]>
Commit | Line | Data |
---|---|---|
9beee926 | 1 | package PVE::CLI::pct; |
179b842e | 2 | |
9beee926 DM |
3 | use strict; |
4 | use warnings; | |
5 | ||
b95bf64b WB |
6 | use Fcntl; |
7 | use File::Copy 'copy'; | |
89045484 | 8 | use POSIX; |
b95bf64b | 9 | |
89045484 | 10 | use PVE::CLIHandler; |
9beee926 | 11 | use PVE::Cluster; |
89045484 | 12 | use PVE::CpuSet; |
2c4baf7d | 13 | use PVE::Exception qw(raise_param_exc); |
89045484 | 14 | use PVE::GuestHelpers; |
9beee926 | 15 | use PVE::INotify; |
9beee926 | 16 | use PVE::JSONSchema qw(get_standard_option); |
89045484 TL |
17 | use PVE::LXC::CGroup; |
18 | use PVE::RPCEnvironment; | |
19 | use PVE::SafeSyslog; | |
20 | use PVE::Tools qw(extract_param); | |
21 | ||
9beee926 | 22 | use PVE::API2::LXC::Config; |
9beee926 | 23 | use PVE::API2::LXC::Snapshot; |
89045484 TL |
24 | use PVE::API2::LXC::Status; |
25 | use PVE::API2::LXC; | |
9beee926 | 26 | |
9beee926 DM |
27 | use base qw(PVE::CLIHandler); |
28 | ||
29 | my $nodename = PVE::INotify::nodename(); | |
30 | ||
31 | my $upid_exit = sub { | |
32 | my $upid = shift; | |
33 | my $status = PVE::Tools::upid_read_status($upid); | |
e27fbd6b | 34 | exit(PVE::Tools::upid_status_is_error($status) ? -1 : 0); |
9beee926 DM |
35 | }; |
36 | ||
52e1f0cb DM |
37 | sub setup_environment { |
38 | PVE::RPCEnvironment->setup_default_cli_env(); | |
39 | } | |
40 | ||
699ee9b2 DC |
41 | __PACKAGE__->register_method ({ |
42 | name => 'status', | |
43 | path => 'status', | |
44 | method => 'GET', | |
45 | description => "Show CT status.", | |
46 | parameters => { | |
47 | additionalProperties => 0, | |
48 | properties => { | |
49 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
50 | verbose => { | |
51 | description => "Verbose output format", | |
52 | type => 'boolean', | |
53 | optional => 1, | |
54 | } | |
55 | }, | |
56 | }, | |
57 | returns => { type => 'null'}, | |
58 | code => sub { | |
59 | my ($param) = @_; | |
60 | ||
61 | # test if CT exists | |
62 | my $conf = PVE::LXC::Config->load_config ($param->{vmid}); | |
63 | ||
64 | my $vmstatus = PVE::LXC::vmstatus($param->{vmid}); | |
65 | my $stat = $vmstatus->{$param->{vmid}}; | |
66 | if ($param->{verbose}) { | |
67 | foreach my $k (sort (keys %$stat)) { | |
68 | my $v = $stat->{$k}; | |
69 | next if !defined($v); | |
70 | print "$k: $v\n"; | |
71 | } | |
72 | } else { | |
73 | my $status = $stat->{status} || 'unknown'; | |
74 | print "status: $status\n"; | |
75 | } | |
76 | ||
77 | return undef; | |
78 | }}); | |
79 | ||
6085e45b | 80 | sub param_mapping { |
34ddbf08 FG |
81 | my ($name) = @_; |
82 | ||
83 | my $mapping = { | |
6085e45b DC |
84 | 'create_vm' => [ |
85 | PVE::CLIHandler::get_standard_mapping('pve-password'), | |
86 | 'ssh-public-keys', | |
87 | ], | |
34ddbf08 FG |
88 | }; |
89 | ||
6085e45b | 90 | return $mapping->{$name}; |
34ddbf08 FG |
91 | } |
92 | ||
c72bd0ba WL |
93 | __PACKAGE__->register_method ({ |
94 | name => 'unlock', | |
95 | path => 'unlock', | |
96 | method => 'PUT', | |
97 | description => "Unlock the VM.", | |
98 | parameters => { | |
99 | additionalProperties => 0, | |
100 | properties => { | |
101 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
102 | }, | |
103 | }, | |
104 | returns => { type => 'null'}, | |
105 | code => sub { | |
106 | my ($param) = @_; | |
107 | ||
108 | my $vmid = $param->{vmid}; | |
109 | ||
ad408fe1 | 110 | PVE::LXC::Config->remove_lock($vmid); |
c72bd0ba WL |
111 | |
112 | return undef; | |
113 | }}); | |
114 | ||
9beee926 DM |
115 | __PACKAGE__->register_method ({ |
116 | name => 'console', | |
117 | path => 'console', | |
118 | method => 'GET', | |
119 | description => "Launch a console for the specified container.", | |
120 | parameters => { | |
3c841167 | 121 | additionalProperties => 0, |
9beee926 DM |
122 | properties => { |
123 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), | |
65213b67 TM |
124 | escape => { |
125 | description => "Escape sequence prefix. For example to use <Ctrl+b q> as the escape sequence pass '^b'.", | |
126 | default => '^a', | |
127 | type => 'string', | |
128 | pattern => '\^?[a-z]', | |
129 | optional => 1, | |
130 | }, | |
9beee926 DM |
131 | }, |
132 | }, | |
133 | returns => { type => 'null' }, | |
134 | ||
135 | code => sub { | |
136 | my ($param) = @_; | |
137 | ||
138 | # test if container exists on this node | |
67afe46e | 139 | my $conf = PVE::LXC::Config->load_config($param->{vmid}); |
9beee926 | 140 | |
65213b67 | 141 | my $cmd = PVE::LXC::get_console_command($param->{vmid}, $conf, $param->{escape}); |
9beee926 DM |
142 | exec(@$cmd); |
143 | }}); | |
144 | ||
145 | __PACKAGE__->register_method ({ | |
146 | name => 'enter', | |
147 | path => 'enter', | |
148 | method => 'GET', | |
149 | description => "Launch a shell for the specified container.", | |
150 | parameters => { | |
