]>
Commit | Line | Data |
---|---|---|
f76a2828 DM |
1 | package PVE::API2::LXC; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::SafeSyslog; | |
7 | use PVE::Tools qw(extract_param run_command); | |
8 | use PVE::Exception qw(raise raise_param_exc); | |
9 | use PVE::INotify; | |
9c2d4ce9 | 10 | use PVE::Cluster qw(cfs_read_file); |
f76a2828 | 11 | use PVE::AccessControl; |
2f9b5ead | 12 | use PVE::Firewall; |
f76a2828 DM |
13 | use PVE::Storage; |
14 | use PVE::RESTHandler; | |
15 | use PVE::RPCEnvironment; | |
16 | use PVE::LXC; | |
7af97ad5 | 17 | use PVE::LXC::Create; |
52389a07 DM |
18 | use PVE::API2::LXC::Config; |
19 | use PVE::API2::LXC::Status; | |
20 | use PVE::API2::LXC::Snapshot; | |
5c752bbf | 21 | use PVE::HA::Config; |
f76a2828 DM |
22 | use PVE::JSONSchema qw(get_standard_option); |
23 | use base qw(PVE::RESTHandler); | |
24 | ||
25 | use Data::Dumper; # fixme: remove | |
26 | ||
52389a07 DM |
27 | __PACKAGE__->register_method ({ |
28 | subclass => "PVE::API2::LXC::Config", | |
29 | path => '{vmid}/config', | |
30 | }); | |
f76a2828 | 31 | |
52389a07 DM |
32 | __PACKAGE__->register_method ({ |
33 | subclass => "PVE::API2::LXC::Status", | |
34 | path => '{vmid}/status', | |
35 | }); | |
f76a2828 | 36 | |
52389a07 DM |
37 | __PACKAGE__->register_method ({ |
38 | subclass => "PVE::API2::LXC::Snapshot", | |
39 | path => '{vmid}/snapshot', | |
40 | }); | |
f76a2828 | 41 | |
52389a07 DM |
42 | __PACKAGE__->register_method ({ |
43 | subclass => "PVE::API2::Firewall::CT", | |
44 | path => '{vmid}/firewall', | |
45 | }); | |
46 | ||
eb35f9c0 AD |
47 | my $create_disks = sub { |
48 | my ($storecfg, $vmid, $settings, $conf, $default_storage) = @_; | |
27916659 | 49 | |
eb35f9c0 | 50 | my $vollist = []; |
27916659 | 51 | |
eb35f9c0 AD |
52 | PVE::LXC::foreach_mountpoint($settings, sub { |
53 | my ($ms, $mountpoint) = @_; | |
27916659 | 54 | |
eb35f9c0 AD |
55 | my $volid = $mountpoint->{volume}; |
56 | my $mp = $mountpoint->{mp}; | |
27916659 | 57 | |
eb35f9c0 | 58 | my ($storage, $volname) = PVE::Storage::parse_volume_id($volid, 1); |
27916659 | 59 | |
eb35f9c0 | 60 | return if !$storage; |
27916659 | 61 | |
eb35f9c0 AD |
62 | if ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) { |
63 | my ($storeid, $size) = ($2 || $default_storage, $3); | |
644f2f8f | 64 | |
eb35f9c0 | 65 | $size = int($size*1024) * 1024; |
63f2ddfb | 66 | |
eb35f9c0 AD |
67 | eval { |
68 | my $scfg = PVE::Storage::storage_config($storecfg, $storage); | |
69 | # fixme: use better naming ct-$vmid-disk-X.raw? | |
63f2ddfb | 70 | |
eb35f9c0 AD |
71 | if ($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs') { |
72 | if ($size > 0) { | |
73 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', | |
74 | undef, $size); | |
75 | } else { | |
76 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'subvol', | |
77 | undef, 0); | |
78 | } | |
79 | } elsif ($scfg->{type} eq 'zfspool') { | |
63f2ddfb | 80 | |
eb35f9c0 AD |
81 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'subvol', |
82 | undef, $size); | |
83 | } elsif ($scfg->{type} eq 'drbd') { | |
84 | ||
85 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', undef, $size); | |
86 | ||
87 | } elsif ($scfg->{type} eq 'rbd') { | |
88 | ||
89 | die "krbd option must be enabled on storage type '$scfg->{type}'\n" if !$scfg->{krbd}; | |
90 | $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', undef, $size); | |
91 | } else { | |
92 | die "unable to create containers on storage type '$scfg->{type}'\n"; | |
93 | } | |
94 | }; | |
95 | push @$vollist, $volid; | |
96 | $conf->{$ms} = PVE::LXC::print_ct_mountpoint({volume => $volid, size => $size, mp => $mp }); | |
27916659 | 97 | } |
eb35f9c0 AD |
98 | }); |
99 | # free allocated images on error | |
27916659 | 100 | if (my $err = $@) { |
eb35f9c0 AD |
101 | syslog('err', "VM $vmid creating disks failed"); |
102 | foreach my $volid (@$vollist) { | |
103 | eval { PVE::Storage::vdisk_free($storecfg, $volid); }; | |
104 | warn $@ if $@; | |
105 | } | |
106 | die $err; | |
27916659 | 107 | } |
eb35f9c0 | 108 | return $vollist; |
27916659 DM |
109 | }; |
110 | ||
f76a2828 | 111 | __PACKAGE__->register_method({ |
