]>
Commit | Line | Data |
---|---|---|
f76a2828 DM |
1 | package PVE::API2::LXC; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::SafeSyslog; | |
7 | use PVE::Tools qw(extract_param run_command); | |
8 | use PVE::Exception qw(raise raise_param_exc); | |
9 | use PVE::INotify; | |
9c2d4ce9 | 10 | use PVE::Cluster qw(cfs_read_file); |
f76a2828 | 11 | use PVE::AccessControl; |
2f9b5ead | 12 | use PVE::Firewall; |
f76a2828 DM |
13 | use PVE::Storage; |
14 | use PVE::RESTHandler; | |
15 | use PVE::RPCEnvironment; | |
16 | use PVE::LXC; | |
7af97ad5 | 17 | use PVE::LXC::Create; |
5c752bbf | 18 | use PVE::HA::Config; |
f76a2828 DM |
19 | use PVE::JSONSchema qw(get_standard_option); |
20 | use base qw(PVE::RESTHandler); | |
21 | ||
22 | use Data::Dumper; # fixme: remove | |
23 | ||
f76a2828 DM |
24 | my $check_ct_modify_config_perm = sub { |
25 | my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_; | |
5c752bbf | 26 | |
f76a2828 DM |
27 | return 1 if $authuser ne 'root@pam'; |
28 | ||
29 | foreach my $opt (@$key_list) { | |
30 | ||
31 | if ($opt eq 'cpus' || $opt eq 'cpuunits' || $opt eq 'cpulimit') { | |
32 | $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']); | |
33 | } elsif ($opt eq 'disk') { | |
34 | $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']); | |
35 | } elsif ($opt eq 'memory' || $opt eq 'swap') { | |
36 | $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']); | |
5c752bbf | 37 | } elsif ($opt =~ m/^net\d+$/ || $opt eq 'nameserver' || |
f76a2828 DM |
38 | $opt eq 'searchdomain' || $opt eq 'hostname') { |
39 | $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']); | |
40 | } else { | |
41 | $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']); | |
42 | } | |
43 | } | |
44 | ||
45 | return 1; | |
46 | }; | |
47 | ||
27916659 DM |
48 | my $alloc_rootfs = sub { |
49 | my ($storage_conf, $storage, $disk_size_gb, $vmid) = @_; | |
50 | ||
51 | my $volid; | |
52 | ||
53 | my $size = 4*1024*1024; # defaults to 4G | |
54 | ||
55 | $size = int($disk_size_gb*1024) * 1024 if defined($disk_size_gb); | |
56 | ||
57 | eval { | |
58 | my $scfg = PVE::Storage::storage_config($storage_conf, $storage); | |
59 | # fixme: use better naming ct-$vmid-disk-X.raw? | |
60 | ||
61 | if ($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs') { | |
62 | if ($size > 0) { | |
63 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'raw', | |
3d8cbc23 | 64 | undef, $size); |
27916659 DM |
65 | } else { |
66 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'subvol', | |
3d8cbc23 | 67 | undef, 0); |
27916659 DM |
68 | } |
69 | } elsif ($scfg->{type} eq 'zfspool') { | |
70 | ||
71 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'subvol', | |
3d8cbc23 | 72 | undef, $size); |
644f2f8f DM |
73 | } elsif ($scfg->{type} eq 'drbd') { |
74 | ||
75 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'raw', undef, $size); | |
63f2ddfb AD |
76 | |
77 | } elsif ($scfg->{type} eq 'rbd') { | |
78 | ||
79 | die "krbd option must be enabled on storage type '$scfg->{type}'\n" if !$scfg->{krbd}; | |
80 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'raw', undef, $size); | |
81 | ||
27916659 DM |
82 | } else { |
83 | die "unable to create containers on storage type '$scfg->{type}'\n"; | |
84 | } | |
85 | }; | |
86 | if (my $err = $@) { | |
87 | # cleanup | |
88 | eval { PVE::Storage::vdisk_free($storage_conf, $volid) if $volid; }; | |
89 | warn $@ if $@; | |
90 | die $err; | |
91 | } | |
92 | ||
93 | return $volid; | |
94 | }; | |
95 | ||
489e960d WL |
96 | PVE::JSONSchema::register_standard_option('pve-lxc-snapshot-name', { |
97 | description => "The name of the snapshot.", | |
98 | type => 'string', format => 'pve-configid', | |
99 | maxLength => 40, | |
100 | }); | |
f76a2828 DM |
101 | |
102 | __PACKAGE__->register_method({ | |
5c752bbf DM |
103 | name => 'vmlist', |
104 | path => '', | |
f76a2828 DM |
105 | method => 'GET', |
106 | description => "LXC container index (per node).", | |
107 | permissions => { | |
108 | description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.", | |
109 | user => 'all', | |
110 | }, | |
111 | proxyto => 'node', | |
112 | protected => 1, # /proc files are only readable by root | |
113 | parameters => { | |
114 | additionalProperties => 0, | |
115 | properties => { | |
116 | node => get_standard_option('pve-node'), | |
117 | }, | |
118 | }, | |
119 | returns => { | |
120 | type => 'array', | |
121 | items => { | |
122 | type => "object", | |
123 | properties => {}, | |
124 | }, | |
125 | links => [ { rel => 'child', href => "{vmid}" } ], | |
126 | }, | |
127 | code => sub { | |
128 | my ($param) = @_; | |
129 | ||
130 | my $rpcenv = PVE::RPCEnvironment::get(); | |
131 | my $authuser = $rpcenv->get_user(); | |
132 | ||
133 | my $vmstatus = PVE::LXC::vmstatus(); | |
134 | ||
135 | my $res = []; | |
136 | foreach my $vmid (keys %$vmstatus) { | |
137 | next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1); | |
138 | ||
139 | my $data = $vmstatus->{$vmid}; | |
140 | $data->{vmid} = $vmid; | |
141 | push @$res, $data; | |
142 | } | |
143 | ||
144 | return $res; | |
5c752bbf | 145 | |
f76a2828 DM |
146 | }}); |
147 | ||
9c2d4ce9 | 148 | __PACKAGE__->register_method({ |
5c752bbf DM |
149 | name => 'create_vm', |
150 | path => '', | |
9c2d4ce9 DM |
151 | method => 'POST', |
152 | description => "Create or restore a container.", | |
153 | permissions => { | |
154 | user => 'all', # check inside | |
155 | description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " . | |
156 | "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " . | |
157 | "You also need 'Datastore.AllocateSpace' permissions on the storage.", | |
158 | }, | |
159 | protected => 1, | |
160 | proxyto => 'node', | |
161 | parameters => { | |
162 | additionalProperties => 0, | |
27916659 | 163 | properties => PVE::LXC::json_config_properties_no_rootfs({ |
9c2d4ce9 DM |
164 | node => get_standard_option('pve-node'), |
165 | vmid => get_standard_option('pve-vmid'), | |
166 | ostemplate => { | |
167 | description => "The OS template or backup file.", | |
5c752bbf | 168 | type => 'string', |
9c2d4ce9 DM |
169 | maxLength => 255, |
170 | }, | |
5c752bbf DM |
171 | password => { |
172 | optional => 1, | |
9c2d4ce9 DM |
173 | type => 'string', |
174 | description => "Sets root password inside container.", | |
168d6b07 | 175 | minLength => 5, |
9c2d4ce9 DM |
176 | }, |
177 | storage => get_standard_option('pve-storage-id', { | |
178 | description => "Target storage.", | |
179 | default => 'local', | |
180 | optional => 1, | |
181 | }), | |
27916659 DM |
182 | size => { |
183 | optional => 1, | |
184 | type => 'number', | |
185 | description => "Amount of disk space for the VM in GB. A zero indicates no limits.", | |
186 | minimum => 0, | |
187 | default => 4, | |
188 | }, | |
9c2d4ce9 | 189 | force => { |
5c752bbf | 190 | optional => 1, |
9c2d4ce9 DM |
191 | type => 'boolean', |
192 | description => "Allow to overwrite existing container.", | |
193 | }, | |
194 | restore => { | |
5c752bbf | 195 | optional => 1, |
9c2d4ce9 DM |
196 | type => 'boolean', |
197 | description => "Mark this as restore task.", | |
198 | }, | |
5c752bbf | 199 | pool => { |
9c2d4ce9 DM |
200 | optional => 1, |
201 | type => 'string', format => 'pve-poolid', | |
202 | description => "Add the VM to the specified pool.", | |
203 | }, | |
204 | }), | |
205 | }, | |
5c752bbf | 206 | returns => { |
9c2d4ce9 DM |
207 | type => 'string', |
208 | }, | |
209 | code => sub { | |
210 | my ($param) = @_; | |
211 | ||
212 | my $rpcenv = PVE::RPCEnvironment::get(); | |
213 | ||
214 | my $authuser = $rpcenv->get_user(); | |
215 | ||
