 | ||
631 | my $authpath = "/vms/$vmid"; | |
632 | ||
633 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath); | |
634 | ||
635 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) | |
636 | if !$sslcert; | |
637 | ||
ec2c57eb | 638 | my ($remip, $family); |
5b4657d0 | 639 | |
fff3a342 | 640 | if ($node ne PVE::INotify::nodename()) { |
85ae6211 | 641 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
ec2c57eb WB |
642 | } else { |
643 | $family = PVE::Tools::get_host_address_family($node); | |
fff3a342 DM |
644 | } |
645 | ||
ec2c57eb WB |
646 | my $port = PVE::Tools::next_vnc_port($family); |
647 | ||
fff3a342 DM |
648 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
649 | # so we select the fastest chipher here (or 'none'?) | |
5b4657d0 | 650 | my $remcmd = $remip ? |
fff3a342 DM |
651 | ['/usr/bin/ssh', '-t', $remip] : []; |
652 | ||
d18499cf | 653 | my $conf = PVE::LXC::load_config($vmid, $node); |
aca816ad DM |
654 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); |
655 | ||
5b4657d0 DM |
656 | my $shcmd = [ '/usr/bin/dtach', '-A', |
657 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 658 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
659 | |
660 | my $realcmd = sub { | |
661 | my $upid = shift; | |
662 | ||
5b4657d0 | 663 | syslog ('info', "starting lxc vnc proxy $upid\n"); |
fff3a342 | 664 | |
5b4657d0 | 665 | my $timeout = 10; |
fff3a342 DM |
666 | |
667 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, | |
5b4657d0 | 668 | '-timeout', $timeout, '-authpath', $authpath, |
fff3a342 DM |
669 | '-perm', 'VM.Console']; |
670 | ||
671 | if ($param->{websocket}) { | |
5b4657d0 | 672 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
fff3a342 DM |
673 | push @$cmd, '-notls', '-listen', 'localhost'; |
674 | } | |
675 | ||
676 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
677 | ||
678 | run_command($cmd); | |
679 | ||
680 | return; | |
681 | }; | |
682 | ||
683 | my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); | |
684 | ||
685 | PVE::Tools::wait_for_vnc_port($port); | |
686 | ||
687 | return { | |
688 | user => $authuser, | |
689 | ticket => $ticket, | |
5b4657d0 DM |
690 | port => $port, |
691 | upid => $upid, | |
692 | cert => $sslcert, | |
fff3a342 DM |
693 | }; |
694 | }}); | |
695 | ||
696 | __PACKAGE__->register_method({ | |
697 | name => 'vncwebsocket', | |
698 | path => '{vmid}/vncwebsocket', | |
699 | method => 'GET', | |
5b4657d0 | 700 | permissions => { |
fff3a342 DM |
701 | description => "You also need to pass a valid ticket (vncticket).", |
702 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
703 | }, | |
704 | description => "Opens a weksocket for VNC traffic.", | |
705 | parameters => { | |
706 | additionalProperties => 0, | |
707 | properties => { | |
708 | node => get_standard_option('pve-node'), | |
709 | vmid => get_standard_option('pve-vmid'), | |
710 | vncticket => { | |
711 | description => "Ticket from previous call to vncproxy.", | |
712 | type => 'string', | |
713 | maxLength => 512, | |
714 | }, | |
715 | port => { | |
716 | description => "Port number returned by previous vncproxy call.", | |
717 | type => 'integer', | |
718 | minimum => 5900, | |
719 | maximum => 5999, | |
720 | }, | |
721 | }, | |
722 | }, | |
723 | returns => { | |
724 | type => "object", | |
725 | properties => { | |
726 | port => { type => 'string' }, | |
727 | }, | |
728 | }, | |
729 | code => sub { | |
730 | my ($param) = @_; | |
731 | ||
732 | my $rpcenv = PVE::RPCEnvironment::get(); | |
733 | ||
734 | my $authuser = $rpcenv->get_user(); | |
735 | ||
736 | my $authpath = "/vms/$param->{vmid}"; | |
737 | ||
738 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath); | |
739 | ||
740 | my $port = $param->{port}; | |
5b4657d0 | 741 | |
fff3a342 DM |
742 | return { port => $port }; |
743 | }}); | |
744 | ||
745 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
746 | name => 'spiceproxy', |
747 | path => '{vmid}/spiceproxy', | |
fff3a342 DM |
748 | method => 'POST', |
749 | protected => 1, | |
750 | proxyto => 'node', | |
751 | permissions => { | |
752 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
753 | }, | |
754 | description => "Returns a SPICE configuration to connect to the CT.", | |
755 | parameters => { | |
756 | additionalProperties => 0, | |