5c752bbf DM |
112 | name => 'vmlist', |
113 | path => '', | |
f76a2828 DM |
114 | method => 'GET', |
115 | description => "LXC container index (per node).", | |
116 | permissions => { | |
117 | description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.", | |
118 | user => 'all', | |
119 | }, | |
120 | proxyto => 'node', | |
121 | protected => 1, # /proc files are only readable by root | |
122 | parameters => { | |
123 | additionalProperties => 0, | |
124 | properties => { | |
125 | node => get_standard_option('pve-node'), | |
126 | }, | |
127 | }, | |
128 | returns => { | |
129 | type => 'array', | |
130 | items => { | |
131 | type => "object", | |
132 | properties => {}, | |
133 | }, | |
134 | links => [ { rel => 'child', href => "{vmid}" } ], | |
135 | }, | |
136 | code => sub { | |
137 | my ($param) = @_; | |
138 | ||
139 | my $rpcenv = PVE::RPCEnvironment::get(); | |
140 | my $authuser = $rpcenv->get_user(); | |
141 | ||
142 | my $vmstatus = PVE::LXC::vmstatus(); | |
143 | ||
144 | my $res = []; | |
145 | foreach my $vmid (keys %$vmstatus) { | |
146 | next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1); | |
147 | ||
148 | my $data = $vmstatus->{$vmid}; | |
149 | $data->{vmid} = $vmid; | |
150 | push @$res, $data; | |
151 | } | |
152 | ||
153 | return $res; | |
5c752bbf | 154 | |
f76a2828 DM |
155 | }}); |
156 | ||
9c2d4ce9 | 157 | __PACKAGE__->register_method({ |
5c752bbf DM |
158 | name => 'create_vm', |
159 | path => '', | |
9c2d4ce9 DM |
160 | method => 'POST', |
161 | description => "Create or restore a container.", | |
162 | permissions => { | |
163 | user => 'all', # check inside | |
164 | description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " . | |
165 | "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " . | |
166 | "You also need 'Datastore.AllocateSpace' permissions on the storage.", | |
167 | }, | |
168 | protected => 1, | |
169 | proxyto => 'node', | |
170 | parameters => { | |
171 | additionalProperties => 0, | |
eb35f9c0 | 172 | properties => PVE::LXC::json_config_properties({ |
9c2d4ce9 DM |
173 | node => get_standard_option('pve-node'), |
174 | vmid => get_standard_option('pve-vmid'), | |
175 | ostemplate => { | |
176 | description => "The OS template or backup file.", | |
5c752bbf | 177 | type => 'string', |
9c2d4ce9 DM |
178 | maxLength => 255, |
179 | }, | |
5c752bbf DM |
180 | password => { |
181 | optional => 1, | |
9c2d4ce9 DM |
182 | type => 'string', |
183 | description => "Sets root password inside container.", | |
168d6b07 | 184 | minLength => 5, |
9c2d4ce9 DM |
185 | }, |
186 | storage => get_standard_option('pve-storage-id', { | |
eb35f9c0 | 187 | description => "Default Storage.", |
9c2d4ce9 DM |
188 | default => 'local', |
189 | optional => 1, | |
190 | }), | |
191 | force => { | |
5c752bbf | 192 | optional => 1, |
9c2d4ce9 DM |
193 | type => 'boolean', |
194 | description => "Allow to overwrite existing container.", | |
195 | }, | |
196 | restore => { | |
5c752bbf | 197 | optional => 1, |
9c2d4ce9 DM |
198 | type => 'boolean', |
199 | description => "Mark this as restore task.", | |
200 | }, | |
5c752bbf | 201 | pool => { |
9c2d4ce9 DM |
202 | optional => 1, |
203 | type => 'string', format => 'pve-poolid', | |
204 | description => "Add the VM to the specified pool.", | |
205 | }, | |
206 | }), | |
207 | }, | |
5c752bbf | 208 | returns => { |
9c2d4ce9 DM |
209 | type => 'string', |
210 | }, | |
211 | code => sub { | |
212 | my ($param) = @_; | |
213 | ||
214 | my $rpcenv = PVE::RPCEnvironment::get(); | |
215 | ||
216 | my $authuser = $rpcenv->get_user(); | |
217 | ||
218 | my $node = extract_param($param, 'node'); | |
219 | ||
220 | my $vmid = extract_param($param, 'vmid'); | |
221 | ||
222 | my $basecfg_fn = PVE::LXC::config_file($vmid); | |
223 | ||
224 | my $same_container_exists = -f $basecfg_fn; | |
225 | ||
226 | my $restore = extract_param($param, 'restore'); | |
227 | ||
148d1cb4 DM |
228 | if ($restore) { |
229 | # fixme: limit allowed parameters | |
230 | ||
231 | } | |
232 | ||
9c2d4ce9 DM |
233 | my $force = extract_param($param, 'force'); |
234 | ||
235 | if (!($same_container_exists && $restore && $force)) { | |