216 | my $node = extract_param($param, 'node'); | |
217 | ||
218 | my $vmid = extract_param($param, 'vmid'); | |
219 | ||
220 | my $basecfg_fn = PVE::LXC::config_file($vmid); | |
221 | ||
222 | my $same_container_exists = -f $basecfg_fn; | |
223 | ||
224 | my $restore = extract_param($param, 'restore'); | |
225 | ||
148d1cb4 DM |
226 | if ($restore) { |
227 | # fixme: limit allowed parameters | |
228 | ||
229 | } | |
230 | ||
9c2d4ce9 DM |
231 | my $force = extract_param($param, 'force'); |
232 | ||
233 | if (!($same_container_exists && $restore && $force)) { | |
234 | PVE::Cluster::check_vmid_unused($vmid); | |
235 | } | |
5c752bbf | 236 | |
9c2d4ce9 DM |
237 | my $password = extract_param($param, 'password'); |
238 | ||
27916659 | 239 | my $disksize = extract_param($param, 'size'); |
5c752bbf | 240 | |
27916659 DM |
241 | my $storage = extract_param($param, 'storage') // 'local'; |
242 | ||
9c2d4ce9 DM |
243 | my $storage_cfg = cfs_read_file("storage.cfg"); |
244 | ||
245 | my $scfg = PVE::Storage::storage_check_node($storage_cfg, $storage, $node); | |
246 | ||
247 | raise_param_exc({ storage => "storage '$storage' does not support container root directories"}) | |
644f2f8f | 248 | if !($scfg->{content}->{images} || $scfg->{content}->{rootdir}); |
9c2d4ce9 | 249 | |
27916659 DM |
250 | my $pool = extract_param($param, 'pool'); |
251 | ||
9c2d4ce9 DM |
252 | if (defined($pool)) { |
253 | $rpcenv->check_pool_exist($pool); | |
254 | $rpcenv->check_perm_modify($authuser, "/pool/$pool"); | |
5c752bbf | 255 | } |
9c2d4ce9 | 256 | |
27916659 DM |
257 | $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']); |
258 | ||
9c2d4ce9 DM |
259 | if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) { |
260 | # OK | |
261 | } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) { | |
262 | # OK | |
263 | } elsif ($restore && $force && $same_container_exists && | |
264 | $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) { | |
265 | # OK: user has VM.Backup permissions, and want to restore an existing VM | |
266 | } else { | |
267 | raise_perm_exc(); | |
268 | } | |
269 | ||
270 | &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]); | |
271 | ||
272 | PVE::Storage::activate_storage($storage_cfg, $storage); | |
273 | ||
274 | my $ostemplate = extract_param($param, 'ostemplate'); | |
5c752bbf | 275 | |
9c2d4ce9 DM |
276 | my $archive; |
277 | ||
278 | if ($ostemplate eq '-') { | |
148d1cb4 DM |
279 | die "pipe requires cli environment\n" |
280 | if $rpcenv->{type} ne 'cli'; | |
281 | die "pipe can only be used with restore tasks\n" | |
282 | if !$restore; | |
27916659 DM |
283 | die "pipe requires --size parameter\n" |
284 | if !defined($disksize); | |
148d1cb4 | 285 | $archive = '-'; |
9c2d4ce9 DM |
286 | } else { |
287 | $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate); | |
288 | $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate); | |
289 | } | |
290 | ||
9c2d4ce9 | 291 | my $conf = {}; |
5b4657d0 | 292 | |
27916659 | 293 | PVE::LXC::update_pct_config($vmid, $conf, 0, $param); |
9c2d4ce9 | 294 | |
148d1cb4 DM |
295 | my $check_vmid_usage = sub { |
296 | if ($force) { | |
297 | die "cant overwrite running container\n" | |
298 | if PVE::LXC::check_running($vmid); | |
299 | } else { | |
300 | PVE::Cluster::check_vmid_unused($vmid); | |
301 | } | |
302 | }; | |
f507c3a7 | 303 | |
5b4657d0 | 304 | my $code = sub { |
148d1cb4 | 305 | &$check_vmid_usage(); # final check after locking |
87273b2b | 306 | |
148d1cb4 DM |
307 | PVE::Cluster::check_cfs_quorum(); |
308 | ||
27916659 DM |
309 | my $volid; |
310 | ||
311 | eval { | |
312 | if (!defined($disksize)) { | |
313 | if ($restore) { | |
7af97ad5 | 314 | (undef, $disksize) = PVE::LXC::Create::recover_config($archive); |
27916659 DM |
315 | die "unable to detect disk size - please specify with --size\n" |
316 | if !$disksize; | |
317 | } else { | |
318 | $disksize = 4; | |
319 | } | |
320 | } | |
321 | $volid = &$alloc_rootfs($storage_cfg, $storage, $disksize, $vmid); | |
322 | ||
7af97ad5 DM |
323 | PVE::LXC::Create::create_rootfs($storage_cfg, $storage, $volid, $vmid, $conf, |
324 | $archive, $password, $restore); | |
27916659 | 325 | |
dde7b02b | 326 | $conf->{rootfs} = PVE::LXC::print_ct_mountpoint({volume => $volid, size => $disksize }); |
27916659 DM |
327 | |
328 | # set some defaults | |
329 | $conf->{hostname} ||= "CT$vmid"; | |
330 | $conf->{memory} ||= 512; | |
331 | $conf->{swap} //= 512; | |
332 | ||
333 | PVE::LXC::create_config($vmid, $conf); | |
334 | }; | |
335 | if (my $err = $@) { | |
336 | eval { PVE::Storage::vdisk_free($storage_cfg, $volid) if $volid; }; | |
337 | warn $@ if $@; | |
338 | PVE::LXC::destroy_config($vmid); | |
339 | die $err; | |
6d098bf4 | 340 | } |
87273b2b | 341 | PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool; |
9c2d4ce9 | 342 | }; |
5c752bbf | 343 | |
9c2d4ce9 DM |
344 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
345 | ||
148d1cb4 DM |
346 | &$check_vmid_usage(); # first check before locking |
347 | ||
348 | return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate', | |
9c2d4ce9 | 349 | $vmid, $authuser, $realcmd); |
5c752bbf | 350 | |
9c2d4ce9 DM |
351 | }}); |
352 | ||
f76a2828 | 353 | my $vm_config_perm_list = [ |
5c752bbf DM |
354 | 'VM.Config.Disk', |
355 | 'VM.Config.CPU', | |
356 | 'VM.Config.Memory', | |
357 | 'VM.Config.Network', | |
f76a2828 DM |
358 | 'VM.Config.Options', |
359 | ]; | |
360 | ||
361 | __PACKAGE__->register_method({ | |
5c752bbf DM |
362 | name => 'update_vm', |
363 | path => '{vmid}/config', | |
f76a2828 DM |
364 | method => 'PUT', |
365 | protected => 1, | |
366 | proxyto => 'node', | |
367 | description => "Set container options.", | |
368 | permissions => { | |
369 | check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1], | |
370 | }, | |
371 | parameters => { | |
372 | additionalProperties => 0, | |
373 | properties => PVE::LXC::json_config_properties( | |
374 | { | |
375 | node => get_standard_option('pve-node'), | |
376 | vmid => get_standard_option('pve-vmid'), | |
ec52ac21 DM |
377 | delete => { |
378 | type => 'string', format => 'pve-configid-list', | |
379 | description => "A list of settings you want to delete.", | |
380 | optional => 1, | |
381 | }, | |
f76a2828 DM |
382 | digest => { |
383 | type => 'string', | |
384 | description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.', | |
385 | maxLength => 40, | |
5c752bbf | 386 | optional => 1, |
f76a2828 DM |
387 | } |
388 | }), | |
389 | }, | |
390 | returns => { type => 'null'}, | |
391 | code => sub { | |
392 | my ($param) = @_; | |
393 | ||
394 | my $rpcenv = PVE::RPCEnvironment::get(); | |
395 | ||
396 | my $authuser = $rpcenv->get_user(); | |
397 | ||
398 | my $node = extract_param($param, 'node'); | |
399 | ||
400 | my $vmid = extract_param($param, 'vmid'); | |
401 | ||
402 | my $digest = extract_param($param, 'digest'); | |
403 | ||
404 | die "no options specified\n" if !scalar(keys %$param); | |
405 | ||
ec52ac21 DM |
406 | my $delete_str = extract_param($param, 'delete'); |
407 | my @delete = PVE::Tools::split_list($delete_str); | |
5c752bbf | 408 | |
ec52ac21 | 409 | &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]); |
5c752bbf | 410 | |
ec52ac21 DM |
411 | foreach my $opt (@delete) { |
412 | raise_param_exc({ delete => "you can't use '-$opt' and " . | |
413 | "-delete $opt' at the same time" }) | |
414 | if defined($param->{$opt}); | |
5c752bbf | 415 | |
ec52ac21 DM |
416 | if (!PVE::LXC::option_exists($opt)) { |
417 | raise_param_exc({ delete => "unknown option '$opt'" }); | |
418 | } | |
419 | } | |
420 | ||
f76a2828 DM |
