]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:


8bcc2bf0b35254f45c76c45db1417ac7cde2d3f1
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuServer;
17 use PVE::QemuMigrate;
18 use PVE::RPCEnvironment;
19 use PVE::AccessControl;
20 use PVE::INotify;
21 use PVE::Network;
22 use PVE::Firewall;
23 use PVE::API2::Firewall::VM;
24 use PVE::HA::Config;
25
26 use Data::Dumper; # fixme: remove
27
28 use base qw(PVE::RESTHandler);
29
30 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
31
32 my $resolve_cdrom_alias = sub {
33 my $param = shift;
34
35 if (my $value = $param->{cdrom}) {
36 $value .= ",media=cdrom" if $value !~ m/media=/;
37 $param->{ide2} = $value;
38 delete $param->{cdrom};
39 }
40 };
41
42 my $check_storage_access = sub {
43 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
44
45 PVE::QemuServer::foreach_drive($settings, sub {
46 my ($ds, $drive) = @_;
47
48 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
49
50 my $volid = $drive->{file};
51
52 if (!$volid || $volid eq 'none') {
53 # nothing to check
54 } elsif ($isCDROM && ($volid eq 'cdrom')) {
55 $rpcenv->check($authuser, "/", ['Sys.Console']);
56 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
57 my ($storeid, $size) = ($2 || $default_storage, $3);
58 die "no storage ID specified (and no default storage)\n" if !$storeid;
59 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
60 } else {
61 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
62 }
63 });
64 };
65
66 my $check_storage_access_clone = sub {
67 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
68
69 my $sharedvm = 1;
70
71 PVE::QemuServer::foreach_drive($conf, sub {
72 my ($ds, $drive) = @_;
73
74 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
75
76 my $volid = $drive->{file};
77
78 return if !$volid || $volid eq 'none';
79
80 if ($isCDROM) {
81 if ($volid eq 'cdrom') {
82 $rpcenv->check($authuser, "/", ['Sys.Console']);
83 } else {
84 # we simply allow access
85 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
86 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
87 $sharedvm = 0 if !$scfg->{shared};
88
89 }
90 } else {
91 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
92 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
93 $sharedvm = 0 if !$scfg->{shared};
94
95 $sid = $storage if $storage;
96 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
97 }
98 });
99
100 return $sharedvm;
101 };
102
103 # Note: $pool is only needed when creating a VM, because pool permissions
104 # are automatically inherited if VM already exists inside a pool.
105 my $create_disks = sub {
106 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
107
108 my $vollist = [];
109
110 my $res = {};
111 PVE::QemuServer::foreach_drive($settings, sub {
112 my ($ds, $disk) = @_;
113
114 my $volid = $disk->{file};
115
116 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
117 delete $disk->{size};
118 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
119 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
120 my ($storeid, $size) = ($2 || $default_storage, $3);
121 die "no storage ID specified (and no default storage)\n" if !$storeid;
122 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
123 my $fmt = $disk->{format} || $defformat;
124 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
125 $fmt, undef, $size*1024*1024);
126 $disk->{file} = $volid;
127 $disk->{size} = $size*1024*1024*1024;
128 push @$vollist, $volid;
129 delete $disk->{format}; # no longer needed
130 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
131 } else {
132
133 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
134
135 my $volid_is_new = 1;
136
137 if ($conf->{$ds}) {
138 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
139 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
140 }
141
142 if ($volid_is_new) {
143
144 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
145
146 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
147
148 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
149
150 die "volume $volid does not exists\n" if !$size;
151
152 $disk->{size} = $size;
153 }
154
155 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
156 }
157 });
158
159 # free allocated images on error
160 if (my $err = $@) {
161 syslog('err', "VM $vmid creating disks failed");
162 foreach my $volid (@$vollist) {
163 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
164 warn $@ if $@;
165 }
166 die $err;
167 }
168
169 # modify vm config if everything went well
170 foreach my $ds (keys %$res) {
171 $conf->{$ds} = $res->{$ds};
172 }
173
174 return $vollist;
175 };
176
177 my $check_vm_modify_config_perm = sub {
178 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
179
180 return 1 if $authuser eq 'root@pam';
181
182 foreach my $opt (@$key_list) {
183 # disk checks need to be done somewhere else
184 next if PVE::QemuServer::valid_drivename($opt);
185
186 if ($opt eq 'sockets' || $opt eq 'cores' ||
187 $opt eq 'cpu' || $opt eq 'smp' || $opt eq 'vcpus' ||
188 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
189 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
190 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
191 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
192 } elsif ($opt eq 'args' || $opt eq 'lock') {
193 die "only root can set '$opt' config\n";
194 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
195 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet' || $opt eq 'smbios1') {
196 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
197 } elsif ($opt =~ m/^net\d+$/) {
198 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
199 } else {
200 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
201 }
202 }
203
204 return 1;
205 };
206
207 my $check_protection = sub {
208 my ($vm_conf, $err_msg) = @_;
209
210 if ($vm_conf->{protection}) {
211 die "$err_msg - protection mode enabled\n";
212 }
213 };
214
215 __PACKAGE__->register_method({
216 name => 'vmlist',
217 path => '',
218 method => 'GET',
219 description => "Virtual machine index (per node).",
220 permissions => {
221 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
222 user => 'all',
223 },
224 proxyto => 'node',
225 protected => 1, # qemu pid files are only readable by root
226 parameters => {
227 additionalProperties => 0,
228 properties => {
229 node => get_standard_option('pve-node'),
230 },
231 },
232 returns => {
233 type => 'array',
234 items => {
235 type => "object",
236 properties => {},
237 },
238 links => [ { rel => 'child', href => "{vmid}" } ],
239 },
240 code => sub {
241 my ($param) = @_;
242
243 my $rpcenv = PVE::RPCEnvironment::get();
244 my $authuser = $rpcenv->get_user();
245
246 my $vmstatus = PVE::QemuServer::vmstatus();
247
248 my $res = [];
249 foreach my $vmid (keys %$vmstatus) {
250 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
251
252 my $data = $vmstatus->{$vmid};
253 $data->{vmid} = int($vmid);
254 push @$res, $data;
255 }
256
257 return $res;
258 }});
259
260
261
262 __PACKAGE__->register_method({
263 name => 'create_vm',
264 path => '',
265 method => 'POST',
266 description => "Create or restore a virtual machine.",
267 permissions => {
268 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
269 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
270 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
271 user => 'all', # check inside
272 },
273 protected => 1,
274 proxyto => 'node',
275 parameters => {
276 additionalProperties => 0,
277 properties => PVE::QemuServer::json_config_properties(
278 {
279 node => get_standard_option('pve-node'),
280 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
281 archive => {
282 description => "The backup file.",
283 type => 'string',
284 optional => 1,
285 maxLength => 255,
286 completion => \&PVE::QemuServer::complete_backup_archives,
287 },
288 storage => get_standard_option('pve-storage-id', {
289 description => "Default storage.",
290 optional => 1,
291 completion => \&PVE::QemuServer::complete_storage,
292 }),
293 force => {
294 optional => 1,
295 type => 'boolean',
296 description => "Allow to overwrite existing VM.",
297 requires => 'archive',
298 },
299 unique => {
300 optional => 1,
301 type => 'boolean',
302 description => "Assign a unique random ethernet address.",
303 requires => 'archive',
304 },
305 pool => {
306 optional => 1,
307 type => 'string', format => 'pve-poolid',
308 description => "Add the VM to the specified pool.",
309 },
310 }),
311 },
312 returns => {
313 type => 'string',
314 },
315 code => sub {
316 my ($param) = @_;
317
318 my $rpcenv = PVE::RPCEnvironment::get();
319
320 my $authuser = $rpcenv->get_user();
321
322 my $node = extract_param($param, 'node');
323
324 my $vmid = extract_param($param, 'vmid');
325
326 my $archive = extract_param($param, 'archive');
327
328 my $storage = extract_param($param, 'storage');
329
330 my $force = extract_param($param, 'force');
331
332 my $unique = extract_param($param, 'unique');
333
334 my $pool = extract_param($param, 'pool');
335
336 my $filename = PVE::QemuServer::config_file($vmid);
337
338 my $storecfg = PVE::Storage::config();
339
340 PVE::Cluster::check_cfs_quorum();
341
342 if (defined($pool)) {
343 $rpcenv->check_pool_exist($pool);
344 }
345
346 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
347 if defined($storage);
348
349 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
350 # OK
351 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
352 # OK
353 } elsif ($archive && $force && (-f $filename) &&
354 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
355 # OK: user has VM.Backup permissions, and want to restore an existing VM
356 } else {
357 raise_perm_exc();
358 }
359
360 if (!$archive) {
361 &$resolve_cdrom_alias($param);
362
363 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
364
365 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
366
367 foreach my $opt (keys %$param) {
368 if (PVE::QemuServer::valid_drivename($opt)) {
369 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
370 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
371
372 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
373 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
374 }
375 }
376
377 PVE::QemuServer::add_random_macs($param);
378 } else {
379 my $keystr = join(' ', keys %$param);
380 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
381
382 if ($archive eq '-') {
383 die "pipe requires cli environment\n"
384 if $rpcenv->{type} ne 'cli';
385 } else {
386 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
387 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
388 }
389 }
390
391 my $restorefn = sub {
392 my $vmlist = PVE::Cluster::get_vmlist();
393 if ($vmlist->{ids}->{$vmid}) {
394 my $current_node = $vmlist->{ids}->{$vmid}->{node};
395 if ($current_node eq $node) {
396 my $conf = PVE::QemuServer::load_config($vmid);
397
398 &$check_protection($conf, "unable to restore VM $vmid");
399
400 die "unable to restore vm $vmid - config file already exists\n"
401 if !$force;
402
403 die "unable to restore vm $vmid - vm is running\n"
404 if PVE::QemuServer::check_running($vmid);
405 } else {
406 die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n";
407 }
408 }
409
410 my $realcmd = sub {
411 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
412 storage => $storage,
413 pool => $pool,
414 unique => $unique });
415
416 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
417 };
418
419 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
420 };
421
422 my $createfn = sub {
423
424 # test after locking
425 PVE::Cluster::check_vmid_unused($vmid);
426
427 my $realcmd = sub {
428
429 my $vollist = [];
430
431 my $conf = $param;
432
433 eval {
434
435 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
436
437 # try to be smart about bootdisk
438 my @disks = PVE::QemuServer::disknames();
439 my $firstdisk;
440 foreach my $ds (reverse @disks) {
441 next if !$conf->{$ds};
442 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
443 next if PVE::QemuServer::drive_is_cdrom($disk);
444 $firstdisk = $ds;
445 }
446
447 if (!$conf->{bootdisk} && $firstdisk) {
448 $conf->{bootdisk} = $firstdisk;
449 }
450
451 # auto generate uuid if user did not specify smbios1 option
452 if (!$conf->{smbios1}) {
453 my ($uuid, $uuid_str);
454 UUID::generate($uuid);
455 UUID::unparse($uuid, $uuid_str);
456 $conf->{smbios1} = "uuid=$uuid_str";
457 }
458
459 PVE::QemuServer::update_config_nolock($vmid, $conf);
460
461 };
462 my $err = $@;
463
464 if ($err) {
465 foreach my $volid (@$vollist) {
466 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
467 warn $@ if $@;
468 }
469 die "create failed - $err";
470 }
471
472 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
473 };
474
475 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
476 };
477
478 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
479 }});
480
481 __PACKAGE__->register_method({
482 name => 'vmdiridx',
483 path => '{vmid}',
484 method => 'GET',
485 proxyto => 'node',
486 description => "Directory index",
487 permissions => {
488 user => 'all',
489 },
490 parameters => {
491 additionalProperties => 0,
492 properties => {
493 node => get_standard_option('pve-node'),
494 vmid => get_standard_option('pve-vmid'),
495 },
496 },
497 returns => {
498 type => 'array',
499 items => {
500 type => "object",
501 properties => {
502 subdir => { type => 'string' },
503 },
504 },
505 links => [ { rel => 'child', href => "{subdir}" } ],
506 },
507 code => sub {
508 my ($param) = @_;
509
510 my $res = [
511 { subdir => 'config' },
512 { subdir => 'pending' },
513 { subdir => 'status' },
514 { subdir => 'unlink' },
515 { subdir => 'vncproxy' },
516 { subdir => 'migrate' },
517 { subdir => 'resize' },
518 { subdir => 'move' },
519 { subdir => 'rrd' },
520 { subdir => 'rrddata' },
521 { subdir => 'monitor' },
522 { subdir => 'snapshot' },
523 { subdir => 'spiceproxy' },
524 { subdir => 'sendkey' },
525 { subdir => 'firewall' },
526 ];
527
528 return $res;
529 }});
530
531 __PACKAGE__->register_method ({
532 subclass => "PVE::API2::Firewall::VM",
533 path => '{vmid}/firewall',
534 });
535
536 __PACKAGE__->register_method({
537 name => 'rrd',
538 path => '{vmid}/rrd',
539 method => 'GET',
540 protected => 1, # fixme: can we avoid that?