236 | PVE::Cluster::check_vmid_unused($vmid); | |
237 | } | |
5c752bbf | 238 | |
9c2d4ce9 DM |
239 | my $password = extract_param($param, 'password'); |
240 | ||
27916659 DM |
241 | my $storage = extract_param($param, 'storage') // 'local'; |
242 | ||
9c2d4ce9 DM |
243 | my $storage_cfg = cfs_read_file("storage.cfg"); |
244 | ||
245 | my $scfg = PVE::Storage::storage_check_node($storage_cfg, $storage, $node); | |
246 | ||
247 | raise_param_exc({ storage => "storage '$storage' does not support container root directories"}) | |
644f2f8f | 248 | if !($scfg->{content}->{images} || $scfg->{content}->{rootdir}); |
9c2d4ce9 | 249 | |
27916659 DM |
250 | my $pool = extract_param($param, 'pool'); |
251 | ||
9c2d4ce9 DM |
252 | if (defined($pool)) { |
253 | $rpcenv->check_pool_exist($pool); | |
254 | $rpcenv->check_perm_modify($authuser, "/pool/$pool"); | |
5c752bbf | 255 | } |
9c2d4ce9 | 256 | |
27916659 DM |
257 | $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']); |
258 | ||
9c2d4ce9 DM |
259 | if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) { |
260 | # OK | |
261 | } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) { | |
262 | # OK | |
263 | } elsif ($restore && $force && $same_container_exists && | |
264 | $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) { | |
265 | # OK: user has VM.Backup permissions, and want to restore an existing VM | |
266 | } else { | |
267 | raise_perm_exc(); | |
268 | } | |
269 | ||
52389a07 | 270 | PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]); |
9c2d4ce9 DM |
271 | |
272 | PVE::Storage::activate_storage($storage_cfg, $storage); | |
273 | ||
274 | my $ostemplate = extract_param($param, 'ostemplate'); | |
5c752bbf | 275 | |
9c2d4ce9 DM |
276 | my $archive; |
277 | ||
eb35f9c0 AD |
278 | $param->{rootfs} = $storage if !$param->{rootfs}; |
279 | ||
9c2d4ce9 | 280 | if ($ostemplate eq '-') { |
148d1cb4 DM |
281 | die "pipe requires cli environment\n" |
282 | if $rpcenv->{type} ne 'cli'; | |
283 | die "pipe can only be used with restore tasks\n" | |
284 | if !$restore; | |
285 | $archive = '-'; | |
9c2d4ce9 DM |
286 | } else { |
287 | $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate); | |
288 | $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate); | |
289 | } | |
290 | ||
9c2d4ce9 | 291 | my $conf = {}; |
5b4657d0 | 292 | |
27916659 | 293 | PVE::LXC::update_pct_config($vmid, $conf, 0, $param); |
9c2d4ce9 | 294 | |
148d1cb4 DM |
295 | my $check_vmid_usage = sub { |
296 | if ($force) { | |
297 | die "cant overwrite running container\n" | |
298 | if PVE::LXC::check_running($vmid); | |
299 | } else { | |
300 | PVE::Cluster::check_vmid_unused($vmid); | |
301 | } | |
302 | }; | |
f507c3a7 | 303 | |
5b4657d0 | 304 | my $code = sub { |
148d1cb4 | 305 | &$check_vmid_usage(); # final check after locking |
87273b2b | 306 | |
148d1cb4 | 307 | PVE::Cluster::check_cfs_quorum(); |
eb35f9c0 | 308 | my $vollist = []; |
27916659 DM |
309 | |
310 | eval { | |
eb35f9c0 AD |
311 | my $rootmp = PVE::LXC::parse_ct_mountpoint($param->{rootfs}); |
312 | my $root_volid = $rootmp->{volume}; | |
313 | my $disksize = undef; | |
314 | ||
315 | if ($root_volid =~ m/^(([^:\s]+):)?(\d+)?/) { | |
316 | ||
317 | my ($storeid, $disksize) = ($2 || $storage, $3); | |
318 | ||
319 | if (!defined($disksize)) { | |
320 | if ($restore) { | |
321 | (undef, $disksize) = PVE::LXC::Create::recover_config($archive); | |
322 | die "unable to detect disk size - please specify rootfs size\n" | |
323 | if !$disksize; | |
324 | } else { | |
325 | $disksize = 4; | |
326 | } | |
327 | $param->{rootfs} = "$storeid:$disksize"; | |
328 | } | |
329 | } | |
330 | $vollist = &$create_disks($storage_cfg, $vmid, $param, $conf, $storage); | |
331 | ||
332 | PVE::LXC::Create::create_rootfs($storage_cfg, $vmid, $conf, $archive, $password, $restore); | |
27916659 DM |
333 | # set some defaults |
334 | $conf->{hostname} ||= "CT$vmid"; | |
335 | $conf->{memory} ||= 512; | |
336 | $conf->{swap} //= 512; | |
27916659 DM |
337 | PVE::LXC::create_config($vmid, $conf); |
338 | }; | |
339 | if (my $err = $@) { | |
eb35f9c0 AD |
340 | foreach my $volid (@$vollist) { |