3c841167 | 151 | additionalProperties => 0, |
9beee926 DM |
152 | properties => { |
153 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), | |
154 | }, | |
155 | }, | |
156 | returns => { type => 'null' }, | |
157 | ||
158 | code => sub { | |
159 | my ($param) = @_; | |
160 | ||
d4b3eead TL |
161 | my $vmid = $param->{vmid}; |
162 | ||
1330491c TL |
163 | PVE::LXC::Config->load_config($vmid); # test if container exists on this node |
164 | die "container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid); | |
9beee926 | 165 | |
d4b3eead | 166 | exec('lxc-attach', '-n', $vmid); |
9beee926 DM |
167 | }}); |
168 | ||
169 | __PACKAGE__->register_method ({ | |
170 | name => 'exec', | |
171 | path => 'exec', | |
172 | method => 'GET', | |
173 | description => "Launch a command inside the specified container.", | |
174 | parameters => { | |
3c841167 | 175 | additionalProperties => 0, |
9beee926 | 176 | properties => { |
4b09527c | 177 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), |
9beee926 DM |
178 | 'extra-args' => get_standard_option('extra-args'), |
179 | }, | |
180 | }, | |
181 | returns => { type => 'null' }, | |
9beee926 DM |
182 | code => sub { |
183 | my ($param) = @_; | |
184 | ||
8d43ef79 TL |
185 | my $vmid = $param->{vmid}; |
186 | PVE::LXC::Config->load_config($vmid); # test if container exists on this node | |
1330491c | 187 | die "container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid); |
9b813f83 | 188 | |
a0af6336 TL |
189 | die "missing command" if !@{$param->{'extra-args'}}; |
190 | ||
8d43ef79 | 191 | exec('lxc-attach', '-n', $vmid, '--', @{$param->{'extra-args'}}); |
9beee926 DM |
192 | }}); |
193 | ||
5ef9e3d1 | 194 | __PACKAGE__->register_method ({ |
f8327ed5 EK |
195 | name => 'fsck', |
196 | path => 'fsck', | |
197 | method => 'PUT', | |
5ef9e3d1 | 198 | description => "Run a filesystem check (fsck) on a container volume.", |
f8327ed5 EK |
199 | parameters => { |
200 | additionalProperties => 0, | |
201 | properties => { | |
202 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), | |
203 | force => { | |
204 | optional => 1, | |
205 | type => 'boolean', | |
206 | description => "Force checking, even if the filesystem seems clean", | |
207 | default => 0, | |
208 | }, | |
209 | device => { | |
210 | optional => 1, | |
211 | type => 'string', | |
212 | description => "A volume on which to run the filesystem check", | |
5e5d76cf | 213 | enum => [PVE::LXC::Config->valid_volume_keys()], |
f8327ed5 EK |
214 | }, |
215 | }, | |
216 | }, | |
217 | returns => { type => 'null' }, | |
218 | code => sub { | |
f8327ed5 | 219 | my ($param) = @_; |
3c841167 | 220 | |
f8327ed5 EK |
221 | my $vmid = $param->{'vmid'}; |
222 | my $device = defined($param->{'device'}) ? $param->{'device'} : 'rootfs'; | |
223 | ||
224 | my $command = ['fsck', '-a', '-l']; | |
225 | push(@$command, '-f') if $param->{force}; | |
226 | ||
227 | # critical path: all of this will be done while the container is locked | |
228 | my $do_fsck = sub { | |
229 | ||
67afe46e | 230 | my $conf = PVE::LXC::Config->load_config($vmid); |
f8327ed5 EK |
231 | my $storage_cfg = PVE::Storage::config(); |
232 | ||
235dbdf3 | 233 | defined($conf->{$device}) || die "cannot run command on non-existing mount point $device\n"; |
f8327ed5 | 234 | |
e4034859 | 235 | my $mount_point = PVE::LXC::Config->parse_volume($device, $conf->{$device}); |
44a9face | 236 | |
d8cde2e8 TL |
237 | die "cannot run fsck when container is running\n" |
238 | if PVE::LXC::check_running($vmid); | |
239 | ||
f8327ed5 EK |
240 | my $volid = $mount_point->{volume}; |
241 | ||
242 | my $path; | |
243 | my $storage_id = PVE::Storage::parse_volume_id($volid, 1); | |
244 | ||
245 | if ($storage_id) { | |
f8327ed5 | 246 | my (undef, undef, undef, undef, undef, undef, $format) = |
da9e487b | 247 | PVE::Storage::parse_volname($storage_cfg, $volid); |
f8327ed5 | 248 | |
da9e487b DM |
249 | die "unable to run fsck for '$volid' (format == $format)\n" |
250 | if $format ne 'raw'; | |
f8327ed5 | 251 | |
bcf1163d | 252 | $path = PVE::Storage::map_volume($storage_cfg, $volid); |
f8327ed5 EK |
253 | |
254 | } else { | |
da9e487b | 255 | if (($volid =~ m|^/.+|) && (-b $volid)) { |
f8327ed5 EK |
256 | # pass block devices directly |
257 | $path = $volid; | |
258 | } else { | |
da9e487b | 259 | die "path '$volid' does not point to a block device\n"; |
f8327ed5 EK |
260 | } |
261 | } | |
262 | ||
263 | push(@$command, $path); | |
f8327ed5 | 264 | PVE::Tools::run_command($command); |
d8cde2e8 | 265 | |
bcf1163d | 266 | PVE::Storage::unmap_volume($storage_cfg, $volid) if $storage_id; |
f8327ed5 EK |
267 | }; |
268 | ||
67afe46e | 269 | PVE::LXC::Config->lock_config($vmid, $do_fsck); |
f8327ed5 EK |
270 | return undef; |
271 | }}); | |
272 | ||
c93be6ed WB |
273 | __PACKAGE__->register_method({ |
274 | name => 'mount', | |
275 | path => 'mount', | |