541 permissions => {
542 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
543 },
544 description => "Read VM RRD statistics (returns PNG)",
545 parameters => {
546 additionalProperties => 0,
547 properties => {
548 node => get_standard_option('pve-node'),
549 vmid => get_standard_option('pve-vmid'),
550 timeframe => {
551 description => "Specify the time frame you are interested in.",
552 type => 'string',
553 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
554 },
555 ds => {
556 description => "The list of datasources you want to display.",
557 type => 'string', format => 'pve-configid-list',
558 },
559 cf => {
560 description => "The RRD consolidation function",
561 type => 'string',
562 enum => [ 'AVERAGE', 'MAX' ],
563 optional => 1,
564 },
565 },
566 },
567 returns => {
568 type => "object",
569 properties => {
570 filename => { type => 'string' },
571 },
572 },
573 code => sub {
574 my ($param) = @_;
575
576 return PVE::Cluster::create_rrd_graph(
577 "pve2-vm/$param->{vmid}", $param->{timeframe},
578 $param->{ds}, $param->{cf});
579
580 }});
581
582 __PACKAGE__->register_method({
583 name => 'rrddata',
584 path => '{vmid}/rrddata',
585 method => 'GET',
586 protected => 1, # fixme: can we avoid that?
587 permissions => {
588 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
589 },
590 description => "Read VM RRD statistics",
591 parameters => {
592 additionalProperties => 0,
593 properties => {
594 node => get_standard_option('pve-node'),
595 vmid => get_standard_option('pve-vmid'),
596 timeframe => {
597 description => "Specify the time frame you are interested in.",
598 type => 'string',
599 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
600 },
601 cf => {
602 description => "The RRD consolidation function",
603 type => 'string',
604 enum => [ 'AVERAGE', 'MAX' ],
605 optional => 1,
606 },
607 },
608 },
609 returns => {
610 type => "array",
611 items => {
612 type => "object",
613 properties => {},
614 },
615 },
616 code => sub {
617 my ($param) = @_;
618
619 return PVE::Cluster::create_rrd_data(
620 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
621 }});
622
623
624 __PACKAGE__->register_method({
625 name => 'vm_config',
626 path => '{vmid}/config',
627 method => 'GET',
628 proxyto => 'node',
629 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
630 permissions => {
631 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
632 },
633 parameters => {
634 additionalProperties => 0,
635 properties => {
636 node => get_standard_option('pve-node'),
637 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
638 current => {
639 description => "Get current values (instead of pending values).",
640 optional => 1,
641 default => 0,
642 type => 'boolean',
643 },
644 },
645 },
646 returns => {
647 type => "object",
648 properties => {
649 digest => {
650 type => 'string',
651 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
652 }
653 },
654 },
655 code => sub {
656 my ($param) = @_;
657
658 my $conf = PVE::QemuServer::load_config($param->{vmid});
659
660 delete $conf->{snapshots};
661
662 if (!$param->{current}) {
663 foreach my $opt (keys %{$conf->{pending}}) {
664 next if $opt eq 'delete';
665 my $value = $conf->{pending}->{$opt};
666 next if ref($value); # just to be sure
667 $conf->{$opt} = $value;
668 }
669 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
670 foreach my $opt (keys %$pending_delete_hash) {
671 delete $conf->{$opt} if $conf->{$opt};
672 }
673 }
674
675 delete $conf->{pending};
676
677 return $conf;
678 }});
679
680 __PACKAGE__->register_method({
681 name => 'vm_pending',
682 path => '{vmid}/pending',
683 method => 'GET',
684 proxyto => 'node',
685 description => "Get virtual machine configuration, including pending changes.",
686 permissions => {
687 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
688 },
689 parameters => {
690 additionalProperties => 0,
691 properties => {
692 node => get_standard_option('pve-node'),
693 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
694 },
695 },
696 returns => {
697 type => "array",
698 items => {
699 type => "object",
700 properties => {
701 key => {
702 description => "Configuration option name.",
703 type => 'string',
704 },
705 value => {
706 description => "Current value.",
707 type => 'string',
708 optional => 1,
709 },
710 pending => {
711 description => "Pending value.",
712 type => 'string',
713 optional => 1,
714 },
715 delete => {
716 description => "Indicates a pending delete request if present and not 0. " .
717 "The value 2 indicates a force-delete request.",
718 type => 'integer',
719 minimum => 0,
720 maximum => 2,
721 optional => 1,
722 },
723 },
724 },
725 },
726 code => sub {
727 my ($param) = @_;
728
729 my $conf = PVE::QemuServer::load_config($param->{vmid});
730
731 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
732
733 my $res = [];
734
735 foreach my $opt (keys %$conf) {
736 next if ref($conf->{$opt});
737 my $item = { key => $opt };
738 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
739 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
740 $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
741 push @$res, $item;
742 }
743
744 foreach my $opt (keys %{$conf->{pending}}) {
745 next if $opt eq 'delete';
746 next if ref($conf->{pending}->{$opt}); # just to be sure
747 next if defined($conf->{$opt});
748 my $item = { key => $opt };
749 $item->{pending} = $conf->{pending}->{$opt};
750 push @$res, $item;
751 }
752
753 while (my ($opt, $force) = each %$pending_delete_hash) {
754 next if $conf->{pending}->{$opt}; # just to be sure
755 next if $conf->{$opt};
756 my $item = { key => $opt, delete => ($force ? 2 : 1)};
757 push @$res, $item;
758 }
759
760 return $res;
761 }});
762
763 # POST/PUT {vmid}/config implementation
764 #
765 # The original API used PUT (idempotent) an we assumed that all operations
766 # are fast. But it turned out that almost any configuration change can
767 # involve hot-plug actions, or disk alloc/free. Such actions can take long
768 # time to complete and have side effects (not idempotent).
769 #
770 # The new implementation uses POST and forks a worker process. We added
771 # a new option 'background_delay'. If specified we wait up to
772 # 'background_delay' second for the worker task to complete. It returns null
773 # if the task is finished within that time, else we return the UPID.
774
775 my $update_vm_api = sub {
776 my ($param, $sync) = @_;
777
778 my $rpcenv = PVE::RPCEnvironment::get();
779
780 my $authuser = $rpcenv->get_user();
781
782 my $node = extract_param($param, 'node');
783
784 my $vmid = extract_param($param, 'vmid');
785
786 my $digest = extract_param($param, 'digest');
787
788 my $background_delay = extract_param($param, 'background_delay');
789
790 my @paramarr = (); # used for log message
791 foreach my $key (keys %$param) {
792 push @paramarr, "-$key", $param->{$key};
793 }
794
795 my $skiplock = extract_param($param, 'skiplock');
796 raise_param_exc({ skiplock => "Only root may use this option." })
797 if $skiplock && $authuser ne 'root@pam';
798
799 my $delete_str = extract_param($param, 'delete');
800
801 my $revert_str = extract_param($param, 'revert');
802
803 my $force = extract_param($param, 'force');
804
805 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
806
807 my $storecfg = PVE::Storage::config();
808
809 my $defaults = PVE::QemuServer::load_defaults();
810
811 &$resolve_cdrom_alias($param);
812
813 # now try to verify all parameters
814
815 my $revert = {};
816 foreach my $opt (PVE::Tools::split_list($revert_str)) {
817 if (!PVE::QemuServer::option_exists($opt)) {
818 raise_param_exc({ revert => "unknown option '$opt'" });
819 }
820
821 raise_param_exc({ delete => "you can't use '-$opt' and " .
822 "-revert $opt' at the same time" })
823 if defined($param->{$opt});
824
825 $revert->{$opt} = 1;
826 }
827
828 my @delete = ();
829 foreach my $opt (PVE::Tools::split_list($delete_str)) {
830 $opt = 'ide2' if $opt eq 'cdrom';
831
832 raise_param_exc({ delete => "you can't use '-$opt' and " .