421 | &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]); |
422 | ||
27916659 DM |
423 | my $storage_cfg = cfs_read_file("storage.cfg"); |
424 | ||
f76a2828 DM |
425 | my $code = sub { |
426 | ||
427 | my $conf = PVE::LXC::load_config($vmid); | |
673cf209 | 428 | PVE::LXC::check_lock($conf); |
f76a2828 DM |
429 | |
430 | PVE::Tools::assert_if_modified($digest, $conf->{digest}); | |
431 | ||
93285df8 | 432 | my $running = PVE::LXC::check_running($vmid); |
ec52ac21 | 433 | |
27916659 | 434 | PVE::LXC::update_pct_config($vmid, $conf, $running, $param, \@delete); |
ec52ac21 DM |
435 | |
436 | PVE::LXC::write_config($vmid, $conf); | |
27916659 | 437 | PVE::LXC::update_lxc_config($storage_cfg, $vmid, $conf); |
f76a2828 DM |
438 | }; |
439 | ||
440 | PVE::LXC::lock_container($vmid, undef, $code); | |
441 | ||
442 | return undef; | |
443 | }}); | |
444 | ||
445 | __PACKAGE__->register_method ({ | |
5c752bbf | 446 | subclass => "PVE::API2::Firewall::CT", |
f76a2828 DM |
447 | path => '{vmid}/firewall', |
448 | }); | |
449 | ||
450 | __PACKAGE__->register_method({ | |
451 | name => 'vmdiridx', | |
5c752bbf | 452 | path => '{vmid}', |
f76a2828 DM |
453 | method => 'GET', |
454 | proxyto => 'node', | |
455 | description => "Directory index", | |
456 | permissions => { | |
457 | user => 'all', | |
458 | }, | |
459 | parameters => { | |
460 | additionalProperties => 0, | |
461 | properties => { | |
462 | node => get_standard_option('pve-node'), | |
463 | vmid => get_standard_option('pve-vmid'), | |
464 | }, | |
465 | }, | |
466 | returns => { | |
467 | type => 'array', | |
468 | items => { | |
469 | type => "object", | |
470 | properties => { | |
471 | subdir => { type => 'string' }, | |
472 | }, | |
473 | }, | |
474 | links => [ { rel => 'child', href => "{subdir}" } ], | |
475 | }, | |
476 | code => sub { | |
477 | my ($param) = @_; | |
478 | ||
479 | # test if VM exists | |
e901d418 | 480 | my $conf = PVE::LXC::load_config($param->{vmid}); |
f76a2828 DM |
481 | |
482 | my $res = [ | |
483 | { subdir => 'config' }, | |
fff3a342 DM |
484 | { subdir => 'status' }, |
485 | { subdir => 'vncproxy' }, | |
486 | { subdir => 'vncwebsocket' }, | |
487 | { subdir => 'spiceproxy' }, | |
488 | { subdir => 'migrate' }, | |
f76a2828 DM |
489 | # { subdir => 'initlog' }, |
490 | { subdir => 'rrd' }, | |
491 | { subdir => 'rrddata' }, | |
492 | { subdir => 'firewall' }, | |
cc5392c8 | 493 | { subdir => 'snapshot' }, |
f76a2828 | 494 | ]; |
5c752bbf | 495 | |
f76a2828 DM |
496 | return $res; |
497 | }}); | |
498 | ||
499 | __PACKAGE__->register_method({ | |
5c752bbf DM |
500 | name => 'rrd', |
501 | path => '{vmid}/rrd', | |
f76a2828 DM |
502 | method => 'GET', |
503 | protected => 1, # fixme: can we avoid that? | |
504 | permissions => { | |
505 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
506 | }, | |
507 | description => "Read VM RRD statistics (returns PNG)", | |
508 | parameters => { | |
509 | additionalProperties => 0, | |
510 | properties => { | |
511 | node => get_standard_option('pve-node'), | |
512 | vmid => get_standard_option('pve-vmid'), | |
513 | timeframe => { | |
514 | description => "Specify the time frame you are interested in.", | |
515 | type => 'string', | |
516 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
517 | }, | |
518 | ds => { | |
519 | description => "The list of datasources you want to display.", | |
520 | type => 'string', format => 'pve-configid-list', | |
521 | }, | |
522 | cf => { | |
523 | description => "The RRD consolidation function", | |
524 | type => 'string', | |
525 | enum => [ 'AVERAGE', 'MAX' ], | |
526 | optional => 1, | |
527 | }, | |
528 | }, | |
529 | }, | |
530 | returns => { | |
531 | type => "object", | |
532 | properties => { | |
533 | filename => { type => 'string' }, | |
534 | }, | |
535 | }, | |
536 | code => sub { | |
537 | my ($param) = @_; | |
538 | ||
539 | return PVE::Cluster::create_rrd_graph( | |
5c752bbf | 540 | "pve2-vm/$param->{vmid}", $param->{timeframe}, |
f76a2828 | 541 | $param->{ds}, $param->{cf}); |
5c752bbf | 542 | |
f76a2828 DM |
543 | }}); |
544 | ||
545 | __PACKAGE__->register_method({ | |
5c752bbf DM |
546 | name => 'rrddata', |
547 | path => '{vmid}/rrddata', | |
f76a2828 DM |
548 | method => 'GET', |
549 | protected => 1, # fixme: can we avoid that? | |
550 | permissions => { | |
551 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
552 | }, | |
553 | description => "Read VM RRD statistics", | |
554 | parameters => { | |
555 | additionalProperties => 0, | |
556 | properties => { | |
557 | node => get_standard_option('pve-node'), | |
558 | vmid => get_standard_option('pve-vmid'), | |
559 | timeframe => { | |
560 | description => "Specify the time frame you are interested in.", | |
561 | type => 'string', | |
562 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
563 | }, | |
564 | cf => { | |
565 | description => "The RRD consolidation function", | |
566 | type => 'string', | |
567 | enum => [ 'AVERAGE', 'MAX' ], | |
568 | optional => 1, | |
569 | }, | |
570 | }, | |
571 | }, | |
572 | returns => { | |
573 | type => "array", | |
574 | items => { | |
575 | type => "object", | |
576 | properties => {}, | |
577 | }, | |
578 | }, | |
579 | code => sub { | |
580 | my ($param) = @_; | |
581 | ||
582 | return PVE::Cluster::create_rrd_data( | |
583 | "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf}); | |
584 | }}); | |
585 | ||
586 | ||
587 | __PACKAGE__->register_method({ | |
5c752bbf DM |
588 | name => 'vm_config', |
589 | path => '{vmid}/config', | |
f76a2828 DM |
590 | method => 'GET', |
591 | proxyto => 'node', | |
592 | description => "Get container configuration.", | |
593 | permissions => { | |
594 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
595 | }, | |
596 | parameters => { | |
597 | additionalProperties => 0, | |
598 | properties => { | |
599 | node => get_standard_option('pve-node'), | |
600 | vmid => get_standard_option('pve-vmid'), | |
601 | }, | |
602 | }, | |
5c752bbf | 603 | returns => { |
f76a2828 DM |
604 | type => "object", |
605 | properties => { | |
606 | digest => { | |
607 | type => 'string', | |
608 | description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.', | |
609 | } | |
610 | }, | |
611 | }, | |
612 | code => sub { | |
613 | my ($param) = @_; | |
614 | ||
27916659 | 615 | my $conf = PVE::LXC::load_config($param->{vmid}); |
f76a2828 | 616 | |
27916659 | 617 | delete $conf->{snapshots}; |
e576f689 | 618 | delete $conf->{lxc}; |
f76a2828 | 619 | |
f76a2828 DM |
620 | return $conf; |
621 | }}); | |
622 | ||
623 | __PACKAGE__->register_method({ | |
5c752bbf DM |
624 | name => 'destroy_vm', |
625 | path => '{vmid}', | |
f76a2828 DM |
626 | method => 'DELETE', |
627 | protected => 1, | |
628 | proxyto => 'node', | |
629 | description => "Destroy the container (also delete all uses files).", | |
630 | permissions => { | |
631 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
632 | }, | |
633 | parameters => { | |
634 | additionalProperties => 0, | |
635 | properties => { | |
636 | node => get_standard_option('pve-node'), | |
637 | vmid => get_standard_option('pve-vmid'), | |
638 | }, | |
639 | }, | |
5c752bbf | 640 | returns => { |
f76a2828 DM |
641 | type => 'string', |
642 | }, | |
643 | code => sub { | |
644 | my ($param) = @_; | |
645 | ||
646 | my $rpcenv = PVE::RPCEnvironment::get(); | |
647 | ||
648 | my $authuser = $rpcenv->get_user(); | |
649 | ||
650 | my $vmid = $param->{vmid}; | |
651 | ||
652 | # test if container exists | |
673cf209 | 653 | my $conf = PVE::LXC::load_config($vmid); |
f76a2828 | 654 | |
611fe3aa DM |
655 | my $storage_cfg = cfs_read_file("storage.cfg"); |
656 | ||
