]> git.proxmox.com Git - pve-manager.git/blob - PVE/API2/Nodes.pm
projects / pve-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use protected mode to be able to execute root system commands
[pve-manager.git] / PVE / API2 / Nodes.pm
1 package PVE::API2::Nodes::Nodeinfo;
2
3 use strict;
4 use warnings;
5 use POSIX qw(LONG_MAX);
6 use Filesys::Df;
7 use Time::Local qw(timegm_nocheck);
8 use HTTP::Status qw(:constants);
9 use PVE::pvecfg;
10 use PVE::Tools;
11 use PVE::API2Tools;
12 use PVE::ProcFSTools;
13 use PVE::SafeSyslog;
14 use PVE::Cluster qw(cfs_read_file);
15 use PVE::INotify;
16 use PVE::Exception qw(raise raise_perm_exc);
17 use PVE::RESTHandler;
18 use PVE::RPCEnvironment;
19 use PVE::JSONSchema qw(get_standard_option);
20 use PVE::AccessControl;
21 use PVE::Storage;
22 use PVE::Firewall;
23 use PVE::LXC;
24 use PVE::APLInfo;
25 use PVE::Report;
26 use PVE::HA::Config;
27 use PVE::QemuServer;
28 use PVE::API2::Subscription;
29 use PVE::API2::Services;
30 use PVE::API2::Network;
31 use PVE::API2::Tasks;
32 use PVE::API2::Storage::Scan;
33 use PVE::API2::Storage::Status;
34 use PVE::API2::Qemu;
35 use PVE::API2::LXC;
36 use PVE::API2::LXC::Status;
37 use PVE::API2::VZDump;
38 use PVE::API2::APT;
39 use PVE::API2::Ceph;
40 use PVE::API2::Firewall::Host;
41 use JSON;
42
43 use base qw(PVE::RESTHandler);
44
45 __PACKAGE__->register_method ({
46 subclass => "PVE::API2::Qemu",
47 path => 'qemu',
48 });
49
50 __PACKAGE__->register_method ({
51 subclass => "PVE::API2::LXC",
52 path => 'lxc',
53 });
54
55 __PACKAGE__->register_method ({
56 subclass => "PVE::API2::Ceph",
57 path => 'ceph',
58 });
59
60 __PACKAGE__->register_method ({
61 subclass => "PVE::API2::VZDump",
62 path => 'vzdump',
63 });
64
65 __PACKAGE__->register_method ({
66 subclass => "PVE::API2::Services",
67 path => 'services',
68 });
69
70 __PACKAGE__->register_method ({
71 subclass => "PVE::API2::Subscription",
72 path => 'subscription',
73 });
74
75 __PACKAGE__->register_method ({
76 subclass => "PVE::API2::Network",
77 path => 'network',
78 });
79
80 __PACKAGE__->register_method ({
81 subclass => "PVE::API2::Tasks",
82 path => 'tasks',
83 });
84
85 __PACKAGE__->register_method ({
86 subclass => "PVE::API2::Storage::Scan",
87 path => 'scan',
88 });
89
90 __PACKAGE__->register_method ({
91 subclass => "PVE::API2::Storage::Status",
92 path => 'storage',
93 });
94
95 __PACKAGE__->register_method ({
96 subclass => "PVE::API2::APT",
97 path => 'apt',
98 });
99
100 __PACKAGE__->register_method ({
101 subclass => "PVE::API2::Firewall::Host",
102 path => 'firewall',
103 });
104
105 __PACKAGE__->register_method ({
106 name => 'index',
107 path => '',
108 method => 'GET',
109 permissions => { user => 'all' },
110 description => "Node index.",
111 parameters => {
112 additionalProperties => 0,
113 properties => {
114 node => get_standard_option('pve-node'),
115 },
116 },
117 returns => {
118 type => 'array',
119 items => {
120 type => "object",
121 properties => {},
122 },
123 links => [ { rel => 'child', href => "{name}" } ],
124 },
125 code => sub {
126 my ($param) = @_;
127
128 my $result = [
129 { name => 'ceph' },
130 { name => 'apt' },
131 { name => 'version' },
132 { name => 'syslog' },
133 { name => 'status' },
134 { name => 'subscription' },
135 { name => 'report' },
136 { name => 'tasks' },
137 { name => 'rrd' }, # fixme: remove?
138 { name => 'rrddata' },# fixme: remove?