833 "-delete $opt' at the same time" })
834 if defined($param->{$opt});
835
836 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
837 "-revert $opt' at the same time" })
838 if $revert->{$opt};
839
840 if (!PVE::QemuServer::option_exists($opt)) {
841 raise_param_exc({ delete => "unknown option '$opt'" });
842 }
843
844 push @delete, $opt;
845 }
846
847 foreach my $opt (keys %$param) {
848 if (PVE::QemuServer::valid_drivename($opt)) {
849 # cleanup drive path
850 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
851 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
852 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
853 } elsif ($opt =~ m/^net(\d+)$/) {
854 # add macaddr
855 my $net = PVE::QemuServer::parse_net($param->{$opt});
856 $param->{$opt} = PVE::QemuServer::print_net($net);
857 }
858 }
859
860 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
861
862 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
863
864 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
865
866 my $updatefn = sub {
867
868 my $conf = PVE::QemuServer::load_config($vmid);
869
870 die "checksum missmatch (file change by other user?)\n"
871 if $digest && $digest ne $conf->{digest};
872
873 PVE::QemuServer::check_lock($conf) if !$skiplock;
874
875 foreach my $opt (keys %$revert) {
876 if (defined($conf->{$opt})) {
877 $param->{$opt} = $conf->{$opt};
878 } elsif (defined($conf->{pending}->{$opt})) {
879 push @delete, $opt;
880 }
881 }
882
883 if ($param->{memory} || defined($param->{balloon})) {
884 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
885 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
886
887 die "balloon value too large (must be smaller than assigned memory)\n"
888 if $balloon && $balloon > $maxmem;
889 }
890
891 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
892
893 my $worker = sub {
894
895 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
896
897 # write updates to pending section
898
899 my $modified = {}; # record what $option we modify
900
901 foreach my $opt (@delete) {
902 $modified->{$opt} = 1;
903 $conf = PVE::QemuServer::load_config($vmid); # update/reload
904 if ($opt =~ m/^unused/) {
905 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
906 &$check_protection($conf, "can't remove unused disk '$drive->{file}'");
907 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
908 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
909 delete $conf->{$opt};
910 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
911 }
912 } elsif (PVE::QemuServer::valid_drivename($opt)) {
913 &$check_protection($conf, "can't remove drive '$opt'");
914 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
915 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
916 if defined($conf->{pending}->{$opt});
917 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
918 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
919 } else {
920 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
921 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
922 }
923 }
924
925 foreach my $opt (keys %$param) { # add/change
926 $modified->{$opt} = 1;
927 $conf = PVE::QemuServer::load_config($vmid); # update/reload
928 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
929
930 if (PVE::QemuServer::valid_drivename($opt)) {
931 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
932 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
933 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
934 } else {
935 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
936 }
937 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
938 if defined($conf->{pending}->{$opt});
939
940 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
941 } else {
942 $conf->{pending}->{$opt} = $param->{$opt};
943 }
944 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
945 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
946 }
947
948 # remove pending changes when nothing changed
949 $conf = PVE::QemuServer::load_config($vmid); # update/reload
950 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
951 PVE::QemuServer::update_config_nolock($vmid, $conf, 1) if $changes;
952
953 return if !scalar(keys %{$conf->{pending}});
954
955 my $running = PVE::QemuServer::check_running($vmid);
956
957 # apply pending changes
958
959 $conf = PVE::QemuServer::load_config($vmid); # update/reload
960
961 if ($running) {
962 my $errors = {};
963 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
964 raise_param_exc($errors) if scalar(keys %$errors);
965 } else {
966 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
967 }
968
969 return;
970 };
971
972 if ($sync) {
973 &$worker();
974 return undef;
975 } else {
976 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
977
978 if ($background_delay) {
979
980 # Note: It would be better to do that in the Event based HTTPServer
981 # to avoid blocking call to sleep.
982
983 my $end_time = time() + $background_delay;
984
985 my $task = PVE::Tools::upid_decode($upid);
986
987 my $running = 1;
988 while (time() < $end_time) {
989 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
990 last if !$running;
991 sleep(1); # this gets interrupted when child process ends
992 }
993
994 if (!$running) {
995 my $status = PVE::Tools::upid_read_status($upid);
996 return undef if $status eq 'OK';
997 die $status;
998 }
999 }
1000
1001 return $upid;
1002 }
1003 };
1004
1005 return PVE::QemuServer::lock_config($vmid, $updatefn);
1006 };
1007
1008 my $vm_config_perm_list = [
1009 'VM.Config.Disk',
1010 'VM.Config.CDROM',
1011 'VM.Config.CPU',
1012 'VM.Config.Memory',
1013 'VM.Config.Network',
1014 'VM.Config.HWType',
1015 'VM.Config.Options',
1016 ];
1017
1018 __PACKAGE__->register_method({
1019 name => 'update_vm_async',
1020 path => '{vmid}/config',
1021 method => 'POST',
1022 protected => 1,
1023 proxyto => 'node',
1024 description => "Set virtual machine options (asynchrounous API).",
1025 permissions => {
1026 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1027 },
1028 parameters => {
1029 additionalProperties => 0,
1030 properties => PVE::QemuServer::json_config_properties(
1031 {
1032 node => get_standard_option('pve-node'),
1033 vmid => get_standard_option('pve-vmid'),
1034 skiplock => get_standard_option('skiplock'),
1035 delete => {
1036 type => 'string', format => 'pve-configid-list',
1037 description => "A list of settings you want to delete.",
1038 optional => 1,
1039 },
1040 revert => {
1041 type => 'string', format => 'pve-configid-list',
1042 description => "Revert a pending change.",
1043 optional => 1,
1044 },
1045 force => {
1046 type => 'boolean',
1047 description => $opt_force_description,
1048 optional => 1,
1049 requires => 'delete',
1050 },
1051 digest => {
1052 type => 'string',
1053 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1054 maxLength => 40,
1055 optional => 1,
1056 },
1057 background_delay => {
1058 type => 'integer',
1059 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1060 minimum => 1,
1061 maximum => 30,
1062 optional => 1,
1063 },
1064 }),
1065 },
1066 returns => {
1067 type => 'string',
1068 optional => 1,
1069 },
1070 code => $update_vm_api,
1071 });
1072
1073 __PACKAGE__->register_method({
1074 name => 'update_vm',
1075 path => '{vmid}/config',
1076 method => 'PUT',
1077 protected => 1,
1078 proxyto => 'node',
1079 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1080 permissions => {
1081 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1082 },
1083 parameters => {
1084 additionalProperties => 0,
1085 properties => PVE::QemuServer::json_config_properties(
1086 {
1087 node => get_standard_option('pve-node'),
1088 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1089 skiplock => get_standard_option('skiplock'),
1090 delete => {
1091 type => 'string', format => 'pve-configid-list',
1092 description => "A list of settings you want to delete.",
1093 optional => 1,
1094 },
1095 revert => {
1096 type => 'string', format => 'pve-configid-list',
1097 description => "Revert a pending change.",
1098 optional => 1,
1099 },
1100 force => {
1101 type => 'boolean',
1102 description => $opt_force_description,
1103 optional => 1,
1104 requires => 'delete',
1105 },
1106 digest => {
1107 type => 'string',
1108 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1109 maxLength => 40,
1110 optional => 1,
1111 },
1112 }),
1113 },
1114 returns => { type => 'null' },
1115 code => sub {
1116 my ($param) = @_;
1117 &$update_vm_api($param, 1);
1118 return undef;
1119 }
1120 });
1121
1122
1123 __PACKAGE__->register_method({
1124 name => 'destroy_vm',
1125 path => '{vmid}',
1126 method => 'DELETE',
1127 protected => 1,
1128 proxyto => 'node',
1129 description => "Destroy the vm (also delete all used/owned volumes).",
1130 permissions => {
1131 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1132 },
1133 parameters => {
1134 additionalProperties => 0,
1135 properties => {
1136 node => get_standard_option('pve-node'),
1137 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1138 skiplock => get_standard_option('skiplock'),
1139 },
1140 },
1141 returns => {
1142 type => 'string',
1143 },
1144 code => sub {
1145 my ($param) = @_;
1146
1147 my $rpcenv = PVE::RPCEnvironment::get();
1148
1149 my $authuser = $rpcenv->get_user();
1150
1151 my $vmid = $param->{vmid};
1152
1153 my $skiplock = $param->{skiplock};
1154 raise_param_exc({ skiplock => "Only root may use this option." })
1155 if $skiplock && $authuser ne 'root@pam';
1156
1157 # test if VM exists
1158 my $conf = PVE::QemuServer::load_config($vmid);
1159
1160 my $storecfg = PVE::Storage::config();
1161
1162 &$check_protection($conf, "can't remove VM $vmid");
1163
1164 die "unable to remove VM $vmid - used in HA resources\n"
1165 if PVE::HA::Config::vm_is_ha_managed($vmid);
1166
1167 my $realcmd = sub {
1168 my $upid = shift;
1169
1170 syslog('info', "destroy VM $vmid: $upid\n");
1171
1172 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1173
1174 PVE::AccessControl::remove_vm_access($vmid);
1175
1176 PVE::Firewall::remove_vmfw_conf($vmid);
1177 };
1178
1179 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1180 }});
1181
1182 __PACKAGE__->register_method({
1183 name => 'unlink',
1184 path => '{vmid}/unlink',
1185 method => 'PUT',
1186 protected => 1,