657 | my $code = sub { | |
673cf209 DM |
658 | # reload config after lock |
659 | $conf = PVE::LXC::load_config($vmid); | |
660 | PVE::LXC::check_lock($conf); | |
661 | ||
27916659 | 662 | PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf); |
be5fc936 | 663 | PVE::AccessControl::remove_vm_access($vmid); |
2f9b5ead | 664 | PVE::Firewall::remove_vmfw_conf($vmid); |
f76a2828 DM |
665 | }; |
666 | ||
611fe3aa DM |
667 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
668 | ||
f76a2828 DM |
669 | return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd); |
670 | }}); | |
671 | ||
fff3a342 DM |
672 | my $sslcert; |
673 | ||
674 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
675 | name => 'vncproxy', |
676 | path => '{vmid}/vncproxy', | |
fff3a342 DM |
677 | method => 'POST', |
678 | protected => 1, | |
679 | permissions => { | |
680 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
681 | }, | |
682 | description => "Creates a TCP VNC proxy connections.", | |
683 | parameters => { | |
684 | additionalProperties => 0, | |
685 | properties => { | |
686 | node => get_standard_option('pve-node'), | |
687 | vmid => get_standard_option('pve-vmid'), | |
688 | websocket => { | |
689 | optional => 1, | |
690 | type => 'boolean', | |
691 | description => "use websocket instead of standard VNC.", | |
692 | }, | |
693 | }, | |
694 | }, | |
5b4657d0 | 695 | returns => { |
fff3a342 DM |
696 | additionalProperties => 0, |
697 | properties => { | |
698 | user => { type => 'string' }, | |
699 | ticket => { type => 'string' }, | |
700 | cert => { type => 'string' }, | |
701 | port => { type => 'integer' }, | |
702 | upid => { type => 'string' }, | |
703 | }, | |
704 | }, | |
705 | code => sub { | |
706 | my ($param) = @_; | |
707 | ||
708 | my $rpcenv = PVE::RPCEnvironment::get(); | |
709 | ||
710 | my $authuser = $rpcenv->get_user(); | |
711 | ||
712 | my $vmid = $param->{vmid}; | |
713 | my $node = $param->{node}; | |
714 | ||
715 | my $authpath = "/vms/$vmid"; | |
716 | ||
717 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath); | |
718 | ||
719 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) | |
720 | if !$sslcert; | |
721 | ||
ec2c57eb | 722 | my ($remip, $family); |
5b4657d0 | 723 | |
fff3a342 | 724 | if ($node ne PVE::INotify::nodename()) { |
85ae6211 | 725 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
ec2c57eb WB |
726 | } else { |
727 | $family = PVE::Tools::get_host_address_family($node); | |
fff3a342 DM |
728 | } |
729 | ||
ec2c57eb WB |
730 | my $port = PVE::Tools::next_vnc_port($family); |
731 | ||
fff3a342 DM |
732 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
733 | # so we select the fastest chipher here (or 'none'?) | |
5b4657d0 | 734 | my $remcmd = $remip ? |
fff3a342 DM |
735 | ['/usr/bin/ssh', '-t', $remip] : []; |
736 | ||
aca816ad DM |
737 | my $conf = PVE::LXC::load_config($vmid); |
738 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); | |
739 | ||
5b4657d0 DM |
740 | my $shcmd = [ '/usr/bin/dtach', '-A', |
741 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 742 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
743 | |
744 | my $realcmd = sub { | |
745 | my $upid = shift; | |
746 | ||
5b4657d0 | 747 | syslog ('info', "starting lxc vnc proxy $upid\n"); |
fff3a342 | 748 | |
5b4657d0 | 749 | my $timeout = 10; |
fff3a342 DM |
750 | |
751 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, | |
5b4657d0 | 752 | '-timeout', $timeout, '-authpath', $authpath, |
fff3a342 DM |
753 | '-perm', 'VM.Console']; |
754 | ||
755 | if ($param->{websocket}) { | |
5b4657d0 | 756 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
fff3a342 DM |
757 | push @$cmd, '-notls', '-listen', 'localhost'; |
758 | } | |
759 | ||
760 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
761 | ||
762 | run_command($cmd); | |
763 | ||
764 | return; | |
765 | }; | |
766 | ||
767 | my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); | |
768 | ||
769 | PVE::Tools::wait_for_vnc_port($port); | |
770 | ||
771 | return { | |
772 | user => $authuser, | |
773 | ticket => $ticket, | |
5b4657d0 DM |
774 | port => $port, |
775 | upid => $upid, | |
776 | cert => $sslcert, | |
fff3a342 DM |
777 | }; |
778 | }}); | |
779 | ||
780 | __PACKAGE__->register_method({ | |
781 | name => 'vncwebsocket', | |
782 | path => '{vmid}/vncwebsocket', | |
783 | method => 'GET', | |
5b4657d0 | 784 | permissions => { |
fff3a342 DM |
785 | description => "You also need to pass a valid ticket (vncticket).", |
786 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
787 | }, | |
788 | description => "Opens a weksocket for VNC traffic.", | |
789 | parameters => { | |
790 | additionalProperties => 0, | |
791 | properties => { | |
792 | node => get_standard_option('pve-node'), | |
793 | vmid => get_standard_option('pve-vmid'), | |
794 | vncticket => { | |
795 | description => "Ticket from previous call to vncproxy.", | |
796 | type => 'string', | |
797 | maxLength => 512, | |
798 | }, | |
799 | port => { | |
800 | description => "Port number returned by previous vncproxy call.", | |
801 | type => 'integer', | |
802 | minimum => 5900, | |
803 | maximum => 5999, | |
804 | }, | |
805 | }, | |
806 | }, | |
807 | returns => { | |
808 | type => "object", | |
809 | properties => { | |
810 | port => { type => 'string' }, | |
811 | }, | |
812 | }, | |
813 | code => sub { | |
814 | my ($param) = @_; | |
815 | ||
816 | my $rpcenv = PVE::RPCEnvironment::get(); | |
817 | ||
818 | my $authuser = $rpcenv->get_user(); | |
819 | ||
820 | my $authpath = "/vms/$param->{vmid}"; | |
821 | ||
822 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath); | |
823 | ||
824 | my $port = $param->{port}; | |
5b4657d0 | 825 | |
fff3a342 DM |
826 | return { port => $port }; |
827 | }}); | |
828 | ||
829 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
830 | name => 'spiceproxy', |
831 | path => '{vmid}/spiceproxy', | |
fff3a342 DM |
832 | method => 'POST', |
833 | protected => 1, | |
834 | proxyto => 'node', | |
835 | permissions => { | |
836 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
837 | }, | |
838 | description => "Returns a SPICE configuration to connect to the CT.", | |
839 | parameters => { | |
840 | additionalProperties => 0, | |
841 | properties => { | |
842 | node => get_standard_option('pve-node'), | |
843 | vmid => get_standard_option('pve-vmid'), | |
844 | proxy => get_standard_option('spice-proxy', { optional => 1 }), | |
845 | }, | |
846 | }, | |
847 | returns => get_standard_option('remote-viewer-config'), | |
848 | code => sub { | |
849 | my ($param) = @_; | |
850 | ||
851 | my $vmid = $param->{vmid}; | |
852 | my $node = $param->{node}; | |
853 | my $proxy = $param->{proxy}; | |
854 | ||
855 | my $authpath = "/vms/$vmid"; | |
856 | my $permissions = 'VM.Console'; | |
857 | ||
aca816ad DM |
858 | my $conf = PVE::LXC::load_config($vmid); |
859 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); | |
860 | ||
5b4657d0 DM |
861 | my $shcmd = ['/usr/bin/dtach', '-A', |
862 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 863 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
864 | |
865 | my $title = "CT $vmid"; | |
866 | ||
867 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd); | |
868 | }}); | |
5c752bbf DM |
869 | |
870 | __PACKAGE__->register_method({ | |
871 | name => 'vmcmdidx', | |
872 | path => '{vmid}/status', | |
873 | method => 'GET', | |
874 | proxyto => 'node', | |
875 | description => "Directory index", | |
876 | permissions => { | |
877 | user => 'all', | |
878 | }, | |
879 | parameters => { | |
880 | additionalProperties => 0, | |
881 | properties => { | |