139 { name => 'vncshell' },
140 { name => 'spiceshell' },
141 { name => 'time' },
142 { name => 'dns' },
143 { name => 'services' },
144 { name => 'scan' },
145 { name => 'storage' },
146 { name => 'qemu' },
147 { name => 'lxc' },
148 { name => 'vzdump' },
149 { name => 'network' },
150 { name => 'aplinfo' },
151 { name => 'startall' },
152 { name => 'stopall' },
153 { name => 'netstat' },
154 { name => 'firewall' },
155 ];
156
157 return $result;
158 }});
159
160 __PACKAGE__->register_method ({
161 name => 'version',
162 path => 'version',
163 method => 'GET',
164 proxyto => 'node',
165 permissions => { user => 'all' },
166 description => "API version details",
167 parameters => {
168 additionalProperties => 0,
169 properties => {
170 node => get_standard_option('pve-node'),
171 },
172 },
173 returns => {
174 type => "object",
175 properties => {
176 version => { type => 'string' },
177 release => { type => 'string' },
178 repoid => { type => 'string' },
179 },
180 },
181 code => sub {
182 my ($resp, $param) = @_;
183
184 return PVE::pvecfg::version_info();
185 }});
186
187 __PACKAGE__->register_method({
188 name => 'status',
189 path => 'status',
190 method => 'GET',
191 permissions => {
192 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
193 },
194 description => "Read node status",
195 proxyto => 'node',
196 parameters => {
197 additionalProperties => 0,
198 properties => {
199 node => get_standard_option('pve-node'),
200 },
201 },
202 returns => {
203 type => "object",
204 properties => {
205
206 },
207 },
208 code => sub {
209 my ($param) = @_;
210
211 my $res = {
212 uptime => 0,
213 idle => 0,
214 };
215
216 my ($uptime, $idle) = PVE::ProcFSTools::read_proc_uptime();
217 $res->{uptime} = $uptime;
218
219 my ($avg1, $avg5, $avg15) = PVE::ProcFSTools::read_loadavg();
220 $res->{loadavg} = [ $avg1, $avg5, $avg15];
221
222 my ($sysname, $nodename, $release, $version, $machine) = POSIX::uname();
223
224 $res->{kversion} = "$sysname $release $version";
225
226 $res->{cpuinfo} = PVE::ProcFSTools::read_cpuinfo();
227
228 my $stat = PVE::ProcFSTools::read_proc_stat();
229 $res->{cpu} = $stat->{cpu};
230 $res->{wait} = $stat->{wait};
231
232 my $meminfo = PVE::ProcFSTools::read_meminfo();
233 $res->{memory} = {
234 free => $meminfo->{memfree},
235 total => $meminfo->{memtotal},
236 used => $meminfo->{memused},
237 };
238
239 $res->{ksm} = {
240 shared => $meminfo->{memshared},
241 };
242
243 $res->{swap} = {
244 free => $meminfo->{swapfree},
245 total => $meminfo->{swaptotal},
246 used => $meminfo->{swapused},
247 };
248
249 $res->{pveversion} = PVE::pvecfg::package() . "/" .
250 PVE::pvecfg::version_text();
251
252 my $dinfo = df('/', 1); # output is bytes
253
254 $res->{rootfs} = {
255 total => $dinfo->{blocks},
256 avail => $dinfo->{bavail},
257 used => $dinfo->{used},
258 free => $dinfo->{bavail} - $dinfo->{used},
259 };
260
261 return $res;
262 }});
263
264 __PACKAGE__->register_method({
265 name => 'netstat',
266 path => 'netstat',
267 method => 'GET',
268 permissions => {
269 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
270 },
271 description => "Read tap/vm network device interface counters",
272 proxyto => 'node',
273 parameters => {
274 additionalProperties => 0,
275 properties => {
276 node => get_standard_option('pve-node'),
277 },
278 },
279 returns => {
280 type => "array",
281 items => {
282 type => "object",
283 properties => {},
284 },
285 },
286 code => sub {
287 my ($param) = @_;
288
289 my $res = [ ];
290
291 my $netdev = PVE::ProcFSTools::read_proc_net_dev();
292 foreach my $dev (keys %$netdev) {
293 next if $dev !~ m/^tap([1-9]\d*)i(\d+)$/;
294 my $vmid = $1;
295 my $netid = $2;
296
297 push(
298 @$res,
299 {
300 vmid => $vmid,
301 dev => "net$netid",
302 in => $netdev->{$dev}->{transmit},
303 out => $netdev->{$dev}->{receive},
304 }
305 );
306 }
307
308 return $res;
309 }});
310
311 __PACKAGE__->register_method({
312 name => 'execute',
313 path => 'execute',
314 method => 'POST',
315 permissions => {
316 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
317 },
318 description => "Execute multiple commands in order.",
319 proxyto => 'node',
320 protected => 1, # avoid problems with proxy code
321 parameters => {
322 additionalProperties => 0,
323 properties => {
324 node => get_standard_option('pve-node'),
325 commands => {
326 description => "JSON encoded array of commands.",
327 type => "string",
328 }
329 },
330 },
331 returns => {
332 type => 'array',
333 properties => {
334
335 },
336 },
337 code => sub {
338 my ($param) = @_;
339 my $res = [];
340
341 my $rpcenv = PVE::RPCEnvironment::get();
342 my $user = $rpcenv->get_user();
343
344 my $commands = eval { decode_json($param->{commands}); };
345
346 die "commands param did not contain valid JSON: $@" if $@;
347 die "commands is not an array" if ref($commands) ne "ARRAY";
348
349 foreach my $cmd (@$commands) {
350 eval {
351 die "$cmd is not a valid command" if (ref($cmd) ne "HASH" || !$cmd->{path} || !$cmd->{method});
352
353 $cmd->{args} //= {};
354
355 my $path = "nodes/$param->{node}/$cmd->{path}";
356
357 my $uri_param = {};
358 my ($handler, $info) = PVE::API2->find_handler($cmd->{method}, $path, $uri_param);
359 if (!$handler || !$info) {
360 die "no handler for '$path'\n";
361 }
362
363 foreach my $p (keys %{$cmd->{args}}) {
364 raise_param_exc({ $p => "duplicate parameter" }) if defined($uri_param->{$p});
365 $uri_param->{$p} = $cmd->{args}->{$p};
366 }
367
368 # check access permissions
369 $rpcenv->check_api2_permissions($info->{permissions}, $user, $uri_param);
370
371 push @$res, {
372 status => HTTP_OK,
373 data => $handler->handle($info, $uri_param),
374 };
375 };
376 if (my $err = $@) {
377 my $resp = { status => HTTP_INTERNAL_SERVER_ERROR };
378 if (ref($err) eq "PVE::Exception") {
379 $resp->{status} = $err->{code} if $err->{code};
380 $resp->{errors} = $err->{errors} if $err->{errors};
381 $resp->{message} = $err->{msg};
382 } else {
383 $resp->{message} = $err;
384 }
385 push @$res, $resp;
386 }
387 }
388
389 return $res;
390 }});
391
392
393 __PACKAGE__->register_method({
394 name => 'node_cmd',
395 path => 'status',
396 method => 'POST',
397 permissions => {
398 check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]],
399 },
400 protected => 1,
401 description => "Reboot or shutdown a node.",
402 proxyto => 'node',
403 parameters => {
404 additionalProperties => 0,
405 properties => {
406 node => get_standard_option('pve-node'),
407 command => {
408 description => "Specify the command.",
409 type => 'string',
410 enum => [qw(reboot shutdown)],
411 },
412 },
413 },
414 returns => { type => "null" },
415 code => sub {
416 my ($param) = @_;
417
418 if ($param->{command} eq 'reboot') {
419 system ("(sleep 2;/sbin/reboot)&");
420 } elsif ($param->{command} eq 'shutdown') {
421 system ("(sleep 2;/sbin/poweroff)&");
422 }
423
424 return undef;
425 }});
426
427
428 __PACKAGE__->register_method({
429 name => 'rrd',
430 path => 'rrd',
431 method => 'GET',
432 protected => 1, # fixme: can we avoid that?