276 | method => 'POST', | |
277 | description => "Mount the container's filesystem on the host. " . | |
278 | "This will hold a lock on the container and is meant for emergency maintenance only " . | |
279 | "as it will prevent further operations on the container other than start and stop.", | |
280 | parameters => { | |
281 | additionalProperties => 0, | |
282 | properties => { | |
283 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
284 | }, | |
285 | }, | |
286 | returns => { type => 'null' }, | |
287 | code => sub { | |
288 | my ($param) = @_; | |
289 | ||
290 | my $rpcenv = PVE::RPCEnvironment::get(); | |
291 | ||
292 | my $vmid = extract_param($param, 'vmid'); | |
293 | my $storecfg = PVE::Storage::config(); | |
67afe46e FG |
294 | PVE::LXC::Config->lock_config($vmid, sub { |
295 | my $conf = PVE::LXC::Config->set_lock($vmid, 'mounted'); | |
c93be6ed WB |
296 | PVE::LXC::mount_all($vmid, $storecfg, $conf); |
297 | }); | |
8632d8eb TL |
298 | |
299 | print "mounted CT $vmid in '/var/lib/lxc/$vmid/rootfs'\n"; | |
c93be6ed WB |
300 | return undef; |
301 | }}); | |
302 | ||
303 | __PACKAGE__->register_method({ | |
304 | name => 'unmount', | |
305 | path => 'unmount', | |
306 | method => 'POST', | |
307 | description => "Unmount the container's filesystem.", | |
308 | parameters => { | |
309 | additionalProperties => 0, | |
310 | properties => { | |
311 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
312 | }, | |
313 | }, | |
314 | returns => { type => 'null' }, | |
315 | code => sub { | |
316 | my ($param) = @_; | |
317 | ||
318 | my $rpcenv = PVE::RPCEnvironment::get(); | |
319 | ||
320 | my $vmid = extract_param($param, 'vmid'); | |
321 | my $storecfg = PVE::Storage::config(); | |
67afe46e FG |
322 | PVE::LXC::Config->lock_config($vmid, sub { |
323 | my $conf = PVE::LXC::Config->load_config($vmid); | |
c93be6ed | 324 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); |
67afe46e | 325 | PVE::LXC::Config->remove_lock($vmid, 'mounted'); |
c93be6ed WB |
326 | }); |
327 | return undef; | |
328 | }}); | |
329 | ||
c6b59656 WB |
330 | __PACKAGE__->register_method({ |
331 | name => 'df', | |
332 | path => 'df', | |
333 | method => 'GET', | |
334 | description => "Get the container's current disk usage.", | |
335 | parameters => { | |
336 | additionalProperties => 0, | |
337 | properties => { | |
338 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
339 | }, | |
340 | }, | |
341 | returns => { type => 'null' }, | |
342 | code => sub { | |
343 | my ($param) = @_; | |
344 | ||
345 | my $rpcenv = PVE::RPCEnvironment::get(); | |
346 | ||
347 | # JSONSchema's format_size is exact, this uses floating point numbers | |
348 | my $format = sub { | |
349 | my ($size) = @_; | |
350 | return $size if $size < 1024.; | |
351 | $size /= 1024.; | |
352 | return sprintf('%.1fK', ${size}) if $size < 1024.; | |
353 | $size /= 1024.; | |
354 | return sprintf('%.1fM', ${size}) if $size < 1024.; | |
355 | $size /= 1024.; | |
356 | return sprintf('%.1fG', ${size}) if $size < 1024.; | |
357 | $size /= 1024.; | |
358 | return sprintf('%.1fT', ${size}) if $size < 1024.; | |
359 | }; | |
360 | ||
361 | my $vmid = extract_param($param, 'vmid'); | |
362 | PVE::LXC::Config->lock_config($vmid, sub { | |
363 | my $pid = eval { PVE::LXC::find_lxc_pid($vmid) }; | |
364 | my ($conf, $rootdir, $storecfg, $mounted); | |
365 | if ($@ || !$pid) { | |
366 | $conf = PVE::LXC::Config->set_lock($vmid, 'mounted'); | |
367 | $rootdir = "/var/lib/lxc/$vmid/rootfs"; | |
368 | $storecfg = PVE::Storage::config(); | |
369 | PVE::LXC::mount_all($vmid, $storecfg, $conf); | |
370 | $mounted = 1; | |
371 | } else { | |
372 | $conf = PVE::LXC::Config->load_config($vmid); | |
373 | $rootdir = "/proc/$pid/root"; | |
374 | } | |
375 | ||
376 | my @list = [qw(MP Volume Size Used Avail Use% Path)]; | |
377 | my @len = map { length($_) } @{$list[0]}; | |
378 | ||
379 | eval { | |
015740e6 | 380 | PVE::LXC::Config->foreach_volume($conf, sub { |
c6b59656 WB |
381 | my ($name, $mp) = @_; |
382 | my $path = $mp->{mp}; | |
383 | ||
384 | my $df = PVE::Tools::df("$rootdir/$path", 3); | |
385 | my $total = $format->($df->{total}); | |
386 | my $used = $format->($df->{used}); | |
387 | my $avail = $format->($df->{avail}); | |
388 | ||
389 | my $pc = sprintf('%.1f', $df->{used}/$df->{total}); | |
390 | ||
391 | my $entry = [ $name, $mp->{volume}, $total, $used, $avail, $pc, $path ]; | |
392 | push @list, $entry; | |
393 | ||
394 | foreach my $i (0..5) { | |
395 | $len[$i] = length($entry->[$i]) | |
396 | if $len[$i] < length($entry->[$i]); | |
397 | } | |
398 | }); | |
399 | ||
400 | my $format = "%-$len[0]s %-$len[1]s %$len[2]s %$len[3]s %$len[4]s %$len[5]s %s\n"; | |
401 | printf($format, @$_) foreach @list; | |
402 | }; | |
403 | warn $@ if $@; | |
404 | ||
405 | if ($mounted) { | |