882 | node => get_standard_option('pve-node'), | |
883 | vmid => get_standard_option('pve-vmid'), | |
884 | }, | |
885 | }, | |
886 | returns => { | |
887 | type => 'array', | |
888 | items => { | |
889 | type => "object", | |
890 | properties => { | |
891 | subdir => { type => 'string' }, | |
892 | }, | |
893 | }, | |
894 | links => [ { rel => 'child', href => "{subdir}" } ], | |
895 | }, | |
896 | code => sub { | |
897 | my ($param) = @_; | |
898 | ||
899 | # test if VM exists | |
a468f934 | 900 | my $conf = PVE::LXC::load_config($param->{vmid}); |
5c752bbf DM |
901 | |
902 | my $res = [ | |
903 | { subdir => 'current' }, | |
904 | { subdir => 'start' }, | |
905 | { subdir => 'stop' }, | |
906 | { subdir => 'shutdown' }, | |
907 | { subdir => 'migrate' }, | |
908 | ]; | |
909 | ||
910 | return $res; | |
911 | }}); | |
912 | ||
913 | __PACKAGE__->register_method({ | |
914 | name => 'vm_status', | |
915 | path => '{vmid}/status/current', | |
916 | method => 'GET', | |
917 | proxyto => 'node', | |
918 | protected => 1, # openvz /proc entries are only readable by root | |
919 | description => "Get virtual machine status.", | |
920 | permissions => { | |
921 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
922 | }, | |
923 | parameters => { | |
924 | additionalProperties => 0, | |
925 | properties => { | |
926 | node => get_standard_option('pve-node'), | |
927 | vmid => get_standard_option('pve-vmid'), | |
928 | }, | |
929 | }, | |
930 | returns => { type => 'object' }, | |
931 | code => sub { | |
932 | my ($param) = @_; | |
933 | ||
934 | # test if VM exists | |
935 | my $conf = PVE::LXC::load_config($param->{vmid}); | |
936 | ||
937 | my $vmstatus = PVE::LXC::vmstatus($param->{vmid}); | |
938 | my $status = $vmstatus->{$param->{vmid}}; | |
939 | ||
940 | $status->{ha} = PVE::HA::Config::vm_is_ha_managed($param->{vmid}) ? 1 : 0; | |
941 | ||
942 | return $status; | |
943 | }}); | |
944 | ||
945 | __PACKAGE__->register_method({ | |
946 | name => 'vm_start', | |
947 | path => '{vmid}/status/start', | |
948 | method => 'POST', | |
949 | protected => 1, | |
950 | proxyto => 'node', | |
951 | description => "Start the container.", | |
952 | permissions => { | |
953 | check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], | |
954 | }, | |
955 | parameters => { | |
956 | additionalProperties => 0, | |
957 | properties => { | |
958 | node => get_standard_option('pve-node'), | |
959 | vmid => get_standard_option('pve-vmid'), | |
960 | }, | |
961 | }, | |
962 | returns => { | |
963 | type => 'string', | |
964 | }, | |
965 | code => sub { | |
966 | my ($param) = @_; | |
967 | ||
968 | my $rpcenv = PVE::RPCEnvironment::get(); | |
969 | ||
970 | my $authuser = $rpcenv->get_user(); | |
971 | ||
972 | my $node = extract_param($param, 'node'); | |
973 | ||
974 | my $vmid = extract_param($param, 'vmid'); | |
975 | ||
976 | die "CT $vmid already running\n" if PVE::LXC::check_running($vmid); | |
977 | ||
978 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { | |
979 | ||
980 | my $hacmd = sub { | |
981 | my $upid = shift; | |
982 | ||
983 | my $service = "ct:$vmid"; | |
984 | ||
985 | my $cmd = ['ha-manager', 'enable', $service]; | |
986 | ||
987 | print "Executing HA start for CT $vmid\n"; | |
988 | ||
989 | PVE::Tools::run_command($cmd); | |
990 | ||
991 | return; | |
992 | }; | |
993 | ||
994 | return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd); | |
995 | ||
996 | } else { | |
997 | ||
998 | my $realcmd = sub { | |
999 | my $upid = shift; | |
1000 | ||
1001 | syslog('info', "starting CT $vmid: $upid\n"); | |
1002 | ||
1003 | my $conf = PVE::LXC::load_config($vmid); | |
bb1ac2de DM |
1004 | |
1005 | die "you can't start a CT if it's a template\n" | |
1006 | if PVE::LXC::is_template($conf); | |
1007 | ||
27916659 | 1008 | my $storage_cfg = cfs_read_file("storage.cfg"); |
5c752bbf | 1009 | |
27916659 DM |
1010 | PVE::LXC::update_lxc_config($storage_cfg, $vmid, $conf); |
1011 | ||
22b9057a | 1012 | my $cmd = ['lxc-start', '-n', $vmid]; |
5c752bbf | 1013 | |
22b9057a | 1014 | run_command($cmd); |
5c752bbf DM |
1015 | |
1016 | return; | |
1017 | }; | |
1018 | ||
1019 | return $rpcenv->fork_worker('vzstart', $vmid, $authuser, $realcmd); | |
1020 | } | |
1021 | }}); | |
1022 | ||
1023 | __PACKAGE__->register_method({ | |
1024 | name => 'vm_stop', | |
1025 | path => '{vmid}/status/stop', | |
1026 | method => 'POST', | |
1027 | protected => 1, | |
1028 | proxyto => 'node', | |
1029 | description => "Stop the container.", | |
1030 | permissions => { | |
1031 | check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], | |
1032 | }, | |
1033 | parameters => { | |
1034 | additionalProperties => 0, | |
1035 | properties => { | |
1036 | node => get_standard_option('pve-node'), | |
1037 | vmid => get_standard_option('pve-vmid'), | |
1038 | }, | |
1039 | }, | |
1040 | returns => { | |
1041 | type => 'string', | |
1042 | }, | |
1043 | code => sub { | |
1044 | my ($param) = @_; | |
1045 | ||
1046 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1047 | ||
1048 | my $authuser = $rpcenv->get_user(); | |
1049 | ||
1050 | my $node = extract_param($param, 'node'); | |
1051 | ||
1052 | my $vmid = extract_param($param, 'vmid'); | |
1053 | ||
1054 | die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid); | |
1055 | ||
1056 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { | |
1057 | ||
1058 | my $hacmd = sub { | |
1059 | my $upid = shift; | |
1060 | ||
1061 | my $service = "ct:$vmid"; | |
1062 | ||
1063 | my $cmd = ['ha-manager', 'disable', $service]; | |
1064 | ||
1065 | print "Executing HA stop for CT $vmid\n"; | |
1066 | ||
1067 | PVE::Tools::run_command($cmd); | |
1068 | ||
1069 | return; | |
1070 | }; | |
1071 | ||
1072 | return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd); | |
1073 | ||
1074 | } else { | |
1075 | ||
1076 | my $realcmd = sub { | |
1077 | my $upid = shift; | |
1078 | ||
1079 | syslog('info', "stoping CT $vmid: $upid\n"); | |
1080 | ||
ef241384 DM |
1081 | my $conf = PVE::LXC::load_config($vmid); |
1082 | ||
1083 | my $storage_cfg = PVE::Storage::config(); | |
1084 | ||
5c752bbf DM |
1085 | my $cmd = ['lxc-stop', '-n', $vmid, '--kill']; |
1086 | ||
1087 | run_command($cmd); | |
1088 | ||
1089 | return; | |
1090 | }; | |
1091 | ||
1092 | return $rpcenv->fork_worker('vzstop', $vmid, $authuser, $realcmd); | |
1093 | } | |
1094 | }}); | |
1095 | ||
1096 | __PACKAGE__->register_method({ | |
1097 | name => 'vm_shutdown', | |
1098 | path => '{vmid}/status/shutdown', | |
1099 | method => 'POST', | |
1100 | protected => 1, | |
1101 | proxyto => 'node', | |
1102 | description => "Shutdown the container.", | |
1103 | permissions => { | |
1104 | check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], | |
1105 | }, | |
1106 | parameters => { | |
1107 | additionalProperties => 0, | |
1108 | properties => { | |
1109 | node => get_standard_option('pve-node'), | |
1110 | vmid => get_standard_option('pve-vmid'), | |
1111 | timeout => { | |
1112 | description => "Wait maximal timeout seconds.", | |
1113 | type => 'integer', | |
1114 | minimum => 0, | |
1115 | optional => 1, | |
1116 | default => 60, | |
1117 | }, | |
1118 | forceStop => { | |
1119 | description => "Make sure the Container stops.", | |
1120 | type => 'boolean', | |
1121 | optional => 1, | |
1122 | default => 0, | |
1123 | } | |
1124 | }, | |
1125 | }, | |
1126 | returns => { | |
1127 | type => 'string', | |
1128 | }, | |
1129 | code => sub { | |
1130 | my ($param) = @_; | |
1131 | ||
1132 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1133 | ||
1134 | my $authuser = $rpcenv->get_user(); | |
1135 | ||
1136 | my $node = extract_param($param, 'node'); | |