433 permissions => {
434 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
435 },
436 description => "Read node RRD statistics (returns PNG)",
437 parameters => {
438 additionalProperties => 0,
439 properties => {
440 node => get_standard_option('pve-node'),
441 timeframe => {
442 description => "Specify the time frame you are interested in.",
443 type => 'string',
444 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
445 },
446 ds => {
447 description => "The list of datasources you want to display.",
448 type => 'string', format => 'pve-configid-list',
449 },
450 cf => {
451 description => "The RRD consolidation function",
452 type => 'string',
453 enum => [ 'AVERAGE', 'MAX' ],
454 optional => 1,
455 },
456 },
457 },
458 returns => {
459 type => "object",
460 properties => {
461 filename => { type => 'string' },
462 },
463 },
464 code => sub {
465 my ($param) = @_;
466
467 return PVE::Cluster::create_rrd_graph(
468 "pve2-node/$param->{node}", $param->{timeframe},
469 $param->{ds}, $param->{cf});
470
471 }});
472
473 __PACKAGE__->register_method({
474 name => 'rrddata',
475 path => 'rrddata',
476 method => 'GET',
477 protected => 1, # fixme: can we avoid that?
478 permissions => {
479 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
480 },
481 description => "Read node RRD statistics",
482 parameters => {
483 additionalProperties => 0,
484 properties => {
485 node => get_standard_option('pve-node'),
486 timeframe => {
487 description => "Specify the time frame you are interested in.",
488 type => 'string',
489 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
490 },
491 cf => {
492 description => "The RRD consolidation function",
493 type => 'string',
494 enum => [ 'AVERAGE', 'MAX' ],
495 optional => 1,
496 },
497 },
498 },
499 returns => {
500 type => "array",
501 items => {
502 type => "object",
503 properties => {},
504 },
505 },
506 code => sub {
507 my ($param) = @_;
508
509 return PVE::Cluster::create_rrd_data(
510 "pve2-node/$param->{node}", $param->{timeframe}, $param->{cf});
511 }});
512
513 __PACKAGE__->register_method({
514 name => 'syslog',
515 path => 'syslog',
516 method => 'GET',
517 description => "Read system log",
518 proxyto => 'node',
519 permissions => {
520 check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
521 },
522 protected => 1,
523 parameters => {
524 additionalProperties => 0,
525 properties => {
526 node => get_standard_option('pve-node'),
527 start => {
528 type => 'integer',
529 minimum => 0,
530 optional => 1,
531 },
532 limit => {
533 type => 'integer',
534 minimum => 0,
535 optional => 1,
536 },
537 },
538 },
539 returns => {
540 type => 'array',
541 items => {
542 type => "object",
543 properties => {
544 n => {
545 description=> "Line number",
546 type=> 'integer',
547 },
548 t => {
549 description=> "Line text",
550 type => 'string',
551 }
552 }
553 }
554 },
555 code => sub {
556 my ($param) = @_;
557
558 my $rpcenv = PVE::RPCEnvironment::get();
559 my $user = $rpcenv->get_user();
560 my $node = $param->{node};
561
562 my ($count, $lines) = PVE::Tools::dump_journal($param->{start}, $param->{limit});
563
564 $rpcenv->set_result_attrib('total', $count);
565
566 return $lines;
567 }});
568
569 my $sslcert;
570
571 __PACKAGE__->register_method ({
572 name => 'vncshell',
573 path => 'vncshell',
574 method => 'POST',
575 protected => 1,
576 permissions => {
577 description => "Restricted to users on realm 'pam'",
578 check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
579 },
580 description => "Creates a VNC Shell proxy.",
581 parameters => {
582 additionalProperties => 0,
583 properties => {
584 node => get_standard_option('pve-node'),
585 upgrade => {
586 type => 'boolean',
587 description => "Run 'apt-get dist-upgrade' instead of normal shell.",
588 optional => 1,
589 default => 0,
590 },
591 websocket => {
592 optional => 1,
593 type => 'boolean',
594 description => "use websocket instead of standard vnc.",
595 },
596 },
597 },
598 returns => {
599 additionalProperties => 0,
600 properties => {
601 user => { type => 'string' },
602 ticket => { type => 'string' },
603 cert => { type => 'string' },
604 port => { type => 'integer' },
605 upid => { type => 'string' },
606 },
607 },
608 code => sub {
609 my ($param) = @_;
610
611 my $rpcenv = PVE::RPCEnvironment::get();
612
613 my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user());
614
615 raise_perm_exc("realm != pam") if $realm ne 'pam';
616
617 raise_perm_exc('user != root@pam') if $param->{upgrade} && $user ne 'root@pam';
618
619 my $node = $param->{node};
620
621 my $authpath = "/nodes/$node";
622
623 my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath);
624
625 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
626 if !$sslcert;
627
628 my ($remip, $family);
629
630 if ($node ne PVE::INotify::nodename()) {
631 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
632 } else {
633 $family = PVE::Tools::get_host_address_family($node);
634 }
635
636 my $port = PVE::Tools::next_vnc_port($family);
637
638 # NOTE: vncterm VNC traffic is already TLS encrypted,
639 # so we select the fastest chipher here (or 'none'?)