1187 proxyto => 'node',
1188 description => "Unlink/delete disk images.",
1189 permissions => {
1190 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1191 },
1192 parameters => {
1193 additionalProperties => 0,
1194 properties => {
1195 node => get_standard_option('pve-node'),
1196 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1197 idlist => {
1198 type => 'string', format => 'pve-configid-list',
1199 description => "A list of disk IDs you want to delete.",
1200 },
1201 force => {
1202 type => 'boolean',
1203 description => $opt_force_description,
1204 optional => 1,
1205 },
1206 },
1207 },
1208 returns => { type => 'null'},
1209 code => sub {
1210 my ($param) = @_;
1211
1212 $param->{delete} = extract_param($param, 'idlist');
1213
1214 __PACKAGE__->update_vm($param);
1215
1216 return undef;
1217 }});
1218
1219 my $sslcert;
1220
1221 __PACKAGE__->register_method({
1222 name => 'vncproxy',
1223 path => '{vmid}/vncproxy',
1224 method => 'POST',
1225 protected => 1,
1226 permissions => {
1227 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1228 },
1229 description => "Creates a TCP VNC proxy connections.",
1230 parameters => {
1231 additionalProperties => 0,
1232 properties => {
1233 node => get_standard_option('pve-node'),
1234 vmid => get_standard_option('pve-vmid'),
1235 websocket => {
1236 optional => 1,
1237 type => 'boolean',
1238 description => "starts websockify instead of vncproxy",
1239 },
1240 },
1241 },
1242 returns => {
1243 additionalProperties => 0,
1244 properties => {
1245 user => { type => 'string' },
1246 ticket => { type => 'string' },
1247 cert => { type => 'string' },
1248 port => { type => 'integer' },
1249 upid => { type => 'string' },
1250 },
1251 },
1252 code => sub {
1253 my ($param) = @_;
1254
1255 my $rpcenv = PVE::RPCEnvironment::get();
1256
1257 my $authuser = $rpcenv->get_user();
1258
1259 my $vmid = $param->{vmid};
1260 my $node = $param->{node};
1261 my $websocket = $param->{websocket};
1262
1263 my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
1264
1265 my $authpath = "/vms/$vmid";
1266
1267 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1268
1269 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1270 if !$sslcert;
1271
1272 my ($remip, $family);
1273 my $remcmd = [];
1274
1275 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1276 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
1277 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1278 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1279 } else {
1280 $family = PVE::Tools::get_host_address_family($node);
1281 }
1282
1283 my $port = PVE::Tools::next_vnc_port($family);
1284
1285 my $timeout = 10;
1286
1287 my $realcmd = sub {
1288 my $upid = shift;
1289
1290 syslog('info', "starting vnc proxy $upid\n");
1291
1292 my $cmd;
1293
1294 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1295
1296 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1297
1298 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1299 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1300 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1301 '-timeout', $timeout, '-authpath', $authpath,
1302 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1303 } else {
1304
1305 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1306
1307 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1308
1309 my $qmstr = join(' ', @$qmcmd);
1310
1311 # also redirect stderr (else we get RFB protocol errors)
1312 $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"];
1313 }
1314
1315 PVE::Tools::run_command($cmd);
1316
1317 return;
1318 };
1319
1320 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1321
1322 PVE::Tools::wait_for_vnc_port($port);
1323
1324 return {
1325 user => $authuser,
1326 ticket => $ticket,
1327 port => $port,
1328 upid => $upid,
1329 cert => $sslcert,
1330 };
1331 }});
1332
1333 __PACKAGE__->register_method({
1334 name => 'vncwebsocket',
1335 path => '{vmid}/vncwebsocket',
1336 method => 'GET',
1337 permissions => {
1338 description => "You also need to pass a valid ticket (vncticket).",
1339 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1340 },
1341 description => "Opens a weksocket for VNC traffic.",
1342 parameters => {
1343 additionalProperties => 0,
1344 properties => {
1345 node => get_standard_option('pve-node'),
1346 vmid => get_standard_option('pve-vmid'),
1347 vncticket => {
1348 description => "Ticket from previous call to vncproxy.",
1349 type => 'string',
1350 maxLength => 512,
1351 },
1352 port => {
1353 description => "Port number returned by previous vncproxy call.",
1354 type => 'integer',
1355 minimum => 5900,
1356 maximum => 5999,
1357 },
1358 },
1359 },
1360 returns => {
1361 type => "object",
1362 properties => {
1363 port => { type => 'string' },
1364 },
1365 },
1366 code => sub {
1367 my ($param) = @_;
1368
1369 my $rpcenv = PVE::RPCEnvironment::get();
1370
1371 my $authuser = $rpcenv->get_user();
1372
1373 my $vmid = $param->{vmid};
1374 my $node = $param->{node};
1375
1376 my $authpath = "/vms/$vmid";
1377
1378 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1379
1380 my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
1381
1382 # Note: VNC ports are acessible from outside, so we do not gain any
1383 # security if we verify that $param->{port} belongs to VM $vmid. This
1384 # check is done by verifying the VNC ticket (inside VNC protocol).
1385
1386 my $port = $param->{port};
1387
1388 return { port => $port };
1389 }});
1390
1391 __PACKAGE__->register_method({
1392 name => 'spiceproxy',
1393 path => '{vmid}/spiceproxy',
1394 method => 'POST',
1395 protected => 1,
1396 proxyto => 'node',
1397 permissions => {
1398 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1399 },
1400 description => "Returns a SPICE configuration to connect to the VM.",
1401 parameters => {
1402 additionalProperties => 0,
1403 properties => {
1404 node => get_standard_option('pve-node'),
1405 vmid => get_standard_option('pve-vmid'),
1406 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1407 },
1408 },
1409 returns => get_standard_option('remote-viewer-config'),
1410 code => sub {
1411 my ($param) = @_;
1412
1413 my $rpcenv = PVE::RPCEnvironment::get();
1414
1415 my $authuser = $rpcenv->get_user();
1416
1417 my $vmid = $param->{vmid};
1418 my $node = $param->{node};
1419 my $proxy = $param->{proxy};
1420
1421 my $conf = PVE::QemuServer::load_config($vmid, $node);
1422 my $title = "VM $vmid";
1423 $title .= " - ". $conf->{name} if $conf->{name};
1424
1425 my $port = PVE::QemuServer::spice_port($vmid);
1426
1427 my ($ticket, undef, $remote_viewer_config) =
1428 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1429
1430 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1431 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1432
1433 return $remote_viewer_config;
1434 }});
1435
1436 __PACKAGE__->register_method({
1437 name => 'vmcmdidx',
1438 path => '{vmid}/status',
1439 method => 'GET',
1440 proxyto => 'node',
1441 description => "Directory index",
1442 permissions => {
1443 user => 'all',
1444 },
1445 parameters => {
1446 additionalProperties => 0,
1447 properties => {
1448 node => get_standard_option('pve-node'),
1449 vmid => get_standard_option('pve-vmid'),
1450 },
1451 },
1452 returns => {
1453 type => 'array',
1454 items => {
1455 type => "object",
1456 properties => {
1457 subdir => { type => 'string' },
1458 },
1459 },
1460 links => [ { rel => 'child', href => "{subdir}" } ],
1461 },
1462 code => sub {
1463 my ($param) = @_;
1464
1465 # test if VM exists
1466 my $conf = PVE::QemuServer::load_config($param->{vmid});
1467
1468 my $res = [
1469 { subdir => 'current' },
1470 { subdir => 'start' },
1471 { subdir => 'stop' },
1472 ];
1473
1474 return $res;
1475 }});
1476
1477 __PACKAGE__->register_method({
1478 name => 'vm_status',
1479 path => '{vmid}/status/current',
1480 method => 'GET',
1481 proxyto => 'node',
1482 protected => 1, # qemu pid files are only readable by root
1483 description => "Get virtual machine status.",
1484 permissions => {
1485 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1486 },
1487 parameters => {
1488 additionalProperties => 0,
1489 properties => {
1490 node => get_standard_option('pve-node'),
1491 vmid => get_standard_option('pve-vmid'),
1492 },
1493 },
1494 returns => { type => 'object' },
1495 code => sub {
1496 my ($param) = @_;
1497
1498 # test if VM exists
1499 my $conf = PVE::QemuServer::load_config($param->{vmid});
1500
1501 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1502 my $status = $vmstatus->{$param->{vmid}};
1503
1504 $status->{ha} = PVE::HA::Config::vm_is_ha_managed($param->{vmid});
1505
1506 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1507
1508 return $status;
1509 }});
1510
1511 __PACKAGE__->register_method({
1512 name => 'vm_start',
1513 path => '{vmid}/status/start',
1514 method => 'POST',
1515 protected => 1,
1516 proxyto => 'node',
1517 description => "Start virtual machine.",
1518 permissions => {
1519 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1520 },
1521 parameters => {
1522 additionalProperties => 0,
1523 properties => {
1524 node => get_standard_option('pve-node'),
1525 vmid => get_standard_option('pve-vmid'),
1526 skiplock => get_standard_option('skiplock'),
1527 stateuri => get_standard_option('pve-qm-stateuri'),
1528 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1529 machine => get_standard_option('pve-qm-machine'),
1530 },
1531 },
1532 returns => {
1533 type => 'string',
1534 },
1535 code => sub {
1536 my ($param) = @_;
1537
1538 my $rpcenv = PVE::RPCEnvironment::get();
1539
1540 my $authuser = $rpcenv->get_user();
1541
1542 my $node = extract_param($param, 'node');
1543
1544 my $vmid = extract_param($param, 'vmid');
1545
1546 my $machine = extract_param($param, 'machine');
1547
1548 my $stateuri = extract_param($param, 'stateuri');
1549 raise_param_exc({ stateuri => "Only root may use this option." })
1550 if $stateuri && $authuser ne 'root@pam';
1551
1552 my $skiplock = extract_param($param, 'skiplock');
1553 raise_param_exc({ skiplock => "Only root may use this option." })
1554 if $skiplock && $authuser ne 'root@pam';
1555
1556 my $migratedfrom = extract_param($param, 'migratedfrom');
1557 raise_param_exc({ migratedfrom => "Only root may use this option." })