406 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); | |
407 | PVE::LXC::Config->remove_lock($vmid, 'mounted'); | |
408 | } | |
409 | }); | |
410 | return undef; | |
411 | }}); | |
412 | ||
b95bf64b WB |
413 | # File creation with specified ownership and permissions. |
414 | # User and group can be names or decimal numbers. | |
415 | # Permissions are explicit (not affected by umask) and can be numeric with the | |
416 | # usual 0/0x prefixes for octal/hex. | |
417 | sub create_file { | |
418 | my ($path, $perms, $user, $group) = @_; | |
419 | my ($uid, $gid); | |
420 | if (defined($user)) { | |
421 | if ($user =~ /^\d+$/) { | |
422 | $uid = int($user); | |
423 | } else { | |
d7c03854 OB |
424 | $uid = getpwnam($user); |
425 | die "failed to get uid for: $user\n" if !defined($uid); | |
b95bf64b WB |
426 | } |
427 | } | |
428 | if (defined($group)) { | |
429 | if ($group =~ /^\d+$/) { | |
430 | $gid = int($group); | |
431 | } else { | |
d7c03854 OB |
432 | $gid = getgrnam($group); |
433 | die "failed to get gid for: $group\n" if !defined($gid); | |
b95bf64b WB |
434 | } |
435 | } | |
436 | ||
437 | if (defined($perms)) { | |
438 | $! = 0; | |
439 | my ($mode, $unparsed) = POSIX::strtoul($perms, 0); | |
440 | die "invalid mode: '$perms'\n" if $perms eq '' || $unparsed > 0 || $!; | |
441 | $perms = $mode; | |
442 | } | |
443 | ||
444 | my $fd; | |
445 | if (sysopen($fd, $path, O_WRONLY | O_CREAT | O_EXCL, 0)) { | |
446 | $perms = 0666 & ~umask if !defined($perms); | |
447 | } else { | |
448 | # If the path previously existed then we do not care about left-over | |
449 | # file descriptors even if the permissions/ownership is changed. | |
450 | sysopen($fd, $path, O_WRONLY | O_CREAT | O_TRUNC) | |
451 | or die "failed to create file: $path: $!\n"; | |
452 | } | |
453 | ||
454 | my $trunc = 0; | |
455 | ||
456 | if (defined($perms)) { | |
457 | $trunc = 1; | |
458 | chmod($perms, $fd); | |
459 | } | |
460 | ||
461 | if (defined($uid) || defined($gid)) { | |
462 | $trunc = 1; | |
463 | my ($fuid, $fgid) = (stat($fd))[4,5] if !defined($uid) || !defined($gid); | |
464 | $uid = $fuid if !defined($uid); | |
465 | $gid = $fgid if !defined($gid); | |
466 | chown($uid, $gid, $fd) | |
467 | or die "failed to change file owner: $!\n"; | |
468 | } | |
469 | return $fd; | |
470 | } | |
471 | ||
6827e44d AA |
472 | __PACKAGE__->register_method ({ |
473 | name => 'rescan', | |
474 | path => 'rescan', | |
475 | method => 'POST', | |
476 | description => "Rescan all storages and update disk sizes and unused disk images.", | |
477 | parameters => { | |
478 | additionalProperties => 0, | |
479 | properties => { | |
480 | vmid => get_standard_option('pve-vmid', { | |
481 | optional => 1, | |
482 | completion => \&PVE::LXC::complete_ctid, | |
483 | }), | |
484 | dryrun => { | |
485 | type => 'boolean', | |
486 | optional => 1, | |
487 | default => 0, | |
488 | description => 'Do not actually write changes out to conifg.', | |
489 | }, | |
490 | }, | |
491 | }, | |
492 | returns => { type => 'null'}, | |
493 | code => sub { | |
494 | my ($param) = @_; | |
495 | ||
496 | my $dryrun = $param->{dryrun}; | |
497 | ||
498 | print "NOTE: running in dry-run mode, won't write changes out!\n" if $dryrun; | |
499 | ||
500 | PVE::LXC::rescan($param->{vmid}, 0, $dryrun); | |
501 | ||
502 | return undef; | |
503 | }}); | |
504 | ||
b95bf64b WB |
505 | __PACKAGE__->register_method({ |
506 | name => 'pull', | |
507 | path => 'pull', | |
508 | method => 'PUT', | |
509 | description => "Copy a file from the container to the local system.", | |
510 | parameters => { | |
511 | additionalProperties => 0, | |
512 | properties => { | |
513 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
514 | path => { | |
515 | type => 'string', | |
516 | description => "Path to a file inside the container to pull.", | |
517 | }, | |
518 | destination => { | |
519 | type => 'string', | |
520 | description => "Destination", | |
521 | }, | |
522 | user => { | |
523 | type => 'string', | |
524 | description => 'Owner user name or id.', | |
525 | optional => 1, | |
526 | }, | |
527 | group => { | |
528 | type => 'string', | |
529 | description => 'Owner group name or id.', | |
530 | optional => 1, | |
531 | }, | |
532 | perms => { | |
533 | type => 'string', | |
893e40de | 534 | description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).", |
b95bf64b WB |
535 | optional => 1, |
536 | }, | |
537 | }, | |
538 | }, | |
539 | returns => { | |
540 | type => 'string', | |
541 | description => "the task ID.", | |
542 | }, | |
543 | code => sub { | |
544 | my ($param) = @_; | |
545 | ||
546 | my $rpcenv = PVE::RPCEnvironment::get(); | |
547 | ||
548 | my $vmid = extract_param($param, 'vmid'); | |
549 | my $path = extract_param($param, 'path'); | |
550 | my $dest = extract_param($param, 'destination'); | |
551 | ||
552 | my $perms = extract_param($param, 'perms'); | |