640 my $remcmd = $remip ?
641 ['/usr/bin/ssh', '-t', $remip] : [];
642
643 my $shcmd;
644
645 if ($user eq 'root@pam') {
646 if ($param->{upgrade}) {
647 my $upgradecmd = "pveupgrade --shell";
648 $upgradecmd = PVE::Tools::shellquote($upgradecmd) if $remip;
649 $shcmd = [ '/bin/bash', '-c', $upgradecmd ];
650 } else {
651 $shcmd = [ '/bin/bash', '-l' ];
652 }
653 } else {
654 $shcmd = [ '/bin/login' ];
655 }
656
657 my $timeout = 10;
658
659 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
660 '-timeout', $timeout, '-authpath', $authpath,
661 '-perm', 'Sys.Console'];
662
663 if ($param->{websocket}) {
664 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
665 push @$cmd, '-notls', '-listen', 'localhost';
666 }
667
668 push @$cmd, '-c', @$remcmd, @$shcmd;
669
670 my $realcmd = sub {
671 my $upid = shift;
672
673 syslog ('info', "starting vnc proxy $upid\n");
674
675 my $cmdstr = join (' ', @$cmd);
676 syslog ('info', "launch command: $cmdstr");
677
678 eval {
679 foreach my $k (keys %ENV) {
680 next if $k eq 'PVE_VNC_TICKET';
681 next if $k eq 'PATH' || $k eq 'TERM' || $k eq 'USER' || $k eq 'HOME';
682 delete $ENV{$k};
683 }
684 $ENV{PWD} = '/';
685
686 PVE::Tools::run_command($cmd, errmsg => "vncterm failed");
687 };
688 if (my $err = $@) {
689 syslog ('err', $err);
690 }
691
692 return;
693 };
694
695 my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd);
696
697 PVE::Tools::wait_for_vnc_port($port);
698
699 return {
700 user => $user,
701 ticket => $ticket,
702 port => $port,
703 upid => $upid,
704 cert => $sslcert,
705 };
706 }});
707
708 __PACKAGE__->register_method({
709 name => 'vncwebsocket',
710 path => 'vncwebsocket',
711 method => 'GET',
712 permissions => {
713 description => "Restricted to users on realm 'pam'. You also need to pass a valid ticket (vncticket).",
714 check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
715 },
716 description => "Opens a weksocket for VNC traffic.",
717 parameters => {
718 additionalProperties => 0,
719 properties => {
720 node => get_standard_option('pve-node'),
721 vncticket => {
722 description => "Ticket from previous call to vncproxy.",
723 type => 'string',
724 maxLength => 512,
725 },
726 port => {
727 description => "Port number returned by previous vncproxy call.",
728 type => 'integer',
729 minimum => 5900,
730 maximum => 5999,
731 },
732 },
733 },
734 returns => {
735 type => "object",
736 properties => {
737 port => { type => 'string' },
738 },
739 },
740 code => sub {
741 my ($param) = @_;
742
743 my $rpcenv = PVE::RPCEnvironment::get();
744
745 my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user());
746
747 raise_perm_exc("realm != pam") if $realm ne 'pam';
748
749 my $authpath = "/nodes/$param->{node}";
750
751 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $user, $authpath);
752
753 my $port = $param->{port};
754
755 return { port => $port };
756 }});
757
758 __PACKAGE__->register_method ({
759 name => 'spiceshell',
760 path => 'spiceshell',
761 method => 'POST',
762 protected => 1,
763 proxyto => 'node',
764 permissions => {
765 description => "Restricted to users on realm 'pam'",
766 check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
767 },
768 description => "Creates a SPICE shell.",
769 parameters => {
770 additionalProperties => 0,
771 properties => {
772 node => get_standard_option('pve-node'),
773 proxy => get_standard_option('spice-proxy', { optional => 1 }),
774 upgrade => {
775 type => 'boolean',
776 description => "Run 'apt-get dist-upgrade' instead of normal shell.",
777 optional => 1,
778 default => 0,
779 },
780 },
781 },
782 returns => get_standard_option('remote-viewer-config'),
783 code => sub {
784 my ($param) = @_;
785
786 my $rpcenv = PVE::RPCEnvironment::get();
787 my $authuser = $rpcenv->get_user();
788
789 my ($user, undef, $realm) = PVE::AccessControl::verify_username($authuser);
790
791 raise_perm_exc("realm != pam") if $realm ne 'pam';
792
793 raise_perm_exc('user != root@pam') if $param->{upgrade} && $user ne 'root@pam';
794
795 my $node = $param->{node};
796 my $proxy = $param->{proxy};
797
798 my $authpath = "/nodes/$node";
799 my $permissions = 'Sys.Console';
800
801 my $shcmd;
802
803 if ($user eq 'root@pam') {
804 if ($param->{upgrade}) {
805 my $upgradecmd = "pveupgrade --shell";
806 $shcmd = [ '/bin/bash', '-c', $upgradecmd ];
807 } else {
808 $shcmd = [ '/bin/bash', '-l' ];
809 }
810 } else {
811 $shcmd = [ '/bin/login' ];
812 }
813
814 my $title = "Shell on '$node'";
815
816 return PVE::API2Tools::run_spiceterm($authpath, $permissions, 0, $node, $proxy, $title, $shcmd);
817 }});
818
819 __PACKAGE__->register_method({
820 name => 'dns',
821 path => 'dns',
822 method => 'GET',
823 permissions => {
824 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
825 },
