]>
Commit | Line | Data |
---|---|---|
1 | package PVE::API2::Subscription; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use Digest::MD5 qw(md5_hex md5_base64); | |
6 | use MIME::Base64; | |
7 | use HTTP::Request; | |
8 | use LWP::UserAgent; | |
9 | use JSON; | |
10 | ||
11 | use Proxmox::RS::Subscription; | |
12 | ||
13 | use PVE::Tools; | |
14 | use PVE::ProcFSTools; | |
15 | use PVE::Exception qw(raise_param_exc); | |
16 | use PVE::INotify; | |
17 | use PVE::Cluster qw (cfs_read_file cfs_write_file); | |
18 | use PVE::DataCenterConfig; | |
19 | use PVE::AccessControl; | |
20 | use PVE::Storage; | |
21 | use PVE::JSONSchema qw(get_standard_option); | |
22 | ||
23 | use PVE::SafeSyslog; | |
24 | ||
25 | use PVE::API2Tools; | |
26 | use PVE::RESTHandler; | |
27 | ||
28 | use base qw(PVE::RESTHandler); | |
29 | ||
30 | my $subscription_pattern = 'pve([1248])([cbsp])-[0-9a-f]{10}'; | |
31 | my $filename = "/etc/subscription"; | |
32 | ||
33 | sub get_sockets { | |
34 | my $info = PVE::ProcFSTools::read_cpuinfo(); | |
35 | return $info->{sockets}; | |
36 | } | |
37 | ||
38 | sub parse_key { | |
39 | my ($key, $noerr) = @_; | |
40 | ||
41 | if ($key =~ m/^${subscription_pattern}$/) { | |
42 | return wantarray ? ($1, $2) : $1; # number of sockets, level | |
43 | } | |
44 | return undef if $noerr; | |
45 | ||
46 | die "Wrong subscription key format\n"; | |
47 | } | |
48 | ||
49 | sub check_key { | |
50 | my ($key, $req_sockets) = @_; | |
51 | ||
52 | my ($sockets, $level) = parse_key($key); | |
53 | if ($sockets < $req_sockets) { | |
54 | die "wrong number of sockets ($sockets < $req_sockets)\n"; | |
55 | } | |
56 | return ($sockets, $level); | |
57 | } | |
58 | ||
59 | sub read_etc_subscription { | |
60 | my $req_sockets = get_sockets(); | |
61 | my $server_id = PVE::API2Tools::get_hwaddress(); | |
62 | ||
63 | my $info = Proxmox::RS::Subscription::read_subscription($filename); | |
64 | ||
65 | return $info if !$info || $info->{status} ne 'active'; | |
66 | ||
67 | my ($sockets, $level); | |
68 | eval { ($sockets, $level) = check_key($info->{key}, $req_sockets); }; | |
69 | if (my $err = $@) { | |
70 | chomp $err; | |
71 | $info->{status} = 'invalid'; | |
72 | $info->{message} = $err; | |
73 | } else { | |
74 | $info->{level} = $level; | |
75 | } | |
76 | ||
77 | return $info; | |
78 | } | |
79 | ||
80 | sub write_etc_subscription { | |
81 | my ($info) = @_; | |
82 | ||
83 | my $server_id = PVE::API2Tools::get_hwaddress(); | |
84 | mkdir "/etc/apt/auth.conf.d"; | |
85 | Proxmox::RS::Subscription::write_subscription($filename, "/etc/apt/auth.conf.d/pve.conf", "enterprise.proxmox.com/debian/pve", $info); | |
86 | ||
87 | # NOTE: preparation for easier upgrade to Proxmox VE 8, which introduced the ceph enterprise repo | |
88 | my $ceph_auth = ''; | |
89 | for my $ceph_release ('quincy', 'reef') { | |
90 | $ceph_auth .= "machine enterprise.proxmox.com/debian/ceph-${ceph_release}" | |
91 | ." login $info->{key} password $info->{serverid}\n" | |
92 | } | |
93 | PVE::Tools::file_set_contents("/etc/apt/auth.conf.d/ceph.conf", $ceph_auth); | |
94 | } | |
95 | ||
96 | __PACKAGE__->register_method ({ | |
97 | name => 'get', | |
98 | path => '', | |
99 | method => 'GET', | |
100 | description => "Read subscription info.", | |
101 | proxyto => 'node', | |
102 | permissions => { user => 'all' }, | |
103 | parameters => { | |
104 | additionalProperties => 0, | |
105 | properties => { | |
106 | node => get_standard_option('pve-node'), | |
107 | }, | |
108 | }, | |
109 | returns => { type => 'object'}, | |
110 | code => sub { | |
111 | my ($param) = @_; | |
112 | ||
113 | my $node = $param->{node}; | |
114 | ||
115 | my $rpcenv = PVE::RPCEnvironment::get(); | |
116 | my $authuser = $rpcenv->get_user(); | |
117 | my $has_permission = $rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1); | |
118 | ||
119 | my $server_id = PVE::API2Tools::get_hwaddress(); | |
120 | my $url = "https://www.proxmox.com/en/proxmox-virtual-environment/pricing"; | |
121 | ||
122 | my $info = read_etc_subscription(); | |
123 | if (!$info) { | |
124 | my $no_subscription_info = { | |
125 | status => "notfound", | |
126 | message => "There is no subscription key", | |
127 | url => $url, | |
128 | }; | |
129 | $no_subscription_info->{serverid} = $server_id if $has_permission; | |
130 | return $no_subscription_info; | |
131 | } | |
132 | ||
133 | if (!$has_permission) { | |
134 | return { | |