fa0ab908 DM |
553 | # assume octal as default |
554 | $perms = "0$perms" if defined($perms) && $perms !~m/^0/; | |
b95bf64b WB |
555 | my $user = extract_param($param, 'user'); |
556 | my $group = extract_param($param, 'group'); | |
557 | ||
558 | my $code = sub { | |
559 | my $running = PVE::LXC::check_running($vmid); | |
560 | die "can only pull files from a running VM" if !$running; | |
561 | ||
562 | my $realcmd = sub { | |
563 | my $pid = PVE::LXC::find_lxc_pid($vmid); | |
564 | # Avoid symlink issues by opening the files from inside the | |
565 | # corresponding namespaces. | |
566 | my $destfd = create_file($dest, $perms, $user, $group); | |
567 | ||
568 | sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY | |
569 | or die "failed to open the container's mount namespace\n"; | |
570 | PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS) | |
571 | or die "failed to enter the container's mount namespace\n"; | |
572 | close($mntnsfd); | |
573 | chdir('/') or die "failed to change to container root directory\n"; | |
574 | ||
575 | open my $srcfd, '<', $path | |
576 | or die "failed to open $path: $!\n"; | |
577 | ||
578 | copy($srcfd, $destfd); | |
579 | }; | |
580 | ||
581 | # This avoids having to setns() back to our namespace. | |
582 | return $rpcenv->fork_worker('pull_file', $vmid, undef, $realcmd); | |
583 | }; | |
584 | ||
67afe46e | 585 | return PVE::LXC::Config->lock_config($vmid, $code); |
b95bf64b WB |
586 | }}); |
587 | ||
588 | __PACKAGE__->register_method({ | |
589 | name => 'push', | |
590 | path => 'push', | |
591 | method => 'PUT', | |
592 | description => "Copy a local file to the container.", | |
593 | parameters => { | |
594 | additionalProperties => 0, | |
595 | properties => { | |
596 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
597 | file => { | |
598 | type => 'string', | |
599 | description => "Path to a local file.", | |
600 | }, | |
601 | destination => { | |
602 | type => 'string', | |
603 | description => "Destination inside the container to write to.", | |
604 | }, | |
605 | user => { | |
606 | type => 'string', | |
607 | description => 'Owner user name or id. When using a name it must exist inside the container.', | |
608 | optional => 1, | |
609 | }, | |
610 | group => { | |
611 | type => 'string', | |
612 | description => 'Owner group name or id. When using a name it must exist inside the container.', | |
613 | optional => 1, | |
614 | }, | |
615 | perms => { | |
616 | type => 'string', | |
893e40de | 617 | description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).", |
b95bf64b WB |
618 | optional => 1, |
619 | }, | |
620 | }, | |
621 | }, | |
622 | returns => { | |
623 | type => 'string', | |
624 | description => "the task ID.", | |
625 | }, | |
626 | code => sub { | |
627 | my ($param) = @_; | |
628 | ||
629 | my $rpcenv = PVE::RPCEnvironment::get(); | |
630 | ||
631 | my $vmid = extract_param($param, 'vmid'); | |
632 | my $file = extract_param($param, 'file'); | |
633 | my $dest = extract_param($param, 'destination'); | |
634 | ||
635 | my $perms = extract_param($param, 'perms'); | |
fa0ab908 DM |
636 | # assume octal as default |
637 | $perms = "0$perms" if defined($perms) && $perms !~m/^0/; | |
b95bf64b WB |
638 | my $user = extract_param($param, 'user'); |
639 | my $group = extract_param($param, 'group'); | |
640 | ||
641 | my $code = sub { | |
642 | my $running = PVE::LXC::check_running($vmid); | |
5a883bff | 643 | die "can only push files to a running CT\n" if !$running; |
b95bf64b | 644 | |
67afe46e | 645 | my $conf = PVE::LXC::Config->load_config($vmid); |
b95bf64b WB |
646 | my $unprivileged = $conf->{unprivileged}; |
647 | ||
648 | my $realcmd = sub { | |
649 | my $pid = PVE::LXC::find_lxc_pid($vmid); | |
650 | # We open the file then enter the container's mount - and for | |
651 | # unprivileged containers - user namespace and then create the | |
652 | # file. This avoids symlink attacks as a symlink cannot point | |
653 | # outside the namespace and our own access is equivalent to the | |
654 | # container-local's root user. Also the user-passed -user and | |
655 | # -group parameters will use the container-local's user and | |
656 | # group names. | |
657 | sysopen my $srcfd, $file, O_RDONLY | |
658 | or die "failed to open $file for reading\n"; | |
659 | ||
660 | sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY | |
661 | or die "failed to open the container's mount namespace\n"; | |
662 | my $usernsfd; | |
663 | if ($unprivileged) { | |
664 | sysopen $usernsfd, "/proc/$pid/ns/user", O_RDONLY | |
665 | or die "failed to open the container's user namespace\n"; | |
666 | } | |
667 | ||
668 | PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS) | |
669 | or die "failed to enter the container's mount namespace\n"; | |
670 | close($mntnsfd); | |