341 | eval { PVE::Storage::vdisk_free($storage_cfg, $volid); }; | |
342 | warn $@ if $@; | |
343 | } | |
344 | ||
27916659 DM |
345 | PVE::LXC::destroy_config($vmid); |
346 | die $err; | |
6d098bf4 | 347 | } |
87273b2b | 348 | PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool; |
9c2d4ce9 | 349 | }; |
5c752bbf | 350 | |
9c2d4ce9 DM |
351 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
352 | ||
148d1cb4 DM |
353 | &$check_vmid_usage(); # first check before locking |
354 | ||
355 | return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate', | |
9c2d4ce9 | 356 | $vmid, $authuser, $realcmd); |
5c752bbf | 357 | |
9c2d4ce9 DM |
358 | }}); |
359 | ||
f76a2828 DM |
360 | __PACKAGE__->register_method({ |
361 | name => 'vmdiridx', | |
5c752bbf | 362 | path => '{vmid}', |
f76a2828 DM |
363 | method => 'GET', |
364 | proxyto => 'node', | |
365 | description => "Directory index", | |
366 | permissions => { | |
367 | user => 'all', | |
368 | }, | |
369 | parameters => { | |
370 | additionalProperties => 0, | |
371 | properties => { | |
372 | node => get_standard_option('pve-node'), | |
373 | vmid => get_standard_option('pve-vmid'), | |
374 | }, | |
375 | }, | |
376 | returns => { | |
377 | type => 'array', | |
378 | items => { | |
379 | type => "object", | |
380 | properties => { | |
381 | subdir => { type => 'string' }, | |
382 | }, | |
383 | }, | |
384 | links => [ { rel => 'child', href => "{subdir}" } ], | |
385 | }, | |
386 | code => sub { | |
387 | my ($param) = @_; | |
388 | ||
389 | # test if VM exists | |
e901d418 | 390 | my $conf = PVE::LXC::load_config($param->{vmid}); |
f76a2828 DM |
391 | |
392 | my $res = [ | |
393 | { subdir => 'config' }, | |
fff3a342 DM |
394 | { subdir => 'status' }, |
395 | { subdir => 'vncproxy' }, | |
396 | { subdir => 'vncwebsocket' }, | |
397 | { subdir => 'spiceproxy' }, | |
398 | { subdir => 'migrate' }, | |
f76a2828 DM |
399 | # { subdir => 'initlog' }, |
400 | { subdir => 'rrd' }, | |
401 | { subdir => 'rrddata' }, | |
402 | { subdir => 'firewall' }, | |
cc5392c8 | 403 | { subdir => 'snapshot' }, |
f76a2828 | 404 | ]; |
5c752bbf | 405 | |
f76a2828 DM |
406 | return $res; |
407 | }}); | |
408 | ||
409 | __PACKAGE__->register_method({ | |
5c752bbf DM |
410 | name => 'rrd', |
411 | path => '{vmid}/rrd', | |
f76a2828 DM |
412 | method => 'GET', |
413 | protected => 1, # fixme: can we avoid that? | |
414 | permissions => { | |
415 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
416 | }, | |
417 | description => "Read VM RRD statistics (returns PNG)", | |
418 | parameters => { | |
419 | additionalProperties => 0, | |
420 | properties => { | |
421 | node => get_standard_option('pve-node'), | |
422 | vmid => get_standard_option('pve-vmid'), | |
423 | timeframe => { | |
424 | description => "Specify the time frame you are interested in.", | |
425 | type => 'string', | |
426 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
427 | }, | |
428 | ds => { | |
429 | description => "The list of datasources you want to display.", | |
430 | type => 'string', format => 'pve-configid-list', | |
431 | }, | |
432 | cf => { | |
433 | description => "The RRD consolidation function", | |
434 | type => 'string', | |
435 | enum => [ 'AVERAGE', 'MAX' ], | |
436 | optional => 1, | |
437 | }, | |
438 | }, | |
439 | }, | |
440 | returns => { | |
441 | type => "object", | |
442 | properties => { | |
443 | filename => { type => 'string' }, | |
444 | }, | |
445 | }, | |
446 | code => sub { | |
447 | my ($param) = @_; | |
448 | ||
449 | return PVE::Cluster::create_rrd_graph( | |
5c752bbf | 450 | "pve2-vm/$param->{vmid}", $param->{timeframe}, |
f76a2828 | 451 | $param->{ds}, $param->{cf}); |
5c752bbf | 452 | |
f76a2828 DM |
453 | }}); |
454 | ||
455 | __PACKAGE__->register_method({ | |
5c752bbf DM |
456 | name => 'rrddata', |
457 | path => '{vmid}/rrddata', | |
f76a2828 DM |
458 | method => 'GET', |
459 | protected => 1, # fixme: can we avoid that? | |
460 | permissions => { | |
461 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
462 | }, | |
463 | description => "Read VM RRD statistics", | |
464 | parameters => { | |