1558 if $migratedfrom && $authuser ne 'root@pam';
1559
1560 # read spice ticket from STDIN
1561 my $spice_ticket;
1562 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1563 if (defined(my $line = <>)) {
1564 chomp $line;
1565 $spice_ticket = $line;
1566 }
1567 }
1568
1569 my $storecfg = PVE::Storage::config();
1570
1571 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
1572 $rpcenv->{type} ne 'ha') {
1573
1574 my $hacmd = sub {
1575 my $upid = shift;
1576
1577 my $service = "vm:$vmid";
1578
1579 my $cmd = ['ha-manager', 'enable', $service];
1580
1581 print "Executing HA start for VM $vmid\n";
1582
1583 PVE::Tools::run_command($cmd);
1584
1585 return;
1586 };
1587
1588 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1589
1590 } else {
1591
1592 my $realcmd = sub {
1593 my $upid = shift;
1594
1595 syslog('info', "start VM $vmid: $upid\n");
1596
1597 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1598 $machine, $spice_ticket);
1599
1600 return;
1601 };
1602
1603 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1604 }
1605 }});
1606
1607 __PACKAGE__->register_method({
1608 name => 'vm_stop',
1609 path => '{vmid}/status/stop',
1610 method => 'POST',
1611 protected => 1,
1612 proxyto => 'node',
1613 description => "Stop virtual machine.",
1614 permissions => {
1615 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1616 },
1617 parameters => {
1618 additionalProperties => 0,
1619 properties => {
1620 node => get_standard_option('pve-node'),
1621 vmid => get_standard_option('pve-vmid'),
1622 skiplock => get_standard_option('skiplock'),
1623 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1624 timeout => {
1625 description => "Wait maximal timeout seconds.",
1626 type => 'integer',
1627 minimum => 0,
1628 optional => 1,
1629 },
1630 keepActive => {
1631 description => "Do not decativate storage volumes.",
1632 type => 'boolean',
1633 optional => 1,
1634 default => 0,
1635 }
1636 },
1637 },
1638 returns => {
1639 type => 'string',
1640 },
1641 code => sub {
1642 my ($param) = @_;
1643
1644 my $rpcenv = PVE::RPCEnvironment::get();
1645
1646 my $authuser = $rpcenv->get_user();
1647
1648 my $node = extract_param($param, 'node');
1649
1650 my $vmid = extract_param($param, 'vmid');
1651
1652 my $skiplock = extract_param($param, 'skiplock');
1653 raise_param_exc({ skiplock => "Only root may use this option." })
1654 if $skiplock && $authuser ne 'root@pam';
1655
1656 my $keepActive = extract_param($param, 'keepActive');
1657 raise_param_exc({ keepActive => "Only root may use this option." })
1658 if $keepActive && $authuser ne 'root@pam';
1659
1660 my $migratedfrom = extract_param($param, 'migratedfrom');
1661 raise_param_exc({ migratedfrom => "Only root may use this option." })
1662 if $migratedfrom && $authuser ne 'root@pam';
1663
1664
1665 my $storecfg = PVE::Storage::config();
1666
1667 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1668
1669 my $hacmd = sub {
1670 my $upid = shift;
1671
1672 my $service = "vm:$vmid";
1673
1674 my $cmd = ['ha-manager', 'disable', $service];
1675
1676 print "Executing HA stop for VM $vmid\n";
1677
1678 PVE::Tools::run_command($cmd);
1679
1680 return;
1681 };
1682
1683 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1684
1685 } else {
1686 my $realcmd = sub {
1687 my $upid = shift;
1688
1689 syslog('info', "stop VM $vmid: $upid\n");
1690
1691 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1692 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1693
1694 return;
1695 };
1696
1697 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1698 }
1699 }});
1700
1701 __PACKAGE__->register_method({
1702 name => 'vm_reset',
1703 path => '{vmid}/status/reset',
1704 method => 'POST',
1705 protected => 1,
1706 proxyto => 'node',
1707 description => "Reset virtual machine.",
1708 permissions => {
1709 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1710 },
1711 parameters => {
1712 additionalProperties => 0,
1713 properties => {
1714 node => get_standard_option('pve-node'),
1715 vmid => get_standard_option('pve-vmid'),
1716 skiplock => get_standard_option('skiplock'),
1717 },
1718 },
1719 returns => {
1720 type => 'string',
1721 },
1722 code => sub {
1723 my ($param) = @_;
1724
1725 my $rpcenv = PVE::RPCEnvironment::get();
1726
1727 my $authuser = $rpcenv->get_user();
1728
1729 my $node = extract_param($param, 'node');
1730
1731 my $vmid = extract_param($param, 'vmid');
1732
1733 my $skiplock = extract_param($param, 'skiplock');
1734 raise_param_exc({ skiplock => "Only root may use this option." })
1735 if $skiplock && $authuser ne 'root@pam';
1736
1737 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1738
1739 my $realcmd = sub {
1740 my $upid = shift;
1741
1742 PVE::QemuServer::vm_reset($vmid, $skiplock);
1743
1744 return;
1745 };
1746
1747 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1748 }});
1749
1750 __PACKAGE__->register_method({
1751 name => 'vm_shutdown',
1752 path => '{vmid}/status/shutdown',
1753 method => 'POST',
1754 protected => 1,
1755 proxyto => 'node',
1756 description => "Shutdown virtual machine.",
1757 permissions => {
1758 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1759 },
1760 parameters => {
1761 additionalProperties => 0,
1762 properties => {
1763 node => get_standard_option('pve-node'),
1764 vmid => get_standard_option('pve-vmid'),
1765 skiplock => get_standard_option('skiplock'),
1766 timeout => {
1767 description => "Wait maximal timeout seconds.",
1768 type => 'integer',
1769 minimum => 0,
1770 optional => 1,
1771 },
1772 forceStop => {
1773 description => "Make sure the VM stops.",
1774 type => 'boolean',
1775 optional => 1,
1776 default => 0,
1777 },
1778 keepActive => {
1779 description => "Do not decativate storage volumes.",
1780 type => 'boolean',
1781 optional => 1,
1782 default => 0,
1783 }
1784 },
1785 },
1786 returns => {
1787 type => 'string',
1788 },
1789 code => sub {
1790 my ($param) = @_;
1791
1792 my $rpcenv = PVE::RPCEnvironment::get();
1793
1794 my $authuser = $rpcenv->get_user();
1795
1796 my $node = extract_param($param, 'node');
1797
1798 my $vmid = extract_param($param, 'vmid');
1799
1800 my $skiplock = extract_param($param, 'skiplock');
1801 raise_param_exc({ skiplock => "Only root may use this option." })
1802 if $skiplock && $authuser ne 'root@pam';
1803
1804 my $keepActive = extract_param($param, 'keepActive');
1805 raise_param_exc({ keepActive => "Only root may use this option." })
1806 if $keepActive && $authuser ne 'root@pam';
1807
1808 my $storecfg = PVE::Storage::config();
1809
1810 my $realcmd = sub {
1811 my $upid = shift;
1812
1813 syslog('info', "shutdown VM $vmid: $upid\n");
1814
1815 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1816 1, $param->{forceStop}, $keepActive);
1817
1818 return;
1819 };
1820
1821 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1822 }});
1823
1824 __PACKAGE__->register_method({
1825 name => 'vm_suspend',
1826 path => '{vmid}/status/suspend',
1827 method => 'POST',
1828 protected => 1,
1829 proxyto => 'node',
1830 description => "Suspend virtual machine.",
1831 permissions => {
1832 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1833 },
1834 parameters => {
1835 additionalProperties => 0,
1836 properties => {
1837 node => get_standard_option('pve-node'),
1838 vmid => get_standard_option('pve-vmid'),
1839 skiplock => get_standard_option('skiplock'),
1840 },
1841 },
1842 returns => {
1843 type => 'string',
1844 },
1845 code => sub {
1846 my ($param) = @_;
1847
1848 my $rpcenv = PVE::RPCEnvironment::get();
1849
1850 my $authuser = $rpcenv->get_user();
1851
1852 my $node = extract_param($param, 'node');
1853
1854 my $vmid = extract_param($param, 'vmid');
1855
1856 my $skiplock = extract_param($param, 'skiplock');
1857 raise_param_exc({ skiplock => "Only root may use this option." })
1858 if $skiplock && $authuser ne 'root@pam';
1859
1860 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1861
1862 my $realcmd = sub {
1863 my $upid = shift;
1864
1865 syslog('info', "suspend VM $vmid: $upid\n");
1866
1867 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1868
1869 return;
1870 };
1871
1872 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1873 }});
1874
1875 __PACKAGE__->register_method({
1876 name => 'vm_resume',
1877 path => '{vmid}/status/resume',
1878 method => 'POST',
1879 protected => 1,
1880 proxyto => 'node',
1881 description => "Resume virtual machine.",
1882 permissions => {
1883 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1884 },
1885 parameters => {
1886 additionalProperties => 0,
1887 properties => {
1888 node => get_standard_option('pve-node'),
1889 vmid => get_standard_option('pve-vmid'),
1890 skiplock => get_standard_option('skiplock'),
1891 },
1892 },
1893 returns => {
1894 type => 'string',
1895 },
1896 code => sub {
1897 my ($param) = @_;
1898
1899 my $rpcenv = PVE::RPCEnvironment::get();
1900
1901 my $authuser = $rpcenv->get_user();
1902
1903 my $node = extract_param($param, 'node');
1904
1905 my $vmid = extract_param($param, 'vmid');
1906
1907 my $skiplock = extract_param($param, 'skiplock');
1908 raise_param_exc({ skiplock => "Only root may use this option." })
1909 if $skiplock && $authuser ne 'root@pam';
1910
1911 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1912
1913 my $realcmd = sub {
1914 my $upid = shift;
1915
1916 syslog('info', "resume VM $vmid: $upid\n");
1917
1918 PVE::QemuServer::vm_resume($vmid, $skiplock);
1919
1920 return;
1921 };
1922
1923 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1924 }});
1925
1926 __PACKAGE__->register_method({
1927 name => 'vm_sendkey',
1928 path => '{vmid}/sendkey',
1929 method => 'PUT',
1930 protected => 1,
1931 proxyto => 'node',
1932 description => "Send key event to virtual machine.",
1933 permissions => {
1934 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1935 },
1936 parameters => {
1937 additionalProperties => 0,
1938 properties => {
1939 node => get_standard_option('pve-node'),
1940 vmid => get_standard_option('pve-vmid'),
1941 skiplock => get_standard_option('skiplock'),
1942 key => {
1943 description => "The key (qemu monitor encoding).",
1944 type => 'string'
1945 }
1946 },
1947 },
1948 returns => { type => 'null'},
1949 code => sub {
1950 my ($param) = @_;
1951