671 | chdir('/') or die "failed to change to container root directory\n"; | |
672 | ||
673 | if ($unprivileged) { | |
674 | PVE::Tools::setns(fileno($usernsfd), PVE::Tools::CLONE_NEWUSER) | |
675 | or die "failed to enter the container's user namespace\n"; | |
676 | close($usernsfd); | |
677 | POSIX::setgid(0) or die "setgid failed: $!\n"; | |
678 | POSIX::setuid(0) or die "setuid failed: $!\n"; | |
679 | } | |
680 | ||
681 | my $destfd = create_file($dest, $perms, $user, $group); | |
682 | copy($srcfd, $destfd); | |
683 | }; | |
684 | ||
685 | # This avoids having to setns() back to our namespace. | |
686 | return $rpcenv->fork_worker('push_file', $vmid, undef, $realcmd); | |
687 | }; | |
688 | ||
67afe46e | 689 | return PVE::LXC::Config->lock_config($vmid, $code); |
b95bf64b WB |
690 | }}); |
691 | ||
c87b1505 DM |
692 | __PACKAGE__->register_method ({ |
693 | name => 'cpusets', | |
694 | path => 'cpusets', | |
695 | method => 'GET', | |
696 | description => "Print the list of assigned CPU sets.", | |
697 | parameters => { | |
698 | additionalProperties => 0, | |
699 | properties => {}, | |
700 | }, | |
701 | returns => { type => 'null'}, | |
702 | code => sub { | |
703 | my ($param) = @_; | |
704 | ||
705 | my $ctlist = PVE::LXC::config_list(); | |
706 | ||
707 | my $len = 0; | |
708 | my $id_len = 0; | |
709 | my $res = {}; | |
710 | ||
711 | foreach my $vmid (sort keys %$ctlist) { | |
fdc5f2ad | 712 | my $cgroup = PVE::LXC::CGroup->new($vmid); |
c87b1505 | 713 | |
fdc5f2ad | 714 | my ($cpuset, $path); |
7dad5464 | 715 | if (defined($path = $cgroup->get_path('cpuset', 1))) { |
66f7024e | 716 | $cpuset = eval { PVE::CpuSet->new_from_path($path, 1); }; |
7dad5464 | 717 | } elsif (defined($path = $cgroup->get_path(undef, 1))) { |
66f7024e | 718 | $cpuset = eval { PVE::CpuSet->new_from_path($path, 1); }; |
fdc5f2ad WB |
719 | } else { |
720 | # Container not running. | |
721 | next; | |
722 | } | |
c87b1505 DM |
723 | if (my $err = $@) { |
724 | warn $err; | |
725 | next; | |
726 | } | |
fdc5f2ad | 727 | |
c87b1505 DM |
728 | my @cpuset_members = $cpuset->members(); |
729 | ||
730 | my $line = ': '; | |
731 | ||
732 | my $last = $cpuset_members[-1]; | |
733 | ||
734 | for (my $id = 0; $id <= $last; $id++) { | |
735 | my $empty = ' ' x length("$id"); | |
736 | $line .= ' ' . ($cpuset->has($id) ? $id : $empty); | |
737 | } | |
738 | $len = length($line) if length($line) > $len; | |
739 | $id_len = length($vmid) if length($vmid) > $id_len; | |
740 | ||
741 | $res->{$vmid} = $line; | |
742 | } | |
743 | ||
486fe362 | 744 | my @vmlist = sort keys %$res; |
c87b1505 | 745 | |
486fe362 DM |
746 | if (scalar(@vmlist)) { |
747 | my $header = '-' x ($len + $id_len) . "\n"; | |
748 | ||
749 | print $header; | |
750 | foreach my $vmid (@vmlist) { | |
751 | print sprintf("%${id_len}i%s\n", $vmid, $res->{$vmid}); | |
752 | } | |
753 | print $header; | |
754 | ||
755 | } else { | |
756 | print "no running containers\n"; | |
c87b1505 | 757 | } |
c87b1505 DM |
758 | |
759 | return undef; | |
760 | }}); | |
761 | ||
e08ac1a0 OB |
762 | __PACKAGE__->register_method ({ |
763 | name => 'fstrim', | |
764 | path => 'fstrim', | |
765 | method => 'POST', | |
22be1b3f | 766 | description => "Run fstrim on a chosen CT and its mountpoints, except bind or read-only mountpoints.", |
e08ac1a0 OB |
767 | parameters => { |
768 | additionalProperties => 0, | |
769 | properties => { | |
770 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
4590b2e4 | 771 | 'ignore-mountpoints' => { |
8a4db933 | 772 | description => 'Skip all mountpoints, only do fstrim on the container root.', |
4590b2e4 OB |
773 | optional => 1, |
774 | type => 'boolean', | |
775 | }, | |
e08ac1a0 OB |
776 | }, |
777 | }, | |
778 | returns => { type => 'null' }, | |
779 | code => sub { | |
780 | ||
781 | my ($param) = @_; | |
782 | my $vmid = $param->{'vmid'}; | |
783 | ||
784 | my $rootdir = "/var/lib/lxc/$vmid/rootfs"; | |
785 | ||
786 | my $storecfg = PVE::Storage::config(); | |
787 | my $conf = PVE::LXC::Config->set_lock($vmid, 'fstrim'); | |
e08ac1a0 OB |
788 | eval { |
789 | my $path = ""; | |
a179d3a7 | 790 | PVE::LXC::mount_all($vmid, $storecfg, $conf); |
015740e6 | 791 | PVE::LXC::Config->foreach_volume($conf, sub { |
e08ac1a0 OB |
792 | my ($name, $mp) = @_; |
793 | $path = $mp->{mp}; | |
22be1b3f | 794 | return if $mp->{type} eq 'bind' || $mp->{ro}; |
4590b2e4 | 795 | return if $param->{'ignore-mountpoints'} && $name =~ /^mp\d+/; |
e08ac1a0 | 796 | my $cmd = ["fstrim", "-v", "$rootdir$path"]; |
9d9ac8a9 | 797 | PVE::Tools::run_command($cmd, noerr => 1); |
e08ac1a0 OB |
798 | }); |
799 | }; | |
a179d3a7 | 800 | warn $@ if $@; |
e08ac1a0 OB |
801 | |
802 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); | |
803 | PVE::LXC::Config->remove_lock($vmid, 'fstrim'); | |
804 | ||
805 | return undef; | |
806 | }}); | |
807 | ||
2c4baf7d FG |
808 | |