757 | properties => { | |
758 | node => get_standard_option('pve-node'), | |
759 | vmid => get_standard_option('pve-vmid'), | |
760 | proxy => get_standard_option('spice-proxy', { optional => 1 }), | |
761 | }, | |
762 | }, | |
763 | returns => get_standard_option('remote-viewer-config'), | |
764 | code => sub { | |
765 | my ($param) = @_; | |
766 | ||
767 | my $vmid = $param->{vmid}; | |
768 | my $node = $param->{node}; | |
769 | my $proxy = $param->{proxy}; | |
770 | ||
771 | my $authpath = "/vms/$vmid"; | |
772 | my $permissions = 'VM.Console'; | |
773 | ||
aca816ad | 774 | my $conf = PVE::LXC::load_config($vmid); |
da4db334 TL |
775 | |
776 | die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid); | |
777 | ||
aca816ad DM |
778 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); |
779 | ||
5b4657d0 DM |
780 | my $shcmd = ['/usr/bin/dtach', '-A', |
781 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 782 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
783 | |
784 | my $title = "CT $vmid"; | |
785 | ||
786 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd); | |
787 | }}); | |
5c752bbf | 788 | |
5c752bbf DM |
789 | |
790 | __PACKAGE__->register_method({ | |
52389a07 DM |
791 | name => 'migrate_vm', |
792 | path => '{vmid}/migrate', | |
5c752bbf DM |
793 | method => 'POST', |
794 | protected => 1, | |
795 | proxyto => 'node', | |
52389a07 | 796 | description => "Migrate the container to another node. Creates a new migration task.", |
5c752bbf | 797 | permissions => { |
52389a07 | 798 | check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]], |
5c752bbf DM |
799 | }, |
800 | parameters => { | |
801 | additionalProperties => 0, | |
802 | properties => { | |
803 | node => get_standard_option('pve-node'), | |
68e8f3c5 DM |
804 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), |
805 | target => get_standard_option('pve-node', { | |
806 | description => "Target node.", | |
807 | completion => \&PVE::LXC::complete_migration_target, | |
808 | }), | |
52389a07 DM |
809 | online => { |
810 | type => 'boolean', | |
811 | description => "Use online/live migration.", | |
812 | optional => 1, | |
813 | }, | |
5c752bbf DM |
814 | }, |
815 | }, | |
816 | returns => { | |
817 | type => 'string', | |
52389a07 | 818 | description => "the task ID.", |
5c752bbf DM |
819 | }, |
820 | code => sub { | |
821 | my ($param) = @_; | |
822 | ||
823 | my $rpcenv = PVE::RPCEnvironment::get(); | |
824 | ||
825 | my $authuser = $rpcenv->get_user(); | |
826 | ||
52389a07 | 827 | my $target = extract_param($param, 'target'); |
bb1ac2de | 828 | |
52389a07 DM |
829 | my $localnode = PVE::INotify::nodename(); |
830 | raise_param_exc({ target => "target is local node."}) if $target eq $localnode; | |
bb1ac2de | 831 | |
52389a07 | 832 | PVE::Cluster::check_cfs_quorum(); |
5c752bbf | 833 | |
52389a07 | 834 | PVE::Cluster::check_node_exists($target); |
27916659 | 835 | |
52389a07 | 836 | my $targetip = PVE::Cluster::remote_node_ip($target); |
5c752bbf | 837 | |
52389a07 | 838 | my $vmid = extract_param($param, 'vmid'); |
5c752bbf | 839 | |
52389a07 DM |
840 | # test if VM exists |
841 | PVE::LXC::load_config($vmid); | |
5c752bbf | 842 | |
52389a07 DM |
843 | # try to detect errors early |
844 | if (PVE::LXC::check_running($vmid)) { | |
5c45496e | 845 | die "can't migrate running container without --online\n" |
52389a07 | 846 | if !$param->{online}; |
5c752bbf | 847 | } |
5c752bbf DM |
848 | |
849 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { | |
850 | ||
851 | my $hacmd = sub { | |
852 | my $upid = shift; | |
853 | ||
854 | my $service = "ct:$vmid"; | |
855 | ||
52389a07 | 856 | my $cmd = ['ha-manager', 'migrate', $service, $target]; |
5c752bbf | 857 | |
52389a07 | 858 | print "Executing HA migrate for CT $vmid to node $target\n"; |
5c752bbf DM |
859 | |
860 | PVE::Tools::run_command($cmd); | |
861 | ||
862 | return; | |
863 | }; | |
864 | ||
52389a07 | 865 | return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd); |
5c752bbf DM |
866 | |
867 | } else { | |
868 | ||
869 | my $realcmd = sub { | |
870 | my $upid = shift; | |
871 | ||
6f42807e | 872 | PVE::LXC::Migrate->migrate($target, $targetip, $vmid, $param); |
5c752bbf DM |
873 | |
874 | return; | |
875 | }; | |
876 | ||