135 | status => $info->{status}, | |
136 | message => $info->{message}, | |
137 | url => $url, | |
138 | } | |
139 | } | |
140 | ||
141 | $info->{serverid} = $server_id; | |
142 | $info->{sockets} = get_sockets(); | |
143 | $info->{url} = $url; | |
144 | ||
145 | return $info | |
146 | }}); | |
147 | ||
148 | __PACKAGE__->register_method ({ | |
149 | name => 'update', | |
150 | path => '', | |
151 | method => 'POST', | |
152 | permissions => { | |
153 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
154 | }, | |
155 | description => "Update subscription info.", | |
156 | proxyto => 'node', | |
157 | protected => 1, | |
158 | parameters => { | |
159 | additionalProperties => 0, | |
160 | properties => { | |
161 | node => get_standard_option('pve-node'), | |
162 | force => { | |
163 | description => "Always connect to server, even if we have up to date info inside local cache.", | |
164 | type => 'boolean', | |
165 | optional => 1, | |
166 | default => 0 | |
167 | } | |
168 | }, | |
169 | }, | |
170 | returns => { type => 'null'}, | |
171 | code => sub { | |
172 | my ($param) = @_; | |
173 | ||
174 | my $info = read_etc_subscription(); | |
175 | return undef if !$info; | |
176 | ||
177 | my $server_id = PVE::API2Tools::get_hwaddress(); | |
178 | my $key = $info->{key}; | |
179 | ||
180 | die "Updating offline key not possible - please remove and re-add subscription key to switch to online key.\n" | |
181 | if $info->{signature}; | |
182 | ||
183 | # key has been recently checked | |
184 | return undef | |
185 | if !$param->{force} | |
186 | && $info->{status} eq 'active' | |
187 | && Proxmox::RS::Subscription::check_age($info, 1)->{status} eq 'active'; | |
188 | ||
189 | my $req_sockets = get_sockets(); | |
190 | check_key($key, $req_sockets); | |
191 | ||
192 | my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
193 | my $proxy = $dccfg->{http_proxy}; | |
194 | ||
195 | $info = Proxmox::RS::Subscription::check_subscription($key, $server_id, "", "Proxmox VE", $proxy); | |
196 | ||
197 | write_etc_subscription($info); | |
198 | ||
199 | return undef; | |
200 | }}); | |
201 | ||
202 | __PACKAGE__->register_method ({ | |
203 | name => 'set', | |
204 | path => '', | |
205 | method => 'PUT', | |
206 | permissions => { | |
207 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
208 | }, | |
209 | description => "Set subscription key.", | |
210 | proxyto => 'node', | |
211 | protected => 1, | |
212 | parameters => { | |
213 | additionalProperties => 0, | |
214 | properties => { | |
215 | node => get_standard_option('pve-node'), | |
216 | key => { | |
217 | description => "Proxmox VE subscription key", | |
218 | type => 'string', | |
219 | pattern => $subscription_pattern, | |
220 | maxLength => 32, | |
221 | }, | |
222 | }, | |
223 | }, | |
224 | returns => { type => 'null'}, | |
225 | code => sub { | |
226 | my ($param) = @_; | |
227 | ||
228 | my $key = PVE::Tools::trim($param->{key}); | |
229 | ||
230 | my $info = { | |
231 | status => 'New', | |
232 | key => $key, | |
233 | checktime => time(), | |
234 | }; | |
235 | ||
236 | my $req_sockets = get_sockets(); | |
237 | my $server_id = PVE::API2Tools::get_hwaddress(); | |
238 | ||
239 | check_key($key, $req_sockets); | |
240 | ||
241 | write_etc_subscription($info); | |
242 | ||
243 | my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
244 | my $proxy = $dccfg->{http_proxy}; | |
245 | ||
246 | $info = Proxmox::RS::Subscription::check_subscription($key, $server_id, "", "Proxmox VE", $proxy); | |
247 | ||
248 | write_etc_subscription($info); | |
249 | ||
250 | return undef; | |
251 | }}); | |
252 | ||
253 | __PACKAGE__->register_method ({ | |
254 | name => 'delete', | |
255 | path => '', | |
256 | method => 'DELETE', | |
257 | permissions => { | |
258 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
259 | }, | |
260 | description => "Delete subscription key of this node.", | |
261 | proxyto => 'node', | |
262 | protected => 1, | |
263 | parameters => { | |
264 | additionalProperties => 0, | |
265 | properties => { | |
266 | node => get_standard_option('pve-node'), | |
267 | }, | |
268 | }, | |
269 | returns => { type => 'null'}, | |
270 | code => sub { | |
271 | my $subscription_file = '/etc/subscription'; | |
272 | return if ! -e $subscription_file; | |
273 | unlink($subscription_file) or die "cannot delete subscription key: $!"; | |
274 | return undef; | |
275 | }}); | |
276 | ||
277 | 1; |