1137 | ||
1138 | my $vmid = extract_param($param, 'vmid'); | |
1139 | ||
1140 | my $timeout = extract_param($param, 'timeout'); | |
1141 | ||
1142 | die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid); | |
1143 | ||
1144 | my $realcmd = sub { | |
1145 | my $upid = shift; | |
1146 | ||
1147 | syslog('info', "shutdown CT $vmid: $upid\n"); | |
1148 | ||
1149 | my $cmd = ['lxc-stop', '-n', $vmid]; | |
1150 | ||
1151 | $timeout = 60 if !defined($timeout); | |
1152 | ||
ef241384 DM |
1153 | my $conf = PVE::LXC::load_config($vmid); |
1154 | ||
1155 | my $storage_cfg = PVE::Storage::config(); | |
1156 | ||
5c752bbf DM |
1157 | push @$cmd, '--timeout', $timeout; |
1158 | ||
1159 | eval { run_command($cmd, timeout => $timeout+5); }; | |
1160 | my $err = $@; | |
ef241384 DM |
1161 | if ($err && $param->{forceStop}) { |
1162 | $err = undef; | |
1163 | warn "shutdown failed - forcing stop now\n"; | |
5c752bbf | 1164 | |
ef241384 DM |
1165 | push @$cmd, '--kill'; |
1166 | run_command($cmd); | |
1167 | ||
1168 | } | |
5c752bbf | 1169 | |
ef241384 | 1170 | die $err if !$err; |
5c752bbf DM |
1171 | |
1172 | return; | |
1173 | }; | |
1174 | ||
1175 | my $upid = $rpcenv->fork_worker('vzshutdown', $vmid, $authuser, $realcmd); | |
1176 | ||
1177 | return $upid; | |
1178 | }}); | |
1179 | ||
1180 | __PACKAGE__->register_method({ | |
1181 | name => 'vm_suspend', | |
1182 | path => '{vmid}/status/suspend', | |
1183 | method => 'POST', | |
1184 | protected => 1, | |
1185 | proxyto => 'node', | |
1186 | description => "Suspend the container.", | |
1187 | permissions => { | |
1188 | check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], | |
1189 | }, | |
1190 | parameters => { | |
1191 | additionalProperties => 0, | |
1192 | properties => { | |
1193 | node => get_standard_option('pve-node'), | |
1194 | vmid => get_standard_option('pve-vmid'), | |
1195 | }, | |
1196 | }, | |
1197 | returns => { | |
1198 | type => 'string', | |
1199 | }, | |
1200 | code => sub { | |
1201 | my ($param) = @_; | |
1202 | ||
1203 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1204 | ||
1205 | my $authuser = $rpcenv->get_user(); | |
1206 | ||
1207 | my $node = extract_param($param, 'node'); | |
1208 | ||
1209 | my $vmid = extract_param($param, 'vmid'); | |
1210 | ||
1211 | die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid); | |
1212 | ||
1213 | my $realcmd = sub { | |
1214 | my $upid = shift; | |
1215 | ||
1216 | syslog('info', "suspend CT $vmid: $upid\n"); | |
1217 | ||
1218 | my $cmd = ['lxc-checkpoint', '-n', $vmid, '-s', '-D', '/var/liv/vz/dump']; | |
1219 | ||
1220 | run_command($cmd); | |
1221 | ||
1222 | return; | |
1223 | }; | |
1224 | ||
1225 | my $upid = $rpcenv->fork_worker('vzsuspend', $vmid, $authuser, $realcmd); | |
1226 | ||
1227 | return $upid; | |
1228 | }}); | |
1229 | ||
1230 | __PACKAGE__->register_method({ | |
1231 | name => 'vm_resume', | |
1232 | path => '{vmid}/status/resume', | |
1233 | method => 'POST', | |
1234 | protected => 1, | |
1235 | proxyto => 'node', | |
1236 | description => "Resume the container.", | |
1237 | permissions => { | |
1238 | check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], | |
1239 | }, | |
1240 | parameters => { | |
1241 | additionalProperties => 0, | |
1242 | properties => { | |
1243 | node => get_standard_option('pve-node'), | |
1244 | vmid => get_standard_option('pve-vmid'), | |
1245 | }, | |
1246 | }, | |
1247 | returns => { | |
1248 | type => 'string', | |
1249 | }, | |
1250 | code => sub { | |
1251 | my ($param) = @_; | |
1252 | ||
1253 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1254 | ||
1255 | my $authuser = $rpcenv->get_user(); | |
1256 | ||
1257 | my $node = extract_param($param, 'node'); | |
1258 | ||
1259 | my $vmid = extract_param($param, 'vmid'); | |
1260 | ||
1261 | die "CT $vmid already running\n" if PVE::LXC::check_running($vmid); | |
1262 | ||
1263 | my $realcmd = sub { | |
1264 | my $upid = shift; | |
1265 | ||
1266 | syslog('info', "resume CT $vmid: $upid\n"); | |
1267 | ||
1268 | my $cmd = ['lxc-checkpoint', '-n', $vmid, '-r', '--foreground', | |
1269 | '-D', '/var/liv/vz/dump']; | |
1270 | ||
1271 | run_command($cmd); | |
1272 | ||
1273 | return; | |
1274 | }; | |
1275 | ||
1276 | my $upid = $rpcenv->fork_worker('vzresume', $vmid, $authuser, $realcmd); | |
1277 | ||
1278 | return $upid; | |
1279 | }}); | |
1280 | ||
1281 | __PACKAGE__->register_method({ | |
1282 | name => 'migrate_vm', | |
1283 | path => '{vmid}/migrate', | |
1284 | method => 'POST', | |
1285 | protected => 1, | |
1286 | proxyto => 'node', | |
1287 | description => "Migrate the container to another node. Creates a new migration task.", | |
1288 | permissions => { | |
1289 | check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]], | |
1290 | }, | |
1291 | parameters => { | |
1292 | additionalProperties => 0, | |
1293 | properties => { | |
1294 | node => get_standard_option('pve-node'), | |
1295 | vmid => get_standard_option('pve-vmid'), | |
1296 | target => get_standard_option('pve-node', { description => "Target node." }), | |
1297 | online => { | |
1298 | type => 'boolean', | |
1299 | description => "Use online/live migration.", | |
1300 | optional => 1, | |
1301 | }, | |
1302 | }, | |
1303 | }, | |
1304 | returns => { | |
1305 | type => 'string', | |
1306 | description => "the task ID.", | |
1307 | }, | |
1308 | code => sub { | |
1309 | my ($param) = @_; | |
1310 | ||
1311 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1312 | ||
1313 | my $authuser = $rpcenv->get_user(); | |
1314 | ||
1315 | my $target = extract_param($param, 'target'); | |
1316 | ||
1317 | my $localnode = PVE::INotify::nodename(); | |
1318 | raise_param_exc({ target => "target is local node."}) if $target eq $localnode; | |
1319 | ||
1320 | PVE::Cluster::check_cfs_quorum(); | |
1321 | ||
1322 | PVE::Cluster::check_node_exists($target); | |
1323 | ||
1324 | my $targetip = PVE::Cluster::remote_node_ip($target); | |
1325 | ||
1326 | my $vmid = extract_param($param, 'vmid'); | |
1327 | ||
1328 | # test if VM exists | |
1329 | PVE::LXC::load_config($vmid); | |
1330 | ||
1331 | # try to detect errors early | |
1332 | if (PVE::LXC::check_running($vmid)) { | |
1333 | die "cant migrate running container without --online\n" | |
1334 | if !$param->{online}; | |
1335 | } | |
1336 | ||
1337 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { | |
1338 | ||
1339 | my $hacmd = sub { | |
1340 | my $upid = shift; | |
1341 | ||
1342 | my $service = "ct:$vmid"; | |
1343 | ||
1344 | my $cmd = ['ha-manager', 'migrate', $service, $target]; | |
1345 | ||
1346 | print "Executing HA migrate for CT $vmid to node $target\n"; | |
1347 | ||
1348 | PVE::Tools::run_command($cmd); | |
1349 | ||
1350 | return; | |
1351 | }; | |
1352 | ||
1353 | return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd); | |
1354 | ||
1355 | } else { | |
1356 | ||
1357 | my $realcmd = sub { | |
1358 | my $upid = shift; | |
1359 | ||
1360 | # fixme: implement lxc container migration | |
1361 | die "lxc container migration not implemented\n"; | |
1362 | ||
1363 | return; | |
1364 | }; | |
1365 | ||
1366 | return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd); | |
1367 | } | |
1368 | }}); | |
1369 | ||
489e960d WL |
1370 | __PACKAGE__->register_method({ |
1371 | name => 'snapshot', | |
1372 | path => '{vmid}/snapshot', | |
1373 | method => 'POST', | |
1374 | protected => 1, | |
1375 | proxyto => 'node', | |
1376 | description => "Snapshot a container.", | |
1377 | permissions => { | |
1378 | check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]], | |
1379 | }, | |
1380 | parameters => { | |