1952 my $rpcenv = PVE::RPCEnvironment::get();
1953
1954 my $authuser = $rpcenv->get_user();
1955
1956 my $node = extract_param($param, 'node');
1957
1958 my $vmid = extract_param($param, 'vmid');
1959
1960 my $skiplock = extract_param($param, 'skiplock');
1961 raise_param_exc({ skiplock => "Only root may use this option." })
1962 if $skiplock && $authuser ne 'root@pam';
1963
1964 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
1965
1966 return;
1967 }});
1968
1969 __PACKAGE__->register_method({
1970 name => 'vm_feature',
1971 path => '{vmid}/feature',
1972 method => 'GET',
1973 proxyto => 'node',
1974 protected => 1,
1975 description => "Check if feature for virtual machine is available.",
1976 permissions => {
1977 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1978 },
1979 parameters => {
1980 additionalProperties => 0,
1981 properties => {
1982 node => get_standard_option('pve-node'),
1983 vmid => get_standard_option('pve-vmid'),
1984 feature => {
1985 description => "Feature to check.",
1986 type => 'string',
1987 enum => [ 'snapshot', 'clone', 'copy' ],
1988 },
1989 snapname => get_standard_option('pve-snapshot-name', {
1990 optional => 1,
1991 }),
1992 },
1993 },
1994 returns => {
1995 type => "object",
1996 properties => {
1997 hasFeature => { type => 'boolean' },
1998 nodes => {
1999 type => 'array',
2000 items => { type => 'string' },
2001 }
2002 },
2003 },
2004 code => sub {
2005 my ($param) = @_;
2006
2007 my $node = extract_param($param, 'node');
2008
2009 my $vmid = extract_param($param, 'vmid');
2010
2011 my $snapname = extract_param($param, 'snapname');
2012
2013 my $feature = extract_param($param, 'feature');
2014
2015 my $running = PVE::QemuServer::check_running($vmid);
2016
2017 my $conf = PVE::QemuServer::load_config($vmid);
2018
2019 if($snapname){
2020 my $snap = $conf->{snapshots}->{$snapname};
2021 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2022 $conf = $snap;
2023 }
2024 my $storecfg = PVE::Storage::config();
2025
2026 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2027 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
2028
2029 return {
2030 hasFeature => $hasFeature,
2031 nodes => [ keys %$nodelist ],
2032 };
2033 }});
2034
2035 __PACKAGE__->register_method({
2036 name => 'clone_vm',
2037 path => '{vmid}/clone',
2038 method => 'POST',
2039 protected => 1,
2040 proxyto => 'node',
2041 description => "Create a copy of virtual machine/template.",
2042 permissions => {
2043 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2044 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2045 "'Datastore.AllocateSpace' on any used storage.",
2046 check =>
2047 [ 'and',
2048 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2049 [ 'or',
2050 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2051 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2052 ],
2053 ]
2054 },
2055 parameters => {
2056 additionalProperties => 0,
2057 properties => {
2058 node => get_standard_option('pve-node'),
2059 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2060 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2061 name => {
2062 optional => 1,
2063 type => 'string', format => 'dns-name',
2064 description => "Set a name for the new VM.",
2065 },
2066 description => {
2067 optional => 1,
2068 type => 'string',
2069 description => "Description for the new VM.",
2070 },
2071 pool => {
2072 optional => 1,
2073 type => 'string', format => 'pve-poolid',
2074 description => "Add the new VM to the specified pool.",
2075 },
2076 snapname => get_standard_option('pve-snapshot-name', {
2077 optional => 1,
2078 }),
2079 storage => get_standard_option('pve-storage-id', {
2080 description => "Target storage for full clone.",
2081 requires => 'full',
2082 optional => 1,
2083 }),
2084 'format' => {
2085 description => "Target format for file storage.",
2086 requires => 'full',
2087 type => 'string',
2088 optional => 1,
2089 enum => [ 'raw', 'qcow2', 'vmdk'],
2090 },
2091 full => {
2092 optional => 1,
2093 type => 'boolean',
2094 description => "Create a full copy of all disk. This is always done when " .
2095 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2096 default => 0,
2097 },
2098 target => get_standard_option('pve-node', {
2099 description => "Target node. Only allowed if the original VM is on shared storage.",
2100 optional => 1,
2101 }),
2102 },
2103 },
2104 returns => {
2105 type => 'string',
2106 },
2107 code => sub {
2108 my ($param) = @_;
2109
2110 my $rpcenv = PVE::RPCEnvironment::get();
2111
2112 my $authuser = $rpcenv->get_user();
2113
2114 my $node = extract_param($param, 'node');
2115
2116 my $vmid = extract_param($param, 'vmid');
2117
2118 my $newid = extract_param($param, 'newid');
2119
2120 my $pool = extract_param($param, 'pool');
2121
2122 if (defined($pool)) {
2123 $rpcenv->check_pool_exist($pool);
2124 }
2125
2126 my $snapname = extract_param($param, 'snapname');
2127
2128 my $storage = extract_param($param, 'storage');
2129
2130 my $format = extract_param($param, 'format');
2131
2132 my $target = extract_param($param, 'target');
2133
2134 my $localnode = PVE::INotify::nodename();
2135
2136 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2137
2138 PVE::Cluster::check_node_exists($target) if $target;
2139
2140 my $storecfg = PVE::Storage::config();
2141
2142 if ($storage) {
2143 # check if storage is enabled on local node
2144 PVE::Storage::storage_check_enabled($storecfg, $storage);
2145 if ($target) {
2146 # check if storage is available on target node
2147 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2148 # clone only works if target storage is shared
2149 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2150 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2151 }
2152 }
2153
2154 PVE::Cluster::check_cfs_quorum();
2155
2156 my $running = PVE::QemuServer::check_running($vmid) || 0;
2157
2158 # exclusive lock if VM is running - else shared lock is enough;
2159 my $shared_lock = $running ? 0 : 1;
2160
2161 my $clonefn = sub {
2162
2163 # do all tests after lock
2164 # we also try to do all tests before we fork the worker
2165
2166 my $conf = PVE::QemuServer::load_config($vmid);
2167
2168 PVE::QemuServer::check_lock($conf);
2169
2170 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2171
2172 die "unexpected state change\n" if $verify_running != $running;
2173
2174 die "snapshot '$snapname' does not exist\n"
2175 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2176
2177 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2178
2179 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2180
2181 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2182
2183 my $conffile = PVE::QemuServer::config_file($newid);
2184
2185 die "unable to create VM $newid: config file already exists\n"
2186 if -f $conffile;
2187
2188 my $newconf = { lock => 'clone' };
2189 my $drives = {};
2190 my $vollist = [];
2191
2192 foreach my $opt (keys %$oldconf) {
2193 my $value = $oldconf->{$opt};
2194
2195 # do not copy snapshot related info
2196 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2197 $opt eq 'vmstate' || $opt eq 'snapstate';
2198
2199 # no need to copy unused images, because VMID(owner) changes anyways
2200 next if $opt =~ m/^unused\d+$/;
2201
2202 # always change MAC! address
2203 if ($opt =~ m/^net(\d+)$/) {
2204 my $net = PVE::QemuServer::parse_net($value);
2205 $net->{macaddr} = PVE::Tools::random_ether_addr();
2206 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2207 } elsif (PVE::QemuServer::valid_drivename($opt)) {
2208 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2209 die "unable to parse drive options for '$opt'\n" if !$drive;
2210 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2211 $newconf->{$opt} = $value; # simply copy configuration
2212 } else {
2213 if ($param->{full}) {
2214 die "Full clone feature is not available"
2215 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2216 $drive->{full} = 1;
2217 } else {
2218 # not full means clone instead of copy
2219 die "Linked clone feature is not available"
2220 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2221 }
2222 $drives->{$opt} = $drive;
2223 push @$vollist, $drive->{file};
2224 }
2225 } else {
2226 # copy everything else
2227 $newconf->{$opt} = $value;
2228 }
2229 }
2230
2231 # auto generate a new uuid
2232 my ($uuid, $uuid_str);
2233 UUID::generate($uuid);
2234 UUID::unparse($uuid, $uuid_str);
2235 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2236 $smbios1->{uuid} = $uuid_str;
2237 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2238
2239 delete $newconf->{template};
2240
2241 if ($param->{name}) {
2242 $newconf->{name} = $param->{name};
2243 } else {
2244 if ($oldconf->{name}) {
2245 $newconf->{name} = "Copy-of-$oldconf->{name}";
2246 } else {
2247 $newconf->{name} = "Copy-of-VM-$vmid";
2248 }
2249 }
2250
2251 if ($param->{description}) {
2252 $newconf->{description} = $param->{description};
2253 }
2254
2255 # create empty/temp config - this fails if VM already exists on other node
2256 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2257
2258 my $realcmd = sub {
2259 my $upid = shift;
2260
2261 my $newvollist = [];
2262
2263 eval {
2264 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2265
2266 PVE::Storage::activate_volumes($storecfg, $vollist);
2267
2268 foreach my $opt (keys %$drives) {
2269 my $drive = $drives->{$opt};
2270
2271 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2272 $newid, $storage, $format, $drive->{full}, $newvollist);
2273
2274 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2275
2276 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2277 }
2278
2279 delete $newconf->{lock};
2280 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2281
2282 if ($target) {
2283 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2284 PVE::Storage::deactivate_volumes($storecfg, $vollist);
2285
2286 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2287 die "Failed to move config to node '$target' - rename failed: $!\n"
2288 if !rename($conffile, $newconffile);
2289 }
2290
2291 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2292 };
2293 if (my $err = $@) {
2294 unlink $conffile;
2295
2296 sleep 1; # some storage like rbd need to wait before release volume - really?