826 description => "Read DNS settings.",
827 proxyto => 'node',
828 parameters => {
829 additionalProperties => 0,
830 properties => {
831 node => get_standard_option('pve-node'),
832 },
833 },
834 returns => {
835 type => "object",
836 additionalProperties => 0,
837 properties => {
838 search => {
839 description => "Search domain for host-name lookup.",
840 type => 'string',
841 optional => 1,
842 },
843 dns1 => {
844 description => 'First name server IP address.',
845 type => 'string',
846 optional => 1,
847 },
848 dns2 => {
849 description => 'Second name server IP address.',
850 type => 'string',
851 optional => 1,
852 },
853 dns3 => {
854 description => 'Third name server IP address.',
855 type => 'string',
856 optional => 1,
857 },
858 },
859 },
860 code => sub {
861 my ($param) = @_;
862
863 my $res = PVE::INotify::read_file('resolvconf');
864
865 return $res;
866 }});
867
868 __PACKAGE__->register_method({
869 name => 'update_dns',
870 path => 'dns',
871 method => 'PUT',
872 description => "Write DNS settings.",
873 permissions => {
874 check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
875 },
876 proxyto => 'node',
877 protected => 1,
878 parameters => {
879 additionalProperties => 0,
880 properties => {
881 node => get_standard_option('pve-node'),
882 search => {
883 description => "Search domain for host-name lookup.",
884 type => 'string',
885 },
886 dns1 => {
887 description => 'First name server IP address.',
888 type => 'string', format => 'ip',
889 optional => 1,
890 },
891 dns2 => {
892 description => 'Second name server IP address.',
893 type => 'string', format => 'ip',
894 optional => 1,
895 },
896 dns3 => {
897 description => 'Third name server IP address.',
898 type => 'string', format => 'ip',
899 optional => 1,
900 },
901 },
902 },
903 returns => { type => "null" },
904 code => sub {
905 my ($param) = @_;
906
907 PVE::INotify::update_file('resolvconf', $param);
908
909 return undef;
910 }});
911
912 __PACKAGE__->register_method({
913 name => 'time',
914 path => 'time',
915 method => 'GET',
916 permissions => {
917 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
918 },
919 description => "Read server time and time zone settings.",
920 proxyto => 'node',
921 parameters => {
922 additionalProperties => 0,
923 properties => {
924 node => get_standard_option('pve-node'),
925 },
926 },
927 returns => {
928 type => "object",
929 additionalProperties => 0,
930 properties => {
931 timezone => {
932 description => "Time zone",
933 type => 'string',
934 },
935 time => {
936 description => "Seconds since 1970-01-01 00:00:00 UTC.",
937 type => 'integer',
938 minimum => 1297163644,
939 },
940 localtime => {
941 description => "Seconds since 1970-01-01 00:00:00 (local time)",
942 type => 'integer',
943 minimum => 1297163644,
944 },
945 },
946 },
947 code => sub {
948 my ($param) = @_;
949
950 my $ctime = time();
951 my $ltime = timegm_nocheck(localtime($ctime));
952 my $res = {
953 timezone => PVE::INotify::read_file('timezone'),
954 time => time(),
955 localtime => $ltime,
956 };
957
958 return $res;
959 }});
960
961 __PACKAGE__->register_method({
962 name => 'set_timezone',
963 path => 'time',
964 method => 'PUT',
965 description => "Set time zone.",
966 permissions => {
967 check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
968 },
969 proxyto => 'node',
970 protected => 1,
971 parameters => {
972 additionalProperties => 0,
973 properties => {
974 node => get_standard_option('pve-node'),
975 timezone => {
976 description => "Time zone. The file '/usr/share/zoneinfo/zone.tab' contains the list of valid names.",
977 type => 'string',
978 },
979 },
980 },
981 returns => { type => "null" },
982 code => sub {
983 my ($param) = @_;
984
985 PVE::INotify::write_file('timezone', $param->{timezone});
986
987 return undef;
988 }});
989
990 __PACKAGE__->register_method({
991 name => 'aplinfo',
992 path => 'aplinfo',
993 method => 'GET',
994 permissions => {
995 user => 'all',
996 },
997 description => "Get list of appliances.",
998 proxyto => 'node',
999 parameters => {
1000 additionalProperties => 0,
1001 properties => {
1002 node => get_standard_option('pve-node'),
1003 },
1004 },
1005 returns => {
1006 type => 'array',
1007 items => {
1008 type => "object",
1009 properties => {},
1010 },
1011 },
1012 code => sub {
1013 my ($param) = @_;
1014
1015 my $res = [];
1016
1017 my $list = PVE::APLInfo::load_data();
1018
1019 foreach my $template (keys %{$list->{all}}) {
1020 my $pd = $list->{all}->{$template};
1021 next if $pd->{'package'} eq 'pve-web-news';
1022 push @$res, $pd;
1023 }
1024
1025 return $res;
1026 }});
1027
1028 __PACKAGE__->register_method({
1029 name => 'apl_download',
1030 path => 'aplinfo',
1031 method => 'POST',
1032 permissions => {