1381 | additionalProperties => 0, | |
1382 | properties => { | |
1383 | node => get_standard_option('pve-node'), | |
1384 | vmid => get_standard_option('pve-vmid'), | |
1385 | snapname => get_standard_option('pve-lxc-snapshot-name'), | |
09d3ec42 DM |
1386 | # vmstate => { |
1387 | # optional => 1, | |
1388 | # type => 'boolean', | |
1389 | # description => "Save the vmstate", | |
1390 | # }, | |
489e960d WL |
1391 | description => { |
1392 | optional => 1, | |
1393 | type => 'string', | |
1394 | description => "A textual description or comment.", | |
1395 | }, | |
1396 | }, | |
1397 | }, | |
1398 | returns => { | |
1399 | type => 'string', | |
1400 | description => "the task ID.", | |
1401 | }, | |
1402 | code => sub { | |
1403 | my ($param) = @_; | |
1404 | ||
1405 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1406 | ||
1407 | my $authuser = $rpcenv->get_user(); | |
1408 | ||
1409 | my $node = extract_param($param, 'node'); | |
1410 | ||
1411 | my $vmid = extract_param($param, 'vmid'); | |
1412 | ||
1413 | my $snapname = extract_param($param, 'snapname'); | |
1414 | ||
1415 | die "unable to use snapshot name 'current' (reserved name)\n" | |
1416 | if $snapname eq 'current'; | |
1417 | ||
1418 | my $realcmd = sub { | |
1419 | PVE::Cluster::log_msg('info', $authuser, "snapshot container $vmid: $snapname"); | |
1420 | PVE::LXC::snapshot_create($vmid, $snapname, $param->{description}); | |
1421 | }; | |
1422 | ||
1423 | return $rpcenv->fork_worker('pctsnapshot', $vmid, $authuser, $realcmd); | |
1424 | }}); | |
57ccb3f8 WL |
1425 | |
1426 | __PACKAGE__->register_method({ | |
1427 | name => 'delsnapshot', | |
1428 | path => '{vmid}/snapshot/{snapname}', | |
1429 | method => 'DELETE', | |
1430 | protected => 1, | |
1431 | proxyto => 'node', | |
1432 | description => "Delete a LXC snapshot.", | |
1433 | permissions => { | |
1434 | check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]], | |
1435 | }, | |
1436 | parameters => { | |
1437 | additionalProperties => 0, | |
1438 | properties => { | |
1439 | node => get_standard_option('pve-node'), | |
1440 | vmid => get_standard_option('pve-vmid'), | |
1441 | snapname => get_standard_option('pve-lxc-snapshot-name'), | |
1442 | force => { | |
1443 | optional => 1, | |
1444 | type => 'boolean', | |
1445 | description => "For removal from config file, even if removing disk snapshots fails.", | |
1446 | }, | |
1447 | }, | |
1448 | }, | |
1449 | returns => { | |
1450 | type => 'string', | |
1451 | description => "the task ID.", | |
1452 | }, | |
1453 | code => sub { | |
1454 | my ($param) = @_; | |
1455 | ||
1456 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1457 | ||
1458 | my $authuser = $rpcenv->get_user(); | |
1459 | ||
1460 | my $node = extract_param($param, 'node'); | |
1461 | ||
1462 | my $vmid = extract_param($param, 'vmid'); | |
1463 | ||
1464 | my $snapname = extract_param($param, 'snapname'); | |
1465 | ||
1466 | my $realcmd = sub { | |
1467 | PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname"); | |
1468 | PVE::LXC::snapshot_delete($vmid, $snapname, $param->{force}); | |
1469 | }; | |
1470 | ||
1471 | return $rpcenv->fork_worker('lxcdelsnapshot', $vmid, $authuser, $realcmd); | |
1472 | }}); | |
cc5392c8 | 1473 | |
723157f6 WL |
1474 | __PACKAGE__->register_method({ |
1475 | name => 'rollback', | |
1476 | path => '{vmid}/snapshot/{snapname}/rollback', | |
1477 | method => 'POST', | |
1478 | protected => 1, | |
1479 | proxyto => 'node', | |
1480 | description => "Rollback LXC state to specified snapshot.", | |
1481 | permissions => { | |
1482 | check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]], | |
1483 | }, | |
1484 | parameters => { | |
1485 | additionalProperties => 0, | |
1486 | properties => { | |
1487 | node => get_standard_option('pve-node'), | |
1488 | vmid => get_standard_option('pve-vmid'), | |
1489 | snapname => get_standard_option('pve-lxc-snapshot-name'), | |
1490 | }, | |
1491 | }, | |
1492 | returns => { | |
1493 | type => 'string', | |
1494 | description => "the task ID.", | |
1495 | }, | |
1496 | code => sub { | |
1497 | my ($param) = @_; | |
1498 | ||
1499 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1500 | ||
1501 | my $authuser = $rpcenv->get_user(); | |
1502 | ||
1503 | my $node = extract_param($param, 'node'); | |
1504 | ||
1505 | my $vmid = extract_param($param, 'vmid'); | |
1506 | ||
1507 | my $snapname = extract_param($param, 'snapname'); | |
1508 | ||
1509 | my $realcmd = sub { | |
1510 | PVE::Cluster::log_msg('info', $authuser, "rollback snapshot LXC $vmid: $snapname"); | |
1511 | PVE::LXC::snapshot_rollback($vmid, $snapname); | |
1512 | }; | |
1513 | ||
1514 | return $rpcenv->fork_worker('lxcrollback', $vmid, $authuser, $realcmd); | |
1515 | }}); | |
1516 | ||
cc5392c8 WL |
1517 | __PACKAGE__->register_method({ |
1518 | name => 'snapshot_list', | |
1519 | path => '{vmid}/snapshot', | |
1520 | method => 'GET', | |
1521 | description => "List all snapshots.", | |
1522 | permissions => { | |
1523 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
1524 | }, | |
1525 | proxyto => 'node', | |
1526 | protected => 1, # lxc pid files are only readable by root | |
1527 | parameters => { | |
1528 | additionalProperties => 0, | |
1529 | properties => { | |
1530 | vmid => get_standard_option('pve-vmid'), | |
1531 | node => get_standard_option('pve-node'), | |
1532 | }, | |
1533 | }, | |
1534 | returns => { | |
1535 | type => 'array', | |
1536 | items => { | |
1537 | type => "object", | |
1538 | properties => {}, | |
1539 | }, | |
1540 | links => [ { rel => 'child', href => "{name}" } ], | |
1541 | }, | |
1542 | code => sub { | |
1543 | my ($param) = @_; | |
1544 | ||
1545 | my $vmid = $param->{vmid}; | |
1546 | ||
1547 | my $conf = PVE::LXC::load_config($vmid); | |
1548 | my $snaphash = $conf->{snapshots} || {}; | |
1549 | ||
1550 | my $res = []; | |
1551 | ||
1552 | foreach my $name (keys %$snaphash) { | |
1553 | my $d = $snaphash->{$name}; | |
1554 | my $item = { | |
1555 | name => $name, | |
09d3ec42 DM |
1556 | snaptime => $d->{snaptime} || 0, |
1557 | description => $d->{description} || '', | |
cc5392c8 | 1558 | }; |
09d3ec42 DM |
1559 | $item->{parent} = $d->{parent} if defined($d->{parent}); |
1560 | $item->{snapstate} = $d->{snapstate} if $d->{snapstate}; | |
cc5392c8 WL |
1561 | push @$res, $item; |
1562 | } | |
1563 | ||
1564 | my $running = PVE::LXC::check_running($vmid) ? 1 : 0; | |
1565 | my $current = { name => 'current', digest => $conf->{digest}, running => $running }; | |
09d3ec42 | 1566 | $current->{parent} = $conf->{parent} if defined($conf->{parent}); |
cc5392c8 WL |
1567 | |
1568 | push @$res, $current; | |
1569 | ||
1570 | return $res; | |
1571 | }}); | |
1572 | ||
1573 | __PACKAGE__->register_method({ | |
1574 | name => 'snapshot_cmd_idx', | |
1575 | path => '{vmid}/snapshot/{snapname}', | |
1576 | description => '', | |
1577 | method => 'GET', | |
1578 | permissions => { | |
1579 | user => 'all', | |
1580 | }, | |
1581 | parameters => { | |
1582 | additionalProperties => 0, | |
1583 | properties => { | |
1584 | vmid => get_standard_option('pve-vmid'), | |
1585 | node => get_standard_option('pve-node'), | |
1586 | snapname => get_standard_option('pve-lxc-snapshot-name'), | |
1587 | }, | |
1588 | }, | |
1589 | returns => { | |
1590 | type => 'array', | |
1591 | items => { | |
1592 | type => "object", | |
1593 | properties => {}, | |
1594 | }, | |
1595 | links => [ { rel => 'child', href => "{cmd}" } ], | |
1596 | }, | |
1597 | code => sub { | |
1598 | my ($param) = @_; | |
1599 | ||
1600 | my $res = []; | |
1601 | ||
1602 | push @$res, { cmd => 'rollback' }; | |