465 | additionalProperties => 0, | |
466 | properties => { | |
467 | node => get_standard_option('pve-node'), | |
468 | vmid => get_standard_option('pve-vmid'), | |
469 | timeframe => { | |
470 | description => "Specify the time frame you are interested in.", | |
471 | type => 'string', | |
472 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
473 | }, | |
474 | cf => { | |
475 | description => "The RRD consolidation function", | |
476 | type => 'string', | |
477 | enum => [ 'AVERAGE', 'MAX' ], | |
478 | optional => 1, | |
479 | }, | |
480 | }, | |
481 | }, | |
482 | returns => { | |
483 | type => "array", | |
484 | items => { | |
485 | type => "object", | |
486 | properties => {}, | |
487 | }, | |
488 | }, | |
489 | code => sub { | |
490 | my ($param) = @_; | |
491 | ||
492 | return PVE::Cluster::create_rrd_data( | |
493 | "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf}); | |
494 | }}); | |
495 | ||
f76a2828 | 496 | __PACKAGE__->register_method({ |
5c752bbf DM |
497 | name => 'destroy_vm', |
498 | path => '{vmid}', | |
f76a2828 DM |
499 | method => 'DELETE', |
500 | protected => 1, | |
501 | proxyto => 'node', | |
502 | description => "Destroy the container (also delete all uses files).", | |
503 | permissions => { | |
504 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
505 | }, | |
506 | parameters => { | |
507 | additionalProperties => 0, | |
508 | properties => { | |
509 | node => get_standard_option('pve-node'), | |
510 | vmid => get_standard_option('pve-vmid'), | |
511 | }, | |
512 | }, | |
5c752bbf | 513 | returns => { |
f76a2828 DM |
514 | type => 'string', |
515 | }, | |
516 | code => sub { | |
517 | my ($param) = @_; | |
518 | ||
519 | my $rpcenv = PVE::RPCEnvironment::get(); | |
520 | ||
521 | my $authuser = $rpcenv->get_user(); | |
522 | ||
523 | my $vmid = $param->{vmid}; | |
524 | ||
525 | # test if container exists | |
673cf209 | 526 | my $conf = PVE::LXC::load_config($vmid); |
f76a2828 | 527 | |
611fe3aa DM |
528 | my $storage_cfg = cfs_read_file("storage.cfg"); |
529 | ||
530 | my $code = sub { | |
673cf209 DM |
531 | # reload config after lock |
532 | $conf = PVE::LXC::load_config($vmid); | |
533 | PVE::LXC::check_lock($conf); | |
534 | ||
27916659 | 535 | PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf); |
be5fc936 | 536 | PVE::AccessControl::remove_vm_access($vmid); |
2f9b5ead | 537 | PVE::Firewall::remove_vmfw_conf($vmid); |
f76a2828 DM |
538 | }; |
539 | ||
611fe3aa DM |
540 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
541 | ||
f76a2828 DM |
542 | return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd); |
543 | }}); | |
544 | ||
fff3a342 DM |
545 | my $sslcert; |
546 | ||
547 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
548 | name => 'vncproxy', |
549 | path => '{vmid}/vncproxy', | |
fff3a342 DM |
550 | method => 'POST', |
551 | protected => 1, | |
552 | permissions => { | |
553 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
554 | }, | |
555 | description => "Creates a TCP VNC proxy connections.", | |
556 | parameters => { | |
557 | additionalProperties => 0, | |
558 | properties => { | |
559 | node => get_standard_option('pve-node'), | |
560 | vmid => get_standard_option('pve-vmid'), | |
561 | websocket => { | |
562 | optional => 1, | |
563 | type => 'boolean', | |
564 | description => "use websocket instead of standard VNC.", | |
565 | }, | |
566 | }, | |
567 | }, | |
5b4657d0 | 568 | returns => { |
fff3a342 DM |
569 | additionalProperties => 0, |
570 | properties => { | |
571 | user => { type => 'string' }, | |
572 | ticket => { type => 'string' }, | |
573 | cert => { type => 'string' }, | |
574 | port => { type => 'integer' }, | |
575 | upid => { type => 'string' }, | |
576 | }, | |
577 | }, | |
578 | code => sub { | |
579 | my ($param) = @_; | |
580 | ||
581 | my $rpcenv = PVE::RPCEnvironment::get(); | |
582 | ||
583 | my $authuser = $rpcenv->get_user(); | |
584 | ||
585 | my $vmid = $param->{vmid}; | |
586 | my $node = $param->{node}; | |
587 | ||
588 | my $authpath = "/vms/$vmid"; | |
589 | ||
590 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath); | |
591 | ||
592 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) | |