809 | __PACKAGE__->register_method({ | |
810 | name => 'remote_migrate_vm', | |
811 | path => 'remote_migrate_vm', | |
812 | method => 'POST', | |
813 | description => "Migrate container to a remote cluster. Creates a new migration task. EXPERIMENTAL feature!", | |
814 | permissions => { | |
815 | check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]], | |
816 | }, | |
817 | parameters => { | |
818 | additionalProperties => 0, | |
819 | properties => { | |
820 | node => get_standard_option('pve-node'), | |
821 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), | |
822 | 'target-vmid' => get_standard_option('pve-vmid', { optional => 1 }), | |
823 | 'target-endpoint' => get_standard_option('proxmox-remote', { | |
824 | description => "Remote target endpoint", | |
825 | }), | |
826 | online => { | |
827 | type => 'boolean', | |
828 | description => "Use online/live migration.", | |
829 | optional => 1, | |
830 | }, | |
831 | restart => { | |
832 | type => 'boolean', | |
833 | description => "Use restart migration", | |
834 | optional => 1, | |
835 | }, | |
836 | timeout => { | |
837 | type => 'integer', | |
838 | description => "Timeout in seconds for shutdown for restart migration", | |
839 | optional => 1, | |
840 | default => 180, | |
841 | }, | |
842 | delete => { | |
843 | type => 'boolean', | |
844 | description => "Delete the original CT and related data after successful migration. By default the original CT is kept on the source cluster in a stopped state.", | |
845 | optional => 1, | |
846 | default => 0, | |
847 | }, | |
848 | 'target-storage' => get_standard_option('pve-targetstorage', { | |
849 | completion => \&PVE::QemuServer::complete_migration_storage, | |
850 | optional => 0, | |
851 | }), | |
852 | 'target-bridge' => { | |
853 | type => 'string', | |
854 | description => "Mapping from source to target bridges. Providing only a single bridge ID maps all source bridges to that bridge. Providing the special value '1' will map each source bridge to itself.", | |
855 | format => 'bridge-pair-list', | |
856 | }, | |
857 | bwlimit => { | |
858 | description => "Override I/O bandwidth limit (in KiB/s).", | |
859 | optional => 1, | |
860 | type => 'integer', | |
861 | minimum => '0', | |
862 | default => 'migrate limit from datacenter or storage config', | |
863 | }, | |
864 | }, | |
865 | }, | |
866 | returns => { | |
867 | type => 'string', | |
868 | description => "the task ID.", | |
869 | }, | |
870 | code => sub { | |
871 | my ($param) = @_; | |
872 | ||
873 | my $rpcenv = PVE::RPCEnvironment::get(); | |
874 | my $authuser = $rpcenv->get_user(); | |
875 | ||
876 | my $source_vmid = $param->{vmid}; | |
877 | my $target_endpoint = $param->{'target-endpoint'}; | |
878 | my $target_vmid = $param->{'target-vmid'} // $source_vmid; | |
879 | ||
880 | my $remote = PVE::JSONSchema::parse_property_string('proxmox-remote', $target_endpoint); | |
881 | ||
882 | # TODO: move this as helper somewhere appropriate? | |
883 | my $conn_args = { | |
884 | protocol => 'https', | |
885 | host => $remote->{host}, | |
886 | port => $remote->{port} // 8006, | |
887 | apitoken => $remote->{apitoken}, | |
888 | }; | |
889 | ||
890 | $conn_args->{cached_fingerprints} = { uc($remote->{fingerprint}) => 1 } | |
891 | if defined($remote->{fingerprint}); | |
892 | ||
893 | my $api_client = PVE::APIClient::LWP->new(%$conn_args); | |
894 | my $resources = $api_client->get("/cluster/resources", { type => 'vm' }); | |
895 | if (grep { defined($_->{vmid}) && $_->{vmid} eq $target_vmid } @$resources) { | |
896 | raise_param_exc({ target_vmid => "Guest with ID '$target_vmid' already exists on remote cluster" }); | |
897 | } | |
898 | ||
899 | my $storages = $api_client->get("/nodes/localhost/storage", { enabled => 1 }); | |
900 | ||
901 | my $storecfg = PVE::Storage::config(); | |
902 | my $target_storage = $param->{'target-storage'}; | |
903 | my $storagemap = eval { PVE::JSONSchema::parse_idmap($target_storage, 'pve-storage-id') }; | |
904 | raise_param_exc({ 'target-storage' => "failed to parse storage map: $@" }) | |
905 | if $@; | |
906 | ||
907 | my $check_remote_storage = sub { | |
908 | my ($storage) = @_; | |
909 | my $found = [ grep { $_->{storage} eq $storage } @$storages ]; | |
910 | die "remote: storage '$storage' does not exist!\n" | |
911 | if !@$found; | |
912 | ||
913 | $found = @$found[0]; | |
914 | ||
915 | my $content_types = [ PVE::Tools::split_list($found->{content}) ]; | |
916 | die "remote: storage '$storage' cannot store CT rootdir\n" | |
917 | if !grep { $_ eq 'rootdir' } @$content_types; | |
918 | }; | |
919 | ||
920 | foreach my $target_sid (values %{$storagemap->{entries}}) { | |
921 | $check_remote_storage->($target_sid); | |
922 | } | |
923 | ||
924 | $check_remote_storage->($storagemap->{default}) | |
925 | if $storagemap->{default}; | |
926 | ||