2297
2298 foreach my $volid (@$newvollist) {
2299 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2300 warn $@ if $@;
2301 }
2302 die "clone failed: $err";
2303 }
2304
2305 return;
2306 };
2307
2308 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2309
2310 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2311 };
2312
2313 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2314 # Aquire exclusive lock lock for $newid
2315 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2316 });
2317
2318 }});
2319
2320 __PACKAGE__->register_method({
2321 name => 'move_vm_disk',
2322 path => '{vmid}/move_disk',
2323 method => 'POST',
2324 protected => 1,
2325 proxyto => 'node',
2326 description => "Move volume to different storage.",
2327 permissions => {
2328 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2329 "and 'Datastore.AllocateSpace' permissions on the storage.",
2330 check =>
2331 [ 'and',
2332 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2333 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2334 ],
2335 },
2336 parameters => {
2337 additionalProperties => 0,
2338 properties => {
2339 node => get_standard_option('pve-node'),
2340 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2341 disk => {
2342 type => 'string',
2343 description => "The disk you want to move.",
2344 enum => [ PVE::QemuServer::disknames() ],
2345 },
2346 storage => get_standard_option('pve-storage-id', {
2347 description => "Target storage.",
2348 completion => \&PVE::QemuServer::complete_storage,
2349 }),
2350 'format' => {
2351 type => 'string',
2352 description => "Target Format.",
2353 enum => [ 'raw', 'qcow2', 'vmdk' ],
2354 optional => 1,
2355 },
2356 delete => {
2357 type => 'boolean',
2358 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2359 optional => 1,
2360 default => 0,
2361 },
2362 digest => {
2363 type => 'string',
2364 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2365 maxLength => 40,
2366 optional => 1,
2367 },
2368 },
2369 },
2370 returns => {
2371 type => 'string',
2372 description => "the task ID.",
2373 },
2374 code => sub {
2375 my ($param) = @_;
2376
2377 my $rpcenv = PVE::RPCEnvironment::get();
2378
2379 my $authuser = $rpcenv->get_user();
2380
2381 my $node = extract_param($param, 'node');
2382
2383 my $vmid = extract_param($param, 'vmid');
2384
2385 my $digest = extract_param($param, 'digest');
2386
2387 my $disk = extract_param($param, 'disk');
2388
2389 my $storeid = extract_param($param, 'storage');
2390
2391 my $format = extract_param($param, 'format');
2392
2393 my $storecfg = PVE::Storage::config();
2394
2395 my $updatefn = sub {
2396
2397 my $conf = PVE::QemuServer::load_config($vmid);
2398
2399 die "checksum missmatch (file change by other user?)\n"
2400 if $digest && $digest ne $conf->{digest};
2401
2402 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2403
2404 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2405
2406 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2407
2408 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2409
2410 my $oldfmt;
2411 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2412 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2413 $oldfmt = $1;
2414 }
2415
2416 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2417 (!$format || !$oldfmt || $oldfmt eq $format);
2418
2419 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2420
2421 my $running = PVE::QemuServer::check_running($vmid);
2422
2423 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2424
2425 my $realcmd = sub {
2426
2427 my $newvollist = [];
2428
2429 eval {
2430 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2431
2432 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2433 $vmid, $storeid, $format, 1, $newvollist);
2434
2435 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2436
2437 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2438
2439 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2440
2441 eval {
2442 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2443 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2444 if !$running;
2445 };
2446 warn $@ if $@;
2447 };
2448 if (my $err = $@) {
2449
2450 foreach my $volid (@$newvollist) {
2451 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2452 warn $@ if $@;
2453 }
2454 die "storage migration failed: $err";
2455 }
2456
2457 if ($param->{delete}) {
2458 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1);
2459 my $path = PVE::Storage::path($storecfg, $old_volid);
2460 if ($used_paths->{$path}){
2461 warn "volume $old_volid have snapshots. Can't delete it\n";
2462 PVE::QemuServer::add_unused_volume($conf, $old_volid);
2463 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2464 } else {
2465 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2466 warn $@ if $@;
2467 }
2468 }
2469 };
2470
2471 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2472 };
2473
2474 return PVE::QemuServer::lock_config($vmid, $updatefn);
2475 }});
2476
2477 __PACKAGE__->register_method({
2478 name => 'migrate_vm',
2479 path => '{vmid}/migrate',
2480 method => 'POST',
2481 protected => 1,
2482 proxyto => 'node',
2483 description => "Migrate virtual machine. Creates a new migration task.",
2484 permissions => {
2485 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2486 },
2487 parameters => {
2488 additionalProperties => 0,
2489 properties => {
2490 node => get_standard_option('pve-node'),
2491 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2492 target => get_standard_option('pve-node', {
2493 description => "Target node.",
2494 completion => \&PVE::Cluster::complete_migration_target,
2495 }),
2496 online => {
2497 type => 'boolean',
2498 description => "Use online/live migration.",
2499 optional => 1,
2500 },
2501 force => {
2502 type => 'boolean',
2503 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2504 optional => 1,
2505 },
2506 },
2507 },
2508 returns => {
2509 type => 'string',
2510 description => "the task ID.",
2511 },
2512 code => sub {
2513 my ($param) = @_;
2514
2515 my $rpcenv = PVE::RPCEnvironment::get();
2516
2517 my $authuser = $rpcenv->get_user();
2518
2519 my $target = extract_param($param, 'target');
2520
2521 my $localnode = PVE::INotify::nodename();
2522 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2523
2524 PVE::Cluster::check_cfs_quorum();
2525
2526 PVE::Cluster::check_node_exists($target);
2527
2528 my $targetip = PVE::Cluster::remote_node_ip($target);
2529
2530 my $vmid = extract_param($param, 'vmid');
2531
2532 raise_param_exc({ force => "Only root may use this option." })
2533 if $param->{force} && $authuser ne 'root@pam';
2534
2535 # test if VM exists
2536 my $conf = PVE::QemuServer::load_config($vmid);
2537
2538 # try to detect errors early
2539
2540 PVE::QemuServer::check_lock($conf);
2541
2542 if (PVE::QemuServer::check_running($vmid)) {
2543 die "cant migrate running VM without --online\n"
2544 if !$param->{online};
2545 }
2546
2547 my $storecfg = PVE::Storage::config();
2548 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2549
2550 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2551
2552 my $hacmd = sub {
2553 my $upid = shift;
2554
2555 my $service = "vm:$vmid";
2556
2557 my $cmd = ['ha-manager', 'migrate', $service, $target];
2558
2559 print "Executing HA migrate for VM $vmid to node $target\n";
2560
2561 PVE::Tools::run_command($cmd);
2562
2563 return;
2564 };
2565
2566 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2567
2568 } else {
2569
2570 my $realcmd = sub {
2571 my $upid = shift;
2572
2573 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2574 };
2575
2576 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2577 }
2578
2579 }});
2580
2581 __PACKAGE__->register_method({
2582 name => 'monitor',
2583 path => '{vmid}/monitor',
2584 method => 'POST',
2585 protected => 1,
2586 proxyto => 'node',
2587 description => "Execute Qemu monitor commands.",
2588 permissions => {
2589 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2590 },
2591 parameters => {
2592 additionalProperties => 0,
2593 properties => {
2594 node => get_standard_option('pve-node'),
2595 vmid => get_standard_option('pve-vmid'),
2596 command => {
2597 type => 'string',
2598 description => "The monitor command.",
2599 }
2600 },
2601 },
2602 returns => { type => 'string'},
2603 code => sub {
2604 my ($param) = @_;
2605
2606 my $vmid = $param->{vmid};
2607
2608 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2609
2610 my $res = '';
2611 eval {
2612 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2613 };
2614 $res = "ERROR: $@" if $@;
2615
2616 return $res;
2617 }});
2618
2619 __PACKAGE__->register_method({
2620 name => 'resize_vm',
2621 path => '{vmid}/resize',
2622 method => 'PUT',
2623 protected => 1,
2624 proxyto => 'node',
2625 description => "Extend volume size.",
2626 permissions => {
2627 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2628 },
2629 parameters => {
2630 additionalProperties => 0,
2631 properties => {
2632 node => get_standard_option('pve-node'),
2633 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2634 skiplock => get_standard_option('skiplock'),
2635 disk => {
2636 type => 'string',
2637 description => "The disk you want to resize.",
2638 enum => [PVE::QemuServer::disknames()],
2639 },
2640 size => {
2641 type => 'string',
2642 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2643 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2644 },
2645 digest => {
2646 type => 'string',
2647 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2648 maxLength => 40,
2649 optional => 1,
2650 },
2651 },
2652 },
2653 returns => { type => 'null'},
2654 code => sub {
2655 my ($param) = @_;
2656
2657 my $rpcenv = PVE::RPCEnvironment::get();
2658
2659 my $authuser = $rpcenv->get_user();
2660
2661 my $node = extract_param($param, 'node');
2662
2663 my $vmid = extract_param($param, 'vmid');
2664
2665 my $digest = extract_param($param, 'digest');
2666
2667 my $disk = extract_param($param, 'disk');
2668
2669 my $sizestr = extract_param($param, 'size');
2670
2671 my $skiplock = extract_param($param, 'skiplock');
2672 raise_param_exc({ skiplock => "Only root may use this option." })
2673 if $skiplock && $authuser ne 'root@pam';
2674
2675 my $storecfg = PVE::Storage::config();
2676
2677 my $updatefn = sub {
2678
2679 my $conf = PVE::QemuServer::load_config($vmid);
2680
2681 die "checksum missmatch (file change by other user?)\n"
2682 if $digest && $digest ne $conf->{digest};
2683 PVE::QemuServer::check_lock($conf) if !$skiplock;
2684
2685 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2686
2687 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2688
2689 my (undef, undef, undef, undef, undef, undef, $format) =
2690 PVE::Storage::parse_volname($storecfg, $drive->{file});
2691
2692 die "can't resize volume: $disk if snapshot exists\n"
2693 if %{$conf->{snapshots}} && $format eq 'qcow2';
2694
2695 my $volid = $drive->{file};
2696
2697 die "disk '$disk' has no associated volume\n" if !$volid;
2698
2699 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2700
2701 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2702
2703 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2704
2705 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2706
2707 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2708 my ($ext, $newsize, $unit) = ($1, $2, $4);
2709 if ($unit) {
2710 if ($unit eq 'K') {
2711 $newsize = $newsize * 1024;
2712 } elsif ($unit eq 'M') {
2713 $newsize = $newsize * 1024 * 1024;
2714 } elsif ($unit eq 'G') {
2715 $newsize = $newsize * 1024 * 1024 * 1024;
2716 } elsif ($unit eq 'T') {