1033 check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
1034 },
1035 description => "Download appliance templates.",
1036 proxyto => 'node',
1037 protected => 1,
1038 parameters => {
1039 additionalProperties => 0,
1040 properties => {
1041 node => get_standard_option('pve-node'),
1042 storage => get_standard_option('pve-storage-id'),
1043 template => { type => 'string', maxLength => 255 },
1044 },
1045 },
1046 returns => { type => "string" },
1047 code => sub {
1048 my ($param) = @_;
1049
1050 my $rpcenv = PVE::RPCEnvironment::get();
1051
1052 my $user = $rpcenv->get_user();
1053
1054 my $node = $param->{node};
1055
1056 my $list = PVE::APLInfo::load_data();
1057
1058 my $template = $param->{template};
1059 my $pd = $list->{all}->{$template};
1060
1061 raise_param_exc({ template => "no such template"}) if !$pd;
1062
1063 my $cfg = cfs_read_file("storage.cfg");
1064 my $scfg = PVE::Storage::storage_check_enabled($cfg, $param->{storage}, $node);
1065
1066 die "cannot download to storage type '$scfg->{type}'"
1067 if !($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs');
1068
1069 die "unknown template type '$pd->{type}'\n"
1070 if !($pd->{type} eq 'openvz' || $pd->{type} eq 'lxc');
1071
1072 die "storage '$param->{storage}' does not support templates\n"
1073 if !$scfg->{content}->{vztmpl};
1074
1075 my $src = $pd->{location};
1076 my $tmpldir = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage});
1077 my $dest = "$tmpldir/$template";
1078 my $tmpdest = "$tmpldir/${template}.tmp.$$";
1079
1080 my $worker = sub {
1081 my $upid = shift;
1082
1083 print "starting template download from: $src\n";
1084 print "target file: $dest\n";
1085
1086 eval {
1087
1088 if (-f $dest) {
1089 my $md5 = (split (/\s/, `md5sum '$dest'`))[0];
1090
1091 if ($md5 && (lc($md5) eq lc($pd->{md5sum}))) {
1092 print "file already exists $md5 - no need to download\n";
1093 return;
1094 }
1095 }
1096
1097 local %ENV;
1098 my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
1099 if ($dccfg->{http_proxy}) {
1100 $ENV{http_proxy} = $dccfg->{http_proxy};
1101 }
1102
1103 my @cmd = ('/usr/bin/wget', '--progress=dot:mega', '-O', $tmpdest, $src);
1104 if (system (@cmd) != 0) {
1105 die "download failed - $!\n";
1106 }
1107
1108 my $md5 = (split (/\s/, `md5sum '$tmpdest'`))[0];
1109
1110 if (!$md5 || (lc($md5) ne lc($pd->{md5sum}))) {
1111 die "wrong checksum: $md5 != $pd->{md5sum}\n";
1112 }
1113
1114 if (system ('mv', $tmpdest, $dest) != 0) {
1115 die "unable to save file - $!\n";
1116 }
1117 };
1118 my $err = $@;
1119
1120 unlink $tmpdest;
1121
1122 if ($err) {
1123 print "\n";
1124 die $err if $err;
1125 }
1126
1127 print "download finished\n";
1128 };
1129
1130 return $rpcenv->fork_worker('download', undef, $user, $worker);
1131 }});
1132
1133 __PACKAGE__->register_method({
1134 name => 'report',
1135 path => 'report',
1136 method => 'GET',
1137 permissions => {
1138 check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
1139 },
1140 protected => 1,
1141 description => "Gather various systems information about a node",
1142 proxyto => 'node',
1143 parameters => {
1144 additionalProperties => 0,
1145 properties => {
1146 node => get_standard_option('pve-node'),
1147 },
1148 },
1149 returns => {
1150 type => 'string',
1151 },
1152 code => sub {
1153 return PVE::Report::generate();
1154 }});
1155
1156 my $get_start_stop_list = sub {
1157 my ($nodename, $autostart) = @_;
1158
1159 my $vmlist = PVE::Cluster::get_vmlist();
1160
1161 my $resList = {};
1162 foreach my $vmid (keys %{$vmlist->{ids}}) {
1163 my $d = $vmlist->{ids}->{$vmid};
1164 my $startup;
1165
1166 eval {
1167 return if $d->{node} ne $nodename;
1168
1169 my $bootorder = LONG_MAX;
1170
1171 my $conf;
1172 if ($d->{type} eq 'lxc') {
1173 $conf = PVE::LXC::load_config($vmid);
1174 } elsif ($d->{type} eq 'qemu') {
1175 $conf = PVE::QemuServer::load_config($vmid);
1176 } else {
1177 die "unknown VM type '$d->{type}'\n";
1178 }
1179
1180 return if $autostart && !$conf->{onboot};
1181
1182 if ($conf->{startup}) {
1183 $startup = PVE::JSONSchema::pve_parse_startup_order($conf->{startup});
1184 $startup->{order} = $bootorder if !defined($startup->{order});
1185 } else {
1186 $startup = { order => $bootorder };
1187 }
1188
1189 # skip ha managed VMs (started by pve-ha-manager)
1190 return if PVE::HA::Config::vm_is_ha_managed($vmid);
1191
1192 $resList->{$startup->{order}}->{$vmid} = $startup;
1193 $resList->{$startup->{order}}->{$vmid}->{type} = $d->{type};
1194 };
1195 warn $@ if $@;
1196 }
1197
1198 return $resList;
1199 };
1200
1201 __PACKAGE__->register_method ({
1202 name => 'startall',
1203 path => 'startall',
1204 method => 'POST',
1205 protected => 1,
1206 proxyto => 'node',
1207 description => "Start all VMs and containers (when onboot=1).",
1208 parameters => {
1209 additionalProperties => 0,