593 | if !$sslcert; | |
594 | ||
ec2c57eb | 595 | my ($remip, $family); |
5b4657d0 | 596 | |
fff3a342 | 597 | if ($node ne PVE::INotify::nodename()) { |
85ae6211 | 598 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
ec2c57eb WB |
599 | } else { |
600 | $family = PVE::Tools::get_host_address_family($node); | |
fff3a342 DM |
601 | } |
602 | ||
ec2c57eb WB |
603 | my $port = PVE::Tools::next_vnc_port($family); |
604 | ||
fff3a342 DM |
605 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
606 | # so we select the fastest chipher here (or 'none'?) | |
5b4657d0 | 607 | my $remcmd = $remip ? |
fff3a342 DM |
608 | ['/usr/bin/ssh', '-t', $remip] : []; |
609 | ||
d18499cf | 610 | my $conf = PVE::LXC::load_config($vmid, $node); |
aca816ad DM |
611 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); |
612 | ||
5b4657d0 DM |
613 | my $shcmd = [ '/usr/bin/dtach', '-A', |
614 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 615 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
616 | |
617 | my $realcmd = sub { | |
618 | my $upid = shift; | |
619 | ||
5b4657d0 | 620 | syslog ('info', "starting lxc vnc proxy $upid\n"); |
fff3a342 | 621 | |
5b4657d0 | 622 | my $timeout = 10; |
fff3a342 DM |
623 | |
624 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, | |
5b4657d0 | 625 | '-timeout', $timeout, '-authpath', $authpath, |
fff3a342 DM |
626 | '-perm', 'VM.Console']; |
627 | ||
628 | if ($param->{websocket}) { | |
5b4657d0 | 629 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
fff3a342 DM |
630 | push @$cmd, '-notls', '-listen', 'localhost'; |
631 | } | |
632 | ||
633 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
634 | ||
635 | run_command($cmd); | |
636 | ||
637 | return; | |
638 | }; | |
639 | ||
640 | my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); | |
641 | ||
642 | PVE::Tools::wait_for_vnc_port($port); | |
643 | ||
644 | return { | |
645 | user => $authuser, | |
646 | ticket => $ticket, | |
5b4657d0 DM |
647 | port => $port, |
648 | upid => $upid, | |
649 | cert => $sslcert, | |
fff3a342 DM |
650 | }; |
651 | }}); | |
652 | ||
653 | __PACKAGE__->register_method({ | |
654 | name => 'vncwebsocket', | |
655 | path => '{vmid}/vncwebsocket', | |
656 | method => 'GET', | |
5b4657d0 | 657 | permissions => { |
fff3a342 DM |
658 | description => "You also need to pass a valid ticket (vncticket).", |
659 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
660 | }, | |
661 | description => "Opens a weksocket for VNC traffic.", | |
662 | parameters => { | |
663 | additionalProperties => 0, | |
664 | properties => { | |
665 | node => get_standard_option('pve-node'), | |
666 | vmid => get_standard_option('pve-vmid'), | |
667 | vncticket => { | |
668 | description => "Ticket from previous call to vncproxy.", | |
669 | type => 'string', | |
670 | maxLength => 512, | |
671 | }, | |
672 | port => { | |
673 | description => "Port number returned by previous vncproxy call.", | |
674 | type => 'integer', | |
675 | minimum => 5900, | |
676 | maximum => 5999, | |
677 | }, | |
678 | }, | |
679 | }, | |
680 | returns => { | |
681 | type => "object", | |
682 | properties => { | |
683 | port => { type => 'string' }, | |
684 | }, | |
685 | }, | |
686 | code => sub { | |
687 | my ($param) = @_; | |
688 | ||
689 | my $rpcenv = PVE::RPCEnvironment::get(); | |
690 | ||
691 | my $authuser = $rpcenv->get_user(); | |
692 | ||
693 | my $authpath = "/vms/$param->{vmid}"; | |
694 | ||
695 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath); | |
696 | ||
697 | my $port = $param->{port}; | |
5b4657d0 | 698 | |
fff3a342 DM |
699 | return { port => $port }; |
700 | }}); | |
701 | ||
702 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
703 | name => 'spiceproxy', |
704 | path => '{vmid}/spiceproxy', | |
fff3a342 DM |
705 | method => 'POST', |
706 | protected => 1, | |
707 | proxyto => 'node', | |
708 | permissions => { | |
709 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
710 | }, | |
711 | description => "Returns a SPICE configuration to connect to the CT.", | |
712 | parameters => { | |
713 | additionalProperties => 0, | |
714 | properties => { | |