2717 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2718 }
2719 }
2720 $newsize += $size if $ext;
2721 $newsize = int($newsize);
2722
2723 die "unable to skrink disk size\n" if $newsize < $size;
2724
2725 return if $size == $newsize;
2726
2727 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2728
2729 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2730
2731 $drive->{size} = $newsize;
2732 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2733
2734 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2735 };
2736
2737 PVE::QemuServer::lock_config($vmid, $updatefn);
2738 return undef;
2739 }});
2740
2741 __PACKAGE__->register_method({
2742 name => 'snapshot_list',
2743 path => '{vmid}/snapshot',
2744 method => 'GET',
2745 description => "List all snapshots.",
2746 permissions => {
2747 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2748 },
2749 proxyto => 'node',
2750 protected => 1, # qemu pid files are only readable by root
2751 parameters => {
2752 additionalProperties => 0,
2753 properties => {
2754 vmid => get_standard_option('pve-vmid'),
2755 node => get_standard_option('pve-node'),
2756 },
2757 },
2758 returns => {
2759 type => 'array',
2760 items => {
2761 type => "object",
2762 properties => {},
2763 },
2764 links => [ { rel => 'child', href => "{name}" } ],
2765 },
2766 code => sub {
2767 my ($param) = @_;
2768
2769 my $vmid = $param->{vmid};
2770
2771 my $conf = PVE::QemuServer::load_config($vmid);
2772 my $snaphash = $conf->{snapshots} || {};
2773
2774 my $res = [];
2775
2776 foreach my $name (keys %$snaphash) {
2777 my $d = $snaphash->{$name};
2778 my $item = {
2779 name => $name,
2780 snaptime => $d->{snaptime} || 0,
2781 vmstate => $d->{vmstate} ? 1 : 0,
2782 description => $d->{description} || '',
2783 };
2784 $item->{parent} = $d->{parent} if $d->{parent};
2785 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2786 push @$res, $item;
2787 }
2788
2789 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2790 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2791 $current->{parent} = $conf->{parent} if $conf->{parent};
2792
2793 push @$res, $current;
2794
2795 return $res;
2796 }});
2797
2798 __PACKAGE__->register_method({
2799 name => 'snapshot',
2800 path => '{vmid}/snapshot',
2801 method => 'POST',
2802 protected => 1,
2803 proxyto => 'node',
2804 description => "Snapshot a VM.",
2805 permissions => {
2806 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2807 },
2808 parameters => {
2809 additionalProperties => 0,
2810 properties => {
2811 node => get_standard_option('pve-node'),
2812 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2813 snapname => get_standard_option('pve-snapshot-name'),
2814 vmstate => {
2815 optional => 1,
2816 type => 'boolean',
2817 description => "Save the vmstate",
2818 },
2819 description => {
2820 optional => 1,
2821 type => 'string',
2822 description => "A textual description or comment.",
2823 },
2824 },
2825 },
2826 returns => {
2827 type => 'string',
2828 description => "the task ID.",
2829 },
2830 code => sub {
2831 my ($param) = @_;
2832
2833 my $rpcenv = PVE::RPCEnvironment::get();
2834
2835 my $authuser = $rpcenv->get_user();
2836
2837 my $node = extract_param($param, 'node');
2838
2839 my $vmid = extract_param($param, 'vmid');
2840
2841 my $snapname = extract_param($param, 'snapname');
2842
2843 die "unable to use snapshot name 'current' (reserved name)\n"
2844 if $snapname eq 'current';
2845
2846 my $realcmd = sub {
2847 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2848 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2849 $param->{description});
2850 };
2851
2852 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2853 }});
2854
2855 __PACKAGE__->register_method({
2856 name => 'snapshot_cmd_idx',
2857 path => '{vmid}/snapshot/{snapname}',
2858 description => '',
2859 method => 'GET',
2860 permissions => {
2861 user => 'all',
2862 },
2863 parameters => {
2864 additionalProperties => 0,
2865 properties => {
2866 vmid => get_standard_option('pve-vmid'),
2867 node => get_standard_option('pve-node'),
2868 snapname => get_standard_option('pve-snapshot-name'),
2869 },
2870 },
2871 returns => {
2872 type => 'array',
2873 items => {
2874 type => "object",
2875 properties => {},
2876 },
2877 links => [ { rel => 'child', href => "{cmd}" } ],
2878 },
2879 code => sub {
2880 my ($param) = @_;
2881
2882 my $res = [];
2883
2884 push @$res, { cmd => 'rollback' };
2885 push @$res, { cmd => 'config' };
2886
2887 return $res;
2888 }});
2889
2890 __PACKAGE__->register_method({
2891 name => 'update_snapshot_config',
2892 path => '{vmid}/snapshot/{snapname}/config',
2893 method => 'PUT',
2894 protected => 1,
2895 proxyto => 'node',
2896 description => "Update snapshot metadata.",
2897 permissions => {
2898 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2899 },
2900 parameters => {
2901 additionalProperties => 0,
2902 properties => {
2903 node => get_standard_option('pve-node'),
2904 vmid => get_standard_option('pve-vmid'),
2905 snapname => get_standard_option('pve-snapshot-name'),
2906 description => {
2907 optional => 1,
2908 type => 'string',
2909 description => "A textual description or comment.",
2910 },
2911 },
2912 },
2913 returns => { type => 'null' },
2914 code => sub {
2915 my ($param) = @_;
2916
2917 my $rpcenv = PVE::RPCEnvironment::get();
2918
2919 my $authuser = $rpcenv->get_user();
2920
2921 my $vmid = extract_param($param, 'vmid');
2922
2923 my $snapname = extract_param($param, 'snapname');
2924
2925 return undef if !defined($param->{description});
2926
2927 my $updatefn = sub {
2928
2929 my $conf = PVE::QemuServer::load_config($vmid);
2930
2931 PVE::QemuServer::check_lock($conf);
2932
2933 my $snap = $conf->{snapshots}->{$snapname};
2934
2935 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2936
2937 $snap->{description} = $param->{description} if defined($param->{description});
2938
2939 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2940 };
2941
2942 PVE::QemuServer::lock_config($vmid, $updatefn);
2943
2944 return undef;
2945 }});
2946
2947 __PACKAGE__->register_method({
2948 name => 'get_snapshot_config',
2949 path => '{vmid}/snapshot/{snapname}/config',
2950 method => 'GET',
2951 proxyto => 'node',
2952 description => "Get snapshot configuration",
2953 permissions => {
2954 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2955 },
2956 parameters => {
2957 additionalProperties => 0,
2958 properties => {
2959 node => get_standard_option('pve-node'),
2960 vmid => get_standard_option('pve-vmid'),
2961 snapname => get_standard_option('pve-snapshot-name'),
2962 },
2963 },
2964 returns => { type => "object" },
2965 code => sub {
2966 my ($param) = @_;
2967
2968 my $rpcenv = PVE::RPCEnvironment::get();
2969
2970 my $authuser = $rpcenv->get_user();
2971
2972 my $vmid = extract_param($param, 'vmid');
2973
2974 my $snapname = extract_param($param, 'snapname');
2975
2976 my $conf = PVE::QemuServer::load_config($vmid);
2977
2978 my $snap = $conf->{snapshots}->{$snapname};
2979
2980 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2981
2982 return $snap;
2983 }});
2984
2985 __PACKAGE__->register_method({
2986 name => 'rollback',
2987 path => '{vmid}/snapshot/{snapname}/rollback',
2988 method => 'POST',
2989 protected => 1,
2990 proxyto => 'node',
2991 description => "Rollback VM state to specified snapshot.",
2992 permissions => {
2993 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2994 },
2995 parameters => {
2996 additionalProperties => 0,
2997 properties => {
2998 node => get_standard_option('pve-node'),
2999 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3000 snapname => get_standard_option('pve-snapshot-name'),
3001 },
3002 },
3003 returns => {
3004 type => 'string',
3005 description => "the task ID.",
3006 },
3007 code => sub {
3008 my ($param) = @_;
3009
3010 my $rpcenv = PVE::RPCEnvironment::get();
3011
3012 my $authuser = $rpcenv->get_user();
3013
3014 my $node = extract_param($param, 'node');
3015
3016 my $vmid = extract_param($param, 'vmid');
3017
3018 my $snapname = extract_param($param, 'snapname');
3019
3020 my $realcmd = sub {
3021 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3022 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
3023 };
3024
3025 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3026 }});
3027
3028 __PACKAGE__->register_method({
3029 name => 'delsnapshot',
3030 path => '{vmid}/snapshot/{snapname}',
3031 method => 'DELETE',
3032 protected => 1,
3033 proxyto => 'node',
3034 description => "Delete a VM snapshot.",
3035 permissions => {
3036 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3037 },
3038 parameters => {
3039 additionalProperties => 0,
3040 properties => {
3041 node => get_standard_option('pve-node'),
3042 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3043 snapname => get_standard_option('pve-snapshot-name'),
3044 force => {
3045 optional => 1,
3046 type => 'boolean',
3047 description => "For removal from config file, even if removing disk snapshots fails.",
3048 },
3049 },
3050 },
3051 returns => {
3052 type => 'string',
3053 description => "the task ID.",
3054 },
3055 code => sub {
3056 my ($param) = @_;
3057
3058 my $rpcenv = PVE::RPCEnvironment::get();
3059
3060 my $authuser = $rpcenv->get_user();
3061
3062 my $node = extract_param($param, 'node');
3063
3064 my $vmid = extract_param($param, 'vmid');
3065
3066 my $snapname = extract_param($param, 'snapname');
3067
3068 my $realcmd = sub {
3069 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3070 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
3071 };
3072
3073 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3074 }});
3075
3076 __PACKAGE__->register_method({
3077 name => 'template',
3078 path => '{vmid}/template',
3079 method => 'POST',
3080 protected => 1,
3081 proxyto => 'node',
3082 description => "Create a Template.",
3083 permissions => {
3084 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3085 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3086 },
3087 parameters => {
3088 additionalProperties => 0,
3089 properties => {
3090 node => get_standard_option('pve-node'),
3091 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3092 disk => {
3093 optional => 1,
3094 type => 'string',
3095 description => "If you want to convert only 1 disk to base image.",
3096 enum => [PVE::QemuServer::disknames()],
3097 },
3098
3099 },
3100 },
3101 returns => { type => 'null'},
3102 code => sub {
3103 my ($param) = @_;
3104
3105 my $rpcenv = PVE::RPCEnvironment::get();
3106
3107 my $authuser = $rpcenv->get_user();
3108
3109 my $node = extract_param($param, 'node');
3110
3111 my $vmid = extract_param($param, 'vmid');
3112
3113 my $disk = extract_param($param, 'disk');
3114
3115 my $updatefn = sub {
3116
3117 my $conf = PVE::QemuServer::load_config($vmid);
3118
3119 PVE::QemuServer::check_lock($conf);
3120
3121 die "unable to create template, because VM contains snapshots\n"
3122 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3123
3124 die "you can't convert a template to a template\n"
3125 if PVE::QemuServer::is_template($conf) && !$disk;
3126
3127 die "you can't convert a VM to template if VM is running\n"
3128 if PVE::QemuServer::check_running($vmid);
3129
3130 my $realcmd = sub {
3131 PVE::QemuServer::template_create($vmid, $conf, $disk);
3132 };
3133
3134 $conf->{template} = 1;
3135 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3136
3137 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3138 };
3139
3140 PVE::QemuServer::lock_config($vmid, $updatefn);
3141 return undef;
3142 }});
3143
3144 1;
Virtual Machine Manager