1603 | push @$res, { cmd => 'config' }; | |
1604 | ||
1605 | return $res; | |
1606 | }}); | |
1607 | ||
1608 | __PACKAGE__->register_method({ | |
1609 | name => 'update_snapshot_config', | |
1610 | path => '{vmid}/snapshot/{snapname}/config', | |
1611 | method => 'PUT', | |
1612 | protected => 1, | |
1613 | proxyto => 'node', | |
1614 | description => "Update snapshot metadata.", | |
1615 | permissions => { | |
1616 | check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]], | |
1617 | }, | |
1618 | parameters => { | |
1619 | additionalProperties => 0, | |
1620 | properties => { | |
1621 | node => get_standard_option('pve-node'), | |
1622 | vmid => get_standard_option('pve-vmid'), | |
1623 | snapname => get_standard_option('pve-lxc-snapshot-name'), | |
1624 | description => { | |
1625 | optional => 1, | |
1626 | type => 'string', | |
1627 | description => "A textual description or comment.", | |
1628 | }, | |
1629 | }, | |
1630 | }, | |
1631 | returns => { type => 'null' }, | |
1632 | code => sub { | |
1633 | my ($param) = @_; | |
1634 | ||
1635 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1636 | ||
1637 | my $authuser = $rpcenv->get_user(); | |
1638 | ||
1639 | my $vmid = extract_param($param, 'vmid'); | |
1640 | ||
1641 | my $snapname = extract_param($param, 'snapname'); | |
1642 | ||
1643 | return undef if !defined($param->{description}); | |
1644 | ||
1645 | my $updatefn = sub { | |
1646 | ||
1647 | my $conf = PVE::LXC::load_config($vmid); | |
cc5392c8 WL |
1648 | PVE::LXC::check_lock($conf); |
1649 | ||
1650 | my $snap = $conf->{snapshots}->{$snapname}; | |
1651 | ||
1652 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
1653 | ||
09d3ec42 | 1654 | $snap->{description} = $param->{description} if defined($param->{description}); |
cc5392c8 | 1655 | |
09d3ec42 | 1656 | PVE::LXC::write_config($vmid, $conf, 1); |
cc5392c8 WL |
1657 | }; |
1658 | ||
1659 | PVE::LXC::lock_container($vmid, 10, $updatefn); | |
1660 | ||
1661 | return undef; | |
1662 | }}); | |
1663 | ||
1664 | __PACKAGE__->register_method({ | |
1665 | name => 'get_snapshot_config', | |
1666 | path => '{vmid}/snapshot/{snapname}/config', | |
1667 | method => 'GET', | |
1668 | proxyto => 'node', | |
1669 | description => "Get snapshot configuration", | |
1670 | permissions => { | |
1671 | check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]], | |
1672 | }, | |
1673 | parameters => { | |
1674 | additionalProperties => 0, | |
1675 | properties => { | |
1676 | node => get_standard_option('pve-node'), | |
1677 | vmid => get_standard_option('pve-vmid'), | |
1678 | snapname => get_standard_option('pve-lxc-snapshot-name'), | |
1679 | }, | |
1680 | }, | |
1681 | returns => { type => "object" }, | |
1682 | code => sub { | |
1683 | my ($param) = @_; | |
1684 | ||
1685 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1686 | ||
1687 | my $authuser = $rpcenv->get_user(); | |
1688 | ||
1689 | my $vmid = extract_param($param, 'vmid'); | |
1690 | ||
1691 | my $snapname = extract_param($param, 'snapname'); | |
1692 | ||
09d3ec42 | 1693 | my $conf = PVE::LXC::load_config($vmid); |
cc5392c8 | 1694 | |
09d3ec42 | 1695 | my $snap = $conf->{snapshots}->{$snapname}; |
cc5392c8 WL |
1696 | |
1697 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
1698 | ||
e576f689 DM |
1699 | delete $snap->{lxc}; |
1700 | ||
09d3ec42 | 1701 | return $snap; |
cc5392c8 WL |
1702 | }}); |
1703 | ||
1704 | __PACKAGE__->register_method({ | |
1705 | name => 'vm_feature', | |
1706 | path => '{vmid}/feature', | |
1707 | method => 'GET', | |
1708 | proxyto => 'node', | |
1709 | protected => 1, | |
1710 | description => "Check if feature for virtual machine is available.", | |
1711 | permissions => { | |
1712 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
1713 | }, | |
1714 | parameters => { | |
1715 | additionalProperties => 0, | |
1716 | properties => { | |
1717 | node => get_standard_option('pve-node'), | |
1718 | vmid => get_standard_option('pve-vmid'), | |
1719 | feature => { | |
1720 | description => "Feature to check.", | |
1721 | type => 'string', | |
1722 | enum => [ 'snapshot' ], | |
1723 | }, | |
1724 | snapname => get_standard_option('pve-lxc-snapshot-name', { | |
1725 | optional => 1, | |
1726 | }), | |
1727 | }, | |
1728 | }, | |
1729 | returns => { | |
1730 | type => "object", | |
1731 | properties => { | |
1732 | hasFeature => { type => 'boolean' }, | |
1733 | #nodes => { | |
1734 | #type => 'array', | |
1735 | #items => { type => 'string' }, | |
1736 | #} | |
1737 | }, | |
1738 | }, | |
1739 | code => sub { | |
1740 | my ($param) = @_; | |
1741 | ||
1742 | my $node = extract_param($param, 'node'); | |
1743 | ||
1744 | my $vmid = extract_param($param, 'vmid'); | |
1745 | ||
1746 | my $snapname = extract_param($param, 'snapname'); | |
1747 | ||
1748 | my $feature = extract_param($param, 'feature'); | |
1749 | ||
1750 | my $conf = PVE::LXC::load_config($vmid); | |
1751 | ||
1752 | if($snapname){ | |
1753 | my $snap = $conf->{snapshots}->{$snapname}; | |
1754 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
1755 | $conf = $snap; | |
1756 | } | |
ef241384 | 1757 | my $storage_cfg = PVE::Storage::config(); |
cc5392c8 | 1758 | #Maybe include later |
ef241384 DM |
1759 | #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg); |
1760 | my $hasFeature = PVE::LXC::has_feature($feature, $conf, $storage_cfg, $snapname); | |
cc5392c8 WL |
1761 | |
1762 | return { | |
1763 | hasFeature => $hasFeature, | |
1764 | #nodes => [ keys %$nodelist ], | |
1765 | }; | |
1766 | }}); | |
bb1ac2de DM |
1767 | |
1768 | __PACKAGE__->register_method({ | |
1769 | name => 'template', | |
1770 | path => '{vmid}/template', | |
1771 | method => 'POST', | |
1772 | protected => 1, | |
1773 | proxyto => 'node', | |
1774 | description => "Create a Template.", | |
1775 | permissions => { | |
1776 | description => "You need 'VM.Allocate' permissions on /vms/{vmid}", | |
1777 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
1778 | }, | |
1779 | parameters => { | |
1780 | additionalProperties => 0, | |
1781 | properties => { | |
1782 | node => get_standard_option('pve-node'), | |
1783 | vmid => get_standard_option('pve-vmid'), | |
1784 | }, | |
1785 | }, | |
1786 | returns => { type => 'null'}, | |
1787 | code => sub { | |
1788 | my ($param) = @_; | |
1789 | ||
1790 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1791 | ||
1792 | my $authuser = $rpcenv->get_user(); | |
1793 | ||
1794 | my $node = extract_param($param, 'node'); | |
1795 | ||
1796 | my $vmid = extract_param($param, 'vmid'); | |
1797 | ||
1798 | my $updatefn = sub { | |
1799 | ||
1800 | my $conf = PVE::LXC::load_config($vmid); | |
1801 | PVE::LXC::check_lock($conf); | |
1802 | ||
1803 | die "unable to create template, because CT contains snapshots\n" | |
1804 | if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}}); | |
1805 | ||
1806 | die "you can't convert a template to a template\n" | |
1807 | if PVE::LXC::is_template($conf); | |
1808 | ||
1809 | die "you can't convert a CT to template if the CT is running\n" | |
1810 | if PVE::LXC::check_running($vmid); | |
1811 | ||
1812 | my $realcmd = sub { | |
1813 | PVE::LXC::template_create($vmid, $conf); | |
1814 | }; | |
1815 | ||
1816 | $conf->{template} = 1; | |
1817 | ||
1818 | PVE::LXC::write_config($vmid, $conf); | |
1819 | # and remove lxc config | |
1820 | PVE::LXC::update_lxc_config(undef, $vmid, $conf); | |
1821 | ||
1822 | return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd); | |
1823 | }; | |
1824 | ||
1825 | PVE::LXC::lock_container($vmid, undef, $updatefn); | |
1826 | ||
1827 | return undef; | |
1828 | }}); | |
1829 | ||
f76a2828 | 1830 | 1; |