927 | return PVE::API2::LXC->remote_migrate_vm($param); | |
928 | }}); | |
929 | ||
9beee926 DM |
930 | our $cmddef = { |
931 | list=> [ 'PVE::API2::LXC', 'vmlist', [], { node => $nodename }, sub { | |
932 | my $res = shift; | |
933 | return if !scalar(@$res); | |
d0226204 WB |
934 | my $format = "%-10s %-10s %-12s %-20s\n"; |
935 | printf($format, 'VMID', 'Status', 'Lock', 'Name'); | |
9beee926 | 936 | foreach my $d (sort {$a->{vmid} <=> $b->{vmid} } @$res) { |
7790ecf6 FE |
937 | my $lock = $d->{lock} || ''; |
938 | printf($format, $d->{vmid}, $d->{status}, $lock, $d->{name}); | |
9beee926 DM |
939 | } |
940 | }], | |
f30ad07e TL |
941 | config => [ "PVE::API2::LXC::Config", 'vm_config', ['vmid'], { node => $nodename }, sub { |
942 | my $config = shift; | |
943 | for my $k (sort (keys %$config)) { | |
944 | next if $k eq 'digest' || $k eq 'lxc'; | |
945 | my $v = $config->{$k}; | |
946 | if ($k eq 'description') { | |
947 | $v = PVE::Tools::encode_text($v); | |
948 | } | |
949 | print "$k: $v\n"; | |
950 | } | |
951 | if (defined(my $lxc_list = $config->{'lxc'})) { | |
952 | for my $lxc_opt (@$lxc_list) { | |
953 | print "$lxc_opt->[0]: $lxc_opt->[1]\n" | |
954 | } | |
955 | } | |
956 | }], | |
f9fc67e9 OB |
957 | |
958 | pending => [ "PVE::API2::LXC", "vm_pending", ['vmid'], { node => $nodename }, \&PVE::GuestHelpers::format_pending ], | |
9beee926 | 959 | set => [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node => $nodename }], |
40626217 | 960 | |
985b18ed | 961 | resize => [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node => $nodename } ], |
721b6d63 | 962 | |
9beee926 DM |
963 | create => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename }, $upid_exit ], |
964 | restore => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename, restore => 1 }, $upid_exit ], | |
721b6d63 | 965 | destroy => [ 'PVE::API2::LXC', 'destroy_vm', ['vmid'], { node => $nodename }, $upid_exit ], |
9beee926 DM |
966 | |
967 | start => [ 'PVE::API2::LXC::Status', 'vm_start', ['vmid'], { node => $nodename }, $upid_exit], | |
968 | suspend => [ 'PVE::API2::LXC::Status', 'vm_suspend', ['vmid'], { node => $nodename }, $upid_exit], | |
969 | resume => [ 'PVE::API2::LXC::Status', 'vm_resume', ['vmid'], { node => $nodename }, $upid_exit], | |
970 | shutdown => [ 'PVE::API2::LXC::Status', 'vm_shutdown', ['vmid'], { node => $nodename }, $upid_exit], | |
971 | stop => [ 'PVE::API2::LXC::Status', 'vm_stop', ['vmid'], { node => $nodename }, $upid_exit], | |
f5fe1125 OB |
972 | reboot => [ 'PVE::API2::LXC::Status', 'vm_reboot', ['vmid'], { node => $nodename }, $upid_exit], |
973 | ||
c4a33727 | 974 | clone => [ "PVE::API2::LXC", 'clone_vm', ['vmid', 'newid'], { node => $nodename }, $upid_exit ], |
9beee926 | 975 | migrate => [ "PVE::API2::LXC", 'migrate_vm', ['vmid', 'target'], { node => $nodename }, $upid_exit], |
93c2e6f7 AL |
976 | 'move-volume' => [ "PVE::API2::LXC", 'move_volume', ['vmid', 'volume', 'storage', 'target-vmid', 'target-volume'], { node => $nodename }, $upid_exit ], |
977 | move_volume => { alias => 'move-volume' }, | |
2c4baf7d | 978 | 'remote-migrate' => [ __PACKAGE__, 'remote_migrate_vm', ['vmid', 'target-vmid', 'target-endpoint'], { node => $nodename }, $upid_exit ], |
721b6d63 TL |
979 | |
980 | snapshot => [ "PVE::API2::LXC::Snapshot", 'snapshot', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
981 | delsnapshot => [ "PVE::API2::LXC::Snapshot", 'delsnapshot', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
982 | listsnapshot => [ "PVE::API2::LXC::Snapshot", 'list', ['vmid'], { node => $nodename }, \&PVE::GuestHelpers::print_snapshot_tree ], | |
983 | rollback => [ "PVE::API2::LXC::Snapshot", 'rollback', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
984 | template => [ "PVE::API2::LXC", 'template', ['vmid'], { node => $nodename }], | |
985 | ||
699ee9b2 | 986 | status => [ __PACKAGE__, 'status', ['vmid']], |
9beee926 DM |
987 | console => [ __PACKAGE__, 'console', ['vmid']], |
988 | enter => [ __PACKAGE__, 'enter', ['vmid']], | |
c72bd0ba | 989 | unlock => [ __PACKAGE__, 'unlock', ['vmid']], |
9beee926 | 990 | exec => [ __PACKAGE__, 'exec', ['vmid', 'extra-args']], |
f8327ed5 | 991 | fsck => [ __PACKAGE__, 'fsck', ['vmid']], |
b95bf64b | 992 | |
c93be6ed WB |
993 | mount => [ __PACKAGE__, 'mount', ['vmid']], |
994 | unmount => [ __PACKAGE__, 'unmount', ['vmid']], | |
b95bf64b WB |
995 | push => [ __PACKAGE__, 'push', ['vmid', 'file', 'destination']], |
996 | pull => [ __PACKAGE__, 'pull', ['vmid', 'path', 'destination']], | |
c6b59656 WB |
997 | |
998 | df => [ __PACKAGE__, 'df', ['vmid']], | |
6827e44d | 999 | rescan => [ __PACKAGE__, 'rescan', []], |
c87b1505 | 1000 | cpusets => [ __PACKAGE__, 'cpusets', []], |
e08ac1a0 | 1001 | fstrim => [ __PACKAGE__, 'fstrim', ['vmid']], |
9beee926 DM |
1002 | }; |
1003 | ||
9beee926 | 1004 | 1; |