715 | node => get_standard_option('pve-node'), | |
716 | vmid => get_standard_option('pve-vmid'), | |
717 | proxy => get_standard_option('spice-proxy', { optional => 1 }), | |
718 | }, | |
719 | }, | |
720 | returns => get_standard_option('remote-viewer-config'), | |
721 | code => sub { | |
722 | my ($param) = @_; | |
723 | ||
724 | my $vmid = $param->{vmid}; | |
725 | my $node = $param->{node}; | |
726 | my $proxy = $param->{proxy}; | |
727 | ||
728 | my $authpath = "/vms/$vmid"; | |
729 | my $permissions = 'VM.Console'; | |
730 | ||
aca816ad DM |
731 | my $conf = PVE::LXC::load_config($vmid); |
732 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); | |
733 | ||
5b4657d0 DM |
734 | my $shcmd = ['/usr/bin/dtach', '-A', |
735 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 736 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
737 | |
738 | my $title = "CT $vmid"; | |
739 | ||
740 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd); | |
741 | }}); | |
5c752bbf | 742 | |
5c752bbf DM |
743 | |
744 | __PACKAGE__->register_method({ | |
52389a07 DM |
745 | name => 'migrate_vm', |
746 | path => '{vmid}/migrate', | |
5c752bbf DM |
747 | method => 'POST', |
748 | protected => 1, | |
749 | proxyto => 'node', | |
52389a07 | 750 | description => "Migrate the container to another node. Creates a new migration task.", |
5c752bbf | 751 | permissions => { |
52389a07 | 752 | check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]], |
5c752bbf DM |
753 | }, |
754 | parameters => { | |
755 | additionalProperties => 0, | |
756 | properties => { | |
757 | node => get_standard_option('pve-node'), | |
758 | vmid => get_standard_option('pve-vmid'), | |
52389a07 DM |
759 | target => get_standard_option('pve-node', { description => "Target node." }), |
760 | online => { | |
761 | type => 'boolean', | |
762 | description => "Use online/live migration.", | |
763 | optional => 1, | |
764 | }, | |
5c752bbf DM |
765 | }, |
766 | }, | |
767 | returns => { | |
768 | type => 'string', | |
52389a07 | 769 | description => "the task ID.", |
5c752bbf DM |
770 | }, |
771 | code => sub { | |
772 | my ($param) = @_; | |
773 | ||
774 | my $rpcenv = PVE::RPCEnvironment::get(); | |
775 | ||
776 | my $authuser = $rpcenv->get_user(); | |
777 | ||
52389a07 | 778 | my $target = extract_param($param, 'target'); |
bb1ac2de | 779 | |
52389a07 DM |
780 | my $localnode = PVE::INotify::nodename(); |
781 | raise_param_exc({ target => "target is local node."}) if $target eq $localnode; | |
bb1ac2de | 782 | |
52389a07 | 783 | PVE::Cluster::check_cfs_quorum(); |
5c752bbf | 784 | |
52389a07 | 785 | PVE::Cluster::check_node_exists($target); |
27916659 | 786 | |
52389a07 | 787 | my $targetip = PVE::Cluster::remote_node_ip($target); |
5c752bbf | 788 | |
52389a07 | 789 | my $vmid = extract_param($param, 'vmid'); |
5c752bbf | 790 | |
52389a07 DM |
791 | # test if VM exists |
792 | PVE::LXC::load_config($vmid); | |
5c752bbf | 793 | |
52389a07 DM |
794 | # try to detect errors early |
795 | if (PVE::LXC::check_running($vmid)) { | |
796 | die "cant migrate running container without --online\n" | |
797 | if !$param->{online}; | |
5c752bbf | 798 | } |
5c752bbf DM |
799 | |
800 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { | |
801 | ||
802 | my $hacmd = sub { | |
803 | my $upid = shift; | |
804 | ||
805 | my $service = "ct:$vmid"; | |
806 | ||
52389a07 | 807 | my $cmd = ['ha-manager', 'migrate', $service, $target]; |
5c752bbf | 808 | |
52389a07 | 809 | print "Executing HA migrate for CT $vmid to node $target\n"; |
5c752bbf DM |
810 | |
811 | PVE::Tools::run_command($cmd); | |
812 | ||
813 | return; | |
814 | }; | |
815 | ||
52389a07 | 816 | return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd); |
5c752bbf DM |
817 | |
818 | } else { | |
819 | ||
820 | my $realcmd = sub { | |
821 | my $upid = shift; | |
822 | ||
52389a07 DM |
823 | # fixme: implement lxc container migration |
824 | die "lxc container migration not implemented\n"; | |
5c752bbf DM |
825 | |
826 | return; | |
827 | }; | |
828 | ||
52389a07 | 829 | return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd); |
5c752bbf DM |
830 | } |