1210 properties => {
1211 node => get_standard_option('pve-node'),
1212 force => {
1213 optional => 1,
1214 type => 'boolean',
1215 description => "force if onboot=0.",
1216 },
1217 },
1218 },
1219 returns => {
1220 type => 'string',
1221 },
1222 code => sub {
1223 my ($param) = @_;
1224
1225 my $rpcenv = PVE::RPCEnvironment::get();
1226 my $authuser = $rpcenv->get_user();
1227
1228 my $nodename = $param->{node};
1229 $nodename = PVE::INotify::nodename() if $nodename eq 'localhost';
1230
1231 my $force = $param->{force};
1232
1233 my $code = sub {
1234
1235 $rpcenv->{type} = 'priv'; # to start tasks in background
1236
1237 # wait up to 10 seconds for quorum
1238 for (my $i = 10; $i >= 0; $i--) {
1239 last if PVE::Cluster::check_cfs_quorum($i != 0 ? 1 : 0);
1240 sleep(1);
1241 }
1242 my $autostart = $force ? undef : 1;
1243 my $startList = &$get_start_stop_list($nodename, $autostart);
1244
1245 # Note: use numeric sorting with <=>
1246 foreach my $order (sort {$a <=> $b} keys %$startList) {
1247 my $vmlist = $startList->{$order};
1248
1249 foreach my $vmid (sort {$a <=> $b} keys %$vmlist) {
1250 my $d = $vmlist->{$vmid};
1251
1252 PVE::Cluster::check_cfs_quorum(); # abort when we loose quorum
1253
1254 eval {
1255 my $default_delay = 0;
1256 my $upid;
1257
1258 if ($d->{type} eq 'lxc') {
1259 return if PVE::LXC::check_running($vmid);
1260 print STDERR "Starting CT $vmid\n";
1261 $upid = PVE::API2::LXC::Status->vm_start({node => $nodename, vmid => $vmid });
1262 } elsif ($d->{type} eq 'qemu') {
1263 $default_delay = 3; # to redruce load
1264 return if PVE::QemuServer::check_running($vmid, 1);
1265 print STDERR "Starting VM $vmid\n";
1266 $upid = PVE::API2::Qemu->vm_start({node => $nodename, vmid => $vmid });
1267 } else {
1268 die "unknown VM type '$d->{type}'\n";
1269 }
1270
1271 my $res = PVE::Tools::upid_decode($upid);
1272 while (PVE::ProcFSTools::check_process_running($res->{pid})) {
1273 sleep(1);
1274 }
1275
1276 my $status = PVE::Tools::upid_read_status($upid);
1277 if ($status eq 'OK') {
1278 # use default delay to reduce load
1279 my $delay = defined($d->{up}) ? int($d->{up}) : $default_delay;
1280 if ($delay > 0) {
1281 print STDERR "Waiting for $delay seconds (startup delay)\n" if $d->{up};
1282 for (my $i = 0; $i < $delay; $i++) {
1283 sleep(1);
1284 }
1285 }
1286 } else {
1287 if ($d->{type} eq 'lxc') {
1288 print STDERR "Starting CT $vmid failed: $status\n";
1289 } elsif ($d->{type} eq 'qemu') {
1290 print STDERR "Starting VM $vmid failed: status\n";
1291 }
1292 }
1293 };
1294 warn $@ if $@;
1295 }
1296 }
1297 return;
1298 };
1299
1300 return $rpcenv->fork_worker('startall', undef, $authuser, $code);
1301 }});
1302
1303 my $create_stop_worker = sub {
1304 my ($nodename, $type, $vmid, $down_timeout) = @_;
1305
1306 my $upid;
1307 if ($type eq 'lxc') {
1308 return if !PVE::LXC::check_running($vmid);
1309 my $timeout = defined($down_timeout) ? int($down_timeout) : 60;
1310 print STDERR "Stopping CT $vmid (timeout = $timeout seconds)\n";
1311 $upid = PVE::API2::LXC::Status->vm_shutdown({node => $nodename, vmid => $vmid,
1312 timeout => $timeout, forceStop => 1 });
1313 } elsif ($type eq 'qemu') {
1314 return if !PVE::QemuServer::check_running($vmid, 1);
1315 my $timeout = defined($down_timeout) ? int($down_timeout) : 60*3;
1316 print STDERR "Stopping VM $vmid (timeout = $timeout seconds)\n";
1317 $upid = PVE::API2::Qemu->vm_shutdown({node => $nodename, vmid => $vmid,
1318 timeout => $timeout, forceStop => 1 });
1319 } else {
1320 die "unknown VM type '$type'\n";
1321 }
1322
1323 my $res = PVE::Tools::upid_decode($upid);
1324
1325 return $res->{pid};
1326 };
1327
1328 __PACKAGE__->register_method ({
1329 name => 'stopall',
1330 path => 'stopall',
1331 method => 'POST',
1332 protected => 1,
1333 proxyto => 'node',
1334 description => "Stop all VMs and Containers.",
1335 parameters => {
1336 additionalProperties => 0,
1337 properties => {
1338 node => get_standard_option('pve-node'),
1339 },
1340 },
1341 returns => {
1342 type => 'string',
1343 },
1344 code => sub {
1345 my ($param) = @_;
1346
1347 my $rpcenv = PVE::RPCEnvironment::get();
1348 my $authuser = $rpcenv->get_user();
1349
1350 my $nodename = $param->{node};
1351 $nodename = PVE::INotify::nodename() if $nodename eq 'localhost';
1352
1353 my $code = sub {
1354
1355 $rpcenv->{type} = 'priv'; # to start tasks in background
1356
1357 my $stopList = &$get_start_stop_list($nodename);
1358
1359 my $cpuinfo = PVE::ProcFSTools::read_cpuinfo();
1360 my $maxWorkers = $cpuinfo->{cpus};
1361
1362 foreach my $order (sort {$b <=> $a} keys %$stopList) {
1363 my $vmlist = $stopList->{$order};
1364 my $workers = {};
1365 foreach my $vmid (sort {$b <=> $a} keys %$vmlist) {
1366 my $d = $vmlist->{$vmid};
1367 my $pid;