52389a07 | 877 | return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd); |
5c752bbf DM |
878 | } |
879 | }}); | |
880 | ||
cc5392c8 WL |
881 | __PACKAGE__->register_method({ |
882 | name => 'vm_feature', | |
883 | path => '{vmid}/feature', | |
884 | method => 'GET', | |
885 | proxyto => 'node', | |
886 | protected => 1, | |
887 | description => "Check if feature for virtual machine is available.", | |
888 | permissions => { | |
889 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
890 | }, | |
891 | parameters => { | |
892 | additionalProperties => 0, | |
893 | properties => { | |
894 | node => get_standard_option('pve-node'), | |
895 | vmid => get_standard_option('pve-vmid'), | |
896 | feature => { | |
897 | description => "Feature to check.", | |
898 | type => 'string', | |
899 | enum => [ 'snapshot' ], | |
900 | }, | |
901 | snapname => get_standard_option('pve-lxc-snapshot-name', { | |
902 | optional => 1, | |
903 | }), | |
904 | }, | |
905 | }, | |
906 | returns => { | |
907 | type => "object", | |
908 | properties => { | |
909 | hasFeature => { type => 'boolean' }, | |
910 | #nodes => { | |
911 | #type => 'array', | |
912 | #items => { type => 'string' }, | |
913 | #} | |
914 | }, | |
915 | }, | |
916 | code => sub { | |
917 | my ($param) = @_; | |
918 | ||
919 | my $node = extract_param($param, 'node'); | |
920 | ||
921 | my $vmid = extract_param($param, 'vmid'); | |
922 | ||
923 | my $snapname = extract_param($param, 'snapname'); | |
924 | ||
925 | my $feature = extract_param($param, 'feature'); | |
926 | ||
927 | my $conf = PVE::LXC::load_config($vmid); | |
928 | ||
929 | if($snapname){ | |
930 | my $snap = $conf->{snapshots}->{$snapname}; | |
931 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
932 | $conf = $snap; | |
933 | } | |
ef241384 | 934 | my $storage_cfg = PVE::Storage::config(); |
cc5392c8 | 935 | #Maybe include later |
ef241384 DM |
936 | #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg); |
937 | my $hasFeature = PVE::LXC::has_feature($feature, $conf, $storage_cfg, $snapname); | |
cc5392c8 WL |
938 | |
939 | return { | |
940 | hasFeature => $hasFeature, | |
941 | #nodes => [ keys %$nodelist ], | |
942 | }; | |
943 | }}); | |
bb1ac2de DM |
944 | |
945 | __PACKAGE__->register_method({ | |
946 | name => 'template', | |
947 | path => '{vmid}/template', | |
948 | method => 'POST', | |
949 | protected => 1, | |
950 | proxyto => 'node', | |
951 | description => "Create a Template.", | |
952 | permissions => { | |
953 | description => "You need 'VM.Allocate' permissions on /vms/{vmid}", | |
954 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
955 | }, | |
956 | parameters => { | |
957 | additionalProperties => 0, | |
958 | properties => { | |
959 | node => get_standard_option('pve-node'), | |
68e8f3c5 | 960 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), |
bb1ac2de DM |
961 | }, |
962 | }, | |
963 | returns => { type => 'null'}, | |
964 | code => sub { | |
965 | my ($param) = @_; | |
966 | ||
967 | my $rpcenv = PVE::RPCEnvironment::get(); | |
968 | ||
969 | my $authuser = $rpcenv->get_user(); | |
970 | ||
971 | my $node = extract_param($param, 'node'); | |
972 | ||
973 | my $vmid = extract_param($param, 'vmid'); | |
974 | ||
975 | my $updatefn = sub { | |
976 | ||
977 | my $conf = PVE::LXC::load_config($vmid); | |
978 | PVE::LXC::check_lock($conf); | |
979 | ||
980 | die "unable to create template, because CT contains snapshots\n" | |
981 | if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}}); | |
982 | ||
983 | die "you can't convert a template to a template\n" | |
984 | if PVE::LXC::is_template($conf); | |
985 | ||
986 | die "you can't convert a CT to template if the CT is running\n" | |
987 | if PVE::LXC::check_running($vmid); | |
988 | ||
989 | my $realcmd = sub { | |
990 | PVE::LXC::template_create($vmid, $conf); | |
991 | }; | |
992 | ||
993 | $conf->{template} = 1; | |
994 | ||
995 | PVE::LXC::write_config($vmid, $conf); | |
996 | # and remove lxc config | |
997 | PVE::LXC::update_lxc_config(undef, $vmid, $conf); | |
998 | ||
999 | return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd); | |
1000 | }; | |
1001 | ||
1002 | PVE::LXC::lock_container($vmid, undef, $updatefn); | |
1003 | ||
1004 | return undef; | |
1005 | }}); | |
1006 | ||
f76a2828 | 1007 | 1; |