831 | }}); | |
832 | ||
cc5392c8 WL |
833 | __PACKAGE__->register_method({ |
834 | name => 'vm_feature', | |
835 | path => '{vmid}/feature', | |
836 | method => 'GET', | |
837 | proxyto => 'node', | |
838 | protected => 1, | |
839 | description => "Check if feature for virtual machine is available.", | |
840 | permissions => { | |
841 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
842 | }, | |
843 | parameters => { | |
844 | additionalProperties => 0, | |
845 | properties => { | |
846 | node => get_standard_option('pve-node'), | |
847 | vmid => get_standard_option('pve-vmid'), | |
848 | feature => { | |
849 | description => "Feature to check.", | |
850 | type => 'string', | |
851 | enum => [ 'snapshot' ], | |
852 | }, | |
853 | snapname => get_standard_option('pve-lxc-snapshot-name', { | |
854 | optional => 1, | |
855 | }), | |
856 | }, | |
857 | }, | |
858 | returns => { | |
859 | type => "object", | |
860 | properties => { | |
861 | hasFeature => { type => 'boolean' }, | |
862 | #nodes => { | |
863 | #type => 'array', | |
864 | #items => { type => 'string' }, | |
865 | #} | |
866 | }, | |
867 | }, | |
868 | code => sub { | |
869 | my ($param) = @_; | |
870 | ||
871 | my $node = extract_param($param, 'node'); | |
872 | ||
873 | my $vmid = extract_param($param, 'vmid'); | |
874 | ||
875 | my $snapname = extract_param($param, 'snapname'); | |
876 | ||
877 | my $feature = extract_param($param, 'feature'); | |
878 | ||
879 | my $conf = PVE::LXC::load_config($vmid); | |
880 | ||
881 | if($snapname){ | |
882 | my $snap = $conf->{snapshots}->{$snapname}; | |
883 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
884 | $conf = $snap; | |
885 | } | |
ef241384 | 886 | my $storage_cfg = PVE::Storage::config(); |
cc5392c8 | 887 | #Maybe include later |
ef241384 DM |
888 | #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg); |
889 | my $hasFeature = PVE::LXC::has_feature($feature, $conf, $storage_cfg, $snapname); | |
cc5392c8 WL |
890 | |
891 | return { | |
892 | hasFeature => $hasFeature, | |
893 | #nodes => [ keys %$nodelist ], | |
894 | }; | |
895 | }}); | |
bb1ac2de DM |
896 | |
897 | __PACKAGE__->register_method({ | |
898 | name => 'template', | |
899 | path => '{vmid}/template', | |
900 | method => 'POST', | |
901 | protected => 1, | |
902 | proxyto => 'node', | |
903 | description => "Create a Template.", | |
904 | permissions => { | |
905 | description => "You need 'VM.Allocate' permissions on /vms/{vmid}", | |
906 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
907 | }, | |
908 | parameters => { | |
909 | additionalProperties => 0, | |
910 | properties => { | |
911 | node => get_standard_option('pve-node'), | |
912 | vmid => get_standard_option('pve-vmid'), | |
913 | }, | |
914 | }, | |
915 | returns => { type => 'null'}, | |
916 | code => sub { | |
917 | my ($param) = @_; | |
918 | ||
919 | my $rpcenv = PVE::RPCEnvironment::get(); | |
920 | ||
921 | my $authuser = $rpcenv->get_user(); | |
922 | ||
923 | my $node = extract_param($param, 'node'); | |
924 | ||
925 | my $vmid = extract_param($param, 'vmid'); | |
926 | ||
927 | my $updatefn = sub { | |
928 | ||
929 | my $conf = PVE::LXC::load_config($vmid); | |
930 | PVE::LXC::check_lock($conf); | |
931 | ||
932 | die "unable to create template, because CT contains snapshots\n" | |
933 | if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}}); | |
934 | ||
935 | die "you can't convert a template to a template\n" | |
936 | if PVE::LXC::is_template($conf); | |
937 | ||
938 | die "you can't convert a CT to template if the CT is running\n" | |
939 | if PVE::LXC::check_running($vmid); | |
940 | ||
941 | my $realcmd = sub { | |
942 | PVE::LXC::template_create($vmid, $conf); | |
943 | }; | |
944 | ||
945 | $conf->{template} = 1; | |
946 | ||
947 | PVE::LXC::write_config($vmid, $conf); | |
948 | # and remove lxc config | |
949 | PVE::LXC::update_lxc_config(undef, $vmid, $conf); | |
950 | ||
951 | return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd); | |
952 | }; | |
953 | ||
954 | PVE::LXC::lock_container($vmid, undef, $updatefn); | |
955 | ||
956 | return undef; | |
957 | }}); | |
958 | ||
f76a2828 | 959 | 1; |