1368 eval { $pid = &$create_stop_worker($nodename, $d->{type}, $vmid, $d->{down}); };
1369 warn $@ if $@;
1370 next if !$pid;
1371
1372 $workers->{$pid} = 1;
1373 while (scalar(keys %$workers) >= $maxWorkers) {
1374 foreach my $p (keys %$workers) {
1375 if (!PVE::ProcFSTools::check_process_running($p)) {
1376 delete $workers->{$p};
1377 }
1378 }
1379 sleep(1);
1380 }
1381 }
1382 while (scalar(keys %$workers)) {
1383 foreach my $p (keys %$workers) {
1384 if (!PVE::ProcFSTools::check_process_running($p)) {
1385 delete $workers->{$p};
1386 }
1387 }
1388 sleep(1);
1389 }
1390 }
1391 return;
1392 };
1393
1394 return $rpcenv->fork_worker('stopall', undef, $authuser, $code);
1395
1396 }});
1397
1398 my $create_migrate_worker = sub {
1399 my ($nodename, $type, $vmid, $target) = @_;
1400
1401 my $upid;
1402 if ($type eq 'lxc') {
1403 my $online = PVE::LXC::check_running($vmid) ? 1 : 0;
1404 print STDERR "Migrating CT $vmid\n";
1405 $upid = PVE::API2::LXC->migrate_vm({node => $nodename, vmid => $vmid, target => $target,
1406 online => $online });
1407 } elsif ($type eq 'qemu') {
1408 my $online = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
1409 print STDERR "Migrating VM $vmid\n";
1410 $upid = PVE::API2::Qemu->migrate_vm({node => $nodename, vmid => $vmid, target => $target,
1411 online => $online });
1412 } else {
1413 die "unknown VM type '$type'\n";
1414 }
1415
1416 my $res = PVE::Tools::upid_decode($upid);
1417
1418 return $res->{pid};
1419 };
1420
1421 __PACKAGE__->register_method ({
1422 name => 'migrateall',
1423 path => 'migrateall',
1424 method => 'POST',
1425 proxyto => 'node',
1426 protected => 1,
1427 description => "Migrate all VMs and Containers.",
1428 parameters => {
1429 additionalProperties => 0,
1430 properties => {
1431 node => get_standard_option('pve-node'),
1432 target => get_standard_option('pve-node', { description => "Target node." }),
1433 maxworkers => {
1434 description => "Max parralel migration job.",
1435 type => 'integer',
1436 minimum => 1
1437 },
1438 },
1439 },
1440 returns => {
1441 type => 'string',
1442 },
1443 code => sub {
1444 my ($param) = @_;
1445
1446 my $rpcenv = PVE::RPCEnvironment::get();
1447 my $authuser = $rpcenv->get_user();
1448
1449 my $nodename = $param->{node};
1450 $nodename = PVE::INotify::nodename() if $nodename eq 'localhost';
1451
1452 my $target = $param->{target};
1453 my $maxWorkers = $param->{maxworkers};
1454
1455 my $code = sub {
1456
1457 $rpcenv->{type} = 'priv'; # to start tasks in background
1458
1459 my $migrateList = &$get_start_stop_list($nodename);
1460
1461 foreach my $order (sort {$b <=> $a} keys %$migrateList) {
1462 my $vmlist = $migrateList->{$order};
1463 my $workers = {};
1464 foreach my $vmid (sort {$b <=> $a} keys %$vmlist) {
1465 my $d = $vmlist->{$vmid};
1466 my $pid;
1467 eval { $pid = &$create_migrate_worker($nodename, $d->{type}, $vmid, $target); };
1468 warn $@ if $@;
1469 next if !$pid;
1470
1471 $workers->{$pid} = 1;
1472 while (scalar(keys %$workers) >= $maxWorkers) {
1473 foreach my $p (keys %$workers) {
1474 if (!PVE::ProcFSTools::check_process_running($p)) {
1475 delete $workers->{$p};
1476 }
1477 }
1478 sleep(1);
1479 }
1480 }
1481 while (scalar(keys %$workers)) {
1482 foreach my $p (keys %$workers) {
1483 if (!PVE::ProcFSTools::check_process_running($p)) {
1484 delete $workers->{$p};
1485 }
1486 }
1487 sleep(1);
1488 }
1489 }
1490 return;
1491 };
1492
1493 return $rpcenv->fork_worker('migrateall', undef, $authuser, $code);
1494
1495 }});
1496
1497 package PVE::API2::Nodes;
1498
1499 use strict;
1500 use warnings;
1501
1502 use PVE::SafeSyslog;
1503 use PVE::Cluster;
1504 use PVE::RESTHandler;
1505 use PVE::RPCEnvironment;
1506 use PVE::API2Tools;
1507
1508 use base qw(PVE::RESTHandler);
1509
1510 __PACKAGE__->register_method ({
1511 subclass => "PVE::API2::Nodes::Nodeinfo",
1512 path => '{node}',
1513 });
1514
1515 __PACKAGE__->register_method ({
1516 name => 'index',
1517 path => '',
1518 method => 'GET',
1519 permissions => { user => 'all' },
1520 description => "Cluster node index.",
1521 parameters => {
1522 additionalProperties => 0,
1523 properties => {},
1524 },
1525 returns => {
1526 type => 'array',
1527 items => {
1528 type => "object",
1529 properties => {},
1530 },
1531 links => [ { rel => 'child', href => "{node}" } ],
1532 },
1533 code => sub {
1534 my ($param) = @_;
1535
1536 my $clinfo = PVE::Cluster::get_clinfo();
1537 my $res = [];
1538
1539 my $nodelist = PVE::Cluster::get_nodelist();
1540 my $members = PVE::Cluster::get_members();
1541 my $rrd = PVE::Cluster::rrd_dump();
1542
1543 foreach my $node (@$nodelist) {
1544 my $entry = PVE::API2Tools::extract_node_stats($node, $members, $rrd);
1545 push @$res, $entry;
1546 }
1547
1548 return $res;
1549 }});
1550
1551 1;
The Proxmox VE Management API and Web UI